From 471ea834933dd089b49777d595cef9f612bdb709 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Sat, 25 Jan 2025 09:14:02 +0100 Subject: bump libnDPI to e946f49aca13e4447a7d7b2acae6323a4531fb55 * incorporated upstream changes Signed-off-by: Toni Uhlig --- .github/workflows/build.yml | 2 +- examples/c-analysed/c-analysed.c | 17 +- examples/c-collectd/c-collectd.c | 17 +- examples/c-influxd/c-influxd.c | 17 +- libnDPI | 2 +- nDPId.c | 15 +- ndpid.conf.example | 2 +- .../openwrt/net/nDPId-testing/nDPId-testing.config | 2 +- .../openwrt/net/nDPId-testing/nDPId-testing.init | 4 +- schema/flow_event_schema.json | 22 +- test/configs/disable_metadata.ndpiconf | 1 - test/results/caches_cfg/ookla.pcap.out | 22 +- test/results/caches_cfg/teams.pcap.out | 226 ++-- test/results/caches_global/bittorrent.pcap.out | 12 +- .../caches_global/lru_ipv6_caches.pcapng.out | 36 +- test/results/caches_global/mining.pcapng.out | 16 +- test/results/caches_global/ookla.pcap.out | 22 +- test/results/caches_global/teams.pcap.out | 236 ++-- test/results/caches_global/zoom_p2p.pcapng.out | 20 +- test/results/default/1kxun.pcap.out | 76 +- test/results/default/443-chrome.pcap.out | 14 +- test/results/default/443-curl.pcap.out | 26 +- test/results/default/443-firefox.pcap.out | 26 +- test/results/default/443-git.pcap.out | 18 +- test/results/default/443-opvn.pcap.out | 12 +- test/results/default/443-safari.pcap.out | 26 +- test/results/default/4in4tunnel.pcap.out | 20 +- test/results/default/4in6tunnel.pcap.out | 12 +- test/results/default/6in4tunnel.pcap.out | 12 +- test/results/default/6in6tunnel.pcap.out | 12 +- test/results/default/BGP_Cisco_hdlc_slarp.pcap.out | 12 +- test/results/default/BGP_redist.pcap.out | 12 +- test/results/default/EAQ.pcap.out | 20 +- .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 20 +- test/results/default/IEC104.pcap.out | 12 +- test/results/default/KakaoTalk_chat.pcap.out | 58 +- test/results/default/KakaoTalk_talk.pcap.out | 30 +- test/results/default/NTPv2.pcap.out | 12 +- test/results/default/NTPv3.pcap.out | 12 +- test/results/default/NTPv4.pcap.out | 12 +- test/results/default/Oscar.pcap.out | 12 +- test/results/default/TivoDVR.pcap.out | 12 +- test/results/default/WebattackRCE.pcap.out | 12 +- test/results/default/WebattackSQLinj.pcap.out | 12 +- test/results/default/WebattackXSS.pcap.out | 14 +- test/results/default/activision.pcap.out | 16 +- test/results/default/adult_content.pcap.out | 20 +- test/results/default/afp.pcap.out | 12 +- test/results/default/agora-sd-rtn.pcap.out | 20 +- test/results/default/ah.pcapng.out | 12 +- test/results/default/ajp.pcap.out | 12 +- test/results/default/alexa-app.pcapng.out | 470 +++---- test/results/default/alicloud.pcap.out | 36 +- test/results/default/among_us.pcap.out | 12 +- test/results/default/amqp.pcap.out | 12 +- test/results/default/android.pcap.out | 102 +- test/results/default/anyconnect-vpn.pcap.out | 38 +- test/results/default/anydesk.pcapng.out | 36 +- test/results/default/atg.pcap.out | 12 +- test/results/default/avast.pcap.out | 48 +- test/results/default/avast_securedns.pcapng.out | 36 +- test/results/default/bacnet.pcap.out | 22 +- test/results/default/bad-dns-traffic.pcap.out | 12 +- test/results/default/badpackets.pcap.out | 14 +- test/results/default/beckhoff_ads.pcapng.out | 12 +- test/results/default/bets.pcapng.out | 18 +- test/results/default/bfcp.pcapng.out | 14 +- test/results/default/bfd.pcap.out | 12 +- test/results/default/bitcoin.pcap.out | 18 +- test/results/default/bittorrent.pcap.out | 12 +- .../results/default/bittorrent_tcp_miss.pcapng.out | 12 +- test/results/default/bittorrent_utp.pcap.out | 14 +- test/results/default/bjnp.pcap.out | 12 +- test/results/default/bot.pcap.out | 12 +- test/results/default/bt-dns.pcap.out | 10 +- test/results/default/bt-http.pcapng.out | 20 +- test/results/default/bt_search.pcap.out | 12 +- test/results/default/c1222.pcapng.out | 12 +- test/results/default/cachefly.pcapng.out | 22 +- test/results/default/can.pcap.out | 12 +- test/results/default/capwap.pcap.out | 12 +- test/results/default/capwap_data.pcapng.out | 12 +- test/results/default/cassandra.pcap.out | 12 +- test/results/default/ceph.pcap.out | 12 +- test/results/default/check_mk_new.pcap.out | 12 +- test/results/default/chrome.pcap.out | 36 +- test/results/default/cip_io.pcap.out | 12 +- test/results/default/citrix.pcap.out | 10 +- test/results/default/cloudflare-warp.pcap.out | 32 +- test/results/default/cnp_ip.pcapng.out | 12 +- test/results/default/coap_mqtt.pcap.out | 16 +- test/results/default/codm.pcap.out | 22 +- test/results/default/collectd.pcap.out | 18 +- test/results/default/conncheck.pcap.out | 12 +- test/results/default/corba.pcap.out | 12 +- test/results/default/cpha.pcap.out | 12 +- .../default/crawler_false_positive.pcapng.out | 12 +- test/results/default/crynet.pcap.out | 22 +- test/results/default/custom_categories.pcapng.out | 16 +- test/results/default/custom_risk_mask.pcapng.out | 12 +- test/results/default/custom_rules_ipv6.pcapng.out | 16 +- .../custom_rules_same-ip_multiple_ports.pcapng.out | 14 +- test/results/default/dazn.pcapng.out | 24 +- test/results/default/dcerpc.pcap.out | 12 +- test/results/default/dhcp-fuzz.pcapng.out | 12 +- test/results/default/diameter.pcap.out | 12 +- test/results/default/dicom.pcap.out | 37 + test/results/default/dingtalk.pcap.out | 20 +- test/results/default/discord.pcap.out | 24 +- test/results/default/discord_mid_flow.pcap.out | 12 +- test/results/default/dlep.pcapng.out | 12 +- test/results/default/dlms.pcap.out | 14 +- test/results/default/dlt_ppp.pcap.out | 10 +- test/results/default/dnp3.pcap.out | 26 +- test/results/default/dns-exf.pcap.out | 12 +- test/results/default/dns-google-nsid.pcapng.out | 14 +- test/results/default/dns-invalid-chars.pcap.out | 12 +- test/results/default/dns-tunnel-iodine.pcap.out | 12 +- test/results/default/dns.pcap.out | 14 +- test/results/default/dns2tcp_tunnel.pcap.out | 18 +- test/results/default/dns_ambiguous_names.pcap.out | 12 +- test/results/default/dns_doh.pcap.out | 18 +- test/results/default/dns_dot.pcap.out | 20 +- test/results/default/dns_exfiltration.pcap.out | 12 +- test/results/default/dns_fragmented.pcap.out | 16 +- test/results/default/dns_invert_query.pcapng.out | 12 +- test/results/default/dns_long_domainname.pcap.out | 12 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 74 +- test/results/default/dnscrypt-v2-doh.pcap.out | 152 +-- test/results/default/dnscrypt-v2.pcap.out | 12 +- .../dnscrypt_skype_false_positive.pcapng.out | 14 +- test/results/default/doh.pcapng.out | 18 +- test/results/default/doq.pcapng.out | 14 +- test/results/default/doq_adguard.pcapng.out | 14 +- .../results/default/dos_win98_smb_netbeui.pcap.out | 22 +- test/results/default/dotenv.pcap.out | 12 +- test/results/default/drda_db2.pcap.out | 12 +- test/results/default/dropbox.pcap.out | 16 +- test/results/default/dtls.pcap.out | 28 +- test/results/default/dtls2.pcap.out | 20 +- test/results/default/dtls_certificate.pcapng.out | 14 +- .../default/dtls_certificate_fragments.pcap.out | 28 +- test/results/default/dtls_mid_sessions.pcapng.out | 12 +- test/results/default/dtls_old_version.pcapng.out | 12 +- .../dtls_session_id_and_coockie_both.pcap.out | 20 +- test/results/default/edonkey.pcap.out | 12 +- test/results/default/egd.pcapng.out | 12 +- test/results/default/elasticsearch.pcap.out | 14 +- test/results/default/elf.pcap.out | 12 +- test/results/default/emotet.pcap.out | 30 +- test/results/default/encrypted_sni.pcap.out | 28 +- test/results/default/epicgames.pcapng.out | 12 +- test/results/default/esp.pcapng.out | 12 +- test/results/default/ethereum.pcap.out | 58 +- test/results/default/ethernetIP.pcap.out | 12 +- test/results/default/ethersbus.pcap.out | 12 +- test/results/default/ethersio.pcap.out | 12 +- test/results/default/exe_download.pcap.out | 12 +- test/results/default/exe_download_as_png.pcap.out | 12 +- test/results/default/facebook.pcap.out | 24 +- test/results/default/false_positives.pcapng.out | 22 +- test/results/default/fastcgi.pcap.out | 12 +- test/results/default/fins.pcap.out | 14 +- test/results/default/firefox.pcap.out | 36 +- test/results/default/fix.pcap.out | 12 +- test/results/default/fix2.pcap.out | 12 +- test/results/default/flute.pcapng.out | 12 +- test/results/default/forticlient.pcap.out | 42 +- test/results/default/ftp-start-tls.pcap.out | 12 +- test/results/default/ftp.pcap.out | 12 +- test/results/default/ftp_failed.pcap.out | 12 +- test/results/default/fuzz-2006-06-26-2594.pcap.out | 70 +- .../results/default/fuzz-2006-09-29-28586.pcap.out | 14 +- .../results/default/fuzz-2020-02-16-11740.pcap.out | 20 +- .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out | 12 +- test/results/default/fuzz-2021-10-13.pcap.out | 12 +- test/results/default/gaijin_mobile_mixed.pcap.out | 26 +- test/results/default/gaijin_warthunder.pcap.out | 12 +- test/results/default/gearman.pcap.out | 12 +- test/results/default/geforcenow.pcapng.out | 28 +- test/results/default/genshin-impact.pcap.out | 22 +- test/results/default/git.pcap.out | 12 +- test/results/default/gnutella.pcap.out | 82 +- test/results/default/google_chat.pcapng.out | 16 +- test/results/default/google_meet.pcapng.out | 18 +- test/results/default/google_ssl.pcap.out | 12 +- test/results/default/googledns_android10.pcap.out | 40 +- test/results/default/gquic.pcap.out | 14 +- .../default/gquic_only_from_server.pcap.out | 12 +- test/results/default/gre.pcapng.out | 12 +- test/results/default/gtp_c.pcap.out | 12 +- test/results/default/gtp_false_positive.pcapng.out | 16 +- test/results/default/gtp_prime.pcapng.out | 12 +- test/results/default/h323-overflow.pcap.out | 12 +- test/results/default/h323.pcap.out | 18 +- test/results/default/haproxy.pcap.out | 12 +- test/results/default/hart_ip.pcap.out | 12 +- .../default/heuristic_tcp_ack_payload.pcap.out | 16 +- test/results/default/hislip.pcap.out | 12 +- test/results/default/hl7.pcap.out | 54 +- test/results/default/hls.pcapng.out | 12 +- test/results/default/hots.pcapng.out | 16 +- test/results/default/hpvirtgrp.pcap.out | 26 +- test/results/default/hsrp0.pcap.out | 12 +- test/results/default/hsrp2.pcap.out | 12 +- test/results/default/hsrp2_ipv6.pcapng.out | 12 +- test/results/default/http-basic-auth.pcap.out | 12 +- .../http-crash-content-disposition.pcap.out | 12 +- test/results/default/http-lines-split.pcap.out | 12 +- test/results/default/http-manipulated.pcap.out | 14 +- test/results/default/http-proxy.pcapng.out | 12 +- test/results/default/http-pwd.pcapng.out | 12 +- test/results/default/http.pcapng.out | 12 +- test/results/default/http2.pcapng.out | 12 +- test/results/default/http_asymmetric.pcapng.out | 12 +- test/results/default/http_auth.pcap.out | 12 +- test/results/default/http_connect.pcap.out | 16 +- .../http_guessed_host_and_guessed.pcapng.out | 18 +- test/results/default/http_invalid_server.pcap.out | 12 +- test/results/default/http_ipv6.pcap.out | 56 +- test/results/default/http_on_sip_port.pcap.out | 12 +- .../http_origin_different_than_host.pcap.out | 12 +- .../default/http_starting_with_reply.pcapng.out | 12 +- .../http_ua_splitted_in_two_pkts.pcapng.out | 12 +- test/results/default/i3d.pcap.out | 16 +- test/results/default/iax.pcap.out | 12 +- test/results/default/icmp-tunnel.pcap.out | 14 +- test/results/default/iec60780-5-104.pcap.out | 14 +- test/results/default/ieee_c37118.pcap.out | 14 +- test/results/default/imap-starttls.pcap.out | 12 +- test/results/default/imap.pcap.out | 12 +- test/results/default/imaps.pcap.out | 22 +- test/results/default/imo.pcap.out | 12 +- test/results/default/instagram.pcap.out | 66 +- .../results/default/ip_fragmented_garbage.pcap.out | 12 +- test/results/default/iphone.pcap.out | 86 +- test/results/default/ipp.pcap.out | 12 +- test/results/default/ipsec_isakmp_esp.pcap.out | 32 +- test/results/default/ipv6_in_gtp.pcap.out | 14 +- test/results/default/iqiyi.pcap.out | 12 +- test/results/default/irc.pcap.out | 12 +- test/results/default/iso9506-1-mms.pcap.out | 12 +- .../default/ja3_lots_of_cipher_suites.pcap.out | 12 +- .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 12 +- test/results/default/jabber.pcap.out | 28 +- test/results/default/jrmi.pcap.out | 12 +- test/results/default/jsonrpc.pcap.out | 12 +- test/results/default/kafka.pcapng.out | 28 +- test/results/default/kcp.pcap.out | 12 +- test/results/default/kerberos-error.pcap.out | 12 +- test/results/default/kerberos-login.pcap.out | 14 +- test/results/default/kerberos.pcap.out | 12 +- test/results/default/kerberos_fuzz.pcapng.out | 12 +- test/results/default/kismet.pcap.out | 12 +- test/results/default/knxip.pcapng.out | 12 +- test/results/default/ldp.pcap.out | 12 +- test/results/default/line.pcap.out | 20 +- .../results/default/linecall_falsepositve.pcap.out | 12 +- test/results/default/lisp_registration.pcap.out | 12 +- test/results/default/log4j-webapp-exploit.pcap.out | 14 +- test/results/default/lol_wild_rift_udp.pcap.out | 20 +- test/results/default/long_tls_certificate.pcap.out | 22 +- test/results/default/lru_ipv6_caches.pcapng.out | 36 +- test/results/default/lustre.pcapng.out | 10 +- test/results/default/malformed_dns.pcap.out | 12 +- test/results/default/malformed_icmp.pcap.out | 12 +- test/results/default/malware.pcap.out | 32 +- test/results/default/memcached.cap.out | 12 +- test/results/default/merakicloud.pcapng.out | 12 +- test/results/default/mgcp.pcap.out | 20 +- test/results/default/mikrotik_mndp.pcap.out | 31 + test/results/default/mining.pcapng.out | 16 +- test/results/default/modbus.pcap.out | 12 +- test/results/default/monero.pcap.out | 12 +- .../default/mongo_false_positive.pcapng.out | 12 +- test/results/default/mongodb.pcap.out | 20 +- test/results/default/mpeg-dash.pcap.out | 14 +- test/results/default/mpeg.pcap.out | 22 +- test/results/default/mpegts.pcap.out | 12 +- test/results/default/mqtt.pcap.out | 12 +- test/results/default/mssql_tds.pcap.out | 16 +- test/results/default/mullvad_dns.pcap.out | 12 +- test/results/default/mullvad_wireguard.pcap.out | 12 +- test/results/default/mumble.pcapng.out | 20 +- test/results/default/munin.pcap.out | 18 +- test/results/default/mysql.pcapng.out | 14 +- test/results/default/nano.pcapng.out | 12 +- test/results/default/natpmp.pcap.out | 14 +- test/results/default/nats.pcap.out | 12 +- test/results/default/naver.pcap.out | 28 +- ...ndpi_match_string_subprotocol__error.pcapng.out | 14 +- test/results/default/nest_log_sink.pcap.out | 34 +- test/results/default/netbios.pcap.out | 24 +- .../default/netbios_wildcard_dns_query.pcap.out | 12 +- test/results/default/netease_games.pcapng.out | 24 +- test/results/default/netflix.pcap.out | 124 +- test/results/default/netflow-fritz.pcap.out | 12 +- test/results/default/netflowv9.pcap.out | 12 +- test/results/default/nfsv2.pcap.out | 12 +- test/results/default/nfsv3.pcap.out | 12 +- test/results/default/nintendo.pcap.out | 24 +- test/results/default/nntp.pcap.out | 12 +- test/results/default/no_sni.pcap.out | 56 +- test/results/default/nomachine.pcapng.out | 12 +- test/results/default/ocs.pcap.out | 22 +- test/results/default/ocsp.pcapng.out | 20 +- test/results/default/oicq.pcap.out | 38 +- test/results/default/ookla.pcap.out | 22 +- test/results/default/opc-ua.pcap.out | 12 +- test/results/default/openflow.pcap.out | 12 +- test/results/default/openvpn-tlscrypt.pcap.out | 12 +- test/results/default/openvpn.pcap.out | 48 +- test/results/default/openvpn_nohmac.pcapng.out | 12 +- test/results/default/openvpn_nohmac_tcp.pcapng.out | 12 +- test/results/default/openvpn_obfuscated.pcapng.out | 14 +- test/results/default/openwire.pcapng.out | 12 +- test/results/default/opera-vpn.pcapng.out | 258 ++-- test/results/default/oracle12.pcapng.out | 12 +- test/results/default/os_detected.pcapng.out | 14 +- .../results/default/ospfv2_add_new_prefix.pcap.out | 12 +- .../default/ossfuzz_seed_fake_traces_1.pcapng.out | 22 +- .../default/ossfuzz_seed_fake_traces_2.pcapng.out | 18 +- .../default/ossfuzz_seed_fake_traces_3.pcapng.out | 12 +- .../default/ossfuzz_seed_fake_traces_4.pcapng.out | 12 +- test/results/default/paltalk.pcapng.out | 18 +- test/results/default/path_of_exile.pcapng.out | 50 +- test/results/default/pfcp.pcapng.out | 12 +- test/results/default/pgm.pcap.out | 12 +- test/results/default/pgsql.pcap.out | 14 +- test/results/default/pgsql2.pcapng.out | 12 +- test/results/default/pia.pcap.out | 22 +- test/results/default/pim.pcap.out | 12 +- test/results/default/pinterest.pcap.out | 130 +- test/results/default/pluralsight.pcap.out | 44 +- test/results/default/pop3.pcap.out | 14 +- test/results/default/pop3_stls.pcap.out | 24 +- test/results/default/pops.pcapng.out | 12 +- test/results/default/portable_executable.pcap.out | 16 +- test/results/default/pptp.pcap.out | 12 +- test/results/default/profinet-io-le.pcap.out | 12 +- test/results/default/protobuf.pcap.out | 20 +- test/results/default/protonvpn.pcap.out | 22 +- test/results/default/psiphon3.pcap.out | 20 +- test/results/default/ptpv2.pcap.out | 12 +- test/results/default/punycode-idn.pcap.out | 12 +- test/results/default/quic-23.pcap.out | 14 +- test/results/default/quic-24.pcap.out | 14 +- test/results/default/quic-27.pcap.out | 14 +- test/results/default/quic-28.pcap.out | 14 +- test/results/default/quic-29.pcap.out | 14 +- test/results/default/quic-33.pcapng.out | 14 +- test/results/default/quic-34.pcap.out | 14 +- .../default/quic-forcing-vn-with-data.pcapng.out | 14 +- test/results/default/quic-fuzz-overflow.pcapng.out | 12 +- test/results/default/quic-mvfst-22.pcap.out | 12 +- .../quic-mvfst-22_decryption_error.pcap.out | 12 +- test/results/default/quic-mvfst-27.pcapng.out | 12 +- test/results/default/quic-mvfst-exp.pcap.out | 14 +- test/results/default/quic-v2.pcapng.out | 14 +- test/results/default/quic.pcap.out | 34 +- test/results/default/quic046.pcap.out | 14 +- test/results/default/quic_0RTT.pcap.out | 18 +- test/results/default/quic_cc_ack.pcapng.out | 12 +- .../default/quic_crypto_aes_auth_size.pcap.out | 16 +- .../quic_frags_ch_in_multiple_packets.pcapng.out | 14 +- ...h_out_of_order_same_packet_craziness.pcapng.out | 286 ++--- .../default/quic_frags_different_dcid.pcapng.out | 14 +- test/results/default/quic_interop_V.pcapng.out | 28 +- test/results/default/quic_q39.pcap.out | 14 +- test/results/default/quic_q43.pcap.out | 12 +- test/results/default/quic_q46.pcap.out | 14 +- test/results/default/quic_q46_b.pcap.out | 14 +- test/results/default/quic_q50.pcap.out | 14 +- test/results/default/quic_sh.pcap.out | 12 +- test/results/default/quic_t50.pcap.out | 14 +- test/results/default/quic_t51.pcap.out | 14 +- test/results/default/quickplay.pcap.out | 16 +- .../default/radius_false_positive.pcapng.out | 12 +- test/results/default/radmin3.pcapng.out | 12 +- test/results/default/raft.pcap.out | 12 +- test/results/default/raknet.pcap.out | 14 +- test/results/default/rdp.pcap.out | 12 +- test/results/default/rdp2.pcap.out | 16 +- test/results/default/rdp3.pcap.out | 12 +- test/results/default/rdp_over_tls.pcap.out | 20 +- test/results/default/reasm_crash_anon.pcapng.out | 16 +- test/results/default/reasm_segv_anon.pcapng.out | 12 +- test/results/default/reddit.pcap.out | 300 ++--- test/results/default/resp.pcap.out | 12 +- test/results/default/riot.pcapng.out | 20 +- test/results/default/riotgames.pcap.out | 28 +- test/results/default/ripe_atlas.pcap.out | 20 +- test/results/default/rmcp.pcap.out | 16 +- test/results/default/roblox.pcapng.out | 20 +- test/results/default/roughtime.pcap.out | 14 +- .../default/rsh-syslog-false-positive.pcap.out | 12 +- test/results/default/rsh.pcap.out | 12 +- test/results/default/rsync.pcap.out | 12 +- ...tcp_multiple_pkts_in_the_same_datagram.pcap.out | 12 +- test/results/default/rtmp.pcap.out | 14 +- test/results/default/rtp.pcapng.out | 20 +- test/results/default/rtps.pcap.out | 12 +- test/results/default/rtsp.pcap.out | 12 +- test/results/default/rtsp_setup_http.pcapng.out | 12 +- test/results/default/rx.pcap.out | 12 +- test/results/default/s7comm-plus.pcap.out | 12 +- test/results/default/s7comm.pcap.out | 12 +- test/results/default/safari.pcap.out | 44 +- test/results/default/salesforce.pcap.out | 22 +- .../default/sccp_hw_conf_register.pcapng.out | 12 +- test/results/default/sctp.cap.out | 12 +- test/results/default/selfsigned.pcap.out | 20 +- test/results/default/sflow.pcap.out | 12 +- test/results/default/shadowsocks.pcap.out | 12 +- test/results/default/shell.pcap.out | 12 +- test/results/default/signal.pcap.out | 80 +- test/results/default/signal_audiocall.pcapng.out | 59 + test/results/default/signal_multiparty.pcapng.out | 28 + test/results/default/signal_videocall.pcapng.out | 49 + .../default/signal_videocall_multiparty.pcapng.out | 29 + test/results/default/simple-dnscrypt.pcap.out | 36 +- test/results/default/sip.pcap.out | 22 +- test/results/default/sip_hello.pcapng.out | 14 +- test/results/default/sites.pcapng.out | 298 ++--- test/results/default/sites2.pcapng.out | 63 +- test/results/default/skinny.pcap.out | 22 +- .../results/default/skype-conference-call.pcap.out | 22 +- test/results/default/smb_deletefile.pcap.out | 12 +- test/results/default/smb_frags.pcap.out | 12 +- test/results/default/smbv1.pcap.out | 12 +- test/results/default/smpp_in_general.pcap.out | 12 +- test/results/default/smtp-starttls.pcap.out | 24 +- test/results/default/smtp.pcap.out | 12 +- test/results/default/smtps.pcapng.out | 12 +- test/results/default/snapchat.pcap.out | 28 +- test/results/default/snapchat_call.pcapng.out | 12 +- test/results/default/snapchat_call_v1.pcapng.out | 16 +- test/results/default/snmp.pcap.out | 18 +- test/results/default/soap.pcap.out | 14 +- test/results/default/socks.pcap.out | 14 +- test/results/default/softether.pcap.out | 34 +- test/results/default/someip-tp.pcap.out | 12 +- .../default/someip-udp-method-call.pcapng.out | 12 +- test/results/default/someip_sd_sample.pcap.out | 12 +- test/results/default/sonos.pcapng.out | 20 +- test/results/default/source_engine.pcap.out | 30 +- test/results/default/spotify_tcp.pcap.out | 10 +- test/results/default/sql_injection.pcap.out | 12 +- test/results/default/srvloc-v1.pcapng.out | 12 +- test/results/default/srvloc.pcap.out | 818 ++++++------ test/results/default/ssdp-m-search-ua.pcap.out | 12 +- test/results/default/ssdp-m-search.pcap.out | 12 +- test/results/default/ssh.pcap.out | 14 +- test/results/default/ssh_unidirectional.pcap.out | 12 +- .../default/ssl-cert-name-mismatch.pcap.out | 22 +- test/results/default/starcraft_battle.pcap.out | 16 +- test/results/default/steam.pcapng.out | 28 +- test/results/default/stomp.pcapng.out | 12 +- test/results/default/stun.pcap.out | 70 +- test/results/default/stun_classic.pcap.out | 20 +- test/results/default/stun_dtls_rtp.pcapng.out | 24 +- .../default/stun_dtls_rtp_unidir.pcapng.out | 24 +- .../stun_dtls_unidirectional_client.pcap.out | 18 +- .../stun_dtls_unidirectional_server.pcap.out | 18 +- test/results/default/stun_google_meet.pcapng.out | 40 +- .../results/default/stun_msteams_unidir.pcapng.out | 20 +- test/results/default/stun_signal.pcapng.out | 114 +- test/results/default/stun_signal_tcp.pcapng.out | 28 + .../stun_tcp_multiple_msgs_same_pkt.pcap.out | 18 +- test/results/default/stun_wa_call.pcapng.out | 80 +- test/results/default/stun_zoom.pcapng.out | 34 +- test/results/default/syncthing.pcap.out | 12 +- test/results/default/synscan.pcap.out | 34 +- test/results/default/syslog.pcap.out | 30 +- test/results/default/tailscale.pcap.out | 12 +- .../targusdataspeed_false_positives.pcap.out | 10 +- test/results/default/tcp_scan.pcapng.out | 30 +- test/results/default/teams.pcap.out | 236 ++-- test/results/default/teamspeak3.pcap.out | 208 +-- test/results/default/teamviewer.pcap.out | 12 +- test/results/default/telegram.pcap.out | 20 +- test/results/default/telegram_videocall.pcapng.out | 74 +- .../default/telegram_videocall_2.pcapng.out | 80 ++ test/results/default/telegram_voice.pcapng.out | 97 ++ test/results/default/telnet.pcap.out | 12 +- test/results/default/tencent_games.pcap.out | 16 +- test/results/default/teredo.pcap.out | 12 +- test/results/default/teso.pcapng.out | 14 +- test/results/default/tftp.pcap.out | 18 +- test/results/default/threema.pcap.out | 18 +- test/results/default/thrift.pcap.out | 14 +- test/results/default/tinc.pcap.out | 12 +- test/results/default/tk.pcap.out | 12 +- test/results/default/tls-appdata.pcap.out | 20 +- test/results/default/tls-esni-fuzzed.pcap.out | 28 +- test/results/default/tls-rdn-extract.pcap.out | 22 +- .../tls_1.2_unidirectional_client.pcapng.out | 18 +- ...ls_1.2_unidirectional_client_no_cert.pcapng.out | 18 +- .../tls_1.2_unidirectional_server.pcapng.out | 16 +- ...ls_1.2_unidirectional_server_no_cert.pcapng.out | 18 +- .../tls_1.3_unidirectional_client.pcapng.out | 18 +- .../tls_1.3_unidirectional_server.pcapng.out | 18 +- test/results/default/tls_2_reasms.pcapng.out | 18 +- test/results/default/tls_2_reasms_b.pcapng.out | 16 +- test/results/default/tls_alert.pcap.out | 22 +- .../default/tls_certificate_too_long.pcap.out | 44 +- test/results/default/tls_change_cipher.pcap.out | 12 +- test/results/default/tls_cipher_lens.pcap.out | 26 +- ..._certificate_with_missing_server_one.pcapng.out | 18 +- test/results/default/tls_ech.pcapng.out | 20 +- test/results/default/tls_esni_sni_both.pcap.out | 24 +- .../results/default/tls_false_positives.pcapng.out | 12 +- .../default/tls_heur__shadowsocks-tcp.pcapng.out | 16 +- .../default/tls_heur__trojan-tcp-tls.pcapng.out | 20 +- .../default/tls_heur__vmess-tcp-tls.pcapng.out | 24 +- .../results/default/tls_heur__vmess-tcp.pcapng.out | 16 +- .../default/tls_heur__vmess-websocket.pcapng.out | 26 +- test/results/default/tls_invalid_reads.pcap.out | 26 +- test/results/default/tls_long_cert.pcap.out | 22 +- test/results/default/tls_malicious_sha1.pcapng.out | 22 +- test/results/default/tls_missing_ch_frag.pcap.out | 14 +- .../tls_multiple_synack_different_seq.pcapng.out | 22 +- test/results/default/tls_port_80.pcapng.out | 20 +- test/results/default/tls_torrent.pcapng.out | 18 +- test/results/default/tls_unidirectional.pcap.out | 12 +- .../default/tls_verylong_certificate.pcap.out | 22 +- test/results/default/tls_with_huge_ch.pcapng.out | 16 +- test/results/default/toca-boca.pcap.out | 32 +- test/results/default/tor.pcap.out | 48 +- test/results/default/tplink_shp.pcap.out | 18 +- test/results/default/trdp.pcapng.out | 12 +- test/results/default/trickbot.pcap.out | 12 +- test/results/default/tumblr.pcap.out | 50 +- test/results/default/tunnelbear.pcap.out | 94 +- test/results/default/tuya_lp.pcap.out | 12 +- test/results/default/ubntac2.pcap.out | 12 +- test/results/default/uftp_v4_v5.pcap.out | 14 +- test/results/default/ultrasurf.pcap.out | 20 +- test/results/default/umas.pcap.out | 12 +- test/results/default/upnp.pcap.out | 12 +- test/results/default/viber.pcap.out | 56 +- test/results/default/vivox.pcapng.out | 31 + test/results/default/vk.pcapng.out | 20 +- test/results/default/vnc.pcap.out | 12 +- test/results/default/vrrp3.pcapng.out | 12 +- test/results/default/vxlan.pcap.out | 12 +- test/results/default/wa_video.pcap.out | 52 +- test/results/default/wa_voice.pcap.out | 62 +- test/results/default/waze.pcap.out | 110 +- test/results/default/webdav.pcap.out | 14 +- test/results/default/webex.pcap.out | 212 ++-- test/results/default/websocket-chisel-ssh.pcap.out | 32 + test/results/default/websocket.pcap.out | 12 +- test/results/default/wechat.pcap.out | 206 +-- test/results/default/weibo.pcap.out | 14 +- test/results/default/whatsapp.pcap.out | 132 +- test/results/default/whatsapp_login_call.pcap.out | 150 +-- test/results/default/whatsapp_login_chat.pcap.out | 12 +- .../default/whatsapp_voice_and_message.pcap.out | 28 +- test/results/default/whatsappfiles.pcap.out | 22 +- test/results/default/whois.pcapng.out | 20 +- .../default/windowsupdate_over_http.pcap.out | 10 +- test/results/default/windscribe.pcapng.out | 20 +- test/results/default/wireguard.pcap.out | 14 +- test/results/default/wow.pcap.out | 14 +- test/results/default/xdmcp.pcap.out | 12 +- test/results/default/xiaomi.pcap.out | 24 +- test/results/default/xss.pcap.out | 12 +- test/results/default/yandex.pcapng.out | 52 +- test/results/default/yojimbo.pcap.out | 12 +- test/results/default/youtube_quic.pcap.out | 18 +- test/results/default/youtubeupload.pcap.out | 22 +- test/results/default/z3950.pcapng.out | 14 +- test/results/default/zabbix.pcap.out | 14 +- test/results/default/zattoo.pcap.out | 16 +- test/results/default/zoom.pcap.out | 80 +- test/results/default/zoom2.pcap.out | 18 +- test/results/default/zoom_p2p.pcapng.out | 20 +- test/results/default/zug.pcap.out | 20 +- test/results/disable_aggressiveness/ookla.pcap.out | 22 +- test/results/disable_metadata/sip.pcap.out | 74 -- .../tls_verylong_certificate.pcap.out | 29 - .../disable_metadata_and_flowrisks/sip.pcap.out | 74 ++ .../tls_verylong_certificate.pcap.out | 29 + .../disable_protocols/dns_long_domainname.pcap.out | 12 +- .../results/disable_protocols/pluralsight.pcap.out | 44 +- .../disable_protocols/quic-mvfst-27.pcapng.out | 12 +- test/results/disable_protocols/soap.pcap.out | 14 +- test/results/disable_use_client_ip/bot.pcap.out | 12 +- .../disable_use_client_port/iphone.pcap.out | 86 +- .../dns_process_response_disable/dns.pcap.out | 14 +- .../dns.pcap.out | 14 +- test/results/enable_doh_heuristic/doh.pcapng.out | 18 +- test/results/enable_payload_stat/1kxun.pcap.out | 76 +- .../results/flow-analyse/caches_cfg/ookla.pcap.out | 2 +- .../results/flow-analyse/caches_cfg/teams.pcap.out | 4 +- .../flow-analyse/caches_global/bittorrent.pcap.out | 2 +- .../caches_global/lru_ipv6_caches.pcapng.out | 2 +- .../flow-analyse/caches_global/mining.pcapng.out | 2 +- .../flow-analyse/caches_global/ookla.pcap.out | 2 +- .../flow-analyse/caches_global/teams.pcap.out | 6 +- .../flow-analyse/caches_global/zoom_p2p.pcapng.out | 2 +- test/results/flow-analyse/default/1kxun.pcap.out | 2 +- .../flow-analyse/default/443-chrome.pcap.out | 2 +- .../results/flow-analyse/default/443-curl.pcap.out | 2 +- .../flow-analyse/default/443-firefox.pcap.out | 2 +- test/results/flow-analyse/default/443-git.pcap.out | 2 +- .../results/flow-analyse/default/443-opvn.pcap.out | 2 +- .../flow-analyse/default/443-safari.pcap.out | 2 +- .../flow-analyse/default/4in4tunnel.pcap.out | 2 +- .../flow-analyse/default/4in6tunnel.pcap.out | 2 +- .../flow-analyse/default/6in4tunnel.pcap.out | 2 +- .../flow-analyse/default/6in6tunnel.pcap.out | 2 +- .../default/BGP_Cisco_hdlc_slarp.pcap.out | 2 +- .../flow-analyse/default/BGP_redist.pcap.out | 2 +- test/results/flow-analyse/default/EAQ.pcap.out | 2 +- .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 2 +- test/results/flow-analyse/default/IEC104.pcap.out | 2 +- .../flow-analyse/default/KakaoTalk_chat.pcap.out | 2 +- .../flow-analyse/default/KakaoTalk_talk.pcap.out | 2 +- test/results/flow-analyse/default/NTPv2.pcap.out | 2 +- test/results/flow-analyse/default/NTPv3.pcap.out | 2 +- test/results/flow-analyse/default/NTPv4.pcap.out | 2 +- test/results/flow-analyse/default/Oscar.pcap.out | 2 +- test/results/flow-analyse/default/TivoDVR.pcap.out | 2 +- .../flow-analyse/default/WebattackRCE.pcap.out | 2 +- .../flow-analyse/default/WebattackSQLinj.pcap.out | 2 +- .../flow-analyse/default/WebattackXSS.pcap.out | 2 +- .../flow-analyse/default/activision.pcap.out | 2 +- .../flow-analyse/default/adult_content.pcap.out | 2 +- test/results/flow-analyse/default/afp.pcap.out | 2 +- .../flow-analyse/default/agora-sd-rtn.pcap.out | 2 +- test/results/flow-analyse/default/ah.pcapng.out | 2 +- test/results/flow-analyse/default/ajp.pcap.out | 2 +- .../flow-analyse/default/alexa-app.pcapng.out | 8 +- .../results/flow-analyse/default/alicloud.pcap.out | 2 +- .../results/flow-analyse/default/among_us.pcap.out | 2 +- test/results/flow-analyse/default/amqp.pcap.out | 2 +- test/results/flow-analyse/default/android.pcap.out | 2 +- .../flow-analyse/default/anyconnect-vpn.pcap.out | 2 +- .../flow-analyse/default/anydesk.pcapng.out | 2 +- test/results/flow-analyse/default/atg.pcap.out | 2 +- test/results/flow-analyse/default/avast.pcap.out | 2 +- .../default/avast_securedns.pcapng.out | 2 +- test/results/flow-analyse/default/bacnet.pcap.out | 2 +- .../flow-analyse/default/bad-dns-traffic.pcap.out | 2 +- .../flow-analyse/default/badpackets.pcap.out | 2 +- .../flow-analyse/default/beckhoff_ads.pcapng.out | 2 +- test/results/flow-analyse/default/bets.pcapng.out | 2 +- test/results/flow-analyse/default/bfcp.pcapng.out | 2 +- test/results/flow-analyse/default/bfd.pcap.out | 2 +- test/results/flow-analyse/default/bitcoin.pcap.out | 2 +- .../flow-analyse/default/bittorrent.pcap.out | 2 +- .../default/bittorrent_tcp_miss.pcapng.out | 2 +- .../flow-analyse/default/bittorrent_utp.pcap.out | 2 +- test/results/flow-analyse/default/bjnp.pcap.out | 2 +- test/results/flow-analyse/default/bot.pcap.out | 2 +- test/results/flow-analyse/default/bt-dns.pcap.out | 2 +- .../flow-analyse/default/bt-http.pcapng.out | 2 +- .../flow-analyse/default/bt_search.pcap.out | 2 +- test/results/flow-analyse/default/c1222.pcapng.out | 2 +- .../flow-analyse/default/cachefly.pcapng.out | 2 +- test/results/flow-analyse/default/can.pcap.out | 2 +- test/results/flow-analyse/default/capwap.pcap.out | 2 +- .../flow-analyse/default/capwap_data.pcapng.out | 2 +- .../flow-analyse/default/cassandra.pcap.out | 2 +- test/results/flow-analyse/default/ceph.pcap.out | 2 +- .../flow-analyse/default/check_mk_new.pcap.out | 2 +- test/results/flow-analyse/default/chrome.pcap.out | 2 +- test/results/flow-analyse/default/cip_io.pcap.out | 2 +- test/results/flow-analyse/default/citrix.pcap.out | 2 +- .../flow-analyse/default/cloudflare-warp.pcap.out | 2 +- .../results/flow-analyse/default/cnp_ip.pcapng.out | 2 +- .../flow-analyse/default/coap_mqtt.pcap.out | 2 +- test/results/flow-analyse/default/codm.pcap.out | 2 +- .../results/flow-analyse/default/collectd.pcap.out | 2 +- .../flow-analyse/default/conncheck.pcap.out | 2 +- test/results/flow-analyse/default/corba.pcap.out | 2 +- test/results/flow-analyse/default/cpha.pcap.out | 2 +- .../default/crawler_false_positive.pcapng.out | 2 +- test/results/flow-analyse/default/crynet.pcap.out | 2 +- .../default/custom_categories.pcapng.out | 2 +- .../default/custom_risk_mask.pcapng.out | 2 +- .../default/custom_rules_ipv6.pcapng.out | 2 +- .../custom_rules_same-ip_multiple_ports.pcapng.out | 2 +- test/results/flow-analyse/default/dazn.pcapng.out | 2 +- test/results/flow-analyse/default/dcerpc.pcap.out | 2 +- .../flow-analyse/default/dhcp-fuzz.pcapng.out | 2 +- .../results/flow-analyse/default/diameter.pcap.out | 2 +- test/results/flow-analyse/default/dicom.pcap.out | 3 + .../results/flow-analyse/default/dingtalk.pcap.out | 2 +- test/results/flow-analyse/default/discord.pcap.out | 2 +- .../flow-analyse/default/discord_mid_flow.pcap.out | 2 +- test/results/flow-analyse/default/dlep.pcapng.out | 2 +- test/results/flow-analyse/default/dlms.pcap.out | 2 +- test/results/flow-analyse/default/dlt_ppp.pcap.out | 2 +- test/results/flow-analyse/default/dnp3.pcap.out | 2 +- test/results/flow-analyse/default/dns-exf.pcap.out | 2 +- .../default/dns-google-nsid.pcapng.out | 2 +- .../default/dns-invalid-chars.pcap.out | 2 +- .../default/dns-tunnel-iodine.pcap.out | 2 +- test/results/flow-analyse/default/dns.pcap.out | 2 +- .../flow-analyse/default/dns2tcp_tunnel.pcap.out | 2 +- .../default/dns_ambiguous_names.pcap.out | 2 +- test/results/flow-analyse/default/dns_doh.pcap.out | 2 +- test/results/flow-analyse/default/dns_dot.pcap.out | 2 +- .../flow-analyse/default/dns_exfiltration.pcap.out | 2 +- .../flow-analyse/default/dns_fragmented.pcap.out | 2 +- .../default/dns_invert_query.pcapng.out | 2 +- .../default/dns_long_domainname.pcap.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- .../flow-analyse/default/dnscrypt-v2-doh.pcap.out | 2 +- .../flow-analyse/default/dnscrypt-v2.pcap.out | 2 +- .../dnscrypt_skype_false_positive.pcapng.out | 2 +- test/results/flow-analyse/default/doh.pcapng.out | 2 +- test/results/flow-analyse/default/doq.pcapng.out | 2 +- .../flow-analyse/default/doq_adguard.pcapng.out | 2 +- .../default/dos_win98_smb_netbeui.pcap.out | 2 +- test/results/flow-analyse/default/dotenv.pcap.out | 2 +- .../results/flow-analyse/default/drda_db2.pcap.out | 2 +- test/results/flow-analyse/default/dropbox.pcap.out | 2 +- test/results/flow-analyse/default/dtls.pcap.out | 2 +- test/results/flow-analyse/default/dtls2.pcap.out | 2 +- .../default/dtls_certificate.pcapng.out | 2 +- .../default/dtls_certificate_fragments.pcap.out | 2 +- .../default/dtls_mid_sessions.pcapng.out | 2 +- .../default/dtls_old_version.pcapng.out | 2 +- .../dtls_session_id_and_coockie_both.pcap.out | 2 +- test/results/flow-analyse/default/edonkey.pcap.out | 2 +- test/results/flow-analyse/default/egd.pcapng.out | 2 +- .../flow-analyse/default/elasticsearch.pcap.out | 2 +- test/results/flow-analyse/default/elf.pcap.out | 2 +- test/results/flow-analyse/default/emotet.pcap.out | 2 +- .../flow-analyse/default/encrypted_sni.pcap.out | 2 +- .../flow-analyse/default/epicgames.pcapng.out | 2 +- test/results/flow-analyse/default/esp.pcapng.out | 2 +- .../results/flow-analyse/default/ethereum.pcap.out | 2 +- .../flow-analyse/default/ethernetIP.pcap.out | 2 +- .../flow-analyse/default/ethersbus.pcap.out | 2 +- .../results/flow-analyse/default/ethersio.pcap.out | 2 +- .../flow-analyse/default/exe_download.pcap.out | 2 +- .../default/exe_download_as_png.pcap.out | 2 +- .../results/flow-analyse/default/facebook.pcap.out | 2 +- .../default/false_positives.pcapng.out | 2 +- test/results/flow-analyse/default/fastcgi.pcap.out | 2 +- test/results/flow-analyse/default/fins.pcap.out | 2 +- test/results/flow-analyse/default/firefox.pcap.out | 2 +- test/results/flow-analyse/default/fix.pcap.out | 2 +- test/results/flow-analyse/default/fix2.pcap.out | 2 +- test/results/flow-analyse/default/flute.pcapng.out | 2 +- .../flow-analyse/default/forticlient.pcap.out | 2 +- .../flow-analyse/default/ftp-start-tls.pcap.out | 2 +- test/results/flow-analyse/default/ftp.pcap.out | 2 +- .../flow-analyse/default/ftp_failed.pcap.out | 2 +- .../default/fuzz-2006-06-26-2594.pcap.out | 2 +- .../default/fuzz-2006-09-29-28586.pcap.out | 2 +- .../default/fuzz-2020-02-16-11740.pcap.out | 2 +- .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out | 2 +- .../flow-analyse/default/fuzz-2021-10-13.pcap.out | 2 +- .../default/gaijin_mobile_mixed.pcap.out | 2 +- .../default/gaijin_warthunder.pcap.out | 2 +- test/results/flow-analyse/default/gearman.pcap.out | 2 +- .../flow-analyse/default/geforcenow.pcapng.out | 2 +- .../flow-analyse/default/genshin-impact.pcap.out | 2 +- test/results/flow-analyse/default/git.pcap.out | 2 +- .../results/flow-analyse/default/gnutella.pcap.out | 2 +- .../flow-analyse/default/google_chat.pcapng.out | 2 +- .../flow-analyse/default/google_meet.pcapng.out | 2 +- .../flow-analyse/default/google_ssl.pcap.out | 2 +- .../default/googledns_android10.pcap.out | 2 +- test/results/flow-analyse/default/gquic.pcap.out | 2 +- .../default/gquic_only_from_server.pcap.out | 2 +- test/results/flow-analyse/default/gre.pcapng.out | 2 +- test/results/flow-analyse/default/gtp_c.pcap.out | 2 +- .../default/gtp_false_positive.pcapng.out | 2 +- .../flow-analyse/default/gtp_prime.pcapng.out | 2 +- .../flow-analyse/default/h323-overflow.pcap.out | 2 +- test/results/flow-analyse/default/h323.pcap.out | 2 +- test/results/flow-analyse/default/haproxy.pcap.out | 2 +- test/results/flow-analyse/default/hart_ip.pcap.out | 2 +- .../default/heuristic_tcp_ack_payload.pcap.out | 2 +- test/results/flow-analyse/default/hislip.pcap.out | 2 +- test/results/flow-analyse/default/hl7.pcap.out | 2 +- test/results/flow-analyse/default/hls.pcapng.out | 2 +- test/results/flow-analyse/default/hots.pcapng.out | 2 +- .../flow-analyse/default/hpvirtgrp.pcap.out | 2 +- test/results/flow-analyse/default/hsrp0.pcap.out | 2 +- test/results/flow-analyse/default/hsrp2.pcap.out | 2 +- .../flow-analyse/default/hsrp2_ipv6.pcapng.out | 2 +- .../flow-analyse/default/http-basic-auth.pcap.out | 2 +- .../http-crash-content-disposition.pcap.out | 2 +- .../flow-analyse/default/http-lines-split.pcap.out | 2 +- .../flow-analyse/default/http-manipulated.pcap.out | 2 +- .../flow-analyse/default/http-proxy.pcapng.out | 2 +- .../flow-analyse/default/http-pwd.pcapng.out | 2 +- test/results/flow-analyse/default/http.pcapng.out | 2 +- test/results/flow-analyse/default/http2.pcapng.out | 2 +- .../default/http_asymmetric.pcapng.out | 2 +- .../flow-analyse/default/http_auth.pcap.out | 2 +- .../flow-analyse/default/http_connect.pcap.out | 2 +- .../http_guessed_host_and_guessed.pcapng.out | 2 +- .../default/http_invalid_server.pcap.out | 2 +- .../flow-analyse/default/http_ipv6.pcap.out | 2 +- .../flow-analyse/default/http_on_sip_port.pcap.out | 2 +- .../http_origin_different_than_host.pcap.out | 2 +- .../default/http_starting_with_reply.pcapng.out | 2 +- .../http_ua_splitted_in_two_pkts.pcapng.out | 2 +- test/results/flow-analyse/default/i3d.pcap.out | 2 +- test/results/flow-analyse/default/iax.pcap.out | 2 +- .../flow-analyse/default/icmp-tunnel.pcap.out | 2 +- .../flow-analyse/default/iec60780-5-104.pcap.out | 2 +- .../flow-analyse/default/ieee_c37118.pcap.out | 2 +- .../flow-analyse/default/imap-starttls.pcap.out | 2 +- test/results/flow-analyse/default/imap.pcap.out | 2 +- test/results/flow-analyse/default/imaps.pcap.out | 2 +- test/results/flow-analyse/default/imo.pcap.out | 2 +- .../flow-analyse/default/instagram.pcap.out | 2 +- .../default/ip_fragmented_garbage.pcap.out | 2 +- test/results/flow-analyse/default/iphone.pcap.out | 2 +- test/results/flow-analyse/default/ipp.pcap.out | 2 +- .../flow-analyse/default/ipsec_isakmp_esp.pcap.out | 2 +- .../flow-analyse/default/ipv6_in_gtp.pcap.out | 2 +- test/results/flow-analyse/default/iqiyi.pcap.out | 2 +- test/results/flow-analyse/default/irc.pcap.out | 2 +- .../flow-analyse/default/iso9506-1-mms.pcap.out | 2 +- .../default/ja3_lots_of_cipher_suites.pcap.out | 2 +- .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 2 +- test/results/flow-analyse/default/jabber.pcap.out | 2 +- test/results/flow-analyse/default/jrmi.pcap.out | 2 +- test/results/flow-analyse/default/jsonrpc.pcap.out | 2 +- test/results/flow-analyse/default/kafka.pcapng.out | 2 +- test/results/flow-analyse/default/kcp.pcap.out | 2 +- .../flow-analyse/default/kerberos-error.pcap.out | 2 +- .../flow-analyse/default/kerberos-login.pcap.out | 2 +- .../results/flow-analyse/default/kerberos.pcap.out | 2 +- .../flow-analyse/default/kerberos_fuzz.pcapng.out | 2 +- test/results/flow-analyse/default/kismet.pcap.out | 2 +- test/results/flow-analyse/default/knxip.pcapng.out | 2 +- test/results/flow-analyse/default/ldp.pcap.out | 2 +- test/results/flow-analyse/default/line.pcap.out | 2 +- .../default/linecall_falsepositve.pcap.out | 2 +- .../default/lisp_registration.pcap.out | 2 +- .../default/log4j-webapp-exploit.pcap.out | 2 +- .../default/lol_wild_rift_udp.pcap.out | 2 +- .../default/long_tls_certificate.pcap.out | 2 +- .../default/lru_ipv6_caches.pcapng.out | 2 +- .../results/flow-analyse/default/lustre.pcapng.out | 2 +- .../flow-analyse/default/malformed_dns.pcap.out | 2 +- .../flow-analyse/default/malformed_icmp.pcap.out | 2 +- test/results/flow-analyse/default/malware.pcap.out | 2 +- .../results/flow-analyse/default/memcached.cap.out | 2 +- .../flow-analyse/default/merakicloud.pcapng.out | 2 +- test/results/flow-analyse/default/mgcp.pcap.out | 2 +- .../flow-analyse/default/mikrotik_mndp.pcap.out | 3 + .../results/flow-analyse/default/mining.pcapng.out | 2 +- test/results/flow-analyse/default/modbus.pcap.out | 2 +- test/results/flow-analyse/default/monero.pcap.out | 2 +- .../default/mongo_false_positive.pcapng.out | 2 +- test/results/flow-analyse/default/mongodb.pcap.out | 2 +- .../flow-analyse/default/mpeg-dash.pcap.out | 2 +- test/results/flow-analyse/default/mpeg.pcap.out | 2 +- test/results/flow-analyse/default/mpegts.pcap.out | 2 +- test/results/flow-analyse/default/mqtt.pcap.out | 2 +- .../flow-analyse/default/mssql_tds.pcap.out | 2 +- .../flow-analyse/default/mullvad_dns.pcap.out | 2 +- .../default/mullvad_wireguard.pcap.out | 2 +- .../results/flow-analyse/default/mumble.pcapng.out | 2 +- test/results/flow-analyse/default/munin.pcap.out | 2 +- test/results/flow-analyse/default/mysql.pcapng.out | 2 +- test/results/flow-analyse/default/nano.pcapng.out | 2 +- test/results/flow-analyse/default/natpmp.pcap.out | 2 +- test/results/flow-analyse/default/nats.pcap.out | 2 +- test/results/flow-analyse/default/naver.pcap.out | 2 +- ...ndpi_match_string_subprotocol__error.pcapng.out | 2 +- .../flow-analyse/default/nest_log_sink.pcap.out | 2 +- test/results/flow-analyse/default/netbios.pcap.out | 2 +- .../default/netbios_wildcard_dns_query.pcap.out | 2 +- .../flow-analyse/default/netease_games.pcapng.out | 2 +- test/results/flow-analyse/default/netflix.pcap.out | 2 +- .../flow-analyse/default/netflow-fritz.pcap.out | 2 +- .../flow-analyse/default/netflowv9.pcap.out | 2 +- test/results/flow-analyse/default/nfsv2.pcap.out | 2 +- test/results/flow-analyse/default/nfsv3.pcap.out | 2 +- .../results/flow-analyse/default/nintendo.pcap.out | 2 +- test/results/flow-analyse/default/nntp.pcap.out | 2 +- test/results/flow-analyse/default/no_sni.pcap.out | 6 +- .../flow-analyse/default/nomachine.pcapng.out | 2 +- test/results/flow-analyse/default/ocs.pcap.out | 2 +- test/results/flow-analyse/default/ocsp.pcapng.out | 2 +- test/results/flow-analyse/default/oicq.pcap.out | 2 +- test/results/flow-analyse/default/ookla.pcap.out | 2 +- test/results/flow-analyse/default/opc-ua.pcap.out | 2 +- .../results/flow-analyse/default/openflow.pcap.out | 2 +- .../flow-analyse/default/openvpn-tlscrypt.pcap.out | 2 +- test/results/flow-analyse/default/openvpn.pcap.out | 2 +- .../flow-analyse/default/openvpn_nohmac.pcapng.out | 2 +- .../default/openvpn_nohmac_tcp.pcapng.out | 2 +- .../default/openvpn_obfuscated.pcapng.out | 2 +- .../flow-analyse/default/openwire.pcapng.out | 2 +- .../flow-analyse/default/opera-vpn.pcapng.out | 2 +- .../flow-analyse/default/oracle12.pcapng.out | 2 +- .../flow-analyse/default/os_detected.pcapng.out | 2 +- .../default/ospfv2_add_new_prefix.pcap.out | 2 +- .../default/ossfuzz_seed_fake_traces_1.pcapng.out | 2 +- .../default/ossfuzz_seed_fake_traces_2.pcapng.out | 2 +- .../default/ossfuzz_seed_fake_traces_3.pcapng.out | 2 +- .../default/ossfuzz_seed_fake_traces_4.pcapng.out | 2 +- .../flow-analyse/default/paltalk.pcapng.out | 2 +- .../flow-analyse/default/path_of_exile.pcapng.out | 2 +- test/results/flow-analyse/default/pfcp.pcapng.out | 2 +- test/results/flow-analyse/default/pgm.pcap.out | 2 +- test/results/flow-analyse/default/pgsql.pcap.out | 2 +- .../results/flow-analyse/default/pgsql2.pcapng.out | 2 +- test/results/flow-analyse/default/pia.pcap.out | 2 +- test/results/flow-analyse/default/pim.pcap.out | 2 +- .../flow-analyse/default/pinterest.pcap.out | 4 +- .../flow-analyse/default/pluralsight.pcap.out | 2 +- test/results/flow-analyse/default/pop3.pcap.out | 2 +- .../flow-analyse/default/pop3_stls.pcap.out | 4 +- test/results/flow-analyse/default/pops.pcapng.out | 2 +- .../default/portable_executable.pcap.out | 2 +- test/results/flow-analyse/default/pptp.pcap.out | 2 +- .../flow-analyse/default/profinet-io-le.pcap.out | 2 +- .../results/flow-analyse/default/protobuf.pcap.out | 2 +- .../flow-analyse/default/protonvpn.pcap.out | 2 +- .../results/flow-analyse/default/psiphon3.pcap.out | 2 +- test/results/flow-analyse/default/ptpv2.pcap.out | 2 +- .../flow-analyse/default/punycode-idn.pcap.out | 2 +- test/results/flow-analyse/default/quic-23.pcap.out | 2 +- test/results/flow-analyse/default/quic-24.pcap.out | 2 +- test/results/flow-analyse/default/quic-27.pcap.out | 2 +- test/results/flow-analyse/default/quic-28.pcap.out | 2 +- test/results/flow-analyse/default/quic-29.pcap.out | 2 +- .../flow-analyse/default/quic-33.pcapng.out | 2 +- test/results/flow-analyse/default/quic-34.pcap.out | 2 +- .../default/quic-forcing-vn-with-data.pcapng.out | 2 +- .../default/quic-fuzz-overflow.pcapng.out | 2 +- .../flow-analyse/default/quic-mvfst-22.pcap.out | 2 +- .../quic-mvfst-22_decryption_error.pcap.out | 2 +- .../flow-analyse/default/quic-mvfst-27.pcapng.out | 2 +- .../flow-analyse/default/quic-mvfst-exp.pcap.out | 2 +- .../flow-analyse/default/quic-v2.pcapng.out | 2 +- test/results/flow-analyse/default/quic.pcap.out | 2 +- test/results/flow-analyse/default/quic046.pcap.out | 2 +- .../flow-analyse/default/quic_0RTT.pcap.out | 2 +- .../flow-analyse/default/quic_cc_ack.pcapng.out | 2 +- .../default/quic_crypto_aes_auth_size.pcap.out | 2 +- .../quic_frags_ch_in_multiple_packets.pcapng.out | 2 +- ...h_out_of_order_same_packet_craziness.pcapng.out | 2 +- .../default/quic_frags_different_dcid.pcapng.out | 2 +- .../flow-analyse/default/quic_interop_V.pcapng.out | 2 +- .../results/flow-analyse/default/quic_q39.pcap.out | 2 +- .../results/flow-analyse/default/quic_q43.pcap.out | 2 +- .../results/flow-analyse/default/quic_q46.pcap.out | 2 +- .../flow-analyse/default/quic_q46_b.pcap.out | 2 +- .../results/flow-analyse/default/quic_q50.pcap.out | 2 +- test/results/flow-analyse/default/quic_sh.pcap.out | 2 +- .../results/flow-analyse/default/quic_t50.pcap.out | 2 +- .../results/flow-analyse/default/quic_t51.pcap.out | 2 +- .../flow-analyse/default/quickplay.pcap.out | 2 +- .../default/radius_false_positive.pcapng.out | 2 +- .../flow-analyse/default/radmin3.pcapng.out | 2 +- test/results/flow-analyse/default/raft.pcap.out | 2 +- test/results/flow-analyse/default/raknet.pcap.out | 2 +- test/results/flow-analyse/default/rdp.pcap.out | 2 +- test/results/flow-analyse/default/rdp2.pcap.out | 2 +- test/results/flow-analyse/default/rdp3.pcap.out | 2 +- .../flow-analyse/default/rdp_over_tls.pcap.out | 2 +- .../default/reasm_crash_anon.pcapng.out | 2 +- .../default/reasm_segv_anon.pcapng.out | 2 +- test/results/flow-analyse/default/reddit.pcap.out | 2 +- test/results/flow-analyse/default/resp.pcap.out | 2 +- test/results/flow-analyse/default/riot.pcapng.out | 2 +- .../flow-analyse/default/riotgames.pcap.out | 2 +- .../flow-analyse/default/ripe_atlas.pcap.out | 2 +- test/results/flow-analyse/default/rmcp.pcap.out | 2 +- .../results/flow-analyse/default/roblox.pcapng.out | 2 +- .../flow-analyse/default/roughtime.pcap.out | 2 +- .../default/rsh-syslog-false-positive.pcap.out | 2 +- test/results/flow-analyse/default/rsh.pcap.out | 2 +- test/results/flow-analyse/default/rsync.pcap.out | 2 +- ...tcp_multiple_pkts_in_the_same_datagram.pcap.out | 2 +- test/results/flow-analyse/default/rtmp.pcap.out | 2 +- test/results/flow-analyse/default/rtp.pcapng.out | 2 +- test/results/flow-analyse/default/rtps.pcap.out | 2 +- test/results/flow-analyse/default/rtsp.pcap.out | 2 +- .../default/rtsp_setup_http.pcapng.out | 2 +- test/results/flow-analyse/default/rx.pcap.out | 2 +- .../flow-analyse/default/s7comm-plus.pcap.out | 2 +- test/results/flow-analyse/default/s7comm.pcap.out | 2 +- test/results/flow-analyse/default/safari.pcap.out | 2 +- .../flow-analyse/default/salesforce.pcap.out | 2 +- .../default/sccp_hw_conf_register.pcapng.out | 2 +- test/results/flow-analyse/default/sctp.cap.out | 2 +- .../flow-analyse/default/selfsigned.pcap.out | 2 +- test/results/flow-analyse/default/sflow.pcap.out | 2 +- .../flow-analyse/default/shadowsocks.pcap.out | 2 +- test/results/flow-analyse/default/shell.pcap.out | 2 +- test/results/flow-analyse/default/signal.pcap.out | 2 +- .../default/signal_audiocall.pcapng.out | 5 + .../default/signal_multiparty.pcapng.out | 3 + .../default/signal_videocall.pcapng.out | 4 + .../default/signal_videocall_multiparty.pcapng.out | 4 + .../flow-analyse/default/simple-dnscrypt.pcap.out | 2 +- test/results/flow-analyse/default/sip.pcap.out | 2 +- .../flow-analyse/default/sip_hello.pcapng.out | 2 +- test/results/flow-analyse/default/sites.pcapng.out | 2 +- .../results/flow-analyse/default/sites2.pcapng.out | 2 +- test/results/flow-analyse/default/skinny.pcap.out | 2 +- .../default/skype-conference-call.pcap.out | 4 +- .../flow-analyse/default/smb_deletefile.pcap.out | 2 +- .../flow-analyse/default/smb_frags.pcap.out | 2 +- test/results/flow-analyse/default/smbv1.pcap.out | 2 +- .../flow-analyse/default/smpp_in_general.pcap.out | 2 +- .../flow-analyse/default/smtp-starttls.pcap.out | 4 +- test/results/flow-analyse/default/smtp.pcap.out | 2 +- test/results/flow-analyse/default/smtps.pcapng.out | 2 +- .../results/flow-analyse/default/snapchat.pcap.out | 2 +- .../flow-analyse/default/snapchat_call.pcapng.out | 2 +- .../default/snapchat_call_v1.pcapng.out | 2 +- test/results/flow-analyse/default/snmp.pcap.out | 2 +- test/results/flow-analyse/default/soap.pcap.out | 2 +- test/results/flow-analyse/default/socks.pcap.out | 2 +- .../flow-analyse/default/softether.pcap.out | 2 +- .../flow-analyse/default/someip-tp.pcap.out | 2 +- .../default/someip-udp-method-call.pcapng.out | 2 +- .../flow-analyse/default/someip_sd_sample.pcap.out | 2 +- test/results/flow-analyse/default/sonos.pcapng.out | 2 +- .../flow-analyse/default/source_engine.pcap.out | 2 +- .../flow-analyse/default/spotify_tcp.pcap.out | 2 +- .../flow-analyse/default/sql_injection.pcap.out | 2 +- .../flow-analyse/default/srvloc-v1.pcapng.out | 2 +- test/results/flow-analyse/default/srvloc.pcap.out | 2 +- .../flow-analyse/default/ssdp-m-search-ua.pcap.out | 2 +- .../flow-analyse/default/ssdp-m-search.pcap.out | 2 +- test/results/flow-analyse/default/ssh.pcap.out | 2 +- .../default/ssh_unidirectional.pcap.out | 2 +- .../default/ssl-cert-name-mismatch.pcap.out | 2 +- .../flow-analyse/default/starcraft_battle.pcap.out | 2 +- test/results/flow-analyse/default/steam.pcapng.out | 2 +- test/results/flow-analyse/default/stomp.pcapng.out | 2 +- test/results/flow-analyse/default/stun.pcap.out | 2 +- .../flow-analyse/default/stun_classic.pcap.out | 2 +- .../flow-analyse/default/stun_dtls_rtp.pcapng.out | 2 +- .../default/stun_dtls_rtp_unidir.pcapng.out | 2 +- .../stun_dtls_unidirectional_client.pcap.out | 2 +- .../stun_dtls_unidirectional_server.pcap.out | 2 +- .../default/stun_google_meet.pcapng.out | 2 +- .../default/stun_msteams_unidir.pcapng.out | 2 +- .../flow-analyse/default/stun_signal.pcapng.out | 2 +- .../default/stun_signal_tcp.pcapng.out | 4 + .../stun_tcp_multiple_msgs_same_pkt.pcap.out | 2 +- .../flow-analyse/default/stun_wa_call.pcapng.out | 2 +- .../flow-analyse/default/stun_zoom.pcapng.out | 2 +- .../flow-analyse/default/syncthing.pcap.out | 2 +- test/results/flow-analyse/default/synscan.pcap.out | 2 +- test/results/flow-analyse/default/syslog.pcap.out | 2 +- .../flow-analyse/default/tailscale.pcap.out | 2 +- .../targusdataspeed_false_positives.pcap.out | 2 +- .../flow-analyse/default/tcp_scan.pcapng.out | 2 +- test/results/flow-analyse/default/teams.pcap.out | 6 +- .../flow-analyse/default/teamspeak3.pcap.out | 2 +- .../flow-analyse/default/teamviewer.pcap.out | 2 +- .../results/flow-analyse/default/telegram.pcap.out | 2 +- .../default/telegram_videocall.pcapng.out | 2 +- .../default/telegram_videocall_2.pcapng.out | 5 + .../flow-analyse/default/telegram_voice.pcapng.out | 5 + test/results/flow-analyse/default/telnet.pcap.out | 2 +- .../flow-analyse/default/tencent_games.pcap.out | 2 +- test/results/flow-analyse/default/teredo.pcap.out | 2 +- test/results/flow-analyse/default/teso.pcapng.out | 2 +- test/results/flow-analyse/default/tftp.pcap.out | 2 +- test/results/flow-analyse/default/threema.pcap.out | 2 +- test/results/flow-analyse/default/thrift.pcap.out | 2 +- test/results/flow-analyse/default/tinc.pcap.out | 2 +- test/results/flow-analyse/default/tk.pcap.out | 2 +- .../flow-analyse/default/tls-appdata.pcap.out | 2 +- .../flow-analyse/default/tls-esni-fuzzed.pcap.out | 2 +- .../flow-analyse/default/tls-rdn-extract.pcap.out | 2 +- .../tls_1.2_unidirectional_client.pcapng.out | 2 +- ...ls_1.2_unidirectional_client_no_cert.pcapng.out | 2 +- .../tls_1.2_unidirectional_server.pcapng.out | 2 +- ...ls_1.2_unidirectional_server_no_cert.pcapng.out | 2 +- .../tls_1.3_unidirectional_client.pcapng.out | 2 +- .../tls_1.3_unidirectional_server.pcapng.out | 2 +- .../flow-analyse/default/tls_2_reasms.pcapng.out | 2 +- .../flow-analyse/default/tls_2_reasms_b.pcapng.out | 2 +- .../flow-analyse/default/tls_alert.pcap.out | 2 +- .../default/tls_certificate_too_long.pcap.out | 2 +- .../default/tls_change_cipher.pcap.out | 2 +- .../flow-analyse/default/tls_cipher_lens.pcap.out | 2 +- ..._certificate_with_missing_server_one.pcapng.out | 2 +- .../flow-analyse/default/tls_ech.pcapng.out | 2 +- .../default/tls_esni_sni_both.pcap.out | 2 +- .../default/tls_false_positives.pcapng.out | 2 +- .../default/tls_heur__shadowsocks-tcp.pcapng.out | 2 +- .../default/tls_heur__trojan-tcp-tls.pcapng.out | 2 +- .../default/tls_heur__vmess-tcp-tls.pcapng.out | 2 +- .../default/tls_heur__vmess-tcp.pcapng.out | 2 +- .../default/tls_heur__vmess-websocket.pcapng.out | 4 +- .../default/tls_invalid_reads.pcap.out | 2 +- .../flow-analyse/default/tls_long_cert.pcap.out | 2 +- .../default/tls_malicious_sha1.pcapng.out | 2 +- .../default/tls_missing_ch_frag.pcap.out | 2 +- .../tls_multiple_synack_different_seq.pcapng.out | 2 +- .../flow-analyse/default/tls_port_80.pcapng.out | 2 +- .../flow-analyse/default/tls_torrent.pcapng.out | 2 +- .../default/tls_unidirectional.pcap.out | 2 +- .../default/tls_verylong_certificate.pcap.out | 2 +- .../default/tls_with_huge_ch.pcapng.out | 2 +- .../flow-analyse/default/toca-boca.pcap.out | 2 +- test/results/flow-analyse/default/tor.pcap.out | 2 +- .../flow-analyse/default/tplink_shp.pcap.out | 2 +- test/results/flow-analyse/default/trdp.pcapng.out | 2 +- .../results/flow-analyse/default/trickbot.pcap.out | 2 +- test/results/flow-analyse/default/tumblr.pcap.out | 2 +- .../flow-analyse/default/tunnelbear.pcap.out | 2 +- test/results/flow-analyse/default/tuya_lp.pcap.out | 2 +- test/results/flow-analyse/default/ubntac2.pcap.out | 2 +- .../flow-analyse/default/uftp_v4_v5.pcap.out | 2 +- .../flow-analyse/default/ultrasurf.pcap.out | 2 +- test/results/flow-analyse/default/umas.pcap.out | 2 +- test/results/flow-analyse/default/upnp.pcap.out | 2 +- test/results/flow-analyse/default/viber.pcap.out | 2 +- test/results/flow-analyse/default/vivox.pcapng.out | 3 + test/results/flow-analyse/default/vk.pcapng.out | 2 +- test/results/flow-analyse/default/vnc.pcap.out | 2 +- test/results/flow-analyse/default/vrrp3.pcapng.out | 2 +- test/results/flow-analyse/default/vxlan.pcap.out | 2 +- .../results/flow-analyse/default/wa_video.pcap.out | 2 +- .../results/flow-analyse/default/wa_voice.pcap.out | 2 +- test/results/flow-analyse/default/waze.pcap.out | 2 +- test/results/flow-analyse/default/webdav.pcap.out | 2 +- test/results/flow-analyse/default/webex.pcap.out | 6 +- .../default/websocket-chisel-ssh.pcap.out | 3 + .../flow-analyse/default/websocket.pcap.out | 2 +- test/results/flow-analyse/default/wechat.pcap.out | 2 +- test/results/flow-analyse/default/weibo.pcap.out | 2 +- .../results/flow-analyse/default/whatsapp.pcap.out | 2 +- .../default/whatsapp_login_call.pcap.out | 8 +- .../default/whatsapp_login_chat.pcap.out | 2 +- .../default/whatsapp_voice_and_message.pcap.out | 2 +- .../flow-analyse/default/whatsappfiles.pcap.out | 2 +- test/results/flow-analyse/default/whois.pcapng.out | 2 +- .../default/windowsupdate_over_http.pcap.out | 2 +- .../flow-analyse/default/windscribe.pcapng.out | 2 +- .../flow-analyse/default/wireguard.pcap.out | 2 +- test/results/flow-analyse/default/wow.pcap.out | 2 +- test/results/flow-analyse/default/xdmcp.pcap.out | 2 +- test/results/flow-analyse/default/xiaomi.pcap.out | 2 +- test/results/flow-analyse/default/xss.pcap.out | 2 +- .../results/flow-analyse/default/yandex.pcapng.out | 2 +- test/results/flow-analyse/default/yojimbo.pcap.out | 2 +- .../flow-analyse/default/youtube_quic.pcap.out | 2 +- .../flow-analyse/default/youtubeupload.pcap.out | 2 +- test/results/flow-analyse/default/z3950.pcapng.out | 2 +- test/results/flow-analyse/default/zabbix.pcap.out | 2 +- test/results/flow-analyse/default/zattoo.pcap.out | 2 +- test/results/flow-analyse/default/zoom.pcap.out | 2 +- test/results/flow-analyse/default/zoom2.pcap.out | 2 +- .../flow-analyse/default/zoom_p2p.pcapng.out | 2 +- test/results/flow-analyse/default/zug.pcap.out | 2 +- .../disable_aggressiveness/ookla.pcap.out | 2 +- .../flow-analyse/disable_metadata/sip.pcap.out | 4 - .../tls_verylong_certificate.pcap.out | 4 - .../disable_metadata_and_flowrisks/sip.pcap.out | 4 + .../tls_verylong_certificate.pcap.out | 4 + .../disable_protocols/dns_long_domainname.pcap.out | 2 +- .../disable_protocols/pluralsight.pcap.out | 2 +- .../disable_protocols/quic-mvfst-27.pcapng.out | 2 +- .../flow-analyse/disable_protocols/soap.pcap.out | 2 +- .../disable_use_client_ip/bot.pcap.out | 2 +- .../disable_use_client_port/iphone.pcap.out | 2 +- .../dns_process_response_disable/dns.pcap.out | 2 +- .../dns.pcap.out | 2 +- .../enable_doh_heuristic/doh.pcapng.out | 2 +- .../enable_payload_stat/1kxun.pcap.out | 2 +- .../flow_risk_lists_disable/protonvpn.pcap.out | 2 +- test/results/flow-analyse/fpc/1kxun.pcap.out | 16 + .../flow-analyse/fpc/signal_videocall.pcapng.out | 4 + .../flow-analyse/fpc_disabled/teams.pcap.out | 6 +- .../guess_ip_before_port_enabled/1kxun.pcap.out | 2 +- .../flow-analyse/guessing_disable/webex.pcap.out | 6 +- .../http_process_response_disable/http.pcapng.out | 2 +- .../http_asymmetric.pcapng.out | 2 +- .../flow-analyse/ip_lists_disable/1kxun.pcap.out | 2 +- .../monitoring/signal_audiocall.pcapng.out | 5 + .../monitoring/signal_videocall.pcapng.out | 4 + .../signal_videocall_multiparty.pcapng.out | 4 + test/results/flow-analyse/monitoring/stun.pcap.out | 2 +- .../monitoring/stun_google_meet.pcapng.out | 2 +- .../flow-analyse/monitoring/stun_signal.pcapng.out | 2 +- .../monitoring/stun_wa_call.pcapng.out | 2 +- .../flow-analyse/monitoring/stun_zoom.pcapng.out | 2 +- .../results/flow-analyse/monitoring/teams.pcap.out | 6 +- .../monitoring/telegram_videocall.pcapng.out | 2 +- .../monitoring/telegram_videocall_2.pcapng.out | 5 + .../monitoring/telegram_voice.pcapng.out | 5 + .../openvpn_obfuscated.pcapng.out | 5 + .../signal_videocall.pcapng.out | 4 + .../stun_signal_tcp.pcapng.out | 4 + .../openvpn_obfuscated.pcapng.out | 2 +- .../tls_verylong_certificate.pcap.out | 2 +- .../stun_all_attributes_disabled/teams.pcap.out | 6 +- .../lru_ipv6_caches.pcapng.out | 2 +- .../stun_extra_dissection/stun_dtls_rtp.pcapng.out | 2 +- .../stun_dtls_rtp_unidir.pcapng.out | 2 +- .../stun_extra_dissection/stun_zoom.pcapng.out | 2 +- .../stun_wa_call.pcapng.out | 2 +- .../telegram_videocall.pcapng.out | 2 +- .../subclassification_disable/anydesk.pcapng.out | 2 +- .../subclassification_disable/dns.pcap.out | 2 +- .../subclassification_disable/http.pcapng.out | 2 +- .../quic-mvfst-27.pcapng.out | 2 +- .../subclassification_disable/tls_ech.pcapng.out | 2 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 2 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 2 +- .../tls_heur__vmess-tcp-tls.pcapng.out | 2 +- .../tls_heur__vmess-tcp.pcapng.out | 2 +- .../tls_heur__vmess-websocket.pcapng.out | 4 +- .../tls_verylong_certificate.pcap.out | 4 - .../tls_verylong_certificate.pcap.out | 4 - .../tls_verylong_certificate.pcap.out | 4 - .../zoom_extra_dissection/zoom.pcap.out | 2 +- .../zoom_extra_dissection/zoom2.pcap.out | 2 +- .../zoom_extra_dissection/zoom_p2p.pcapng.out | 2 +- test/results/flow-captured/default/1kxun.pcap.out | 10 - .../flow-captured/default/alexa-app.pcapng.out | 12 - .../results/flow-captured/default/android.pcap.out | 2 - .../flow-captured/default/bt-http.pcapng.out | 1 - test/results/flow-captured/default/dicom.pcap.out | 4 + .../default/dos_win98_smb_netbeui.pcap.out | 1 - .../default/fuzz-2006-06-26-2594.pcap.out | 2 - .../flow-captured/default/gnutella.pcap.out | 2 - test/results/flow-captured/default/hl7.pcap.out | 2 + .../flow-captured/default/mikrotik_mndp.pcap.out | 0 .../results/flow-captured/default/netbios.pcap.out | 2 - test/results/flow-captured/default/no_sni.pcap.out | 2 + .../default/portable_executable.pcap.out | 1 - .../flow-captured/default/quickplay.pcap.out | 1 - .../default/signal_audiocall.pcapng.out | 3 + .../default/signal_multiparty.pcapng.out | 1 + .../default/signal_videocall.pcapng.out | 3 + .../default/signal_videocall_multiparty.pcapng.out | 1 + .../default/stun_signal_tcp.pcapng.out | 0 .../flow-captured/default/telegram.pcap.out | 1 - .../default/telegram_videocall_2.pcapng.out | 1 + .../default/telegram_voice.pcapng.out | 4 + test/results/flow-captured/default/tor.pcap.out | 1 - .../results/flow-captured/default/vivox.pcapng.out | 0 test/results/flow-captured/default/waze.pcap.out | 7 - .../default/websocket-chisel-ssh.pcap.out | 1 + test/results/flow-captured/default/wechat.pcap.out | 2 - .../flow-captured/disable_metadata/sip.pcap.out | 1 - .../tls_verylong_certificate.pcap.out | 0 .../disable_metadata_and_flowrisks/sip.pcap.out | 1 + .../tls_verylong_certificate.pcap.out | 0 .../enable_payload_stat/1kxun.pcap.out | 10 - test/results/flow-captured/fpc/1kxun.pcap.out | 101 ++ .../flow-captured/fpc/signal_videocall.pcapng.out | 3 + .../guess_ip_before_port_enabled/1kxun.pcap.out | 10 - .../flow-captured/ip_lists_disable/1kxun.pcap.out | 10 - .../monitoring/signal_audiocall.pcapng.out | 3 + .../monitoring/signal_videocall.pcapng.out | 3 + .../signal_videocall_multiparty.pcapng.out | 1 + .../monitoring/telegram_videocall_2.pcapng.out | 1 + .../monitoring/telegram_voice.pcapng.out | 4 + .../openvpn_obfuscated.pcapng.out | 4 + .../signal_videocall.pcapng.out | 3 + .../stun_signal_tcp.pcapng.out | 0 .../tls_verylong_certificate.pcap.out | 0 .../tls_verylong_certificate.pcap.out | 0 .../tls_verylong_certificate.pcap.out | 0 test/results/flow-info/caches_cfg/teams.pcap.out | 136 +- .../results/flow-info/caches_global/teams.pcap.out | 154 +-- test/results/flow-info/default/1kxun.pcap.out | 36 +- test/results/flow-info/default/443-chrome.pcap.out | 2 +- test/results/flow-info/default/443-curl.pcap.out | 10 +- .../results/flow-info/default/443-firefox.pcap.out | 10 +- test/results/flow-info/default/443-safari.pcap.out | 10 +- test/results/flow-info/default/EAQ.pcap.out | 4 +- .../flow-info/default/KakaoTalk_chat.pcap.out | 2 +- .../flow-info/default/KakaoTalk_talk.pcap.out | 6 +- .../results/flow-info/default/alexa-app.pcapng.out | 32 +- test/results/flow-info/default/android.pcap.out | 4 - test/results/flow-info/default/bt-http.pcapng.out | 2 - test/results/flow-info/default/dicom.pcap.out | 18 + .../dnscrypt-v1-and-resolver-pings.pcap.out | 60 +- .../default/dos_win98_smb_netbeui.pcap.out | 4 - test/results/flow-info/default/emotet.pcap.out | 12 +- .../flow-info/default/encrypted_sni.pcap.out | 6 + test/results/flow-info/default/ethereum.pcap.out | 46 +- .../default/fuzz-2006-06-26-2594.pcap.out | 10 - .../default/fuzz-2006-09-29-28586.pcap.out | 2 +- test/results/flow-info/default/gnutella.pcap.out | 52 +- test/results/flow-info/default/hl7.pcap.out | 14 +- .../http_guessed_host_and_guessed.pcapng.out | 2 +- test/results/flow-info/default/http_ipv6.pcap.out | 32 +- test/results/flow-info/default/imaps.pcap.out | 8 +- .../default/log4j-webapp-exploit.pcap.out | 2 +- .../flow-info/default/mikrotik_mndp.pcap.out | 15 + test/results/flow-info/default/mpeg.pcap.out | 6 +- test/results/flow-info/default/netbios.pcap.out | 5 - test/results/flow-info/default/no_sni.pcap.out | 12 + test/results/flow-info/default/openvpn.pcap.out | 18 +- .../results/flow-info/default/opera-vpn.pcapng.out | 2 +- .../flow-info/default/path_of_exile.pcapng.out | 15 + test/results/flow-info/default/pinterest.pcap.out | 16 +- test/results/flow-info/default/pop3_stls.pcap.out | 6 +- .../flow-info/default/portable_executable.pcap.out | 4 +- ...h_out_of_order_same_packet_craziness.pcapng.out | 4 +- .../flow-info/default/quic_interop_V.pcapng.out | 16 +- test/results/flow-info/default/quickplay.pcap.out | 2 - test/results/flow-info/default/reddit.pcap.out | 2 +- .../flow-info/default/signal_audiocall.pcapng.out | 50 + .../flow-info/default/signal_multiparty.pcapng.out | 13 + .../flow-info/default/signal_videocall.pcapng.out | 33 + .../default/signal_videocall_multiparty.pcapng.out | 23 + test/results/flow-info/default/sites.pcapng.out | 8 +- test/results/flow-info/default/sites2.pcapng.out | 10 + .../default/skype-conference-call.pcap.out | 6 +- .../flow-info/default/smtp-starttls.pcap.out | 6 +- .../flow-info/default/starcraft_battle.pcap.out | 4 +- test/results/flow-info/default/stun.pcap.out | 12 +- .../default/stun_msteams_unidir.pcapng.out | 6 +- .../flow-info/default/stun_signal_tcp.pcapng.out | 18 + test/results/flow-info/default/synscan.pcap.out | 10 +- test/results/flow-info/default/tcp_scan.pcapng.out | 14 +- test/results/flow-info/default/teams.pcap.out | 154 +-- test/results/flow-info/default/telegram.pcap.out | 2 - .../default/telegram_videocall.pcapng.out | 2 +- .../default/telegram_videocall_2.pcapng.out | 63 + .../flow-info/default/telegram_voice.pcapng.out | 75 ++ .../flow-info/default/tls-esni-fuzzed.pcap.out | 8 +- .../default/tls_heur__vmess-websocket.pcapng.out | 6 +- .../flow-info/default/tls_invalid_reads.pcap.out | 4 +- test/results/flow-info/default/tor.pcap.out | 3 - test/results/flow-info/default/tunnelbear.pcap.out | 4 +- test/results/flow-info/default/vivox.pcapng.out | 12 + test/results/flow-info/default/waze.pcap.out | 18 +- test/results/flow-info/default/webex.pcap.out | 44 +- .../default/websocket-chisel-ssh.pcap.out | 16 + test/results/flow-info/default/wechat.pcap.out | 8 - .../flow-info/default/whatsapp_login_call.pcap.out | 14 +- test/results/flow-info/default/xiaomi.pcap.out | 4 +- test/results/flow-info/default/zoom.pcap.out | 8 +- .../flow-info/disable_metadata/sip.pcap.out | 56 - .../tls_verylong_certificate.pcap.out | 19 - .../disable_metadata_and_flowrisks/sip.pcap.out | 56 + .../tls_verylong_certificate.pcap.out | 19 + .../flow-info/enable_payload_stat/1kxun.pcap.out | 36 +- test/results/flow-info/fpc/1kxun.pcap.out | 870 +++++++++++++ .../flow-info/fpc/signal_videocall.pcapng.out | 33 + test/results/flow-info/fpc_disabled/teams.pcap.out | 154 +-- .../guess_ip_before_port_enabled/1kxun.pcap.out | 36 +- .../flow-info/guessing_disable/webex.pcap.out | 44 +- .../flow-info/ip_lists_disable/1kxun.pcap.out | 36 +- .../monitoring/signal_audiocall.pcapng.out | 50 + .../monitoring/signal_videocall.pcapng.out | 33 + .../signal_videocall_multiparty.pcapng.out | 23 + test/results/flow-info/monitoring/stun.pcap.out | 12 +- test/results/flow-info/monitoring/teams.pcap.out | 154 +-- .../monitoring/telegram_videocall.pcapng.out | 2 +- .../monitoring/telegram_videocall_2.pcapng.out | 63 + .../flow-info/monitoring/telegram_voice.pcapng.out | 75 ++ .../openvpn_obfuscated.pcapng.out | 38 + .../signal_videocall.pcapng.out | 33 + .../stun_signal_tcp.pcapng.out | 18 + .../stun_all_attributes_disabled/teams.pcap.out | 154 +-- .../telegram_videocall.pcapng.out | 2 +- .../tls_heur__vmess-websocket.pcapng.out | 6 +- .../tls_verylong_certificate.pcap.out | 19 - .../tls_verylong_certificate.pcap.out | 19 - .../tls_verylong_certificate.pcap.out | 19 - .../flow-info/zoom_extra_dissection/zoom.pcap.out | 8 +- .../flow_risk_lists_disable/protonvpn.pcap.out | 22 +- test/results/fpc/1kxun.pcap.out | 1318 ++++++++++++++++++++ test/results/fpc/signal_videocall.pcapng.out | 49 + test/results/fpc_disabled/teams.pcap.out | 236 ++-- .../guess_ip_before_port_enabled/1kxun.pcap.out | 76 +- test/results/guessing_disable/webex.pcap.out | 212 ++-- .../http_process_response_disable/http.pcapng.out | 12 +- .../http_asymmetric.pcapng.out | 12 +- test/results/influxd/caches_cfg/ookla.pcap.out | 4 +- test/results/influxd/caches_cfg/teams.pcap.out | 6 +- .../influxd/caches_global/bittorrent.pcap.out | 2 +- .../caches_global/lru_ipv6_caches.pcapng.out | 4 +- .../influxd/caches_global/mining.pcapng.out | 2 +- test/results/influxd/caches_global/ookla.pcap.out | 4 +- test/results/influxd/caches_global/teams.pcap.out | 6 +- .../influxd/caches_global/zoom_p2p.pcapng.out | 4 +- test/results/influxd/default/1kxun.pcap.out | 18 +- test/results/influxd/default/443-chrome.pcap.out | 4 +- test/results/influxd/default/443-curl.pcap.out | 4 +- test/results/influxd/default/443-firefox.pcap.out | 4 +- test/results/influxd/default/443-git.pcap.out | 4 +- test/results/influxd/default/443-opvn.pcap.out | 2 +- test/results/influxd/default/443-safari.pcap.out | 4 +- test/results/influxd/default/4in4tunnel.pcap.out | 2 +- test/results/influxd/default/4in6tunnel.pcap.out | 2 +- test/results/influxd/default/6in4tunnel.pcap.out | 2 +- test/results/influxd/default/6in6tunnel.pcap.out | 2 +- .../influxd/default/BGP_Cisco_hdlc_slarp.pcap.out | 2 +- test/results/influxd/default/BGP_redist.pcap.out | 2 +- test/results/influxd/default/EAQ.pcap.out | 8 +- .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 4 +- test/results/influxd/default/IEC104.pcap.out | 2 +- .../influxd/default/KakaoTalk_chat.pcap.out | 4 +- .../influxd/default/KakaoTalk_talk.pcap.out | 4 +- test/results/influxd/default/NTPv2.pcap.out | 2 +- test/results/influxd/default/NTPv3.pcap.out | 2 +- test/results/influxd/default/NTPv4.pcap.out | 2 +- test/results/influxd/default/Oscar.pcap.out | 2 +- test/results/influxd/default/TivoDVR.pcap.out | 2 +- test/results/influxd/default/WebattackRCE.pcap.out | 2 +- .../influxd/default/WebattackSQLinj.pcap.out | 2 +- test/results/influxd/default/WebattackXSS.pcap.out | 2 +- test/results/influxd/default/activision.pcap.out | 2 +- .../results/influxd/default/adult_content.pcap.out | 4 +- test/results/influxd/default/afp.pcap.out | 2 +- test/results/influxd/default/agora-sd-rtn.pcap.out | 2 +- test/results/influxd/default/ah.pcapng.out | 2 +- test/results/influxd/default/ajp.pcap.out | 2 +- test/results/influxd/default/alexa-app.pcapng.out | 10 +- test/results/influxd/default/alicloud.pcap.out | 2 +- test/results/influxd/default/among_us.pcap.out | 2 +- test/results/influxd/default/amqp.pcap.out | 2 +- test/results/influxd/default/android.pcap.out | 10 +- .../influxd/default/anyconnect-vpn.pcap.out | 4 +- test/results/influxd/default/anydesk.pcapng.out | 4 +- test/results/influxd/default/atg.pcap.out | 2 +- test/results/influxd/default/avast.pcap.out | 2 +- .../influxd/default/avast_securedns.pcapng.out | 2 +- test/results/influxd/default/bacnet.pcap.out | 2 +- .../influxd/default/bad-dns-traffic.pcap.out | 2 +- test/results/influxd/default/badpackets.pcap.out | 2 +- .../influxd/default/beckhoff_ads.pcapng.out | 2 +- test/results/influxd/default/bets.pcapng.out | 4 +- test/results/influxd/default/bfcp.pcapng.out | 2 +- test/results/influxd/default/bfd.pcap.out | 2 +- test/results/influxd/default/bitcoin.pcap.out | 2 +- test/results/influxd/default/bittorrent.pcap.out | 2 +- .../influxd/default/bittorrent_tcp_miss.pcapng.out | 2 +- .../influxd/default/bittorrent_utp.pcap.out | 2 +- test/results/influxd/default/bjnp.pcap.out | 2 +- test/results/influxd/default/bot.pcap.out | 2 +- test/results/influxd/default/bt-dns.pcap.out | 2 +- test/results/influxd/default/bt-http.pcapng.out | 10 +- test/results/influxd/default/bt_search.pcap.out | 2 +- test/results/influxd/default/c1222.pcapng.out | 2 +- test/results/influxd/default/cachefly.pcapng.out | 4 +- test/results/influxd/default/can.pcap.out | 2 +- test/results/influxd/default/capwap.pcap.out | 2 +- .../results/influxd/default/capwap_data.pcapng.out | 2 +- test/results/influxd/default/cassandra.pcap.out | 2 +- test/results/influxd/default/ceph.pcap.out | 2 +- test/results/influxd/default/check_mk_new.pcap.out | 2 +- test/results/influxd/default/chrome.pcap.out | 4 +- test/results/influxd/default/cip_io.pcap.out | 2 +- test/results/influxd/default/citrix.pcap.out | 2 +- .../influxd/default/cloudflare-warp.pcap.out | 4 +- test/results/influxd/default/cnp_ip.pcapng.out | 2 +- test/results/influxd/default/coap_mqtt.pcap.out | 2 +- test/results/influxd/default/codm.pcap.out | 4 +- test/results/influxd/default/collectd.pcap.out | 2 +- test/results/influxd/default/conncheck.pcap.out | 2 +- test/results/influxd/default/corba.pcap.out | 2 +- test/results/influxd/default/cpha.pcap.out | 2 +- .../default/crawler_false_positive.pcapng.out | 2 +- test/results/influxd/default/crynet.pcap.out | 2 +- .../influxd/default/custom_categories.pcapng.out | 2 +- .../influxd/default/custom_risk_mask.pcapng.out | 2 +- .../influxd/default/custom_rules_ipv6.pcapng.out | 2 +- .../custom_rules_same-ip_multiple_ports.pcapng.out | 2 +- test/results/influxd/default/dazn.pcapng.out | 4 +- test/results/influxd/default/dcerpc.pcap.out | 2 +- test/results/influxd/default/dhcp-fuzz.pcapng.out | 2 +- test/results/influxd/default/diameter.pcap.out | 2 +- test/results/influxd/default/dicom.pcap.out | 11 + test/results/influxd/default/dingtalk.pcap.out | 4 +- test/results/influxd/default/discord.pcap.out | 4 +- .../influxd/default/discord_mid_flow.pcap.out | 2 +- test/results/influxd/default/dlep.pcapng.out | 2 +- test/results/influxd/default/dlms.pcap.out | 2 +- test/results/influxd/default/dlt_ppp.pcap.out | 2 +- test/results/influxd/default/dnp3.pcap.out | 2 +- test/results/influxd/default/dns-exf.pcap.out | 2 +- .../influxd/default/dns-google-nsid.pcapng.out | 2 +- .../influxd/default/dns-invalid-chars.pcap.out | 2 +- .../influxd/default/dns-tunnel-iodine.pcap.out | 2 +- test/results/influxd/default/dns.pcap.out | 2 +- .../influxd/default/dns2tcp_tunnel.pcap.out | 4 +- .../influxd/default/dns_ambiguous_names.pcap.out | 2 +- test/results/influxd/default/dns_doh.pcap.out | 4 +- test/results/influxd/default/dns_dot.pcap.out | 4 +- .../influxd/default/dns_exfiltration.pcap.out | 2 +- .../influxd/default/dns_fragmented.pcap.out | 2 +- .../influxd/default/dns_invert_query.pcapng.out | 2 +- .../influxd/default/dns_long_domainname.pcap.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 4 +- .../influxd/default/dnscrypt-v2-doh.pcap.out | 4 +- test/results/influxd/default/dnscrypt-v2.pcap.out | 2 +- .../dnscrypt_skype_false_positive.pcapng.out | 2 +- test/results/influxd/default/doh.pcapng.out | 4 +- test/results/influxd/default/doq.pcapng.out | 4 +- .../results/influxd/default/doq_adguard.pcapng.out | 4 +- .../influxd/default/dos_win98_smb_netbeui.pcap.out | 10 +- test/results/influxd/default/dotenv.pcap.out | 2 +- test/results/influxd/default/drda_db2.pcap.out | 2 +- test/results/influxd/default/dropbox.pcap.out | 2 +- test/results/influxd/default/dtls.pcap.out | 4 +- test/results/influxd/default/dtls2.pcap.out | 4 +- .../influxd/default/dtls_certificate.pcapng.out | 4 +- .../default/dtls_certificate_fragments.pcap.out | 4 +- .../influxd/default/dtls_mid_sessions.pcapng.out | 2 +- .../influxd/default/dtls_old_version.pcapng.out | 2 +- .../dtls_session_id_and_coockie_both.pcap.out | 4 +- test/results/influxd/default/edonkey.pcap.out | 2 +- test/results/influxd/default/egd.pcapng.out | 2 +- .../results/influxd/default/elasticsearch.pcap.out | 2 +- test/results/influxd/default/elf.pcap.out | 2 +- test/results/influxd/default/emotet.pcap.out | 4 +- .../results/influxd/default/encrypted_sni.pcap.out | 10 +- test/results/influxd/default/epicgames.pcapng.out | 2 +- test/results/influxd/default/esp.pcapng.out | 2 +- test/results/influxd/default/ethereum.pcap.out | 4 +- test/results/influxd/default/ethernetIP.pcap.out | 2 +- test/results/influxd/default/ethersbus.pcap.out | 2 +- test/results/influxd/default/ethersio.pcap.out | 2 +- test/results/influxd/default/exe_download.pcap.out | 2 +- .../influxd/default/exe_download_as_png.pcap.out | 2 +- test/results/influxd/default/facebook.pcap.out | 4 +- .../influxd/default/false_positives.pcapng.out | 4 +- test/results/influxd/default/fastcgi.pcap.out | 2 +- test/results/influxd/default/fins.pcap.out | 2 +- test/results/influxd/default/firefox.pcap.out | 4 +- test/results/influxd/default/fix.pcap.out | 2 +- test/results/influxd/default/fix2.pcap.out | 2 +- test/results/influxd/default/flute.pcapng.out | 2 +- test/results/influxd/default/forticlient.pcap.out | 4 +- .../results/influxd/default/ftp-start-tls.pcap.out | 2 +- test/results/influxd/default/ftp.pcap.out | 2 +- test/results/influxd/default/ftp_failed.pcap.out | 2 +- .../influxd/default/fuzz-2006-06-26-2594.pcap.out | 10 +- .../influxd/default/fuzz-2006-09-29-28586.pcap.out | 4 +- .../influxd/default/fuzz-2020-02-16-11740.pcap.out | 2 +- .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out | 2 +- .../influxd/default/fuzz-2021-10-13.pcap.out | 2 +- .../influxd/default/gaijin_mobile_mixed.pcap.out | 4 +- .../influxd/default/gaijin_warthunder.pcap.out | 2 +- test/results/influxd/default/gearman.pcap.out | 2 +- test/results/influxd/default/geforcenow.pcapng.out | 4 +- .../influxd/default/genshin-impact.pcap.out | 2 +- test/results/influxd/default/git.pcap.out | 2 +- test/results/influxd/default/gnutella.pcap.out | 10 +- .../results/influxd/default/google_chat.pcapng.out | 4 +- .../results/influxd/default/google_meet.pcapng.out | 4 +- test/results/influxd/default/google_ssl.pcap.out | 2 +- .../influxd/default/googledns_android10.pcap.out | 4 +- test/results/influxd/default/gquic.pcap.out | 4 +- .../default/gquic_only_from_server.pcap.out | 2 +- test/results/influxd/default/gre.pcapng.out | 2 +- test/results/influxd/default/gtp_c.pcap.out | 2 +- .../influxd/default/gtp_false_positive.pcapng.out | 2 +- test/results/influxd/default/gtp_prime.pcapng.out | 2 +- .../results/influxd/default/h323-overflow.pcap.out | 2 +- test/results/influxd/default/h323.pcap.out | 2 +- test/results/influxd/default/haproxy.pcap.out | 2 +- test/results/influxd/default/hart_ip.pcap.out | 2 +- .../default/heuristic_tcp_ack_payload.pcap.out | 2 +- test/results/influxd/default/hislip.pcap.out | 2 +- test/results/influxd/default/hl7.pcap.out | 22 +- test/results/influxd/default/hls.pcapng.out | 2 +- test/results/influxd/default/hots.pcapng.out | 2 +- test/results/influxd/default/hpvirtgrp.pcap.out | 2 +- test/results/influxd/default/hsrp0.pcap.out | 2 +- test/results/influxd/default/hsrp2.pcap.out | 2 +- test/results/influxd/default/hsrp2_ipv6.pcapng.out | 2 +- .../influxd/default/http-basic-auth.pcap.out | 2 +- .../http-crash-content-disposition.pcap.out | 2 +- .../influxd/default/http-lines-split.pcap.out | 2 +- .../influxd/default/http-manipulated.pcap.out | 2 +- test/results/influxd/default/http-proxy.pcapng.out | 2 +- test/results/influxd/default/http-pwd.pcapng.out | 2 +- test/results/influxd/default/http.pcapng.out | 2 +- test/results/influxd/default/http2.pcapng.out | 2 +- .../influxd/default/http_asymmetric.pcapng.out | 2 +- test/results/influxd/default/http_auth.pcap.out | 2 +- test/results/influxd/default/http_connect.pcap.out | 4 +- .../http_guessed_host_and_guessed.pcapng.out | 4 +- .../influxd/default/http_invalid_server.pcap.out | 2 +- test/results/influxd/default/http_ipv6.pcap.out | 4 +- .../influxd/default/http_on_sip_port.pcap.out | 2 +- .../http_origin_different_than_host.pcap.out | 2 +- .../default/http_starting_with_reply.pcapng.out | 2 +- .../http_ua_splitted_in_two_pkts.pcapng.out | 2 +- test/results/influxd/default/i3d.pcap.out | 2 +- test/results/influxd/default/iax.pcap.out | 2 +- test/results/influxd/default/icmp-tunnel.pcap.out | 2 +- .../influxd/default/iec60780-5-104.pcap.out | 2 +- test/results/influxd/default/ieee_c37118.pcap.out | 2 +- .../results/influxd/default/imap-starttls.pcap.out | 2 +- test/results/influxd/default/imap.pcap.out | 2 +- test/results/influxd/default/imaps.pcap.out | 4 +- test/results/influxd/default/imo.pcap.out | 2 +- test/results/influxd/default/instagram.pcap.out | 4 +- .../influxd/default/ip_fragmented_garbage.pcap.out | 2 +- test/results/influxd/default/iphone.pcap.out | 4 +- test/results/influxd/default/ipp.pcap.out | 2 +- .../influxd/default/ipsec_isakmp_esp.pcap.out | 2 +- test/results/influxd/default/ipv6_in_gtp.pcap.out | 2 +- test/results/influxd/default/iqiyi.pcap.out | 2 +- test/results/influxd/default/irc.pcap.out | 2 +- .../results/influxd/default/iso9506-1-mms.pcap.out | 2 +- .../default/ja3_lots_of_cipher_suites.pcap.out | 2 +- .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 2 +- test/results/influxd/default/jabber.pcap.out | 2 +- test/results/influxd/default/jrmi.pcap.out | 2 +- test/results/influxd/default/jsonrpc.pcap.out | 2 +- test/results/influxd/default/kafka.pcapng.out | 2 +- test/results/influxd/default/kcp.pcap.out | 2 +- .../influxd/default/kerberos-error.pcap.out | 2 +- .../influxd/default/kerberos-login.pcap.out | 2 +- test/results/influxd/default/kerberos.pcap.out | 2 +- .../influxd/default/kerberos_fuzz.pcapng.out | 2 +- test/results/influxd/default/kismet.pcap.out | 2 +- test/results/influxd/default/knxip.pcapng.out | 2 +- test/results/influxd/default/ldp.pcap.out | 2 +- test/results/influxd/default/line.pcap.out | 4 +- .../influxd/default/linecall_falsepositve.pcap.out | 2 +- .../influxd/default/lisp_registration.pcap.out | 2 +- .../influxd/default/log4j-webapp-exploit.pcap.out | 4 +- .../influxd/default/lol_wild_rift_udp.pcap.out | 2 +- .../influxd/default/long_tls_certificate.pcap.out | 4 +- .../influxd/default/lru_ipv6_caches.pcapng.out | 4 +- test/results/influxd/default/lustre.pcapng.out | 2 +- .../results/influxd/default/malformed_dns.pcap.out | 2 +- .../influxd/default/malformed_icmp.pcap.out | 2 +- test/results/influxd/default/malware.pcap.out | 4 +- test/results/influxd/default/memcached.cap.out | 2 +- .../results/influxd/default/merakicloud.pcapng.out | 2 +- test/results/influxd/default/mgcp.pcap.out | 2 +- .../results/influxd/default/mikrotik_mndp.pcap.out | 11 + test/results/influxd/default/mining.pcapng.out | 2 +- test/results/influxd/default/modbus.pcap.out | 2 +- test/results/influxd/default/monero.pcap.out | 2 +- .../default/mongo_false_positive.pcapng.out | 2 +- test/results/influxd/default/mongodb.pcap.out | 2 +- test/results/influxd/default/mpeg-dash.pcap.out | 2 +- test/results/influxd/default/mpeg.pcap.out | 4 +- test/results/influxd/default/mpegts.pcap.out | 2 +- test/results/influxd/default/mqtt.pcap.out | 2 +- test/results/influxd/default/mssql_tds.pcap.out | 2 +- test/results/influxd/default/mullvad_dns.pcap.out | 2 +- .../influxd/default/mullvad_wireguard.pcap.out | 2 +- test/results/influxd/default/mumble.pcapng.out | 4 +- test/results/influxd/default/munin.pcap.out | 2 +- test/results/influxd/default/mysql.pcapng.out | 2 +- test/results/influxd/default/nano.pcapng.out | 2 +- test/results/influxd/default/natpmp.pcap.out | 2 +- test/results/influxd/default/nats.pcap.out | 2 +- test/results/influxd/default/naver.pcap.out | 4 +- ...ndpi_match_string_subprotocol__error.pcapng.out | 2 +- .../results/influxd/default/nest_log_sink.pcap.out | 2 +- test/results/influxd/default/netbios.pcap.out | 10 +- .../default/netbios_wildcard_dns_query.pcap.out | 2 +- .../influxd/default/netease_games.pcapng.out | 4 +- test/results/influxd/default/netflix.pcap.out | 4 +- .../results/influxd/default/netflow-fritz.pcap.out | 2 +- test/results/influxd/default/netflowv9.pcap.out | 2 +- test/results/influxd/default/nfsv2.pcap.out | 2 +- test/results/influxd/default/nfsv3.pcap.out | 2 +- test/results/influxd/default/nintendo.pcap.out | 4 +- test/results/influxd/default/nntp.pcap.out | 2 +- test/results/influxd/default/no_sni.pcap.out | 10 +- test/results/influxd/default/nomachine.pcapng.out | 2 +- test/results/influxd/default/ocs.pcap.out | 4 +- test/results/influxd/default/ocsp.pcapng.out | 2 +- test/results/influxd/default/oicq.pcap.out | 2 +- test/results/influxd/default/ookla.pcap.out | 4 +- test/results/influxd/default/opc-ua.pcap.out | 2 +- test/results/influxd/default/openflow.pcap.out | 2 +- .../influxd/default/openvpn-tlscrypt.pcap.out | 2 +- test/results/influxd/default/openvpn.pcap.out | 4 +- .../influxd/default/openvpn_nohmac.pcapng.out | 2 +- .../influxd/default/openvpn_nohmac_tcp.pcapng.out | 2 +- .../influxd/default/openvpn_obfuscated.pcapng.out | 2 +- test/results/influxd/default/openwire.pcapng.out | 2 +- test/results/influxd/default/opera-vpn.pcapng.out | 4 +- test/results/influxd/default/oracle12.pcapng.out | 2 +- .../results/influxd/default/os_detected.pcapng.out | 4 +- .../influxd/default/ospfv2_add_new_prefix.pcap.out | 2 +- .../default/ossfuzz_seed_fake_traces_1.pcapng.out | 2 +- .../default/ossfuzz_seed_fake_traces_2.pcapng.out | 2 +- .../default/ossfuzz_seed_fake_traces_3.pcapng.out | 2 +- .../default/ossfuzz_seed_fake_traces_4.pcapng.out | 2 +- test/results/influxd/default/paltalk.pcapng.out | 4 +- .../influxd/default/path_of_exile.pcapng.out | 18 +- test/results/influxd/default/pfcp.pcapng.out | 2 +- test/results/influxd/default/pgm.pcap.out | 2 +- test/results/influxd/default/pgsql.pcap.out | 2 +- test/results/influxd/default/pgsql2.pcapng.out | 2 +- test/results/influxd/default/pia.pcap.out | 4 +- test/results/influxd/default/pim.pcap.out | 2 +- test/results/influxd/default/pinterest.pcap.out | 4 +- test/results/influxd/default/pluralsight.pcap.out | 4 +- test/results/influxd/default/pop3.pcap.out | 2 +- test/results/influxd/default/pop3_stls.pcap.out | 6 +- test/results/influxd/default/pops.pcapng.out | 2 +- .../influxd/default/portable_executable.pcap.out | 8 +- test/results/influxd/default/pptp.pcap.out | 2 +- .../influxd/default/profinet-io-le.pcap.out | 2 +- test/results/influxd/default/protobuf.pcap.out | 2 +- test/results/influxd/default/protonvpn.pcap.out | 4 +- test/results/influxd/default/psiphon3.pcap.out | 4 +- test/results/influxd/default/ptpv2.pcap.out | 2 +- test/results/influxd/default/punycode-idn.pcap.out | 2 +- test/results/influxd/default/quic-23.pcap.out | 4 +- test/results/influxd/default/quic-24.pcap.out | 4 +- test/results/influxd/default/quic-27.pcap.out | 4 +- test/results/influxd/default/quic-28.pcap.out | 4 +- test/results/influxd/default/quic-29.pcap.out | 4 +- test/results/influxd/default/quic-33.pcapng.out | 4 +- test/results/influxd/default/quic-34.pcap.out | 4 +- .../default/quic-forcing-vn-with-data.pcapng.out | 4 +- .../influxd/default/quic-fuzz-overflow.pcapng.out | 2 +- .../results/influxd/default/quic-mvfst-22.pcap.out | 4 +- .../quic-mvfst-22_decryption_error.pcap.out | 2 +- .../influxd/default/quic-mvfst-27.pcapng.out | 4 +- .../influxd/default/quic-mvfst-exp.pcap.out | 4 +- test/results/influxd/default/quic-v2.pcapng.out | 4 +- test/results/influxd/default/quic.pcap.out | 4 +- test/results/influxd/default/quic046.pcap.out | 4 +- test/results/influxd/default/quic_0RTT.pcap.out | 4 +- .../results/influxd/default/quic_cc_ack.pcapng.out | 2 +- .../default/quic_crypto_aes_auth_size.pcap.out | 4 +- .../quic_frags_ch_in_multiple_packets.pcapng.out | 4 +- ...h_out_of_order_same_packet_craziness.pcapng.out | 4 +- .../default/quic_frags_different_dcid.pcapng.out | 4 +- .../influxd/default/quic_interop_V.pcapng.out | 4 +- test/results/influxd/default/quic_q39.pcap.out | 4 +- test/results/influxd/default/quic_q43.pcap.out | 2 +- test/results/influxd/default/quic_q46.pcap.out | 4 +- test/results/influxd/default/quic_q46_b.pcap.out | 4 +- test/results/influxd/default/quic_q50.pcap.out | 4 +- test/results/influxd/default/quic_sh.pcap.out | 2 +- test/results/influxd/default/quic_t50.pcap.out | 4 +- test/results/influxd/default/quic_t51.pcap.out | 4 +- test/results/influxd/default/quickplay.pcap.out | 10 +- .../default/radius_false_positive.pcapng.out | 2 +- test/results/influxd/default/radmin3.pcapng.out | 2 +- test/results/influxd/default/raft.pcap.out | 2 +- test/results/influxd/default/raknet.pcap.out | 2 +- test/results/influxd/default/rdp.pcap.out | 2 +- test/results/influxd/default/rdp2.pcap.out | 2 +- test/results/influxd/default/rdp3.pcap.out | 2 +- test/results/influxd/default/rdp_over_tls.pcap.out | 4 +- .../influxd/default/reasm_crash_anon.pcapng.out | 2 +- .../influxd/default/reasm_segv_anon.pcapng.out | 2 +- test/results/influxd/default/reddit.pcap.out | 4 +- test/results/influxd/default/resp.pcap.out | 2 +- test/results/influxd/default/riot.pcapng.out | 4 +- test/results/influxd/default/riotgames.pcap.out | 2 +- test/results/influxd/default/ripe_atlas.pcap.out | 2 +- test/results/influxd/default/rmcp.pcap.out | 2 +- test/results/influxd/default/roblox.pcapng.out | 4 +- test/results/influxd/default/roughtime.pcap.out | 2 +- .../default/rsh-syslog-false-positive.pcap.out | 2 +- test/results/influxd/default/rsh.pcap.out | 2 +- test/results/influxd/default/rsync.pcap.out | 2 +- ...tcp_multiple_pkts_in_the_same_datagram.pcap.out | 2 +- test/results/influxd/default/rtmp.pcap.out | 2 +- test/results/influxd/default/rtp.pcapng.out | 4 +- test/results/influxd/default/rtps.pcap.out | 2 +- test/results/influxd/default/rtsp.pcap.out | 2 +- .../influxd/default/rtsp_setup_http.pcapng.out | 2 +- test/results/influxd/default/rx.pcap.out | 2 +- test/results/influxd/default/s7comm-plus.pcap.out | 2 +- test/results/influxd/default/s7comm.pcap.out | 2 +- test/results/influxd/default/safari.pcap.out | 4 +- test/results/influxd/default/salesforce.pcap.out | 4 +- .../default/sccp_hw_conf_register.pcapng.out | 2 +- test/results/influxd/default/sctp.cap.out | 2 +- test/results/influxd/default/selfsigned.pcap.out | 4 +- test/results/influxd/default/sflow.pcap.out | 2 +- test/results/influxd/default/shadowsocks.pcap.out | 2 +- test/results/influxd/default/shell.pcap.out | 2 +- test/results/influxd/default/signal.pcap.out | 4 +- .../influxd/default/signal_audiocall.pcapng.out | 11 + .../influxd/default/signal_multiparty.pcapng.out | 11 + .../influxd/default/signal_videocall.pcapng.out | 11 + .../default/signal_videocall_multiparty.pcapng.out | 11 + .../influxd/default/simple-dnscrypt.pcap.out | 4 +- test/results/influxd/default/sip.pcap.out | 4 +- test/results/influxd/default/sip_hello.pcapng.out | 4 +- test/results/influxd/default/sites.pcapng.out | 6 +- test/results/influxd/default/sites2.pcapng.out | 18 +- test/results/influxd/default/skinny.pcap.out | 4 +- .../influxd/default/skype-conference-call.pcap.out | 4 +- .../influxd/default/smb_deletefile.pcap.out | 2 +- test/results/influxd/default/smb_frags.pcap.out | 2 +- test/results/influxd/default/smbv1.pcap.out | 2 +- .../influxd/default/smpp_in_general.pcap.out | 2 +- .../results/influxd/default/smtp-starttls.pcap.out | 8 +- test/results/influxd/default/smtp.pcap.out | 2 +- test/results/influxd/default/smtps.pcapng.out | 2 +- test/results/influxd/default/snapchat.pcap.out | 4 +- .../influxd/default/snapchat_call.pcapng.out | 2 +- .../influxd/default/snapchat_call_v1.pcapng.out | 4 +- test/results/influxd/default/snmp.pcap.out | 2 +- test/results/influxd/default/soap.pcap.out | 2 +- test/results/influxd/default/socks.pcap.out | 2 +- test/results/influxd/default/softether.pcap.out | 2 +- test/results/influxd/default/someip-tp.pcap.out | 2 +- .../default/someip-udp-method-call.pcapng.out | 2 +- .../influxd/default/someip_sd_sample.pcap.out | 2 +- test/results/influxd/default/sonos.pcapng.out | 4 +- .../results/influxd/default/source_engine.pcap.out | 2 +- test/results/influxd/default/spotify_tcp.pcap.out | 2 +- .../results/influxd/default/sql_injection.pcap.out | 2 +- test/results/influxd/default/srvloc-v1.pcapng.out | 2 +- test/results/influxd/default/srvloc.pcap.out | 2 +- .../influxd/default/ssdp-m-search-ua.pcap.out | 2 +- .../results/influxd/default/ssdp-m-search.pcap.out | 2 +- test/results/influxd/default/ssh.pcap.out | 2 +- .../influxd/default/ssh_unidirectional.pcap.out | 2 +- .../default/ssl-cert-name-mismatch.pcap.out | 4 +- .../influxd/default/starcraft_battle.pcap.out | 4 +- test/results/influxd/default/steam.pcapng.out | 4 +- test/results/influxd/default/stomp.pcapng.out | 2 +- test/results/influxd/default/stun.pcap.out | 4 +- test/results/influxd/default/stun_classic.pcap.out | 4 +- .../influxd/default/stun_dtls_rtp.pcapng.out | 4 +- .../default/stun_dtls_rtp_unidir.pcapng.out | 4 +- .../stun_dtls_unidirectional_client.pcap.out | 4 +- .../stun_dtls_unidirectional_server.pcap.out | 4 +- .../influxd/default/stun_google_meet.pcapng.out | 4 +- .../influxd/default/stun_msteams_unidir.pcapng.out | 4 +- .../results/influxd/default/stun_signal.pcapng.out | 4 +- .../influxd/default/stun_signal_tcp.pcapng.out | 11 + .../stun_tcp_multiple_msgs_same_pkt.pcap.out | 4 +- .../influxd/default/stun_wa_call.pcapng.out | 4 +- test/results/influxd/default/stun_zoom.pcapng.out | 4 +- test/results/influxd/default/syncthing.pcap.out | 2 +- test/results/influxd/default/synscan.pcap.out | 4 +- test/results/influxd/default/syslog.pcap.out | 2 +- test/results/influxd/default/tailscale.pcap.out | 2 +- .../targusdataspeed_false_positives.pcap.out | 2 +- test/results/influxd/default/tcp_scan.pcapng.out | 4 +- test/results/influxd/default/teams.pcap.out | 6 +- test/results/influxd/default/teamspeak3.pcap.out | 2 +- test/results/influxd/default/teamviewer.pcap.out | 2 +- test/results/influxd/default/telegram.pcap.out | 10 +- .../influxd/default/telegram_videocall.pcapng.out | 4 +- .../default/telegram_videocall_2.pcapng.out | 11 + .../influxd/default/telegram_voice.pcapng.out | 11 + test/results/influxd/default/telnet.pcap.out | 2 +- .../results/influxd/default/tencent_games.pcap.out | 2 +- test/results/influxd/default/teredo.pcap.out | 2 +- test/results/influxd/default/teso.pcapng.out | 2 +- test/results/influxd/default/tftp.pcap.out | 2 +- test/results/influxd/default/threema.pcap.out | 2 +- test/results/influxd/default/thrift.pcap.out | 2 +- test/results/influxd/default/tinc.pcap.out | 2 +- test/results/influxd/default/tk.pcap.out | 2 +- test/results/influxd/default/tls-appdata.pcap.out | 2 +- .../influxd/default/tls-esni-fuzzed.pcap.out | 10 +- .../influxd/default/tls-rdn-extract.pcap.out | 4 +- .../tls_1.2_unidirectional_client.pcapng.out | 4 +- ...ls_1.2_unidirectional_client_no_cert.pcapng.out | 4 +- .../tls_1.2_unidirectional_server.pcapng.out | 4 +- ...ls_1.2_unidirectional_server_no_cert.pcapng.out | 4 +- .../tls_1.3_unidirectional_client.pcapng.out | 4 +- .../tls_1.3_unidirectional_server.pcapng.out | 4 +- .../influxd/default/tls_2_reasms.pcapng.out | 4 +- .../influxd/default/tls_2_reasms_b.pcapng.out | 4 +- test/results/influxd/default/tls_alert.pcap.out | 4 +- .../default/tls_certificate_too_long.pcap.out | 4 +- .../influxd/default/tls_change_cipher.pcap.out | 2 +- .../influxd/default/tls_cipher_lens.pcap.out | 4 +- ..._certificate_with_missing_server_one.pcapng.out | 4 +- test/results/influxd/default/tls_ech.pcapng.out | 4 +- .../influxd/default/tls_esni_sni_both.pcap.out | 4 +- .../influxd/default/tls_false_positives.pcapng.out | 2 +- .../default/tls_heur__shadowsocks-tcp.pcapng.out | 4 +- .../default/tls_heur__trojan-tcp-tls.pcapng.out | 4 +- .../default/tls_heur__vmess-tcp-tls.pcapng.out | 4 +- .../influxd/default/tls_heur__vmess-tcp.pcapng.out | 4 +- .../default/tls_heur__vmess-websocket.pcapng.out | 4 +- .../influxd/default/tls_invalid_reads.pcap.out | 8 +- .../results/influxd/default/tls_long_cert.pcap.out | 4 +- .../influxd/default/tls_malicious_sha1.pcapng.out | 4 +- .../influxd/default/tls_missing_ch_frag.pcap.out | 4 +- .../tls_multiple_synack_different_seq.pcapng.out | 4 +- .../results/influxd/default/tls_port_80.pcapng.out | 4 +- .../results/influxd/default/tls_torrent.pcapng.out | 4 +- .../influxd/default/tls_unidirectional.pcap.out | 2 +- .../default/tls_verylong_certificate.pcap.out | 4 +- .../influxd/default/tls_with_huge_ch.pcapng.out | 4 +- test/results/influxd/default/toca-boca.pcap.out | 2 +- test/results/influxd/default/tor.pcap.out | 10 +- test/results/influxd/default/tplink_shp.pcap.out | 2 +- test/results/influxd/default/trdp.pcapng.out | 2 +- test/results/influxd/default/trickbot.pcap.out | 2 +- test/results/influxd/default/tumblr.pcap.out | 4 +- test/results/influxd/default/tunnelbear.pcap.out | 4 +- test/results/influxd/default/tuya_lp.pcap.out | 2 +- test/results/influxd/default/ubntac2.pcap.out | 2 +- test/results/influxd/default/uftp_v4_v5.pcap.out | 2 +- test/results/influxd/default/ultrasurf.pcap.out | 4 +- test/results/influxd/default/umas.pcap.out | 2 +- test/results/influxd/default/upnp.pcap.out | 2 +- test/results/influxd/default/viber.pcap.out | 4 +- test/results/influxd/default/vivox.pcapng.out | 11 + test/results/influxd/default/vk.pcapng.out | 4 +- test/results/influxd/default/vnc.pcap.out | 2 +- test/results/influxd/default/vrrp3.pcapng.out | 2 +- test/results/influxd/default/vxlan.pcap.out | 2 +- test/results/influxd/default/wa_video.pcap.out | 4 +- test/results/influxd/default/wa_voice.pcap.out | 4 +- test/results/influxd/default/waze.pcap.out | 10 +- test/results/influxd/default/webdav.pcap.out | 2 +- test/results/influxd/default/webex.pcap.out | 8 +- .../influxd/default/websocket-chisel-ssh.pcap.out | 11 + test/results/influxd/default/websocket.pcap.out | 2 +- test/results/influxd/default/wechat.pcap.out | 10 +- test/results/influxd/default/weibo.pcap.out | 4 +- test/results/influxd/default/whatsapp.pcap.out | 2 +- .../influxd/default/whatsapp_login_call.pcap.out | 8 +- .../influxd/default/whatsapp_login_chat.pcap.out | 2 +- .../default/whatsapp_voice_and_message.pcap.out | 4 +- .../results/influxd/default/whatsappfiles.pcap.out | 4 +- test/results/influxd/default/whois.pcapng.out | 4 +- .../default/windowsupdate_over_http.pcap.out | 2 +- test/results/influxd/default/windscribe.pcapng.out | 4 +- test/results/influxd/default/wireguard.pcap.out | 2 +- test/results/influxd/default/wow.pcap.out | 2 +- test/results/influxd/default/xdmcp.pcap.out | 2 +- test/results/influxd/default/xiaomi.pcap.out | 8 +- test/results/influxd/default/xss.pcap.out | 2 +- test/results/influxd/default/yandex.pcapng.out | 4 +- test/results/influxd/default/yojimbo.pcap.out | 2 +- test/results/influxd/default/youtube_quic.pcap.out | 4 +- .../results/influxd/default/youtubeupload.pcap.out | 4 +- test/results/influxd/default/z3950.pcapng.out | 2 +- test/results/influxd/default/zabbix.pcap.out | 2 +- test/results/influxd/default/zattoo.pcap.out | 4 +- test/results/influxd/default/zoom.pcap.out | 4 +- test/results/influxd/default/zoom2.pcap.out | 4 +- test/results/influxd/default/zoom_p2p.pcapng.out | 4 +- test/results/influxd/default/zug.pcap.out | 2 +- .../influxd/disable_aggressiveness/ookla.pcap.out | 4 +- test/results/influxd/disable_metadata/sip.pcap.out | 11 - .../tls_verylong_certificate.pcap.out | 11 - .../disable_metadata_and_flowrisks/sip.pcap.out | 11 + .../tls_verylong_certificate.pcap.out | 11 + .../disable_protocols/dns_long_domainname.pcap.out | 2 +- .../influxd/disable_protocols/pluralsight.pcap.out | 4 +- .../disable_protocols/quic-mvfst-27.pcapng.out | 4 +- .../influxd/disable_protocols/soap.pcap.out | 2 +- .../influxd/disable_use_client_ip/bot.pcap.out | 2 +- .../disable_use_client_port/iphone.pcap.out | 4 +- .../dns_process_response_disable/dns.pcap.out | 2 +- .../dns.pcap.out | 2 +- .../influxd/enable_doh_heuristic/doh.pcapng.out | 4 +- .../influxd/enable_payload_stat/1kxun.pcap.out | 18 +- .../flow_risk_lists_disable/protonvpn.pcap.out | 4 +- test/results/influxd/fpc/1kxun.pcap.out | 11 + .../influxd/fpc/signal_videocall.pcapng.out | 11 + test/results/influxd/fpc_disabled/teams.pcap.out | 6 +- .../guess_ip_before_port_enabled/1kxun.pcap.out | 18 +- .../influxd/guessing_disable/webex.pcap.out | 8 +- .../http_process_response_disable/http.pcapng.out | 2 +- .../http_asymmetric.pcapng.out | 2 +- .../influxd/ip_lists_disable/1kxun.pcap.out | 18 +- .../influxd/monitoring/signal_audiocall.pcapng.out | 11 + .../influxd/monitoring/signal_videocall.pcapng.out | 11 + .../signal_videocall_multiparty.pcapng.out | 11 + test/results/influxd/monitoring/stun.pcap.out | 4 +- .../influxd/monitoring/stun_google_meet.pcapng.out | 4 +- .../influxd/monitoring/stun_signal.pcapng.out | 4 +- .../influxd/monitoring/stun_wa_call.pcapng.out | 4 +- .../influxd/monitoring/stun_zoom.pcapng.out | 4 +- test/results/influxd/monitoring/teams.pcap.out | 6 +- .../monitoring/telegram_videocall.pcapng.out | 4 +- .../monitoring/telegram_videocall_2.pcapng.out | 11 + .../influxd/monitoring/telegram_voice.pcapng.out | 11 + .../openvpn_obfuscated.pcapng.out | 11 + .../signal_videocall.pcapng.out | 11 + .../stun_signal_tcp.pcapng.out | 11 + .../openvpn_obfuscated.pcapng.out | 2 +- .../tls_verylong_certificate.pcap.out | 4 +- .../stun_all_attributes_disabled/teams.pcap.out | 6 +- .../lru_ipv6_caches.pcapng.out | 4 +- .../stun_extra_dissection/stun_dtls_rtp.pcapng.out | 4 +- .../stun_dtls_rtp_unidir.pcapng.out | 4 +- .../stun_extra_dissection/stun_zoom.pcapng.out | 4 +- .../stun_wa_call.pcapng.out | 4 +- .../telegram_videocall.pcapng.out | 4 +- .../subclassification_disable/anydesk.pcapng.out | 4 +- .../influxd/subclassification_disable/dns.pcap.out | 2 +- .../subclassification_disable/http.pcapng.out | 2 +- .../quic-mvfst-27.pcapng.out | 4 +- .../subclassification_disable/tls_ech.pcapng.out | 4 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 4 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 4 +- .../tls_heur__vmess-tcp-tls.pcapng.out | 4 +- .../tls_heur__vmess-tcp.pcapng.out | 4 +- .../tls_heur__vmess-websocket.pcapng.out | 4 +- .../tls_verylong_certificate.pcap.out | 11 - .../tls_verylong_certificate.pcap.out | 11 - .../tls_verylong_certificate.pcap.out | 11 - .../influxd/zoom_extra_dissection/zoom.pcap.out | 4 +- .../influxd/zoom_extra_dissection/zoom2.pcap.out | 4 +- .../zoom_extra_dissection/zoom_p2p.pcapng.out | 4 +- test/results/ip_lists_disable/1kxun.pcap.out | 76 +- .../results/monitoring/signal_audiocall.pcapng.out | 59 + .../results/monitoring/signal_videocall.pcapng.out | 49 + .../signal_videocall_multiparty.pcapng.out | 29 + test/results/monitoring/stun.pcap.out | 70 +- .../results/monitoring/stun_google_meet.pcapng.out | 40 +- test/results/monitoring/stun_signal.pcapng.out | 114 +- test/results/monitoring/stun_wa_call.pcapng.out | 80 +- test/results/monitoring/stun_zoom.pcapng.out | 34 +- test/results/monitoring/teams.pcap.out | 236 ++-- .../monitoring/telegram_videocall.pcapng.out | 74 +- .../monitoring/telegram_videocall_2.pcapng.out | 80 ++ test/results/monitoring/telegram_voice.pcapng.out | 97 ++ .../openvpn_obfuscated.pcapng.out | 45 + .../signal_videocall.pcapng.out | 49 + .../stun_signal_tcp.pcapng.out | 28 + .../openvpn_obfuscated.pcapng.out | 14 +- .../tls_verylong_certificate.pcap.out | 22 +- test/results/stats/caches_cfg/ookla.pcap.out | 3 +- test/results/stats/caches_cfg/teams.pcap.out | 11 +- .../stats/caches_global/bittorrent.pcap.out | 1 + .../stats/caches_global/lru_ipv6_caches.pcapng.out | 3 +- test/results/stats/caches_global/mining.pcapng.out | 1 + test/results/stats/caches_global/ookla.pcap.out | 3 +- test/results/stats/caches_global/teams.pcap.out | 11 +- .../stats/caches_global/zoom_p2p.pcapng.out | 3 +- test/results/stats/default/1kxun.pcap.out | 25 +- test/results/stats/default/443-chrome.pcap.out | 3 +- test/results/stats/default/443-curl.pcap.out | 3 +- test/results/stats/default/443-firefox.pcap.out | 3 +- test/results/stats/default/443-git.pcap.out | 3 +- test/results/stats/default/443-opvn.pcap.out | 1 + test/results/stats/default/443-safari.pcap.out | 3 +- test/results/stats/default/4in4tunnel.pcap.out | 1 + test/results/stats/default/4in6tunnel.pcap.out | 1 + test/results/stats/default/6in4tunnel.pcap.out | 1 + test/results/stats/default/6in6tunnel.pcap.out | 1 + .../stats/default/BGP_Cisco_hdlc_slarp.pcap.out | 1 + test/results/stats/default/BGP_redist.pcap.out | 1 + test/results/stats/default/EAQ.pcap.out | 7 +- .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 3 +- test/results/stats/default/IEC104.pcap.out | 1 + test/results/stats/default/KakaoTalk_chat.pcap.out | 3 +- test/results/stats/default/KakaoTalk_talk.pcap.out | 3 +- test/results/stats/default/NTPv2.pcap.out | 1 + test/results/stats/default/NTPv3.pcap.out | 1 + test/results/stats/default/NTPv4.pcap.out | 1 + test/results/stats/default/Oscar.pcap.out | 1 + test/results/stats/default/TivoDVR.pcap.out | 1 + test/results/stats/default/WebattackRCE.pcap.out | 1 + .../results/stats/default/WebattackSQLinj.pcap.out | 1 + test/results/stats/default/WebattackXSS.pcap.out | 1 + test/results/stats/default/activision.pcap.out | 1 + test/results/stats/default/adult_content.pcap.out | 3 +- test/results/stats/default/afp.pcap.out | 1 + test/results/stats/default/agora-sd-rtn.pcap.out | 1 + test/results/stats/default/ah.pcapng.out | 1 + test/results/stats/default/ajp.pcap.out | 1 + test/results/stats/default/alexa-app.pcapng.out | 9 +- test/results/stats/default/alicloud.pcap.out | 1 + test/results/stats/default/among_us.pcap.out | 1 + test/results/stats/default/amqp.pcap.out | 1 + test/results/stats/default/android.pcap.out | 9 +- test/results/stats/default/anyconnect-vpn.pcap.out | 3 +- test/results/stats/default/anydesk.pcapng.out | 3 +- test/results/stats/default/atg.pcap.out | 1 + test/results/stats/default/avast.pcap.out | 1 + .../stats/default/avast_securedns.pcapng.out | 1 + test/results/stats/default/bacnet.pcap.out | 1 + .../results/stats/default/bad-dns-traffic.pcap.out | 1 + test/results/stats/default/badpackets.pcap.out | 1 + test/results/stats/default/beckhoff_ads.pcapng.out | 1 + test/results/stats/default/bets.pcapng.out | 3 +- test/results/stats/default/bfcp.pcapng.out | 1 + test/results/stats/default/bfd.pcap.out | 1 + test/results/stats/default/bitcoin.pcap.out | 1 + test/results/stats/default/bittorrent.pcap.out | 1 + .../stats/default/bittorrent_tcp_miss.pcapng.out | 1 + test/results/stats/default/bittorrent_utp.pcap.out | 1 + test/results/stats/default/bjnp.pcap.out | 1 + test/results/stats/default/bot.pcap.out | 1 + test/results/stats/default/bt-dns.pcap.out | 1 + test/results/stats/default/bt-http.pcapng.out | 9 +- test/results/stats/default/bt_search.pcap.out | 1 + test/results/stats/default/c1222.pcapng.out | 1 + test/results/stats/default/cachefly.pcapng.out | 3 +- test/results/stats/default/can.pcap.out | 1 + test/results/stats/default/capwap.pcap.out | 1 + test/results/stats/default/capwap_data.pcapng.out | 1 + test/results/stats/default/cassandra.pcap.out | 1 + test/results/stats/default/ceph.pcap.out | 1 + test/results/stats/default/check_mk_new.pcap.out | 1 + test/results/stats/default/chrome.pcap.out | 3 +- test/results/stats/default/cip_io.pcap.out | 1 + test/results/stats/default/citrix.pcap.out | 1 + .../results/stats/default/cloudflare-warp.pcap.out | 3 +- test/results/stats/default/cnp_ip.pcapng.out | 1 + test/results/stats/default/coap_mqtt.pcap.out | 1 + test/results/stats/default/codm.pcap.out | 3 +- test/results/stats/default/collectd.pcap.out | 1 + test/results/stats/default/conncheck.pcap.out | 1 + test/results/stats/default/corba.pcap.out | 1 + test/results/stats/default/cpha.pcap.out | 1 + .../default/crawler_false_positive.pcapng.out | 1 + test/results/stats/default/crynet.pcap.out | 1 + .../stats/default/custom_categories.pcapng.out | 1 + .../stats/default/custom_risk_mask.pcapng.out | 1 + .../stats/default/custom_rules_ipv6.pcapng.out | 1 + .../custom_rules_same-ip_multiple_ports.pcapng.out | 1 + test/results/stats/default/dazn.pcapng.out | 3 +- test/results/stats/default/dcerpc.pcap.out | 1 + test/results/stats/default/dhcp-fuzz.pcapng.out | 1 + test/results/stats/default/diameter.pcap.out | 1 + test/results/stats/default/dicom.pcap.out | 172 +++ test/results/stats/default/dingtalk.pcap.out | 3 +- test/results/stats/default/discord.pcap.out | 3 +- .../stats/default/discord_mid_flow.pcap.out | 1 + test/results/stats/default/dlep.pcapng.out | 1 + test/results/stats/default/dlms.pcap.out | 1 + test/results/stats/default/dlt_ppp.pcap.out | 1 + test/results/stats/default/dnp3.pcap.out | 1 + test/results/stats/default/dns-exf.pcap.out | 1 + .../stats/default/dns-google-nsid.pcapng.out | 1 + .../stats/default/dns-invalid-chars.pcap.out | 1 + .../stats/default/dns-tunnel-iodine.pcap.out | 1 + test/results/stats/default/dns.pcap.out | 1 + test/results/stats/default/dns2tcp_tunnel.pcap.out | 3 +- .../stats/default/dns_ambiguous_names.pcap.out | 1 + test/results/stats/default/dns_doh.pcap.out | 3 +- test/results/stats/default/dns_dot.pcap.out | 3 +- .../stats/default/dns_exfiltration.pcap.out | 1 + test/results/stats/default/dns_fragmented.pcap.out | 1 + .../stats/default/dns_invert_query.pcapng.out | 1 + .../stats/default/dns_long_domainname.pcap.out | 1 + .../dnscrypt-v1-and-resolver-pings.pcap.out | 3 +- .../results/stats/default/dnscrypt-v2-doh.pcap.out | 3 +- test/results/stats/default/dnscrypt-v2.pcap.out | 1 + .../dnscrypt_skype_false_positive.pcapng.out | 1 + test/results/stats/default/doh.pcapng.out | 3 +- test/results/stats/default/doq.pcapng.out | 3 +- test/results/stats/default/doq_adguard.pcapng.out | 3 +- .../stats/default/dos_win98_smb_netbeui.pcap.out | 9 +- test/results/stats/default/dotenv.pcap.out | 1 + test/results/stats/default/drda_db2.pcap.out | 1 + test/results/stats/default/dropbox.pcap.out | 1 + test/results/stats/default/dtls.pcap.out | 3 +- test/results/stats/default/dtls2.pcap.out | 3 +- .../stats/default/dtls_certificate.pcapng.out | 3 +- .../default/dtls_certificate_fragments.pcap.out | 3 +- .../stats/default/dtls_mid_sessions.pcapng.out | 1 + .../stats/default/dtls_old_version.pcapng.out | 1 + .../dtls_session_id_and_coockie_both.pcap.out | 3 +- test/results/stats/default/edonkey.pcap.out | 1 + test/results/stats/default/egd.pcapng.out | 1 + test/results/stats/default/elasticsearch.pcap.out | 1 + test/results/stats/default/elf.pcap.out | 1 + test/results/stats/default/emotet.pcap.out | 3 +- test/results/stats/default/encrypted_sni.pcap.out | 13 +- test/results/stats/default/epicgames.pcapng.out | 1 + test/results/stats/default/esp.pcapng.out | 1 + test/results/stats/default/ethereum.pcap.out | 3 +- test/results/stats/default/ethernetIP.pcap.out | 1 + test/results/stats/default/ethersbus.pcap.out | 1 + test/results/stats/default/ethersio.pcap.out | 1 + test/results/stats/default/exe_download.pcap.out | 1 + .../stats/default/exe_download_as_png.pcap.out | 1 + test/results/stats/default/facebook.pcap.out | 3 +- .../stats/default/false_positives.pcapng.out | 3 +- test/results/stats/default/fastcgi.pcap.out | 1 + test/results/stats/default/fins.pcap.out | 1 + test/results/stats/default/firefox.pcap.out | 3 +- test/results/stats/default/fix.pcap.out | 1 + test/results/stats/default/fix2.pcap.out | 1 + test/results/stats/default/flute.pcapng.out | 1 + test/results/stats/default/forticlient.pcap.out | 3 +- test/results/stats/default/ftp-start-tls.pcap.out | 1 + test/results/stats/default/ftp.pcap.out | 1 + test/results/stats/default/ftp_failed.pcap.out | 1 + .../stats/default/fuzz-2006-06-26-2594.pcap.out | 9 +- .../stats/default/fuzz-2006-09-29-28586.pcap.out | 3 +- .../stats/default/fuzz-2020-02-16-11740.pcap.out | 1 + .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out | 1 + .../results/stats/default/fuzz-2021-10-13.pcap.out | 1 + .../stats/default/gaijin_mobile_mixed.pcap.out | 3 +- .../stats/default/gaijin_warthunder.pcap.out | 1 + test/results/stats/default/gearman.pcap.out | 1 + test/results/stats/default/geforcenow.pcapng.out | 3 +- test/results/stats/default/genshin-impact.pcap.out | 1 + test/results/stats/default/git.pcap.out | 1 + test/results/stats/default/gnutella.pcap.out | 15 +- test/results/stats/default/google_chat.pcapng.out | 3 +- test/results/stats/default/google_meet.pcapng.out | 3 +- test/results/stats/default/google_ssl.pcap.out | 1 + .../stats/default/googledns_android10.pcap.out | 3 +- test/results/stats/default/gquic.pcap.out | 3 +- .../stats/default/gquic_only_from_server.pcap.out | 1 + test/results/stats/default/gre.pcapng.out | 1 + test/results/stats/default/gtp_c.pcap.out | 1 + .../stats/default/gtp_false_positive.pcapng.out | 1 + test/results/stats/default/gtp_prime.pcapng.out | 1 + test/results/stats/default/h323-overflow.pcap.out | 1 + test/results/stats/default/h323.pcap.out | 1 + test/results/stats/default/haproxy.pcap.out | 1 + test/results/stats/default/hart_ip.pcap.out | 1 + .../default/heuristic_tcp_ack_payload.pcap.out | 1 + test/results/stats/default/hislip.pcap.out | 1 + test/results/stats/default/hl7.pcap.out | 37 +- test/results/stats/default/hls.pcapng.out | 1 + test/results/stats/default/hots.pcapng.out | 1 + test/results/stats/default/hpvirtgrp.pcap.out | 1 + test/results/stats/default/hsrp0.pcap.out | 1 + test/results/stats/default/hsrp2.pcap.out | 1 + test/results/stats/default/hsrp2_ipv6.pcapng.out | 1 + .../results/stats/default/http-basic-auth.pcap.out | 1 + .../http-crash-content-disposition.pcap.out | 1 + .../stats/default/http-lines-split.pcap.out | 1 + .../stats/default/http-manipulated.pcap.out | 1 + test/results/stats/default/http-proxy.pcapng.out | 1 + test/results/stats/default/http-pwd.pcapng.out | 1 + test/results/stats/default/http.pcapng.out | 1 + test/results/stats/default/http2.pcapng.out | 1 + .../stats/default/http_asymmetric.pcapng.out | 1 + test/results/stats/default/http_auth.pcap.out | 1 + test/results/stats/default/http_connect.pcap.out | 3 +- .../http_guessed_host_and_guessed.pcapng.out | 3 +- .../stats/default/http_invalid_server.pcap.out | 1 + test/results/stats/default/http_ipv6.pcap.out | 3 +- .../stats/default/http_on_sip_port.pcap.out | 1 + .../http_origin_different_than_host.pcap.out | 1 + .../default/http_starting_with_reply.pcapng.out | 1 + .../http_ua_splitted_in_two_pkts.pcapng.out | 1 + test/results/stats/default/i3d.pcap.out | 1 + test/results/stats/default/iax.pcap.out | 1 + test/results/stats/default/icmp-tunnel.pcap.out | 1 + test/results/stats/default/iec60780-5-104.pcap.out | 1 + test/results/stats/default/ieee_c37118.pcap.out | 1 + test/results/stats/default/imap-starttls.pcap.out | 1 + test/results/stats/default/imap.pcap.out | 1 + test/results/stats/default/imaps.pcap.out | 3 +- test/results/stats/default/imo.pcap.out | 1 + test/results/stats/default/instagram.pcap.out | 3 +- .../stats/default/ip_fragmented_garbage.pcap.out | 1 + test/results/stats/default/iphone.pcap.out | 3 +- test/results/stats/default/ipp.pcap.out | 1 + .../stats/default/ipsec_isakmp_esp.pcap.out | 1 + test/results/stats/default/ipv6_in_gtp.pcap.out | 1 + test/results/stats/default/iqiyi.pcap.out | 1 + test/results/stats/default/irc.pcap.out | 1 + test/results/stats/default/iso9506-1-mms.pcap.out | 1 + .../default/ja3_lots_of_cipher_suites.pcap.out | 1 + .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 1 + test/results/stats/default/jabber.pcap.out | 1 + test/results/stats/default/jrmi.pcap.out | 1 + test/results/stats/default/jsonrpc.pcap.out | 1 + test/results/stats/default/kafka.pcapng.out | 1 + test/results/stats/default/kcp.pcap.out | 1 + test/results/stats/default/kerberos-error.pcap.out | 1 + test/results/stats/default/kerberos-login.pcap.out | 1 + test/results/stats/default/kerberos.pcap.out | 1 + .../results/stats/default/kerberos_fuzz.pcapng.out | 1 + test/results/stats/default/kismet.pcap.out | 1 + test/results/stats/default/knxip.pcapng.out | 1 + test/results/stats/default/ldp.pcap.out | 1 + test/results/stats/default/line.pcap.out | 3 +- .../stats/default/linecall_falsepositve.pcap.out | 1 + .../stats/default/lisp_registration.pcap.out | 1 + .../stats/default/log4j-webapp-exploit.pcap.out | 3 +- .../stats/default/lol_wild_rift_udp.pcap.out | 1 + .../stats/default/long_tls_certificate.pcap.out | 3 +- .../stats/default/lru_ipv6_caches.pcapng.out | 3 +- test/results/stats/default/lustre.pcapng.out | 1 + test/results/stats/default/malformed_dns.pcap.out | 1 + test/results/stats/default/malformed_icmp.pcap.out | 1 + test/results/stats/default/malware.pcap.out | 3 +- test/results/stats/default/memcached.cap.out | 1 + test/results/stats/default/merakicloud.pcapng.out | 1 + test/results/stats/default/mgcp.pcap.out | 1 + test/results/stats/default/mikrotik_mndp.pcap.out | 172 +++ test/results/stats/default/mining.pcapng.out | 1 + test/results/stats/default/modbus.pcap.out | 1 + test/results/stats/default/monero.pcap.out | 1 + .../stats/default/mongo_false_positive.pcapng.out | 1 + test/results/stats/default/mongodb.pcap.out | 1 + test/results/stats/default/mpeg-dash.pcap.out | 1 + test/results/stats/default/mpeg.pcap.out | 3 +- test/results/stats/default/mpegts.pcap.out | 1 + test/results/stats/default/mqtt.pcap.out | 1 + test/results/stats/default/mssql_tds.pcap.out | 1 + test/results/stats/default/mullvad_dns.pcap.out | 1 + .../stats/default/mullvad_wireguard.pcap.out | 1 + test/results/stats/default/mumble.pcapng.out | 3 +- test/results/stats/default/munin.pcap.out | 1 + test/results/stats/default/mysql.pcapng.out | 1 + test/results/stats/default/nano.pcapng.out | 1 + test/results/stats/default/natpmp.pcap.out | 1 + test/results/stats/default/nats.pcap.out | 1 + test/results/stats/default/naver.pcap.out | 3 +- ...ndpi_match_string_subprotocol__error.pcapng.out | 1 + test/results/stats/default/nest_log_sink.pcap.out | 1 + test/results/stats/default/netbios.pcap.out | 9 +- .../default/netbios_wildcard_dns_query.pcap.out | 1 + .../results/stats/default/netease_games.pcapng.out | 3 +- test/results/stats/default/netflix.pcap.out | 3 +- test/results/stats/default/netflow-fritz.pcap.out | 1 + test/results/stats/default/netflowv9.pcap.out | 1 + test/results/stats/default/nfsv2.pcap.out | 1 + test/results/stats/default/nfsv3.pcap.out | 1 + test/results/stats/default/nintendo.pcap.out | 3 +- test/results/stats/default/nntp.pcap.out | 1 + test/results/stats/default/no_sni.pcap.out | 13 +- test/results/stats/default/nomachine.pcapng.out | 1 + test/results/stats/default/ocs.pcap.out | 3 +- test/results/stats/default/ocsp.pcapng.out | 1 + test/results/stats/default/oicq.pcap.out | 1 + test/results/stats/default/ookla.pcap.out | 3 +- test/results/stats/default/opc-ua.pcap.out | 1 + test/results/stats/default/openflow.pcap.out | 1 + .../stats/default/openvpn-tlscrypt.pcap.out | 1 + test/results/stats/default/openvpn.pcap.out | 3 +- .../stats/default/openvpn_nohmac.pcapng.out | 1 + .../stats/default/openvpn_nohmac_tcp.pcapng.out | 1 + .../stats/default/openvpn_obfuscated.pcapng.out | 1 + test/results/stats/default/openwire.pcapng.out | 1 + test/results/stats/default/opera-vpn.pcapng.out | 3 +- test/results/stats/default/oracle12.pcapng.out | 1 + test/results/stats/default/os_detected.pcapng.out | 3 +- .../stats/default/ospfv2_add_new_prefix.pcap.out | 1 + .../default/ossfuzz_seed_fake_traces_1.pcapng.out | 1 + .../default/ossfuzz_seed_fake_traces_2.pcapng.out | 1 + .../default/ossfuzz_seed_fake_traces_3.pcapng.out | 1 + .../default/ossfuzz_seed_fake_traces_4.pcapng.out | 1 + test/results/stats/default/paltalk.pcapng.out | 3 +- .../results/stats/default/path_of_exile.pcapng.out | 31 +- test/results/stats/default/pfcp.pcapng.out | 1 + test/results/stats/default/pgm.pcap.out | 1 + test/results/stats/default/pgsql.pcap.out | 1 + test/results/stats/default/pgsql2.pcapng.out | 1 + test/results/stats/default/pia.pcap.out | 3 +- test/results/stats/default/pim.pcap.out | 1 + test/results/stats/default/pinterest.pcap.out | 3 +- test/results/stats/default/pluralsight.pcap.out | 3 +- test/results/stats/default/pop3.pcap.out | 1 + test/results/stats/default/pop3_stls.pcap.out | 7 +- test/results/stats/default/pops.pcapng.out | 1 + .../stats/default/portable_executable.pcap.out | 11 +- test/results/stats/default/pptp.pcap.out | 1 + test/results/stats/default/profinet-io-le.pcap.out | 1 + test/results/stats/default/protobuf.pcap.out | 1 + test/results/stats/default/protonvpn.pcap.out | 3 +- test/results/stats/default/psiphon3.pcap.out | 3 +- test/results/stats/default/ptpv2.pcap.out | 1 + test/results/stats/default/punycode-idn.pcap.out | 1 + test/results/stats/default/quic-23.pcap.out | 3 +- test/results/stats/default/quic-24.pcap.out | 3 +- test/results/stats/default/quic-27.pcap.out | 3 +- test/results/stats/default/quic-28.pcap.out | 3 +- test/results/stats/default/quic-29.pcap.out | 3 +- test/results/stats/default/quic-33.pcapng.out | 3 +- test/results/stats/default/quic-34.pcap.out | 3 +- .../default/quic-forcing-vn-with-data.pcapng.out | 3 +- .../stats/default/quic-fuzz-overflow.pcapng.out | 1 + test/results/stats/default/quic-mvfst-22.pcap.out | 3 +- .../quic-mvfst-22_decryption_error.pcap.out | 1 + .../results/stats/default/quic-mvfst-27.pcapng.out | 3 +- test/results/stats/default/quic-mvfst-exp.pcap.out | 3 +- test/results/stats/default/quic-v2.pcapng.out | 3 +- test/results/stats/default/quic.pcap.out | 3 +- test/results/stats/default/quic046.pcap.out | 3 +- test/results/stats/default/quic_0RTT.pcap.out | 3 +- test/results/stats/default/quic_cc_ack.pcapng.out | 1 + .../default/quic_crypto_aes_auth_size.pcap.out | 3 +- .../quic_frags_ch_in_multiple_packets.pcapng.out | 3 +- ...h_out_of_order_same_packet_craziness.pcapng.out | 3 +- .../default/quic_frags_different_dcid.pcapng.out | 3 +- .../stats/default/quic_interop_V.pcapng.out | 3 +- test/results/stats/default/quic_q39.pcap.out | 3 +- test/results/stats/default/quic_q43.pcap.out | 1 + test/results/stats/default/quic_q46.pcap.out | 3 +- test/results/stats/default/quic_q46_b.pcap.out | 3 +- test/results/stats/default/quic_q50.pcap.out | 3 +- test/results/stats/default/quic_sh.pcap.out | 1 + test/results/stats/default/quic_t50.pcap.out | 3 +- test/results/stats/default/quic_t51.pcap.out | 3 +- test/results/stats/default/quickplay.pcap.out | 9 +- .../stats/default/radius_false_positive.pcapng.out | 1 + test/results/stats/default/radmin3.pcapng.out | 1 + test/results/stats/default/raft.pcap.out | 1 + test/results/stats/default/raknet.pcap.out | 1 + test/results/stats/default/rdp.pcap.out | 1 + test/results/stats/default/rdp2.pcap.out | 1 + test/results/stats/default/rdp3.pcap.out | 1 + test/results/stats/default/rdp_over_tls.pcap.out | 3 +- .../stats/default/reasm_crash_anon.pcapng.out | 1 + .../stats/default/reasm_segv_anon.pcapng.out | 1 + test/results/stats/default/reddit.pcap.out | 3 +- test/results/stats/default/resp.pcap.out | 1 + test/results/stats/default/riot.pcapng.out | 3 +- test/results/stats/default/riotgames.pcap.out | 1 + test/results/stats/default/ripe_atlas.pcap.out | 1 + test/results/stats/default/rmcp.pcap.out | 1 + test/results/stats/default/roblox.pcapng.out | 3 +- test/results/stats/default/roughtime.pcap.out | 1 + .../default/rsh-syslog-false-positive.pcap.out | 1 + test/results/stats/default/rsh.pcap.out | 1 + test/results/stats/default/rsync.pcap.out | 1 + ...tcp_multiple_pkts_in_the_same_datagram.pcap.out | 1 + test/results/stats/default/rtmp.pcap.out | 1 + test/results/stats/default/rtp.pcapng.out | 3 +- test/results/stats/default/rtps.pcap.out | 1 + test/results/stats/default/rtsp.pcap.out | 1 + .../stats/default/rtsp_setup_http.pcapng.out | 1 + test/results/stats/default/rx.pcap.out | 1 + test/results/stats/default/s7comm-plus.pcap.out | 1 + test/results/stats/default/s7comm.pcap.out | 1 + test/results/stats/default/safari.pcap.out | 3 +- test/results/stats/default/salesforce.pcap.out | 3 +- .../stats/default/sccp_hw_conf_register.pcapng.out | 1 + test/results/stats/default/sctp.cap.out | 1 + test/results/stats/default/selfsigned.pcap.out | 3 +- test/results/stats/default/sflow.pcap.out | 1 + test/results/stats/default/shadowsocks.pcap.out | 1 + test/results/stats/default/shell.pcap.out | 1 + test/results/stats/default/signal.pcap.out | 3 +- .../stats/default/signal_audiocall.pcapng.out | 172 +++ .../stats/default/signal_multiparty.pcapng.out | 172 +++ .../stats/default/signal_videocall.pcapng.out | 172 +++ .../default/signal_videocall_multiparty.pcapng.out | 172 +++ .../results/stats/default/simple-dnscrypt.pcap.out | 3 +- test/results/stats/default/sip.pcap.out | 3 +- test/results/stats/default/sip_hello.pcapng.out | 3 +- test/results/stats/default/sites.pcapng.out | 11 +- test/results/stats/default/sites2.pcapng.out | 39 +- test/results/stats/default/skinny.pcap.out | 3 +- .../stats/default/skype-conference-call.pcap.out | 3 +- test/results/stats/default/smb_deletefile.pcap.out | 1 + test/results/stats/default/smb_frags.pcap.out | 1 + test/results/stats/default/smbv1.pcap.out | 1 + .../results/stats/default/smpp_in_general.pcap.out | 1 + test/results/stats/default/smtp-starttls.pcap.out | 7 +- test/results/stats/default/smtp.pcap.out | 1 + test/results/stats/default/smtps.pcapng.out | 1 + test/results/stats/default/snapchat.pcap.out | 3 +- .../results/stats/default/snapchat_call.pcapng.out | 1 + .../stats/default/snapchat_call_v1.pcapng.out | 3 +- test/results/stats/default/snmp.pcap.out | 1 + test/results/stats/default/soap.pcap.out | 1 + test/results/stats/default/socks.pcap.out | 1 + test/results/stats/default/softether.pcap.out | 1 + test/results/stats/default/someip-tp.pcap.out | 1 + .../default/someip-udp-method-call.pcapng.out | 1 + .../stats/default/someip_sd_sample.pcap.out | 1 + test/results/stats/default/sonos.pcapng.out | 3 +- test/results/stats/default/source_engine.pcap.out | 1 + test/results/stats/default/spotify_tcp.pcap.out | 1 + test/results/stats/default/sql_injection.pcap.out | 1 + test/results/stats/default/srvloc-v1.pcapng.out | 1 + test/results/stats/default/srvloc.pcap.out | 1 + .../stats/default/ssdp-m-search-ua.pcap.out | 1 + test/results/stats/default/ssdp-m-search.pcap.out | 1 + test/results/stats/default/ssh.pcap.out | 1 + .../stats/default/ssh_unidirectional.pcap.out | 1 + .../stats/default/ssl-cert-name-mismatch.pcap.out | 3 +- .../stats/default/starcraft_battle.pcap.out | 3 +- test/results/stats/default/steam.pcapng.out | 3 +- test/results/stats/default/stomp.pcapng.out | 1 + test/results/stats/default/stun.pcap.out | 3 +- test/results/stats/default/stun_classic.pcap.out | 3 +- .../results/stats/default/stun_dtls_rtp.pcapng.out | 3 +- .../stats/default/stun_dtls_rtp_unidir.pcapng.out | 3 +- .../stun_dtls_unidirectional_client.pcap.out | 3 +- .../stun_dtls_unidirectional_server.pcap.out | 3 +- .../stats/default/stun_google_meet.pcapng.out | 3 +- .../stats/default/stun_msteams_unidir.pcapng.out | 3 +- test/results/stats/default/stun_signal.pcapng.out | 3 +- .../stats/default/stun_signal_tcp.pcapng.out | 172 +++ .../stun_tcp_multiple_msgs_same_pkt.pcap.out | 3 +- test/results/stats/default/stun_wa_call.pcapng.out | 3 +- test/results/stats/default/stun_zoom.pcapng.out | 3 +- test/results/stats/default/syncthing.pcap.out | 1 + test/results/stats/default/synscan.pcap.out | 3 +- test/results/stats/default/syslog.pcap.out | 1 + test/results/stats/default/tailscale.pcap.out | 1 + .../targusdataspeed_false_positives.pcap.out | 1 + test/results/stats/default/tcp_scan.pcapng.out | 3 +- test/results/stats/default/teams.pcap.out | 11 +- test/results/stats/default/teamspeak3.pcap.out | 1 + test/results/stats/default/teamviewer.pcap.out | 1 + test/results/stats/default/telegram.pcap.out | 9 +- .../stats/default/telegram_videocall.pcapng.out | 3 +- .../stats/default/telegram_videocall_2.pcapng.out | 172 +++ .../stats/default/telegram_voice.pcapng.out | 172 +++ test/results/stats/default/telnet.pcap.out | 1 + test/results/stats/default/tencent_games.pcap.out | 1 + test/results/stats/default/teredo.pcap.out | 1 + test/results/stats/default/teso.pcapng.out | 1 + test/results/stats/default/tftp.pcap.out | 1 + test/results/stats/default/threema.pcap.out | 1 + test/results/stats/default/thrift.pcap.out | 1 + test/results/stats/default/tinc.pcap.out | 1 + test/results/stats/default/tk.pcap.out | 1 + test/results/stats/default/tls-appdata.pcap.out | 1 + .../results/stats/default/tls-esni-fuzzed.pcap.out | 13 +- .../results/stats/default/tls-rdn-extract.pcap.out | 3 +- .../tls_1.2_unidirectional_client.pcapng.out | 3 +- ...ls_1.2_unidirectional_client_no_cert.pcapng.out | 3 +- .../tls_1.2_unidirectional_server.pcapng.out | 3 +- ...ls_1.2_unidirectional_server_no_cert.pcapng.out | 3 +- .../tls_1.3_unidirectional_client.pcapng.out | 3 +- .../tls_1.3_unidirectional_server.pcapng.out | 3 +- test/results/stats/default/tls_2_reasms.pcapng.out | 3 +- .../stats/default/tls_2_reasms_b.pcapng.out | 3 +- test/results/stats/default/tls_alert.pcap.out | 3 +- .../default/tls_certificate_too_long.pcap.out | 3 +- .../stats/default/tls_change_cipher.pcap.out | 1 + .../results/stats/default/tls_cipher_lens.pcap.out | 3 +- ..._certificate_with_missing_server_one.pcapng.out | 3 +- test/results/stats/default/tls_ech.pcapng.out | 3 +- .../stats/default/tls_esni_sni_both.pcap.out | 3 +- .../stats/default/tls_false_positives.pcapng.out | 1 + .../default/tls_heur__shadowsocks-tcp.pcapng.out | 3 +- .../default/tls_heur__trojan-tcp-tls.pcapng.out | 3 +- .../default/tls_heur__vmess-tcp-tls.pcapng.out | 3 +- .../stats/default/tls_heur__vmess-tcp.pcapng.out | 3 +- .../default/tls_heur__vmess-websocket.pcapng.out | 3 +- .../stats/default/tls_invalid_reads.pcap.out | 7 +- test/results/stats/default/tls_long_cert.pcap.out | 3 +- .../stats/default/tls_malicious_sha1.pcapng.out | 3 +- .../stats/default/tls_missing_ch_frag.pcap.out | 3 +- .../tls_multiple_synack_different_seq.pcapng.out | 3 +- test/results/stats/default/tls_port_80.pcapng.out | 3 +- test/results/stats/default/tls_torrent.pcapng.out | 3 +- .../stats/default/tls_unidirectional.pcap.out | 1 + .../default/tls_verylong_certificate.pcap.out | 3 +- .../stats/default/tls_with_huge_ch.pcapng.out | 3 +- test/results/stats/default/toca-boca.pcap.out | 1 + test/results/stats/default/tor.pcap.out | 9 +- test/results/stats/default/tplink_shp.pcap.out | 1 + test/results/stats/default/trdp.pcapng.out | 1 + test/results/stats/default/trickbot.pcap.out | 1 + test/results/stats/default/tumblr.pcap.out | 3 +- test/results/stats/default/tunnelbear.pcap.out | 3 +- test/results/stats/default/tuya_lp.pcap.out | 1 + test/results/stats/default/ubntac2.pcap.out | 1 + test/results/stats/default/uftp_v4_v5.pcap.out | 1 + test/results/stats/default/ultrasurf.pcap.out | 3 +- test/results/stats/default/umas.pcap.out | 1 + test/results/stats/default/upnp.pcap.out | 1 + test/results/stats/default/viber.pcap.out | 3 +- test/results/stats/default/vivox.pcapng.out | 172 +++ test/results/stats/default/vk.pcapng.out | 3 +- test/results/stats/default/vnc.pcap.out | 1 + test/results/stats/default/vrrp3.pcapng.out | 1 + test/results/stats/default/vxlan.pcap.out | 1 + test/results/stats/default/wa_video.pcap.out | 3 +- test/results/stats/default/wa_voice.pcap.out | 3 +- test/results/stats/default/waze.pcap.out | 13 +- test/results/stats/default/webdav.pcap.out | 1 + test/results/stats/default/webex.pcap.out | 7 +- .../stats/default/websocket-chisel-ssh.pcap.out | 172 +++ test/results/stats/default/websocket.pcap.out | 1 + test/results/stats/default/wechat.pcap.out | 9 +- test/results/stats/default/weibo.pcap.out | 3 +- test/results/stats/default/whatsapp.pcap.out | 1 + .../stats/default/whatsapp_login_call.pcap.out | 7 +- .../stats/default/whatsapp_login_chat.pcap.out | 1 + .../default/whatsapp_voice_and_message.pcap.out | 3 +- test/results/stats/default/whatsappfiles.pcap.out | 3 +- test/results/stats/default/whois.pcapng.out | 3 +- .../stats/default/windowsupdate_over_http.pcap.out | 1 + test/results/stats/default/windscribe.pcapng.out | 3 +- test/results/stats/default/wireguard.pcap.out | 1 + test/results/stats/default/wow.pcap.out | 1 + test/results/stats/default/xdmcp.pcap.out | 1 + test/results/stats/default/xiaomi.pcap.out | 7 +- test/results/stats/default/xss.pcap.out | 1 + test/results/stats/default/yandex.pcapng.out | 3 +- test/results/stats/default/yojimbo.pcap.out | 1 + test/results/stats/default/youtube_quic.pcap.out | 3 +- test/results/stats/default/youtubeupload.pcap.out | 3 +- test/results/stats/default/z3950.pcapng.out | 1 + test/results/stats/default/zabbix.pcap.out | 1 + test/results/stats/default/zattoo.pcap.out | 3 +- test/results/stats/default/zoom.pcap.out | 3 +- test/results/stats/default/zoom2.pcap.out | 3 +- test/results/stats/default/zoom_p2p.pcapng.out | 3 +- test/results/stats/default/zug.pcap.out | 1 + .../stats/disable_aggressiveness/ookla.pcap.out | 3 +- test/results/stats/disable_metadata/sip.pcap.out | 171 --- .../tls_verylong_certificate.pcap.out | 171 --- .../disable_metadata_and_flowrisks/sip.pcap.out | 172 +++ .../tls_verylong_certificate.pcap.out | 172 +++ .../disable_protocols/dns_long_domainname.pcap.out | 1 + .../stats/disable_protocols/pluralsight.pcap.out | 3 +- .../disable_protocols/quic-mvfst-27.pcapng.out | 3 +- test/results/stats/disable_protocols/soap.pcap.out | 1 + .../stats/disable_use_client_ip/bot.pcap.out | 1 + .../stats/disable_use_client_port/iphone.pcap.out | 3 +- .../dns_process_response_disable/dns.pcap.out | 1 + .../dns.pcap.out | 1 + .../stats/enable_doh_heuristic/doh.pcapng.out | 3 +- .../stats/enable_payload_stat/1kxun.pcap.out | 25 +- .../flow_risk_lists_disable/protonvpn.pcap.out | 3 +- test/results/stats/fpc/1kxun.pcap.out | 172 +++ test/results/stats/fpc/signal_videocall.pcapng.out | 172 +++ test/results/stats/fpc_disabled/teams.pcap.out | 11 +- .../guess_ip_before_port_enabled/1kxun.pcap.out | 25 +- test/results/stats/guessing_disable/webex.pcap.out | 7 +- .../http_process_response_disable/http.pcapng.out | 1 + .../http_asymmetric.pcapng.out | 1 + test/results/stats/ip_lists_disable/1kxun.pcap.out | 25 +- .../stats/monitoring/signal_audiocall.pcapng.out | 172 +++ .../stats/monitoring/signal_videocall.pcapng.out | 172 +++ .../signal_videocall_multiparty.pcapng.out | 172 +++ test/results/stats/monitoring/stun.pcap.out | 3 +- .../stats/monitoring/stun_google_meet.pcapng.out | 3 +- .../stats/monitoring/stun_signal.pcapng.out | 3 +- .../stats/monitoring/stun_wa_call.pcapng.out | 3 +- test/results/stats/monitoring/stun_zoom.pcapng.out | 3 +- test/results/stats/monitoring/teams.pcap.out | 11 +- .../stats/monitoring/telegram_videocall.pcapng.out | 3 +- .../monitoring/telegram_videocall_2.pcapng.out | 172 +++ .../stats/monitoring/telegram_voice.pcapng.out | 172 +++ .../openvpn_obfuscated.pcapng.out | 172 +++ .../signal_videocall.pcapng.out | 172 +++ .../stun_signal_tcp.pcapng.out | 172 +++ .../openvpn_obfuscated.pcapng.out | 1 + .../tls_verylong_certificate.pcap.out | 3 +- .../stun_all_attributes_disabled/teams.pcap.out | 11 +- .../lru_ipv6_caches.pcapng.out | 3 +- .../stun_extra_dissection/stun_dtls_rtp.pcapng.out | 3 +- .../stun_dtls_rtp_unidir.pcapng.out | 3 +- .../stun_extra_dissection/stun_zoom.pcapng.out | 3 +- .../stun_wa_call.pcapng.out | 3 +- .../telegram_videocall.pcapng.out | 3 +- .../subclassification_disable/anydesk.pcapng.out | 3 +- .../stats/subclassification_disable/dns.pcap.out | 1 + .../subclassification_disable/http.pcapng.out | 1 + .../quic-mvfst-27.pcapng.out | 3 +- .../subclassification_disable/tls_ech.pcapng.out | 3 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 3 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 3 +- .../tls_heur__vmess-tcp-tls.pcapng.out | 3 +- .../tls_heur__vmess-tcp.pcapng.out | 3 +- .../tls_heur__vmess-websocket.pcapng.out | 3 +- .../tls_verylong_certificate.pcap.out | 171 --- .../tls_verylong_certificate.pcap.out | 171 --- .../tls_verylong_certificate.pcap.out | 171 --- .../stats/zoom_extra_dissection/zoom.pcap.out | 3 +- .../stats/zoom_extra_dissection/zoom2.pcap.out | 3 +- .../zoom_extra_dissection/zoom_p2p.pcapng.out | 3 +- .../stun_all_attributes_disabled/teams.pcap.out | 236 ++-- .../lru_ipv6_caches.pcapng.out | 36 +- .../stun_extra_dissection/stun_dtls_rtp.pcapng.out | 24 +- .../stun_dtls_rtp_unidir.pcapng.out | 24 +- .../stun_extra_dissection/stun_zoom.pcapng.out | 34 +- .../stun_wa_call.pcapng.out | 80 +- .../telegram_videocall.pcapng.out | 74 +- .../subclassification_disable/anydesk.pcapng.out | 36 +- .../results/subclassification_disable/dns.pcap.out | 14 +- .../subclassification_disable/http.pcapng.out | 12 +- .../quic-mvfst-27.pcapng.out | 12 +- .../subclassification_disable/tls_ech.pcapng.out | 20 +- .../tls_heur__shadowsocks-tcp.pcapng.out | 16 +- .../tls_heur__trojan-tcp-tls.pcapng.out | 20 +- .../tls_heur__vmess-tcp-tls.pcapng.out | 24 +- .../tls_heur__vmess-tcp.pcapng.out | 16 +- .../tls_heur__vmess-websocket.pcapng.out | 26 +- .../tls_verylong_certificate.pcap.out | 29 - .../tls_verylong_certificate.pcap.out | 29 - .../tls_verylong_certificate.pcap.out | 29 - test/results/zoom_extra_dissection/zoom.pcap.out | 80 +- test/results/zoom_extra_dissection/zoom2.pcap.out | 18 +- .../zoom_extra_dissection/zoom_p2p.pcapng.out | 20 +- 2688 files changed, 20773 insertions(+), 13011 deletions(-) create mode 100644 test/results/default/dicom.pcap.out create mode 100644 test/results/default/mikrotik_mndp.pcap.out create mode 100644 test/results/default/signal_audiocall.pcapng.out create mode 100644 test/results/default/signal_multiparty.pcapng.out create mode 100644 test/results/default/signal_videocall.pcapng.out create mode 100644 test/results/default/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/default/stun_signal_tcp.pcapng.out create mode 100644 test/results/default/telegram_videocall_2.pcapng.out create mode 100644 test/results/default/telegram_voice.pcapng.out create mode 100644 test/results/default/vivox.pcapng.out create mode 100644 test/results/default/websocket-chisel-ssh.pcap.out delete mode 100644 test/results/disable_metadata/sip.pcap.out delete mode 100644 test/results/disable_metadata/tls_verylong_certificate.pcap.out create mode 100644 test/results/disable_metadata_and_flowrisks/sip.pcap.out create mode 100644 test/results/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-analyse/default/dicom.pcap.out create mode 100644 test/results/flow-analyse/default/mikrotik_mndp.pcap.out create mode 100644 test/results/flow-analyse/default/signal_audiocall.pcapng.out create mode 100644 test/results/flow-analyse/default/signal_multiparty.pcapng.out create mode 100644 test/results/flow-analyse/default/signal_videocall.pcapng.out create mode 100644 test/results/flow-analyse/default/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/flow-analyse/default/stun_signal_tcp.pcapng.out create mode 100644 test/results/flow-analyse/default/telegram_videocall_2.pcapng.out create mode 100644 test/results/flow-analyse/default/telegram_voice.pcapng.out create mode 100644 test/results/flow-analyse/default/vivox.pcapng.out create mode 100644 test/results/flow-analyse/default/websocket-chisel-ssh.pcap.out delete mode 100644 test/results/flow-analyse/disable_metadata/sip.pcap.out delete mode 100644 test/results/flow-analyse/disable_metadata/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-analyse/disable_metadata_and_flowrisks/sip.pcap.out create mode 100644 test/results/flow-analyse/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-analyse/fpc/1kxun.pcap.out create mode 100644 test/results/flow-analyse/fpc/signal_videocall.pcapng.out create mode 100644 test/results/flow-analyse/monitoring/signal_audiocall.pcapng.out create mode 100644 test/results/flow-analyse/monitoring/signal_videocall.pcapng.out create mode 100644 test/results/flow-analyse/monitoring/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/flow-analyse/monitoring/telegram_videocall_2.pcapng.out create mode 100644 test/results/flow-analyse/monitoring/telegram_voice.pcapng.out create mode 100644 test/results/flow-analyse/ndpireader_conf_file/openvpn_obfuscated.pcapng.out create mode 100644 test/results/flow-analyse/ndpireader_conf_file/signal_videocall.pcapng.out create mode 100644 test/results/flow-analyse/ndpireader_conf_file/stun_signal_tcp.pcapng.out delete mode 100644 test/results/flow-analyse/tls_ja3c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-analyse/tls_ja3s_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-analyse/tls_ja4c_disabled/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-captured/default/dicom.pcap.out create mode 100644 test/results/flow-captured/default/mikrotik_mndp.pcap.out create mode 100644 test/results/flow-captured/default/signal_audiocall.pcapng.out create mode 100644 test/results/flow-captured/default/signal_multiparty.pcapng.out create mode 100644 test/results/flow-captured/default/signal_videocall.pcapng.out create mode 100644 test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/flow-captured/default/stun_signal_tcp.pcapng.out create mode 100644 test/results/flow-captured/default/telegram_videocall_2.pcapng.out create mode 100644 test/results/flow-captured/default/telegram_voice.pcapng.out create mode 100644 test/results/flow-captured/default/vivox.pcapng.out create mode 100644 test/results/flow-captured/default/websocket-chisel-ssh.pcap.out delete mode 100644 test/results/flow-captured/disable_metadata/sip.pcap.out delete mode 100644 test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out create mode 100644 test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-captured/fpc/1kxun.pcap.out create mode 100644 test/results/flow-captured/fpc/signal_videocall.pcapng.out create mode 100644 test/results/flow-captured/monitoring/signal_audiocall.pcapng.out create mode 100644 test/results/flow-captured/monitoring/signal_videocall.pcapng.out create mode 100644 test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out create mode 100644 test/results/flow-captured/monitoring/telegram_voice.pcapng.out create mode 100644 test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out create mode 100644 test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out create mode 100644 test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out delete mode 100644 test/results/flow-captured/tls_ja3c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-captured/tls_ja3s_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-captured/tls_ja4c_disabled/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-info/default/dicom.pcap.out create mode 100644 test/results/flow-info/default/mikrotik_mndp.pcap.out create mode 100644 test/results/flow-info/default/signal_audiocall.pcapng.out create mode 100644 test/results/flow-info/default/signal_multiparty.pcapng.out create mode 100644 test/results/flow-info/default/signal_videocall.pcapng.out create mode 100644 test/results/flow-info/default/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/flow-info/default/stun_signal_tcp.pcapng.out create mode 100644 test/results/flow-info/default/telegram_videocall_2.pcapng.out create mode 100644 test/results/flow-info/default/telegram_voice.pcapng.out create mode 100644 test/results/flow-info/default/vivox.pcapng.out create mode 100644 test/results/flow-info/default/websocket-chisel-ssh.pcap.out delete mode 100644 test/results/flow-info/disable_metadata/sip.pcap.out delete mode 100644 test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-info/disable_metadata_and_flowrisks/sip.pcap.out create mode 100644 test/results/flow-info/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out create mode 100644 test/results/flow-info/fpc/1kxun.pcap.out create mode 100644 test/results/flow-info/fpc/signal_videocall.pcapng.out create mode 100644 test/results/flow-info/monitoring/signal_audiocall.pcapng.out create mode 100644 test/results/flow-info/monitoring/signal_videocall.pcapng.out create mode 100644 test/results/flow-info/monitoring/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out create mode 100644 test/results/flow-info/monitoring/telegram_voice.pcapng.out create mode 100644 test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out create mode 100644 test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out create mode 100644 test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out delete mode 100644 test/results/flow-info/tls_ja3c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-info/tls_ja3s_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/flow-info/tls_ja4c_disabled/tls_verylong_certificate.pcap.out create mode 100644 test/results/fpc/1kxun.pcap.out create mode 100644 test/results/fpc/signal_videocall.pcapng.out create mode 100644 test/results/influxd/default/dicom.pcap.out create mode 100644 test/results/influxd/default/mikrotik_mndp.pcap.out create mode 100644 test/results/influxd/default/signal_audiocall.pcapng.out create mode 100644 test/results/influxd/default/signal_multiparty.pcapng.out create mode 100644 test/results/influxd/default/signal_videocall.pcapng.out create mode 100644 test/results/influxd/default/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/influxd/default/stun_signal_tcp.pcapng.out create mode 100644 test/results/influxd/default/telegram_videocall_2.pcapng.out create mode 100644 test/results/influxd/default/telegram_voice.pcapng.out create mode 100644 test/results/influxd/default/vivox.pcapng.out create mode 100644 test/results/influxd/default/websocket-chisel-ssh.pcap.out delete mode 100644 test/results/influxd/disable_metadata/sip.pcap.out delete mode 100644 test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out create mode 100644 test/results/influxd/disable_metadata_and_flowrisks/sip.pcap.out create mode 100644 test/results/influxd/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out create mode 100644 test/results/influxd/fpc/1kxun.pcap.out create mode 100644 test/results/influxd/fpc/signal_videocall.pcapng.out create mode 100644 test/results/influxd/monitoring/signal_audiocall.pcapng.out create mode 100644 test/results/influxd/monitoring/signal_videocall.pcapng.out create mode 100644 test/results/influxd/monitoring/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/influxd/monitoring/telegram_videocall_2.pcapng.out create mode 100644 test/results/influxd/monitoring/telegram_voice.pcapng.out create mode 100644 test/results/influxd/ndpireader_conf_file/openvpn_obfuscated.pcapng.out create mode 100644 test/results/influxd/ndpireader_conf_file/signal_videocall.pcapng.out create mode 100644 test/results/influxd/ndpireader_conf_file/stun_signal_tcp.pcapng.out delete mode 100644 test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out create mode 100644 test/results/monitoring/signal_audiocall.pcapng.out create mode 100644 test/results/monitoring/signal_videocall.pcapng.out create mode 100644 test/results/monitoring/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/monitoring/telegram_videocall_2.pcapng.out create mode 100644 test/results/monitoring/telegram_voice.pcapng.out create mode 100644 test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out create mode 100644 test/results/ndpireader_conf_file/signal_videocall.pcapng.out create mode 100644 test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out create mode 100644 test/results/stats/default/dicom.pcap.out create mode 100644 test/results/stats/default/mikrotik_mndp.pcap.out create mode 100644 test/results/stats/default/signal_audiocall.pcapng.out create mode 100644 test/results/stats/default/signal_multiparty.pcapng.out create mode 100644 test/results/stats/default/signal_videocall.pcapng.out create mode 100644 test/results/stats/default/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/stats/default/stun_signal_tcp.pcapng.out create mode 100644 test/results/stats/default/telegram_videocall_2.pcapng.out create mode 100644 test/results/stats/default/telegram_voice.pcapng.out create mode 100644 test/results/stats/default/vivox.pcapng.out create mode 100644 test/results/stats/default/websocket-chisel-ssh.pcap.out delete mode 100644 test/results/stats/disable_metadata/sip.pcap.out delete mode 100644 test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out create mode 100644 test/results/stats/disable_metadata_and_flowrisks/sip.pcap.out create mode 100644 test/results/stats/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out create mode 100644 test/results/stats/fpc/1kxun.pcap.out create mode 100644 test/results/stats/fpc/signal_videocall.pcapng.out create mode 100644 test/results/stats/monitoring/signal_audiocall.pcapng.out create mode 100644 test/results/stats/monitoring/signal_videocall.pcapng.out create mode 100644 test/results/stats/monitoring/signal_videocall_multiparty.pcapng.out create mode 100644 test/results/stats/monitoring/telegram_videocall_2.pcapng.out create mode 100644 test/results/stats/monitoring/telegram_voice.pcapng.out create mode 100644 test/results/stats/ndpireader_conf_file/openvpn_obfuscated.pcapng.out create mode 100644 test/results/stats/ndpireader_conf_file/signal_videocall.pcapng.out create mode 100644 test/results/stats/ndpireader_conf_file/stun_signal_tcp.pcapng.out delete mode 100644 test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out delete mode 100644 test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d7769f0be..d52374841 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -93,7 +93,7 @@ jobs: upload: false ndpi_min_version: "4.12" - compiler: "clang-12" - os: "ubuntu-latest" + os: "ubuntu-20.04" ndpi_build: "-DBUILD_NDPI=ON" ndpid_examples: "-DBUILD_EXAMPLES=ON" ndpid_gcrypt: "-DNDPI_WITH_GCRYPT=OFF" diff --git a/examples/c-analysed/c-analysed.c b/examples/c-analysed/c-analysed.c index 6df460910..c98f6636a 100644 --- a/examples/c-analysed/c-analysed.c +++ b/examples/c-analysed/c-analysed.c @@ -170,6 +170,7 @@ static struct uint64_t flow_category_antimalware_count; uint64_t flow_category_crypto_currency_count; uint64_t flow_category_gambling_count; + uint64_t flow_category_health_count; uint64_t flow_category_unknown_count; uint64_t flow_confidence_by_port; @@ -220,15 +221,10 @@ struct global_map }; }; -#define ANALYSED_STATS_COUNTER_PTR(member) \ - { \ - .global_stat_inc = &(analysed_statistics.counters.member), NULL \ - } +#define ANALYSED_STATS_COUNTER_PTR(member) {.global_stat_inc = &(analysed_statistics.counters.member), NULL} #define ANALYSED_STATS_GAUGE_PTR(member) \ - { \ - .global_stat_inc = &(analysed_statistics.gauges[0].member), \ - .global_stat_dec = &(analysed_statistics.gauges[1].member) \ - } + {.global_stat_inc = &(analysed_statistics.gauges[0].member), \ + .global_stat_dec = &(analysed_statistics.gauges[1].member)} #define ANALYSED_STATS_COUNTER_INC(member) (analysed_statistics.counters.member++) #define ANALYSED_STATS_GAUGE_RES(member) (analysed_statistics.gauges[0].member--) #define ANALYSED_STATS_GAUGE_INC(member) (analysed_statistics.gauges[0].member++) @@ -329,6 +325,7 @@ static struct global_map const categories_map[] = { {"Antimalware", ANALYSED_STATS_GAUGE_PTR(flow_category_antimalware_count)}, {"Crypto_Currency", ANALYSED_STATS_GAUGE_PTR(flow_category_crypto_currency_count)}, {"Gambling", ANALYSED_STATS_GAUGE_PTR(flow_category_gambling_count)}, + {"Health", ANALYSED_STATS_GAUGE_PTR(flow_category_health_count)}, {NULL, ANALYSED_STATS_GAUGE_PTR(flow_category_unknown_count)}}; static struct global_map const confidence_map[] = { @@ -1713,7 +1710,7 @@ static int write_global_flow_stats(void) ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() - ANALYSEDB_FORMAT() ANALYSEDB_FORMAT(), + ANALYSEDB_FORMAT() ANALYSEDB_FORMAT() ANALYSEDB_FORMAT(), ANALYSEDB_VALUE_GAUGE(flow_category_unspecified_count), ANALYSEDB_VALUE_GAUGE(flow_category_media_count), @@ -1754,6 +1751,7 @@ static int write_global_flow_stats(void) ANALYSEDB_VALUE_GAUGE(flow_category_antimalware_count), ANALYSEDB_VALUE_GAUGE(flow_category_crypto_currency_count), ANALYSEDB_VALUE_GAUGE(flow_category_gambling_count), + ANALYSEDB_VALUE_GAUGE(flow_category_health_count), ANALYSEDB_VALUE_GAUGE(flow_category_unknown_count)); CHECK_SNPRINTF_RET(bytes); @@ -1891,6 +1889,7 @@ failure: ANALYSED_STATS_GAUGE_SUB(flow_category_antimalware_count); ANALYSED_STATS_GAUGE_SUB(flow_category_crypto_currency_count); ANALYSED_STATS_GAUGE_SUB(flow_category_gambling_count); + ANALYSED_STATS_GAUGE_SUB(flow_category_health_count); ANALYSED_STATS_GAUGE_SUB(flow_category_unknown_count); ANALYSED_STATS_GAUGE_SUB(flow_confidence_by_port); diff --git a/examples/c-collectd/c-collectd.c b/examples/c-collectd/c-collectd.c index 4eca7ca0d..e3e2d7da0 100644 --- a/examples/c-collectd/c-collectd.c +++ b/examples/c-collectd/c-collectd.c @@ -176,6 +176,7 @@ static struct uint64_t flow_category_antimalware_count; uint64_t flow_category_crypto_currency_count; uint64_t flow_category_gambling_count; + uint64_t flow_category_health_count; uint64_t flow_category_unknown_count; uint64_t flow_confidence_by_port; @@ -226,15 +227,10 @@ struct global_map }; }; -#define COLLECTD_STATS_COUNTER_PTR(member) \ - { \ - .global_stat_inc = &(collectd_statistics.counters.member), NULL \ - } +#define COLLECTD_STATS_COUNTER_PTR(member) {.global_stat_inc = &(collectd_statistics.counters.member), NULL} #define COLLECTD_STATS_GAUGE_PTR(member) \ - { \ - .global_stat_inc = &(collectd_statistics.gauges[0].member), \ - .global_stat_dec = &(collectd_statistics.gauges[1].member) \ - } + {.global_stat_inc = &(collectd_statistics.gauges[0].member), \ + .global_stat_dec = &(collectd_statistics.gauges[1].member)} #define COLLECTD_STATS_COUNTER_INC(member) (collectd_statistics.counters.member++) #define COLLECTD_STATS_GAUGE_RES(member) (collectd_statistics.gauges[0].member--) #define COLLECTD_STATS_GAUGE_INC(member) (collectd_statistics.gauges[0].member++) @@ -335,6 +331,7 @@ static struct global_map const categories_map[] = { {"Antimalware", COLLECTD_STATS_GAUGE_PTR(flow_category_antimalware_count)}, {"Crypto_Currency", COLLECTD_STATS_GAUGE_PTR(flow_category_crypto_currency_count)}, {"Gambling", COLLECTD_STATS_GAUGE_PTR(flow_category_gambling_count)}, + {"Health", COLLECTD_STATS_GAUGE_PTR(flow_category_health_count)}, {NULL, COLLECTD_STATS_GAUGE_PTR(flow_category_unknown_count)}}; static struct global_map const confidence_map[] = { @@ -655,7 +652,7 @@ static void print_collectd_exec_output(void) COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() - COLLECTD_GAUGE_N_FORMAT(), + COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT(), COLLECTD_GAUGE_N(flow_category_unspecified_count), COLLECTD_GAUGE_N(flow_category_media_count), @@ -696,6 +693,7 @@ static void print_collectd_exec_output(void) COLLECTD_GAUGE_N(flow_category_antimalware_count), COLLECTD_GAUGE_N(flow_category_crypto_currency_count), COLLECTD_GAUGE_N(flow_category_gambling_count), + COLLECTD_GAUGE_N(flow_category_health_count), COLLECTD_GAUGE_N(flow_category_unknown_count)); printf(COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() COLLECTD_GAUGE_N_FORMAT() @@ -801,6 +799,7 @@ static void print_collectd_exec_output(void) COLLECTD_STATS_GAUGE_SUB(flow_category_antimalware_count); COLLECTD_STATS_GAUGE_SUB(flow_category_crypto_currency_count); COLLECTD_STATS_GAUGE_SUB(flow_category_gambling_count); + COLLECTD_STATS_GAUGE_SUB(flow_category_health_count); COLLECTD_STATS_GAUGE_SUB(flow_category_unknown_count); COLLECTD_STATS_GAUGE_SUB(flow_confidence_by_port); diff --git a/examples/c-influxd/c-influxd.c b/examples/c-influxd/c-influxd.c index 3eab9a514..b147fa24b 100644 --- a/examples/c-influxd/c-influxd.c +++ b/examples/c-influxd/c-influxd.c @@ -170,6 +170,7 @@ static struct uint64_t flow_category_antimalware_count; uint64_t flow_category_crypto_currency_count; uint64_t flow_category_gambling_count; + uint64_t flow_category_health_count; uint64_t flow_category_unknown_count; uint64_t flow_confidence_by_port; @@ -220,15 +221,10 @@ struct global_map }; }; -#define INFLUXD_STATS_COUNTER_PTR(member) \ - { \ - .global_stat_inc = &(influxd_statistics.counters.member), NULL \ - } +#define INFLUXD_STATS_COUNTER_PTR(member) {.global_stat_inc = &(influxd_statistics.counters.member), NULL} #define INFLUXD_STATS_GAUGE_PTR(member) \ - { \ - .global_stat_inc = &(influxd_statistics.gauges[0].member), \ - .global_stat_dec = &(influxd_statistics.gauges[1].member) \ - } + {.global_stat_inc = &(influxd_statistics.gauges[0].member), \ + .global_stat_dec = &(influxd_statistics.gauges[1].member)} #define INFLUXD_STATS_COUNTER_INC(member) (influxd_statistics.counters.member++) #define INFLUXD_STATS_GAUGE_RES(member) (influxd_statistics.gauges[0].member--) #define INFLUXD_STATS_GAUGE_INC(member) (influxd_statistics.gauges[0].member++) @@ -328,6 +324,7 @@ static struct global_map const categories_map[] = { {"Antimalware", INFLUXD_STATS_GAUGE_PTR(flow_category_antimalware_count)}, {"Crypto_Currency", INFLUXD_STATS_GAUGE_PTR(flow_category_crypto_currency_count)}, {"Gambling", INFLUXD_STATS_GAUGE_PTR(flow_category_gambling_count)}, + {"Health", INFLUXD_STATS_GAUGE_PTR(flow_category_health_count)}, {NULL, INFLUXD_STATS_GAUGE_PTR(flow_category_unknown_count)}}; static struct global_map const confidence_map[] = { @@ -486,7 +483,7 @@ static int serialize_influx_line(char * buf, size_t siz) INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() - INFLUXDB_FORMAT() INFLUXDB_FORMAT_END(), + INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT_END(), "category", INFLUXDB_VALUE_GAUGE(flow_category_unspecified_count), @@ -528,6 +525,7 @@ static int serialize_influx_line(char * buf, size_t siz) INFLUXDB_VALUE_GAUGE(flow_category_antimalware_count), INFLUXDB_VALUE_GAUGE(flow_category_crypto_currency_count), INFLUXDB_VALUE_GAUGE(flow_category_gambling_count), + INFLUXDB_VALUE_GAUGE(flow_category_health_count), INFLUXDB_VALUE_GAUGE(flow_category_unknown_count)); CHECK_SNPRINTF_RET(bytes); @@ -656,6 +654,7 @@ failure: INFLUXD_STATS_GAUGE_SUB(flow_category_antimalware_count); INFLUXD_STATS_GAUGE_SUB(flow_category_crypto_currency_count); INFLUXD_STATS_GAUGE_SUB(flow_category_gambling_count); + INFLUXD_STATS_GAUGE_SUB(flow_category_health_count); INFLUXD_STATS_GAUGE_SUB(flow_category_unknown_count); INFLUXD_STATS_GAUGE_SUB(flow_confidence_by_port); diff --git a/libnDPI b/libnDPI index 59ee1fe11..e946f49ac 160000 --- a/libnDPI +++ b/libnDPI @@ -1 +1 @@ -Subproject commit 59ee1fe1156be234fed796972a29a31a0589e25a +Subproject commit e946f49aca13e4447a7d7b2acae6323a4531fb55 diff --git a/nDPId.c b/nDPId.c index 2165c7871..8bbf99fbd 100644 --- a/nDPId.c +++ b/nDPId.c @@ -485,7 +485,7 @@ static struct struct cmdarg custom_risk_domain_file; struct cmdarg custom_protocols_file; struct cmdarg custom_categories_file; - struct cmdarg custom_ja3_file; + struct cmdarg custom_ja4_file; struct cmdarg custom_sha1_file; struct cmdarg collector_address; struct cmdarg instance_alias; @@ -534,7 +534,7 @@ static struct .custom_risk_domain_file = CMDARG_STR(NULL), .custom_protocols_file = CMDARG_STR(NULL), .custom_categories_file = CMDARG_STR(NULL), - .custom_ja3_file = CMDARG_STR(NULL), + .custom_ja4_file = CMDARG_STR(NULL), .custom_sha1_file = CMDARG_STR(NULL), .collector_address = CMDARG_STR(COLLECTOR_UNIX_SOCKET), .instance_alias = CMDARG_STR(NULL), @@ -591,7 +591,7 @@ struct confopt general_config_map[] = {CONFOPT("netif", &nDPId_options.pcap_file CONFOPT("riskdomains", &nDPId_options.custom_risk_domain_file), CONFOPT("protocols", &nDPId_options.custom_protocols_file), CONFOPT("categories", &nDPId_options.custom_categories_file), - CONFOPT("ja3", &nDPId_options.custom_ja3_file), + CONFOPT("ja4", &nDPId_options.custom_ja4_file), CONFOPT("sha1", &nDPId_options.custom_sha1_file), CONFOPT("collector", &nDPId_options.collector_address), CONFOPT("alias", &nDPId_options.instance_alias), @@ -1543,9 +1543,9 @@ static struct nDPId_workflow * init_workflow(char const * const file_or_device) { ndpi_load_categories_file(workflow->ndpi_struct, GET_CMDARG_STR(nDPId_options.custom_categories_file), NULL); } - if (IS_CMDARG_SET(nDPId_options.custom_ja3_file) != 0) + if (IS_CMDARG_SET(nDPId_options.custom_ja4_file) != 0) { - ndpi_load_malicious_ja3_file(workflow->ndpi_struct, GET_CMDARG_STR(nDPId_options.custom_ja3_file)); + ndpi_load_malicious_ja4_file(workflow->ndpi_struct, GET_CMDARG_STR(nDPId_options.custom_ja4_file)); } if (IS_CMDARG_SET(nDPId_options.custom_sha1_file) != 0) { @@ -5320,8 +5320,7 @@ static void print_usage(char const * const arg0) "\t \tDefault: disabled\n" "\t-C\tLoad a nDPI custom categories file.\n" "\t \tDefault: disabled\n" - "\t-J\tLoad a nDPI JA3 hash blacklist file.\n" - "\t \tSee: https://sslbl.abuse.ch/blacklist/ja3_fingerprints.csv\n" + "\t-J\tLoad a nDPI JA4 hash blacklist file.\n" "\t \tDefault: disabled\n" "\t-S\tLoad a nDPI SSL SHA1 hash blacklist file.\n" "\t \tSee: https://sslbl.abuse.ch/blacklist/sslblacklist.csv\n" @@ -5490,7 +5489,7 @@ static int nDPId_parse_options(int argc, char ** argv) set_cmdarg_string(&nDPId_options.custom_categories_file, optarg); break; case 'J': - set_cmdarg_string(&nDPId_options.custom_ja3_file, optarg); + set_cmdarg_string(&nDPId_options.custom_ja4_file, optarg); break; case 'S': set_cmdarg_string(&nDPId_options.custom_sha1_file, optarg); diff --git a/ndpid.conf.example b/ndpid.conf.example index 9d074f32e..aa7d310d2 100644 --- a/ndpid.conf.example +++ b/ndpid.conf.example @@ -13,7 +13,7 @@ #riskdomains = /path/to/libnDPI/example/risky_domains.txt #protocols = /path/to/libnDPI/example/protos.txt #categories = /path/to/libnDPI/example/categories.txt -#ja3 = /path/to/libnDPI/example/ja3_fingerprints.csv +#ja4 = /path/to/libnDPI/example/ja4_fingerprints.csv #sha1 = /path/to/libnDPI/example/sha1_fingerprints.csv # Collector endpoint as UNIX socket (usually nDPIsrvd) diff --git a/packages/openwrt/net/nDPId-testing/nDPId-testing.config b/packages/openwrt/net/nDPId-testing/nDPId-testing.config index 2e1871d29..a2210e56c 100644 --- a/packages/openwrt/net/nDPId-testing/nDPId-testing.config +++ b/packages/openwrt/net/nDPId-testing/nDPId-testing.config @@ -33,7 +33,7 @@ config nDPId #option udp_connect '127.0.0.1:31337' #option proto_file '' #option cat_file '' - #option ja3_file '' + #option ja4_file '' #option ssl_file '' #option alias '' #option analysis 0 diff --git a/packages/openwrt/net/nDPId-testing/nDPId-testing.init b/packages/openwrt/net/nDPId-testing/nDPId-testing.init index 850ec47a8..4ccee51a0 100644 --- a/packages/openwrt/net/nDPId-testing/nDPId-testing.init +++ b/packages/openwrt/net/nDPId-testing/nDPId-testing.init @@ -71,7 +71,7 @@ start_ndpid_instance() { args="$args$(print_arg_bool "$cfg" 'use_poll' '-e')" args="$args$(print_arg_str "$cfg" 'proto_file' '-P')" args="$args$(print_arg_str "$cfg" 'cat_file' '-C')" - args="$args$(print_arg_str "$cfg" 'ja3_file' '-J')" + args="$args$(print_arg_str "$cfg" 'ja4_file' '-J')" args="$args$(print_arg_str "$cfg" 'ssl_file' '-S')" args="$args$(print_arg_str "$cfg" 'alias' '-a')" args="$args$(print_arg_bool "$cfg" 'analysis' '-A')" @@ -118,7 +118,7 @@ validate_ndpid_section() { 'udp_connect:string' \ 'proto_file:string' \ 'cat_file:string' \ - 'ja3_file:string' \ + 'ja4_file:string' \ 'ssl_file:string' \ 'alias:string' \ 'analysis:bool:0' \ diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json index be4a0087a..e1096e2bd 100644 --- a/schema/flow_event_schema.json +++ b/schema/flow_event_schema.json @@ -244,6 +244,9 @@ "proto_by_ip_id": { "type": "number" }, + "stream_content": { + "type": "string" + }, "category": { "type": "string", "enum": [ @@ -254,7 +257,7 @@ "Shopping", "Productivity", "FileSharing", "ConnCheck", "IoT-Scada", "VirtAssistant", "Cybersecurity", "AdultContent", "Mining", "Malware", "Advertisement", "Banned_Site", "Site_Unavailable", "Allowed_Site", - "Antimalware", "Crypto_Currency", "Gambling" + "Antimalware", "Crypto_Currency", "Gambling", "Health" ] }, "category_id": { @@ -1316,7 +1319,7 @@ "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, - "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "server": { "type": "number", "minimum": 5, "maximum": 135 }, "additionalProperties": false } } @@ -1411,6 +1414,9 @@ "mdns": { "type": "object" }, + "mikrotik": { + "type": "object" + }, "natpmp": { "type": "object" }, @@ -1450,6 +1456,18 @@ "ftp": { "type": "object" }, + "sip": { + "type": "object", + "properties": { + "from": { + "type": "string" + }, + "to": { + "type": "string" + } + }, + "additionalProperties": false + }, "snmp": { "type": "object" }, diff --git a/test/configs/disable_metadata.ndpiconf b/test/configs/disable_metadata.ndpiconf index 2cd288598..aa938d24b 100644 --- a/test/configs/disable_metadata.ndpiconf +++ b/test/configs/disable_metadata.ndpiconf @@ -1,5 +1,4 @@ [protos] tls.metadata.sha1_fingerprint=0 -tls.metadata.ja3c_fingerprint=0 tls.metadata.ja3s_fingerprint=0 tls.metadata.ja4c_fingerprint=0 diff --git a/test/results/caches_cfg/ookla.pcap.out b/test/results/caches_cfg/ookla.pcap.out index 936c5ef11..5427c009c 100644 --- a/test/results/caches_cfg/ookla.pcap.out +++ b/test/results/caches_cfg/ookla.pcap.out @@ -1,4 +1,4 @@ -00659{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00659{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00887{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00887{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00819{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,15 +31,15 @@ 01135{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00887{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00887{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1679653269908388,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269908388,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0d9xAAEAGx6LAqAGAaBDRDL7WAbvTK4fea1RAWIAQAfZrSQAAAQEICo25BcBAz3Kn"} 01288{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1679653269910213,"pkt":"ILAB4IZiPKn0qB\/sCABFAAI5d91AAEAGxZzAqAGAaBDRDL7WAbvTK4fea1RAWIAYAfa4FAAAAQEICo25BcJAz3KnFgMBAgABAAH8AwOTb4oxeXvjc\/45zkuVq4G3Zgn7TLoS1mljZT9BkHGn2CDtXOYXkAvuYV+YZrFG8XIpj5iT35mrgepNsvEywjPasgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuc3BlZWR0ZXN0Lm5ldAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA0PGs+cvY7SZzZ7ub5BC\/x6sXI+NPwgqK8CA+8hBBoUAAXAEEE8gwagQRgBRZQFjLsDlZBIDoi55K5OCyygtEfRg6ZTvyJ0PS0\/RImIv79eDtxwURuWaTzp0u6GF0tY0r+YgsRoAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269924034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269924034,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0tiRAADkGkFpoENEMwKgBgAG7vtZrVEBY0yuJ44AQAAhrHwAAAQEICkDPcriNuQXC"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01198{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069114050266,"flow_dst_last_pkt_time":1491069114084923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":1434,"flow_dst_tot_l4_payload_len":1546,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"massarosa-1.speedtest.welcomeitalia.it"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069115874461,"flow_dst_last_pkt_time":1491069115908957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306712675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306712675,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,12 +47,12 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653306719019,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGuYlZYGyqwKgBgB+Qi\/ZNWoqZHmeg66AScSCZvQAAAgQFtAQCCApaPwmg5DYp\/AEDAwc="} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1679653306719028,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306719028,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0211AAEAG1zPAqAGAWWBsqov2H5AeZ6DrTVqKmoAQAfY3rQAAAQEICuQ2KgNaPwmg"} 01443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_usec":1679653306722610,"pkt":"ILAB4IZiPKn0qB\/sCABFAAKo215AAEAG1L7AqAGAWWBsqov2H5AeZ6DrTVqKmoAYAfbO\/gAAAQEICuQ2KgZaPwmgFgMBAm8BAAJrAwP259mDz8GEpoy1f+OzLC\/9thLG4EqdLGdZzXCGK9Q4uiBQNxCTYiOnTdmODfCjz\/77scOJabNQfOM8CXn\/Kv428AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAgAAAAAjACEAAB5zcGQtcHViLW1pLTAxLTAxLmZhc3R3ZWJuZXQuaXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCmIGoQSjFxbhP0oQ2mf3jldqLVT4IJ26DAHB\/y9dgXLwAXAEEE8z8E+HP3NhUI\/F3JutRCkkZAA38B+4XEE0qHvfJW\/ErxaU6ku0G019ynBdDwM0s6b8hWwbPTFIbOGQegCvJDQAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwB8AhNezxWqfHNqTai25upcAXujZ45XM67IJ06apg7LqGTJweebMuDRIw07Sj31fESMcFNp17AprOYwSXu+YS9IV7JhT9qQ4OZmstow1igpGfzEfe\/xOI8FkLjugMpGDY1pCU3HpxsD9EoT1P15QOhLf1dMPMUABrcy7YEdQeCwvbp2qZm8hgV1Lh+SnlNLe9mxhXktl5gH4Z6wg4QeX0rx2IRHvSjtKcrCLpyghx76lSgi1P+ZDn7AN\/VgIhiOzujGKo4YAISC+J4uYrIYL20ogu5h0JOx5bT1YAelSKoit\/6udwZ+98w=="} -01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306727552,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0gz1AADkGNlRZYGyqwKgBgB+Qi\/ZNWoqaHmejX4AQAO02NQAAAQEIClo\/CarkNioG"} -01494{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00893{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00893{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7061975 bytes -~~ total memory freed........: 7061975 bytes -~~ total allocations/frees...: 114341/114341 +~~ total memory allocated....: 7639639 bytes +~~ total memory freed........: 7639639 bytes +~~ total allocations/frees...: 126074/126074 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 1518 chars diff --git a/test/results/caches_cfg/teams.pcap.out b/test/results/caches_cfg/teams.pcap.out index db66b7bc5..66f55924c 100644 --- a/test/results/caches_cfg/teams.pcap.out +++ b/test/results/caches_cfg/teams.pcap.out @@ -1,5 +1,5 @@ -00659{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00880{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00659{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00880{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -32,14 +32,14 @@ 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"} -01624{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01577{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +02206{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01923{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01882{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00340{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","layer_type":38,"global_ts_usec":1587041676611249} 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} 00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"} 02354{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00820{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,16 +55,16 @@ 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"} -01625{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01578{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00344{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","layer_type":34969,"global_ts_usec":1587041677408485} @@ -77,9 +77,9 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01924{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01883{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00342{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","layer_type":38,"global_ts_usec":1587041678611338} 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -121,7 +121,7 @@ 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -130,17 +130,17 @@ 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -01184{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} +01172{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="} -01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -150,17 +150,17 @@ 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="} -01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"} -01592{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} +01548{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 01188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.113.194.132,ttl=104"]}}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -168,9 +168,9 @@ 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"} -01683{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01636{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","domainame":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -183,15 +183,15 @@ 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00946{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 02534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"} -01925{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00342{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","layer_type":38,"global_ts_usec":1587041682611214} 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -208,7 +208,7 @@ 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"} -01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} 02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"} 02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"} @@ -219,9 +219,9 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} 01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"} -01533{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01499{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02258{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} @@ -233,16 +233,16 @@ 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01925{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":32,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} @@ -254,10 +254,10 @@ 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"} -02136{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} -02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +02095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} +02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -300,49 +300,49 @@ 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01397{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","domainame":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"} -01762{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01715{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"} 02533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01925{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"} -01925{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} -01813{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} -02367{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01772{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} +02361{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"} -01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01658{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 02395{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -353,15 +353,15 @@ 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"} -01927{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} +01886{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -374,9 +374,9 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"} -01926{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01885{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} @@ -389,7 +389,7 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -401,7 +401,7 @@ 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"} 02263{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 02278{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} @@ -428,16 +428,16 @@ 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01446{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"} -01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01500{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00824{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -448,43 +448,43 @@ 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00824{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} -01046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -01046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"} 00824{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} @@ -493,15 +493,15 @@ 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01866{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 02527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01866{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -512,40 +512,40 @@ 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="} 00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} -01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"159.145.24.130:64794"}}} +01135{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"159.145.24.130:64794","multimedia_flow_types":"Audio"}}} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} -01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"18.140.192.228:28678"}}} +01135{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"18.140.192.228:28678","multimedia_flow_types":"Audio"}}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00934{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -554,9 +554,9 @@ 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="} 02383{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} @@ -570,7 +570,7 @@ 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -578,21 +578,21 @@ 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -02394{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02388{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com"}} -01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} -01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01212{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01159{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com"}} +01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} @@ -605,8 +605,8 @@ 01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com"}} -01154{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01161{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00918{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com"}} @@ -616,7 +616,7 @@ 01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com"}} 01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com"}} -01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} +01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com"}} @@ -643,8 +643,8 @@ 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net"}} 01001{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01270{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01270{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01271{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} @@ -652,20 +652,20 @@ 01270{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net"}} -01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01164{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01165{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01119{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01113{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01169{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00902{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} +01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00902{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","uuid":"00000000-dead-c0de-0000-123456789abc","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -674,9 +674,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8329019 bytes -~~ total memory freed........: 8329019 bytes -~~ total allocations/frees...: 117022/117022 +~~ total memory allocated....: 8906789 bytes +~~ total memory freed........: 8906789 bytes +~~ total allocations/frees...: 128761/128761 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 344 chars ~~ json message max len.......: 2550 chars diff --git a/test/results/caches_global/bittorrent.pcap.out b/test/results/caches_global/bittorrent.pcap.out index feb1fd40c..abc9204d1 100644 --- a/test/results/caches_global/bittorrent.pcap.out +++ b/test/results/caches_global/bittorrent.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}} @@ -161,7 +161,7 @@ 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265759,"flow_src_last_pkt_time":1455469975265759,"flow_dst_last_pkt_time":1455469975265759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469970233620,"flow_src_last_pkt_time":1455469971153525,"flow_dst_last_pkt_time":1455469970357464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469975234548,"flow_src_last_pkt_time":1455469976169825,"flow_dst_last_pkt_time":1455469975379579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":534,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7016080 bytes -~~ total memory freed........: 7016080 bytes -~~ total allocations/frees...: 114711/114711 +~~ total memory allocated....: 7594314 bytes +~~ total memory freed........: 7594314 bytes +~~ total allocations/frees...: 126464/126464 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars ~~ json message max len.......: 2404 chars diff --git a/test/results/caches_global/lru_ipv6_caches.pcapng.out b/test/results/caches_global/lru_ipv6_caches.pcapng.out index 6e86ec638..024782e2f 100644 --- a/test/results/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/caches_global/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ -00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00841{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} @@ -35,42 +35,42 @@ 01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052959035612,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00842{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} -01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969360318,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969360318,"pkt":"AAAAAAAAAAgAKih5ht1gChT5ACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy8wKP2CEgBL\/\/+ibAAACBAVQAQEEAgEDAwo="} 02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517969,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy80KP2KJUBAAQlzUAAAWAwMAUAIAAEwDA2Gx9qmsk0SkPB6KDAiZvXlLcIQwNUuS8UsCtY0L22BDAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517992,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESW0R0KP2KJUBAAQnUtAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHIMAABuAwAdIDwd"} -01617{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969585053,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969585053,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzACAGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1XdwhBagBL\/\/\/uQAAACBAVQAQEEAgEDAwo="} 02401{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1bdwhJfUBAAQnm1AAAWAwMAUAIAAEwDA2Gx9qme4uujwv1+7XVRUWnJHpI6\/iAaaJ7rvPDDXG+vAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5VKbdwhJfUBAAQpK1AABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIDGI"} -01625{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052971296401,"pkt":"AAAAAAAAAAgAVrKUht1gDJJRAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBwt+hkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxCYpebxBOzZP3H84ohCF\/4mXRlMTpxOTpnZXRfcGVlcnMxOnQyOhlZMTp2NDpMVAECMTp5MTpxZQ=="} 01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052971296401,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974554138,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052974554138,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1YLBRqPgBL\/\/4UNAAACBAVQAQEEAgEDAwo="} 02402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704392,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1cLBRtIUBAAQtsqAAAWAwMAUAIAAEwDA2Gx9q7NW\/InZk3e9l0G3VMCEwBfKMJf26DLOUsrrRkmAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704415,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aMKcLBRtIUBAAQgdNAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIEe5"} -01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00842{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} -01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00842{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} -01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"} @@ -86,7 +86,7 @@ 01283{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01279{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1639052981556623} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -95,9 +95,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6951322 bytes -~~ total memory freed........: 6951322 bytes -~~ total allocations/frees...: 114378/114378 +~~ total memory allocated....: 7529058 bytes +~~ total memory freed........: 7529058 bytes +~~ total allocations/frees...: 126114/126114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 2407 chars diff --git a/test/results/caches_global/mining.pcapng.out b/test/results/caches_global/mining.pcapng.out index 468b13685..db1da81b6 100644 --- a/test/results/caches_global/mining.pcapng.out +++ b/test/results/caches_global/mining.pcapng.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421797845,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484655421797845,"pkt":"AASWHU4wHG9l2GloCABFAAA0A\/tAAIAGAACT5Q3euUdCJ8CbJw\/zdEGlAAAAAIACIACdWAAAAgQFtAEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484655421816250,"pkt":"HG9l2GloAASWHU4wCABFAAAoAABAADEGrJ65R0Ink+UN3icPwJv+A6hh83RBplASAABPdQAAAAAAAAAA"} @@ -8,7 +8,7 @@ 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1484655421843996,"pkt":"AASWHU4wHG9l2GloCABFAADWA\/1AAIAGAACT5Q3euUdCJ8CbJw\/zdEGm\/gOoYlAY\/3Cd+gAAeyJ3b3JrZXIiOiAiZXRoMS4wIiwgImpzb25ycGMiOiAiMi4wIiwgInBhcmFtcyI6IFsiMHg5Yzk5ZDIxMmY3ZTVkYWExOGFiNTA4MTBlMGZkMjU1ZDFmMDQzMDNiL3Rlc3Rlci53b3JrZXIxL3Z2ZXNlbHlAbWFpbGluYXRvciIsICJ4Il0sICJpZCI6IDIsICJtZXRob2QiOiAiZXRoX3N1Ym1pdExvZ2luIn0K"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421843996,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655452163379,"flow_dst_last_pkt_time":1484655451963831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":243,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":2226,"midstream":0,"thread_ts_usec":1484655452163379,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1952629.6,"max":9791290,"stddev":3004713.0,"var":9028300177408.0,"ent":3.5,"data": [18405,18478,27683,27673,25791,11368,1,37175,8284,48338,236647,209260,12613,9755422,9791290,235473,2439803,2440063,7323703,7588500,64939,25659,10296,234651,3831832,3833133,885298,890088,5008744,5252462,238448]},"pktlen": {"min":40,"avg":131.1,"max":283,"stddev":104.0,"var":10823.6,"ent":4.6,"data": [52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]},"bins": {"c_to_s": [11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0],"entropies": [4.421030521,4.206097126,4.730641365,4.390829086,5.638098717,4.565871716,5.435059071,5.159528255,4.561769485,5.337047100,5.173661709,4.730641365,5.160906792,4.680641174,5.323744297,5.159528255,4.730641365,5.122583389,4.680641651,4.630837917,4.652828693,5.353575706,4.652828693,5.170008659,4.711769104,5.164538860,4.780641556,5.164218426,4.680641651,5.337047100,5.144396782,4.780641556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} @@ -33,12 +33,12 @@ 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"} 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":305,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} 02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":455,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 673/673 ~~ skipped flows.............: 0 @@ -47,9 +47,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6942558 bytes -~~ total memory freed........: 6942558 bytes -~~ total allocations/frees...: 114851/114851 +~~ total memory allocated....: 7520154 bytes +~~ total memory freed........: 7520154 bytes +~~ total allocations/frees...: 126582/126582 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2390 chars diff --git a/test/results/caches_global/ookla.pcap.out b/test/results/caches_global/ookla.pcap.out index f99ec8fc9..54216ea05 100644 --- a/test/results/caches_global/ookla.pcap.out +++ b/test/results/caches_global/ookla.pcap.out @@ -1,4 +1,4 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,15 +31,15 @@ 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1679653269908388,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269908388,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0d9xAAEAGx6LAqAGAaBDRDL7WAbvTK4fea1RAWIAQAfZrSQAAAQEICo25BcBAz3Kn"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1679653269910213,"pkt":"ILAB4IZiPKn0qB\/sCABFAAI5d91AAEAGxZzAqAGAaBDRDL7WAbvTK4fea1RAWIAYAfa4FAAAAQEICo25BcJAz3KnFgMBAgABAAH8AwOTb4oxeXvjc\/45zkuVq4G3Zgn7TLoS1mljZT9BkHGn2CDtXOYXkAvuYV+YZrFG8XIpj5iT35mrgepNsvEywjPasgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuc3BlZWR0ZXN0Lm5ldAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA0PGs+cvY7SZzZ7ub5BC\/x6sXI+NPwgqK8CA+8hBBoUAAXAEEE8gwagQRgBRZQFjLsDlZBIDoi55K5OCyygtEfRg6ZTvyJ0PS0\/RImIv79eDtxwURuWaTzp0u6GF0tY0r+YgsRoAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269924034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269924034,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0tiRAADkGkFpoENEMwKgBgAG7vtZrVEBY0yuJ44AQAAhrHwAAAQEICkDPcriNuQXC"} -01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01155{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069114050266,"flow_dst_last_pkt_time":1491069114084923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":1434,"flow_dst_tot_l4_payload_len":1546,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"massarosa-1.speedtest.welcomeitalia.it"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069115874461,"flow_dst_last_pkt_time":1491069115908957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306712675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306712675,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,12 +47,12 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653306719019,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGuYlZYGyqwKgBgB+Qi\/ZNWoqZHmeg66AScSCZvQAAAgQFtAQCCApaPwmg5DYp\/AEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1679653306719028,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306719028,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0211AAEAG1zPAqAGAWWBsqov2H5AeZ6DrTVqKmoAQAfY3rQAAAQEICuQ2KgNaPwmg"} 01400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_usec":1679653306722610,"pkt":"ILAB4IZiPKn0qB\/sCABFAAKo215AAEAG1L7AqAGAWWBsqov2H5AeZ6DrTVqKmoAYAfbO\/gAAAQEICuQ2KgZaPwmgFgMBAm8BAAJrAwP259mDz8GEpoy1f+OzLC\/9thLG4EqdLGdZzXCGK9Q4uiBQNxCTYiOnTdmODfCjz\/77scOJabNQfOM8CXn\/Kv428AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAgAAAAAjACEAAB5zcGQtcHViLW1pLTAxLTAxLmZhc3R3ZWJuZXQuaXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCmIGoQSjFxbhP0oQ2mf3jldqLVT4IJ26DAHB\/y9dgXLwAXAEEE8z8E+HP3NhUI\/F3JutRCkkZAA38B+4XEE0qHvfJW\/ErxaU6ku0G019ynBdDwM0s6b8hWwbPTFIbOGQegCvJDQAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwB8AhNezxWqfHNqTai25upcAXujZ45XM67IJ06apg7LqGTJweebMuDRIw07Sj31fESMcFNp17AprOYwSXu+YS9IV7JhT9qQ4OZmstow1igpGfzEfe\/xOI8FkLjugMpGDY1pCU3HpxsD9EoT1P15QOhLf1dMPMUABrcy7YEdQeCwvbp2qZm8hgV1Lh+SnlNLe9mxhXktl5gH4Z6wg4QeX0rx2IRHvSjtKcrCLpyghx76lSgi1P+ZDn7AN\/VgIhiOzujGKo4YAISC+J4uYrIYL20ogu5h0JOx5bT1YAelSKoit\/6udwZ+98w=="} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306727552,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0gz1AADkGNlRZYGyqwKgBgB+Qi\/ZNWoqaHmejX4AQAO02NQAAAQEIClo\/CarkNioG"} -01451{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01410{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7078439 bytes -~~ total memory freed........: 7078439 bytes -~~ total allocations/frees...: 114343/114343 +~~ total memory allocated....: 7656103 bytes +~~ total memory freed........: 7656103 bytes +~~ total allocations/frees...: 126076/126076 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 1475 chars diff --git a/test/results/caches_global/teams.pcap.out b/test/results/caches_global/teams.pcap.out index a3f9c2c1c..dc0f5823e 100644 --- a/test/results/caches_global/teams.pcap.out +++ b/test/results/caches_global/teams.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -32,14 +32,14 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"} -01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00297{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249} 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"} 02311{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,16 +55,16 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"} -01582{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01535{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 02304{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485} @@ -77,9 +77,9 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01881{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -121,7 +121,7 @@ 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -130,17 +130,17 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -01141{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} +01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -150,17 +150,17 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"} -01549{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} +01505{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 01145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.113.194.132,ttl=104"]}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -168,9 +168,9 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"} -01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01593{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","domainame":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -183,15 +183,15 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"} -01882{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -208,7 +208,7 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"} @@ -219,9 +219,9 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"} -01490{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02215{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} @@ -233,16 +233,16 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01882{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} @@ -254,10 +254,10 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"} -02093{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} -02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +02052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} +02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -300,49 +300,49 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","domainame":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"} -01719{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01672{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01882{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"} -01882{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} -01770{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} -02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} +02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"} -01662{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01615{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -353,15 +353,15 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"} -01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} +01843{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -374,10 +374,10 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"} -01883{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} -02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01842{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -389,7 +389,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -401,7 +401,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"} 02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 02235{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} @@ -428,16 +428,16 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"} -01491{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01457{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -448,43 +448,43 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} -01003{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -01003{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} @@ -493,15 +493,15 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01463{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01419{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01463{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01419{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01864{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01823{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01864{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01823{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -512,40 +512,40 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="} -01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} -01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} -01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"159.145.24.130:64794"}}} +01092{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"159.145.24.130:64794","multimedia_flow_types":"Audio"}}} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} -01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"18.140.192.228:28678"}}} +01092{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"18.140.192.228:28678","multimedia_flow_types":"Audio"}}} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -554,9 +554,9 @@ 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="} 02340{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} @@ -570,7 +570,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -578,21 +578,21 @@ 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -02351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com"}} -01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} -00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01175{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01169{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01166{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} @@ -605,8 +605,8 @@ 01166{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 01175{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com"}} -01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00875{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com"}} @@ -616,7 +616,7 @@ 01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com"}} 01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com"}} @@ -632,8 +632,8 @@ 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net"}} -01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com"}} -01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net"}} @@ -643,29 +643,29 @@ 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01228{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01166{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01166{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01227{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01070{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} +01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -674,9 +674,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8345483 bytes -~~ total memory freed........: 8345483 bytes -~~ total allocations/frees...: 117024/117024 +~~ total memory allocated....: 8923253 bytes +~~ total memory freed........: 8923253 bytes +~~ total allocations/frees...: 128763/128763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 301 chars ~~ json message max len.......: 2507 chars diff --git a/test/results/caches_global/zoom_p2p.pcapng.out b/test/results/caches_global/zoom_p2p.pcapng.out index 839de97bf..783713706 100644 --- a/test/results/caches_global/zoom_p2p.pcapng.out +++ b/test/results/caches_global/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -16,10 +16,10 @@ 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892618882757,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633743872,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSEAAEARTXPAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633744357,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSIAAEARTXLAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842799,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM0AACoBQ7vO91fVwKgMnAMK8UwAAAAARQAASDkhAAAvEV5zwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.315078}} @@ -81,10 +81,10 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463041,"pkt":"CL6sCxduJjb1W8R1CABFAABInAUAAEARN2fAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463255,"pkt":"CL6sCxduJjb1W8R1CABFAABInAYAAEARN2bAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560468,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1oAACoB1gbO9wr9wKgMnAMKpHQAAAAARQAASJwFAAAvEUhnwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.318754}} @@ -131,7 +131,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6958358 bytes -~~ total memory freed........: 6958358 bytes -~~ total allocations/frees...: 115034/115034 +~~ total memory allocated....: 7535954 bytes +~~ total memory freed........: 7535954 bytes +~~ total allocations/frees...: 126765/126765 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 2332 chars diff --git a/test/results/default/1kxun.pcap.out b/test/results/default/1kxun.pcap.out index 6746f1f19..fa2b6a29d 100644 --- a/test/results/default/1kxun.pcap.out +++ b/test/results/default/1kxun.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -177,7 +177,7 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379520893,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104379520893,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1470104379579523,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} +00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1470104379579704,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379887477,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104379887477,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379903616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -238,9 +238,9 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381238763,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381238800,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381238800,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104381239406,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381240437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381240437,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"} -01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381626995,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381831288,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104381831288,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381895304,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -327,6 +327,7 @@ 01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} +01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390838554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390838554,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"} 01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00952{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390945416,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104390945416,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -366,7 +367,7 @@ 00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile","domainame":"nasfile"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610555,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} +00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393610744,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610744,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393611090,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393813792,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393813792,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} @@ -405,6 +406,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1470104399854544,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:88","identity":"4MNAT","version":"6.35.1 (stable)","software_id":"N538-G04U","board":"RB450G","uptime":2207654912}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104399958731,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -444,13 +446,15 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104402239704,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402239746,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402239746,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104402240297,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402241217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402241217,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"} -01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1470104402518151,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} +01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} +01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518736,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"thread_ts_usec":1470104402518736,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfUAAAQR9UfAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518845,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"thread_ts_usec":1470104402518845,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624102,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -473,6 +477,7 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1470104405589893,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104405589893,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClUIAAAAERsvXAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1470104405794164,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="} +01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:56:47:4F","identity":"IPv6Route","version":"6.35.4 (stable)","software_id":"VS1L-Q18R","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":101135872}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104406717230,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -541,9 +546,9 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414301595,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414301595,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414301849,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301849,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104414302554,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414303590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414303590,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"} -01576{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01535{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1470104414395988,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} 01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -598,9 +603,9 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104423247634,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1470104423247712,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423247712,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104423248266,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423249191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423249191,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"} -01576{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01535{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104403029956,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -686,10 +691,10 @@ 00785{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air"}} -01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01009{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01146{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":692,"global_ts_usec":1654385119050609} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1654385119050609} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01497{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -724,8 +729,7 @@ 01258{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104382084909,"flow_dst_last_pkt_time":1470104381881083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":3612,"flow_dst_tot_l4_payload_len":6271,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152"}} 01258{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":3,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380928909,"flow_dst_last_pkt_time":1470104380732533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com"}} -00987{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104433238541,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -739,10 +743,8 @@ 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00988{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104431294729,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} @@ -766,8 +768,7 @@ 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420540216,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sonusav"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -00987{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430476697,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} @@ -833,8 +834,8 @@ 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104394635803,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104422179603,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":650,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -849,8 +850,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00987{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402724346,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01243{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145"}} 01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144"}} @@ -967,7 +967,7 @@ 02872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01116{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1044,7 +1044,7 @@ 02251{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385147928387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":113644,"midstream":1,"thread_ts_usec":1654385147928387,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":96206.9,"max":899707,"stddev":188732.5,"var":35619966976.0,"ent":3.0,"data": [205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478]},"pktlen": {"min":337,"avg":3651.9,"max":18772,"stddev":4182.9,"var":17496908.0,"ent":4.3,"data": [566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1],"entropies": [5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1654385156800184,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01442{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832164,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} 02461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832624,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":4,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaMAAHsGmjWs2RJiwKgCfgBQrVDIz2yiXVm79oAYAQUqYQAAAQEICjsKomxlPCxhRGOWlBMPc8NAU6L0AwXb0xP1hbpNb5QnvHhi14QH7hpA5J0epCNAI3FD6VpnsrglBBzqahPzg4fcrfNXbgrfEbonfkeun55U+msWCvcE1LU7Yio2c8X7OQ+d5X4k+j0B5ep3RiVLjpfR4ocOAYEuhKUB4nGsBURKil10712buRM+PclvqoI1KAUsL0tsAmoUL6HFIPRQdutoJDJyRc5EVtem3kT4dzXrVQepXcBf9GZiP6CftumvxXxrNunGKz5t5cF84x9XP6Y\/7knp+i8Vn86u\/+pqUdKbDToayA7i7UI\/SNaAYv02Kc7c6Qw3+yNRFjGRREinrCl0ixySgNb2ie2qO0RX1shg3FFg0KncbzO5dzF3f5aX+V0m8x5m9vMy\/135ezrze8z8az7Krfvvmbo\/YPa\/VVp5uX\/cl0qZAvu0QInmj91Gdoi5sbbh67vw+xZ+9+D3Hfy+h18Ffj\/A79\/hdx9+sVp43IbHK3xee\/tO+fv1hn6YxlxuL+gQc4uonNQR5FsxNlvSJyv5KZYIIsInUFEXMhTdWeuUqK+b+9aJvfE8E90f0FNKD2D5s8eOM3r0zA31h\/OXpv7YgT\/FvzSOTR4ogVeQW\/z\/uhMsyRlkcqIEZJoe6l5iDcF7EL8zR0Cg6R8Jy2mIL6DHjMlk6u4PZyom6wbQAVo4N0vAs0AXRFVlkY8Vi15ZFvyuY6pGnRArOKwAfhZ3Qdh3sQY7cg+xF\/rHJZ4x5K3VXTfa5J3VNdq4iSZ2iY8It0ER86E4JLehjxJ+hFgc9+ZTd7Lpg0aiAZ9QlHiT+ZjEqx6RF6uL8BeIJ6URJ+lOZTbnmQIQ+efojFAB7f20ZDzZ7f0+KCc5FXx+ZQUDMs6WjsF0Sjgtb0u+PhE2g8zL5DjJygQcVSwGRWsTnTme2hTD0TuGevusrXFvANaijt4+uqsT6hXgRl4BlrluiEkGUb2LfK+d36QdkMnmDJYic6iNBnCWN4CXe+1Eg1w3OqW3ptNx1tep9oL9t9P9Rx6hO7z\/zr+z\/+ckMX3QlaxwR7EuZxZxsF+oy\/JXwrZpvue4xHdi7ghYb5klrfMNsBko3BfquxyDjbasUqLm9UfoBMRhtFHR0E5lXdWrjHQxtwGc+AiMZcAAsyKcQpDI6T7+FIAw9OgDLPg+aoXv3pVxtVtXarBW0d6+rT75795Vrzs+JvlrRg3Syk+9d+\/q150epPXW6kAe7CsP1EmzXwgKfqG36EPrPZiK6V1IPaBEN1zt0SZTd6Xc7setQ719Xi\/03+nQHEA1WDehZvTpIdivAmQlvFd97FWhB6pLpLTfjEARBgxa6G\/yDh9cXXcucT5li4nFNguBmmmSSHeZXr6Sewvfoek4scAoLP8RHjmw2vSx+ZXwLQzm7DIWYgU1f61K4grIJlTy6Ke8Hb4Me8PRHXQJIFKvrrhDe+QA8q6Q2Qq2hM4Pfa0jANBbUMyJGWCp0xGGD1tdN9CqaKvAKAL4qVfRS4b+Ym\/qVeaWs46+7S5nPJbq4lx7AGmtU6+umijlWaoH4F8rV0tPiCuajh+gpKUGb9\/W14xW+clH91X9G5HNRTjirzAVX6kMF\/tfKZtb2zu7e+8\/7B98PDw6Pvn0+fTs\/MvXi2\/fL4llg4DqB+FNrz8Yjsa\/JtPZ\/Pbu\/uF3yShXqrV6o9lSYrqB3ltKYcME5lrYgD\/rP036t0j\/KtdUzK+9sxN+kejgZhNY+SDox1VpnS\/UlcyRnKxkB35ZYKDu+9Ei\/orbEwAl+guAXOD+Ax1pymFWUJ\/YD1q3LCHe2pbuWGn51KIKp5XEkLDfd33Sp16AkyE8IB1y0feaWrm+MKc9hn+EyhcRaU1WtPUwc5lAtTINRvO+g6b7yPvPdVZgJQcrw9Fw3R2MZw8rkek="} @@ -1211,7 +1211,7 @@ 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":5,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1654385231918113,"pkt":"tKXvZygQnLbQ0+MzCABFAACf7FpAAEAGOy\/AqAJ+I5wsDaY6AFDzNbjrO3\/xc4AYAfUTYQAAAQEIChlnG+cPV8RmLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogZGUwMS5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1654385232006384,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01683{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01568{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} 01928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} @@ -1237,7 +1237,7 @@ 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1249,7 +1249,7 @@ 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":23,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385178226563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":24480,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":116776,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} -01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} @@ -1271,7 +1271,7 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385144960570,"flow_dst_last_pkt_time":1654385145144651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":753,"flow_dst_max_l4_payload_len":1654,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":5796,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1721,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":1721,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com"}} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} @@ -1300,18 +1300,18 @@ 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2427316 bytes -~~ total detected protocols..: 177 +~~ total detected protocols..: 182 ~~ total active/idle flows...: 197/197 -~~ total timeout flows.......: 20 +~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7508660 bytes -~~ total memory freed........: 7508660 bytes -~~ total allocations/frees...: 118823/118823 +~~ total memory allocated....: 8088565 bytes +~~ total memory freed........: 8088565 bytes +~~ total allocations/frees...: 130666/130666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 11852 chars diff --git a/test/results/default/443-chrome.pcap.out b/test/results/default/443-chrome.pcap.out index 03b7ddf37..88f1a61fd 100644 --- a/test/results/default/443-chrome.pcap.out +++ b/test/results/default/443-chrome.pcap.out @@ -1,10 +1,10 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109434258190} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109434258190} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1581109434258190,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} -01157{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1581109434258190} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1581109434258190} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909728 bytes -~~ total memory freed........: 6909728 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7487324 bytes +~~ total memory freed........: 7487324 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 620 chars ~~ json message max len.......: 2505 chars diff --git a/test/results/default/443-curl.pcap.out b/test/results/default/443-curl.pcap.out index 9980a9fd6..e44f5349f 100644 --- a/test/results/default/443-curl.pcap.out +++ b/test/results/default/443-curl.pcap.out @@ -1,17 +1,17 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113120474299} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113120474299} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113120474299,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113120474299,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113120512991,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1581113120513098,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581113120513098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1581113120522725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG\/0jAqAENsj7FgtjjAbvMd3aWj5LRfoAYECzDZwAAAQEICh5iReYlaAqTFgMBAgABAAH8AwM+OEHtzCD20OX3Fnq37pGoAMjvcMLWJMfHlDokAm2fvAAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABEADwAADHd3dy5udG9wLm9yZwALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAADgAMAmgyCGh0dHAvMS4xABUArgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113120522725,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113120522725,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120560634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581113120560634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0W75AADQGsY+yPsWCwKgBDQG72OOPktF+zHd4m4AQAfomFwAAAQEICiVoCsIeYkXm"} -01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120563403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1581113120563403,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01490{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120564527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581113120564527,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} -02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121447770,"flow_dst_last_pkt_time":1581113121447985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":10128,"midstream":0,"thread_ts_usec":1581113121447985,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62811.5,"max":784064,"stddev":190271.5,"var":36203257856.0,"ent":2.2,"data": [38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":558.7,"var":312115.0,"ent":3.8,"data": [64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1],"entropies": [4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":58,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121570392,"flow_dst_last_pkt_time":1581113121570364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":65886,"midstream":0,"thread_ts_usec":1581113121570392,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113121570392} +01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120563403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1581113120563403,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120564527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581113120564527,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121447770,"flow_dst_last_pkt_time":1581113121447985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":10128,"midstream":0,"thread_ts_usec":1581113121447985,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62811.5,"max":784064,"stddev":190271.5,"var":36203257856.0,"ent":2.2,"data": [38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":558.7,"var":312115.0,"ent":3.8,"data": [64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1],"entropies": [4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01011{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":58,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121570392,"flow_dst_last_pkt_time":1581113121570364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":65886,"midstream":0,"thread_ts_usec":1581113121570392,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113121570392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931367 bytes -~~ total memory freed........: 6931367 bytes -~~ total allocations/frees...: 114258/114258 +~~ total memory allocated....: 7508963 bytes +~~ total memory freed........: 7508963 bytes +~~ total allocations/frees...: 125989/125989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars -~~ json message max len.......: 2163 chars -~~ json message avg len.......: 1304 chars +~~ json message max len.......: 2170 chars +~~ json message avg len.......: 1306 chars diff --git a/test/results/default/443-firefox.pcap.out b/test/results/default/443-firefox.pcap.out index 69d0a292a..47c753de4 100644 --- a/test/results/default/443-firefox.pcap.out +++ b/test/results/default/443-firefox.pcap.out @@ -1,17 +1,17 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109488041083} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109488041083} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109488041083,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109488041083,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109488079587,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1581109488079695,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581109488079695,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1581109488081517,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG\/0jAqAENsj7Fgs9oAbstYO2peCoQ9IAYECxBgwAAAQEICh4r1YslMJ2OFgMBAgABAAH8AwOUa\/El1SC4SOV9CcN1r6cpW+siDNFHDg6B0Jx3puu2HCDuWUpvRGQcZEnGz5IHtl2G4czu+ssSIC6vfxuSOCPZ9QAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAABEADwAADHd3dy5udG9wLm9yZwAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgEe3v4+aZzjqvjKifwJvnUyAU75U99AdjBg2UClguoEsAFwBBBNOOVnM3\/ljW1RxVAgKlkC5JeOU5cpLYYiMFaZX\/Y\/IlsD8SBGEv68Zc7h4OxYI4cIk\/\/nVqycuiWb+\/FGG07XMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAJIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109488081517,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109488081517,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488119593,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581109488119593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HdRAADQG73myPsWCwKgBDQG7z2h4KhD0LWDvroAQAfoNXQAAAQEICiUwnbceK9WL"} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1581109488123692,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01556{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109488123785,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} -02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109490061876,"flow_dst_last_pkt_time":1581109490062194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":13867,"midstream":0,"thread_ts_usec":1581109490062194,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":130384.0,"max":1655693,"stddev":403949.6,"var":163175268352.0,"ent":2.0,"data": [38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243]},"pktlen": {"min":52,"avg":518.7,"max":1492,"stddev":610.4,"var":372566.0,"ent":4.0,"data": [64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016]},"bins": {"c_to_s": [11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01011{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":316,"flow_dst_packets_processed":351,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109496480905,"flow_dst_last_pkt_time":1581109496480819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7675,"flow_dst_tot_l4_payload_len":406398,"midstream":0,"thread_ts_usec":1581109496480905,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":667,"packets-processed":667,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109496480905} +01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1581109488123692,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"3653a20186a5b490426131a611e01992","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01522{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109488123785,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3s":"3653a20186a5b490426131a611e01992","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} +02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109490061876,"flow_dst_last_pkt_time":1581109490062194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":13867,"midstream":0,"thread_ts_usec":1581109490062194,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":130384.0,"max":1655693,"stddev":403949.6,"var":163175268352.0,"ent":2.0,"data": [38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243]},"pktlen": {"min":52,"avg":518.7,"max":1492,"stddev":610.4,"var":372566.0,"ent":4.0,"data": [64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016]},"bins": {"c_to_s": [11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01018{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":316,"flow_dst_packets_processed":351,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109496480905,"flow_dst_last_pkt_time":1581109496480819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7675,"flow_dst_tot_l4_payload_len":406398,"midstream":0,"thread_ts_usec":1581109496480905,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":667,"packets-processed":667,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109496480905} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 667/667 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6971715 bytes -~~ total memory freed........: 6971715 bytes -~~ total allocations/frees...: 114820/114820 +~~ total memory allocated....: 7549311 bytes +~~ total memory freed........: 7549311 bytes +~~ total allocations/frees...: 126551/126551 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars -~~ json message max len.......: 2178 chars -~~ json message avg len.......: 1315 chars +~~ json message max len.......: 2185 chars +~~ json message avg len.......: 1317 chars diff --git a/test/results/default/443-git.pcap.out b/test/results/default/443-git.pcap.out index 15390bfc8..e229cfb55 100644 --- a/test/results/default/443-git.pcap.out +++ b/test/results/default/443-git.pcap.out @@ -1,17 +1,17 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113657633853} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581113657633853} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113657633853,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113657633853,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113657744320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1581113657744421,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581113657744421,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1581113657751016,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGeLPAqAENjFJyBNnAAbv0\/p6AgM3QzYAYECpqTgAAAQEICh5qXDMOCxAaFgMBAgABAAH8AwNQWUIaokrsiL8XEswp8oDn8SQNNiEML8bEosBTihcRygAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAAA8ADQAACmdpdGh1Yi5jb20ACwAEAwABAgAKADoAOAAOAA0AGQAcAAsADAAbABgACQAKABoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA0AJgAkBgEGAgYD7+8FAQUCBQMEAQQCBAPu7u3tAwEDAgMDAgECAgIDM3QAAAAQAAsACQhodHRwLzEuMQAVALMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113657751016,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113657751016,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"thread_ts_usec":1581113657863699,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXEwPpAADIGwi2MUnIEwKgBDQG72cCAzdDN9P6ghYAQAB10xQAAAQEICg4LEDgealwzFgMDAGwCAABoAwPki9jhPmCkj6agnB13yqVRrfsdioC9VcxET1dOR1JEASDxGH7q5wCfHu4g3J9YnEevlg7HfliESOuB6g4QuH+MBcAvAAAg\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMMDQsADAkADAYAB0YwggdCMIIGKqADAgECAhAKBjBCf1u87WlXOWWTtkUfMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNDAyBgNVBAMTK0RpZ2lDZXJ0IFNIQTIgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EwHhcNMTgwNTA4MDAwMDAwWhcNMjAwNjAzMTIwMDAwWjCBxzEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxEDAOBgNVBAUTBzUxNTc1NTAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdpdGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPKryPJcMOsFPKK1ycH3Tzrm1YHOkdJuKd0b9ephCTMUwGVeaqTML4V1NEFjKd5nDk\/P5dZC8v7vglbouxY1zYQXTEISos4m4L3OM8Cpuvu6ug0uCEbFh\/Xdh2psbmiP\/jH6iAQbd0X9TlgjBWvrnwMrIRIxXp6hhX2YNV9O4lqy2SpzB6uj7lkAp9hUwtQSwzAW2hMMkWZV\/omWQ5bCzGnVZxD8xFArVzKo6hQVSBjKWB2HfJ4IM94XbYDHwCVDFtxoj4bB9AvUUHsnL6H4qMwT2UT9SmBXpC3ZHXE1Ka8UIFa740Vfp6nAU\/8lFuQx8vPRt5gVS+YyAu3BWkQ9LAgMBAAGjggN5MIIDdTAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUycJTYWadX6sl9CbNDziaqEnqSKkwJQYDVR0RBB4wHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABY0FibQoAAAQDAEcwRQIhANFmnfxxNaxYfYZ0Gl7+49M="} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1581113657863699,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01605{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3550,"midstream":0,"thread_ts_usec":1581113657863749,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1581113657863699,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01564{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3550,"midstream":0,"thread_ts_usec":1581113657863749,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","domainame":"github.com","tls": {"version":"TLSv1.2","server_names":"github.com,www.github.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84","blocks":0}}} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658139408,"flow_dst_last_pkt_time":1581113658139371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":850,"flow_dst_tot_l4_payload_len":8277,"midstream":0,"thread_ts_usec":1581113658139408,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32615.3,"max":143502,"stddev":53225.8,"var":2832981760.0,"ent":3.2,"data": [110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227]},"pktlen": {"min":52,"avg":337.8,"max":1476,"stddev":464.4,"var":215710.4,"ent":4.0,"data": [64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52]},"bins": {"c_to_s": [14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0],"entropies": [4.341937065,5.174957275,4.831954479,4.223120689,6.954095364,7.397567272,7.645401001,5.014835358,4.976373672,6.355282307,5.929066658,4.937911987,6.952417850,7.419026852,6.223026752,4.937911987,4.976373672,5.637029648,7.370140076,5.726850986,4.937911987,4.937911987,4.899450302,6.443542957,4.976373672,7.866954327,7.624365330,5.014835358,5.014835358,7.857865334,7.532955170,5.014835358]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":35,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658456571,"flow_dst_last_pkt_time":1581113658456501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":881,"flow_dst_tot_l4_payload_len":31704,"midstream":0,"thread_ts_usec":1581113658456571,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113658456571} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581113658456571} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929186 bytes -~~ total memory freed........: 6929186 bytes -~~ total allocations/frees...: 114220/114220 +~~ total memory allocated....: 7506782 bytes +~~ total memory freed........: 7506782 bytes +~~ total allocations/frees...: 125951/125951 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2459 chars diff --git a/test/results/default/443-opvn.pcap.out b/test/results/default/443-opvn.pcap.out index 504326950..2676d0f0c 100644 --- a/test/results/default/443-opvn.pcap.out +++ b/test/results/default/443-opvn.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581153175528454} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581153175528454} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581153175528454,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581153175528454,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175550065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581153175550065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} @@ -9,7 +9,7 @@ 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153176603974,"flow_dst_last_pkt_time":1581153176626109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1581153176626109,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153177970762,"flow_dst_last_pkt_time":1581153177992252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3449,"flow_dst_tot_l4_payload_len":3196,"midstream":0,"thread_ts_usec":1581153177992252,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":158261.5,"max":1160659,"stddev":364282.7,"var":132701855744.0,"ent":2.7,"data": [21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313]},"pktlen": {"min":52,"avg":260.3,"max":1492,"stddev":407.4,"var":166005.6,"ent":3.8,"data": [64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104]},"bins": {"c_to_s": [7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1],"entropies": [4.398337364,5.141623974,4.810735226,5.491009712,5.116507530,5.561252594,4.971283913,5.772772789,5.078045845,6.141608238,5.116507530,6.862905025,4.887658596,7.272125721,5.704599857,5.040360451,5.785276413,6.812845707,7.438625336,5.154969215,5.830996513,4.908878326,6.252464294,5.009745598,7.575043678,7.235865593,4.971283913,5.734311104,5.063528538,6.235281944,5.217375278,5.826463223]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":21,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153184491293,"flow_dst_last_pkt_time":1581153184491180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3974,"flow_dst_tot_l4_payload_len":4543,"midstream":0,"thread_ts_usec":1581153184491293,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1581153184491293} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1581153184491293} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911019 bytes -~~ total memory freed........: 6911019 bytes -~~ total allocations/frees...: 114185/114185 +~~ total memory allocated....: 7488615 bytes +~~ total memory freed........: 7488615 bytes +~~ total allocations/frees...: 125916/125916 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2200 chars diff --git a/test/results/default/443-safari.pcap.out b/test/results/default/443-safari.pcap.out index 17f1e618e..9f0862df1 100644 --- a/test/results/default/443-safari.pcap.out +++ b/test/results/default/443-safari.pcap.out @@ -1,17 +1,17 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109359601646} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1581109359601646} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109359601646,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109359601646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109359639845,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1581109359639949,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581109359639949,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1581109359641072,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEdAABAAEAGAGXAqAENsj7Fgs8nAbvmgoUOqpsjGIAYECyk0wAAAQEICh4p6N8lLqfYFgMBAOQBAADgAwO3U9SDw6dmF9tIkvK4s2zLvIzeuLe65SzRlAWXQjKSvgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACP\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109359641072,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109359641072,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359679612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1581109359679612,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Q1tAADQGyfKyPsWCwKgBDQG7zyeqmyMY5oKF94AQAfxcAwAAAQEICiUup\/8eKejf"} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1581109359683686,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109359683783,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} -02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360694080,"flow_dst_last_pkt_time":1581109360694172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":9828,"midstream":0,"thread_ts_usec":1581109360694172,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":70482.6,"max":695650,"stddev":174729.3,"var":30530334720.0,"ent":2.6,"data": [38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":559.6,"var":313139.8,"ent":3.8,"data": [64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492]},"bins": {"c_to_s": [11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360696066,"flow_dst_last_pkt_time":1581109360695416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":16406,"midstream":0,"thread_ts_usec":1581109360696066,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109360696066} +01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1581109359683686,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"f9fcb52580329fb6a9b61d7542087b90","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01500{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109359683783,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3s":"f9fcb52580329fb6a9b61d7542087b90","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F","blocks":0}}} +02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360694080,"flow_dst_last_pkt_time":1581109360694172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":9828,"midstream":0,"thread_ts_usec":1581109360694172,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":70482.6,"max":695650,"stddev":174729.3,"var":30530334720.0,"ent":2.6,"data": [38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":559.6,"var":313139.8,"ent":3.8,"data": [64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492]},"bins": {"c_to_s": [11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360696066,"flow_dst_last_pkt_time":1581109360695416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":16406,"midstream":0,"thread_ts_usec":1581109360696066,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1581109360696066} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928676 bytes -~~ total memory freed........: 6928676 bytes -~~ total allocations/frees...: 114190/114190 +~~ total memory allocated....: 7506272 bytes +~~ total memory freed........: 7506272 bytes +~~ total allocations/frees...: 125921/125921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars -~~ json message max len.......: 2160 chars -~~ json message avg len.......: 1305 chars +~~ json message max len.......: 2167 chars +~~ json message avg len.......: 1306 chars diff --git a/test/results/default/4in4tunnel.pcap.out b/test/results/default/4in4tunnel.pcap.out index 8babf27cd..c0ff1192d 100644 --- a/test/results/default/4in4tunnel.pcap.out +++ b/test/results/default/4in4tunnel.pcap.out @@ -1,20 +1,20 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1537044271794779} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1537044271794779} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537044271794779,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537044271794779} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1537058551803081} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1537058551803081} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537058551803081,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537058551803081} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1537082929816392} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1537082929816392} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537082929816392,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537082929816392} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1537138237839574} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1537138237839574} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537138237839574,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537138237839574} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1537165843864842} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1537165843864842} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537165843864842,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537165843864842} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1537165843864842} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1537165843864842} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/0 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 303 chars ~~ json message max len.......: 844 chars diff --git a/test/results/default/4in6tunnel.pcap.out b/test/results/default/4in6tunnel.pcap.out index 2425a62a5..6fc23710a 100644 --- a/test/results/default/4in6tunnel.pcap.out +++ b/test/results/default/4in6tunnel.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1543235434019243} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1543235434019243} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_usec":1543235434019243,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,7 +7,7 @@ 00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019246,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_usec":1543235434019247,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"thread_ts_usec":1543235434019248,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":1464,"midstream":0,"thread_ts_usec":1543235434019248,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1543235434019248} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1543235434019248} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907729 bytes -~~ total memory freed........: 6907729 bytes -~~ total allocations/frees...: 114141/114141 +~~ total memory allocated....: 7485325 bytes +~~ total memory freed........: 7485325 bytes +~~ total allocations/frees...: 125872/125872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 620 chars ~~ json message max len.......: 2494 chars diff --git a/test/results/default/6in4tunnel.pcap.out b/test/results/default/6in4tunnel.pcap.out index 215fde3ab..30cda3180 100644 --- a/test/results/default/6in4tunnel.pcap.out +++ b/test/results/default/6in4tunnel.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444236893450580} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444236893450580} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444236893450580,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893450580,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893555356,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893555356,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} @@ -9,7 +9,7 @@ 02015{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":494998.2,"max":1005120,"stddev":454962.0,"var":206990442496.0,"ent":4.2,"data": [104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539]},"pktlen": {"min":92,"avg":236.4,"max":1897,"stddev":383.0,"var":146712.7,"ent":4.1,"data": [124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145]},"bins": {"c_to_s": [0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0],"entropies": [5.680680275,5.741242886,5.591180325,5.686768055,5.741242886,5.686768055,5.741242886,5.664551258,5.741242886,5.729067326,5.773500919,5.648445129,5.741242886,5.664551258,5.725113869,5.680680275,5.735155106,4.719979763,4.710355759,4.773607731,4.870984077,5.180728912,5.772128105,5.515571117,5.818006039,5.609004974,6.932967663,6.965810776,5.515571117,5.514929771,6.708754063,6.001224995]}} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00882{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":61,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236915478638,"flow_dst_last_pkt_time":1444236915586195,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1470,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":11600,"flow_dst_tot_l4_payload_len":24375,"midstream":0,"thread_ts_usec":1444236915586195,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444236915586195} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444236915586195} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911296 bytes -~~ total memory freed........: 6911296 bytes -~~ total allocations/frees...: 114264/114264 +~~ total memory allocated....: 7488892 bytes +~~ total memory freed........: 7488892 bytes +~~ total allocations/frees...: 125995/125995 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 620 chars ~~ json message max len.......: 2020 chars diff --git a/test/results/default/6in6tunnel.pcap.out b/test/results/default/6in6tunnel.pcap.out index e965d76e3..e76365e7c 100644 --- a/test/results/default/6in6tunnel.pcap.out +++ b/test/results/default/6in6tunnel.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1335197872162188} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1335197872162188} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872162188,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1335197872162188,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="} 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} @@ -8,7 +8,7 @@ 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00951{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1335197872164220} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1335197872164220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910051 bytes -~~ total memory freed........: 6910051 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487647 bytes +~~ total memory freed........: 7487647 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 998 chars diff --git a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out index d5dbcd006..670e399fa 100644 --- a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1445156939131847} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1445156939131847} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939131847,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939131847,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939145123,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} @@ -8,7 +8,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939152099,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939165354,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_usec":1445156939165354,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156989230918,"flow_dst_last_pkt_time":1445156988877283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":269,"midstream":0,"thread_ts_usec":1445156989230918,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1445156989230918} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1445156989230918} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908043 bytes -~~ total memory freed........: 6908043 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7485639 bytes +~~ total memory freed........: 7485639 bytes +~~ total allocations/frees...: 125883/125883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 980 chars diff --git a/test/results/default/BGP_redist.pcap.out b/test/results/default/BGP_redist.pcap.out index 0703ca5fb..3c1038d7a 100644 --- a/test/results/default/BGP_redist.pcap.out +++ b/test/results/default/BGP_redist.pcap.out @@ -1,12 +1,12 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256636836167156} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256636836167156} 00296{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1256636836167156,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_usec":1256636836167156} 00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","pkt_datalink":104,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_usec":1256636836167156,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"pkt_datalink":104,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_usec":1256636836167195,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1256636836167195} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1256636836167195} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/1 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 301 chars ~~ json message max len.......: 965 chars diff --git a/test/results/default/EAQ.pcap.out b/test/results/default/EAQ.pcap.out index 5be8ef9d2..460fe1c92 100644 --- a/test/results/default/EAQ.pcap.out +++ b/test/results/default/EAQ.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820948562939} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820948562939} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820948562939,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820948562939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820948562939,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948566510,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948566510,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} @@ -12,7 +12,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1432820948836590,"flow_dst_last_pkt_time":1432820948837811,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948837811,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1432820948844861,"flow_dst_last_pkt_time":1432820948837811,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948844861,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1432820948845685,"flow_dst_last_pkt_time":1432820948837811,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_usec":1432820948845685,"pkt":"ABoRAAACABoRAAABCABFAACzDwpAAEAG\/FcKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AYOQjjRAAAR0VUIC8\/Z2ZlX3JkPWNyJmVpPTFCeG5WY1A5T0tLazh3ZTUwb0RBQWcgSFRUUC8xLjENClVzZXItQWdlbnQ6IHRlc3QNCkNvbm5lY3Rpb246IGNsb3NlDQpIb3N0OiB3d3cuZ29vZ2xlLmNvbS5icg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820948836590,"flow_src_last_pkt_time":1432820948845685,"flow_dst_last_pkt_time":1432820948837811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820948845685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com.br","domainame":"www.google.com.br","http": {"url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432820948836590,"flow_src_last_pkt_time":1432820948845685,"flow_dst_last_pkt_time":1432820948837811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820948845685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com.br","domainame":"www.google.com.br","http": {"url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1432820948845685,"flow_dst_last_pkt_time":1432820948845959,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948845959,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGO+atwncYCggAAQBQnhOoUgNDV639SVAQ\/\/\/iAAAA"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820949586102,"flow_src_last_pkt_time":1432820949586102,"flow_dst_last_pkt_time":1432820949586102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820949586102,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1432820949586102,"flow_dst_last_pkt_time":1432820949586102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1432820949586102,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="} @@ -258,7 +258,7 @@ 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820953931775,"flow_src_last_pkt_time":1432821040151349,"flow_dst_last_pkt_time":1432820953931775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820968101514,"flow_src_last_pkt_time":1432821032791363,"flow_dst_last_pkt_time":1432820968101514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820969101269,"flow_src_last_pkt_time":1432821033791394,"flow_dst_last_pkt_time":1432820969101269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1432820948836590,"flow_src_last_pkt_time":1432820949347729,"flow_dst_last_pkt_time":1432820949347577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":2764,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":9674,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com.br"}} +01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1432820948836590,"flow_src_last_pkt_time":1432820949347729,"flow_dst_last_pkt_time":1432820949347577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":2764,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":9674,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com.br"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820950935254,"flow_src_last_pkt_time":1432821037152539,"flow_dst_last_pkt_time":1432820950935254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820962101819,"flow_src_last_pkt_time":1432821025791394,"flow_dst_last_pkt_time":1432820962101819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820967101727,"flow_src_last_pkt_time":1432821031791424,"flow_dst_last_pkt_time":1432820967101727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -266,7 +266,7 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1432820958981671,"flow_src_last_pkt_time":1432821045551404,"flow_dst_last_pkt_time":1432821045604962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820951932141,"flow_src_last_pkt_time":1432821038152539,"flow_dst_last_pkt_time":1432820951932141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111371,"flow_src_last_pkt_time":1432821034791791,"flow_dst_last_pkt_time":1432820970111371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":197,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1432821045664868} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":197,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1432821045664868} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 197/197 ~~ skipped flows.............: 0 @@ -275,10 +275,10 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6985012 bytes -~~ total memory freed........: 6985012 bytes -~~ total allocations/frees...: 114680/114680 +~~ total memory allocated....: 7562612 bytes +~~ total memory freed........: 7562612 bytes +~~ total allocations/frees...: 126412/126412 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars -~~ json message max len.......: 1338 chars -~~ json message avg len.......: 931 chars +~~ json message max len.......: 1238 chars +~~ json message avg len.......: 881 chars diff --git a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 87cd5d6cc..a40501125 100644 --- a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,5 +1,5 @@ -00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1228468937630923} +00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1228468937630923} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1228468937630923,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq5AAEARunwKIygWChcBKguAC4AANST+IS8xIDxpTVNTPgpUPTU1NTI4MjcxM3tDPS17QVY9RFMvMS81e0FUe019fX19"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","proto_id":"181","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -9,15 +9,15 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1228468942000790,"flow_dst_last_pkt_time":1228468937633649,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1228468942000790,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQrBAAEARunoKIygWChcBKguAC4AANST7IS8xIDxpTVNTPgpUPTU1NTI4MjcxNXtDPS17QVY9RFMvMS82e0FUe019fX19"} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468958651179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":877,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":877,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958651179,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468958651179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_usec":1228468958651179,"pkt":"AAglAXLqABEKVkXQCABFAAOJs6ZAAEAR9ssKIzxICiM8ZBPEE8QDdRkjSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468958651179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":877,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":877,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958651179,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468958651179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":877,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":877,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958651179,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=00e9d478","to":""}}} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228468958651923,"flow_dst_last_pkt_time":1228468958651923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":877,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":877,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958651923,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1228468958651923,"flow_dst_last_pkt_time":1228468958651923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_usec":1228468958651923,"pkt":"ABEKVkXRAAFbASs3CABFAAOJP55AAEARkp8KIygZCiMoyBPEE8QDdUDuSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228468958651923,"flow_dst_last_pkt_time":1228468958651923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":877,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":877,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958651923,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228468958651923,"flow_dst_last_pkt_time":1228468958651923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":877,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":877,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958651923,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=00e9d478","to":""}}} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468958652245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1228468958652245,"pkt":"ABEKVkXQAAglAXLqCABFAAEiAABAAIARbNkKIzxkCiM8SBPEE8QBDiJNU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="} 01704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1228468958653352,"flow_dst_last_pkt_time":1228468958651923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_usec":1228468958653352,"pkt":"ABEKVkXRAAFbASs3CABFAAOJP55AAEARkp8KIygZCiMoyBPEE8QDdUDuSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468958657176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":884,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":884,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958657176,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468958657176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_usec":1228468958657176,"pkt":"AAAMB6ypAAglAXLkCABFAAOQAABAAIARne+KhKllwKhk2xPEE8QDfOJtSU5WSVRFIHNpcDowNjE5NjMxNzdAMTkyLjE2OC4xMDAuMjE5OjUwNjAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMzguMTMyLjE2OS4xMDE6NTA2MDticmFuY2g9ejloRzRiS2Z2MmY0MDEwNzg3aDNhOHExMjgwLjENClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+DQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpDYWxsLUlEOiBTRDQ5MDk3MDEtOWZmMTFiZjcyZWI0YTM0N2M5Mjk3NGQ4ZmJiYzI2NjgtYW84bzNpMQ0KQ1NlcTogMSBJTlZJVEUNCk1heC1Gb3J3YXJkczogNjkNCkNvbnRhY3Q6IDxzaXA6dW5hdmFpbGFibGVAMTM4LjEzMi4xNjkuMTAxOjUwNjA7dHJhbnNwb3J0PXVkcD4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjUwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMzguMTMyLjE2OS4xMDENCnM9SU1TUw0KYz1JTiBJUDQgMTM4LjEzMi4xNjkuMTAxDQp0PTAgMA0KbT1hdWRpbyAxNTU4MCBSVFAvQVZQIDggMTAzIDEwMg0KYT1ydHBtYXA6MTAzIEc3MjYtMzIvODAwMA0KYT1wdGltZTozMA0KYT1ydHBtYXA6MTAyIHRlbGVwaG9uZS1ldmVudC84MDAwLzENCmE9Zm10cDoxMDIgMC0xNQ0KYT1zcW46MA0KYT1jZHNjOjEgaW1hZ2UgdWRwdGwgdDM4DQo="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468958657176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":884,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":884,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958657176,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468958657176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":884,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":884,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468958657176,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=SD4909701-00e9d478","to":""}}} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1228468958653352,"flow_dst_last_pkt_time":1228468958657898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1228468958657898,"pkt":"AAFbASs3ABEKVkXRCABFAAEild5AAEARPsYKIyjICiMoGRPEE8QBDkoYU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1228468958653352,"flow_dst_last_pkt_time":1228468958658161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1228468958658161,"pkt":"AAFbASs3ABEKVkXRCABFAAEild5AAEARPsYKIyjICiMoGRPEE8QBDkoYU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="} 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468958718407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1228468958718407,"pkt":"AAglAXLkABZGR+C\/CABFuAFFHeUAAD0RBJ7AqGTbioSpZRPEE8QBMRfZU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiBTRDQ5MDk3MDEtOWZmMTFiZjcyZWI0YTM0N2M5Mjk3NGQ4ZmJiYzI2NjgtYW84bzNpMQ0KQ29udGVudC1MZW5ndGg6IDANCkNTZXE6IDEgSU5WSVRFDQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPg0KVmlhOiBTSVAvMi4wL1VEUCAxMzguMTMyLjE2OS4xMDE6NTA2MDticmFuY2g9ejloRzRiS2Z2MmY0MDEwNzg3aDNhOHExMjgwLjENCg0K"} @@ -29,7 +29,7 @@ 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1228468965434208,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965434208,"pkt":"ABgYesP\/AAglAXLqCABFuADIHecAAD0RDLUKIzxkChcBNDzcQXQAtEC7gAgAAGfPFaAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1228468965455031,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965455031,"pkt":"ABgYesP\/AAglAXLqCABFuADIHegAAD0RDLQKIzxkChcBNDzcQXQAtEAagAgAAWfPFkAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1228468965474173,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965474173,"pkt":"ABgYesP\/AAglAXLqCABFuADIHekAAD0RDLMKIzxkChcBNDzcQXQAtD95gAgAAmfPFuAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434208,"flow_src_last_pkt_time":1228468965474173,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468965474173,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434208,"flow_src_last_pkt_time":1228468965474173,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468965474173,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468965488757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":811,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":811,"pkt_l4_len":777,"thread_ts_usec":1228468965488757,"pkt":"AAglAXLkABZGR+C\/CABFuAMdHeoAAD0RAsHAqGTbioSpZRPEE8QDCWBVU0lQLzIuMCAyMDAgT0sNCkFsbG93OiBJTlZJVEUsQUNLLE9QVElPTlMsQllFLENBTkNFTCxJTkZPLFJFRkVSLE5PVElGWSxVUERBVEUNCkNhbGwtSUQ6IFNENDkwOTcwMS05ZmYxMWJmNzJlYjRhMzQ3YzkyOTc0ZDhmYmJjMjY2OC1hbzhvM2kxDQpDb250YWN0OiA8c2lwOjA2MTk2MzE3N0AxOTIuMTY4LjEwMC4yMTk6NTA2MD4NCkNvbnRlbnQtTGVuZ3RoOiAyMTINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDU2VxOiAxIElOVklURQ0KRnJvbTogPHNpcDp1bmF2YWlsYWJsZUBob3N0cG9ydGlvbj47dGFnPVNENDkwOTcwMS0wMGU5ZDQ3OA0KTWluLVNFOiA5MA0KU2VydmVyOiBBcmNvci9BcmNvci0xLjAyLjAwNXQyDQpTdXBwb3J0ZWQ6IHJlcGxhY2VzLHRpbWVyDQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPjt0YWc9NjE3MjYzNjE2NDc5NjE2RS0zMzE3MTU1MjAtNTMzNmY3ODUtMTg3NDEwMjA1DQpWaWE6IFNJUC8yLjAvVURQIDEzOC4xMzIuMTY5LjEwMTo1MDYwO2JyYW5jaD16OWhHNGJLZnYyZjQwMTA3ODdoM2E4cTEyODAuMQ0KDQp2PTANCm89LSA3NTQ1ODA0MjMgMSBJTiBJUDQgMTkyLjE2OC4xMDAuMjE5DQpzPS0NCmM9SU4gSVA0IDE5Mi4xNjguMTAwLjIxOQ0KdD0wIDANCm09YXVkaW8gNTAwMiBSVFAvQVZQIDggMTAyDQphPXJ0cG1hcDo4IFBDTUEvODAwMA0KYT1ydHBtYXA6MTAyIHRlbGVwaG9uZS1ldmVudC84MDAwDQphPWZtdHA6MTAyIDAtMTUsMzINCmE9cHRpbWU6MjANCmE9c2VuZHJlY3YNCg=="} 01576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468965492834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":825,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":825,"pkt_l4_len":791,"thread_ts_usec":1228468965492834,"pkt":"ABEKVkXQAAglAXLqCABFAAMrAABAAIARatAKIzxkCiM8SBPEE8QDF31BU0lQLzIuMCAyMDAgT0sNClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPjt0YWc9U0Q0OTA5Nzk5LTYxNzI2MzYxNjQ3OTYxNkUtMzMxNzE1NTIwLTUzMzZmNzg1LTE4NzQxMDIwNQ0KRnJvbTogPHNpcDp1bmF2YWlsYWJsZUBob3N0cG9ydGlvbj47dGFnPTAwZTlkNDc4DQpDYWxsLUlEOiAwMGU5ZDRhNTAwZTlkNDgtMDAxNS0wMDAxLTAwMDAtMDAwMEAxMC4zNS40MC4yNQ0KQ1NlcTogMSBJTlZJVEUNCkFsbG93OiBJTlZJVEUsQUNLLE9QVElPTlMsQllFLENBTkNFTCxJTkZPLFJFRkVSLE5PVElGWSxVUERBVEUNCkNvbnRhY3Q6IDxzaXA6MDYxOTYzMTc3LWlraHV1ZXA1YmkxMjNAMTAuMzUuNjAuMTAwOjUwNjA7dHJhbnNwb3J0PXVkcD4NCkNvbnRlbnQtTGVuZ3RoOiAyMDcNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpNaW4tU0U6IDkwDQpTZXJ2ZXI6IEFyY29yL0FyY29yLTEuMDIuMDA1dDINClN1cHBvcnRlZDogcmVwbGFjZXMsdGltZXINCg0Kdj0wDQpvPS0gNzU0NTgwNDIzIDEgSU4gSVA0IDEwLjM1LjYwLjEwMA0Kcz0tDQpjPUlOIElQNCAxMC4zNS42MC4xMDANCnQ9MCAwDQptPWF1ZGlvIDE1NTgwIFJUUC9BVlAgOCAxMDINCmE9cnRwbWFwOjggUENNQS84MDAwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDANCmE9Zm10cDoxMDIgMC0xNSwzMg0KYT1wdGltZToyMA0KYT1zZW5kcmVjdg0K"} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1228468965513703,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965513703,"pkt":"ABgYesP\/AAglAXLqCABFuADIHesAAD0RDLEKIzxkChcBNDzcQXQAtD7YgAgAA2fPF4AOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} @@ -49,7 +49,7 @@ 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228469042380433,"flow_dst_last_pkt_time":1228469042442455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":833,"flow_src_tot_l4_payload_len":6036,"flow_dst_tot_l4_payload_len":6141,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228469042381601,"flow_dst_last_pkt_time":1228469042445270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":12330,"flow_dst_tot_l4_payload_len":12210,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228469042379188,"flow_dst_last_pkt_time":1228469042444514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":6165,"flow_dst_tot_l4_payload_len":6105,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1552,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1228469046884194} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1552,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1228469046884194} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1552/1552 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6962394 bytes -~~ total memory freed........: 6962394 bytes -~~ total allocations/frees...: 115739/115739 +~~ total memory allocated....: 7539990 bytes +~~ total memory freed........: 7539990 bytes +~~ total allocations/frees...: 127470/127470 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2232 chars diff --git a/test/results/default/IEC104.pcap.out b/test/results/default/IEC104.pcap.out index 77fb97807..3220e7c75 100644 --- a/test/results/default/IEC104.pcap.out +++ b/test/results/default/IEC104.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317629088495135} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317629088495135} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088495135,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1317629088495135,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088520615,"flow_dst_last_pkt_time":1317629088520615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088520615,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -14,7 +14,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1317629089467434,"flow_dst_last_pkt_time":1317629089666296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1317629089666296,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoK+dAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7mFAQAP5RXAAA"} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629090498077,"flow_dst_last_pkt_time":1317629090496349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088536185,"flow_dst_last_pkt_time":1317629088739193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1317629090498077} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1317629090498077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910428 bytes -~~ total memory freed........: 6910428 bytes -~~ total allocations/frees...: 114163/114163 +~~ total memory allocated....: 7488024 bytes +~~ total memory freed........: 7488024 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1103 chars diff --git a/test/results/default/KakaoTalk_chat.pcap.out b/test/results/default/KakaoTalk_chat.pcap.out index c88df8cb9..88d3bb693 100644 --- a/test/results/default/KakaoTalk_chat.pcap.out +++ b/test/results/default/KakaoTalk_chat.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069021959113} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069021959113} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069021959113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="} 01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"auth.kakao.com","domainame":"auth.kakao.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -78,7 +78,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1430069027366126,"flow_dst_last_pkt_time":1430069027408118,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069027408118,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1430069027415442,"flow_dst_last_pkt_time":1430069027408118,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069027415442,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmuEAAPwbpRAoYUryt\/GECiq8Bu\/wa79FgIqtGUBA5CIc5AAA="} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1430069027422126,"flow_dst_last_pkt_time":1430069027408118,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"thread_ts_usec":1430069027422126,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmuUAAPwboiwoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069027422126,"flow_dst_last_pkt_time":1430069027408118,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069027422126,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069027422126,"flow_dst_last_pkt_time":1430069027408118,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069027422126,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075659,"flow_src_last_pkt_time":1430069028075659,"flow_dst_last_pkt_time":1430069028075659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069028075659,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1430069028075659,"flow_dst_last_pkt_time":1430069028075659,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069028075659,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030083014,"flow_src_last_pkt_time":1430069030083014,"flow_dst_last_pkt_time":1430069030083014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030083014,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} @@ -99,10 +99,10 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1430069030121588,"flow_dst_last_pkt_time":1430069030159674,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069030159674,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1430069030162268,"flow_dst_last_pkt_time":1430069030159674,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069030162268,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1430069030171973,"flow_dst_last_pkt_time":1430069030159674,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":272,"pkt_l4_len":236,"thread_ts_usec":1430069030171973,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAQArf0AAPwbwLQoYUrzSZ\/APk70Bu6\/qIaRguq0MUBg5CN2\/AAAWAwEA0wEAAM8DAVU9HyfJAvY\/iCLGWBYFY6M34NB+ZLfXCieB9l4jqbmhICKG\/HsNhwdjbCYE9375OW83ETGox9gGaZ9Lj69f7wR6AEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABE="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069030171973,"flow_dst_last_pkt_time":1430069030159674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030171973,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069030171973,"flow_dst_last_pkt_time":1430069030159674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030171973,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1430069030171973,"flow_dst_last_pkt_time":1430069030201514,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069030201514,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgbNgNJn8A8KGFK8AbuTvWC6rQyv6iGkYBClZGRQAAABAQEB"} -01425{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069030171973,"flow_dst_last_pkt_time":1430069030296057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069030296057,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069030304541,"flow_dst_last_pkt_time":1430069030336219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":3520,"midstream":0,"thread_ts_usec":1430069030336219,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4","blocks":0}}} +01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069030171973,"flow_dst_last_pkt_time":1430069030296057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069030296057,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01643{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1430069030121588,"flow_src_last_pkt_time":1430069030304541,"flow_dst_last_pkt_time":1430069030336219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":3520,"midstream":0,"thread_ts_usec":1430069030336219,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.kakao.com","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030508795,"flow_src_last_pkt_time":1430069030508795,"flow_dst_last_pkt_time":1430069030508795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030508795,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1430069030508795,"flow_dst_last_pkt_time":1430069030508795,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069030508795,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1430069030508795,"flow_dst_last_pkt_time":1430069030549536,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069030549536,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"} @@ -119,8 +119,8 @@ 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030703253,"flow_src_last_pkt_time":1430069030703253,"flow_dst_last_pkt_time":1430069030703253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030703253,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1430069030703253,"flow_dst_last_pkt_time":1430069030703253,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_usec":1430069030703253,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"} 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030703253,"flow_src_last_pkt_time":1430069030703253,"flow_dst_last_pkt_time":1430069030703253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030703253,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api.facebook.com","domainame":"api.facebook.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069030435553,"flow_dst_last_pkt_time":1430069030731635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069030731635,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} -02138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069030738959,"flow_dst_last_pkt_time":1430069030740271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1430069030740271,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069030435553,"flow_dst_last_pkt_time":1430069030731635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069030731635,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} +02097{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069030738959,"flow_dst_last_pkt_time":1430069030740271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1430069030740271,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1430069030703253,"flow_dst_last_pkt_time":1430069030748175,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_usec":1430069030748175,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="} 01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030703253,"flow_src_last_pkt_time":1430069030703253,"flow_dst_last_pkt_time":1430069030748175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1430069030748175,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api.facebook.com","domainame":"api.facebook.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["31.13.68.84,ttl=9"]}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069030751746,"flow_dst_last_pkt_time":1430069030751746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030751746,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} @@ -128,13 +128,13 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1430069030751746,"flow_dst_last_pkt_time":1430069030835761,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069030835761,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1430069030839087,"flow_dst_last_pkt_time":1430069030835761,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069030839087,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="} 01317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1430069030840583,"flow_dst_last_pkt_time":1430069030835761,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":631,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":631,"pkt_l4_len":595,"thread_ts_usec":1430069030840583,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAmczOUAAPwZGIwoYUrwfDURUsJkBu9qbOCvAwumrgBgAc240AAABAQgKAAsLJqKRlfAWAwECLgEAAioDA76a6q0ypg3ba+OWWVF7gyjIWE3lPvKUJBMV6IUnlGQhIC1U45RULLPMlKvTAlYh5N+zhv6zM+AEAVT4gI6fleVZAJbAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADbAMsAuwCrAJsAPwAUAnQA9ADXAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADDAMcAtwCnAJcAOwAQAnAA8AC\/AEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAFLAAAAFQATAAAQYXBpLmZhY2Vib29rLmNvbQALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwDAKdJiRItdg1e+9Bh8mODTmhuNTVrAqzJ9keCZS7TuZRivHCP304LlPhe+Djs0yurEPgdumukZ4o6zhpa97CMdhZbDbGPi\/1oo0xHsOzHJxu\/l+8GmyAwoVErUBObVx\/AWLW579VOCdf65nCc1eSeef2ueP9+1qDRIbGJ4ntKWe8U7odCyfHta0Xnuf\/K5YCgRDMzTWl4lwXV\/pVqfdtCRCsiJzp5RXj5iwNyPz5kZ+GoBBhp+n5MdnpToY3cxvhxHAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDM3QAAA=="} -01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069030840583,"flow_dst_last_pkt_time":1430069030835761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":563,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030840583,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"api.facebook.com","domainame":"api.facebook.com","tls": {"version":"TLSv1.2","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069030840583,"flow_dst_last_pkt_time":1430069030835761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":563,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030840583,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"api.facebook.com","domainame":"api.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1430069030840583,"flow_dst_last_pkt_time":1430069030955695,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069030955695,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSZL0AAjwaSXx8NRFQKGFK8AbuwmcDC6avamzpegBACnv4AAAABAQgKopGWaQALCyY="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030978614,"flow_src_last_pkt_time":1430069030978614,"flow_dst_last_pkt_time":1430069030978614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030978614,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1430069030978614,"flow_dst_last_pkt_time":1430069030978614,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"thread_ts_usec":1430069030978614,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="} 01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069030978614,"flow_src_last_pkt_time":1430069030978614,"flow_dst_last_pkt_time":1430069030978614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069030978614,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com","domainame":"graph.facebook.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} -01395{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069030840583,"flow_dst_last_pkt_time":1430069031001044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":563,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1430069031001044,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"api.facebook.com","domainame":"api.facebook.com","tls": {"version":"TLSv1.2","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02184{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069031013587,"flow_dst_last_pkt_time":1430069031013770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":563,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031013770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"api.facebook.com","domainame":"api.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} +01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069030840583,"flow_dst_last_pkt_time":1430069031001044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":563,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1430069031001044,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"api.facebook.com","domainame":"api.facebook.com","tls": {"version":"TLSv1.2","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1430069030751746,"flow_src_last_pkt_time":1430069031013587,"flow_dst_last_pkt_time":1430069031013770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":563,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031013770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"api.facebook.com","domainame":"api.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1430069030978614,"flow_dst_last_pkt_time":1430069031017096,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"thread_ts_usec":1430069031017096,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"} 01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030978614,"flow_src_last_pkt_time":1430069030978614,"flow_dst_last_pkt_time":1430069031017096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1430069031017096,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com","domainame":"graph.facebook.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["31.13.68.70,ttl=17"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031042945,"flow_dst_last_pkt_time":1430069031042945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031042945,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} @@ -142,13 +142,13 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1430069031042945,"flow_dst_last_pkt_time":1430069031079901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069031079901,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1430069031083289,"flow_dst_last_pkt_time":1430069031079901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069031083289,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="} 01302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1430069031083594,"flow_dst_last_pkt_time":1430069031079901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":621,"pkt_l4_len":585,"thread_ts_usec":1430069031083594,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAl16q0AAPwb+yAoYUrwfDURGqj0Bu4p9cZRgGdOXUBg5CM7tAAAWAwECMAEAAiwDAzthSakX6Nys0EmE1wPJQXQGNb7fzUO2auSBp3pzzdruINH9Cd3eMOIjz4Amf0HcxZLKnDb5BWXRj6aZ8z64ZOOBAJbAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADbAMsAuwCrAJsAPwAUAnQA9ADXAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADDAMcAtwCnAJcAOwAQAnAA8AC\/AEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAFNAAAAFwAVAAASZ3JhcGguZmFjZWJvb2suY29tAAsABAMAAQIACgA6ADgADgANABkAHAALAAwAGwAYAAkACgAaABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAMBPW8XYuWXc4wYgZOQ6d0T60VO\/cyNe14Z5IjVgMFekE6dQ7u4U9FnQj9Gdy1GUVunfKf6noZBglfKqBP\/YL5CHT93Ljqw5QntaaNZ5kvi+qnkAbVlF3Ab+szOzcduxUvTGYEZP5N4eYbzBK0XGbgzpW6gNtQzHAZ4wCELvRkl\/I\/OlcBgG6SRo\/Rnk4jB4P3zWj7gq\/CUy2yxPClj1804ftHYBJ1lTdWKJLEjp5LhGRTLFHNFFHZzp8G9wkcJTX3IADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMzdAAA"} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031083594,"flow_dst_last_pkt_time":1430069031079901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":565,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031083594,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","tls": {"version":"TLSv1.2","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031083594,"flow_dst_last_pkt_time":1430069031079901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":565,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031083594,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1430069031083594,"flow_dst_last_pkt_time":1430069031127600,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069031127600,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYspR8NREYKGFK8AbuqPWAZ05eKfXGUYBClZFyHAAABAQEB"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031167395,"flow_src_last_pkt_time":1430069031167395,"flow_dst_last_pkt_time":1430069031167395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031167395,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1430069031167395,"flow_dst_last_pkt_time":1430069031167395,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"thread_ts_usec":1430069031167395,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="} 01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031167395,"flow_src_last_pkt_time":1430069031167395,"flow_dst_last_pkt_time":1430069031167395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031167395,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"developers.facebook.com","domainame":"developers.facebook.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031083594,"flow_dst_last_pkt_time":1430069031203681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":565,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069031203681,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","tls": {"version":"TLSv1.2","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031207740,"flow_dst_last_pkt_time":1430069031220923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":565,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031220923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031083594,"flow_dst_last_pkt_time":1430069031203681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":565,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069031203681,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","tls": {"version":"TLSv1.2","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1430069031042945,"flow_src_last_pkt_time":1430069031207740,"flow_dst_last_pkt_time":1430069031220923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":565,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":565,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031220923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1430069031167395,"flow_dst_last_pkt_time":1430069031221686,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"thread_ts_usec":1430069031221686,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"} 01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031167395,"flow_src_last_pkt_time":1430069031167395,"flow_dst_last_pkt_time":1430069031221686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1430069031221686,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"developers.facebook.com","domainame":"developers.facebook.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["31.13.68.84,ttl=8"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031230994,"flow_src_last_pkt_time":1430069031230994,"flow_dst_last_pkt_time":1430069031230994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031230994,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} @@ -161,10 +161,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1430069031236945,"flow_dst_last_pkt_time":1430069031281867,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069031281867,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1430069031284186,"flow_dst_last_pkt_time":1430069031281867,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069031284186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="} 01310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1430069031286444,"flow_dst_last_pkt_time":1430069031281867,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":626,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":626,"pkt_l4_len":590,"thread_ts_usec":1430069031286444,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAmJjEEAAPwYWUQoYUrwfDURUsJsBu8tPaERicJ5RUBg5CFQRAAAWAwECNQEAAjEDA12sDwIlRYC4S\/u\/dLxpbC6fU+Gnpw4b5dMA4lzwGxvDIALfpkN5Ks6\/c20IdWd3iDdbXn8wiPGMx1jMuQOUjsRtAJbAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADbAMsAuwCrAJsAPwAUAnQA9ADXAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADDAMcAtwCnAJcAOwAQAnAA8AC\/AEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAFSAAAAHAAaAAAXZGV2ZWxvcGVycy5mYWNlYm9vay5jb20ACwAEAwABAgAKADoAOAAOAA0AGQAcAAsADAAbABgACQAKABoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAwCnSYkR7dyZSlmb2OdeQwfPHqvffGwuUL3PG+4Ewg5bwNedBkyV9v8C8pmhV4nqSLTQbulzvcpBBfLcpfQowvk79MtWhUv2WuTp5rwjXPWPci4lxJKzgph0ts51Py\/3dLrTAZ0QTg1HN7u4u1p3C80B86yaPTNKffxSBZsLfL4fUayH2i9ace\/qM96Tac8qFgVAl24B\/JZxcKhjC1EOsRIlPerZpBoaXHxVbVixsGvq98+nTjVWCnQKrtJcwlv25jQANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAzN0AAA="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031286444,"flow_dst_last_pkt_time":1430069031281867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031286444,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031286444,"flow_dst_last_pkt_time":1430069031281867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069031286444,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1430069031286444,"flow_dst_last_pkt_time":1430069031320197,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069031320197,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYslx8NRFQKGFK8Abuwm2JwnlHLT2hEYBClZFGIAAABAQEB"} -01409{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031286444,"flow_dst_last_pkt_time":1430069031391516,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069031391516,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02198{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031393286,"flow_dst_last_pkt_time":1430069031408850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031408850,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} +01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031286444,"flow_dst_last_pkt_time":1430069031391516,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069031391516,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02157{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1430069031236945,"flow_src_last_pkt_time":1430069031393286,"flow_dst_last_pkt_time":1430069031408850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":570,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":570,"flow_dst_tot_l4_payload_len":3571,"midstream":0,"thread_ts_usec":1430069031408850,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"developers.facebook.com","domainame":"developers.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6806b8fe92d7d465715d771eb102ff04","ja4":"t12d750600_a38d13a9a7b3_36aea2269ab5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069031611243,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_usec":1430069031611243,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069031611243,"flow_src_last_pkt_time":1430069031611243,"flow_dst_last_pkt_time":1430069031611243,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069031611243,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -184,7 +184,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1430069035967627,"flow_dst_last_pkt_time":1430069036008002,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069036008002,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1430069036010596,"flow_dst_last_pkt_time":1430069036008002,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069036010596,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1430069036012946,"flow_dst_last_pkt_time":1430069036008002,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"thread_ts_usec":1430069036012946,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODw10AAPwaKCwoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBg5CMwfAAAWAwEAswEAAK8DAVU9Hy2pPPfpWbhIjMHHKuGu\/26IDUvEFU2avrf56FfmAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036012946,"flow_dst_last_pkt_time":1430069036008002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069036012946,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036012946,"flow_dst_last_pkt_time":1430069036008002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069036012946,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02370{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1430069026370215,"flow_src_last_pkt_time":1430069036014563,"flow_dst_last_pkt_time":1430069032269782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":654,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1689,"flow_dst_tot_l4_payload_len":3666,"midstream":0,"thread_ts_usec":1430069036014563,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":3723,"avg":501416.6,"max":3802978,"stddev":831986.8,"var":692202045440.0,"ent":3.7,"data": [995911,1037903,49316,6684,695526,683563,56000,2329864,2320373,251618,299011,4547,4395,4089,3723,105469,239411,242157,376495,82611,125763,244537,287323,18128,164581,238983,428131,146027,274079,3802978,24719]},"pktlen": {"min":40,"avg":209.0,"max":1320,"stddev":352.3,"var":124085.1,"ent":3.7,"data": [60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116]},"bins": {"c_to_s": [11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0],"entropies": [4.685176849,4.685176849,4.968303204,4.931687355,5.173561573,5.104666710,4.981687546,4.658042908,5.164632797,4.931687355,6.476998329,4.734184265,7.115762234,4.784183979,6.729174137,4.884183884,6.557168484,4.881687164,5.730113029,4.834184170,7.744181156,4.881687164,5.543020725,4.884183884,7.357668877,4.981687546,5.880825043,4.834184170,6.839711666,4.981687546,5.593678474,6.365212917]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1430069036012946,"flow_dst_last_pkt_time":1430069036049811,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069036049811,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYslx8NRFQKGFK8AbuwnWIYU8J1uP30YBClZFxUAAABAQEB"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036068122,"flow_dst_last_pkt_time":1430069036068122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069036068122,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} @@ -192,12 +192,12 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1430069036068122,"flow_dst_last_pkt_time":1430069036109870,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069036109870,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1430069036113928,"flow_dst_last_pkt_time":1430069036109870,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069036113928,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036109870,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"thread_ts_usec":1430069036116156,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOAqTEAAPwak+QoYUryt\/GECircBu1PEJ3tm6OliUBg5CCGEAAAWAwEAswEAAK8DAVU9Hy3lr9PhuC3NcwOeJGoglIkRSauG++7JURnxbEvJAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036109870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069036116156,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036012946,"flow_dst_last_pkt_time":1430069036121375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069036121375,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036109870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069036116156,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036012946,"flow_dst_last_pkt_time":1430069036121375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069036121375,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036149329,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069036149329,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgaA+a38YQIKGFK8AbuKt2bo6WJTxCd7YBClZDSaAAABAQEB"} -02138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036127997,"flow_dst_last_pkt_time":1430069036179969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":3548,"midstream":0,"thread_ts_usec":1430069036179969,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} -01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036608985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069036608985,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} -02139{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036612036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1430069036612036,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} +02097{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036127997,"flow_dst_last_pkt_time":1430069036179969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":3548,"midstream":0,"thread_ts_usec":1430069036179969,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036608985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1430069036608985,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} +02098{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1430069036068122,"flow_src_last_pkt_time":1430069036116156,"flow_dst_last_pkt_time":1430069036612036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1430069036612036,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4","blocks":0}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069044758795,"flow_src_last_pkt_time":1430069044758795,"flow_dst_last_pkt_time":1430069044758795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069044758795,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1430069044758795,"flow_dst_last_pkt_time":1430069044758795,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_usec":1430069044758795,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1430069044758795,"flow_dst_last_pkt_time":1430069044836371,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069044836371,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="} @@ -222,7 +222,7 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1430069072986762,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069073186194,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1430069073186682,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069073186682,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":146,"pkt_l4_len":110,"thread_ts_usec":1430069073201697,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAIIsMkAAQAZ8qQoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBgBtpi\/AAABAQgKAAKjZzTom84WAwEASQEAAEUDAVFRUVESVPKV5Ej6iE0e+b\/OK2fBD2XxGFd+RBJAtWh8AAAeAAQABQAvADMAMgAKABYAEwAJABUAEgADAAgAFAARAQA="} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069072986762,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069073201697,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","ja4":"t10d150000_e2ff6cb279ee_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069072986762,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073186194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069073201697,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d150000_e2ff6cb279ee_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1430069073201697,"flow_dst_last_pkt_time":1430069073294684,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069073294684,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADQUukAALgambzb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqynAAABAQgKNOib\/AACo2c="} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059149,"flow_src_last_pkt_time":1430069022059149,"flow_dst_last_pkt_time":1430069022094092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"up-m.talk.kakao.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069031230994,"flow_src_last_pkt_time":1430069031230994,"flow_dst_last_pkt_time":1430069031281714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"2.97.252.173.in-addr.arpa"}} @@ -242,7 +242,7 @@ 01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1430069030508795,"flow_src_last_pkt_time":1430069052317694,"flow_dst_last_pkt_time":1430069052223609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1430069035840522,"flow_src_last_pkt_time":1430069057806708,"flow_dst_last_pkt_time":1430069057685950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022059638,"flow_src_last_pkt_time":1430069022059638,"flow_dst_last_pkt_time":1430069022093909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"item.kakao.com"}} -01212{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075659,"flow_src_last_pkt_time":1430069028075659,"flow_dst_last_pkt_time":1430069028075659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01319{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075659,"flow_src_last_pkt_time":1430069028075659,"flow_dst_last_pkt_time":1430069028075659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069028075659,"flow_src_last_pkt_time":1430069028075659,"flow_dst_last_pkt_time":1430069028075659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030083228,"flow_src_last_pkt_time":1430069030083228,"flow_dst_last_pkt_time":1430069030119544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"plus-talk.kakao.com"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069030083014,"flow_src_last_pkt_time":1430069030083014,"flow_dst_last_pkt_time":1430069030115576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"plus-talk.kakao.com"}} @@ -267,7 +267,7 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022104834,"flow_src_last_pkt_time":1430069022104834,"flow_dst_last_pkt_time":1430069022234626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"up-v.talk.kakao.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022058570,"flow_src_last_pkt_time":1430069022058570,"flow_dst_last_pkt_time":1430069022094214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"booking.loco.kakao.com"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022252722,"flow_src_last_pkt_time":1430069022252722,"flow_dst_last_pkt_time":1430069022295691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dn-l.talk.kakao.com"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":347,"packets-processed":347,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":33,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":270,"global_ts_usec":1430069073299933} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":347,"packets-processed":347,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":33,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":270,"global_ts_usec":1430069073299933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 347/347 ~~ skipped flows.............: 0 @@ -276,9 +276,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7134380 bytes -~~ total memory freed........: 7134380 bytes -~~ total allocations/frees...: 115134/115134 +~~ total memory allocated....: 7712092 bytes +~~ total memory freed........: 7712092 bytes +~~ total allocations/frees...: 126871/126871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2375 chars diff --git a/test/results/default/KakaoTalk_talk.pcap.out b/test/results/default/KakaoTalk_talk.pcap.out index d0e254095..47e2f8236 100644 --- a/test/results/default/KakaoTalk_talk.pcap.out +++ b/test/results/default/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069140120551} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430069140120551} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069140120551,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_usec":1430069140120551,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140453803,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069140453803,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} @@ -32,9 +32,9 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1430069163715308,"flow_dst_last_pkt_time":1430069163856879,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069163856879,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1430069163867163,"flow_dst_last_pkt_time":1430069163856879,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069163867163,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1430069163878913,"flow_dst_last_pkt_time":1430069163856879,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":210,"pkt_l4_len":174,"thread_ts_usec":1430069163878913,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAMLn50AAPwb4+woYUrxuTI8ygMgfkPcR2OqSeNqRgBgAc+MXAAABAQgKAAs\/HUTbaagWAwEAiQEAAIUDAW\/AJ5x07YpI03eyTIApyp52T5fbgJrvB2vzSmAW7uAOAAAYwBTACsAPwAUANcATwAnADsAEAC8AlgD\/AQAARAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01387{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069163715308,"flow_src_last_pkt_time":1430069163878913,"flow_dst_last_pkt_time":1430069163856879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069163878913,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069163715308,"flow_src_last_pkt_time":1430069163878913,"flow_dst_last_pkt_time":1430069163856879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069163878913,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1430069163878913,"flow_dst_last_pkt_time":1430069164101813,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069164101813,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSw2UAALwZAmG5MjzIKGFK8H5CAyJJ42pH3Edl4gBAAH0+uAAABAQgKRNtqrAALPx0="} -01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069163715308,"flow_src_last_pkt_time":1430069163878913,"flow_dst_last_pkt_time":1430069164107489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":852,"midstream":0,"thread_ts_usec":1430069164107489,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9","blocks":0}}} +01800{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069163715308,"flow_src_last_pkt_time":1430069163878913,"flow_dst_last_pkt_time":1430069164107489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":852,"midstream":0,"thread_ts_usec":1430069164107489,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069164656714,"flow_dst_last_pkt_time":1430069164656714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":442,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":442,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069164656714,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1430069164656714,"flow_dst_last_pkt_time":1430069164656714,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_usec":1430069164656714,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1430069164656714,"flow_dst_last_pkt_time":1430069164657324,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069164657324,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="} @@ -45,9 +45,9 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1430069164966834,"flow_dst_last_pkt_time":1430069165114875,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069165114875,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1430069165115149,"flow_dst_last_pkt_time":1430069165114875,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069165115149,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1430069165129523,"flow_dst_last_pkt_time":1430069165114875,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":210,"pkt_l4_len":174,"thread_ts_usec":1430069165129523,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAMJKl0AAQAaVTAoYUrxuTI8y5ekjKS1pjavX8J2vgBgBtm0bAAABAQgKAALHT0TbbpQWAwEAiQEAAIUDAc0IMYnVVZMQnojSelEd1V0KoNgUEJ7I0Qu6wTcqDhwtAAAYwBTACsAPwAUANcATwAnADsAEAC8AlgD\/AQAARAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01387{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069164966834,"flow_src_last_pkt_time":1430069165129523,"flow_dst_last_pkt_time":1430069165114875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069165129523,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069164966834,"flow_src_last_pkt_time":1430069165129523,"flow_dst_last_pkt_time":1430069165114875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069165129523,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1430069165129523,"flow_dst_last_pkt_time":1430069165311164,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069165311164,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTyhUAALwb+625MjzIKGFK8Iynl6dfwna8taY45gBAAH2ZiAAABAQgKRNtvZgACx08="} -01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069164966834,"flow_src_last_pkt_time":1430069165129523,"flow_dst_last_pkt_time":1430069165314856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":852,"midstream":0,"thread_ts_usec":1430069165314856,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9","blocks":0}}} +01800{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1430069164966834,"flow_src_last_pkt_time":1430069165129523,"flow_dst_last_pkt_time":1430069165314856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":142,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":852,"midstream":0,"thread_ts_usec":1430069165314856,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","ja4":"t10d120300_b275ccc1cd51_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9","blocks":0}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090460,"flow_src_last_pkt_time":1430069170090460,"flow_dst_last_pkt_time":1430069170090460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069170090460,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1430069170090460,"flow_dst_last_pkt_time":1430069170090460,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_usec":1430069170090460,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090460,"flow_src_last_pkt_time":1430069170090460,"flow_dst_last_pkt_time":1430069170090460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069170090460,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -106,11 +106,11 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1430069211639075,"flow_dst_last_pkt_time":1430069211703101,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069211703101,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1430069211703253,"flow_dst_last_pkt_time":1430069211703101,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1430069211703253,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2858,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1430069211712958,"flow_dst_last_pkt_time":1430069211703101,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":272,"pkt_l4_len":236,"thread_ts_usec":1430069211712958,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAQBoBEAAQAZuowoYUryt\/FiA6jIBuzJ1sXljz56FUBg2sOucAAAWAwEA0wEAAM8DAVU9H9uNfuN6igTtfCsi5UGJAGu+tBUa6vvxV3L7s6crIN7mSkHwum5YAkPf9F1sC8Q73hXOE4o3oouZE9fRYbaoAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABE="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069211639075,"flow_src_last_pkt_time":1430069211712958,"flow_dst_last_pkt_time":1430069211703101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069211712958,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1430069211639075,"flow_src_last_pkt_time":1430069211712958,"flow_dst_last_pkt_time":1430069211703101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069211712958,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2864,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1430069211712958,"flow_dst_last_pkt_time":1430069211795264,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1430069211795264,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgaJe638WIAKGFK8AbvqMmPPnoUydbF5YBClZMLnAAABAQEB"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1430069211640662,"flow_dst_last_pkt_time":1430069211843116,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_usec":1430069211843116,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="} 01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069211640662,"flow_src_last_pkt_time":1430069211640662,"flow_dst_last_pkt_time":1430069211843116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1430069211843116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"mqtt.facebook.com","domainame":"mqtt.facebook.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["173.252.97.2,ttl=1"]}}} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069211639075,"flow_src_last_pkt_time":1430069211712958,"flow_dst_last_pkt_time":1430069212207099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1430069212207099,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1430069211639075,"flow_src_last_pkt_time":1430069211712958,"flow_dst_last_pkt_time":1430069212207099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1430069212207099,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"07dddc59e60135c7b479d39c3ae686af","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2953,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1430069212950354,"flow_dst_last_pkt_time":1430069201833106,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_usec":1430069212950354,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOx0AAQAYrcAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkjwAAABAQgKAALZ\/swmIb5QFA=="} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":490,"pkt_l4_len":454,"thread_ts_usec":1430069216559027,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAdoKMEAAjgb4BouWAH0KGFK8Abu3Y2Ij1jlRKAS0UBifXH0zAACuAQAASco9e7VdqRc+Gkt7POZ3iw2F7xO4X2pC90c2WlKrkfUQp81wR7\/apKWRUN0xPn3rHrbfRdi+XhHa+j4GRhmQQo\/WP2OspzKBm3YLCNKlzTZ8kvGwZaDeSN6zsmCH4s4re40+RQD92a4DC1ldY8M0G8hP9VOib0DJc8A\/U\/Hl7Yga02rJ0WU9\/xZx0Y6IJDivqf2F6fu0KFw9\/9fRYLX4a4x4Dr04QF6nYY2hppUHqN+VoOshDOfBSjLOUu9eZW5XsK1QKV3ankWOeHcuur1QBnDUH7AyyKw05AsWLTgn93O9gTlO+KcD06aYGem2n3YDlKyjAH0YiG7yWXnHwud76KDQSYBeZwVKZUdN03qYy46C+rNDMk1+00VzRWs8Md0kD\/3WMG7IkKoLgycycmrBfqojZNvS0\/0M4FWQtEgD0\/9joTJQJuB7Q89d9iEB\/EX6dWqIJrF\/uwZ62wHFVsQVYEl6gV8ebF1xuilClTTE9Kv1ehLuEA6uKjKq32J1m2Se02dJBOb3S7pO0rsp3AvylwOa4z1IIKA5no19mPAA1kDKuhcfIna6FJ+5AXdIvA=="} 01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430069211505377,"flow_src_last_pkt_time":1430069211505591,"flow_dst_last_pkt_time":1430069211505377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -121,14 +121,14 @@ 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1430069141923255,"flow_src_last_pkt_time":1430069142383734,"flow_dst_last_pkt_time":1430069142373877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069180329901,"flow_src_last_pkt_time":1430069180329901,"flow_dst_last_pkt_time":1430069180329901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01289{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1430069159456549,"flow_src_last_pkt_time":1430069163207434,"flow_dst_last_pkt_time":1430069163250861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":609,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com"}} -01169{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069161865821,"flow_src_last_pkt_time":1430069161865821,"flow_dst_last_pkt_time":1430069161865821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01276{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069161865821,"flow_src_last_pkt_time":1430069161865821,"flow_dst_last_pkt_time":1430069161865821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069161865821,"flow_src_last_pkt_time":1430069161865821,"flow_dst_last_pkt_time":1430069161865821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069211640662,"flow_src_last_pkt_time":1430069211640662,"flow_dst_last_pkt_time":1430069211843116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"mqtt.facebook.com"}} 00974{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069141261786,"flow_src_last_pkt_time":1430069141741828,"flow_dst_last_pkt_time":1430069141435523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069141261786,"flow_src_last_pkt_time":1430069141741828,"flow_dst_last_pkt_time":1430069141435523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01113{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1430069201833106,"flow_src_last_pkt_time":1430069212950354,"flow_dst_last_pkt_time":1430069201833106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1430069201833106,"flow_src_last_pkt_time":1430069212950354,"flow_dst_last_pkt_time":1430069201833106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} -01171{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069193291327,"flow_src_last_pkt_time":1430069193291327,"flow_dst_last_pkt_time":1430069193291327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01278{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069193291327,"flow_src_last_pkt_time":1430069193291327,"flow_dst_last_pkt_time":1430069193291327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069193291327,"flow_src_last_pkt_time":1430069193291327,"flow_dst_last_pkt_time":1430069193291327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":746,"flow_dst_packets_processed":742,"flow_first_seen":1430069171389136,"flow_src_last_pkt_time":1430069216057868,"flow_dst_last_pkt_time":1430069216410987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":61082,"flow_dst_tot_l4_payload_len":71956,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1430069170975714,"flow_src_last_pkt_time":1430069216076270,"flow_dst_last_pkt_time":1430069215583350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":78,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":1164,"flow_dst_tot_l4_payload_len":980,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","proto_id":"194","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -137,12 +137,12 @@ 01050{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1430069164966834,"flow_src_last_pkt_time":1430069216555182,"flow_dst_last_pkt_time":1430069216555121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":3822,"flow_dst_tot_l4_payload_len":3956,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","proto_id":"91.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -01171{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069210863623,"flow_src_last_pkt_time":1430069210863623,"flow_dst_last_pkt_time":1430069210863623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01278{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069210863623,"flow_src_last_pkt_time":1430069210863623,"flow_dst_last_pkt_time":1430069210863623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069210863623,"flow_src_last_pkt_time":1430069210863623,"flow_dst_last_pkt_time":1430069210863623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00992{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069164724066,"flow_dst_last_pkt_time":1430069164894873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":436,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":605,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069164724066,"flow_dst_last_pkt_time":1430069164894873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":436,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":605,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170090460,"flow_src_last_pkt_time":1430069170090460,"flow_dst_last_pkt_time":1430069170090460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3203,"packets-processed":3203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1430069216559027} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3203,"packets-processed":3203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1430069216559027} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3203/3203 ~~ skipped flows.............: 0 @@ -151,9 +151,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7077914 bytes -~~ total memory freed........: 7077914 bytes -~~ total allocations/frees...: 117598/117598 +~~ total memory allocated....: 7655636 bytes +~~ total memory freed........: 7655636 bytes +~~ total allocations/frees...: 129335/129335 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2709 chars diff --git a/test/results/default/NTPv2.pcap.out b/test/results/default/NTPv2.pcap.out index 853ea675a..99cc5049b 100644 --- a/test/results/default/NTPv2.pcap.out +++ b/test/results/default/NTPv2.pcap.out @@ -1,10 +1,10 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865383632810} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865383632810} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_usec":1436865383632810,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":42,"version":42}}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865383632810} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865383632810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 1005 chars diff --git a/test/results/default/NTPv3.pcap.out b/test/results/default/NTPv3.pcap.out index f90b45c20..7a5400a51 100644 --- a/test/results/default/NTPv3.pcap.out +++ b/test/results/default/NTPv3.pcap.out @@ -1,10 +1,10 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865405371462} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865405371462} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865405371462,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"} 00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865405371462} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865405371462} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 959 chars diff --git a/test/results/default/NTPv4.pcap.out b/test/results/default/NTPv4.pcap.out index f8ff106c5..7874db469 100644 --- a/test/results/default/NTPv4.pcap.out +++ b/test/results/default/NTPv4.pcap.out @@ -1,10 +1,10 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865396190857} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436865396190857} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865396190857,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"} 00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865396190857} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1436865396190857} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 959 chars diff --git a/test/results/default/Oscar.pcap.out b/test/results/default/Oscar.pcap.out index 687dc0bbf..112bd1f8a 100644 --- a/test/results/default/Oscar.pcap.out +++ b/test/results/default/Oscar.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434606464176482} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434606464176482} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434606464176482,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434606464176482,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464205135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434606464205135,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} @@ -9,7 +9,7 @@ 01999{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606524600171,"flow_dst_last_pkt_time":1434606524130160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":3047,"midstream":0,"thread_ts_usec":1434606524600171,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":3883141.0,"max":58215154,"stddev":14267685.0,"var":203566836875264.0,"ent":1.3,"data": [28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580]},"pktlen": {"min":40,"avg":172.5,"max":1400,"stddev":263.3,"var":69345.6,"ent":4.0,"data": [64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76]},"bins": {"c_to_s": [11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0],"entropies": [4.441382408,4.871388912,4.661769390,7.090702057,4.724371910,4.661769390,5.245636463,4.661769390,4.009517670,4.346171379,4.611769676,4.280395031,3.817430019,3.863874197,4.611769676,4.309496880,4.501398563,3.542632341,4.154665947,4.611769676,3.726292849,4.611769199,5.504406452,4.457919598,3.418277502,4.801239491,4.544876099,5.035846710,4.611769676,4.478143215,4.501398087,4.761171341]}} 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606524600171,"flow_dst_last_pkt_time":1434606524130160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":3047,"midstream":0,"thread_ts_usec":1434606524600171,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606536630487,"flow_dst_last_pkt_time":1434606536630387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1434606536630487,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434606536630487} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434606536630487} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 71/71 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911744 bytes -~~ total memory freed........: 6911744 bytes -~~ total allocations/frees...: 114210/114210 +~~ total memory allocated....: 7489340 bytes +~~ total memory freed........: 7489340 bytes +~~ total allocations/frees...: 125941/125941 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2004 chars diff --git a/test/results/default/TivoDVR.pcap.out b/test/results/default/TivoDVR.pcap.out index a717cdb0b..242976c33 100644 --- a/test/results/default/TivoDVR.pcap.out +++ b/test/results/default/TivoDVR.pcap.out @@ -1,11 +1,11 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1659655707553802} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1659655707553802} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707553802,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","tivoconnect": {"identity_uuid":"4d696e69-444c-164e-9d41-1459c099c043","machine":"R7000P","platform":"pc\/minidlna","services":"TiVoMediaServer:8200\/http"}}} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707554438,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707554438,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1659655707554438} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1659655707554438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907643 bytes -~~ total memory freed........: 6907643 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485239 bytes +~~ total memory freed........: 7485239 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 1093 chars diff --git a/test/results/default/WebattackRCE.pcap.out b/test/results/default/WebattackRCE.pcap.out index f64ffbce1..86531c7f8 100644 --- a/test/results/default/WebattackRCE.pcap.out +++ b/test/results/default/WebattackRCE.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576420276577658} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576420276577658} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276577658,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} 01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)","detected_os":"Nikto\/2.1.6"}}} @@ -3188,7 +3188,7 @@ 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278010669,"flow_src_last_pkt_time":1576420278010669,"flow_dst_last_pkt_time":1576420278010669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":267,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":267,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278012576,"flow_src_last_pkt_time":1576420278012576,"flow_dst_last_pkt_time":1576420278012576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":277,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":277,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01320{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420278014387,"flow_src_last_pkt_time":1576420278014387,"flow_dst_last_pkt_time":1576420278014387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"3": {"risk":"RCE Injection","severity":"Severe","risk_score": {"total":160,"client":140,"server":20}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":797,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":797,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 797/797 ~~ skipped flows.............: 0 @@ -3197,9 +3197,9 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8976337 bytes -~~ total memory freed........: 8976337 bytes -~~ total allocations/frees...: 128261/128261 +~~ total memory allocated....: 9565981 bytes +~~ total memory freed........: 9565981 bytes +~~ total allocations/frees...: 140831/140831 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 622 chars ~~ json message max len.......: 1806 chars diff --git a/test/results/default/WebattackSQLinj.pcap.out b/test/results/default/WebattackSQLinj.pcap.out index 138d90254..df79cdd80 100644 --- a/test/results/default/WebattackSQLinj.pcap.out +++ b/test/results/default/WebattackSQLinj.pcap.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499348407419016} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499348407419016} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348407419016,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348407419016,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419016,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419147,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} @@ -72,7 +72,7 @@ 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348494345596,"flow_src_last_pkt_time":1499348499355896,"flow_dst_last_pkt_time":1499348499355969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1840,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":1840,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}} 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1499348506489087,"flow_src_last_pkt_time":1499348511497289,"flow_dst_last_pkt_time":1499348511496699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":537,"flow_dst_max_l4_payload_len":1881,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":1881,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}} 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1499348514064531,"flow_src_last_pkt_time":1499348519077716,"flow_dst_last_pkt_time":1499348519077129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":2701,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":4149,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":94,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1499348519077716} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":94,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1499348519077716} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/94 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6933110 bytes -~~ total memory freed........: 6933110 bytes -~~ total allocations/frees...: 114411/114411 +~~ total memory allocated....: 7511738 bytes +~~ total memory freed........: 7511738 bytes +~~ total allocations/frees...: 126160/126160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 1536 chars diff --git a/test/results/default/WebattackXSS.pcap.out b/test/results/default/WebattackXSS.pcap.out index da32ce2e6..5cf6857cb 100644 --- a/test/results/default/WebattackXSS.pcap.out +++ b/test/results/default/WebattackXSS.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499346935283859} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499346935283859} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935283859,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283859,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283960,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} @@ -2515,7 +2515,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081002,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_src_last_pkt_time":1499347535081893,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347535081893,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4740,"packets-processed":4739,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4740,"packets-processed":4739,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536332683,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332683,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332809,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} @@ -5302,7 +5302,7 @@ 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348096595051,"flow_src_last_pkt_time":1499348096595952,"flow_dst_last_pkt_time":1499348096595195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9374,"packets-processed":9374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9374,"packets-processed":9374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 ~~ skipped flows.............: 0 @@ -5311,9 +5311,9 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8774974 bytes -~~ total memory freed........: 8774974 bytes -~~ total allocations/frees...: 131604/131604 +~~ total memory allocated....: 9353380 bytes +~~ total memory freed........: 9353380 bytes +~~ total allocations/frees...: 143367/143367 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2605 chars diff --git a/test/results/default/activision.pcap.out b/test/results/default/activision.pcap.out index c61b90654..7e1d89717 100644 --- a/test/results/default/activision.pcap.out +++ b/test/results/default/activision.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646323526787000} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646323526787000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646323526787000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5voEAAH8RYsnAqAJkbD3rHwwCgqEAJX0XDQIA093tA5YWaZgaJ69POBvAqAAVAgxsPesfoYI="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -15,7 +15,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1646323628122000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1646323628154000,"pkt":"YDjgxTWgeJS0JASgCABFAAA3hJNAADURYKEtP3A2wKgCZIe1DAIAI0xRKQoAAADOR0ROAAAAAAEAAAAAAAAAAAAAAAAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1646323628324000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646323628324000,"pkt":"eJS0JASgYDjgxTWgCABFAAAu0NYAAH8RCmfAqAJkLT9wNgwCh7UAGpZYKLBaR04AAAAAFgAAAAAEGqAA"} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646323628926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1646330186021000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1646330186021000} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646330186021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5ncMAAH8RmPnAqAJklEitogwChgcAJQKmDQIAJQp5Uq9Qqtxv2LxZymHAqAAVAgyUSK2iB4Y="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1646330186436000,"flow_dst_last_pkt_time":1646330186357000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646330186436000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuncUAAH8RmQLAqAJklEitogwChgcAGpHFKNl9LNUBAAAAcgYAAKNJ1wsA"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323628043000,"flow_src_last_pkt_time":1646323628926000,"flow_dst_last_pkt_time":1646323628858000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"45.63.112.54","src_port":3074,"dst_port":34741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1646331972616000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1646331972616000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646331972616000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5EsQAAH8RdRfAqAJkrcdDBQwCkNkAJZrDDQIAgisORyh+2Z3JjlEt75TAqAAVAgytx0MF2ZA="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -35,7 +35,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1646331972856000,"flow_dst_last_pkt_time":1646331972816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646331972856000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuEsYAAH8RdSDAqAJkrcdDBQwCkNkAGqUkKMQtpz8CAAAAVggAAAozEzkA"} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330187441000,"flow_dst_last_pkt_time":1646330187364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331973357000,"flow_dst_last_pkt_time":1646331973318000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1646331973357000} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1646331973357000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916493 bytes -~~ total memory freed........: 6916493 bytes -~~ total allocations/frees...: 114230/114230 +~~ total memory allocated....: 7494089 bytes +~~ total memory freed........: 7494089 bytes +~~ total allocations/frees...: 125961/125961 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 976 chars diff --git a/test/results/default/adult_content.pcap.out b/test/results/default/adult_content.pcap.out index 9f391ff5f..36e40bebc 100644 --- a/test/results/default/adult_content.pcap.out +++ b/test/results/default/adult_content.pcap.out @@ -1,15 +1,15 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679071239291834} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679071239291834} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1679071239291834,"pkt":"ILAB4IZiPKn0qB\/sCABFAAAwUDlAAEAR7PPAqAHHH9wbRacHAFAAHI2nAAEAACESpEJBM1FjaTROdXJPS0E="} -01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239312300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1679071239312300,"pkt":"PKn0qB\/sILAB4IZiCABFAABoeTpAADIR0bof3BtFwKgBxwBQpwcAVCaFAQEAOCESpEJBM1FjaTROdXJPS0EAIAAIAAHJnHwxD+MAAQAIAAHojl0jq6GAKwAIAAEAUB\/cG0WALAAIAAEII38AAPmAKAAEnVw8wQ=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239312300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1679071239347013,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA4UEdAAEAR7N3AqAHHH9wbRacHAFAAJJk0AAMACCESpEJDQlZzSWpnT21uMy8AGQAEEQAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1679071239366897,"pkt":"PKn0qB\/sILAB4IZiCABFAAB4eXNAADIR0XEf3BtFwKgBxwBQpwcAZAaAARMASCESpEJDQlZzSWpnT21uMy8ACQAQAAAEAVVuYXV0aG9yaXplZAAVABBmYzdlNjU3YjkzODY1NGJmABQAE2ItZXUxNC5zdHJpcGNkbi5jb20AgCgABDFJxvQ="} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1679071239366897,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com","domainame":"b-eu14.stripcdn.com","stun": {"mapped_address":"93.35.171.161:59534","response_origin":"31.220.27.69:80","other_address":"127.0.0.249:2083"}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1679071239366897,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com","domainame":"b-eu14.stripcdn.com","stun": {"mapped_address":"93.35.171.161:59534","response_origin":"31.220.27.69:80","other_address":"127.0.0.249:2083","multimedia_flow_types":"Unknown"}}} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679071239367273,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1679071239367273,"pkt":"ILAB4IZiPKn0qB\/sCABFAACIUEtAAEAR7InAqAHHH9wbRacHAFAAdHxgAAMAWCESpEJ4VHYxS21GNEJWa2kAGQAEEQAAAAAGAAdqb2huZG9lAAAUABNiLWV1MTQuc3RyaXBjZG4uY29tAAAVABBmYzdlNjU3YjkzODY1NGJmAAgAFKX\/EIV4M7nf301az2ompIrGx4iF"} 01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":14,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239509436,"flow_dst_last_pkt_time":1679071239465594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1204,"flow_dst_max_l4_payload_len":1376,"flow_src_tot_l4_payload_len":3131,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1679071239509436,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":25,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679071239509436} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":25,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679071239509436} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/25 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908338 bytes -~~ total memory freed........: 6908338 bytes -~~ total allocations/frees...: 114162/114162 +~~ total memory allocated....: 7485956 bytes +~~ total memory freed........: 7485956 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars -~~ json message max len.......: 1286 chars -~~ json message avg len.......: 909 chars +~~ json message max len.......: 1320 chars +~~ json message avg len.......: 926 chars diff --git a/test/results/default/afp.pcap.out b/test/results/default/afp.pcap.out index 1ab8ee233..42baf1bd4 100644 --- a/test/results/default/afp.pcap.out +++ b/test/results/default/afp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643275951277370} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643275951277370} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1643275951277370,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -8,7 +8,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643275951277702,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277702,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643275951277715,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277715,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275952364726,"flow_dst_last_pkt_time":1643275952364172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":118,"midstream":1,"thread_ts_usec":1643275952364726,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643275952364726} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643275952364726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908077 bytes -~~ total memory freed........: 6908077 bytes -~~ total allocations/frees...: 114153/114153 +~~ total memory allocated....: 7485673 bytes +~~ total memory freed........: 7485673 bytes +~~ total allocations/frees...: 125884/125884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/agora-sd-rtn.pcap.out b/test/results/default/agora-sd-rtn.pcap.out index a8e67af51..30bcc5678 100644 --- a/test/results/default/agora-sd-rtn.pcap.out +++ b/test/results/default/agora-sd-rtn.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1649093494350000} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1649093494350000} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649093494350000,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97pAAD8RrNTAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io","domainame":"23-248-186-179.edge.agora.io"}} @@ -70,7 +70,7 @@ 01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093640794000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640826000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1667,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} 01020{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093580792000,"flow_src_last_pkt_time":1649093580849000,"flow_dst_last_pkt_time":1649093580831000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1796,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-77-66.edge.agora.io"}} 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649093640842000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640842000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":1219,"flow_src_tot_l4_payload_len":1546,"flow_dst_tot_l4_payload_len":4876,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649098069656000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649098069656000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649098069656000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneRAAD8RBqvAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io","domainame":"23-248-186-179.edge.agora.io"}} @@ -122,7 +122,7 @@ 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"104-166-161-75.edge.agora.io"}} 01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069689000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":818,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2256,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069706000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1892,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1649098819739000} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1649098819739000} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"104-166-161-75.edge.agora.io"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098129676000,"flow_src_last_pkt_time":1649098129719000,"flow_dst_last_pkt_time":1649098129703000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":492,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1769,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"193-118-52-182.edge.agora.io"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649098094676000,"flow_src_last_pkt_time":1649098094724000,"flow_dst_last_pkt_time":1649098094756000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1606,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-233-218.edge.agora.io"}} @@ -163,7 +163,7 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098849713000,"flow_src_last_pkt_time":1649098849898000,"flow_dst_last_pkt_time":1649098849881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":430,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1659,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1649098089567000,"flow_src_last_pkt_time":1649098819802000,"flow_dst_last_pkt_time":1649098819775000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":944,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":4213,"flow_dst_tot_l4_payload_len":2952,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"104-166-161-75.edge.agora.io"}} 01025{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098909723000,"flow_src_last_pkt_time":1649098909909000,"flow_dst_last_pkt_time":1649098909895000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1627,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-224.edge.agora.io"}} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1649336870173000} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1649336870173000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1649336870173000,"pkt":"eJS0JASgYDjgxTWgCABFoAEFneZAAD8Rl3TAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io","domainame":"128-1-193-223.edge.agora.io"}} @@ -226,7 +226,7 @@ 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1649336965166000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965166000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFZAAD8RpDjAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFtAAD8RpDPAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFxAAD8RpDLAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1649337802272000} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1649337802272000} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336954948000,"flow_src_last_pkt_time":1649336955151000,"flow_dst_last_pkt_time":1649336955137000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1812,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-224.edge.agora.io"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870432000,"flow_dst_last_pkt_time":1649336870347000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2014,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1649336960225000,"flow_src_last_pkt_time":1649336960225000,"flow_dst_last_pkt_time":1649336960225000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":498,"flow_src_tot_l4_payload_len":699,"flow_dst_tot_l4_payload_len":3468,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} @@ -235,7 +235,7 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336894950000,"flow_src_last_pkt_time":1649336897978000,"flow_dst_last_pkt_time":1649336894950000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3525,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"103-104-168-244.edge.agora.io"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165000,"flow_src_last_pkt_time":1649336968493000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-180.edge.agora.io"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336960165000,"flow_src_last_pkt_time":1649336960225000,"flow_dst_last_pkt_time":1649336960206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1814,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":403,"packets-processed":403,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1649337802273000} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":403,"packets-processed":403,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1649337802273000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 403/403 ~~ skipped flows.............: 0 @@ -244,9 +244,9 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6978800 bytes -~~ total memory freed........: 6978800 bytes -~~ total allocations/frees...: 114815/114815 +~~ total memory allocated....: 7556396 bytes +~~ total memory freed........: 7556396 bytes +~~ total allocations/frees...: 126546/126546 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 622 chars ~~ json message max len.......: 2185 chars diff --git a/test/results/default/ah.pcapng.out b/test/results/default/ah.pcapng.out index 9d6cecaab..07ea6c02a 100644 --- a/test/results/default/ah.pcapng.out +++ b/test/results/default/ah.pcapng.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587338929051893} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587338929051893} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587338929051893,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="} 00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587338931051869,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} 00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587338931051372,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929067839,"flow_dst_last_pkt_time":1587338929075761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587338931051869} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587338931051869} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910167 bytes -~~ total memory freed........: 6910167 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7487763 bytes +~~ total memory freed........: 7487763 bytes +~~ total allocations/frees...: 125885/125885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 614 chars ~~ json message max len.......: 993 chars diff --git a/test/results/default/ajp.pcap.out b/test/results/default/ajp.pcap.out index a4c777fd4..1ab4273df 100644 --- a/test/results/default/ajp.pcap.out +++ b/test/results/default/ajp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","vlan_id":7,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} @@ -40,7 +40,7 @@ 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"vlan_id":7,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910795 bytes -~~ total memory freed........: 6910795 bytes -~~ total allocations/frees...: 114176/114176 +~~ total memory allocated....: 7488391 bytes +~~ total memory freed........: 7488391 bytes +~~ total allocations/frees...: 125907/125907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 313 chars ~~ json message max len.......: 1513 chars diff --git a/test/results/default/alexa-app.pcapng.out b/test/results/default/alexa-app.pcapng.out index e3f7ad537..bcc3c684b 100644 --- a/test/results/default/alexa-app.pcapng.out +++ b/test/results/default/alexa-app.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526783,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783} 00326{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526847,"packet_id":2,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847} @@ -55,9 +55,9 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1490976027567694,"flow_dst_last_pkt_time":1490976027617961,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976027617961,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA86FEAACsGQwOtwt+8rBAq2BRsp36O4XTVXkGfYaASpajFDgAAAgQFZAQCCAor\/EXWAPZJFAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1490976027621372,"flow_dst_last_pkt_time":1490976027617961,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976027621372,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01nVAAEAG\/+asECrYrcLfvKd+FGxeQZ9hjuF01oAQAVeX1wAAAQEICgD2SRkr\/EXW"} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1490976027625622,"flow_dst_last_pkt_time":1490976027617961,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1490976027625622,"pkt":"AMDKkaPvePiC0\/vCCABFAAI51nZAAEAG\/eCsECrYrcLfvKd+FGxeQZ9hjuF01oAYAVd0AAAAAQEICgD2SRor\/EXWFgMBAgABAAH8AwP8yOM7BlQk\/N7361hEfifQEjFK9C+2z6dEAXB5upIKVSBsZf8WSacPFJ5360Xf7gbKvq4VJrM6Sp5Mx957SU1grAAozKnMFMArwCzMqMwTwC\/AMACeAJ\/ACcAKwBPAFAAzADkAnACdAC8ANQEAAYv\/AQABAAAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20AFwAAACMAxAOeKIxvS+dmkCkOmeIUcJ137rveu8cp7SsJcSkCCJYpUIY+YBkt6aFuQ6LPrhBKvBHLUbeG3+HUzr5FnCqyl8+ID9q3G1h7YfsoYtCoJkMsPA\/kz1MiwPPwRp1Ls85ZA1SJko+D8IYkqP0qv5to9svOUJZSfo1gVcDl2auONMm8nfCIA74AFXnyO7ekI+VS57Ocl60m10z72XP7SkonMcdfpTgCFqrNIsf0dRbWAaOlueauQJaMo6gNlxUOxYiF9f84qwcADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAACwACAQAACgAIAAYAHQAXABgAFQBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976027567694,"flow_src_last_pkt_time":1490976027625622,"flow_dst_last_pkt_time":1490976027617961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976027625622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","ja4":"t12d200900_93851ff8129a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976027567694,"flow_src_last_pkt_time":1490976027625622,"flow_dst_last_pkt_time":1490976027617961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976027625622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200900_93851ff8129a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1490976027625622,"flow_dst_last_pkt_time":1490976027674065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976027674065,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA06HIAACsGQuqtwt+8rBAq2BRsp36O4XTWXkGhZoAQAVSVmwAAAQEICiv8Rg8A9kka"} -01519{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976027567694,"flow_src_last_pkt_time":1490976027625622,"flow_dst_last_pkt_time":1490976027674201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1490976027674201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200900_93851ff8129a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","blocks":0}}} +01478{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976027567694,"flow_src_last_pkt_time":1490976027625622,"flow_dst_last_pkt_time":1490976027674201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1490976027674201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200900_93851ff8129a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976027724821,"flow_src_last_pkt_time":1490976027724821,"flow_dst_last_pkt_time":1490976027724821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976027724821,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1490976027724821,"flow_dst_last_pkt_time":1490976027724821,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976027724821,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk1AAEARM2qsECrYrBAqASjeADUAKB2sfT0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976027724821,"flow_src_last_pkt_time":1490976027724821,"flow_dst_last_pkt_time":1490976027724821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976027724821,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","domainame":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -85,10 +85,10 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1490976029248822,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976029325964,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1490976029328330,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976029328330,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1490976029341528,"pkt":"AMDKkaPvePiC0\/vCCABFAAERxD1AAEAGmKasECrYNFXRxdfKAbvTso2Ii4QTE4AYAVeNQAAAAQEICgD2ScZtCebiFgMBANgBAADUAwNT2KB0JrHY5dbwauLLHFhO0VZRwtPH9AKUlOkcVsOHnAAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAfwAAABMAEQAADnd3dy5hbWF6b24uY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029341528,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029325964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029341528,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029386853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976029386853,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA09fhAAPMGtMc0VdHFrBAq2AG718qLhBMT07KOZYAQAHYgXQAAAQEICm0J5usA9knG"} -01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976029387254,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01862{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1490976029387940,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976029387254,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01821{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976029341528,"flow_dst_last_pkt_time":1490976029387940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1490976029387940,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029669574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029669574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029669574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1490976029669574,"pkt":"AMDKkaPvePiC0\/vCCABFAABGWk9AAEARM16sECrYrBAqAU3\/ADUAMlRV5qsBAAABAAAAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQAB"} 01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029669574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029669574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -99,10 +99,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1490976029756146,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976029858463,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1490976029859802,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976029859802,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976029862221,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPYexAAEAG5LWsECrYNF7oAIMUAbsV\/ygGz06SC1AYAVe0ugAAFgMBAOIBAADeAwPKXhDT4mBwzwJLaYeyeukYihakDqOb9JFzyzNNj0iN1AAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAiQAAAB0AGwAAGG1hZHMuYW1hem9uLWFkc3lzdGVtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgID"} -01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029862221,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029862221,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030030696,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976030030696,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo+q5AAOcGpdk0XugArBAq2AG7gxTPTpILFf8o7VAQf\/wXewAAAAAAAAAA"} -01402{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976030031163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":3332,"midstream":0,"thread_ts_usec":1490976030031797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB","blocks":0}}} +01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976030031163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01692{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":3332,"midstream":0,"thread_ts_usec":1490976030031797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030681470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976030681470,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030681470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1490976030681470,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWlBAAEARM1+sECrYrBAqARy+ADUAMIK\/xAMBAAABAAAAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAQ=="} 01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030681470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976030681470,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -114,10 +114,10 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1490976030894150,"flow_dst_last_pkt_time":1490976031102375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976031102375,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwN3JAAOcGN8U27xa5rBAq2AG70bLD2Mra8rhtz3ASH\/580QAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1490976031103941,"flow_dst_last_pkt_time":1490976031102375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976031103941,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7BAAEAG7o+sECrYNu8WudGyAbvyuG3Pw9jK21AQAVfHQgAA"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031102375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1490976031106386,"pkt":"AMDKkaPvePiC0\/vCCABFAAENJ7FAAEAG7amsECrYNu8WudGyAbvyuG3Pw9jK21AYAVcWrwAAFgMBAOABAADcAwMXtWbEMzpaIh7LAfTS6lRlyq4lFkX3g5E1gYNEJ7C9NQAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAhwAAABsAGQAAFmZpcnMtdGEtZzdnLmFtYXpvbi5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} -01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031102375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976031106386,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031102375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976031106386,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031181205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976031181205,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoTUpAANUGM\/U27xa5rBAq2AG70bLD2Mrb8rhtz1AQAOjHsQAAAAAAAAAA"} -01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031185749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976031185749,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01721{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031186324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":3320,"midstream":0,"thread_ts_usec":1490976031186324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","tls": {"version":"TLSv1.2","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86","blocks":0}}} +01360{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031185749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976031185749,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976031106386,"flow_dst_last_pkt_time":1490976031186324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":3320,"midstream":0,"thread_ts_usec":1490976031186324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","tls": {"version":"TLSv1.2","server_names":"firs-ta-g7g.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031581495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976031581495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031581495,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1490976031581495,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WlFAAEARM2SsECrYrBAqAaBGADUAKk94StwBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031581495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976031581495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -145,18 +145,18 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1490976035553389,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976035610272,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1490976035612740,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976035612740,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1490976035616784,"pkt":"AMDKkaPvePiC0\/vCCABFAAEYJIlAAEAG5resECrYIsc08JXbAbv9XGi1DNF\/B4AYAVcMvQAAAQEICgD2TDlEF1TYFgMBAN8BAADbAwP73M1sxI2HkRgH8V1BL3eSUwWF+lNvBxlDQftlXGYrfgAAIPr6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAksrKAAD\/AQABAAAAAC0AKwAAKGNvZ25pdG8taWRlbnRpdHkudXMtZWFzdC0xLmFtYXpvbmF3cy5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGGpqAAEA"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976035616784,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035610272,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976035616784,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035732914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976035732914,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KgNAAOsGNyEixzTwrBAq2AG7ldsM0X8H\/VxpmYAQAHfW9AAAAQEICkQXVQYA9kw5"} -01341{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976035733287,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976035733821,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976035733287,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976035616784,"flow_dst_last_pkt_time":1490976035733821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976035733821,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037754217,"flow_dst_last_pkt_time":1490976037754217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976037754217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1490976037754217,"flow_dst_last_pkt_time":1490976037754217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976037754217,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1490976037754217,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976037803932,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1490976037807519,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976037807519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1490976037809016,"pkt":"AMDKkaPvePiC0\/vCCABFAAE4+KxAAEAGEnSsECrYIsc08JXcAbvRHbWlOArUbYAYAVfzMQAAAQEICgD2TRREF1cYFgMBAP8BAAD7AwMVuDHoPIxY5YbdWtXfttgnszJ6dj3kr1us3m0FTwAhaSCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxQAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACSOjoAAP8BAAEAAAAALQArAAAoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACLq6AB0AFwAY6uoAAQA="} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976037809016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037803932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976037809016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037919951,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976037919951,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0g1VAAOoG3s4ixzTwrBAq2AG7ldw4CtRt0R22qYAQAHcydQAAAQEICkQXVzkA9k0U"} -01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037920091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1490976037920091,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976037809016,"flow_dst_last_pkt_time":1490976037920091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1490976037920091,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041150466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041150466,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041150466,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1490976041150466,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWlNAAEARM1+sECrYrBAqAdZmADUALY4\/ocgBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041150466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041150466,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -167,9 +167,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041156517,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976041212203,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041215822,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976041215822,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976041217250,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3TnJAAEAG98GsECrYNF7ohrJdAbvhYQAUn+DXDlAYAVcoRwAAFgMBAMoBAADGAwO\/f09SaeVtExBhd3Gv\/ERXGLhlRtygdI3ZdlzQ0IY6FAAAILq6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfUpKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAh6egAdABcAGFpaAAEA"} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041217250,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041217250,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041278804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976041278804,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcCfVAAOcGkFk0XuiGrBAq2AG7sl2f4NcO4WEA41AYf\/nzkwAAFgMBDLwCAABGAwFY3n0prRqzn+uUe7J2SGc9ycgvCdlpITNiR\/tB85Rx3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02009{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041279232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976041279232,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01968{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041279232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976041279232,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041384197,"flow_dst_last_pkt_time":1490976041384197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041384197,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041384197,"flow_dst_last_pkt_time":1490976041384197,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041384197,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041400900,"flow_dst_last_pkt_time":1490976041400900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041400900,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -182,15 +182,15 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041384197,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976041439512,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041440529,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976041440529,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976041444441,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX07RAAEAGcl+sECrYNF7ohrJeAbv1uZ3JbvNkfVAYAVcAGwAAFgMBAOoBAADmAwOSkZ7MV5tRrPXYmwy49debN2XXTGXQ0IImU9DOeZ6S4yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACJqaAB0AFwAYysoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041444441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041444441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041400900,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976041446155,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041447594,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976041447594,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976041448206,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXumBAAEAGi7OsECrYNF7ohrJfAburivQjPCMzQVAYAVegPwAAFgMBAOoBAADmAwPMxcZuQn9QgwOiuLXeL1fCgh6paRvCicrfIqGcHwVG8yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYamoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041448206,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041448206,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041498208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976041498208,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoOWdAAOcGZps0XuiGrBAq2AG7sl88IzNBq4r1ElAQf\/h38gAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041498343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041498343,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041498343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041498343,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041502643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976041502643,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAon6JAAOcGAGA0XuiGrBAq2AG7sl5u82R99bmeuFAQf\/ggEgAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041502807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041502807,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041502807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041502807,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976041680864,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041680864,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041680864,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041680864,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041770147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041770147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -212,29 +212,29 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976041961796,"flow_dst_last_pkt_time":1490976041961796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041961796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041961796,"flow_dst_last_pkt_time":1490976041961796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041961796,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8261AAEAGgfisECrYNFXR2NSMAbsYT5UZAAAAAKAC\/\/+XjgAAAgQFtAQCCAoA9k60AAAAAAEDAwg="} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041962495,"flow_dst_last_pkt_time":1490976041952733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1490976041962495,"pkt":"AMDKkaPvePiC0\/vCCABFAAELYDxAAEAGsx+sECrYNu8YuoTjAbvEzS6SzeCOhlAYAVd4ugAAFgMBAN4BAADaAwPrd1S1ddQk7rUlC7xdTTn0up1nnk\/tmx0cHtuMmn3chgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAkVpaAAD\/AQABAAAAACwAKgAAJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYuroAAQA="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976041962495,"flow_dst_last_pkt_time":1490976041952733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041962495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976041962495,"flow_dst_last_pkt_time":1490976041952733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041962495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041942417,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041989388,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041995382,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976041995382,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1490976041995659,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+BJlAAEAGWEusECrYNFXR2NSLAbvD9komsM9I8YAYAVe71AAAAQEICgD2Trdtm51vFgMBAMUBAADBAwO5UA\/iZEVzwxa2fCwy81ITWHfzxsPCnxUHsdFTfcWAvgAAILq6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeAoKAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABjq6gABAA=="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041995659,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976041989388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041995659,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976042054012,"flow_src_last_pkt_time":1490976042054012,"flow_dst_last_pkt_time":1490976042054012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976042054012,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1490976042054012,"flow_dst_last_pkt_time":1490976042054012,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042054012,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041961796,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042056791,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1490976042057764,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042057764,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1490976042058395,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+269AAEAGgTSsECrYNFXR2NSMAbsYT5UaPnH5CIAYAVdplAAAAQEICgD2Tr1s\/wWhFgMBAMUBAADBAwOGZCJ5XClhLW3uSio8xzT8mg+rdruUVrO5OZF9oNZ61QAAIIqKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeCoqAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIamoAHQAXABh6egABAA=="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976042058395,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042056791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976042058395,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042062566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042062566,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA01YZAAPMG1SY0VdHYrBAq2AG71Iuwz0jxw\/ZK8IAQAHZfggAAAQEICm2bnXcA9k63"} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042081606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042081606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01791{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042082340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042082340,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042081606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042081606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976041995659,"flow_dst_last_pkt_time":1490976042082340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042082340,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1490976042054012,"flow_dst_last_pkt_time":1490976042099362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042099362,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71I2zekUSpjRPT6AScSDSoAAAAgQFtAQCCAptF6XzAPZOvQEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1490976042101270,"flow_dst_last_pkt_time":1490976042099362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042101270,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042143678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042143678,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0\/KJAAPMGrgo0VdHYrBAq2AG71Iw+cfkIGE+V5IAQAHYa3wAAAQEICmz\/BaoA9k69"} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042149888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042149888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01791{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042150550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042150550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042149888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976042149888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042058395,"flow_dst_last_pkt_time":1490976042150550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976042150550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976041952733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1490976042239996,"pkt":"AMDKkaPvePiC0\/vCCABFAAELYD1AAEAGsx6sECrYNu8YuoTjAbvEzS6SzeCOhlAYAVd4ugAAFgMBAN4BAADaAwPrd1S1ddQk7rUlC7xdTTn0up1nnk\/tmx0cHtuMmn3chgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAkVpaAAD\/AQABAAAAACwAKgAAJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYuroAAQA="} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976042286958,"flow_dst_last_pkt_time":1490976042283855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1030,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1358,"flow_dst_tot_l4_payload_len":15533,"midstream":0,"thread_ts_usec":1490976042286958,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":47,"avg":22128.4,"max":90510,"stddev":31052.4,"var":964249024.0,"ent":3.6,"data": [46971,52965,277,73178,134,18906,393,341,423,88175,318,744,233,8121,32759,75313,63701,49446,70919,806,90510,2043,419,465,407,524,703,47,5315,294,1129]},"pktlen": {"min":52,"avg":580.3,"max":1500,"stddev":637.0,"var":405792.1,"ent":4.1,"data": [60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0],"entropies": [4.626680851,5.273560524,5.056022167,5.578444004,5.038779736,5.038779736,6.941484451,7.235523224,7.505930424,7.618381500,5.017560482,4.979098797,4.979098797,4.979099274,6.314942837,7.805894852,7.019865036,5.056022167,5.000318527,7.867209435,7.863208771,4.979098797,7.856099606,7.887753487,7.874964714,7.517594337,7.873031139,7.831841469,5.789580822,4.979099274,4.979098797,4.940637589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01369{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976042302047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":454,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976042302047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976042302667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":454,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976042302667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D","blocks":0}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976042302047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":454,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976042302047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01682{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042239996,"flow_dst_last_pkt_time":1490976042302667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":454,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976042302667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1490976042346204,"flow_dst_last_pkt_time":1490976042099362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042346204,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfVAAEAGW7msECrYNFXR2NSNAbumNE9Ps3pFE4ARAVdxGQAAAQEICgD2TtptF6Xz"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1490976042346204,"flow_dst_last_pkt_time":1490976042393531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976042393531,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA04wJAAPMGx6o0VdHYrBAq2AG71I2zekUTpjRPUIARAHJx3wAAAQEICm0XphEA9k7a"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1490976042419678,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976042419678,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G69AAEAGvmqsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/VegAAAgQFtAQCCAoA9k7iAAAAAAEDAwg="} @@ -254,15 +254,15 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1490976043814984,"flow_dst_last_pkt_time":1490976043869135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976043869135,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnhhAAOcGCCpIFc6HrBAq2AG7pJISbmyuAlYgcXASH\/4uVQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1490976043870392,"flow_dst_last_pkt_time":1490976043869135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976043870392,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobx5AAEAG3iysECrYSBXOh6SSAbsCViBxEm5sr1AQAVd4xgAA"} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1490976043870910,"flow_dst_last_pkt_time":1490976043869135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976043870910,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1bx9AAEAG3V6sECrYSBXOh6SSAbsCViBxEm5sr1AYAVf8bgAAFgMBAMgBAADEAwOSNimGSrtikrr4BiDGBJaapUtZMMHJl95wUbRDfz5SFQAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeyoqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976043870910,"flow_dst_last_pkt_time":1490976043869135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043870910,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976043870910,"flow_dst_last_pkt_time":1490976043869135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043870910,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1490976043814090,"flow_dst_last_pkt_time":1490976043873683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976043873683,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwUbtAAOcGVIdIFc6HrBAq2AG7pJG1BAKQQ3Bp4nASH\/5rUgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1490976043875525,"flow_dst_last_pkt_time":1490976043873683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976043875525,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo1AAEAGJr6sECrYSBXOh6SRAbtDcGnitQQCkVAQAVe1wwAA"} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043873683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976043875775,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1Jo5AAEAGJfCsECrYSBXOh6SRAbtDcGnitQQCkVAYAVcxBAAAFgMBAMgBAADEAwMZJehCtkKewcHD+xJYxAVW6uEh3JFfPpUNQgyNLbS3VAAAIBoazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe+rqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABhKSgABAA=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043873683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043875775,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043873683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043875775,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1490976043870910,"flow_dst_last_pkt_time":1490976043919439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976043919439,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2oZAANwG1sNIFc6HrBAq2AG7pJISbmyvAlYgcVAQARx5AQAAAAAAAAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043940982,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976043940982,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoQ5xAANwGba5IFc6HrBAq2AG7pJG1BAKRQ3Bp4lAQARy1\/gAAAAAAAAAA"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043941369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976043941369,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01688{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043941993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976043941993,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043941369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976043941369,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01647{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043875775,"flow_dst_last_pkt_time":1490976043941993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976043941993,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044189172,"flow_dst_last_pkt_time":1490976044189172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044189172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1490976044189172,"flow_dst_last_pkt_time":1490976044189172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044189172,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8KphAAEAGHFesECrYNF7ohrJpAbvSj2UKAAAAAKAC\/\/8X6wAAAgQFtAQCCAoA9k+SAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044219115,"flow_dst_last_pkt_time":1490976044219115,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044219115,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -270,15 +270,15 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1490976044189172,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976044265954,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044267960,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044267960,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044269016,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXKppAAEAGG3qsECrYNF7ohrJpAbvSj2ULXMI6zFAYAVcFOAAAFgMBAOoBAADmAwNdGKNvzWhzY9OhvyZ+keLLKk\/7AQzq3mwK9RBmTgVI5yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044269016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044269016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1490976044219115,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976044285893,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044287837,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044287837,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044288914,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXUU9AAEAG9MSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AYAVcwFgAAFgMBAOoBAADmAwN0wOf7tRdLaTVmj8QP9secnQ3jNnC0CYFCDog2row9lyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB96uoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAY+voAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044288914,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044288914,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044330889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044330889,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGa5AAOcGhlQ0XuiGrBAq2AG7smlcwjrM0o9l+lAQf\/i30QAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044331031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044331031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044331031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044331031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044404656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044404656,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAocTtAAOcGLsc0XuiGrBAq2AG7smoL+FEzEvIfyFAQf\/j4AwAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044404790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044404790,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044404790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044404790,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044419794,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044419794,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976044439648,"flow_src_last_pkt_time":1490976044439648,"flow_dst_last_pkt_time":1490976044439648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044439648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1490976044439648,"flow_dst_last_pkt_time":1490976044439648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044439648,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="} @@ -300,27 +300,27 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1490976044521564,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976044585749,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044587462,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044587462,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044587741,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXGDdAAEAGLd2sECrYNF7ohrJsAbtUI1eGkQU1XVAYAVdYfwAAFgMBAOoBAADmAwMHp\/uCPKzIqLpk\/u5Y5aYh1Wm9z8VlToWpRpTq02qhKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYiooAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044587741,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044587741,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044588696,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044588696,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044588921,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044588921,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044589054,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044589054,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044595184,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX07tAAEAGclisECrYNF7ohrJtAbvCg5wMD9ZxDlAYAVcZ4AAAFgMBAOoBAADmAwMbir\/VgnkPVKkE\/Xu6XjUcyinI0jcCde8BTkIAsu8XPyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAY2toAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044595782,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdBJAAEAG0gGsECrYNF7ohrJuAbv0jjuju8rxnFAYAVf+XwAAFgMBAOoBAADmAwMrTrxt6fXaVT85w7y\/oBbFpkU1n1V7egWaCm1h86YfdiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYamoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595782,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595782,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044596868,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXpBRAAEAGof+sECrYNF7ohrJvAbuLWOunprYg71AYAVeiCQAAFgMBAOoBAADmAwPd1iOBKblgnVQxNgabPGiTNhU8S0+QlhDIurluRG6LLSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYiooAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044596868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044596868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044679697,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044679697,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044687016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976044687016,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9Mc5AAOcGbd80XuiGrBAq2AG7sm0P1nEOwoOc+1AYf\/iD+AAAFgMBAEoCAABGAwFY3n0svZffnx292YM8BnDkyDMEgFU6ZUM30vCin0OQyyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044687016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044687016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044687177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044687177,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo9upAAOcGqRc0XuiGrBAq2AG7smyRBTVdVCNYdVAQf\/gU7AAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044687209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687209,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044687209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687209,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044687345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976044687345,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9LZ9AAOcGcg40XuiGrBAq2AG7sm+mtiDvi1jsllAYf\/i0FAAAFgMBAEoCAABGAwFY3n0sREHukAACBv+MMlmfhll64s8dZ38b+V21ucVGlyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044687345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044687345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044687923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044687923,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAov01AAOcG4LQ0XuiGrBAq2AG7sm67yvGc9I48klAQf\/ipXAAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044687978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976044649888,"flow_dst_last_pkt_time":1490976044708534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":615,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976044708534,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01688{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976044649888,"flow_dst_last_pkt_time":1490976044708747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":615,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976044708747,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044687978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976044649888,"flow_dst_last_pkt_time":1490976044708534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":615,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976044708534,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01647{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976044649888,"flow_dst_last_pkt_time":1490976044708747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":615,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976044708747,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} 01866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044910321,"flow_dst_last_pkt_time":1490976044548899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1050,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1050,"pkt_l4_len":1016,"thread_ts_usec":1490976044910321,"pkt":"AMDKkaPvePiC0\/vCCABFAAQMt7pAAEAGi2SsECrYNF7ohsG1AFD+AvgdsHQ7blAYAVc4SwAAR0VUIC9saWIvYm9vdHN0cmFwL2ltZy9nbHlwaGljb25zLWhhbGZsaW5ncy5wbmcgSFRUUC8xLjENCkhvc3Q6IGFsZXhhLmFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vbGliL2Jvb3RzdHJhcC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLXRva2VuPSJlZnRGbVk1RjVyVGd3czduK2VDZFhaU1R5SGNEeWtObDNNMXBjbzNSVktqeW43eW50T2tKNkxMRXlENUR4a3VuMnJaQXd5aVFVTlBKcVZtOG9HWE5xSG1mZjFwTjlZSWtML2lUQy9XQjY1eDc5RWFIWTdQN0JMMWZSS2VIWDNwSFc4ZW03SFJ6Q3ZkcGF1WWtzV0ZZTzBOTWVWclB6MWNYZVpIeldyejM4ZjdxRlhsOTFxaEhZdlRndHVKV2tsRlRkWmdpbHRNYmMvbz0iOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IHgtbWFpbj0idWlUck1lOHdRV3l6ekJsM2s5eUNQbExYUk1TVWFtTXhDWTZRZ1A4azlwd0pmcE1KT0tZWHN5UT9za3JBOEFhTiI7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBsYy1tYWluPWVuX1VTDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"} 01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976044439648,"flow_src_last_pkt_time":1490976044910321,"flow_dst_last_pkt_time":1490976044998683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1992,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976044998683,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","http": {"url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":404,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 02206{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976046401041,"flow_dst_last_pkt_time":1490976046398896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5245,"flow_dst_tot_l4_payload_len":5794,"midstream":0,"thread_ts_usec":1490976046401041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":38,"avg":166773.2,"max":835939,"stddev":244032.9,"var":59552047104.0,"ent":3.7,"data": [54151,55408,518,50304,258867,520111,785264,3831,152,61,38,60785,290,133,140,52112,10967,286978,223908,2741,139187,177,171943,179936,143,402714,22375,216464,783828,835939,50504]},"pktlen": {"min":40,"avg":387.0,"max":1500,"stddev":534.6,"var":285800.0,"ent":3.9,"data": [60,48,40,245,46,245,245,46,1500,1500,1500,674,40,40,40,40,166,1500,91,468,46,46,466,40,1500,1196,46,343,40,40,46,40]},"bins": {"c_to_s": [10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0],"entropies": [4.639262199,5.093094349,4.881687164,5.568202496,4.549461365,5.554956913,5.568202496,4.565872192,7.128635883,7.312258720,7.415528297,7.604400635,4.781687260,4.881687164,4.831687450,4.781687260,6.335466385,7.875119209,5.923600674,7.493732452,4.609350681,4.565872192,7.514861107,4.781687260,7.858917713,7.840357780,4.609350681,7.350516796,4.881687164,4.931686878,4.609350204,4.881687164]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -329,9 +329,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1490976046418630,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976046475196,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1490976046478174,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976046478174,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1490976046478452,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976046478452,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdepAAEAG0CmsECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046478452,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976046478452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046478452,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976046478452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1490976046789894,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976046789894,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdetAAEAG0CisECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046789894,"flow_dst_last_pkt_time":1490976046847694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976046847694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046789894,"flow_dst_last_pkt_time":1490976046847694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976046847694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976047014580,"flow_dst_last_pkt_time":1490976047014580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047014580,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1490976047014580,"flow_dst_last_pkt_time":1490976047014580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047014580,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047050685,"flow_dst_last_pkt_time":1490976047050685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047050685,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -339,23 +339,23 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047014580,"flow_dst_last_pkt_time":1490976047071231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047071231,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYANAAOcGDTM27xi6rBAq2AG7hPHQ2dGWKLR0gXASH\/53JwAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047073443,"flow_dst_last_pkt_time":1490976047071231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047073443,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJC5AAEAG8BCsECrYNu8YuoTxAbsotHSB0NnRl1AQAVfBmAAA"} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047075090,"flow_dst_last_pkt_time":1490976047071231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976047075090,"pkt":"AMDKkaPvePiC0\/vCCABFAAErJC9AAEAG7wysECrYNu8YuoTxAbsotHSB0NnRl1AYAVfKZQAAFgMBAP4BAAD6AwPSe8wUiJXpNpYC5p1xsYpcgdnDHHsp6lbLCZ0qkdBUqSAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRysoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIenoAHQAXABgaGgABAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976047075090,"flow_dst_last_pkt_time":1490976047071231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047075090,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976047075090,"flow_dst_last_pkt_time":1490976047071231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047075090,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047096758,"flow_dst_last_pkt_time":1490976047096758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047096758,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1490976047096758,"flow_dst_last_pkt_time":1490976047096758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047096758,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Q4ZAAEAGA2msECrYNF7ohrJzAbuRhBMzAAAAAKAC\/\/+poAAAAgQFtAQCCAoA9lC1AAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047050685,"flow_dst_last_pkt_time":1490976047107719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047107719,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYitAAOcGCws27xi6rBAq2AG7hPIGkxHQyCyc9XASH\/45RwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047109306,"flow_dst_last_pkt_time":1490976047107719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047109306,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEZAAEAGR\/isECrYNu8YuoTyAbvILJz1BpMR0VAQAVeDuAAA"} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047107719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976047111087,"pkt":"AMDKkaPvePiC0\/vCCABFAAErzEdAAEAGRvSsECrYNu8YuoTyAbvILJz1BpMR0VAYAVc5bAAAFgMBAP4BAAD6AwOHjgfKXB+EyvQ1n9JLqidhikfJJ6RpsxoH8cEzQ3q86iAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRCgoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIiooAHQAXABjKygABAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047107719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047111087,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047107719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047111087,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047075090,"flow_dst_last_pkt_time":1490976047129729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976047129729,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBwBAANsGcj427xi6rBAq2AG7hPHQ2dGXKLR0gVAQARzB0wAAAAAAAAAA"} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976047075090,"flow_dst_last_pkt_time":1490976047133701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047133701,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976047075090,"flow_dst_last_pkt_time":1490976047133701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047133701,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047096758,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047154862,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047155806,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047155806,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976047156667,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXQ4hAAEAGAoysECrYNF7ohrJzAbuRhBM06ucBaVAYAVetQwAAFgMBAOoBAADmAwPpgUoR+zK1io939odz8bqrlk+DvqS0v3DALb7a+kUiQCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9SkoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAYGhoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047156667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047156667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047164510,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976047164510,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoxWZAANsGs9c27xi6rBAq2AG7hPIGkxHRyCyc9VAQARyD8wAAAAAAAAAA"} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047169413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047169413,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047169413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047169413,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047217627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976047217627,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9T+pAAOcGT8M0XuiGrBAq2AG7snPq5wFpkYQUI1AYf\/jAygAAFgMBAEoCAABGAwFY3n0vHwUTKh3kRQicQrFbwZi3ae4Tj1002+Y32pnlTCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047217627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976047217627,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047217627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976047217627,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047560420,"flow_dst_last_pkt_time":1490976047560420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047560420,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1490976047560420,"flow_dst_last_pkt_time":1490976047560420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047560420,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047563011,"flow_dst_last_pkt_time":1490976047563011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047563011,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -363,24 +363,24 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047560420,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047602380,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047603553,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976047603553,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1490976047610667,"pkt":"AMDKkaPvePiC0\/vCCABFAAI5csRAAEAG6OSsECrYNFXR2NSbAbtgrSInoklc6IAYAVfMzwAAAQEICgD2UOhtkKkCFgMBAgABAAH8AwN2BwhjfJbg5Am9t4WVCSBsvbJjgWDho9rtAy+p\/VRu5SBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHawAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTCgoAAP8BAAEAAAAAEwARAAAOd3d3LmFtYXpvbi5jb20AFwAAACMAsFRWtD3JSKQf4Lr9eEfx0PQ01nHGkidDCG7s9KZESOymslO\/GqdkoVsdJK5ZoYugmQyWHOp1tqWh2bA4KlSTUx1xDcGhPBYTENeT+hnpzYJuHISGm+WAjLYZpeScMXdEj+cpOxx40tMWY+U2GkrsQW5AIinC1PY+tiQWPYlKDKD6UtQmLCxNZDzFu5nYZUvgPU\/iQ7PiXNcQfJ3byiPYuj5cRmbUB10pxz435spf4lY4AA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYamoAAQAAFQBnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047610667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047602380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047610667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047563011,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047629213,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047631210,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047631210,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1490976047631468,"pkt":"AMDKkaPvePiC0\/vCCABFAAEVy+NAAEAGgHqsECrYSBXOh6SfAbuD+JsGurVFYVAYAVcKJQAAFgMBAOgBAADkAwP\/\/gAuAk5v3TG7NhYWBuGwBvgFQjeXqnaZyi9wFBW4dCCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7CgoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAj6+gAdABcAGCoqAAEA"} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047631468,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047629213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047631468,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047652109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976047652109,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA09e9AAPMGtL00VdHYrBAq2AG71JuiSVzoYK0kLIAQAHbWWAAAAQEICm2QqQcA9lDo"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047664674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047664674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047610667,"flow_dst_last_pkt_time":1490976047664674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047664674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047694431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976047694431,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoM15AAOcGcuxIFc6HrBAq2AG7pJ+6tUVhg\/ib81AQf\/x79QAAAAAAAAAA"} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047695425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047695425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047631468,"flow_dst_last_pkt_time":1490976047695425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047695425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047738970,"flow_dst_last_pkt_time":1490976047737869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":18550,"flow_dst_tot_l4_payload_len":666,"midstream":0,"thread_ts_usec":1490976047738970,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":114,"avg":44370.0,"max":352057,"stddev":78836.5,"var":6215196160.0,"ent":3.5,"data": [57034,58621,1781,56791,4768,135,59291,267,22886,80040,5852,71839,321,148,565,303,201,1403,296,114,67763,34752,23901,352057,295338,129,57737,650,60553,128,59805]},"pktlen": {"min":40,"avg":643.2,"max":1500,"stddev":676.9,"var":458225.8,"ent":4.1,"data": [60,48,40,299,46,46,196,40,91,806,46,550,1500,1425,1500,1500,1500,1500,1500,1500,69,46,46,46,1500,46,46,1500,1500,46,46,1500]},"bins": {"c_to_s": [4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0],"s_to_c": [11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0],"entropies": [4.705928802,5.119034290,4.831687450,5.956132412,4.565872192,4.522393703,6.373359203,4.831687450,5.346002579,7.707840443,4.565872192,7.614433289,7.881308079,7.868000031,7.843427658,7.860275269,7.859666824,7.853141308,7.878274441,7.872379303,5.651857376,4.478915691,4.522393703,4.522393703,7.860081673,4.565871716,4.565872192,7.860362053,7.853739262,4.609350681,4.609350681,7.878521442]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047858519,"flow_dst_last_pkt_time":1490976047858519,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047858519,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1490976047858519,"flow_dst_last_pkt_time":1490976047858519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047858519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA84nJAAEAGasSsECrYSBXOh6SgAbtFc7NzAAAAAKAC\/\/9pQAAAAgQFtAQCCAoA9lEBAAAAAAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047858519,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047907178,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwsPFAAOcG9VBIFc6HrBAq2AG7pKCmhnFJRXOzdHASH\/6\/cgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047908219,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047908219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1490976047908954,"pkt":"AMDKkaPvePiC0\/vCCABFAAEV4nRAAEAGaemsECrYSBXOh6SgAbtFc7N0poZxSlAYAVeSewAAFgMBAOgBAADkAwNIPWEPEPoMeooP6quIPBRotR9ApG0zx\/9LIBRu+eswEiCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAgSkrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7amoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAg6OgAdABcAGAoKAAEA"} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047908954,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047907178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047908954,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047955394,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976047955394,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAolARAAOcGEkZIFc6HrBAq2AG7pKCmhnFKRXO0YVAQf\/yKUQAAAAAAAAAA"} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047956403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047956403,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976047908954,"flow_dst_last_pkt_time":1490976047956403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047956403,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1490976048429947,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976048429947,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7FAAEAGvmisECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/TIQAAAgQFtAQCCAoA9lE7AAAAAAEDAwg="} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976048620673,"packet_id":757,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976048620673} 00377{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1490976048429947,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} @@ -390,9 +390,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1490976054009715,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976054070557,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1490976054071611,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976054071611,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976054072460,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXL1RAAEAGFsCsECrYNF7ohrJ3AbtDNXw2OlR3KlAYAVd6FAAAFgMBAOoBAADmAwPBrmY0NdI\/E4D2qVtO38be10HD8gGTXfDLQBOZkXF05iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9amoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYOjoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976054072460,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976054072460,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054168161,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976054168161,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAopJ1AAOcG+2Q0XuiGrBAq2AG7snc6VHcqQzV9JVAQf\/gWAwAAAAAAAAAA"} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054168300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976054168300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054168300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976054168300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00734{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976055356710,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976055356710,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1490976055356710,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_usec":1490976055356710,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976055356710,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976055356710,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -403,17 +403,17 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1490976057977153,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976058029112,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1490976058030172,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976058030172,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976058032132,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqupAAEAGmymsECrYNF7ohrJ4AbvwDv4ddXds+FAYAVeo8gAAFgMBAOoBAADmAwMoaRx1UdIM893OKMmXrcWPDPO7AujafDygNOivm9PC5iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058032132,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058032132,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058082623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976058082623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9+TBAAOcGpnw0XuiGrBAq2AG7snh1d2z48A7\/DFAYf\/grMQAAFgMBAEoCAABGAwFY3n06YnWpXQ3KkZkNmnBbnjScZILp4v2nCTgeJCnodCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058082623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976058082623,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058082623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976058082623,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058103747,"flow_dst_last_pkt_time":1490976058103747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058103747,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1490976058103747,"flow_dst_last_pkt_time":1490976058103747,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976058103747,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1490976058103747,"flow_dst_last_pkt_time":1490976058160050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976058160050,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1490976058162207,"flow_dst_last_pkt_time":1490976058160050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976058162207,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1490976058166385,"flow_dst_last_pkt_time":1490976058160050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976058166385,"pkt":"AMDKkaPvePiC0\/vCCABFAAEr7EFAAEAGJvqsECrYNu8YuoT5Abs\/ELk+drNrh1AYAVfN+AAAFgMBAP4BAAD6AwMOUC6Wi9btijW5bAYVZWtISVWnuZZb\/u1xZk+ZAvvymiAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRKioAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABiamgABAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058166385,"flow_dst_last_pkt_time":1490976058160050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058166385,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058166385,"flow_dst_last_pkt_time":1490976058160050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058166385,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1490976058166385,"flow_dst_last_pkt_time":1490976058218027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976058218027,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoRuVAANsGMlk27xi6rBAq2AG7hPl2s2uHPxC5PlAQARwm6QAAAAAAAAAA"} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058166385,"flow_dst_last_pkt_time":1490976058222165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976058222165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058166385,"flow_dst_last_pkt_time":1490976058222165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976058222165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00938{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731374,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058813424,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00929{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022741105,"flow_src_last_pkt_time":1490976022741164,"flow_dst_last_pkt_time":1490976022741105,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058813424,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01056{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058813424,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -426,19 +426,19 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1490976064328375,"flow_dst_last_pkt_time":1490976064389062,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976064389062,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkwRAAOcGEz5IFc6HrBAq2AG7pKSpsxlXsm+mQnASH\/60aQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1490976064390589,"flow_dst_last_pkt_time":1490976064389062,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976064390589,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8S9AAEAGXBusECrYSBXOh6SkAbuyb6ZCqbMZWFAQAVf+2gAA"} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1490976064392195,"flow_dst_last_pkt_time":1490976064389062,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1490976064392195,"pkt":"AMDKkaPvePiC0\/vCCABFAAEV8TBAAEAGWy2sECrYSBXOh6SkAbuyb6ZCqbMZWFAYAVfKsgAAFgMBAOgBAADkAwP+0zyDGxXotNTaK9PKSDUhNTk9mpydrcn7is4FWWWLVSCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7OjoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGIqKAAEA"} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064392195,"flow_dst_last_pkt_time":1490976064389062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064392195,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064392195,"flow_dst_last_pkt_time":1490976064389062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064392195,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1490976064333083,"flow_dst_last_pkt_time":1490976064448088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1490976064448088,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC91iFAAEARtxSsECoBrBAq2AA1rbsAqQ1IHgmBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABFAAoDd3d3A2NkbsAQwCwABQABAAAAAwAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAEABDRV0djAQgABAAEAAAABAAQ0VdHFwEIAAQABAAAAAQAENFXRj8BCAAEAAQAAAAEABDRV0Xo="} 01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976064333083,"flow_src_last_pkt_time":1490976064333083,"flow_dst_last_pkt_time":1490976064448088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976064448088,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.amazon.com","domainame":"www.amazon.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.85.209.216,ttl=1","52.85.209.197,ttl=1","52.85.209.143,ttl=1","52.85.209.122,ttl=1"]}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064452332,"flow_dst_last_pkt_time":1490976064452332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064452332,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1490976064452332,"flow_dst_last_pkt_time":1490976064452332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976064452332,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L2dAAEAGLj+sECrYNFXR2NSiAbtfxHgaAAAAAKAC\/\/9kOQAAAgQFtAQCCAoA9ld9AAAAAAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1490976064392195,"flow_dst_last_pkt_time":1490976064454232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976064454232,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAolxlAAOcGDzFIFc6HrBAq2AG7pKSpsxlYsm+nL1AQf\/x\/SAAAAAAAAAAA"} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064392195,"flow_dst_last_pkt_time":1490976064454409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976064454409,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064392195,"flow_dst_last_pkt_time":1490976064454409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":237,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976064454409,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1490976064452332,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976064505269,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1490976064519519,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976064519519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1490976064520567,"pkt":"AMDKkaPvePiC0\/vCCABFAAI5L2lAAEAGLECsECrYNFXR2NSiAbtfxHgbfm1cCoAYAVeoAQAAAQEICgD2V4RtHVo6FgMBAgABAAH8AwNl4D5WcIpeF6adbzNjl\/tiZhGpmavxSM5uXnDrdJHl1yBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHawAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTOjoAAP8BAAEAAAAAEwARAAAOd3d3LmFtYXpvbi5jb20AFwAAACMAsFRWtD3JSKQf4Lr9eEfx0PQ01nHGkidDCG7s9KZESOymslO\/GqdkoVsdJK5ZoYugmQyWHOp1tqWh2bA4KlSTUx1xDcGhPBYTENeT+hnpzYJuHISGm+WAjLYZpeScMXdEj+cpOxx40tMWY+U2GkrsQW5AIinC1PY+tiQWPYlKDKD6UtQmLCxNZDzFu5nYZUvgPU\/iQ7PiXNcQfJ3byiPYuj5cRmbUB10pxz435spf4lY4AA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAYWloAAQAAFQBnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064520567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064505269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976064520567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064568500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976064568500,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0BktAAPMGpGI0VdHYrBAq2AG71KJ+bVwKX8R6IIAQAHbunQAAAQEICm0dWkEA9leE"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064578107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976064578107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976064520567,"flow_dst_last_pkt_time":1490976064578107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976064578107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1511h2_f0daf39aad75_7ed7223c468c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067916709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976067916709,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067916709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976067916709,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlhAAEARM1+sECrYrBAqAe2EADUAKHojSVQBAAABAAAAAAAAA2FwaQZhbWF6b24DY29tAAABAAE="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067916709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976067916709,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.amazon.com","domainame":"api.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -449,10 +449,10 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1490976067968666,"flow_dst_last_pkt_time":1490976068061060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976068061060,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw1NlAAOcGk4Q27x2SrBAq2AG7otunydf3btzKLHASH\/7bQAAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_src_last_pkt_time":1490976068064020,"flow_dst_last_pkt_time":1490976068061060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976068064020,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvhAAEAGfG6sECrYNu8dkqLbAbtu3Mosp8nX+FAQAVclsgAA"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068061060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1490976068066460,"pkt":"AMDKkaPvePiC0\/vCCABFAAEFkvlAAEAGe5CsECrYNu8dkqLbAbtu3Mosp8nX+FAYAVdqyAAAFgMBANgBAADUAwMdKoGNaOtWl2eYW4si+Xi4wmWhQDuns4mF\/nWjaB0YoAAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAfwAAABMAEQAADmFwaS5hbWF6b24uY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068061060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976068066460,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068061060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976068066460,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":5,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068158441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976068158441,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2FJAAOcGkBM27x2SrBAq2AG7otunydf4btzLCVAQf\/ymLwAAAAAAAAAA"} -01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068174408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976068174408,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068174770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3330,"midstream":0,"thread_ts_usec":1490976068174770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068174408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976068174408,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01675{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068066460,"flow_dst_last_pkt_time":1490976068174770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":3330,"midstream":0,"thread_ts_usec":1490976068174770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com","domainame":"api.amazon.com","tls": {"version":"TLSv1.2","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D","blocks":0}}} 02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068084335,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976068174801,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":123,"avg":237241.0,"max":2896813,"stddev":560116.6,"var":313730662400.0,"ent":2.8,"data": [52937,67187,1048,63231,9607,59757,285,20918,462,225,155,1078,225,97487,133,7299,15901,484594,178,170,116007,306256,538314,1116565,2896813,279,153,126,123,583169,913790]},"pktlen": {"min":52,"avg":603.1,"max":1500,"stddev":665.4,"var":442821.7,"ent":4.1,"data": [60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1],"entropies": [4.705928802,5.273560047,4.979098797,6.082272053,5.000318527,6.571692467,5.056022167,5.591795921,7.858945847,7.890957355,6.413620949,7.866191387,7.874218941,7.863078117,5.038779736,5.000318050,5.000318050,4.884933472,7.878181458,7.882399559,7.840240955,7.842101574,7.879061222,7.879629612,7.876855850,4.940637112,4.991729736,5.085479736,5.116729736,5.116729736,5.056022167,5.000318050]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":934,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976068790465,"flow_dst_last_pkt_time":1490976070313997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":16863,"midstream":0,"thread_ts_usec":1490976070313997,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":102165.5,"max":486056,"stddev":138313.6,"var":19130660864.0,"ent":3.7,"data": [92394,95354,2440,97381,1862,14105,301,61,113369,268,157,49644,132555,83310,183928,260,326122,293069,272379,138,443688,400,541,41,276469,199153,505,44,713,486056,423]},"pktlen": {"min":40,"avg":686.3,"max":1500,"stddev":682.0,"var":465082.8,"ent":4.2,"data": [60,48,40,261,46,46,1500,1500,450,40,40,40,166,91,40,1500,533,46,1500,46,46,1500,1500,1500,211,1500,1500,1500,211,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.134760857,4.731687546,5.428875923,4.609350681,4.609350204,7.207319260,7.309862137,7.406122684,4.781687260,4.831686974,4.831686974,6.560224533,5.827393532,4.734183788,7.885433197,7.643744469,4.652828693,7.886434555,4.522393703,4.462504387,7.848043919,7.856681824,7.865322113,6.980444908,7.848917007,7.856569290,7.864667892,6.965065002,7.849271774,7.848181248,7.856681824]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071237623,"flow_src_last_pkt_time":1490976071237623,"flow_dst_last_pkt_time":1490976071237623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071237623,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -473,11 +473,11 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071306483,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071360390,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071361620,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071361620,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976071362364,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3mspAAEAGq2msECrYNF7ohrJ+AbvI+MDjaXhZJ1AYAVcLWAAAFgMBAMoBAADGAwOkcAvRwSrfQVVFK\/foqopFdMlvROgq0BQ0TyljveD8PAAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfQoKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAh6egAdABcAGNraAAEA"} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071362364,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071362364,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071286664,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071363611,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071364685,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071364685,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071365551,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXa3tAAEAG2pisECrYNF7ohrJ9AbuRJzFSFeQof1AYAVcrhgAAFgMBAOoBAADmAwM07In88XJWi3gVEL3IAq3jnfxPPEmAP53P8CbtvduRQCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9iooAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAY+voAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071365551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071365551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071380614,"flow_dst_last_pkt_time":1490976071380614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071380614,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071380614,"flow_dst_last_pkt_time":1490976071380614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071380614,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071385523,"flow_dst_last_pkt_time":1490976071385523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071385523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -488,41 +488,41 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071392707,"flow_dst_last_pkt_time":1490976071392707,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071392707,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071380614,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071431100,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071432100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976071432100,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcbd1AAOcGLHE0XuiGrBAq2AG7sn5peFknyPjBslAYf\/lsuQAAFgMBDLwCAABGAwFY3n1HWF0PVS6Hh\/OB54ewWN7EQ\/JAGtKcxvduR4tcQiB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02009{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071432488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071432488,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01968{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071432488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071432488,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071433534,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071433534,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071434199,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXKzFAAEAGGuOsECrYNF7ohrKAAbueQXEes5YaRFAYAVcyZAAAFgMBAOoBAADmAwORwZN3Gg+iPVw7yQc+k6Ude4qIjSThz3bWXaU7z9yE3SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYenoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071434199,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071434199,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071349196,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071438832,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071385523,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071438967,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+FAAOcGWBk0XuiGrBAq2AG7soEpho4ZflMlBnASH\/5hCAAAAgQFtAEDAwY="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071324885,"flow_dst_last_pkt_time":1490976071439010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976071439010,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoJp5AANsGhWQ0XuiGrBAq2ABQwcY3D6dHIEe4eFAQf\/PC5gAAAAAAAAAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071440718,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071440718,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071440997,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071440997,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071441137,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXlMhAAEAGsUusECrYNF7ohrJ\/Abuhu87pLsgifVAYAVcuOwAAFgMBAOoBAADmAwMlSSyj1sonJu72Ryt7k8+6RtgrzaXQnI0RTQtftkcFSSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYqqoAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441137,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441137,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071441294,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071441294,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzlAAEAGxtqsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071441294,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441294,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071441294,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441294,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071444188,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976071444188,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SDRAAOcGV3k0XuiGrBAq2AG7sn0V5Ch\/kScyQVAYf\/iw2AAAFgMBAEoCAABGAwFY3n1HoIqu4iz1t6q3Aw\/d1XGda8i7JbQ0V4SKKTuKVyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071444188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071444188,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071444188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071444188,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071392707,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071448042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071449032,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071449032,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"} 00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1490976071451916,"pkt":"AMDKkaPvePiC0\/vCCABFAADqhltAAEAGv+WsECrYNF7ohukyAbtO5dxrLA6fs1AYAVeOnQAAFgMBAL0BAAC5AwN6cp6GYC5xfAeiRgQRCWi6UVwyVXoduZRVV+ZY6Nku9AAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071451916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071451916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071486392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976071486392,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAodjdAAOcGKcs0XuiGrBAq2AG7soCzlhpEnkFyDVAQf\/ipqQAAAAAAAAAA"} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071486531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071486531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071486531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071486531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071501486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976071501486,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9TDxAAOcGU3E0XuiGrBAq2AG7sn8uyCJ9obvP2FAYf\/gL4QAAFgMBAEoCAABGAwFY3n1H4DyL9g\/1O6DL9RnLeqLLg8udYmp+nrKe5HWJKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071501486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071501486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071501486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071501486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071511769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976071511769,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcve1AAOcG3GA0XuiGrBAq2AG76TIsDp+zTuXdLVAYf\/kF2gAAFgMBDLwCAABGAwFY3n1HSu1ZxzDw\/auCivD7kMpHzquqECpdXSsk4uYbkCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071512431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071512431,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +02129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071512431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071512431,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071583104,"flow_dst_last_pkt_time":1490976071583104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071583104,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071583104,"flow_dst_last_pkt_time":1490976071583104,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071583104,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071583104,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071640296,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071641608,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071641608,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071642022,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXH+hAAEAGJiysECrYNF7ohrKCAbsHHkWhVoSAN1AYAVf+QQAAFgMBAOoBAADmAwOE8oRDXFsSV3ryNEuSilTOl1C7aDt7WJHDEI4Zx+ik8yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9iooAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACPr6AB0AFwAYSkoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071642022,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071642022,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071700208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976071700208,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9hPJAAOcGGrs0XuiGrBAq2AG7soJWhIA3Bx5GkFAYf\/jJCAAAFgMBAEoCAABGAwFY3n1H7tprYGnn77iiblUs3pVsX7OsznnNQ5TSj9yK7yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071700208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071700208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071700208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071700208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071739996,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071739996,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzpAAEAGxtmsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071739996,"flow_dst_last_pkt_time":1490976071803717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071803717,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071739996,"flow_dst_last_pkt_time":1490976071803717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071803717,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976073203882,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android-1c1335ec95a27318"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976023267639,"flow_src_last_pkt_time":1490976023267639,"flow_dst_last_pkt_time":1490976023267639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976073203882,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976073203882,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} @@ -536,9 +536,9 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1490976076042813,"flow_dst_last_pkt_time":1490976076114152,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976076114152,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_src_last_pkt_time":1490976076117098,"flow_dst_last_pkt_time":1490976076114152,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976076117098,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbdAAEAGQUysECrYNF7ohpD5Abuu0lmz42TPjlAQAVdsggAA"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_src_last_pkt_time":1490976076117411,"flow_dst_last_pkt_time":1490976076114152,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976076117411,"pkt":"AMDKkaPvePiC0\/vCCABFAADWBbhAAEAGQJ2sECrYNF7ohpD5Abuu0lmz42TPjlAYAVfYNgAAFgMBAKkBAAClAwGdxeV2toJ3ZUdADhSV31FbJ8VJ\/C4Ztf1iHRQqcc2FASCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976076117411,"flow_dst_last_pkt_time":1490976076114152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976076117411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976076117411,"flow_dst_last_pkt_time":1490976076114152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976076117411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1490976076117411,"flow_dst_last_pkt_time":1490976076167842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976076167842,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoM75AAOcGbEQ0XuiGrBAq2AG7kPnjZM+OrtJaYVAQf\/rtMAAAAAAAAAAA"} -01424{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976076117411,"flow_dst_last_pkt_time":1490976076167981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976076167981,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976076117411,"flow_dst_last_pkt_time":1490976076167981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976076167981,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976076275395,"flow_src_last_pkt_time":1490976076275395,"flow_dst_last_pkt_time":1490976076275395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976076275395,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1490976076275395,"flow_dst_last_pkt_time":1490976076275395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976076275395,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Bx5AAEAGP9GsECrYNF7ohsHNAFDXKVsFAAAAAKAC\/\/8C1AAAAgQFtAQCCAoA9lwbAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1490976076275395,"flow_dst_last_pkt_time":1490976076338574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976076338574,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwijBAAOcGFco0XuiGrBAq2ABQwc3F00\/v1ylbBnASH\/5mLQAAAgQFtAEDAwY="} @@ -551,10 +551,10 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1490976080485167,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976080542065,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1490976080543197,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976080543197,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1490976080544389,"pkt":"AMDKkaPvePiC0\/vCCABFAAE40qJAAEAGOH6sECrYIsc08JYEAbs8Ao8g8sOcO4AYAVdhlgAAAQEICgD2XcZEF4DYFgMBAP8BAAD7AwOX\/QoHOQfrIm4YrainwIcb8HJqxyAya+r9gcsMJ\/OOBSCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxQAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACSCgoAAP8BAAEAAAAALQArAAAoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACPr6AB0AFwAYGhoAAQA="} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976080544389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080542065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976080544389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":5,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080602253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976080602253,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0HN1AAOsGREcixzTwrBAq2AG7lgTyw5w7PAKQJIAQAHcxBQAAAQEICkQXgOgA9l3G"} -01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080606156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976080606156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080607335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976080607335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080606156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976080606156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01688{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976080544389,"flow_dst_last_pkt_time":1490976080607335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":3389,"midstream":0,"thread_ts_usec":1490976080607335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cognito-identity.us-east-1.amazonaws.com","domainame":"cognito-identity.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976082723840,"flow_dst_last_pkt_time":1490976082723840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976082723840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1490976082723840,"flow_dst_last_pkt_time":1490976082723840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976082723840,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976082964100,"flow_src_last_pkt_time":1490976082964100,"flow_dst_last_pkt_time":1490976082964100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976082964100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -562,10 +562,10 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1490976082723840,"flow_dst_last_pkt_time":1490976082969718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976082969718,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwftZAAOcG7l827xi6rBAq2AG7hQU1exHsG5LBaHASH\/6SVwAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1490976082973229,"flow_dst_last_pkt_time":1490976082969718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976082973229,"pkt":"AMDKkaPvePiC0\/vCCABFAAAon\/lAAEAGdEWsECrYNu8YuoUFAbsbksFoNXsR7VAQAVfcyAAA"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1490976082975916,"flow_dst_last_pkt_time":1490976082969718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976082975916,"pkt":"AMDKkaPvePiC0\/vCCABFAAErn\/pAAEAGc0GsECrYNu8YuoUFAbsbksFoNXsR7VAYAVfciQAAFgMBAP4BAAD6AwMHSRC2c+5r\/3MPJESGwrrTfqmqXxfWC6hnzFlITFd0gCAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRGhoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAISkoAHQAXABi6ugABAA=="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976082975916,"flow_dst_last_pkt_time":1490976082969718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976082975916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976082975916,"flow_dst_last_pkt_time":1490976082969718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976082975916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1490976082964100,"flow_dst_last_pkt_time":1490976083245594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976083245594,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1490976082975916,"flow_dst_last_pkt_time":1490976083245729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976083245729,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoXwRAANsGGjo27xi6rBAq2AG7hQU1exHtG5LBaFAQARzdAwAAAAAAAAAA"} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976082975916,"flow_dst_last_pkt_time":1490976083245814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976083245814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976082975916,"flow_dst_last_pkt_time":1490976083245814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976083245814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1490976083337013,"flow_dst_last_pkt_time":1490976083245594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976083337013,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1490976083337013,"flow_dst_last_pkt_time":1490976083441405,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976083441405,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAom51AANsG3aA27xi6rBAq2AG7hQaUlSPCbZRoTVAQARxzLAAAAAAAAAAA"} 01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976084150260,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"firs-ta-g7g.amazon.com"}} @@ -590,23 +590,23 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085829927,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976085970467,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_src_last_pkt_time":1490976085977753,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976085977753,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":4,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976085978060,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXI8pAAEAGIkqsECrYNF7ohrKHAbtpd3wM8ytBoVAYAVdMhgAAFgMBAOoBAADmAwMZTwgAvEIt2Qb5o7X9W24vk2EndyOWpP4UOltDjjzDCyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYGhoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_src_last_pkt_time":1490976085978202,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976085978202,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":4,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976085978330,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqZ9AAEAGnHSsECrYNF7ohrKIAbvGQPZK40EdllAYAVchAgAAFgMBAOoBAADmAwM0H8Xsbj55clduvHcNurVJrQGc\/Pqbv8v55WlkE30hCyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978330,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978330,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976085978559,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":5,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976086218051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976086218051,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9HHlAAOcGgzQ0XuiGrBAq2AG7sofzK0GhaXd8+1AYf\/gWvgAAFgMBAEoCAABGAwFY3n1WmU2DpWAHVrvTcVkefcqPXG\/VUu7kD2bqD9s6GyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976086218051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218051,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976086218051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218051,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085832410,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976086218291,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085884523,"flow_dst_last_pkt_time":1490976086218325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976086218325,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":5,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976086218384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976086218384,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9fsNAAOcGIOo0XuiGrBAq2AG7sojjQR2WxkD3OVAYf\/it4AAAFgMBAEoCAABGAwFY3n1WO78rfAE+1qPfnKCZXIna9VF+PCVlge\/Xf2\/VpyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976086218384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976086218384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1490976086219780,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976086219780,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok2JAAEAGs6CsECrYNF7ohrKJAbv5cMy3LToAJFAQAVcS5QAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_src_last_pkt_time":1490976086220054,"flow_dst_last_pkt_time":1490976086218325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976086220054,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3c9AAEAGaTOsECrYNF7ohrKLAbvdeYITB3nM31AQAVfSgwAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976086244165,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXk2NAAEAGsrCsECrYNF7ohrKJAbv5cMy3LToAJFAYAVdDMAAAFgMBAOoBAADmAwMX0DmvFoc93MqqbnDLtg4DTevZCvztq0wbg4n1o5FhxCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9OjoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYqqoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976086244165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976086244165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086648262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976086648262,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SB9AAOcGV440XuiGrBAq2AG7soktOgAk+XDNplAYf\/gBdQAAFgMBAEoCAABGAwFY3n1W5OOWJNfC\/vUq2mNwZtKQmiBffDQIpiP84nPzOiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086648262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086648262,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086648262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086648262,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1490976086880154,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976086880154,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/ZAAEAGPiOsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93zQAAAgQFtAQCCAoA9mBAAAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":4,"flow_src_last_pkt_time":1490976088329636,"flow_dst_last_pkt_time":1490976086218325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976088329636,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3dBAAEAGaTKsECrYNF7ohrKLAbvdeYITB3nM31ARAVfSggAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1490976088329636,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976088474183,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoJzdAAOcGeMs0XuiGrBAq2AG7sosHeczf3XmCFFARgABT2AAAAAAAAAAA"} @@ -618,10 +618,10 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1490976088631582,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976088845997,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_src_last_pkt_time":1490976088847985,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976088847985,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":4,"flow_src_last_pkt_time":1490976088849989,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976088849989,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX1i5AAEAGb+WsECrYNF7ohrKNAbu9HLbBsNs3v1AYAVePOwAAFgMBAOoBAADmAwP1YthODLslBmCd7PjY7YVBLxQl6oZDQnpqrQA1aXZumyB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB92toAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYSkoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976088849989,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088849989,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976088849989,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088849989,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1490976088850651,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976088850651,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1490976088854312,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976088854312,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF1AAEAGEbesECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976088854312,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088854312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976088854312,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088854312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_src_last_pkt_time":1490976088880204,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976088880204,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976088937719,"flow_dst_last_pkt_time":1490976088937719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088937719,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1490976088937719,"flow_dst_last_pkt_time":1490976088937719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976088937719,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="} @@ -639,8 +639,8 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_src_last_pkt_time":1490976089963855,"flow_dst_last_pkt_time":1490976088958157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976089963855,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090000798,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090000798,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX1i9AAEAGb+SsECrYNF7ohrKNAbu9HLbBsNs3v1AYAVePOwAAFgMBAOoBAADmAwP1YthODLslBmCd7PjY7YVBLxQl6oZDQnpqrQA1aXZumyB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB92toAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYSkoAAQA="} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090016140,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090016140,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF5AAEAGEbasECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090016140,"flow_dst_last_pkt_time":1490976090037761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037761,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976090000798,"flow_dst_last_pkt_time":1490976090037872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090016140,"flow_dst_last_pkt_time":1490976090037761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037761,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976090000798,"flow_dst_last_pkt_time":1490976090037872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_src_last_pkt_time":1490976089239508,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090038134,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_src_last_pkt_time":1490976089930127,"flow_dst_last_pkt_time":1490976090038242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090038242,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1490976089426961,"flow_dst_last_pkt_time":1490976090038290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090038290,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwa1pAAOcGNKA0XuiGrBAq2ABQwd5KW8E7IbEFWnASH\/57bQAAAgQFtAEDAwY="} @@ -656,21 +656,21 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090174085,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976090174085,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoFFRAAEAGMq+sECrYNF7ohrKQAbsDIHVervLSZ1AQAVcMjAAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090174233,"flow_dst_last_pkt_time":1490976090038569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976090174233,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmFAAEAGRKKsECrYNF7ohsHbAFAaMGN7Nq6xqlAQAVeSgAAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090191085,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXTP1AAEAG+RasECrYNF7ohrKTAbvSFy3RQc82+FAYAVfMxwAAFgMBAOoBAADmAwN2ORpKrhOyHUV07StwwZSHYsVIRIzr5Y8\/9rRF0KIdZyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACDo6AB0AFwAYSkoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191085,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976090191751,"flow_dst_last_pkt_time":1490976090039310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191751,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191085,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976090191751,"flow_dst_last_pkt_time":1490976090039310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191751,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090038424,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090192268,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX35JAAEAGZoGsECrYNF7ohrKSAbuabb67n5yC1lAYAVccWAAAFgMBAOoBAADmAwNaeZ4ISZVz+LBPXmReGVk3y0uzNDLI3JpfNeWOq+pSDyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYCgoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090038424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192268,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090038424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192268,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090192765,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090192765,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXFFVAAEAGMb+sECrYNF7ohrKQAbsDIHVervLSZ1AYAVdNGQAAFgMBAOoBAADmAwPYo856fiqLFy2iEPtPPss95VhSsyrseZstWVe+UbRC3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYenoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090192765,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192765,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090192765,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192765,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090038290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1050,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1050,"pkt_l4_len":1016,"thread_ts_usec":1490976090196942,"pkt":"AMDKkaPvePiC0\/vCCABFAAQMZGlAAEAG3rWsECrYNF7ohsHeAFAhsQVaSlvBPFAYAVe23QAAR0VUIC9saWIvYm9vdHN0cmFwL2ltZy9nbHlwaGljb25zLWhhbGZsaW5ncy5wbmcgSFRUUC8xLjENCkhvc3Q6IGFsZXhhLmFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vbGliL2Jvb3RzdHJhcC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IGxjLW1haW49ZW5fVVM7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBzZXNzaW9uLXRva2VuPSI3S0hoNVRqUzVrSkVsck5LcDdpUVlWZEY3U1VyYVV6QzdaallYOFNobzF5bXFZaGp3NElNR1FPNUE4Y3B1TStyS0ZyTVU2a3VjUlpwUDhSb3p5c2hDRVRWdlBIYWVHSzBXSk9LaW1nMnJlRTJvRmszOXhJemVzUXFoeGE5NFZhNVpuOFgyc1E5MDNqT2w2UlllWVowL2VCWDhkdVpoYVRNVE1pRk0veFdsS0NmZHdQNTF4WDhFRmNGcTI2OXBaWkR4YXpNSVJnbzQ1UT0iOyB4LW1haW49IloyU2tCV2VGdDh0YWt4P3VvSE1oQmdXS0o4QlZubTlWMFprVXNmM3FmbHBCaEBMSDBDVDBVU2hvaE1xSHpvWWYiDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"} 01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089426961,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090038290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090196942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","http": {"url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1328,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976090198099,"flow_dst_last_pkt_time":1490976090039279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":8230,"flow_dst_tot_l4_payload_len":2302,"midstream":0,"thread_ts_usec":1490976090198099,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":65,"avg":288632.5,"max":1569527,"stddev":416979.2,"var":173871693824.0,"ent":3.7,"data": [325447,332868,307,247719,185,241306,284,257,23807,287,429915,65,1569527,1485936,352980,706902,73800,283,358821,365,256619,3724,240,956217,948562,95336,235551,1125,68,275387,23718]},"pktlen": {"min":40,"avg":371.1,"max":1500,"stddev":516.0,"var":266233.0,"ent":3.9,"data": [60,48,40,279,125,93,40,40,99,1500,174,46,46,174,46,717,40,1500,238,46,525,40,1500,206,525,40,1500,46,557,46,40,1500]},"bins": {"c_to_s": [8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0],"entropies": [4.705928802,5.176427841,4.831686974,5.818729401,6.126292229,6.106202126,4.781687737,4.781687260,5.941904068,7.857767582,6.910596848,4.609350204,4.462504387,6.922091484,4.565871716,7.688728809,4.831687450,7.879225254,7.100984097,4.652828693,7.572484970,4.831687450,7.874036789,7.033442974,7.572484970,4.831687450,7.874202251,4.652828693,7.581998825,4.652828693,4.731687546,7.891161442]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090174233,"flow_dst_last_pkt_time":1490976090282675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090282675,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkgFAAOcGDfk0XuiGrBAq2ABQwds2rrGpGjBje3ASH\/5IDwAAAgQFtAEDAwY="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090313083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976090313083,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9oyNAAOcG\/Ik0XuiGrBAq2AG7spNBzzb40hcuwFAYf\/gzBgAAFgMBAEoCAABGAwFY3n1aF6lPPNih6vU2L516RRA2PNaAuJQVoSG0DdNj8SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090313083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313083,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090210793,"flow_dst_last_pkt_time":1490976090313160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313160,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090313083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313083,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090210793,"flow_dst_last_pkt_time":1490976090313160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313160,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090313192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976090313192,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9gXVAAOcGHjg0XuiGrBAq2AG7spKfnILWmm2\/qlAYf\/graAAAFgMBAEoCAABGAwFY3n1ai4AZfffdz5bHBi2EULPj6iyOuJD7kDTLpt0SsyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090313192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090313192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090313380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976090313380,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo829AANsGuJI0XuiGrBAq2ABQwd5KW8E8IbEJPlAQf\/BDYQAAAAAAAAAA"} 01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976089426961,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090314135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976090314135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","http": {"url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":404,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976090572590,"flow_dst_last_pkt_time":1490976090572590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090572590,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -678,12 +678,12 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_src_last_pkt_time":1490976090572590,"flow_dst_last_pkt_time":1490976090753591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090753591,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZiVAAOcGBxE27xi6rBAq2AG7hRXpU+crOprCfnASH\/7pEAAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_src_last_pkt_time":1490976090756047,"flow_dst_last_pkt_time":1490976090753591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976090756047,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo81AAEAGcHGsECrYNu8YuoUVAbs6msJ+6VPnLFAQAVczggAA"} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090757864,"flow_dst_last_pkt_time":1490976090753591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976090757864,"pkt":"AMDKkaPvePiC0\/vCCABFAAEro85AAEAGb22sECrYNu8YuoUVAbs6msJ+6VPnLFAYAVetagAAFgMBAP4BAAD6AwNTzm7uRNuMF2nu0jG4OW4cloVHrfFLs+QfEmruD54TVyAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRamoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABjq6gABAA=="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976090757864,"flow_dst_last_pkt_time":1490976090753591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090757864,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976090757864,"flow_dst_last_pkt_time":1490976090753591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090757864,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090796987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090796987,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090796987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1490976090796987,"pkt":"AMDKkaPvePiC0\/vCCABFAABJWlpAAEARM1CsECrYrBAqAYuOADUANbcep0QBAAABAAAAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQAB"} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090796987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090796987,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090757864,"flow_dst_last_pkt_time":1490976090958993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976090958993,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAobwJAAOcG\/js27xi6rBAq2AG7hRXpU+csOprDgVAQf\/uz2gAAAAAAAAAA"} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976090757864,"flow_dst_last_pkt_time":1490976090959188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976090959188,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976090757864,"flow_dst_last_pkt_time":1490976090959188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976090959188,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1490976090982120,"pkt":"ePiC0\/vCAMDKkaPvCABFAAB13VlAAEARsCSsECoBrBAq2AA1i44AYd1op0SBgAABAAIAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQABwAwABQABAAAADgAQDXMzLWV4dGVybmFsLTHAGsA5AAEAAQAAAAQABDbnSFg="} 01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976090982120,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["54.231.72.88,ttl=4"]}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976090991595,"flow_dst_last_pkt_time":1490976090991595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090991595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -693,13 +693,13 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1490976090991595,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976091160874,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1490976091163241,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976091163241,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_usec":1490976091163513,"pkt":"AMDKkaPvePiC0\/vCCABFAAD\/byNAAEAGdK6sECrYNudIWKNcAbsQFQ77NGJnb1AYAVcUGAAAFgMBANIBAADOAwPiWwT6rMYxCKpzwVWlHQ4+YJCqbihOIRaiGpLsY6Y1LgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAhQoKAAD\/AQABAAAAACAAHgAAG3MzLWV4dGVybmFsLTIuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAY+voAAQA="} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976091163513,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976091163513,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1490976091048429,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976091217295,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_src_last_pkt_time":1490976091219669,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976091219669,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"} 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1452,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090996390,"flow_dst_last_pkt_time":1490976091223863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":7259,"flow_dst_tot_l4_payload_len":2355,"midstream":0,"thread_ts_usec":1490976091223863,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30,"avg":159906.1,"max":1191626,"stddev":282043.2,"var":79548358656.0,"ent":3.5,"data": [214415,219069,3661,1161828,1191626,138,43,75944,170423,352,118993,9705,7936,105518,89968,79074,135403,22399,255382,307,202303,1216,199697,125,147,204784,30,11403,221917,129,253154]},"pktlen": {"min":40,"avg":343.0,"max":1500,"stddev":486.7,"var":236894.1,"ent":3.9,"data": [60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46]},"bins": {"c_to_s": [4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1],"entropies": [4.672595501,5.134761333,4.762815475,5.883847237,5.876678944,4.609350204,6.148330688,5.967529297,4.712815285,4.565871716,6.521196365,4.662815094,5.915507793,7.852227211,4.565872192,6.894952297,4.565871716,4.565871716,7.832350731,7.860533714,7.115900993,4.609350204,7.520314217,7.876235962,7.163622856,6.629608631,4.522393703,4.609350204,7.614107132,7.867299557,6.817775249,4.609350204]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":5,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976091345076,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAozJ1AAOcGcQo250hYrBAq2AG7o1w0YmdvEBUP0lAQAD74ngAAAAAAAAAA"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976091345211,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01727{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091346214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976091346214,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976091345211,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091346214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976091346214,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976092170541,"flow_dst_last_pkt_time":1490976092236982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":8342,"flow_dst_tot_l4_payload_len":1817,"midstream":0,"thread_ts_usec":1490976092236982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":69,"avg":209393.8,"max":1080313,"stddev":303367.1,"var":92031574016.0,"ent":3.7,"data": [1005698,1080313,210230,18680,169715,18028,104975,95,107187,277,11694,34788,143,215183,306,69,21708,195595,278,202797,728,212905,264,205823,10952,236264,754701,277,888900,405375,377261]},"pktlen": {"min":40,"avg":360.5,"max":1500,"stddev":516.5,"var":266795.3,"ent":3.8,"data": [60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46]},"bins": {"c_to_s": [7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1],"entropies": [4.693347454,4.647432327,5.119034290,4.831686974,5.881499290,5.077367306,4.881687164,6.046293259,6.063190460,4.781687260,4.881687164,5.804432392,7.875989437,7.151407242,4.652828693,4.565872192,4.609350681,7.607057095,7.888786316,6.953813553,4.652828693,7.704366207,7.873492241,7.130478382,4.609350204,7.637624264,4.881687164,7.872291088,6.858013630,4.501398087,7.871377945,4.522393703]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_src_last_pkt_time":1490976092902682,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976092902682,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/hAAEAGPiGsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/91dAAAAgQFtAQCCAoA9mKZAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093238253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976093238253,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -712,9 +712,9 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":1490976093358419,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976093481996,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwL+xAAOcGd56wIGU0rBAq2AG7q+GBdUC1\/NmTdnASH\/53tgAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_src_last_pkt_time":1490976093486409,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976093486409,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"} 00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1504,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":4,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1490976093491797,"pkt":"AMDKkaPvePiC0\/vCCABFAADo8bRAAEAGXB6sECrYsCBlNKvhAbv82ZN2gXVAtlAYAVdf+wAAFgMBALsBAAC3AwMUk28qOfCX+6BknWYBVekF4sddVYXUxYb5G4wUZo66+AAAIBoazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAbmpqAAD\/AQABAAAAABsAGQAAFmRwLWd3LW5hLWpzLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAiamgAdABcAGCoqAAEA"} -01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976093491797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"dp-gw-na-js.amazon.com","domainame":"dp-gw-na-js.amazon.com","tls": {"version":"TLSv1.2","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","ja4":"t12d150900_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093481996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976093491797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"dp-gw-na-js.amazon.com","domainame":"dp-gw-na-js.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150900_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":5,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093952522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976093952522,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBI1AAN0GrQWwIGU0rBAq2AG7q+GBdUC2\/NmUNlAQASzBkgAAAAAAAAAA"} -01821{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093953778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":3402,"midstream":0,"thread_ts_usec":1490976093953778,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"dp-gw-na-js.amazon.com","domainame":"dp-gw-na-js.amazon.com","tls": {"version":"TLSv1.2","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","ja4":"t12d150900_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C","blocks":0}}} +01780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976093491797,"flow_dst_last_pkt_time":1490976093953778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":3402,"midstream":0,"thread_ts_usec":1490976093953778,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"dp-gw-na-js.amazon.com","domainame":"dp-gw-na-js.amazon.com","tls": {"version":"TLSv1.2","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3s":"fbe78c619e7ea20046131294ad087f05","ja4":"t12d150900_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1522,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":4,"flow_src_last_pkt_time":1490976094725672,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976094725672,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0apAAEAGEv6sECrYNudIWKNdAbtkFLBJe5WfNFARAVeEFAAA"} 00302{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976094729619,"packet_id":1524,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976094729619} 00378{"packet_event_id":1,"packet_event_name":"packet","packet_id":1524,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1490976094725797,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} @@ -727,7 +727,7 @@ 01015{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976094742222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com"}} 00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1490976023731065,"flow_src_last_pkt_time":1490976031750280,"flow_dst_last_pkt_time":1490976023731065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976094742222,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":5,"flow_src_last_pkt_time":1490976094725672,"flow_dst_last_pkt_time":1490976094927183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1490976094927183,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAvXMBAAOcG4OA250hYrBAq2AG7o117lZ80ZBSwSlAYADpuIQAAFQAAAAIBAA=="} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976099220208,"flow_dst_last_pkt_time":1490976099286339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":717,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976099286339,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976099220208,"flow_dst_last_pkt_time":1490976099286339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":717,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976099286339,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976100559988,"flow_dst_last_pkt_time":1490976100559988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976100559988,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1490976100559988,"flow_dst_last_pkt_time":1490976100559988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976100559988,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976100811415,"flow_dst_last_pkt_time":1490976100811415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976100811415,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -740,14 +740,14 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_src_last_pkt_time":1490976100999988,"flow_dst_last_pkt_time":1490976100998827,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976100999988,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwFAAEAGDT6sECrYNu8YuoUaAbt\/SWKyQ51EmVAQAVeW5AAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_src_last_pkt_time":1490976101000529,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976101000529,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOO9AAEAGq7msECrYNudIWKNhAbuICV1cE8F9WVAQAVc8uQAA"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":4,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976100998827,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976101001170,"pkt":"AMDKkaPvePiC0\/vCCABFAAErBwJAAEAGDDqsECrYNu8YuoUaAbt\/SWKyQ51EmVAYAVcVawAAFgMBAP4BAAD6AwNQLskK0EtMvl083kPSq0nopXQlOdvR+0IZKHw7KLO7aiAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRysoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABgKCgABAA=="} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976100998827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976100998827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1490976101001872,"pkt":"AMDKkaPvePiC0\/vCCABFAAEfOPBAAEAGqsGsECrYNudIWKNhAbuICV1cE8F9WVAYAVfc9gAAFgMBAPIBAADuAwN6LJpcPFiGGpu9Ln0VWrwN6uX9+Oq10gWhn0l9jMi\/ACBPSeLkXjji7rxbuBfRuYdiOn9o7tUR6tCEdV9ZFui2uAAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFmpoAAP8BAAEAAAAAIAAeAAAbczMtZXh0ZXJuYWwtMi5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABhaWgABAA=="} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976100999093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976101001872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":5,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976101080368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976101080368,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAonQZAANsG3Dc27xi6rBAq2AG7hRpDnUSZf0lislAQARyXHwAAAAAAAAAA"} -01369{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976101100346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976101100346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976101001170,"flow_dst_last_pkt_time":1490976101100346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976101100346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":5,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101182554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976101182554,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoaBZAAOcG1ZE250hYrBAq2AG7o2ETwX1ZiAleU1AQAD482wAAAAAAAAAA"} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101182694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976101182694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101183407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976101183407,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101182694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976101182694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976101001872,"flow_dst_last_pkt_time":1490976101183407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976101183407,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_src_last_pkt_time":1490976101550206,"flow_dst_last_pkt_time":1490976100559988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976101550206,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_src_last_pkt_time":1490976101550206,"flow_dst_last_pkt_time":1490976101623514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976101623514,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1643,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":4,"flow_src_last_pkt_time":1490976101624786,"flow_dst_last_pkt_time":1490976101623514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976101624786,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoEghAAEAGAjesECrYNu8YuoUZAbtS0XeSdXvoNlAQAVfZAQAA"} @@ -769,21 +769,21 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_src_last_pkt_time":1490976107365814,"flow_dst_last_pkt_time":1490976107475725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976107475725,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwq71AAOcGvDU27x39rBAq2AG7n5aOPa1rI6CEzHASH\/6yzwAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_src_last_pkt_time":1490976107477456,"flow_dst_last_pkt_time":1490976107475725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976107477456,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7IxAAEAGIm+sECrYNu8d\/Z+WAbsjoITMjj2tbFAQAVf9QAAA"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":4,"flow_src_last_pkt_time":1490976107479024,"flow_dst_last_pkt_time":1490976107475725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1490976107479024,"pkt":"AMDKkaPvePiC0\/vCCABFAAD77I1AAEAGIZusECrYNu8d\/Z+WAbsjoITMjj2tbFAYAVdJtQAAFgMBAM4BAADKAwP4B+BuTBBzSprf0L4ScFyMs5UBKYxjcchKBNI\/gg\/KXQAAIPr6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAgerqAAD\/AQABAAAAABwAGgAAF3NraWxscy1zdG9yZS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABhqagABAA=="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976107479024,"flow_dst_last_pkt_time":1490976107475725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976107479024,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976107479024,"flow_dst_last_pkt_time":1490976107475725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976107479024,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_src_last_pkt_time":1490976107365068,"flow_dst_last_pkt_time":1490976107484245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976107484245,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkaBAAOcG1lI27x39rBAq2AG7n5UJgL2ZlioNGXASH\/4siQAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_src_last_pkt_time":1490976107485735,"flow_dst_last_pkt_time":1490976107484245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976107485735,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVlAAEAGqaKsECrYNu8d\/Z+VAbuWKg0ZCYC9mlAQAVd2+gAA"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":4,"flow_src_last_pkt_time":1490976107486585,"flow_dst_last_pkt_time":1490976107484245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1490976107486585,"pkt":"AMDKkaPvePiC0\/vCCABFAAD7ZVpAAEAGqM6sECrYNu8d\/Z+VAbuWKg0ZCYC9mlAYAVc0jQAAFgMBAM4BAADKAwNhVWetGOgUJ6\/qUSs5PlkuSczE1Yh13cFVbTVOQK8mPwAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAgWpqAAD\/AQABAAAAABwAGgAAF3NraWxscy1zdG9yZS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABiqqgABAA=="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976107486585,"flow_dst_last_pkt_time":1490976107484245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976107486585,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976107486585,"flow_dst_last_pkt_time":1490976107484245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976107486585,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1490976107455953,"flow_dst_last_pkt_time":1490976107511896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976107511896,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwxddAAOcGohs27x39rBAq2AG7n5iFQQi8Vi4WAXASH\/6ctgAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1490976107513303,"flow_dst_last_pkt_time":1490976107511896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976107513303,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkpAAEAGkLGsECrYNu8d\/Z+YAbtWLhYBhUEIvVAQAVfnJwAA"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1490976107514712,"flow_dst_last_pkt_time":1490976107511896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1490976107514712,"pkt":"AMDKkaPvePiC0\/vCCABFAAD7fktAAEAGj92sECrYNu8d\/Z+YAbtWLhYBhUEIvVAYAVeFIwAAFgMBAM4BAADKAwNqGtrxEAyAkzWENgeiXeCCp8PZIZCzg0AB0basAuPyZAAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAgdraAAD\/AQABAAAAABwAGgAAF3NraWxscy1zdG9yZS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIGhoAHQAXABj6+gABAA=="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976107514712,"flow_dst_last_pkt_time":1490976107511896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976107514712,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976107514712,"flow_dst_last_pkt_time":1490976107511896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976107514712,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":5,"flow_src_last_pkt_time":1490976107479024,"flow_dst_last_pkt_time":1490976107577729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976107577729,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXctZBAAOcGrLY27x39rBAq2AG7n5aOPa1sI6CFn1AYf\/lqiQAAFgMBCoICAABGAwFY3n1rOIW7oNSRBaCm8PAUHRKCqVhTjWcV2wM8OxfDZCDjl57+rOdpHXFgnzLflMNz4qaHfY\/vFo0YS4Pak7BlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="} -01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976107479024,"flow_dst_last_pkt_time":1490976107577887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2695,"midstream":0,"thread_ts_usec":1490976107577887,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2","blocks":0}}} +01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976107479024,"flow_dst_last_pkt_time":1490976107577887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2695,"midstream":0,"thread_ts_usec":1490976107577887,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","server_names":"skills-store.amazon.com","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2","blocks":0}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":5,"flow_src_last_pkt_time":1490976107486585,"flow_dst_last_pkt_time":1490976107622009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976107622009,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXceiNAAOcG6CM27x39rBAq2AG7n5UJgL2alioN7FAYf\/kCtwAAFgMBCoICAABGAwFY3n1rpjCd4gua8GAnC04JFSskbFWWAA6z2HQGVr9B9iDAfW4EfsMQSa+tstNwiZkUQ2AHrzt9OdfZI4dRl7BlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="} -01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976107486585,"flow_dst_last_pkt_time":1490976107622246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2695,"midstream":0,"thread_ts_usec":1490976107622246,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2","blocks":0}}} +01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976107486585,"flow_dst_last_pkt_time":1490976107622246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2695,"midstream":0,"thread_ts_usec":1490976107622246,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","server_names":"skills-store.amazon.com","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2","blocks":0}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1490976107514712,"flow_dst_last_pkt_time":1490976107625210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976107625210,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXczPJAAOcGlVQ27x39rBAq2AG7n5iFQQi9Vi4W1FAYf\/lWXQAAFgMBCoICAABGAwFY3n1rqVW5nc7pK0t8Q96UIvIibG3NJ3jfQ0jSHhJUvSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="} -01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976107514712,"flow_dst_last_pkt_time":1490976107625580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2695,"midstream":0,"thread_ts_usec":1490976107625580,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2","blocks":0}}} +01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976107514712,"flow_dst_last_pkt_time":1490976107625580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2695,"midstream":0,"thread_ts_usec":1490976107625580,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","server_names":"skills-store.amazon.com","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2","blocks":0}}} 02306{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1748,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976108033189,"flow_dst_last_pkt_time":1490976108034115,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2227,"flow_dst_tot_l4_payload_len":13907,"midstream":0,"thread_ts_usec":1490976108034115,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":48,"avg":37270.9,"max":325585,"stddev":74532.9,"var":5555151872.0,"ent":3.0,"data": [55943,57350,1409,113314,370,112296,148,3166,65706,1386,70006,242,85334,246615,142,48,84,325585,285,3839,797,233,347,98,286,299,648,356,1116,6749,1201]},"pktlen": {"min":40,"avg":545.4,"max":1500,"stddev":489.8,"var":239933.9,"ent":4.4,"data": [60,48,40,251,1500,1275,40,40,366,46,99,1500,270,46,1021,589,589,589,40,40,1500,1500,741,1101,589,589,589,589,589,589,40,589]},"bins": {"c_to_s": [7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1],"entropies": [4.617588520,5.160700798,4.812815189,5.608482361,7.251046658,7.253318787,4.881687164,4.881687164,7.319745541,4.609350204,6.071163177,7.874879360,7.157014847,4.609350681,7.805180550,7.654304981,7.622537136,7.647720337,4.881687164,4.831687450,7.897753239,7.890997410,7.726983070,7.812017441,7.596513748,7.640295982,7.658002377,7.630609512,7.630146980,7.583954334,4.881687164,7.691880703]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_src_last_pkt_time":1490976108360248,"flow_dst_last_pkt_time":1490976107366817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976108360248,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY9AAEAGRVisECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8G+AAAAgQFtAQCCAoA9mikAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_src_last_pkt_time":1490976108360248,"flow_dst_last_pkt_time":1490976108548394,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976108548394,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt7hAAOcGsDo27x39rBAq2AG7n5d09wMmaHehz3ASH\/4UgAAAAgQFtAEDAwY="} @@ -818,25 +818,25 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_src_last_pkt_time":1490976115066220,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976115066220,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_src_last_pkt_time":1490976115066341,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976115066341,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115060908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066464,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX8bRAAEAGVF+sECrYNF7ohrKhAbvIHJqEjYGDWFAYAVerKQAAFgMBAOoBAADmAwMTUXxa84E2F3pyMjY2W\/V+lEhi9FqJ+EKlZzRwMn7VOCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9enoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAYWloAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115060908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066464,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115060908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066464,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115061052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066590,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXu1RAAEAGir+sECrYNF7ohrKgAbstn9Bj0Qs3IlAYAVf4uwAAFgMBAOoBAADmAwP360WETO0hSDqvk2qAYkKwSgYBIFaAvPrL9FgCIcYj3SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9SkoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAYiooAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115061052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066590,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115061052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066590,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115061096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066798,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXmqRAAEAGq2+sECrYNF7ohrKiAbt67fGRhH1dDlAYAVcYsgAAFgMBAOoBAADmAwO2XSVDdXNQjGmQUibPeB5qMKhST7rrpP3BhCu+r5mY3yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAYSkoAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115061096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066798,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115061096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066798,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066928,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX7M1AAEAGWUasECrYNF7ohrKjAbuMuIgApZSj01AYAVdJYgAAFgMBAOoBAADmAwN\/4n78\/jPCxa1OijX2MR8fx7sU0O7ARqXBjxgvMTAhtiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9enoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAY+voAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066928,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066928,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115067054,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXCnRAAEAGO6CsECrYNF7ohrKkAbvN5GFIckqrkVAYAVfgTwAAFgMBAOoBAADmAwOHALGigIjvApxLIe0mGRpTgcLEUyJobZ3dCQZJexl6RCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYqqoAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115067054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115067054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115189981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115189981,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9YoNAAOcGPSo0XuiGrBAq2AG7sqGNgYNYyBybc1AYf\/ijGAAAFgMBAEoCAABGAwFY3n1zINgI1Vy\/FXdUMuPvUGDLWthjR2H7WINeUtzlBCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115189981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115189981,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115189981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115189981,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115200136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115200136,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ReVAAOcGWcg0XuiGrBAq2AG7sqKEfV0Oeu3ygFAYf\/ig1AAAFgMBAEoCAABGAwFY3n1zJme6pFAslczvpX19TcUFgg3DbLK17SjfiEEQUyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115200136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200136,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115200136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200136,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115200184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115200184,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RCRAAOcGW4k0XuiGrBAq2AG7sqDRCzciLZ\/RUlAYf\/gsyQAAFgMBAEoCAABGAwFY3n1zE6Tufw7kJSJXbVavRo\/6lNuOwDxaW+i7VIwIKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115200184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115200184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115200219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115200219,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RepAAOcGWcM0XuiGrBAq2AG7sqOllKPTjLiI71AYf\/jGMAAAFgMBAEoCAABGAwFY3n1zTn6J09aDxTBb8TVltBdGJeEW\/LDcikVqGAruryCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115200219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115200219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115201662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115201662,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB95rdAAOcGuPU0XuiGrBAq2AG7sqRySquRzeRiN1AYf\/gEdwAAFgMBAEoCAABGAwFY3n1z\/bQjY2ZjlLbA3DZTa+cwMTsfQ+lvAGzSBsvFwiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115201662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115201662,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115201662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115201662,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976115835926,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115835926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115835926,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115835926,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1490976115835926,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWl5AAEARM0CsECrYrBAqAW\/GADUAQT0E1ZsBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976115835926,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115835926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115835926,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -849,7 +849,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_src_last_pkt_time":1490976115905314,"flow_dst_last_pkt_time":1490976116119939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976116119939,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcfNAAOcG+0g27xi0rBAq2AG7kq+qRjf5GRBO1HASH\/5e8QAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_src_last_pkt_time":1490976116121026,"flow_dst_last_pkt_time":1490976116119939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976116121026,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUZAAEAG7v6sECrYNu8YtJKvAbsZEE7UqkY3+lAQAVepYgAA"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":4,"flow_src_last_pkt_time":1490976116122233,"flow_dst_last_pkt_time":1490976116119939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_usec":1490976116122233,"pkt":"AMDKkaPvePiC0\/vCCABFAAErJUdAAEAG7fqsECrYNu8YtJKvAbsZEE7UqkY3+lAYAVdXdAAAFgMBAP4BAAD6AwPrW9HSsEakj6mtt\/VNcOse9OO4StwA3f8PEsza4rC61SAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACR2toAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABjKygABAA=="} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976116122233,"flow_dst_last_pkt_time":1490976116119939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976116122233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976116122233,"flow_dst_last_pkt_time":1490976116119939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976116122233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_src_last_pkt_time":1490976116084560,"flow_dst_last_pkt_time":1490976116248422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976116248422,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_src_last_pkt_time":1490976116249875,"flow_dst_last_pkt_time":1490976116248422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976116249875,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":5,"flow_src_last_pkt_time":1490976116122233,"flow_dst_last_pkt_time":1490976116407314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976116407314,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiX1AANsG78Y27xi0rBAq2AG7kq+qRjf6GRBO1FAQARypnQAAAAAAAAAA"} @@ -858,7 +858,7 @@ 01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976071312877,"flow_src_last_pkt_time":1490976071312877,"flow_dst_last_pkt_time":1490976071389601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976117017810,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} 01010{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067965373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976117017810,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.amazon.com"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976064333083,"flow_src_last_pkt_time":1490976064333083,"flow_dst_last_pkt_time":1490976064448088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976117017810,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.amazon.com"}} -01369{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976118107055,"flow_dst_last_pkt_time":1490976118335216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":777,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976118335216,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976118107055,"flow_dst_last_pkt_time":1490976118335216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":777,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976118335216,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976120960098,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android-1c1335ec95a27318"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976023267639,"flow_src_last_pkt_time":1490976023267639,"flow_dst_last_pkt_time":1490976023267639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976120960098,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976120960098,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} @@ -871,9 +871,9 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1490976130073503,"flow_dst_last_pkt_time":1490976130307042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976130307042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww\/RAAOcGo\/427x39rBAq2AG7n6DOZIqUehn+hHASH\/7FQwAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1490976130308849,"flow_dst_last_pkt_time":1490976130307042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976130308849,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj55AAEAGf12sECrYNu8d\/Z+gAbt6Gf6EzmSKlVAQAVcPtQAA"} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1490976130310007,"flow_dst_last_pkt_time":1490976130307042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_usec":1490976130310007,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbj59AAEAGfmmsECrYNu8d\/Z+gAbt6Gf6EzmSKlVAYAVfa4QAAFgMBAO4BAADqAwN0b1XxRD1+7q81PZEt7s8JLjF+zs7TJetZZPnvHETq+SBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACBWloAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhqagAdABcAGPr6AAEA"} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976130073503,"flow_src_last_pkt_time":1490976130310007,"flow_dst_last_pkt_time":1490976130307042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976130310007,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976130073503,"flow_src_last_pkt_time":1490976130310007,"flow_dst_last_pkt_time":1490976130307042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976130310007,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1490976130310007,"flow_dst_last_pkt_time":1490976130469888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976130469888,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9z7BAAOcGl\/U27x39rBAq2AG7n6DOZIqVehn\/d1AYf\/hZrQAAFgMBAEoCAABGAwFY3n2ChqENgB5ulodafVGXSlcQ1mED7PxYBMV1H121KiBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976130073503,"flow_src_last_pkt_time":1490976130310007,"flow_dst_last_pkt_time":1490976130469888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976130469888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976130073503,"flow_src_last_pkt_time":1490976130310007,"flow_dst_last_pkt_time":1490976130469888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976130469888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2030,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976133936541,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976133936541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976133936541,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976133936541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1490976133936541,"pkt":"AMDKkaPvePiC0\/vCCABFAABDWl9AAEARM1GsECrYrBAqARM4ADUALyGouR4BAAABAAAAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQAB"} 01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976133936541,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976133936541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976133936541,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -898,38 +898,38 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_src_last_pkt_time":1490976134144040,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976134199902,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134200000,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134200000,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134200994,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134200994,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXvDJAAEAGMfqsECrYNFQ\/OMsVAFCK3c6HwtatV4AYAVfMCQAAAQEICgD2crxs+npUR0VUIC9pbWFnZXMvSS83MXB3TUtEUlFJTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976134200994,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134200994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976134200994,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134200994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134201861,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134201861,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134202119,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134202119,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134202247,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134202247,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134202405,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134202405,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2051,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134203012,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXTQhAAEAGoSSsECrYNFQ\/OMsUAFAHRT+xsJsTXoAYAVeTLwAAAQEICgD2crxs+nysR0VUIC9pbWFnZXMvSS82MW9CVGIralp2TC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203012,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134199672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203012,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2052,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134203631,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX2I1AAEAGFZ+sECrYNFQ\/OMsRAFDDaqo\/vffTz4AYAVdmfQAAAQEICgD2crxs+n3SR0VUIC9pbWFnZXMvSS81MXdvaUw5a2drTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134199825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2053,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134203879,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXxZdAAEAGKJWsECrYNFQ\/OMsSAFCeYrck8hQixoAYAVfrxAAAAQEICgD2crxs+n3SR0VUIC9pbWFnZXMvSS84MWRpRlF5VmpITC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134199869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134203879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2054,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134204208,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX5YBAAEAGCKysECrYNFQ\/OMsTAFDQ0pfJSaaxaIAYAVd2ewAAAQEICgD2crxs+nOsR0VUIC9pbWFnZXMvSS83MUdjQ05UYjZrTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134204208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134199902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134204208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_src_last_pkt_time":1490976134149854,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976134237090,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_src_last_pkt_time":1490976134238394,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134238394,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":4,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134239068,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXEjRAAEAG2\/isECrYNFQ\/OMsWAFAy6mCFiRKgpYAYAVcSOgAAAQEICgD2cr9s+nR5R0VUIC9pbWFnZXMvSS82MTJ4bGFPSTJOTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134239068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134237090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976134239068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134203631,"flow_dst_last_pkt_time":1490976134354330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354330,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0rhBAAPIGkD40VD84rBAq2ABQyxG999PPw2qsYoAQAHYATwAAAQEICmz6feAA9nK8"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134204208,"flow_dst_last_pkt_time":1490976134354478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354478,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0wtFAAPIGe300VD84rBAq2ABQyxNJprFo0NKZ7IAQAHamOgAAAQEICmz6c7kA9nK8"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2060,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134203012,"flow_dst_last_pkt_time":1490976134354525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354525,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0b+dAAPIGzmc0VD84rBAq2ABQyxSwmxNeB0VB1IAQAHb19AAAAQEICmz6fLkA9nK8"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2061,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134203879,"flow_dst_last_pkt_time":1490976134354568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134354568,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0XyZAAPIG3yg0VD84rBAq2ABQyxLyFCLGnmK5R4AQAHaVXQAAAQEICmz6feAA9nK8"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2098,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134239068,"flow_dst_last_pkt_time":1490976134375210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976134375210,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA01CNAAPIGais0VD84rBAq2ABQyxaJEqClMupiqIAQAHZL6wAAAQEICmz6dIYA9nK\/"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2142,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":5,"flow_src_last_pkt_time":1490976134450449,"flow_dst_last_pkt_time":1490976134198488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976134450449,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXvDNAAEAGMfmsECrYNFQ\/OMsVAFCK3c6HwtatV4AYAVfL8AAAAQEICgD2ctVs+npUR0VUIC9pbWFnZXMvSS83MXB3TUtEUlFJTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -02341{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2177,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134949644,"flow_dst_last_pkt_time":1490976134943908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":15770,"midstream":0,"thread_ts_usec":1490976134949644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":121,"avg":51926.5,"max":295198,"stddev":97638.1,"var":9533208576.0,"ent":3.0,"data": [57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334]},"pktlen": {"min":52,"avg":597.0,"max":1500,"stddev":635.8,"var":404189.9,"ent":4.1,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0],"entropies": [4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2177,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976134949644,"flow_dst_last_pkt_time":1490976134943908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":15770,"midstream":0,"thread_ts_usec":1490976134949644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":121,"avg":51926.5,"max":295198,"stddev":97638.1,"var":9533208576.0,"ent":3.0,"data": [57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334]},"pktlen": {"min":52,"avg":597.0,"max":1500,"stddev":635.8,"var":404189.9,"ent":4.1,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0],"entropies": [4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976136930982,"flow_dst_last_pkt_time":1490976136930982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976136930982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1490976136930982,"flow_dst_last_pkt_time":1490976136930982,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976136930982,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_src_last_pkt_time":1490976136930982,"flow_dst_last_pkt_time":1490976137042055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976137042055,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2238,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_src_last_pkt_time":1490976137043334,"flow_dst_last_pkt_time":1490976137042055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976137043334,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqJAAEAGoFmsECrYNu8d\/Z+nAbuZbx1rRAKyo1AQAVczxgAA"} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2239,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":4,"flow_src_last_pkt_time":1490976137044165,"flow_dst_last_pkt_time":1490976137042055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_usec":1490976137044165,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbbqNAAEAGn2WsECrYNu8d\/Z+nAbuZbx1rRAKyo1AYAVcOogAAFgMBAO4BAADqAwNhY3NDhjYtpf41Zp5hXeye2JYVtN+jXNyco\/qKL4s4VSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACBenoAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhqagAdABcAGEpKAAEA"} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976137044165,"flow_dst_last_pkt_time":1490976137042055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976137044165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976137044165,"flow_dst_last_pkt_time":1490976137042055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976137044165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":5,"flow_src_last_pkt_time":1490976137044165,"flow_dst_last_pkt_time":1490976137221949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976137221949,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAotQJAAOcGsvg27x39rBAq2AG7n6dEArKjmW8eXlAQf\/i0MQAAAAAAAAAA"} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976137044165,"flow_dst_last_pkt_time":1490976137222092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976137222092,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976137044165,"flow_dst_last_pkt_time":1490976137222092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976137222092,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02314{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2267,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976138976244,"flow_dst_last_pkt_time":1490976139259019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6666,"flow_dst_tot_l4_payload_len":5757,"midstream":0,"thread_ts_usec":1490976139259019,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":141074.2,"max":1107068,"stddev":256640.3,"var":65864265728.0,"ent":3.2,"data": [111073,112352,831,179894,143,45,179940,2913,265,3255,516,135136,162,170164,502171,1107068,16816,231,180,41,28,24,706579,352,9657,355942,325,629177,147816,149,54]},"pktlen": {"min":40,"avg":430.0,"max":1500,"stddev":555.4,"var":308431.6,"ent":4.0,"data": [60,48,40,283,46,125,93,40,40,99,1500,286,46,46,1500,1500,46,1500,121,1500,153,429,77,40,40,40,1500,318,46,1021,589,589]},"bins": {"c_to_s": [7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.672595501,5.093094349,4.831687450,5.938469410,4.522393703,6.167151451,6.033568382,4.831686974,4.881687164,6.044344425,7.863042355,7.143759251,4.522394180,4.565872192,7.864801884,7.864607811,4.565872192,7.861513138,6.401272774,7.883206367,6.629675865,7.515489578,5.831597805,4.781687260,4.831687450,4.712815285,7.866571903,7.334980965,4.565871716,7.784813404,7.636542797,7.660583019]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976139642766,"flow_dst_last_pkt_time":1490976139642766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139642766,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1490976139642766,"flow_dst_last_pkt_time":1490976139642766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139642766,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ooBAAEAGTcesECrYNFQ\/OMsYAFAytNZaAAAAAKAC\/\/+zQgAAAgQFtAQCCAoA9nTaAAAAAAEDAwg="} @@ -946,7 +946,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139642766,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139667722,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139669064,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139669064,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139669495,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXooJAAEAGS6qsECrYNFQ\/OMsYAFAytNZbe+e9gYAYAVf0FAAAAQEICgD2dN5s+nrkR0VUIC9pbWFnZXMvSS83MW5xd213bVJsTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139669495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139667722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139669495,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643338,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139674717,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643559,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139674846,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643137,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139674889,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="} @@ -956,24 +956,24 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139677885,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139677885,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139678026,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139678026,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678156,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXapFAAEAGg5usECrYNFQ\/OMsaAFCdOh5V47HfxIAYAVdhGwAAAQEICgD2dN9s+naYR0VUIC9pbWFnZXMvSS8zMTV5OUlFWFpTTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139674717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678278,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXziNAAEAGIAmsECrYNFQ\/OMsbAFAzpLr7UTv6AIAYAVdUxgAAAQEICgD2dN9s+ncBR0VUIC9pbWFnZXMvSS81MTAwanhxclFoTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678278,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139674846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678278,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2293,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678411,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX2RtAAEAGFRGsECrYNFQ\/OMsZAFDfya3DUrie9YAYAVcODgAAAQEICgD2dN9s+nm5R0VUIC9pbWFnZXMvSS82MVNaVS1sUEZOTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139674889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139678550,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXc65AAEAGen6sECrYNFQ\/OMscAFApFQd4fxQzdYAYAVfD8AAAAQEICgD2dN9s+nXPR0VUIC9pbWFnZXMvSS84MU5pNUNPdXAtTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139674922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139678550,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_src_last_pkt_time":1490976139643974,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976139711656,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_src_last_pkt_time":1490976139713700,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139713700,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"} 01287{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":4,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1490976139714237,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXMrhAAEAGu3SsECrYNFQ\/OMsdAFCU10ZrV0GbkoAYAVeRsQAAAQEICgD2dONs+n\/1R0VUIC9pbWFnZXMvSS82MVRmcDdaVmNvTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139714237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139711656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976139714237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com","domainame":"ecx.images-amazon.com","http": {"url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139669495,"flow_dst_last_pkt_time":1490976139777944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139777944,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0x2ZAAPIGdug0VD84rBAq2ABQyxh7572BMrTYfoAQAHa+FwAAAQEICmz6eucA9nTe"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678156,"flow_dst_last_pkt_time":1490976139788054,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139788054,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0qVhAAPIGlPY0VD84rBAq2ABQyxrjsd\/EnTogeIAQAHaF0gAAAQEICmz6dpwA9nTf"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678278,"flow_dst_last_pkt_time":1490976139788207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139788207,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0jQVAAPIGsUk0VD84rBAq2ABQyxtRO\/oAM6S9HoAQAHbKkgAAAQEICmz6dwUA9nTf"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2357,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678411,"flow_dst_last_pkt_time":1490976139882498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139882498,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA05ztAAPIGVxM0VD84rBAq2ABQyxlSuJ7138mv5oAQAHaCbAAAAQEICmz6ec4A9nTf"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2358,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139678550,"flow_dst_last_pkt_time":1490976139882630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139882630,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0RpFAAPIG9700VD84rBAq2ABQyxx\/FDN1KRUJm4AQAHYieAAAAQEICmz6deQA9nTf"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2397,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":5,"flow_src_last_pkt_time":1490976139714237,"flow_dst_last_pkt_time":1490976139917430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976139917430,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0G5lAAPIGIrY0VD84rBAq2ABQyx1XQZuSlNdIjoAQAHYtTAAAAQEICmz6gAsA9nTj"} -02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2425,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140004854,"flow_dst_last_pkt_time":1490976140002371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":21002,"midstream":0,"thread_ts_usec":1490976140004854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":45,"avg":23229.3,"max":179149,"stddev":43867.1,"var":1924322304.0,"ent":3.1,"data": [31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484]},"pktlen": {"min":52,"avg":743.4,"max":1500,"stddev":681.3,"var":464196.8,"ent":4.3,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0],"entropies": [4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +02224{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2425,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140004854,"flow_dst_last_pkt_time":1490976140002371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":21002,"midstream":0,"thread_ts_usec":1490976140004854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":45,"avg":23229.3,"max":179149,"stddev":43867.1,"var":1924322304.0,"ent":3.1,"data": [31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484]},"pktlen": {"min":52,"avg":743.4,"max":1500,"stddev":681.3,"var":464196.8,"ent":4.3,"data": [60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0],"entropies": [4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 00939{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731374,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00930{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022741105,"flow_src_last_pkt_time":1490976022741164,"flow_dst_last_pkt_time":1490976022741105,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -990,23 +990,23 @@ 00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1490976023731065,"flow_src_last_pkt_time":1490976031750280,"flow_dst_last_pkt_time":1490976023731065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00954{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976032763274,"flow_src_last_pkt_time":1490976032763299,"flow_dst_last_pkt_time":1490976032763274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01041{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976140054622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cognito-identity.us-east-1.amazonaws.com"}} -02340{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2440,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140230625,"flow_dst_last_pkt_time":1490976140359077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":18414,"midstream":0,"thread_ts_usec":1490976140359077,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":97,"avg":42070.0,"max":510931,"stddev":110064.9,"var":12114281472.0,"ent":2.5,"data": [24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416]},"pktlen": {"min":52,"avg":679.6,"max":1500,"stddev":671.9,"var":451493.0,"ent":4.2,"data": [60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1],"entropies": [4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2440,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140230625,"flow_dst_last_pkt_time":1490976140359077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":18414,"midstream":0,"thread_ts_usec":1490976140359077,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":97,"avg":42070.0,"max":510931,"stddev":110064.9,"var":12114281472.0,"ent":2.5,"data": [24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416]},"pktlen": {"min":52,"avg":679.6,"max":1500,"stddev":671.9,"var":451493.0,"ent":4.2,"data": [60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1],"entropies": [4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976142629437,"flow_dst_last_pkt_time":1490976142629437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976142629437,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1490976142629437,"flow_dst_last_pkt_time":1490976142629437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976142629437,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_src_last_pkt_time":1490976142629437,"flow_dst_last_pkt_time":1490976142691841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976142691841,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_src_last_pkt_time":1490976142696112,"flow_dst_last_pkt_time":1490976142691841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976142696112,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSi9AAEAGxMysECrYNu8d\/Z+uAbuBOjwsoFMq+FAQAVdYjQAA"} 00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":4,"flow_src_last_pkt_time":1490976142698502,"flow_dst_last_pkt_time":1490976142691841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_usec":1490976142698502,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbSjBAAEAGw9isECrYNu8d\/Z+uAbuBOjwsoFMq+FAYAVc4xwAAFgMBAO4BAADqAwNiqd1S7MhG5wB\/dT8PiLwUoMSITVffXbD1xI\/bdNzIUCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACB2toAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiqqgAdABcAGFpaAAEA"} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976142698502,"flow_dst_last_pkt_time":1490976142691841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976142698502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976142698502,"flow_dst_last_pkt_time":1490976142691841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976142698502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":5,"flow_src_last_pkt_time":1490976142698502,"flow_dst_last_pkt_time":1490976142816463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976142816463,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB91YZAAOcGkh827x39rBAq2AG7n66gUyr4gTo9H1AYf\/i1wAAAFgMBAEoCAABGAwFY3n2Obh+Ev43oa4t9qN6MX4wxb9ryi9I8T8yVK9XgOCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976142698502,"flow_dst_last_pkt_time":1490976142816463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976142816463,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976142698502,"flow_dst_last_pkt_time":1490976142816463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976142816463,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com","domainame":"skills-store.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150029230,"flow_dst_last_pkt_time":1490976150029230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150029230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1490976150029230,"flow_dst_last_pkt_time":1490976150029230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976150029230,"pkt":"AMDKkaPvePiC0\/vCCABFAAA86ydAAEAGW8esECrYNF7ohrK2AbvOUJPOAAAAAKAC\/\/\/DwQAAAgQFtAQCCAoA9njpAAAAAAEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1490976150029230,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976150125051,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_src_last_pkt_time":1490976150126970,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976150126970,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976150127984,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX6ylAAEAGWuqsECrYNF7ohrK2AbvOUJPPtBCaw1AYAVchEAAAFgMBAOoBAADmAwOKdjFFpOOXsbbSqMMeJaFC\/d12VQO5ox2KdTo39VCnrCB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9OjoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYSkoAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150127984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150127984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":5,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196553,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976150196553,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAokKxAAOcGD1Y0XuiGrBAq2AG7sra0EJrDzlCUvlAQf\/jVuQAAAAAAAAAA"} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976150196755,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976150196755,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022741105,"flow_src_last_pkt_time":1490976022741164,"flow_dst_last_pkt_time":1490976022741105,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150210618,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00937{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731374,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150210618,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976030758212,"flow_dst_last_pkt_time":1490976150757970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6814,"midstream":0,"thread_ts_usec":1490976150757970,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":3968339.8,"max":120002762,"stddev":21185284.0,"var":448816230694912.0,"ent":0.3,"data": [77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69]},"pktlen": {"min":52,"avg":436.5,"max":1500,"stddev":570.0,"var":324877.8,"ent":3.9,"data": [60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52]},"bins": {"c_to_s": [9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0],"s_to_c": [7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1],"entropies": [4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1015,9 +1015,9 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1490976158680003,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976158840127,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_src_last_pkt_time":1490976158841362,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976158841362,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"} 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":4,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976158842060,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX\/opAAEAGR4msECrYNF7ohrK3Abt2joLEmDOqGlAYAVepYwAAFgMBAOoBAADmAwPtGRNrH\/FF66PH1PCooAX1Dd1\/3OeWvWeSDYxuFGcUDiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976158842060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976158842060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":5,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976159147892,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ZJ1AAOcGOxA0XuiGrBAq2AG7sreYM6oado6Ds1AYf\/jWEQAAFgMBAEoCAABGAwFY3n2ejsBVJxuO9LpSs5v2aSzauuFSRGgpga0DGSdUzyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976159147892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976159147892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976031691694,"flow_src_last_pkt_time":1490976032855148,"flow_dst_last_pkt_time":1490976032852924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":808,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":808,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976036358790,"flow_dst_last_pkt_time":1490976036357145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":707,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1768,"flow_dst_tot_l4_payload_len":3944,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -1035,17 +1035,17 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_src_last_pkt_time":1490976165062082,"flow_dst_last_pkt_time":1490976165120284,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976165120284,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwviBAAOcG4dk0XuiGrBAq2AG7m0ayU5bRPwIbbXASH\/4vqAAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_src_last_pkt_time":1490976165122162,"flow_dst_last_pkt_time":1490976165120284,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976165122162,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZadAAEAG4VusECrYNF7ohptGAbs\/AhttslOW0lAQAVd6GQAA"} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2560,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":4,"flow_src_last_pkt_time":1490976165125978,"flow_dst_last_pkt_time":1490976165120284,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976165125978,"pkt":"AMDKkaPvePiC0\/vCCABFAADWZahAAEAG4KysECrYNF7ohptGAbs\/AhttslOW0lAYAVcqOgAAFgMBAKkBAAClAwFXCTeQDMK\/FDjYD8QCr4+nmvueUE6Ddrnzytp5\/6hChCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976165125978,"flow_dst_last_pkt_time":1490976165120284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976165125978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976165125978,"flow_dst_last_pkt_time":1490976165120284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976165125978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2561,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":5,"flow_src_last_pkt_time":1490976165125978,"flow_dst_last_pkt_time":1490976165190083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976165190083,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9wjpAAOcG3XI0XuiGrBAq2AG7m0ayU5bSPwIcG1AYf\/p8IQAAFgMBAEoCAABGAwFY3n2lKrNMt6\/OX8FdZoR8ql5RDmr00v4XE5Mx8EPChiCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvABQDAQABAQ=="} -01425{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976165125978,"flow_dst_last_pkt_time":1490976165190083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976165190083,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976165125978,"flow_dst_last_pkt_time":1490976165190083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976165190083,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169531098,"flow_dst_last_pkt_time":1490976169531098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976169531098,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":1490976169531098,"flow_dst_last_pkt_time":1490976169531098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976169531098,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8anRAAEAG3HqsECrYNF7ohrK4AbvvmuryAAAAAKAC\/\/9DtAAAAgQFtAQCCAoA9oCGAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_src_last_pkt_time":1490976169531098,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976169726806,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_src_last_pkt_time":1490976169729899,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976169729899,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":4,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976169731050,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXanZAAEAG252sECrYNF7ohrK4AbvvmurzcBF5W1AYAVfzhwAAFgMBAOoBAADmAwNQGProSMl78hAUDaTmTX5yUTx4scZiFRjHHV08S9IO6yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976169731050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976169731050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":5,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169888180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976169888180,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9eExAAOcGJ2E0XuiGrBAq2AG7srhwEXlb75rr4lAYf\/iM1wAAFgMBAEoCAABGAwFY3n2pJltIvltxhfK2SiAqZURuo+oby5xQQ9okKpdqHCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169888180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976169888180,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169888180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976169888180,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042512458,"flow_dst_last_pkt_time":1490976042511689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":766,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1346,"flow_dst_tot_l4_payload_len":5556,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976048924178,"flow_dst_last_pkt_time":1490976048922012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":5741,"flow_dst_tot_l4_payload_len":1061,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01051{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":19,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976048924429,"flow_dst_last_pkt_time":1490976048922814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":21470,"flow_dst_tot_l4_payload_len":1061,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com"}} @@ -1070,7 +1070,7 @@ 01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976046401041,"flow_dst_last_pkt_time":1490976046398896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5245,"flow_dst_tot_l4_payload_len":5794,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976048928081,"flow_dst_last_pkt_time":1490976048926899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":5205,"flow_dst_tot_l4_payload_len":459,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1490976047858519,"flow_src_last_pkt_time":1490976048917977,"flow_dst_last_pkt_time":1490976048916787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":3984,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01110{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041434841,"flow_src_last_pkt_time":1490976041434841,"flow_dst_last_pkt_time":1490976041437012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01217{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041434841,"flow_src_last_pkt_time":1490976041434841,"flow_dst_last_pkt_time":1490976041437012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041434841,"flow_src_last_pkt_time":1490976041434841,"flow_dst_last_pkt_time":1490976041437012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976037754217,"flow_src_last_pkt_time":1490976042398724,"flow_dst_last_pkt_time":1490976042396317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":2140,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android-1c1335ec95a27318"}} @@ -1100,21 +1100,21 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_src_last_pkt_time":1490976177232232,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976177232232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_src_last_pkt_time":1490976177232543,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976177232543,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":4,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976177233706,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3k5BAAEAGe+esECrYNu8cssZsAbvv1RDxxhHYKlAYAVegdQAAFgMBAMoBAADGAwNlXadIw7yx7VLHe4UdO3wZiu\/EcwTKyJ+o5joejNiDegAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfaqqAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhaWgAdABcAGEpKAAEA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177233706,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177233706,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":4,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976177235757,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3pC5AAEAGa0msECrYNu8cssZtAbubwSdU47ys2VAYAVdEqAAAFgMBAMoBAADGAwPJsGFZNlhJRMty6KrMnV1YFeE+Nh3uPX+8iS4ufNPtYgAAIMrKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfWpqAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAi6ugAdABcAGFpaAAEA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177235757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177235757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177276176,"flow_dst_last_pkt_time":1490976177276176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177276176,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1490976177276176,"flow_dst_last_pkt_time":1490976177276176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976177276176,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_src_last_pkt_time":1490976177276176,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976177409998,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":5,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177410580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976177410580,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHZxAAOcGRfY27xyyrBAq2AG7xmzGEdgq79URwFAYf\/krDwAAFgMBDLwCAABGAwFY3n2xoE\/i6JhK5Md85LDgTL+hjMKOoOipyrc3Qs63NyBbMnlmo5paikbiPJoGHJv6QkaI+z+FCbdHU5bqJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02011{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177411170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177411170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177411170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177411170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2629,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":5,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177411710,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976177411710,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcV8VAAOcGC8027xyyrBAq2AG7xm3jvKzZm8EoI1AYf\/nh\/QAAFgMBDLwCAABGAwFY3n2xaq9TiacLU53\/Dedeq5VgVwSB6e5nEATT\/X1YcSB4k7UGdAl7o2Fj7GR\/vQXOKrGMzABpKlhDsMZpJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02011{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177412370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177412370,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177412370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177412370,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_src_last_pkt_time":1490976177416579,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976177416579,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":4,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976177419812,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3ZilAAEAGqU6sECrYNu8cssZvAbuB1uWpMeRpe1AYAVfk5AAAFgMBAMoBAADGAwMsuk8budl5l63szylFKYvttXtVR+FVs3ji\/ibU4XOTkgAAICoqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfUpKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAi6ugAdABcAGBoaAAEA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177419812,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177419812,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2642,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":5,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177551603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976177551603,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXckcFAAOcG0dA27xyyrBAq2AG7xm8x5Gl7gdbmeFAYf\/ku2AAAFgMBDLwCAABGAwFY3n2xtTCgBX2XxOgCNPe4QWinehtmaqxVaZztY5JDAyCbTc\/lJnWdRZ6KEAYyDThaI+O9lRqgAB2UK+xdOk8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02011{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177553024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177553024,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177553024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177553024,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_src_last_pkt_time":1490976178110288,"flow_dst_last_pkt_time":1490976177116910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976178110288,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_src_last_pkt_time":1490976178110288,"flow_dst_last_pkt_time":1490976178284687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976178284687,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":4,"flow_src_last_pkt_time":1490976178285843,"flow_dst_last_pkt_time":1490976178284687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976178285843,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf1AAEAGekmsECrYNu8cssZuAbts9RaFSlzPnVAQAVceVgAA"} @@ -1128,9 +1128,9 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_src_last_pkt_time":1490976186164818,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976186394721,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_src_last_pkt_time":1490976186398073,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976186398073,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":4,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976186398375,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3hh1AAEAGiVqsECrYNu8cssZwAbtODwEd3KZUiFAYAVcX6AAAFgMBAMoBAADGAwNIp1N542sFVSo0EG+FRg60u0Yye1+MLqKN0bYZ2TEvIQAAIEpKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfVpaAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiqqgAdABcAGHp6AAEA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186398375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186398375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":5,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186550555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976186550555,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcACpAAOcGY2g27xyyrBAq2AG7xnDcplSITg8B7FAYf\/kOiwAAFgMBDLwCAABGAwFY3n26REB5NKXR3I9dkWggmGDU6jpRlw5FpVJBuUrB1SCeZzFPhCqe0IawM80i0LIK\/kW95mA05nnVAtHMuFIHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02011{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186551062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976186551062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186551062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976186551062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186818047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186818047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186818047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1490976186818047,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWmJAAEARMzysECrYrBAqASHdADUAQT24ItEBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186818047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186818047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -1141,10 +1141,10 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_src_last_pkt_time":1490976186884448,"flow_dst_last_pkt_time":1490976187052905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976187052905,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwqiJAAOcGxG827xderBAq2AG7r3A+ML0a8v\/5B3ASH\/6mVwAAAgQFtAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_src_last_pkt_time":1490976187055606,"flow_dst_last_pkt_time":1490976187052905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976187055606,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofldAAEAGl0OsECrYNu8XXq9wAbvy\/\/kHPjC9G1AQAVfwyAAA"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":4,"flow_src_last_pkt_time":1490976187057117,"flow_dst_last_pkt_time":1490976187052905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1490976187057117,"pkt":"AMDKkaPvePiC0\/vCCABFAAELflhAAEAGll+sECrYNu8XXq9wAbvy\/\/kHPjC9G1AYAVc9QAAAFgMBAN4BAADaAwOYirXhV1FDzrGLqmFF+8oxLuoLV0r4D7tvlmDsmzXE4AAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAkbq6AAD\/AQABAAAAACwAKgAAJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAY6uoAAQA="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976187057117,"flow_dst_last_pkt_time":1490976187052905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187057117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976187057117,"flow_dst_last_pkt_time":1490976187052905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187057117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2707,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":5,"flow_src_last_pkt_time":1490976187057117,"flow_dst_last_pkt_time":1490976187161798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976187161798,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYjtAANsGGF827xderBAq2AG7r3A+ML0b8v\/5B1AQARzxAwAAAAAAAAAA"} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976187057117,"flow_dst_last_pkt_time":1490976187167875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976187167875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01724{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976187170086,"flow_dst_last_pkt_time":1490976187172718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976187172718,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976187057117,"flow_dst_last_pkt_time":1490976187167875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976187167875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01683{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976187170086,"flow_dst_last_pkt_time":1490976187172718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976187172718,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2724,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976187242775,"flow_src_last_pkt_time":1490976187242775,"flow_dst_last_pkt_time":1490976187242775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187242775,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1490976187242775,"flow_dst_last_pkt_time":1490976187242775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1490976187242775,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmNAAEARM1KsECrYrBAqAeoEADUAKipZJj0BAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976187242775,"flow_src_last_pkt_time":1490976187242775,"flow_dst_last_pkt_time":1490976187242775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187242775,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -1156,9 +1156,9 @@ 02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2741,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187574979,"flow_dst_last_pkt_time":1490976187571653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4012,"midstream":0,"thread_ts_usec":1490976187574979,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":112,"avg":664331.6,"max":8001087,"stddev":1905246.8,"var":3629965115392.0,"ent":2.5,"data": [133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048]},"pktlen": {"min":40,"avg":424.7,"max":1500,"stddev":584.7,"var":341856.6,"ent":3.8,"data": [60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40]},"bins": {"c_to_s": [9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0],"entropies": [4.739262104,5.176427841,4.831687450,5.587803364,6.784171104,7.276063442,7.379589558,4.681686878,4.831686974,4.881687164,7.374952793,4.565872192,6.002931595,7.862873554,6.853326321,4.609350204,7.863068104,6.002931595,4.831687450,7.863775730,4.652828693,7.736141205,4.831687450,7.863870144,7.273199081,4.501398087,4.781687260,4.544876099,7.864799976,4.565871716,4.609350204,4.881687164]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_src_last_pkt_time":1490976187575232,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976187575232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":4,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976187577439,"pkt":"AMDKkaPvePiC0\/vCCABFAADWIb5AAEAG7dqsECrYNu8cspdlAbtMyaY0Agy8q1AYAVf+iAAAFgMBAKkBAAClAwG16AV0b+GAfYYNp1IOTvu8DJ0f7IEfHu7urYszcZFfGCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187577439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187577439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":5,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187703787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976187703787,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc5VlAAOcGfjg27xyyrBAq2AG7l2UCDLyrTMmm4lAYf\/o3xAAAFgMBDLwCAABGAwFY3n27mBV2WbDPq95nUgHVHgPA3C3vs5uXZdBrRcVDiCCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187704396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976187704396,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +02012{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187704396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976187704396,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":5,"flow_src_last_pkt_time":1490976195480744,"flow_dst_last_pkt_time":1490976178284687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976195480744,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf5AAEAGekisECrYNu8cssZuAbts9RaFSlzPnVARAVceVQAA"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195484942,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195484942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195484942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2791,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195484942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976195484942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WmRAAEARM1OsECrYrBAqATpWADUAKI0W4msBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} @@ -1173,10 +1173,10 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195529965,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976195572630,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_src_last_pkt_time":1490976195573626,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195573626,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":4,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1490976195574285,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+supAAEAGqkKsECrYNFXRj6NkAbuAhDhZfMMB0oAYAVf8KgAAAQEICgD2irVttHwsFgMBAMUBAADBAwPpTJSZ1poYdnnlgBS9wmRJ7foXKk14XitVw1d4X49ZiQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeJqaAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAISkoAHQAXABiKigABAA=="} -01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195574285,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195572630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195574285,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2801,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":5,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195617600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195617600,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0feNAAPMGLRM0VdGPrBAq2AG7o2R8wwHSgIQ5I4AQAHZGjAAAAQEICm20fDEA9oq1"} -01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195621582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976195621582,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01793{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195622710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976195622710,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195621582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976195621582,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195574285,"flow_dst_last_pkt_time":1490976195622710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976195622710,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com","domainame":"www.amazon.com","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1490976195628315,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw6\/5AAEARoYSsECoBrBAq2AA1nekAXGuw5IqBgAABAAIAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAErAAwHYW5kcm9pZAFswBzAOAABAAEAAAErAATYOsJO"} 01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976195628315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"android.clients.google.com","domainame":"android.clients.google.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.194.78,ttl=299"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195633256,"flow_dst_last_pkt_time":1490976195633256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195633256,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1184,10 +1184,10 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195633256,"flow_dst_last_pkt_time":1490976195670657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976195670657,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8ibgAADcGiJLYOsJOrBAq2AG7v6uBvvSDQX72hqASpajvAAAAAgQFZAQCCAoLBTvAAPaKuwEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_src_last_pkt_time":1490976195672208,"flow_dst_last_pkt_time":1490976195670657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195672208,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fD9AAEAGTROsECrY2DrCTr+rAbtBfvaGgb70hIAQAVfBygAAAQEICgD2ir8LBTvA"} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2820,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":4,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195670657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"thread_ts_usec":1490976195724734,"pkt":"AMDKkaPvePiC0\/vCCABFAADtfEBAAEAGTFmsECrY2DrCTr+rAbtBfvaGgb70hIAYAVcNmQAAAQEICgD2isQLBTvAFgMBALQBAACwAwOyGSGBgtCm4VEGsO9q\/vzaBrFVmU1Xzv04\/EnIjdiunAAAKMypzBTAK8AszKjME8AvwDAAngCfwAnACsATwBQAMwA5AJwAnQAvADUBAABf\/wEAAQAAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAACwACAQAACgAIAAYAHQAXABg="} -01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195670657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195724734,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195670657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195724734,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2823,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":5,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195760501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976195760501,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0idQAADcGiH7YOsJOrBAq2AG7v6uBvvSEQX73P4AQAVTAtgAAAQEICgsFPBkA9orE"} -01425{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195762060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1490976195762060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","blocks":0}}} -02489{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195763002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3987,"midstream":0,"thread_ts_usec":1490976195763002,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42","blocks":0}}} +01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195762060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1490976195762060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","blocks":0}}} +02448{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195724734,"flow_dst_last_pkt_time":1490976195763002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3987,"midstream":0,"thread_ts_usec":1490976195763002,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3s":"9b1466fd60cadccb848e09c86e284265","ja4":"t12d200700_93851ff8129a_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42","blocks":0}}} 02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2844,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976195874449,"flow_dst_last_pkt_time":1490976195873685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4065,"flow_dst_tot_l4_payload_len":11044,"midstream":0,"thread_ts_usec":1490976195874449,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":22200.1,"max":105973,"stddev":31062.3,"var":964868608.0,"ent":3.6,"data": [42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893]},"pktlen": {"min":52,"avg":525.8,"max":1500,"stddev":600.4,"var":360465.6,"ent":4.1,"data": [60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52]},"bins": {"c_to_s": [9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0],"entropies": [4.672595501,5.194312096,4.986606121,5.562634945,5.014835358,6.943727970,7.231536865,7.504313469,7.550236702,5.056022167,4.926120281,5.003043652,4.940637589,6.271958828,7.856376171,7.737624168,5.206705093,6.298671246,7.856991291,5.133970261,7.098200321,5.000318050,4.979098797,7.871394634,7.857693672,7.882867336,7.672193050,7.592197895,6.342199802,4.986606121,6.480828762,4.846472263]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195921499,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195921499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195921499,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195921499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1490976195921499,"pkt":"AMDKkaPvePiC0\/vCCABFAABNWmZAAEARM0CsECrYrBAqARIEADUAOVP\/iiYBAAABAAAAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAQ=="} @@ -1205,30 +1205,30 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196002121,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196002121,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196003424,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196003424,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976196003702,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPCnVAAEAG5cSsECrYNFQ+c6O5Abv6a4CuA2RlJoAYAVfOvQAAAQEICgD2iuBs+oX0FgMBANYBAADSAwPpjfK00MIrt3BxXOFv6gz55nS9q4nJk9FBExT7V8ZmxQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAifr6AAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiKigAdABcAGLq6AAEA"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196003702,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196000859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196003702,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976196005425,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPwbBAAEAGLomsECrYNFQ+c6O4AbsdU0tx1L8trYAYAVfIxQAAAQEICgD2iuBs+oycFgMBANYBAADSAwPu6GGuPmyzw7dLNflsWT5nlBqUB1hxgKWeZNpugQIoJQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAiWpqAAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGKqqAAEA"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196005425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196001010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196005425,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_src_last_pkt_time":1490976195985305,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196008146,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196009303,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196009303,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976196010246,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPMZ9AAEAGvpqsECrYNFQ+c6O6AbtYObtE990rD4AYAVcgywAAAQEICgD2iuBs+o9VFgMBANYBAADSAwOZ4tBPqLqYdHU6SDQI1rutJPljePPKqcU84R0pjyIHmAAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAidraAAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGEpKAAEA"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196010246,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196008146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196010246,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196016602,"flow_dst_last_pkt_time":1490976196016602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196016602,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196016602,"flow_dst_last_pkt_time":1490976196016602,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196016602,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196028189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196028189,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA04NBAAPIGXkM0VD5zrBAq2AG7o7kDZGUm+muBiYAQAHYj3AAAAQEICmz6hfYA9org"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2880,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196030939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196030939,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0pFhAAPIGmrs0VD5zrBAq2AG7o7r33SsPWDm8H4AQAHbHswAAAQEICmz6j1cA9org"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2881,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196031071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196031071,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0oQ1AAPIGngY0VD5zrBAq2AG7o7jUvy2tHVNMTIAQAHaVpgAAAQEICmz6jKAA9org"} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196033481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196033481,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196034469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196034469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196037522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196037522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196038701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196038701,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196039960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196039960,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196041445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196041445,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196033481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196033481,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196003702,"flow_dst_last_pkt_time":1490976196034469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196034469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196037522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196037522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196010246,"flow_dst_last_pkt_time":1490976196038701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196038701,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196039960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196039960,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196005425,"flow_dst_last_pkt_time":1490976196041445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1490976196041445,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","domainame":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2910,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196016602,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976196075142,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIa5AAOcGR5A27xyyrBAq2AG74sBbwNFvZBCniXASH\/4cPAAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196075924,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976196075924,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2913,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976196079939,"pkt":"AMDKkaPvePiC0\/vCCABFAADWLWtAAEAG4i2sECrYNu8csuLAAbtkEKeJW8DRcFAYAVdgIgAAFgMBAKkBAAClAwEIvZt9+BC6Nupqw3rZKTOo5DVtg3EJn2TLxazoTB5EvSCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196079939,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196079939,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976196143111,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoKCNAAOcGQSM27xyyrBAq2AG74sBbwNFwZBCoN1AQf\/rnWwAAAAAAAAAA"} -01425{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2925,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976196143271,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2925,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976196143271,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976075975082,"flow_dst_last_pkt_time":1490976075957057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3582,"flow_dst_tot_l4_payload_len":5044,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976075950122,"flow_dst_last_pkt_time":1490976075948173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":3873,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976075957794,"flow_dst_last_pkt_time":1490976075955793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":3630,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1254,10 +1254,10 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2938,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196257995,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196259088,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196259088,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"thread_ts_usec":1490976196261315,"pkt":"AMDKkaPvePiC0\/vCCABFAAD2Y05AAEAG+easECrYNFXRj5ZTAbu3TOm7qdyztYAYAVe1MwAAAQEICgD2ivpt5QucFgMBAL0BAAC5AwOo7Axkb8GLUakvQG63Tsv7HZAz5uQ4F\/rfU5NRiOqOZwAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196261315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196261315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196295914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196295914,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0uBVAAPMG8uA0VdGPrBAq2AG7llOp3LO1t0zqfYAQAHb8mAAAAQEICm3lC6AA9or6"} -01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196300973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196300973,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01948{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2947,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196301692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3462,"midstream":0,"thread_ts_usec":1490976196301692,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} +01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2945,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196300973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196300973,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2947,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196301692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3462,"midstream":0,"thread_ts_usec":1490976196301692,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E","blocks":0}}} 02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2981,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196651032,"flow_dst_last_pkt_time":1490976196769763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":16510,"midstream":0,"thread_ts_usec":1490976196769763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":31380.5,"max":241435,"stddev":57224.6,"var":3274655232.0,"ent":3.4,"data": [33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250]},"pktlen": {"min":52,"avg":620.4,"max":1500,"stddev":578.4,"var":334504.2,"ent":4.3,"data": [60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1490976196840676,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} @@ -1270,7 +1270,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3033,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976197023104,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3034,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_src_last_pkt_time":1490976197024461,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976197024461,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3035,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":4,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976197026574,"pkt":"AMDKkaPvePiC0\/vCCABFAAD15QtAAEAGZ4CsECrYSBXOebn1AbuZi244AdNAi1AYAVcK3wAAFgMBAMgBAADEAwPgpEwF\/Xat48+4W37drUaLhGz9wRo+dbZ872q4eXXW7QAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe0pKAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIqqoAHQAXABgKCgABAA=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3035,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197026574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3035,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197026574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3036,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":5,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197073735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976197073735,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo8eNAANsGwHRIFc55rBAq2AG7ufUB00CLmYtuOFAQARy7bgAAAAAAAAAA"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3037,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197297649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197297649,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3037,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197297649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976197297649,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="} @@ -1278,12 +1278,12 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976197355099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3042,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_src_last_pkt_time":1490976197356307,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976197356307,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"} 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":4,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976197357234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1AuFAAEAGSausECrYSBXOebn2AbvarIm\/Gg6aPFAYAVf7IAAAFgMBAMgBAADEAwOvXx4qoD9hGvfdVqZ\/Da8Sic0\/mG13oBFGNV7wDdZlEgAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAexoaAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABgqKgABAA=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3043,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197357234,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3045,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197363795,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01690{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3047,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197363937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3043,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197357234,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3045,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197363795,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01649{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3047,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197363937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3055,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":5,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197531809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976197531809,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoFXlAANsGnN9IFc55rBAq2AG7ufYaDpo82qyJv1AQARzs2AAAAAAAAAAA"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197532482,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01690{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197532968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197532482,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01649{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197532968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android-1c1335ec95a27318"}} 00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976180796726,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976177233444,"flow_dst_last_pkt_time":1490976177226996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":197,"flow_src_tot_l4_payload_len":3159,"flow_dst_tot_l4_payload_len":335,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -1308,9 +1308,9 @@ 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976120950142,"flow_dst_last_pkt_time":1490976120949042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":9842,"flow_dst_tot_l4_payload_len":946,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976116084560,"flow_src_last_pkt_time":1490976117005965,"flow_dst_last_pkt_time":1490976117004804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976116084560,"flow_src_last_pkt_time":1490976117005965,"flow_dst_last_pkt_time":1490976117004804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01222{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01329{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01222{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01329{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01109{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1352,18 +1352,18 @@ 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"s3-external-2.amazonaws.com"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976135403194,"flow_dst_last_pkt_time":1490976135399921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13350,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976135403332,"flow_dst_last_pkt_time":1490976135399957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":29863,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976135402796,"flow_dst_last_pkt_time":1490976135399738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12026,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976135403069,"flow_dst_last_pkt_time":1490976135399877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13588,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976135505174,"flow_dst_last_pkt_time":1490976135503730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":14048,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976135403457,"flow_dst_last_pkt_time":1490976135399987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":14238,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":24,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140773289,"flow_dst_last_pkt_time":1490976140771277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":27645,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976140772766,"flow_dst_last_pkt_time":1490976140771030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12275,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01138{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976140745630,"flow_dst_last_pkt_time":1490976140742599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":7666,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":25,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140773163,"flow_dst_last_pkt_time":1490976140771210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":29389,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976140773012,"flow_dst_last_pkt_time":1490976140771162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} -01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976140781151,"flow_dst_last_pkt_time":1490976140771313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":15274,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976135403194,"flow_dst_last_pkt_time":1490976135399921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13350,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976135403332,"flow_dst_last_pkt_time":1490976135399957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":29863,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976135402796,"flow_dst_last_pkt_time":1490976135399738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12026,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976135403069,"flow_dst_last_pkt_time":1490976135399877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13588,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976135505174,"flow_dst_last_pkt_time":1490976135503730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":14048,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976135403457,"flow_dst_last_pkt_time":1490976135399987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":14238,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":24,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140773289,"flow_dst_last_pkt_time":1490976140771277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":27645,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976140772766,"flow_dst_last_pkt_time":1490976140771030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12275,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976140745630,"flow_dst_last_pkt_time":1490976140742599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":7666,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01025{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":25,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140773163,"flow_dst_last_pkt_time":1490976140771210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":29389,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976140773012,"flow_dst_last_pkt_time":1490976140771162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} +01024{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976140781151,"flow_dst_last_pkt_time":1490976140771313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":15274,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ecx.images-amazon.com"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976076275395,"flow_src_last_pkt_time":1490976077663527,"flow_dst_last_pkt_time":1490976077660439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} 00977{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -1399,7 +1399,7 @@ 01201{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196282103,"flow_dst_last_pkt_time":1490976196280788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":597,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":735,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041806940,"flow_src_last_pkt_time":1490976041806940,"flow_dst_last_pkt_time":1490976041938819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.amazon.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027522377,"flow_src_last_pkt_time":1490976027522377,"flow_dst_last_pkt_time":1490976027523403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} -01110{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01217{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mads.amazon-adsystem.com"}} @@ -1412,7 +1412,7 @@ 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024847601,"flow_src_last_pkt_time":1490976024847601,"flow_dst_last_pkt_time":1490976024848551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cognito-identity.us-east-1.amazonaws.com"}} 01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196880268,"flow_dst_last_pkt_time":1490976196870225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":23158,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3103,"packets-processed":3074,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3103,"packets-processed":3074,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3103/3074 ~~ skipped flows.............: 0 @@ -1421,9 +1421,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8893254 bytes -~~ total memory freed........: 8893254 bytes -~~ total allocations/frees...: 120134/120134 +~~ total memory allocated....: 9471600 bytes +~~ total memory freed........: 9471600 bytes +~~ total allocations/frees...: 131891/131891 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 300 chars ~~ json message max len.......: 2508 chars diff --git a/test/results/default/alicloud.pcap.out b/test/results/default/alicloud.pcap.out index 919be5b45..dfcb23dc7 100644 --- a/test/results/default/alicloud.pcap.out +++ b/test/results/default/alicloud.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656769158766000} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656769158766000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158766000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158766000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tl4AAD8GkXTAqAJkCNFoDJhqIye4YEtXAAAAAKAC\/\/8HVgAAAgQFtAQCCArIDoVmAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158786000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD9MI0WgMwKgCZCMnmGqSefYnuGBLWKAScSDxJQAAAgQFrAQCCAovVu0QyA6FZgEDAwc="} @@ -7,7 +7,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158796000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tmAAAD8GkXLAqAJkCNFoDJhqIye4YEtYknn2KIAYAKyCegAAAQEICsgOhYQvVu0Qzvq+uoAAAAA="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158815000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656769158815000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Gw9AADcG9MsI0WgMwKgCZCMnmGqSefYouGBLYIAQAOOP5AAAAQEICi9W7S3IDoWE"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1656785748891000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1656785748891000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748891000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748891000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8A+kAAD8GYjHAqAJkCNFJxaBgIyc2ZzbYAAAAAKAC\/\/8KpQAAAgQFtAQCCAqCo3RMAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748908000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnoGDRcRN1Nmc22aAScSBhTAAAAgQFrAQCCAowVCL2gqN0TAEDAwc="} @@ -16,7 +16,7 @@ 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748943000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656785748943000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0MH9AADgG\/KII0UnFwKgCZCMnoGDRcRN2Nmc24YAQAOP\/\/gAAAQEICjBUIxmCo3Rw"} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769159386000,"flow_dst_last_pkt_time":1656769159345000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1656785749673000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1656850884187000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1656850884187000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656850884187000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z4oAAD8G37XAqAJkCNFon5TOIye5z4t0AAAAAKAC\/\/+NLgAAAgQFtAQCCAosIFz5AAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884208000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnlM5sykifuc+LdaAScSCykQAAAgQFrAQCCAo0NX\/WLCBc+QEDAwc="} @@ -39,7 +39,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656851188434000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80KEAAD8GdrvAqAJkCNFogqW+IydMgQTQEJsn\/4AYAKwi6wAAAQEICtBzJBM0OpVuzvq+uoAAAAA="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656851188434000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656851188451000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0snxAADgGW+gI0WiCwKgCZCMnpb4Qmyf\/TIEE2IAQAOMwVQAAAQEICjQ6lYvQcyQT"} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657056857762000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657056857762000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657056857762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wVAAAD8GgvHAqAJkCNFrndi8IycjJbSWAAAAAKAC\/\/+9AAAAAgQFtAQCCAoBLH64AAAAAAEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857780000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857780000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGDEII0WudwKgCZCMn2Ly4f2lPIyW0l6AScSD3vQAAAgQFrAQCCApAfPHOASx+uAEDAwc="} @@ -50,7 +50,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884799000,"flow_dst_last_pkt_time":1656850884767000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851189170000,"flow_dst_last_pkt_time":1656851189132000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851053621000,"flow_src_last_pkt_time":1656851054220000,"flow_dst_last_pkt_time":1656851054182000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":45078,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657229888829000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657229888829000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888829000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86Q0AAD8GXjLAqAJkCNFon5zaIycgtHeSAAAAAKAC\/\/9rRwAAAgQFtAQCCAoAMk\/BAAAAAAEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888849000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnnNq1jGObILR3k6AScSDvdwAAAgQFrAQCCApKzKayADJPwQEDAwc="} @@ -59,7 +59,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888862000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888881000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657229888881000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0xVVAADcGSfII0WifwKgCZCMnnNq1jGOcILR3m4AQAOOOMQAAAQEICkrMptIAMk\/h"} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056858154000,"flow_dst_last_pkt_time":1657056858171000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1657229889603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657274814319000} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657274814319000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814319000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814319000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86\/4AAD8GWmPAqAJkCNFpfaZoIyeRsipKAAAAAKAC\/\/98qAAAAgQFtAQCCAoAUhAeAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGDWII0Wl9wKgCZCMnpmjO401pkbIqS6AScSBYmAAAAgQFrAQCCApNekkgAFIQHgEDAwc="} @@ -68,7 +68,7 @@ 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814354000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814372000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657274814372000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BF5AADgGCQwI0Wl9wKgCZCMnpmjO401qkbIqU4AQAOP3SwAAAQEICk16SUMAUhBB"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229889603000,"flow_dst_last_pkt_time":1657229889562000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657274815086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1657329378461000} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1657329378461000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378461000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hBoAAD8G4f\/AqAJkCNFJxcniIyfoxHdxAAAAAKAC\/\/8ZaAAAAgQFtAQCCAoBmMocAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGLhoI0UnFwKgCZCMnyeKXKjiN6MR3cqAScSBD1wAAAgQFrAQCCApQu0P1AZjKHAEDAwc="} @@ -77,7 +77,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378492000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378511000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657329378511000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fIRAADcGsZ0I0UnFwKgCZCMnyeKXKjiO6MR3eoAQAOPikwAAAQEIClC7RBMBmMo7"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274815086000,"flow_dst_last_pkt_time":1657274815046000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657329379426000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1657330328504000} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1657330328504000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TVAAAD8GGMrAqAJkCNFJxcwEIye\/AMGAAAAAAKAC\/\/931AAAAgQFtAQCCAoBp0k0AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328523000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnzATz8sp6vwDBgaAScSA0ZAAAAgQFrAQCCApQycMQAadJNAEDAwc="} @@ -85,7 +85,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328654000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TWEAAD8GGLnAqAJkCNFJxcwEIye\/AMGB8\/LKe4AYAVfE4gAAAQEICgGnSX1QycMQzvq+uoAAAAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328673000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657330328673000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0CV1AADgGI8UI0UnFwKgCZCMnzATz8sp7vwDBiYAQAOPSfgAAAQEIClDJw6YBp0l9"} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1657555354428000} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1657555354428000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657555354428000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA813sAAD8GbObAqAJkCNFrfa1kIyfBBINEAAAAAKAC\/\/\/L2gAAAgQFtAQCCAoA8S8EAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354448000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354448000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnrWQ5YTvVwQSDRaAScSCGhwAAAgQFrAQCCApeMwDBAPEvBAEDAwc="} @@ -95,7 +95,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1657555354460000,"flow_dst_last_pkt_time":1657555354480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657555354480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Ow5AADgG0FsI0Wt9wKgCZCMnrWQ5YTvWwQSDTYAQAOMlQAAAAQEICl4zAOEA8S8l"} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378618000,"flow_dst_last_pkt_time":1657329379426000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330329394000,"flow_dst_last_pkt_time":1657330329352000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1657574851663000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1657574851663000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851663000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851663000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8jBEAAD8GuFDAqAJkCNFrfZEoIyeSIbrzAAAAAKAC\/\/\/yXwAAAgQFtAQCCAoBZht6AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851693000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnkSgti4VgkiG69KAScSDtEQAAAgQFrAQCCApfXIHdAWYbegEDAwc="} @@ -104,7 +104,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851730000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657574851773000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BJxAADgGBs4I0Wt9wKgCZCMnkSgti4VhkiG6\/IAQAOOLhQAAAQEICl9cgiABZhu9"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555355094000,"flow_dst_last_pkt_time":1657555355050000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657574852156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1658234723934000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1658234723934000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723934000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8iRwAAD8G2gDAqAJkCNFMwrAmIycJ+x4TAAAAAKAC\/\/8EwAAAAgQFtAQCCAoAyS57AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723954000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKh0I0UzCwKgCZCMnsCanYywGCfseFKAScSAQYgAAAgQFrAQCCAqGsSkaAMkuewEDAwc="} @@ -113,7 +113,7 @@ 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723991000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658234723991000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BTdAADgGJO4I0UzCwKgCZCMnsCanYywHCfseHIAQAOOvEQAAAQEICoaxKT8AyS6g"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574852138000,"flow_dst_last_pkt_time":1657574852156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1658234724424000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1658356775079000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1658356775079000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775079000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775079000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8w68AAD8GgLXAqAJkCNFret\/qIye+qJRXAAAAAKAC\/\/\/CvgAAAgQFtAQCCAoBJPayAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775100000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2UI0Wt6wKgCZCMn3+oQtAE7vqiUWKAScSC9tgAAAgQFrAQCCAqN7vQBAST2sgEDAwc="} @@ -122,7 +122,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775133000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658356775133000,"pkt":"YDjgxTWgeJS0JASgCABFAAA09SVAADgGFkcI0Wt6wKgCZCMn3+oQtAE8vqiUYIAQAONcbgAAAQEICo3u9CIBJPbT"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234724082000,"flow_dst_last_pkt_time":1658234724424000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658356775409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1658358259423000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":211,"packets-processed":210,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1658358259423000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658358259423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88QkAAD8GcbHAqAJkCNFNJMo+IyebGrUIAAAAAKAC\/\/+dzAAAAgQFtAQCCAoBM1J1AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259440000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259440000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKbsI0U0kwKgCZCMnyj73vxTWmxq1CaAScSDP+wAAAgQFrAQCCAqODsIDATNSdQEDAwc="} @@ -132,7 +132,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1658358259451000,"flow_dst_last_pkt_time":1658358259468000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658358259468000,"pkt":"YDjgxTWgeJS0JASgCABFAAA01sBAADgGUwII0U0kwKgCZCMnyj73vxTXmxq1EYAQAONuvQAAAQEICo4OwiABM1KQ"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259551000,"flow_dst_last_pkt_time":1658358259887000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775222000,"flow_dst_last_pkt_time":1658356775409000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":225,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1658358259887000} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":225,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1658358259887000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 225/225 ~~ skipped flows.............: 0 @@ -141,9 +141,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6978538 bytes -~~ total memory freed........: 6978538 bytes -~~ total allocations/frees...: 114546/114546 +~~ total memory allocated....: 7556134 bytes +~~ total memory freed........: 7556134 bytes +~~ total allocations/frees...: 126277/126277 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/among_us.pcap.out b/test/results/default/among_us.pcap.out index 9f2e3dcf8..9ac6eaf9a 100644 --- a/test/results/default/among_us.pcap.out +++ b/test/results/default/among_us.pcap.out @@ -1,10 +1,10 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":946681200000000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 957 chars diff --git a/test/results/default/amqp.pcap.out b/test/results/default/amqp.pcap.out index 2878ab066..2b4584450 100644 --- a/test/results/default/amqp.pcap.out +++ b/test/results/default/amqp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490904166118902} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490904166118902} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1490904166118902,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -25,7 +25,7 @@ 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490904166119482,"flow_src_last_pkt_time":1490904170242659,"flow_dst_last_pkt_time":1490904170206101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":3469,"flow_dst_tot_l4_payload_len":105,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904170243601,"flow_dst_last_pkt_time":1490904170243630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7295,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1490904169152163,"flow_src_last_pkt_time":1490904170195756,"flow_dst_last_pkt_time":1490904170195765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2085,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":160,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1490904170243630} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":160,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1490904170243630} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 160/160 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923244 bytes -~~ total memory freed........: 6923244 bytes -~~ total allocations/frees...: 114325/114325 +~~ total memory allocated....: 7500840 bytes +~~ total memory freed........: 7500840 bytes +~~ total allocations/frees...: 126056/126056 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2138 chars diff --git a/test/results/default/android.pcap.out b/test/results/default/android.pcap.out index 230648494..d65ad7caa 100644 --- a/test/results/default/android.pcap.out +++ b/test/results/default/android.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454769772338} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454769772338} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1582454769772338,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} 00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -113,24 +113,24 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867723627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454867723627,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} 01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867723627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454867723627,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"play.googleapis.com","domainame":"play.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867702373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_usec":1582454867759068,"pkt":"xiwDYGpkTGr2n\/YnCABFAADaoxtAAEAG1OLAqAIQ2O8meIDOAbtPCpBt7LnzAIAYAVcMzgAAAQEICv\/\/M4cG5BElFgMBAKEBAACdAwMRGw5cHdksc9heZfp3I+xA9Dx3FfWs\/ESCI9YfdinRawAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABY\/wEAAQAAAAAYABYAABNjbGllbnRzMS5nb29nbGUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAALAAIBAAAKAAgABgAdABcAGA=="} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867702373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454867759068,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","domainame":"clients1.google.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867702373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454867759068,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","domainame":"clients1.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454867761577,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="} 01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454867761577,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"play.googleapis.com","domainame":"play.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.20.74,ttl=280"]}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867772247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454867772247,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA044kAAHYGnxrY7yZ4wKgCEAG7gM7sufMATwqRE4AQAPAldAAAAQEICgbkEWz\/\/zOH"} -01390{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867788871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454867788871,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","domainame":"clients1.google.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867789734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1582454867789734,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","domainame":"clients1.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42","blocks":0}}} +01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867788871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454867788871,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","domainame":"clients1.google.com","tls": {"version":"TLSv1.2","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +02679{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867789734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1582454867789734,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","domainame":"clients1.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868348648,"flow_dst_last_pkt_time":1582454868348648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868348648,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1582454868348648,"flow_dst_last_pkt_time":1582454868348648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868348648,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868348648,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868386134,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1582454868386954,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868386954,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"} 00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"thread_ts_usec":1582454868424791,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtA3dAAEAGsrjAqAIQrNkUSs0GAbvbqzdw1o6NxYAYAVdNBgAAAQEICv\/\/NC29hJeeFgMBALQBAACwAwMhPT2KHzHW0LHLGe6T2CwyHBBvprpU2QgwVPHkrHLB\/AAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABr\/wEAAQAAAAAYABYAABNwbGF5Lmdvb2dsZWFwaXMuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868424791,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","domainame":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868424791,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","domainame":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868461131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868461131,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0PwMAAHUGguWs2RRKwKgCEAG7zQbWjo3F26s4KYAQAPAhagAAAQEICr2El+r\/\/zQt"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868462800,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868462800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868462800,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868462800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1582454868462800,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="} 01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868462800,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868462800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868462800,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868466397,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","domainame":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01996{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1582454868466414,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","domainame":"play.googleapis.com","tls": {"version":"TLSv1.2","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868466397,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","domainame":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01955{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1582454868466414,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","domainame":"play.googleapis.com","tls": {"version":"TLSv1.2","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9","blocks":0}}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868503086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1582454868503086,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"} 01151{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868462800,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868503086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1582454868503086,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.18.3,ttl=177"]}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868511574,"flow_dst_last_pkt_time":1582454868511574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868511574,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -140,20 +140,20 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868527203,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868559889,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1582454868563343,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868563343,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1582454868563401,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3stdAAEAGBZXAqAIQrNkSA5AaAbtdpoaUbuJmY4AYAVcAOwAAAQEICv\/\/NFBPRk15FgMBAL4BAAC6AwOZySzIWyWPFv9jpx+5YWNqQg+xq9GVJmpUnw7vrnZc6QAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868563401,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868563401,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868595991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868595991,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0mn4AAHYGKLGs2RIDwKgCEAG7kBpu4mZjXaaHV4AQAPDW6gAAAQEICk9GTZ7\/\/zRQ"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868597303,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868597303,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454868597303,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868597303,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868597303,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","domainame":"app-measurement.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454868597743,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="} 01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868597303,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454868597743,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","domainame":"app-measurement.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.168.206,ttl=65"]}}} -01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868603874,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -02670{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3708,"midstream":0,"thread_ts_usec":1582454868603921,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42","blocks":0}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868603874,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +02629{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3708,"midstream":0,"thread_ts_usec":1582454868603921,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42","blocks":0}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868606764,"flow_dst_last_pkt_time":1582454866448783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1582454868606764,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868511574,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868843663,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1582454868844578,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868844578,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1582454868936798,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3PHFAAEAGe\/vAqAIQrNkSA5AYAbuCdQgtxrmESoAYAVdmqgAAAQEICv\/\/NK1Rt9ThFgMBAL4BAAC6AwPJiz4b6rt+LTNT4uSDXUKsbprZa0zZMc753ZkGH\/Y+XwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868936798,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868936798,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","domainame":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868964867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868964867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ft4AAHYGRFGs2RIDwKgCEAG7kBjGuYRKgnUI8IAQAPAwPAAAAQEIClG31Vr\/\/zSt"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869361238,"flow_src_last_pkt_time":1582454869361238,"flow_dst_last_pkt_time":1582454869361238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869361238,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1582454869361238,"flow_dst_last_pkt_time":1582454869361238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1582454869361238,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="} @@ -165,12 +165,12 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1582454869517223,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454869556140,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1582454869557517,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454869557517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"} 00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"thread_ts_usec":1582454869614403,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtoo5AAEAGfxzAqAIQrNmozsTQAbv86peij0W4yoAYAVd6YwAAAQEICv\/\/NVdmsf+JFgMBALQBAACwAwNEQVlrFj9Y47MgZ8vO8k2FXJJ0JJ\/6X8XoKgfa\/cCzYgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABrAAAAGAAWAAATYXBwLW1lYXN1cmVtZW50LmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgE="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869614403,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869614403,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869626114,"flow_src_last_pkt_time":1582454869626114,"flow_dst_last_pkt_time":1582454869626114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869626114,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1582454869626114,"flow_dst_last_pkt_time":1582454869626114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454869626114,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869652270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454869652270,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA00aQAAHUGW7+s2ajOwKgCEAG7xNCPRbjK\/OqYW4AQAPAdlwAAAQEICmax\/+r\/\/zVX"} -01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454869657605,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01809{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3201,"midstream":0,"thread_ts_usec":1582454869657623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01","blocks":0}}} +01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454869657605,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01768{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3201,"midstream":0,"thread_ts_usec":1582454869657623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1582454870649882,"flow_dst_last_pkt_time":1582454869626114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454870649882,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454870996454,"flow_src_last_pkt_time":1582454870996454,"flow_dst_last_pkt_time":1582454870996454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454870996454,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1582454870996454,"flow_dst_last_pkt_time":1582454870996454,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1582454870996454,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="} @@ -205,9 +205,9 @@ 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871103439,"flow_dst_last_pkt_time":1582454871103439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871103439,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871103439,"flow_dst_last_pkt_time":1582454871103439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871103439,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871088655,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871103583,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5xApAAEAGspTAqAIQ2O8meIDeAbsJrvLNIL8rFYAYAVc5mwAAAQEICv\/\/NstclUhuFgMBAgABAAH8AwMxTXvusHBDhpdSzKEoPqQ2o90gb87HP3QFZwA4kEZ\/QyD4xr0gtG8NjPlWhUg7IfWsznkFNClZBNvxMyLqGIrBHgAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBI0V5haWJofMB6PMnUO4IQ7keMeAwbqHFyCH7tJ8MoLgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871088655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871103583,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871088655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871103583,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871056176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871105198,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI53w5AAEAGl5DAqAIQ2O8meIDaAbu5DOmx\/LuGm4AYAVc8kAAAAQEICv\/\/NsuJFH+\/FgMBAgABAAH8AwNXR4IBK0icLctGWlxjvV\/JiAB62cpYMwCtfNZyJo3zdyCr3\/X3EqQMslzWKxfodTxbMmxBkYxsWxP2dnqi9pIeZQAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACDrv790wU6es29sORpkI+NUqAeVoQxGptljCga\/6WmGZAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871056176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871105198,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871056176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871105198,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871115584,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871115584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871115584,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871115584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871115584,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871115584,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871115584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871115584,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","domainame":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -218,29 +218,29 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871094545,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871128611,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871130064,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871130064,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"} 00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1582454871131065,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdRuNAAEAGMsvAqAIQrcJPco\/iAFBu6HApJij0c4AYAVesTgAAAQEICv\/\/NtLBhO\/iR0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871094545,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871131065,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net","domainame":"check.googlezip.net","http": {"url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36","detected_os":"Android 9"}}} -01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871132684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871132684,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871094545,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871131065,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net","domainame":"check.googlezip.net","http": {"url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36","detected_os":"Android 9"}}} +01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871132684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871132684,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871103439,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871132705,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871135219,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871135219,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"} -01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871135248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871135248,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871135248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871135248,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871138480,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5AplAAEAGsMrAqAIQrNkVysrYAbsvYjRd5KJDAoAYAVcUdQAAAQEICv\/\/NtRtKuidFgMBAgABAAH8AwMLzOxtO6hOmIYWfBvitg4r+7Wglg8GVNMAJsb\/jQkPqyB1NOTF0gGFb6IK4+2hAOm9SIxGs64I4ihATDO0kHBwJQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKaqqAAEAAB0AII9uaDFaArcbql7rcKk4GhOXI2ordsjsf6j3VCsurBUOAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAhoaAAEAABUAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871138480,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871138480,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871152402,"flow_dst_last_pkt_time":1582454871152402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871152402,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871152402,"flow_dst_last_pkt_time":1582454871152402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871152402,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871164798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871164798,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA03fEAAGcGteWtwk9ywKgCEABQj+ImKPRzbuhxUoAQAPhCcAAAAQEICsGE8Af\/\/zbS"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871152402,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871166075,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871167064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871167064,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0KaEAAHYGlces2RXKwKgCEAG7ytjkokMCL2I2YoAQAPAJtQAAAQEICm0q6MD\/\/zbU"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871167424,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871167424,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"} -01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871175159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871175159,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871175159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871175159,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1582454871200149,"pkt":"xiwDYGpkTGr2n\/YnCABFAADo2rtAAEAGnTTAqAIQ2O8meIDkAbvMauxvlTROSYAYAVcGiwAAAQEICv\/\/NuPIBAjeFgMBAK8BAACrAwNFVUmkRCYrsTAD0Sv7c78jm6\/45rXgRFs9zPd5tSprMAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABmAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIB"} -01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871200149,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871200149,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871083686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871207179,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5\/AlAAEAGepXAqAIQ2O8meIDcAbs4lMrGVf45RYAYAVcaagAAAQEICv\/\/NuUm516WFgMBAgABAAH8AwM37xcvxqGOp1ZnThmurrs0HSWrnpg6Spe\/m2OgtSLfXSCC4Pfhq3JTS\/EIU4w5K41jaeqfs8B1xjYOKn01wppgBwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACAOqSgSSv06T6U6O4sZxiexLl9ocxA7uiPWoPZ34phLJgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871083686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871207179,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871083686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871207179,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871213549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871213549,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA02kYAAHUGqV3Y7yZ4wKgCEAG7gOSVNE5JzGrtI4AQAPCMDAAAAQEICsgECQ3\/\/zbj"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871221044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871221044,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0bqkAAHYGE\/vY7yZ4wKgCEAG7gNxV\/jlFOJTMy4AQAPDfhQAAAQEICibnXyD\/\/zbl"} -01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871230117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":2554,"midstream":0,"thread_ts_usec":1582454871230120,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0","blocks":0}}} -01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871237524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871237524,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871230117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01514{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":2554,"midstream":0,"thread_ts_usec":1582454871230120,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","server_names":"www.google.com","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0","blocks":0}}} +01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871237524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871237524,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871292222,"flow_src_last_pkt_time":1582454871292222,"flow_dst_last_pkt_time":1582454871292222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871292222,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871292222,"flow_dst_last_pkt_time":1582454871292222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454871292222,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871292222,"flow_src_last_pkt_time":1582454871292222,"flow_dst_last_pkt_time":1582454871292222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871292222,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"accounts.google.com","domainame":"accounts.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -251,12 +251,12 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871321492,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871334763,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871335705,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871335705,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871339142,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5nfNAAEAG2KvAqAIQ2O8meIDmAbsuQarxOuHFYoAYAVe\/wgAAAQEICv\/\/NwYfL14GFgMBAgABAAH8AwM2HQqqNkiYixPn9BwY+6aPMTBPHUYVai51sP\/t1krD8iCPeQv28z7\/GLsaGfQh98BpWEFaJzPvJz3ZigJL3Bq7jwAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACDaIvjlTeWP\/EfNzQgKtZHyge+ZIFM5wilp\/lsIRx8ZUQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871339142,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871339142,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871343067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871343067,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871343067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1582454871343067,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} 01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871343067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871343067,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"semanticlocation-pa.googleapis.com","domainame":"semanticlocation-pa.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871352300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871352300,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0sbMAAHUG0fDY7yZ4wKgCEAG7gOY64cViLkGs9oAQAPChQgAAAQEICh8vXhj\/\/zcG"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871359254,"flow_dst_last_pkt_time":1582454871370051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871370051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871359254,"flow_dst_last_pkt_time":1582454871370051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871370051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871383146,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1582454871383146,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="} 01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871383146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1582454871383146,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"semanticlocation-pa.googleapis.com","domainame":"semanticlocation-pa.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.20.74,ttl=178"]}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871496841,"flow_src_last_pkt_time":1582454871496841,"flow_dst_last_pkt_time":1582454871496841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871496841,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -274,22 +274,22 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454871601103,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} 01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600718,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454871601103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"accounts.google.com","domainame":"accounts.google.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.239.38.120,ttl=218"]}}} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871614271,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871614271,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5o7hAAEAGESnAqAIQrNkUTKpyAbt9gJSOD\/piSoAYAVdLzQAAAQEICv\/\/N0uRSuAVFgMBAgABAAH8AwNx38g8c64XBkE7jetV3Cdtn9z0vCweKrcHtwdhHbSQ+SAUmDom3MjZPcHpObhTXaYvtFsSBZnsdLd6vfStLts0RQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZE6OgAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClqagABAAAdACBvCWpMIieU6hTvNOrIocRNkNYDiS7EYWL5ZMqbRo33UAAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871614271,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871614271,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871614271,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871614271,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871623035,"flow_dst_last_pkt_time":1582454871623035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871623035,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871623035,"flow_dst_last_pkt_time":1582454871623035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871623035,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871627484,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871627484,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7lAAEAGEy3AqAIQrNkUTKpyAbt9gJaTD\/piSoARAVcWUwAAAQEICv\/\/N06RSuAV"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871623035,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871636179,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871641192,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871641192,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871627484,"flow_dst_last_pkt_time":1582454871657677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871657677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871627484,"flow_dst_last_pkt_time":1582454871657677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871657677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871671535,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5E0tAAEAGY1TAqAIQ2O8meIDqAbtXpCQFBCFopIAYAVf46AAAAQEICv\/\/N1mpXP8lFgMBAgABAAH8AwOnqdAL3NdvDJFQu00MJRohbBr\/QjZxpgAY\/BGSZ5WHGyAH\/0kdSaWWl14l1kSxYkKqhEzX\/PL9dJ3FIy4nXY+zSwAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClKSgABAAAdACAb6mJErdFzNWCA7OLn3TVZSxKHowP8hLIwdOOd3\/6PSQAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAKamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871671535,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871671535,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871676950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871676950,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871676950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454871676950,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871676950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871676950,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"check.googlezip.net","domainame":"check.googlezip.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871677331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454871677331,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="} 01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871677331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454871677331,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"check.googlezip.net","domainame":"check.googlezip.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["173.194.79.114,ttl=259"]}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871684801,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871684801,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0YMIAAHYGIeLY7yZ4wKgCEAG7gOoEIWikV6QmCoAQAPBmhwAAAQEICqlc\/1b\/\/zdZ"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871702687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871702687,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871702687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871702687,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871741833,"flow_src_last_pkt_time":1582454871741833,"flow_dst_last_pkt_time":1582454871741833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871741833,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871741833,"flow_dst_last_pkt_time":1582454871741833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871741833,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871745826,"flow_dst_last_pkt_time":1582454871745826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871745826,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -310,7 +310,7 @@ 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871814833,"flow_dst_last_pkt_time":1582454871814833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871814833,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871814833,"flow_dst_last_pkt_time":1582454871814833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871814833,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="} 00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871818736,"flow_dst_last_pkt_time":1582454871784790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1582454871818736,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdbVpAAEAGDFTAqAIQrcJPco\/wAFDXL1o0C99s2YAYAVd53gAAAQEICv\/\/N37Q72G\/R0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871818736,"flow_dst_last_pkt_time":1582454871784790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871818736,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net","domainame":"check.googlezip.net","http": {"url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36","detected_os":"Android 9"}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871818736,"flow_dst_last_pkt_time":1582454871784790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871818736,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net","domainame":"check.googlezip.net","http": {"url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36","detected_os":"Android 9"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871823866,"flow_src_last_pkt_time":1582454871823866,"flow_dst_last_pkt_time":1582454871823866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871823866,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871823866,"flow_dst_last_pkt_time":1582454871823866,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454871823866,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871823866,"flow_src_last_pkt_time":1582454871823866,"flow_dst_last_pkt_time":1582454871823866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871823866,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -333,31 +333,31 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871829800,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871867294,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871873337,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871873337,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"} 01346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871848736,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":660,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":660,"pkt_l4_len":626,"thread_ts_usec":1582454871879681,"pkt":"xiwDYGpkTGr2n\/YnCABFAAKGCFNAAEAGqsPAqAIQrNkVysroAbtCYT8toOwsPoAYAVfGNQAAAQEICv\/\/N43vemfUFgMBAk0BAAJJAwNrXT7L+PJep4B\/dk8AB+uJB9Pwzmj4f8u29vBYTRHG4CDv0sgDEuW0ydkkTNHJWYUIu7zui1THvKT7nSHdEo4WbQAiysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAd6qqgAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKcrKAAEAAB0AIA7SNmfcO9z5Fk8eILAkK8oUeEYOBFCgnNeuFUKzBOEGAC0AAgEBACsACwpKSgMEAwMDAgMBABsAAwIAAvr6AAEAACkBDQDoAOIBlHTCUkrnq2qUV7Uc6bRUrJdD\/LtOX9saWvlSIiAibjKIU0wHw9yQxl9yfCDql2xDdrNsm7zbF6\/OGNfdahzYSr6RfqSfTZGLDMZZfk1MJbPFSKnzYvS6jOEo3TW7x+9BZ4+3KDyjSvE5m\/8l2XSPqIu13oiFGgsmpE4gdERCudtURq0Ogikb8MlcSRimaW6Jyuzxd70fGrtNyd8LfqifFc1h2FkIDgK11FO2C2BHwFuqglbOegGmZKZuntDRxgQqNPVB57xYszkl2XDvW62m55mBMYgOxxISmOX9JOYaN4l\/oAeAdwAhICV8acJGk5urIeyURl35qfHipUs4BWNlBpXTDG5xEgou"} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871848736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871879681,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_13c35ee53a8e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871848736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871879681,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_13c35ee53a8e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871853794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871880409,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5wi1AAEAGtHHAqAIQ2O8meID2AbsYfvWpTGBDc4AYAVfJZAAAAQEICv\/\/N43Dx9w1FgMBAgABAAH8AwOizyXUznqR2zg8twjqz4c\/1LcXNiJz8Xl8G8QuY+oU9yAcL+vdmf\/YPEco\/YkV+JSTvE9P1MbaTiaPYiMm3qSYcAAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApWloAAQAAHQAg3dtD4+BEPVHHfNtYISH7IY66a0OPmtM6OXNpxMB89XwALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACKioAAQAAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871853794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871880409,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871853794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871880409,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871881494,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871881494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871881494,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871881494,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1582454871881494,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} 01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871881494,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871881494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871881494,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android.googleapis.com","domainame":"android.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871890562,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5SmxAAEAGanXAqAIQrNkUTKp+Abul3n3r43AruoAYAVdhvAAAAQEICv\/\/N5Dp2ZEZFgMBAgABAAH8AwNXABRh0bUwv02\/tcLYJb8tWNqjNMehgKwAQKR+V6qhpSB5nowSHXSTk06sjSwrAIShPUtbUgvH7+EkOPJ+Q5cJZAAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZHKygAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBLZwILTiy6lRDHwjubzrib1KyQtw7d5xCTjiQBUnoNPgAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871890562,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871890562,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871894669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871894669,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0AIIAAHUGgyLY7yZ4wKgCEAG7gPZMYENzGH73roAQAPC5RwAAAQEICsPH3F7\/\/zeN"} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871906464,"flow_dst_last_pkt_time":1582454871901421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":819,"flow_dst_tot_l4_payload_len":10828,"midstream":0,"thread_ts_usec":1582454871906464,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":48486.5,"max":404574,"stddev":104241.1,"var":10866214912.0,"ent":3.0,"data": [13673,15022,32725,47474,16568,3,34518,282,386517,404574,19668,197623,221096,19209,15019,27735,41804,1657,22,36,1002,1575,133,18,9,1204,14,1169,2703,19,10]},"pktlen": {"min":52,"avg":416.5,"max":1470,"stddev":552.7,"var":305506.2,"ent":3.9,"data": [60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52]},"bins": {"c_to_s": [13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0],"entropies": [4.671797276,5.277319908,5.092563152,5.518131256,5.077241421,7.236341000,7.433474064,5.131024837,5.131024837,6.086913109,7.119209766,4.962661266,7.515064716,4.947339535,5.439514160,5.038779736,7.633175850,5.015639782,7.866302967,7.846067905,7.867026806,7.835390091,5.092563152,7.847195148,7.413039684,5.580356598,5.054101467,5.092563152,5.054101467,5.092563152,5.015639782,4.977178097]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871911317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871911317,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871911317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871911317,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871913560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871913560,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ogoAAHYGHV6s2RXKwKgCEAG7yuig7Cw+QmFBf4AQAPBDpgAAAQEICu96aBT\/\/zeN"} -01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871913572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1582454871913572,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1615h2_46e7e9700bed_13c35ee53a8e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871913572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1582454871913572,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","domainame":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1615h2_46e7e9700bed_13c35ee53a8e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871920611,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1582454871920611,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="} 01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871881494,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871920611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1582454871920611,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android.googleapis.com","domainame":"android.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.22.10,ttl=279"]}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871928396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871928396,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0++4AAHUGxfes2RRMwKgCEAG7qn7jcCu6pd5\/8IAQAPBd+wAAAQEICunZkVb\/\/zeQ"} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871933947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871933947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871933947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871933947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454871947536,"flow_dst_last_pkt_time":1582454871947536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871947536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871947536,"flow_dst_last_pkt_time":1582454871947536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871947536,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871947536,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871972438,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871974035,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871974035,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454872014369,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5i1VAAEAGJ87AqAIQrNkWCq1WAbtFj7zP7b1+\/4AYAVeASwAAAQEICv\/\/N6+7R9gEFgMBAgABAAH8AwMkp2qM\/0db0DeLmsnG5Et9Elmp4AHL6ZUbDww1dSGLViDedzf23GKLBGTQ\/F9lciqAnLFBg\/D1SaN73F0X8icbJwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAbABkAABZhbmRyb2lkLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBdVAAAAAzACYAJAAdACB+eKFCipAuqOQg5XnASQ8WeZbYj9YMN6X04Jt8S8pzfAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01398{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872014369,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","domainame":"android.googleapis.com","tls": {"version":"TLSv1.2","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","ja4":"t13d171200_5b57614c22b0_931b75671d98","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872014369,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","domainame":"android.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d171200_5b57614c22b0_931b75671d98","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1582454872015952,"flow_dst_last_pkt_time":1582454871781183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454872015952,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5Fo1AAEAGnlbAqAIQrNkUSs0iAbsOnCHi4lFSVIAYAVerwAAAAQEICv\/\/N68TCsRqFgMBAgABAAH8AwNz1LPSLb66vIVVbsJEbO8rYoUzZ7GYYLjTyvNVKkYlfSDBTSmXKzrioGGWwSCGVWAYIYzoWG\/0EeuQQ9g0J6ik9QAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzZW1hbnRpY2xvY2F0aW9uLXBhLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAABAABQADAmgyAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIMPUFJ0SGA7J26IrfYJXpc5MBLMHrRFiHqhzJJp5bVBqAC0AAgEBACsACQgDBAMDAwIDAQAVAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871741833,"flow_src_last_pkt_time":1582454872015952,"flow_dst_last_pkt_time":1582454871781183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872015952,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"semanticlocation-pa.googleapis.com","domainame":"semanticlocation-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","ja4":"t13d1712h0_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871741833,"flow_src_last_pkt_time":1582454872015952,"flow_dst_last_pkt_time":1582454871781183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872015952,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"semanticlocation-pa.googleapis.com","domainame":"semanticlocation-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1712h0_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872021787,"flow_src_last_pkt_time":1582454872021787,"flow_dst_last_pkt_time":1582454872021787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872021787,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1582454872021787,"flow_dst_last_pkt_time":1582454872021787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454872021787,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872021787,"flow_src_last_pkt_time":1582454872021787,"flow_dst_last_pkt_time":1582454872021787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872021787,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"proxy.googlezip.net","domainame":"proxy.googlezip.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -366,7 +366,7 @@ 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872031849,"flow_src_last_pkt_time":1582454872031849,"flow_dst_last_pkt_time":1582454872031849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872031849,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1582454872031849,"flow_dst_last_pkt_time":1582454872031849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454872031849,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454872038562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454872038562,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0OQUAAHYGhiOs2RYKwKgCEAG7rVbtvX7\/RY++1IAQAPAEwQAAAQEICrtH2Eb\/\/zev"} -01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454872047699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","domainame":"android.googleapis.com","tls": {"version":"TLSv1.3","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171200_5b57614c22b0_931b75671d98","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01402{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454872047699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","domainame":"android.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171200_5b57614c22b0_931b75671d98","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1582454784313816,"flow_src_last_pkt_time":1582454866536260,"flow_dst_last_pkt_time":1582454784313816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454865802211,"flow_src_last_pkt_time":1582454866026255,"flow_dst_last_pkt_time":1582454865802211,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454865794321,"flow_src_last_pkt_time":1582454865794321,"flow_dst_last_pkt_time":1582454865794321,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -429,11 +429,11 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454866448783,"flow_src_last_pkt_time":1582454868606764,"flow_dst_last_pkt_time":1582454866448783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454825629044,"flow_src_last_pkt_time":1582454825629044,"flow_dst_last_pkt_time":1582454825629044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871823866,"flow_src_last_pkt_time":1582454871823866,"flow_dst_last_pkt_time":1582454871824351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"proxy.googlezip.net"}} -01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1582454871094545,"flow_src_last_pkt_time":1582454871395482,"flow_dst_last_pkt_time":1582454871393426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":458,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":916,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net"}} -01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871859316,"flow_dst_last_pkt_time":1582454871858341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":458,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":458,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net"}} +01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1582454871094545,"flow_src_last_pkt_time":1582454871395482,"flow_dst_last_pkt_time":1582454871393426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":458,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":916,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871859316,"flow_dst_last_pkt_time":1582454871858341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":458,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":458,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net"}} 00969{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1582454871772041,"flow_src_last_pkt_time":1582454871808693,"flow_dst_last_pkt_time":1582454871807544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1582454871772041,"flow_src_last_pkt_time":1582454871808693,"flow_dst_last_pkt_time":1582454871807544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":500,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":44,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":436,"global_ts_usec":1582454872047699} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":500,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":44,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":436,"global_ts_usec":1582454872047699} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/475 ~~ skipped flows.............: 0 @@ -442,10 +442,10 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7436025 bytes -~~ total memory freed........: 7436025 bytes -~~ total allocations/frees...: 115630/115630 +~~ total memory allocated....: 8013621 bytes +~~ total memory freed........: 8013621 bytes +~~ total allocations/frees...: 127362/127362 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars -~~ json message max len.......: 2725 chars -~~ json message avg len.......: 1635 chars +~~ json message max len.......: 2684 chars +~~ json message avg len.......: 1615 chars diff --git a/test/results/default/anyconnect-vpn.pcap.out b/test/results/default/anyconnect-vpn.pcap.out index 141d9fdce..1f8fcb22d 100644 --- a/test/results/default/anyconnect-vpn.pcap.out +++ b/test/results/default/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569687240992580} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569687240992580} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687240992580,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687240992580,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687241009657,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} @@ -50,10 +50,10 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569687245379692,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569687245420271,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569687245420351,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245420351,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1569687245420749,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95WAbsTaDYgM80W6oAY\/\/+4KQAAAQEIChwNeqI\/+VnGFgMBAKIBAACeAwM+zYdRpoPn9yYDnCChCBgRRxI\/vte+Xuq+CHHW0pF46gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245420749,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245420749,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245467901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245467901,"pkt":"NDY7z3UoLH6BsEqhCABFAAA01g8AAPcGdFEIJWZbCgAA4wG73lYzzRbqE2g2x4AQgADXxAAAAQEICj\/5WfQcDXqi"} -01558{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245469088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245469088,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1","blocks":0}}} -01944{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245509743,"flow_dst_last_pkt_time":1569687245547931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5737,"midstream":0,"thread_ts_usec":1569687245547931,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} +01517{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245469088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245469088,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1","blocks":0}}} +01903{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245509743,"flow_dst_last_pkt_time":1569687245547931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5737,"midstream":0,"thread_ts_usec":1569687245547931,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1569687245576189,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -67,10 +67,10 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1569687245688240,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569687245727730,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1569687245727790,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245727790,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1569687245728221,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95XAbsu53n0bMwKR4AY\/\/+TfQAAAQEIChwNe8w\/+Vr5FgMBAKIBAACeAwOyKS4PH48MEPNrcANjNvEKq9DZdlehvPjBqsUvxif81gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245728221,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245728221,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245771463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245771463,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0q70AAPcGnqMIJWZbCgAA4wG73ldszApHLud6m4AQgABJugAAAQEICj\/5WyQcDXvM"} -01558{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245772680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245772680,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1","blocks":0}}} -01944{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245813667,"flow_dst_last_pkt_time":1569687245851826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5792,"midstream":0,"thread_ts_usec":1569687245851826,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} +01517{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245772680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245772680,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1","blocks":0}}} +01903{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245813667,"flow_dst_last_pkt_time":1569687245851826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5792,"midstream":0,"thread_ts_usec":1569687245851826,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d2204ht_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} 02479{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687246009851,"flow_dst_last_pkt_time":1569687246009730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6050,"flow_dst_tot_l4_payload_len":7973,"midstream":0,"thread_ts_usec":1569687246009851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20745.2,"max":71520,"stddev":21568.3,"var":465190496.0,"ent":4.0,"data": [39490,39550,431,43733,1217,44517,40926,4,40928,1,38216,8,38254,1,33217,1,0,71520,5,38273,6102,35094,41225,217,42300,2869,5,1,44938,0,58]},"pktlen": {"min":52,"avg":490.7,"max":1500,"stddev":597.2,"var":356597.6,"ent":4.0,"data": [64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0],"entropies": [4.277806282,5.056655407,4.776611805,5.499976635,4.815073490,7.340889931,4.829590321,7.117477894,7.208638191,4.868052006,4.829590321,7.407335281,5.918903828,4.829590321,4.829590321,6.806384563,7.188310623,7.472460270,4.685171604,4.791129112,7.602285385,4.714205265,6.163617611,4.752666950,7.823616028,4.868052006,7.252848148,7.725178242,5.773176193,4.906513691,4.829590321,4.829590321]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1569687246096558,"flow_dst_last_pkt_time":1569687241064503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569687246096558,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8wWwAAAgQFtAEDAwUBAQgKHA19NQAAAAAEAgAA"} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569687246426088,"flow_dst_last_pkt_time":1569687241425059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1569687246426088,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKSqauVqJ4AYEABWlgAAAQEIChwNfn0AIdVKFwMDAGltB4Q9ZE7MwMLqA\/qW5WJXb0PHNtCROrUMkJHw\/OP719Jk7orSFs9TCm756O7SILnP3vnstuJ4xPfpszSDO6LW4XcEaWDlp33D\/dMihM\/bvEZuYHMlrzKnK9TylV815IAQKWsax0+Dp+A="} @@ -134,9 +134,9 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1569687256018732,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569687256050128,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1569687256050218,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687256050218,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569687256050357,"pkt":"LH6BsEqhNDY7z3UoCABFAAI5AABAAEAGp+oKAADjY1YinN5YAbvhhxKHOgIvCYAYEBXjtQAAAQEIChwNo+1VvxWbFgMBAgABAAH8AwP2lJ2Zoyt+6aEF0xJ\/aUe6evUZainhAnYJBIQSx1\/tWSCNfN3\/DfWLQ8HungFwV0GCEYkIdCKU0GMUI0bm8cDscgAcmprAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZfKygAA\/wEAAQAAAAAOAAwAAAlzbGFjay5jb20AFwAAACMAsP2UHl3lVE0zaDd6PBof23w+FD8mx8e3Phvd1tTaMrFhi9+Td+e1NJsUbpbP9uRq3tuE3zRBdy5hybNsk8MXE51kvVMK0eOntSrDahuD42sFCkzVH\/S0PgpsSfI8A+giwf+frrZktkI4KRg3hCDL3AxOeo+p2XlfkQM+Sl1864masTeQczQS\/W7RtMRlmXf4940V2idU49yugeM67ej0Z92wy18bTBX2me+5KJfbuIBfAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAiamgAdABcAGAAbAAMCAAKamgABAAAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687256050357,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256050128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687256050357,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256092301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687256092301,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0OpdAAO4GwVdjViKcCgAA4wG73lg6Ai8J4YcUjIAQAHZ65gAAAQEIClW\/FZ8cDaPt"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256093242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1569687256093242,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687256018732,"flow_src_last_pkt_time":1569687256050357,"flow_dst_last_pkt_time":1569687256093242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1569687256093242,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","proto_id":"91.118","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"slack.com","domainame":"slack.com","tls": {"version":"TLSv1.2","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1313h2_8b80da21ef18_e48c60694ef0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1569687259269679,"flow_dst_last_pkt_time":1569687246981850,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1569687259269679,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569687259270105,"flow_dst_last_pkt_time":1569687246982027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_usec":1569687259270105,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1569687259297056,"flow_dst_last_pkt_time":1569687247192802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1569687259297056,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="} @@ -159,9 +159,9 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1569687260591875,"flow_dst_last_pkt_time":1569687260620412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569687260620412,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1569687260620471,"flow_dst_last_pkt_time":1569687260620412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687260620471,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1569687260620743,"flow_dst_last_pkt_time":1569687260620412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1569687260620743,"pkt":"LH6BsEqhNDY7z3UoCABFAADIAABAAEAGxmYKAADjCCVgwt5ZEL8UzEFpFmR7PIAYEAijywAAAQEIChwNta14pr9kFgMBAI8BAACLAwMD1fZJLnU2wbbg4p6uNb1F++uvR9\/ndJiHrNU+USXu3wAADsAwwCjAFMAJwBMAMwD\/AQAAVAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAg=="} -01503{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687260591875,"flow_src_last_pkt_time":1569687260620743,"flow_dst_last_pkt_time":1569687260620412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687260620743,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","ja4":"t12d070500_c20ebc0cf62a_ed727256b201","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687260591875,"flow_src_last_pkt_time":1569687260620743,"flow_dst_last_pkt_time":1569687260620412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687260620743,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d070500_c20ebc0cf62a_ed727256b201","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1569687260620743,"flow_dst_last_pkt_time":1569687260655570,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687260655570,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0E\/NAAPEGAgcIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAQBDAdWQAAAQEICnimv4YcDbWt"} -01878{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687260591875,"flow_src_last_pkt_time":1569687260620743,"flow_dst_last_pkt_time":1569687260667151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1308,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1308,"midstream":0,"thread_ts_usec":1569687260667151,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","ja4":"t12d070500_c20ebc0cf62a_ed727256b201","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E","blocks":0}}} +01837{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687260591875,"flow_src_last_pkt_time":1569687260620743,"flow_dst_last_pkt_time":1569687260667151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1308,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1308,"midstream":0,"thread_ts_usec":1569687260667151,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","ja4":"t12d070500_c20ebc0cf62a_ed727256b201","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260751472,"flow_src_last_pkt_time":1569687260751472,"flow_dst_last_pkt_time":1569687260751472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687260751472,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1569687260751472,"flow_dst_last_pkt_time":1569687260751472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1569687260751472,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="} 01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687260751472,"flow_src_last_pkt_time":1569687260751472,"flow_dst_last_pkt_time":1569687260751472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687260751472,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","domainame":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}} @@ -208,10 +208,10 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1569687267035097,"flow_dst_last_pkt_time":1569687267077459,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569687267077459,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1569687267077535,"flow_dst_last_pkt_time":1569687267077459,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687267077535,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1569687267079534,"flow_dst_last_pkt_time":1569687267077459,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1569687267079534,"pkt":"LH6BsEqhNDY7z3UoCABFAADMAABAAEAGwMkKAADjCCVmW95hAbsGNnxNzhMA9oAY\/\/8upgAAAQEIChwNzp0\/+a5OFgMBAJMBAACPAwPfZ7WFHXaroFdgiVVapTjr1SY5uqwiS6qMuNeoYJyORwAALMAwwCzAKMAkAJ8AawA5AJ0APQA1wC\/AK8AnwCMAngBnADMAnAA8AC8ACgD\/AQAAOgALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01385{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267079534,"flow_dst_last_pkt_time":1569687267077459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687267079534,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","ja4":"t12d220300_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267079534,"flow_dst_last_pkt_time":1569687267077459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687267079534,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220300_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1569687267079534,"flow_dst_last_pkt_time":1569687267124375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687267124375,"pkt":"NDY7z3UoLH6BsEqhCABFAAA09J0AAPcGVcMIJWZbCgAA4wG73mHOEwD2BjZ85YAQgABx9gAAAQEICj\/5rn0cDc6d"} -01539{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267079534,"flow_dst_last_pkt_time":1569687267125585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687267125585,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d220300_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01925{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267166003,"flow_dst_last_pkt_time":1569687267203156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":5792,"midstream":0,"thread_ts_usec":1569687267203156,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d220300_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} +01498{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267079534,"flow_dst_last_pkt_time":1569687267125585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687267125585,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d220300_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267166003,"flow_dst_last_pkt_time":1569687267203156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":5792,"midstream":0,"thread_ts_usec":1569687267203156,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","ja4":"t12d220300_95b9206a23eb_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA","blocks":0}}} 02487{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687267393587,"flow_dst_last_pkt_time":1569687267393508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1471,"flow_dst_tot_l4_payload_len":13402,"midstream":0,"thread_ts_usec":1569687267393587,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":23125.8,"max":138032,"stddev":32185.7,"var":1035917504.0,"ent":3.6,"data": [42362,42438,1999,46916,1210,46124,40336,4,40344,1,37231,6,37243,1,97159,138032,40854,1159,43270,9027,4,1,1,0,9,1,1,51168,0,0,0]},"pktlen": {"min":52,"avg":517.3,"max":1500,"stddev":619.3,"var":383541.0,"ent":4.0,"data": [64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52]},"bins": {"c_to_s": [12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0],"entropies": [4.215306282,4.950672150,4.700937271,5.452831745,4.700937271,7.337546349,4.738150120,7.112461567,7.211231709,4.791128635,4.791128635,7.407482147,5.922111034,4.791128635,4.829590321,7.350569248,6.160544395,4.791128635,7.794639587,4.868052006,7.862796307,6.916011810,7.871273518,6.899218082,7.872875214,6.733156681,7.846444607,6.809710979,4.829590321,4.767184258,4.829590321,4.829590321]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687267453127,"flow_src_last_pkt_time":1569687267453127,"flow_dst_last_pkt_time":1569687267453127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687267453127,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1569687267453127,"flow_dst_last_pkt_time":1569687267453127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687267453127,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"} @@ -454,7 +454,7 @@ 01251{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1569687269562299,"flow_src_last_pkt_time":1569687273580713,"flow_dst_last_pkt_time":1569687273580632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":1330,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"10.0.0.151"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476020,"flow_src_last_pkt_time":1569687242476020,"flow_dst_last_pkt_time":1569687242476020,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271196,"flow_src_last_pkt_time":1569687242271196,"flow_dst_last_pkt_time":1569687242271196,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":589,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1569687288923007} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":589,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1569687288923007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 589/585 ~~ skipped flows.............: 0 @@ -463,9 +463,9 @@ ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7198068 bytes -~~ total memory freed........: 7198068 bytes -~~ total allocations/frees...: 115565/115565 +~~ total memory allocated....: 7775808 bytes +~~ total memory freed........: 7775808 bytes +~~ total allocations/frees...: 127303/127303 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2661 chars diff --git a/test/results/default/anydesk.pcapng.out b/test/results/default/anydesk.pcapng.out index 6cbca769a..474a55092 100644 --- a/test/results/default/anydesk.pcapng.out +++ b/test/results/default/anydesk.pcapng.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1591342198821353,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -12,12 +12,12 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1591342199201196,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1591342199366001,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1591342199366113,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1591342199366113,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1591342199366725,"pkt":"AFBW5dKtAAwplUdeCABFAAEvCJJAAEAGuN7AqJWBM1Pu26oPAFApppzzaHVkfVAY+vB5egAAFgMBAQIBAAD+AwPH+2RueS0bCFAjOjiKaUYj6rfjOOjwnxNAapJEdabvkAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01503{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591342199366725,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591342199366725,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199367083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1591342199367083,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1YAAIAGRyEzU+7bwKiVgQBQqg9odWR9Kaad+lAQ+vD9lwAAAAAAAAAA"} -01565{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01906{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} +01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01865{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} 02666{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","domainame":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -35,35 +35,35 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595380477,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595380515,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595380515,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"} 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1613977595380848,"pkt":"KDc3AG3I2MuK4S0uCABFAAEddDVAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AYBAKFzQAAFgMBAPABAADsAwNj3AGBpT3DvXWxFVWt8lyInfOzaE5lLOK0P1RS+v5ukgAAbsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwALwD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01501{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595380848,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595380848,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595380908,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh7SVAQIADEJgAAAAAAAAAA"} -01824{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595391710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613977595391710,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0","blocks":0}}} +01783{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595391710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613977595391710,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ee644a8a34c434abca4b737ec1d9efad","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595407425,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1613977595407425,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595407489,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595407676,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595407676,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1613977595408312,"pkt":"2MuK4S0uKDc3AG3ICABFAAEvAABAAEAGtQvAqAGywKgBu8tHG54tLA3dVf0iy1AYIAC+RgAAFgMBAQIBAAD+AwM5xa94fzbZMZS38bcet4LQXQHW847W4Z2LW\/3GqgPjFAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01501{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595408312,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595408312,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"} -01921{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E","blocks":0}}} +01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E","blocks":0}}} 02668{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"} 00942{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1663090549180495,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAFVb6hAAEAGlWzAqAGAw7WusLyEAbsbAqep\/y9LZoAYAfYShgAAAQEICjj2GdeczD4KFgMBARwBAAEYAwPezn7TVz\/Q\/8BnfJIGEA0lTFPiRL5wdTC0FDXR7VNhOwAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAbwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAEAAWABQTYW55ZGVzay82LjIuMC9saW51eA=="} -01555{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} +01514{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549197307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549197307,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA08UVAADYGHvDDta6wwKgBgAG7vIT\/L0tmGwKoyoAQAftF2wAAAQEICpzMPhw49hnX"} -01617{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549200737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} -01820{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549200825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1663090549200825,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","advertised_alpns":"anydesk\/6.2.0\/linux","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} +01576{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549200737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} +01779{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549200825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1663090549200825,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","advertised_alpns":"anydesk\/6.2.0\/linux","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} 02545{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090558034917,"flow_dst_last_pkt_time":1663090558365585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5817,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1663090558365585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":583127.8,"max":8444631,"stddev":2063627.1,"var":4258557067264.0,"ent":1.5,"data": [17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993]},"pktlen": {"min":52,"avg":328.9,"max":1500,"stddev":495.5,"var":245485.5,"ent":3.8,"data": [60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145]},"bins": {"c_to_s": [8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0],"s_to_c": [7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1],"entropies": [4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com"}} 01566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595964011,"flow_dst_last_pkt_time":1613977595963376,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com"}} 01471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977602672535,"flow_dst_last_pkt_time":1613977601741457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6286,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 174/174 ~~ skipped flows.............: 0 @@ -72,9 +72,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6985013 bytes -~~ total memory freed........: 6985013 bytes -~~ total allocations/frees...: 114423/114423 +~~ total memory allocated....: 7562651 bytes +~~ total memory freed........: 7562651 bytes +~~ total allocations/frees...: 126156/126156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2673 chars diff --git a/test/results/default/atg.pcap.out b/test/results/default/atg.pcap.out index cb3b7b02d..88a4a28ef 100644 --- a/test/results/default/atg.pcap.out +++ b/test/results/default/atg.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1724035927044639} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1724035927044639} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724035927044639,"flow_src_last_pkt_time":1724035927044639,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1724035927044639,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3134,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1724035927044639,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1724035927044639,"pkt":"pBo6bOx4PPARV9wcCABFEAA9xhlAAD8Ghp3AqABpFGwZdww+JxH+LfN006nznIAYAfW5IAAAAQEICvNemRIMUKjxAUkyMDEwMA0K"} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1724035927044639,"flow_src_last_pkt_time":1724035927044639,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1724035927044639,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3134,"dst_port":10001,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ATG","proto_id":"423","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -16,7 +16,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1724035949357629,"flow_dst_last_pkt_time":1724035949782780,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1724035949782780,"pkt":"PPARV9wcpBo6bOx4CABFSAA0ym5AACkGmBkUbBl3wKgAaScRDEzmrckFPsnvp4AQAf0oYQAAAQEICgxlW+nzXvA7"} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1724035927044639,"flow_src_last_pkt_time":1724036001624144,"flow_dst_last_pkt_time":1724035927044639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1724036097435398,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3134,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ATG","proto_id":"423","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":8,"flow_first_seen":1724035939680812,"flow_src_last_pkt_time":1724036097435398,"flow_dst_last_pkt_time":1724036097435071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":443,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":768,"midstream":0,"thread_ts_usec":1724036097435398,"l3_proto":"ip4","src_ip":"192.168.0.105","dst_ip":"20.108.25.119","src_port":3148,"dst_port":10001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ATG","proto_id":"423","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":914,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1724036097435398} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/atg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":914,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1724036097435398} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915012 bytes -~~ total memory freed........: 6915012 bytes -~~ total allocations/frees...: 114182/114182 +~~ total memory allocated....: 7492608 bytes +~~ total memory freed........: 7492608 bytes +~~ total allocations/frees...: 125913/125913 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/avast.pcap.out b/test/results/default/avast.pcap.out index 297f6a28c..4b02e0e97 100644 --- a/test/results/default/avast.pcap.out +++ b/test/results/default/avast.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655043322443000} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655043322443000} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043322443000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0JKZAAH8G2LbAqAJkBT42HftlAFDFZGAiAAAAAIAC+vBUewAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655043322469000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ+2UJYJxaxWRgI3ASBbS5AQAAAgQFrAEDAwI="} @@ -7,8 +7,8 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655043322473000,"pkt":"eJS0JASgYDjgxTWgCABFAACIJKhAAH8G2GDAqAJkBT42HftlAFDFZGAjCWCcW1AYAgRIXAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322499000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043322499000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6BxAADcGXUwFPjYdwKgCZABQ+2UJYJxbxWRgg1AQAW3opgAAAAAAAAAA"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655044071816000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655048600873000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655044071816000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655048600873000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655048600873000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0K+lAAH8G0lvAqAJkBT41Nfy9AFA6S0u1AAAAAIAC+vDzkQAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655048600897000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/L3TPGfsOktLtnASBbTCqQAAAgQFrAEDAwI="} @@ -16,8 +16,8 @@ 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655048600901000,"pkt":"eJS0JASgYDjgxTWgCABFAACIK+tAAH8G0gXAqAJkBT41Nfy9AFA6S0u20zxn7VAYAgRSBAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600901000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655048600926000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoaUhAADcG3QgFPjU1wKgCZABQ\/L3TPGftOktMFlAQAW3yTgAAAAAAAAAA"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1655049392908000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655053076804000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1655049392908000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655053076804000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076804000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053076804000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0LApAAH8G0jrAqAJkBT41Nf2HAFDeGR0wAAAAAIAC+vB9fgAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655053076831000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/Yfi7KGu3hkdMXASBbQDJAAAAgQFrAEDAwI="} @@ -26,9 +26,9 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076836000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076863000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655053076863000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+2lAADcGSucFPjU1wKgCZABQ\/Yfi7KGv3hkdkVAQAW0yyQAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655044071816000,"flow_dst_last_pkt_time":1655044071842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655053076921000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1655053790549000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1655054462572000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1655072558567000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1655053790549000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1655054462572000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1655072558567000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655072558567000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655072558567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SOJAAH8GtD7AqAJkBT42WeKuAFDHdiAUAAAAAIAC+vCq8gAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558593000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655072558593000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQ4q5sq8EMx3YgFXASBbSHewAAAgQFrAEDAwI="} @@ -38,8 +38,8 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655072558598000,"flow_dst_last_pkt_time":1655072558624000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655072558624000,"pkt":"YDjgxTWgeJS0JASgCABFAAAof7ZAADcGxXYFPjZZwKgCZABQ4q5sq8ENx3YgdVAQAW23IAAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655049392908000,"flow_dst_last_pkt_time":1655049392932000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655054462572000,"flow_dst_last_pkt_time":1655054462599000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655073305718000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657055010698000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655073305718000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1657055010698000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010698000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657055010698000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0aRtAAH8GlSnAqAJkBT41NcJeAFAUkygfAAAAAIAC+vB3PwAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657055010725000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQwl7SZ2G3FJMoIHASBbRNYQAAAgQFrAEDAwI="} @@ -48,9 +48,9 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010734000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657055010762000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCZAADcGqioFPjU1wKgCZABQwl7SZ2G4FJMogFAQAW19BgAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655073554764000,"flow_dst_last_pkt_time":1655073554790000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657055010934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1657055653080000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657056295590000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657203798816000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1657055653080000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657056295590000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1657203798816000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657203798816000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ngdAAH8GXxnAqAJkBT42WcF8AFBgG1unAAAAAIAC+vD37AAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657203798842000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQwXwE4IZnYBtbqHASBbR25gAAAgQFrAEDAwI="} @@ -59,8 +59,8 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798845000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798871000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657203798871000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6YhAADcGW6QFPjZZwKgCZABQwXwE4IZoYBtcCFAQAW2miwAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657056295590000,"flow_dst_last_pkt_time":1657056295616000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657203798932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657204596088000} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1657475015947000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657204596088000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1657475015947000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475015947000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657475015947000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0NRdAAH8GyEXAqAJkBT42HeQsAFCc4xvZAAAAAIAC+vDYfgAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015975000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657475015975000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ5CxO2JJPnOMb2nASBbQBmAAAAgQFrAEDAwI="} @@ -76,9 +76,9 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1657475603758000,"pkt":"eJS0JASgYDjgxTWgCABFAACINWNAAH8Gx2nAqAJkBT42WdSFAFBlBx5gDIVhMlAYAgRUGwAATk9TQQBgAQEAAAMB8zwJGkJSRRQAAAAABYiCpXRH+WmBnnTxsTaTNZqejhNMSUMUljUok9KFl0dRXc72tHtQFwKSnYJAcpIFTFVOEALhpIIAlg+MdKN9FpVUWsmF\/QhQ"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475603758000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657475603758000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoYdxAADcG41AFPjZZwKgCZABQ1IUMhWEyZQcewFAQAW3pbwAAAAAAAAAA"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":110,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1657475721074000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":110,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1657475721074000} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475203218000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657475735090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1657612856239000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1657612856239000} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856239000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657612856239000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DwdAAH8G7lXAqAJkBT42HeF\/AFBeZJgBAAAAAIAC+vCdggAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657612856269000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ4X\/x2q1EXmSYAnASBbQIpAAAAgQFrAEDAwI="} @@ -87,8 +87,8 @@ 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856321000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657612856321000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo9wtAADcGTl0FPjYdwKgCZABQ4X\/x2q1FXmSYYlAQAW04SQAAAAAAAAAA"} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475749106000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657612856413000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1657613496559000} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657715755306000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1657613496559000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657715755306000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657715755306000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657715755306000,"pkt":"eJS0JASgYDjgxTWgCABFAAA07PtAAH8GEPvAqAJkBT41g\/UVAFBENDSQAAAAAIAC+vAIKAAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755336000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657715755336000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRfsFPjWDwKgCZABQ9RVBYkV5RDQ0kXASBbSLjQAAAgQFrAEDAwI="} @@ -98,7 +98,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657715755343000,"flow_dst_last_pkt_time":1657715755373000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657715755373000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+DZAADcGTcwFPjWDwKgCZABQ9RVBYkV6RDQ08VAQAW27MgAAAAAAAAAA"} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657613709852000,"flow_dst_last_pkt_time":1657613709881000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657715755532000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657716324963000,"flow_dst_last_pkt_time":1657716324992000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1657716324992000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1657716324992000} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1657716324992000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -107,9 +107,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6953881 bytes -~~ total memory freed........: 6953881 bytes -~~ total allocations/frees...: 114398/114398 +~~ total memory allocated....: 7531477 bytes +~~ total memory freed........: 7531477 bytes +~~ total allocations/frees...: 126129/126129 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/avast_securedns.pcapng.out b/test/results/default/avast_securedns.pcapng.out index 38a190dd4..b08213da9 100644 --- a/test/results/default/avast_securedns.pcapng.out +++ b/test/results/default/avast_securedns.pcapng.out @@ -1,10 +1,10 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625215624443704} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625215624443704} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625215624443704,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624563615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625215624563615,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625241699450886} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625241699450886} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241699450886,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -18,7 +18,7 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241714666452,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241714666452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625241714787539,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1625320207133036} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1625320207133036} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625320207133036,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241701462154,"flow_src_last_pkt_time":1625241701462154,"flow_dst_last_pkt_time":1625241701583055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699572209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1625321673727184} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1625321673727184} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625321673727184,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -41,7 +41,7 @@ 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625321675403948,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207252515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320209063685,"flow_src_last_pkt_time":1625320209063685,"flow_dst_last_pkt_time":1625320209184034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1625395217252548} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1625395217252548} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625395217252548,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -52,7 +52,7 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625395217373676,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673848204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321675283046,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1625401091063741} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1625401091063741} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625401091063741,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -63,14 +63,14 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625401093443763,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217373676,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1625413810414650} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1625413810414650} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625413810414650,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810531155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625413810531155,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091190472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401093323098,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1625477697370410} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1625477697370410} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477697370410,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -92,7 +92,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477739836341,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477739836341,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477739836341,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739952878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625477739952878,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1625482316411404} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1625482316411404} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482316411404,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -137,7 +137,7 @@ 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482318517463,"flow_src_last_pkt_time":1625482318517463,"flow_dst_last_pkt_time":1625482318634061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482396199376,"flow_src_last_pkt_time":1625482396199376,"flow_dst_last_pkt_time":1625482396320234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316532446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":140,"global_ts_usec":1625482998213179} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":140,"global_ts_usec":1625482998213179} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482998213179,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -168,7 +168,7 @@ 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1625483073457882,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625483073457882,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449914,"flow_src_last_pkt_time":1625483010449914,"flow_dst_last_pkt_time":1625483010570990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":171,"global_ts_usec":1625511643408589} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":171,"global_ts_usec":1625511643408589} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625511643408589,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -182,7 +182,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449914,"flow_src_last_pkt_time":1625483010449914,"flow_dst_last_pkt_time":1625483010570990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073336987,"flow_src_last_pkt_time":1625483073336987,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":185,"global_ts_usec":1625556065479179} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":185,"global_ts_usec":1625556065479179} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556065479179,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -200,7 +200,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556102196787,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556102196787,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556102196787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102314591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625556102314591,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1625558730271025} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1625558730271025} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625558730271025,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -215,7 +215,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730389235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556100118860,"flow_src_last_pkt_time":1625556100118860,"flow_dst_last_pkt_time":1625556100236729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":218,"global_ts_usec":1625558735164269} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":218,"global_ts_usec":1625558735164269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7000286 bytes -~~ total memory freed........: 7000286 bytes -~~ total allocations/frees...: 114632/114632 +~~ total memory allocated....: 7577882 bytes +~~ total memory freed........: 7577882 bytes +~~ total allocations/frees...: 126363/126363 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 993 chars diff --git a/test/results/default/bacnet.pcap.out b/test/results/default/bacnet.pcap.out index ab00ef392..f98e44feb 100644 --- a/test/results/default/bacnet.pcap.out +++ b/test/results/default/bacnet.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268949991615} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268949991615} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680268949991615,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPMR\/YxBMRRiWpNF28\/yusAAGQAAgQoAEQEEAAWpDAwCP\/\/\/GUsA"} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -14,24 +14,24 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680269481013331,"pkt":"bpHurUgdPJTVQTiBCABFAAAt1DEAAPMRTUFAPsWmWpNF1Y84usAAGQAAgQoAEQEEAAXcDAwCP\/\/\/GUsA"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1680270793239173} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1680270793239173} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680270793239173,"pkt":"AAwp30Y4PJTVQTiBCABFAAAt1DEAAPoRbRbG6xgnWpNF0tU7usAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269473899742,"flow_src_last_pkt_time":1680269473899742,"flow_dst_last_pkt_time":1680269473899742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.26","dst_ip":"90.147.69.221","src_port":36992,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271991867802} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271991867802} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680271991867802,"pkt":"ipffLU2SPJTVQTiBCABFCAAtP98AACQRhKSnXopvWpNF1GmhusAAGe\/YgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680273941879740} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680273941879740} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680273941879740,"pkt":"moT+\/Ph8PJTVQTiBCABFAAAt\/WwAACcR1cyijn2MWpNF2flsusAAGXG7gQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1680278570937544} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1680278570937544} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278570937544,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPoRbQfG6xgtWpNF28rSusAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -40,7 +40,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278735577357,"pkt":"bs1PogZtPJTVQTiBCABFAAAt7PQAACcR5kqijn2EWpNF23RWusAAGfbXgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278735577357,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"162.142.125.132","dst_ip":"90.147.69.219","src_port":29782,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1681133167315255} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1681133167315255} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1681133167315255,"pkt":"AQIDBAUGABorPE1eCABFAAAoq9VAAEARkffMrLH\/zKyxn7rAusAAFPoNgQsADAEg\/\/8A\/xAI"} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -54,7 +54,7 @@ 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133274409641,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133274409641,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133345185904,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133345185904,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133388520203,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133388520203,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1681133388520203} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1681133388520203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929700 bytes -~~ total memory freed........: 6929700 bytes -~~ total allocations/frees...: 114259/114259 +~~ total memory allocated....: 7507296 bytes +~~ total memory freed........: 7507296 bytes +~~ total allocations/frees...: 125990/125990 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/bad-dns-traffic.pcap.out b/test/results/default/bad-dns-traffic.pcap.out index 92ea2590a..dd7c864e5 100644 --- a/test/results/default/bad-dns-traffic.pcap.out +++ b/test/results/default/bad-dns-traffic.pcap.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1486012623234684} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1486012623234684} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012623234684,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","domainame":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr": []}}} @@ -36,7 +36,7 @@ 01406{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012727434811,"flow_dst_last_pkt_time":1486012727540477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":43062,"flow_dst_tot_l4_payload_len":37153,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org"}} 01399{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org"}} 01398{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012733574897,"flow_dst_last_pkt_time":1486012733669835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":632,"flow_dst_tot_l4_payload_len":863,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":382,"packets-processed":382,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1486012733669835} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":382,"packets-processed":382,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1486012733669835} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 382/382 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923888 bytes -~~ total memory freed........: 6923888 bytes -~~ total allocations/frees...: 114552/114552 +~~ total memory allocated....: 7501484 bytes +~~ total memory freed........: 7501484 bytes +~~ total allocations/frees...: 126283/126283 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2689 chars diff --git a/test/results/default/badpackets.pcap.out b/test/results/default/badpackets.pcap.out index d6a648f43..c59f78158 100644 --- a/test/results/default/badpackets.pcap.out +++ b/test/results/default/badpackets.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495451029466717} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495451029466717} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451029466717,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_usec":1495451029466717} 00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451030401327,"packet_id":2,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451030401327} @@ -122,7 +122,7 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1495451632004127} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":1495451632004127} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451632004127,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_usec":1495451632004127} 01151{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636457182,"packet_id":61,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451636457182} @@ -191,7 +191,7 @@ 00949{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451915752227,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451915752227} 00664{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":93,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":194,"global_ts_usec":1495451915752227} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":93,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":194,"global_ts_usec":1495451915752227} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/0 ~~ skipped flows.............: 0 @@ -200,9 +200,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 320 chars ~~ json message max len.......: 2335 chars diff --git a/test/results/default/beckhoff_ads.pcapng.out b/test/results/default/beckhoff_ads.pcapng.out index 6be7c29d8..0f5bf6ab2 100644 --- a/test/results/default/beckhoff_ads.pcapng.out +++ b/test/results/default/beckhoff_ads.pcapng.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464342183296235} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464342183296235} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1464342183296235,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1464342183296235,"pkt":"AAEFDXVguK7tfhtMCABFAAAwApZAAIAGAADAqAFjwKgBCMAxvwIE4+LLAAAAAHAC\/\/+D3gAAAgQFtAEBBAI="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1464342183296582,"pkt":"uK7tfhtMAAEFDXVgCABFAAAwACFAAIAGduvAqAEIwKgBY78CwDEAX9wABOPizHASgyw44wAAAgQFtAEBBAI="} @@ -9,7 +9,7 @@ 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1464342183297046,"flow_dst_last_pkt_time":1464342183297751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1464342183297751,"pkt":"uK7tfhtMAAEFDXVgCABFAABWACJAAIAGdsTAqAEIwKgBY78CwDEAX9wBBOPi8lAYgwbOTgAAAAAoAAAAwKgBYwEBA4AFDXVgAQEQJwQABQAIAAAAAAAAAAUAAAAAAAAABQACAA=="} 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342209208136,"flow_dst_last_pkt_time":1464342209208822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1464342209208822,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":347,"avg":1671757.6,"max":25812409,"stddev":6313651.0,"var":39862191259648.0,"ent":1.1,"data": [347,423,388,1169,198854,25613267,25812409,3967,3716,23996,23596,50986,50986,3994,4006,2129,2480,1881,1867,1982,1982,1999,1993,2000,1998,2015,2016,2024,2026,1996,1996]},"pktlen": {"min":40,"avg":100.4,"max":318,"stddev":47.8,"var":2284.8,"ent":4.9,"data": [48,48,40,78,86,40,90,90,90,318,118,86,78,86,82,82,118,86,136,87,133,86,134,87,135,86,134,87,136,87,134,86]},"bins": {"c_to_s": [3,5,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,13,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.102187157,4.537780762,4.334184647,4.058208466,4.054616928,4.453056335,3.858134031,3.871968746,3.874475002,3.622990608,3.363279343,3.975625038,4.113958359,4.077686787,3.958570004,4.088738441,3.346330643,4.026189327,4.928956985,4.066451550,4.906247616,4.092061996,4.933094978,4.057775021,4.965210915,4.115317822,4.918169498,4.066451550,4.982229233,4.089439869,4.933094501,4.147351265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BeckhoffADS","proto_id":"365","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342209589146,"flow_dst_last_pkt_time":1464342209589545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":708,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":1934,"midstream":0,"thread_ts_usec":1464342209589545,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BeckhoffADS","proto_id":"365","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1464342209589545} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1464342209589545} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909088 bytes -~~ total memory freed........: 6909088 bytes -~~ total allocations/frees...: 114188/114188 +~~ total memory allocated....: 7486684 bytes +~~ total memory freed........: 7486684 bytes +~~ total allocations/frees...: 125919/125919 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2196 chars diff --git a/test/results/default/bets.pcapng.out b/test/results/default/bets.pcapng.out index 12fe7c35a..c4efe8ffc 100644 --- a/test/results/default/bets.pcapng.out +++ b/test/results/default/bets.pcapng.out @@ -1,16 +1,16 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1693252376328241} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1693252376328241} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376328241,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1693252376328241,"pkt":"RQAAQAAAQABABvsXwKgKAg3gZxbqwwG7A+7xFgAAAACwAv\/\/lHwAAAIEBWQBAwMGAQEICjEzUHgAAAAABAIAAA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1693252376373304,"pkt":"RQAAPAAAQAD1BkYbDeBnFsCoCgIBu+rDfMJDrwPu8RegEv\/\/nUwAAAIEBaAEAggKSjv9NzEzUHgBAwMJ"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1693252376373327,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1693252376373327,"pkt":"RQAANAAAQABABvsjwKgKAg3gZxbqwwG7A+7xF3zCQ7CAEAgEw9UAAAEBCAoxM1ClSjv9Nw=="} 00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":380,"pkt_l4_len":360,"thread_ts_usec":1693252376374043,"pkt":"RQABfAAAQABABvnbwKgKAg3gZxbqwwG7A+7xF3zCQ7CAGAgEHo0AAAEBCAoxM1ClSjv9NxYDAQFDAQABPwMDwABk4guyTxhZCw+GLxoVbHFTKe0wXKQIKjfXpYO0MBQgaRcSNkWDHUwKFQ\/xX0r86c\/n28v92ZnIHyKw4WCLfcYAYhMDEwITAcypzKjMqsAwwCzAKMAkwBTACgCfAGsAOf+FAMQAiACBAJ0APQA1AMAAhMAvwCvAJ8AjwBPACQCeAGcAMwC+AEUAnAA8AC8AugBBwBHABwAFAATAEsAIABYACgD\/AQAAlAArAAkIAwQDAwMCAwEAMwAmACQAHQAg4K+nU26wL5q0EcrSAPZbMBwmwfa4+K20LRLRPSLNBiMAAAAXABUAABJ3d3cuMTA4NGJldHMxMC5jb20ACwACAQAACgAKAAgAHQAXABgAGQANABgAFggGBgEGAwgFBQEFAwgEBAEEAwIBAgMAEAAOAAwCaDIIaHR0cC8xLjE="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376374043,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.2","ja3":"375c6162a492dfbf2795909110ce8424","ja3s":"","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376374043,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376419072,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1693252376419072,"pkt":"RQAANHFFAAD1BhTeDeBnFsCoCgIBu+rDfMJDsAPu8l+AEACDyeAAAAEBCApKO\/1lMTNQpQ=="} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376420557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1693252376420557,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3":"375c6162a492dfbf2795909110ce8424","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376420557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1693252376420557,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","domainame":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376473051,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516940,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10758.4,"max":46532,"stddev":18210.4,"var":331618016.0,"ent":3.2,"data": [45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747]},"pktlen": {"min":52,"avg":286.8,"max":1420,"stddev":477.2,"var":227739.3,"ent":3.6,"data": [64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1],"entropies": [4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376516972,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516972,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1693252376516972} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1693252376516972} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6947983 bytes -~~ total memory freed........: 6947983 bytes -~~ total allocations/frees...: 114182/114182 +~~ total memory allocated....: 7525579 bytes +~~ total memory freed........: 7525579 bytes +~~ total allocations/frees...: 125913/125913 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2136 chars -~~ json message avg len.......: 1276 chars +~~ json message avg len.......: 1273 chars diff --git a/test/results/default/bfcp.pcapng.out b/test/results/default/bfcp.pcapng.out index 0087124cf..e138fb3a0 100644 --- a/test/results/default/bfcp.pcapng.out +++ b/test/results/default/bfcp.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713871818127285} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713871818127285} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713871818127285,"flow_src_last_pkt_time":1713871818127285,"flow_dst_last_pkt_time":1713871818127285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713871818127285,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44450,"dst_port":5070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1713871818127285,"flow_dst_last_pkt_time":1713871818127285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1713871818127285,"pkt":"AAAAAAAAAAAAAAAACABFAAA8EH1AAEAGLD1\/AAABfwAAAa2iE85rPgW6AAAAAKACggD+MAAAAgT\/1wQCCAq0A9tmAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1713871818127285,"flow_dst_last_pkt_time":1713871818127295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1713871818127295,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARPOraJv3+CFaz4Fu6ASggD+MAAAAgT\/1wQCCAq0A9tmtAPbZgEDAwc="} @@ -7,14 +7,14 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1713871818127317,"flow_dst_last_pkt_time":1713871818127295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1713871818127317,"pkt":"AAAAAAAAAAAAAAAACABFAABAEH9AAEAGLDd\/AAABfwAAAa2iE85rPgW7b9\/ghoAYAQT+NAAAAQEICrQD22a0A9tmIAMAAQAAAAEAAgUE"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1713871818127317,"flow_dst_last_pkt_time":1713871818127320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713871818127320,"pkt":"AAAAAAAAAAAAAAAACABFAAA0TGNAAEAG8F5\/AAABfwAAARPOraJv3+CGaz4Fx4AQAQT+KAAAAQEICrQD22a0A9tm"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713871818127285,"flow_src_last_pkt_time":1713871818127317,"flow_dst_last_pkt_time":1713871818127410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1713871818127410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44450,"dst_port":5070,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1713872520753854} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1713872520753854} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713872520753854,"flow_src_last_pkt_time":1713872520753854,"flow_dst_last_pkt_time":1713872520753854,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713872520753854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47706,"dst_port":5070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1713872520753854,"flow_dst_last_pkt_time":1713872520753854,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713872520753854,"pkt":"AAAAAAAAAAAAAAAACABFAAAoQiFAAEAR+qF\/AAABfwAAAbpaE84AFP4nIAMAAQAAAAEAAgUE"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1713872520753854,"flow_dst_last_pkt_time":1713872520753932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713872520753932,"pkt":"AAAAAAAAAAAAAAAACABFAAAoQiJAAEAR+qB\/AAABfwAAARPOuloAFP4nIAQAAQAAAAEAAgUE"} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1713872520753854,"flow_src_last_pkt_time":1713872520753854,"flow_dst_last_pkt_time":1713872520753932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1713872520753932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47706,"dst_port":5070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1713871818127285,"flow_src_last_pkt_time":1713871818127432,"flow_dst_last_pkt_time":1713871818127432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1713872520753932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44450,"dst_port":5070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1713872520753854,"flow_src_last_pkt_time":1713872520753854,"flow_dst_last_pkt_time":1713872520753932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1713872520753932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47706,"dst_port":5070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFCP","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1713872520753932} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/bfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1713872520753932} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912442 bytes -~~ total memory freed........: 6912442 bytes -~~ total allocations/frees...: 114163/114163 +~~ total memory allocated....: 7490038 bytes +~~ total memory freed........: 7490038 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/bfd.pcap.out b/test/results/default/bfd.pcap.out index 3aa01f610..2a8cc6c30 100644 --- a/test/results/default/bfd.pcap.out +++ b/test/results/default/bfd.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1407756994998897} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1407756994998897} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","vlan_id":13,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994998897,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAABAAD\/EWrxmwENAZsBDQPAAA7IACCXvyBAAxgAAAABAAAAAAAPQkAAD0JAAAehIA=="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -23,7 +23,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"vlan_id":13,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1407756995862322} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1407756995862322} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915072 bytes -~~ total memory freed........: 6915072 bytes -~~ total allocations/frees...: 114181/114181 +~~ total memory allocated....: 7492668 bytes +~~ total memory freed........: 7492668 bytes +~~ total allocations/frees...: 125912/125912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/bitcoin.pcap.out b/test/results/default/bitcoin.pcap.out index 2a6f8f3cc..78e0ac5e0 100644 --- a/test/results/default/bitcoin.pcap.out +++ b/test/results/default/bitcoin.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1301327937725033} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1301327937725033} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301327937725033,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -29,7 +29,7 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328473077893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1301328473077893,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328487120277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328487120277,"pkt":"ACNshovhACPrIpS0CABFAABxMvRAAG8GgQJCRFMWwKgBjiCN2Ff1mJ4OLY+1yIAY\/5YyzAAAAQEICgBK7fonMvBH+b602WludgAAAAAAAAAAACUAAAAXvAGWAQEAAAAYqnCtA4JeCfSWUZFYsh6sAyMBtBHVR6Y5dbVZJO1sMQ=="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328526763444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328526763444,"pkt":"ACNshovhACPrIpS0CABFAABxM2VAAG8GgJFCRFMWwKgBjiCN2Ff1mJ5LLY+1yIAY\/5bHMAAAAQEICgBK74cnMvDT+b602WludgAAAAAAAAAAACUAAAAOAWk4AQEAAACmU2ocFfjbk6bwRfCWT0dV1t0G5OkxndgzFqeVZZtzHw=="} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1301328538215424} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1301328538215424} 02266{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301328607711436,"flow_dst_last_pkt_time":1301328616076718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9102,"flow_dst_tot_l4_payload_len":23653,"midstream":1,"thread_ts_usec":1301328616076718,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":8965742.0,"max":134322478,"stddev":25481870.0,"var":649325705166848.0,"ent":2.2,"data": [62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753]},"pktlen": {"min":72,"avg":1075.6,"max":1500,"stddev":630.5,"var":397582.1,"ent":4.7,"data": [157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0],"s_to_c": [1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.314049721,4.516415119,5.159438610,5.621953964,5.629888535,5.436272144,5.232412338,5.492824554,5.047397614,6.620144367,6.645269394,6.641551971,6.624248028,6.652445793,6.650110245,6.173855782,3.519509792,3.418695927,3.522331953,3.473526716,3.458976030,3.461488724,3.521340132,3.498308420,3.439558506,3.445366859,3.488321781,3.470211506,3.484444618,3.500530481,3.521874428,3.458418369]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301328699728375,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301328699728375,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"} @@ -39,7 +39,7 @@ 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328717164944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328717164944,"pkt":"ACNshovhACPrIpS0CABFAABrBgZAAHUGaMTD2hCywKgBjiCN2GjjI7OQQQ13l4AYAQQrZwAAAQEICgAAKOAnMvki+b602WFkZHIAAAAAAAAAAB8AAABr2MyYATqzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/1XJqP0gjQ=="} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328728615715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328728615715,"pkt":"ACNshovhACPrIpS0CABFAABrByNAAHUGZ6fD2hCywKgBjiCN2GjjI7PHQQ13l4AYAQSkaAAAAQEICgAALVknMvnN+b602WFkZHIAAAAAAAAAAB8AAAATXr9rAUCzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/4FhwkwgjQ=="} 02278{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328741904043,"flow_dst_last_pkt_time":1301328743741542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5826,"flow_dst_tot_l4_payload_len":27918,"midstream":1,"thread_ts_usec":1301328743741542,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":2780285.0,"max":41186439,"stddev":7975567.0,"var":63609669419008.0,"ent":2.2,"data": [128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074]},"pktlen": {"min":72,"avg":1106.5,"max":1500,"stddev":621.5,"var":386298.0,"ent":4.7,"data": [157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0],"s_to_c": [1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.383668423,4.444240093,4.982605934,4.668665886,4.713104248,4.762123585,4.780815601,5.560832977,4.996669769,6.587570190,6.648486137,6.600738525,6.599431038,3.406774759,3.373550653,3.345058441,3.338595867,3.355129480,3.392081499,3.337737560,3.285459280,3.329736471,3.341146708,3.315114975,3.270951748,3.318075180,3.308751106,3.279112339,3.298598528,3.384484768,3.426392555,3.339625120]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":387,"packets-processed":386,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":372733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1301329138452825} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":387,"packets-processed":386,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":372733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1301329138452825} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301329304767401,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -47,14 +47,14 @@ 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1301329305005443,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1301329305005443,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1301329309391663,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329309391663,"pkt":"ACPrIpS0ACNshovhCABFAABxpRVAAEAGdYnAqAGOuDqld9i\/II0stRd5NDMFdYAY\/\/\/QMQAAAQEICiczEOgAVd0S+b602WludgAAAAAAAAAAACUAAAAM+O86AQEAAABjYqN6+8l5NV5ILuoyGWmRHhZ4vrImNA17xLD+35pOKQ=="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1301329331545459,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329331545459,"pkt":"ACPrIpS0ACNshovhCABFAABx5FNAAEAGNkvAqAGOuDqld9i\/II0stRe2NDMFdYAY\/\/+YyAAAAQEICiczEcYAVd7J+b602WludgAAAAAAAAAAACUAAACKqR5BAQEAAADko5gKOXTkTY\/EAL+Sv3gEjdoxRRE7Qf9xD2E6EXEwBA=="} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1301329743430837} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1301329743430837} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":29,"flow_first_seen":1301328089970465,"flow_src_last_pkt_time":1301328231627793,"flow_dst_last_pkt_time":1301328234467725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":34585,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":3,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327939000921,"flow_dst_last_pkt_time":1301327938227159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20617,"flow_dst_tot_l4_payload_len":1573,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":3,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329810839993,"flow_dst_last_pkt_time":1301329452712485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1061,"flow_src_tot_l4_payload_len":1498,"flow_dst_tot_l4_payload_len":1186,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":96,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301329809784023,"flow_dst_last_pkt_time":1301329809936278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":40981,"flow_dst_tot_l4_payload_len":64003,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":117,"flow_first_seen":1301328319392147,"flow_src_last_pkt_time":1301329810648952,"flow_dst_last_pkt_time":1301328837883797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":25033,"flow_dst_tot_l4_payload_len":127108,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":72,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301329743430837,"flow_dst_last_pkt_time":1301329807659230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23722,"flow_dst_tot_l4_payload_len":51175,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":529,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":391630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1301329810839993} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":529,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":391630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1301329810839993} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 529/529 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6934854 bytes -~~ total memory freed........: 6934854 bytes -~~ total allocations/frees...: 114721/114721 +~~ total memory allocated....: 7512450 bytes +~~ total memory freed........: 7512450 bytes +~~ total allocations/frees...: 126452/126452 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 2493 chars diff --git a/test/results/default/bittorrent.pcap.out b/test/results/default/bittorrent.pcap.out index 5a338a144..e3bb467f7 100644 --- a/test/results/default/bittorrent.pcap.out +++ b/test/results/default/bittorrent.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}} @@ -161,7 +161,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975265759,"flow_src_last_pkt_time":1455469975265759,"flow_dst_last_pkt_time":1455469975265759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469970233620,"flow_src_last_pkt_time":1455469971153525,"flow_dst_last_pkt_time":1455469970357464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1455469975234548,"flow_src_last_pkt_time":1455469976169825,"flow_dst_last_pkt_time":1455469975379579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":534,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":639,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":299,"packets-processed":299,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7016080 bytes -~~ total memory freed........: 7016080 bytes -~~ total allocations/frees...: 114711/114711 +~~ total memory allocated....: 7594314 bytes +~~ total memory freed........: 7594314 bytes +~~ total allocations/frees...: 126464/126464 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 2398 chars diff --git a/test/results/default/bittorrent_tcp_miss.pcapng.out b/test/results/default/bittorrent_tcp_miss.pcapng.out index a9ea3ddc2..5f4c4c8c3 100644 --- a/test/results/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/default/bittorrent_tcp_miss.pcapng.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673446123917965,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1673446123917965,"pkt":"UlQARf4hvGGTecRkCABFAAA8AbRAAEAGffTAqHoiskfOAb9bGuH76ArUAAAAAKAC\/\/\/tPAAAAgQFtAQCCAqT2yrZAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123936638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1673446123936638,"pkt":"vGGTecRkUlQARf4hCABFAAA0vJhAAHgGixeyR84BwKh6Ihrhv1taDkQc++gK1YAS\/\/802wAAAgQFoAEDAwgBAQQC"} @@ -9,7 +9,7 @@ 01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124058520,"flow_dst_last_pkt_time":1673446124076131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":424,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":1043,"midstream":0,"thread_ts_usec":1673446124076131,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"0f6b9cd2b7da4de9b6c846203920e3da49cdb795"}}} 02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124132868,"flow_dst_last_pkt_time":1673446124132335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1025,"flow_dst_tot_l4_payload_len":22693,"midstream":0,"thread_ts_usec":1673446124132868,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":13847.5,"max":64959,"stddev":17166.0,"var":294672928.0,"ent":3.8,"data": [18673,26924,29858,64959,29324,33873,54911,20576,19623,21996,21047,6908,279,229,213,159,199,287,569,92,484,33856,18,24514,384,131,356,353,18454,16,8]},"pktlen": {"min":40,"avg":782.2,"max":1480,"stddev":666.4,"var":444053.7,"ent":4.4,"data": [60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40]},"bins": {"c_to_s": [8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0],"entropies": [4.679967880,5.131024837,4.765311718,7.106909752,7.520512581,4.903055668,7.548049450,7.183899879,6.238460064,5.624160767,5.095487118,4.067485332,7.834874630,7.871198177,7.882282257,7.884436607,7.876652241,7.857866764,7.878300190,7.864074230,7.855942726,7.876870155,4.853056431,4.803055763,7.863341808,7.865004539,7.869568825,7.874233246,7.854714394,4.853055954,4.903056145,4.853055954]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124222811,"flow_dst_last_pkt_time":1673446124229821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":90373,"midstream":0,"thread_ts_usec":1673446124229821,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912585 bytes -~~ total memory freed........: 6912585 bytes -~~ total allocations/frees...: 114239/114239 +~~ total memory allocated....: 7490210 bytes +~~ total memory freed........: 7490210 bytes +~~ total allocations/frees...: 125971/125971 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2344 chars diff --git a/test/results/default/bittorrent_utp.pcap.out b/test/results/default/bittorrent_utp.pcap.out index fca2f54d1..40c3a3b53 100644 --- a/test/results/default/bittorrent_utp.pcap.out +++ b/test/results/default/bittorrent_utp.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1456385034843882} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1456385034843882} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1456385034843882,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -10,7 +10,7 @@ 01108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385040274000,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1456385040274157,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1456385040390819,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1456385040390819,"pkt":"xCwDBkn+LFbcjDU0CABFCADuPhxAAHARRg9S83ErwKgBBf3Jn\/8A2oQHAQBTAxDwaHYJ8SkXABAAAOf2ScYTQml0VG9ycmVudCBwcm90b2NvbAAAAAAAGAAFDKTI5\/smo1Sxp6oVuuryYGfGaBEtTFQxMTAwLTFGYTUzMVJ0THV2dwAAAHEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/ff\/+\/\/\/\/v++\/7\/\/f\/f\/\/\/t\/+5gAAAAAEB"} 02372{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385041276103,"flow_dst_last_pkt_time":1456385041181191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":14142,"flow_dst_tot_l4_payload_len":872,"midstream":0,"thread_ts_usec":1456385041276103,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":959,"avg":411920.3,"max":5430275,"stddev":1202360.0,"var":1445669502976.0,"ent":2.4,"data": [4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540]},"pktlen": {"min":48,"avg":497.2,"max":1500,"stddev":600.8,"var":360942.7,"ent":4.0,"data": [132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037]},"bins": {"c_to_s": [3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0],"s_to_c": [11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0],"entropies": [5.803075790,5.866444111,4.474482536,4.231768131,4.447527885,5.267382622,4.667174816,5.259760857,3.872052193,5.423846722,5.259760857,4.750508785,5.806200504,7.847329140,4.531593323,7.839333057,4.619647026,7.837954521,4.582609653,7.820847988,4.619647026,4.109564304,7.831181049,4.693720818,7.634190559,4.693720818,7.787273407,4.892893314,4.750508785,7.761264801,7.781966686,7.702743530]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1704898946338043} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1704898946338043} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704898946338043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1704898946338043,"pkt":"AAAAAAAAAAAAAAAACABFAAAwp8NAALARJPd\/AAABfwAAAcLFgjUAHP4vQQBFZ+1jkpYAAAAAABAAACPGAAA="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704898946338043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -20,7 +20,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1704898949036574,"flow_dst_last_pkt_time":1704898947830917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1704898949036574,"pkt":"AAAAAAAAAAAAAAAACABFAAA1qOdAALARI85\/AAABfwAAAcLFgjUAIf40AQBFaO2Mv60AAACFABAAACPIRWZ0ZXN0Cg=="} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":39,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385044298958,"flow_dst_last_pkt_time":1456385054059812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":34679,"flow_dst_tot_l4_payload_len":3198,"midstream":0,"thread_ts_usec":1704898949036733,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898949036574,"flow_dst_last_pkt_time":1704898949036733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1704898949036733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38006,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1704898949036733} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38006,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1704898949036733} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912689 bytes -~~ total memory freed........: 6912689 bytes -~~ total allocations/frees...: 114241/114241 +~~ total memory allocated....: 7490341 bytes +~~ total memory freed........: 7490341 bytes +~~ total allocations/frees...: 125974/125974 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2377 chars diff --git a/test/results/default/bjnp.pcap.out b/test/results/default/bjnp.pcap.out index 7196d71d6..b6e49b07b 100644 --- a/test/results/default/bjnp.pcap.out +++ b/test/results/default/bjnp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1467725378685790} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1467725378685790} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_usec":1467725378685790,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -40,7 +40,7 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113794,"flow_src_last_pkt_time":1467725384113794,"flow_dst_last_pkt_time":1467725384113794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909788,"flow_src_last_pkt_time":1467725383909788,"flow_dst_last_pkt_time":1467725383909788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705789,"flow_src_last_pkt_time":1467725383705789,"flow_dst_last_pkt_time":1467725383705789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1467725385329792} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1467725385329792} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929323 bytes -~~ total memory freed........: 6929323 bytes -~~ total allocations/frees...: 114246/114246 +~~ total memory allocated....: 7506919 bytes +~~ total memory freed........: 7506919 bytes +~~ total allocations/frees...: 125977/125977 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 970 chars diff --git a/test/results/default/bot.pcap.out b/test/results/default/bot.pcap.out index deb201ac3..84313b870 100644 --- a/test/results/default/bot.pcap.out +++ b/test/results/default/bot.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} @@ -9,7 +9,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} 02295{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} 01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919527 bytes -~~ total memory freed........: 6919527 bytes -~~ total allocations/frees...: 114546/114546 +~~ total memory allocated....: 7497142 bytes +~~ total memory freed........: 7497142 bytes +~~ total allocations/frees...: 126278/126278 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2300 chars diff --git a/test/results/default/bt-dns.pcap.out b/test/results/default/bt-dns.pcap.out index 20e92fa79..486bcf457 100644 --- a/test/results/default/bt-dns.pcap.out +++ b/test/results/default/bt-dns.pcap.out @@ -1,11 +1,11 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00733{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":78726493,"pkt":"UlQAEjUDCAAn5uVZCABFAAA6fBwAAIARpoUKAAIPCgACA+lnADUAJvPGb\/EBAAABAAAAAAAACHV0b3JyZW50A2NvbQAAAQAB"} 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","domainame":"utorrent.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":78730365,"pkt":"CAAn5uVZUlQAEjUCCABFAABKEKAAAEARUfIKAAIDCgACDwA16WcANruUb\/GBgAABAAEAAAAACHV0b3JyZW50A2NvbQAAAQABwAwAAQABAAAC5wAEYo+SBw=="} 01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","domainame":"utorrent.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["98.143.146.7,ttl=743"]}}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com"}} -00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":78730365} +00827{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":78730365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 1083 chars diff --git a/test/results/default/bt-http.pcapng.out b/test/results/default/bt-http.pcapng.out index 31d3c709b..9298af609 100644 --- a/test/results/default/bt-http.pcapng.out +++ b/test/results/default/bt-http.pcapng.out @@ -1,14 +1,14 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631962352376282} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631962352376282} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352376282,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631962352376282,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8rHZAAEAGOofAqAGAsB\/hdrciAFDsRCPNAAAAAKACC2gBUwAAAgQFtAQCCApMENP4AAAAAAEDAwA="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631962352393006,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAsAABAADMG9A2wH+F2wKgBgABQtyLpFLp77EQjzmASRHCYbQAAAgQCGAAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1631962352393045,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631962352393045,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAorHdAAEAGOprAqAGAsB\/hdrciAFDsRCPO6RS6fFAQC2jllgAA"} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1631962352393146,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAGarHhAAEAGOSfAqAGAsB\/hdrciAFDsRCPO6RS6fFAYC2j+9gAAR0VUIC9hbm5vdW5jZT9pbmZvX2hhc2g9JWFhN2klYzRTJTBkJWRlJTA2JTI0JTE4cyVkYSVkNCUzYSViNSVjYyVlYyUyYyVlNiUyMiZwZWVyX2lkPS1UUjI5NDAtY2hobzkyYzU2cHVsJnBvcnQ9NTE0MTMmdXBsb2FkZWQ9MCZkb3dubG9hZGVkPTAmbGVmdD0yODIwNTA1NjAmbnVtd2FudD04MCZrZXk9M2I1NTAyY2MmY29tcGFjdD0xJnN1cHBvcnRjcnlwdG89MSZyZXF1aXJlY3J5cHRvPTEmZXZlbnQ9c3RhcnRlZCBIVFRQLzEuMQ0KSG9zdDogdHJhY2tlci50cmFja2VyZml4LmNvbQ0KVXNlci1BZ2VudDogVHJhbnNtaXNzaW9uLzIuOTQNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXA7cT0xLjAsIGRlZmxhdGUsIGlkZW50aXR5DQoNCg=="} -01464{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352393146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com","domainame":"tracker.trackerfix.com","http": {"url":"tracker.trackerfix.com\/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started","code":0,"content_type":"","user_agent":"Transmission\/2.94"}}} +01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352393146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com","domainame":"tracker.trackerfix.com","http": {"url":"tracker.trackerfix.com\/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started","code":0,"content_type":"","user_agent":"Transmission\/2.94"}}} 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_usec":1631962352417837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAF8AABAADMG8r2wH+F2wKgBgABQtyLpFLp87EQlQFAZRHAAXAAASFRUUC8xLjEgMzA3IFRlbXBvcmFyeSBSZWRpcmVjdA0KQ29ubmVjdGlvbjogY2xvc2UNClByYWdtYTogbm8tY2FjaGUNCmNhY2hlLWNvbnRyb2w6IG5vLWNhY2hlDQpMb2NhdGlvbjogL2Fubm91bmNlP2luZm9faGFzaD0lYWE3aSVjNFMlMGQlZGUlMDYlMjQlMThzJWRhJWQ0JTNhJWI1JWNjJWVjJTJjJWU2JTIyJnBlZXJfaWQ9LVRSMjk0MC1jaGhvOTJjNTZwdWwmcG9ydD01MTQxMyZ1cGxvYWRlZD0wJmRvd25sb2FkZWQ9MCZsZWZ0PTI4MjA1MDU2MCZudW13YW50PTgwJmtleT0zYjU1MDJjYyZjb21wYWN0PTEmc3VwcG9ydGNyeXB0bz0xJnJlcXVpcmVjcnlwdG89MSZldmVudD1zdGFydGVkDQoNCg=="} -01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962409934151,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1631962409934151,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631962409934151} +01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962409934151,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1631962409934151,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com"}} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631962409934151} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908685 bytes -~~ total memory freed........: 6908685 bytes -~~ total allocations/frees...: 114168/114168 +~~ total memory allocated....: 7486275 bytes +~~ total memory freed........: 7486275 bytes +~~ total allocations/frees...: 125899/125899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars -~~ json message max len.......: 1469 chars -~~ json message avg len.......: 984 chars +~~ json message max len.......: 1354 chars +~~ json message avg len.......: 929 chars diff --git a/test/results/default/bt_search.pcap.out b/test/results/default/bt_search.pcap.out index 65d689ba4..7ac2ee33b 100644 --- a/test/results/default/bt_search.pcap.out +++ b/test/results/default/bt_search.pcap.out @@ -1,11 +1,11 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430752225251619} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1430752225251619} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752225251619,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752525284866,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752525284866,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1430752525284866} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1430752525284866} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907643 bytes -~~ total memory freed........: 6907643 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485239 bytes +~~ total memory freed........: 7485239 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/c1222.pcapng.out b/test/results/default/c1222.pcapng.out index 9d8db9476..146c29d27 100644 --- a/test/results/default/c1222.pcapng.out +++ b/test/results/default/c1222.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1367373585690512} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1367373585690512} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373585690512,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1367373585690512,"pkt":"ABEiM0RVAAWaPHoACABFAABOA4sAAIARHrcKCQN8CtAACdc0BIEAOgrWYDCiDwYNYHyG91QBFgABAUDOEaYOBgxgfIb3VAEWAAEBQCGoBAICD4m+BygFgQOAASA="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373585690512,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -10,7 +10,7 @@ 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373604761735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1367373604761735,"pkt":"AB87hnijAAxB9XvLCABFAACjBPIAAH8GTzHAqGR8wKgBZQSBBikBodABAMCADYAYFoeRHgAACAoMHiITABbwdwEBYG2iCgYIKwYBBAGChWOkBgIEE+gUIaYRBg8rBgEEAYKFY45\/hfHCTgCoAwIBLKwPog2gC6EJgAEAgQRMl\/SJvi4oLIEqiOaXa+kgYVnM6gzTmUHz8kQJ4pSh+YRjhl6LlsXldgOakOTnD6E4otmY"} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373604761735,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1367373604761735,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373604761735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":111,"midstream":1,"thread_ts_usec":1367373604761735,"l3_proto":"ip4","src_ip":"192.168.1.101","dst_ip":"192.168.100.124","src_port":1577,"dst_port":1153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1367373604761735} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1367373604761735} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910109 bytes -~~ total memory freed........: 6910109 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7487705 bytes +~~ total memory freed........: 7487705 bytes +~~ total allocations/frees...: 125883/125883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/cachefly.pcapng.out b/test/results/default/cachefly.pcapng.out index 531979810..d4bf04bdf 100644 --- a/test/results/default/cachefly.pcapng.out +++ b/test/results/default/cachefly.pcapng.out @@ -1,16 +1,16 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639053996915968} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639053996915968} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053996915968,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639053996915968,"pkt":"AAAAAAAAAAEAzkGkCABFAAA8AABAADgGbggKCgoBwKgAAQG7qvYcGrARC\/df8aASOJAXeAAAAgQFtAQCCAr4WKdZ8aCtGAEDAwk="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1639053997244536,"pkt":"AAAAAAAAAAEAzkGkCABFAAI5KtdAAD8GOjTAqAABCgoKAar2AbsL91\/xHBqwEoAYAECN7gAAAQEICvGgrmz4WKdZFgMBAgABAAH8AwN5I1ozU7xInxtJozbyruWCcUxU4dIiuEr772yEdl+IjiA8lzzThjK9JFGzvzmsOf5jh+xiqEIzY+\/b\/bu2q\/rhKgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAAABcAFQAAEmFwcHR2LmNhY2hlZmx5Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgnPDvY\/VXlPM6JRGRsi41pgbweEr23XZr7mS8KeaUbX0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACRGkABQADAmgyiooAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997244536,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997244536,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639053997267392,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639053997267392,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QdAADgGk8QKCgoBwKgAAQG7qvYcGrASC\/dh9oAQAB9MhQAAAQEICvhYqLjxoK5sFgMDAEYCAABCAwMckji4QqFlZ8wxA4wqX71jTFy6Bbx3Tac4JpUf64Yh9QDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDEs8LABLLABLIAAsKMIILBjCCCe6gAwIBAgIME2NTBK0T7j5OXLNwMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1HbG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMTEwMTgyMDIxMDNaFw0yMjExMTkyMDIxMDNaMGgxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzEbMBkGA1UEChMSQ2FjaGVuZXR3b3JrcywgTExDMRcwFQYDVQQDDA4qLmNhY2hlZmx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL\/+fRCDTZEScrfWCMFyaixKeqElAO7ykgeSwfvJjJ0wnRMXDhl9Jl08jKWm\/d3Hktb+0la4oTxnWOXZAHkeMPMd8z5IEjNstMoXVnzzvYTEc4hes6PN3Tko5DyTkpvaiHk24ljRERvEWhRYaw4RnKrT9b+zSwlZOueaejMtqkfNRXDPSR1x3Jl2oQbiXO5T+fqoY+sZN6tOhj6mQW65LLPhC4vk+E4JPhFb1yN\/vHAl5Nki2qqUNydYyxklH4FNUrCnzcInO8MG4k4UvzfLoF5IOdgByO3cVOhvWff2S\/Iy1d3+tC7BZ3FL7Yj\/WhfXV+SI\/dS2PepELisfoFHyq5sCAwEAAaOCB8YwggfCMA4GA1UdDwEB\/wQEAwIFoDCBjgYIKwYBBQUHAQEEgYEwfzBEBggrBgEFBQcwAoY4aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nyc2FvdnNzbGNhMjAxOC5jcnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTgwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMAkGA1UdEwQCMAAwggTYBgNVHREEggTPMIIEy4IOKi5jYWNoZWZseS5uZXSCEGdldC50YXhjeWNsZS5jb22CDWJvb2tzMjR4Ny5jb22CGHNpdGVjbG9zZWQub3ZlcmRyaXZlLmNvbYIRYy5hZHZlbnR1cmVydi5uZXSCFmRvd25sb2FkLmFjb3VzdGljYS5jb22CE2Nkbi5hcnN0ZWNobmljYS5uZXSCEW9jcC5jc2NnbG9iYWwuY29tghRjZG4tdy5nZXR0cmFmZmljLmNvbYIbY2YuY2RuLnBvdW5kc3RvcG9ja2V0LmNvLnVrghVjZi5jZG4uY2FzaG5ldHVzYS5jb22CFmNmLmNkbi5xdWlja3F1aWQuY28udWuCFmRvd25sb2Fkcy5vbmNlbnRlci5jb22CE2NhY2hlLmdyZWVuMTAyMC5jb22CFXNvZnR3YXJlLm9udGhlaHViLmNvbYIQY29kZS5tdXJkb29nLmNvbYIQaW1nLnRyYWRlcHViLmNvbYIUaW1hZ2VzLm92ZXJkcml2ZS5jb22CF3N0YXRpYy5yZWFkeWZsb3dlcnMuY29tghVjZG4ucmljaA=="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267392,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":1348,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267392,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267392,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":1348,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267392,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639053997267483,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639053997267483,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QhAADgGk8MKCgoBwKgAAQG7qvYcGrVWC\/dh9oAQAB8F8gAAAQEICvhYqLjxoK5scmVsZXZhbmNlLmNvbYIacWFzdGF0aWMucmljaHJlbGV2YW5jZS5uZXSCE2NhY2hlLmFnaWxlYml0cy5jb22CFmNhY2hlZmx5LmFsZnJlZGFwcC5jb22CFGRvd25sb2FkLmZvc3NodWIuY29tgiJjZG5jb250ZW50LnNraWxsc29mdGNvbXBsaWFuY2UuY29tgh1jZG5saWJyYXJ5LnF1YWwuc2tpbGxwb3J0LmNvbYIYY2RubGlicmFyeS5za2lsbHBvcnQuY29tghdjZG5saWJyYXJ5LnNraWxscG9ydC5ldYIdY2RubGlicmFyeS1vdGxzLnNraWxscG9ydC5jb22CGHN0LWNkbjAxLm5ldC1wZXJmb3JtLmNvbYITYXNzZXRzLnlhbmR5Y2RuLmNvbYIRY2RuLm5leHRlcm5hbC5jb22CEHd3dy53b3JrY3JlZC5vcmeCE2ltZy5zZWRvcGFya2luZy5jb22CHnd3dy5zdGFuZGFyZHNib29zdGJ1c2luZXNzLm9yZ4IYY2RuLnNwYXJrbGluZ3NvY2lldHkubmV0giBzbWFydHVwZGF0ZTEuY2VudHJhbHBvaW50bm93LmNvbYIPY2RuLmVkZ2V1bm8uY29tghlkb3dubG9hZHMucGRmLXhjaGFuZ2UuY29tghdjYWNoZWZseS5raW5lbWF0aWNzLmNvbYIcY2FjaGVmbHkuZGlzY292ZXJpbnNwaXJlLmNvbYISc3RhdGljLnZvbG90ZWEuY29tgg4qLmNhY2hlZmx5LmNvbYIRKi5wbHVyYWxzaWdodC5jb22CEyouY2RuLm92ZXJkcml2ZS5jb22CFCouY29udGVudHJlc2VydmUuY29tghoqLmxpc3Rlbi5vdmVyZHJpdmVjaGluYS5jboIMKi5vZC1jZG4uY29tghMqLm92ZXJkcml2ZWNoaW5hLmNughgqLnJlYWQub3ZlcmRyaXZlY2hpbmEuY26CDCoucmJ4Y2RuLmNvbYIPKi5ib29rczI0eDcuY29tggoqLmFuc2kub3JnggsqLmxpdmVlLmNvbYIMY2FjaGVmbHkubmV0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBT473\/yzXhnqN5vjySNiPGHAwKz6zAdBgNVHQ4EFgQUwhYB6XyLwfjlGl+\/xIbBGmjgU2kwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB1ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfJUQlDwAAAQDAEYwRAIgVTz\/Ihn7dKTFSpaaPXFuLRyV3Fh0wl4m6GrgaAZe1R8CIDh5v41JTwVEUtdTqc6f2YYAn9MA862+p0xOmNnGZubJAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF8lRCUfAAABAMASDBGAiEAwdgxr8oDQWZmdbco09AgoOBAYw1yEi3lG7pPjti2+X4CIQDvi7yHwjhAvjhReidMC1ly2fWKSKo1FOxlG3aVJ\/IzDwB3AFGjsPX9AXmcVm24N3iPDKR6zBsny\/eeiEKaDf7UiwXlAAABfJUQmzEAAAQDAEgwRgIhAJpDx0eDQ7ddGgzrnLWKFrM21D8n3Qy6SxAE05+J2fBsAiEAsJqi9DU5KXv3u6+Q7Mv\/BXOkwjsZ3NPK0jF5oSJngnswDQYJKoZIhvcNAQELBQADggEBAGEbTFSgOEGHR12nYcvRFm359oEWzHeaF\/08pU9VaZUQvp2Eaw=="} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053997267562,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639053997267562,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QlAADgGk8IKCgoBwKgAAQG7qvYcGrqaC\/dh9oAQAB\/vzwAAAQEICvhYqLjxoK5sqdvCyNy5nJl8pz8yig1\/0ToWo4n9G1+jQBkpHuvmq3mui3JaLfaWEYzTozJ2lSjwdmADNIQmGCVoo94GYNcxHUw+jfmGsG3KkH41Yf7PGpFbZe91rp+mBxc2VnnNt\/WxNR7dl4m8J1f4MhQYldwt9akxZAnON84h2ZASWPhsdS8bH6k8KebX8pwcPYKtvKQUwxNRMSLJJqTTpzIw85wYyhANgqvE838DGLsCL8jxxhy5+0fKuXi4mwFbgmqDattP32RRoTk1s8zPgwN00cv2z\/4ylTPyDqwpuCc8mgAEUjCCBE4wggM2oAMCAQICDQHuXyId\/GI71DM6hVcwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTgxMTIxMDAwMDAwWhcNMjgxMTIxMDAwMDAwWjBQMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEmMCQGA1UEAxMdR2xvYmFsU2lnbiBSU0EgT1YgU1NMIENBIDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnWsnVDBghACPVlw\/rrt1caGtrj1BgE3qBy5fujophlEsmefYEpyr7pNpWu+6gpPB7in9VH0eTYQ1ucVE6JSQIL4zh94nWks+vs6c\/MO213yGu\/vVEF\/3YY9kv04Faa1\/TR7Cs8qs7JHlPH8cu6rkVOnwYTGmztSBZCV4pw2PmLkZbqpSQSQ658PVKoQkvfDRN0LwAxQZVeQbOotAQ8UhD6LlatZVVvTHSGz2GvqHsDRLbLJkkrUfCbwPmenC1cMzNJyyljI7CGDySyS5zbwYQVpNAqqPFUvvlxQXWaWhcBrnuUYnhig5BTZuSkAqJ6RZr7+91vnpGuONHih0cLqdPAgMBAAGjggEpMIIBJTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQU+O9\/8s14Z6jeb48kjYjxhwMCs+swHwYDVR0jBBgwFoAUj\/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCZkMgtX0KK1Atm25gDcxHUiIZSKFOK+63f\/XOOOmcE28NTFHAUCXzD4PjXHJgaosQ+2+kA48pwsvEiMCFW29OteV6BWAttFIA19W9dHeuaRwX\/WY0AsUDakJiWGrpsbX+M9bOA34xkczaWeXlpdOq\/+J4Bj6CVaY3phLrp5dSIONt4O5jQNnspsNJSGJDeUkMArmonyBSehpWs4YAxMH6aJbuLrAQjppkA6PHSJuwPfjuKK5I4Ex2Phs2GUkfmNHxbpAI+imF8InZTWpRTM4a4kqhyr6H5UocfMaX8sIFXL830ztz2JM+n4jSQaJ3+qvGpmhLMm8DGw6ilsCF+3kj2AANjMIIDXzCCAkegAwIBAgILBA=="} -02791{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA","blocks":0}}} +02750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","domainame":"apptv.cachefly.net","tls": {"version":"TLSv1.2","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA","blocks":0}}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639053997267567} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639053997267567} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6957281 bytes -~~ total memory freed........: 6957281 bytes -~~ total allocations/frees...: 114208/114208 +~~ total memory allocated....: 7534877 bytes +~~ total memory freed........: 7534877 bytes +~~ total allocations/frees...: 125939/125939 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars -~~ json message max len.......: 2796 chars -~~ json message avg len.......: 1646 chars +~~ json message max len.......: 2755 chars +~~ json message avg len.......: 1628 chars diff --git a/test/results/default/can.pcap.out b/test/results/default/can.pcap.out index b8f3b14b1..09c852809 100644 --- a/test/results/default/can.pcap.out +++ b/test/results/default/can.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682849329089168} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682849329089168} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849329089168,"pkt":"mgwp30Y4PJTVQTiBCABFAABJTkoAAO4ROSvPhkBZMNzgTo2bLnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} @@ -33,7 +33,7 @@ 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849375322090,"flow_src_last_pkt_time":1682849375322090,"flow_dst_last_pkt_time":1682849375322090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"55.97.32.36","dst_ip":"61.40.63.42","src_port":56551,"dst_port":25353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"103.183.191.240","dst_ip":"73.121.85.123","src_port":46565,"dst_port":63575,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"128.244.36.46","dst_ip":"196.77.109.252","src_port":34952,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1682849417335803} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1682849417335803} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924505 bytes -~~ total memory freed........: 6924505 bytes -~~ total allocations/frees...: 114222/114222 +~~ total memory allocated....: 7502101 bytes +~~ total memory freed........: 7502101 bytes +~~ total allocations/frees...: 125953/125953 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/capwap.pcap.out b/test/results/default/capwap.pcap.out index 6f8407d1f..fdaddabf0 100644 --- a/test/results/default/capwap.pcap.out +++ b/test/results/default/capwap.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1422328949167396} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1422328949167396} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1422328949167396,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,7 +67,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":111,"flow_first_seen":1422329005767224,"flow_src_last_pkt_time":1422329174862523,"flow_dst_last_pkt_time":1422329174862030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1457,"flow_dst_max_l4_payload_len":1457,"flow_src_tot_l4_payload_len":21692,"flow_dst_tot_l4_payload_len":32868,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":3,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329175528388,"flow_dst_last_pkt_time":1422329139638529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":26325,"flow_dst_tot_l4_payload_len":311,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329136181810,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":492,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":422,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1422329175528388} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":422,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":70,"global_ts_usec":1422329175528388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 422/397 ~~ skipped flows.............: 0 @@ -76,9 +76,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928590 bytes -~~ total memory freed........: 6928590 bytes -~~ total allocations/frees...: 114576/114576 +~~ total memory allocated....: 7506186 bytes +~~ total memory freed........: 7506186 bytes +~~ total allocations/frees...: 126307/126307 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 297 chars ~~ json message max len.......: 2258 chars diff --git a/test/results/default/capwap_data.pcapng.out b/test/results/default/capwap_data.pcapng.out index f33fe13a5..065d655c9 100644 --- a/test/results/default/capwap_data.pcapng.out +++ b/test/results/default/capwap_data.pcapng.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517901568789948} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517901568789948} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948} 00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":158,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQCAXoEAgAMIAEUAAIhUOUAA\/hEG9qwyZJusEGRXoTAUfwB0AAAAIAMgAAAAAAS\/IwAAAAAAEQgsAISALStFkFTyAeGymRDzEeruwXYwqqoDAAAACABFAAA8ISJAAEAGPxwKAQNESn2CvLexAbsLIWFuAAAAAKAC\/\/8HGAAAAgQFtAQCCAoAIUBMAAAAAAEDAwg="} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":2,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948} @@ -28,7 +28,7 @@ 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggA0AA\/RE8PKwQZFesMmSbFH+hMABkAAAAEAMA4D0AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZKQABABun7Sn2CvAoBA0QBu7ex0fR0XgshYhuAEABnUOoAAAEBCAqbZQIUACFAVw=="} 00303{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568910933,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568910933} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggBEAA\/RE8O6wQZFesMmSbFH+hMABkAAAAEAMA4D4AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZLQABABun6Sn2CvAoBA0QBu7ex0fR0XgshYhuAEQBnUOkAAAEBCAqbZQIUACFAVw=="} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1517901568910933} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1517901568910933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/0 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 306 chars ~~ json message max len.......: 849 chars diff --git a/test/results/default/cassandra.pcap.out b/test/results/default/cassandra.pcap.out index e61ee6d6d..107e666dd 100644 --- a/test/results/default/cassandra.pcap.out +++ b/test/results/default/cassandra.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1450889498032587} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1450889498032587} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498032587,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032587,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032598,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} @@ -23,7 +23,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1450889498038774,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"198.18.0.2","dst_ip":"198.18.0.3","src_port":37184,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1450889498038774,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":111,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"198.18.0.3","dst_ip":"198.18.0.2","src_port":37892,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1450889498038774} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1450889498038774} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917121 bytes -~~ total memory freed........: 6917121 bytes -~~ total allocations/frees...: 114184/114184 +~~ total memory allocated....: 7494717 bytes +~~ total memory freed........: 7494717 bytes +~~ total allocations/frees...: 125915/125915 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/ceph.pcap.out b/test/results/default/ceph.pcap.out index 21b760e61..b08a433fd 100644 --- a/test/results/default/ceph.pcap.out +++ b/test/results/default/ceph.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444254926293773} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444254926293773} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444254926293773,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444254926293773,"pkt":"ABY+Yk9kABY+ORkpCABFAAA8JRpAAEAG+mYKAAP5CgADQ4rkGoX3CVGxAAAAAKACchAbagAAAgQFtAQCCAoABnSrAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444254926293826,"pkt":"ABY+ORkpABY+Yk9kCABFAAA8AABAAEAGH4EKAANDCgAD+RqFiuSMzekF9wlRsqAScSAbagAAAgQFtAQCCAoABnSrAAZ0qwEDAwc="} @@ -9,7 +9,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1444254926294107,"flow_dst_last_pkt_time":1444254926294066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1444254926294107,"pkt":"ABY+Yk9kABY+ORkpCABFAAA0JRxAAEAG+mwKAAP5CgADQ4rkGoX3CVGyjM3pD4AQAOUbYgAAAQEICgAGdKsABnSr"} 02103{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926296112,"flow_dst_last_pkt_time":1444254926296142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":3467,"flow_src_tot_l4_payload_len":1115,"flow_dst_tot_l4_payload_len":6094,"midstream":0,"thread_ts_usec":1444254926296142,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":151.9,"max":411,"stddev":119.2,"var":14214.2,"ent":4.5,"data": [53,81,240,253,16,84,8,105,31,134,52,139,36,95,126,151,45,237,411,352,352,337,227,33,140,286,44,383,70,131,56]},"pktlen": {"min":52,"avg":277.8,"max":3519,"stddev":606.3,"var":367642.9,"ent":3.6,"data": [60,60,52,61,52,61,52,324,188,85,52,78,61,187,61,675,52,160,207,342,331,529,159,675,147,52,187,169,52,3519,52,147]},"bins": {"c_to_s": [8,1,0,2,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,2,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,1,1,0,1],"entropies": [4.415062904,4.780834198,4.585552692,5.013127804,4.686420441,5.066326618,4.686420441,1.480767250,2.119496346,3.943692684,4.686420441,4.274820805,4.955590725,3.217613459,4.955590248,2.337368011,4.647958755,3.441700935,3.464580774,5.300559044,5.232830048,6.238731384,3.562841177,2.348599672,3.969928980,4.685171604,3.406629562,3.573093653,4.685171604,2.285975933,4.633441925,3.913353920]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Ceph","proto_id":"381","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926392223,"flow_dst_last_pkt_time":1444254926392200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":3467,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":9638,"midstream":0,"thread_ts_usec":1444254926392223,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ceph","proto_id":"381","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444254926392223} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1444254926392223} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908768 bytes -~~ total memory freed........: 6908768 bytes -~~ total allocations/frees...: 114177/114177 +~~ total memory allocated....: 7486364 bytes +~~ total memory freed........: 7486364 bytes +~~ total allocations/frees...: 125908/125908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2108 chars diff --git a/test/results/default/check_mk_new.pcap.out b/test/results/default/check_mk_new.pcap.out index f2660da2b..87dd03c20 100644 --- a/test/results/default/check_mk_new.pcap.out +++ b/test/results/default/check_mk_new.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512031663734797} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512031663734797} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512031663734797,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734797,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734824,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734824,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} @@ -9,7 +9,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1512031663737046,"flow_dst_last_pkt_time":1512031663736952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1512031663737046,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwpAAEAGbhDAqGQWwKhkMuZ2GZzVcug4bqkCXYAQAOVJwAAAAQEICisMa0AWUVye"} 02128{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663748376,"flow_dst_last_pkt_time":1512031663748413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":502,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1376,"midstream":0,"thread_ts_usec":1512031663748413,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":27,"avg":877.3,"max":2128,"stddev":812.2,"var":659616.6,"ent":4.3,"data": [27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119]},"pktlen": {"min":52,"avg":95.5,"max":554,"stddev":116.8,"var":13650.4,"ent":4.4,"data": [60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.777318954,5.266787052,5.116507530,5.382888317,4.972088814,5.429334641,5.063528538,5.369284153,5.025067329,5.119153976,5.025067329,5.200747967,5.025067329,3.834031105,5.063528538,5.200747967,4.972088814,5.439786434,5.116507530,4.356705666,5.078045845,5.383426666,5.078045845,5.414306641,5.078045845,5.456064701,5.116507530,5.341373920,5.010550022,5.388670444,5.116507530,5.245910168]},"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663775626,"flow_dst_last_pkt_time":1512031663775645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":13758,"midstream":0,"thread_ts_usec":1512031663775645,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1512031663775645} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1512031663775645} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910479 bytes -~~ total memory freed........: 6910479 bytes -~~ total allocations/frees...: 114236/114236 +~~ total memory allocated....: 7488075 bytes +~~ total memory freed........: 7488075 bytes +~~ total allocations/frees...: 125967/125967 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2133 chars diff --git a/test/results/default/chrome.pcap.out b/test/results/default/chrome.pcap.out index 99bf237a7..dbb16e7d0 100644 --- a/test/results/default/chrome.pcap.out +++ b/test/results/default/chrome.pcap.out @@ -1,21 +1,21 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620902507870345} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620902507870345} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902507870345,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620902507870345,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620902507899110,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1620902507899217,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902507899217,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1620902507899556,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1620902507899556,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvuJAbsdWbUERLxUu4AYECwCqAAAAQEICjN0klQ6mxVSFgMBAgABAAH8AwPXeqDyUs\/4\/4GpyC7cQmIfjIDYOwMiNhyWri8r2nhJziBwlN\/eL66WXpAzektMXIQLhsqrrKWrh6bikEQBRa52KQAgmpoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTSkoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACA68Y2Vy4YgXwTAo+K4xouQJsapDvYw\/iCmjTHqJSW2SAAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507899556,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902507899556,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507899556,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902507899556,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1620902507899556,"flow_dst_last_pkt_time":1620902507928884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902507928884,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aC5AADQGT\/mSMDoSwKgBsgG7+4lEvFS7HVm3CYAQAfplMwAAAQEICjqbFXAzdJJU"} -01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507899556,"flow_dst_last_pkt_time":1620902507935852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620902507935852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507899556,"flow_dst_last_pkt_time":1620902507935852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620902507935852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902508740717,"flow_src_last_pkt_time":1620902508740717,"flow_dst_last_pkt_time":1620902508740717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902508740717,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1620902508740717,"flow_dst_last_pkt_time":1620902508740717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620902508740717,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1620902508740717,"flow_dst_last_pkt_time":1620902508769205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620902508769205,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1620902508769277,"flow_dst_last_pkt_time":1620902508769205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902508769277,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"} 01402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1620902508769889,"flow_dst_last_pkt_time":1620902508769205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"thread_ts_usec":1620902508769889,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuKAbtgbcSoXmXm24AYECx0PgAAAQEICjN0lak6mxi5FgMBAnYBAAJyAwMCqtk1wgF3mmHFXReI\/INqovtCWlLQ6UL0XjDl9ThBTyBFEoSZoVggbsz2GSx\/2xqlntevPGmCQswE\/y7Vr8pzswAg+voTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJWloAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACATE3e3OFsrXs0GvT5ceuP9pkQHg+4NxHatNUTRuXn\/LQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJKSgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygBngBlIoyGbwAmgLDQpl5tkcwSk5CG+PkofYG3BR++\/05URLCmQGIN0IQZ3wYvZDIPQMaT5XV4vgN\/p08X7Xwm8dAHtBI2fhXt28FHYxsb9XJq+8hOm5sXSXLGO6GylxYnyhIfh\/OF0m2pK20c0EttaG+X3xopJYhysPLovAxdq5OL5GeDqW0fQEgKWN242uqonFBbxnO+qq2JLFeGMuG8av6DBM+Qo\/PTS7rThi4\/wN+hgwtddmcHTtBzYRgMCZEydI\/48AJXj+BvvB0P4qgtNLv2ttlF\/gO+w5v9rup2LAG+TJEsoGQLplU0t0UBXZMYKeRmkAMTBt6WqitMghRGDh1vMPhh2n4xwuiB1UQQlCdhgcI7OwWsmMdWaBHOR6DAlIEwx9R8o="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902508740717,"flow_src_last_pkt_time":1620902508769889,"flow_dst_last_pkt_time":1620902508769205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902508769889,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902508740717,"flow_src_last_pkt_time":1620902508769889,"flow_dst_last_pkt_time":1620902508769205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902508769889,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1620902508769889,"flow_dst_last_pkt_time":1620902508797588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902508797588,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynRAADQG7bKSMDoSwKgBsgG7+4peZebbYG3HI4AQAflffwAAAQEICjqbGNczdJWp"} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902508740717,"flow_src_last_pkt_time":1620902508769889,"flow_dst_last_pkt_time":1620902508800346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620902508800346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902508740717,"flow_src_last_pkt_time":1620902508769889,"flow_dst_last_pkt_time":1620902508800346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620902508800346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902509272814,"flow_src_last_pkt_time":1620902509272814,"flow_dst_last_pkt_time":1620902509272814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509272814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1620902509272814,"flow_dst_last_pkt_time":1620902509272814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620902509272814,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509273191,"flow_dst_last_pkt_time":1620902509273191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509273191,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -33,28 +33,28 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1620902509276446,"flow_dst_last_pkt_time":1620902509303215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620902509303215,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1620902509303263,"flow_dst_last_pkt_time":1620902509303215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902509303263,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"} 01400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1620902509303389,"flow_dst_last_pkt_time":1620902509302469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"thread_ts_usec":1620902509303389,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuZAbt3hYKvdV9ieoAYECw9qQAAAQEICjN0l5Q6mxrNFgMBAnYBAAJyAwMbONTKSobWCChLaoCmtvCx9\/pcgkTaqzrbkutJyPLiiiAasQqGVnwXQsOOo5jRZ6QYT1CK7uD5XdKRBJ7yUd1W1QAgCgoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJamoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACCMB4Sr5kZOgAN0tULVonTgn5Nij3DsLDlo2DGvxFS3UQAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJaWgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygCWLE0kui4sgtM1uL6vzp2XjKj7qFF1cVEZiZ8DNfAhnNOKGWmDqAezjvAmwhBr0lj+CkITL1PZY+KIE92UEd83VIlba64swaeetUJem3b6DiVZr+sG6v5nO24w5Fq5jNooCYgea\/kSCyAgKJw9zXAJkF+ALbg2UnYNwTrdv8UPPYWK\/\/FZxs47otAScGMYES95F\/UddJx40v3LL\/2MTqfWFWQPciC8dXh3pVmMH0FgERSOK5xDJguySwBxpXYyQEhLfajyKuuk1x0FpqqqHVJ9noGsOyOGkaLXVVsVSRGH\/pEJvYOGNaqccYbo8GZWI7U8\/S3MAMTC1t7pqBopyN+bNR3r+6YjgqI8u99b\/DXkSmTFHlni2n471uDYr96gynKaHq24YiaE="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509303389,"flow_dst_last_pkt_time":1620902509302469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509303389,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509303389,"flow_dst_last_pkt_time":1620902509302469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509303389,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1620902509303683,"flow_dst_last_pkt_time":1620902509302592,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"thread_ts_usec":1620902509303683,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuYAbvjd2YTCUDCdYAYECx0YQAAAQEICjN0l5Q6mxrLFgMBAnYBAAJyAwMQHmJhlHeScT7a9egK2SjOzyaNKX\/ov\/FX5TftMs8zmCCfkPb+1ZsEYNNrxkVe5BM24z4mIR25BtkXl0BC4xubrQAgSkoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJSkoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBHHmvJqS0E6b1sf\/QNMqQwNI+sBMgqNEguKyS9wQXAKwAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJaWgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygD\/1Ed8AhagbFDO4w9YNA2cr3sFrEQ9Slid5TZVf2ljtvHdasUip2wOHkRhUjqWumvMshtAJmTDjAZ+n4aciI2iElpX+sae8N6RFewPghBeuv+gvEaLKOqScM\/qhAMP+UjLorSsDoaMAZ40hGjqSRu7qFHq+SxJ2eZsZ4xm5quGG\/cLYpXLjWAIttRHSotpAwv2wFae6ujdlZejhNSfP5lI0b3xZ+2LWmU\/E5doQrJa\/voNJ70V\/d\/M6psU+c4L9ACb94Vf\/p\/Mo+CIkORvg6qwDPWUhGqnoTtz9mIPpXylHEcA96JXtyeO1rrBJSBG4U48diqoAMTCrJK8S79Vkr05s70NDyBq5vnuFSQ573cgHwcs9lkE2t8U8BogXT3+gejSZgS\/IG2s="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509272814,"flow_src_last_pkt_time":1620902509303683,"flow_dst_last_pkt_time":1620902509302592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509303683,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509272814,"flow_src_last_pkt_time":1620902509303683,"flow_dst_last_pkt_time":1620902509302592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509303683,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1620902509304055,"flow_dst_last_pkt_time":1620902509302720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1620902509304055,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvuaAbt39JnGf4gLD4AYECxAQAAAAQEICjN0l5Q6mxrMFgMBAgABAAH8AwMCpM4ap6FxMcuum4k0rFOx6HKELsU74ZewAm9NNFHrHCDl5mYK5NyKLhR+6cYFEa62hVKl7RtVXWgVBX69oQSHcgAgKioTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTGhoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAI2toAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACna2gABAAAdACDVdDEDWQarcksPiULXEPcvgATD\/InPdHmyFksU9j0rLgAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDKqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509304055,"flow_dst_last_pkt_time":1620902509302720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509304055,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509304055,"flow_dst_last_pkt_time":1620902509302720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509304055,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1620902509304589,"flow_dst_last_pkt_time":1620902509303215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1620902509304589,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvubAbvm4fjFIdXz4YAYECz+5wAAAQEICjN0l5U6mxrPFgMBAgABAAH8AwPu4vpXPVJNlXrjnZXiqHfet\/5isXgiQo8YmHFRC+jacCCRSxgXbR061vVKAt5s22lo06L3Jln\/c9UF2p0z2Uc8+AAguroTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTGhoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC7JB7a1tLwPRdP883wFtQgfEydREFgd5BZJX4R7xYdSAAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509304589,"flow_dst_last_pkt_time":1620902509303215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509304589,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509304589,"flow_dst_last_pkt_time":1620902509303215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902509304589,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1620902509304589,"flow_dst_last_pkt_time":1620902509331464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902509331464,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmJAADQGXcWSMDoSwKgBsgG7+5sh1fPh5uH6yoAQAfrQ2gAAAQEICjqbGuwzdJeV"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1620902509303389,"flow_dst_last_pkt_time":1620902509331480,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902509331480,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ro1AADQGCZqSMDoSwKgBsgG7+5l1X2J6d4WFKoAQAfnzuAAAAQEICjqbGuwzdJeU"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1620902509304055,"flow_dst_last_pkt_time":1620902509332600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902509332600,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0neJAADQGGkWSMDoSwKgBsgG7+5p\/iAsPd\/Sby4AQAfop6gAAAQEICjqbGuszdJeU"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1620902509303683,"flow_dst_last_pkt_time":1620902509332619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620902509332619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NpVAADQGgZKSMDoSwKgBsgG7+5gJQMJ143dojoAQAfmwiAAAAQEICjqbGuszdJeU"} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509303389,"flow_dst_last_pkt_time":1620902509333977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620902509333977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509272814,"flow_src_last_pkt_time":1620902509303683,"flow_dst_last_pkt_time":1620902509335101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620902509335101,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509304589,"flow_dst_last_pkt_time":1620902509338226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620902509338226,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509304055,"flow_dst_last_pkt_time":1620902509342220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620902509342220,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509303389,"flow_dst_last_pkt_time":1620902509333977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620902509333977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509272814,"flow_src_last_pkt_time":1620902509303683,"flow_dst_last_pkt_time":1620902509335101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":635,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620902509335101,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1516h2_8daaf6152771_9b887d9acb53","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509304589,"flow_dst_last_pkt_time":1620902509338226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620902509338226,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509304055,"flow_dst_last_pkt_time":1620902509342220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620902509342220,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507979128,"flow_dst_last_pkt_time":1620902508608100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":750,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":7072,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":14,"flow_first_seen":1620902508740717,"flow_src_last_pkt_time":1620902509301244,"flow_dst_last_pkt_time":1620902509301477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":717,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":12083,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1620902509272814,"flow_src_last_pkt_time":1620902509335714,"flow_dst_last_pkt_time":1620902509367123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":563,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":15,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509367004,"flow_dst_last_pkt_time":1620902509367096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":13523,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509373854,"flow_dst_last_pkt_time":1620902509373839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":14272,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509367151,"flow_dst_last_pkt_time":1620902509367101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620902509373854} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620902509373854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7187732 bytes -~~ total memory freed........: 7187732 bytes -~~ total allocations/frees...: 114384/114384 +~~ total memory allocated....: 7765328 bytes +~~ total memory freed........: 7765328 bytes +~~ total allocations/frees...: 126115/126115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1409 chars diff --git a/test/results/default/cip_io.pcap.out b/test/results/default/cip_io.pcap.out index 29deb1119..15b221a15 100644 --- a/test/results/default/cip_io.pcap.out +++ b/test/results/default/cip_io.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706518964090521} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706518964090521} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706518964090521,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1706518964090521,"pkt":"9FQzmBs\/5JBpqywUCABFvAA6y+gAAA8RU07AqAU+wKgFMgiuCK4AJp64AgACgAgAeHs6AOjLXgSxAAwAAwD9\/\/\/\/\/\/\/\/\/wAA"} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706518964090521,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CIP","proto_id":"393","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -7,7 +7,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964093700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1706518964100530,"pkt":"9FQzmBs\/5JBpqywUCABFvAA6y+kAAA8RU03AqAU+wKgFMgiuCK4AJp24AgACgAgAeHs6AOnLXgSxAAwAAwD9\/\/\/\/\/\/\/\/\/wAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964103687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1706518964103687,"pkt":"5JBpqywU9FQzmBs\/CABFvAA+cu4AAEARe0TAqAUywKgFPgiuCK4AKmkbAgACgAgA67SRdlXMXgSxABAA++QBAAAA\/f\/\/\/\/\/\/\/\/8AAA=="} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964103687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1706518964103687,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CIP","proto_id":"393","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1706518964103687} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1706518964103687} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907729 bytes -~~ total memory freed........: 6907729 bytes -~~ total allocations/frees...: 114141/114141 +~~ total memory allocated....: 7485325 bytes +~~ total memory freed........: 7485325 bytes +~~ total allocations/frees...: 125872/125872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 970 chars diff --git a/test/results/default/citrix.pcap.out b/test/results/default/citrix.pcap.out index ed3a73470..92ee7eede 100644 --- a/test/results/default/citrix.pcap.out +++ b/test/results/default/citrix.pcap.out @@ -1,4 +1,4 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":0,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":2099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":2099,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="} @@ -8,7 +8,7 @@ 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":8200,"flow_dst_last_pkt_time":8192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":26,"thread_ts_usec":8200,"pkt":"4F+5aekiABUXp3WjCABFAAAurYUAAIAGYjYVAAAIFgAAB7CpBdYP1me5D9ZxbFAYgABLowAAf39JQ0EA5qZLtQ=="} 02051{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":0,"flow_src_last_pkt_time":72692,"flow_dst_last_pkt_time":72684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":343,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1670,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":72692,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":4689.5,"max":56256,"stddev":12448.2,"var":154958800.0,"ent":2.6,"data": [2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114]},"pktlen": {"min":50,"avg":100.3,"max":387,"stddev":63.6,"var":4041.6,"ent":4.8,"data": [50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50]},"bins": {"c_to_s": [5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0],"entropies": [4.094119072,4.506643772,4.039021015,4.568367004,4.528367043,4.245353222,5.186970711,4.576177120,4.820792675,4.800546169,4.260721207,4.770667076,4.545018196,3.338554859,4.081573486,4.165511131,4.056994915,4.437763214,4.102537632,4.181773186,4.332800388,4.481823921,4.388646603,4.394422054,4.212355614,4.095830441,4.246722221,4.279045105,4.048637390,4.188758850,4.256690979,4.322698593]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00927{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":25,"flow_first_seen":0,"flow_src_last_pkt_time":1581384,"flow_dst_last_pkt_time":1605466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":3874,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1605466,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1605466} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1605466} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910538 bytes -~~ total memory freed........: 6910538 bytes -~~ total allocations/frees...: 114238/114238 +~~ total memory allocated....: 7488134 bytes +~~ total memory freed........: 7488134 bytes +~~ total allocations/frees...: 125969/125969 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 500 chars ~~ json message max len.......: 2056 chars diff --git a/test/results/default/cloudflare-warp.pcap.out b/test/results/default/cloudflare-warp.pcap.out index 324b43c03..03ba8bd60 100644 --- a/test/results/default/cloudflare-warp.pcap.out +++ b/test/results/default/cloudflare-warp.pcap.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656230932729365} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656230932729365} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230932729365,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230932729365,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932996308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230932996308,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -14,9 +14,9 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656230934073116,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934076154,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGsrCd8BAgCggAAQG7nRbWkl3OKW2iMlAS\/\/9Y5wAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1656230934076232,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934076232,"pkt":"ABoRAAACABoRAAABCABFAAAozCRAAEAGtpIKCAABnfAQIJ0WAbspbaIy1pJdz1AQ\/\/9Y6AAA"} 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1656230934082073,"pkt":"ABoRAAACABoRAAABCABFAAG+zCVAAEAGtPsKCAABnfAQIJ0WAbspbaIy1pJdz1AY\/\/\/tmQAAFgMBAZEBAAGNAwPstd6ZfDEq67StOOayp6oI0yRJl3Pj1rlxAPwX8sKCOCB8KpZ1DHiKwkVZtmEaFeU9dMQerRLZGYPmD+Q8xRxFywACEwEBAAFCAA0ABAACBAMACgAEAAIAFwAtAAIBAQArAAUEAwT7GgAyAAQAAgQDAAAAGwAZAAAWbXF0dC1taW5pLmZhY2Vib29rLmNvbQAzAEcARQAXAEEEgdPCnJtbjcCWk9MTifK3ufutgShnmxxZR7gmyVsf\/kMsCPFx8okn2kbXp6bDp6QBFLB5cOsESfjzhbQxjdJwlwApAK0AiACCbJHFIGZGvJ4n8wMXH9X9nAtmB0QWpH9ZsA80difHqagAAAAAUIUIqklrRvaEgiU+Fr6jdbdb+rna\/e0lx4bxP513qW9kmpNxoYnv9HDlDkORgv1\/3c\/tscu8VUnIALcsBju\/hW5psYR6aE+dMGIuJPq9G+zDccawxJypZFKWGgTLcZ5KdUoAISBUGf15FkIdy4M8WdLwtoD9utZ56Nx\/M\/HgL3QcebgbXg=="} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230934082073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.2","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"","ja4":"t00d010800_0f2cb44170f4_759b0bad1464","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01358{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230934082073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d010800_0f2cb44170f4_759b0bad1464","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934082254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934082254,"pkt":"ABoRAAACABoRAAABCABFAAAoAAhAABAGsq+d8BAgCggAAQG7nRbWkl3PKW2jyFAQ\/\/9XUgAA"} -01442{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934194130,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":236,"midstream":0,"thread_ts_usec":1656230934194130,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.3","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d010800_0f2cb44170f4_759b0bad1464","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934194130,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":236,"midstream":0,"thread_ts_usec":1656230934194130,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d010800_0f2cb44170f4_759b0bad1464","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230934714151,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230934714151,"pkt":"ABoRAAACABoRAAABCABFAAA0ZaRAAEAGp6UKnoZd2DrERJ4GAbvZsETuj7TO0IARAXlU+gAAAQEICgCjbrOWos\/v"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934714381,"pkt":"ABoRAAACABoRAAABCABFAAAoAA1AABAGPUnYOsRECp6GXQG7ngaPtM7Q2bBE71AQ\/\/9lcwAA"} @@ -27,29 +27,29 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939663767,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939665324,"pkt":"ABoRAAACABoRAAABCABFAAAoABFAABAGyLpoEi\/qCggAAQG7siZDSLBGvLdPulAS\/\/9Z6wAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939665357,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939665357,"pkt":"ABoRAAACABoRAAABCABFAAAoPDJAAEAGXJkKCAABaBIv6rImAbu8t0+6Q0iwR1AQ\/\/9Z7AAA"} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1656230939667804,"pkt":"ABoRAAACABoRAAABCABFAADiPDNAAEAGW94KCAABaBIv6rImAbu8t0+6Q0iwR1AY\/\/\/StAAAFgMBALUBAACxAwPVyRGpDqR4oXgYViJht\/LcFTYuQb0AYmLUaYESd5Yh8AAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAHD\/AQABAAAAAB0AGwAAGGFwaS5jbG91ZGZsYXJlY2xpZW50LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939667804,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939667804,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939667928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939667928,"pkt":"ABoRAAACABoRAAABCABFAAAoABJAABAGyLloEi\/qCggAAQG7siZDSLBHvLdQdFAQ\/\/9ZMgAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939671699,"flow_dst_last_pkt_time":1656230939671699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939671699,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939671699,"flow_dst_last_pkt_time":1656230939671699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939671699,"pkt":"ABoRAAACABoRAAABCABFAAA83IJAAEAGvDQKCAABaBIv6rIqAbsuP68IAAAAAKAC\/\/+gnwAAAgQFtAQCCAoAo3OKAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939671699,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939672582,"pkt":"ABoRAAACABoRAAABCABFAAAoABNAABAGyLhoEi\/qCggAAQG7sirRwFD3Lj+vCVAS\/\/9Z5wAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939672616,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939672616,"pkt":"ABoRAAACABoRAAABCABFAAAo3INAAEAGvEcKCAABaBIv6rIqAbsuP68J0cBQ+FAQ\/\/9Z6AAA"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1656230939673366,"pkt":"ABoRAAACABoRAAABCABFAADi3IRAAEAGu4wKCAABaBIv6rIqAbsuP68J0cBQ+FAY\/\/8FKwAAFgMBALUBAACxAwNmxOOfx0bP\/3oP9IQ+gPtZVU6mOq3fhYCsfwT8M6fLDAAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAHD\/AQABAAAAAB0AGwAAGGFwaS5jbG91ZGZsYXJlY2xpZW50LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939673366,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939673366,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939673469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939673469,"pkt":"ABoRAAACABoRAAABCABFAAAoABRAABAGyLdoEi\/qCggAAQG7sirRwFD4Lj+vw1AQ\/\/9ZLgAA"} -01637{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939742468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2837,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":2837,"midstream":0,"thread_ts_usec":1656230939742468,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98","blocks":0}}} +01596{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939742468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2837,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":2837,"midstream":0,"thread_ts_usec":1656230939742468,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939763960,"flow_src_last_pkt_time":1656230939763960,"flow_dst_last_pkt_time":1656230939763960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939763960,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939763960,"flow_dst_last_pkt_time":1656230939763960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939763960,"pkt":"ABoRAAACABoRAAABCABFAAA8inNAAEAGX6IKCAABjvq3o8hgAbvanPnSAAAAAKAC\/\/\/kiAAAAgQFtAQCCAoAo3OhAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939763960,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939765172,"pkt":"ABoRAAACABoRAAABCABFAAAoABZAABAGGhSO+rejCggAAQG7yGAlYwYt2pz501AS\/\/+VDwAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939765213,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939765213,"pkt":"ABoRAAACABoRAAABCABFAAAoinRAAEAGX7UKCAABjvq3o8hgAbvanPnTJWMGLlAQ\/\/+VEAAA"} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1656230939766415,"pkt":"ABoRAAACABoRAAABCABFAADyinVAAEAGXuoKCAABjvq3o8hgAbvanPnTJWMGLlAY\/\/9axQAAFgMBAMUBAADBAwPtpRoylcoxhyzmXxvjZsZMNdLRYAKuwrX8tJKz4HG3wQAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB8\/wEAAQAAAAApACcAACRjcmFzaGx5dGljc3JlcG9ydHMtcGEuZ29vZ2xlYXBpcy5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939763960,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939766415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939763960,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939766415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939766552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939766552,"pkt":"ABoRAAACABoRAAABCABFAAAoABdAABAGGhOO+rejCggAAQG7yGAlYwYu2pz6nVAQ\/\/+URgAA"} -01637{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939767159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1656230939767159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98","blocks":0}}} +01596{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939767159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1656230939767159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","domainame":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209ht_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939817793,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939817793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939817793,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939817793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939817793,"pkt":"ABoRAAACABoRAAABCABFAAA816BAAEAG6XwKCAABrNnCvKpQFGzl+aQLAAAAAKAC\/\/8RUAAAAgQFtAQCCAoAo3OrAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939818817,"pkt":"ABoRAAACABoRAAABCABFAAAoABtAABAG8Ras2cK8CggAARRsqlAaBlv05fmkDFAS\/\/93dgAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939818992,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939818992,"pkt":"ABoRAAACABoRAAABCABFAAAo16FAAEAG6Y8KCAABrNnCvKpQFGzl+aQMGgZb9VAQ\/\/93dwAA"} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1719546279552167} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1719546279552167} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1719546279552167,"flow_src_last_pkt_time":1719546279552167,"flow_dst_last_pkt_time":1719546279552167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1719546279552167,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"162.159.192.7","src_port":60555,"dst_port":2408,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1719546279552167,"flow_dst_last_pkt_time":1719546279552167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1719546279552167,"pkt":"uCfrJnoXbGp3iJhwCABFAADe3PNAAIAR+HfAqAFUop\/AB+yLCWgAyuWowQAAAACQgwGCQ2ywbChVvz8zwLIHrw\/rvPvgxiS9ZVQn5lLhx2nHPPSbtqkHyTUK8Iv2DMx\/zyTMJl6qxW2KMJ8pmdyNIGxovI6V2NAYgX9GzMZQoF+jMVdVEj+hUIMAt3gh6Jyo0xXvcr6KcrMX7SdPiUsKZjS1mFvlcv+42p75f13z3JoQYbeQcWJB6LC\/+Mvyy6CXMn8RUyU3BaqWogtPqMm8j5zC4EWBJip1Jj3gFWsFWtwmzis0d9ZbWwTl2zw="} 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1719546279552167,"flow_src_last_pkt_time":1719546279552167,"flow_dst_last_pkt_time":1719546279552167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1719546279552167,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"162.159.192.7","src_port":60555,"dst_port":2408,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CloudflareWarp","proto_id":"300","proto_by_ip":"CloudflareWarp","proto_by_ip_id":300,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -69,7 +69,7 @@ 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1719546282441904,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00930{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1719546282441904,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1719546282441904,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10551,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1719546282441904} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10551,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1719546282441904} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 78/78 ~~ skipped flows.............: 0 @@ -78,10 +78,10 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6951558 bytes -~~ total memory freed........: 6951558 bytes -~~ total allocations/frees...: 114334/114334 +~~ total memory allocated....: 7529154 bytes +~~ total memory freed........: 7529154 bytes +~~ total allocations/frees...: 126065/126065 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars -~~ json message max len.......: 1642 chars -~~ json message avg len.......: 1089 chars +~~ json message max len.......: 1601 chars +~~ json message avg len.......: 1068 chars diff --git a/test/results/default/cnp_ip.pcapng.out b/test/results/default/cnp_ip.pcapng.out index a0371858d..69ca522de 100644 --- a/test/results/default/cnp_ip.pcapng.out +++ b/test/results/default/cnp_ip.pcapng.out @@ -1,11 +1,11 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1294227823248261} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1294227823248261} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1294227823248261,"flow_src_last_pkt_time":1294227823248261,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1294227823248261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39819,"dst_port":1628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1294227823248261,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1294227823248261,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEARPK9\/AAABfwAAAZuLBlwAKP47ACABAQAAAABri0VnAAAAAAAAAAABCQGqAakBA4ENAMo="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1294227823248261,"flow_src_last_pkt_time":1294227823248261,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1294227823248261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39819,"dst_port":1628,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CNP-IP","proto_id":"422","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1294227823258145,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1294227823258145,"pkt":"AAAAAAAAAAAAAAAACABFAAA4AABAAEARPLN\/AAABfwAAAZuLBlwAJP43ABwBAQAAAABri0VnAAAAAQAAAAAACQGpAaoBIw=="} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1294227823248261,"flow_src_last_pkt_time":1294227823258145,"flow_dst_last_pkt_time":1294227823248261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1294227823258145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39819,"dst_port":1628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CNP-IP","proto_id":"422","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1294227823258145} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cnp_ip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1294227823258145} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 968 chars diff --git a/test/results/default/coap_mqtt.pcap.out b/test/results/default/coap_mqtt.pcap.out index 6b7512236..464c87796 100644 --- a/test/results/default/coap_mqtt.pcap.out +++ b/test/results/default/coap_mqtt.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1333957710293035} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1333957710293035} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957710293035,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -15,7 +15,7 @@ 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":1333957720773953,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1375090528017876} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1375090528017876} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_usec":1375090528017876,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"} 00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -43,7 +43,7 @@ 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375091005616928,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090935086791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":11,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1375091022221897,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375091022221897,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsB9ABJUkt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1455907243976582} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1455907243976582} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1455907243976582,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -118,7 +118,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907272399051,"flow_dst_last_pkt_time":1455907272398939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":578,"flow_dst_tot_l4_payload_len":808,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":26,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907272398966,"flow_dst_last_pkt_time":1455907272399057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":576,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":41,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907272399063,"flow_dst_last_pkt_time":1455907272398989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":907,"midstream":0,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1082,"packets-processed":1080,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1455907286608960} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1082,"packets-processed":1080,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1455907286608960} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1082/1080 ~~ skipped flows.............: 0 @@ -127,9 +127,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6982849 bytes -~~ total memory freed........: 6982849 bytes -~~ total allocations/frees...: 115387/115387 +~~ total memory allocated....: 7560553 bytes +~~ total memory freed........: 7560553 bytes +~~ total allocations/frees...: 127122/127122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 2321 chars diff --git a/test/results/default/codm.pcap.out b/test/results/default/codm.pcap.out index d38ae30ae..34e828fd1 100644 --- a/test/results/default/codm.pcap.out +++ b/test/results/default/codm.pcap.out @@ -1,18 +1,18 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1714945575038105} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1714945575038105} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575038105,"flow_dst_last_pkt_time":1714945575038105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575038105,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1714945575038105,"flow_dst_last_pkt_time":1714945575038105,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1714945575038105,"pkt":"RQAAPPYgQABABqp2CtetATEzsRmv5B9N0u\/CjAAAAACgAv\/\/EuMAAAIEJugEAggKgbiTWwAAAAABAwMJ"} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1714945575038105,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1714945575344783,"pkt":"RQAAMAAAQABABqCjMTOxGQrXrQEfTa\/kd+t369Lvwo1wEgQAaDAAAAIEJugDAwkA"} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1714945575345572,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1714945575345572,"pkt":"RQAAKPYhQABABqqJCtetATEzsRmv5B9N0u\/CjXfrd+xQEACAwKgAAA=="} 01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1714945575352062,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":552,"pkt_l4_len":532,"thread_ts_usec":1714945575352062,"pkt":"RQACKPYiQABABqiICtetATEzsRmv5B9N0u\/CjXfrd+xQEACAYTkAABYDAQIAAQAB\/AMDE4hC6Pzs5vGVXV\/rA5kTRFf815sNj8zERbVd0smEBoUgZPqtKxZvHc8t5997oqWD1GDthZtgNTHTCTfohfNSK\/gAIhMBEwITA8ArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAGRAAAAGgAYAAAVd2VzdC10ZG0uY29kbXdlc3QuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAQAAsACQhodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACCmeWTUc2aayW1rpFyxyJQOZJoIS\/wNitWqJ9+bFBjsKwAtAAIBAQArAAkIAwQDAwMCAwEAFQDjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":45,"pkt_l4_len":25,"thread_ts_usec":1714945575353057,"pkt":"RQAALfYjQABABqqCCtetATEzsRmv5B9N0u\/EjXfrd+xQGACAvpsAAAAAAAAA"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575353057,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.CoD_Mobile","proto_id":"91.186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"west-tdm.codmwest.com","domainame":"west-tdm.codmwest.com","tls": {"version":"TLSv1.2","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01498{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1432,"midstream":0,"thread_ts_usec":1714945575549162,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.CoD_Mobile","proto_id":"91.186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"west-tdm.codmwest.com","domainame":"west-tdm.codmwest.com","tls": {"version":"TLSv1.2","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575344783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575353057,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.CoD_Mobile","proto_id":"91.186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"west-tdm.codmwest.com","domainame":"west-tdm.codmwest.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01457{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1432,"midstream":0,"thread_ts_usec":1714945575549162,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.CoD_Mobile","proto_id":"91.186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"west-tdm.codmwest.com","domainame":"west-tdm.codmwest.com","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714945575549162,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575549162,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.248.172.158","src_port":40282,"dst_port":7500,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1714945575549162,"pkt":"RQAAKBdMQABAEacKCtetARf4rJ6dWh1MABSIPbu2U+qW\/bsDcGluZw=="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714945575549162,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714945575549162,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.248.172.158","src_port":40282,"dst_port":7500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CoD_Mobile","proto_id":"186","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1714945575549162,"pkt":"RQAAKAAAQABAEb5WF\/isngrXrQEdTJ1aABQAALu2U+qW\/bsDcGluZw=="} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1714947445643585} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1714947445643585} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714947445643585,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445643585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714947445643585,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.131.34.20","src_port":38704,"dst_port":7948,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445643585,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":210,"pkt_l4_len":190,"thread_ts_usec":1714947445643585,"pkt":"RQAA0kuKQABAEekhCtetASuDIhSXMB8MAL4XDQn7wXX\/qpBGDQFAKnwBAAEIzBUNrglAxq8zmv0AAFwMSw8x47WLBe8CQqK13MZq5inDco6IFoo4+pwf3SGoxCzr\/bnxAeIYIvQbar9KI\/MEycpy1Zvo5GAeorGLNdvPbqrnXgzsXy7gnHcOayvA7vQQgAE3AVVSNQcW2FmWH5eXpaKyLXGXhUlExjO92yqeas+2z2eZEtlUcp+WS2Y1aN4mJ4DBpDzsNcBul71bl\/KfmoV0fB6j"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445698836,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1714947445698836,"pkt":"RQAAJAAAQABAETVaK4MiFArXrQEfDJcwABAAAA4CwAAAAQAB"} @@ -22,7 +22,7 @@ 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1714945575549162,"flow_src_last_pkt_time":1714945575549162,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1714947445706350,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.248.172.158","src_port":40282,"dst_port":7500,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CoD_Mobile","proto_id":"186","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1714947445643585,"flow_src_last_pkt_time":1714947445643585,"flow_dst_last_pkt_time":1714947445706350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":485,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":959,"midstream":0,"thread_ts_usec":1714947445706350,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.131.34.20","src_port":38704,"dst_port":7948,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CoD_Mobile","proto_id":"186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714945575038105,"flow_src_last_pkt_time":1714945575353057,"flow_dst_last_pkt_time":1714945575549162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1432,"midstream":0,"thread_ts_usec":1714947445706350,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"49.51.177.25","src_port":45028,"dst_port":8013,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.CoD_Mobile","proto_id":"91.186","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3114,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1714947445706350} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/codm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3114,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1714947445706350} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -31,10 +31,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917018 bytes -~~ total memory freed........: 6917018 bytes -~~ total allocations/frees...: 114181/114181 +~~ total memory allocated....: 7494614 bytes +~~ total memory freed........: 7494614 bytes +~~ total allocations/frees...: 125912/125912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 502 chars -~~ json message max len.......: 1503 chars -~~ json message avg len.......: 1002 chars +~~ json message max len.......: 1462 chars +~~ json message avg len.......: 982 chars diff --git a/test/results/default/collectd.pcap.out b/test/results/default/collectd.pcap.out index 00bac95c1..68958564e 100644 --- a/test/results/default/collectd.pcap.out +++ b/test/results/default/collectd.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946742154132991} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946742154132991} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02283{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742154132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","domainame":"devlap.fritz.box","collectd": {"client_username":""}}} @@ -8,7 +8,7 @@ 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02285{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742156132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","domainame":"devlap.fritz.box","collectd": {"client_username":""}}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":946746151465954} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":946746151465954} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_usec":946746151465954,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -17,7 +17,7 @@ 00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":"","collectd": {"client_username":""}}} 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655315218479780} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1655315218479780} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_usec":1655315218479780,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"} 01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","domainame":"devlap.fritz.box","collectd": {"client_username":""}}} @@ -58,7 +58,7 @@ 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655315774132712,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1655315774132712,"pkt":"AAAAAAAAAAAAAAAACABFAAVEkBxAAEARp4p\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh00IfHOfAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAl3YWl0AAAGAA8AAQIAAAAAAAA+hgAIAAwYqodNCHx3BQADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodNCHx4iwADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqodNCHx6GAADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodNCHx+YwADAAYwAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAARAEAAgADBiqh00IfIBJAAMABjEAAAYADwABAgAAAAAAAKTtAAgADBiqh00IfIIYAAMABjIAAAYADwABAgAAAAAAAND4AAgADBiqh00IfIQ5AAMABjMAAAYADwABAgAAAAAAAG48AAgADBiqh00IfIc5AAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOv6AAgADBiqh00IfImlAAMABjEAAAYADwABAgAAAAAAAHQyAAgADBiqh00IfIuXAAMABjIAAAYADwABAgAAAAAAAFNGAAgADBiqh00IfI3qAAMABjMAAAYADwABAgAAAAAAADrxAAgADBiqh00IfJJ8AAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHyUxQADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzGWgADAAYyAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzI6AADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzNbwADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEbooAAIAAwYqodNCHzQVwADAAYxAAAGAA8AAQIAAAAAAEiSpwAIAAwYqodNCHzSjwADAAYyAAAGAA8AAQIAAAAAAEpmKAAIAAwYqodNCHzffgADAAYzAAAGAA8AAQIAAAAAAEkuRwAIAAwYqodNCHxvHAADAAYwAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABD8QAIAAwYqodNCHxw\/QADAAYxAAAGAA8AAQIAAAAAAABDwgAIAAwYqodNCHx1BQADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqodNCHxoDgADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABI3eAAgADBiqh00Igvk5AAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUACXVzZWQAAAYADwABAQAAAAAkwe1BAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAsH7AQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACUIetBAAUAC2NhY2hlZAAABgAPAAEBAAAAADpG50EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAAAA35dBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAOBOqUEABQAJZnJlZQAABgAPAAEBAAAAAKD8s0EACAAMGKqHT4h9FSwAAgAIY3B1AAADAAYwAAAEAAhjcHUAAAUACXVzZXIAAAYADwABAgAAAAAAFrKDAAgADBiqh0+IfXU9AAMABjIAAAYADwABAgAAAAAAFBusAAgADBiqh0+IfY6xAAMABjMAAAYADwABAgAAAAAAFfvCAAgADBiqh0+IfUlfAAMABjEAAAYADwABAgAAAAAAFftv"} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315784133517,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9255,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315784133517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315804133071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1655315824133020} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1655315824133020} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315834133390,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315834133390,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315854133128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316151465954,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -71,7 +71,7 @@ 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655316181464412,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1655316181464412,"pkt":"AAAAAAAAAAAAAAAACABFAAV8xlhAAAERAUrAqLIj78BKQpqYZOIFaLJIAhAFYAAEdXNlcvgFFMcC7YLnXJdq6iy8vLKCzAlatvrBwkJrE96Ca8hAiNz7UuTaNB2VAQDjZhwW8It9Bw6C5dOcFYI7dtaUsqoM3W+UcjrrT3TlmYGZdLqeSCurY+PxhiyPEjq83Kx+9cfb79V6QQOle6UCpNHC5cTbJxieSFgnAJf5U9l1Wb2Zfo1KITT5S1JLK2mB2AhZBzMiAmW7nDv1DYwK1E3Ja+k+cy\/02WZLSF\/4MBU6ElL5un4wRJoLZFKsiRQoRARw+w\/tYjnuompfoCUOnxEAbNO\/ScH8GQMAqxRKubol4sJ34rEuem1hVbus9EhIVHVsndZrfW\/t5p0Ymc5PzzUJQhytc9t0mG8bp8PtBJoOuuKTjAIjgsK6HRvDbBosq8UVWLvRCpGzUMDmhXWm3M3Af\/19vdeNFYDrdeKZl4\/Tiot7Jk4SGJUVLdwRLYXJKVNSDLc+\/2NLSCP3hRgGgkJTram0IrQaOBKTrnVgzs9JG1xVsFY3JAvYZrm2EEmpxYtYVR8eAIattMv0OJ3RVFlsmMqg2eeGd75jusMSQqGOYY1i5+3CJ6pT6\/OSbK6qzW2BKd9B3UtkkBxo5RqaHboxPGcWFP9ceXeIXdp\/k9R+0PKCuHshX4\/ZHPPCpR0XFfXp9ONx\/WS97lCYY1KkrhKcbgcrld\/cVsBWi3ZVWyfgaaD6tDUL73yYB\/HDjD60VIkxHTkOgzHXADKncbnDzeOxTs5w0AyZB8\/y7yXDLHrObGSiP544LREjSMwjQLBMcUwvJSy66lkhW\/720bRu7\/Z8J3zhwUEPu76N0yVimaSbZvDSdiQmOesMZp1xdVC+R5mnJ73b9P1BiCPtcZkSaeIxzVphD0E4FDMO7n639Sb3etUlxEH994EWaUuWyatwWzuPuI6aHd5gs7\/5k9edMeE7INONDor97aMkxNjH45LA7FQQWLxlNG82ECskPeh9eRHEhD01c4OjHspfBLQoWdPKm+FuT9rOuIsOyJjB0CB7yyo2\/sBwQOapu2nKKop3WGOhCekvJa8bGT\/fwtNBu6y9lvflXlB4w+cUn9LHVPd8c55suJBYjaTEjGtpJPPQr5FwLCPb0VQ+d76LnIgPOOqrAXHe8nl5hlL4FQA7x5adn04mFDCeAPZXtv3rDB6BTBpZsMjvH4YfYynU9GuxvQYioQ9CNBjF0HVnHlzElnx8hwrjTUPNs7ClrDa96mzZfFyVb5Nj4ECxJ7iPAuWcneVIn7uPEC1z\/zkMfgUIsDmTIKqAQvLZN5NLHlkeqdFQcGQp+m5b0LZKFsewnwU5Wom6dY70EU47NKObNczXhUieeY9QRG8ZpIRK+A4vdFu4A8IN3hwZbEZfdhEMiiCqXyoGEygAKQQfCZfxj5XXH9P2FkFQR8fFVjJU18UTLX6PfK\/7x1yL3qTxAbbviPoXAsfqh5waRw9YMEb08B\/WYQmyFCYElXrknFcIHnXPqkU6DC7RINGNFZLWpq\/U3L1Isb6\/W1gOsLiDJnMWmPhnseLBCoBKrB1KOZjMd5s+mfB4dnHLTtT5sF2scQr93OceGFLqdFl0POX\/v3abJ4ZP2yYha2NExOMtruFRBbxZ4HF\/wdGc+VkB4AzCn99BfYbV5VwNloBfugi\/5X5G1iqiqGAVZiDPU+u0nZUCeYsB1q9K1\/NmpGiEgNdo81WcEYmMARdF9xmvcOnLMmdOcMlv63fln5KBSKO4HZPzLvwD0pI0AUYlGah1oa9\/zk4QeMBIubH+v1XKARl5SmOXRRBqDat7eVIysKApBnDoFsDxGDTZUVDOsGf4TgfdFNvZu6lJeMPeugL+z+wgF+k="} 02189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1655316182371478,"pkt":"AAAAAAAAAAAAAAAACABFAATsxv9AAAERATPAqLIj78BKQpqYZOIE2LG4AhAE0AAEdXNlcnP\/uCtk9UXV2KF4JOzP1M1v7q6jawqniLWeIANnL2\/k3sSyHPr3tqTLnAuukLSfxlpixnPsEPx0Zo4Oww1TgylacBsRLCY9L9BPZIhwPUd9+1cDwsYbIA++HJQi+hVC4mgKe4VGv0zjBGe7+ifIIww2jGaTY1Blgv9t7vC9d7ndAN0HBkDs8O\/zvgWZaJvfq4fGvb\/5XmfhyyZ4qLYRdYtSabVScBoObPSfn5ouUsYUF07PMfBvtxV\/apbRdODDfM8eEU3cHVtvDHVfPNHmDKMgO4Z8IosjUrwCc0maYz2m53Uumq1aZqaehZvpt7lahc85fSLehC5NpUixm0Lx+h\/ujjdNrvcaMhw1JlCmSJTwtM\/EgbZpDVag1G5bvmZXLcmg0VE5QVODMtPUOiFVnxHuZ7em8M5APoD2YV5OJuwO1S203xtd9p5GwaU\/p7xn+Vad6uNBMssyRZd1DFsDqNec\/2mUnEeYzQ0y65upIZH9vGNerHd5wExkz7FsIMx3S13uUvn4wDqBrafmQ+FDkktQOlPQKQCp\/7L2mGfKxv\/eoKvpMWMnLuCqjwfSk4fidgiUs\/m4w95YyqeonfzSrcqoqHJ3fyWyw+5xgHEDZacDV4Ns+TmWUKkOgyvJwE+b\/SQWMv\/jfPynda2l0vcIL+hkEpUrZFILSjN89wKmjBSCYPHxh5mXQE6zJIA1\/lm42Ws2JT2S+ySIj5lF+j3LavgWzu6LgcWm3kC80BQusAMGRm5HX7lv+eo7wfeyjF9kwzkXfUzjp8u6PpnZjLLYU0KH9cwFxoJy3O1cDLvkBRdM3BZq9ulTYUekIh71M7sgzqXVnK69LZBSDnT0gFbc8EVuq\/baI30HbLnm6v4phtxorZGfNfwUKiOVg1+m92hZ33VoHullyAzE63i5HEz23N63w1OMMidtcwnQQNv5nLpw3\/rGyhBPakrtlZMqHYa7IKPmIEnvypW5odQzFUn+ewMgVF7IheAe5ktL5eVlqRIBuwuHWex66FM8PsAJ+0GFiVQDT90ORRBulv\/nwrzAF73B2UEjuT7o1XSdo2yzYV+fg0tuAFh+J7b40tEzGMHkSNLR1nFhaO5GaNm72JV6B4GV3KcI7XYFIsQkCMlVJFvhtZvlEEzzKyBObmFid+xH1F+FLuVe\/sawgjTtvxhAeoMv0XwePMnlzUAkaHBI+ToVrXG9TuIYXHfng\/Zvydp8Rup0i1kr6nlU0SjI9FoU7GEx3Af9YoSVdhTuAuvx9gAyHT0\/40EQiUpaScFUKZZzI3+kiAckU5y6lSp2C2D\/KFh\/8TiJ0y\/DQMZrU7s8eIlBc0ciTshw9ABtMfOmuuAgqDx\/GJnXt2TA1+EOW+NMitt+822JWDfRDzWsygrDddbT8Fzr6C7F7UlvifDEWmgAE\/nt78d+PtDMW1S9lGNvzBeXE\/+a22PprpuD7c9xntPU\/aEWUALWBlFO1SgekTxdJK57eae6wWZtWku9YoU7jyqN5MGxMWGFbfQAvQJ3TqPi7FKY+5b3645lan5PFGzus6rBQOo4ZZj5QGYP9SPBCyLQ15ugjV+nlLKc3PQZGgTgCS\/O9M4yjl3lOf2xkK+f0evs7+kT1\/NYdqtOmB5psJPQhvhx32w="} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6745,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316182371478,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1655316182371478} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1655316182371478} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 ~~ skipped flows.............: 0 @@ -80,9 +80,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928994 bytes -~~ total memory freed........: 6928994 bytes -~~ total allocations/frees...: 114305/114305 +~~ total memory allocated....: 7506590 bytes +~~ total memory freed........: 7506590 bytes +~~ total allocations/frees...: 126036/126036 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 618 chars ~~ json message max len.......: 2401 chars diff --git a/test/results/default/conncheck.pcap.out b/test/results/default/conncheck.pcap.out index c006f6504..d08602ae1 100644 --- a/test/results/default/conncheck.pcap.out +++ b/test/results/default/conncheck.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1717680638779902} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1717680638779902} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638779902,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1717680638779902,"pkt":"IHwUotKkrpzVkkEiCABFAABNGrRAAEARC64KAQA8CgEAAbXrADUAObVB6kABAAABAAAAAAAAEmNvbm4tc2VydmljZS1ldS0wNAhhbGxhd25vcwNjb20AAAEAAQ=="} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1717680638779902,"flow_src_last_pkt_time":1717680638779902,"flow_dst_last_pkt_time":1717680638779902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680638779902,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"10.1.0.1","src_port":46571,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"conn-service-eu-04.allawnos.com","domainame":"conn-service-eu-04.allawnos.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -78,7 +78,7 @@ 01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1717680641594363,"flow_src_last_pkt_time":1717680641605840,"flow_dst_last_pkt_time":1717680641605905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":836,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"www.google.eu"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1717680643920100,"flow_src_last_pkt_time":1717680650974273,"flow_dst_last_pkt_time":1717680643928469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.60","dst_ip":"142.250.180.163","src_port":49674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1717680798559360,"flow_src_last_pkt_time":1717680802234320,"flow_dst_last_pkt_time":1717680798564341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1717680802234320,"l3_proto":"ip4","src_ip":"10.1.0.70","dst_ip":"142.250.180.138","src_port":54612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10946,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1717680802234320} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/conncheck.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10946,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1717680802234320} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6933501 bytes -~~ total memory freed........: 6933501 bytes -~~ total allocations/frees...: 114376/114376 +~~ total memory allocated....: 7511283 bytes +~~ total memory freed........: 7511283 bytes +~~ total allocations/frees...: 126116/126116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1266 chars diff --git a/test/results/default/corba.pcap.out b/test/results/default/corba.pcap.out index 84e0bfe2d..d39817fbd 100644 --- a/test/results/default/corba.pcap.out +++ b/test/results/default/corba.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1234165929809181} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1234165929809181} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1234165929809181,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1234165929809181,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.1.1","src_port":42717,"dst_port":56899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1234165929809181,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pBtAAEAGlp5\/AAEBfwABAabd3kOQX9RSAAAAAKACgBgzXQAAAgRADAQCCAoAE3BJAAAAAAEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1234165929809206,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGOrp\/AAEBfwABAd5Dpt2Q23rIkF\/UU6ASgAC3YwAAAgRADAQCCAoAE3BJABNwSQEDAwc="} @@ -16,7 +16,7 @@ 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1234166104151416,"flow_dst_last_pkt_time":1234166104096487,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":302,"pkt_l4_len":268,"thread_ts_usec":1234166104151416,"pkt":"AAAAAAAAAAAAAAAACABFAAEgAABAAEAR7LMKXxwuCl8cLoatPnABDE43TUlPUBAD5AAAAAAAAQAAAAwAAAAEAAAAAAAAAAAAAABHSU9QAQIBANgAAAAEAAAAAAAAAAEAAAADAAAASAAAAAEBAAAMAAAAMTAuOTUuMjguNDYAcD4AAAEAAAAnAAAAJAAAAAEBAAAJAAAAQ29uc3VtZXIAAAAAAAAAAAEAAAAAAAAAAAAAABQAAAByZWNlaXZlUmVsaWFibGVEYXRhAAAAAAAAAAAAMTIAAMgAAAAEAAAAWOGPSYFOAgBAAAAAQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQAAAAA="} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1234166104096487,"flow_src_last_pkt_time":1234166104156023,"flow_dst_last_pkt_time":1234166104096487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1234166104156023,"l3_proto":"ip4","src_ip":"10.95.28.46","dst_ip":"10.95.28.46","src_port":34477,"dst_port":15984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1234165929809181,"flow_src_last_pkt_time":1234165932080045,"flow_dst_last_pkt_time":1234165932071907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4096,"flow_dst_max_l4_payload_len":4029,"flow_src_tot_l4_payload_len":18310,"flow_dst_tot_l4_payload_len":4122,"midstream":0,"thread_ts_usec":1234166104156023,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.1.1","src_port":42717,"dst_port":56899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1234166104156023} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1234166104156023} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912877 bytes -~~ total memory freed........: 6912877 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7490473 bytes +~~ total memory freed........: 7490473 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 972 chars diff --git a/test/results/default/cpha.pcap.out b/test/results/default/cpha.pcap.out index b06b0697d..834c149b5 100644 --- a/test/results/default/cpha.pcap.out +++ b/test/results/default/cpha.pcap.out @@ -1,10 +1,10 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","vlan_id":21,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_usec":1603354463286532,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"vlan_id":21,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907614 bytes -~~ total memory freed........: 6907614 bytes -~~ total allocations/frees...: 114137/114137 +~~ total memory allocated....: 7485210 bytes +~~ total memory freed........: 7485210 bytes +~~ total allocations/frees...: 125868/125868 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 598 chars ~~ json message max len.......: 963 chars diff --git a/test/results/default/crawler_false_positive.pcapng.out b/test/results/default/crawler_false_positive.pcapng.out index 53725aac8..b8ecaa4d9 100644 --- a/test/results/default/crawler_false_positive.pcapng.out +++ b/test/results/default/crawler_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892509284373} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892509284373} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509284373,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509284373,"pkt":"CL6sCxduJjb1W8R1CABFAAA8KY5AAEAGChTAqAycXbjcHZWTAFBs+j0RAAAAAKAC\/\/\/HSwAAAgQFtAQCCArcRF1kAAAAAAEDAwk="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509292073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509292073,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8tqIAADgGxP9duNwdwKgMnABQlZO39n5kbPo9EqAS\/\/9z+AAAAgQFtAQCCApFkddV3ERdZAEDAwk="} @@ -9,7 +9,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666892509294998,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666892509302404,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0tqMAADgGxQZduNwdwKgMnABQlZO39n5lbPo9I4AQAICiHwAAAQEICkWR12DcRF1v"} 01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509303435,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509303435,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.digicert.com","domainame":"ocsp.digicert.com","http": {"request_content_type":"application\/ocsp-request"}}} 01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509319173,"flow_dst_last_pkt_time":1666892509318297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1666892509319173,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.digicert.com"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1666892509319173} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1666892509319173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908090 bytes -~~ total memory freed........: 6908090 bytes -~~ total allocations/frees...: 114155/114155 +~~ total memory allocated....: 7485704 bytes +~~ total memory freed........: 7485704 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 1108 chars diff --git a/test/results/default/crynet.pcap.out b/test/results/default/crynet.pcap.out index 54c394b48..4e22276f2 100644 --- a/test/results/default/crynet.pcap.out +++ b/test/results/default/crynet.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663053319315000} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663053319315000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663053319315000,"pkt":"eJS0JASgYDjgxTWgCABFAABiTCIAAH8RZ1zAqAJkTp92YfGNYycATjhrPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARHZiPEYhJ98Ekv15rJNB070HsYAjtelIOS7\/FaGTcNxA=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1663053319427000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1663053319427000,"pkt":"eJS0JASgYDjgxTWgCABFAAENTCMAAH8RZrDAqAJkTp92YfGNYycA+dc4twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKALLez3wAN7++JPrzMT38iX1WAjfTctCz5DQW2Gr52YR6j8NlMBYhOJtQoUHxWCr79vIUajpzWXoiTJxxi4wkpAsXoa6o3PGme6\/1vAonPYaENBaP83tcQBWM5F7CctUortxGxwNJCzC9Ng4j6g\/M10VJx\/+uWwf2XNZu+YTz0cFhVKD8b3EyMN0OKFLxjveSPCFnaIrDkrsYSHksMYnidzTlDmbVkI\/TwEtMTUGYmv\/K8tH5HZVgkUeK3w2NFKXJmMwkHObFIIO9Wtu40KY6w=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1663053319451000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663053319451000,"pkt":"eJS0JASgYDjgxTWgCABFAABeTCQAAH8RZ17AqAJkTp92YfGNYycASqIEu1TNMFI7KjNcy30zZh7kTKyCtibj5Ew6S3L3XbNweck02v9yC85o1\/QG3mAVSF2v178BxRBCueTrL00RuPSJPkfw"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1663053319456000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663053319456000,"pkt":"eJS0JASgYDjgxTWgCABFAABOTCUAAH8RZ23AqAJkTp92YfGNYycAOmtU9A4B7\/sy9rQJaZpS1ZjPxtRWqt1UsEDlsdYvzNiHXlYQ36yJt6tP5zK6OP2iIuXDoH0="} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1663054340264000} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1663054340264000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663054340264000,"pkt":"eJS0JASgYDjgxTWgCABFAABi6scAAH8RL4jAqAJkJTo49dwNTxoATkBTPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAIAAAAAAAAAAjxLoziqJeNB3TOIAvp1HVUPwwhoEa8nhYPd5MbnCISkw=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663054340492000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663054340492000,"pkt":"eJS0JASgYDjgxTWgCABFAAD96skAAH8RLuvAqAJkJTo49dwNTxoA6Ti1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh3drXUfBsymjYclKxpc0nfGK4TXfQ\/ZSFodhwO7TchiHrNe49me58e8bAAF0I5F+veDMTcPaTIoyhzRIr6m6Z+CQOrG3Nvv5hothMloBht44k3gby0eyZA8TY4qdQtt6AYi3PRm5uclYvCq7ZM0GzREHOCsM\/h3pJ8dIne0rl8Yv9UgWddpCFQWkiWUe8V0eVdRqpF4eAMBu6EaVBsGFq1obTzwAbq+Z\/AwxrK1Xtv1qLyBe4BTjjP7SPqWmHWyI"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663054340511000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663054340511000,"pkt":"eJS0JASgYDjgxTWgCABFAABe6soAAH8RL4nAqAJkJTo49dwNTxoASie1u6Um18UiAc6pJXjjl\/HaNSDy6KAZaciEAaWBHHD0wMybHHlIRagmxlljIDbFX86yQQAXEeT6hI04WN7LK1Fbtr9a"} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319756000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663054340750000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1663085644364000} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1663085644364000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663085644364000,"pkt":"eJS0JASgYDjgxTWgCABFAABiEW8AAH8RLCHAqAJkVBDm3t6Kb\/kATnW6PAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAMAAAAAAAAAAxNRIfGTwR+QCEti3EMpFVQUjpXNe1F8lY80rv42uT7UA=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663085644862000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663085644862000,"pkt":"eJS0JASgYDjgxTWgCABFAAD9EXEAAH8RK4TAqAJkVBDm3t6Kb\/kA6Sf1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7h+WQPdzYtRujvIv99Gk4jK5CTYtKMcC8UdvPHTkwMgv+CqSO\/LPaCHfKYn\/qLUXKya\/WMk8UEbZcOxwqjti+zv7dA6vrTWc2C\/bio3R8dE2bVVZbga+3ONnGrLsbTsX0xoj2QaGBCLAdRWxgab3ISN7Kk+HGnPTiKc7GqjMvt66EEvs79X9BPSniUDFUWQ7OB3ZrrH+fG8WChwJChWKyc1UHcxBPrsbIkc7Zz+aZYp63dfaXDBKUO5TM6wJXKs5"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663085644878000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663085644878000,"pkt":"eJS0JASgYDjgxTWgCABFAABeEXIAAH8RLCLAqAJkVBDm3t6Kb\/kASp3Du8hOJwkzpDMeJIiqYysbahdAbCneww7mPP0qdlopQndRNSW4Hvz1o7Z0XzePGFOyamSlKQFqSXW59rtF9f1o0hC2"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340750000,"flow_dst_last_pkt_time":1663054340651000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1663085645134000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1663087012386000} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1663087012386000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663087012386000,"pkt":"eJS0JASgYDjgxTWgCABFAABiWwwAAH8RbHXAqAJkTp9iXtldbtcATsvtPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARP2yVOOppoNSzHVb7aVJGzvGqD\/2urmHg+Q2g7KegnkQ=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -34,7 +34,7 @@ 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1663087012600000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663087012600000,"pkt":"eJS0JASgYDjgxTWgCABFAABeWw4AAH8RbHfAqAJkTp9iXtldbtcASiuhu7hTlkLWJMqukwgQRylK5qgiLSt9XVj0u0sQ8ebeC3F2lAmzaT1fMxkq7a+2soe7OxLP59ZLK7oofqm79eExsFje"} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663087012606000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663087012606000,"pkt":"eJS0JASgYDjgxTWgCABFAABOWw8AAH8RbIbAqAJkTp9iXtldbtcAOmEb9J0pHkeKMvM7Xkxdv+3E0sy5KB0kANOKPFc0\/VebRRnb5+QoZ3Mrtf9BC\/abuZwnrKw="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085645134000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1313,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663087012873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1690748853317402} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1690748853317402} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690748853317402,"pkt":"eJS0JASgYDjgxTWgCABFAABiGQIAAH8REt3AqAJkVBD4j+1PdZIATnKmPAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAJAAAAAAAAAAkdjp3RMzFPjpS+Wr+8IHfk2zWlV90jwStZ3EBEfsVDkg=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -51,7 +51,7 @@ 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1690749276056149,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1690749276056149,"pkt":"eJS0JASgYDjgxTWgCABFAAENI8IAAH8RmufAqAJkTp9qi+tAbrcA+U1QtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAug8yp8Qv8TeWfHQtc3YYH0QzMa6rPBBh7r86MQSgH+LNvWKGO1aam6d5zesL+sUrF6Ua+4CYT4UxlWoLk8it1sGIVwsHw8kPIqURbyn87lSjBx+EtL3kcCJd9kbwqoHNYYl8vr8h\/pQyPDY\/ybl6Qwn\/XMkSLUm2ozx+ocAL3SGobGPEaWQ9OWNjOTl7uDiKpBrygQ3id7tOI36I6GmEl\/Tp54jwr5vadXwcWL1EaB7bvcFBmu9\/MyRxHuzsWY\/Iy1vmeVBmRgJ+QgzZSkyjLg=="} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1690749276072688,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1690749276072688,"pkt":"eJS0JASgYDjgxTWgCABFAABuI8MAAH8Rm4XAqAJkTp9qi+tAbrcAWmUpu3tPZAeQ46M6mABOvfTiLmhjk5Eo7IVF5El0OH9Oalhsd6e845+k7R3mRhdmSAjukoEpvToeTF5uw4+ZNVffp2IhCQbEzT+aUmfmbrcP3OMEDg=="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853790269,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1150,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1690749276312337,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1690750256496605} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1690750256496605} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690750256496605,"pkt":"eJS0JASgYDjgxTWgCABFAABivOoAAH8R9mXAqAJkTp92j9ikVasATlq9PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAHAAAAAAAAAAcaZmSmn4yqST2dsNw5sE0qvA1Y7T4SUNxW2dvvvwLc+w=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -61,7 +61,7 @@ 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1690750257223299,"flow_dst_last_pkt_time":1690750257223019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1690750257223299,"pkt":"eJS0JASgYDjgxTWgCABFAAD9vO0AAH8R9cfAqAJkTp92j9ikVasA6U89twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJayDQss1yqjCVCoRYctWeyPGeh+rCqtfCAIezh5tfYD49Oxy7cP6xgAn1J2UkUSha0Yjsn7UHAsO+lM\/OP0MxdkHqrKyWhPVzyEGXJI+V1GZ5uZtKBSxmQ2LpU\/fF1GAhhx4zkZTb6htgJ9EmSVdNHDsFhdFkst7D5VTXje47jWx68FCg42Rr02\/Qmpgfh4mPfHHczsTnssYMMZB0Psd4i03cSDcEnIP2kzIf0IYx8G8rXQ3qhVAEUIr1uuv2oqp"} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1690749275638306,"flow_src_last_pkt_time":1690749276312337,"flow_dst_last_pkt_time":1690749276197934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1136,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.106.139","src_port":60224,"dst_port":28343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750257417113,"flow_dst_last_pkt_time":1690750257436073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1058,"flow_dst_tot_l4_payload_len":399,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":105,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1690750257436073} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":105,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1690750257436073} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 105/105 ~~ skipped flows.............: 0 @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924938 bytes -~~ total memory freed........: 6924938 bytes -~~ total allocations/frees...: 114308/114308 +~~ total memory allocated....: 7502534 bytes +~~ total memory freed........: 7502534 bytes +~~ total allocations/frees...: 126039/126039 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/custom_categories.pcapng.out b/test/results/default/custom_categories.pcapng.out index 38b8daf10..151b4e0b7 100644 --- a/test/results/default/custom_categories.pcapng.out +++ b/test/results/default/custom_categories.pcapng.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159918266121} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159918266121} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159918266121,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918266121,"pkt":"AGCXrkniAACGApxRht1gAAAAACgGQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yEAAAAAoAIgAOtZAAACBAWgAQMDAAEBCAoACMpXAAAAAA=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918323110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918323110,"pkt":"AACGApxRAGCXrkniht1gAAAAACgGPSABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABUYT80Ax6BePWdvMioBIhXG9FAAACBATEAQMDAAEBCAoAAWklAAjKVw=="} @@ -10,7 +10,7 @@ 01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918404039,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":921159918404039,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}} 01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918542802,"flow_dst_last_pkt_time":921159918745464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":291,"midstream":0,"thread_ts_usec":921159918745464,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}} 02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159920416135,"flow_dst_last_pkt_time":921159920477444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":1335,"midstream":0,"thread_ts_usec":921159920477444,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":56989,"avg":140688.3,"max":385938,"stddev":76774.1,"var":5894261248.0,"ent":4.8,"data": [56989,57531,79880,80387,89216,138763,253258,182381,385938,91317,93080,94647,191269,165005,76892,108844,123707,109411,199372,90998,94037,69367,74265,78602,142565,139480,141464,314131,235639,200458,202444]},"pktlen": {"min":72,"avg":135.7,"max":640,"stddev":113.0,"var":12766.0,"ent":4.7,"data": [80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116]},"bins": {"c_to_s": [12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [3.368683577,4.029293060,3.817690372,4.358336926,4.312359810,6.673550606,6.224353790,3.789912701,4.102612972,4.484647751,4.159218788,6.579281807,6.467639446,3.817690372,4.106600761,6.354053020,6.361316204,3.779428005,4.600508690,5.055481434,3.751650333,4.102612972,6.370564461,4.049995422,4.126422405,4.126422405,4.078803539,7.576204777,3.789912701,4.708058834,3.789912701,5.130954742]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1372147721244685} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1372147721244685} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1372147721244685,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244685,"pkt":"AA4M4kUbACNaf3GXCABFAAA87cpAAEAG1CSsGtssrB5FZ+UPABbU06naAAAAAKACOQjEsQAAAgQFtAQCCAoplUQQAAAAAAEDAwc="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244833,"pkt":"ACNaf3GXAA4M4kUbCABFAAA8AABAAEAGwe+sHkVnrBrbLAAW5Q9l97pw1NOp26ASFqC2AgAAAgQFtAQCCAoIsgfsKZVEEAEDAwc="} @@ -23,11 +23,11 @@ 01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721255988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721256013,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":""}}} 01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721258988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1372147721258988,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":"500033A73A293E7C36743693D0D4596B"}}} 01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159923590712,"flow_dst_last_pkt_time":921159923604621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":879,"flow_dst_tot_l4_payload_len":3747,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1536820136171967} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1536820136171967} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536820136171967,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536820136171967} 00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":346,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":346,"pkt_l4_len":0,"thread_ts_usec":1372147721351034,"pkt":"AAAAEABx1JToDq3KgQABHYEAAHmIZBEAIXUBPgBXYA+EAwEUMjIqAQ40729DQJS+XazCCtKgIAEWcAAIQKagjjMrqmkY3CxYL7oAAAAB9z4M1SEeGqQ7VD\/8uYulUwNGJm\/OK8amyLr31U5ficc+rCHRtb\/T3cgFN7Omq98Xcc2KqKObdmG5QJsjAR6nscPvKVK5EQQ2CtXgQ2ekli85AWg\/\/9hDrwzDTYQCdc04v178i1vzDmCn1E6C0ltXFPME9jPS9nyo6OU4GZzL4WKFeXnOWd820KgwjMMCcUzamtrkQtu\/aKLDIzQKRkoT5GPfQKPWU5curqG35\/fVuD6MuVU49VS296Pb0Kuy+euctUZkgyPAOdaQzWXn8dfRYDWVRLmvOnjyARednGx7v5AEEw0GOFVD4kR8htGuevYonoWDIkWmw5\/cutFIs5NF1fWRfG6VNRiBgVSHZg=="} 01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721351034,"flow_dst_last_pkt_time":1372147721311475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1536820136171967} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1536820136171967} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 85/84 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916552 bytes -~~ total memory freed........: 6916552 bytes -~~ total allocations/frees...: 114241/114241 +~~ total memory allocated....: 7494168 bytes +~~ total memory freed........: 7494168 bytes +~~ total allocations/frees...: 125973/125973 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 313 chars ~~ json message max len.......: 2364 chars diff --git a/test/results/default/custom_risk_mask.pcapng.out b/test/results/default/custom_risk_mask.pcapng.out index 97b7c34f0..35b3e90eb 100644 --- a/test/results/default/custom_risk_mask.pcapng.out +++ b/test/results/default/custom_risk_mask.pcapng.out @@ -1,5 +1,5 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104378045695} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104378045695} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMANk5E\/PiuTCJLht1gAAAAACYRAf6AAAAAAAAAB8DnTofDXZP\/AgAAAAAAAAAAAAAAAQADGlUU6wAmkyP2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1470104378045695} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1470104378045695} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910071 bytes -~~ total memory freed........: 6910071 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487667 bytes +~~ total memory freed........: 7487667 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 595 chars ~~ json message max len.......: 1158 chars diff --git a/test/results/default/custom_rules_ipv6.pcapng.out b/test/results/default/custom_rules_ipv6.pcapng.out index 9b568c94c..ebfd7dde0 100644 --- a/test/results/default/custom_rules_ipv6.pcapng.out +++ b/test/results/default/custom_rules_ipv6.pcapng.out @@ -1,9 +1,9 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159902141757} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":921159902141757} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159902141757,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":921159902141757,"pkt":"AGCXun1\/AACGUYYrht1gAAAAACQRQD\/+BQcAAAABAgCG\/\/4FgNo\/\/gUBSBkAAAAAAAAAAABCVDIU1QAkkJMABgEAAAEAAAAAAAAGaXRvanVuA29yZwAA\/wAB"} 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":510,"pkt_l4_len":456,"thread_ts_usec":921159902215272,"pkt":"AACGUYYrAGCXun1\/ht1gAAAAAcgR5j\/+BQFIGQAAAAAAAAAAAEI\/\/gUHAAAAAQIAhv\/+BYDaFNVUMgHInvQABoWAAAEABgACAAUGaXRvanVuA29yZwAA\/wABwAwAAgABAAAOEAAUB2NvY29udXQGaXRvanVuA29yZwDADAACAAEAAA4QABoFdGlnZXIFaGlyb28Ib3Nob2t1amkDb3JnAMAMAA8AAQAADhAAFgAKB2NvY29udXQGaXRvanVuA29yZwDADAAPAAEAAA4QABMAFARraXdpBml0b2p1bgNvcmcAwAwAAQABAAAOEAAE0qBfYcAMAAYAAQAADhAAMQZpdG9qdW4Db3JnAARyb290Bml0b2p1bgNvcmcAC+pHaAAADhAAAAEsADbugAAADhDADAACAAEAAA4QABQHY29jb251dAZpdG9qdW4Db3JnAMAMAAIAAQAADhAAGgV0aWdlcgVoaXJvbwhvc2hva3VqaQNvcmcAB2NvY29udXTADAABAAEAAA4QAATSoF9hBXRpZ2VyBWhpcm9vCG9zaG9rdWppwBMAAQABAAAOEAAE0pEh8gRraXdpwAwAHAABAAAOEAAQP\/4FAQQQAAACwN\/\/\/kcDPsFzABwAAQAADhAAED\/+BQEEEAEAUlQA\/\/7aSL\/BcwABAAEAAA4QAATSoF9j"} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1639052947771491} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1639052947771491} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1287,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1287,"pkt_l4_len":1233,"thread_ts_usec":1639052947771491,"pkt":"AAAAAAAAAAIAMzxWht1gAAAABNERPyR\/hVteFjyvPyxBNJWSZhshvLJzf2iI13eoBYU5kJJ7AGQHxwTRtFQX\/v0AAQAAAAAaDQS8AAEAAAAAGg3ty6JKrYU18U2SnV6TZ4GWPTkMaTeI9UivesrOAyLeyxCH9Ett98n\/BUnyUWlx5VOsHuSnNHK30aiWa0bQql\/OXO+\/gsGi9Vb3WsWwYwBW0pVyHQ0B46+DlfcYN9qmkFlJh9kPJ0YDdosoedP6B1hATFaaYqjsVizwYv4HbXzokGD8PNwSlO3kQDrYIDtSZtpx53PdVwuoZxmUt2\/suWUGs8IBjSst\/7lN9W\/tNGh8FPVXN62L5CDnpEZkkIUsEaeXQROB99R7U\/ALAM\/PILPWGKHcK40NY0zdzRDoPZgcslPBdXAvOL0SyOsktYL4LsfNMroozoQrT1QygQh\/o+MoyM33fxWmZDikDkltMfPc33LY24DbMLEUJSzHfiOjIRCt2AqzjcvSCQ38yEO+w9IlHTAlWBz5qVIMz7e1qCh3VJZC2Uk5DzFw28f9kldm3DfO9X7n7ddcO7HPXGEKSAl\/dwOtNCSxzRyxVMkINXT1F8R3Kr1X0P79jeYNVsXDuoN440ZxqXaTe3v0EasLalE31omPrKPox8OjFKowZ\/SB2G59InZnkarkjdu7hofmRIpcf1D0LJ3M2t8stXvQJI6nUBwyqpp5ngwHNvz79ijs5osivjMa3ty3XsPR+UNx8lznc42OZ1sGTXR0GLXtbRRqi7Z+4UroQBOGMmj+qZ8+nmZa1QVZaDNzAO8RnvnWLVhMuivh1V4phVCw91Xn3+UI\/Yq\/HuRtkiiI4kcN+I7R7A0JaMt0M2QaUHpH\/RO\/Z5WhuDGAMKrjoa7iJZvXMIIyECgYOrb7SOnPE2s3lSzDu7L3oxtwwlAylIXUQaomQnBMvB3FgbB6sUeYuhXFnMNy372f9keLastrb\/zBNJ51N\/OVuA6B8wsbBsXGn8cGnWZR2no5OrWHInzQk69yG731TtvqCHK0cXkmZv8FcaBZBELVB9ipqEVcSZkd+jnn\/t8Abzkn7pB+sMPEXMqIs5QJ7XJPl0ndMGtuhy6yPPoXAW+ICkWKMXbgJRWDbCXvYXNR4+vU\/VosznWRONI5l3QbtVvN+cDigIswYX29jz4xZcn6V4kBfpRMLOAzyovu9Kqb4CMRAAZG3cC2PKlxE5a1Le13Q1hKVJKJpAITen73s\/tG1LSh8h0ljZQqCT9vsB418MDr50io5+X4sUm3wUHzm6zfNYpxQupY1pT1JptaHZiDxZjS3ZXx6kha2vcHtmQyYyxdoRL9hcTVRT8MNr4FV7Wcl6hfgek7k1qWbCCdZejjISGI+kEtgx0Q6LVKF6ecXJ3rg4aQXVd2dslKHzHPrIAHtxUnnqmjZyXIQ2ftOFVgObSb+gEi\/MesMAdhLiYHOOuP+UEVRIAuAkdvrQn+T4E6jQ\/y2JFluy8pQnPkoLwOumUrd5SpyEaqoCaTiXWXj4KqbJyqqSa5WR\/Tqdr8FovyWg3dT0gR6zCv6HfHWt1gY7rHuLyUJN3p3vhJlqMR6cesxmaJwoXuqhhOLnvYjvUbc\/hIxS8Bbqpi4atOXiC6GVEtb4bWUS\/ux9Fq2ZwJ4B\/5D0UfjHbWiETDrnG4dRBdY8Qzx3a3pDvzONf1PZ1KOdnkPMqzglGKxtgmCYP53\/TX"} 00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -12,7 +12,7 @@ 00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00899{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1697468695606215} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1697468695606215} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":318,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":318,"pkt_l4_len":264,"thread_ts_usec":1697468695606215,"pkt":"MzMAAAABdKy5BVOoht1gCiQKAQgRAf6AAAAAAAAAdqy5\/\/5swST\/AgAAAAAAAAAAAAAAAAABMa9pcQEICAgCBgD8NQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAACAAp0rLlswSTAqAGKNQAEAAAAAAEABnSsuWzBJAoABAAaK9ALAApVQVAtQUMtUHJvDAAFVTdQRzIDACNCWi5xY2E5NTZ4XzYuNS4yOCsxNDQ5MS4yMzAxMjcuMTYxMhYADDYuNS4yOC4xNDQ5MRUABVU3UEcyFwABABgAAQAZAAEBGgABARMABnSsuWzBJBIABAAAAGwbAAUzLjQuMScACGzPYx5MclIbKgAQoL0SJJZDS0aMz2MeTHJSGywAAQA4AAEA"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fedd:a1e2","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -31,7 +31,7 @@ 00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3950,"total-not-detected-flows":5,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1697468695606215} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3950,"total-not-detected-flows":5,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1697468695606215} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6922013 bytes -~~ total memory freed........: 6922013 bytes -~~ total allocations/frees...: 114207/114207 +~~ total memory allocated....: 7499609 bytes +~~ total memory freed........: 7499609 bytes +~~ total allocations/frees...: 125938/125938 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 593 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out index fbfad46a5..4e0e781d6 100644 --- a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -1,5 +1,5 @@ -00642{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00863{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680119132471406} +00642{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00863{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680119132471406} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119132471406,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119132471406,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":56866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119132471406,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3NAAEAGvqXAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4ViAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1680119133500058,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119133500058,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3RAAEAGvqTAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4lnAAAAAAEDAwc="} @@ -7,7 +7,7 @@ 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119137435431,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119137435431,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LchAAEAGRFHAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5jGAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119138460059,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LclAAEAGRFDAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5zHAAAAAAEDAwc="} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1690371375710832} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1690371375710832} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690371375710832,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371375710832,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":58288,"dst_port":446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371375710832,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o61AAEAGzmvAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTfYAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1690371376732151,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371376732151,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o65AAEAGzmrAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTvVAAAAAAEDAwc="} @@ -18,7 +18,7 @@ 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1690371375710832,"flow_src_last_pkt_time":1690371378748110,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":58288,"dst_port":446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01011{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1690371378748110} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1690371378748110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912677 bytes -~~ total memory freed........: 6912677 bytes -~~ total allocations/frees...: 114170/114170 +~~ total memory allocated....: 7490273 bytes +~~ total memory freed........: 7490273 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1074 chars diff --git a/test/results/default/dazn.pcapng.out b/test/results/default/dazn.pcapng.out index 0dcf9004d..308c13944 100644 --- a/test/results/default/dazn.pcapng.out +++ b/test/results/default/dazn.pcapng.out @@ -1,30 +1,30 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1653830614885814} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1653830614885814} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614885814,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614885814,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nR9AAEAGx+XAqAGANFTfOtMEAbuvwsZTAAAAAKAC+vBmfAAAAgQFtAQCCAqWAjADAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614902501,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8gywAAPQGbdg0VN86wKgBgAG70wTy6KcPr8LGVKAS\/\/+ceQAAAgQFoAQCCAqKcaCKlgIwAwEDAwk="} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1653830614904478,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nSFAAEAGxebAqAGANFTfOtMEAbuvwsZU8uinEIAYAfZtkgAAAQEICpYCMBWKcaCKFgMBAgABAAH8AwPGAVMbGSAdqErCRl+JXjKyqMchnfEu2B1zRzOaxV8o1iAgIXSPqMjljdeZ3z7HJVcJsXiZNidVLUq9BDfRlvUd8wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZGF6bi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgb4BCLF1x\/xJ6a5y\/t336Oc1aPROIMgrb5TqghyKk8UgAFwBBBJ9JHh6PsEBzfFNPwetkTywSgp2rvZxjUd7cfOXHBFgNjkLd+otPjvJdROVP19OEA+JHkFvE7miAvh9c39D0acUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614904478,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614904478,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1653830614920429,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIgy4AAPQGaEo0VN86wKgBgAG70wTy6KcQr8LIWYAQAIMGCgAAAQEICopxoJ2WAjAVFgMDAHoCAAB2AwN+k6WxbbH42KOkzP0SBpF8WFVddPso8FOsxsoMR2jLcCAgIXSPqMjljdeZ3z7HJVcJsXiZNidVLUq9BDfRlvUd8xMBAAAuACsAAgMEADMAJAAdACBZ2hsGUV2gITpTso8DXqINyYHL6ZGZCOCBmDB\/itdeCBQDAwABARcDAwAkWVBDTPurDvPZsfIS6S0s6C7umaT50NuCMlrjqlV8cgp2hqcSFwMDFVXRPJFSTOuW60gnjy4fxxS8LeNFPAMPr7E2fm6NKgy\/3qHFeZu2HB8eHDEt7ZIZSf72nK9lfyRKw\/GiHha4gvxzBoqjvdflfMe9eOqaSI5XuU7CPRVsUP+oEhFhG1J98ZSAB7V8yKB1C9Ga7Y7KZ2zsUDHcjfUBQwFH+fDou1Ch0KKzNvtBbOHQhB52yIsBVRAVbC9df5pQMdjQRAqLduL98xoDs6l1X4f4g\/9XvwQBO42eRE99TzCu6cMrD8GlNbyPsjdyLdPGOaX1dn3d5HRJQSyitYGWsms\/2F7djKZDJJIrSjOjBPuAya5rAk3Y\/7aUpJl5wjIRRGJ3k5EnXWrgVqcOKuR5UnQuzczTvx6NueGpYkzxwfbUzWjO6DFxo8gfOI3ISQ1fbp+Cf530AdBmVxJIu5vAZn0G8S9UGChE\/gWYtkraR2byU4SbXWNeK9Tm7Y5H+bNkTno+Us5qXipcv0KNpsa\/xOSu95ULG1Iie5Xb\/7YrUtVtDneNAEM5zRRd0k0Yw0LQ5ql\/FXmEJAifwFFTOtbNGXhgQbC7wCZio9P19LQtLd70LS28EvGAnhRsz5GCgUhoTCD4gnHCUhwLt2xRDeV0Ywfq1KsYEei9WtOSbvJUV++hqKCJz1IbGYBjueFfMMomHcNFfa1hgmnERjyfYazdn3u8BzGrG78YBZDkderm78CkJGLl8r2UNTG1cytOplfe1QdOI\/QJMxD4B0k44PnRwFsZG3kIzSOb2DNEM5slZqEyz1h+cfH1naj5IdK4TDw1x6wOhgF9HveREJpplK24MDQSCafgHRQPFDr8RhIYMbYma5MSYxUALFml8ZpRWhSgyL77INDTHGYUyZXQBw9JUeO+LF5POHCYSPtqJX37dZ0wYMpRVi7Lh0CdTiInk1u+ISO0yOnfKTMbbokesl+2nZs2B3Y5UTwKSjykoG0LhxfoD9rLcVdhu93ZHg\/LVJ+qzuZEhRGPMstf0Y3Px\/LAAT4GfYjwzAvL3SY2UfH9yxllqed1B5eGeVxHk6lg3MdhtewzMNSmjBYFm55eC02P+dPcmpeTEsVigtiHevodeSvr2AHy69ZUZnjfRSO3lvFGRsKZs1jfiaTkxth0oIW7V6XRqW2FaX+mIZgXp4GizJLrfg5zc4nWwalnd6IdcfbmmtgOpkvJBcOZLSLRBXLy7QnI1BGTnTwifc2Ymm1WzIWPIeuxM2mQz8uafohmydMOrURLfyk3ygTm+TjIb1EGhGjSvLZ7VRa+\/9fcUbrNvUx+JrMDkizOnXPjF3AUKagNn++lYCDqaepQDJASoUxh6FFqwGr+l1FyPPhUKEq+2BZQwjYqImZEAxnY6WYzUM\/Y3we+LU+WEHbYpx\/Fmb9xVVDbUbaIPPSPYJyw7gjl3bjOwoA2Awsl5Vywys4TWnlbRf6g\/O6g363fzQ+xKjDiSzCITt8HX1IVpsgOULSrB+o7lDQTTaD282OuK4Z8AWwDxVvwQsiAh2ffC7VPQmVzAhtx7hZvJZzblHXg3HjIWwCJCqCCNHwGffzxFUxB\/Slj8E1qh7YQB62Z32UWzAPy146fe0YcsQu16cIqnY8xUvI7JbdvjRsCj7r1BjCi1+PxQcL7MZ3YtZM+onFqF8rtErPKp9eMm+uO6zqNFptquxE4wf2syxjhWiY0"} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830614920429,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830614920429,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.dazn.com","domainame":"www.dazn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640613975,"flow_dst_last_pkt_time":1653830640613975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830640613975,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1653830640613975,"flow_dst_last_pkt_time":1653830640613975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830640613975,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA81ThAAEAGoV3AqAGADeL0G7PUAbsidLdlAAAAAKAC+vBeiAAAAgQFtAQCCArtba2JAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1653830640613975,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830640629748,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8HAYAAPQG5o8N4vQbwKgBgAG7s9RejoeqInS3ZqAS\/\/\/XoAAAAgQFoAQCCApxJyp57W2tiQEDAwk="} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1653830640634086,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI51TpAAEAGn17AqAGADeL0G7PUAbsidLdmXo6Hq4AYAfYzVAAAAQEICu1trZ1xJyp5FgMBAgABAAH8AwNgo6eggHfe+PBZNxxz2f+Nts8It8o3t3RyfFY+U+8s3iC6XQSkJJt5cWG68Q2AWVjlm2pyKfMq4VXHQ5nXKhlFIwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAfAB0AABp1c2VyLXByb2ZpbGUuYXIuaW5kYXpuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDBldI46Te7dQq3VD7W+6azi6DI\/x3CzXEMlx+YJs8PCwAXAEEEQNzV3U7NxlwdMnUehbZejtqtCZtaP2SJSRszCqNnAwH+g3rcgl4s+kaLRhv1lRSxAtta1rthAruCkIpXtKVXxQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830640634086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640629748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830640634086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1653830640651038,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIHAgAAPQG4QEN4vQbwKgBgAG7s9RejoerInS5a4AQAIN7kwAAAQEICnEnKo7tba2dFgMDAHoCAAB2AwNYacmOIN7R5DbNvd37b9lQNIYaqM0SGhLLAsWGeirJ4iC6XQSkJJt5cWG68Q2AWVjlm2pyKfMq4VXHQ5nXKhlFIxMBAAAuACsAAgMEADMAJAAdACD7tlFbO0LTRU8Ap0MRnrLjPXXFJGHgmtlXxMAUdMc8BhQDAwABARcDAwAkmuhNVJyxQw5OOAb7F6tIvi4VgcCeuisc1TVajKV205tWCQi5FwMDFVDe79fprRpSmLwFAGz7xDJakbQNveJUfFHRuwGhjZF68MYMHWsknIhL3OpNV\/x6ASGP0upPivi4ytATjQ0ptilH1fYD4OeDE\/oW4CxC+SvEY8iSc8qHHV9v73SIjNW4Vsc4\/iRigeJkzFkKvLLlkJg8d4rZLJr9nLZ14tC9v3pP6kQLjbflW1aERZnMgCfPi2GSKm2eRLqPjtotRbr1mOxYOxa3pPiHI6jSFtpZsZJSOApwh36msojFER\/6BTYUGlFT1fpQaW9jp6lwuhmmrT394NNUK113ZEAm6iffg3oDchm8ytDhtti9NNzu5DfzVrxhrmHkg\/N2KwuSs8KcJCPZEAp2\/zO+E7O\/o3ORKAUUFG8g+yo17Eq769hxm7EupLJoMmKb7kyH95HVS5Tezk+bFo5UzNWyC\/Y7Wp2xivXnfwSSnSSSLi\/3\/7DzGUDFaTcEHvT2BfXLyfydCP\/2v1ufhL+EF9Zbr\/sOoVFG989C+qN5lXHYSsAhhbYQqkkhTn+W8juTe2e0o2Cczz5w4mv77qc\/Upd4ldFKcGNqggQRYAg9cBqfVRyUvVMrNr5XWo7jJQxfUuaBxdb6o5dBrYLTe4IGAhiDZcWF7c5YFTIZ+eHe7rhjrbQrkwNtHSNaGWWzge+vSL2tRVTmmSTF8GMOAJ3JtDMtoJpmdJPRnoIap8ihtOsCpVBblswCdMUIyTmu+QmhiI9QfYCZmNYP6gTO5f2Nli6RAcCb6IAPQ3YR70k3RmeaQ33FXSsDm+1q23mIHQwgwG+2r52++3UBFsctV3BbAGiqcGQg1Xm4CNXSEo7GI8JwsY379LXOMO0SNIkYTyfJryrCZLhTp717HxpO8yjRJtgdbsHR1vWKA7dIfIuJtMFa3t09nZX5jDaOly6C+W3L5cUhm8+vsAgePYmO+DUaxlMK4KUYJV2aeDglTYjd5GbSyNS7k7qZlDvvnZ1eqNQ4J7rGgynQPe8tMSrd6uMru8o7BkXviYF1JflVSax7\/W21d1L8pe3k5zlc6EvjuSGRo4eo7XOueTPp7K8YyxOEewP8Vd5dDYhVrcsDKYinNtNL5uxdTBTumeMd8+GKweh12gKes2TvSmI\/yYO\/d59f25RSaP7rHdjmSXllIP\/YUt\/324utwKtJ3pY6JQSY1B7JeHYuwDNJVjlN3G53J1a1TPgOM+phMMI4Xt9shy0hxWjxYLupU9xJOs6cVYd4BChfRf\/qyh50r1s9ElL68jf48hKaT7D0HC8P2EdTd\/0WPMZ546PiNdtyTRQS8miWzQX7B1fIkP8e+QGCdvqnY7J0h2jLblRzWa6V3PIXIrqVyeC8vAxMMJ0dNOPWZ\/ehqxLreBXzgQiRHT9V7iEde\/8\/03R1q4S9dU4XQyqRF0bkHVpRm1uVxLfXrX4GhHPsxHq64y3FbONCbi\/r84tqtEl\/R4UmNI7N4+m\/U17o4BPftc4dFgNxLXR\/3rPqbQFoUJGMVLHOv7riJ7D9aCWAUUXOZGNwnSMKen4cqpJac1QH3tgLp6NglYhHJ60uoHKe33f0CvoLLWEeLs0cAzLxoTYg+Sq+mG5nfUF\/7\/3KR\/QmvuALcvEN36H+RWW4v5U1sXT0Va5Uy0lQPyiRpyjMU6TtNRxSWhT49mb3kqPKLTCiRdTjS5ZpWSn3kF\/gFOdb"} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830640651038,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830640651038,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"user-profile.ar.indazn.com","domainame":"user-profile.ar.indazn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641480609,"flow_dst_last_pkt_time":1653830641480609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830641480609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1653830641480609,"flow_dst_last_pkt_time":1653830641480609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830641480609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85BtAAEAGknfAqAGADeL0Hp+yAbsjfBE0AAAAAKAC+vA8bQAAAgQFtAQCCAp3jv7MAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1653830641480609,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830641499729,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8XjkAAPQGpFkN4vQewKgBgAG7n7LhtoguI3wRNaAS\/\/8VuQAAAgQFoAQCCArbVdxqd47+zAEDAwk="} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1653830641501966,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55B1AAEAGkHjAqAGADeL0Hp+yAbsjfBE14baIL4AYAfZN2QAAAQEICneO\/uHbVdxqFgMBAgABAAH8AwP2xFVrrUUvT7baclvRUkGIqabLtROHVCH1j8n+tyIQOSBQFGnUgcb1RPrURqFyxAWNNtynXG\/2Smtg77i2bY+f2AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzdWJzY3JpcHRpb25zLXNlcnZpY2UuZGF6bi1hcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFI+QFCwyxDx8rtg+zcI4aDG3vLdEXhdv9WlGPEzxkNWABcAQQRZp49grcHpoqyt72TjbH7tj6VIJDIKkQJbqcOiWq2yF5dYzF0IxbGxZvKD0AgVDvU5GFpnRplE+UiURWgGlLRaACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830641501966,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641499729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830641501966,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1653830641520526,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIXjsAAPQGnssN4vQewKgBgAG7n7LhtogvI3wTOoAQAIN7lgAAAQEICttV3H93jv7hFgMDAHoCAAB2AwP19\/qDGjoXS4oSaU6\/9dZn\/bUvQ\/RVymcGAm1FbLA1CCBQFGnUgcb1RPrURqFyxAWNNtynXG\/2Smtg77i2bY+f2BMBAAAuACsAAgMEADMAJAAdACDYD+u6tIt\/u6lWfW4\/USRVqQQZbneP546oJkrzpXHzOBQDAwABARcDAwAbEzGkaMCM4EB1qRopJFv3Et16HjBgnzhrUzb7FwMDFT4tI29ZQugH\/QTN4Ro7RShzVYpVRbI9DrsTliKjXYlLRnAlN9AjWVd1EiKdmitOvNEnylHwvenvLB5kQ+Z117+7keP55OhwCA+bvNAR\/XzOUMewc\/5D3mL+3hwu2gEnMy7LQYfp9eqpiWywrkNMKmu8SIXZJzKmAdq034QXitu+7omz+VjKTyMv4nifq\/oX9igNJnv8gKkcmoZNma+TVO12I0DcE7O\/izsEwM3UNKFgSU8epUYsXUUtZ6onZuMQRfQ9pIqvx\/ulnPZhbrM5kLCVKgteSeZ0n95q5KNxSCPYnYfwmRTqdb7xwqwCTOr+xmLvaAACdShhMUhzuMpZulaHYCD3IWm2tXs857wDS1FzypwZQaloM61MqPQD20f6qgvF4Hx5fFm6XEeKK6EgLU0tB\/FG+af3AFrhG1P2jERIR+A0af84oPKXtU31i7PlyzJM1sktv59YM0hmFzSXnXSflNERf6EB65EA2x4+NTNK1RnVriahr8Qh+42GdQc3u+X8mnl4ClOEhxwGJoqyob\/4YOs5qxwIvEOTtDXG4icnFf\/KISF+rX31HB06GOm1196U2X\/IK2Ux8Oc6Q3+eMu0YZD15MFPIXlTLKBL430HoPwVMT9RPzqnnAsgdzM\/cw8DlWR\/7EE7D0xc2SoJFLTbpkhvv7W8BHM1EsSJtqLxbAzZ17razO0U18U+yWyGHoEXDLJ\/oMpqUp0U+nKS4ZYwc6twueukKJm\/WKQlLm+aTdK0JWzUErk99GDc5rONaVe\/VOsMz5S2t77vqhUIYQ4ifUCWk4of6V\/QVf3TsZRumOdFZsp+FY7fKUucRHHNbLoC5uo0HQfZkI9U1Wy9GsT88A\/hnynSDASUz2WWigrdXV9d\/4OOPUwTJ2ElTw5TjlnESaIuhm\/oy4szxgLqqDY+S17dpDRKLfJ28hnQ9fO0wCZ6e76G\/Td5e7NOwNTKmiTjIUyqbIMltnbLZgrAvJbHmcr\/OLyC01w\/NlXEubw2R8HPIPUEfof9HahFt5YJDm6qgxgktNhNfSxLIBSyiISnstXRMWvDbQ6bt4FUlj+BHGjWWswlkg0FA8iZT6y0jilw4DzNUvsDVhkuLhwBsh+ZHj3nWQFGujSCkLZv\/mpis0nBHtnhjinVVmLAjkvvfmLHN40pOJsl1OBhR4mv7HhMUxxKEOGTASHIkJZjHtX0jTPFaiq0rMBTnWwYOdKeM8faViEzFdrazD5WIys+HYd1e5BLoot7uAd7D80HdEGfQUpR\/+FCa\/OhxcTUUJdENDavcqekuhJ2NEv6chcAuElWZNkaV\/i7Q+dUUHLFBooDxl4P6O29trWcsQPGDFDC+XxpINz1cI9SED0bcTXLmE+8uUnq+\/As1ZViCRLFGUEelQhGLaF7Op\/GkJsUbU+OUAkvE6LM0dmqKSybd7JDamTXwtbUuRlAEvts9X\/q+1UCfZ\/BCKxtNA8Z\/YApHz6suoQ8QnP2ptRoyJhB2EyX2WFLrFQ1UP35Cg8EQ8yn7F46i7LcMaKJnW3lV37oQ54g5FntAypJSXpIL\/t6N4uBWOae0Y\/cYpwS80IA1A0Ye9yTQxsEcz86FGBwz3CZYd\/59M9DtI5Hd6sDQx860CsLLGNDworsyeuj2pIPItjxdGiqObIx1g673++fT09qe6R4yBLIb1iix9doxYsdt"} -01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"subscriptions-service.dazn-api.com","domainame":"subscriptions-service.dazn-api.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1653830641520526} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1653830641520526} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6925165 bytes -~~ total memory freed........: 6925165 bytes -~~ total allocations/frees...: 114186/114186 +~~ total memory allocated....: 7502761 bytes +~~ total memory freed........: 7502761 bytes +~~ total allocations/frees...: 125917/125917 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 2497 chars diff --git a/test/results/default/dcerpc.pcap.out b/test/results/default/dcerpc.pcap.out index b475d3741..16d1737b8 100644 --- a/test/results/default/dcerpc.pcap.out +++ b/test/results/default/dcerpc.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1602860709979607} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1602860709979607} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_usec":1602860709979607,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -26,7 +26,7 @@ 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063382,"flow_src_last_pkt_time":1602860710063386,"flow_dst_last_pkt_time":1602860710063382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710071384,"flow_src_last_pkt_time":1602860710071385,"flow_dst_last_pkt_time":1602860710071384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993940,"flow_src_last_pkt_time":1602860710062922,"flow_dst_last_pkt_time":1602860709993940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1602860710071385} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1602860710071385} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915217 bytes -~~ total memory freed........: 6915217 bytes -~~ total allocations/frees...: 114186/114186 +~~ total memory allocated....: 7492897 bytes +~~ total memory freed........: 7492897 bytes +~~ total allocations/frees...: 125921/125921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 616 chars ~~ json message max len.......: 1808 chars diff --git a/test/results/default/dhcp-fuzz.pcapng.out b/test/results/default/dhcp-fuzz.pcapng.out index c4cc90579..c23e6651f 100644 --- a/test/results/default/dhcp-fuzz.pcapng.out +++ b/test/results/default/dhcp-fuzz.pcapng.out @@ -1,10 +1,10 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1268519154926217} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1268519154926217} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1268519154926217,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"} 01014{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dhcp": {"fingerprint":"","class_ident":""}}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1268519154926217} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1268519154926217} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907614 bytes -~~ total memory freed........: 6907614 bytes -~~ total allocations/frees...: 114137/114137 +~~ total memory allocated....: 7485210 bytes +~~ total memory freed........: 7485210 bytes +~~ total allocations/frees...: 125868/125868 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 621 chars ~~ json message max len.......: 1019 chars diff --git a/test/results/default/diameter.pcap.out b/test/results/default/diameter.pcap.out index 9a384242f..e52e73d8c 100644 --- a/test/results/default/diameter.pcap.out +++ b/test/results/default/diameter.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1263278878271686} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1263278878271686} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_usec":1263278878271686,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1263278878336701,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1263278878344805,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYpAAEAGe8gKyQkLCskJ9Q8cxw34vDB89+H9dlAYHVCNmAAAAQAA7EAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAgAAAZ9AAAAMAAAAAQAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_usec":1263278878350601,"pkt":"ABpk3ZWLACYYlIbACABFAAFcBttAAIAGAAAKyQn1CskJC8cNDxz34f12+LwxaFAY+Cwp4AAAAQABNIAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAACAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAwAAAb5AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAEAAAGpQAAADAAAAWQ="} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878357703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":308,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":644,"midstream":1,"thread_ts_usec":1263278878357703,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1263278878357703} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1263278878357703} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907787 bytes -~~ total memory freed........: 6907787 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7485383 bytes +~~ total memory freed........: 7485383 bytes +~~ total allocations/frees...: 125874/125874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 618 chars ~~ json message max len.......: 1014 chars diff --git a/test/results/default/dicom.pcap.out b/test/results/default/dicom.pcap.out new file mode 100644 index 000000000..af7bb81d3 --- /dev/null +++ b/test/results/default/dicom.pcap.out @@ -0,0 +1,37 @@ +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1542403616208085} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403616208085,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403616208085,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49531,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} +01441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":739,"pkt_l4_len":715,"thread_ts_usec":1542403616208085,"pkt":"AgAAAEUAAt8AAEAAQAYAAH8AAAF\/AAABwXsAaOSpZTT8Yk9SgBgY6wDUAAABAQgKERggPBEYIDwBAAAAAqUAAQAAdGVzdHNlcnZlciAgICAgIHRlc3RjbGllbnQgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS40LjMxQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5UAAAOVEAAAQAQAAAUgAAHjEuMi44MjYuMC4xLjM2ODAwNDMuOS43MTMzLjEuMVUAAAtHT0RJQ09NXzFfMQ=="} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403616208085,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403616208085,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49531,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403638136893,"flow_src_last_pkt_time":1542403638136893,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403638136893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49541,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} +11384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1542403638136893,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":16388,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":16388,"pkt_l4_len":16364,"thread_ts_usec":1542403638136893,"pkt":"AgAAAEUAQAAAAEAAQAYAAH8AAAF\/AAABwYUAaDYFz9KamXHFgBAY6z31AAABAQgKERh1cREYdXEBAAAAQHcAAQAAdGVzdHNlcnZlciAgICAgIHRlc3RjbGllbnQgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS4xLjI3QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAewkAAAAwAAAWMS4yLjg0MC4xMDAwOC41LjEuMS4yOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAHsLAAAAMAAAFjEuMi44NDAuMTAwMDguNS4xLjEuMzBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+DQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgA8AAAAwAAAbMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAghEAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAEwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCFQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIAXAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIZAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuMy4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfxsAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCHQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMDQuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIfAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEwNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfyEAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBIwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEnAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjExLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBKQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS40QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSsAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuNUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEtAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACDLwAAADAAAB4xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBMQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgzMAAAAwAAAeMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuMi4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgTUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA3AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA5AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM7AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM9AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM\/AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBBAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBDAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIFFAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjE0LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBRwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfkkAAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBLAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH9NAAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIwQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfk8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBRAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjMuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH5TAAAAMAAAGTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjRAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAWQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCWwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJdAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgl8AAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCYQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuNEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJjAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmUAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjZAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCZwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuN0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJpAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS44QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmsAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjlAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+bQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfm8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBxAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBzAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH91AAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgXcAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIF5AAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQ="} +00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403638136893,"flow_src_last_pkt_time":1542403638136893,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542403638136893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49541,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1542403638136896,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":233,"pkt_l4_len":209,"thread_ts_usec":1542403638136896,"pkt":"AgAAAEUAAOUAAEAAQAYAAH8AAAF\/AAABwYUAaDYGD56amXHFgBgY6\/7ZAAABAQgKERh1cREYdXEuMi44NDAuMTAwMDguNS4xLjQuNDUuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OVAAADlRAAAEAEAAAFIAAB4xLjIuODI2LjAuMS4zNjgwMDQzLjkuNzEzMy4xLjFVAAALR09ESUNPTV8xXzE="} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1542640280263675} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640280263675,"flow_src_last_pkt_time":1542640280263675,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640280263675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52180,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} +11384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1542640280263675,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":16388,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":16388,"pkt_l4_len":16364,"thread_ts_usec":1542640280263675,"pkt":"AgAAAEUAQAAAAEAAQAYAAH8AAAF\/AAABy9QAaAmUtDbeVlmKgBAY6z31AAABAQgKHojvcx6I73IBAAAAQHcAAQAAdGVzdHNlcnZlciAgICAgIHRlc3RjbGllbnQgICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS4xLjI3QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAewkAAAAwAAAWMS4yLjg0MC4xMDAwOC41LjEuMS4yOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAHsLAAAAMAAAFjEuMi44NDAuMTAwMDguNS4xLjEuMzBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+DQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgA8AAAAwAAAbMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAghEAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMS4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAEwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCFQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIAXAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIZAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEuMy4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfxsAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTBAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCHQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMDQuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIIfAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEwNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfyEAAAAwAAAaMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBIwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEnAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjExLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBKQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMS40QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgSsAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTEuNUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIEtAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACDLwAAADAAAB4xLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBMQAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xMi4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgzMAAAAwAAAeMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuMi4xQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgTUAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMTIuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA3AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIA5AAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEyOUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM7AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM9AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIM\/AAAAMAAAHjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBBAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBDAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjEzMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIFFAAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjE0LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACBRwAAADAAABwxLjIuODQwLjEwMDA4LjUuMS40LjEuMS4xNC4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfkkAAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBLAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH9NAAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjIwQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfk8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuM0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBRAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjMuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH5TAAAAMAAAGTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjRAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAVwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAWQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMS40LjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCWwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJdAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS4yQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgl8AAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjNAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCYQAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuNEAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJjAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmUAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjZAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACCZwAAADAAAB0xLjIuODQwLjEwMDA4LjUuMS40LjEuMS40ODEuN0AAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIJpAAAAMAAAHTEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjQ4MS44QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgmsAAAAwAAAdMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNDgxLjlAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB+bQAAADAAABkxLjIuODQwLjEwMDA4LjUuMS40LjEuMS41QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAfm8AAAAwAAAZMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBxAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIBzAAAAMAAAGzEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjYuMkAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAH91AAAAMAAAGjEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2QAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5IAAAgXcAAAAwAAAcMS4yLjg0MC4xMDAwOC41LjEuNC4xLjEuNjYuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OSAAAIF5AAAAMAAAHDEuMi44NDAuMTAwMDguNS4xLjQuMS4xLjY2LjJAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQ="} +00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640280263675,"flow_src_last_pkt_time":1542640280263675,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16332,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16332,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640280263675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52180,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1542640280263678,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":233,"pkt_l4_len":209,"thread_ts_usec":1542640280263678,"pkt":"AgAAAEUAAOUAAEAAQAYAAH8AAAF\/AAABy9QAaAmU9ALeVlmKgBgY6\/7ZAAABAQgKHojvcx6I73IuMi44NDAuMTAwMDguNS4xLjQuNDUuMUAAABExLjIuODQwLjEwMDA4LjEuMkAAABMxLjIuODQwLjEwMDA4LjEuMi4xQAAAEzEuMi44NDAuMTAwMDguMS4yLjJAAAAWMS4yLjg0MC4xMDAwOC4xLjIuMS45OVAAADlRAAAEAEAAAFIAAB4xLjIuODI2LjAuMS4zNjgwMDQzLjkuNzEzMy4xLjFVAAALR09ESUNPTV8xXzE="} +00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542403616208085,"flow_src_last_pkt_time":1542403616208085,"flow_dst_last_pkt_time":1542403616208085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640280263678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49531,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1542403638136893,"flow_src_last_pkt_time":1542403638136896,"flow_dst_last_pkt_time":1542403638136893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16509,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640280263678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49541,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640472542802,"flow_src_last_pkt_time":1542640472542802,"flow_dst_last_pkt_time":1542640472542802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52228,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} +01441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1542640472542802,"flow_dst_last_pkt_time":1542640472542802,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":739,"pkt_l4_len":715,"thread_ts_usec":1542640472542802,"pkt":"AgAAAEUAAt8AAEAAQAYAAH8AAAF\/AAABzAQAaImSLwtzxHuBgBgY6wDUAAABAQgKHouZvR6Lmb0BAAAAAqUAAQAAYm9ndXNfcmVtb3RlICAgIGJvZ3VzX2xvY2FsICAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABUxLjIuODQwLjEwMDA4LjMuMS4xLjEgAACAAQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4xLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACAAwAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4yLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAACABQAAADAAABsxLjIuODQwLjEwMDA4LjUuMS40LjEuMi4zLjFAAAARMS4yLjg0MC4xMDAwOC4xLjJAAAATMS4yLjg0MC4xMDAwOC4xLjIuMUAAABMxLjIuODQwLjEwMDA4LjEuMi4yQAAAFjEuMi44NDAuMTAwMDguMS4yLjEuOTkgAAB7BwAAADAAABYxLjIuODQwLjEwMDA4LjUuMS40LjMxQAAAETEuMi44NDAuMTAwMDguMS4yQAAAEzEuMi44NDAuMTAwMDguMS4yLjFAAAATMS4yLjg0MC4xMDAwOC4xLjIuMkAAABYxLjIuODQwLjEwMDA4LjEuMi4xLjk5UAAAOVEAAAQAQAAAUgAAHjEuMi44MjYuMC4xLjM2ODAwNDMuOS43MTMzLjEuMVUAAAtHT0RJQ09NXzFfMQ=="} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640472542802,"flow_src_last_pkt_time":1542640472542802,"flow_dst_last_pkt_time":1542640472542802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52228,"dst_port":104,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1542640280263675,"flow_src_last_pkt_time":1542640280263678,"flow_dst_last_pkt_time":1542640280263675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16332,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16509,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52180,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1542640472542802,"flow_src_last_pkt_time":1542640472542802,"flow_dst_last_pkt_time":1542640472542802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1542640472542802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52228,"dst_port":104,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DICOM","proto_id":"438","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dicom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1542640472542802} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 6/6 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 34384 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7492523 bytes +~~ total memory freed........: 7492523 bytes +~~ total allocations/frees...: 125907/125907 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 615 chars +~~ json message max len.......: 11389 chars +~~ json message avg len.......: 6001 chars diff --git a/test/results/default/dingtalk.pcap.out b/test/results/default/dingtalk.pcap.out index 6a3058fae..3628f83ee 100644 --- a/test/results/default/dingtalk.pcap.out +++ b/test/results/default/dingtalk.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1728289377294889} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1728289377294889} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1728289377294889,"flow_src_last_pkt_time":1728289377294889,"flow_dst_last_pkt_time":1728289377294889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728289377294889,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"47.246.133.39","src_port":48910,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1728289377294889,"flow_dst_last_pkt_time":1728289377294889,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1728289377294889,"pkt":"RQAAPCYtQABABqeZCtetAS\/2hSe\/DgG7YrqPJgAAAACgAv\/\/81AAAAIEBXgEAggK\/Hc40QAAAAABAwMJ"} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1728289377294889,"flow_dst_last_pkt_time":1728289377313973,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1728289377313973,"pkt":"RQAAMAAAQABABs3SL\/aFJwrXrQEBu78Od+t362K6jydwEgQAR2MAAAIEJugDAwkA"} @@ -12,11 +12,11 @@ 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1728289414071512,"flow_dst_last_pkt_time":1728289414071374,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1728289414071512,"pkt":"RQAAKNyeQABABoeZCtetAWimthnAyAG7M9OCQnfrd+xQEACAcEsAAA=="} 01199{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1728289414072241,"flow_dst_last_pkt_time":1728289414071374,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":552,"pkt_l4_len":532,"thread_ts_usec":1728289414072241,"pkt":"RQACKNyfQABABoWYCtetAWimthnAyAG7M9OCQnfrd+xQEACAdAMAABYDAQIAAQAB\/AMDKNUmMP5S8maV9Uvwl7qTDA9sjNCmDsjRfCjORs1KqwIg9JaxbIxPPEF6W\/E\/BHTWCtiDyPmjk6Lu\/eT9vAqLlesAIDo6EwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABkzo6AAAAAAAYABYAABNzdGF0aWMuZGluZ3RhbGsuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACDhlID\/7r72Ee2uiB49o2iN2L\/VINXw2Dk2BA\/8NhrzXwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJKSgABAAAVAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1728289414072331,"flow_dst_last_pkt_time":1728289414071374,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":45,"pkt_l4_len":25,"thread_ts_usec":1728289414072331,"pkt":"RQAALdygQABABoeSCtetAWimthnAyAG7M9OEQnfrd+xQGACAbj4AAAAAAAAA"} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414072331,"flow_dst_last_pkt_time":1728289414071374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728289414072331,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"static.dingtalk.com","domainame":"static.dingtalk.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01336{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414072331,"flow_dst_last_pkt_time":1728289414078591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3493,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3493,"midstream":0,"thread_ts_usec":1728289414078591,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"static.dingtalk.com","domainame":"static.dingtalk.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414072331,"flow_dst_last_pkt_time":1728289414071374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728289414072331,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"static.dingtalk.com","domainame":"static.dingtalk.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414072331,"flow_dst_last_pkt_time":1728289414078591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3493,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3493,"midstream":0,"thread_ts_usec":1728289414078591,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"static.dingtalk.com","domainame":"static.dingtalk.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1728289377294889,"flow_src_last_pkt_time":1728289377316787,"flow_dst_last_pkt_time":1728289377313973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728289414087096,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"47.246.133.39","src_port":48910,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DingTalk","proto_id":"431","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1728289414066710,"flow_src_last_pkt_time":1728289414086424,"flow_dst_last_pkt_time":1728289414087096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3493,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":3493,"midstream":0,"thread_ts_usec":1728289414087096,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"104.166.182.25","src_port":49352,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DingTalk","proto_id":"91.431","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1728289414087096} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dingtalk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1728289414087096} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -25,10 +25,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920192 bytes -~~ total memory freed........: 6920192 bytes -~~ total allocations/frees...: 114172/114172 +~~ total memory allocated....: 7497788 bytes +~~ total memory freed........: 7497788 bytes +~~ total allocations/frees...: 125903/125903 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 514 chars -~~ json message max len.......: 1341 chars -~~ json message avg len.......: 923 chars +~~ json message max len.......: 1300 chars +~~ json message avg len.......: 903 chars diff --git a/test/results/default/discord.pcap.out b/test/results/default/discord.pcap.out index 2557f3e51..3dd0fd945 100644 --- a/test/results/default/discord.pcap.out +++ b/test/results/default/discord.pcap.out @@ -1,14 +1,14 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":42193200,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42193200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":42193200,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":42208691,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":42209776,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} -01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42209776,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42209776,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":42225002,"pkt":"CAAnW\/mGUlQAEjUCCABFAAXUAYoAAEAGRAOin4DpCgACDwG7p1IAKQQChl3zuVAY\/\/\/yuAAAFgMDAFACAABMAwNgwgQA2pagfngdVOUQenMJ467ux0ZBpJRET1dOR1JEAQDAKwAAJAAAAAAAFwAA\/wEAAQAACwACAQAAIwAAABAABQADAmgyAAUAABYDAwiXCwAIkwAIkAAEuTCCBLUwggRboAMCAQICEAfdgkhmvPm4LTkRato+qFwwCgYIKoZIzj0EAwIwSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMB4XDTIxMDExOTAwMDAwMFoXDTIyMDExODIzNTk1OVowbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMR4wHAYDVQQDExVzbmkuY2xvdWRmbGFyZXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1IFncGCl2uGKAszEeAv9y1oq5MTYDBRNsMF7NKAJnHfGqIN9GW5GcsE9dm3ZNh9b+wHNI92fAIQsETadikY2Jo4IC\/jCCAvowHwYDVR0jBBgwFoAUpc436uuwdQ6UZ4i0RfrZJBCHlh8wHQYDVR0OBBYEFGU3Gy7bOdHXMM0S+eXqzUUMDHyHMDwGA1UdEQQ1MDOCC2Rpc2NvcmQuY29tghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CDSouZGlzY29yZC5jb20wDgYDVR0PAQH\/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF3HG+awAAABAMASDBGAiEA2qjVdgTkobQK+E7NDdR0tX8g3Kbq4KVPIeFxbTX0Y9wCIQCSkm4nu5pqqeLYEP\/S6PzxHJxDf0uoz790IyNE8pGXMQB3ACJFRQdZVSRWlj+hL\/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABdxxvmxcAAAQDAEgwRgIhAO5r\/ZfoEjKqSGuJi96AwtDPHkaeIGZpycG64qUOnTGTAiEAxCKEcnxIXMShiR161HsgCU1VpkfdsguOOcNigzwWC0swCgYIKoZIzj0EAwIDSAAwRQIgcDWmlQgD68ZiHHpU\/oHktZ3fMr++OjBqvHqH5ZBJ3bMCIQCIfv6CUpsqCyXJ4KCpj9DYUb7cu7aD1m+bemuJux+B7QAD0TCCA80wggK1oAMCAQICEAo3h2ReX7SMIk79G+0UDDwwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAe"} -01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":42225002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":42225002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1312,"pkt_l4_len":1278,"thread_ts_usec":42225262,"pkt":"CAAnW\/mGUlQAEjUCCABFAAUSAYsAAEAGRMSin4DpCgACDwG7p1IAKQmuhl3zuVAY\/\/\/akgAAFw0yMDAxMjcxMjQ4MDhaFw0yNDEyMzEyMzU5NTlaMEoxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZGZsYXJlIEluYyBFQ0MgQ0EtMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmtTWaZFAtG7B+B0SpQHp0DFS80En0tlriIOJuFX4+\/u03vYUbEyXPUJE\/g7hzObLNRcS9q7kwFCXfTcmKkm9ejggFoMIIBZDAdBgNVHQ4EFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8wHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMG0GA1UdIARmMGQwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCwYJYIZIAYb9bAECMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQAFJB3dG7Aq65jWheM5TV5rV52CV\/zr6DGiV5BlBb4WRDhadwK5zxBCxuGSpONFJ\/gARyxoqFaZU1SPrZ5AwdAPttcNCzhIbFAsSZAGW2Qdi8xIMC7eCOKbSSLAkgwRXpaSlNX8INxWbOWSk796HMA344VJFfor4XQ5GA+32vOiV1hgT8yOlAD8Rns0MT5NR4KBOsv0iV0O700NbpwbgiTdMiVdEXhRED2gNSMEL2VvnMHRQ9fQHvMxZ1kn3WvSdQmTESQkFM8pvuYjw7iPcj\/pB8gkRFN6s7lhZaFMDsZIAMl1YwWHcEVSg9OVnUXq8OgxHX4JHwr+Pt2qPF500qyxFgMDAR8WAAEbAQABFzCCARMKAQCgggEMMIIBCAYJKwYBBQUHMAEBBIH6MIH3MIGeohYEFKXON+rrsHUOlGeItEX62SQQh5YfGA8yMDIxMDYwNDE2NTQ1OVowczBxMEkwCQYFKw4DAhoFAAQUEteLQCw1Ygb6gn+O2JIkEbSs9QQEFKXON+rrsHUOlGeItEX62SQQh5YfAhAH3YJIZrz5uC05EWraPqhcgAAYDzIwMjEwNjA0MTYzOTAyWqARGA8yMDIxMDYxMTE1NTQwMlowCgYIKoZIzj0EAwIDSAAwRQIhAMXROKXZ7Jt8Zi554DB7quPCK\/IZFlmTaZZnz0VZFHNpAiACcSV+13HWn1ohsEui9BTB3RCy2aPuehedNO\/\/FOrpQBYDAwBzDAAAbwMAHSCkniGEc6D0P0\/zc1ti1h5Xij6mTf1b+LwAXyazuTPOIQQDAEcwRQIgFOasmmQ0Pr7QbXb\/XK1MLPUyhzbInReveIgZXB8OeaoCIQC4F4W16GCAbAzpDvdw8iubNMQsnWU0ZKVkBEftiyeqwhYDAwAEDgAAAA=="} -01681{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":2710,"midstream":0,"thread_ts_usec":42225262,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D","blocks":0}}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656934210298000} +01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":2710,"midstream":0,"thread_ts_usec":42225262,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","domainame":"discord.com","tls": {"version":"TLSv1.2","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D","blocks":0}}} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656934210298000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1656934210298000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkfNMAAH8RxTjAqAJkQhb0mtvPw1QAEHq2EzfK\/g4AAAA="} 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} @@ -34,7 +34,7 @@ 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210363000,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.237.11","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1656934210363000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkjuxAADcRwq5CFu0LwKgCZMNU288AEItFEzfK\/gUAAAAAAAAAAAAAAAAA"} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":42193200,"flow_src_last_pkt_time":42233199,"flow_dst_last_pkt_time":42247831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":3037,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1657223719868000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1657223719868000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657223719868000,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657223719868000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":57955,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719868000,"pkt":"eJS0JASgYDjgxTWgCABFAABmlIAAAH8R3TbAqAJkQhbEreJjw1QAUnMiAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb3Q="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719895000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719895000,"pkt":"YDjgxTWgeJS0JASgCABFAABmFK9AADoRYghCFsStwKgCZMNU4mMAUpwIAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mM="} @@ -155,7 +155,7 @@ 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1657224079896000,"flow_src_last_pkt_time":1657224081830000,"flow_dst_last_pkt_time":1657224081824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":1206,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":58322,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224139897000,"flow_src_last_pkt_time":1657224140295000,"flow_dst_last_pkt_time":1657224140441000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61392,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1657224199898000,"flow_src_last_pkt_time":1657224200131000,"flow_dst_last_pkt_time":1657224200128000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":2845,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63362,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":158,"global_ts_usec":1657224319898000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":158,"global_ts_usec":1657224319898000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224319898000,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224319898000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62379,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319898000,"pkt":"eJS0JASgYDjgxTWgCABFAABmywMAAH8RprPAqAJkQhbErfOrw1QAUprMAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoI="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319945000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319945000,"pkt":"YDjgxTWgeJS0JASgCABFAABmaGhAADoRDk9CFsStwKgCZMNU86sAUnl4AAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA86s="} @@ -260,7 +260,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1657224679899000,"flow_src_last_pkt_time":1657224680269000,"flow_dst_last_pkt_time":1657224680139000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2527,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61060,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224799899000,"flow_src_last_pkt_time":1657224800581000,"flow_dst_last_pkt_time":1657224800795000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":2902,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":52323,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657224739899000,"flow_src_last_pkt_time":1657224740128000,"flow_dst_last_pkt_time":1657224739929000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":299,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":3296,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63893,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":263,"global_ts_usec":1657224919900000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":263,"global_ts_usec":1657224919900000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224919900000,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224919900000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":65053,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919900000,"pkt":"eJS0JASgYDjgxTWgCABFAABm+q8AAH8RdwfAqAJkQhbErf4dw1QAUjxpAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAinM="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919927000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919927000,"pkt":"YDjgxTWgeJS0JASgCABFAABmvT9AADoRuXdCFsStwKgCZMNU\/h0AUmSUAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/h0="} @@ -313,7 +313,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657225039901000,"flow_src_last_pkt_time":1657225040816000,"flow_dst_last_pkt_time":1657225041016000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2662,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":54950,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657225099902000,"flow_src_last_pkt_time":1657225101391000,"flow_dst_last_pkt_time":1657225101610000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":59240,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657225159904000,"flow_src_last_pkt_time":1657225160168000,"flow_dst_last_pkt_time":1657225159930000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":1771,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62481,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":411,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":316,"global_ts_usec":1657225160168000} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":411,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":316,"global_ts_usec":1657225160168000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 411/411 ~~ skipped flows.............: 0 @@ -322,9 +322,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7005099 bytes -~~ total memory freed........: 7005099 bytes -~~ total allocations/frees...: 114923/114923 +~~ total memory allocated....: 7582695 bytes +~~ total memory freed........: 7582695 bytes +~~ total allocations/frees...: 126654/126654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 516 chars ~~ json message max len.......: 2458 chars diff --git a/test/results/default/discord_mid_flow.pcap.out b/test/results/default/discord_mid_flow.pcap.out index ead2a4c05..d4ff993d2 100644 --- a/test/results/default/discord_mid_flow.pcap.out +++ b/test/results/default/discord_mid_flow.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444902267546} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444902267546} 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902267546,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902267546} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDmyQAA2EUNIQhbyhAUkjeTDUdaXADysR4HJAAcAFi\/9U3EJWSzwZdVy25rBGVhGPGQBRx\/4s1vL+mbg\/hL8rWooq\/qDozlbBiYhAAA="} 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444903267716,"packet_id":2,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444903267716} @@ -32,7 +32,7 @@ 00463{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AWgAhRQAAWERnAAB\/ES+LBSSN5EIW8oTWl8NRAETgQYDIAAYAFi\/9+yCCO3My0Tvo+T4AtA5exBK1zkrGAV0k2VqCPuVJGZMMW3h3lrKvNPY5LxBLvqs9ywEAgA=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444911267758,"packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444911267758} 00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDzIQAA2EUAyQhbyhAUkjeTDUdaXADx1CoHJAAcAFi\/9SPerYXcFME3U81PRyMrjJiWKLfADxN490f944PcsGQYO71EGes1sJS8hAAA="} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1673444926267852} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1673444926267852} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 40/0 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 309 chars ~~ json message max len.......: 852 chars diff --git a/test/results/default/dlep.pcapng.out b/test/results/default/dlep.pcapng.out index 052caa12d..57fa49097 100644 --- a/test/results/default/dlep.pcapng.out +++ b/test/results/default/dlep.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1565709120718355} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1565709120718355} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120718355,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1565709120718355,"pkt":"AQBeAAB1AAAAqgAACABFAAA4CyxAAP8RhhIKAAAB4AAAdd7kA1YAJOqrRExFUAABABQABAAQAGVtdWxhdGVkLXJvdXRlcg=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120718355,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -13,7 +13,7 @@ 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120720050,"flow_src_last_pkt_time":1565709120720050,"flow_dst_last_pkt_time":1565709120720050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.0.0.1","src_port":44515,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1565709120723425,"flow_src_last_pkt_time":1565709120723425,"flow_dst_last_pkt_time":1565709120726405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":51762,"dst_port":854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1565709120726405} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1565709120726405} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912461 bytes -~~ total memory freed........: 6912461 bytes -~~ total allocations/frees...: 114162/114162 +~~ total memory allocated....: 7490057 bytes +~~ total memory freed........: 7490057 bytes +~~ total allocations/frees...: 125893/125893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 964 chars diff --git a/test/results/default/dlms.pcap.out b/test/results/default/dlms.pcap.out index fe6c91e95..2e74cb3ca 100644 --- a/test/results/default/dlms.pcap.out +++ b/test/results/default/dlms.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1520780595035623} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1520780595035623} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1520780595035623,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1520780595035623,"pkt":"lDnlrnyR3KkEgvOKCABFAABAAABAAEAGppXAqIkUwKiJve19D9yvhVkrAAAAALAC\/\/+DkQAAAgQFtAEDAwUBAQgKBgITPAAAAAAEAgAA"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1520780595035701,"pkt":"3KkEgvOKlDnlrnyRCABFAAA8AABAAEAGppnAqIm9wKiJFA\/c7X0R5x5nr4VZLKAScSAumQAAAgQFtAQCCAptmVbiBgITPAEDAwc="} @@ -7,7 +7,7 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1520780595041619,"pkt":"lDnlrnyR3KkEgvOKCABFAAA9AABAAEAGppjAqIkUwKiJve19D9yvhVksEeceaIAYEBWKJQAAAQEICgYCEz5tmVbifqAHAyGTDwF+"} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1520780595041619,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595041656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1520780595041656,"pkt":"3KkEgvOKlDnlrnyRCABFAAA0+YlAAEAGrRfAqIm9wKiJFA\/c7X0R5x5or4VZNYAQAOPNkQAAAQEICm2ZVugGAhM+"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1522419490000000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1522419490000000} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000000,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":17,"thread_ts_usec":1522419490000000,"pkt":"CgICAgICCgEBAQEBCABFAAAlEjQAAP8Rko4KAQEBCgICAgAAD9sAEUWjfqAHAwOTjBF+AAAAAAAAAAAA"} 00901{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000000,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -17,7 +17,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1522419490000004,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1522419490000004,"pkt":"CgICAgICCgEBAQEBCABFAAA3EjQAAP8RknwKAQEBCgICAgAAD9sAIz7OfqAZAyHcH9bm5gDAAcEADwAAKAAA\/wcAKS1+"} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000008,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000008,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595062222,"flow_dst_last_pkt_time":1520780595062256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1522419490000008,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1522419490000008} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1522419490000008} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912848 bytes -~~ total memory freed........: 6912848 bytes -~~ total allocations/frees...: 114177/114177 +~~ total memory allocated....: 7490466 bytes +~~ total memory freed........: 7490466 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1116 chars diff --git a/test/results/default/dlt_ppp.pcap.out b/test/results/default/dlt_ppp.pcap.out index 5b9f74f8f..6705cb2ac 100644 --- a/test/results/default/dlt_ppp.pcap.out +++ b/test/results/default/dlt_ppp.pcap.out @@ -1,7 +1,7 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00272{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031048,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_usec":1031048} 01950{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","pkt_datalink":9,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_usec":1031048,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"} -00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":4,"global_ts_usec":1031048} +00826{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":4,"global_ts_usec":1031048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -10,9 +10,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 277 chars ~~ json message max len.......: 1955 chars diff --git a/test/results/default/dnp3.pcap.out b/test/results/default/dnp3.pcap.out index 6025b038f..3d5677dc5 100644 --- a/test/results/default/dnp3.pcap.out +++ b/test/results/default/dnp3.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1097501938503079} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1097501938503079} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097501938503079,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503280,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503280,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkmJAAIAGVFsKAAADCgAACE4gCuVSxjiFVRwa03AS\/\/8axQAAAgQFtAEBBAI="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503490,"flow_dst_last_pkt_time":1097501938504844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097501938504844,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02090{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502061905496,"flow_dst_last_pkt_time":1097501941569134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097502061905496,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4079628.2,"max":120145678,"stddev":21203112.0,"var":449571977166848.0,"ent":0.4,"data": [0,0,201,0,0,411,0,0,1564,0,0,151649,0,0,2891882,0,0,795,0,0,3043080,0,0,21210,0,0,212002,0,0,120145678,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.259637833,4.259637833,4.259637833,4.683206558,4.683206558,4.683206558,4.102729797,4.102729797,4.102729797,4.867636204,4.867636204,4.867636204,4.146208286,4.146208286,4.146208286,4.803641796,4.803641796,4.803641796,5.091148376,5.091148376,5.091148376,4.146208286,4.146208286,4.146208286,4.750165939,4.750165939,4.750165939,4.146208286,4.146208286,4.146208286,4.932524681,4.932524681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1097502623045756} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1097502623045756} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097502623045756,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} @@ -17,7 +17,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045930,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045930,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkrlAAIAGVAQKAAADCgAACE4gCvNc+rZHZuVtCnAS\/\/8uwAAAAgQFtAEBBAI="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623046134,"flow_dst_last_pkt_time":1097502623047417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097502623047417,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02093{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648521527,"flow_dst_last_pkt_time":1097502648521681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097502648521681,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1643603.1,"max":17487311,"stddev":4346023.5,"var":18887919796224.0,"ent":2.2,"data": [0,0,174,0,0,378,0,0,1487,0,0,181225,0,0,17203302,0,0,17487311,0,0,4814054,0,0,4907006,0,0,3276812,0,0,3079947,0]},"pktlen": {"min":46,"avg":50.8,"max":64,"stddev":7.1,"var":50.0,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1],"entropies": [4.259637833,4.259637833,4.259637833,4.599873543,4.599873543,4.599873543,4.032184124,4.032184124,4.032184124,4.588809967,4.588809967,4.588809967,4.075662136,4.075662136,4.075662136,4.807524681,4.807524681,4.807524681,4.075662136,4.075662136,4.075662136,4.889479637,4.889479637,4.889479637,4.102729797,4.102729797,4.102729797,4.146208286,4.146208286,4.146208286,4.146208286,4.146208286]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":79,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1097504102255746} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":79,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1097504102255746} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097504102255746,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} @@ -27,7 +27,7 @@ 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102256118,"flow_dst_last_pkt_time":1097504102257400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097504102257400,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":18,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648678187,"flow_dst_last_pkt_time":1097502648677871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097504103602860,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504186592304,"flow_dst_last_pkt_time":1097504103409070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097504186592304,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2757738.0,"max":82989444,"stddev":14650606.0,"var":214640269197312.0,"ent":0.2,"data": [0,0,167,0,0,372,0,0,1487,0,0,144969,0,0,996855,0,0,774,0,0,1141407,0,0,10263,0,0,204144,0,0,82989444,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.233697891,4.233697891,4.233697891,4.698933601,4.698933601,4.698933601,4.075662136,4.075662136,4.075662136,4.854392529,4.854392529,4.854392529,4.119140625,4.119140625,4.119140625,4.817366600,4.817366600,4.817366600,5.114375591,5.114375591,5.114375591,4.162618637,4.162618637,4.162618637,4.765161514,4.765161514,4.765161514,4.075662136,4.075662136,4.075662136,4.901274681,4.901274681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1097505644006837} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1097505644006837} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505644006837,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} @@ -36,7 +36,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644007009,"pkt":"AFAEk3BnAAKzznBRCABFAAAwxfhAAIAGIMQKAAADCgAACU4gBDiWbHn2GWoYHXAS\/\/\/awQAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505719035890,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505719035890,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02091{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505754575976,"flow_dst_last_pkt_time":1097505754654239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1097505754654239,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7136017.5,"max":75076356,"stddev":19839044.0,"var":393587648888832.0,"ent":1.9,"data": [0,0,172,0,0,422,0,0,75028631,0,0,75076356,0,0,533,0,0,48219,0,0,553,0,0,153041,0,0,35338826,0,0,35569788,0]},"pktlen": {"min":46,"avg":52.7,"max":63,"stddev":5.9,"var":34.5,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.162618637,4.162618637,4.162618637,4.907654285,4.907654285,4.907654285,4.659897804,4.659897804,4.659897804,4.765161991,4.765161991,4.765161991,4.162618637,4.162618637,4.162618637,4.927980900,4.927980900,4.927980900,4.162619114,4.162619114,4.162619114,4.909368515,4.909368515,4.909368515,4.673142433,4.673142433]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1097507785883614} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1097507785883614} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097507785883614,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} @@ -45,7 +45,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883753,"pkt":"AFAEk3BnAAKzznBRCABFAAAwx49AAIAGHy4KAAADCgAACE4gBD62X0jyDC0Sy3AS\/\/\/+XAAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883944,"flow_dst_last_pkt_time":1097507785885063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097507785885063,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02079{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507788771853,"flow_dst_last_pkt_time":1097507788624309,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097507788771853,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":181578.5,"max":2639445,"stddev":625878.8,"var":391724269568.0,"ent":1.5,"data": [0,0,139,0,0,330,0,0,1310,0,0,168563,0,0,2471106,0,0,796,0,0,2639445,0,0,99801,0,0,232167,0,0,15277,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.1,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.119140148,4.119140148,4.119140148,4.854392529,4.854392529,4.854392529,4.162619114,4.162619114,4.162619114,4.767277718,4.767277718,4.767277718,4.850569725,4.850569725,4.850569725,4.119140625,4.119140625,4.119140625,4.806060791,4.806060791,4.806060791,4.206097126,4.206097126,4.206097126,5.071992874,5.071992874]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1097510947092701} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1097510947092701} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097510947092701,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} @@ -54,7 +54,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092859,"pkt":"AFAEk3BnAAKzznBRCABFAAAwyZlAAIAGHSQKAAADCgAACE4gBIfliDTWmKbHVHAS\/\/+iAwAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947093064,"flow_dst_last_pkt_time":1097510947094289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097510947094289,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":15,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502062040142,"flow_dst_last_pkt_time":1097502061912093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097510950374117,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":472,"packets-processed":471,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1097512255234470} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":472,"packets-processed":471,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1097512255234470} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097512255234470,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} @@ -64,7 +64,7 @@ 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234830,"flow_dst_last_pkt_time":1097512255236054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097512255236054,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":78,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504224083555,"flow_dst_last_pkt_time":1097504223905294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":2730,"midstream":0,"thread_ts_usec":1097512264841740,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097512267645965,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":797257.9,"max":9487840,"stddev":2344670.8,"var":5497481068544.0,"ent":1.9,"data": [0,0,157,0,0,360,0,0,1427,0,0,192830,0,0,9226978,0,0,9487840,0,0,187102,0,0,2636386,0,0,2814075,0,0,167839,0]},"pktlen": {"min":46,"avg":52.8,"max":64,"stddev":7.0,"var":48.7,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0],"entropies": [4.217971325,4.217971325,4.217971325,4.641540051,4.641540051,4.641540051,4.032184124,4.032184124,4.032184124,4.784216881,4.784216881,4.784216881,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.906424999,4.906424999,4.906424999,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.858093739,4.858093739,4.858093739,4.075662136,4.075662136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1097513177295531} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1097513177295531} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097513177295531,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097513177295531,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} @@ -78,7 +78,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":36,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507856257809,"flow_dst_last_pkt_time":1097507856091024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":93,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":774,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510959359091,"flow_dst_last_pkt_time":1097510959487180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":543,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1097513185107737} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":543,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1097513185107737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 543/543 ~~ skipped flows.............: 0 @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6940220 bytes -~~ total memory freed........: 6940220 bytes -~~ total allocations/frees...: 114765/114765 +~~ total memory allocated....: 7517816 bytes +~~ total memory freed........: 7517816 bytes +~~ total allocations/frees...: 126496/126496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2098 chars diff --git a/test/results/default/dns-exf.pcap.out b/test/results/default/dns-exf.pcap.out index d39b590d2..eab428765 100644 --- a/test/results/default/dns-exf.pcap.out +++ b/test/results/default/dns-exf.pcap.out @@ -1,12 +1,12 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694185912616950} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694185912616950} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1694185912616950,"pkt":"rB9rrWosDMR6zE5uCABFAACVxO0AAEARLrPAqALhwKgChrDqADUAgRda\/9UBIAABAAAAAAABOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RQ=="} 01560{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","domainame":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1694185912617037,"pkt":"DMR6zE5urB9rrWosCABFAACl4RtAAEAR0nTAqAKGwKgC4QA1sOoAkYda\/9WBgAABAAEAAAAAOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RcAMAAEAAQAAADwABMCoAoY="} 01674{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","domainame":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":41,"rsp_addr": []}}} 01511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1694185912617037} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1694185912617037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907782 bytes -~~ total memory freed........: 6907782 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7485378 bytes +~~ total memory freed........: 7485378 bytes +~~ total allocations/frees...: 125874/125874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 1679 chars diff --git a/test/results/default/dns-google-nsid.pcapng.out b/test/results/default/dns-google-nsid.pcapng.out index 67bf723e5..e8ef05e71 100644 --- a/test/results/default/dns-google-nsid.pcapng.out +++ b/test/results/default/dns-google-nsid.pcapng.out @@ -1,11 +1,11 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690622872644843} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690622872644843} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1690622872644843,"pkt":"ILAB4IZiNObXAhsnht1gAfZ6ADQRQCABCwcKPcESszICDYmrEF4gAUhgSGAAAAAAAAAAAIhEopgANQA0fuyRUQEgAAEAAAAAAAEAAAIAAQAAKRAAAAAAAAAQAAMAAAAKAAjr5ips77+Grg=="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2,"rsp_type":0,"rsp_addr": []}}} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":314,"pkt_l4_len":260,"thread_ts_usec":1690622872652124,"pkt":"NObXAhsnILAB4IZiht1oBYXDAQQReyABSGBIYAAAAAAAAAAAiEQgAQsHCj3BErMyAg2JqxBeADWimAEE5j2RUYGgAAEADQAAAAEAAAIAAQAAAgABAACPzQAUAWEMcm9vdC1zZXJ2ZXJzA25ldAAAAAIAAQAAj80ABAFiwB4AAAIAAQAAj80ABAFjwB4AAAIAAQAAj80ABAFkwB4AAAIAAQAAj80ABAFlwB4AAAIAAQAAj80ABAFmwB4AAAIAAQAAj80ABAFnwB4AAAIAAQAAj80ABAFowB4AAAIAAQAAj80ABAFpwB4AAAIAAQAAj80ABAFqwB4AAAIAAQAAj80ABAFrwB4AAAIAAQAAj80ABAFswB4AAAIAAQAAj80ABAFtwB4AACkCAAAAAAAADQADAAlncGRucy1taWw="} 01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690622872652124,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":2,"rsp_type":2,"rsp_addr": []}}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1690735119384155} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1690735119384155} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1690735119384155,"pkt":"EBMx8Tl2nFg8p+7MCABFAABJMKYAAEARAADAqAEdCAgEBOTUADUANc4XTRUBIAABAAAAAAABA3d3dwRudG9wA29yZwAAAQABAAApEAAAAAAAAAQAAwAA"} 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -43,7 +43,7 @@ 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.wikipedia.it"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735126272436,"flow_src_last_pkt_time":1690735126272436,"flow_dst_last_pkt_time":1690735126289473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":51166,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1690735295654626} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1690735295654626} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -52,9 +52,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6922299 bytes -~~ total memory freed........: 6922299 bytes -~~ total allocations/frees...: 114217/114217 +~~ total memory allocated....: 7499895 bytes +~~ total memory freed........: 7499895 bytes +~~ total allocations/frees...: 125948/125948 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 1220 chars diff --git a/test/results/default/dns-invalid-chars.pcap.out b/test/results/default/dns-invalid-chars.pcap.out index 9ab1b115a..a1f6447bd 100644 --- a/test/results/default/dns-invalid-chars.pcap.out +++ b/test/results/default/dns-invalid-chars.pcap.out @@ -1,12 +1,12 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946734886956538} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946734886956538} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":946734886956538,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"} 01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourba???arebelongto.cn","domainame":"www.allyourba???arebelongto.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":946734886957011,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="} 01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn","domainame":"www.allyourbasesare???ongto.cn","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["19.185.141.241,ttl=60"]}}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":946734886957011} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":946734886957011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907709 bytes -~~ total memory freed........: 6907709 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485305 bytes +~~ total memory freed........: 7485305 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 584 chars ~~ json message max len.......: 1287 chars diff --git a/test/results/default/dns-tunnel-iodine.pcap.out b/test/results/default/dns-tunnel-iodine.pcap.out index 6c56350d5..5f7d6ed08 100644 --- a/test/results/default/dns-tunnel-iodine.pcap.out +++ b/test/results/default/dns-tunnel-iodine.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1282356640051082} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1282356640051082} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1282356640051082,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="} 01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea","domainame":"vaaaakardli.pirate.sea","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr": []}}} @@ -10,7 +10,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1282356640057774,"flow_dst_last_pkt_time":1282356640052258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1282356640057774,"pkt":"CAAnx266CAAnnOC0CABFAABKAABAAEARInIKAAIeCgACFK5fADUANnlrTw4BAAABAAAAAAABBnlyYmkwMgZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="} 02427{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356645071860,"flow_dst_last_pkt_time":1282356640060900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1434,"flow_src_tot_l4_payload_len":2968,"flow_dst_tot_l4_payload_len":3580,"midstream":0,"thread_ts_usec":1282356645071860,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":93,"avg":162277.3,"max":1002966,"stddev":368318.9,"var":135658823680.0,"ent":2.4,"data": [93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454]},"pktlen": {"min":68,"avg":232.6,"max":1462,"stddev":286.6,"var":82112.7,"ent":4.4,"data": [68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309]},"bins": {"c_to_s": [0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0],"entropies": [4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920]},"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea"}} 01240{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":212,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356664538177,"flow_dst_last_pkt_time":1282356664538369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1470,"flow_src_tot_l4_payload_len":16812,"flow_dst_tot_l4_payload_len":35212,"midstream":0,"thread_ts_usec":1282356664538369,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":438,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1282356664538369} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":438,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1282356664538369} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 438/434 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920249 bytes -~~ total memory freed........: 6920249 bytes -~~ total allocations/frees...: 114573/114573 +~~ total memory allocated....: 7497845 bytes +~~ total memory freed........: 7497845 bytes +~~ total allocations/frees...: 126304/126304 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2432 chars diff --git a/test/results/default/dns.pcap.out b/test/results/default/dns.pcap.out index 81d94d59f..5d24f134f 100644 --- a/test/results/default/dns.pcap.out +++ b/test/results/default/dns.pcap.out @@ -1,17 +1,17 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} 00291{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00409{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00291{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00580{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/3 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907700 bytes -~~ total memory freed........: 6907700 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485296 bytes +~~ total memory freed........: 7485296 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 296 chars ~~ json message max len.......: 1096 chars diff --git a/test/results/default/dns2tcp_tunnel.pcap.out b/test/results/default/dns2tcp_tunnel.pcap.out index 9dcca31de..ecb94e828 100644 --- a/test/results/default/dns2tcp_tunnel.pcap.out +++ b/test/results/default/dns2tcp_tunnel.pcap.out @@ -1,16 +1,16 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1585754662417775} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1585754662417775} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662417775,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1585754662417775,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAADxHSUAAQAYb9sCoFNMBAQEBrXQBu3Drjx4AAAAAoAL68NerAAACBAW0BAIICnay3cMAAAAAAQMDBw=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1585754662432958,"pkt":"AAAAAQAGAMGxFOsxAAAIAEUAADQAAEAAOwZoRwEBAQHAqBTTAbutdOoUh0Fw648fgBL\/\/3bwAAACBAW0AQEEAgEDAwo="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1585754662432995,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1585754662432995,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAAChHSkAAQAYcCcCoFNMBAQEBrXQBu3Drjx\/qFIdCUBAB9teXAAA="} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":317,"pkt_l4_len":281,"thread_ts_usec":1585754662433349,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAAS1HS0AAQAYbA8CoFNMBAQEBrXQBu3Drjx\/qFIdCUBgB9ticAAAWAwEBAAEAAPwDAzKqS22px\/CTpo78Ye4zddAa6Z5hu8dexSpfgB\/KPyM8IBW4LygEJtFvxwqfPjBrPBJXOP4MVujkXAKUlXfpjPQ8ACbAL8AwwCvALMyozKnAE8AJwBTACgCcAJ0ALwA1wBIAChMBEwMTAgEAAI0zdAAAAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAFBAMEAwMAMwAmACQAHQAg2KL+lafauJGwZq+fL+yw5OcnpvEgnE7CqQoZNJ6nnHQ="} -01448{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662433349,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"547df21d727c7b3a5dcb59aa0fd97c2c","ja3s":"","ja4":"t13d1910h2_9dc949149365_d811adc85aab","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01407{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662433349,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_d811adc85aab","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662448228,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"thread_ts_usec":1585754662448228,"pkt":"AAAAAQAGAMGxFOsxAAAIAEUAAChFqUAAOwYiqgEBAQHAqBTTAbutdOoUh0Jw65AkUBAAQrZ+AAAAAAAAAAA="} -01493{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662450074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1585754662450074,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"547df21d727c7b3a5dcb59aa0fd97c2c","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_d811adc85aab","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01452{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662450074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1585754662450074,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_d811adc85aab","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02388{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754667234417,"flow_dst_last_pkt_time":1585754667234382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":832,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1585754667234417,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":310750.0,"max":3088155,"stddev":822603.9,"var":676677156864.0,"ent":2.2,"data": [15183,15220,354,15270,1846,16739,62,53,90384,91,71,105281,44,81,14863,21,60,6014,10,5995,405,8870,6443,1568614,19,1583566,686,15609,3073223,17,3088155]},"pktlen": {"min":40,"avg":193.5,"max":1628,"stddev":364.6,"var":132965.6,"ent":3.7,"data": [60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40]},"bins": {"c_to_s": [9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0],"entropies": [4.667386532,4.668681622,4.543943405,5.982677937,4.205535889,7.833335876,4.543943405,7.877990246,4.493943214,6.023458481,6.306409836,6.668928623,4.205535889,4.138445377,6.120807171,4.543943405,4.249013901,5.515665054,7.178042412,5.484094143,4.446440220,6.385652542,4.249013901,4.205535889,7.207519531,5.404759407,4.543943405,6.804022312,4.205535412,7.318181038,5.501630783,4.543943405]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754670430406,"flow_dst_last_pkt_time":1585754670531367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":4713,"midstream":0,"thread_ts_usec":1585754670531367,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1585754670531367} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1585754670531367} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6940505 bytes -~~ total memory freed........: 6940505 bytes -~~ total allocations/frees...: 114202/114202 +~~ total memory allocated....: 7518101 bytes +~~ total memory freed........: 7518101 bytes +~~ total allocations/frees...: 125933/125933 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2393 chars -~~ json message avg len.......: 1406 chars +~~ json message avg len.......: 1403 chars diff --git a/test/results/default/dns_ambiguous_names.pcap.out b/test/results/default/dns_ambiguous_names.pcap.out index 6f2b6ebeb..0eaf5a16f 100644 --- a/test/results/default/dns_ambiguous_names.pcap.out +++ b/test/results/default/dns_ambiguous_names.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625744123717337} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625744123717337} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1625744123717337,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} 01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","proto_id":"5.238","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"41-courier.push.apple.com","domainame":"41-courier.push.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -60,7 +60,7 @@ 01249{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"_.teams.microsoft.com"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123977935,"flow_src_last_pkt_time":1625744123977935,"flow_dst_last_pkt_time":1625744124006118,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wide-youtube.l.google.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124422852,"flow_src_last_pkt_time":1625744124422852,"flow_dst_last_pkt_time":1625744124461060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"instagram.faae1-1.fna.fbcdn.net"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1625744124461060} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1625744124461060} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929675 bytes -~~ total memory freed........: 6929675 bytes -~~ total allocations/frees...: 114258/114258 +~~ total memory allocated....: 7507271 bytes +~~ total memory freed........: 7507271 bytes +~~ total allocations/frees...: 125989/125989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 1358 chars diff --git a/test/results/default/dns_doh.pcap.out b/test/results/default/dns_doh.pcap.out index edce3e0e3..d64f2d914 100644 --- a/test/results/default/dns_doh.pcap.out +++ b/test/results/default/dns_doh.pcap.out @@ -1,16 +1,16 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1571089200789290} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1571089200789290} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1571089200789290,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1571089200789290,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1571089200876406,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1571089200876498,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1571089200876498,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"} 01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1571089200878306,"pkt":"WkBO7NFkeDHBvV4kCABFAAItAABAAEAGIamsFAoEaBD4+cLVAbuk7FgjymHcL1AYEADUpQAAFgMBAgABAAH8AwMqXU892mwEgrbPk2vmEoCiukOQrlB4\/N6a6iNUaK2vhCCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACD0aVsNTtl9Lx5GVsNGBkDynRSOBTbpOHtuKkwLAFQkYQAXAEEE\/AmIeggJ9IHU1kIvKs+Cnhzk3A1QGe6QCQ18\/XG1ZOdvRPgliMZgJr06algkRN3zqCIAxCiyg6awi6QlLrsiLQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1571089200878306,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.2","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1571089200878306,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200968624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1571089200968624,"pkt":"eDHBvV4kWkBO7NFkCABFAAAoZNYAADAGDthoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4uXQAA"} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200968629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1571089200968629,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200968629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1571089200968629,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089201723583,"flow_dst_last_pkt_time":1571089201764372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":4202,"midstream":0,"thread_ts_usec":1571089201764372,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61592.7,"max":535341,"stddev":130172.4,"var":16944855040.0,"ent":3.0,"data": [87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,0,17900,147557,535341,708,88830,66,525420,6,10702,6]},"pktlen": {"min":40,"avg":216.9,"max":1340,"stddev":327.3,"var":107137.2,"ent":3.9,"data": [64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71]},"bins": {"c_to_s": [9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1],"entropies": [4.441382408,4.801308632,4.503056526,5.369568825,4.730641365,7.827131748,7.862888336,4.630641460,4.453056335,7.522860050,4.630641460,5.744826317,6.939166546,7.200489998,6.276752949,4.730641365,7.589616776,7.428659439,5.699038506,4.730641365,4.730641365,4.680641174,5.688406467,4.780641556,6.111449242,6.391828060,6.039783001,6.407779217,4.780641556,4.730641365,7.064774990,5.558194637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":56,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089204031014,"flow_dst_last_pkt_time":1571089204030791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":3792,"flow_dst_tot_l4_payload_len":8866,"midstream":0,"thread_ts_usec":1571089204031014,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1571089204031014} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":142,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1571089204031014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936446 bytes -~~ total memory freed........: 6936446 bytes -~~ total allocations/frees...: 114290/114290 +~~ total memory allocated....: 7514042 bytes +~~ total memory freed........: 7514042 bytes +~~ total allocations/frees...: 126021/126021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2167 chars -~~ json message avg len.......: 1293 chars +~~ json message avg len.......: 1291 chars diff --git a/test/results/default/dns_dot.pcap.out b/test/results/default/dns_dot.pcap.out index 1df5a9517..a557570bc 100644 --- a/test/results/default/dns_dot.pcap.out +++ b/test/results/default/dns_dot.pcap.out @@ -1,15 +1,15 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572783663234722} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572783663234722} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572783663234722,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663234722,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663269648,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1572783663269693,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572783663269693,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1572783663269902,"pkt":"uCfrK5DxCAAnjau+CABFAAD6w6lAAEAGo+PAqAG5CAgICOOyA1VVRPv47jtL2YAYAfbTXQAAAQEICiovlTaOOwAQFgMDAMEBAAC9AwOCK\/MuQQ5sSYHkQFarOZKq84a6P\/ILns+YkoRGDIAgSQAAMsAszKnArcAKwCvArMAJwDDMqMAUwC\/AEwCdwJ0ANQCcwJwALwCfzKrAnwA5AJ7AngAzAQAAYgAFAAUBAAAAAAAKABQAEgAXABgAGQAdAQABAQECAQMBBAALAAIBAAANACAAHgQBCAkIBAQDCAcFAQgKCAUFAwYBCAsIBgYDAgECAwAWAAAAFwAAACMAAP8BAAEAABwAAkAA"} -01492{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572783663269902,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","ja4":"t12d250900_7415a186c913_cdf51c020b42","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572783663269902,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d250900_7415a186c913_cdf51c020b42","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663302644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572783663302644,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"} -01982{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663319899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":3069,"midstream":0,"thread_ts_usec":1572783663319899,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","ja4":"t12d250900_7415a186c913_cdf51c020b42","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53","blocks":0}}} +01941{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663319899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":3069,"midstream":0,"thread_ts_usec":1572783663319899,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"2b341b88c742e940cfb485ce7d93dde7","ja4":"t12d250900_7415a186c913_cdf51c020b42","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53","blocks":0}}} 01341{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783666246370,"flow_dst_last_pkt_time":1572783666246346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1572783666246370,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1572783666246370} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1572783666246370} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916696 bytes -~~ total memory freed........: 6916696 bytes -~~ total allocations/frees...: 114181/114181 +~~ total memory allocated....: 7494292 bytes +~~ total memory freed........: 7494292 bytes +~~ total allocations/frees...: 125912/125912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars -~~ json message max len.......: 1987 chars -~~ json message avg len.......: 1224 chars +~~ json message max len.......: 1946 chars +~~ json message avg len.......: 1204 chars diff --git a/test/results/default/dns_exfiltration.pcap.out b/test/results/default/dns_exfiltration.pcap.out index 1b52a971c..49ef04628 100644 --- a/test/results/default/dns_exfiltration.pcap.out +++ b/test/results/default/dns_exfiltration.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1580978146717893} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1580978146717893} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1580978146717893,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} 01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","domainame":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr": []}}} @@ -11,7 +11,7 @@ 02590{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978160880828,"flow_dst_last_pkt_time":1580978160882236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":1158,"flow_dst_tot_l4_payload_len":2183,"midstream":0,"thread_ts_usec":1580978160882236,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3976,"avg":913783.2,"max":1035526,"stddev":281798.4,"var":79410348032.0,"ent":4.8,"data": [170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694]},"pktlen": {"min":87,"avg":132.4,"max":372,"stddev":59.1,"var":3497.9,"ent":4.9,"data": [201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134]},"bins": {"c_to_s": [0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.667089462,4.689397812,4.760825157,4.825231075,4.676949501,4.874624252,4.717905998,4.933177948,4.565960884,4.809306622,4.614233017,4.906701565,4.640079498,4.841056824,4.601366520,4.896399975,4.614233017,4.837578773,4.621761799,4.830716610,4.594102859,4.805916786,4.652946472,4.869677067,4.607450485,4.854219437,4.621762276,4.930173397,4.677563667,4.830170631,4.546681404,4.850760937]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02"}} 01312{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":57,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978196387731,"flow_dst_last_pkt_time":1580978196389199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":4115,"flow_dst_tot_l4_payload_len":7851,"midstream":0,"thread_ts_usec":1580978196389199,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02"}} 01314{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978206706247,"flow_dst_last_pkt_time":1580978206707432,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":26119,"flow_dst_tot_l4_payload_len":34826,"midstream":0,"thread_ts_usec":1580978206707432,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":300,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1580978206707432} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":300,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1580978206707432} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 300/300 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916427 bytes -~~ total memory freed........: 6916427 bytes -~~ total allocations/frees...: 114439/114439 +~~ total memory allocated....: 7494023 bytes +~~ total memory freed........: 7494023 bytes +~~ total allocations/frees...: 126170/126170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 626 chars ~~ json message max len.......: 2595 chars diff --git a/test/results/default/dns_fragmented.pcap.out b/test/results/default/dns_fragmented.pcap.out index 567e160ac..cdad5376c 100644 --- a/test/results/default/dns_fragmented.pcap.out +++ b/test/results/default/dns_fragmented.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1558968008021140} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1558968008021140} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968008021140,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","domainame":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr": []}}} @@ -45,7 +45,7 @@ 01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","domainame":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 01657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_usec":1558968031134623,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968031134623,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","domainame":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1559042371783274} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1559042371783274} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_usec":1559042371783274,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"} 01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2-mgmt.weberlab.de","domainame":"fg2-mgmt.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} @@ -73,7 +73,7 @@ 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de"}} 01271{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de"}} 01250{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1560869882430319} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1560869882430319} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_usec":1560869882430319,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"} 01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","domainame":"sigok.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -150,7 +150,7 @@ 01282{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de"}} 01037{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913756066,"flow_dst_last_pkt_time":1560869913756036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":66,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1560869916477286} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":66,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1560869916477286} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/59 ~~ skipped flows.............: 0 @@ -159,9 +159,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6957220 bytes -~~ total memory freed........: 6957220 bytes -~~ total allocations/frees...: 114429/114429 +~~ total memory allocated....: 7534816 bytes +~~ total memory freed........: 7534816 bytes +~~ total allocations/frees...: 126160/126160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 325 chars ~~ json message max len.......: 2522 chars diff --git a/test/results/default/dns_invert_query.pcapng.out b/test/results/default/dns_invert_query.pcapng.out index 35a7188c4..45abd407b 100644 --- a/test/results/default/dns_invert_query.pcapng.out +++ b/test/results/default/dns_invert_query.pcapng.out @@ -1,11 +1,11 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744019230637} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744019230637} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1618744019230637,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"} 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"216.58.202.4","domainame":"216.58.202.4","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1618744019235548,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1618744019235548,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1618744019235548} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1618744019235548} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907643 bytes -~~ total memory freed........: 6907643 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485239 bytes +~~ total memory freed........: 7485239 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1091 chars diff --git a/test/results/default/dns_long_domainname.pcap.out b/test/results/default/dns_long_domainname.pcap.out index fbaae9c6f..c916cd7eb 100644 --- a/test/results/default/dns_long_domainname.pcap.out +++ b/test/results/default/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907695 bytes -~~ total memory freed........: 6907695 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485291 bytes +~~ total memory freed........: 7485291 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 610 chars ~~ json message max len.......: 1273 chars diff --git a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out index aee5da538..85d0b74b4 100644 --- a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,5 +1,5 @@ -00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946735705348929} +00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946735705348929} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946735705348929,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705459813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705459813,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705460564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705460564,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349002,"flow_dst_last_pkt_time":946735705461257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705461257,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":946739299327173} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":946739299327173} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739299327173,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -205,22 +205,22 @@ 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":946739304789776,"flow_dst_last_pkt_time":946739304821381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739304821381,"pkt":"ZmZmZmZmRERERERECABFAADTDfVAADURyF8zD3r6CgAAAQG7mF8Av3inxkSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305155161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155161,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305155161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305155161,"pkt":"REREREREZmZmZmZmCABFAAIcU1NAAL0RVBEKAAABizvIdOhUAbsCCBaGc5UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305155161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155161,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305155161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155161,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305155166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155166,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305155166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305155166,"pkt":"REREREREZmZmZmZmCABFAAIcU1RAAL0RVBAKAAABizvIdLjtAbsCCBaGc5EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305155166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155166,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305155166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155166,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305155210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155210,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305155210,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739305155210,"pkt":"REREREREZmZmZmZmCABFAAIcU1VAAL0RVA8KAAABizvIdMSfAbsCCBaGc5MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305155210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155210,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305155210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155210,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155235,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305155235,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155235,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305155235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155235,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155254,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305155254,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155254,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305155254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155254,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739305155306,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305155306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739305155306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305187672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305187672,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305189032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305189032,"pkt":"ZmZmZmZmRERERERECABFAADSF55AADcRFxGLO8h0CgAAAQG7xJ8Avg\/uc5OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305189550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":946739305189550,"pkt":"ZmZmZmZmRERERERECABFAADSF59AADcRFxCLO8h0CgAAAQG7uO0Avhuic5GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} @@ -864,7 +864,7 @@ 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739381021276,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":946739381021276,"pkt":"ZmZmZmZmRERERERECABFAADPeU5AADQRWShVBV3mCgAAASD7ynIAu49J4\/GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="} 01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318169132,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318205762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318169188,"flow_src_last_pkt_time":946739318169188,"flow_dst_last_pkt_time":946739318200790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305189032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305189032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599866,"flow_src_last_pkt_time":946739304599866,"flow_dst_last_pkt_time":946739304628900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317432619,"flow_src_last_pkt_time":946739317432619,"flow_dst_last_pkt_time":946739317461317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739306241870,"flow_src_last_pkt_time":946739306241870,"flow_dst_last_pkt_time":946739306435542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -902,9 +902,9 @@ 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304789731,"flow_src_last_pkt_time":946739304789731,"flow_dst_last_pkt_time":946739304821208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312402248,"flow_src_last_pkt_time":946739312402248,"flow_dst_last_pkt_time":946739312402248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318061081,"flow_src_last_pkt_time":946739318061081,"flow_dst_last_pkt_time":946739318170686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305194519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305194519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038037,"flow_src_last_pkt_time":946739318038037,"flow_dst_last_pkt_time":946739318059490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305187672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305187672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496730,"flow_src_last_pkt_time":946739317496730,"flow_dst_last_pkt_time":946739317829317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946735705349060,"flow_src_last_pkt_time":946739305349060,"flow_dst_last_pkt_time":946739305457124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304789862,"flow_src_last_pkt_time":946739304789862,"flow_dst_last_pkt_time":946739304821171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -950,7 +950,7 @@ 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318169044,"flow_src_last_pkt_time":946739318169044,"flow_dst_last_pkt_time":946739318200995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312132036,"flow_src_last_pkt_time":946739312132036,"flow_dst_last_pkt_time":946739312178145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304363260,"flow_src_last_pkt_time":946739304363260,"flow_dst_last_pkt_time":946739304393665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305192746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305192746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946739305348929,"flow_dst_last_pkt_time":946739305453738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318061101,"flow_src_last_pkt_time":946739318061101,"flow_dst_last_pkt_time":946739318167743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311153527,"flow_src_last_pkt_time":946739311153527,"flow_dst_last_pkt_time":946739311314055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -975,7 +975,7 @@ 00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599889,"flow_src_last_pkt_time":946739304599889,"flow_dst_last_pkt_time":946739304629078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304628431,"flow_src_last_pkt_time":946739304628431,"flow_dst_last_pkt_time":946739304804750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311153446,"flow_src_last_pkt_time":946739311153446,"flow_dst_last_pkt_time":946739311306630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305191295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305191295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038215,"flow_src_last_pkt_time":946739318038215,"flow_dst_last_pkt_time":946739318062260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305328010,"flow_src_last_pkt_time":946739305328010,"flow_dst_last_pkt_time":946739305354664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305192703,"flow_src_last_pkt_time":946739305192703,"flow_dst_last_pkt_time":946739305217619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -988,7 +988,7 @@ 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305327975,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305384222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312286047,"flow_src_last_pkt_time":946739312286047,"flow_dst_last_pkt_time":946739312405003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305219317,"flow_src_last_pkt_time":946739305219317,"flow_dst_last_pkt_time":946739305330270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305189550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305189550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496723,"flow_src_last_pkt_time":946739317496723,"flow_dst_last_pkt_time":946739317825451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432697,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462376,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317496321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739381021276,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1094,24 +1094,24 @@ 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_src_last_pkt_time":946739396070548,"flow_dst_last_pkt_time":946739396110024,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":946739396110024,"pkt":"ZmZmZmZmRERERERECABFAADWzC9AADcRvxAu48g3CgAAASD7rIEAwu03FdKAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111009,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396111009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111009,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396111009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396111009,"pkt":"REREREREZmZmZmZmCABFAAIcKehAAH4Ra2AKAAABa6o5ItRnAbsCCGeiszEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111009,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396111009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111009,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111009,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396111009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111009,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396111010,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396111010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00336{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396111023,"packet_id":528,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111023} 00440{"packet_event_id":1,"packet_event_name":"packet","packet_id":528,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396111010,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111084,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396111084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111084,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396111084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396111084,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111084,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396111084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111084,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111084,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396111084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111084,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111148,"flow_src_last_pkt_time":946739396111148,"flow_dst_last_pkt_time":946739396111148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111148,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111148,"flow_dst_last_pkt_time":946739396111148,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739396111148,"pkt":"REREREREZmZmZmZmCABFAAIcKetAAH4Ra10KAAABa6o5IpGnAbsCCGeisy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111148,"flow_src_last_pkt_time":946739396111148,"flow_dst_last_pkt_time":946739396111148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111148,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111148,"flow_src_last_pkt_time":946739396111148,"flow_dst_last_pkt_time":946739396111148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111148,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111157,"flow_src_last_pkt_time":946739396111157,"flow_dst_last_pkt_time":946739396111157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111157,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111157,"flow_dst_last_pkt_time":946739396111157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396111157,"pkt":"REREREREZmZmZmZmCABFAAXcKewgAH4Rh5wKAAABa6o5IoF3AbsGBDmjsywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111157,"flow_src_last_pkt_time":946739396111157,"flow_dst_last_pkt_time":946739396111157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111157,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111157,"flow_src_last_pkt_time":946739396111157,"flow_dst_last_pkt_time":946739396111157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111157,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111164,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946739396111164,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111164,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396111164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739396111164,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00336{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396111169,"packet_id":533,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111169} 00440{"packet_event_id":1,"packet_event_name":"packet","packet_id":533,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":946739396111164,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00336{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":946739396111181,"packet_id":534,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_usec":946739396111181} @@ -1259,14 +1259,14 @@ 01311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":946739620053560,"flow_dst_last_pkt_time":946739620053560,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_usec":946739620053560,"pkt":"REREREREZmZmZmZmCABFAAJc+yVAAKYRG3AKAAABkFtq45NPAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDJIKeRwV+B3o\/S1Vi20pwQIdLtPPzfiWHWJQqFzxTOLyCv2P6iXlQZj5XjV3kgHWrJU4+x22jVmI8HXUQsL4Ett9CycuHxHxWcs\/QYSIRhXy4zBDqi\/TRLgCDvexnLEbWrLVqZlx1oiHSo5WUfrBG87Hnp2cAe\/gsf5JPymP1MD3qdNPqZTHuk8S3o2b7BAHlFbKntVCDBSVQ2u7L9Ln\/6QrREPkeEFI1x9w5DZ5HrdTDgz+nlHzDSJBD364iAl3eoetv8rISqtBsiSLQHroHpiaUZtlR34l9Vzjmefx2nlmLBPG9TXLLZ\/mrHRFJkh\/uUcYYlECvdkuHlyfOYBwWiwoiqEQ+llPw\/pJiTU8CEAtaLv6CbONOtgp6JdiKE6d43D6uaZcFnqBbwg9eaCGVpcGiuUf8O0AgPu2sDwbVkeFGCSP+1RYWtMKN4UHnlXAzPp5xMNSLWhVnOiQOltHL0A4mIocw8NAKgYgB5WImGwHYZJTu3vKHL1ma4UUJgC2aPqavoEA8xSewTk8+kcdCu+H7U80l6uImg5OwmEHjnULbQ0NG6WqqnmnPPxiAFv0OcQF6VQejNwyFXYLHhqFbcBYdLiQUtlr\/CQbqH4bkFMHbjKfSQ5+8dmJhmOjdlgfwyZVo9qRa+DzThEZzNmUms2ITRpkxyxskJfLxizZZ7rIR6efqljBrZaiXsrJyXuIjgdlqkXHyYFN"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_src_last_pkt_time":946739620053560,"flow_dst_last_pkt_time":946739620112675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":946739620112675,"pkt":"ZmZmZmZmRERERERECABFAADMWFtAADcRLsuQW2rjCgAAAQG7k08AuMXMcjZmbnZXajiSCnkcFfgd6P0tVYuPcDHPBNH+Q2V36ecIOy5+Vn6hASP7zwS+HB7\/COLeZpsYSR\/D4KtiLxFMLHMCSd4CEFa3HkazvGkn1cTMf7cEedRa5ffS2XboBOubQlEIegWZ\/uOw8cxjcAsifupeBdcSOB0uu0iqAXb97mPtwXo9C5m\/fEJEqoOJOH7mervMe4nPhBoqZk\/lTKOfh1zHYDnQCY0xNdH9fhG+JJ4="} 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739620053560,"flow_src_last_pkt_time":946739620053560,"flow_dst_last_pkt_time":946739620112675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111009,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396210662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111009,"flow_src_last_pkt_time":946739396111009,"flow_dst_last_pkt_time":946739396210662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318169132,"flow_src_last_pkt_time":946739318169132,"flow_dst_last_pkt_time":946739318205762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327323,"flow_src_last_pkt_time":946739299327323,"flow_dst_last_pkt_time":946739299327323,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318169188,"flow_src_last_pkt_time":946739318169188,"flow_dst_last_pkt_time":946739318200790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305189032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155210,"flow_src_last_pkt_time":946739305155210,"flow_dst_last_pkt_time":946739305189032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304599866,"flow_src_last_pkt_time":946739304599866,"flow_dst_last_pkt_time":946739304628900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317432619,"flow_src_last_pkt_time":946739317432619,"flow_dst_last_pkt_time":946739317461317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396214290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111010,"flow_src_last_pkt_time":946739396111010,"flow_dst_last_pkt_time":946739396214290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739306241870,"flow_src_last_pkt_time":946739306241870,"flow_dst_last_pkt_time":946739306435542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038043,"flow_src_last_pkt_time":946739318038043,"flow_dst_last_pkt_time":946739318059779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739337078105,"flow_src_last_pkt_time":946739337078105,"flow_dst_last_pkt_time":946739337184787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1328,10 +1328,10 @@ 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400522705,"flow_src_last_pkt_time":946739400522705,"flow_dst_last_pkt_time":946739400553659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739337184959,"flow_src_last_pkt_time":946739337184959,"flow_dst_last_pkt_time":946739337184959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739299327201,"flow_src_last_pkt_time":946739299327201,"flow_dst_last_pkt_time":946739299356160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305194519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155306,"flow_src_last_pkt_time":946739305155306,"flow_dst_last_pkt_time":946739305194519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038037,"flow_src_last_pkt_time":946739318038037,"flow_dst_last_pkt_time":946739318059490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348756792,"flow_src_last_pkt_time":946739348756792,"flow_dst_last_pkt_time":946739348805526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305187672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155161,"flow_src_last_pkt_time":946739305155161,"flow_dst_last_pkt_time":946739305187672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496730,"flow_src_last_pkt_time":946739317496730,"flow_dst_last_pkt_time":946739317829317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946735705349060,"flow_src_last_pkt_time":946739305349060,"flow_dst_last_pkt_time":946739305457124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348756593,"flow_src_last_pkt_time":946739348756593,"flow_dst_last_pkt_time":946739348800211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1350,7 +1350,7 @@ 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304628531,"flow_src_last_pkt_time":946739304628531,"flow_dst_last_pkt_time":946739304791217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462369,"flow_src_last_pkt_time":946739317462369,"flow_dst_last_pkt_time":946739317496294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462322,"flow_src_last_pkt_time":946739317462322,"flow_dst_last_pkt_time":946739317494919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111157,"flow_src_last_pkt_time":946739396111157,"flow_dst_last_pkt_time":946739396216191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111157,"flow_src_last_pkt_time":946739396111157,"flow_dst_last_pkt_time":946739396216191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305327882,"flow_src_last_pkt_time":946739305327882,"flow_dst_last_pkt_time":946739305348735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739306241769,"flow_src_last_pkt_time":946739306241769,"flow_dst_last_pkt_time":946739306433658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462335,"flow_src_last_pkt_time":946739317462335,"flow_dst_last_pkt_time":946739317493097,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1372,14 +1372,14 @@ 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305327975,"flow_src_last_pkt_time":946739305327975,"flow_dst_last_pkt_time":946739305350183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348756620,"flow_src_last_pkt_time":946739348756620,"flow_dst_last_pkt_time":946739348803804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304328460,"flow_src_last_pkt_time":946739304328460,"flow_dst_last_pkt_time":946739304361228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111084,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396215427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111084,"flow_src_last_pkt_time":946739396111084,"flow_dst_last_pkt_time":946739396215427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348805808,"flow_src_last_pkt_time":946739348805808,"flow_dst_last_pkt_time":946739348915268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312105922,"flow_src_last_pkt_time":946739312105922,"flow_dst_last_pkt_time":946739312136710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":189,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739337048494,"flow_src_last_pkt_time":946739337048494,"flow_dst_last_pkt_time":946739337079094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348756593,"flow_src_last_pkt_time":946739348756593,"flow_dst_last_pkt_time":946739348804292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305219453,"flow_src_last_pkt_time":946739305219453,"flow_dst_last_pkt_time":946739305331904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946735705349002,"flow_src_last_pkt_time":946739305349002,"flow_dst_last_pkt_time":946739305461257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111148,"flow_src_last_pkt_time":946739396111148,"flow_dst_last_pkt_time":946739396216406,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111148,"flow_src_last_pkt_time":946739396111148,"flow_dst_last_pkt_time":946739396216406,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312132111,"flow_src_last_pkt_time":946739312132111,"flow_dst_last_pkt_time":946739312180283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380984041,"flow_src_last_pkt_time":946739380984041,"flow_dst_last_pkt_time":946739381017727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739402188041,"flow_src_last_pkt_time":946739402188041,"flow_dst_last_pkt_time":946739402354516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1412,9 +1412,9 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312132036,"flow_src_last_pkt_time":946739312132036,"flow_dst_last_pkt_time":946739312178145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304363260,"flow_src_last_pkt_time":946739304363260,"flow_dst_last_pkt_time":946739304393665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348805654,"flow_src_last_pkt_time":946739348805654,"flow_dst_last_pkt_time":946739348917597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305192746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155254,"flow_src_last_pkt_time":946739305155254,"flow_dst_last_pkt_time":946739305192746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946739305348929,"flow_dst_last_pkt_time":946739305453738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396218321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739396111164,"flow_src_last_pkt_time":946739396111164,"flow_dst_last_pkt_time":946739396218321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380805007,"flow_src_last_pkt_time":946739380805007,"flow_dst_last_pkt_time":946739380844050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318061101,"flow_src_last_pkt_time":946739318061101,"flow_dst_last_pkt_time":946739318167743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739337048391,"flow_src_last_pkt_time":946739337048391,"flow_dst_last_pkt_time":946739337076414,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1449,7 +1449,7 @@ 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348805827,"flow_src_last_pkt_time":946739348805827,"flow_dst_last_pkt_time":946739348916753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304628431,"flow_src_last_pkt_time":946739304628431,"flow_dst_last_pkt_time":946739304804750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311153446,"flow_src_last_pkt_time":946739311153446,"flow_dst_last_pkt_time":946739311306630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305191295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155235,"flow_src_last_pkt_time":946739305155235,"flow_dst_last_pkt_time":946739305191295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739318038215,"flow_src_last_pkt_time":946739318038215,"flow_dst_last_pkt_time":946739318062260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305328010,"flow_src_last_pkt_time":946739305328010,"flow_dst_last_pkt_time":946739305354664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380983956,"flow_src_last_pkt_time":946739380983956,"flow_dst_last_pkt_time":946739381016821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1469,7 +1469,7 @@ 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312286047,"flow_src_last_pkt_time":946739312286047,"flow_dst_last_pkt_time":946739312405003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305219317,"flow_src_last_pkt_time":946739305219317,"flow_dst_last_pkt_time":946739305330270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":186,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739402188042,"flow_src_last_pkt_time":946739402188042,"flow_dst_last_pkt_time":946739402357934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305189550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305155166,"flow_src_last_pkt_time":946739305155166,"flow_dst_last_pkt_time":946739305189550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317496723,"flow_src_last_pkt_time":946739317496723,"flow_dst_last_pkt_time":946739317825451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317432697,"flow_src_last_pkt_time":946739317432697,"flow_dst_last_pkt_time":946739317432697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317462376,"flow_src_last_pkt_time":946739317462376,"flow_dst_last_pkt_time":946739317496321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":946739620112675,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1536,7 +1536,7 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739660371388,"flow_src_last_pkt_time":946739660371388,"flow_dst_last_pkt_time":946739660417793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739620053560,"flow_src_last_pkt_time":946739620053560,"flow_dst_last_pkt_time":946739620112675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739614386871,"flow_src_last_pkt_time":946739614386871,"flow_dst_last_pkt_time":946739614411248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00879{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":608,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":946739861499384} +00879{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":608,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":946739861499384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 608/488 ~~ skipped flows.............: 0 @@ -1545,9 +1545,9 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7502903 bytes -~~ total memory freed........: 7502903 bytes -~~ total allocations/frees...: 117320/117320 +~~ total memory allocated....: 8080499 bytes +~~ total memory freed........: 8080499 bytes +~~ total allocations/frees...: 129051/129051 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 338 chars ~~ json message max len.......: 2508 chars diff --git a/test/results/default/dnscrypt-v2-doh.pcap.out b/test/results/default/dnscrypt-v2-doh.pcap.out index 91a001d44..5edcbb940 100644 --- a/test/results/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/default/dnscrypt-v2-doh.pcap.out @@ -1,275 +1,275 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946739298533748} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946739298533748} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739298533748,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298797787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_usec":946739298797787,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298797787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1410,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":1410,"midstream":1,"thread_ts_usec":946739298797787,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298797787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1410,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":1410,"midstream":1,"thread_ts_usec":946739298797787,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298797978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_usec":946739298797978,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946739298798962,"flow_dst_last_pkt_time":946739298797978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":946739298798962,"pkt":"REREREREZmZmZmZmCABFAABG4UpAAL0Gsf4KAAABi2PeSNGqAbt5f9uy6vvLelAYAfUqoQAAFAMDAAEBFwMDABPWqttRMY+Z46PAR95YRNrv8Sy\/"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299058659,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299058659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739299058659,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299058659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739299058659,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299058659,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299058659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739299058659,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299058659,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299058659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739299058659,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299325554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_usec":946739299325554,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739299058659,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299325554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1410,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":1410,"midstream":1,"thread_ts_usec":946739299325554,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739299058659,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299325554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1410,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":1410,"midstream":1,"thread_ts_usec":946739299325554,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","domainame":"doh-2.seby.io","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":946739299058659,"flow_dst_last_pkt_time":946739299325747,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":946739299325747,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":946739299326863,"flow_dst_last_pkt_time":946739299325747,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":946739299326863,"pkt":"REREREREZmZmZmZmCABFAABGIvlAAL0GcFAKAAABi2PeSNGsAbu+7R++IflDb1AYAfUqoQAAFAMDAAEBFwMDABNO8IRSNKqnBU+tmi3o0yr7jeRP"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304432784,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304432784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739304432784,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304432784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_usec":946739304432784,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304432784,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304432784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739304432784,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.digitale-gesellschaft.ch","domainame":"dns.digitale-gesellschaft.ch","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304432784,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304432784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739304432784,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.digitale-gesellschaft.ch","domainame":"dns.digitale-gesellschaft.ch","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304474088,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739304474088,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"} -01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304432784,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304474088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739304474088,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.digitale-gesellschaft.ch","domainame":"dns.digitale-gesellschaft.ch","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304432784,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304474088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739304474088,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.digitale-gesellschaft.ch","domainame":"dns.digitale-gesellschaft.ch","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":946739304432784,"flow_dst_last_pkt_time":946739304474151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_usec":946739304474151,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":946739304476319,"flow_dst_last_pkt_time":946739304474151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739304476319,"pkt":"REREREREZmZmZmZmCABFAAB4UVlAAL0GF+AKAAABuV\/aKsW2AbtqjRHEK201jlAYAfVUsQAAFAMDAAEBFwMDAEXf5i7KhTG4S8dv24+5p+S+LhQ+PYyJONVNe1tUvJx\/L+\/9b0i1+dS9lEG6c5mDNHT9GO4jeygeA+4A4wrs7q7eoeKIu20="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":946739304476473,"flow_dst_last_pkt_time":946739304474151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739304476473,"pkt":"REREREREZmZmZmZmCABFAAB+UVpAAL0GF9kKAAABuV\/aKsW2AbtqjRIUK201jlAYAfVUtwAAFwMDAFG0yPRl5vfYgYrNqN6Xr0RSsU8qyxBJs\/X5WTC1lrz\/gpr+0l90DKKjt1jArHygBMrF84aQB1D6XplQ1nx8u1Fux106dKe9yzC6\/Eneuw2en7U="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304846437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739304846437,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304846437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":946739304846437,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304846437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739304846437,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"resolver-eu.lelux.fi","domainame":"resolver-eu.lelux.fi","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304846437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739304846437,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"resolver-eu.lelux.fi","domainame":"resolver-eu.lelux.fi","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304885416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_usec":946739304885416,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="} -01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304885416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":3131,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":3131,"midstream":1,"thread_ts_usec":946739304885416,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"resolver-eu.lelux.fi","domainame":"resolver-eu.lelux.fi","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739304846437,"flow_dst_last_pkt_time":946739304885416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":3131,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":3131,"midstream":1,"thread_ts_usec":946739304885416,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"resolver-eu.lelux.fi","domainame":"resolver-eu.lelux.fi","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":946739304887457,"flow_dst_last_pkt_time":946739304885416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739304887457,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":946739304887574,"flow_dst_last_pkt_time":946739304885416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739304887574,"pkt":"REREREREZmZmZmZmCABFAAB+CqVAAL0GK0gKAAABM56TMtqaAbsV\/En6hf1DuFAYAfWH\/QAAFwMDAFHXdLFaAz+Z2rHdRMF6waDqPR4Tw1IOHDhUOX4GIW3IMxkSZnzM4IxIu8uFUy3E0ZKGcdTqsrNExBJvv2oqkuc8+GXwUqWl+KahajxLfpnsMkI="} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":946739304887767,"flow_dst_last_pkt_time":946739304885416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946739304887767,"pkt":"REREREREZmZmZmZmCABFAADYCqZAAL0GKu0KAAABM56TMtqaAbsV\/EpQhf1DuFAYAfWIVwAAFwMDAKus1yP1uKqMf1urenhXvkk1hHi5ysvI5vyFfqtgY7v\/4nRbEU5uNq0wg5+jVbveXNEZspGMDNtai7WF8t2v\/t5LwbYD+cQyx\/yKWMvd+aPvRdf9hU+NHxeDFND1qO6ntW\/6XX3UERjRgJPnDDWLmLo9EfSKCZqn\/QZLxvp1pQX6lmDwrVkvwYAqwv6GnlidXXNWG\/GwqTe+iZ37GYK1wGymo\/DctlUHBZMn+D0="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305016448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739305016448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305016448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":946739305016448,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305016448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739305016448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnses.alekberg.net","domainame":"dnses.alekberg.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305016448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739305016448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnses.alekberg.net","domainame":"dnses.alekberg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305061248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739305061248,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305061248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739305061248,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnses.alekberg.net","domainame":"dnses.alekberg.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305061248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739305061248,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnses.alekberg.net","domainame":"dnses.alekberg.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":946739305016448,"flow_dst_last_pkt_time":946739305063924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":946739305063924,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":946739305065983,"flow_dst_last_pkt_time":946739305063924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739305065983,"pkt":"REREREREZmZmZmZmCABFAABoJYdAAL0GgwwKAAABuf2aQugMAbv\/W2kAE34bUFAYAfUVVwAAFAMDAAEBFwMDADXfncreHH\/w41ETGxAbKhaT3vZm4z54UR30vbUShr9IVbJ7OCCA+pMljhOzcbHXS37RYg7ndA=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":946739305066151,"flow_dst_last_pkt_time":946739305063924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739305066151,"pkt":"REREREREZmZmZmZmCABFAAB+JYhAAL0GgvUKAAABuf2aQugMAbv\/W2lAE34bUFAYAfUVbQAAFwMDAFFCEWDs3sccqWd0uheET3JL6DjLTtPLiQmtDDP\/Rl5nPBW1sUJXIKVZtvgSbC59saZ4oVaBt07mMLExEbGQTB1v0bQ3ojKnMrYG+LAmpLooAew="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305650572,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305650572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739305650572,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305650572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_usec":946739305650572,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305650572,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305650572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739305650572,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiar.app","domainame":"jp.tiar.app","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739305650572,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305650572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739305650572,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiar.app","domainame":"jp.tiar.app","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305852459,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739305852459,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305650572,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305852459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739305852459,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiar.app","domainame":"jp.tiar.app","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739305650572,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305852459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739305852459,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiar.app","domainame":"jp.tiar.app","tls": {"version":"TLSv1.3","ja3s":"475c9302dc42b2751db9edcac3b74891","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 03506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":946739305650572,"flow_dst_last_pkt_time":946739305852672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_usec":946739305852672,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":946739305854743,"flow_dst_last_pkt_time":946739305852672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739305854743,"pkt":"REREREREZmZmZmZmCABFAABoLvNAAL0GxCcKAAABrGhdUJ\/qAbvjN21TlQO9DFAYAfXKzwAAFAMDAAEBFwMDADVZFDeGx9jhCVSvCDaoaTI7mm2C6bZOxUPj4ceROxo5CeHsTjuSnwiy3kJv2riOTzR6QvI4fA=="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":946739305854887,"flow_dst_last_pkt_time":946739305852672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739305854887,"pkt":"REREREREZmZmZmZmCABFAAB+LvRAAL0GxBAKAAABrGhdUJ\/qAbvjN22TlQO9DFAYAfXK5QAAFwMDAFFabSFzRWPlZVKWzVkzQqDNwl3RlR5jphaFJDPBgV+CTmoVTmB0SLiXAGsFcB3shFjQukJa1DJWCTsOPPotW0xzi+wcsm0T4LkQV8d6PaOHtYA="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310588567,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310588567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739310588567,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310588567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_usec":946739310588567,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="} -01415{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310588567,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310588567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739310588567,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns1.dnscrypt.ca","domainame":"dns1.dnscrypt.ca","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01374{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310588567,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310588567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739310588567,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns1.dnscrypt.ca","domainame":"dns1.dnscrypt.ca","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310697795,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_usec":946739310697795,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="} -01460{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739310588567,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310697795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":3100,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":3100,"midstream":1,"thread_ts_usec":946739310697795,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns1.dnscrypt.ca","domainame":"dns1.dnscrypt.ca","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01419{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739310588567,"flow_src_last_pkt_time":946739310588567,"flow_dst_last_pkt_time":946739310697795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":3100,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":3100,"midstream":1,"thread_ts_usec":946739310697795,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns1.dnscrypt.ca","domainame":"dns1.dnscrypt.ca","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":946739310700192,"flow_dst_last_pkt_time":946739310697795,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739310700192,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":946739310700329,"flow_dst_last_pkt_time":946739310697795,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739310700329,"pkt":"REREREREZmZmZmZmCABFAAB+z7RAAL0GqRgKAAABp3LcfZKaAcWpCIlwh0yCelAYAfVFHQAAFwMDAFFigyjvaz4NANCTzY4A\/FUXStyH+vseBven0alEeSEgvizXGcy1JnutBrGtSy8oe\/Q87ZYytxhafI\/Pby87ceV10hAtpAb+z8MULO4M5g4llwg="} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":946739310700554,"flow_dst_last_pkt_time":946739310697795,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":946739310700554,"pkt":"REREREREZmZmZmZmCABFAADXz7VAAL0GqL4KAAABp3LcfZKaAcWpCInGh0yCelAYAfVFdgAAFwMDAKrhH5lHsVppiHapV0zMHNQK3jqxCpj8r+ER9OICFkNzJz9qMJa5JYEXb22MhKW4BH33WnJ2LmSW5MNK8j08SmNpIfM2RW6B6MFQCpHtWW9tEcGzveBruJEzzvXnhr3LZ5undg3ELbCtFU1iSyysu6j3nVfIFS3ncxFxzeF7SNyd5mNUDjIyfOHruygpvCXPI1LCM85A11NVhG1DXv\/2DVueewebUqyir10dfA=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310980322,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739310980322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739310980322,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739310980322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_usec":946739310980322,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="} -01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310980322,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739310980322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739310980322,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"odvr.nic.cz","domainame":"odvr.nic.cz","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739310980322,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739310980322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739310980322,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"odvr.nic.cz","domainame":"odvr.nic.cz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739311016000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_usec":946739311016000,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"} -01672{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739310980322,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739311016000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":3003,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":3003,"midstream":1,"thread_ts_usec":946739311016000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"odvr.nic.cz","domainame":"odvr.nic.cz","tls": {"version":"TLSv1.2","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B","blocks":0}}} +01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739310980322,"flow_src_last_pkt_time":946739310980322,"flow_dst_last_pkt_time":946739311016000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":3003,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":3003,"midstream":1,"thread_ts_usec":946739311016000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"odvr.nic.cz","domainame":"odvr.nic.cz","tls": {"version":"TLSv1.2","server_names":"odvr.nic.cz","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B","blocks":0}}} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":946739311048333,"flow_dst_last_pkt_time":946739311016000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":946739311048333,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":946739311048333,"flow_dst_last_pkt_time":946739311082444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":946739311082444,"pkt":"ZmZmZmZmRERERERECABFAABb5XxAADUGXze5K4cBCgAAAQG7lSox5LEIq4QpxVAYAO3kswAAFAMDAAEBFgMDACgM3BAgXmTBrS3s\/v\/TLpgtdJ4pAYEQBzm8bgZO9q3GlVtpE11XxqpT"} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":946739311048333,"flow_dst_last_pkt_time":946739311082460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":946739311082460,"pkt":"ZmZmZmZmRERERERECABFAABO5X1AADUGX0O5K4cBCgAAAQG7lSox5LE7q4QpxVAYAO3YLAAAFwMDACEM3BAgXmTBrtvUUjN4IXyxDqm09\/JiypfLAmSXnwNvJzM="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311335665,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311335665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311335665,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311335665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739311335665,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311335665,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311335665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311335665,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311335665,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311335665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311335665,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311357881,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739311357881,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311335665,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311357881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739311357881,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311335665,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311357881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739311357881,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":946739311335665,"flow_dst_last_pkt_time":946739311358034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_usec":946739311358034,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":946739311394899,"flow_dst_last_pkt_time":946739311358034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739311394899,"pkt":"REREREREZmZmZmZmCABFAAB48XFAAL0G+T4KAAABCQkJCso6Abuxr7sBL4f\/61AYAfXTOQAAFAMDAAEBFwMDAEVsvNBLawQQ\/QfxJf3NLpeF7eAiUlhCDm37dRf6vXOC0VcPLFJUrmdWYdRdI8w8wDD+uKAkMT3Wsv2DaZVXdNXVQPPAkgM="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":946739311395002,"flow_dst_last_pkt_time":946739311358034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739311395002,"pkt":"REREREREZmZmZmZmCABFAAB+8XJAAL0G+TcKAAABCQkJCso6Abuxr7tRL4f\/61AYAfXTPwAAFwMDAFFoIkgZAncDrVQtZhxU59u2TnfYXuklezZY\/lnRCXnYBC1Rn+rtNjTEGwm84kLz7QwRhvXYq2B9+mlphTgCBe3P2jyxhVVoBcmooRlGblt7DM8="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311566393,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311566393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311566393,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311566393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739311566393,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311566393,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311566393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311566393,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311566393,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311566393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311566393,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311603972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739311603972,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311566393,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311603972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739311603972,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311566393,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311603972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739311603972,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":946739311566393,"flow_dst_last_pkt_time":946739311604153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_usec":946739311604153,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":946739311606690,"flow_dst_last_pkt_time":946739311604153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739311606690,"pkt":"REREREREZmZmZmZmCABFAAB4TLRAAL0GMlEKAAABuYbEN9gaAbsU0wWIjAL7slAYAfU+5QAAFAMDAAEBFwMDAEX5LOrm\/q2t2eUGDASTuROoLPaXY3V7nIjXeCI2LSFnWiFzKh+skLRrkkkVsvCS7j6wsu3v4MgbuWujQFuzeh3uUOaKgmo="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":946739311606815,"flow_dst_last_pkt_time":946739311604153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739311606815,"pkt":"REREREREZmZmZmZmCABFAAB+TLVAAL0GMkoKAAABuYbEN9gaAbsU0wXYjAL7slAYAfU+6wAAFwMDAFExh0tAyckORIsAyWSkeVyMG1coXJ4zHtSy0EnQML4KrQawGJNWi7QaLyPqSsPuMMVvSIQJabV34HcU64MxycruXFBNdtWfhrY94XOKn7mHGQ8="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311703652,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311703652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311703652,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311703652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":946739311703652,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311703652,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311703652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311703652,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsnl.alekberg.net","domainame":"dnsnl.alekberg.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739311703652,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311703652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739311703652,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsnl.alekberg.net","domainame":"dnsnl.alekberg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311732715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739311732715,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311703652,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311732715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739311732715,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsnl.alekberg.net","domainame":"dnsnl.alekberg.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739311703652,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311732715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739311732715,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsnl.alekberg.net","domainame":"dnsnl.alekberg.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":946739311703652,"flow_dst_last_pkt_time":946739311734143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":946739311734143,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":946739311735907,"flow_dst_last_pkt_time":946739311734143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739311735907,"pkt":"REREREREZmZmZmZmCABFAABovxNAAL0GjeAKAAABMw980MyiAbu+o\/kIhj5VfVAYAfVw9gAAFAMDAAEBFwMDADUgVFuFuNgwePbawSbqpxqNFUCOzmkYzG2pGl01BK01AFH98ErPdE\/IsFBOcddeF+MHO+I0\/g=="} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":946739311736019,"flow_dst_last_pkt_time":946739311734143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739311736019,"pkt":"REREREREZmZmZmZmCABFAAB+vxRAAL0GjckKAAABMw980MyiAbu+o\/lIhj5VfVAYAfVxDAAAFwMDAFEtdUh44cEGQdA3iHwUtUH1NhGg8lVZ04bNaTVbyKMgEel2TlTxN4YD1\/YJJ3t8IZOkmDbABbG1rTX\/m4jdYwD9NvWe4\/dWFtcJFflMl6AIJvE="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312203391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739312203391,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312203391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_usec":946739312203391,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312203391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739312203391,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rumpelsepp.org","domainame":"rumpelsepp.org","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312203391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739312203391,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rumpelsepp.org","domainame":"rumpelsepp.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312226652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739312226652,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"} -01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312226652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739312226652,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rumpelsepp.org","domainame":"rumpelsepp.org","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312226652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739312226652,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rumpelsepp.org","domainame":"rumpelsepp.org","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312226720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739312226720,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"} 00993{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":946739312203391,"flow_dst_last_pkt_time":946739312226748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":393,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":393,"pkt_l4_len":359,"thread_ts_usec":946739312226748,"pkt":"ZmZmZmZmRERERERECABFAAF7J6RAADYGMll0y7P4CgAAAQG7ovhHE1SsaJwjAlAYAfVGjQAAa5XmI3QYf4U3GsgNUiYg6nE+sTM2tlCEaWD8a+yhV47rmE6kvvkUyHudhyGiVLBix\/s2Tl66k6oMofRZkQrLXScZtdHRIfQgK9btbsMM1xTaTzfknUCL8Cww5biZh9NDUry8F8w5qpojEKHzH3A3\/4lC6uHgw2s20sHxwLZeI\/SjDolPw0HgqtQ7HRGthKZGgTF7EF5W3jX9zyxYcKT5Z+6a10K\/AJDS4B9NuFR6g1KQ6qPeFwMDAGD+4QCAyHAuMeUJDl\/3cFciykXBFAH+fIJCuocOnRHoaZKbLjxfCuEOFssJeNkoB7QqAW9OD5gzqBZNRuNAkbcUPEYKafd8lUfYNtA6Qc4Hu\/0eRYaPXNNUA8lYtFnGE6cXAwMANeAmEtdH6fzebaiXt7tDhzhyIraQebUR9GWfb0bTVPXdXtGXRnRa+RFnQlFlafsVPs9+iBkn"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":946739312229199,"flow_dst_last_pkt_time":946739312226748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739312229199,"pkt":"REREREREZmZmZmZmCABFAABoaJNAAL0Ga3wKAAABdMuz+KL4AbtonCMCRxNV\/1AYAfXp2gAAFAMDAAEBFwMDADVrZKXXCOBBCDNpYRE7STWc\/HnJjONF20ovpuvcRz\/QdPSitaw7jbrSJSqUOOsH\/fAYewK\/Rw=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317842290,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317842290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739317842290,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317842290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739317842290,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317842290,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317842290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739317842290,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.ffmuc.net","domainame":"doh.ffmuc.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739317842290,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317842290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739317842290,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.ffmuc.net","domainame":"doh.ffmuc.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317868005,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739317868005,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317842290,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317868005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739317868005,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.ffmuc.net","domainame":"doh.ffmuc.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739317842290,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317868005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739317868005,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.ffmuc.net","domainame":"doh.ffmuc.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":946739317842290,"flow_dst_last_pkt_time":946739317869199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_usec":946739317869199,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":946739317871016,"flow_dst_last_pkt_time":946739317869199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739317871016,"pkt":"REREREREZmZmZmZmCABFAAB4y\/ZAAL0GD5IKAAABwx5eHOp6AbvJsoY0MUIKklAYAfXiYQAAFAMDAAEBFwMDAEW5sMLbd0gmem1uKXhOn4xsScvIMh841vOSv25s7WegMWRU2Aswoauuqax20OLYWSZS0GCafTK4XRon6bwmx9k2Q1hF9xw="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":946739317871144,"flow_dst_last_pkt_time":946739317869199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739317871144,"pkt":"REREREREZmZmZmZmCABFAAB+y\/dAAL0GD4sKAAABwx5eHOp6AbvJsoaEMUIKklAYAfXiZwAAFwMDAFFGa1RBxhcsaVS1JTQbsm6b3akfyKh\/Q2QTKdRkJM6NqfDPzD3c5QZ89kS9wTJn28NiChl0RiDJUJUnuw7FkiBDzP828V4cNxsAiVSYcyY6e6Q="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739336955395,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336955395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739336955395,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336955395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_usec":946739336955395,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739336955395,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336955395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739336955395,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.dnshome.de","domainame":"dns.dnshome.de","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739336955395,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336955395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739336955395,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.dnshome.de","domainame":"dns.dnshome.de","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336992908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739336992908,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"} -01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739336955395,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336992908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739336992908,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.dnshome.de","domainame":"dns.dnshome.de","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739336955395,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336992908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739336992908,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.dnshome.de","domainame":"dns.dnshome.de","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":946739336955395,"flow_dst_last_pkt_time":946739336992967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":946739336992967,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":946739336995910,"flow_dst_last_pkt_time":946739336992967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739336995910,"pkt":"REREREREZmZmZmZmCABFAAB4M0pAAL0GpKcKAAABuelq6LZCAbsgVVPzybMXxlAYAfXl+AAAFAMDAAEBFwMDAEUCA\/YbRSqPjsGQUsI7BDvq7g3hnx8stX\/\/v2CQCTsComt49V00Fj0d8MRffKPSBQAZmRH9pre9c9BbaPqDdrxQX\/Gf1xA="} 00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":946739336996291,"flow_dst_last_pkt_time":946739336992967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"thread_ts_usec":946739336996291,"pkt":"REREREREZmZmZmZmCABFAAF3M0tAAL0Go6cKAAABuelq6LZCAbsgVVRDybMXxlAYAfXm9wAAFwMDAFFiDwiRDXElbRhM59ReF6s2xqZG8RLQbqz4wpPrraKkN\/Q3HPC6T46YslyC7AJMSo1NEY1ep3FOrNlIA11HSwsb5eOMMpx8WNDUcPEe1r1vVzwXAwMApUI30qxbqbhWVyYGeOCEKJy06pkPug+PlPNXOwNqmcyrZw643t3j6fa+nNEdRxSXRCRihM1WRyQ8iDH\/Q6XjG26+a3iPD20brSBgI4tGq7G71TfgEfNyG78PMIFUuUshkFsOPrECbUFrz0HKwT8gbHFBzWhP05NjVu8n\/gZhYtaxOtJ07AMV4usaM8JCEutaHKQ3nCC\/lD\/U1rGT4byhQ2tvATBrCRcDAwBKAo5u9aU\/uRFkDbdy7aiGyC6ZSDQdw31Itx4Bjw1AGDdS3RRyIuBDENoUs4sCaKjPHDchsbmbEb3Gdh0r7veFFmABVf5P8Ws6UQ0="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348407664,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348407664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739348407664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00921{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348407664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_usec":946739348407664,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="} -01415{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348407664,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348407664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739348407664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns2.dnscrypt.ca","domainame":"dns2.dnscrypt.ca","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01374{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348407664,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348407664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739348407664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns2.dnscrypt.ca","domainame":"dns2.dnscrypt.ca","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348519522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_usec":946739348519522,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="} -01460{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348407664,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348519522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":3098,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":3098,"midstream":1,"thread_ts_usec":946739348519522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns2.dnscrypt.ca","domainame":"dns2.dnscrypt.ca","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01419{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348407664,"flow_src_last_pkt_time":946739348407664,"flow_dst_last_pkt_time":946739348519522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":3098,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":3098,"midstream":1,"thread_ts_usec":946739348519522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns2.dnscrypt.ca","domainame":"dns2.dnscrypt.ca","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":946739348521785,"flow_dst_last_pkt_time":946739348519522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739348521785,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":946739348521926,"flow_dst_last_pkt_time":946739348519522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739348521926,"pkt":"REREREREZmZmZmZmCABFAAB+D11AAL0Gc\/oKAAABlTjkLYysAcV+b2VT8dMaQ1AYAfU6kwAAFwMDAFErq550LH95uke0rm23VPceTqLIT5XXzMqalNs7I2JJrXOWUChHedceFo52rS2b6I6rUVra47JaBhmqJSjZZC8zmJ2wvcqD4AZr7WxTsoZAniY="} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":946739348522094,"flow_dst_last_pkt_time":946739348519522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946739348522094,"pkt":"REREREREZmZmZmZmCABFAADYD15AAL0Gc58KAAABlTjkLYysAcV+b2Wp8dMaQ1AYAfU67QAAFwMDAKsOGAidzVIImZBe8IrlHfcbcM11mmaHWvkM7H5DrafIKyBdOKxCc4GdZm+Qq+PXfPf0ndmV5FWH7h+IZADqRJal\/xOyFOe6Purf+ohwLWuQQt\/ZupLyqJH7ZZNQ9xhnhti95OsaKR2Y1b4EKds3ijmnaoMndpYL0W0+RcfMCAznlz3IcmNPTwpP+DR23n6pUpxgqmz18syHYKiy0yZrey0DrSIKjKAW6G9+eko="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739348961764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739348961764,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739348961764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":946739348961764,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739348961764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739348961764,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsse.alekberg.net","domainame":"dnsse.alekberg.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739348961764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739348961764,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsse.alekberg.net","domainame":"dnsse.alekberg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739349012422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739349012422,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739349012422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739349012422,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsse.alekberg.net","domainame":"dnsse.alekberg.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739349012422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739349012422,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dnsse.alekberg.net","domainame":"dnsse.alekberg.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":946739348961764,"flow_dst_last_pkt_time":946739349015352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":946739349015352,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":946739349015974,"flow_dst_last_pkt_time":946739349015352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739349015974,"pkt":"REREREREZmZmZmZmCABFAABoPz5AAL0G1JsKAAABLZm7YJSCAbsJfFOfn27vwlAYAfWqEAAAFAMDAAEBFwMDADXzhu9IckZdRF5p9rktj4FIPv\/RwuhvcZ5iWKfecDRsL5LtFLthbeqdmQGRbwyypD9mazUNOQ=="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":946739349016008,"flow_dst_last_pkt_time":946739349015352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739349016008,"pkt":"REREREREZmZmZmZmCABFAAB+Pz9AAL0G1IQKAAABLZm7YJSCAbsJfFPfn27vwlAYAfWqJgAAFwMDAFFS6HSolQONUAW59PBdGtgVHQTC6yJoVCA4lOkKUOgLspS0M5eGwl4vbADuT6W\/63Ogy8VduvtD38O7x2SBJDrj07p4QErHcergSl3nvKoUwYU="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739354159307,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354159307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739354159307,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354159307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739354159307,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739354159307,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354159307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739354159307,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739354159307,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354159307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739354159307,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354179666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_usec":946739354179666,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739354159307,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354179666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3114,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3114,"midstream":1,"thread_ts_usec":946739354179666,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739354159307,"flow_src_last_pkt_time":946739354159307,"flow_dst_last_pkt_time":946739354179666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3114,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3114,"midstream":1,"thread_ts_usec":946739354179666,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":946739354182236,"flow_dst_last_pkt_time":946739354179666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739354182236,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":946739354182350,"flow_dst_last_pkt_time":946739354179666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739354182350,"pkt":"REREREREZmZmZmZmCABFAAB+sYFAAL0GQE8KAAABuetRAa5gAbtwXMSLYngMcFAYAfXMGQAAFwMDAFGixfX+jyF1WhRHrN0+9CkAoYVj9DMr4YJ1kGbeEieNSecS+q0w\/iwl0yO2jmQwPz4JR3HyX5YbhQTrE+hYVumNbIkZKWuNU8LLxZezccE+lJ0="} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":946739354182529,"flow_dst_last_pkt_time":946739354179666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739354182529,"pkt":"REREREREZmZmZmZmCABFAADTsYJAAL0GP\/kKAAABuetRAa5gAbtwXMThYngMcFAYAfXMbgAAFwMDAKbK9JgVHlFfw34FW0sw7dqQdGptZcZlO2RVkyCS9wnAksDujYS\/HvTuJaYyWrH+y2X4Bmu1xtRT05JwyRgxId\/Ba7+JzaKKgwintj3e33DfQyGya0AOLueZ+\/oQp7LSw9HD2MZM1r2dZ5ajI\/ki9R13QBfBlmX9ZJhMygxhpuJ\/kgAEbTo1exiYt1KPairdfATdtJ33NozQdJtvL9vaKpTjWkiyjKod"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374011190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739374011190,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374011190,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739374011190,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374011190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739374011190,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.libredns.gr","domainame":"doh.libredns.gr","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374011190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739374011190,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.libredns.gr","domainame":"doh.libredns.gr","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374036272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_usec":946739374036272,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374036272,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3125,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3125,"midstream":1,"thread_ts_usec":946739374036272,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.libredns.gr","domainame":"doh.libredns.gr","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739374011190,"flow_dst_last_pkt_time":946739374036272,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3125,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3125,"midstream":1,"thread_ts_usec":946739374036272,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.libredns.gr","domainame":"doh.libredns.gr","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":946739374036951,"flow_dst_last_pkt_time":946739374036272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739374036951,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":946739374036988,"flow_dst_last_pkt_time":946739374036272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739374036988,"pkt":"REREREREZmZmZmZmCABFAAB+9D1AAH4GIpsKAAABdMqwGqhiAbtWR3NoNJT\/BlAYAfXmEQAAFwMDAFElX+TKJBiopImIj2GXQOtwcKaEiElkh8K2UhzQ0jUKPgTXoSqnHz5ocovk7BGGFmhJ86k+WLCOTysTJDvQuF8U0maWZ1+mvmRXguvsmflwWCA="} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":946739374037045,"flow_dst_last_pkt_time":946739374036272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739374037045,"pkt":"REREREREZmZmZmZmCABFAADT9D5AAH4GIkUKAAABdMqwGqhiAbtWR3O+NJT\/BlAYAfXmZgAAFwMDAKa4vc8Mrjz1P93k75fEHIClEV7TNmkIFwWl\/1AVOuTvIrxY9revacc0XrdxN40np8KrY4KxIZxf4IUauu1u\/n+AqXbQHYwvrskX9qmD6BDtChuI2f36i5DNyXHNbP6X+z0PV63njfV1lCHhAzCnzpgOU6S3kxl+xtdlvsM\/YbjgGP9PXPXPCaKSUZs6ZKIy0FGbC45IvrIAh1RuNDWWb3MhJ43W1rsH"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378281333,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378281333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739378281333,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378281333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":946739378281333,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378281333,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378281333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739378281333,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ibksturm.synology.me","domainame":"ibksturm.synology.me","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378281333,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378281333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739378281333,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ibksturm.synology.me","domainame":"ibksturm.synology.me","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378310897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_usec":946739378310897,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"} -01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739378281333,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378310897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":99,"midstream":1,"thread_ts_usec":946739378310897,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ibksturm.synology.me","domainame":"ibksturm.synology.me","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739378281333,"flow_src_last_pkt_time":946739378281333,"flow_dst_last_pkt_time":946739378310897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":290,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":99,"midstream":1,"thread_ts_usec":946739378310897,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ibksturm.synology.me","domainame":"ibksturm.synology.me","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":946739378311104,"flow_dst_last_pkt_time":946739378310897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":946739378311104,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"} 01064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":946739378345011,"flow_dst_last_pkt_time":946739378310897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":445,"pkt_l4_len":411,"thread_ts_usec":946739378345011,"pkt":"REREREREZmZmZmZmCABFAAGv6MdAAH4GntkKAAABVQVd5uaSAbv2ZmJYaR4ABFAYAfZ1SQAAFgMDAYIBAAF+AwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAEPAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwCLAIkAGQCFBAB6WaWPH4a58n9Vy55153vrND8HYB2nYEr9eTtZhQvr+K0wZRqcd7gi5my3icRP+cC95AMjv\/RLUwvWTvGJ7GfxsQEr1DgaPphz4mtIisyUKe88RjwGENhqVmgi77BxTjgWyUr8yPxR8mF6KE\/7+m+uTvX0I8U7batlyYLLDKS1f5LZug=="} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":946739378345011,"flow_dst_last_pkt_time":946739378399920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739378399920,"pkt":"ZmZmZmZmRERERERECABFAAXU5iVAADQG51ZVBV3mCgAAAQG75pJpHgAE9mZj31AQAFN8ZQAAFgMDAN8CAADbAwNIKgS7jpOm3HVoUCYARJcxpv0e2pnrGqQEP1+d4\/l+rCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAACTACsAAgMEADMAiQAZAIUEAeE\/O1tgYRiVcokShB4pBhHDtpOcmZTWZEJ3WWyUiziuftscb\/mJOaokEXG\/H9g0yLEWB6CYoRWEF2tWUaOQd6sTAO9QnSQcXwEgCwxj+oPPoyoRl87ZgP80IUzDPKqvRKWEd6LgyUEknnYWgB+jfMPhukTtsx2LumAfGk98NtpA\/Y92FwMDACSr7z10NJZX97cncZDfxTIwqcwGEk0dFMzRmunG4z6NhW1TAfkXAwMLmEHWpQFir83wP+qLpcDdLZW4kfLuaEE0xA1iqgZkBheEyhI3OMt3rG1GomTFacOUZKnqvPeVzno1kubg0a7bcO4s+YnZC1nllBAdtvwi6JhitnO\/qjjdgMZh\/toQx7dbXIDaEOpUhk4DSiC0pUn3TLQKP3QnDI9J6zM\/3hICQypUyN2XsBOpO8Kshs6tkPyJK0t04n92xfic2KaN2Du\/Y1RoSYDwYopY2uXDNlJAvFiSENQaucl5hJ9HUtqf6rL3R1PqqoGdeIIxyO3C8N4bRz38oiP7dj09QADhqmrSh1Legt+MEbxdo4Wz79uT4OIPw\/IXrrT4dwDE0bIkqCAh8ZHWYt6d3mYUiSaXSMdKVroLUqZQNEJ1HcMZXXI+QLTq8f0tMM4vTRPw6Wu29zr6y1zCwa9vadztxDuj4SJfvF+St\/LC8yEYi\/J0fLkVsinvDOvwDtpr1V2y4ijKD3S07Klb97dV14s\/pG6hRWBCvbGJB9riC4jEGBwZKuJiaT5s6xhqnCvV37jwn43s\/D7fFp+UVFfyRiNFyK6wgrgqkEfn0qgK0Ou4sL1Cd3lScMu8A+imAP0aXG7\/gOb\/g7KSazB0sr9F0croUvc0GcTkm3wrnpIQJxOymC8rbzj\/XSzgt59E4CqWr8bUGBapyNrHFRvwkdyBCGd3y4scXqG\/Bo3tmOuYomiagmMReDh+R6GpvvfDKYO1EmlF+lxcpd07Fv3rJ7XYZzARykPnnIiJHWh432oHR1mLpKPn4oV0AI9rbnn0yDsU1Bdb2MHFCaSpTN05WNJWbTP6sYNJ4dynOQs86xCEbEop9leaORUo8Xqei5+PKZHngeuMm6Eq69P\/NtmUxGz58M8MFrdv7iFa32SUnywxkzwuzDKIcksuVZ\/AHuAB3SJ16GMM4vDhfs+GYHSQ3Po6XX4hItqlv39HCOEZkFi7UMoYaI2eO3GdWpUDSkCO9S+5Uyd9Sm0fpq2THrBwTW1RL01ZCb6bGHsFOfJCmi8Ws7P\/\/1IHcGrh85znh6nQmHTxjoApqeasI9XpcCWdYL33T6WNFdF5Jlav9dxM63W0CEDj+a4Aamok7CsgWVcV0L3J95x6l\/zeL3w2i1vG1phsbz+mD7g6OvKF9niHovEgSt4Kvra1qBNJlFzpfDWQ9NHtQUdKY6diuNbxRIgbkIUGd3iC4eO7dJkU3QmiXgSscI7RsZbU0R7ZkTQ4P5mOoyawOvyeYnAXHr1FBqoE6RrsGRpSAmtwgpW1pdvdXyPaMNzNzem\/M1tvoMiwfNnJtjjhnmv5EircGjwGDyJoWlqSIVlyNtdTCeRW2iQQ03JtUQ68\/wW3LtE6ur2KJC6mT+60DD45BXln4xqxdhWlGDqQOgWqwD27VpZ5PBdtwxXSwZpk706PnevI7Qf+i9CpJGbsk+AncI73f2sTM+rnD0RGZ8nTSUL5\/bwfnj+ZSyVJF22P9CO+knTzkqATHmcTXgNaDO8DyL0VCPWn\/oSyyTq1PzfGzhLb0F61LpkqLtUE8Dldgms5IjzNdOv4UPecjmkytayLd+PP4CmYKkWyv+3Al7b0UgDw"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378577768,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378577768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739378577768,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378577768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739378577768,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378577768,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378577768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739378577768,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiarap.org","domainame":"jp.tiarap.org","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739378577768,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378577768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739378577768,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiarap.org","domainame":"jp.tiarap.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 03923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378607705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_usec":946739378607705,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739378577768,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378607705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":2503,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":2503,"midstream":1,"thread_ts_usec":946739378607705,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiarap.org","domainame":"jp.tiarap.org","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739378577768,"flow_src_last_pkt_time":946739378577768,"flow_dst_last_pkt_time":946739378607705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":2503,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":2503,"midstream":1,"thread_ts_usec":946739378607705,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jp.tiarap.org","domainame":"jp.tiarap.org","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":946739378610153,"flow_dst_last_pkt_time":946739378607705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739378610153,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":946739378610269,"flow_dst_last_pkt_time":946739378607705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739378610269,"pkt":"REREREREZmZmZmZmCABFAAB+LyxAAH4GiFMKAAABaBwcIoO8AbvZKqZtoyMiIFAYAfVFawAAFwMDAFEdfSV7R53tWPLwbpLAvpYZkl19\/BcxP+TDWyhLaoxetWjrDvoUAtcNmsNiuCZnkdjB+V3dT5jW3XlxFbDY728t\/WQMk1LbxBUFh8jkvOtgrcU="} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":946739378610406,"flow_dst_last_pkt_time":946739378607705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_usec":946739378610406,"pkt":"REREREREZmZmZmZmCABFAADRLy1AAH4Gh\/8KAAABaBwcIoO8AbvZKqbDoyMiIFAYAfVFvgAAFwMDAKSMB\/dBKj3UpGjMiH6\/1VnkucRlgJJUh+qKTpK1hnLktIkXTIZNK771WiAD8CCQWY\/50puGvx13gF6dxepR2eZrDXtNRM3+WITv7yAVM2zLslCIU6mXHswTWezDiNss0zAMjO5iTucBRew73pLZ7zSDttwfLKSZX3jAzQuGsed6FSQJLBSwHHVgAkaiewtxnPDS+tpjzWocy6dfvO6T067l7AmVDQ=="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380697543,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380697543,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739380697543,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380697543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":946739380697543,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380697543,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380697543,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739380697543,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.cloudflare.com","domainame":"dns.cloudflare.com","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380697543,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380697543,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739380697543,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.cloudflare.com","domainame":"dns.cloudflare.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380725098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_usec":946739380725098,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"} -01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380697543,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380725098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2838,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2838,"midstream":1,"thread_ts_usec":946739380725098,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.cloudflare.com","domainame":"dns.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380697543,"flow_src_last_pkt_time":946739380697543,"flow_dst_last_pkt_time":946739380725098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2838,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2838,"midstream":1,"thread_ts_usec":946739380725098,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.cloudflare.com","domainame":"dns.cloudflare.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":946739380727790,"flow_dst_last_pkt_time":946739380725098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739380727790,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":946739380727917,"flow_dst_last_pkt_time":946739380725098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739380727917,"pkt":"REREREREZmZmZmZmCABFAAB+sgZAAH4GiLYKAAABAQAAAdIqAbvH6z+rSWN0\/1AYAfXCLQAAFwMDAFFrhWmS7Y1bCOIeKODPz+I7YfqENoT6TMuVqwyG4G3SX6UxpkGUbLXAM6aI3cio6qRGa53fwYiMMoMH2Pgmh7dvXF8VRjQEWsyymfdbjhOkNcQ="} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":946739380728094,"flow_dst_last_pkt_time":946739380725098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_usec":946739380728094,"pkt":"REREREREZmZmZmZmCABFAADVsgdAAH4GiF4KAAABAQAAAdIqAbvH60ABSWN0\/1AYAfXChAAAFwMDAKhknTtbWPjKRxC8RF8H9CkmrA+Bk9ZccxNWxVGeMn2xlgfxJ+N\/oa2lauG31Sz2Z1dteZDbkTjSzDgqVARVb0wPo6eAtwO4lFO50Slr19o+QoMq7p+H6F9zmQss+aX8BSdKO823UvcZWjEYIciGcgJZ3gCCgxZcU44M0uB2tLCuz3HkSp0QwPOmeFciqWF26PpPzwsdHrIS34z6Hc1U7Hanulmh94TGEzY="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380870131,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380870131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739380870131,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380870131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_usec":946739380870131,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380870131,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380870131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739380870131,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.nextdns.io","domainame":"dns.nextdns.io","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739380870131,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380870131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739380870131,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.nextdns.io","domainame":"dns.nextdns.io","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380903397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739380903397,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380870131,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380903397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739380903397,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.nextdns.io","domainame":"dns.nextdns.io","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739380870131,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380903397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739380903397,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.nextdns.io","domainame":"dns.nextdns.io","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":946739380870131,"flow_dst_last_pkt_time":946739380903454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_usec":946739380903454,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":946739380907201,"flow_dst_last_pkt_time":946739380903454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739380907201,"pkt":"REREREREZmZmZmZmCABFAABoC7xAAH4G5r0KAAABLVocAII6AbvzwYjhjc3lD1AYAfUKcQAAFAMDAAEBFwMDADXqnL\/aOrn0ACDUNs\/5OlNFpIHBA+TE3F8+\/Z5EIvZ1VnRDRjwJhogJkYt\/Q3H0b0fjAhpU+w=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":946739380907355,"flow_dst_last_pkt_time":946739380903454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739380907355,"pkt":"REREREREZmZmZmZmCABFAAB+C71AAH4G5qYKAAABLVocAII6AbvzwYkhjc3lD1AYAfUKhwAAFwMDAFFzwYDG03zIsCu775EDRZ4OSzL00weZVbglbgfpbwM8U7J+7uomYsjKj6MjKfVgOgHkAPvTphVgv8ZNnos8qRet2Hk8sVVcepl6hWnfJr3ih7o="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385090774,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385090774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739385090774,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385090774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_usec":946739385090774,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385090774,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385090774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739385090774,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.powerdns.org","domainame":"doh.powerdns.org","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385090774,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385090774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739385090774,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.powerdns.org","domainame":"doh.powerdns.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385124265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_usec":946739385124265,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="} -01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739385090774,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385124265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":3116,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":3116,"midstream":1,"thread_ts_usec":946739385124265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.powerdns.org","domainame":"doh.powerdns.org","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739385090774,"flow_src_last_pkt_time":946739385090774,"flow_dst_last_pkt_time":946739385124265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":286,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":3116,"flow_src_tot_l4_payload_len":286,"flow_dst_tot_l4_payload_len":3116,"midstream":1,"thread_ts_usec":946739385124265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.powerdns.org","domainame":"doh.powerdns.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":946739385126461,"flow_dst_last_pkt_time":946739385124265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739385126461,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":946739385126589,"flow_dst_last_pkt_time":946739385124265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739385126589,"pkt":"REREREREZmZmZmZmCABFAAB+rgRAAH4GLYoKAAABiJDXnsvQAbv3Oz7aep+GTVAYAfUhXAAAFwMDAFFwNNZDnjPK+shBymQiVBXbt7xi202dOQR8Rrb+yjJPWnLgMbhsBD51RnG9LISVe3Ei\/llN05tBlMIcUdZIzxbBUHgMMlLa7+nN2BwIgI3qz\/Q="} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":946739385126743,"flow_dst_last_pkt_time":946739385124265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":946739385126743,"pkt":"REREREREZmZmZmZmCABFAADOrgVAAH4GLTkKAAABiJDXnsvQAbv3Oz8wep+GTVAYAfUhrAAAFwMDAKFAqHgt5ACD\/Hcnb0rfPawr1OJLN70nlF3dkYhA7ZQCOVewA6hwaIedDAlnDsEzTPRBpJWDv46vr2npo9S7MmryglbookGhf8BtnT5kHpryQnIxzmMUSkMe06vjg0NEJ8B00c40pwt2ffEb9ttTkd+oxC3Whylux+1Us6Kk9rBwv9Fj9VurRmLTFoD8b6q2+TC8GBevn3AcTvwA4+53G6VP4g=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385216755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739385216755,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385216755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739385216755,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385216755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739385216755,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.crypto.sx","domainame":"doh.crypto.sx","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385216755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739385216755,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.crypto.sx","domainame":"doh.crypto.sx","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385246047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946739385246047,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385246047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739385246047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.crypto.sx","domainame":"doh.crypto.sx","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385246047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":946739385246047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.crypto.sx","domainame":"doh.crypto.sx","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01952{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":946739385216755,"flow_dst_last_pkt_time":946739385246097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_usec":946739385246097,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":946739385249072,"flow_dst_last_pkt_time":946739385246097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":946739385249072,"pkt":"REREREREZmZmZmZmCABFAABoj79AAH4GQ44KAAABaBwAapkuAbuxqiAlTGGdJ1AYAfUpnQAAFAMDAAEBFwMDADU1mfBqFD8uaoHHksUqQF0WMpTshJt1M0V43sKcAkWhg0T\/LJZoQXQ8FIVxhBlb5ZxztNSQTw=="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":946739385249187,"flow_dst_last_pkt_time":946739385246097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739385249187,"pkt":"REREREREZmZmZmZmCABFAAB+j8BAAH4GQ3cKAAABaBwAapkuAbuxqiBlTGGdJ1AYAfUpswAAFwMDAFEr\/4Kxjdy2JlHhHqoeUlzBoSChhU4AhSRE+IUjehRAWKkNfzysT+0Oa50QZXF5YPbgpgDZmub9nHv8hWg+dGd\/l6r8nkjmi0wO7m6LEwq8g1Q="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739389936448,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739389936448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739389936448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739389936448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_usec":946739389936448,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739389936448,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739389936448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739389936448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.seby.io","domainame":"doh.seby.io","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739389936448,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739389936448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739389936448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.seby.io","domainame":"doh.seby.io","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739390265010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_usec":946739390265010,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"} -01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739389936448,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739390265010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1410,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":1410,"midstream":1,"thread_ts_usec":946739390265010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.seby.io","domainame":"doh.seby.io","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01409{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739389936448,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739390265010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":281,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1410,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":1410,"midstream":1,"thread_ts_usec":946739390265010,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.seby.io","domainame":"doh.seby.io","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739390265099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_usec":946739390265099,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"} 02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739390265198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1330,"pkt_l4_len":1296,"thread_ts_usec":946739390265198,"pkt":"ZmZmZmZmRERERERECABFAAUk7z9AAC8G+GwtTHEfCgAAASD7yzz9EkKUWq\/nalAYAfkKnQAAxcNxhA6xEjxlZ373intfSZN4U2+G3f+XvEboDRbmKIP5AyWTb+VftsHBbQDGTbvv0P7GHMQw3FWpHoRzaT5OEEMGXspnLcQMdVJt\/tw1MUWxBTfFzOt+sZ8N\/710Gy4Bj3O\/a3UuTiB+rCwc6qF1hTKT9uD\/hxD5F9bhFMArqmoNvbpY+hI714HwnUz5zHHRRPjSvUySFd\/tIXbrfkjy9Pt8CYYSZpcLvasThOoVyKZp3Qahu4ZiiIlaT4DxIgT8QCtOzJk6I0Q+Kbi71T\/ntSeqr8eLumh5NjzrY5Kchjq8wfLl2k03ViB0CDn4D2UgwiwsDxkMNzqcb8lMMo1gQD4nSSe1HTKCEdTfjeW4m1KYSg\/2CHt2InMeTBNo4EypeUe95bQS\/4al6dlbxS90APbpxC1Ot15Wzla5emO42u677gdPk5x+IpL8d060ErBh1e0rU6rW10Ytu3ysEVjrHpjc83LTEuIvJWJjGzm7fiQIAH0WEfokQAs5rGZEJ9jo3\/cA+xY2Abi2E43T4hJyBHvCQsiGz7LLeaXhOK6ow\/DJSrzicaRq6iEow4oa\/dAxa\/lC\/z3sSXt1FO6I5i6G7U8iS4HSg4JXSdknkzeDAYa1M2UH7\/lqTXtUSwsOqRtyG8QAFMTP0toGOq+jpPVJ\/bfqK9adFd1Ihx473BktjS1eS+Az2RUelP0QamhyG4F\/HotBW64CkuYKqvBlw2M8\/dzezftJzkOkK9SnHzFsbvNm1WODcpOZvO5t\/ogDpFQmoaqVUG+vLQokK42qcP7L2zX3Rcuf5UTBJ3+3S7NmglMobsgnAjUg0fnt8R0VxabOYMarXg2ZlKgdQL3vskU9+YGbJRX\/4oLMm8qznuFxBUiib+oUxtWetjrrNbuk7FNn8WQfXcwwhcTYwgFJatUhqF2EZkTXG1hKlCTom6Clp\/04mCW4wkb9vn4Hv1mTFwMDAhmC4dDt\/pXp38eVi56\/Tc0W3NYb3fwfw2VL4VwasY08aApKk+QVkG8E4WM05dMzJ3tM+KhcV2KgLIeDtX9fuaPzVpJ+l1\/nE7aFrU\/hTzjh+iv9ijKlKaCHhWeLx+4hbwy9iyPZgVrruC++AKQNMCmkT6y3UOURSEZ7M7rToXFjCncVyfIw7wfxB92gr+1qP\/FgvI24PGb8QfU30XaQxNOCDF9LCpfMvKKwJfk5QrSyOTpnJJRSt5xFXiaDt1WVaBAcINL6OKcXAfQ1+K05oASvBKcWxj8IENa4PmDMAbzmQxlcEc0EsN+QoVJv7Ml5\/lBq0C3vaQNMcnpXpIW3ZflF4gFFEBgTG3iqnc8B4K6OdIINgawtBvSiQUdXYJ1bYulpxACvU9kDeJqcY5cJgm6\/uEyTGbWvDouNBuPwtrCrC0IZE1DwuQ6lVKbNp5McCtB0KMSePUvy2t\/bN5v5a347VTUdcaRBTTyL9KlSuC+BMMs9OrwmenbDUePO+6uOBvFaIdzF5\/4ywKnXN0cFOX82njBMRiouOaEA8scTx5CC9CHkqAXua7RnVt6UZ1Ix6mEDU+whUE48uYruJ\/bRj6e4hZx6NdRONMAwMXQBD5wVyxMQCrAsNjv2L5RU2SssVOmQgeKqZ\/mtiPFB31fsdX\/80b2eeE7Q2xITfJ5AWRW2NJ8xT61RsekPZQpNyd7\/bWUZXXwEySVpHNsXAwMANQ0O8C1pUHkvIH9BBA=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":946739389936448,"flow_dst_last_pkt_time":946739390265231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":946739390265231,"pkt":"ZmZmZmZmRERERERECABFAABR70BAAC8G\/T4tTHEfCgAAASD7yzz9EkeQWq\/nalAYAfk2SgAAc4ENe0G5ulHSVo9U8Di2+Rff9T48vIN31l10ubtaT7+HT\/yeAS5vvgc="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739390933403,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390933403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739390933403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390933403,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739390933403,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739390933403,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390933403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739390933403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.aa.net.uk","domainame":"dns.aa.net.uk","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739390933403,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390933403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739390933403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.aa.net.uk","domainame":"dns.aa.net.uk","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390967766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_usec":946739390967766,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739390933403,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390967766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":3111,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":3111,"midstream":1,"thread_ts_usec":946739390967766,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.aa.net.uk","domainame":"dns.aa.net.uk","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739390933403,"flow_src_last_pkt_time":946739390933403,"flow_dst_last_pkt_time":946739390967766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":3111,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":3111,"midstream":1,"thread_ts_usec":946739390967766,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.aa.net.uk","domainame":"dns.aa.net.uk","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":946739390970010,"flow_dst_last_pkt_time":946739390967766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739390970010,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":946739390970156,"flow_dst_last_pkt_time":946739390967766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739390970156,"pkt":"REREREREZmZmZmZmCABFAAB+ddNAAH4G2CkKAAAB2akUF4T0AbuSPuT1lAS3MVAYAfWu7QAAFwMDAFH5fOXuGGQTCSec9DTFnTKi073A3dyDK5aGklXxdlyqkvpUyevkvdQoFRxqD\/oXjlTQmrcRcGuGVlNE943mWtSSfq4hBwQRGa56H8GFDP\/RQpo="} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":946739390970361,"flow_dst_last_pkt_time":946739390967766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739390970361,"pkt":"REREREREZmZmZmZmCABFAADTddRAAH4G19MKAAAB2akUF4T0AbuSPuVLlAS3MVAYAfWvQgAAFwMDAKbOcashR5\/uMF3amwObsbFEZG4juIUud\/eSvh8GM+2\/skB5mrP+x00KhZsh7TmiL5saD+QkYu20S1OFq3z3EABJ7aHU2OgjGgUR7ODTq6fEo3O2ABLyrcG9Ds272JZCpBMNmRtXCFGpAhXKEUch\/vntLpgNQ1ZkdXe8TE6GtgT\/Sgi71RWZ53nstVrSnXdxp9dvYCNB5SywsI0xQcpCQ875V6im+3qb"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400294231,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400294231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400294231,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400294231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":946739400294231,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400294231,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400294231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400294231,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.appliedprivacy.net","domainame":"doh.appliedprivacy.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400294231,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400294231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400294231,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.appliedprivacy.net","domainame":"doh.appliedprivacy.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400340313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739400340313,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"} -01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400294231,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400340313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739400340313,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.appliedprivacy.net","domainame":"doh.appliedprivacy.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400294231,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400340313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739400340313,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.appliedprivacy.net","domainame":"doh.appliedprivacy.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":946739400294231,"flow_dst_last_pkt_time":946739400340375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":946739400340375,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":946739400372740,"flow_dst_last_pkt_time":946739400340375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739400372740,"pkt":"REREREREZmZmZmZmCABFAAB4OfVAAH4GNm0KAAABkv84YqrGAbtdpqfAr2J7z1AYAfWMiAAAFAMDAAEBFwMDAEWvoM+cBnqYmnkRkDPuwLtAUVkYLlQ03USNt7TH6Ov+UQEEyvORaaPH3O3ZNMzL2MgXRjNUDyx4v+rdCpv8GZgAXv9\/o9E="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":946739400372794,"flow_dst_last_pkt_time":946739400340375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739400372794,"pkt":"REREREREZmZmZmZmCABFAAB+OfZAAH4GNmYKAAABkv84YqrGAbtdpqgQr2J7z1AYAfWMjgAAFwMDAFF\/agLwf2hkurOtclPc7PloPgHX8tIH4ISdSa4EvDGmjxH6c1qM4Rsw8Ui8OUp\/ZpG22ARbOXsOsMotn0yCCQpPKADwUIKVj5BjlvTnVXcua0Q="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400581420,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400581420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400581420,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400581420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_usec":946739400581420,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400581420,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400581420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400581420,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.bortzmeyer.fr","domainame":"doh.bortzmeyer.fr","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400581420,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400581420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400581420,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.bortzmeyer.fr","domainame":"doh.bortzmeyer.fr","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400612150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739400612150,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400581420,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400612150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739400612150,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.bortzmeyer.fr","domainame":"doh.bortzmeyer.fr","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400581420,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400612150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739400612150,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.bortzmeyer.fr","domainame":"doh.bortzmeyer.fr","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":946739400581420,"flow_dst_last_pkt_time":946739400612199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":946739400612199,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":946739400614392,"flow_dst_last_pkt_time":946739400612199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739400614392,"pkt":"REREREREZmZmZmZmCABFAAB4putAAH4GfoYKAAABwUZVC9OUAbunNzpyos+hZ1AYAfXXeAAAFAMDAAEBFwMDAEWxR7EUjZHkVtX08CQhsaM\/Xs5Q6DMNginzkPCY+KYKSCqwTiH7uki4RDfQf\/Ey5MQ7C8dbvaWK4mwFe9xZLaA8IB711hA="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":946739400614509,"flow_dst_last_pkt_time":946739400612199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739400614509,"pkt":"REREREREZmZmZmZmCABFAAB+puxAAH4Gfn8KAAABwUZVC9OUAbunNzrCos+hZ1AYAfXXfgAAFwMDAFEBK72qoyavs84v144gQzkZ+lvScOqnCOg4Fxl2R1DXDjRCzInGloAcyb9frAgUO2t8D8mxkuPsXSeiPIHZe9AVf6jmwOKW+LIq2uGYnRymDuE="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400702099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400702099,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400702099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":946739400702099,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400702099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400702099,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400702099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739400702099,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 03299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400727632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_usec":946739400727632,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} -01371{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400727632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2048,"midstream":1,"thread_ts_usec":946739400727632,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400727632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2048,"midstream":1,"thread_ts_usec":946739400727632,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400727678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_usec":946739400727678,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="} -01704{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400727678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":3529,"midstream":1,"thread_ts_usec":946739400727678,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F","blocks":0}}} +01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":946739400702099,"flow_src_last_pkt_time":946739400702099,"flow_dst_last_pkt_time":946739400727678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":3529,"midstream":1,"thread_ts_usec":946739400727678,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","server_names":"jarjar.meganerd.nl","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F","blocks":0}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":946739400729872,"flow_dst_last_pkt_time":946739400727678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":946739400729872,"pkt":"REREREREZmZmZmZmCABFAACFLIZAAH4GTBwKAAAB0frxGYuCAbtSRrRzwAeyDlAYAfWESAAAFgMDACUQAAAhIFrMk2g1XxRnkwN933MQ\/vEuKAIrPsEtdQ8XwZlKgX5QFAMDAAEBFgMDACgAAAAAAAAAAEgtNJFxGFxxxT5Wgfvmxud3VLSSH9hQHBUaUB9qvfYZ"} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":946739400729872,"flow_dst_last_pkt_time":946739400754083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":946739400754083,"pkt":"ZmZmZmZmRERERERECABFAABbuOFAADcGBuvR+vEZCgAAAQG7i4LAB7IOUka00FAYAfVwaAAAFAMDAAEBFgMDAChUn0cMTAufsksasolz73Qdzf\/2+QYz6jP4Gw+eKrW+TSaX2KNtN3mv"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739401864559,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401864559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739401864559,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401864559,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":946739401864559,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739401864559,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401864559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739401864559,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fi.doh.dns.snopyta.org","domainame":"fi.doh.dns.snopyta.org","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739401864559,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401864559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739401864559,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fi.doh.dns.snopyta.org","domainame":"fi.doh.dns.snopyta.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401922095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739401922095,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"} -01341{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739401864559,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401922095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739401922095,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fi.doh.dns.snopyta.org","domainame":"fi.doh.dns.snopyta.org","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739401864559,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401922095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739401922095,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fi.doh.dns.snopyta.org","domainame":"fi.doh.dns.snopyta.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401922153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_usec":946739401922153,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":946739401864559,"flow_dst_last_pkt_time":946739401922171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":946739401922171,"pkt":"ZmZmZmZmRERERERECABFAAB6LHtAADcGENVf2OWZCgAAAQG7q3Ca7xnPRlOpxlAYAfVWYgAA2V5hLsUbgAEXAwMARXXob5MYCcvmeQLUlTRsCD5Me1SM3hQe8X\/HgcHMk2uI0LOPU2IcCIkNX9+C7LIGQhPSeM57X\/Qd94pvwqCsYv6NMr\/xuQ=="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":946739401924807,"flow_dst_last_pkt_time":946739401922171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739401924807,"pkt":"REREREREZmZmZmZmCABFAAB4N1lAAH4GvvgKAAABX9jlmatwAbtGU6nGmu8aIVAYAfUGmQAAFAMDAAEBFwMDAEUW+ynfPIUPgWsGIdUFpk0OwOAClb0Oq\/mIShKs292RBPHxvRC8jQty7TSrdGva8zXMNO4LmAoXO7IVucdmZqSgYyt9EQo="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402059475,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402059475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739402059475,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402059475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739402059475,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402059475,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402059475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739402059475,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739402059475,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402059475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739402059475,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402097803,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":946739402097803,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"} -01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739402059475,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402097803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739402097803,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739402059475,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402097803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":2904,"midstream":1,"thread_ts_usec":946739402097803,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"rdns.faelix.net","domainame":"rdns.faelix.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":946739402059475,"flow_dst_last_pkt_time":946739402097864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_usec":946739402097864,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":946739402101600,"flow_dst_last_pkt_time":946739402097864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739402101600,"pkt":"REREREREZmZmZmZmCABFAAB4MV5AAH4GE0wKAAABLuPINt7iAbvHEJGbu++oG1AYAfW4QAAAFAMDAAEBFwMDAEXKqSJC2lkh5G42SMH+kUqPJFSCLOrnY5qYiyyOSGxU019Z3g1+admSewNNt0yPEZJoMQ1+JpUFad+MGHQ3aW46rImbTFY="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":946739402101756,"flow_dst_last_pkt_time":946739402097864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739402101756,"pkt":"REREREREZmZmZmZmCABFAAB+MV9AAH4GE0UKAAABLuPINt7iAbvHEJHru++oG1AYAfW4RgAAFwMDAFHgR8CaAUsNqdt5xPfcdxXk\/ccwFxgxpSNMxvQytY9LevtkgxLHXMiQ60Vij3ZxU\/QEiR4Cl8Vf7C\/woRAEzI9Vk7xgbuIDVQT9L9Z9gXPTwyE="} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739603327563,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603327563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739603327563,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603327563,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739603327563,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739603327563,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603327563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739603327563,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739603327563,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603327563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739603327563,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603346755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_usec":946739603346755,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739603327563,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603346755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3014,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3014,"midstream":1,"thread_ts_usec":946739603346755,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739603327563,"flow_src_last_pkt_time":946739603327563,"flow_dst_last_pkt_time":946739603346755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3014,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3014,"midstream":1,"thread_ts_usec":946739603346755,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns10.quad9.net","domainame":"dns10.quad9.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":946739603374765,"flow_dst_last_pkt_time":946739603346755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739603374765,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":946739603374833,"flow_dst_last_pkt_time":946739603346755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739603374833,"pkt":"REREREREZmZmZmZmCABFAAB+XklAAKYGo2EKAAABCQkJCsqGAbs6mT1fwXrZJFAYAfXTPwAAFwMDAFGj4ZdVWENvHP7mlWww4fyc\/LCUwAcUVZSTOZOCuihsQZi0qxZIU3KBjmxt4UsdwiDNOUBuB692q78ru91BCfhzjqstzxoqRC1z\/lvOLOyurCE="} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":946739603374894,"flow_dst_last_pkt_time":946739603346755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946739603374894,"pkt":"REREREREZmZmZmZmCABFAADUXkpAAKYGowoKAAABCQkJCsqGAbs6mT21wXrZJFAYAfXTlQAAFwMDAKeCWd2l1u2Lq5nscCXqD9rzuIFbFEIFXZRDecLEcxbM7PSMCkfJA+iEkaf0cGjV8LczZrsob3nZH\/qH4fB6bL9ggwzZsJcQ\/vTsjE5m2W4ZKgiwKat7BKpY36LD\/9Afx1qnea6QcjD2EWkQhCPe1Soya4r1y5EkeNxIyteNSI\/VQNM0d8BDdw9EJlLgnh+Uvy7R4PE6D6LtYWxW+\/MgQt9Sj\/BpbZZ8ww=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739661512401,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661512401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739661512401,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661512401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":946739661512401,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739661512401,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661512401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739661512401,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739661512401,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661512401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739661512401,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 04758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661535299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_usec":946739661535299,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739661512401,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661535299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3114,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3114,"midstream":1,"thread_ts_usec":946739661535299,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.3","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739661512401,"flow_src_last_pkt_time":946739661512401,"flow_dst_last_pkt_time":946739661535299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3114,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":3114,"midstream":1,"thread_ts_usec":946739661535299,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh.dnslify.com","domainame":"doh.dnslify.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":946739661537491,"flow_dst_last_pkt_time":946739661535299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":946739661537491,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":946739661537611,"flow_dst_last_pkt_time":946739661535299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":946739661537611,"pkt":"REREREREZmZmZmZmCABFAAB+x6VAAK8GOCsKAAABuetRAa6gAbuz5lqUlG1MBVAYAfXMGQAAFwMDAFHO0jbbFd53\/ZuDXr7vmFxcqFu0J8Lh\/X61p5xsIdeiV0og3mV\/A6pcxScMeZBlAeEIH5hDkEBw1sCQ9Mi8V+\/F1osqkP5BLLW5Wz8JDl02L8Y="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":946739661537759,"flow_dst_last_pkt_time":946739661535299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":946739661537759,"pkt":"REREREREZmZmZmZmCABFAADTx6ZAAK8GN9UKAAABuetRAa6gAbuz5lrqlG1MBVAYAfXMbgAAFwMDAKbOQ7z0brbBFxgWZxwhW0QoxqthM\/YW2w0x8djZzSiWzVGpKLqzVQgkOT3HmOXxWdTl2fvHJh3N5G4mHK5ZWfcqKFlK\/fPDvKjV9wXy2wts7afxohUDvCcvWmA2n3Ej1Bu+ajruE2SeIFZ8sHHacL4bjLmiwm5VQ\/eEaQaQGwb91Bxh8GH0Jbyin88rP63FYAmiEMZR6fMeJDXgQHxpsypc8wZI+C21"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879619145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739879619145,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00921{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879619145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":946739879619145,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879619145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739879619145,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879619145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739879619145,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 03298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879647275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_usec":946739879647275,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} -01371{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879647275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2048,"midstream":1,"thread_ts_usec":946739879647275,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879647275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":2048,"midstream":1,"thread_ts_usec":946739879647275,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879647564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_usec":946739879647564,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="} -01704{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879647564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":3529,"midstream":1,"thread_ts_usec":946739879647564,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F","blocks":0}}} +01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":946739879619145,"flow_src_last_pkt_time":946739879619145,"flow_dst_last_pkt_time":946739879647564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":288,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2048,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":3529,"midstream":1,"thread_ts_usec":946739879647564,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jarjar.meganerd.nl","domainame":"jarjar.meganerd.nl","tls": {"version":"TLSv1.2","server_names":"jarjar.meganerd.nl","ja3s":"2464432ec440b95b36263230c3148d11","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F","blocks":0}}} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":946739879649898,"flow_dst_last_pkt_time":946739879647564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":946739879649898,"pkt":"REREREREZmZmZmZmCABFAACFcKhAAGQGIfoKAAAB0frxGYueAbsFpARIj2RGWVAYAfWESAAAFgMDACUQAAAhIDhgl\/pgcZzI6lO9kUAZaFzioUwXXdw7Ym0x6dU\/q10rFAMDAAEBFgMDACgAAAAAAAAAAOFPtsf5Zh\/ZpfjCXPcTMYNe90ERP2qdVmtu1keYta\/S"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":946739879649898,"flow_dst_last_pkt_time":946739879676025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":946739879676025,"pkt":"ZmZmZmZmRERERERECABFAABbIhRAADcGnbjR+vEZCgAAAQG7i56PZEZZBaQEpVAYAfVgFwAAFAMDAAEBFgMDACjtN4hu+Wj5TjjaWNwCyZ8ctKfP1eL5gPNYY2UtZk64saxD6JdGPhjz"} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":946739401864559,"flow_src_last_pkt_time":946739432023198,"flow_dst_last_pkt_time":946739402022609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":1019,"flow_dst_tot_l4_payload_len":5853,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -306,7 +306,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":12,"flow_first_seen":946739312203391,"flow_src_last_pkt_time":946739327879222,"flow_dst_last_pkt_time":946739327905353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":988,"flow_dst_tot_l4_payload_len":4128,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739374011190,"flow_src_last_pkt_time":946739404206695,"flow_dst_last_pkt_time":946739374206227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":3125,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":4506,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739304846437,"flow_src_last_pkt_time":946739327879513,"flow_dst_last_pkt_time":946739304972225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":3131,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":5025,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":577,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":309,"global_ts_usec":946739888204388} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":577,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":309,"global_ts_usec":946739888204388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 577/577 ~~ skipped flows.............: 0 @@ -315,9 +315,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995278 bytes -~~ total memory freed........: 7995278 bytes -~~ total allocations/frees...: 115449/115449 +~~ total memory allocated....: 8572937 bytes +~~ total memory freed........: 8572937 bytes +~~ total allocations/frees...: 127183/127183 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 4788 chars diff --git a/test/results/default/dnscrypt-v2.pcap.out b/test/results/default/dnscrypt-v2.pcap.out index 968cdbd1b..688a367ca 100644 --- a/test/results/default/dnscrypt-v2.pcap.out +++ b/test/results/default/dnscrypt-v2.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946760521313462} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946760521313462} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946760521313462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_usec":946760521313462,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":946760521327075,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"} @@ -15,7 +15,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605202862,"flow_src_last_pkt_time":946760605202862,"flow_dst_last_pkt_time":946760605216429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605285191,"flow_src_last_pkt_time":946760605285191,"flow_dst_last_pkt_time":946760605298451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946760605298451} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946760605298451} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912661 bytes -~~ total memory freed........: 6912661 bytes -~~ total allocations/frees...: 114168/114168 +~~ total memory allocated....: 7490257 bytes +~~ total memory freed........: 7490257 bytes +~~ total allocations/frees...: 125899/125899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 621 chars ~~ json message max len.......: 1999 chars diff --git a/test/results/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/default/dnscrypt_skype_false_positive.pcapng.out index 0771e8058..747657fc3 100644 --- a/test/results/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/default/dnscrypt_skype_false_positive.pcapng.out @@ -1,16 +1,16 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625015363846677} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625015363846677} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625015363846677,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625015363846677,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1625015363881095,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1625015363881095,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625020200938475} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625020200938475} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020200938475,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1625020200970253,"pkt":"YDjgxTWgeJS0JASgCABFAACMI\/pAADQRpqLUL+SIwKgCZAG7twoAeAlVcjZmbnZXajhLx65R\/8kXF75ne7erN1aKqAFT9tSdFNk+\/FY4BWykKt5VBHfuRsQIXEdAWbATnDkescRMFqApy\/x1xRRyQOqpZlSFj2MoC\/ojSMDHYB0u+03LWvVBM3MXLjO1DiMtdOl\/yGx2VrztXQ=="} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":352,"midstream":0,"thread_ts_usec":1625020200970253,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020500944370,"pkt":"eJS0JASgYDjgxTWgCABFcAIc0FIAALcRtUnAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD1a7lthGyhcXsTywP0kSgKzMOKxLpaXyj+9OZAFS8DY5Bm4L6EvzNq4lEGOPhLCjDamIIC0\/kBi+logo8aCs8Ykn1kcDSMHr5ohPkH5ojDFTDgfmwbydb9VkrPfnTo30VRoMTeB8FjhWHQEihOvRCilI3eOZjQ28Yfe1\/VN8xjLtW7ba4LSN2xCht1I09+EoUxpQ96D64sakFbj1gbWIfFC6mjxNpJkUYgFtEUrHrbQo6Yb4wDxxrHKxSGf5tYgGK8+4GML8fzlbAPa7o6RV3JY5yXNFJ3MnYVZDLyK7vZpuX+W0QdpvlOoXdQgu5V\/1vYCuIbYyjD1E\/aqH6T1VVYtREkaXUDd2\/HQM\/9A9d0RFNq36PferQRHvpzqWhRknav7p0NkGaOvxNr4arkI\/fXVJ5MfbPAbPxakCs4BQU\/13cQP6ZDmndNX77Vh4tfvSXHISUMO3wWRgJZ5OO3uCUlzoA70aywvlK9wHzLDRpXNBGmyqLOHKhuYIVjBo28jLGSH+k4Q\/m9sLX96Cn4Sy2hg4OVoKY8hV\/wDfOcc9a0g43ssuZX7WTWVwK498ezLekMjk8VjiXXgnBFdZzcotEoa4LInFCCX+jv6P33my\/Qi3ujnaRbTYXaA="} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020500975955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1536,"flow_dst_tot_l4_payload_len":592,"midstream":0,"thread_ts_usec":1625020500975955,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1625020500975955} +00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1625020500975955} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907825 bytes -~~ total memory freed........: 6907825 bytes -~~ total allocations/frees...: 114144/114144 +~~ total memory allocated....: 7485421 bytes +~~ total memory freed........: 7485421 bytes +~~ total allocations/frees...: 125875/125875 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 641 chars ~~ json message max len.......: 1235 chars diff --git a/test/results/default/doh.pcapng.out b/test/results/default/doh.pcapng.out index 88b023db6..7742f2b8c 100644 --- a/test/results/default/doh.pcapng.out +++ b/test/results/default/doh.pcapng.out @@ -1,16 +1,16 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623220847894289,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847894289,"pkt":"pJGxgjQ53KYyW3JVCABFAAAoGoZAAEAGW6PAqAH9AQEBAYycAbvJgv8C0IDGKVAQAfb7rwAAAAAAAAAA"} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1623220847903684,"pkt":"pJGxgjQ53KYyW3JVCABFAAEtGodAAEAGWp3AqAH9AQEBAYycAbvJgv8C0IDGKVAYAfbHEwAAFgMBAQABAAD8AwPoLOpgwE25psercF8dtgS9urXcGuIXWON7hv8MEOxxwCBmK04kA9gzmAQCdEKOzz6ZUSvZIzIKAJ4xNU24mlRHDQAmzKjMqcAvwDDAK8AswBPACcAUwAoAnACdAC8ANcASAAoTAxMBEwIBAACNAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIBKfRS3py5Rs1YQ6EAtEgG+yypeHCfHggy9eoe\/nh6Bu"} -01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847916856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847916856,"pkt":"3KYyW3JVpJGxgjQ5CABFAAAoTTlAADgGMPABAQEBwKgB\/QG7jJzQgMYpyYMAB1AQAEL8XgAAAAAAAAAA"} -01503{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01462{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02381{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931027 bytes -~~ total memory freed........: 6931027 bytes -~~ total allocations/frees...: 114269/114269 +~~ total memory allocated....: 7508623 bytes +~~ total memory freed........: 7508623 bytes +~~ total allocations/frees...: 126000/126000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2386 chars -~~ json message avg len.......: 1398 chars +~~ json message avg len.......: 1396 chars diff --git a/test/results/default/doq.pcapng.out b/test/results/default/doq.pcapng.out index 172ca89f2..82bcc4a86 100644 --- a/test/results/default/doq.pcapng.out +++ b/test/results/default/doq.pcapng.out @@ -1,8 +1,8 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1606056093199591} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1606056093199591} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1606056093199591,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="} -01414{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","quic": {"quic_version":"Draft-32","tls": {"version":"TLSv1.3","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","ja3s":"","ja4":"q00d0307do_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} +01373{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","quic": {"quic_version":"Draft-32","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0307do_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093201842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1606056093201842,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="} 01187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093201890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"thread_ts_usec":1606056093201890,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1606056093202274,"flow_dst_last_pkt_time":1606056093201890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":279,"pkt_l4_len":225,"thread_ts_usec":1606056093202274,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAOERQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEADhAPTg\/wAAIAi72eOch5MP7QhOL+O5iCYx+UBDpLbz6hVr3VQhQggh8jeSy4LrSByAKcA4h02NrSHlYfiZeIBfX4cUD4rj0whBaxqv8GZptq0Yh86VFZ7cihClGjSAiHi72eOch5MP7eD67j31tF9Ewc7\/cDWWW5sbKgeZ8Ni53gCKJC4UiBzoddfNqguK6L47A8v5MfBqkmPLLd375Ln\/BizbinX7j2Wb\/eMxuHFSq+9VI36g5fjgo4+MYm50K5k9Iro9bud9p1Ez1Q+5mh70eHrGquqOwXiz\/D6V"} @@ -16,7 +16,7 @@ 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1606056094761968,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_usec":1606056094761968,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRDyQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBDTi\/juYgmMflRQ+5iHRbV0PH6VAD4ThaqZ1CAONxwoz6WhjCyy3b7S1XIRkGal+nrRIME3nHuB4Ws4VB9TKvtbvdiy1ZVtUUE7G\/BOwkfFiH9M8cl"} 00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260178,"flow_src_last_pkt_time":1606056096363710,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":846,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":11,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093202473,"flow_dst_last_pkt_time":1606056096363686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1606056096363710} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1606056096363710} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920736 bytes -~~ total memory freed........: 6920736 bytes -~~ total allocations/frees...: 114190/114190 +~~ total memory allocated....: 7498332 bytes +~~ total memory freed........: 7498332 bytes +~~ total allocations/frees...: 125921/125921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/doq_adguard.pcapng.out b/test/results/default/doq_adguard.pcapng.out index 736aeae3a..a9cc62aa5 100644 --- a/test/results/default/doq_adguard.pcapng.out +++ b/test/results/default/doq_adguard.pcapng.out @@ -1,15 +1,15 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1608278425043144} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1608278425043144} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425043144,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com","domainame":"dns.adguard.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","ja4":"q13d0309do_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com","domainame":"dns.adguard.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309do_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425079621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1608278425079621,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="} 02190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425079621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425084825,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425122822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1608278425122822,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbQAAD8RO05ejA4OwKgMqQMQoG4E7CdXyf8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRABAlUp76TjgEqdop5UKSI\/F6C7Gd9+z58rAvv5K3VJcoj\/wbKGCvwUk7hAIZQkwS0eQW8volAE\/nQLfPF\/ox4Fu54Iz80wj9fAhhK9DPh9I3m5cX1kBTgklYoQzHtAgZePSyxHP6hihn0FPt1BzVGGJcnUShw4Fy27vLE7qS\/7U+ePnY21jz69vyKuwXZuTiiipLJ8YK+0o6f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qREQSNEAdToqwkUBeCPSTrtq1i+\/poFtGCmte08vfTNyuyRI2BuDSMLi4bKO8pdcS2OC7T2X+MCJiync2qglwLaK\/ZU6bCtCK6b7VW919zbwzxcwIxzakqRvR\/mHdyX39t6PkLoaGvK0X2vbjcfBtb8h9mxy2cMiCG7\/xmTssSfThjiW\/NA9r+eiSMaDW26lOxC0Myi2DyzhDaTuSGSXZwR3CdWz\/ehHzTlDnGfh\/fqCFNYcS3v3UJiv+Cd0NLG44Vb9GGFrsZAF0TFEPoReaDJEc8E0xrNED0dRphUxIr\/DqFgN88iZ7j379UNmsHXy+9mWkitLF30R2ORqsURlznCsncam1RRgTWr4gcq9w4PNs52tqYlXDTCw4di7UTg\/DXRKcsZbsYlRVAfuycbyKPF0+Crf95FQRqiDvujNGcSTFX0VUkcz4Fa3pVHkQZTqBaaJldHmG75IwR2jDpJHz0f8U25KfeMiidTlxNhhm4ZqtGvKIQ4l+F6Qgx3jz+Qgf4yWjkIytmooZaorzphY\/a1kd6q15yS9OAMFDlQGdC5w9pE5P54RHRZK\/rZQvTXChmSf0vHRtYR3c1oFoJT5F8p2MZU6xhBjIUVysia54dwyFSZwbXqhUTXJrPSmDnqDfgBnK15jat6fjDPn9EWVvi7jaxG881+aOZ0xxnx8yaRNN3cCXPRxuMVSBmS7R7uoMquwsmmUOS3HlBY98FG9pd\/pxl6D9GixGNYBEezKcsx34lBBN0+GU4QtQleLTJjzhkmdkqnu\/8ysyuk3AuGjDDpL4t9TZcSgmggtEeEIAD2uQ2Zs4+WrO+VF5RxXbNWqozAUKDXdWU4IhvJksaRt8LtCWMK+Q00gsZwn3bWnNtabhQ1da83CeC15FJEtCDSDfxhmRH8vWgIrJbPgN8gB44r7wKu16DvYGW8aqf7zmsckEnkXbn9FLsfs6ALLsVL2msz6xtzgVn74SrIXydDwMfx1fXsW5dM2nkOLSCiM7YyFahko2kEAUPa6aTOfHxZLl9R7YCHnpAfkDCw04yVocKSaV5Pw7dDALMPZTFdRwdAqoyp3JhcsW4wUVqsp0PTozIQzKE7JAcqGlvFfwXzZ7er6uAZdx36hfYDgYoKAl7S301UkQuX9mm323V1dh5OybrgeBmnlr+MoKe0Mw9PiTuvSS8+Q3jyvTGx5OnutvIwmCJZ3KlkUzAfZXELr6zCDgD5WkbH12NIA\/4Eve+66VJmSimGr\/rnpAwbN5efr8WSYM7kHl8\/tHLa\/St+DGu3hHqjLCX57P6yvpn13zBn38N5nhVh4BtxHTcXl9nJ40h9Fo7xe0oRT+d04279tPg1uhRPq+kJCTbSuAl9GMdjJxVxoxsuu0aJpaqKEm+d\/QnaM4+TSccA=="} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425122888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1608278425122888,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbUAAD8RO01ejA4OwKgMqQMQoG4E7Ejn6\/8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRETGDa1HS+zF6UxQoqcWPtvaZD0M5D8vOuuwT1lT22BsNzW7UeqT3G1yaqqeziGQS9CbrgeN2LYCFWePpTXrCGMIZRaKZ4Dzl\/ylxVo1sZoKf5iJ77RobOd4uOVr4v1fzVtZK7SSnw2TNr9+YJLUw8RzWrFl1R5\/LuSFg\/4LBpdELaercn4cag8\/wfjYg5esjxgyw3\/DI39x6fJiEeLfYiMTQhdl4S1DvT1bf4On1cZ5Pve8aL9ZNSUV6pjz8exU6v+yozsTMJ2gReNqSJxiLOZA7Chr1rP372EcxwZOJfjuB3dtVyhjEVmDDR0MFakaOiW2TopUKwSO6tanORLdiScMWtoVB9EEXWrRqu7AHeUwMqJpJaM2sTYg9vj5V8V49eB01MwBWnW3RvuELSAA\/rr0tFC5kN8x80Q6hkUR9WERSgsSZyq2fWg2XEVb6wgyhQj7yJd8o1FbiW9te0lPExFduactwU4ZdCzzWwIfFwRTxEDa1WjbFyzhWvrV\/L8AnXhR\/fz+ImBVLIzbVNVFQzjIpkvT0AiSLhI\/Q3u+VRc1QDRm\/KyZFemkvcqHRqTa1EzbDy\/8E8zwa4LPWD4qxNxc86\/+Z2tRmJf7XxMZKQFOo0p\/mtsuZYDLoqPpnbMk+WCZqUAKJw5ylbvHbPXC16P9bvC6+EtzBwnKuIepTSqo3Idks2KPcjL1GocIhx65JvpwFw49ItI8ZlGPLwUdd\/nv1HyD8d1Q0CYp\/9+4zHKOO4YHyAjhX5MzgfB2TYJ+1KbY6eG8U+KMm575akz5nzlxw26myucQvSCqFwJ7xEC8AIJrnjWDoPOQR60myqM33dqPGKrP6kE0cAk+afxU3b\/vK+rfZEV\/Py90klu2hWkGl5in5MPx0bsWnQ0F7CXctdd02NLCht2yp7ll4ETNeFn3XM6mhON3pCvy498D54qI4zen22mbk\/WqVm3E8+JTyfl\/CzxZ4qyEDlpfxf7GEaVhJ7rqcius2EygkgEVV4xY2XRuUR766UoZs8qWnepQKnzhy\/9amls+aw28xFV3aYpewQpsypFwiv7Z7bDx+nQsJYuuS1kaashnFzhaXmhKUkxgorWYVnMEjKkzb\/IUGbuhdZstKP7O9fF7e6KKBxNLLfRS0lfTf+XipzVaJcbDwmAd2AluLDPZofxNzCj5cPuXES3Heazc8O8YpvXof3ytzfQk5x+KqUqi\/+Rxe9T3HFewik8RMi8MrjOjdYIZ51+0tdEPKmEFbsQMTFbcW172ZavX5jdgrAuD4MwmJ6wgKGaYwWwNRXhzRCSVvtIsCGrk+txykp4tvV75By2Kor6l0z9qnIl7gBOVIiHasEepsdO4OiB\/RH8LGAnt03cK3PZFqYhm2MSA6+sCm3NKMl7pHROc0Syuyaw8\/S9pn8cSw1kIUOxu0CAy6MKzrQ3zeUd8YrXWJeJn9B45tmf6F\/IZwdW6kr8sz3gshgpqCh64vBnmFxQNepWuT\/rvLhTewMp7+YSfmgGvgJk0VlvONZkv9khFJAToEnRePOuBnhUhkWLAJGxHNu\/tfIpyWrL0N3ERF4a3\/HS+2EuavJ219sPDpGBPIVfa4k5r2z4Wkv1gAWxeE7KYlcVSwrhvZRtvOqoTh68InjRMQA=="} 02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278427520204,"flow_dst_last_pkt_time":1608278427556259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":3388,"flow_dst_tot_l4_payload_len":9887,"midstream":0,"thread_ts_usec":1608278427556259,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":160973.4,"max":1885270,"stddev":453072.4,"var":205274628096.0,"ent":2.4,"data": [36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270]},"pktlen": {"min":59,"avg":442.8,"max":1280,"stddev":522.9,"var":273444.5,"ent":4.1,"data": [1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69]},"bins": {"c_to_s": [4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1],"entropies": [7.847249508,6.664321423,7.854867935,7.829421520,7.845530033,7.828608036,5.784439087,5.698686600,6.822151661,5.751563549,7.848925114,7.841618061,7.849283695,7.840007782,7.166291237,5.550272942,5.778533459,5.825033665,5.698887825,7.230185032,6.684528351,6.026679039,5.577555180,5.650410652,7.431746960,5.496964455,5.706285954,5.435783863,6.043458462,6.076747894,6.093711376,5.553960800]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":132,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278463119538,"flow_dst_last_pkt_time":1608278462796456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":10308,"flow_dst_tot_l4_payload_len":21705,"midstream":0,"thread_ts_usec":1608278463119538,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":296,"packets-processed":296,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1608278463119538} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":296,"packets-processed":296,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1608278463119538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 296/296 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6926267 bytes -~~ total memory freed........: 6926267 bytes -~~ total allocations/frees...: 114454/114454 +~~ total memory allocated....: 7503863 bytes +~~ total memory freed........: 7503863 bytes +~~ total allocations/frees...: 126185/126185 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 623 chars ~~ json message max len.......: 2235 chars diff --git a/test/results/default/dos_win98_smb_netbeui.pcap.out b/test/results/default/dos_win98_smb_netbeui.pcap.out index c588adfd7..6d4df0d57 100644 --- a/test/results/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/default/dos_win98_smb_netbeui.pcap.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576409796586005} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1576409796586005} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586005,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005} 00386{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586078,"packet_id":2,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078} @@ -43,7 +43,7 @@ 00545{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1576409802083383,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1576409807597015,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"} -01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98","domainame":"mdjr98"}} +00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409807597015,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409807597015,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98","domainame":"mdjr98"}} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811132208,"packet_id":43,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811132208} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1576409807597015,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409811517809,"packet_id":44,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_usec":1576409811517809} @@ -89,13 +89,13 @@ 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409859030361,"packet_id":79,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_usec":1576409859030361} 00516{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_usec":1576409851581302,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1576409861597261,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} -01135{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":555,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409861597261,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409861597261,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":555,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409861597261,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1576409867606753,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1576409867606753,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJwAAAIARsjXAqO+BwKjv\/wCKAIoA0Qj3EQIAEsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1576409871610878,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1576409871610878,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNKAAAAIARsU3AqO+BwKjv\/wCKAIoAuRxAEQIAFMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409897749849,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}} 01009{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409805843525,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409897749849,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}} -01138{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409908392441,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409908392441,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} +01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409908392441,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409908392441,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409925058018,"packet_id":212,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925058018} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409925057831,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409925661877,"packet_id":213,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409925661877} @@ -106,8 +106,8 @@ 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576409798047534,"flow_src_last_pkt_time":1576409798047534,"flow_dst_last_pkt_time":1576409798047534,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409928060524,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"mdjr98"}} -01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":220,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1576409931837438} +01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"mdjr98"}} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":220,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1576409931837438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 220/62 ~~ skipped flows.............: 0 @@ -116,10 +116,10 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916467 bytes -~~ total memory freed........: 6916467 bytes -~~ total allocations/frees...: 114229/114229 +~~ total memory allocated....: 7494063 bytes +~~ total memory freed........: 7494063 bytes +~~ total allocations/frees...: 125960/125960 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 311 chars ~~ json message max len.......: 2220 chars -~~ json message avg len.......: 1256 chars +~~ json message avg len.......: 1255 chars diff --git a/test/results/default/dotenv.pcap.out b/test/results/default/dotenv.pcap.out index f5a25e756..ad2c808d2 100644 --- a/test/results/default/dotenv.pcap.out +++ b/test/results/default/dotenv.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712149625108862} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712149625108862} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625108862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712149625108862,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625108862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1712149625108862,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAG0iDAqALGWR9MCsh\/AFDEMiwGAAAAALAC\/\/+OxwAAAgQFtAEDAwYBAQgKah4cdgAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625154117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712149625154117,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAADIG4CRZH0wKwKgCxgBQyH9vZPz5xDIsB6AScSDzUAAAAgQFrAQCCAooNaa9ah4cdgEDAwc="} @@ -9,7 +9,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712149625197601,"pkt":"mAGnpQyTBBjWBrNaCABFAAA0Wj9AADIGhe1ZH0wKwKgCxgBQyH9vZPz6xDIsWYAQAOORyAAAAQEICig1psdqHhyk"} 01468{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625197647,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"sevenpitaly.com","domainame":"sevenpitaly.com","http": {"url":"sevenpitaly.com\/.env","code":406,"content_type":"application\/octet-stream","user_agent":"curl\/8.4.0"}}} 01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625232341,"flow_dst_last_pkt_time":1712149625232158,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625232341,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"sevenpitaly.com"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1712149625232341} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1712149625232341} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908077 bytes -~~ total memory freed........: 6908077 bytes -~~ total allocations/frees...: 114155/114155 +~~ total memory allocated....: 7485689 bytes +~~ total memory freed........: 7485689 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1473 chars diff --git a/test/results/default/drda_db2.pcap.out b/test/results/default/drda_db2.pcap.out index a5b3ecf3a..b5b6d86f4 100644 --- a/test/results/default/drda_db2.pcap.out +++ b/test/results/default/drda_db2.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1175543772220609} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1175543772220609} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1175543772220609,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772220609,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772221098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772221098,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} @@ -9,7 +9,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1175543772338468,"flow_dst_last_pkt_time":1175543772338790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1175543772338790,"pkt":"AFBWwAABAAwpfMZqCABFAAAoelNAAEAGaqrAqGqAwKhqAcNQEu\/9XlZICrRoYFAQGSCj5gAA"} 02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543792690997,"flow_dst_last_pkt_time":1175543792523346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2071,"flow_dst_tot_l4_payload_len":2488,"midstream":0,"thread_ts_usec":1175543792690997,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":489,"avg":1315262.1,"max":17986057,"stddev":4366159.0,"var":19063346561024.0,"ent":1.8,"data": [489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439]},"pktlen": {"min":40,"avg":183.0,"max":703,"stddev":190.6,"var":36335.2,"ent":4.3,"data": [48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.443420410,4.743162632,4.731687069,5.602320194,4.712815285,5.534297943,5.451408386,4.643942833,5.407389164,4.731687069,5.469695568,4.712814808,4.427623272,4.828757286,5.028375626,4.781687260,5.564469814,5.097215652,4.705523014,4.912525654,4.828757286,5.049652100,5.369750977,4.250173569,4.773659706,5.041621685,4.681686878,5.027119160,4.343546391,4.828757286,5.070929050,4.615311623]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543810683631,"flow_dst_last_pkt_time":1175543810683601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2081,"flow_dst_tot_l4_payload_len":2542,"midstream":0,"thread_ts_usec":1175543810683631,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1175543810683631} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1175543810683631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910788 bytes -~~ total memory freed........: 6910788 bytes -~~ total allocations/frees...: 114177/114177 +~~ total memory allocated....: 7488384 bytes +~~ total memory freed........: 7488384 bytes +~~ total allocations/frees...: 125908/125908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2213 chars diff --git a/test/results/default/dropbox.pcap.out b/test/results/default/dropbox.pcap.out index 34f8fa56e..fbc22f5f1 100644 --- a/test/results/default/dropbox.pcap.out +++ b/test/results/default/dropbox.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455907271481938} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1455907271481938} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1455907271481938,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -32,7 +32,7 @@ 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907275896569,"flow_dst_last_pkt_time":1455907275902611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1455907275902611,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1319,"avg":116856.3,"max":131359,"stddev":22365.2,"var":500202464.0,"ent":4.9,"data": [1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537]},"pktlen": {"min":46,"avg":87.2,"max":129,"stddev":38.5,"var":1485.3,"ent":4.9,"data": [125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]},"bins": {"c_to_s": [0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1455907275958608,"flow_dst_last_pkt_time":1455907275835251,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1455907275958608,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7FHgAAIARNEPAqDgBwKg4ZcSPRFwAZyUVQgOAaDrbckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE2IEVFVCAyMDE2In0="} 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907277661201,"flow_dst_last_pkt_time":1455907277663998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1561,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1455907277663998,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5091,"avg":127214.4,"max":172321,"stddev":26264.3,"var":689812928.0,"ent":4.9,"data": [5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564]},"pktlen": {"min":45,"avg":87.1,"max":129,"stddev":38.6,"var":1487.1,"ent":4.9,"data": [127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51]},"bins": {"c_to_s": [0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":801,"packets-processed":800,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1459182796665502} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":801,"packets-processed":800,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1459182796665502} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1459182796665502,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"} 01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","proto_id":"5.121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"client.dropbox.com","domainame":"client.dropbox.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -93,7 +93,7 @@ 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673445,"flow_dst_last_pkt_time":1459182817566407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673445,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":837,"packets-processed":836,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1535391465534592} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":837,"packets-processed":836,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1535391465534592} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_usec":1535391465534592,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -129,7 +129,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391525545240,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170134,"flow_src_last_pkt_time":1535391682514087,"flow_dst_last_pkt_time":1535391651170134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":163,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":489,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535228,"flow_src_last_pkt_time":1535391525545589,"flow_dst_last_pkt_time":1535391465535228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":848,"packets-processed":848,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":11,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1535391682514087} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":848,"packets-processed":848,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":11,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1535391682514087} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 848/848 ~~ skipped flows.............: 0 @@ -138,9 +138,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6965497 bytes -~~ total memory freed........: 6965497 bytes -~~ total allocations/frees...: 115138/115138 +~~ total memory allocated....: 7543093 bytes +~~ total memory freed........: 7543093 bytes +~~ total allocations/frees...: 126869/126869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2231 chars diff --git a/test/results/default/dtls.pcap.out b/test/results/default/dtls.pcap.out index e5a6b0003..1874eee37 100644 --- a/test/results/default/dtls.pcap.out +++ b/test/results/default/dtls.pcap.out @@ -1,11 +1,11 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1545143424891780} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1545143424891780} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} -01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} -01472{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1709402982954913} +01431{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1709402982954913} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1709402982954913,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1709402982954913} 00670{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":282,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_usec":1545143424891780,"pkt":"AAAAAAAAAAECAAD6gQBsq4EAYAoIAEVoAQSIAgAAQBHZsAp0CDkK7vozCGgIaADwFLgw\/wDgDiwdx0UAAOCbbkAAQBECYgq\/4w2d8BCA05INlgDMnSUW\/v8AAAAAAAAAAAC3AQAAqwAAAAAAAACr\/v3TX4DX\/2Tw+fR5prCNPlqT6Mx2Z76XU2pTu0obfv2RmwAAACDMqcyozKrAK8AvAJ7ACsAUADnACcATADMAnAA1AC8A\/wEAAGEACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAAA4ABQACAAEAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYC"} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1709402983129998,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1709402983129998} @@ -14,18 +14,18 @@ 00669{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":282,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_usec":1545143424891780,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEVoAQRgdgAAOxEGPQru+jMKdAg5CGgIaADwAAAw\/wDgfqoMiUUcAOASNEAAORGSgJ3wEIAKv+MNDZbTkgDMnCUW\/v8AAAAAAAAAAQC3AQAAqwAAAAAAAACr\/v3TX4DX\/2Tw+fR5prCNPlqT6Mx2Z76XU2pTu0obfv2RmwAAACDMqcyozKrAK8AvAJ7ACsAUADnACcATADMAnAA1AC8A\/wEAAGEACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAAA4ABQACAAEAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYC"} 00292{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1709402983154949,"packet_id":6,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1709402983154949} 00427{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":101,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_usec":1545143424891780,"pkt":"AAAAAAAAAAECAAD6gQBsq4EAYAoIAEVoAE+KggAAQBHX5Qp0CDkK7vozCGgIaAA7FiIw\/wArDiwdx0UAACube0AAQBEDCgq\/4w2d8BCA05INlgAXX1kV\/v8AAAAAAAAAAgACAgo="} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1715267278678898} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1715267278678898} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278678898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"thread_ts_usec":1715267278678898,"pkt":"AAAAAAAAAAAAAAAACABFAAImCsxAAEARL\/l\/AAABfwAAAaAXK2cCEgAmFv79AAAAAAAAAAAB\/QEAAfEAAAAAAAAB8f79znoqN\/EoajbE0TuzZEbImtaxHP\/wmWHLlwiemzKi0n0AAAA2EwETAhMDwCzAK8AwwC8AnwCezKnMqMyqwCfAI8AowCTACsAJwBTAEwBrAGcAOQAzzBTME8wVAQABkQAtAAMCAAEAKwADAv78AA0AHAAaBgMFAwQDCAYICwgFCAoIBAgJBgEFAQQBAwEACgAMAAoAGQAYABcAFQEAABYAAAAzAUsBSQAXAEEEFoRmwsae0kYSDd9U8ZH4sD1xSXUDkDoe1Nmons14JvZWuN9jwuehgR\/SPE3bp1\/Ar5ynjKa9Htuuyl1wfMuKfgEAAQC4dQqS0DjMwOdydz\/gty3VCQtk6mc\/KZ3tGlM3MTF1q94yWKAXMQdXzdqxDlFBXsdhEkF15bfa+Yi\/o9gYMleVnP40PS0IeW\/IXujZrOeeFBoWBoXBcdJiJsOs\/NetRbvBw2uCHThKyNvdZTbhQ7MA8fMVp9QAXuviWZhLGQlHFvdAhqMNs117LgJpBPZBUFZ8YJsIlZaZ8Rd1XVh8m9nOdCUYiu8Sc8f9gmu1pizOPWXJXEJI1aTmu9qoT5Wdr9Hbx9EZY5gBs4dH7STBRN9+vltvLtLf6AvVfZJ7jKK2ortNPmuljsvEjDr+prerNV1EgYG0tHeSIPbe7lC+mxtY"} -01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278678898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"320d2222212f652e923c3458b463c5b4","ja3s":"","ja4":"dd2d270600_991e33d7eb74_10f9deb96590","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"DTLSv1.3","blocks":0}}} +01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278678898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278678898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d270600_991e33d7eb74_10f9deb96590","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"DTLSv1.3","blocks":0}}} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278679133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1715267278679133,"pkt":"AAAAAAAAAAAAAAAACABFAACsCs1AAEARMXJ\/AAABfwAAAStnoBcAmP6rFv79AAAAAAAAAAAAgwIAAHcAAAAAAAAAd\/79zyGtdOWaYRG+HYwCHmW4kcKiERZ6u4xeB54J4sioM5wAEwEAAE8AKwAC\/vwALABFAEMgAQNQjmlidPJnsEnNfbvCAEep15vg\/bm8rz0QJChtH1gTAc0LIRaWIAJ\/ZuPu7QQFDvOjMd8egGpRrOMEz9pfEJbz"} -01424{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278679133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":144,"midstream":0,"thread_ts_usec":1715267278679133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.3","ja3":"320d2222212f652e923c3458b463c5b4","ja3s":"ecfd4f82776364c3015565f97e8c3897","ja4":"dd2d270600_991e33d7eb74_10f9deb96590","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"DTLSv1.3","blocks":0}}} +01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278678898,"flow_dst_last_pkt_time":1715267278679133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":522,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":144,"midstream":0,"thread_ts_usec":1715267278679133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.3","ja3s":"ecfd4f82776364c3015565f97e8c3897","ja4":"dd2d270600_991e33d7eb74_10f9deb96590","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"DTLSv1.3","blocks":0}}} 01313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1715267278679274,"flow_dst_last_pkt_time":1715267278679133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1715267278679274,"pkt":"AAAAAAAAAAAAAAAACABFAAJvCs5AAEARL65\/AAABfwAAAaAXK2cCWwBvFv79AAAAAAAAAAECRgEAAjoAAQAAAAACOv79znoqN\/EoajbE0TuzZEbImtaxHP\/wmWHLlwiemzKi0n0AAAA2EwETAhMDwCzAK8AwwC8AnwCezKnMqMyqwCfAI8AowCTACsAJwBTAEwBrAGcAOQAzzBTME8wVAQAB2gArAAMC\/vwALABFAEMgAQNQjmlidPJnsEnNfbvCAEep15vg\/bm8rz0QJChtH1gTAc0LIRaWIAJ\/ZuPu7QQFDvOjMd8egGpRrOMEz9pfEJbzAC0AAwIAAQANABwAGgYDBQMEAwgGCAsIBQgKCAQICQYBBQEEAQMBAAoADAAKABkAGAAXABUBAAAWAAAAMwFLAUkAFwBBBBaEZsLGntJGEg3fVPGR+LA9cUl1A5A6HtTZqJ7NeCb2VrjfY8LnoYEf0jxN26dfwK+cp4ymvR7brspdcHzLin4BAAEAuHUKktA4zMDncnc\/4Lct1QkLZOpnPymd7RpTNzExdaveMligFzEHV83asQ5RQV7HYRJBdeW32vmIv6PYGDJXlZz+ND0tCHlvyF7o2aznnhQaFgaFwXHSYibDrPzXrUW7wcNrgh04Ssjb3WU24UOzAPHzFafUAF7r4lmYSxkJRxb3QIajDbNdey4CaQT2QVBWfGCbCJWWmfEXdV1YfJvZznQlGIrvEnPH\/YJrtaYszj1lyVxCSNWk5rvaqE+Vna\/R28fRGWOYAbOHR+0kwUTffr5bby7S3+gL1X2Se4yitqK7TT5rpY7LxIw6\/qa3qzVdRIGBtLR3kiD23u5QvpsbWA=="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1715267278679274,"flow_dst_last_pkt_time":1715267278680672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1715267278680672,"pkt":"AAAAAAAAAAAAAAAACABFAACsCs9AAEARMXB\/AAABfwAAAStnoBcAmP6rFv79AAAAAAAAAAEAgwIAAHcAAQAAAAAAd\/79W3NfTtGSRkcdR\/eYePstLhOolRANhinYw6xuKmbKlEsAEwEAAE8AMwBFABcAQQSwq8\/TMHT8mlZcQPBd87xUIl8XGf+VoGGSXaqys\/pYp6fjrzg4E1DE9RVemhYx1SEfQ1PireIxXDhVzPf40cGGACsAAv78"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1715267278679274,"flow_dst_last_pkt_time":1715267278682070,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1715267278682070,"pkt":"AAAAAAAAAAAAAAAACABFAABACtBAAEARMdt\/AAABfwAAAStnoBcALP4\/LgiBAB8nnxlPMXJq4owcIMi60RTH7aY5NMHJW01cWZirNmOm"} 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":11,"flow_first_seen":1715267278678898,"flow_src_last_pkt_time":1715267278694728,"flow_dst_last_pkt_time":1715267278694701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1383,"flow_src_tot_l4_payload_len":2893,"flow_dst_tot_l4_payload_len":3518,"midstream":0,"thread_ts_usec":1715267278694728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40983,"dst_port":11111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01310{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715267278694728,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1715267278694728} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1715267278694728} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/20 ~~ skipped flows.............: 0 @@ -34,10 +34,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910684 bytes -~~ total memory freed........: 6910684 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7488280 bytes +~~ total memory freed........: 7488280 bytes +~~ total allocations/frees...: 125905/125905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 297 chars -~~ json message max len.......: 1477 chars -~~ json message avg len.......: 887 chars +~~ json message max len.......: 1436 chars +~~ json message avg len.......: 866 chars diff --git a/test/results/default/dtls2.pcap.out b/test/results/default/dtls2.pcap.out index 4858e105d..2e01e6b88 100644 --- a/test/results/default/dtls2.pcap.out +++ b/test/results/default/dtls2.pcap.out @@ -1,12 +1,12 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507911659748597} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507911659748597} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1507911659748597,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","ja4":"dd1d080000_f3b6e48d6e2b_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3s":"","ja4":"dd1d080000_f3b6e48d6e2b_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659964622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1507911659964622,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1507911659975796,"flow_dst_last_pkt_time":1507911659964622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"thread_ts_usec":1507911659975796,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="} 01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1507911659975796,"flow_dst_last_pkt_time":1507911660332250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"thread_ts_usec":1507911660332250,"pkt":"AAAAjZtQSEb7zh73CABFAANVIjBAAHIRjULUINYnPURumfARzzUDQdzuFv7\/AAAAAAAAAAEAMgIAACYAAQAAAAAAJv7\/QPrINelLG7enELoywMmLfG2olv7VWJxKvMqptASfoUAAADUAFv7\/AAAAAAAAAAIC1AsAAsgAAgAAAAACyAACxQACwjCCAr4wggGmAgkA3\/IIOdDHPtUwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEBhMCVVMwHhcNMTQwOTEyMjEzMTE5WhcNMzcwMjE1MjEzMTE5WjA1MQswCQYDVQQGEwJVUzEmMCQGA1UEAwwdKi5yZWxheS5yb3Mucm9ja3N0YXJnYW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbKLr0+0\/DzZUkhdQPAIUSf6vOnkd3vz7LMzwfaRy4xYymZYxZ\/q5Ed6EaW6JqCZ\/oLLe25NsTXHmZDJ9bcDe9YOclIL+6LY6GeN4pfa6Hz+jx2zbKLHveils\/9ARmlq7hem2J4bSrsrAmxBAUMu5I64ihzl5jm9DYyKyUFW51pWgePj0eF8P9dMIaB69GlwcMK1R94D2eXFYtOo55DIY4k+tZnErrkNmE6s9MT8hstIKuhDP9Q4XPojoGCcUNCKm6tzoPU2WN3aKCtbekibukMkhDb6jPcXz5o9twDMuJ3vVS\/f9U54Gdx5927EWXG44Ptt7M7QKZ1DQXEVYwHoBAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGsDUuhvkBDEsohQGctVpkQYC+VB2RYrWcOG\/BuAnJAchnyGe0vUHkNpCOa1W7QJTxyQmEZgVIJXyBvl2SlD8vRwY8YZYq5ScMlHbwx6IOdYiakctDm6\/hphAz0AMeZ9ER6pMQ1b0SbrLR4SfATQmDBiycNsSO9IQH\/tWD+h7XnpYN3d6I\/deTbmPTX+BS4Ni+JKX\/\/0TDJl1LB3dzdPXVthq9rivdIMTX6GB4FfVrCPzwTueYvVVKiMK1NeQNIsIbiOhX5\/j2p5slNKg8\/0rIFgR1N+GWp975Q9KJiE\/k45+fuMu2uWIiauD7DpNeE9cFNSPZZkeJxPz8ZTFCj+\/Y4W\/v8AAAAAAAAAAwAMDgAAAAADAAAAAAAA"} -01652{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659975796,"flow_dst_last_pkt_time":1507911660332250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":885,"midstream":0,"thread_ts_usec":1507911660332250,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","ja4":"dd1d080000_f3b6e48d6e2b_e3b0c44298fc","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C","blocks":0}}} +01611{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659975796,"flow_dst_last_pkt_time":1507911660332250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":885,"midstream":0,"thread_ts_usec":1507911660332250,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3s":"749bd1edea60396ffaa65213b7971718","ja4":"dd1d080000_f3b6e48d6e2b_e3b0c44298fc","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C","blocks":0}}} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507911660353093,"flow_dst_last_pkt_time":1507911660332250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_usec":1507911660353093,"pkt":"AAAAjZtQSEb7zh73CABFAAE3XSMAAD8Rx209RG6Z1CDWJ8818BEBI325Fv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEAoPXajyskrpyHTkXbJ8FmL57PBfY\/1TaYT0bzW3Kr\/EpwtXdjHcT+pbN8fPukJ\/mC77+vYOpZWDwhv6Nx\/DWp4Jvn+yqgQnC64Z\/WXIsAN1uH\/RV8WJNBQO\/19cBEfleSZaqoNGsu62Istna8HtfGBMBOW62\/qT4k\/3jE7EIn98BOINebIKb+ueGO2MzhHcT6EOkstFNcsc5W14JWO6dIoA0xAoGASDLKiRftqqbK+uNDPzk7xqyION59r88L7bnvJSephUmgMk9aDR6JDm0Euq5IRA2K\/nrTo7X4CfxJ3dHmr2zBkzimXJBaPSUeHK+7lDt96ihQtzG744bK2Rmtmg=="} 01314{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911706647553,"flow_dst_last_pkt_time":1507911706863110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":1393,"midstream":0,"thread_ts_usec":1507911706863110,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911800410582,"flow_dst_last_pkt_time":1507911803740945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1222,"flow_dst_tot_l4_payload_len":1656,"midstream":0,"thread_ts_usec":1507911803740945,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -14,7 +14,7 @@ 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911920885639,"flow_dst_last_pkt_time":1507911921101187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":1919,"midstream":0,"thread_ts_usec":1507911921101187,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":15,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911981436327,"flow_dst_last_pkt_time":1507911981652443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1996,"midstream":0,"thread_ts_usec":1507911981652443,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01314{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507912041681166,"flow_dst_last_pkt_time":1507912041896833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1658,"flow_dst_tot_l4_payload_len":2073,"midstream":0,"thread_ts_usec":1507912041896833,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1507912041896833} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1507912041896833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -23,10 +23,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908600 bytes -~~ total memory freed........: 6908600 bytes -~~ total allocations/frees...: 114172/114172 +~~ total memory allocated....: 7486196 bytes +~~ total memory freed........: 7486196 bytes +~~ total allocations/frees...: 125903/125903 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 596 chars -~~ json message max len.......: 1657 chars -~~ json message avg len.......: 1125 chars +~~ json message max len.......: 1633 chars +~~ json message avg len.......: 1113 chars diff --git a/test/results/default/dtls_certificate.pcapng.out b/test/results/default/dtls_certificate.pcapng.out index cced7d9e4..0593e5085 100644 --- a/test/results/default/dtls_certificate.pcapng.out +++ b/test/results/default/dtls_certificate.pcapng.out @@ -1,10 +1,10 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645461580895085} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645461580895085} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1645461580895085,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="} -01562{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","tls": {"version":"DTLSv1.2","notafter":"2019-02-27 00:00:00","ja3":"","ja3s":"953c1507994f72697446de4eff6e300b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com","fingerprint":"D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39","blocks":0}}} +01520{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","tls": {"version":"DTLSv1.2","ja3s":"953c1507994f72697446de4eff6e300b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com","fingerprint":"D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39","blocks":0}}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1645461580895085} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1645461580895085} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909911 bytes -~~ total memory freed........: 6909911 bytes -~~ total allocations/frees...: 114142/114142 +~~ total memory allocated....: 7487507 bytes +~~ total memory freed........: 7487507 bytes +~~ total allocations/frees...: 125873/125873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 628 chars ~~ json message max len.......: 2481 chars diff --git a/test/results/default/dtls_certificate_fragments.pcap.out b/test/results/default/dtls_certificate_fragments.pcap.out index 7408b9129..886c14278 100644 --- a/test/results/default/dtls_certificate_fragments.pcap.out +++ b/test/results/default/dtls_certificate_fragments.pcap.out @@ -1,28 +1,28 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1556606275726225} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1556606275726225} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_usec":1556606275726225,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} -01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","ja4":"dd2d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275848420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1556606275848420,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"} 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606275848420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_usec":1556606275913729,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} 02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAWg4VdAAD4RJS4j0juGCrrGla2bmbMFjGwmFv7\/AAAAAAAAAAEAQgIAADYAAQAAAAAANv7\/exvJyLXWPruOHL5MK7Y1JsnEAS0AtJ+iPSn4YJ2mNsIAADUAAA7\/AQABAAAjAAAADwABARb+\/wAAAAAAAAACBSgLAAYLAAIAAAAABRwABggABgUwggYBMIID6aADAgECAgIBDjANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQTAeFw0xOTA0MjUwOTU4MDZaFw0xOTA1MjUwOTU4MDZaMHcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQ0wCwYDVQQHEwRPc2xvMRswGQYDVQQKExJPcGVyYSBTb2Z0d2FyZSBBU0ExEjAQBgNVBAsTCU9wZXJhIE1heDEZMBcGA1UEAxQQKi5vcGVyYS1taW5pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORPM+HvV9uX\/YNDU1hkJZQiq9CpOzjLL+wmzk\/mxknC\/lzt7\/2Qg3qbyuKW5iBy3JZxaPO52oDwxIsilmeOkz4Mh8DnHyTx32hID++IiL649AXqYsGsHk8LI47iaUM6ub1Eu8MRDgFfIdgDsB\/iOYBVS6hhS44QgmBZ3WVRQHREe6jWyQtKDKooXtnRMU29d8xdLHTrujs0FtnJ437d+DiadyE+snuairyQNNrpLSNIZ\/pq6ewzal4u0NNe\/WlSiQTKqZBXXAL88GeYHTv+6w0xcxAqMiJvKS7otsvURb+7AhEr9BfD5cpFwVxi+SZQILibozwuzFJXx+cIypgIV2UCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMCsGCWCGSAGG+EIBDQQeFhxPcGVyYSBNYXggU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBToCRx51cxkoksSq+PH5Da9dPhtITCBvwYDVR0jBIG3MIG0gBSyo8s55dkAqfYHaJNGmRcwX2DgzKGBkKSBjTCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQYIJAM0pJwGa9KPrMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAtBgNVHREEJjAkghAqLnNhbXN1bmdtYXguY29tghAqLm9wZXJhLW1pbmkubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAsxMazt97mPzh89ugKFn+gchqN+8gwc\/qgCr24OgrCxlbcAuboN9GwNVyzEBLp8xf5X2uUbpzhUkNw8Da3gcOG9WRU6jbrD1WcRY6JvO0Mmn7tYOByaat2bf6co4aeqoorQ4XfH4XhjO0fNkhSxSnFd+YB1aTRfYQRZ9pIyqogmNC9mJGTFtFs6cJjs1UFLJ2Xs6n5RJMSgKdDdAS6NIKDCnhLmY29DHpiEqG4lF3or6tz0shqbW58O48+6Ff2qWryOZnPPF65AmJhRVUGil0HqRIZ9cej0+Pf1mpRxVU7o1XhXNWwazwIl8+tAnIOdpr7DJtkDNmXYyRKwOo6aEAWQeceETyNh3LwIE2unnIZhLc="} -01536{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"dd2d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01495{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"dd2d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="} -01920{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1749,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","server_names":"*.samsungmax.com,*.opera-mini.net","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"dd2d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","subjectDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","fingerprint":"2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0","blocks":0}}} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591661831005800} +01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1749,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","server_names":"*.samsungmax.com,*.opera-mini.net","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"dd2d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","subjectDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","fingerprint":"2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0","blocks":0}}} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591661831005800} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831005800,"pkt":"KICiDkMyVIygpBIpCABFAAC3TLlAAEARa4zAqAEaaJlXlapKw1EAo42PFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="} -01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831064972,"pkt":"KICiDkMyVIygpBIpCABFAAC3TL1AAEARa4jAqAEaaJlXlapKw1EAo4yPFv7\/AAAAAAAAAAEAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="} -01495{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831064972,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01454{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831064972,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093520,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"thread_ts_usec":1591661831093520,"pkt":"VIygpBIpKICiDkMyCABFAAUcfqFAADQRQT9omVeVwKgBGsNRqkoFCLIJFv79AAAAAAAAAAAATgIAAEIAAAAAAAAAQv79KEo6Os88E+V+ibSm8PDWfFXbIaOs00k\/ShIhA5ukiXMAwC8AABr\/AQABAAALAAQDAAECACMAAAAOAAUAAgABABb+\/QAAAAAAAAABAJgLAAawAAEAAAAAAIwABq0ABqowggamMIIFjqADAgECAhBM4VepsIXhu6DlNg3oFQysMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZRb+\/QAAAAAAAAACAPMLAAawAAEAAIwAAOdkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTIwMDMyNjAwMDAwMFoXDTIyMDYyODAwMDAwMFowFzEVMBMGA1UEAwwMKi5kaXNjb3JkLmdnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLDiaoesd4c+J\/Bksim5Rb8WUNj0DF9Ken7wt4eZTFDCWRcncn+2RQRV8Dwyuak7t\/Zoi26rXfSKyfy1qvOwlrOLi45ubC1DPctmamJX2dxVjgYW\/v0AAAAAAAAAAwDzCwAGsAABAAFzAADnLTEdqfcdsRU88wXAqYTv\/u6WKiHPnClEj+8Yi\/CArz7pbkNg8I6lzKVFCfwZJyYSRlpbfbGZqsaz0wMqKnIY8RzEm4L\/SKKDdnsgrKfAAbvatG6dkK9jfA0fk3nPALkfoo3o8kMpopjYxMNyHI6YovRhvwiO2mfthp\/ylICeB29Z1d6Ija02npoQWJkozfXFa1+w9Ipl4zU8Sy7unjOqcUksckLyFiwU6d9184UCAwEAAaOCA3MwggNvMB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb+ZsF4bgBjWHhMB0GA1UdDgQWBBQLFv79AAAAAAAAAAQA8wsABrAAAQACWgAA57mlDgRff53Jn4Q6SGrsSjGIzk0wDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYRb+\/QAAAAAAAAAFAPMLAAawAAEAA0EAAOd0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAjBgNVHREEHDAaggwqLmRpc2NvcmQuZ2eCCmRpc2NvcmQuZ2cwggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABcRkQbNAAAAQDAEcwRQIgercUsgx1qkATwvfrd3Quq3eaYQaqQ6gZS\/5W3YqZIZICIQDF31\/9HYjjWFtKP2pDhVvABn9lSeA="} -01437{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1591661831093520,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"201fdaa63db9a086f36651aa4cfd0819","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1591661831093520,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"201fdaa63db9a086f36651aa4cfd0819","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 02174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1591661831093656,"pkt":"VIygpBIpKICiDkMyCABFAATbfqJAADQRQX9omVeVwKgBGsNRqkoExy4IFv79AAAAAAAAAAYA8wsABrAAAQAEKAAA58h9uzNZbntMYktZAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMAAAFxGRBsmwAABAMARzBFAiApWTBZxdLT79S6Ig+uB892YqmmtBmV7ZOnMeoealK6IAIhAPUQVbJDdFaeI9lV0tAczBoraqHK\/BN8x6q+AGulqXqYAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFxGRBs6wAABAMARzBFAiAqTzH2Y+XFIb61QZLjCkTUxrQH7bjlHVCt1FMeFj2UOgIhANyKvnrM7ePwxrOAfBb+\/QAAAAAAAAAHAPMLAAawAAEABQ8AAOdAVrKBtkEYdXvvFGsCIes8eUPzOwB3AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABcRkQbHMAAAQDAEgwRgIhALMuylmf9X4NNnd3tnj0UTiiOK77ome\/tJWiO6J\/xw7bAiEA9bJDisGifcUTSdKScOBVqbaMAha\/FtR5PLI4mPJIbD0wDQYJKoZIhvcNAQELBQADggEBADaqoR+PnHxIbvP7Yq0nzl+bPpsfH\/m7NT6gclOCdjAf1haV7LC5oec\/mRflUwtx0ZjvXG6fcIOPNYfGB1sw9MHD3Wpbz5cW\/v0AAAAAAAAACADGCwAGsAABAAX2AAC6QTKk+edRhm6U7KIBeiyhIbVWLWhM0hil89+m8fOs8O2MzzZMqm2cyqmYYjG05ge5\/tzwIcR6NJo35dqIpK9FkcmIEZEpiSS9\/sCQItmRbLhjcRwoh55uO86kHB2ocBjcqFKF1aQ4NvBkRA8auPxHrEkgtWt8EGgUQ8pka16C7gZ\/zQYED7aP+YBL7EZ7UJgYNX3Nif3A4NM+E6d5G2e3ulyH\/eOIBsfkTPejvFBHYb0sqgqee7+qrBskFv79AAAAAAAAAAkAIAwAAUkAAgAAAAAAFAMAF0EEAAbNSbm\/C1RtcfhJE4FHFv79AAAAAAAAAAoA8wwAAUkAAgAAFAAA59o8IIbxEQCQOWPi1PZJF8Ekdjl8ShZo3qUHj84iN9GGDd+REE7oULkv91A5+YkfxwIEAQEAZBfczqFmnATcvEeZHjHma4NmgkFs\/ep1DiawUrAIovjw7bm5V9i1zZeeUDiJpIrArx93QAsW6kvfdkC75m+soOhuBjCtlNUyQT5+ZeL6z+x4Lk59wAOqsRqs915lKyvTQqd2P8nll30L8yeKMJOka+95GhoTkWeyaSmn1HPjVVIRaWrRa2Oe6+63FOT12Pd6ojoCwAf4Vo6QsRc8T81WxIZt2TCUa5MOo4UrKI5GKI8p2hb+\/QAAAAAAAAALAFoMAAFJAAIAAPsAAE6kTiJ6\/PYGa0FWf7cll8FaD7KrL9rUeAVrmWus9FF9b\/oJPWe1xvj1l2pEM6RpniiG\/Ak4p1K3saH2n+St0lphIbqigXdk2gm3uk9kf64W\/v0AAAAAAAAADAAyDQAAJgADAAAAAAAmAwECQAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAAAW\/v0AAAAAAAAADQAMDgAAAAAEAAAAAAAA"} -01727{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":2495,"midstream":0,"thread_ts_usec":1591661831093656,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","tls": {"version":"DTLSv1.2","server_names":"*.discord.gg,discord.gg","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"201fdaa63db9a086f36651aa4cfd0819","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.discord.gg","fingerprint":"0C:A2:45:E6:4A:06:B0:31:C6:BF:B6:C5:1B:AE:A0:A3:8E:41:B2:3C","blocks":0}}} +01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":2495,"midstream":0,"thread_ts_usec":1591661831093656,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","tls": {"version":"DTLSv1.2","server_names":"*.discord.gg,discord.gg","ja3s":"201fdaa63db9a086f36651aa4cfd0819","ja4":"dd2d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.discord.gg","fingerprint":"0C:A2:45:E6:4A:06:B0:31:C6:BF:B6:C5:1B:AE:A0:A3:8E:41:B2:3C","blocks":0}}} 01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":621,"pkt_l4_len":587,"thread_ts_usec":1591661831094429,"pkt":"KICiDkMyVIygpBIpCABFAAJfTMFAAEARadzAqAEaaJlXlapKw1ECSz2PFv79AAAAAAAAAAIBLAsAASAAAQAAAAABIAABHQABGjCCARYwgb2gAwIBAgIJANEC+9dk9FU0MAoGCCqGSM49BAMCMBExDzANBgNVBAMMBldlYlJUQzAeFw0yMDA2MDgwMDE3MTBaFw0yMDA3MDkwMDE3MTBaMBExDzANBgNVBAMMBldlYlJUQzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMN4B8BcSIB8vft5RRQLAR85m\/tKuX7g5T1IYw7Hm7qhkyBdZX4OnwIFwDEfSDt3hvNzM2wWRdpiSZ6iGF90YtUwCgYIKoZIzj0EAwIDSAAwRQIgYiBJQW7KDUuAi3M9L3zwhEDpAL9q4DirUrayN1dURyMCIQD5bYw+Zs558BwlQadzNvlnhksxNHUTMmtsQ591HUXbABb+\/QAAAAAAAAADAE4QAABCAAIAAAAAAEJBBMZcbp+gpTP\/98W2Gp\/agbTEoqgz1y6bqmJbklIBPupi+fq8SYEjO9Y9JmSaRonmMNJqXH7zBblXPkmNr6nWxPMW\/v0AAAAAAAAABABXDwAASwADAAAAAABLBAMARzBFAiEAi1u+G3KaGQXoX1KGtvuQeozvmzHFR9Ra5exkC1MSZpoCIFTAFKcDyN3bpdNt1LWIF31bDpEkYEvrDTEBZbETusOEFP79AAAAAAAAAAUAAQEW\/v0AAQAAAAAAAAAwAAEAAAAAAACBA9i\/5ZXnRtf9Ph0HrY+iWRLDuMWOD5PqKOYsPS6F0szsv0blWRNP"} 01253{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831138018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":889,"flow_dst_tot_l4_payload_len":3074,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606278645792,"flow_dst_last_pkt_time":1556606276558755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":374,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":2162,"flow_dst_tot_l4_payload_len":2976,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1591661831138018} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1591661831138018} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917472 bytes -~~ total memory freed........: 6917472 bytes -~~ total allocations/frees...: 114191/114191 +~~ total memory allocated....: 7495068 bytes +~~ total memory freed........: 7495068 bytes +~~ total allocations/frees...: 125922/125922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 598 chars ~~ json message max len.......: 2433 chars diff --git a/test/results/default/dtls_mid_sessions.pcapng.out b/test/results/default/dtls_mid_sessions.pcapng.out index bea419593..c876a0d98 100644 --- a/test/results/default/dtls_mid_sessions.pcapng.out +++ b/test/results/default/dtls_mid_sessions.pcapng.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251732783352} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251732783352} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1644251732783352,"pkt":"AAAAAAAAAAUAH77DCABFAAB5TfQAAHkRcBI11u5Bx7qXm9E2AbsAZQC2FwEAAAEAAAAA1BUAUFbLHE7KkMRUAMa+BCcg\/DTD4cWbj4CR\/ou6\/eEj1qcEoJjrsJeHH7KwZMNGTwAG1rS\/\/iatJdFhJzn0FDJ0hSfdwvHN8cKVzNzbvFPCN5Gy"} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -28,7 +28,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819831,"flow_src_last_pkt_time":1644251733371724,"flow_dst_last_pkt_time":1644251733286733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":15606,"flow_dst_tot_l4_payload_len":1540,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859305,"flow_src_last_pkt_time":1644251736135259,"flow_dst_last_pkt_time":1644251736133006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":791,"flow_src_tot_l4_payload_len":5737,"flow_dst_tot_l4_payload_len":3089,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1644251736135259} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1644251736135259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 91/91 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917392 bytes -~~ total memory freed........: 6917392 bytes -~~ total allocations/frees...: 114261/114261 +~~ total memory allocated....: 7494988 bytes +~~ total memory freed........: 7494988 bytes +~~ total allocations/frees...: 125992/125992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 629 chars ~~ json message max len.......: 2504 chars diff --git a/test/results/default/dtls_old_version.pcapng.out b/test/results/default/dtls_old_version.pcapng.out index 8703bf5af..0abe0ea14 100644 --- a/test/results/default/dtls_old_version.pcapng.out +++ b/test/results/default/dtls_old_version.pcapng.out @@ -1,5 +1,5 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388130600596} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388130600596} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388130600596,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OTwAAH8Ri0ElvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"} 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -11,7 +11,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388133613774,"flow_dst_last_pkt_time":1592388133698009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1592388133698009,"pkt":"AAAAAAAAAAYArvxgCABFAABM9VcAAPIRXFhGQgaAJbwEcwG73IUAOKixFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFJQvJfDCZcKI8kzWgOcHI1Oo1d90"} 01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1592388137817410} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1592388137817410} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907891 bytes -~~ total memory freed........: 6907891 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7485487 bytes +~~ total memory freed........: 7485487 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 1206 chars diff --git a/test/results/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/default/dtls_session_id_and_coockie_both.pcap.out index e4c2acb33..2c6607ce8 100644 --- a/test/results/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/default/dtls_session_id_and_coockie_both.pcap.out @@ -1,14 +1,14 @@ -00637{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388499775130} +00637{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388499775130} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388499775130,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"} -01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","ja4":"dd2d010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499786468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1592388499786468,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499786468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1592388499813030,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1592388499833900,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="} -01444{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","ja4":"dd2d010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3s":"a1d48eca741e476d8ee735578a26bdbd","ja4":"dd2d010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388499833900} +00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388499833900} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907766 bytes -~~ total memory freed........: 6907766 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7485362 bytes +~~ total memory freed........: 7485362 bytes +~~ total allocations/frees...: 125874/125874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 605 chars -~~ json message max len.......: 1449 chars -~~ json message avg len.......: 1020 chars +~~ json message max len.......: 1408 chars +~~ json message avg len.......: 1000 chars diff --git a/test/results/default/edonkey.pcap.out b/test/results/default/edonkey.pcap.out index d7f28b4e9..f134f7332 100644 --- a/test/results/default/edonkey.pcap.out +++ b/test/results/default/edonkey.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019012259,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019012259,"pkt":"AAAAAAAAAAAAAAAACABFAAAwFXFAAHQGF7PJD7Hjh8DW8AbaHX\/iBcO2AAAAAHAC\/\/\/feQAAAgQFoAEBBAI="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019016300,"pkt":"AAAAAAAAAAAAAAAACABFAAAwOUtAAH0G6tiHwNbwyQ+x4x1\/BtrTGFiF4gXDt3AS\/\/+ztgAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019107420,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1256627019112512,"pkt":"AAAAAAAAAAAAAAAACABFAACsOWpAAH0G6j2HwNbwyQ+x4x1\/BtrTGFiG4gXEM1AY\/4OcSAAA438AAABMOjVEqDEOKB1R7VGC9M9v1Ixx9M9\/HQgAAAACAQABFQBbQ0hOXVtWZXJ5Q0RdeW91cm5hbWUDAQARPAAAAAMBAPmJHYkdAwEA+htCEzQDAQD+tAEAAAMBAPsAwAAAAgEAVQ0AVmVyeUNEIDA5MDMwNAMBAO4M6YkU1D\/OI5IQ"} 01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":11,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627076408213,"flow_dst_last_pkt_time":1256627076408912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":248,"flow_dst_tot_l4_payload_len":792,"midstream":0,"thread_ts_usec":1256627076408912,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910179 bytes -~~ total memory freed........: 6910179 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7487775 bytes +~~ total memory freed........: 7487775 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1097 chars diff --git a/test/results/default/egd.pcapng.out b/test/results/default/egd.pcapng.out index 466e3041d..64bbb4bcb 100644 --- a/test/results/default/egd.pcapng.out +++ b/test/results/default/egd.pcapng.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646935234258730} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646935234258730} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646935234258730,"flow_src_last_pkt_time":1646935234258730,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646935234258730,"l3_proto":"ip4","src_ip":"192.168.8.77","dst_ip":"192.168.8.169","src_port":18246,"dst_port":18246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646935234258730,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1646935234258730,"pkt":"EHtERZCfCAAZAMkDCABFAABXq1AAAEARPP\/AqAhNwKgIqUdGR0YAQ2A8DQHU8MCoCE17AAAAvop+OACBGywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646935234258730,"flow_src_last_pkt_time":1646935234258730,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646935234258730,"l3_proto":"ip4","src_ip":"192.168.8.77","dst_ip":"192.168.8.169","src_port":18246,"dst_port":18246,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetGlobalData","proto_id":"149","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -8,7 +8,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1646935237259037,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1646935237259037,"pkt":"EHtERZCfCAAZAMkDCABFAABXq70AAEARPJLAqAhNwKgIqUdGR0YAQ1o8DQHX8MCoCE17AAAAwYp+OACBGywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1646935238258970,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1646935238258970,"pkt":"EHtERZCfCAAZAMkDCABFAABXq94AAEARPHHAqAhNwKgIqUdGR0YAQ1g8DQHY8MCoCE17AAAAwop+OACBGywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646935234258730,"flow_src_last_pkt_time":1646935238258970,"flow_dst_last_pkt_time":1646935234258730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646935238258970,"l3_proto":"ip4","src_ip":"192.168.8.77","dst_ip":"192.168.8.169","src_port":18246,"dst_port":18246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetGlobalData","proto_id":"149","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1646935238258970} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/egd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1646935238258970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907758 bytes -~~ total memory freed........: 6907758 bytes -~~ total allocations/frees...: 114142/114142 +~~ total memory allocated....: 7485354 bytes +~~ total memory freed........: 7485354 bytes +~~ total allocations/frees...: 125873/125873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 986 chars diff --git a/test/results/default/elasticsearch.pcap.out b/test/results/default/elasticsearch.pcap.out index b5d31f686..fa0a381e9 100644 --- a/test/results/default/elasticsearch.pcap.out +++ b/test/results/default/elasticsearch.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666258196034202} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666258196034202} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196034202,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196034202,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA816FAAD4G6yisEBFmrBAQa51aJFSXRuFEAAAAAKAC9QBC8wAAAgQjAAQCCAqEzLnHAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196036761,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA8AABAAEAGwMqsEBBrrBARZiRUnVr59pHXl0bhRaAS9KzUfwAAAgQjAAQCCApHXJuLhMy5xwEDAwc="} @@ -27,7 +27,7 @@ 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1666258220448291,"pkt":"+hY+\/yO1ABY+v3lWCABFAAC9EplAAEAGrbCsEBBrrBARZiRUnWpT5e7d+a0KsYAYAeTSJwAAAQEICkdc+ueEzRkjRVMAAACDAAAAAAAAAHsBAGu7SwAAAHIBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":37,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1666258921758874} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":37,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1666258921758874} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196256706,"flow_dst_last_pkt_time":1666258196229737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":414,"midstream":0,"thread_ts_usec":1666258923619099,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259164268444,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1666259164268444,"pkt":"ABY+soAn+hY+\/yO1CABFAAHarfFAAD4GEzysEBFmrBAQarucJFRoIUIXoUah\/oAYAebLKwAAAQEIClAEIdUYdep8RVMAAAGgAAAAAAAADI8AAGu7SwAAADAAAAEGeC1wYWNrJWluZGljZXM6ZGF0YS9yZWFkL3NlYXJjaFtwaGFzZS9xdWVyeV0WNUtpa2xFY3ZRRC01UnVUVjVIbXNlUQAAAAAAAE7GCS5raWJhbmFfMRY5YW1TRnUtMlJWbUQ3aDFUaDMwOTJBAAEBAAEAAgAAAAAAAAAAAQRib29sP4AAAAABE3NpbXBsZV9xdWVyeV9zdHJpbmc\/gAAAAAEwAAAAASp1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbi5zdGF0dXM\/gAAA\/\/\/\/\/wAAAAAAAAABADIBAAABBGJvb2w\/gAAAAAAAAQRib29sP4AAAAABBHRlcm0\/gAAAAAR0eXBlFSN1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbgEGZXhpc3RzP4AAAAAJbmFtZXNwYWNlAAABAAABAQExAQAAABQAAAAAAAACAQAAAAAAAX\/\/\/\/8AAAA\/gAAAv7ikpr8wAgABAAABBy5raWJhbmEDAgQFAQA="} @@ -41,7 +41,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258212491705,"flow_dst_last_pkt_time":1666258212486464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2955,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1666259173881713} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1666259173881713} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6937664 bytes -~~ total memory freed........: 6937664 bytes -~~ total allocations/frees...: 114260/114260 +~~ total memory allocated....: 7515260 bytes +~~ total memory freed........: 7515260 bytes +~~ total allocations/frees...: 125991/125991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2903 chars diff --git a/test/results/default/elf.pcap.out b/test/results/default/elf.pcap.out index ffcf3db8f..1b2290d5a 100644 --- a/test/results/default/elf.pcap.out +++ b/test/results/default/elf.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712420115772907} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712420115772907} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772907,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16384,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420115772907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 11800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712420115772907,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":16426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":16426,"pkt_l4_len":16392,"thread_ts_usec":1712420115772907,"pkt":"AAAAAAAAAAAAAAAACABFAEActA1AAEARSMF\/AAABfwAAAer2gjVACD4cf0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAoB8AAAAAAABAAAAAAAAAALhxAAAAAAAAAAAAAEAAOAANAEAAHgAdAAYAAAAEAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAA2AIAAAAAAADYAgAAAAAAAAgAAAAAAAAAAwAAAAQAAAAYAwAAAAAAABgDAAAAAAAAGAMAAAAAAAAcAAAAAAAAABwAAAAAAAAAAQAAAAAAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAEAAAAFAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAoTIAAAAAAAChMgAAAAAAAAAQAAAAAAAAAQAAAAQAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAAAABQEgAAAAAAAFASAAAAAAAAABAAAAAAAAABAAAABgAAAIBsAAAAAAAAgHwAAAAAAACAfAAAAAAAAJQDAAAAAAAAqAMAAAAAAAAAEAAAAAAAAAIAAAAGAAAAkGwAAAAAAACQfAAAAAAAAJB8AAAAAAAA8AEAAAAAAADwAQAAAAAAAAgAAAAAAAAABAAAAAQAAAA4AwAAAAAAADgDAAAAAAAAOAMAAAAAAAAwAAAAAAAAADAAAAAAAAAACAAAAAAAAAAEAAAABAAAAGgDAAAAAAAAaAMAAAAAAABoAwAAAAAAAEQAAAAAAAAARAAAAAAAAAAEAAAAAAAAAFPldGQEAAAAOAMAAAAAAAA4AwAAAAAAADgDAAAAAAAAMAAAAAAAAAAwAAAAAAAAAAgAAAAAAAAAUOV0ZAQAAABkXgAAAAAAAGReAAAAAAAAZF4AAAAAAACUAAAAAAAAAJQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAAgGwAAAAAAACAfAAAAAAAAIB8AAAAAAAAgAMAAAAAAACAAwAAAAAAAAEAAAAAAAAAL2xpYjY0L2xkLWxpbnV4LXg4Ni02NC5zby4yAAAAAAAEAAAAIAAAAAUAAABHTlUAAgAAwAQAAAADAAAAAAAAAAKAAMAEAAAAAQAAAAAAAAAEAAAAFAAAAAMAAABHTlUA0uju2W4DwzSiBB87d5L+o7nU\/UgEAAAAEAAAAAEAAABHTlUAAAAAAAMAAAACAAAAAAAAAAAAAAACAAAALwAAAAEAAAAGAAAAAACBAAAAAAAvAAAAAAAAANFlzm0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQEAABIAAAAAAAAAAAAAAAAAAAAAAAAApQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAPwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAagAAABIAAAAAAAAAAAAAAAAAAAAAAAAASAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHwIAACAAAAAAAAAAAAAAAAAAAAAAAAAACAEAABEAAAAAAAAAAAAAAAAAAAAAAAAADwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAjwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAfAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAewAAABIAAAAAAAAAAAAAAAAAAAAAAAAAeAEAABIAAAAAAAAAAAAAAAAAAAAAAAAALwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAwwAAABIAAAAAAAAAAAAAAAAAAAAAAAAApAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA7wAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAQAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAggAAABIAAAAAAAAAAAAAAAAAAAAAAAAA6AAAABIAAAAAAAAAAAAAAAAAAAAAAAAAuwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAqwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAKgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOwIAACAAAAAAAAAAAAAAAAAAAAAAAAAAUAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAUQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAYwAAABIAAAAAAAAAAAAAAAAAAAAAAAAARQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAWAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAmgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA0QEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAaAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAiAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAIgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAEAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAygEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHAEAABIAAAAAAAAAAAAAAAAAAAAAAAAASgIAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhwEAABEAAAAAAAAAAAAAAAAAAAAAAAAA9wAAABIAAAAAAAAAAAAAAAAAAAAAAAAA2gAAABIAAAAAAAAAAAAAAAAAAAAAAAAAFQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAAQAAACIAAAAAAAAAAAAAAAAAAAAAAAAAAF9fY3hhX2ZpbmFsaXplAF9fbGliY19zdGFydF9tYWluAF9fY3hhX2F0ZXhpdABkY2dldHRleHQAZXJyb3IAYWJvcnQAbmxfbGFuZ2luZm8AZmlsZW5vAF9fZnJlYWRpbmcAZmZsdXNoAF9fZXJybm9fbG9jYXRpb24AZmNsb3NlAGxzZWVrAGZzZWVrbwBfX2ZwZW5kaW5nAHNldGxvY2FsZQBzdHJsZW4Ac3RyY21wAF9fc3RhY2tfY2hrX2ZhaWwAX19jdHlwZV9nZXRfbWJfY3VyX21heABfX2N0eXBlX2JfbG9jAG1lbWNtcABtYnJ0b3djAGlzd3ByaW50AG1ic2luaXQAc3Rkb3V0AF9leGl0AHN0ZGVycgBfX2ZwcmludGZfY2hrAGZwdXRjX3VubG9ja2VkAGdldGVudgBzdHJyY2hyAHN0cm5jbXAAcHJvZ3JhbV9pbnZvY2F0aW9uX25hbWUAX19wcm9nbmFtZV9mdWxsAGJpbmR0ZXh0ZG9tYWluAHByb2dyYW1faW52b2NhdGlvbl9zaG9ydF9uYW1lAF9fcHJvZ25hbWUAX19vdmVyZmxvdwBmcHV0c191bmxvY2tlZABmd3JpdGUAX19wcmludGZfY2hrAGxpYmMuc28uNgBHTElCQ18yLjMAR0xJQkNfMi4zLjQAR0xJQkNfMi40AEdMSUJDXzIuMzQAR0xJQkNfMi4yLjUAX0lUTV9kZXJlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fZ21vbl9zdGFydF9fAF9JVE1fcmVnaXN0ZXJUTUNsb25lVGFibGUAAAACAAIAAwACAAIAAgABAAIAAgACAAIAAgACAAIAAgACAAQAAgACAAIAAgACAAIAAgACAAEAAgACAAIAAgACAAIABQACAAIAAgACAAIAAgAFAAEAAgACAAIABgACAAIAAAAAAAEABQDeAQAAEAAAAAAAAAATaWkNAAAGAOgBAAAQAAAAdBlpCQAABQDyAQAAEAAAABRpaQ0AAAQA\/gEAABAAAAC0kZYGAAADAAgCAAAQAAAAdRppCQAAAgATAgAAAAAAAIB8AAAAAAAACAAAAAAAAACAIAAAAAAAAIh8AAAAAAAACAAAAAAAAABAIAAAAAAAAAiAAAAAAAAACAAAAAAAAAAIgAAAAAAAALh\/AAAAAAAABgAAAAMAAAAAAAAAAAAAAMB\/AAAAAAAABgAAAAcAAAAAAAAAAAAAAMh\/AAAAAAAABgAAAAgAAAAAAAAAAAAAANB\/AAAAAAAABgAAABoAAAAAAAAAAAAAANh\/AAAAAAAABgAAABsAAAAAAAAAAAAAAOB\/AAAAAAAABgAAACkAAAAAAAAAAAAAAOh\/AAAAAAAABgAAACsAAAAAAAAAAAAAAPB\/AAAAAAAABgAAAC8AAAAAAAAAAAAAAPh\/AAAAAAAABgAAAC4AAAAAAAAAAAAAAJh+AAAAAAAABwAAAAEAAAAAAAAAAAAAAKB+AAAAAAAABwAAAAQAAAAAAAAAAAAAAKh+AAAAAAAABwAAAAUAAAAAAAAAAAAAALB+AAAAAAAABwAAAAYAAAAAAAAAAAAAALh+AAAAAAAABwAAAAkAAAAAAAAAAAAAAMB+AAAAAAAABwAAAAoAAAAAAAAAAAAAAMh+AAAAAAAABwAAAAsAAAAAAAAAAAAAANB+AAAAAAAABwAAAAwAAAAAAAAAAAAAANh+AAAAAAAABwAAAA0AAAAAAAAAAAAAAOB+AAAAAAAABwAAAA4AAAAAAAAAAAAAAOh+AAAAAAAABwAAAA8AAAAAAAAAAAAAAPB+AAAAAAAABwAAABAAAAAAAAAAAAAAAPh+AAAAAAAABwAAABEAAAAAAAAAAAAAAAB\/AAAAAAAABwAAABIAAAAAAAAAAAAAAAh\/AAAAAAAABwAAABMAAAAAAAAAAAAAABB\/AAAAAAAABwAAABQAAAAAAAAAAAAAABh\/AAAAAAAABwAAABUAAAAAAAAAAAAAACB\/AAAAAAAABwAAABYAAAAAAAAAAAAAACh\/AAAAAAAABwAAABcAAAAAAAAAAAAAADB\/AAAAAAAABwAAABgAAAAAAAAAAAAAADh\/AAAAAAAABwAAABkAAAAAAAAAAAAAAEB\/AAAAAAAABwAAABwAAAAAAAAAAAAAAEh\/AAAAAAAABwAAAB0AAAAAAAAAAAAAAFB\/AAAAAAAABwAAAB4AAAAAAAAAAAAAAFh\/AAAAAAAABwAAAB8AAAAAAAAAAAAAAGB\/AAAAAAAABwAAACAAAAAAAAAAAAAAAGh\/AAAAAAAABwAAACEAAAAAAAAAAAAAAHB\/AAAAAAAABwAAACIAAAAAAAAAAAAAAHh\/AAAAAAAABwAAACQAAAAAAAAAAAAAAIB\/AAAAAAAABwAAACUAAAAAAAAAAAAAAIh\/AAAAAAAABwAAACYAAAAAAAAAAAAAAJB\/AAAAAAAABwAAACcAAAAAAAAAAAAAAJh\/AAAAAAAABwAAACgAAAAAAAAAAAAAAKB\/AAAAAAAABwAAACoAAAAAAAAAAAAAAKh\/AAAAAAAABwAAACwAAAAAAAAAAAAAALB\/AAAAAAAABwAAAC0AAAAAAAAAAAAAAPMPHvpIg+wISIsFwW8AAEiFwHQC\/9BIg8QIwwAAAAAA\/zVibgAA\/yVkbgAADx9AAPMPHvpoAAAAAOni\/\/\/\/ZpDzDx76aAEAAADp0v\/\/\/2aQ8w8e+mgCAAAA6cL\/\/\/9mkPMPHvpoAwAAAOmy\/\/\/\/ZpDzDx76aAQAAADpov\/\/\/2aQ8w8e+mgFAAAA6ZL\/\/\/9mkPMPHvpoBgAAAOmC\/\/\/\/ZpDzDx76aAcAAADpcv\/\/\/2aQ8w8e+mgIAAAA6WL\/\/\/9mkPMPHvpoCQAAAOlS\/\/\/\/ZpDzDx76aAoAAADpQv\/\/\/2aQ8w8e+mgLAAAA6TL\/\/\/9mkPMPHvpoDAAAAOki\/\/\/\/ZpDzDx76aA0AAADpEv\/\/\/2aQ8w8e+mgOAAAA6QL\/\/\/9mkPMPHvpoDwAAAOny\/v\/\/ZpDzDx76aBAAAADp4v7\/\/2aQ8w8e+mgRAAAA6dL+\/\/9mkPMPHvpoEgAAAOnC\/v\/\/ZpDzDx76aBMAAADpsv7\/\/2aQ8w8e+mgUAAAA6aL+\/\/9mkPMPHvpoFQAAAOmS\/v\/\/ZpDzDx76aBYAAADpgv7\/\/2aQ8w8e+mgXAAAA6XL+\/\/9mkPMPHvpoGAAAAOli\/v\/\/ZpDzDx76aBkAAADpUv7\/\/2aQ8w8e+mgaAAAA6UL+\/\/9mkPMPHvpoGwAAAOky\/v\/\/ZpDzDx76aBwAAADpIv7\/\/2aQ8w8e+mgdAAAA6RL+\/\/9mkPMPHvpoHgAAAOkC\/v\/\/ZpDzDx76aB8AAADp8v3\/\/2aQ8w8e+mggAAAA6eL9\/\/9mkPMPHvpoIQAAAOnS\/f\/\/ZpDzDx76aCIAAADpwv3\/\/2aQ8w8e+mgjAAAA6bL9\/\/9mkPMPHvr\/JXZtAABmDx9EAADzDx76\/yUObAAAZg8fRAAA8w8e+v8lBmwAAGYPH0QAAPMPHvr\/Jf5rAABmDx9EAADzDx76\/yX2awAAZg8fRAAA8w8e+v8l7msAAGYPH0QAAPMPHvr\/JeZrAABmDx9EAADzDx76\/yXeawAAZg8fRAAA8w8e+v8l1msAAGYPH0QAAPMPHvr\/Jc5rAABmDx9EAADzDx76\/yXGawAAZg8fRAAA8w8e+v8lvmsAAGYPH0QAAPMPHvr\/JbZrAABmDx9EAADzDx76\/yWuawAAZg8fRAAA8w8e+v8lpmsAAGYPH0QAAPMPHvr\/JZ5rAABmDx9EAADzDx76\/yWWawAAZg8fRAAA8w8e+v8ljmsAAGYPH0QAAPMPHvr\/JYZrAABmDx9EAADzDx76\/yV+awAAZg8fRAAA8w8e+v8ldmsAAGYPH0QAAPMPHvr\/JW5rAABmDx9EAADzDx76\/yVmawAAZg8fRAAA8w8e+v8lXmsAAGYPH0QAAPMPHvr\/JVZrAABmDx9EAADzDx76\/yVOawAAZg8fRAAA8w8e+v8lRmsAAGYPH0QAAPMPHvr\/JT5rAABmDx9EAADzDx76\/yU2awAAZg8fRAAA8w8e+v8lLmsAAGYPH0QAAPMPHvr\/JSZrAABmDx9EAADzDx76\/yUeawAAZg8fRAAA8w8e+v8lFmsAAGYPH0QAAPMPHvr\/JQ5rAABmDx9EAADzDx76\/yUGawAAZg8fRAAA8w8e+v8l\/moAAGYPH0QAAPMPHvr\/JfZqAABmDx9EAADoy\/3\/\/2YuDx+EAAAAAACQ8w8e+kFXQVZBVUG9AQAAAEFUVYn9SI09LEEAAFNIifNIgeyYAAAAZEiLBCUoAAAASImEJIgAAAAxwOhx\/f\/\/SYnGSIXAdCFFMe2D\/QF+GUiLewhIjTX+QAAARTHt6H7+\/\/+FwEEPlMVEiehMiyOD4AGIRCQLTYXkD4SABgAAvi8AAABMiefoFf7\/\/0mJx0iFwHQxSI1IAUiJyEiJDCRMKeBIg\/gGfh1JjX\/6ugcAAABIjTWkQAAA6CT9\/\/+FwA+EVgIAAEiLBT1qAABIjTV1QAAAvwYAAABMjT0IQAAATIkla2oAAEyJIOhT\/v\/\/SI01c0AAAEyJ\/+g0\/f\/\/TIn\/6Az9\/\/9IjT1lJgAA6KAsAACD\/QIPhesAAACAfCQLAA+E4AAAAEiLawhIjTVKQAAASInv6Kn9\/\/+FwA+E5AUAAEiNNc9AAABIie\/okv3\/\/4XAD4QCBQAATI17CL0BAAAARYXtD4W3AAAAQbwBAAAATYX2D4T7AwAAhe0PjkgBAACJ7U2NLO9IjS2wPQAATYs36y8PH4AAAAAASIsdWWkAAA+2ykmJxkiLO0iLRyhIO0cwD4NKAwAASI1IAUiJTyiIEEEPthZJjUYBhNIPhFADAACA+lx1w0UPtkYBRYTAD4T1AgAAQY1A0E2NTgJEicE8SA+HWAEAAA+2wEhjRIUASAHoPv\/gg+0BTI17CEWF7Q+EVP\/\/\/0GJ7YXtD46tAAAATYX2RIntQbwBAAAASbgBAAAAAQIAAEEPlcJFMclJiz+APy0PhU4EAAAPtk8BhMkPhEIEAABIjVcCichmDx9EAACD6EU8KQ+H9QIAAEkPo8BAD5LGQIT2D4TkAgAAD7YCSIPCAYTAddlIjUcBMdLrD5CA+UVED0TKD7YIhMl0HEiDwAGA+WUPhK0CAACA+W514A+2CEUx5ITJdeRJg8cIg+0BD4V1\/\/\/\/RYTkdCNIiwUlaAAASIs4SItHKEg7RzAPg\/MDAABIjVABSIlXKMYACkiLhCSIAAAAZEgrBCUoAAAAD4XzAwAASIHEmAAAADHAW11BXEFdQV5BX8NIizwkugMAAABIjTU5PgAA6LH6\/\/9MiyQkhcAPhYn9\/\/9IiwXWZwAATY1nBEyJIOl2\/f\/\/SIsdo2cAAEEPtshIiztIi0coSDtHMA+DQwMAAEiNUAFIiVcoxgBcRInCTYnO6SX+\/\/9BD7ZOAo1B0DwHD4dmAgAATY1OA0EPtgGNUdCNSNCA+QcPhiUCAABIix1KZwAAD7bKTYnO6ez9\/\/9MiQwkQQ+2XgJEiEQkC+gU\/P\/\/RA+2RCQLTIsMJEiLCA+2w\/ZEQQEQD4Rn\/\/\/\/D7b76NEHAABBD7Z+A4nC9kR5ARAPhAgCAACJwUAPtv9Jg8YE6LAHAADB4QRIix3eZgAAjRQBD7bK6YD9\/\/9Iix3MZgAATYnOuQsAAAC6CwAAAOln\/f\/\/SIsds2YAAE2JzrkJAAAAugkAAADpTv3\/\/0iLHZpmAABNic65DQAAALoNAAAA6TX9\/\/9Iix2BZgAATYnOuQoAAAC6CgAAAOkc\/f\/\/SIsdaGYAAE2JzrkMAAAAugwAAADpA\/3\/\/0iLHU9mAABNic65GwAAALobAAAA6er8\/\/9Iix02ZgAATYnOuQgAAAC6CAAAAOnR\/P\/\/Dx9AAEiLHRlmAABJica5XAAAAEiLO0iLRyhIO0cwD4K+\/P\/\/Dx+EAAAAAACJzuiJ+f\/\/QQ+2FkmNRgGE0g+Fufz\/\/2YPH4QAAAAAAEmDxwhNOe8PhJr9\/\/9Iix3EZQAASIs7SItHKEg7RzAPgwQBAABIjVABSIlXKMYAIOk3\/P\/\/Dx8AQYnx6Tf9\/\/9FhNIPhRb8\/\/9FhMkPhQ38\/\/+F7Q+OTf3\/\/4ntSIsddWUAAEmNLO\/rEg8fgAAAAABIjVABSIlXKMYAIEmLP0iLM0mDxwjoJvn\/\/0k57w+EFP3\/\/0iLO0iLRyhIO0cwctC+IAAAAOjG+P\/\/68+NVNDQQQ+2QQGD6DA8Bw+HBgEAAI0U0EiLHQ5lAABNjXECD7bK6a\/7\/\/9Iix37ZAAATYnOMckx0umc+\/\/\/SIsd6GQAAEmDxgMPtsjpifv\/\/0iLHdVkAABNic65BwAAALoHAAAA6XD7\/\/9Iix28ZAAATYnOuVwAAADpXPv\/\/74gAAAA6D34\/\/\/pNPv\/\/1BIiwWYZAAASI0NzTsAAEiNFXQ6AABqAEyNDag7AABMjQWsOwAASIs4SI01aDoAADHA6GEhAABaWelZ\/P\/\/RYTSD4XY+v\/\/RYTJD4TS\/v\/\/6cr6\/\/++XAAAAIlMJAxMiQwkRIhEJAvozPf\/\/0QPtkQkC0yLDCSLTCQM6Z78\/\/++CgAAAOiv9\/\/\/6Qn8\/\/9Iix0LZAAATY1xAQ+2yums+v\/\/6HL3\/\/9IiwUjZAAAujcAAAC+AQAAAEiNPUI9AABIiwjogvj\/\/+id9v\/\/ugUAAABIjTVhPQAAMf\/oCvf\/\/0yJ4UyJ4r8BAAAASInGMcDoBfj\/\/0iLHaZjAAC6BQAAADH\/SI01cD0AAEiLK+jY9v\/\/SInHSInu6F33\/\/9Iiyu6BQAAADH\/SI01rD0AAOi39v\/\/SInuSInH6Dz3\/\/9Iiyu6BQAAADH\/SI01Ez4AAOiW9v\/\/SInuSInH6Bv3\/\/9Iiyu6BQAAADH\/SI01Ij4AAOh19v\/\/SInuSInH6Pr2\/\/9Iiyu6BQAAADH\/SI01QT4AAOhU9v\/\/SInuSInH6Nn2\/\/9Iiyu6BQAAADH\/SI01YD4AAOgz9v\/\/SInuSInH6Lj2\/\/9Iiyu6BQAAADH\/SI01Jz8AAOgS9v\/\/SInuSI0tuDgAAEiJx+iQ9v\/\/ugUAAABIjTV0PwAAMf\/o7fX\/\/0iJ6r8BAAAASInGMcDo6\/b\/\/0yLI7oFAAAAMf9IjTUKQAAA6MX1\/\/9MieZMjWQkEEiJx+hF9v\/\/SI0F\/zgAAEiNNfY4AABmSA9u0GZID27GSI0F9zgAAGYPbMJmSA9u2EiNBf04AAAPKUQkEGZJD27HZg9sww8pRCQgZkgPbsBIjQWnOAAAZkgPbshIjQXcOAAAZg9swQ8pRCQwZkgPbsBIjQXROAAAZg9swQ8pRCRAZkgPbsBIjQXGOAAAZg9swQ8pRCRQZkgPbsBmD2zBDylEJGBmD+\/ADylEJHDrEEiJ7+in9f\/\/hcB0DUmDxBBJizQkSIX2dedNi2wkCLoFAAAASI01hDgAADH\/TYXtD4S5AAAA6NX0\/\/9MjSV+PwAAvwEAAABIjRVkNwAASInGTInhMcDoxfX\/\/zH2vwUAAADoqfX\/\/0iFwHQcugMAAABIjTVOOAAASInH6DD0\/\/+FwA+F4wAAALoFAAAASI01NjgAADH\/6HX0\/\/9IielMieK\/AQAAAEiJxjHASI0dZTcAAOhp9f\/\/STntD4SYAAAAugUAAABIjTVkPwAAMf\/oPfT\/\/78BAAAASInZTInqSInGMcDoOPX\/\/zH\/6HH1\/\/\/oHPT\/\/0yNJcU+AABIjRWwNgAAvwEAAABIicZMieFMjS2sNgAAMcDoBfX\/\/zH2vwUAAADo6fT\/\/0iFwA+FPP\/\/\/7oFAAAASI01jjcAADH\/6M3z\/\/9IielMieK\/AQAAAEiJxjHA6Mj0\/\/9MjS1hNgAASI0dFTcAAOlV\/\/\/\/SIsbMf+6BQAAAEiNNWw+AADoj\/P\/\/0iJx0iJ3ugU9P\/\/6ff+\/\/9mLg8fhAAAAAAADx9EAADzDx76Me1JidFeSIniSIPk8FBURTHAMclIjT0R9f\/\/\/xXzXwAA9GYuDx+EAAAAAABIjT1BYAA="} 12188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":14690,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":14690,"pkt_l4_len":14656,"thread_ts_usec":1712420115772931,"pkt":"AAAAAAAAAAAAAAAACABFADlUtA5AAEART4h\/AAABfwAAAer2gjU5QDdUTCRASI01thgAAEyLbCR4TItkJHBIi1wkaEyJTCQQTIt8JGBMi3QkWEyJRCQISIkMJOja0v\/\/SInCUOla\/\/\/\/TItEJEhIi0wkQLoFAAAAMf9Mi2QkcEiLXCRoSI01LxgAAEyLfCRgTIt0JFhMiUQkCEyLbCRQSIkMJOiS0v\/\/QVRTSInCTYnpQVdBVkyLRCQoSItMJCC+AQAAAEiJ7zHA6NzT\/\/9Ig8Qg6Rf\/\/\/9Ii0wkQEyLbCRQugUAAAAx\/0yLZCRISItcJGhIjTWZFwAATIt8JGBMi3QkWEiJDCToLtL\/\/02J6U2J4FFIicJTQVdBVuudTIt8JGC6BQAAAEiNNTwXAAAx\/0yLdCRYTItsJFBMi2QkSEiLXCRA6PHR\/\/9BV0iJwkFWvgEAAABIie9NielNieBIidkxwOhC0\/\/\/Xl\/pf\/7\/\/7oFAAAASI01zxYAADH\/TIt0JFhMi2wkUEyLZCRISItcJEDopNH\/\/0iJwkFQ67FMi2wkUEyLZCRIMf+6BQAAAEiLXCRASI01bBQAAOh70f\/\/TYnpTYngvgEAAABIicJIidlIie8xwOjQ0v\/\/6Q\/+\/\/9Mi2QkSEiLXCRAMf+6BQAAAEiNNRgUAADoPtH\/\/02J4EiJ2b4BAAAASInCSInvMcDoltL\/\/+nV\/f\/\/SItcJEAx\/7oFAAAASI010xMAAOgJ0f\/\/vgEAAABIie9IicJIidkxwOhk0v\/\/6aP9\/\/9Mi0wkUEyLRCRIugUAAABIjTW5FgAATIuUJIAAAABIi0wkQEyLbCR4TItkJHBMiUwkEEiLXCRoTIt8JGBMiVQkGEyJRCQITIt0JFhIiQwk6RP9\/\/\/oxtD\/\/2YPH0QAAPMPHvpIixV9PQAAMfbpvtH\/\/wAA8w8e+kiD7AhIg8QIwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ND\/\/+DQ\/\/+g0P\/\/sND\/\/8DQ\/\/\/Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/\/w0P\/\/4ND\/\/6DQ\/\/+w0P\/\/wND\/\/9DQ\/\/853f\/\/Rt7\/\/5zq\/\/8E3v\/\/19z\/\/3Ld\/\/\/C3f\/\/ntz\/\/+jV\/\/\/o1f\/\/6NX\/\/6jb\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/+S2\/\/\/Vdr\/\/wHc\/\/9m3P\/\/GNr\/\/xfX\/\/9a3P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/S9z\/\/+zZ\/\/\/s2f\/\/3Nv\/\/+zZ\/\/861\/\/\/7Nn\/\/zzb\/\/\/s2f\/\/7Nn\/\/+zZ\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/7Nn\/\/+zZ\/\/\/s2f\/\/7Nn\/\/2va\/\/933v\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/aN7\/\/xDf\/\/\/\/3v\/\/V97\/\/\/De\/\/8w3\/\/\/H9\/\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/9Xe\/\/831v\/\/N9b\/\/0re\/\/831v\/\/NN7\/\/zfW\/\/8\/3\/\/\/N9b\/\/zfW\/\/831v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zfW\/\/831v\/\/N9b\/\/zfW\/\/912f\/\/zN7\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/znf\/\/\/R3\/\/\/vd\/\/\/3ff\/\/+L3\/\/\/rt\/\/\/5rf\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/\/g3\/\/\/vN7\/\/7ze\/\/\/c2f\/\/vN7\/\/5ze\/\/+83v\/\/\/t\/\/\/7ze\/\/+83v\/\/vN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+83v\/\/vN7\/\/7ze\/\/+83v\/\/SN\/\/\/+Dr\/\/8L7v\/\/0e3\/\/4\/t\/\/9h7f\/\/D+3\/\/8ns\/\/9b7P\/\/Cez\/\/z3u\/\/9ExP\/\/WMT\/\/1jE\/\/9YxP\/\/WMT\/\/1jE\/\/9YxP\/\/WMT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/\/nG\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/4Mb\/\/3\/F\/\/+zw\/\/\/EsT\/\/2bF\/\/9Nxf\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/zTF\/\/8SxP\/\/EsT\/\/xLE\/\/8bxf\/\/EsT\/\/wLF\/\/8SxP\/\/6cT\/\/xLE\/\/99xP\/\/AAAAAAAAAAAAAAAAAAAAAENvcHlyaWdodCAlcyAlZCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4AbWVtb3J5IGV4aGF1c3RlZAAlcwDigJkAoa8AIgAnAKEHZQDigJgAR0IxODAzMABQT1NJWABgAHdyaXRlIGVycm9yAEdOVSBjb3JldXRpbHMAZWNobwAlcyAoJXMpICVzCgAoQykAV3JpdHRlbiBieSAlcy4KAFdyaXR0ZW4gYnkgJXMgYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsIGFuZCAlcy4KAFBPU0lYTFlfQ09SUkVDVAAtbgAvLmxpYnMvAGx0LQAvdXNyL3NoYXJlL2xvY2FsZQAtLWhlbHAAc2hhMiB1dGlsaXRpZXMAWwB0ZXN0IGludm9jYXRpb24ATXVsdGktY2FsbCBpbnZvY2F0aW9uAHNoYTIyNHN1bQBzaGEyNTZzdW0Ac2hhMzg0c3VtAHNoYTUxMnN1bQAKJXMgb25saW5lIGhlbHA6IDwlcz4KAGVuXwBGdWxsIGRvY3VtZW50YXRpb24gPCVzJXM+CgAtLXZlcnNpb24AQ2hldCBSYW1leQBCcmlhbiBGb3gAOS4xAExpY2Vuc2UgR1BMdjMrOiBHTlUgR1BMIHZlcnNpb24gMyBvciBsYXRlciA8JXM+LgpUaGlzIGlzIGZyZWUgc29mdHdhcmU6IHlvdSBhcmUgZnJlZSB0byBjaGFuZ2UgYW5kIHJlZGlzdHJpYnV0ZSBpdC4KVGhlcmUgaXMgTk8gV0FSUkFOVFksIHRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxhdy4KAAAAAAAAaHR0cHM6Ly9nbnUub3JnL2xpY2Vuc2VzL2dwbC5odG1sAAAAAAAAAFdyaXR0ZW4gYnkgJXMsICVzLCAlcywKJXMsICVzLCAlcywgJXMsCiVzLCAlcywgYW5kIG90aGVycy4KAAAAAABXcml0dGVuIGJ5ICVzLCAlcywgJXMsCmFuZCAlcy4KAFdyaXR0ZW4gYnkgJXMsICVzLCAlcywKJXMsIGFuZCAlcy4KAAAAAABXcml0dGVuIGJ5ICVzLCAlcywgJXMsCiVzLCAlcywgYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCBhbmQgJXMuCgAAAAAAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCAlcywKYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCAlcywKJXMsIGFuZCAlcy4KAAAAAABBIE5VTEwgYXJndlswXSB3YXMgcGFzc2VkIHRocm91Z2ggYW4gZXhlYyBzeXN0ZW0gY2FsbC4KAFVzYWdlOiAlcyBbU0hPUlQtT1BUSU9OXS4uLiBbU1RSSU5HXS4uLgogIG9yOiAgJXMgTE9ORy1PUFRJT04KAABFY2hvIHRoZSBTVFJJTkcocykgdG8gc3RhbmRhcmQgb3V0cHV0LgoKICAtbiAgICAgICAgICAgICBkbyBub3Qgb3V0cHV0IHRoZSB0cmFpbGluZyBuZXdsaW5lCgAAAAAgIC1lICAgICAgICAgICAgIGVuYWJsZSBpbnRlcnByZXRhdGlvbiBvZiBiYWNrc2xhc2ggZXNjYXBlcwogIC1FICAgICAgICAgICAgIGRpc2FibGUgaW50ZXJwcmV0YXRpb24gb2YgYmFja3NsYXNoIGVzY2FwZXMgKGRlZmF1bHQpCgAAAAAAICAgICAgLS1oZWxwICAgICAgICBkaXNwbGF5IHRoaXMgaGVscCBhbmQgZXhpdAoAICAgICAgLS12ZXJzaW9uICAgICBvdXRwdXQgdmVyc2lvbiBpbmZvcm1hdGlvbiBhbmQgZXhpdAoAAAAAAAAAAApJZiAtZSBpcyBpbiBlZmZlY3QsIHRoZSBmb2xsb3dpbmcgc2VxdWVuY2VzIGFyZSByZWNvZ25pemVkOgoKAAAgIFxcICAgICAgYmFja3NsYXNoCiAgXGEgICAgICBhbGVydCAoQkVMKQogIFxiICAgICAgYmFja3NwYWNlCiAgXGMgICAgICBwcm9kdWNlIG5vIGZ1cnRoZXIgb3V0cHV0CiAgXGUgICAgICBlc2NhcGUKICBcZiAgICAgIGZvcm0gZmVlZAogIFxuICAgICAgbmV3IGxpbmUKICBcciAgICAgIGNhcnJpYWdlIHJldHVybgogIFx0ICAgICAgaG9yaXpvbnRhbCB0YWIKICBcdiAgICAgIHZlcnRpY2FsIHRhYgoAAAAAICBcME5OTiAgIGJ5dGUgd2l0aCBvY3RhbCB2YWx1ZSBOTk4gKDEgdG8gMyBkaWdpdHMpCiAgXHhISCAgICBieXRlIHdpdGggaGV4YWRlY2ltYWwgdmFsdWUgSEggKDEgdG8gMiBkaWdpdHMpCgAAAApOT1RFOiB5b3VyIHNoZWxsIG1heSBoYXZlIGl0cyBvd24gdmVyc2lvbiBvZiAlcywgd2hpY2ggdXN1YWxseSBzdXBlcnNlZGVzCnRoZSB2ZXJzaW9uIGRlc2NyaWJlZCBoZXJlLiAgUGxlYXNlIHJlZmVyIHRvIHlvdXIgc2hlbGwncyBkb2N1bWVudGF0aW9uCmZvciBkZXRhaWxzIGFib3V0IHRoZSBvcHRpb25zIGl0IHN1cHBvcnRzLgoAAApOT1RFOiBwcmludGYoMSkgaXMgYSBwcmVmZXJyZWQgYWx0ZXJuYXRpdmUsCndoaWNoIGRvZXMgbm90IGhhdmUgaXNzdWVzIG91dHB1dHRpbmcgb3B0aW9uLWxpa2Ugc3RyaW5ncy4KAAAAAAAAAABodHRwczovL3d3dy5nbnUub3JnL3NvZnR3YXJlL2NvcmV1dGlscy8AUmVwb3J0IGFueSB0cmFuc2xhdGlvbiBidWdzIHRvIDxodHRwczovL3RyYW5zbGF0aW9ucHJvamVjdC5vcmcvdGVhbS8+CgAAb3IgYXZhaWxhYmxlIGxvY2FsbHkgdmlhOiBpbmZvICcoY29yZXV0aWxzKSAlcyVzJwoAAAEbAzuQAAAAEQAAALyx\/\/\/EAAAADLT\/\/+wAAAActP\/\/BAEAAFy2\/\/+AAgAAbLb\/\/3QDAAA8wf\/\/rAAAACzC\/\/8cAQAAvML\/\/zABAAC8w\/\/\/RAEAAPzD\/\/9gAQAA7MT\/\/6QBAADsxf\/\/4AEAAEzG\/\/8MAgAAfMf\/\/zACAADc3f\/\/oAIAAFze\/\/\/AAgAAHOT\/\/9QDAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAUAAAAHAAAAIjA\/\/8mAAAAAEQHEAAAAAAkAAAANAAAAPCw\/\/9QAgAAAA4QRg4YSg8LdwiAAD8aOSozJCIAAAAAFAAAAFwAAAAYs\/\/\/EAAAAAAAAAAAAAAAFAAAAHQAAAAQs\/\/\/QAIAAAAAAAAAAAAAEAAAAIwAAAAIwf\/\/hgAAAAAAAAAQAAAAoAAAAITB\/\/\/9AAAAAAAAABgAAAC0AAAAcML\/\/zcAAAAAQQ4QQQ4IUg4QAABAAAAA0AAAAJTC\/\/\/uAAAAAEE="} @@ -13,7 +13,7 @@ 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1712420134895500,"flow_src_last_pkt_time":1712420138537174,"flow_dst_last_pkt_time":1712420138537199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41150,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01098{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14648,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14648,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62064,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1712420138537199} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62064,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1712420138537199} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928876 bytes -~~ total memory freed........: 6928876 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7506472 bytes +~~ total memory freed........: 7506472 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 12193 chars diff --git a/test/results/default/emotet.pcap.out b/test/results/default/emotet.pcap.out index e70223977..527d3f786 100644 --- a/test/results/default/emotet.pcap.out +++ b/test/results/default/emotet.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645830066121611} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645830066121611} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645830066121611,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1645830066121611,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066871134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1645830066871134,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="} @@ -8,7 +8,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830067977441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1645830067978107,"pkt":"IOUqtpPxAAgCHEeuCABFAAA9wBRAAIAGPu4KAhlmwfwWVN\/dAkvNIWS3iukoFlAY+rqhDQAARUhMTyBbMTczLjY2LjQ2Ljk3XQ0K"} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830068348052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":214,"midstream":0,"thread_ts_usec":1645830068348052,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1","domainame":"opmta1mto02nd1","smtp": {"user":"","password":"","auth_failed":0}}} 02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074471734,"flow_dst_last_pkt_time":1645830074471604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1645830074471734,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":254,"avg":538713.4,"max":3056402,"stddev":774055.0,"var":599161176064.0,"ent":3.7,"data": [749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254]},"pktlen": {"min":40,"avg":80.8,"max":738,"stddev":121.9,"var":14849.5,"ent":4.3,"data": [52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738]},"bins": {"c_to_s": [8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1648563468993352} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1648563468993352} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648563468993352,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648563468993352,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563469109116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1648563469109116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="} @@ -18,7 +18,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648563469109583,"flow_dst_last_pkt_time":1648563469109634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648563469109634,"pkt":"AAgCHEeuIOUqtpPxCABFAAAooCsAAIAGi4VooX8WCgMdZQBQ2\/UuAEkmb3ez7lAQ+vAu8gAA"} 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469442201,"flow_dst_last_pkt_time":1648563469442152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":24498,"midstream":0,"thread_ts_usec":1648563469442201,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":77,"avg":28956.4,"max":204389,"stddev":59845.4,"var":3581476608.0,"ent":2.7,"data": [115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690]},"pktlen": {"min":40,"avg":820.0,"max":1401,"stddev":663.1,"var":439751.8,"ent":4.4,"data": [52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fkl.co.ke"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":27,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074472054,"flow_dst_last_pkt_time":1645830074472521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":15498,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1648563469606163,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1650490398530577} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1650490398530577} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650490398530577,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650490398530577,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1650490398627831,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="} @@ -28,7 +28,7 @@ 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1442,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1442,"pkt_l4_len":1408,"thread_ts_usec":1650490398888771,"pkt":"AAgCHEeuIOUqtpPxCABFAAWU7ZtAADMGF+trobLSCgQUZgBQ1C8M9mn8Uc1XSFAQAO1SvQAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDIwIEFwciAyMDIyIDIxOjMzOjA0IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtUG93ZXJlZC1CeTogUEhQLzUuNi40MA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogV2VkLCAyMCBBcHIgMjAyMiAyMTozMzowNCBHTVQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSJFR2g3eDZhS04zSUxQLmRsbCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KU2V0LUNvb2tpZTogNjI2MDdjMTAzODZhMz0xNjUwNDkwMzg0OyBleHBpcmVzPVdlZCwgMjAtQXByLTIwMjIgMjE6MzQ6MDQgR01UOyBNYXgtQWdlPTYwOyBwYXRoPS8NCkxhc3QtTW9kaWZpZWQ6IFdlZCwgMjAgQXByIDIwMjIgMjE6MzM6MDQgR01UDQpDb250ZW50LUxlbmd0aDogODAyODE2DQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LW1zZG93bmxvYWQNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAANclxdSRMyDkkTMg5JEzIOP45fDkETMg4\/jkkOXhMyDkkTMw4uETIObtVfDsMTMg5u1U8OQxMyDm7VXA75EzIObtVADkATMg5u1UgOSBMyDm7VTg5IEzIObtVKDkgTMg5SaWNoSRMyDgAAAAAAAAAAUEUAAGSGBgAAFV9iAAAAAAAAAADwACIgCwIIAABgBgAA3AUAAAAAAMBwBAAAEAAAAAAAEAAAAAAAEAAAAAIAAAQAAAAAAAAABQACAAAAAAAA0AwAAAQAAPAJDQACAAAAAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAACCMCABjAAAAsF8IANwAAAAAsAkABMwCAAAwCQDgcwAAAAAAAAAAAAAAgAwAhCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwBgAIDgAAEF8IAEAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACcXwYAABAAAABgBgAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAgxwCAABwBgAAHgIAAGQGAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAADCTAAAAkAgAADYAAACCCAAAAAAAAAAAAAAAAABAAADALnBkYXRhAADgcwAAADAJAAB0AAAAuAgAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAABMwCAACwCQAAzgIAACwJAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAADxEAAAAgAwAAEYAAAD6CwAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01474{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1650490398888771,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"gandhitoday.org","domainame":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"application\/x-msdownload","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":37,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469606163,"flow_dst_last_pkt_time":1648563469559770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":46621,"midstream":0,"thread_ts_usec":1650490398907947,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fkl.co.ke"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":123,"packets-processed":122,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1650905413858492} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":123,"packets-processed":122,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1650905413858492} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905413858492,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905413858492,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905414042728,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"} @@ -43,21 +43,21 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1650905467542773,"flow_dst_last_pkt_time":1650905467652145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905467652145,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7wotH+MA690NSooAS+vAcZQAAAgQFbAEBBAIBAwMH"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1650905467652398,"flow_dst_last_pkt_time":1650905467652145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650905467652398,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoC59AAIAGrZ0KBBllisWTZcKLAbv3Q1KiR\/jAO1AQBABT4AAAAAAAAAAA"} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1650905467666537,"flow_dst_last_pkt_time":1650905467652145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1650905467666537,"pkt":"IOUqtpPxAAgCHEeuCABFAAC9C6BAAIAGrQcKBBllisWTZcKLAbv3Q1KiR\/jAO1AYBAD9EwAAFgMDAJABAACMAwNiZtFkECX8pQC9tOV+P9CV1hC1farTreZ9XJMTVwN2EQAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAPQAKAAgABgAdABcAGAALAAIBAAANABoAGAgECAUIBgQBBQECAQQDBQMCAwICBgEGAwAjAAAAFwAA\/wEAAQA="} -01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467666537,"flow_dst_last_pkt_time":1650905467652145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905467666537,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467666537,"flow_dst_last_pkt_time":1650905467652145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905467666537,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1650905467666537,"flow_dst_last_pkt_time":1650905467775917,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650905467775917,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoRkFAADEGwfuKxZNlCgQZZQG7wotH+MA790NTN1AQAfVVVgAAAAAAAAAA"} -01806{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467666537,"flow_dst_last_pkt_time":1650905467789145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1378,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1650905467789145,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","subjectDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","fingerprint":"43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93","blocks":0}}} +01772{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467666537,"flow_dst_last_pkt_time":1650905467789145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1378,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1650905467789145,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","subjectDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","fingerprint":"43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469778844,"flow_dst_last_pkt_time":1650905469778844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905469778844,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1650905469778844,"flow_dst_last_pkt_time":1650905469778844,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905469778844,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0C9hAAIAGrVgKBBllisWTZcKMAbv+vEuFAAAAAIAC\/\/8e8wAAAgQFtAEDAwgBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1650905469778844,"flow_dst_last_pkt_time":1650905469855852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905469855852,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7woy1bvT7\/rxLhoAS+vB5zwAAAgQFbAEBBAIBAwMH"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1650905469855925,"flow_dst_last_pkt_time":1650905469855852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650905469855925,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoC9lAAIAGrWMKBBllisWTZcKMAbv+vEuGtW70\/FAQBACxSgAAAAAAAAAA"} 00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469855852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1650905469856222,"pkt":"IOUqtpPxAAgCHEeuCABFAAFtC9pAAIAGrB0KBBllisWTZcKMAbv+vEuGtW70\/FAYBAAQdgAAFgMDAUABAAE8AwNiZtFmdCpnRfYJppPcaGgT4Bc7Q6ygT88QDBP\/VKBC8AAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAA7QAKAAgABgAdABcAGAALAAIBAAANABoAGAgECAUIBgQBBQECAQQDBQMCAwICBgEGAwAjALC4+yxalpWJeXJ3a7fVuNu\/+7sw5lKGBwTmyueYJ56sqWe5mBsTedN4Rff4w\/kDdInOjiTTiaeOxA0mMzW06fQfqWZtfdYXuh3GK9Sug12YNgSrTkGCHx5uhr\/w900ix7eJx+4FkKE0RTxTuNoGQ0gPJoHJRiLsIkQF44Gs3yIpz47bPwkUxXkBJeMuxg7N4ueqmTMNtFhF13PhLVepW54Mwi8KEZVVfvVM8J\/NRGQooQAXAAD\/AQABAA=="} -01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469855852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":325,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905469856222,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469855852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":325,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905469856222,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469964301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650905469964301,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoNn1AADEG0b+KxZNlCgQZZQG7woy1bvT8\/rxMy1AQAfWyEAAAAAAAAAAA"} -01439{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469964391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":325,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1650905469964391,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01308{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467928862,"flow_dst_last_pkt_time":1650905469191372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01202{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905518385458,"flow_dst_last_pkt_time":1650905473602816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":553,"flow_dst_max_l4_payload_len":660,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":800,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01405{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469964391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":325,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1650905469964391,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01315{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467928862,"flow_dst_last_pkt_time":1650905469191372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01209{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905518385458,"flow_dst_last_pkt_time":1650905473602816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":553,"flow_dst_max_l4_payload_len":660,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":800,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01361{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":10,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414338361,"flow_dst_last_pkt_time":1650905414341100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":9960,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"filmmogzivota.rs"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":169,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1650905518385458} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":169,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1650905518385458} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 169/169 ~~ skipped flows.............: 0 @@ -66,9 +66,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6942797 bytes -~~ total memory freed........: 6942797 bytes -~~ total allocations/frees...: 114402/114402 +~~ total memory allocated....: 7520436 bytes +~~ total memory freed........: 7520436 bytes +~~ total allocations/frees...: 126136/126136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2391 chars diff --git a/test/results/default/encrypted_sni.pcap.out b/test/results/default/encrypted_sni.pcap.out index 1eb6424b6..879c1907c 100644 --- a/test/results/default/encrypted_sni.pcap.out +++ b/test/results/default/encrypted_sni.pcap.out @@ -1,18 +1,18 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01541{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680387847337,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01542{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680391590254,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} +01541{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01308{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01308{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,10 +21,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920485 bytes -~~ total memory freed........: 6920485 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7496422 bytes +~~ total memory freed........: 7496422 bytes +~~ total allocations/frees...: 125908/125908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 623 chars -~~ json message max len.......: 1507 chars -~~ json message avg len.......: 1064 chars +~~ json message max len.......: 1547 chars +~~ json message avg len.......: 1084 chars diff --git a/test/results/default/epicgames.pcapng.out b/test/results/default/epicgames.pcapng.out index f8146a2bf..64d824311 100644 --- a/test/results/default/epicgames.pcapng.out +++ b/test/results/default/epicgames.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684594463217688} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684594463217688} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463217688,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1684594463217688,"pkt":"CL6sCxduJjb1W8R1CABFAABOdf1AAEAR1QjAqAycEp0PuMIdOqMAOpeORxogAAiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKE7iHg4H\/Z6HRc="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594463538671,"flow_dst_last_pkt_time":1684594463538671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463538671,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -32,7 +32,7 @@ 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594491581525,"flow_dst_last_pkt_time":1684594491475757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":750,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594467700923,"flow_dst_last_pkt_time":1684594467772599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":344,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594467702588,"flow_dst_last_pkt_time":1684594467772655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":444,"flow_dst_tot_l4_payload_len":337,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1684594491581525} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":81,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1684594491581525} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917102 bytes -~~ total memory freed........: 6917102 bytes -~~ total allocations/frees...: 114251/114251 +~~ total memory allocated....: 7494698 bytes +~~ total memory freed........: 7494698 bytes +~~ total allocations/frees...: 125982/125982 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 584 chars ~~ json message max len.......: 984 chars diff --git a/test/results/default/esp.pcapng.out b/test/results/default/esp.pcapng.out index 620698247..4356aa9c9 100644 --- a/test/results/default/esp.pcapng.out +++ b/test/results/default/esp.pcapng.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587340723655842,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="} 00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587340725659995,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="} 00914{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587340725658959,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723670088,"flow_dst_last_pkt_time":1587340723676343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":702,"flow_dst_tot_l4_payload_len":654,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910167 bytes -~~ total memory freed........: 6910167 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7487763 bytes +~~ total memory freed........: 7487763 bytes +~~ total allocations/frees...: 125885/125885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 999 chars diff --git a/test/results/default/ethereum.pcap.out b/test/results/default/ethereum.pcap.out index eed40eb44..5598c7743 100644 --- a/test/results/default/ethereum.pcap.out +++ b/test/results/default/ethereum.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578508362274369} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578508362274369} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508362274369,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -68,7 +68,7 @@ 01221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":561,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":561,"pkt_l4_len":527,"thread_ts_usec":1578508364568148,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIjAABAAEAGXj\/AqAG4I570l90ndl+E\/i4wBuq8c4AYECy0dwAAAQEICiLYlHw03AK8Ae0ENFbRMbDoR8q7\/lBVpSLdvQ0ss\/KysYDT3cgeuBsRepnhTempELxTDDzyA+2tnSS3\/ruB2mpEbWEuSedlIoj8Q+\/G+12XRxalYMJALGF\/Er1BufURk5A1YQ9d2FudC\/iAy\/0\/SQgKSDzazWMxd7m1Lzwbt1nkw8ZjTM6FPB2McyXwSH7Wjc1nUQhgSn5LWTODVqRQ+X4PuwvkifJR9XsBkh3VIgyEdaHFX8Yr3KzeLOekLEwSI0yKjH4ZLdpjDM5KKnBhg548bY6D30ay\/BaaMyf58ioyShCmLNSMSsFYyQQfVVYzvtvrZbl6LBsAaCp1QztDCCDI5Nl2M+bjMCsqt67khRdyIfZr+458mG08qKTyjO8oMmjYTZnLSmtS\/VNx\/QIJ5AL1xUckB+Ry3W4m+FfUNCXmhxM8jJ7Q4eEIQ3o0C3wBOm4q5OMhy77zHLV1U8n+1P3lzOlz1qwVcBSZ3c6jcmKjn7wAUE56CQ3m8W6n0IFKPd3C6lqMAp6k49eCxjEMbPCq3GbuLOhnLL0327qOy9StdTswkzKaOg7a3WHDZrriFvESwbOC3lodEcL\/J8VODIzTYk7iMhP3qabE+jkUi6\/1UrkkkLHqBQ7cfZ4aoH5Iqr35Sjr2YB7HO6Wo2LBxq97lA5uIai0r"} 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568148,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":612,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":612,"pkt_l4_len":578,"thread_ts_usec":1578508364568221,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJWAABAAEAG\/+TAqAG4soDD3N0ydl\/wysJJ+FRpUYAYECwg3gAAAQEICiLYlHxfPQwNAiAEhpkrlQBwH8ddEcq0BdL83Bo3hypa+fGbFwNsVRwx6iJqkT5ihZAS\/ej6odE27zVMZrwBgqFs6p9Y1qpQoG5AV\/xzB4ClP9AB\/3NVdEZa3hbMgtTl1WhChUY7PebrIbb7y7PKnhNG+fKkKEu2x79pMd24HXnzXjog8DrnqEwTWv5KnyKedSGLXPCsTmlzQN0QJEEY6J5nOrHUU8dFU21ucoziHzGqWR5upt8sNYEWXNo6BUoTw\/WutZuGkhbYkbg5yWqRm30izxfOmiC8VyOi\/XMkx2UM3FBf8b0juv8c6D9s\/qC+0wi8mopLq4rc0gMxNoHlt+XzgDmJJFmvryPOV\/VAXW0q9oQMgKbtHFLpFdW31b4pm9vkytbPbkbcxgYGzaDvLEvKf9fu6uiqaksKWf+ZV+QAMMtjZP7GkVhpNpwxIdCnaZadlVVgG5B+NfjFmgFxDlq9z36B5kVcAWPa24LZ\/YDsz5uz6kgth55OzqmUOcrjN0\/VL65\/IbGLyC\/XZeQucYMmUi5JlCrKEYIFZvdF9RFCHhZvdXS1fXnC5BRkGI9NSx1dKmp\/59WBa70i7aYEdFQrwisFND8qlAvWK9W60aDIMUoR\/G\/TpuNnaF7w6dROBlznoePkr7Mlqpx\/UMiw+Y\/vg9yIOdXpZ2b4tI2QpgNHpymKXmH3PbTxBdPmO5c6fcZf5qmOPHf8dq+j7gt1qe6Ulo\/6iuixGxQb"} -00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":546,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568221,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":546,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568221,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523293,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364569557,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364569615,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364569615,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"} 01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364571106,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"thread_ts_usec":1578508364571106,"pkt":"EBMx8Tl2KDc3AG3ICABFAAINAABAAEAGukLAqAG4WSZjIt0wdl+afwcQBAH0FoAYECxDKQAAAQEICiLYlH5fmkPpAdcEgS+qh2jbezyTSBMSn3K2Hympu6ADf5Hlhjv3vVL89xA433ok\/DfJinh\/mQLRmjZUTP2ynwWLoVuXup3DiktHavBeMvYUR1tKgWpIZFgiy8srilONDu7zwe36OziVlsdnfH4gSQevsTp8YzK3HiklBd\/TTzXG41FvrNfXRl0zTEnAkH0BVlO4ojSBnU\/nYt9V2hlnEaW\/mcpIq0oI11JhMcTShgByHbHchSeVwzNObDaAQftXXQb8kI5eimoPm+90BWPKsgBHFRySPtchPOCB8zI9RK+yAUPy9Xy326ZL22UBsRclJLFHStO5RO4HXPST4yDuQFk4\/9KnRJ98AT\/0plbhjnGAl98jUbiaRRduLNzZR1ZinqX7RdydZboE4IDCpbqb1\/g8WPCtd6NaVAQTTJHhSgs0gR2sVCN5w6nQL\/\/j\/IUC5jj+Na3yzuTMzHeG3Tt3xgJylfyrPTRda62GOUBHb2QVvLfiIOpfmrdpm\/RBZkb+8D8agiXAsIHe0qgMJsRKezrpQan7dnp9CRGst2ez5Ikv10YSuFE0HrQSq\/NP8A4+RHCkIvxBxl0tyCYcSeGZkRpLT4Sfg7T1+JOKVVaOIgCBzeXKsNkI\/CCGzGAPItw93RQ="} @@ -87,7 +87,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522913,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364646518,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364646622,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364646622,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_usec":1578508364647922,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH+AABAAEAGM1PAqAG4ovOgU90ldl\/qeq6zu+0RD4AYECxhVgAAAQEICiLYlMd1Z9P7AcgERo6ealhQS2J+mLynCbY1Hy1VHiXXjBEF5aZwYGsb1SkyTi2BlJLR9jlm5o9Yd4cS3KEoVJoAklWjbSq92M\/MxJ5i\/czl+D12\/rOTJp4IahyydQsdmxoEz+gZK86QtII\/+oGTj+U6VBaWExPYNq+C5V6TyVuHtDJDL3Y5atSFV0vzcy50rbayLeR0ayU7X+skthxj17LZfPA8iwm2c0WQGrMZnTOZhZMrFs3qwxnotfISDwNhBYVpVFhbc8xQauW4yRaREul0OeSJjKTRqmwVmJi81T4w2q2ijNkQBElUV02KdBr8fSu0sAI3MZj7mpO0vMclcJzVexbpn6a8CFqneMX9Apb9+9fepGMwGi2Sd\/qVXR7MMB6XN2e01TGbAUdypeN4yE4FkNu0ytSmPuRSqOixZkDpRu9orcap45t0\/IY5QKnvZ4vGh7T9AxgZLVBMyYJQoDqPZmcYhAb0Uox6lV8OBTYagrByVt\/zHKwHf0wIQ3a1Tgn6QQRhkbselkN+OOVMLmPmzwgCPNNnMubc940pqhI+cDCqm\/aqRhGmY62LP3sI4ch0mQOjJP0GeE96z1UuxyRqXNxQ46lB5SewRzVYwD3TBZA="} -00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364647922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364647922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364649773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364649773,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="} 01089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364650052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364650052,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="} 01958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364650675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364650675,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9MdRAACoRfig056VswKgBuHZfdl8EKRKyNhMNoVpKai\/zY6JtPK148+n8O0oeVuWetq0EUGeIZ+RtfSVG+aSj2EjmgE\/VzJtID8hcsMA0vo5I3RXPomPj3yUethvOHViNcPLofHHgt6Et2w\/V\/IZQwikbIBWnB9DTAQT5A7z5A7T4TYSAADOMgnZfgnZfuECzAedbnywh7LLXCkndomTntsSUpeaU+X6fjJnfrZQaB1R+H8I82rjSB7H8uOb2MmX2h8Eh6LA0rwKGlGg4GwHK+E2EItltD4JSCIJSCLhAV7xweLkhFnsF60oz420o\/7aRuvQDfeaR5dpY3JYLjsX+vIbrgixVpsHDBYr8HpBMbqyvQppwqy4HYepbXQ439vhNhLmcKfiCdl+Cdl+4QIpjJmS5Gps58YQUc3o0wkmgpBHEx1gDORbTV1rWIFwK7dVIOGdwy7ueFkd0ebURyFnWaX56rb2vwE00TcZVQc\/4TYRYYyPigm\/xgm\/xuECpd\/dXqwhUtMXwMPm+u9hAJuGJB0TlNeJH\/rhwYyfJLba1YjqffEkcEK\/elP06ULgIs+MSln0Dqh5H+5kYnNGk+E2EZc\/gMIKdZ4KdZ7hAeuBt+eVpr\/lD6zfG4rQPZ1zeBes7bOJwSykdL6ML2QKv452iWFBJMIYyvlNFnq\/\/C00h2CuZ\/anhkV9S20AZY\/hNhDTCDYuCdl+Cdl+4QLBhjnLjpcFxFmfKTcMgokq3D+uNpAukzphlJv9fJvmZpMDVt4vA7QCl\/tQeO6YywXwxPSo5mqDxT4Mhw84RQzb4TYREt8O8gnZfgnZfuEDIng59WZjTY84Fc4kJnGTPNYzt3nnlhEfJGfnOrlC6yoc7pGIyxRJAuIHlFFkehfT\/MZnQKZAPAlW4w64AegZe+E2EJox0OIJ2X4J2X7hAUcnvye\/EDV8yhpr44tuNjcH1iKn9VgwhEfiCj6tWu2I48UyT\/1NGoVARZK9OdquCOZ6CApHQbW+DYNgMbETGWvhNhANdcHOCdl+Cdl+4QD\/UX2IqmKGVR1qU9QsLqb3KjV3UDG2NojB8dIr7Jri2pn3jv\/+bXP6J9JPk1pIlWnrC4\/MFYoxS2N4EW\/3JczX4TYTOvRBhgnZfgnZfuEDSgII3zWEN0R4iExLhys3S9YgXOxu2LLtFpLUyUOie168aVDZZDdIBkFFi9sbcxATorv1KnwQmEOhtDobrFgpZ+E2E1YVu74J2X4J2X7hAOuWZ6O0wzMscIvV20fKJ6imvL0uabNom7Rtt3\/mq1Yc\/cUISC095aLfdfnNtvPxS8fkoG\/ogbmJFfhJwViVFH\/hNhC9cJiiCdnOCdnO4QGKt2+KrFMp40sLt\/0+vqoO+7cd+LGeqSI3nARXhQPO7oSmSUrCcwDSYZBC7QsBPfwF6JwXzHNJha7yydiKEG9+EXhYgYA=="} @@ -102,7 +102,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364659294,"flow_dst_last_pkt_time":1578508364659294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364659294,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"} 01082{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":461,"pkt_l4_len":427,"thread_ts_usec":1578508364659971,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG\/AABAAEAGRbnAqAG4A9EtT900dl+bF1Vm3a7y04AYECwE6gAAAQEICiLYlNJOlRAnAYkEYzsbi3U1VbPxeO8JeZGy8BDKLHIeRSKQp4\/evVyQovWvCuUArTsYbNFNxbOpHxgiMLlX0ZOeEmBKpT+zxdZ5teBbqVi3L+mm7Ze75jkvKWog+sVO61B5+CMn3LI3RoqoEIs7LzSm4dXhRB4iMDjlKoJ5ZcHwLwlkh8E9Vpo3djq3bdx6lp\/EdVYh6tyjrDNl\/j+nQfIHSl0cMW+mhrtlfSdcGh0syw23uJtUSkclaVzh1wHeEc\/bQntltm8xovFOwV9SJyedZop+oHv1QYNt8oHL9v3ZZw5lkXyC9v2DYGLqmi1M7RPz8jlmDJa9m+OtKYcpqVh3LJYWvbiP5AVvl68VRguEFNQTEiaz8u+Ok4fajiRFN+EVltIdouSx7saQkYFk1SJM9L4aBUOJFvL6FFh3igjYUWKgCjdf2qOqAGWN2QeLZkNKg69L2LgHAubee5cXm\/oVTb4ak7cxt1raQVyZh0C5KR4jqdxt3Bdo\/8IlgvyUrAcIb4sc4COpXETFl0cDGUpkbOA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364659971,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -02127{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364663606,"flow_dst_last_pkt_time":1578508364664348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1106,"flow_dst_tot_l4_payload_len":612,"midstream":0,"thread_ts_usec":1578508364664348,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9072.3,"max":62996,"stddev":18852.3,"var":355411104.0,"ent":2.7,"data": [42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778]},"pktlen": {"min":52,"avg":107.8,"max":598,"stddev":122.8,"var":15078.8,"ent":4.4,"data": [64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64]},"bins": {"c_to_s": [14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02134{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364663606,"flow_dst_last_pkt_time":1578508364664348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1106,"flow_dst_tot_l4_payload_len":612,"midstream":0,"thread_ts_usec":1578508364664348,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9072.3,"max":62996,"stddev":18852.3,"var":355411104.0,"ent":2.7,"data": [42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778]},"pktlen": {"min":52,"avg":107.8,"max":598,"stddev":122.8,"var":15078.8,"ent":4.4,"data": [64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64]},"bins": {"c_to_s": [14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522823,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364667606,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364667656,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364667656,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364632239,"flow_dst_last_pkt_time":1578508364668680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364668680,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="} @@ -139,7 +139,7 @@ 00981{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364773700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1578508364773700,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364776411,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508364776411,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="} -00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364776411,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364776411,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523039,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364784751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364784843,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364784843,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523109,"flow_dst_last_pkt_time":1578508364786203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364786203,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="} @@ -180,7 +180,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522826,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364862022,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364862123,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364862123,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"} 01323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"thread_ts_usec":1578508364863419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJyAABAAEAGZe7AqAG4pRZrId0idl9zKqG0Z0WM+YAYECyyoAAAAQEICiLYlY41gVUZAjwEBrdPJBbCQwcUaoZCxDis5JSdEax7zMEY4YCdFlAa+2wwGZZ36EDRJsHY24RNDnZBxeFf8+ZYUch2Et7cUHdOXQEUZ47rnkJZmX28hwqPmsvMZwp0u4SsCwU6fDyp5wu3oIPprKqawSO0UwnZY+qOmAlywjHywDySvCmDcdQBHBAbqXg1hFaS6Zu0Yt+EmQ2SXgRv2lskxE+IPCMqlp61qCZ1mhCMgaLwif0PE0IsCA4Ty7TRHTNw\/Hf6TDCrt1\/nHIlW8gmA4jbsBJFZ4LZ+iMrFvWSd\/WoyRpQV7SWRTmpkcyOKLkF6tl2IFdeTTulP3ebUqN6EVnU5au\/BAs41oHA62GK8cobjDyWi2CyTt1aND9UoQFP0l7rB\/ErpMTMKRLEA5Zuwomefcbzmr4te87Tw9oCQCNhAjDwdIOGYD+SpHBB5ILy+9YGqT5Ex3m8DlQTlIggLKSRs4in1kBUBXdUsd9iqqai5H1KXm240BSureCWGelR7oXdvMDpi3zozgae51NiLBIgx+gMQ\/e3lL4W8nVto\/mof3tKTtt98bkiqwWDH6qvnYvhbhiVFm07CuKqLpWNU9Wcgx5kxbwBbKPXf9Fq8ZzDEoB3F1fq1U+75d3yGrfUh2hXruV2WlkO+1dSAMLYM1d7nPwWFt7EhOMM+7PK06co\/LVWapNmiFCLOcJVyBl2rRvFJ1I02w1KAIchuBZOnx1S0yzLXBGNEPLiUxKE4kHe89VgmIYEJ7MA7FceloAWK1TcFJQ=="} -00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":574,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364863419,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":574,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364863419,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364790328,"flow_dst_last_pkt_time":1578508364866266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1578508364866266,"pkt":"KDc3AG3IEBMx8Tl2CABFCAHa+qFAADMGWYlSkdz5wKgBuHZf3TlFnUTen3ynDYAYAOuFtQAAAQEICoY2vn8i2JVLAaQEbR9vA4hTDZTsaicm3PEQBs1j86Mycfx789yK5+er465ZfyX2n+nTL58MP0xXLKumuX4y77o14\/toVQMmgRjref+Li68nmPtzUmRtU6SEiahbKo37gS4o3M3QF24kGfey3mNBMKT5ToCRQ39nsVmniGV9g4P5ptNKDWJzjosVv\/EszkgGjDts7d78DQ7fT2aF320kValLQcix2tmbKmAHJjMXNvalPWdBFatY1S3SuGiGT248si4LQvX2LhXcMwMNmjXWSm+ZhyVJ6x8N4c0v5VGlJ7q7w0O\/iX79IUfl+TWI9iG4W1vhAosinoYpiMwZUIL688QZo6IvsuhRlPxz0382tUcXd4nr9U3qtZtBw1pnwLKQfkYdchFHLfW+8mV04ZtHZwqSa5CSmB5Qb8duMliiUFy\/ljj65J7vDVtz5fgIwfuLnqtVvR40aKApzo0dLBcVMhz+ay0+xMwy7aRazAp8CHMTMyNk1SJCyHuFy0f5ZZoRQToG5brr9QqeDUfXm1EDXAoRlASzdmea2bev430tJ6icFbvR+n7dpGFOdQOcJeM="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523145,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364877648,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364877742,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364877742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"} @@ -202,7 +202,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508364932939,"flow_dst_last_pkt_time":1578508364932939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364932939,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364932939,"flow_dst_last_pkt_time":1578508364932939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364932939,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"} 01333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1578508364933835,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJvAABAAEAGgj7AqAG4n8tUH906dl\/csM+sa1tl\/oAYECyPNwAAAQEICiLYlc5PeKo9AjkEpygvnKchHo\/9hxvr5Qw+iboZdo3f3SG7EZvjwd7w\/2cK9Gmp6AB3QTgV0ZKNW3oRtB3OCMj3x8Ruf4hglrPOR8z4gDspichx80Fp3Ii29HmJSooT1ooAwg7QLR5ppOcGiZ0Jee4UwPmXpUCT\/zV+YSxP5MVCiOEH7pByreL9e7s\/NcDeXys4Mo2BRac\/Ej9PResGlgyJh+9FLsXYSx4qZZuwqVCSJSb2XvfEsdTUfWxG\/mlGpGgpf5whPWlAfSz7Oe20c\/f0EdzfgDI9NJpGEjPOBSos\/GuZ0hM9rufVviW2svr975inq+J81tRJ\/ITe1XewQv7g8Xh3dCaSK53YZfjTdmQ2lPtSUaUAWxaD6y7+1W9M79N28CR4hwLEamR83zpLpjhCprS98oS2yZdyQPypaWCSL5+Dc9PGnt860mDm3PmEP69QRVGEgjznQxs7cNWxBeOK2RmYlLOQN6jQA2jxoF\/oOCb3wnN1p\/QyoRd9SyLYwvhPzKpqx\/ZWP+rDLa4sxoTk+7shWb5NDLqplnmJeSxdK+pu7BT4hkAgCMiXUcfj11g2f1fEAf\/z0KfvHYTs3\/pLisnKePFZSFhM458MqwFxoShf1p5bn+un+y25Fcp4W5\/WlRb3XNf8hqwLrfEM7l5rzvGHXMjE7r9jYvWo\/\/uhbuPEvG4FWDxInlL42CndUL+cc9p0TJmh5wXFTY7uBRbaL2JUuah2gQ9\/kEYy1FwIdqoxyM5d3V9+KLYteT7hmCs\/\/g=="} -00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364933835,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364933835,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 02130{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364936429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508364936429,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":23032.1,"max":164457,"stddev":52707.1,"var":2778034688.0,"ent":2.4,"data": [134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28]},"pktlen": {"min":46,"avg":89.0,"max":522,"stddev":105.0,"var":11031.5,"ent":4.5,"data": [64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.266787052,4.985801220,7.462465286,5.103911400,7.567200184,4.947339535,5.975413799,5.232362270,4.985801220,4.985801220,5.268505096,5.587528229,5.642391205,4.985801220,4.985801220,4.947339535,5.118428230,4.985801220,5.926107883,5.116480827,6.775084019,5.192151546,5.511558533,5.887475491,5.078744888,5.094675064,5.481426716,5.452735901,5.000318050,5.118428230,3.682026386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364954898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364954930,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="} @@ -242,12 +242,12 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365065360,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365065360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365065549,"flow_dst_last_pkt_time":1578508364563748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365065549,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} 01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_usec":1578508365066752,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGuazAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAYECxOmwAAAQEICiLYlkcLgra+AZ0EfDFSBUJ6d0+2D0oST02\/uFUlU5RNbQ3HbgqvvNxJKs0OzpHFikNJND1E67AmEorBEgaJseJj+vhGZlyE+Dle+PraWO9mbRrzmtxOgCJZV4CSArT5OQKw2v896ro2qDbOnZCIAxVnAVC9t9odXFYn7H\/gYvVHuaUln5s5mZ4HQ1T8d9T9DiC9L0hrnW5hBxNsN9G8mAOE9jI8ne8sU1Ju3PpSmoLGYt\/2tMKQdKr3b6JvR46ryyF\/ggTQgDOWO+\/\/u7PHJ2w89w4U4HzsOVMmyycVcHql5kvxMaP2MLZBCuWAGfiQvP4NDhOCYJsjW3VrG5K2Se593uQZXIKHtw8sp3F8iPUqyZjRQzR+LL2nJieUq1Y8MfHd1XPGtuFN0votDo3t4Nr7vKG+x0dyopQ8vTOADKbE6V90Y1PkWCGFKzm\/uPJTFa3gZOK8RWQ3Hw7nJYtcfP6Oj2jq2M\/rl54gn8L6crAUrrqlXOvZvOmxqzmJqV2JMCHrRSAFnh\/3FkjCShQBU8f8\/+NikG8L2AStayI0zrPhTf67SIngfA=="} -00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365066752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365066752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365040566,"flow_dst_last_pkt_time":1578508365068441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365068441,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nAdAADQG33mQW3iHwKgBuHZf3UEpl2endDhk\/oAQAOuyXAAAAQEICtuFpY4i2JYv"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365029590,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365074018,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365074135,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365074135,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"} 01182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":535,"pkt_l4_len":501,"thread_ts_usec":1578508365075281,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIJAABAAEAGppnAqAG4sj4dt91Ddl+W2yuEDuN8z4AYECyHqwAAAQEICiLYlk7DycEqAdME6NVpajcosq6RM49EGro7mYWbbbLNPN0MLR8kLHZfx0gRuQ1caCQe4U0yUSQ4FqRJFTruoIMfMjaKuB5qGb42uaZfwZcyKyxvWHFQhDs3V1cVuKsNQi9FwM92VgquU08\/I7P7tp\/yUr\/C7VdnIVV6LXyRXLY8SD6SKG8OONIDAfnYGALwXTqYNdb7hmCLjNzLez2AQTXSY0BU6PRI6I+6Xrh5qM1Dxp+uimk1eyS3NPJv+CNAfyRBfI2fRVz0Rx8+c5jquClOTtxiybAEqmdUQtmzluB0+8XEtBbdaCEUu8\/nPQGFeFM8TaJX0fehgXJmCID7QO\/ZOjjty5w+lJljUWbiQnS82Tv7ClrXA5YBJUCb7hPWdEY7D5Cr5tFcy3pQmxdYpUDw3iHqF6ZtLpJBxTh1nAmgVEIzc6Ngf22J6TZ9R35GKyScLBTruRS2zqaCP8fx5W6gqUU8sykz7bsuYPbkz+JXFT0+wtH6sOTjWji6hB8VrfktEi+dELlD8HfujNk3V1tLfHGnF6YOPbmxMRvTb1sUSfnNi2Xggbyo9qfg0\/SGNRxxb1dRKsUqwf\/i+FRRNuU4kTnBm3ou2n2sQQSnceBQMx3V07zKNuITBC74Ug=="} -00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365075281,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365075281,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364825302,"flow_dst_last_pkt_time":1578508365076934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365076934,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WHZAACYGuyASimxDwKgBuHZf3S4uwDPuE20Ov4AQAfk32AAAAQEICqa6xFgi2JVq"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365079165,"flow_dst_last_pkt_time":1578508365079165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365079165,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365079165,"flow_dst_last_pkt_time":1578508365079165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365079165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"} @@ -270,12 +270,12 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365094017,"flow_dst_last_pkt_time":1578508365141811,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365141811,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jFFAADEGu\/i524U+wKgBuHZf3UWdKkNtjzbIw4AQAOHgGQAAAQEICn+Zzz8i2JZf"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364991987,"flow_dst_last_pkt_time":1578508365143179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365143179,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0qEJAADMGHJ2i5B2gwKgBuHZf3TsLfbp\/uLex+4AQAOvR8gAAAQEICtHXEfsi2JYE"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508365149272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365149272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA08iVAADAGhgalFmshwKgBuHZf3SJnRYz5cyqj8oAQAOwACAAAAQEICjWBVmsi2JWO"} -02134{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365151822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508365151822,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":17655.5,"max":109385,"stddev":39696.4,"var":1575808128.0,"ent":2.4,"data": [107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13]},"pktlen": {"min":46,"avg":95.6,"max":623,"stddev":130.9,"var":17130.1,"ent":4.3,"data": [64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1],"entropies": [4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02141{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365151822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508365151822,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":17655.5,"max":109385,"stddev":39696.4,"var":1575808128.0,"ent":2.4,"data": [107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13]},"pktlen": {"min":46,"avg":95.6,"max":623,"stddev":130.9,"var":17130.1,"ent":4.3,"data": [64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1],"entropies": [4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365153718,"flow_dst_last_pkt_time":1578508365153718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365153718,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365153718,"flow_dst_last_pkt_time":1578508365153718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365153718,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365154075,"flow_dst_last_pkt_time":1578508365154075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365154075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365154075,"flow_dst_last_pkt_time":1578508365154075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365154075,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} -02129{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365168387,"flow_dst_last_pkt_time":1578508365168448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508365168448,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8956.6,"max":48881,"stddev":17793.5,"var":316609056.0,"ent":2.7,"data": [44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10]},"pktlen": {"min":52,"avg":92.9,"max":521,"stddev":97.8,"var":9570.5,"ent":4.5,"data": [64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1],"entropies": [4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365168387,"flow_dst_last_pkt_time":1578508365168448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508365168448,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8956.6,"max":48881,"stddev":17793.5,"var":316609056.0,"ent":2.7,"data": [44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10]},"pktlen": {"min":52,"avg":92.9,"max":521,"stddev":97.8,"var":9570.5,"ent":4.5,"data": [64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1],"entropies": [4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365169225,"flow_dst_last_pkt_time":1578508365169225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365169225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365169225,"flow_dst_last_pkt_time":1578508365169225,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365169225,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365186550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365186550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09h9AACMG5MkS26efwKgBuHZf3T9fy8\/Mfuf3KIAQANuwWwAAAQEIChLJg3wi2JZG"} @@ -345,8 +345,8 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365239758,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365419060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365419127,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365419127,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"} 01341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"thread_ts_usec":1578508365420924,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ7AABAAEAGP9\/AqAG4neaYV91Sdl9OT1qzFZLkIoAYECzcTgAAAQEICiLYl32827CpAkUEkClDEehLobmQbbq0Gz88T6EtnrPK5m21ZMthOtQadc9Bu2BpGWCvf9sJsO1HNQSMiG\/gRXiUvC1qsMYknKuo5riP0O5pCPUXOV9\/dCGVmpEoJbX9Cu4SU8oOVVcq0BW5mBcSCXRzqVkJ6OuFKGVTETzXDICOVY5\/x4IlVl067mKLB\/y5BdW+kH6ZLpWMCALAcMn2\/N\/iuz7T4n58+LdBAiZGJcKZIWLhE0kGcJEWBFrygfok1RQVFkWtbGZu7Yv7S3BhIHHDNoh2JCQyRKUOY3W1VSS+94ol1wQvZHK2D\/7cg3DZHBIELc1hEYWnGs7+v+aH3JWQbtMvGudM\/\/TxcEs5sbHPj2iuPwUs+GWr\/ABYrJbqnLktLNlolZ93lHC2AiZh7UnQSEZTQ2C0klPi0thw4o3CnU9xvXxsrflgbGFAzwNXG03KE25YHxzaVDpGfCzy9Gr6gwSGkF3c3kmPryW7WuvlPz9g4Qw01EnLeHPggGUoZYmc0gvvD3Dsvfo9uusSrfCPX9JGhzriLcXtplCdwocezH9CR3bPV\/XtsjxN+Nr7eBjpfw3OsMQ4OAwbZ2HbAGUJo15wGuvtlDl6V61+4R5Cg4votIpuRyRgpVUBGlee0R7tb2JnAr4Yd2w1u5wUF+hroymJMt828hU4NcUZIN8xqd5NItltnYBHoXPBTsYssjGvvdmkIN35e9KfJyCJj5cohl4gdMFpEjXdRXq5jWfjrb4KRRnkt1m8IiceoNy6GFXL7gqcU9Jy\/F0tjlZ37g=="} -00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365420924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365439333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508365439333,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":49916.1,"max":339297,"stddev":113624.6,"var":12910541824.0,"ent":2.4,"data": [339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33]},"pktlen": {"min":46,"avg":92.1,"max":626,"stddev":119.2,"var":14212.1,"ent":4.4,"data": [64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365420924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02143{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365439333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508365439333,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":49916.1,"max":339297,"stddev":113624.6,"var":12910541824.0,"ent":2.4,"data": [339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33]},"pktlen": {"min":46,"avg":92.1,"max":626,"stddev":119.2,"var":14212.1,"ent":4.4,"data": [64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365279592,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365458807,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365458850,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365458850,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"} 01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"thread_ts_usec":1578508365460380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGwj7AqAG4NAmARN1Vdl\/t7etc0eyX2IAYECw2bAAAAQEICiLYl6CDIEEYAdYE5LsQSZlDUqqTHDd28VIop408G8yHQ+g12SBtC4bobvsWyQ4YWXiRfGVfScHSSUnTjTpf\/+23Sz0kCTGUpeeZFIqw3JnBHdptJpv6R2QSdjwWF97DyrJFySS8bo0Z5f6iv8act5Gj4QOtF9wl7L4XXQ\/F1DNsc\/lWP2vigp16BUuZMGglwG663lAad9u0dkQ9FK2\/7\/8AOVyotPmi+JeFwCWQ8jE2NRIY\/iLlnhd84GwGpOWfGlXg2sRox3c92a0drS3o5YJyHfODCJKd193nihFVDq18n74tRhyKX6zzotiy\/kwSO6m\/\/Y8jtY8L+ZeEz+ApaHZAgbWiteJxWtEen3Z6RV1DI8tKhdynvtOMMOzz49Rx25gKK9DSlgEi54tvDDIa4VG2z8P5l1nvHLjyaLGh0LL6goab8xtTadEJUjCnY3t\/fZrnnudTuWibKhNHBZrOh1FASkf\/u4aIsAaa\/fTHS++2nsizi3dopiJ8G9PkpE7aMhPDUyHILPc8tYAJAyXN39XQYwYzL+ry\/\/lAbapCn30R24vKqkiwseOuDMtEC9yiUtZN\/ju0Qt6\/PDHFGgfGtibb9zS0CSW6nDPiDOBnf9bT0whSnVZlZ+MLutLVJqm5jA=="} @@ -421,7 +421,7 @@ 01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365778282,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"thread_ts_usec":1578508365778282,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAGLI\/AqAG4I+sl2N1jdl9d8bOcqknE0YAYECw8GwAAAQEICiLYmMk1IQWkAhAE9LX9UDkdTQbLSSKVf\/o+Rbx+cVd78lZfof4WIy1rhMxz3RbpZOK+P94lXMknoMtxJdJQ4A7\/BT3XtB0RN9sUSmjLER26V8aOZ0XKqPmaES\/WPIEFoA6jFEgWSAEtlrcyP2PAwHXqAL3AbQbWGq7PeHB6kv65feTwOi0ydjhJegpyNynyq5tDvSCMsfS2rYkVvUQJGHAU1XK9mqnysHXV8shlebGWRPpI98y1Vxgu0az+7R+egzxR+1BHJN63c+WI9rT8DdcDeJ8KCs1sdnHfcQSyErvf77ZnV\/JsK35u87tFZIhBtc0ha+H7KMsboUnC9ei0iN\/8IUhS5l6devCaEtiowIFyVnWsdGX93DG2McymFU2OUXkEXXRwh3MXWAL1FOfL\/pAsIA1JMiQr\/1EwZ08w6Lj\/yH5r5mTzwJpNcgmyuo44bG5DTYaRB4B9LALur1c8OhYSmtc1hVX8t3t\/iblrMzQiGxF+F\/NAYKQqo\/hrfLdv2S4at4Q1Bcj+GaRaNOwVK2GzfBQ3qBzh0uXtO7lSIzfWd4Ic6VPqTqFQj0\/zWxTGfIn0j3loyEBQRx4YDTqeVkXtu7Is\/9MIlC0FYIpCog73jaUasZzRlH0g\/phdSxjBoehWKT1sYQjp8X9ya0ttTiK9+LoRf4iQjvixkpPAseX9BpmombBDue+eKW\/A5eOEFZroFm1HsfbstLY="} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365751805,"flow_src_last_pkt_time":1578508365778282,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":530,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365778282,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365781990,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365781990,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -02144{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365782730,"flow_dst_last_pkt_time":1578508365782698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":648,"midstream":0,"thread_ts_usec":1578508365782730,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":35029.4,"max":184362,"stddev":71024.3,"var":5044451840.0,"ent":2.6,"data": [179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632]},"pktlen": {"min":52,"avg":100.1,"max":635,"stddev":121.0,"var":14650.9,"ent":4.4,"data": [64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0],"entropies": [4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365782730,"flow_dst_last_pkt_time":1578508365782698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":648,"midstream":0,"thread_ts_usec":1578508365782730,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":35029.4,"max":184362,"stddev":71024.3,"var":5044451840.0,"ent":2.6,"data": [179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632]},"pktlen": {"min":52,"avg":100.1,"max":635,"stddev":121.0,"var":14650.9,"ent":4.4,"data": [64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0],"entropies": [4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365744302,"flow_dst_last_pkt_time":1578508365785326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365785326,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bUpAADIGjaSLov\/SwKgBuHZf3WDeocLjwf0ACIAQAfsspAAAAQEICuObo90i2Jir"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365790531,"flow_dst_last_pkt_time":1578508365409833,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_usec":1578508365790531,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvhghAAC4RWa+3gfKkwKgBuAQAdl8Am4d5FgHfIftbEdGemWX9uJ16FA6k+WVbnPu2Id92nOmvNTMzJsYZhuKpgOg2BWLs9gpXt9MYEHTb4XRrvJpY9bxU7gk6CGcHLVmx9130TYh4XRLkOZ66VYrf8Hdp9jo5nr33AALwyYS3gfKkggQAgKA6kYFaNN4mivY4dMV0iQl8dqc3C6xPtn5fpmExxxSkRoReFiBh"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365754605,"flow_dst_last_pkt_time":1578508365793904,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365793904,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0MZBAAC4GdwlOL5ObwKgBuHZf3WHPYyPCMSmd0IAQAOzQ\/AAAAQEICk8n4BUi2Jiz"} @@ -491,7 +491,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1578508366073881,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366117663,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366117769,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366117769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"thread_ts_usec":1578508366119559,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHLAABAAEAGPOzAqAG4zr1rI91udl8AOSk\/hQVLAYAYECxdpAAAAQEICiLYmftn2sBGAZUEFk3FYfNys9s55XyY23YdDU3mEgfTwzJe27SlFM87eEMrJbt8cMgfjrjKWMiVLh8DFSnipO+kUBBPaWEbU3Ynmx9QZ3LCiokcuUn7Dv\/+DsRlOpOb9d7+9uxwgEIscONdRtih2SP3JkYCA5iz3x9iSDdCsdlbaZrLb4ApkwQdkHEdITIkUszUt2IX2uTJSV+yWP5LgWIqw0LC3HCjWNkdNsXaTWnyoaf2cxQE1sr8DLAEkla6sbskUUPcZxZdZjiulq\/TmUBdEsi20dCtnTcf\/jmlhSZy3voPmKqnhBPKSsaSYV7gSfuhHvsx91uppt0PNe3c4y1gZjJmVqYegwNwd0Rhv3znUxx3KvFnJvEHZ7qFrzJd+ENToWIdx6FI8UpuevN49imKrwGh6WMiZD5f+DuvvAz7122yS8O20jeD8xnmRJeaN9NLvP5y82I4mw+mgnTQZFXTXU9XVqqqQlOkUsTMTiF0dbm32C97Qj202x3I4SGZE8nwdInxnX8nY65E\/K8JK0edlNviRiUkfu9o\/gCJI\/Y="} -00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366119559,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366119559,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508366123630,"flow_dst_last_pkt_time":1578508366123331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":347,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":859,"midstream":0,"thread_ts_usec":1578508366123630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":26506.8,"max":285939,"stddev":65286.3,"var":4262303488.0,"ent":2.6,"data": [40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216]},"pktlen": {"min":52,"avg":109.6,"max":619,"stddev":120.4,"var":14503.6,"ent":4.5,"data": [64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84]},"bins": {"c_to_s": [16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0],"entropies": [4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":23,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365853609,"flow_dst_last_pkt_time":1578508366038811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365239481,"flow_dst_last_pkt_time":1578508365272465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -500,7 +500,7 @@ 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":22,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365354316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508363333871,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364867557,"flow_dst_last_pkt_time":1578508364919424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":682,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365440433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365440433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1055,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364664127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":29,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365706352,"flow_dst_last_pkt_time":1578508365838573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":837,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -519,15 +519,15 @@ 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508365197191,"flow_dst_last_pkt_time":1578508365511326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":451,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508366055031,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":447,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":447,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364697110,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364773700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365152992,"flow_dst_last_pkt_time":1578508365192700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":333,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":605,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":23,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365169345,"flow_dst_last_pkt_time":1578508365211570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365152992,"flow_dst_last_pkt_time":1578508365192700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":333,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":605,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":23,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365169345,"flow_dst_last_pkt_time":1578508365211570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364932664,"flow_dst_last_pkt_time":1578508365043688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":423,"flow_src_tot_l4_payload_len":671,"flow_dst_tot_l4_payload_len":487,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1578508364422230,"flow_src_last_pkt_time":1578508365065549,"flow_dst_last_pkt_time":1578508364563748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":21,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365962493,"flow_dst_last_pkt_time":1578508366031637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":504,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":904,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508365781990,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508365781990,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365225822,"flow_dst_last_pkt_time":1578508365257303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365152350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365152350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365751522,"flow_dst_last_pkt_time":1578508366012064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364937177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -548,7 +548,7 @@ 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":9,"flow_first_seen":1578508365295537,"flow_src_last_pkt_time":1578508365885091,"flow_dst_last_pkt_time":1578508365884827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":433,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":27,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365959875,"flow_dst_last_pkt_time":1578508365961099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":935,"flow_dst_tot_l4_payload_len":823,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":27,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365959875,"flow_dst_last_pkt_time":1578508365961099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":935,"flow_dst_tot_l4_payload_len":823,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508365008936,"flow_dst_last_pkt_time":1578508365220768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":690,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01085{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922060,"flow_src_last_pkt_time":1578508366029471,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922060,"flow_src_last_pkt_time":1578508366029471,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -559,7 +559,7 @@ 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":20,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365742368,"flow_dst_last_pkt_time":1578508365773616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":364,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":876,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365951357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508366069091,"flow_dst_last_pkt_time":1578508366068384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":494,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":782,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364925728,"flow_dst_last_pkt_time":1578508365036380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":543,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364925728,"flow_dst_last_pkt_time":1578508365036380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":543,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365818517,"flow_dst_last_pkt_time":1578508365942196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":1760,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364694327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -567,10 +567,10 @@ 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364723459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364651426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":2964,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":37,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364665328,"flow_dst_last_pkt_time":1578508364687375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":37,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364665328,"flow_dst_last_pkt_time":1578508364687375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":573,"global_ts_usec":1578508366135917} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":573,"global_ts_usec":1578508366135917} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -579,9 +579,9 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7140697 bytes -~~ total memory freed........: 7140697 bytes -~~ total allocations/frees...: 116996/116996 +~~ total memory allocated....: 7718293 bytes +~~ total memory freed........: 7718293 bytes +~~ total allocations/frees...: 128727/128727 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2157 chars diff --git a/test/results/default/ethernetIP.pcap.out b/test/results/default/ethernetIP.pcap.out index 8b5d39434..c06f90e9f 100644 --- a/test/results/default/ethernetIP.pcap.out +++ b/test/results/default/ethernetIP.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1352718180263865,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -32,7 +32,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718181047922,"flow_dst_last_pkt_time":1352718181046461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":352,"flow_dst_max_l4_payload_len":474,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":1864,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718181046315,"flow_dst_last_pkt_time":1352718181050397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1492,"flow_dst_tot_l4_payload_len":1106,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718181046133,"flow_dst_last_pkt_time":1352718181017708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1538,"flow_dst_tot_l4_payload_len":860,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917653 bytes -~~ total memory freed........: 6917653 bytes -~~ total allocations/frees...: 114270/114270 +~~ total memory allocated....: 7495249 bytes +~~ total memory freed........: 7495249 bytes +~~ total allocations/frees...: 126001/126001 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2151 chars diff --git a/test/results/default/ethersbus.pcap.out b/test/results/default/ethersbus.pcap.out index 920128d88..7738c70f9 100644 --- a/test/results/default/ethersbus.pcap.out +++ b/test/results/default/ethersbus.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1119024300361278} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1119024300361278} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1119024300361278,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1119024300361278,"pkt":"AFDCDF0nAAR14vSPCABFAAAp4p0AAIAR\/QasEAF4rBABhwmjE7oAFU3cAAAADQEAAAEACiBTGA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1119024300361278,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Ether-S-Bus","proto_id":"368","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -8,7 +8,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1119024300369033,"flow_dst_last_pkt_time":1119024300376367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1119024300376367,"pkt":"AAR14vSPAFDCDF0nCABFAAArKxoAAB4RFomsEAGHrBABeBO6CaMAF6QUAAAADwAAAAIBTW9kZWwNAAAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1119024300377012,"flow_dst_last_pkt_time":1119024300376367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1119024300377012,"pkt":"AFDCDF0nAAR14vSPCABFAAA14qEAAIAR\/PasEAF4rBABhwmjE7oAIW2KAAAAGQEAAAMAClEKAMQ8I8YAAMRETnV6Cg=="} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300457007,"flow_dst_last_pkt_time":1119024300466212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":230,"midstream":0,"thread_ts_usec":1119024300466212,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ether-S-Bus","proto_id":"368","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1119024300466212} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1119024300466212} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908193 bytes -~~ total memory freed........: 6908193 bytes -~~ total allocations/frees...: 114157/114157 +~~ total memory allocated....: 7485789 bytes +~~ total memory freed........: 7485789 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 986 chars diff --git a/test/results/default/ethersio.pcap.out b/test/results/default/ethersio.pcap.out index 56e592054..8079caa53 100644 --- a/test/results/default/ethersio.pcap.out +++ b/test/results/default/ethersio.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1279888308544606} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1279888308544606} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888308544606,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1279888308544606,"pkt":"AFDCjQ2CAFDCvyBeCABFAABNhU8AAEARmPisFwIbrBcCDwQAF6wAOXbIRVNJTwABAAAAMXYWAAAAGAAAAA0BAAAAAFwAAAABABEAAAswAAAAAAAAAAAAAAAA\/w=="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888308544606,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1279888308942138,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1279888308942138,"pkt":"AFDCjQ2CAFDCvyBeCABFAABNhVMAAEARmPSsFwIbrBcCDwQAF6wAOXbERVNJTwABAAAAMXYaAAAAGAAAAA0BAAAAAFwAAAABABEAAAswAAAAAAAAAAAAAAAA\/w=="} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888311540875,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1543,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888311540875,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":96653.8,"max":111455,"stddev":18558.1,"var":344403296.0,"ent":4.9,"data": [96162,97433,107881,96056,97599,109902,95490,95566,98398,3,111001,95507,96493,95973,109998,96979,96994,97899,109080,95700,95853,95658,111455,95276,100124,106350,95476,95590,108907,95554,95912]},"pktlen": {"min":52,"avg":76.2,"max":77,"stddev":4.3,"var":18.9,"ent":5.0,"data": [77,77,77,77,77,77,77,77,77,52,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77]},"bins": {"c_to_s": [1,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.361773968,3.345603704,3.361774206,3.387748003,3.361773968,3.361774206,3.387748003,3.387748003,3.387748003,3.744090796,3.387748003,3.387748003,3.387748003,3.361773968,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.361774206,3.361774206,3.345603704,3.387748003,3.387748003]},"ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888311939437,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1714,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888311939437,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1714,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1279888311939437} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1714,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1279888311939437} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908657 bytes -~~ total memory freed........: 6908657 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7486253 bytes +~~ total memory freed........: 7486253 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2176 chars diff --git a/test/results/default/exe_download.pcap.out b/test/results/default/exe_download.pcap.out index ceeabc9ee..2a1cc7cf0 100644 --- a/test/results/default/exe_download.pcap.out +++ b/test/results/default/exe_download.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434051004796} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434051004796} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434051004796,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434051004796,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051324116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434051324116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} @@ -9,7 +9,7 @@ 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051325236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569434051325236,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"} 01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051623372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434051623372,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195","domainame":"144.91.69.195","http": {"url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}} 01600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051760034,"flow_dst_last_pkt_time":1569434051659215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":13620,"midstream":0,"thread_ts_usec":1569434051760034,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13773,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1569434051760034} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13773,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1569434051760034} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908466 bytes -~~ total memory freed........: 6908466 bytes -~~ total allocations/frees...: 114168/114168 +~~ total memory allocated....: 7486076 bytes +~~ total memory freed........: 7486076 bytes +~~ total allocations/frees...: 125900/125900 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1742 chars diff --git a/test/results/default/exe_download_as_png.pcap.out b/test/results/default/exe_download_as_png.pcap.out index acecbbab0..049b75499 100644 --- a/test/results/default/exe_download_as_png.pcap.out +++ b/test/results/default/exe_download_as_png.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434903040298} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569434903040298} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434903040298,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434903040298,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903440451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434903440451,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} @@ -10,7 +10,7 @@ 01478{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903441012,"flow_dst_last_pkt_time":1569434904053845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434904053845,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185","domainame":"185.98.87.185","http": {"url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}} 02576{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904481632,"flow_dst_last_pkt_time":1569434904508320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":25916,"midstream":0,"thread_ts_usec":1569434904508320,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":93850.2,"max":613012,"stddev":192589.9,"var":37090865152.0,"ent":2.7,"data": [400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344]},"pktlen": {"min":40,"avg":855.0,"max":1500,"stddev":664.6,"var":441668.3,"ent":4.4,"data": [52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404]},"bins": {"c_to_s": [10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.593450069,4.921897411,4.734183788,5.453228951,4.630641460,3.420540333,0.300011843,4.784183979,0.284853339,4.608477116,4.784183979,4.479417324,3.353007078,4.684184074,3.253508806,3.476947546,4.734183788,4.057516575,5.282192707,4.734183788,5.523138046,4.632616997,4.955163479,4.715311527,4.361701965,2.729017735,4.734184265,6.268059254,4.366500378,4.734183788,4.014078617,2.777677774]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185"}} 01367{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904944506,"flow_dst_last_pkt_time":1569434904944721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":88660,"midstream":0,"thread_ts_usec":1569434904944721,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88809,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569434904944721} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88809,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569434904944721} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910681 bytes -~~ total memory freed........: 6910681 bytes -~~ total allocations/frees...: 114245/114245 +~~ total memory allocated....: 7488291 bytes +~~ total memory freed........: 7488291 bytes +~~ total allocations/frees...: 125977/125977 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2581 chars diff --git a/test/results/default/facebook.pcap.out b/test/results/default/facebook.pcap.out index e3a8faeea..b49883bc1 100644 --- a/test/results/default/facebook.pcap.out +++ b/test/results/default/facebook.pcap.out @@ -1,26 +1,26 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1472393122365661} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1472393122365661} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122365661,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122365661,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122668038,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1472393122668050,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393122668050,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1472393122668183,"pkt":"mAyC0zx8MFLLbJwbCABFAAD44NFAAEAGjlPAqCsSQtycRMtiAbv14btz7B3zc4AYAOXLxQAAAQEICgBLXBi7uwhkFgMBAL8BAAC7AwNbh8URkho8fraMBpv52BLid6sw70NU5sSdt5TqEulpNAAAGsArwC\/MqcyowArACcATwBQAMwA5AC8ANQAKAQAAeAAAABEADwAADGZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAAAzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAg=="} -01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122668183,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122668183,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122981932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393122981932,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0+htAAE0GaM1C3JxEwKgrEgG7y2LsHfNz9eG8N4AQADsrTQAAAQEICru7CXIAS1wY"} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122981938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1472393122981938,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01756{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122981949,"flow_dst_last_pkt_time":1472393122982477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":3173,"midstream":0,"thread_ts_usec":1472393122982477,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9","blocks":0}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122981938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1472393122981938,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01715{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122981949,"flow_dst_last_pkt_time":1472393122982477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":3173,"midstream":0,"thread_ts_usec":1472393122982477,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","domainame":"facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123550766,"flow_dst_last_pkt_time":1472393123550766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393123550766,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1472393123550766,"flow_dst_last_pkt_time":1472393123550766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393123550766,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1472393123550766,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393123682883,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1472393123682902,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393123682902,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1472393123683095,"pkt":"mAyC0zx8MFLLbJwbCABFAAI5dR9AAEAGYrTAqCsSHw1WJK5GAbsvASg+cOnYd4AYAOVjFwAAAQEICgBLXUglRdDWFgMBAgABAAH8AwM+9tNpxmZK\/eWu6BicR\/VdzCeqETHBQQTjNp6ce6Re6CDpbumLT\/pcQV4Yd+w5nmyQiqDe8maQl\/9twNFsjvN1qAAawCvAL8ypzKjACsAJwBPAFAAzADkALwA1AAoBAAGZAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAMAVCJH+V6O+8X2imm8A5SDgHXzaZOkxASoAP7PEoNjKKl9CQSOx\/teLVlne5tIoYDG+cMhqc3xPewtsO6jtNu2A8OCQyx9HEmHS7QX20VvDQq\/STGmFYAcDBbKS4nC6fio3njGW7FzDfetud3qZZ7+M0xYt8VAkhG35Ct6tGM4sR0dgJpKxO\/\/uHgQ595Wbqzav3mtgVLdqqXZj+Rm0AO2brTOq4RRSAn0Yz2Qs7sU+3hKk3fw1CrFvT3svUypcWbkzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAgAVAFkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393123683095,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","ja4":"t12d1311h2_27a29bd8d6e6_c4623e4f4474","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393123683095,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_27a29bd8d6e6_c4623e4f4474","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123837584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393123837584,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0CRtAAFMGvb0fDVYkwKgrEgG7rkZw6dh3LwEqQ4AQADtuqgAAAQEICiVF0WwAS11I"} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123838069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1472393123838069,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","ja4":"t12d1311h2_27a29bd8d6e6_c4623e4f4474","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123838069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1472393123838069,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.2","ja3s":"96681175a9547081bf3d417f1a572091","ja4":"t12d1311h2_27a29bd8d6e6_c4623e4f4474","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124118414,"flow_dst_last_pkt_time":1472393124118402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":15090,"midstream":0,"thread_ts_usec":1472393124118414,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":36622.1,"max":154982,"stddev":57898.8,"var":3352273664.0,"ent":3.3,"data": [132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444]},"pktlen": {"min":52,"avg":555.1,"max":1440,"stddev":613.3,"var":376153.1,"ent":4.1,"data": [60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52]},"bins": {"c_to_s": [10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393123408152,"flow_dst_last_pkt_time":1472393123665163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":743,"flow_dst_tot_l4_payload_len":3732,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124218612,"flow_dst_last_pkt_time":1472393124229315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":20642,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1472393124229315} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1472393124229315} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -29,10 +29,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7015568 bytes -~~ total memory freed........: 7015568 bytes -~~ total allocations/frees...: 114245/114245 +~~ total memory allocated....: 7593164 bytes +~~ total memory freed........: 7593164 bytes +~~ total allocations/frees...: 125976/125976 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2196 chars -~~ json message avg len.......: 1357 chars +~~ json message avg len.......: 1356 chars diff --git a/test/results/default/false_positives.pcapng.out b/test/results/default/false_positives.pcapng.out index c18d154b2..626cc9548 100644 --- a/test/results/default/false_positives.pcapng.out +++ b/test/results/default/false_positives.pcapng.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211795792449} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795792449,"packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795792449} 00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAGTH7QAAQBF0ZgqGGUwKhA+wCGgIaABQydQw\/wBAA9RPVEUAAEAAAEAAPgafJwqM5xqfQQyp7xIBu70k08cAAAAAsAL\/\/zWOAAACBAW0AQMDBQEBCApIjJmXAAAAAAQCAAA="} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795871687,"packet_id":2,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795871687} @@ -8,7 +8,7 @@ 00882{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":435,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":435,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAZ3JqAAAQBFxcgqGGUwKhA+wCGgIaAGJx2Iw\/wF5A9RPVEUAAXkAAEAAPgad7gqM5xqfQQyp7xIBu70k08h64qnngBgQIDa1AAABAQgKSIyaGnITADZHRVQgL3dzIEhUVFAvMS4xDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogd2x1ZG8uc3VwZXJraW5nbGFicy5jb206NDQzDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiAyZUJpallVakdXQkhENFdZRDA1ekhnPT0NCk9yaWdpbjogaHR0cDovL3dsdWRvLnN1cGVya2luZ2xhYnMuY29tOjQ0Mw0KU2VjLVdlYlNvY2tldC1Qcm90b2NvbDogZGVmYXVsdC1wcm90b2NvbA0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiANClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCg0K"} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211795991725,"packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211795991725} 00702{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAARTtiwAAOxFTSAqED7AKhhlMCGgIaAEAAAAw\/wDwHEN000UAAPCpt0AAMAYCwJ9BDKkKjOcaAbvvEnriqee9JNUNgBgA68D6AAABAQgKchMAVEiMmhpIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KU2VydmVyOiBuZ2lueC8xLjEyLjINCkRhdGU6IFdlZCwgMTkgT2N0IDIwMjIgMjA6MzY6MzUgR01UDQpDb25uZWN0aW9uOiB1cGdyYWRlDQpVcGdyYWRlOiB3ZWJzb2NrZXQNClNlYy1XZWJTb2NrZXQtQWNjZXB0OiBwVURxeGNYdy9zd2dQU2Y4aFdtM2JBMXZKUU09DQoNCg=="} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1715158193086997} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193086997,"packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193086997} 00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":222,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":222,"pkt_l4_len":0,"thread_ts_usec":1666211795792449,"pkt":"AAAAAAAAAAECAAD6gQAPpoEAABQIAEW4AMgAAUAAfBFgjgrAXFEKiCtFy2ZSOAC0HY2ACA9iQ21r\/DQSeFbV1dVV1dXV1dXV1VVV1dVVVVVVVVVVVVVVVVVV1VXV1dXV1dXV1dXV1dXVVdVVVVXVVVVVVVXV1VVVVVXV1VXV1dVV1dXVVVVV1dVVVVVVVVVVVVXVVdVVVdVVVVVVVdVV1dVV1VXV1dVV1VXV1VXVVVVVVdXV1VVVVVVVVVXV1VVVVdXV1dVV1VVV1dVVVVVVVVXV1dXVVVVVVdXVVdXV"} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715158193106355,"packet_id":6,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715158193106355} @@ -45,10 +45,10 @@ 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1715158216944076,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216944076,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAABQAB+EZfeCn5GQwrsB+Fc6MPwALQAAIAIDN0byMsuNBJ4VtVVVVVV1dVV1dVVVVVVVVVVVVXV1dXV1VVV1dXVVVVVVVXV1dXV1VVVVVXVVdXV1dXVVVXVVdXV1dXV1dVVVdXV1VXVVVVVVVVV1VVVVdXV1dVV1VVV1VVV1dVVVdXV1VXV1dVV1dXVVVVV1VVV1dXV1dVVVVXV1VXV1dVV1dXVVdVVVVVVVVVVVVXV1dXV1VVVVVVVVdXVVdXVVdXVVVU="} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1715158216963978,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216963978,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAACQAB+EZfdCn5GQwrsB+Fc6MPwALQAAIAIDN4byMvONBJ4VlXV1dVVVdXVVdXV1VXV1VVVVdXV1dVVVdXV1VXV1dXV1VVVVVVVVVXVVVVVVdXV1dXV1dXV1dVVVVVV1VVV1dXVVVVV1VVV1VXV1dVV1dVVVdVVVVXVVdVVVdXV1dXV1VVV1VVV1VVVVdXV1dXV1VVVVVXVVdXV1dXVVVXV1VVVVVVV1dXV1dXV1dXVVdVVVVVVVVXV1dXV1dVVVdXVVVU="} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158216983863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAADQAB+EZfcCn5GQwrsB+Fc6MPwALQAAIAIDN8byMxuNBJ4VlXVVVVV1dVV1VXV1dVVVVVVVVXVVVXV1dXV1VXVVVVVVVXVVdVVVdVVVVXV1VVV1VXV1VVV1dXV1dXVVVVVVVXVVVXVVVVV1dVVVVVV1dXV1VVVVVVV1dXVVVXVVVVV1VVV1dXV1dXV1dVV1VVVVVVVVdXVVdXV1dXV1dVV1dXVVdXV1dXVVVVVVdXVVVVV1VVVVVVVVdXV1dXVVVXV1dU="} -00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158216983863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715158216983863,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1715158217003863,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217003863,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAEQAB+EZfbCn5GQwrsB+Fc6MPwALQAAIAIDOAbyM0ONBJ4VlVV1dXVVVXVVVVV1dXV1dXV1dVVVVVVVVVV1dVVVdXV1dXVVdXV1dXVVVVVVdXVVdXV1VVVVVXV1VXV1dVV1dXV1dXVVVVVVVXV1dXV1VXV1dXV1VVVVdXV1VVVVVVVVVXVVdVV1dXVVVXV1dVVVVVV1VVVVdVVVVVV1dVV1dXV1dXV1VVV1dVVVdXVVVVVVdXVVdVV1dXV1dXVVVVVVdU="} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","vlan_id":107,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1715158217023923,"flow_dst_last_pkt_time":1715158216944076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":218,"pkt_l4_len":180,"thread_ts_usec":1715158217023923,"pkt":"AAAAAAAAAAECAAD6gQAAawgARbgAyAAFQAB+EZfaCn5GQwrsB+Fc6MPwALQAAIAIDOEbyM2uNBJ4VtXVVVXV1dXVVdVVVVVV1VVVVVXVVdXV1dXV1dVVVVVVVVXVVVXVVVVVVVXVVdXVVVXV1dXV1VVV1VXV1VVVVVVVVdXV1dXVVVXV1VXV1VVV1dVVVVXVVVXV1dXV1dVVVVVV1dVV1dVV1VVVVdXV1dXV1dXV1VVV1VVV1dVV1VVVVVXVVdXV1dXV1dXVVVVVVVXV1dVVVVXV1dVVVdVV1dU="} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":95,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1715244365850069} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365850069,"packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365850069} 00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvZnwAAOxGNmwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjKyKAdgMAFxyoAEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244365870420,"packet_id":96,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244365870420} @@ -81,7 +81,7 @@ 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvgigAAOxGGsAru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjIlSAdgMOFxywwEAQAAVwx+5Z\/fx\/fVHvy5hwGAA="} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1715244366150574,"packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1715244366150574} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":113,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"thread_ts_usec":1715158217284062,"pkt":"AAAAAAAAAAECAAD6gQAMq4EAAAoIAEW4AFvhHwAAOxGGGwru+jMKdAgKCGgIaABHAAAw\/wA3ovJU5UW4ADcAAAAA8xFyjQqFIGUKbh8ZjjgE+AAjobKAdgMPFxyxYEAQAAXwx+5Z\/fx\/fVHvy5hwGAA="} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":115,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1722795102659035} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722795102659035,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102659035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102659035,"pkt":"CL6sCxduJjb1W8R1CABFLgA6GMRAAEARbpvAqAycOYCsYZMRJv0AJqszaAAPUYSgbEfxN9Y8wUZQdfxtl0Qa5VQhmMi9Nk0X"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1722795102659035,"flow_dst_last_pkt_time":1722795102683745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1722795102683745,"pkt":"Jjb1W8R1CL6sCxduCABFAgA6zLVAAC0RzdU5gKxhwKgMnCb9kxEAJt9aNAAPK4SgbEfxN9Y7wUZQdfxtl0Qa5VQhmMi9Nk0X"} @@ -91,7 +91,7 @@ 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1715158216944076,"flow_src_last_pkt_time":1715158217284062,"flow_dst_last_pkt_time":1715158217274095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1722795103693084,"vlan_id":107,"l3_proto":"ip4","src_ip":"10.126.70.67","dst_ip":"10.236.7.225","src_port":23784,"dst_port":50160,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00997{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722795102659035,"flow_src_last_pkt_time":1722795103670366,"flow_dst_last_pkt_time":1722795103693084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1722795103693084,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"57.128.172.97","src_port":37649,"dst_port":9981,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":120,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":94,"global_ts_usec":1722795103693084} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":120,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5368,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":94,"global_ts_usec":1722795103693084} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/36 ~~ skipped flows.............: 0 @@ -100,10 +100,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911066 bytes -~~ total memory freed........: 6911066 bytes -~~ total allocations/frees...: 114185/114185 +~~ total memory allocated....: 7488662 bytes +~~ total memory freed........: 7488662 bytes +~~ total allocations/frees...: 125916/125916 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 1002 chars -~~ json message avg len.......: 654 chars +~~ json message avg len.......: 655 chars diff --git a/test/results/default/fastcgi.pcap.out b/test/results/default/fastcgi.pcap.out index 7158d17d9..60f87737b 100644 --- a/test/results/default/fastcgi.pcap.out +++ b/test/results/default/fastcgi.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1280403893598699} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1280403893598699} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893598699,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598699,"pkt":"ABzEfBq8AAvNgo+GCABFAAA8aJRAAEAGvhQKAAAJCgAAC5VuIyi+0TJPAAAAAKACFtD1nwAAAgQFtAQCCAoi61rbAAAAAAEDAwY="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598868,"pkt":"AAvNgo+GABzEfBq8CABFAAA8AABAAEAGJqkKAAALCgAACSMolW5v2bTavtEyUKASFqBTYwAAAgQFtAQCCAoN02\/TIuta2wEDAwc="} @@ -9,7 +9,7 @@ 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893599034,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893599034,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403895619664,"flow_dst_last_pkt_time":1280403895619673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":14480,"midstream":0,"thread_ts_usec":1280403895619673,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":130385.1,"max":2020143,"stddev":496240.3,"var":246254469120.0,"ent":1.0,"data": [169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32]},"pktlen": {"min":52,"avg":539.2,"max":1500,"stddev":672.8,"var":452637.9,"ent":3.9,"data": [60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.423614979,4.926749229,4.700937271,4.233195782,6.033331394,4.550921917,4.686420441,4.550921917,4.550921917,4.686420441,4.624014378,4.686420441,4.724881649,7.641661644,4.854783535,7.763941288,4.854784012,7.761142254,4.777860165,7.844599247,4.891996861,7.826266289,4.815073490,7.841456413,4.815073490,7.847429752,4.815073490,7.852382183,4.891996861,7.847055912,4.815073490,7.805794239]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.openstreetmap.org"}} 01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":54,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403897015424,"flow_dst_last_pkt_time":1280403897015595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":64400,"midstream":0,"thread_ts_usec":1280403897015595,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.openstreetmap.org"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1280403897015595} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1280403897015595} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912681 bytes -~~ total memory freed........: 6912681 bytes -~~ total allocations/frees...: 114243/114243 +~~ total memory allocated....: 7490277 bytes +~~ total memory freed........: 7490277 bytes +~~ total allocations/frees...: 125974/125974 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2162 chars diff --git a/test/results/default/fins.pcap.out b/test/results/default/fins.pcap.out index 8e962c810..3bedc49b1 100644 --- a/test/results/default/fins.pcap.out +++ b/test/results/default/fins.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1233089082809333} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1233089082809333} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809333,"pkt":"ANADs6f8ABNyl6LUCABFAAAugitAAEAREyYKBA5mCoKCguViJYAAGv5TgAACAAAAAAAAegEBAMzMzAAB"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -8,7 +8,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1233089082809410,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809410,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi5AAEAREyMKBA5mCoKCguViJYAAGn1SgAACAAAAAAAAegEBgczMzAAC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1233089082809435,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809435,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi9AAEAREyIKBA5mCoKCguViJYAAGnxSgAACAAAAAAAAegEBgszMzAAC"} 02050{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082810135,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082810135,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":25.9,"max":31,"stddev":1.6,"var":2.4,"ent":5.0,"data": [22,29,26,25,25,26,27,26,26,25,25,25,26,26,25,26,25,25,26,27,31,27,25,25,26,25,25,26,25,25,29]},"pktlen": {"min":44,"avg":47.2,"max":65,"stddev":3.5,"var":12.6,"ent":5.0,"data": [46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65]},"bins": {"c_to_s": [31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.966703415,3.990315914,4.006726265,4.050204754,4.015212536,4.077271938,4.033793926,4.077271938,4.093682766,4.093682766,4.093682766,4.093682766,4.050204754,4.093682766,4.093682766,4.093682766,4.093682766,4.050204277,4.077271938,4.222351551,4.000422955,3.952195406,3.979268074,4.288366795,3.913608313,3.913608313,3.913608789,3.913608313,3.837309122,4.107601166,3.918294430,3.660078049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347} 00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655145347,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":66,"expected":70,"global_ts_usec":1428095655145347} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_usec":1233089082814433,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655145347,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":114,"thread_ts_usec":1428095676054158,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655734613,"flow_dst_last_pkt_time":1428095655734575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":257,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1428095676054158} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":257,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1428095676054158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 257/257 ~~ skipped flows.............: 0 @@ -56,9 +56,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919850 bytes -~~ total memory freed........: 6919850 bytes -~~ total allocations/frees...: 114417/114417 +~~ total memory allocated....: 7497446 bytes +~~ total memory freed........: 7497446 bytes +~~ total allocations/frees...: 126148/126148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 343 chars ~~ json message max len.......: 2055 chars diff --git a/test/results/default/firefox.pcap.out b/test/results/default/firefox.pcap.out index be0cc7766..c57204201 100644 --- a/test/results/default/firefox.pcap.out +++ b/test/results/default/firefox.pcap.out @@ -1,13 +1,13 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620927997754367} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620927997754367} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997754367,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927997754367,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927997781073,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1620927997781165,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927997781165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1620927997782476,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6Esl5AbuZmizBCYmRhoAYECyf7gAAAQEICjQMlIg8IAcuFgMBAgABAAH8AwMtfA1DC+zpycv9FdmNMUC5bsJuWnUXyup0IQWmFDUmuyCHAxBTXkoz\/MfE2bI\/cLBp15kHYdbtt6EVNjvh9SpQCwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAdqToAdMIvwxEDg\/g+CRDkTMPXNvyCkvGWZE1UHNfqdQAXAEEEaSrAsB1d9DD1rsZ6fsTBmwbdQjaww3ssMweKLDjtvm89IHezibH\/di6RtXqjZOkOURxpgJe+Gaam1ctoaup48QArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997782476,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997782476,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997808417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927997808417,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1BAADQGLNeSMDoSwKgBsgG7yXkJiZGGmZouxoAQAfqrggAAAQEICjwgB0o0DJSI"} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997814169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620927997814169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997814169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620927997814169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998782772,"flow_dst_last_pkt_time":1620927998782772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998782772,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1620927998782772,"flow_dst_last_pkt_time":1620927998782772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927998782772,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998806443,"flow_dst_last_pkt_time":1620927998806443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998806443,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -15,15 +15,15 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1620927998782772,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927998817178,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1620927998817261,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998817261,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"} 01466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927998820522,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6Esl\/AbveSGQdyUsXxYAYECwwygAAAQEICjQMmIU8IAs5FgMBAqMBAAKfAwO3vIr9uiJ48zzMf52GsXt4xkS1HnhZS28F\/9nVtQa\/JSARzVdUDjCom9ejIr9F9nHpr\/Ooxj6X4lFWVS4DuL59ogAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIIYQxSluq6g42rhsNiC0vZO+RSLs9Lc+BoLP46MvmywVABcAQQRH6zF0G3XQTSNI3Y1zyDpklxgrGlYydrEUXDKsmOlWDTlQccHbDWUx+QCuHh\/4fXU1rkqfToj1sH7nwHIfkbqSACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bJYAMTBgVj+1QQAEnNQ6YMh4adur454Yr31knwx6D0ttCCNB5Ar\/5l2gc7rg2qVLaQE7hUg="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998820522,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998820522,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1620927998806443,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927998833815,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1620927998833884,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998833884,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998849436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998849436,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA051pAADQG0MySMDoSwKgBsgG7yX\/JSxfF3khmxYAQAfjgwQAAAQEICjwgC1s0DJiF"} 01461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927998850076,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmEAbtCftk9RQZ5bIAYECyN6AAAAQEICjQMmJ48IAtKFgMBAqMBAAKfAwNAzR6c7iJcDBDZ2OSnohULz18pBZGP2l3acYhLNliW1SCaZ4UhDzGNmamCWj7lh5yndtX+A5Qj\/Vo0pS14rgaccQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMO9fLbtYoy7wr4nDFrsvn6ZcJoE4YIn7v76H+x9iAkkABcAQQRxFV6yz59yZ1DVbyModG076e+kDUcckNtpF88rNlUIK9cS8XHrZokfkMFIciZwd8LHFIC9Gsa3UC38ksGr2hjkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bLMAMTASbwuo8QWja2o9mr0+Frf3OIK5pq78cRY8SbYmyrN4A0Z9kQhYPaolWzEoVShdu5I="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998850076,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998850942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927998850942,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998850076,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998850942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927998850942,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998875954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998875954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCZAADQGRAGSMDoSwKgBsgG7yYRFBnlsQn7b5YAQAfgp0gAAAQEICjwgC3U0DJie"} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998877179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927998877179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998877179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927998877179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999109976,"flow_dst_last_pkt_time":1620927999109976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999109976,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1620927999109976,"flow_dst_last_pkt_time":1620927999109976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927999109976,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999111334,"flow_dst_last_pkt_time":1620927999111334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999111334,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -37,24 +37,24 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1620927999112216,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927999140847,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1620927999140932,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999140932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"} 01466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927999141444,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmQAbsCvXBxSS7VUoAYECxqegAAAQEICjQMmZ88IAx6FgMBAqMBAAKfAwMib7sEwVHJP8NafDdEcMRu+2BtW80kInWBAD4KrwhQpiB866aqa7yFxIfhXZTYSAx6ddVCnWqOsCWmpuTunaX1mwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMy+F3v+RcJdQkDhcgxxv+q0LPoq\/2mdWLz4DbhUlU0JABcAQQSHckCcHdMJGlaj94G9MrpqvN\/LQY4GmzuN\/x59Xu\/wdGrOVrynO7q9eaBmxxO48u8iWBXSYIjZIO\/YAQtrWf0uACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSEAMTC7DFviiMAHSyKO9UJflICxrfrBiSjn+Q51G\/9zze3vin9E\/h3yoA8+LmA5m8meUew="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999141444,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999141444,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927999143664,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmPAbugsPXrcnmk94AYECwByQAAAQEICjQMmaE8IAx5FgMBAqMBAAKfAwPLbD5gOnSMmUdmLValgevvP4bb+k8e08lwqX+YbKGt3iAlkc8vad1pAkmv3DLXWEMycffSzBs5DNVF7m0FcRK\/nQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHrZFQRNw5ldSnTOZrYb4ROYY6jGIfJVGxBV4uizHTpsABcAQQS3NAbJNADMbeg6uNBn+xHw3ydMMZ8\/z0knTfC\/Pk5sGbbav2GL7wpVEgjyFzNhlOyo4p3\/\/ZRvEWbgTq4d2O7vACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSMAMTAdEIyR1ohqOXooWJz4QOYPIEnPNAiJJdYf5MRX0x2j7hrA220r1vjmga7S5HF+hl8="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999143664,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999143664,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927999148674,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmRAbvLRPivcgRn2oAYECwS0QAAAQEICjQMmaU8IAx9FgMBAqMBAAKfAwNFQzpkgfyhNgbTNJ5e9Ud666zcsVLrnCFPuu5R0gMQ5iCf4hyAAf2e1Nqt4X\/d0hmTfioGtwn0kLEAuqj5y87exAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AICxuuwafTKLEKqG16GJB5qZPLJEh4U2+SES78FZlA\/54ABcAQQTAAyquj6BD0IPU30kXgMXDwejI4l0XzpOwpQEzc8hKPk7HPRn0O\/XXDhe2CgGPmdE8r3OyDN41Lk+AQK9FIkrkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSgAMTBBOwyJxtnEOswesRCmg08gZTe717MpXIgpoRB+yZwyzrZ5Gi9t5mtcvX9nEpcbXSo="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999148674,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999148674,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999167303,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999167303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2ZAADQGgMGSMDoSwKgBsgG7yZBJLtVSAr1zGYAQAfhwIAAAAQEICjwgDJk0DJmf"} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999169718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999169718,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999169718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999169718,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999169750,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999169750,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0GipAADQGnf2SMDoSwKgBsgG7yY9yeaT3oLD4k4AQAfhTvwAAAQEICjwgDJs0DJmh"} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999170826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999170826,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999170826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999170826,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999178235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999178235,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RutAADQGcTySMDoSwKgBsgG7yZFyBGfay0T7V4AQAfhj7AAAAQEICjwgDKI0DJml"} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999179715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999179715,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999179715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999179715,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1813h2_e8a523a41297_84e5d5db657c","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927998052138,"flow_dst_last_pkt_time":1620927998628677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":983,"flow_dst_tot_l4_payload_len":7072,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927999107713,"flow_dst_last_pkt_time":1620927999136180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1491,"flow_dst_tot_l4_payload_len":4419,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927999135237,"flow_dst_last_pkt_time":1620927999135180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":1127,"flow_dst_tot_l4_payload_len":1903,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999224233,"flow_dst_last_pkt_time":1620927999224319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":9203,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999213956,"flow_dst_last_pkt_time":1620927999214178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":12083,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999228482,"flow_dst_last_pkt_time":1620927999227832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":129,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620927999228482} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":129,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1620927999228482} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 129/129 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7106515 bytes -~~ total memory freed........: 7106515 bytes -~~ total allocations/frees...: 114377/114377 +~~ total memory allocated....: 7684111 bytes +~~ total memory freed........: 7684111 bytes +~~ total allocations/frees...: 126108/126108 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1471 chars diff --git a/test/results/default/fix.pcap.out b/test/results/default/fix.pcap.out index 4073eed2e..d774a39bb 100644 --- a/test/results/default/fix.pcap.out +++ b/test/results/default/fix.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1493755109242949} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1493755109242949} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1493755109242949,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} 00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -101,7 +101,7 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1493755110328857,"flow_src_last_pkt_time":1493755132019095,"flow_dst_last_pkt_time":1493755132019254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1493755117668152,"flow_src_last_pkt_time":1493755127687637,"flow_dst_last_pkt_time":1493755127668953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":111,"flow_dst_packets_processed":111,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755131889470,"flow_dst_last_pkt_time":1493755131889670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":9555,"flow_dst_tot_l4_payload_len":354,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1261,"packets-processed":1261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1493755132120045} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1261,"packets-processed":1261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1493755132120045} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 ~~ skipped flows.............: 0 @@ -110,9 +110,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6994938 bytes -~~ total memory freed........: 6994938 bytes -~~ total allocations/frees...: 115531/115531 +~~ total memory allocated....: 7572534 bytes +~~ total memory freed........: 7572534 bytes +~~ total allocations/frees...: 127262/127262 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2214 chars diff --git a/test/results/default/fix2.pcap.out b/test/results/default/fix2.pcap.out index cd3bf354b..a88a1c656 100644 --- a/test/results/default/fix2.pcap.out +++ b/test/results/default/fix2.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614758889587624} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614758889587624} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889588862,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614758889588862,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889589020,"flow_dst_last_pkt_time":1614758889589020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889589020,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -18,7 +18,7 @@ 02059{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889590049,"flow_dst_last_pkt_time":1614758889590048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":801,"midstream":0,"thread_ts_usec":1614758889590049,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":66.4,"max":570,"stddev":137.8,"var":18986.0,"ent":3.3,"data": [568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,0,12,37,4,6,27,0,25]},"pktlen": {"min":46,"avg":92.0,"max":160,"stddev":46.1,"var":2122.5,"ent":4.8,"data": [48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46]},"bins": {"c_to_s": [6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0],"entropies": [3.944233894,4.517892838,3.795586348,5.115859032,5.169412613,5.333189964,5.351288795,4.517892838,3.795586109,5.341800690,4.032184601,4.032184124,5.369617462,5.205471516,4.075662613,5.190125942,3.839064360,5.365781307,3.839064360,5.331775665,5.255437374,5.190015793,5.411532879,4.075662613,4.075662613,4.075662613,5.397834301,5.453368664,5.342391014,4.075662136,4.075662613,3.839064121]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":683,"flow_dst_packets_processed":1304,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889595345,"flow_dst_last_pkt_time":1614758889595344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":13395,"flow_dst_tot_l4_payload_len":26148,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":411,"flow_dst_packets_processed":648,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889595307,"flow_dst_last_pkt_time":1614758889595305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":10864,"flow_dst_tot_l4_payload_len":17549,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3049,"packets-processed":3046,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1614758889595345} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3049,"packets-processed":3046,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1614758889595345} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3049/3046 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7002473 bytes -~~ total memory freed........: 7002473 bytes -~~ total allocations/frees...: 117198/117198 +~~ total memory allocated....: 7580069 bytes +~~ total memory freed........: 7580069 bytes +~~ total allocations/frees...: 128929/128929 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2064 chars diff --git a/test/results/default/flute.pcapng.out b/test/results/default/flute.pcapng.out index 238b896bf..6f1158095 100644 --- a/test/results/default/flute.pcapng.out +++ b/test/results/default/flute.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710770492196928} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710770492196928} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770492196928,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1710770492196928,"pkt":"AQBeAQFf8C90rUP1CABFAAJ2YalAAAERDN7AqFjn7gEBX58NnJUCYgtkEBAIAAAAAAAAAAAAwBAAAkAEAAAAAAI2AAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTAyIiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIj4KICAgIDxGaWxlIFRPST0iMSIgQ29udGVudC1Mb2NhdGlvbj0iaGVsbG9fd29ybGQudHh0IiBDb250ZW50LUxlbmd0aD0iMTMiIFRyYW5zZmVyLUxlbmd0aD0iMTMiIENvbnRlbnQtTUQ1PSJqZDJMNUxGNXBTbXZwZkwvcmt1WVdBPT0iIENvbnRlbnQtVHlwZT0iYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIj4KICAgICAgICA8bWJtczIwMDc6Q2FjaGUtQ29udHJvbD4KICAgICAgICAgICAgPG1ibXMyMDA3OkV4cGlyZXM+MTcxMDc3MDU1MjwvbWJtczIwMDc6RXhwaXJlcz4KICAgICAgICA8L21ibXMyMDA3OkNhY2hlLUNvbnRyb2w+CiAgICA8L0ZpbGU+CjwvRkRULUluc3RhbmNlPgo="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770492196928,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FLUTE","proto_id":"406","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} @@ -7,7 +7,7 @@ 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1710770492197076,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_usec":1710770492197076,"pkt":"AQBeAQFf8C90rUP1CABFAAEuYatAAAERDiTAqFjn7gEBX58NnJUBGgocEBAIAAAAAAAAAAAAwBAAA0AEAAAAAADuAAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTAyIiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIi8+Cg=="} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1710770497188134,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_usec":1710770497188134,"pkt":"AQBeAQFf8C90rUP1CABFAAEuZedAAAERCejAqFjn7gEBX58NnJUBGgocEBAIAAAAAAAAAAAAwBAAA0AEAAAAAADuAAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTA3IiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIi8+Cg=="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770497188134,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770497188134,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FLUTE","proto_id":"406","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710770497188134} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710770497188134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907701 bytes -~~ total memory freed........: 6907701 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485297 bytes +~~ total memory freed........: 7485297 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 1319 chars diff --git a/test/results/default/forticlient.pcap.out b/test/results/default/forticlient.pcap.out index 0544df14e..1c92a1494 100644 --- a/test/results/default/forticlient.pcap.out +++ b/test/results/default/forticlient.pcap.out @@ -1,57 +1,57 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203571879,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067203571879,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067203633408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1621067203633503,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067203633503,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1621067203776571,"pkt":"EBMx8Tl2KDc3AG3ICABFAADfAABAAEAG92DAqAGyUlEuDfFtKMutlmzPZBHKQoAYECx8qwAAAQEICienPS4GP5CkFgMBAKYBAACiAwNgn4XDHhk9zkDSeKikF83Z2kCbBVuvXP2YO+k8PIUoXwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAATQAAABAADgAACzgyLjgxLjQ2LjEzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01537{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203776571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01496{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203776571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203840255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067203840255,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WuhAADQGqSNSUS4NwKgBsijL8W1kEcpCrZZteoAQABDUiQAAAQEICgY\/kLgnpz0u"} -01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203852128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067203852128,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203854111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067203854111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} +01556{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203852128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067203852128,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01713{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203776571,"flow_dst_last_pkt_time":1621067203854111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067203854111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204622472,"flow_dst_last_pkt_time":1621067204622472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067204622472,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1621067204622472,"flow_dst_last_pkt_time":1621067204622472,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067204622472,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1621067204622472,"flow_dst_last_pkt_time":1621067204682265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067204682265,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1621067204682424,"flow_dst_last_pkt_time":1621067204682265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067204682424,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204682265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_usec":1621067204827269,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFuKMux1NwBslSzeoAYECwJbQAAAQEICienQToGP5ENFgMBAMYBAADCAwNgn4XEp+uBSLXTSYGmDjytSwbEIFYHQALSGOu1WZB+OiBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204682265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067204827269,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204682265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067204827269,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204886490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067204886490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImlAADQG4aJSUS4NwKgBsijL8W6yVLN6sdTczIAQABAlCAAAAQEICgY\/kSEnp0E6"} -01497{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204898197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067204898197,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204900059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067204900059,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204898197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067204898197,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01722{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067204827269,"flow_dst_last_pkt_time":1621067204900059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067204900059,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205651500,"flow_dst_last_pkt_time":1621067205651500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067205651500,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1621067205651500,"flow_dst_last_pkt_time":1621067205651500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067205651500,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1621067205651500,"flow_dst_last_pkt_time":1621067205710127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067205710127,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1621067205710225,"flow_dst_last_pkt_time":1621067205710127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067205710225,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205710127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_usec":1621067205856632,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFzKMsSeiBD+wn8a4AYECzNugAAAQEICienRTAGP5FzFgMBAMYBAADCAwNgn4XFQZiH+y8CHLF8hTQg3ogVgVp4VG9EWDmmbkf39yD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205710127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067205856632,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205710127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067205856632,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205914177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067205914177,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRJAADQGlvlSUS4NwKgBsijL8XP7CfxrEnohDoAQABDqGAAAAQEICgY\/kYgnp0Uw"} -01497{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205926006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067205926006,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205928157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067205928157,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205926006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067205926006,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01722{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067205856632,"flow_dst_last_pkt_time":1621067205928157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067205928157,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206773010,"flow_dst_last_pkt_time":1621067206773010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067206773010,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1621067206773010,"flow_dst_last_pkt_time":1621067206773010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067206773010,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1621067206773010,"flow_dst_last_pkt_time":1621067206833331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067206833331,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1621067206833438,"flow_dst_last_pkt_time":1621067206833331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067206833438,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067206833331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_usec":1621067206977150,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfF0KMspKYnKzXsyaYAYECwOmAAAAQEICienSYIGP5HkFgMBAMYBAADCAwNgn4XGR7oIUOrAwfXLNhOc\/stRXR3cpjisHDHrOmoG8CAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3PcwAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067206833331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067206977150,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067206833331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067206977150,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067207036967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067207036967,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4NAADQGYIhSUS4NwKgBsijL8XTNezJpKSmKlYAQABBcsAAAAQEICgY\/kfgnp0mC"} -01497{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067207049233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067207049233,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067207050833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067207050833,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067207049233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067207049233,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01722{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067206977150,"flow_dst_last_pkt_time":1621067207050833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":2449,"midstream":0,"thread_ts_usec":1621067207050833,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209199710,"flow_dst_last_pkt_time":1621067209199710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067209199710,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1621067209199710,"flow_dst_last_pkt_time":1621067209199710,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067209199710,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1621067209199710,"flow_dst_last_pkt_time":1621067209262263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067209262263,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1621067209262372,"flow_dst_last_pkt_time":1621067209262263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067209262372,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"} 00972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209262263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1621067209264717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFtAABAAEAG9tLAqAGyUlEuDfF8KMsekCM0XLl6iYAYECy4MwAAAQEICienUkkGP5LWFgMBATQBAAEwAwME0ZbiTglAl8IIF\/3QYtFxUOfO4VmvosSnyqFik3+gECB0m0E8n5ro5FpA+fOauorg9Y\/MUiqxzclkM+TtS7iPJgA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACpAAAAEAAOAAALODIuODEuNDYuMTMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACBs1PQ+qJEvrZx4kd6w\/yirfgThWirK26NCg33JqRCxNQ=="} -01495{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209262263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067209264717,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","ja4":"t13i311000_e8f1e7e78f70_5ac7197df9d2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209262263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067209264717,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13i311000_e8f1e7e78f70_5ac7197df9d2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209326813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1621067209326813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA06FRAADQGG7dSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDsXwAAAQEICgY\/kt0np1JJ"} -01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209346748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067209346748,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","ja4":"t13i311000_e8f1e7e78f70_5ac7197df9d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01821{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209348677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":2421,"midstream":0,"thread_ts_usec":1621067209348677,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","ja4":"t13i311000_e8f1e7e78f70_5ac7197df9d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} +01514{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209346748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1621067209346748,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","ja4":"t13i311000_e8f1e7e78f70_5ac7197df9d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067209264717,"flow_dst_last_pkt_time":1621067209348677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":2421,"midstream":0,"thread_ts_usec":1621067209348677,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13","domainame":"82.81.46.13","tls": {"version":"TLSv1.2","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","ja4":"t13i311000_e8f1e7e78f70_5ac7197df9d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45","blocks":0}}} 02448{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067210297694,"flow_dst_last_pkt_time":1621067210301240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1845,"flow_dst_tot_l4_payload_len":4568,"midstream":0,"thread_ts_usec":1621067210301240,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":39,"avg":70952.1,"max":495036,"stddev":111597.5,"var":12454002688.0,"ent":3.7,"data": [62553,62662,2345,64550,19935,1929,84016,11197,85323,74192,429584,495036,65428,84550,160241,75696,71555,6274,142878,591,65604,251,221,2934,4011,39,64164,57249,427,3990,89]},"pktlen": {"min":52,"avg":253.0,"max":1492,"stddev":343.0,"var":117623.0,"ent":4.1,"data": [64,60,52,365,52,1492,1033,52,210,294,52,582,827,52,348,923,52,343,99,52,99,52,99,52,99,117,103,99,52,99,111,111]},"bins": {"c_to_s": [9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1],"entropies": [4.410132408,5.346732616,5.038779736,6.080028534,5.156889915,7.061070919,7.727006912,5.115703106,6.685589790,7.192217827,5.038779736,7.622327805,7.737955093,5.115703106,7.355971813,7.761943817,5.077241421,7.386271954,5.969920158,5.233812809,6.092373371,5.154164791,6.132777691,5.070539474,6.022900581,6.156826973,6.011271954,6.160604477,5.115703106,6.070930004,6.207380772,6.322289944]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01232{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067204621391,"flow_dst_last_pkt_time":1621067204682403,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":2929,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1621067204622472,"flow_src_last_pkt_time":1621067205650296,"flow_dst_last_pkt_time":1621067205708789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":6225,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067206681899,"flow_dst_last_pkt_time":1621067206738955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067207801622,"flow_dst_last_pkt_time":1621067207860710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":384,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":751,"flow_dst_tot_l4_payload_len":6525,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01279{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1150,"flow_dst_packets_processed":751,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067222261499,"flow_dst_last_pkt_time":1621067222260652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":70643,"flow_dst_tot_l4_payload_len":206814,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN","hostname":"82.81.46.13"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2000,"packets-processed":2000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7022176 bytes -~~ total memory freed........: 7022176 bytes -~~ total allocations/frees...: 116226/116226 +~~ total memory allocated....: 7599877 bytes +~~ total memory freed........: 7599877 bytes +~~ total allocations/frees...: 127962/127962 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2453 chars diff --git a/test/results/default/ftp-start-tls.pcap.out b/test/results/default/ftp-start-tls.pcap.out index 6e82184a0..a166f4178 100644 --- a/test/results/default/ftp-start-tls.pcap.out +++ b/test/results/default/ftp-start-tls.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383123629078448} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383123629078448} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383123629078448,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078448,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078863,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078863,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} @@ -12,7 +12,7 @@ 01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":13,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629101855,"flow_dst_last_pkt_time":1383123629103328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1383123629103328,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02589{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629152654,"flow_dst_last_pkt_time":1383123629153383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":3206,"midstream":0,"thread_ts_usec":1383123629153383,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4811.0,"max":40376,"stddev":9556.7,"var":91331016.0,"ent":3.2,"data": [415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203]},"pktlen": {"min":46,"avg":160.9,"max":552,"stddev":164.2,"var":26956.4,"ent":4.4,"data": [46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130]},"bins": {"c_to_s": [4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1],"entropies": [4.174477577,4.816402912,4.816402912,4.390829086,5.377844810,5.377844810,4.955727100,4.347350597,4.347350597,5.319664001,5.319664001,5.167058468,4.434307098,4.434307098,6.822389126,7.154568672,6.962697506,6.822389126,7.151652813,6.962697029,4.544876099,7.242094517,5.879006863,5.879006863,5.747309208,6.191079140,6.207472801,5.766408920,6.279234409,6.279234409,5.962334156,6.287871361]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":35,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629412168,"flow_dst_last_pkt_time":1383123629233523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":856,"flow_dst_tot_l4_payload_len":3834,"midstream":0,"thread_ts_usec":1383123629412168,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":51,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1383123629412168} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":51,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1383123629412168} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 51/51 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915504 bytes -~~ total memory freed........: 6915504 bytes -~~ total allocations/frees...: 114198/114198 +~~ total memory allocated....: 7493100 bytes +~~ total memory freed........: 7493100 bytes +~~ total allocations/frees...: 125929/125929 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2594 chars diff --git a/test/results/default/ftp.pcap.out b/test/results/default/ftp.pcap.out index 076bea190..4951f784d 100644 --- a/test/results/default/ftp.pcap.out +++ b/test/results/default/ftp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1552590234892296} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1552590234892296} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1552590234892296,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1552590234892296,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234919708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1552590234919708,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} @@ -26,7 +26,7 @@ 00906{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":78,"flow_first_seen":1552590241545143,"flow_src_last_pkt_time":1552590241697652,"flow_dst_last_pkt_time":1552590241697604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":109440,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236638093,"flow_dst_last_pkt_time":1552590236666222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01198{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":27,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590243340268,"flow_dst_last_pkt_time":1552590243371057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":241,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":889,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":111708,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1552590243371057} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":111708,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1552590243371057} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/209 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924681 bytes -~~ total memory freed........: 6924681 bytes -~~ total allocations/frees...: 114375/114375 +~~ total memory allocated....: 7502277 bytes +~~ total memory freed........: 7502277 bytes +~~ total allocations/frees...: 126106/126106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2469 chars diff --git a/test/results/default/ftp_failed.pcap.out b/test/results/default/ftp_failed.pcap.out index 9e7834ced..887a5cc50 100644 --- a/test/results/default/ftp_failed.pcap.out +++ b/test/results/default/ftp_failed.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574361625864342} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574361625864342} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574361625864342,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625864342,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625878212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625878212,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} @@ -8,7 +8,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574361625977593,"flow_dst_last_pkt_time":1574361625977557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1574361625977593,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQaBgBAA4XzDAAABAQgKlgVfE1bTSNw="} 01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361631282407,"flow_dst_last_pkt_time":1574361631296434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1574361631296434,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"hello","password":"","auth_failed":1}}} 01218{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361633088930,"flow_dst_last_pkt_time":1574361633102738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1574361633102738,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574361633102738} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574361633102738} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910234 bytes -~~ total memory freed........: 6910234 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7487830 bytes +~~ total memory freed........: 7487830 bytes +~~ total allocations/frees...: 125889/125889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 579 chars ~~ json message max len.......: 1236 chars diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out index d50291c3b..48f373516 100644 --- a/test/results/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469540839312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="} 00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain","domainame":"eci_domain"}} @@ -36,10 +36,10 @@ 01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469572841120,"flow_src_last_pkt_time":1120469572841120,"flow_dst_last_pkt_time":1120469572842609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120469572842609,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","domainame":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr": []}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAE01PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmkdOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEubDticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2WmE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MCVzAHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktbTY2NWQ3NzWjNTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=903df0a","to":";tag=903df0a","to":";tag=8e948b0","to":""}}} 00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1120469590455801,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_usec":1120469590455801,"pkt":"AODtAW69ADBUADRBCABFAAF2AABAADcRirfU8iEjwKgBAhPEE8QBYot4U0lQLzIuMCA0MDMgV3JvbmcgcGFzc3dvcmQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyIjI3MzItNDY2NWQ3NzINCsNTZXE6IDY5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4ajYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04ZTk0OGIwDQpUbzogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt022c9MDAtMDQwODUtMTcwMWFmOTgtNTFhNjViMzQwDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDvicmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTIzOGM1MjhiMTkyLjE2OC4xLjINCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1120469590576043,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469590576043,"pkt":"\/\/\/\/\/\/\/\/NODtAW69CABFAABOaaIAAIARTKvAqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469595096646,"flow_src_last_pkt_time":1120469595096646,"flow_dst_last_pkt_time":1120469595096646,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469595096646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -379,7 +379,7 @@ 01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469938907413,"flow_src_last_pkt_time":1120469938907413,"flow_dst_last_pkt_time":1120469938908917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120469938908917,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","domainame":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr": []}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469938910409,"flow_src_last_pkt_time":1120469938910409,"flow_dst_last_pkt_time":1120469938910409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469938910409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1120469938910409,"flow_dst_last_pkt_time":1120469938910409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469938910409,"pkt":"ADBUADRWAODtAW69CABFAAHvakAAAIARFv7AqAEC1PIhI1HEE8QB28mlUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTE0NjM5MDAwLTQ3N2U3NTkxMTkyLjE2OC4xLjI7JXMAcnQNCkZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5k9T47dGFnPTZkNTQwYTUNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHlzZGs+DQpDYWxuLUlEOiA1NzgyVDI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2MkAxOTIuMTY4LjEuMjo1MDYwO2xpbmU9YWNhNmI5N2NhM2Y1MTUxYT47ZXhwaXJlcx0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANe0NTZXE6IDc0IFLPR0lTVEVSDQpDb250ZUF0LUxlbmd0aDogMA0KTWF4LUZvcglhcmRzOiA3MA0KaXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNl8KDQo="} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469938910409,"flow_src_last_pkt_time":1120469938910409,"flow_dst_last_pkt_time":1120469938910409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469938910409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469938910409,"flow_src_last_pkt_time":1120469938910409,"flow_dst_last_pkt_time":1120469938910409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469938910409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=6d540a5","to":""}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469939223693,"flow_src_last_pkt_time":1120469939223693,"flow_dst_last_pkt_time":1120469939223693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469939223693,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1120469939223693,"flow_dst_last_pkt_time":1120469939223693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469939223693,"pkt":"ADBUADRWAODtAW69CABFAABIakEAAIARTRDAqAECwKhUAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR1AmRrAAAhAAE="} 01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469939223693,"flow_src_last_pkt_time":1120469939223693,"flow_dst_last_pkt_time":1120469939223693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469939223693,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercitu.dk","domainame":"_sip._udp.sip.cybercitu.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} @@ -517,7 +517,7 @@ 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049187466,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049187466,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","domainame":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049188993,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARykzAqAECyER4URPEE0QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC9hLjCEClZpYTogU0lQLzIuMC9VRFEgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloR3ZiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCldyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2l2LmJydXJqdWxhLm5ldD47dGFnPTY0M1dlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDWwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgS05WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGNwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29uJXMAdDogPHNpcHM4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUizsT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQZyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLDE2OA4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRw32FwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zIi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtq3BWMTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"to":""}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470049190871,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049190871,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049190871,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470049190871,"pkt":"ADBUADRWAODtAW69CABFAABIam8AAIARTOLAqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470049190871,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049190871,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} @@ -526,7 +526,7 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_src_last_pkt_time":1120470050187028,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470050187028,"pkt":"ADBUADRWAODtAW69CABFAABIanEAAFgRTODAqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAB0AAE="} 01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470050187028,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470050187028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":116,"rsp_type":0,"rsp_addr": []}}} 01622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470049696866,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470050699023,"pkt":"ADBUADRWAODtAdO9CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFmY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5W6FRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQm9udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTMyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllF2SBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDA0DQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470049696866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1644,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470050699023,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470049696866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1644,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470050699023,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":"\"arik\" ;tag=6433ef9","to":""}}} 01322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1120470051405231,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQL3guMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLnE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzptPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDEZMi4lcxAuMS4yDUdDU2VxOiAxIElOVklURQ0KU2VydmVyOiAlcwAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xgCAoaaY4Ni9saSVzACkpDQpDb250ZW50LUxlbmclcwAgMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ5MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYR9jbnQ9PTEiDQoNCg=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_src_last_pkt_time":1120470052189909,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470052189909,"pkt":"ADBUADRWAODtAW69CABFAABIanMAAIARTN7AqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470052189909,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470052189909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} @@ -583,10 +583,10 @@ 01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470084306084,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470084306084,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470084827100,"flow_src_last_pkt_time":1120470084827100,"flow_dst_last_pkt_time":1120470084827100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470084827100,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01026{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1120470084827100,"flow_dst_last_pkt_time":1120470084827100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1120470084827100,"pkt":"ADBUADRWAODtAW69CABFAAGTaoUAAIARzJTAqAECyEQlcxDEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2ajZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmhydWp1bGEubmX0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VhOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdFbnQ6IE5lJXMAU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"} -00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470084827100,"flow_src_last_pkt_time":1120470084827100,"flow_dst_last_pkt_time":1120470084827100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470084827100,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470084827100,"flow_src_last_pkt_time":1120470084827100,"flow_dst_last_pkt_time":1120470084827100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470084827100,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":"\"arik\" ;tag=6433ef9","to":""}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470085969731,"flow_src_last_pkt_time":1120470085969731,"flow_dst_last_pkt_time":1120470085969731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470085969731,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00992{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1120470085969731,"flow_dst_last_pkt_time":1120470085969731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":273,"thread_ts_usec":1120470085969731,"pkt":"ADBUADRWAODtAW69CABFAAElcwAAAIARzK\/AqAECyER4URMlcwABY9CsQUNLIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2U2lwLmJydXJqdYVhLm5ldD47dGFnPTY0MzNlZjkNCkNhbGwtSUQ6IDEwNTA5MDI1OS00NDZmYWY3YUAxOTIuMTY4LjEuMg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnAxMDQ5ODQwNTMtNJ9jZTRhNDExOXkuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470085969731,"flow_src_last_pkt_time":1120470085969731,"flow_dst_last_pkt_time":1120470085969731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470085969731,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470085969731,"flow_src_last_pkt_time":1120470085969731,"flow_dst_last_pkt_time":1120470085969731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470085969731,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":"\"arik\" ;tag=6433ef9"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470086308978,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470086308978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470086308978,"pkt":"ADBUADRmAODtAW69CABFAABIaocAAIARTMrAqAECZqgBAQrAADUANLk4cMwBAAABAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470086308978,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470086308978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} @@ -609,7 +609,7 @@ 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470092317681,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470098867648,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470098867648,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1120470098867648,"pkt":"ADBUADBWAOBxAW69CABFAAGTao0AAIARzIzAqQECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470098867648,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470098867648,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470098867648,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470098867648,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100319543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470100319543,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100319543,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470100319543,"pkt":"ADBUADRWAODtAW69CABFAABEao4AAIARTMfAqAECwKgBAQrBADUAMNwvSM4AAAABAAAAAAAAATEBMAEwAzEyNwdUbi1hZGRyBGFycGEAAAwAAQ=="} 01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100319543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470100319543,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.tn-addr.arpa","domainame":"1.0.0.127.tn-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}} @@ -663,7 +663,7 @@ 01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01096{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":282,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":34,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":666,"global_ts_usec":1120470141614697} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":282,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":34,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":666,"global_ts_usec":1120470141614697} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470141614697,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="} 01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr": []}}} @@ -914,7 +914,7 @@ 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1120470284936670,"flow_dst_last_pkt_time":1120470284936670,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470284936670,"pkt":"AODtAW4FADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgB1CtEARyVzAP+AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1120470284937812,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_usec":1120470284937812,"pkt":"ADBUADRWAODtAW69CABFAAAhauMAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470098867648,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01173{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470102883325,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470102883325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01183{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470102883325,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470102883325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470102883325,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470102883325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100321028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.527.in-addr.arpa"}} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -966,7 +966,7 @@ 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":367,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_usec":1120470315340201,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1120470315653366,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"} -01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465","domainame":"d002465"}} +00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465","domainame":"d002465"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847669186,"flow_src_last_pkt_time":1120469847669186,"flow_dst_last_pkt_time":1120469847669186,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":475,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":475,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":120,"flow_datalink":1,"flow_max_packets":5} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470267920560,"flow_src_last_pkt_time":1120470267920560,"flow_dst_last_pkt_time":1120470267922044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} @@ -1034,7 +1034,7 @@ 01199{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470175647445,"flow_src_last_pkt_time":1120470179653185,"flow_dst_last_pkt_time":1120470175647445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} +01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470267920560,"flow_src_last_pkt_time":1120470267920560,"flow_dst_last_pkt_time":1120470267922044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 01199{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470276933108,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315338689,"flow_src_last_pkt_time":1120470315338689,"flow_dst_last_pkt_time":1120470315338689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1110,7 +1110,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 01426{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} +01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470267920560,"flow_src_last_pkt_time":1120470267920560,"flow_dst_last_pkt_time":1120470267922044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 01199{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470276933108,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315338689,"flow_src_last_pkt_time":1120470315338689,"flow_dst_last_pkt_time":1120470315338689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1210,7 +1210,7 @@ 01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470474627370,"flow_src_last_pkt_time":1120470478633445,"flow_dst_last_pkt_time":1120470474627370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470478633445,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":4,"flow_src_last_pkt_time":1120470482638914,"flow_dst_last_pkt_time":1120470474627370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470482638914,"pkt":"bDBUADRWAODtAW69CABFAABIa2YAAIARS+vAqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470474627370,"flow_src_last_pkt_time":1120470482638914,"flow_dst_last_pkt_time":1120470474627370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} -01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} +01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315338689,"flow_src_last_pkt_time":1120470315338689,"flow_dst_last_pkt_time":1120470315338689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 01326{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1225,7 +1225,7 @@ 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":440,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470490640835,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490782704,"flow_src_last_pkt_time":1120470490782704,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1120470490782704,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1120470490782704,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490782704,"flow_src_last_pkt_time":1120470490782704,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490782704,"flow_src_last_pkt_time":1120470490782704,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=3a2d0dc","to":";tag=00-94%s"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470491041918,"flow_src_last_pkt_time":1120470491041918,"flow_dst_last_pkt_time":1120470491041918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470491041918,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1120470491041918,"flow_dst_last_pkt_time":1120470491041918,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470491041918,"pkt":"ADBUADRWAODtAW69CABFAABIa2kAAIARS+jAqE8CwKgBAQrnADUANKZlgusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470491041918,"flow_src_last_pkt_time":1120470491041918,"flow_dst_last_pkt_time":1120470491041918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470491041918,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} @@ -1243,7 +1243,7 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1120470496048179,"flow_dst_last_pkt_time":1120470496048179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470496048179,"pkt":"ADBUADRWAODtAVW9CABFAABIa28AAIARS+LAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAghAAE="} 01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470496048179,"flow_src_last_pkt_time":1120470496048179,"flow_dst_last_pkt_time":1120470496048179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","domainame":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2081,"rsp_type":0,"rsp_addr": []}}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470304312412,"flow_src_last_pkt_time":1120470304312412,"flow_dst_last_pkt_time":1120470304312412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_doma"}} -01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d002465"}} 01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470303331030,"flow_src_last_pkt_time":1120470307336934,"flow_dst_last_pkt_time":1120470303331030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315338689,"flow_src_last_pkt_time":1120470315338689,"flow_dst_last_pkt_time":1120470315338689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1310,7 +1310,7 @@ 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470589532574,"flow_src_last_pkt_time":1120470589532574,"flow_dst_last_pkt_time":1120470589532574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470589532574,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1120470589532574,"flow_dst_last_pkt_time":1120470589532574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470589532574,"pkt":"\/\/\/\/\/\/\/3AODtAW69CABFAABOa3sAAIARStLAiAECwKgB\/wCJAIkAOltehT0BEAABAAAAAAAAIERGRURFSkZQRUVFUEVORUNFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470589532574,"flow_src_last_pkt_time":1120470589532574,"flow_dst_last_pkt_time":1120470589532574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470589532574,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"5ci_dombin","domainame":"5ci_dombin"}} -01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01078{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01324{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} @@ -1383,7 +1383,7 @@ 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470494127462,"flow_src_last_pkt_time":1120470494127462,"flow_dst_last_pkt_time":1120470494127462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808784,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1120470657808784,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXL8AAIARWOvAqAEpwKgB\/wCKAIoAtl+xEQKRTcCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAMEAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAAAA"} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808784,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111","domainame":"lab111"}} +00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808784,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111","domainame":"lab111"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808829,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470657808829,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMAAAIARWWbAuL0pwKgB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUh2Q0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="} 00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808829,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workg","domainame":"workg"}} @@ -1446,14 +1446,14 @@ 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470670573723,"flow_src_last_pkt_time":1120470670573723,"flow_dst_last_pkt_time":1120470670573723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} -01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} +01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workg"}} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470684859655,"flow_src_last_pkt_time":1120470684859655,"flow_dst_last_pkt_time":1120470684859655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470589532574,"flow_src_last_pkt_time":1120470589532574,"flow_dst_last_pkt_time":1120470589532574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"5ci_dombin"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470733830076,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2742,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} -00871{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":490,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":65,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1456,"global_ts_usec":1120470764674629} +00871{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":490,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":65,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1456,"global_ts_usec":1120470764674629} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470764674629,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"re-.sippstar.com","domainame":"re-.sippstar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -1474,7 +1474,7 @@ 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470670573723,"flow_src_last_pkt_time":1120470670573723,"flow_dst_last_pkt_time":1120470670573723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} -01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} +01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} 00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workg"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470775049884,"flow_src_last_pkt_time":1120470775049884,"flow_dst_last_pkt_time":1120470775049884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470775049884,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1519,7 +1519,7 @@ 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_usec":1120470796804243,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_usec":1120470796941095,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=1b89bcd","to":";tag=00-04072-1701b941-779945843\r\"Via: SIP\/2.0\/UDP 192.168.1.2;received=80.230.219.70;rport=5060;branc=c9hG4bKnp%s"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470797172479,"packet_id":517,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470797172479} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":517,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470796941095,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470798172728,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470798172728,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1559,7 +1559,7 @@ 01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470670573723,"flow_src_last_pkt_time":1120470670573723,"flow_dst_last_pkt_time":1120470670573723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} -01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} +01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} 00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01150{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sippstar.com"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1606,7 +1606,7 @@ 01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","domainame":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470662062211,"flow_src_last_pkt_time":1120470662062211,"flow_dst_last_pkt_time":1120470662062211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} -01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"lab111"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workg"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470848682926,"flow_dst_last_pkt_time":1120470848528833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":2328,"flow_dst_tot_l4_payload_len":1504,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01154{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} @@ -1813,7 +1813,7 @@ 01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"?sip._udp.shp.cybercity.dk","domainame":"?sip._udp.shp.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":366,"pkt_l4_len":332,"thread_ts_usec":1120470984353086,"pkt":"ADBUADRWAODt4G69CABFAAFga\/oAAIARFdPAqAEC1PIhyRPEE8QBRC7GQUNLIHNpcDozNTEwNDcwNEBzaXAuY3liZXJjaXR5LmRrIFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjM1MTA0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":"\"arik\" ;tag=87971a","to":""}}} 00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471001405003,"packet_id":640,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_usec":1120471001405003} 01001{"packet_event_id":1,"packet_event_name":"packet","packet_id":640,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"thread_ts_usec":1120471001263229,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471001714162,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001714162,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2009,7 +2009,7 @@ 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470899859727,"flow_src_last_pkt_time":1120470899859727,"flow_dst_last_pkt_time":1120470899861231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa"}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470900860342,"flow_src_last_pkt_time":1120470904866086,"flow_dst_last_pkt_time":1120470900860342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470899865018,"flow_src_last_pkt_time":1120470899865018,"flow_dst_last_pkt_time":1120470899865018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01078{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470899862890,"flow_src_last_pkt_time":1120470899862890,"flow_dst_last_pkt_time":1120470899862890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1076,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470899862890,"flow_src_last_pkt_time":1120470899862890,"flow_dst_last_pkt_time":1120470899862890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1076,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470899862890,"flow_src_last_pkt_time":1120470899862890,"flow_dst_last_pkt_time":1120470899862890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1076,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2131,7 +2131,7 @@ 00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635045415,"flow_src_last_pkt_time":1120469635045415,"flow_dst_last_pkt_time":1120469635045415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01222{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635042587,"flow_src_last_pkt_time":1120469635042587,"flow_dst_last_pkt_time":1120469635042587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635042587,"flow_src_last_pkt_time":1120469635042587,"flow_dst_last_pkt_time":1120469635042587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00873{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":691,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":28,"total-detected-flows":190,"total-detection-updates":105,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2134,"global_ts_usec":1120471107427770} +00873{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":691,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":28,"total-detected-flows":190,"total-detection-updates":105,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2134,"global_ts_usec":1120471107427770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/569 ~~ skipped flows.............: 0 @@ -2140,9 +2140,9 @@ ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7568708 bytes -~~ total memory freed........: 7568708 bytes -~~ total allocations/frees...: 117671/117671 +~~ total memory allocated....: 8146331 bytes +~~ total memory freed........: 8146331 bytes +~~ total allocations/frees...: 129403/129403 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 311 chars ~~ json message max len.......: 2325 chars diff --git a/test/results/default/fuzz-2006-09-29-28586.pcap.out b/test/results/default/fuzz-2006-09-29-28586.pcap.out index 05f78080b..b21aaff70 100644 --- a/test/results/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/default/fuzz-2006-09-29-28586.pcap.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1031854484481540} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1031854484481540} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854484481540,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1031854484481540} 00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854484481540,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854484481558,"flow_src_last_pkt_time":1031854484481558,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854484481558,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -182,7 +182,7 @@ 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854514843505,"flow_src_last_pkt_time":1031854514843505,"flow_dst_last_pkt_time":1031854514843505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00984{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1031854514843263,"flow_src_last_pkt_time":1031854515059730,"flow_dst_last_pkt_time":1031854525904151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":425,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1031854514843263,"flow_src_last_pkt_time":1031854515059730,"flow_dst_last_pkt_time":1031854525904151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":425,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01215{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854532143761,"flow_src_last_pkt_time":1031854532143761,"flow_dst_last_pkt_time":1031854532143761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01322{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854532143761,"flow_src_last_pkt_time":1031854532143761,"flow_dst_last_pkt_time":1031854532143761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854532143761,"flow_src_last_pkt_time":1031854532143761,"flow_dst_last_pkt_time":1031854532143761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1031854532142258,"flow_src_last_pkt_time":1031854543315259,"flow_dst_last_pkt_time":1031854543315282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":363,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.13"}} 01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1031854535021018,"flow_src_last_pkt_time":1031854546079606,"flow_dst_last_pkt_time":1031854535021058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -216,7 +216,7 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488426,"flow_src_last_pkt_time":1031854562488426,"flow_dst_last_pkt_time":1031854562488426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01102{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488164,"flow_src_last_pkt_time":1031854562488164,"flow_dst_last_pkt_time":1031854562488164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488164,"flow_src_last_pkt_time":1031854562488164,"flow_dst_last_pkt_time":1031854562488164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":131,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":22,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1031854568982740} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":131,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":22,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1031854568982740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 131/123 ~~ skipped flows.............: 0 @@ -225,9 +225,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7015222 bytes -~~ total memory freed........: 7015222 bytes -~~ total allocations/frees...: 114740/114740 +~~ total memory allocated....: 7592908 bytes +~~ total memory freed........: 7592908 bytes +~~ total allocations/frees...: 126478/126478 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 312 chars ~~ json message max len.......: 2512 chars diff --git a/test/results/default/fuzz-2020-02-16-11740.pcap.out b/test/results/default/fuzz-2020-02-16-11740.pcap.out index 7d201cb09..215762394 100644 --- a/test/results/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/default/fuzz-2020-02-16-11740.pcap.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1528996067791491} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1528996067791491} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528996067791491,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -39,7 +39,7 @@ 01201{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996641548676,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996641548676,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_usec":1528996641548676,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1528996680540870} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1528996680540870} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996680808327,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996680808327,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528996680808327,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996684582288,"flow_src_last_pkt_time":1528996684582288,"flow_dst_last_pkt_time":1528996684582288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996684582288,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -187,7 +187,7 @@ 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997212627458,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997105304205,"flow_src_last_pkt_time":1528997105304205,"flow_dst_last_pkt_time":1528997105304205,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":5} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997109583874,"flow_src_last_pkt_time":1528997109583874,"flow_dst_last_pkt_time":1528997109583874,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":5} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":127,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1528997294157193} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":127,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1528997294157193} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997294408774,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -398,7 +398,7 @@ 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":5} 01081{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683835823,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683835823,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":243,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":401,"global_ts_usec":1528997988607022} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":243,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":401,"global_ts_usec":1528997988607022} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997988838453,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_usec":1528997988838453} 00628{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997988607022,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997989240618,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1528997989240618} @@ -583,7 +583,7 @@ 01440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1528998585268788,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998585268788,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00329{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998585453134,"packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998585453134} 00731{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998585268788,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":349,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":586,"global_ts_usec":1528998601376404} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":349,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":586,"global_ts_usec":1528998601376404} 01468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528998601376404,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWhAAP8RAAAKDEAexuIZNXIQBxQCxwAAAboCvwMeoZZ\/zB+Bk50RcisfPygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFDICQlXSVNQUjEwGgkAADghDQMwNwZbIqrJATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFDaXNjb4MGAAAAAR8TZjAtNzktdDAtZDEtN2QtMzceJTAwLWE3LTRVLWQwLWUwLTAwOlZlcml6b25XaUZpQWZjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDVjOWFhMjI1YiwgNWIyMmFhYzkvZjA6Nzk6bjA6ZDE6N2Q6MzcvMjQ0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAlAGNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6V2ANAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxrvAAA4IRQGAAABAhoMAFY4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS5kf6rm1Yn3hVOKVq3hvZUw=="} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998601561020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998601561020,"pkt":"ABRP+4rqcNuYVcUnCABFAADhEBRAAPwRQ7bG4hk1CgxAHgcUchAA7U+kC7oAxe81RNsNL9nkCabTe8sTdH4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhYzkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjQ0T0oBAgBIFwEAAAEFAAB93OZOPyN1g5mAaIFbRevEAgUAAM9K59M2sAAACew7QKwfR6iLAQACCwUAAO6YBGpcBLQq1zvE8qMpnJxQcQNtupIsEGf0aXWvBvX8yPY="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998605741189,"flow_src_last_pkt_time":1528998605741189,"flow_dst_last_pkt_time":1528998605741189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998605741189,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -612,7 +612,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998576181572,"flow_src_last_pkt_time":1528998576181572,"flow_dst_last_pkt_time":1528998576181572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00972{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} -00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":366,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1528998643334661} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":366,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1528998643334661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 366/301 ~~ skipped flows.............: 0 @@ -621,9 +621,9 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7102112 bytes -~~ total memory freed........: 7102112 bytes -~~ total allocations/frees...: 115300/115300 +~~ total memory allocated....: 7679708 bytes +~~ total memory freed........: 7679708 bytes +~~ total allocations/frees...: 127031/127031 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 312 chars ~~ json message max len.......: 2319 chars diff --git a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index f34025b97..23db7b424 100644 --- a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -1,10 +1,10 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384} 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} 00331{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384} 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1953631155595384} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1953631155595384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 336 chars ~~ json message max len.......: 859 chars diff --git a/test/results/default/fuzz-2021-10-13.pcap.out b/test/results/default/fuzz-2021-10-13.pcap.out index 7a4cb5988..99b7441d8 100644 --- a/test/results/default/fuzz-2021-10-13.pcap.out +++ b/test/results/default/fuzz-2021-10-13.pcap.out @@ -1,8 +1,8 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":980658803882137} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":980658803882137} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":980658803882137,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_usec":980658803882137} 00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":524501,"pkt_l4_len":0,"thread_ts_usec":980658803882137,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":980658803882137} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":980658803882137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 318 chars ~~ json message max len.......: 847 chars diff --git a/test/results/default/gaijin_mobile_mixed.pcap.out b/test/results/default/gaijin_mobile_mixed.pcap.out index c635e310e..c3d4cfa3e 100644 --- a/test/results/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/default/gaijin_mobile_mixed.pcap.out @@ -1,22 +1,22 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707397560481026} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707397560481026} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560481026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560481026,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560481026,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707397560481026,"pkt":"RQAAPHqEQABABuuOCtetATZL5oW6MgG7Ussu4gAAAACgAv\/\/aUMAAAIEJugEAggKhDYnDAAAAAABAwMJ"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707397560552997,"pkt":"RQAAMAAAQABABmYfNkvmhQrXrQEBu7oyd+t361LLLuNwEgQAVL8AAAIEJugDAwkA"} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1707397560553103,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707397560553103,"pkt":"RQAAKHqFQABABuuhCtetATZL5oW6MgG7Ussu43frd+xQEACArTcAAA=="} 01207{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1707397560555854,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":552,"pkt_l4_len":532,"thread_ts_usec":1707397560555854,"pkt":"RQACKHqGQABABumgCtetATZL5oW6MgG7Ussu43frd+xQEACAEFMAABYDAQIAAQAB\/AMDQLwVuf4WUTNDooXQ0wNqRO0W3Fi419hIQ9RqkmkF3C8g\/WpzjEM\/f8xg08L7eLA14QlvrLpPfJcHFG0BnPxXspwAPhMCEwMTAcAswDAAn8ypzKjMqsArwC8AnsAkwCgAa8AjwCcAZ8AKwBQAOcAJwBMAMwCdAJwAPQA8ADUALwD\/AQABdQAAABwAGgAAF3l1cG1hc3Rlci5nYWlqaW5lbnQuY29tAAsABAMAAQIACgAWABQAHQAXAB4AGQAYAQABAQECAQMBBDN0AAAAEAALAAkIaHR0cC8xLjEAFgAAABcAAAAxAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACCYG9RBOtTHAB1MyzJXjMhz9xK7OCclYSgI3TqdiZYlYAAVAKUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":45,"pkt_l4_len":25,"thread_ts_usec":1707397560555930,"pkt":"RQAALXqHQABABuuaCtetATZL5oW6MgG7Ussw43frd+xQGACAqyoAAAAAAAAA"} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560555930,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707397560621636,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","server_names":"*.gaijinent.com,gaijinent.com","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d3113ht_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.gaijinent.com","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"27:23:37:24:85:95:B7:8F:75:BE:79:18:DF:DC:11:D8:04:F7:1E:A2","blocks":0}}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1707398512218954} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560555930,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707397560621636,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","domainame":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","server_names":"*.gaijinent.com,gaijinent.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d3113ht_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.gaijinent.com","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"27:23:37:24:85:95:B7:8F:75:BE:79:18:DF:DC:11:D8:04:F7:1E:A2","blocks":0}}} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1707398512218954} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512218954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512218954,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512218954,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707398512218954,"pkt":"RQAAPJK6QABABn9ZCtetAVGrHyWZkgG7j0wUqAAAAACgAv\/\/CrsAAAIEJugEAggKawZJHgAAAAABAwMJ"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707398512264128,"pkt":"RQAAMAAAQABABhIgUasfJQrXrQEBu5mSd+t3649MFKlwEgQA\/xgAAAIEJugDAwkA"} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1707398512264224,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707398512264224,"pkt":"RQAAKJK7QABABn9sCtetAVGrHyWZkgG7j0wUqXfrd+xQEACAV5EAAA=="} 00963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":368,"pkt_l4_len":348,"thread_ts_usec":1707398512264512,"pkt":"RQABcJK8QABABn4jCtetAVGrHyWZkgG7j0wUqXfrd+xQGACAkFIAABYDAQFDAQABPwMDZcTVcO7oGgSw7OC+lurPYGtaU07yr+T3YKdchGRdIGIAAKDMqMypzKrALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARQCdwJ0APQA1wDLAKsAPwC7AJsAFwKHAewDAAITAjcB5wInAdQCcwJwAPAAvwDHAKcAOwC3AJcAEwKDAegC6AEHAjMB4wIjAdAD\/AQAAdgAAACoAKAAAJXRhLXJlY2VpdmVyLWJhbGFuY2VyLXhvbS5jcm9zc291dC5uZXQADQASABAGAwYBBQMFAQQDBAEDAwMBAAoAHAAaABkAHAAYABsAFwAWABoAFQAUABMAEgAdAB4ACwACAQAAFgAAABcAAAAjAAA="} -01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512264512,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ta-receiver-balancer-xom.crossout.net","domainame":"ta-receiver-balancer-xom.crossout.net","tls": {"version":"TLSv1.2","ja3":"14a4b22e64580299d355a3a5449ef7be","ja3s":"","ja4":"t12d800700_ee0b5a6c69b8_cdbdbcd6f742","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512264512,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ta-receiver-balancer-xom.crossout.net","domainame":"ta-receiver-balancer-xom.crossout.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d800700_ee0b5a6c69b8_cdbdbcd6f742","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512264617,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707398512264617,"pkt":"RQAAKAAAQABABhIoUasfJQrXrQEBu5mSd+t37I9MFfFQEAP\/UsoAAA=="} -01673{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":4168,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":4168,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ta-receiver-balancer-xom.crossout.net","domainame":"ta-receiver-balancer-xom.crossout.net","tls": {"version":"TLSv1.2","server_names":"*.crossout.net,crossout.net","ja3":"14a4b22e64580299d355a3a5449ef7be","ja3s":"758945630046fd37070521b8544d1fe8","ja4":"t12d800700_ee0b5a6c69b8_cdbdbcd6f742","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.crossout.net","fingerprint":"9D:3E:9C:5E:8D:F5:F0:D4:A7:71:3F:B3:CD:5A:DE:1B:E4:EA:12:92","blocks":0}}} +01632{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":4168,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":4168,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ta-receiver-balancer-xom.crossout.net","domainame":"ta-receiver-balancer-xom.crossout.net","tls": {"version":"TLSv1.2","server_names":"*.crossout.net,crossout.net","ja3s":"758945630046fd37070521b8544d1fe8","ja4":"t12d800700_ee0b5a6c69b8_cdbdbcd6f742","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.crossout.net","fingerprint":"9D:3E:9C:5E:8D:F5:F0:D4:A7:71:3F:B3:CD:5A:DE:1B:E4:EA:12:92","blocks":0}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707398512312802,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"95.211.246.178","src_port":42424,"dst_port":20011,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":163,"pkt_l4_len":143,"thread_ts_usec":1707398512312802,"pkt":"RQAAoyyiQABAEf9JCtetAV\/T9rKluE4rAI8kuGVtYmVkZGVkdXBkYXRlci5zdGFydCxlbnY9cHJvZHVjdGlvbixjaXJjdWl0PXd0bS1wcm9kdWN0aW9uLGFwcGxpY2F0aW9uPWNsaWVudCxwcm9qZWN0PXdhcnRodW5kZXIscGxhdGZvcm09YW5kcm9pZCxob3N0PWhvc3RfY2xpZW50OjF8Yw=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707398512312802,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"95.211.246.178","src_port":42424,"dst_port":20011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -27,7 +27,7 @@ 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":4168,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":4168,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1707398512312802,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":134,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":697,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"95.211.246.178","src_port":42424,"dst_port":20011,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1707398512312802} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1707398512312802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -36,10 +36,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929744 bytes -~~ total memory freed........: 6929744 bytes -~~ total allocations/frees...: 114196/114196 +~~ total memory allocated....: 7507340 bytes +~~ total memory freed........: 7507340 bytes +~~ total allocations/frees...: 125927/125927 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars -~~ json message max len.......: 1678 chars -~~ json message avg len.......: 1100 chars +~~ json message max len.......: 1637 chars +~~ json message avg len.......: 1080 chars diff --git a/test/results/default/gaijin_warthunder.pcap.out b/test/results/default/gaijin_warthunder.pcap.out index 6db16807a..6d21d28c6 100644 --- a/test/results/default/gaijin_warthunder.pcap.out +++ b/test/results/default/gaijin_warthunder.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707407475013359} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707407475013359} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475013359,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1707407475013359,"pkt":"SKmKCiNt8C90rUP1CABFAABQKIpAAEARKY3AqFjnuf0U+ZBBTjUAPOjTj\/8AAYL\/AAEAAP\/\/AAAEsAABAAAAAAD\/AAAAAAAAAAAAABOIAAAAAAAAAACWmQpEACYAAA=="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475013359,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1707407475059508,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1707407475059508,"pkt":"SKmKCiNt8C90rUP1CABFAACjTw5AAEAReybAqFjnX9P2spHVTisAj3C2ZGxkYXRhLmxvYWRfZGVjYWxzX2lkeF9vayxlbnY9cHJvZHVjdGlvbixjaXJjdWl0PXByb2R1Y3Rpb24sYXBwbGljYXRpb249Y2xpZW50LHByb2plY3Q9d2FydGh1bmRlcixwbGF0Zm9ybT1saW51eDY0LGhvc3Q9aG9zdF9jbGllbnQ6MXxj"} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475043572,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":189,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1707407475059508,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1707407475059508,"flow_src_last_pkt_time":1707407475059508,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":178,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475059508,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.211.246.178","src_port":37333,"dst_port":20011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1707407475059508} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1707407475059508} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910283 bytes -~~ total memory freed........: 6910283 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7487902 bytes +~~ total memory freed........: 7487902 bytes +~~ total allocations/frees...: 125890/125890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 1125 chars diff --git a/test/results/default/gearman.pcap.out b/test/results/default/gearman.pcap.out index 49adeb7f8..f1df2a23b 100644 --- a/test/results/default/gearman.pcap.out +++ b/test/results/default/gearman.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278690518812160} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278690518812160} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278690518812160,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518812160,"pkt":"AAwpVzzvAFBWwAAICABFAAA0BL9AAIAG1DLAqFABwKhQgFttEnpztNRBAAAAAIACgAAXaAAAAgQFtAEDAwABAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518812898,"pkt":"AFBWwAAIAAwpVzzvCABFAAA0AABAAEAGGPLAqFCAwKhQARJ6W23kPUpKc7TUQoASFtBR+wAAAgQFtAEBBAIBAwME"} @@ -8,7 +8,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518813921,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278690518813921,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Gearman","proto_id":"394","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1278690518814263,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518814263,"pkt":"AAwpVzzvAFBWwAAICABFAAA0BMJAAIAG1C\/AqFABwKhQgFttEnpztNRQ5D1KS1AYgADjywAAAFJFUQAAAAkAAAAA"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518814263,"flow_dst_last_pkt_time":1278690518815728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1278690518815728,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Gearman","proto_id":"394","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1278690518815728} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1278690518815728} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907870 bytes -~~ total memory freed........: 6907870 bytes -~~ total allocations/frees...: 114146/114146 +~~ total memory allocated....: 7485466 bytes +~~ total memory freed........: 7485466 bytes +~~ total allocations/frees...: 125877/125877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 972 chars diff --git a/test/results/default/geforcenow.pcapng.out b/test/results/default/geforcenow.pcapng.out index c2a8c4f5b..e5766bb38 100644 --- a/test/results/default/geforcenow.pcapng.out +++ b/test/results/default/geforcenow.pcapng.out @@ -1,30 +1,30 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684671871380890} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1684671871380890} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871380890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871380890,"pkt":"ILAB4IZiNObXAhsnCABFAAA8bnNAAEAGEYnAqAH1UFSnzuCSv8zOL1q0AAAAAKAC+vC67gAAAgQFtAQCCAp\/iNNhAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871422093,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAC4GkfxQVKfOwKgB9b\/M4JLTvM+Mzi9ataAS\/ojy\/AAAAgQFtAQCCAq2cyW7f4jTYQEDAwo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1684671871422133,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1684671871422133,"pkt":"ILAB4IZiNObXAhsnCABFAAA0bnRAAEAGEZDAqAH1UFSnzuCSv8zOL1q107zPjYAQAfa65gAAAQEICn+I04q2cyW7"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1684671871422359,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1684671871422359,"pkt":"ILAB4IZiNObXAhsnCABFAAI5bnVAAEAGD4rAqAH1UFSnzuCSv8zOL1q107zPjYAYAfa86wAAAQEICn+I04q2cyW7FgMBAgABAAH8AwOBmawp5+UoJYOKlxDkG3gLfUZOp0j+cONlLa4xANLPeiAzefZjv+nUWvpObI1TNRZzYUGNQQDFGUy3YXUeYlFpIgAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAbAAMCAAIADQASABAEAwgEBAEFAwgFBQEIBgYBAAoACgAIGhoAHQAXABgAKwAHBmpqAwQDA0RpAAUAAwJoMgAjAAAABQAFAQAAAAAAMwArACkaGgABAAAdACBZRWyFkcSW7shYCR5Of\/t5XRG79ddMoidoc5u\/JunPZAAtAAIBAQAAADAALgAAKzgwLTg0LTE2Ny0yMDYuY2xvdWRtYXRjaGJldGEubnZpZGlhZ3JpZC5uZXQAEAALAAkIaHR0cC8xLjEAFwAA\/wEAAQAAEgAAAAsAAgEA6uoAAQAAFQCvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871422359,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871422359,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","domainame":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","ja3":"021c7413ddeb0d58973451b0e3b19eca","ja3s":"","ja4":"t13d1516ht_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01414{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871422359,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871422359,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","domainame":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516ht_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 04439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1684671871422359,"flow_dst_last_pkt_time":1684671871464824,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2962,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2962,"pkt_l4_len":2928,"thread_ts_usec":1684671871464824,"pkt":"NObXAhsnILAB4IZiCABFAAuERh1AAC4GQJdQVKfOwKgB9b\/M4JLTvM+Nzi9cuoAYAEDGNgAAAQEICrZzJeV\/iNOKFgMDAEUCAABBAwOiJ4clG9QuUS1cudTLdgoSLoSN7H38ii1pJAxabPAQAgDALwAAGf8BAAEAAAAAAAALAAQDAAECACMAAAAXAAAWAwML0gsAC84AC8sABwMwggb\/MIIF56ADAgECAhAIGdw+yiMYyWbdPQVFBR5AMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBSU0EgU0hBMjU2IDIwMjAgQ0ExMB4XDTIyMDgwOTAwMDAwMFoXDTIzMDgwOTIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEbMBkGA1UEChMSTlZJRElBIENvcnBvcmF0aW9uMSswKQYDVQQDEyJwcm9kLmNsb3VkbWF0Y2hiZXRhLm52aWRpYWdyaWQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cfaeT3EHntMIoMkT+ck3TC31Jt9LdKR8eDN1HH7B5u2t2KgRVnCTxI+wzvXEvEc8TSaG32eKBtzru1RpJFhDmBDzW0HL289iePOzNwXkOotzMblsOStYvcr9ib09QuoqocfBgUX58fJrA7a3roT0sDcllKZFVmN2EjAHa65VRdIxuwxcM8Ch7OLkr0wLQMbfF8PwEV8Xuy67WFu5y4FGTOHq9KIOGUZh0R\/EiCBNR9cm9SKfp2MYRJRiUONLfZ+jcfWA4qfbLv66TlF+yBvoBdxKcq1adIjxhN9til1wwe0uaEZS1QwNcKBpO8PC0evGIAWC8duPGKa8Xx8dYl2bwIDAQABo4IDoTCCA50wHwYDVR0jBBgwFoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFLj5F3Ki\/z8JsIOMGMJoa3fsKERAME4GA1UdEQRHMEWCInByb2QuY2xvdWRtYXRjaGJldGEubnZpZGlhZ3JpZC5uZXSCHyouY2xvdWRtYXRjaGJldGEubnZpZGlhZ3JpZC5uZXQwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB\/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAJBgNVHRMEAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYKDlF0ZAAAEAwBGMEQCIFPUXJVIQ2KuNfzPjVDO4mzyneBSgHk4gbtVmzKIyqFiAiA0S1YxKNY1vvkPsovrZU2CgHzUyrj7oIvVnYE8ZbL0OQB2ADXPGRu\/sWxXvw+tTG1Cy7u2JyAmUeo\/4SrvqAPDO9ZMAAABgoOUXV0AAAQDAEcwRQIhAM5iOcS229cWwv56HyUa1mxj7teKu+8zizKGu9z3yKOOAiAmMITCC9dHQPfQk4jQrtTGDBtpYbHT56HAqaXC7640wwB1ALc++yTfnE26dfI5xbpY9Gxd\/ELPep81xJ4dCYEl7bSZAAABgoOUXVEAAAQDAEYwRAIgW3dtTcrwonoTkNejkMk9TJ5v4OL8vWayGsbfFt39cO8CIAVlKzkayOnXsapCVwP0Uowd80zre8XmiBIpWtD4inPdMA0GCSqGSIb3DQEBCwUAA4IBAQBESeMYHSubFw7YBil7umFJsWCqgSY3c9mW1hC3YcSJ06HkXietCOUrsE+qLAdI\/1w4TsG\/Yndyzy9KjJMzX2p7RWVe1VN8zUJdQuyoN4WtDcmEKhm\/RJyvAZVeekG0q8PeevtR+p2Bu7rwUHa6TvPBcZQAl6AotmQzj4p+BU1RUt+gqpWhLAytctjTShoP5ygXKD\/Y2RZNZJz2baujOGKdU4NoJy2e550R6WzHwrisL17SqY1\/8sURPFSknK+ax9L7KALoF6VbCdWaGTtBhqOSpXKLsJszxCNlTDiW8SFNeBU\/XQ5rGNae126UheCMz6tTw17IThOzXZjh\/T3R9WJpAATCMIIEvjCCA6agAwIBAgIQBtjZBNVYQ0b2ii+nVCJ+xDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBSU0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6aqXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddng9\/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE\/\/i+p1hJInuWraKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG\/cUJ9WIQDgLGBAfr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21reacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBgjCCAX4wEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUt2ui6qiqhIx56rTaD5iyxZV2ufQwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwCwYJYIZIAYb9bAIBMAcGBWeBDAEBMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQCAMs5eC91uWg0Kr+HWhMvAjvqFcO3aXbMM9yt1QP6FCvrzMXi3cEsaiVi6gL3zaw=="} -01515{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871422359,"flow_dst_last_pkt_time":1684671871464824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1684671871464824,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","domainame":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","ja3":"021c7413ddeb0d58973451b0e3b19eca","ja3s":"098e26e2609212ac1bfac552fbe04127","ja4":"t13d1516ht_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871464878,"flow_dst_last_pkt_time":1684671871464878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3419,"midstream":0,"thread_ts_usec":1684671871464878,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","domainame":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","server_names":"prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net","ja3":"021c7413ddeb0d58973451b0e3b19eca","ja3s":"098e26e2609212ac1bfac552fbe04127","ja4":"t13d1516ht_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77","blocks":0}}} +01474{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871422359,"flow_dst_last_pkt_time":1684671871464824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1684671871464824,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","domainame":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","ja3s":"098e26e2609212ac1bfac552fbe04127","ja4":"t13d1516ht_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01815{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871464878,"flow_dst_last_pkt_time":1684671871464878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3419,"midstream":0,"thread_ts_usec":1684671871464878,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","domainame":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","server_names":"prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net","ja3s":"098e26e2609212ac1bfac552fbe04127","ja4":"t13d1516ht_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77","blocks":0}}} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871611894,"flow_dst_last_pkt_time":1684671871611894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":669,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":1367,"flow_dst_tot_l4_payload_len":31825,"midstream":0,"thread_ts_usec":1684671871611894,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":14903.5,"max":47333,"stddev":17676.6,"var":312463360.0,"ent":3.9,"data": [41203,41243,226,42731,42519,54,16,5947,47333,41968,42407,0,41955,155,4158,2454,15862,0,0,41,9328,25186,0,25245,4217,4258,11750,11667,45,20,20]},"pktlen": {"min":52,"avg":1089.8,"max":2948,"stddev":1283.5,"var":1647314.5,"ent":4.0,"data": [60,60,52,569,2948,52,575,52,145,326,721,324,235,52,217,96,96,2948,2948,2948,1500,52,2948,2948,52,2948,52,2948,52,2948,52,2948]},"bins": {"c_to_s": [10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10]},"directions": [0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1],"entropies": [4.825882912,5.279368877,5.207947731,4.797474861,7.333730698,5.169486046,7.591311932,5.169486046,6.138707161,7.168643475,7.677440643,7.274022579,6.973204136,5.207947731,6.943279743,5.763498783,5.664438248,7.941471577,7.933756351,7.935662746,7.862148762,5.207947731,7.936669827,7.942846298,5.207947731,7.941987514,5.169486046,7.928585052,5.270353794,7.943464279,5.217375278,7.941396713]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871710618,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1684671871710618,"pkt":"ILAB4IZiNObXAhsnCABFAAB8NTxAAEARSnXAqAH1UFSnzszZSBQAaLs5AAEATCESpEJmZkFURGcvR3owYVkABgAJRWE1YTpKVkRSAAAAwFcABAAAA+eAKgAIwnuZSt3ewSoAJAAEbgAe\/wAIABRbjKTQjvzi9vcKvdFEaoRq\/ONY24AoAAQNZzi7"} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871710618,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871710618,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1684671871776671,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1684671871776671,"pkt":"ILAB4IZiNObXAhsnCABFAAB8NUNAAEARSm7AqAH1UFSnzszZSBQAaLs5AAEATCESpEJla0tlZ1NwZFdvYXIABgAJRWE1YTpKVkRSAAAAwFcABAAAA+eAKgAIwnuZSt3ewSoAJAAEbgAe\/wAIABQYMoB7d2aIwJgIuBI3wy6BEencYYAoAATSvoZR"} -01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871776671,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871776671,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871776671,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871776671,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1684671871840001,"pkt":"ILAB4IZiNObXAhsnCABFAAB8NUhAAEARSmnAqAH1UFSnzszZSBQAaLs5AAEATCESpEJkcjVFMmVxQTYxZnoABgAJRWE1YTpKVkRSAAAAwFcABAAAA+eAKgAIwnuZSt3ewSoAJAAEbgAe\/wAIABQWkhd4FNiOGvWn2VSo9pJzHJ6I74AoAAQGsG5+"} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1684671871882365,"pkt":"NObXAhsnILAB4IZiCABFAABcNN8AAGwRXvJQVKfOwKgB9UgUzNkASFouAQEALCESpEJkcjVFMmVxQTYxZnoAIAAIAAHo0SsSsEoACAAURhnLH3zQvCAinCnMXYq2EhDyy7aAKAAEA6pl0w=="} -01151{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1684671871882365,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.0.20.8:51651"}}} +01185{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1684671871882365,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.0.20.8:51651","multimedia_flow_types":"Unknown"}}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1684671871884042,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1684671871884042,"pkt":"ILAB4IZiNObXAhsnCABFAAC5NU5AAEARSibAqAH1UFSnzszZSBQApbt2Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79MP1IsuaCwvl\/YcA2OU510BmzK4mvnRXYSsRswUXHqK8AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871884042,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":445,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1684671871884042,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -01471{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872527893,"flow_dst_last_pkt_time":1684671872571873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1684671872571873,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"a9e0318114bb46bdbeef6d54e42c915f","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"CN=NVIDIA GameStream","subjectDN":"CN=NVIDIA GameStream","fingerprint":"D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E","blocks":0}}} +01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871884042,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":445,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1684671871884042,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01430{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872527893,"flow_dst_last_pkt_time":1684671872571873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1684671872571873,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"DTLSv1.2","ja3s":"a9e0318114bb46bdbeef6d54e42c915f","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"CN=NVIDIA GameStream","subjectDN":"CN=NVIDIA GameStream","fingerprint":"D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E","blocks":0}}} 02307{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671872718418,"flow_dst_last_pkt_time":1684671871771400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":6969,"flow_dst_tot_l4_payload_len":38102,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":108,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1684671872745627} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":108,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1684671872745627} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 108/108 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7051550 bytes -~~ total memory freed........: 7051550 bytes -~~ total allocations/frees...: 114280/114280 +~~ total memory allocated....: 7629189 bytes +~~ total memory freed........: 7629189 bytes +~~ total allocations/frees...: 126013/126013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 4444 chars diff --git a/test/results/default/genshin-impact.pcap.out b/test/results/default/genshin-impact.pcap.out index eca8a9728..c99644173 100644 --- a/test/results/default/genshin-impact.pcap.out +++ b/test/results/default/genshin-impact.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1615497372822667} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1615497372822667} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1615497372822667,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372843789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1615497372883763,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1615497372914092,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1615497372922682,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1615497372922682,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+mEAAD8R\/vzAqAJkL\/WPVeWOVlUAJJKtMhgDABWiDTpSAAAB3qQlIwAAAAABAAAAAAAAAA=="} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1617969465739661} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1617969465739661} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1617969465739661,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969465822356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1617969465822356,"pkt":"YDjgxTWgeJS0JASgCABFAAA4mnVAADcRDMgv\/qltwKgCZFZW5wkAJNCqrCICAM3EmrpSAAABbMl+tgAAAAABAAAAAAAAAA=="} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969466442121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1617969466442121,"pkt":"YDjgxTWgeJS0JASgCABFAADDnBFAADcRCqEv\/qltwKgCZFZW5wkAr58vrCICAM3EmrpRAAABP8x+tgAAAAABAAAAiwAAAOjKqWVw7UqL9cV3tYWQZx8+3lVfAt\/cHNmWKr5HDFui7AF186oJD92EHtODJcp3zBYr48tD1h1Wy1znPkPfrQyOdDY0xX4woCkAFe\/M0qGOOXqx5KQ032vvPu3M8qe6WA1GLKlWVI5iU9E1q9MYvSH7QLzYypooMZ9tX0Ab4QCSgJ54yulHLEquC+U="} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497374420722,"flow_dst_last_pkt_time":1615497374454886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":1181,"flow_src_tot_l4_payload_len":1075,"flow_dst_tot_l4_payload_len":3232,"midstream":0,"thread_ts_usec":1617969467485845,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1618759616491441} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1618759616491441} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1618759616491441,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1618759616572945,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1618759616601044,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1618759616612938,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1618759616612938,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/jQAAD8Ra+TAqAJkCNFFv81fVlUAJJbpXPECABn4gxJSAAABTIiX5QAAAAABAAAAAAAAAA=="} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969467485845,"flow_dst_last_pkt_time":1617969467482889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":298,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1618759618761347,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1650541441246000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1650541441246000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441246000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650541441246000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hmVAAD8GAmXAqAJkMTO+spuOAFDYKxQrAAAAAKAC\/\/\/VsQAAAgQFtAQCCAoNnimHAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650541441413000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GmdIxM76ywKgCZABQm44lLXPY2CsULIAScUgpvgAAAgQFhgEBBAIBAwMC"} @@ -34,7 +34,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441582000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650541441582000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo12pAAC4GwnMxM76ywKgCZABQm44lLXPZ2CsUVlAQHFK\/KQAAAAAAAAAA"} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759618715293,"flow_dst_last_pkt_time":1618759618761347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":1681,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1650541441932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1650813582412000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1650813582412000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582412000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650813582412000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8XGBAAD8GNXTAqAJkMTO1qJsGAFBg5zJJAAAAAKAC\/\/\/zjAAAAgQFtAQCCAo+Nj3MAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650813582583000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZABQmwaucKQhYOcySoAScUjS6QAAAgQFhgEBBAIBAwMC"} @@ -43,7 +43,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582759000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650813582759000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoY7JAAC4GPzYxM7WowKgCZABQmwaucKQiYOcydFAQHFJoVQAAAAAAAAAA"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441932000,"flow_dst_last_pkt_time":1650541441930000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1650813583121000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655043605088000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655043605088000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043605088000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043605088000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8y9BAAD8GxgPAqAJkMTO1qLC+Jxyp+mQnAAAAAKAC\/\/\/OLAAAAgQFtAQCCArRkRhbAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605260000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043605260000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZCccsL7ZMHkgqfpkKIAScUgbtQAAAgQFhgEBBAIBAwMC"} @@ -53,7 +53,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655043605265000,"flow_dst_last_pkt_time":1655043605436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043605436000,"pkt":"YDjgxTWgeJS0JASgCABFAAAocDRAAC4GMrQxM7WowKgCZCccsL7ZMHkhqfpkUlAQHFKxIAAAAAAAAAAA"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605840000,"flow_dst_last_pkt_time":1655043606011000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":492,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813583121000,"flow_dst_last_pkt_time":1650813583117000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1821,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1655043606011000} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1655043606011000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -62,9 +62,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928339 bytes -~~ total memory freed........: 6928339 bytes -~~ total allocations/frees...: 114288/114288 +~~ total memory allocated....: 7505981 bytes +~~ total memory freed........: 7505981 bytes +~~ total allocations/frees...: 126021/126021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1121 chars diff --git a/test/results/default/git.pcap.out b/test/results/default/git.pcap.out index d75917ca6..63aa00ec1 100644 --- a/test/results/default/git.pcap.out +++ b/test/results/default/git.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460821630164056} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460821630164056} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460821630164056,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630164056,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630221958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630221958,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} @@ -9,7 +9,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1460821630222080,"flow_dst_last_pkt_time":1460821630278031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1460821630278031,"pkt":"PJcOZtCOnJcm0ghCCABFCAA0J+9AAC8GdikFmecVwKgATSTKu3dqwE5WfoYLioAQAHLGLwAAAQEICiuNabkBp0gh"} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630544728,"flow_dst_last_pkt_time":1460821630545903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":19825,"midstream":0,"thread_ts_usec":1460821630545903,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":24597.4,"max":99851,"stddev":28614.0,"var":818762240.0,"ent":3.8,"data": [57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651]},"pktlen": {"min":52,"avg":690.9,"max":2932,"stddev":773.9,"var":598945.8,"ent":4.1,"data": [60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1],"entropies": [4.739262104,5.279368877,5.115703106,5.628006458,5.195351124,5.731617451,5.115702629,4.962421417,5.154164791,5.045848370,5.195351601,5.288749218,5.233812809,5.389901161,4.890160084,5.154164791,6.262699604,7.849300385,5.154164791,7.861139297,7.866855145,5.154164791,7.887691021,5.024262905,7.851975918,7.853373528,5.154164791,7.871936798,7.800623894,5.115703106,7.834641933,7.837094784]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":49,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821631220936,"flow_dst_last_pkt_time":1460821631269756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":67444,"midstream":0,"thread_ts_usec":1460821631269756,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1460821631269756} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":90,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1460821631269756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910247 bytes -~~ total memory freed........: 6910247 bytes -~~ total allocations/frees...: 114228/114228 +~~ total memory allocated....: 7487843 bytes +~~ total memory freed........: 7487843 bytes +~~ total allocations/frees...: 125959/125959 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2176 chars diff --git a/test/results/default/gnutella.pcap.out b/test/results/default/gnutella.pcap.out index 63b0de92d..b760e6850 100644 --- a/test/results/default/gnutella.pcap.out +++ b/test/results/default/gnutella.pcap.out @@ -1,4 +1,4 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00269{"error_event_id":4,"error_event_name":"Packet too short","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":22,"packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","size":4,"expected":14,"global_ts_usec":22} 00278{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":4,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":22,"pkt":"AAAAAA=="} 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":9752391,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":9752391,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -95,7 +95,7 @@ 01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":16062775,"flow_dst_last_pkt_time":15469932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":666,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":666,"pkt_l4_len":632,"thread_ts_usec":16062775,"pkt":"AQBef\/\/6CAAn5uVZCABFAAKM4JcAAAER2sAKAAIP7\/\/\/+vncDnYCeP4aPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5IiB4bWxuczp3c2RwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA2LzAyL2RldnByb2YiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUHJvYmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6Mzg1ZTYwZDgtMDkyYS00YjJiLWJkZmMtNmMyZDFkNTBhYzQyPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlByb2JlPjx3c2Q6VHlwZXM+d3NkcDpEZXZpY2U8L3dzZDpUeXBlcz48L3dzZDpQcm9iZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00742{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":16487243,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":16487243,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":16487243,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":16487243,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHPgAAIARBAMKAAIPCgAC\/wCKAIoA0aFXEQKcLAoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQBg6gAATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} -01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":16487243,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":16487243,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10","domainame":"msedgewin10"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":16487243,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":16487243,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10","domainame":"msedgewin10"}} 01353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":16578213,"flow_dst_last_pkt_time":15469659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":686,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":686,"pkt_l4_len":632,"thread_ts_usec":16578213,"pkt":"MzMAAAAMCAAn5uVZht1gCQFeAngRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+d0OdgJ4bjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiIHhtbG5zOndzZHA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDYvMDIvZGV2cHJvZiI+PHNvYXA6SGVhZGVyPjx3c2E6VG8+dXJuOnNjaGVtYXMteG1sc29hcC1vcmc6d3M6MjAwNTowNDpkaXNjb3Zlcnk8L3dzYTpUbz48d3NhOkFjdGlvbj5odHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA0L2Rpc2NvdmVyeS9Qcm9iZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozODVlNjBkOC0wOTJhLTRiMmItYmRmYy02YzJkMWQ1MGFjNDI8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UHJvYmU+PHdzZDpUeXBlcz53c2RwOkRldmljZTwvd3NkOlR5cGVzPjwvd3NkOlByb2JlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} 01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":16827978,"flow_dst_last_pkt_time":15469932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":666,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":666,"pkt_l4_len":632,"thread_ts_usec":16827978,"pkt":"AQBef\/\/6CAAn5uVZCABFAAKM4JgAAAER2r8KAAIP7\/\/\/+vncDnYCeP4aPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5IiB4bWxuczp3c2RwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA2LzAyL2RldnByb2YiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUHJvYmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6Mzg1ZTYwZDgtMDkyYS00YjJiLWJkZmMtNmMyZDFkNTBhYzQyPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlByb2JlPjx3c2Q6VHlwZXM+d3NkcDpEZXZpY2U8L3dzZDpUeXBlcz48L3dzZDpQcm9iZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":17749890,"flow_dst_last_pkt_time":9752466,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":17749890,"pkt":"MzMAAAACCAAn5uVZht1gAAAAABA6\/\/6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAChQDYkwAAAAABAQgAJ+blWQ=="} @@ -380,7 +380,7 @@ 00957{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12446804,"flow_src_last_pkt_time":12446804,"flow_dst_last_pkt_time":12446804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"msedgewin10"}} 00927{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12447076,"flow_src_last_pkt_time":12447076,"flow_dst_last_pkt_time":12447076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":548,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00958{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":12827507,"flow_src_last_pkt_time":41755684,"flow_dst_last_pkt_time":12827507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":966,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"msedgewin10"}} -01086{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":16487243,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":16487243,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":15284358,"flow_src_last_pkt_time":23969210,"flow_dst_last_pkt_time":15284358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":13118832,"flow_src_last_pkt_time":15640687,"flow_dst_last_pkt_time":13118832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1073,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1073,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12876,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00941{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":15469932,"flow_src_last_pkt_time":22405999,"flow_dst_last_pkt_time":15469932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":624,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":624,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71122895,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1197,7 +1197,7 @@ 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_src_last_pkt_time":90746322,"flow_dst_last_pkt_time":90787996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":90787996,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2cAAEAGHo9QB\/zACgACDxroxIoAs7ABAD7ueWAS\/\/\/AYAAAAgQFtA=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90787996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":90787996,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoIw9AAIAGfuoKAAIPUAf8wMSKGugAPu55ALOwAlAQ+vDdLAAA"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":4,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90787996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_usec":90787996,"pkt":"UlQAEjUCCAAn5uVZCABFAAEwIxBAAIAGfeEKAAIPUAf8wMSKGugAPu55ALOwAlAY+vCaNQAAFgMBAQMBAAD\/AwNiJQp+8saRTGn5FOybSdB1cukDK58nNQ\/S5GTjEfxYrwAAjMArwCzAhsCHwAnAI8AKwCTAcsBzwKzArcAIwC\/AMMCKwIvAE8AnwBTAKMB2wHfAEgCcAJ3AesB7AC8APAA1AD0AQQC6AIQAwMCcwJ0ACgCeAJ\/AfMB9ADMAZwA5AGsARQC+AIgAxMCewJ8AFsAYwBnAFwCmAKfAhMCFADQAbAA6AG0ARgC\/AIkAxQAbAQAASgAXAAAAFgAAAAUABQEAAAAA\/wEAAQAAIwAAAAoADAAKABcAGAAZABUAEwALAAIBAAANABYAFAQBBAMFAQUDBgEGAwMBAwMCAQID"} -01466{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":90746322,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90787996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":90787996,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","ja4":"t12d700800_738c12401e81_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":90746322,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90787996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":90787996,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d700800_738c12401e81_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":5,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90787996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":90787996,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoA2gAAEAGHpJQB\/zACgACDxroxIoAs7ACAD7vgVAQ\/\/\/XFQAA"} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_src_last_pkt_time":90741945,"flow_dst_last_pkt_time":90795846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":90795846,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA24AAEAGymQugHJrCgACDxmyxHoAtKoBziHWF2AS\/\/++AAAAAgQFtA=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_src_last_pkt_time":90796080,"flow_dst_last_pkt_time":90795846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":90796080,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoDztAAIAGPpsKAAIPLoBya8R6GbLOIdYXALSqAlAQ+vDazAAA"} @@ -1224,7 +1224,7 @@ 01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":4,"flow_src_last_pkt_time":90850187,"flow_dst_last_pkt_time":90843516,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":654,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":654,"pkt_l4_len":620,"thread_ts_usec":90850187,"pkt":"UlQAEjUCCAAn5uVZCABFAAKApBtAAIAGqdUKAAIPJo536sR3wkQjIZHCALeYAlAY+vCO7wAAR05VVEVMTEEgQ09OTkVDVC8wLjYNCk5vZGU6IDkzLjQ3LjIyNi41MzoyODY4MQ0KUmVtb3RlLUlQOiAzOC4xNDIuMTE5LjIzNA0KVXNlci1BZ2VudDogZ3RrLWdudXRlbGxhLzEuMi4yICgyMDIyLTAyLTI1OyBHVEsyOyBXaW5kb3dzIHg2NCkNClBvbmctQ2FjaGluZzogMC4xDQpCeWUtUGFja2V0OiAwLjENCkdHRVA6IDAuNQ0KR1VJRDogNzRlODMxMDI0MTRjOWZiNjE3YWJiMTBjOTc2MDU5NGENClZlbmRvci1NZXNzYWdlOiAwLjINClgtUXVlcnktUm91dGluZzogMC4yDQpYLVJlcXVlcmllczogRmFsc2UNClVwZ3JhZGU6IFRMUy8xLjANCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZQ0KWC1Ub2tlbjogWWlVSjVPTXdUbzNqRkZRTC9tcUI5MUN3dS9kYW1NRWw1ZGhHOyBPY1dtY3c9PQ0KWC1MaXZlLVNpbmNlOiBTdW4sIDA2IE1hciAyMDIyIDExOjIyOjEwIC0wODAwDQpYLVVsdHJhcGVlcjogRmFsc2UNClgtRHluYW1pYy1RdWVyeWluZzogMC4xDQpYLVVsdHJhcGVlci1RdWVyeS1Sb3V0aW5nOiAwLjENClgtRGVncmVlOiAzMg0KWC1NYXgtVFRMOiA0DQpYLUd1ZXNzOiAwLjINClgtRmVhdHVyZXM6IHRscy8xLjAsIHNmbGFnLzAuMSwgSFNFUC8wLjINCg0K"} 01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":90740683,"flow_src_last_pkt_time":90850187,"flow_dst_last_pkt_time":90843516,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":90850187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":5,"flow_src_last_pkt_time":90850187,"flow_dst_last_pkt_time":90850267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":90850267,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoA5kAAEAGzLAmjnfqCgACD8JExHcAt5gCIyGUGlAQ\/\/8unAAA"} -01999{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90746322,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90857440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":90857440,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","ja4":"t12d700800_738c12401e81_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93","blocks":0}}} +01958{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90746322,"flow_src_last_pkt_time":90787996,"flow_dst_last_pkt_time":90857440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":90857440,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"1249fb68f48c0444718e4d3b48b27188","ja4":"t12d700800_738c12401e81_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93","blocks":0}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":2,"flow_src_last_pkt_time":90845230,"flow_dst_last_pkt_time":90857929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":90857929,"pkt":"CAAn5uVZUlQAEjUCCABFAAB0A6AAAEAReda8PTS3CgACDy5McAkAYD84Gu4xAkJx0f\/\/24\/JSJ6wAwEBAEEAAABMLrw9NLcAAAAACAAAAMMCVkNFR1RLR1cDR1VFQQICVVBDAgEHAkRVQ4BRAQNUTFNAA0RIVEMAAAGCUUtE7kD0pA=="} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":90864578,"flow_src_last_pkt_time":90864578,"flow_dst_last_pkt_time":90864578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":90864578,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_src_last_pkt_time":90864578,"flow_dst_last_pkt_time":90864578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":90864578,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4OIoAAIAR8bMKAAIPubtKrXAJ0PEAJMQW\/3wxAm1gREr\/fw\/7dxmzAwABAAUAAADDglFLQA=="} @@ -1507,18 +1507,18 @@ 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":2,"flow_src_last_pkt_time":114930255,"flow_dst_last_pkt_time":115039245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":115039245,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeIAAEAGgIBFdqLlCgACD7c6xJcA8yoBKsf7BWAS\/\/\/XGAAAAgQFtA=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":3,"flow_src_last_pkt_time":115039725,"flow_dst_last_pkt_time":115039245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":115039725,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobAxAAIAGmlkKAAIPRXai5cSXtzoqx\/sFAPMqAlAQ+vDz5AAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1972,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":4,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":115039245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_usec":115040547,"pkt":"UlQAEjUCCAAn5uVZCABFAAI9bA1AAIAGmEMKAAIPRXai5cSXtzoqx\/sFAPMqAlAY+vATGQAAR0VUIC91cmktcmVzL04yUj91cm46c2hhMTpMWElQMkE3MlQ1SDNCVTNHUlVNWkZZTlUzT1lESzZGSSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogZ3RrLWdudXRlbGxhLzEuMi4yICgyMDIyLTAyLTI1OyBHVEsyOyBXaW5kb3dzIHg2NCkNCkhvc3Q6IDY5LjExOC4xNjIuMjI5OjQ2OTA2DQpYLUZlYXR1cmVzOiB0bHMvMS4wLCBxdWV1ZS8xLjENClgtVG9rZW46IFlpVUo1T013VG8zakZGUUwvbXFCOTFDd3UvZGFtTUVsNWRoRzsgT2NXbWN3PT0NCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZQ0KVXBncmFkZTogVExTLzEuMA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KWC1RdWV1ZTogMS4xDQpSYW5nZTogYnl0ZXM9MC0xMDQ4NTc1DQpYLURvd25sb2FkZWQ6IDANClgtRlctTm9kZS1JbmZvOiA3NGU4MzEwMjQxNGM5ZmI2MTdhYmIxMGM5NzYwNTk0YTsgMjg2ODE6OTMuNDcuMjI2LjUzOw0KCTE4OC42MS41Mi4xODM6MTE4NTI7IDEwNC4yMzguMTcyLjI1MDoyMzU0ODsgMTA0LjE1Ni4yMjYuNzI6NTMyNTg7DQoJNzUuMTMzLjEwMS45Mzo1MjM2Nw0KDQo="} -01633{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1972,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":114930255,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":115039245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":115040547,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"69.118.162.229","domainame":"69.118.162.229","http": {"url":"69.118.162.229:46906\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":0,"content_type":"","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} +01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1972,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":114930255,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":115039245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":115040547,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"69.118.162.229","domainame":"69.118.162.229","http": {"url":"69.118.162.229:46906\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":0,"content_type":"","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1973,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":5,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":115040805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":115040805,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoBeMAAEAGgINFdqLlCgACD7c6xJcA8yoCKsf9GlAQ\/\/\/swAAA"} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_src_last_pkt_time":114930776,"flow_dst_last_pkt_time":115124425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":115124425,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeQAAEAGYvO9k0hTCgACD2X8xJgA9CQBhHBOQWAS\/\/9j5QAAAgQFtA=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_src_last_pkt_time":115126121,"flow_dst_last_pkt_time":115124425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":115126121,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoz\/tAAIAGGN8KAAIPvZNIU8SYZfyEcE5BAPQkAlAQ+vCAsQAA"} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1976,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":4,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":115124425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":115127909,"pkt":"UlQAEjUCCAAn5uVZCABFAAJCz\/xAAIAGFsQKAAIPvZNIU8SYZfyEcE5BAPQkAlAY+vAhYAAAR0VUIC91cmktcmVzL04yUj91cm46c2hhMTpMWElQMkE3MlQ1SDNCVTNHUlVNWkZZTlUzT1lESzZGSSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogZ3RrLWdudXRlbGxhLzEuMi4yICgyMDIyLTAyLTI1OyBHVEsyOyBXaW5kb3dzIHg2NCkNCkhvc3Q6IDE4OS4xNDcuNzIuODM6MjYxMDgNClgtRmVhdHVyZXM6IHRscy8xLjAsIHF1ZXVlLzEuMQ0KWC1Ub2tlbjogWWlVSjVPTXdUbzNqRkZRTC9tcUI5MUN3dS9kYW1NRWw1ZGhHOyBPY1dtY3c9PQ0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlDQpVcGdyYWRlOiBUTFMvMS4wDQpDb25uZWN0aW9uOiBVcGdyYWRlDQpYLVF1ZXVlOiAxLjENClJhbmdlOiBieXRlcz0yNzA5OTI0LTMyMzQyMTENClgtRG93bmxvYWRlZDogMA0KWC1GVy1Ob2RlLUluZm86IDc0ZTgzMTAyNDE0YzlmYjYxN2FiYjEwYzk3NjA1OTRhOyAyODY4MTo5My40Ny4yMjYuNTM7DQoJMTg4LjYxLjUyLjE4MzoxMTg1MjsgMTA0LjIzOC4xNzIuMjUwOjIzNTQ4OyAxMDQuMTU2LjIyNi43Mjo1MzI1ODsNCgk3NS4xMzMuMTAxLjkzOjUyMzY3DQoNCg=="} -01629{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1976,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":114930776,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":115124425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":115127909,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"189.147.72.83","domainame":"189.147.72.83","http": {"url":"189.147.72.83:26108\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":0,"content_type":"","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} +01529{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1976,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":114930776,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":115124425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":115127909,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"189.147.72.83","domainame":"189.147.72.83","http": {"url":"189.147.72.83:26108\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":0,"content_type":"","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1977,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":5,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":115128100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":115128100,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoBeUAAEAGYva9k0hTCgACD2X8xJgA9CQChHBQW1AQ\/\/95iAAA"} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1980,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":115369554,"flow_src_last_pkt_time":115369554,"flow_dst_last_pkt_time":115369554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":115369554,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":115369554,"flow_dst_last_pkt_time":115369554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":115369554,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ticAAIARadEKAAIPDsj\/5XAJkMIAJDeaLGAxAs8iaaH\/Df9W3JltAwABAAUAAADDglFLQA=="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":115369554,"flow_dst_last_pkt_time":115702290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":115702290,"pkt":"CAAn5uVZUlQAEjUCCABFAABKBegAAEARWf8OyP\/lCgACD5DCcAkANl\/hLGAxAs8iaaH\/Df9W3JltAwEBABcAAADCkA7I\/+WyNgAAAAAgAMOCUUtEGERIlw=="} -01783{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930255,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":116164038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":794,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":794,"midstream":0,"thread_ts_usec":116164038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"69.118.162.229","domainame":"69.118.162.229","http": {"url":"69.118.162.229:46906\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} -01779{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1990,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930776,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":116336924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":806,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":116336924,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"189.147.72.83","domainame":"189.147.72.83","http": {"url":"189.147.72.83:26108\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} +01683{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930255,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":116164038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":794,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":794,"midstream":0,"thread_ts_usec":116164038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"69.118.162.229","domainame":"69.118.162.229","http": {"url":"69.118.162.229:46906\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} +01679{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1990,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930776,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":116336924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":806,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":116336924,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"189.147.72.83","domainame":"189.147.72.83","http": {"url":"189.147.72.83:26108\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":5,"flow_src_last_pkt_time":116628818,"flow_dst_last_pkt_time":95911831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":116628818,"pkt":"UlQAEjUCCAAn5uVZCABFAABtP0cAAIARMnMKAAIPdvBFx3AJGMwAWboABjMxAj4wOckacH6ZjRVmWUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1999,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":116628965,"flow_src_last_pkt_time":116628965,"flow_dst_last_pkt_time":116628965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":116628965,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":116628965,"flow_dst_last_pkt_time":116628965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":116628965,"pkt":"UlQAEjUCCAAn5uVZCABFAABtIxgAAIARvpEKAAIPUAf8wHAJGugAWSw6p+kxAjYZLonacBdkV9ywAUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} @@ -1538,7 +1538,7 @@ 00959{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12446804,"flow_src_last_pkt_time":12446804,"flow_dst_last_pkt_time":12446804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"msedgewin10"}} 00929{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12447076,"flow_src_last_pkt_time":12447076,"flow_dst_last_pkt_time":12447076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":548,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":12827507,"flow_src_last_pkt_time":41755684,"flow_dst_last_pkt_time":12827507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":966,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"msedgewin10"}} -01088{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":73950296,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":73950296,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":15284358,"flow_src_last_pkt_time":23969210,"flow_dst_last_pkt_time":15284358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":71540885,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":72852642,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -1635,7 +1635,7 @@ 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_src_last_pkt_time":126831784,"flow_dst_last_pkt_time":126943376,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":126943376,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBmMAAEAGf\/9FdqLlCgACD7c6xJoBCaABtHeiHmAS\/\/8wNgAAAgQFtA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":3,"flow_src_last_pkt_time":126943824,"flow_dst_last_pkt_time":126943376,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":126943824,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobCFAAIAGmkQKAAIPRXai5cSatzq0d6IeAQmgAlAQ+vBNAgAA"} 01196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":4,"flow_src_last_pkt_time":126944176,"flow_dst_last_pkt_time":126943376,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":567,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":567,"pkt_l4_len":533,"thread_ts_usec":126944176,"pkt":"UlQAEjUCCAAn5uVZCABFAAIpbCJAAIAGmEIKAAIPRXai5cSatzq0d6IeAQmgAlAY+vBcAgAAR0VUIC9nbnV0ZWxsYS90aGV4L3YxP3Vybjp0cmVlOnRpZ2VyLzozV01VUzZXTTJaQzdYSVBSUURLWFdISEpSVjRJS1lDNE9YNEVMQ0EmZGVwdGg9OSZlZDJrPTEgSFRUUC8xLjENClVzZXItQWdlbnQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNTsgR1RLMjsgV2luZG93cyB4NjQpDQpIb3N0OiA2OS4xMTguMTYyLjIyOTo0NjkwNg0KWC1GZWF0dXJlczogdGxzLzEuMCwgcXVldWUvMS4xDQpYLVRva2VuOiBZaVVLSk1JTm9tR2NQNHpueUcxOC9rTjFaZkZ5aDVMNnNZZkg7IFl4djhyUT09DQpBY2NlcHQ6IGFwcGxpY2F0aW9uL2RpbWUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZQ0KWC1RdWV1ZTogMS4xDQpYLUZXLU5vZGUtSW5mbzogNzRlODMxMDI0MTRjOWZiNjE3YWJiMTBjOTc2MDU5NGE7IDI4NjgxOjkzLjQ3LjIyNi41MzsNCgkxODguNjEuNTIuMTgzOjExODUyOyAxMDQuMjM4LjE3Mi4yNTA6MjM1NDg7IDEwNC4xNTYuMjI2LjcyOjUzMjU4Ow0KCTc1LjEzMy4xMDEuOTM6NTIzNjcNCg0K"} -01669{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2081,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":126831784,"flow_src_last_pkt_time":126944176,"flow_dst_last_pkt_time":126943376,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":513,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":126944176,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"69.118.162.229","domainame":"69.118.162.229","http": {"url":"69.118.162.229:46906\/gnutella\/thex\/v1?urn:tree:tiger\/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1","code":0,"content_type":"","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} +01569{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2081,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":126831784,"flow_src_last_pkt_time":126944176,"flow_dst_last_pkt_time":126943376,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":513,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":126944176,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"69.118.162.229","domainame":"69.118.162.229","http": {"url":"69.118.162.229:46906\/gnutella\/thex\/v1?urn:tree:tiger\/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1","code":0,"content_type":"","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":5,"flow_src_last_pkt_time":126944176,"flow_dst_last_pkt_time":126944392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":126944392,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoBmQAAEAGgAJFdqLlCgACD7c6xJoBCaACtHekH1AQ\/\/9F8gAA"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2094,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174282,"flow_src_last_pkt_time":129174282,"flow_dst_last_pkt_time":129174282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":129174282,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2094,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_src_last_pkt_time":129174282,"flow_dst_last_pkt_time":129174282,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":129174282,"pkt":"UlQAEjUCCAAn5uVZCABFAABtuPMAAIAR0zIKAAIPTOJVaXAJGMoAWVtEeBkxArN0R\/zFhR7fMHiNqUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} @@ -1950,7 +1950,7 @@ 00959{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12446804,"flow_src_last_pkt_time":12446804,"flow_dst_last_pkt_time":12446804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"msedgewin10"}} 00929{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12447076,"flow_src_last_pkt_time":12447076,"flow_dst_last_pkt_time":12447076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":548,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":12827507,"flow_src_last_pkt_time":41755684,"flow_dst_last_pkt_time":12827507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":966,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"msedgewin10"}} -01088{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":73950296,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":73950296,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":15284358,"flow_src_last_pkt_time":23969210,"flow_dst_last_pkt_time":15284358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":132834289,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":132834112,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2140,16 +2140,16 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12529920,"flow_src_last_pkt_time":12529920,"flow_dst_last_pkt_time":12529920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"msedgewin10"}} 01073{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":69142400,"flow_src_last_pkt_time":69227111,"flow_dst_last_pkt_time":69227285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":598,"flow_dst_tot_l4_payload_len":491,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":72264816,"flow_src_last_pkt_time":72720223,"flow_dst_last_pkt_time":72720433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":598,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":67092791,"flow_src_last_pkt_time":69124029,"flow_dst_last_pkt_time":69473760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01069{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":67092791,"flow_src_last_pkt_time":69124029,"flow_dst_last_pkt_time":69473760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":67092791,"flow_src_last_pkt_time":69124029,"flow_dst_last_pkt_time":69473760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":72266629,"flow_src_last_pkt_time":72906885,"flow_dst_last_pkt_time":72907120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":601,"flow_dst_max_l4_payload_len":504,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":504,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":72266136,"flow_src_last_pkt_time":72656641,"flow_dst_last_pkt_time":72656770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":354,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":63001980,"flow_src_last_pkt_time":63445433,"flow_dst_last_pkt_time":63445570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":598,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":65062594,"flow_src_last_pkt_time":65418382,"flow_dst_last_pkt_time":65418564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":544,"flow_src_tot_l4_payload_len":598,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":67093789,"flow_src_last_pkt_time":68857088,"flow_dst_last_pkt_time":69216407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01069{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":67093789,"flow_src_last_pkt_time":68857088,"flow_dst_last_pkt_time":69216407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":67093789,"flow_src_last_pkt_time":68857088,"flow_dst_last_pkt_time":69216407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":64031460,"flow_src_last_pkt_time":64521739,"flow_dst_last_pkt_time":64521815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":541,"flow_src_tot_l4_payload_len":599,"flow_dst_tot_l4_payload_len":541,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":68109135,"flow_src_last_pkt_time":69747482,"flow_dst_last_pkt_time":70047954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01069{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":68109135,"flow_src_last_pkt_time":69747482,"flow_dst_last_pkt_time":70047954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":68109135,"flow_src_last_pkt_time":69747482,"flow_dst_last_pkt_time":70047954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":63000408,"flow_src_last_pkt_time":63524574,"flow_dst_last_pkt_time":63524726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":539,"flow_src_tot_l4_payload_len":598,"flow_dst_tot_l4_payload_len":539,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":68108022,"flow_src_last_pkt_time":68639636,"flow_dst_last_pkt_time":68639339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":601,"flow_dst_max_l4_payload_len":546,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2215,14 +2215,14 @@ 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90745391,"flow_src_last_pkt_time":91380000,"flow_dst_last_pkt_time":91380000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":599,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90741172,"flow_src_last_pkt_time":90825072,"flow_dst_last_pkt_time":90825175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":255,"flow_src_tot_l4_payload_len":598,"flow_dst_tot_l4_payload_len":255,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":90746142,"flow_src_last_pkt_time":91151301,"flow_dst_last_pkt_time":91150987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":598,"flow_dst_max_l4_payload_len":620,"flow_src_tot_l4_payload_len":1097,"flow_dst_tot_l4_payload_len":620,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":87671915,"flow_src_last_pkt_time":88763863,"flow_dst_last_pkt_time":88801408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01070{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":87671915,"flow_src_last_pkt_time":88763863,"flow_dst_last_pkt_time":88801408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":87671915,"flow_src_last_pkt_time":88763863,"flow_dst_last_pkt_time":88801408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90747315,"flow_src_last_pkt_time":90792942,"flow_dst_last_pkt_time":90793046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":601,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":15285641,"flow_src_last_pkt_time":21297325,"flow_dst_last_pkt_time":15285641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"[ff02::c]:1900"}} 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":90740683,"flow_src_last_pkt_time":91277614,"flow_dst_last_pkt_time":91277245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":663,"flow_src_tot_l4_payload_len":1101,"flow_dst_tot_l4_payload_len":663,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":13118724,"flow_src_last_pkt_time":15640529,"flow_dst_last_pkt_time":13118724,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1091,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1091,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13092,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":15469659,"flow_src_last_pkt_time":21843510,"flow_dst_last_pkt_time":15469659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":624,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":624,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":75359834,"flow_src_last_pkt_time":77138763,"flow_dst_last_pkt_time":77504113,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01070{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":75359834,"flow_src_last_pkt_time":77138763,"flow_dst_last_pkt_time":77504113,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":75359834,"flow_src_last_pkt_time":77138763,"flow_dst_last_pkt_time":77504113,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90744013,"flow_src_last_pkt_time":90809872,"flow_dst_last_pkt_time":90809947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":515,"flow_src_tot_l4_payload_len":599,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90740151,"flow_src_last_pkt_time":91075404,"flow_dst_last_pkt_time":91408210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2231,7 +2231,7 @@ 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":90745788,"flow_src_last_pkt_time":91669101,"flow_dst_last_pkt_time":91668738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":628,"flow_src_tot_l4_payload_len":1101,"flow_dst_tot_l4_payload_len":628,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90742427,"flow_src_last_pkt_time":91375538,"flow_dst_last_pkt_time":91375677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":601,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":84592660,"flow_src_last_pkt_time":85126325,"flow_dst_last_pkt_time":85126546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":539,"flow_src_tot_l4_payload_len":599,"flow_dst_tot_l4_payload_len":539,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":73299863,"flow_src_last_pkt_time":74939021,"flow_dst_last_pkt_time":75239110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01070{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":73299863,"flow_src_last_pkt_time":74939021,"flow_dst_last_pkt_time":75239110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":73299863,"flow_src_last_pkt_time":74939021,"flow_dst_last_pkt_time":75239110,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01071{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90739278,"flow_src_last_pkt_time":90905082,"flow_dst_last_pkt_time":91076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":599,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2485,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90741572,"flow_src_last_pkt_time":91414904,"flow_dst_last_pkt_time":91415063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":213810438,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2285,7 +2285,7 @@ 01073{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90744824,"flow_src_last_pkt_time":91058830,"flow_dst_last_pkt_time":98168368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":40232582,"flow_src_last_pkt_time":40630451,"flow_dst_last_pkt_time":40232582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"puppet"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":40232517,"flow_src_last_pkt_time":40630237,"flow_dst_last_pkt_time":40232517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"puppet"}} -01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":191702228,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":192907861,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2854,7 +2854,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":65065554,"flow_src_last_pkt_time":65065784,"flow_dst_last_pkt_time":65065554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":146,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -01461{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":126831784,"flow_src_last_pkt_time":130215321,"flow_dst_last_pkt_time":130215029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":513,"flow_dst_tot_l4_payload_len":10365,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"69.118.162.229"}} +01361{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":126831784,"flow_src_last_pkt_time":130215321,"flow_dst_last_pkt_time":130215029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":513,"flow_dst_tot_l4_payload_len":10365,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"69.118.162.229"}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2728,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264769233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2915,7 +2915,7 @@ 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122468,"flow_src_last_pkt_time":134428222,"flow_dst_last_pkt_time":101122468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":251737212,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":251736857,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -3664,17 +3664,17 @@ 01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3205,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288409044,"flow_src_last_pkt_time":288409044,"flow_dst_last_pkt_time":288409044,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288409044,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.020679}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3206,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":4,"flow_src_last_pkt_time":287714018,"flow_dst_last_pkt_time":288483516,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":288483516,"pkt":"CAAn5uVZUlQAEjUCCABFAABbC3oAAEAROBZJPuG1CgACD7b7cAkARwAGXS\/iNTECAGQaxPLpTglwDwEBACgAAAB1MGLXgpwAAAAACAAAAMMDREhUQwAAAgNHVUVAA1RMU0CCVVBDACId"} 00921{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3207,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":2,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":288490528,"pkt":"CAAn5uVZUlQAEjUCCABFAAFWC3sAAEARmwMk76IbCgACDx8ycAkBQkS1R05EAVjxAQF4nOspZwx09GAJCT7CpZrkwOGi8n6RtJH8bgYgs0hiW9ONsGMg5p3WqpuLoo8zgBVcnfQtZB+Iedtdp9LOYjtYQWfW2kzdvWBtapxB8+MOg5haScUNi6J3gJi3lqi\/LA88AdYWyh36SPMAiLl+mzr3RiMwU+Wl1qUOUbCCO23Lg\/aI7Qcxq8\/WpXmKHAWr3Trni72CMtgENwPxNnk1ELP8O9ujj6rqYCZf\/9tF0Qxg5rfJHncEwQps72h+nCrGBHYOk53MZwkFEHP75qiCGjVtsAKHjaaLovnBTlef5fpAiBHEPDXd3vqErCCIybgwIOiCojzEkcz3DYyACtiCIaJABiSYgIw7\/UoP0\/2ADIhDgAyI9zxYghx1GBkYGGL1H5kaMjGkSB359NKPs4AfAD6Dfz4="} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974915,"flow_src_last_pkt_time":61974915,"flow_dst_last_pkt_time":149634723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01070{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974915,"flow_src_last_pkt_time":61974915,"flow_dst_last_pkt_time":149634723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974915,"flow_src_last_pkt_time":61974915,"flow_dst_last_pkt_time":149634723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95893440,"flow_src_last_pkt_time":95893440,"flow_dst_last_pkt_time":95893440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95754317,"flow_src_last_pkt_time":95754317,"flow_dst_last_pkt_time":95754317,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01068{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974633,"flow_src_last_pkt_time":61974633,"flow_dst_last_pkt_time":149634758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01070{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974633,"flow_src_last_pkt_time":61974633,"flow_dst_last_pkt_time":149634758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974633,"flow_src_last_pkt_time":61974633,"flow_dst_last_pkt_time":149634758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":50190,"dst_port":29545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975137,"flow_src_last_pkt_time":61975137,"flow_dst_last_pkt_time":149634682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01068{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975137,"flow_src_last_pkt_time":61975137,"flow_dst_last_pkt_time":149634682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975137,"flow_src_last_pkt_time":61975137,"flow_dst_last_pkt_time":149634682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95923521,"flow_src_last_pkt_time":95923521,"flow_dst_last_pkt_time":95923521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -4000,7 +4000,7 @@ 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122346,"flow_src_last_pkt_time":134428360,"flow_dst_last_pkt_time":101122346,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95754583,"flow_src_last_pkt_time":139695067,"flow_dst_last_pkt_time":139756356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":8,"flow_first_seen":71204033,"flow_src_last_pkt_time":80232165,"flow_dst_last_pkt_time":193763657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01070{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":8,"flow_first_seen":71204033,"flow_src_last_pkt_time":80232165,"flow_dst_last_pkt_time":193763657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":8,"flow_first_seen":71204033,"flow_src_last_pkt_time":80232165,"flow_dst_last_pkt_time":193763657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":90809634,"flow_src_last_pkt_time":139694982,"flow_dst_last_pkt_time":139723897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1595,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":90809634,"flow_src_last_pkt_time":139694982,"flow_dst_last_pkt_time":139723897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1595,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4009,7 +4009,7 @@ 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139669712,"flow_src_last_pkt_time":139669712,"flow_dst_last_pkt_time":139669712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":95715707,"flow_src_last_pkt_time":139694924,"flow_dst_last_pkt_time":139730332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":2181,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00898{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":12513795,"flow_src_last_pkt_time":14765980,"flow_dst_last_pkt_time":12513795,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":311751911,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":311751727,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01024{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288409044,"flow_src_last_pkt_time":288409044,"flow_dst_last_pkt_time":288409044,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -4544,7 +4544,7 @@ 01064{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":88941886,"flow_src_last_pkt_time":179376876,"flow_dst_last_pkt_time":88941886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":511,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":88941886,"flow_src_last_pkt_time":179376876,"flow_dst_last_pkt_time":88941886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":511,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":95264285,"flow_src_last_pkt_time":179735999,"flow_dst_last_pkt_time":95264285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":371837471,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":312956203,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":371837045,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -4617,7 +4617,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":3,"flow_src_last_pkt_time":373498204,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373498204,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fvoAAIAR6tsKAAIPmgMq0XAJGMoAIERsR05EEEAcAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3450,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":5,"flow_src_last_pkt_time":373498296,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373498296,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0WlAAAIARMv4KAAIPVhdLRXAJGMoAIGfjR05EEEAdAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3458,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":2,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":381404139,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0860AAIARiigKAAIPgS0vp3AJGMoAIFhpR05EEEAfAQFUC1FLUlAGUk5BXS\/iNQlw"} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01074{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -5115,7 +5115,7 @@ 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431178093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":431178093,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHP4AAIARA\/0KAAIPCgAC\/wCKAIoA0frqEQKcMAoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQAAUwcATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} -01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431178093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10","domainame":"msedgewin10"}} +00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431178093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10","domainame":"msedgewin10"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3541,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":5,"flow_src_last_pkt_time":431828440,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431828440,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NScAAIARFyUKAAIPsL8xn3AJGMoAICbeR05EEEAgAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3543,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":2,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431829020,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05pUAAIARsB8KAAIPTudJDnAJGMoAIHFFR05EEEAiAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3545,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431829260,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -6127,7 +6127,7 @@ 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287621967,"flow_src_last_pkt_time":287621967,"flow_dst_last_pkt_time":287621967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":54436,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287621967,"flow_src_last_pkt_time":287621967,"flow_dst_last_pkt_time":287621967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00898{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":12513795,"flow_src_last_pkt_time":14765980,"flow_dst_last_pkt_time":12513795,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":431829532,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":373496486,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340413,"flow_src_last_pkt_time":320290815,"flow_dst_last_pkt_time":287340413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -6400,7 +6400,7 @@ 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3743,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":2,"flow_src_last_pkt_time":521048856,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":521048856,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LwAAAER3F0KAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3744,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":3,"flow_src_last_pkt_time":522076302,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":522076302,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4L0AAAER3FwKAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3745,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":4,"flow_src_last_pkt_time":523077357,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":523077357,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4L4AAAER3FsKAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":491978824,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6536,7 +6536,7 @@ 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3843,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":520019755,"flow_src_last_pkt_time":523077357,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":568531706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":400872943,"flow_src_last_pkt_time":400872943,"flow_dst_last_pkt_time":400901727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":399168972,"flow_src_last_pkt_time":399168972,"flow_dst_last_pkt_time":399265426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01073{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6605,9 +6605,9 @@ 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3901,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":599426218,"flow_src_last_pkt_time":599426218,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599426218,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3902,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_src_last_pkt_time":599529292,"flow_dst_last_pkt_time":599415510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_usec":599529292,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3903,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_src_last_pkt_time":599747316,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_usec":599747316,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3904,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":311,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6608,"global_ts_usec":600247140} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3904,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":311,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6608,"global_ts_usec":600247140} 00896{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":12513795,"flow_src_last_pkt_time":14765980,"flow_dst_last_pkt_time":12513795,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":599325330,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} +00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":599325330,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":595449220,"flow_src_last_pkt_time":598465934,"flow_dst_last_pkt_time":595449220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":274,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6723,7 +6723,7 @@ 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90747448,"flow_src_last_pkt_time":99778360,"flow_dst_last_pkt_time":90747448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":64032422,"flow_src_last_pkt_time":73065113,"flow_dst_last_pkt_time":64032422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":64032422,"flow_src_last_pkt_time":73065113,"flow_dst_last_pkt_time":64032422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":114930776,"flow_src_last_pkt_time":116342717,"flow_dst_last_pkt_time":116342552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":2552,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"189.147.72.83"}} +01483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":114930776,"flow_src_last_pkt_time":116342717,"flow_dst_last_pkt_time":116342552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":2552,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"189.147.72.83"}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702829,"flow_dst_last_pkt_time":551880698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.211.43","src_port":28681,"dst_port":23459,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702829,"flow_dst_last_pkt_time":551880698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.211.43","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -6837,7 +6837,7 @@ 00840{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490658663,"flow_src_last_pkt_time":490658663,"flow_dst_last_pkt_time":490773349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490658663,"flow_src_last_pkt_time":490658663,"flow_dst_last_pkt_time":490773349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -01585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":114930255,"flow_src_last_pkt_time":116183701,"flow_dst_last_pkt_time":116183576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":5238,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"69.118.162.229"}} +01485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":114930255,"flow_src_last_pkt_time":116183701,"flow_dst_last_pkt_time":116183576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":5238,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"69.118.162.229"}} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90744632,"flow_src_last_pkt_time":99778400,"flow_dst_last_pkt_time":90744632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90744632,"flow_src_last_pkt_time":99778400,"flow_dst_last_pkt_time":90744632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":87671361,"flow_src_last_pkt_time":96685413,"flow_dst_last_pkt_time":87671361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6863,7 +6863,7 @@ 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65063303,"flow_src_last_pkt_time":74092991,"flow_dst_last_pkt_time":65063303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204511,"flow_src_last_pkt_time":80232141,"flow_dst_last_pkt_time":71204511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204511,"flow_src_last_pkt_time":80232141,"flow_dst_last_pkt_time":71204511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3905,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":399,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6866,"global_ts_usec":600247226} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3905,"packets-processed":3882,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":399,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6866,"global_ts_usec":600247226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3905/3882 ~~ skipped flows.............: 0 @@ -6872,9 +6872,9 @@ ~~ total active/idle flows...: 801/801 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9042827 bytes -~~ total memory freed........: 9042827 bytes -~~ total allocations/frees...: 127116/127116 +~~ total memory allocated....: 9620699 bytes +~~ total memory freed........: 9620699 bytes +~~ total allocations/frees...: 138862/138862 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 274 chars ~~ json message max len.......: 2354 chars diff --git a/test/results/default/google_chat.pcapng.out b/test/results/default/google_chat.pcapng.out index a25d44649..cc836589c 100644 --- a/test/results/default/google_chat.pcapng.out +++ b/test/results/default/google_chat.pcapng.out @@ -1,15 +1,15 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704623922342164} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704623922342164} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922342164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704623922342164,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922342164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1704623922342164,"pkt":"SKmKCiNt8C90rUP1CABFAAA8Y99AAEAGLO7AqFjnjvsBZLRcAbvnTZHrAAAAAKACfXiqHQAAAgQFtAQCCAoK8tkcAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1704623922362193,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAHoGVs2O+wFkwKhY5wG7tFxjuRz6502R7KAS\/\/+xnQAAAgQFhAQCCAqcHrxfCvLZHAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1704623922362207,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1704623922362207,"pkt":"SKmKCiNt8C90rUP1CABFAAA0Y+BAAEAGLPXAqFjnjvsBZLRcAbvnTZHsY7kc+4AQAPuqFQAAAQEICgry2TCcHrxf"} 01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":729,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":729,"pkt_l4_len":695,"thread_ts_usec":1704623922362679,"pkt":"SKmKCiNt8C90rUP1CABFAALLY+FAAEAGKl3AqFjnjvsBZLRcAbvnTZHsY7kc+4AYAPusrAAAAQEICgry2TGcHrxfFgMBApIBAAKOAwOPx3iNN1KDNv59o50kSm55mTOh5HDkFpQr8pYsKK9\/CSDpsCi17D7B9\/VyFbLWII4HoNN0WMiswlaBcwk1XQyLlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAiMAAAAUABIAAA9jaGF0Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgRVn+7UjIrhA80GAA8WCHxKGIPPkVuNsrlajjid686xkAFwBBBCT+i4eflokxoO\/CLCvHnFUI5J0BNMfm07CvR8S9AboR62M8jNI83mBKiPUUWeVDwE3Ea8Qvj7WcAb0nYvx8y7AAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkAB\/g0BGQAAAQADrwAgBdluewsDcliNmpZy7oHH6OP6ZFhu36dA6K\/+10EGMYsA7wyRm\/1eqKZVJLlBXK+ye3BHsYwovjaVK5cG9fNMGdM4+4QZ\/7lryo8Nll6R\/mUIEDoO3evHUu2iLKIJh+WGEi4hnyRiSHu10WrgvdSBSLDipFMc2+3aUES0aFmMTo9SRK\/927clzH129wiIyxnoPKcZ1o0umiudBVeNGpU5LtnCSRKcs89GYHauv8s6skZOY7wEY48\/oR+R3aPcQjnm77UfTyXy3w0Zf4dQjgMVttOJ6SY2BVbvW6QUce+nWhInkLUA6TaTpTS8cwq7vcQP2qvelfwKbVlROlC7uWwP\/x9G3EddM7WJtAEJ81NWOHCG"} -01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704623922362679,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.google.com","domainame":"chat.google.com","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704623922362679,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.google.com","domainame":"chat.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1704623922383034,"pkt":"8C90rUP1SKmKCiNtCABFAAA0sD0AAHoG5peO+wFkwKhY5wG7tFxjuRz7502Ug4AQAQbccwAAAQEICpwevHQK8tkx"} -01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.google.com","domainame":"chat.google.com","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.google.com","domainame":"chat.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1704623922383651} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1704623922383651} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914736 bytes -~~ total memory freed........: 6914736 bytes -~~ total allocations/frees...: 114149/114149 +~~ total memory allocated....: 7492332 bytes +~~ total memory freed........: 7492332 bytes +~~ total allocations/frees...: 125880/125880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 1450 chars diff --git a/test/results/default/google_meet.pcapng.out b/test/results/default/google_meet.pcapng.out index 0ec1a257d..716aa1d12 100644 --- a/test/results/default/google_meet.pcapng.out +++ b/test/results/default/google_meet.pcapng.out @@ -1,23 +1,23 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703652259039627} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703652259039627} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259039627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259039627,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259039627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703652259039627,"pkt":"SKmKCiNt8C90rUP1CABFAAA8yC9AAEAGYdXAqFjnrcJJZakEAbv5xd30AAAAAKACfXgQ5gAAAgQFtAQCCAoH2CG3AAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703652259056157,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAHoG8AStwkllwKhY5wG7qQQhsMvn+cXd9aAS\/\/9kSwAAAgQFhAQCCAr2okLXB9ghtwEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1703652259056165,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703652259056165,"pkt":"SKmKCiNt8C90rUP1CABFAAA0yDBAAEAGYdzAqFjnrcJJZakEAbv5xd31IbDL6IAQAPsQ3gAAAQEICgfYIcf2okLX"} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_usec":1703652259056259,"pkt":"SKmKCiNt8C90rUP1CABFAAJLyDFAAEAGX8TAqFjnrcJJZakEAbv5xd31IbDL6IAYAPsS9QAAAQEICgfYIcf2okLXFgMBAhIBAAIOAwPU5W8uVyQohxt3ODr+uDrbvhkNCgbu10EcW2c+Z\/qtPCDFzhQoSF6KGfkTLLIVq45W2PoPWvsu+IRxbGz2LFPIvAAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGlWloAAAAXAAAAKwAHBlpaAwQDAwASAAD+DQDaAAABAAGoACDXOJsYSQ8aTNOPlH9jMsLOeQwK1SvXkHTNAQgYBGbMLwCwTrSmygI1FPKOf72rMMYuNrfwMDq2q\/t56LegznolpgXFKd\/18mbOcm9SELCNSgkDDkNmzq18W7EI8dlFZYAayIqhFNp9q1BKZy5OdgkITAMYFoXXFhdGH1U2IY4T6uVi+FTEdjWhFT0dTZM4yBYjiCi8iF0Z4523hMTzncOnodiEKo2nPEWlAVQxL3yIGgjIcCZeutYvwAp2Ux1+gCpgRzrCOC3q3fq3RPhkuEMHQUFEaQAFAAMCaDIAGwADAgACAAUABQEAAAAA\/wEAAQAAMwArAClqagABAAAdACA49BByHp5T1RxvlCQHWdjuA87Bso4uU4IJqAiB3GtJdQAKAAoACGpqAB0AFwAYABAADgAMAmgyCGh0dHAvMS4xAC0AAgEBAAAAFAASAAAPbWVldC5nb29nbGUuY29tAAsAAgEAACMAAAANABIAEAQDCAQEAQUDCAUFAQgGBgF6egABAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259056259,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com","domainame":"meet.google.com","tls": {"version":"TLSv1.2","ja3":"f97d8fcbd3d1517f7bf0d2c536a503a1","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259056259,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com","domainame":"meet.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259073151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703652259073151,"pkt":"8C90rUP1SKmKCiNtCABFAAA0mMYAAHoGl0atwkllwKhY5wG7qQQhsMvo+cXgDIAQAQWPqwAAAQEICvaiQugH2CHH"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259073582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1703652259073582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com","domainame":"meet.google.com","tls": {"version":"TLSv1.3","ja3":"f97d8fcbd3d1517f7bf0d2c536a503a1","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259073582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1703652259073582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com","domainame":"meet.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703652259263021,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259263021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259263021,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":59369,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259263021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1703652259263021,"pkt":"SKmKCiNt8C90rUP1CABFAAT+WL1AAEARzHrAqFjnrcJJZefpAbsE6hWzwwAAAAEIgxgnxg0H7jsAAETQ219rHqJbmVLMuSg9jbN2Vb0Qvhi+XuVf\/XKim9vMwPuXxDxd1l05u6JPcOPCqS6dz3jnfvgaZ7KqJkBgmF+HdxsCqkxUqmOLXX1SIn\/7LxYL5oGHypkGu9FnljwlR\/0BqH\/ROubK3aLMnXtmYYknnojPMskIMK9PZq7dSjGO3BDfAQwLBJ41H8i96K3\/3dovWXq7RrGtv3plwWaNcFEHPDw3Mzj0QLja5fH0aysrsuDg504rNVmboy9XMB6DYpf+DXP5R1LChgwcahiMEWJnfTV2anTlarYI+BIXPAKX2yB2PPbWgr1aIpJi8PewO6+rpqt2dViVrVIunStQbtnZJP+m1GpboW6ta\/V5R51qjrbGZl5O3e85de9\/Oh55BenAOt\/41APbTFvmHbEAaHTW8yh\/GPiJWPrekWaIImHo8+ggq5JBYqmxhTzUuJitax0W73TacIlVUJ3lYutJIm4CpaECm11YrEt9MNFBYkrDQd8cfNUogQdHpJGJ4i2QUPjpaddtwbN8WM4QMuroKL\/eYxd1Ys2QIbhMcGgRsnLsJ9OWMSeEmKYNuwCMNEOsz+nPOHL+dP6x3Nl8aeBs\/11ODY1OzIUIiXCXkLmyzzbZbxXvo4VYEtyP7USWrNU9+YXNktGYWDCCvb+kiNkP5yASVTTeo3cd7PxhSgFnYMH2wQDGyrRftpkWvIPjMhokh32DJ2PBjWo\/gsn2s0Y8+oCtZ0KCeiowHeUk5o7dfMeZAUF7c4oj1gZIAyPCgZCiftfAVeXoNIKV8OECesRdb4t+IE4MG+tb8g2xWZsAuhWYqG4WISgPwTp6R4z15gQGmUJrXms6FBnPcsnOuIZ6pCSuSu67CUHe2bi5QPEO4dKf68v++kB8yGS\/LsTkSWZzhwSx2s\/MS8AYhRMApo1GNOpmsvdJnig5iQvoKciPNTzArJw9\/WU+XxwxGX0cv2iZVFvZN8kEeFmtMTPEL5iYbSE8UsjiqKMi8J7p2zzereisI98MKfBXUk\/E2weOOoKhCLR7XDA9HwEB6+Y3q9Enaep+OAcbR6LynBa8XMyX9r7ZMwRBv7o1+3r3znnGkSzA2hQE2aP1g2hHyRH53HW0pX4UmB4q4fQa5c9TkjvEJx8Fn\/rEZoWR7Bw0pulDmngWvjoUnbb\/YahYA4vY1id1gMMJ4OUarID6DPQo8Y+0jZSVY+eMfCPfl9pmQsb8REyBxwD5c7TjBSx5QxppdsiSzvlM\/GYYvMnPGmM6FhUP6lg6AFhEm1Rz958grNPUY8GyZCbmigAoPw0oJC8B2em\/TC3xYFMMxngGnfHW+JAgFpJI+z9DdzIld+jEzblDQ5amDhyppK+9TTxzrn2phbiYoHR73w+D4FS43\/JEr2Z8TMcj9HlsOX5DOjM2Jf+OUEi72VXcnpdbK2czaiqYZOJ8OR9jmESJLnvvUHHUH5+mv0yUTDRnBIcCD3Pb+\/cP0Tz8v9JYuOsjzLLvfzFZkzS\/QuIkb2gN272cHNLaZ1qfgzRhtYpxGQrgd5f+8jI6GDJcH6KMMVa7LfLG615gP5pk04ypRW4rEGMk3Ej2Et5gDuV8wL90cQRhFBEJ1uL5Q7UKf3aQel\/URgfGy1Nhls6L3azQwCdLF83yxtgQ9neebziAaWE="} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703652259263021,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259263021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259263021,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":59369,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleMeet","proto_id":"188.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com","domainame":"meet.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"86ba0adabbe377daf6b620f07b59b45c","ja3s":"","ja4":"q13d0311h0_55b375c5d22e_5a1f323ef56d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703652259263021,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259263021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259263021,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":59369,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleMeet","proto_id":"188.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com","domainame":"meet.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0311h0_55b375c5d22e_5a1f323ef56d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259281607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1703652259281607,"pkt":"8C90rUP1SKmKCiNtCABFAAT+AABAADsRKjitwkllwKhY5wG75+kE6kbszwAAAAEACOMYJ8YNB+47AETQiR4PL4FBDfk\/hjJGZQEvPPAQLGbMJnHt7lPmqHLKwYY9FtUGwCfGcdcxRTeVEWkO7kkHRJj3LqI8uWkn5K\/ksGm8EY54Z1WdaKKG+chCqkXpqf8PC6otlzHy41WHfzxCPMWayAMzg9ZkcLIhceT2WuHx0na0c8w+kSYLdH85moe4x9aZHU1Tu5XC+0x7IjIK1VDqF9KbHC9pt\/2mkbP4q6P31yXzA+bxbiOdDqty6lfoJ\/7RchqnDq+nFC9YIfZmVZsruZPJGJtR0QR6iVMuzoo5qvFgmRTF5aYZrLYky9Yq\/GoWWywfhrCQ\/KmWnopwR40QPt8GMOSkIlkgJ044mVIXKQvi08D2kCwuOPFKUOV2k8IzudOk2l8ZWAMgdZ0X7tTs9l4yjHjvKE44n4a3dWUhw\/nQIrgJg7hL\/KkxZfTuBBEoZc0onkGu3+VEut1meZ4DXfQIpMwLSEMYvk8un+yFDIFMLjgSdyixwkZrxK1ByhWoHPZJ6ZZ9yHe2x90R8mg22cxw8y0OHPfXnzpC8f3NNHFF3OEw1t7x0b1C1STJWauKthsMdsBE8i4Rrmo8JUImm0sfU32dg1pMCvfj4A1yrP8Ua8JvXgF+pY7Vxbi2x4UKpI5pCvrJXYlQXtY8odzvrkAPsHFRnnlwZgJr0izeUggAaCDo9g73ly69z7kX7GmHcxd6SPmJZ3jClyoab8HzV\/wTGMDdEdnsT5E82Euunj7PY1ZTEkThrQHnJN5CKhfZDAb3ViXQ4ECDGViqOujj5nmssJkQC5z8Oa\/39wMdcVkEN51KQzbnxhIEEkXzs+pYdKrHReUPwJfSKRXi6T8tne1hB\/+uwqPoYPUB9PcGjk+tmYIDnnWzCDLOPML+9t9qTWizU4DnkQ\/FmIn8pDTD6dq82JWJs7nlz66Swl4AAaQnYJYpUZZcACMt7v\/0ZXbtOfriJZ9k6AZ\/bqn2q4vlU4yB88Me1Xjh6doEpFVTE86KRfXcVwO8btXmqRTG1ME1uejyrLIhHeEnE9II+TSW5o74Py6JW0DB+KcpLEnp\/e0qfe0wvTi0NywfPDzHacLlAjeJJEA8T35GDalT\/VQ6wKxBBlv7vdPdNuBNu1LqA2W2Y6sIZxI9gNaJkv0B4o0p6blZEaBibhFZ8M8xkBIRvTYVPWOE4BFMwnKY5C9aep5qNYaylzsUkeF7BasBGdDTkPYCjT12CVQ8oaMGMLIhj3wAb7fD0giYDKlniBK30RSDOhoCmmsLU+5U9xtg3qgnl+LEJsttDolToKPFEH+yadvBdzx26ZqOA0rh7HcuWkxzdI2K4hTEcF7iX7l4CcUxzExFXaQSbyY1OQbAUiMIq5IbdLQjz\/ZtXJCBZ07velR9dt+kT5EUa068lMBIjvlMVQ7jueUA8BZeiDo+HktB\/6UqugYkPc\/Odoyrp+UVkKO1reQJ7aZQLTsM4\/TNafA97dQa41FrK9khReyh7xH0F+YvAICQpTibLwBE\/l1AZo\/MmWO5PJG7DWruMPVv2IW\/BIBpyC1YPn8B4BpVY1sBQuXDACH3VxWIQa7YJuFEiMGiW4T0a9bcbOatKV07xiW0kDcrJqhi0lqXq5r7pvSMQ3pbFxAOHQpSnVR1qQMw\/D\/Kgm+ipeV690G\/pSo="} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259281740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1703652259281740,"pkt":"8C90rUP1SKmKCiNtCABFAAT+AABAADsRKjitwkllwKhY5wG75+kE6hde7wAAAAEACOMYJ8YNB+47RNG7jUTVWbjEa0b858kq7dKY7W2HQuNI4RNkQRe7\/uzTzHV\/C1Lb6xTSdXET5tHc8ghGkplExXjc3gKXnpaGbes3IP89YisiOonjJTr3a3Vq9Jt31DDBGrNySkwqMEAoKyTW4dPenuJVPYoLUgqwrWxCU7ypLAGab7Yudu1rxgLE01YRIqJ3hdOP7wzSTbbDVK44\/XilIpF88+\/vByKO7VAUmAJ\/CnsF+4ZQ4EqIpu+N5MdnEXEqbDnDo21At4emprnP7bSflJX\/RBtdrPSPiHfqL1nB\/I3U6JUrVZhJckRSxE3c3qeF0uTGYRtugJL1EQfI\/QqVt+Wq9qv1BvJPa7vvKEwcgT9HjB53x3iZrP1q+8rn9Qsis5n0\/Inc2EeGlyBTs4v9yRhIm+M8d2GKN8hVb1knKQ5dj9p3cELpQdd0u+STKCIopHNxFjuHaP3swWNChtCxCxBBofM8q123vAiwc\/WZL4wRIrzber+WNf2K2ok+kTNDpqrYcRRWiohlvSC\/o0FX0s\/OWMST\/NNF4YGZQoRqutroIUwxjVF8HLUzGqOz9l\/8QlaCmonk2J9EnCFfnTwLsSujGpAAbuD\/9m4tCU3J5SKAH4zQLJpvUUvONAMfQODZYti0HBb6g0fPv0KNx\/iSE53tn8MODHjEDI81SMaAisHV2QCvZsaoWGWjGtU88fcm\/BP5yZgvHp7cgQeivPoQ8Y51oiIFGJ7k6IYbWm4OluIhsJh2DPUOfYXXRWFXQhvXX0oUU655gQjj+8vgNxl3e3\/1naeJjmZFH6F+oltb+El9x5p\/l1NIMAVBne2MG9DTPX40h6XfjKlrER7NTRwwq+xAzHAcAcdqNFncqE5+UHXH+t+fVk7hiGLKSY5MXNMl0kk4vUaqU0G+2XPA8eVUbX1IsBOp+Q3R4KvDSi\/I3luPemSLACeNmFN1gr+3gYaisrjZsqTfXmPro4sfenAy3ZyXD3SJueXzxiORcLeqzBTjUcPQyv2Lf\/FXAsMmEf\/kYO9+1AnwpS0ZQsDKR5Ce3\/OJvxymtsyuP9zpXco3hxC8qlFD4TE+f2wGVwGEP3D4b42\/1ZOGa3qvi7U\/Glv7e7WpZ+xVFduI1RuWHfUE6OEjQRnv1tSsB5Gkl7aS6pAZfhyBcmzutw+4f9ApusWJhYji9eVuuk2JKUQkJfFM6t7TqsKHH\/Y3qy4f\/ydQZyGn4VymkVyUiJNdzwfm74TxiYxM07NM77ewvi47wuJSatIgsM610s2Kz8oHDodCFyae8yAgZ0XleaJbYNbPUEMPiWe7XWjkmvVmZQiA8DpDy6oJSv5aQqyiYgCxIZxOJe8QwKGkf4FpV4khjMi5KKp5EPXQSzRA\/9kL98kbBsgVBpOEGV\/7c+MlfqWdMMS201uebYyy6dWTBOaV82Ys5ksPOWSiw9Gj9FzIAQRzRaoFAc3cktwqHWflA7scRQ3E2SpPvrIjIrXjTvGWxpJHAHv6d8urefFjxOeqn\/\/N9InFB0aqYAAVNsr6mLEdEnmlZ3VyQwlpTP3me12KPPgI8Zd2ZbCKWLZ6f5m3vv2KSvuZA1h7KBiaL+mOJBPrPdL9eg02\/fALnNp43YQvyd08yG5Z97n+I4W9pgTpFwnwUF9v1DyPvpaZ9RxVi2BcCnY="} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1703652259263021,"flow_dst_last_pkt_time":1703652259281787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1703652259281787,"pkt":"8C90rUP1SKmKCiNtCABFAAT+AABAADsRKjitwkllwKhY5wG75+kE6pAi7gAAAAEACOMYJ8YNB+47RNGRHiriOcpfT9sQ5w5hxpujWrgntO8w6dkwU2E8vBxlV3c6VjbvTnoq6IRSFUt3IqgP\/E5B+sfNppendDt0rmgrgSg78K0HlImVfjr1KCMfbDAVucYlZT4uf0ANiyyJ4CBJ61+B12SJ6rFQhGnzlmF2pvuV+YiNmxxoROJCdRGWqMyeIgOttPE0u3Vjp2w+8osM\/8beAz4WWHjZxaeO\/HG30FARDpHk7eIDMDh18vvA04PEpBMPOLULuOmt0rzShUORhaoC8q4aSRjMXKcHfcHvTC8zwhKsyjhWiZ\/RYKVtkgtLfBM8dnmd14pPIclLvjGTNq3b9wEaGQtBegnwh\/S6xxZLK2PCGRreKOHvcxMDAA7XRdD24JtgmzF78psPvmJIES9oVJZ2HYssiVXAd2JBKG4QD4V0mhjLFhhyUlln56snpKlx0n\/FXEP58T1+JAWW38JS2FyDBoZKKcsABIvb0zrdGKY5+9v1dJZd37K2IEe5PtQlmsNF2YoUK1N63vQNLeg9h7BO0qwp\/xIRIx4wTkXil5\/iacqoPSQcsxIWc1RrYeph1EUYkl+TT9NCk20mkof8ZgXIf7H2rPdSEbb1wPTrLBA1X6OlVlvesQEJGUqw9bUIT4CoRZJ0\/hozcG0SacPc6VO40OO+J7ImuwasDdDzAJrklJKLa5xGqFIpLC2NhlvaWgsCVFERTIJoCxxGVgh7mIG+R16HhOkQBnv\/Xf5ECoJsN4Otjc9ZyShAE4tVlqXb4xKMcdkgC4wCrqkqkBGjX9dX3qsJHWeICwPdzhiaxVAfnBFgU7vdVmacP5Sadw6DQ4FM0T3xVKphH4ymiAHo1HVh2ElNbq2phi+waj5fK80rHV2sEhvj2OfWLcS7Jkf2TdVbAEAbluHQ7PQkMzPnl8ygAV6lc1ugpYAHEBIe70M2oA8wqtO5KYfRD+WrVq0DQBvmj29ueSUse3xazXrQ33caK6Mug+I4kfymZ0x8Whwg4iln9WMDhPtBfHMc2IOswWoR9M23Whatw2hNcKE1ZA3MZSeD3c6ZSEleafmGAZVQPRyw\/O0jVrwWtWC8jREMITeI3NqcEjcbryjXW8s8DCBKLw100GbB9KMd8+6DXW+99ogdviHAYztS3wgnLNP\/GFIclZBelcgUkDfmzkTOhsTJFsq2SArz7x8OKtX11v2Nf6IH5qa9QRWQvAcrgGTEovtcKMjxL3Ut8sHUdKjAoD6Q\/GclTFFvjahElpZ68fm\/4DRpNw2yPFP2AP\/AH5KPedSB3DoQUpsu4CX+swPpfn4YT5eJv1z3OHcscM\/pTTk3asbcKPf9iFTRIpoYTs2teWUyLYeODnT6DJ\/TfASyVLrzLCaBVn38kkf9uwVXMhyFcZHNSOjx1t+HDdpkp8b4l+G27FQj90q57R7tCuCYB5cj+PmWv\/PHxsaFlyso21PxzybUnMkOmPymZnus9zlTWtzKSni4D1+5Kk\/0amv79U22bx\/9\/PXVgWpQOsKeXin9e0HI16NQwcDBqS99j5\/JNqzaX0jixUqRqCwfgqt3ijqb\/Y96duvT3wQQLk1x\/ExRB+Mzez\/NW9r9HLRHMdtY5qK1QSBkKuvrVKM4j1eT84fdwg\/DCT707GUZuEf6zEJU0gOAzO\/8+g4OwQM="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1703652259281814,"flow_dst_last_pkt_time":1703652259281787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1703652259281814,"pkt":"SKmKCiNt8C90rUP1CABFAABDWL5AAEAR0TTAqFjnrcJJZefpAbsALxD44wAAAAEI4xgnxg0H7jsAQBY\/UHCZ5amHNV483U22omo4yv0J4LBc"} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259073582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1703652259298957,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1703652259263021,"flow_src_last_pkt_time":1703652259281814,"flow_dst_last_pkt_time":1703652259298957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1289,"flow_dst_tot_l4_payload_len":5000,"midstream":0,"thread_ts_usec":1703652259298957,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":59369,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleMeet","proto_id":"188.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"meet.google.com"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703652259298957} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703652259298957} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929232 bytes -~~ total memory freed........: 6929232 bytes -~~ total allocations/frees...: 114188/114188 +~~ total memory allocated....: 7506828 bytes +~~ total memory freed........: 7506828 bytes +~~ total allocations/frees...: 125919/125919 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2224 chars diff --git a/test/results/default/google_ssl.pcap.out b/test/results/default/google_ssl.pcap.out index 9e0ae9033..ed8f66ea4 100644 --- a/test/results/default/google_ssl.pcap.out +++ b/test/results/default/google_ssl.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434443394683939} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434443394683939} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434443394683939,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1434443394683939,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394717671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434443394717671,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} @@ -8,7 +8,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434443394995795,"flow_dst_last_pkt_time":1434443395030206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1434443395030206,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAoeX0AADMGsbTYOtRkrB8D4AG7p1PuIxEUemdzaVAQp5QVigAAAAAAAAAA"} 00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00790{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1434443401353810} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1434443401353810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910602 bytes -~~ total memory freed........: 6910602 bytes -~~ total allocations/frees...: 114170/114170 +~~ total memory allocated....: 7488198 bytes +~~ total memory freed........: 7488198 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 942 chars diff --git a/test/results/default/googledns_android10.pcap.out b/test/results/default/googledns_android10.pcap.out index ad4e3501d..cdc6e91b5 100644 --- a/test/results/default/googledns_android10.pcap.out +++ b/test/results/default/googledns_android10.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592552824409182} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592552824409182} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552824409182,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824409182,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592552824632762,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824632762,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} @@ -13,25 +13,25 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1592552825913790,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552825927045,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1592552825928257,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825928257,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592552825928997,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOtGJAAEAGt3TAqAGfCAgEBLusA1UTsXiiDrwBC4AYAVdpogAAAQEICv\/\/zMV\/X4MUFgMBAJUBAACRAwOw6eX3GPuUCseewx8KJQKq65uZZdDYuRYi0MWCjT+jCwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="} -01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825928997,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825928997,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1592552825929178,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825929178,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592552825929471,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOyANAAEAGn8\/AqAGfCAgICNrYA1WXsATBw\/3toIAYAVdohAAAAQEICv\/\/zMVkDcpFFgMBAJUBAACRAwOVSYhvB5NCZzUc9GHHE6Pd9b9dT20UrbAk09jz7PnHSwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="} -01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825929471,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825929471,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825940289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825940289,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0q3UAAHgGyPsICAQEwKgBnwNVu6wOvAELE7F5PIAQAPB8fAAAAQEICn9fgyL\/\/8zF"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825941529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825941529,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0xdkAAHYGrJMICAgIwKgBnwNV2tjD\/e2gl7AFW4AQAPB7dgAAAQEICmQNylT\/\/8zF"} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825957880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552825957880,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01781{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825957993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552825957993,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825959083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552825959083,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01781{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825960222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552825960222,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825957880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552825957880,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825957993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552825957993,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825959083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552825959083,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825960222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552825960222,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826036505,"flow_dst_last_pkt_time":1592552826036505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552826036505,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1592552826036505,"flow_dst_last_pkt_time":1592552826036505,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552826036505,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1592552826036505,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552826049329,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1592552826051146,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552826051146,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592552826051495,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADO0uJAAEAGmPTAqAGfCAgEBLuwA1WtLB4BfeARF4AYAVfZbQAAAQEICv\/\/zOS0eUC+FgMBAJUBAACRAwNJCyrg3LiPOkzp25J1tFPL9Xy02QHRBJvQzPxg67QKYwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="} -01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552826051495,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552826051495,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826064156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552826064156,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0wIMAAHcGtO0ICAQEwKgBnwNVu7B94BEXrSwem4AQAPDLiQAAAQEICrR5QM3\/\/8zk"} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826080321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552826080321,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01781{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826081468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552826081468,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826080321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552826080321,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826081468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552826081468,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592552826207745,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552826207745,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hqoAAHcG6sIICAgIwKgBnwNV2jAOPHBKaWPSFIARAUTy8AAAAQEIChWqclH\/\/5Cw"} 02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552827147738,"flow_dst_last_pkt_time":1592552827146388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592552827147738,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":99,"avg":71648.9,"max":447414,"stddev":121761.7,"var":14825912320.0,"ent":3.5,"data": [12824,14641,349,14827,16165,1147,99,31089,1039,512,12517,28602,36858,41216,19219,12546,6221,5033,24265,307087,326211,13788,74283,386701,447414,5048,23824,155667,173706,5036,23182]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,211,551,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [4.326680183,5.023234367,4.955651283,5.448351860,4.985801220,7.066713810,7.519642353,7.136388302,5.063529015,5.025067329,5.063529015,6.146316528,7.108041286,6.700643539,4.985801220,6.774869442,7.568095207,4.947339535,7.581867695,5.078046322,6.760867119,5.062724590,7.546683311,5.078046322,6.761339188,4.972088814,7.559946537,5.078046322,6.814634323,4.964581966,7.566140175,5.078046322]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552827426405,"flow_dst_last_pkt_time":1592552827426405,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552827426405,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -49,9 +49,9 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1592552878549677,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552878562423,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1592552878563796,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552878563796,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1592552878564695,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAI5PPBAAEAGLXzAqAGfCAgEBLviA1WhETzKd2wcRoAYAVddrgAAAQEICgAAACw7E6h3FgMBAgABAAH8AwMrWAyrTdDxfgOP+1tzuunb7Cy\/yXCgSWeXoKBkBPrVPyA3JDMO7OphzpU36YzIUm3zGK0YYOmlQM62LkpDm0rDGgAewCvAL8AswDDMqcyowAnAE8AKwBQAnACdAC8ANQAKAQABlQAAAA8ADQAACmRucy5nb29nbGUAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwDiARwM3mDSTy2KnFOJMzn7stzGYyX+ErxweKZvMWA+DHe7GLRnLRUybuHfiV5knTQIjhK\/GK5IIqvLNAmTKNvSo0hv8h0ulRB0aqm8FwgEpkVHHcM6UG5TzNCQ9KdT\/k7UNWuK7swRz9Yvi+k8q96rcEJr\/LXENmBb2UY8tY9l2xJKbBYA9tKwIPIBAerEXFDAPYWZdKDd5Q1S\/gPO223uC0X1er\/jYr9tA39W1m4B\/\/vKp4wt45p5c\/xW9Tg39T7eLvvvPWnCGQRfWtPx5seY9+CMB7cDPpL3T3JV2Fpgho3ydgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552878564695,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","ja4":"t12d150800_0707305c9f76_120e542614af","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552878564695,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150800_0707305c9f76_120e542614af","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878577342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552878577342,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0nAgAAHYG2mgICAQEwKgBnwNVu+J3bBxGoRE+z4AQAPCQ6QAAAQEICjsTqIYAAAAs"} -01379{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878577421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1592552878577421,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","ja4":"t12d150800_0707305c9f76_120e542614af","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878577421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1592552878577421,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"1249fb68f48c0444718e4d3b48b27188","ja4":"t12d150800_0707305c9f76_120e542614af","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552881411235,"flow_dst_last_pkt_time":1592552881429656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":1522,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1592552881429656,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":79,"avg":185210.9,"max":1253719,"stddev":341703.1,"var":116761001984.0,"ent":3.2,"data": [12746,14119,899,14919,79,14194,1137,19603,19131,13753,1318,58447,651251,714961,3808,23304,1234142,1253719,12532,32716,484043,503710,3783,30780,265369,292430,20267,12603,11759,7400,12615]},"pktlen": {"min":52,"avg":198.2,"max":569,"stddev":197.9,"var":39161.3,"ent":4.4,"data": [60,60,52,569,52,199,52,103,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.235814571,4.852156162,4.801308155,6.238618374,4.739399433,6.089945793,4.839769840,5.473562241,4.801805496,6.831297874,4.671903133,7.530720711,4.839769840,6.775491714,4.763343334,7.509344101,4.801308155,6.680355549,4.891996861,7.580490112,4.947339535,6.744199276,4.770353794,7.577538013,4.860989094,6.758264065,4.878231525,6.768933296,7.616032600,4.884933472,4.916693211,7.554844856]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01063{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552828402579,"flow_dst_last_pkt_time":1592552828415412,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1592552910946566,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00945{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552826207745,"flow_dst_last_pkt_time":1592552826208808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552955542932,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DoH_DoT","proto_id":"196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,14 +67,14 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1592553007037028,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592553007051414,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1592553007078898,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592553007078898,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592553007088078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOFgxAAEAGVcvAqAGfCAgEBLxSA1VGZWusr3aVwIAYAVd\/mgAAAQEICgAAfa9\/c2KvFgMBAJUBAACRAwNWAMlRN\/y9+y5bn87kl8S7SwnuvLXD9du+\/Dt1fS20NAAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592553007088078,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592553007088078,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007101326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592553007101326,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0SeYAAHYGLIsICAQEwKgBnwNVvFKvdpXARmVsRoAQAPCP6wAAAQEICn9zYuEAAH2v"} -01381{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007118877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592553007118877,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01782{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007118996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592553007118996,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007118877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592553007118877,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007118996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592553007118996,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}} 02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553013061132,"flow_dst_last_pkt_time":1592553013091250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592553013091250,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":78,"avg":389623.4,"max":5703762,"stddev":1387530.2,"var":1925240193024.0,"ent":1.5,"data": [14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01154{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":65,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552996489587,"flow_dst_last_pkt_time":1592552996502369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":5210,"flow_dst_tot_l4_payload_len":14618,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":121,"flow_dst_packets_processed":120,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553079303170,"flow_dst_last_pkt_time":1592553079299653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":11059,"flow_dst_tot_l4_payload_len":37798,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":532,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1592553079303170} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":532,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1592553079303170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 532/532 ~~ skipped flows.............: 0 @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6978549 bytes -~~ total memory freed........: 6978549 bytes -~~ total allocations/frees...: 114824/114824 +~~ total memory allocated....: 7556145 bytes +~~ total memory freed........: 7556145 bytes +~~ total allocations/frees...: 126555/126555 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 2353 chars diff --git a/test/results/default/gquic.pcap.out b/test/results/default/gquic.pcap.out index 3696d9db3..e0f76424b 100644 --- a/test/results/default/gquic.pcap.out +++ b/test/results/default/gquic.pcap.out @@ -1,10 +1,10 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591876186378535} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591876186378535} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1591876186378535,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"} -01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64","quic_version":"Q050"}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"quic_version":"Q050"}}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1591876186378535} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1591876186378535} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918013 bytes -~~ total memory freed........: 6918013 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7495555 bytes +~~ total memory freed........: 7495555 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 2348 chars diff --git a/test/results/default/gquic_only_from_server.pcap.out b/test/results/default/gquic_only_from_server.pcap.out index 05ef2e677..dcf45103a 100644 --- a/test/results/default/gquic_only_from_server.pcap.out +++ b/test/results/default/gquic_only_from_server.pcap.out @@ -1,5 +1,5 @@ -00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251989197119} +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644251989197119} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989197119,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4qFAglQtqrsDUxewFr5JIXeWAY6RF86CpAAQOlAQAGAKABAltSRUoABwAAAFNUSwA4AAAAU05PAGwAAABQUk9GbAEAAFNDRkfzAQAAUlJFSvcBAABTVFRM\/wEAAENSVP8bAgAAT7lEuqmgqtYH+ijEiKaPQIy+ZChskOUCQEOXCVQHODgEUDi4gK+Y2fknYCMPTuXF5o7P1p2Q09HWj67E\/GVB22m2zd3BwWxvWGnHbEMibFDsKh7Y\/Frv41cGn7hjXqEcbAsNpcVd7dzeyErmKzuNIO0vP5FIw0+Q18PdyZGT3x5dWqDzeh010yoNKDztLTRTGgLmFqmPSHrDGNj0ZjRIJ5YLMvzSsofddd\/pmSWWU\/br7MLE0U3uy5GheQ5rsuvfCxr\/3wS5OodpK\/U6uXoiWDCp\/9jJhgLW1RH8KH+AsqOcR83lhenQiRYYWJ7UcXeHR72CiYaDsMjStdV6yUsD2KUn3OuVTfPYSZOd0CfePbKnOIouDsGc7zpamsdSnCTdELRk5aZqs2Bks\/aS0+qcPSL+nMD5wTfTmv6hbPMmnqhE75+hj5BLcSaQVPfTdSHo82q2odiSmYlJ6syER6cP9lc6uWo6jxmhn29mPlNDRkcGAAAAQUVBRAgAAABTQ0lEGAAAAFBVQlM7AAAAS0VYUz8AAABPQklURwAAAEVYUFlPAAAAQUVTR0NDMjANAns7u4LJoHrRQPcY9PuYIAAA4D7eqlM679heUJOOpLBttHaQi+6STlpRUkjX5oqSpndDMjU1GjfRB2GCZa2q1+liAAAAAA0AAABUjOgAAAAAAAIjIdJ88ECivwIeTWKjZk57pwLCmOM1SIo0xwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} @@ -8,7 +8,7 @@ 02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4fIQAFXUInh+Nj46SUAklw7faHf2lL9QCzuRO2td6KNKev\/JAr5eYL9lbo6W7jpopveWBQmWLK\/fr+P6D32bulPZ1TfPYQWzoAa9AwZxwvKH7I0RRXjumRndqUFv2dzEysBdzscsuwCtuQig8EBcrgyhirTLG5oXc4aw8zCyni5+Ov3z15t5jbII4zM9bYLybkdJyMYG4X3cMqIlfoPiOYEKKb3u7c3FpUt+feGrTXJ+OGCzmC9UwL6My0kVjrRblnPCYv18Vc27CawuoN6Hc7yzsZ5JDxa+vP6Mjhwi0kfo+Mhh57CRwmahnAvlT4gBXgrcZbKRC+SZbL7i\/YuEY+IpYnfadX27oIHnX1fWz\/V420PqUI7e95pehRMQZ6t6EHIhSwQQQsZAt3KoIErSCjrSeWoo2BmqsG3YQEYg1M0X55ZRl2L38k2ISSv34XlgzWOf3f+MddKHNUwyNXGc8KZppw8FF9qo9UTRB46k0OJypFH+fW92hUuO5vZdaM4zsIT66YcJBKGqNkD\/VBer\/jx5GJVGfplZHgYjiDI38PF8Bo4z89DoeXKcVEGPnQk6TZcCO0YZbjPEsApoYfIeVKzouW\/o3A9PYEjSEXi5EPMlZQs4pi5l+jJz31+mq0VAI5j2CT4vJoFQT8ilbKMSgYlqpHl7+qbW85929Fr436\/KEx1MrKk75ShODFrcxTxXvgg8NKYT6SPGNBWa7fHkd12VRwAmTSQFAGc2ZfMVD4sPtrL0PSqapPxeO\/S3HlmtTYXHaEZIETuHHfZS3qfkPtV6MK+OGOHZlzjaYR9qi4NxDwM+nSx3MusIV0GrwCounlN1Qf1XbGFqK27rbvFzhA6dgYSVf5Qmb9HT58ff3INYOVFOLwRdnBI0YDTKk+O6czdlW3XVUQ5s2GorzADWyzZTY7PbgEJIn7poFIn9uUVTp5UAJMqDLpblGRBUOCJVenp+CgORIPzH10Ws3e09dvA\/f\/bvHxBWpQalg425S5DVD6cL0yGLZPTUIi3Kcu+cJjnO1G5NQLzpSx7IWXxnSk86S71vtGsqOU86H4f\/ksGHQV9A8p6t\/poWk\/tBKOdID\/dEjW4bXAJT0H+2Q2schG601Imnywksf\/f8THazPOEcCN2dDDQuzs3BWJIFBXhX1cwBVWK2PrQ\/E\/TKr+5z9adr8icv2Hu0UuOj3nz7WVuDBmrb2spouZtb5jOxb\/vYtE3DwxmOOFHKlG7eYLzJTXnA2oyp2XLYqdMdvIxb+0Nmy\/CEpdguWPdvFdgjb4wl0RhMZU7u7Mp39Zxb5X2cDd9SYHS0jVLXqEPphDaT+6VxcXBI+2kSKRAuycjV0Dxcj+OYZhIl6N1iF07WojGOCnnA5474iE\/B4xwl4XNFqJbOV+IiDf\/Fqh4yrj1qYwsbNhv4zuatsKfNSjxxwMmSLEXcedHxAQNf3A9fwD64CRauPnxtI8iXLYEogGOjX3zJBMF6oy7VGxEyCVt1hG2PWmBSUd1cAlQjmvt\/sJRYwNZ21mlwvQwQDgg+wNUDTislkwZZQQWVtYeKParYH8R5n8GNqFUEZINDtWrJORbhfPNR4VFBGJ3HFWEGZ+SxpoCjgXNndSNTYutzd0ch7s0R42PRxraYQWA+oh5FuzNn3ijXwQcz3+yP0dh3FmlqeoDDo\/lRld4+VDSzS7EZWc5SE9QMSCUgpfoy340\/g6o1c3bJRphxcLTkH5d1sOp560ym7D6B2HPO9596qoMD4C6X2MxixEo8\/OduHV4aoXgwZG0mas4KjTiLp4QsrvbnTCJDdxp866IaotBQ=="} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","vlan_id":1508,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgACQABxEaKg1coHGgq9ekcBu+xsBU5w1QAHq\/m9vTr7O5IAzcdS9wk7Ddox7LZfFBxkY2AqLA6FdJac+irakSOuazN4u6hF1R+\/y2HQI+W+79jJkogrQXvngngx2k8dz0wx\/N3Epp4s2\/DhaDZbD7E8nnX2GV2f+ArjgYIr++2bCze927VDqUt6Y\/68rP90Dg5aiaouPSp1+ZMB+0priHJ21yHSthsfaaRWkLP8bV2MAUFf6i5R0YWAgrrRmAwwogiVZQe09Es154tnRchNEu98YkbAfLLvcPbpracl43kyDxfL+\/8jl\/gKgFzMYaHqP6XWb8PJMKxHtKpSfHFxOBwTV0XDOI75sw\/BZKR1W4z0Nsb4mdVi0sIFKhMB3fXrHgitYLfiaaoDrP9DeqAkU6dMZmBDCrMo5HdnJyEpOXJ1UbeQ7eYYxcanlqt8Fj\/Y3gwsRDKXE22Ok4hD9r52oj5au9bvsrCgT6XypMW5pRd6wjMO3QOua1tHWohCjg\/krUjbJarjnPYdrtoltjrSw\/C0+rFmBNxuxUNvwo0bHNhAf+8XyrjYG2JtluYIvbu1YwvVWMlBRk\/YVRI8e4XK\/ehJHdoci9motArqGvfVOjJ4i+2Gywd4FF2DaiGP6hAsLnVHdDNaiTRAYEyr2EIRLQgPZqDTaKDnMFicXzhGn+vl9g0GXP+fRolWnHkCpYK8mkbBruef4DpgBfyw1yiJrQ5biSh+7Txw1UNXcTvLRcH3SQ1wGFFsLAwlOqKq\/O18uxaWbuDNkf7Tutjjn3rQE76FKl6GoLaLKweX1GuQi8HIqoUAix35NM\/ju7+cTbahGDl2CxcErvOq6UNJPYSWobPEoX49OLRB0qtIyS\/wM2XFnQkNdQUCOBkzCMd0J01rLbY4Lr7s0iuVUr63CZDK1dgOwmVLXv61JXHWu4sT1tJ84McL3p\/\/k36EhzDX0MYq9JgXRber3t4ia2auuqfnTuTlnw\/kpFdbENgipApABNauXwGnbI+vQABkmrYVkjcMWAXcDTLz+aRlN1XeZuC13IkWEo7R3ty3KHiCMDYIay9tAIBcEFuUyFCrYhPNbCmDs+969TJUnuqMAyRDWqPCg8mIz8Okt9fcwEoVuiA44iMsYi5LYE9lXm16iKO8KPDjuRYtdBDd8EgpmnjfXDlKdurHbkfaeBwEaSVPWpmaqX0rxrsfFoo7fxpCPutb6bVmrXAfC6MSgWy9H+oW11QeAHTH+iZO+FqGj5bdQFbSu7QfMTLmw9nr093b3rzaHOYG5o54g3jVj1aZzWVb99OR9XQd3UCxHElmXwmfrvYQAVt4Eb97Q05XlEBP9cFasgBmlDsX4l1xr9Yp2xS3u81yyfr2ipR22A+06D8pe8rJ5E6Fs7Yhj\/aleRleF7Mu0+LDx4nFdkGwlrCw7laAkIOZfJW2bIKe+vV9WUQ3qA3aj+wmD7AYUslve3YPjBjGHUrs6Qu8tl\/d\/2eUGn5J4x8S3NMSQJtrnvl5hukCYgkNOvWZhd+iz4tenCYr9\/PG21ldnyflnyWr1zBHEzKnFkceryn\/\/t+CUSLFfvYY\/P\/J41LIrJ8d3PaSJJTdOuT8WyPs3mJe9AIJHowDSLwFWfKsLi\/VfBNzyT3POBy69MGQGwAKcfsb3uHjVmhSQpmhexTOAyMqbuowRQAwPDkotu5vUw\/9ez4kPcjsBfw5DSjmAd6Wso0OWTaLSpB\/ZI6im+FBMfwKlNfirWLGUYp+tN7x7zIzgQhKbgMusNCyPeL8tfUXei+VO8gqS5XXJQZsAhiqrHuYWyEiuverFKZLBXushLyqd1P2W0n5f+jWkfek4A=="} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989290808,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989290808,"vlan_id":1508,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1644251989290808} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1644251989290808} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908483 bytes -~~ total memory freed........: 6908483 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7486079 bytes +~~ total memory freed........: 7486079 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2391 chars diff --git a/test/results/default/gre.pcapng.out b/test/results/default/gre.pcapng.out index 3796cfe79..4d66a0801 100644 --- a/test/results/default/gre.pcapng.out +++ b/test/results/default/gre.pcapng.out @@ -1,10 +1,10 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5} 00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","vlan_id":142,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1483501349095788,"pkt":"AAAAAAACnDf0fG6RgQAAjggARQABbq+lAADyL1hPbWnk\/QqxYlQwgYgLAUqYUAAAAGoAAACM\/wMAIUWgAUY4wQAAPxFN+8CoCtLAqGcoE8QTxAEyV9VTSVAvMi4wIDEwMCBUcnlpbmcNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xMDMuNDA6NTA2MDtycG9ydD01MDYwO3JlY2VpdmVkPTE5Mi4xNjguMTAzLjQwO2JyYW5jaD16OWhHNGJLX0FJMjAwMEF1ZzA2NDkxMzY3MjI3MTEwDQpUbzogPHNpcDoyNzFAMTkyLjE2OC4xMC4yMTA+DQpGcm9tOiA8c2lwOjI4MUAxOTIuMTY4LjEwMy40MD47dGFnPUFJQ0NGODA1RTU3OENFNjQwMw0KQ2FsbC1JRDogQUkxNzM3QUI1NDkxQURDMzkyQDE5Mi4xNjguMTAzLjQwDQpDU2VxOiAxIElOVklURQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/gtp_c.pcap.out b/test/results/default/gtp_c.pcap.out index 85480e80b..38b63c265 100644 --- a/test/results/default/gtp_c.pcap.out +++ b/test/results/default/gtp_c.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614767558813421} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614767558813421} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1614767558813421,"pkt":"5kBKB+riApXG95NLCABFAAETmxkAAIARAAAKZQACCmYAAgQACEsA\/wAASCAA8wAAAABLVGIAAQAIAIlnRREiM0T1TAAGAJh2VBI0VksACAA0VniQEgEC81YADQAYmHZUEjSYdlQSNFZ4UwADAIlHVlIAAQAGTQACAAAAVwAJAIY1UpIECmUAAkcACQAIaW50ZXJuZXSAAAEAAGMAAQABTwAFAAEhFxcBfwABAAJIAAgAAAAnDwAAJw9JAAEABV0APQBJAAEABVQADQAhMQEJEMCoAQH\/\/\/8AVwAJAoQ1UpIFCmUAAlAAFgAYBwAAAAAAAAAAAAAAAAAAAAAAAAAAhAAHAAGsEGtxAAGEAAcBAawQa3IAAXIAAgAAAF8AAgAAAQ=="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,7 +7,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558814579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1614767558814595,"pkt":"5kBKB+riApXG95NLCABFAAA+mxoAAIARAAAKZQACCmYAAgQACEsAKgAASCQAHjVSkgZLVGIASQABAAVWAA0AGJh2VBI0mHZUEjRWeA=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1614767558815505,"pkt":"ApXG95NL5kBKB+riCABFAAAzmxIAAH8Ri9kKZgACCmUAAghLBAAAHwAASCUAEzVSkgRLVGIAAgACABAAAwABAAE="} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":235,"midstream":0,"thread_ts_usec":1614767558815505,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614767558815505} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614767558815505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907729 bytes -~~ total memory freed........: 6907729 bytes -~~ total allocations/frees...: 114141/114141 +~~ total memory allocated....: 7485325 bytes +~~ total memory freed........: 7485325 bytes +~~ total allocations/frees...: 125872/125872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/gtp_false_positive.pcapng.out b/test/results/default/gtp_false_positive.pcapng.out index 7ee8023a4..866b8b985 100644 --- a/test/results/default/gtp_false_positive.pcapng.out +++ b/test/results/default/gtp_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638856441836839} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638856441836839} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856441836839,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856441836839,"pkt":"AAAAAAAAAAEAm1OyCABFAABDuMQAAD8R0IIYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1638856442050829,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856442050829,"pkt":"AAAAAAAAAAEAm1OyCABFAABDLq0AAD8RWpoYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} @@ -7,19 +7,19 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638856501912725,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1638856501912725,"pkt":"AAAAAAAAAAEAm1OyCABFAABL0zoAAD8RtgQYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1638856511476253,"pkt":"AAAAAAAAAAEAm1OyCABFAABKCqAAAD8RfqAYASFCPjh66HJHDToANrRYLgAAAAIpAwDIADJepW\/TFLeVlbt0kwAAAAAAAAAAAAAAAAAAAAB\/vnSTfQEAAA=="} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856511476253,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1639664897536021} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1639664897536021} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1639664897536021,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="} 01001{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1640630605457589} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1640630605457589} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1640630605457589,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="} 01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01177{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1640630605457589} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1640630605457589} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912605 bytes -~~ total memory freed........: 6912605 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7490201 bytes +~~ total memory freed........: 7490201 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1182 chars diff --git a/test/results/default/gtp_prime.pcapng.out b/test/results/default/gtp_prime.pcapng.out index 3d7011bb2..7711846da 100644 --- a/test/results/default/gtp_prime.pcapng.out +++ b/test/results/default/gtp_prime.pcapng.out @@ -1,8 +1,8 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1424882324190538} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1424882324190538} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1424882324190538,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1424882324190538} 00699{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"thread_ts_usec":1424882324190538,"pkt":"tjL\/AAFBtij\/AAFBgQAAZIEAAGcIAEXAARYAAAAAPxEI+QoKNgEKCicK\/EQNOgEC27Eu8AD0AAR+AfwA7wEBHAYA6b9gggDkgAFggwgTACEAAAAA8KQGgAQKCjUBhQQHkAAAhwVlaHJwZIgC8SGpCKAGgAQBAAAGiwEBrIIAKjAogwIDSIQCA0iFAQKGCRUCJRY4RCsAAKkQgQEIhgEJhwNMS0CIA0xLQI0JFQIlFjgBKwAAjgErjwEAsCKkIAYOKwYBBAGyfwMBAkYEAQCBAQCiCzAJAgEBAgEBgQEOkgpBTFUtTk9ERTAxlAEBlQEAlwIBAJgBA54BA58iAQG\/JAaABAoKBgOfJQMTIBCfJgkVAiUWOAArAACfJwkVAiUWOEQrAACfKAQHkAAA"} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1424882324190538} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1424882324190538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 304 chars ~~ json message max len.......: 844 chars diff --git a/test/results/default/h323-overflow.pcap.out b/test/results/default/h323-overflow.pcap.out index 42b362c9f..19e21bf25 100644 --- a/test/results/default/h323-overflow.pcap.out +++ b/test/results/default/h323-overflow.pcap.out @@ -1,10 +1,10 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":946681200000000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} 01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909690 bytes -~~ total memory freed........: 6909690 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7487286 bytes +~~ total memory freed........: 7487286 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1093 chars diff --git a/test/results/default/h323.pcap.out b/test/results/default/h323.pcap.out index 8148c1a24..0d7b9ac9f 100644 --- a/test/results/default/h323.pcap.out +++ b/test/results/default/h323.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1027664341625073} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1027664341625073} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1027664341625073,"flow_src_last_pkt_time":1027664341625073,"flow_dst_last_pkt_time":1027664341625073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1027664341625073,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32803,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1027664341625073,"flow_dst_last_pkt_time":1027664341625073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1027664341625073,"pkt":"ANBQEAFmAAR2IiAXCABFAAA8pKlAAEAGeHAKAQOPCgEGEoAjBrjLcSVhAAAAAKACFtAZygAAAgQFtAQCCAoAVIHIAAAAAAEDAwA="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1027664341625073,"flow_dst_last_pkt_time":1027664341627057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1027664341627057,"pkt":"AAR2IiAXANBQEAFmCABFAAAwcyoAAEAG6fsKAQYSCgEDjwa4gCPda6+9y3ElYnASIABBlAAAAgQFtAEDAwA="} @@ -14,7 +14,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1027664342675887,"flow_dst_last_pkt_time":1027664342849776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1027664342849776,"pkt":"AAR2IiAXANBQEAFmCABFCABEczYAAEAG6dMKAQYSCgEDjwTQgCTdcJG+zA+GfFAYIACuPgAAAwAAHAIwAQYACIF1AAUAgBvFIEAdAIAAAAAbxQ=="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1027664342673754,"flow_src_last_pkt_time":1027664342675887,"flow_dst_last_pkt_time":1027664342849776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1027664342849776,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32804,"dst_port":1232,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1027664342849846,"flow_dst_last_pkt_time":1027664342849776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1027664342849846,"pkt":"ANBQEAFmAAR2IiAXCABFAAAoBExAAEAGGOIKAQOPCgEGEoAkBNDMD4Z83XCR2lAQFtA0lgAA"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1003,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1140001613762117} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1003,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1140001613762117} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1140001613762117,"flow_src_last_pkt_time":1140001613762117,"flow_dst_last_pkt_time":1140001613762117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1140001613762117,"l3_proto":"ip4","src_ip":"192.168.0.208","dst_ip":"192.168.0.1","src_port":56837,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1140001613762117,"flow_dst_last_pkt_time":1140001613762117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1140001613762117,"pkt":"AAxu6d4pAED0u9kNCABFAAAsTBgAAEAGrJLAqADQwKgAAd4FBrjjKVsYAAAAAGACIADTDAAAAgQFrDI6"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1140001613762117,"flow_dst_last_pkt_time":1140001613762634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1140001613762634,"pkt":"AED0u9kNAAxu6d4pCABFAAAsB0hAAIAGcWLAqAABwKgA0Aa43gXl\/6kj4ylbGWASRBAfwAAAAgQFtA=="} @@ -24,7 +24,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1140001613763449,"flow_dst_last_pkt_time":1140001613766500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1140001613766500,"pkt":"AED0u9kNAAxu6d4pCABFAAAsB0lAAIAGcWHAqAABwKgA0Aa43gXl\/6kk4ylbl1AYQ5KCQAAAAwAAKw=="} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1027664342673754,"flow_src_last_pkt_time":1027664343230116,"flow_dst_last_pkt_time":1027664343229818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1140001613950196,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32804,"dst_port":1232,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1027664341625073,"flow_src_last_pkt_time":1027664342671930,"flow_dst_last_pkt_time":1027664342671881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":450,"midstream":0,"thread_ts_usec":1140001613950196,"l3_proto":"ip4","src_ip":"10.1.3.143","dst_ip":"10.1.6.18","src_port":32803,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1198747079978922} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1198747079978922} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1198747079978922,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1198747079978922,"pkt":"ABj+bZZlABMh8GpfCABFAABCx9cAAIART7MRAgB8EQIAoQfyBrcALv7LAiAAAAYACJFKAAQAEQIAfAfyIgCuAQA9AAEDAIXImlEggAMBQAA="} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1198747079978922,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -38,7 +38,7 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1198747081344407,"flow_dst_last_pkt_time":1198747081402254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1198747081402254,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1140001613762117,"flow_src_last_pkt_time":1140001658714557,"flow_dst_last_pkt_time":1140001658714755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":1198747081402254,"l3_proto":"ip4","src_ip":"192.168.0.208","dst_ip":"192.168.0.1","src_port":56837,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747080556295,"flow_dst_last_pkt_time":1198747160184990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1198747160184990,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1331741717182968} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1331741717182968} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1331741717182968,"flow_src_last_pkt_time":1331741717182968,"flow_dst_last_pkt_time":1331741717182968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1331741717182968,"l3_proto":"ip4","src_ip":"10.47.208.204","dst_ip":"10.47.208.50","src_port":1719,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1331741717182968,"flow_dst_last_pkt_time":1331741717182968,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1331741717182968,"pkt":"ABDzD2WgAFBgBANPCABFAAFtAABAAEARhCMKL9DMCi\/QMga3BrcBWUayDoBGkgYACJFKAAYAAQAKL9DMBrgBAAov0MwGtyLAggEBAAdUYW5kYmVyZwIyNTdQggEBAAhUYW5kYmVyZ8ACQAsAMgAwADIAMAAzAEAAYQBtAC4AcwBvAGwBgFPLYIIBAQAHVGFuZGJlcmcCMjU3NA8QMAABgE9MAGIAZAAwADIAMABiADgAMAAtADYAZAA0ADEALQAxADEAZQAxAC0AYQA3AGYAYgAtADAAMAAxADAAZgAzADAAZgA2ADUAYQAwAF8AMQA3AQABAAEAFhgCAAASELh2wpHFUhHalfQADPE+s\/1tAVAg34kDWW9FGZ8nc8ClknSvAABQIN+JA1lvRRmfJ3PApZJ0rwBGPGFzc2VudD48YXNzZW50X3R5cGU+Y2xpZW50PC9hc3NlbnRfdHlwZT48dmVyc2lvbj4xPC92ZXJzaW9uPjwvYXNzZW50Pg=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1331741717182968,"flow_src_last_pkt_time":1331741717182968,"flow_dst_last_pkt_time":1331741717182968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1331741717182968,"l3_proto":"ip4","src_ip":"10.47.208.204","dst_ip":"10.47.208.50","src_port":1719,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -49,7 +49,7 @@ 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1331741747299202,"flow_dst_last_pkt_time":1331741747300886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1331741747300886,"pkt":"AFBgBANPABDzD2WgCABFAAEaAABAAEARhHYKL9AyCi\/QzAa3BrcBBmDOEsBGkwYACJFKAAYBAAov0DIGuAJACwAyADAAMgAwADMAQABhAG0ALgBzAG8AbAGAU8sOAGEAbQAtAHYAYwBzAC0AMEwAYgBkADAAMgAwAGIAOAAwAC0ANgBkADQAMQAtADEAMQBlADEALQBhADcAZgBiAC0AMAAwADEAMABmADMAMABmADYANQBhADAAXwAxADcnioAAXgNACi\/QNga3FABBAGwAdABlAHIAbgBhAHQAZQAgADGBQAov0DMGtxQAQQBsAHQAZQByAG4AYQB0AGUAIAAygUAKL9A1BrcUAEEAbAB0AGUAcgBuAGEAdABlACAAM4ECADsBAAEAAQA="} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1331741777425141,"flow_dst_last_pkt_time":1331741747300886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1331741777425141,"pkt":"ABDzD2WgAFBgBANPCABFAAFtAABAAEARhCMKL9DMCi\/QMga3BrcBWUawDoBGlAYACJFKAAYAAQAKL9DMBrgBAAov0MwGtyLAggEBAAdUYW5kYmVyZwIyNTdQggEBAAhUYW5kYmVyZ8ACQAsAMgAwADIAMAAzAEAAYQBtAC4AcwBvAGwBgFPLYIIBAQAHVGFuZGJlcmcCMjU3NA8QMAABgE9MAGIAZAAwADIAMABiADgAMAAtADYAZAA0ADEALQAxADEAZQAxAC0AYQA3AGYAYgAtADAAMAAxADAAZgAzADAAZgA2ADUAYQAwAF8AMQA3AQABAAEAFhgCAAASELh2wpHFUhHalfQADPE+s\/1tAVAg34kDWW9FGZ8nc8ClknSvAABQIN+JA1lvRRmfJ3PApZJ0rwBGPGFzc2VudD48YXNzZW50X3R5cGU+Y2xpZW50PC9hc3NlbnRfdHlwZT48dmVyc2lvbj4xPC92ZXJzaW9uPjwvYXNzZW50Pg=="} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1331741717182968,"flow_src_last_pkt_time":1331741777425141,"flow_dst_last_pkt_time":1331741747300886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":337,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":1011,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1331741777425141,"l3_proto":"ip4","src_ip":"10.47.208.204","dst_ip":"10.47.208.50","src_port":1719,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":75,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1331741777425141} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":75,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1331741777425141} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 75/75 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923805 bytes -~~ total memory freed........: 6923805 bytes -~~ total allocations/frees...: 114271/114271 +~~ total memory allocated....: 7501428 bytes +~~ total memory freed........: 7501428 bytes +~~ total allocations/frees...: 126003/126003 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 1096 chars diff --git a/test/results/default/haproxy.pcap.out b/test/results/default/haproxy.pcap.out index aa68a35e2..02f94103f 100644 --- a/test/results/default/haproxy.pcap.out +++ b/test/results/default/haproxy.pcap.out @@ -1,10 +1,10 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687864379191181} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687864379191181} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1687864379191181,"pkt":"+hY+jaKQ+hY+\/yO1CABFAAFpvu5AAD8GAgoBAQEBAgICAr12Abu3rOLhYNsr0IAYAebcfgAAAQEICj6dk6a+omhcUFJPWFkgVENQNCAxMS4xMTEuMTEuMTExIDIyMi4yMjIuMjIyLjIyIDUyMTc2IDQ0Mw0KFgMBAP0BAAD5AwNlfFlZ28HZabWEzRLxYxkQw8ZEWOpFUKuCCl2ET+sPiyCZoEcV\/EP3q9ibNr\/\/S8YKnRMNZ3pfRaKXBGknrdMLPAAkEwETAhMDwC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAjAAAABgAFgAAE2FhYWFhYWFhYWFhYWFhYWEueHgAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIC9wHtbeNV7Yhsp5eQYXtT7TM0R+9NA5\/A60gExAg7ZMAC0AAgEBACsABQQDBAMD"} 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1687864379191181} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1687864379191181} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909719 bytes -~~ total memory freed........: 6909719 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7487315 bytes +~~ total memory freed........: 7487315 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 1069 chars diff --git a/test/results/default/hart_ip.pcap.out b/test/results/default/hart_ip.pcap.out index 54ed6d6bc..7c5562a40 100644 --- a/test/results/default/hart_ip.pcap.out +++ b/test/results/default/hart_ip.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332169969950823} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332169969950823} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332169969950823,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1332169969950823,"pkt":"ACYWAADSAAwpUKn8CABFAAApAABAAEARuQTAqABlwKgACsLxE+YAFXSoAQAAAAACAA0BAAB1MA=="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332169969950823,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -21,7 +21,7 @@ 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":14,"flow_first_seen":1332170006682110,"flow_src_last_pkt_time":1332170040778581,"flow_dst_last_pkt_time":1332170040778475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49559,"dst_port":5094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1332169969956063,"flow_src_last_pkt_time":1332170004665691,"flow_dst_last_pkt_time":1332170004664457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.101","src_port":5095,"dst_port":49905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":65,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1332170040778581} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":65,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1332170040778581} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 65/65 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914281 bytes -~~ total memory freed........: 6914281 bytes -~~ total allocations/frees...: 114225/114225 +~~ total memory allocated....: 7491877 bytes +~~ total memory freed........: 7491877 bytes +~~ total allocations/frees...: 125956/125956 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2158 chars diff --git a/test/results/default/heuristic_tcp_ack_payload.pcap.out b/test/results/default/heuristic_tcp_ack_payload.pcap.out index c3a9b05c6..ab98bbece 100644 --- a/test/results/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/default/heuristic_tcp_ack_payload.pcap.out @@ -1,5 +1,5 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681478090730262} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681478090730262} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681478090730262,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090730262,"pkt":"QHGDrEAwoDafLnO8CABFAAA0UOtAAH0GbxHC4scVNBJ\/veMrAbsAeoaaAAAAAIAC+vDKXAAAAgQFtAEDAwgBAQQC"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090780521,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAAOkGU\/w0En+9wuLHFQG74yuLkuWcAHqGm4ASaQPrCQAAAgQFtAEBBAIBAwMI"} @@ -8,7 +8,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090832249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681478090832249,"pkt":"oDafLnO8QHGDrEAwCABFAAAuXV1AAOkG9qQ0En+9wuLHFQG74yuLkuWdAHqIoFAQAG6SZwAAAAAAAAAA"} 01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1860474.4,"max":28647677,"stddev":7030273.0,"var":49424738811904.0,"ent":1.1,"data": [50259,51105,553,51728,128,0,97,51293,1354,0,1851,500,202,193,0,51721,0,48,140,50129,407,8135,0,8098,85064,28647677,19,62,28613926,13,0]},"pktlen": {"min":42,"avg":308.7,"max":2960,"stddev":576.0,"var":331721.9,"ent":3.6,"data": [52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]},"bins": {"c_to_s": [6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1],"entropies": [4.700937748,4.839770317,4.678030014,5.790879726,4.390829086,5.801830769,7.220153809,7.298819065,4.678030014,7.385129929,4.797285557,4.725648880,6.228291035,6.284518242,7.567343235,7.646277905,6.609186172,5.432500839,6.074527264,4.434307575,4.678030014,5.448187351,7.460664272,5.370555878,4.678030014,4.477785587,5.985470772,5.565127373,7.818080425,4.434307575,4.477785587,5.465760708]}} 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681887368538349} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":64,"packets-processed":63,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681887368538349} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887368538349,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368538349,"pkt":"QHGDrEAwoDafLnO8CABFAAA0sahAAEAGEuHC4sfiCPfifoU1AFBr1P3sAAAAAIAC+vAOnwAAAgQFtAEBBAIBAwMH"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368549865,"pkt":"oDafLnO8QHGDrEAwCABFAAA0+VoAADkGEi8I9+J+wuLH4gBQhTVLutKfa9T97YASpWRFuwAAAgQFtAEBBAIBAwMM"} @@ -26,7 +26,7 @@ 01074{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887519032454,"flow_dst_last_pkt_time":1681887519031452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":867,"flow_dst_tot_l4_payload_len":19359,"midstream":0,"thread_ts_usec":1681887519032454,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00998{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1682070081976502} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1682070081976502} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070081976502,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081976502,"pkt":"QHGDrEAwoDafLnO8CABFAAA01rdAAH4G1SvC4scJXN9qFcJcAbti0BbiAAAAAIAC+vDldAAAAgQFtAEDAwgBAQQC"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081986323,"pkt":"oDafLnO8QHGDrEAwCABFoAA0AABAADsG7kNc32oVwuLHCQG7wlyvphSeYtAW44ASpWR2qgAAAgQFtAEBBAIBAwMJ"} @@ -54,7 +54,7 @@ 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":47,"flow_first_seen":1682070122465460,"flow_src_last_pkt_time":1682070140586728,"flow_dst_last_pkt_time":1682070140596749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":24070,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"2.22.40.186","src_port":6946,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00864{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":303,"packets-processed":303,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1682070140596749} +00864{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":303,"packets-processed":303,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1682070140596749} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 303/303 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6941005 bytes -~~ total memory freed........: 6941005 bytes -~~ total allocations/frees...: 114515/114515 +~~ total memory allocated....: 7518601 bytes +~~ total memory freed........: 7518601 bytes +~~ total allocations/frees...: 126246/126246 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2021 chars diff --git a/test/results/default/hislip.pcap.out b/test/results/default/hislip.pcap.out index 4f915eba5..2839eddd9 100644 --- a/test/results/default/hislip.pcap.out +++ b/test/results/default/hislip.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1395234992923478} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1395234992923478} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992923478,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923478,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0O7NAAIAGAAAKQAB\/CkAASMdtExCcmBGeAAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923722,"pkt":"+LFWq9DWAOAz2gNECABFAAA0RotAAIAGnvIKQABICkAAfxMQx23MdkTbnJgRn4ASIACfsgAAAgQFtAEDAwgBAQQC"} @@ -36,7 +36,7 @@ 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":16,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395235239784812,"flow_dst_last_pkt_time":1395235239784744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":20,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235237017565,"flow_dst_last_pkt_time":1395235237017484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":23,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235237016961,"flow_dst_last_pkt_time":1395235237016867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":313,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":184,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1395235239785411} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":184,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1395235239785411} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 184/184 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920185 bytes -~~ total memory freed........: 6920185 bytes -~~ total allocations/frees...: 114358/114358 +~~ total memory allocated....: 7497781 bytes +~~ total memory freed........: 7497781 bytes +~~ total allocations/frees...: 126089/126089 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2241 chars diff --git a/test/results/default/hl7.pcap.out b/test/results/default/hl7.pcap.out index 816ab942d..9f036efa3 100644 --- a/test/results/default/hl7.pcap.out +++ b/test/results/default/hl7.pcap.out @@ -1,26 +1,42 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517275422250397} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1517275422250397} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275422250397,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422250397,"pkt":"CAAnHabCAAwptbZICABFAAA0emVAAIAGa0YKAACbCgAAfsBaGgVdWCFsAAAAAIACIADg0wAAAgQFtAEDAwgBAQQC"} -00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422251429,"pkt":"AAwptbZICAAnHabCCABFAAA0Xc5AAIAGAAAKAAB+CgAAmxoFwFq\/ZRXRXVghbYASIAAVPwAAAgQFtAEDAwgBAQQC"} -00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1517275422252096,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1517275422252096,"pkt":"CAAnHabCAAwptbZICABFAAAoemZAAIAGa1EKAACbCgAAfsBaGgVdWCFtv2UV0lAQAQBrXwAAAAAAAAAA"} -01159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1517275422252881,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"thread_ts_usec":1517275422252881,"pkt":"CAAnHabCAAwptbZICABFAAIFemdAAIAGaXMKAACbCgAAfsBaGgVdWCFtv2UV0lAYAQC5qAAAC01TSHxeflwmfFNFTkRJTkdfQVBQTElDQVRJT058U0VORElOR19GQUNJTElUWXxSRUNFSVZJTkdfQVBQTElDQVRJT058UkVDRUlWSU5HX0ZBQ0lMSVRZfDIwMTEwNjEzMDgzNjE3fHxBRFReQTAxfDkzNDU3NjEyMDExMDYxMzA4MzYxN3xQfDIuM3x8fHwNRVZOfEEwMXwyMDExMDYxMzA4MzYxN3x8fA1QSUR8MXx8MTM1NzY5fHxNT1VTRV5NSUNLRVlefHwxOTI4MTExOHxNfHx8MTIzIE1haW4gU3QuXl5MYWtlIEJ1ZW5hIFZpc3RhXkZMIF4zMjgzMHx8KDQwNyk5MzktNTU1NV5eXm9odG9vZGxlc0Bub3RkaXNuZXkuY29tfHx8fHwxNzE5fDk5OTk5OTk5OXx8fCB8TU9VU0VUT1dOfHx8fHx8fHx8fHx8fHx8fA1OSzF8MXxNT1VTRV5NSU5OSUV8V0lGRXx8fHx8fE5LDVBWMXwxfE98fHx8fF5eXl5eXl5efF5eXl5eXl5eDUFMMXwxfHxeUGVuaWNpbGxpbnx8QW5hcGh5bGFjdGljIHNob2NrDUFMMXwyfHxeQ2F0IGRhbmRlcnx8U2tpbiByYXNoDRwN"} -01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422252881,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":477,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275422252881,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1517275422252881,"flow_dst_last_pkt_time":1517275422273295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1517275422273295,"pkt":"AAwptbZICAAnHabCCABFAADQXc9AAIAGAAAKAAB+CgAAmxoFwFq\/ZRXSXVgjSlAYAQAV2wAAC01TSHxeflwmfFJFQ0VJVklOR19BUFBMSUNBVElPTnxSRUNFSVZJTkdfRkFDSUxJVFl8U0VORElOR19BUFBMSUNBVElPTnxTRU5ESU5HX0ZBQ0lMSVRZfDIwMTgwMTI5MTkyMzQyLjI0NXx8QUNLfDIwMTgwMTI5MTkyMzQyLjI0NXxQfDIuMw1NU0F8QUF8OTM0NTc2MTIwMTEwNjEzMDgzNjE3DRwN"} -01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422285397,"flow_dst_last_pkt_time":1517275422284848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":477,"flow_dst_max_l4_payload_len":168,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1517275422285397,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1517275422285397} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422250397,"pkt":"CAAnHabCAAOxtbZICABFAAA0emVAAIAGa0YKAACbCgAAfsBaGgVdWCFsAAAAAIACIADg0wAAAgQFtAEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422250397,"pkt":"CAAnHabCAAOxtbZICABFAAA0emVAAIAGa0YKAACbCgAAfsBaGgVdWCFsAAAAAIACIADg0wAAAgQFtAEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422251429,"pkt":"AAwptbZICAAnHabCCABFAAA0Xc5AAIAGAAAKAAB+CgAAmxoFwFq\/ZRXRXVghbYASIAAVPwAAAgQFtAEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422251429,"pkt":"AAOxtbZICAAnHabCCABFAAA0Xc5AAIAGAAAKAAB+CgAAmxoFwFq\/ZRXRXVghbYASIAAVPwAAAgQFtAEDAwgBAQQC"} +01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422252881,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":477,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275422252881,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1517275687767046,"flow_src_last_pkt_time":1517275687767046,"flow_dst_last_pkt_time":1517275687767046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275687767046,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49250,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1517275687767046,"flow_dst_last_pkt_time":1517275687767046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275687767046,"pkt":"CAAnHabCAAwptbZICABFAAA0et9AAIAGaswKAACbCgAAfsBiGgXOGM0xAAAAAIACIADERQAAAgQFtAEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1517275687767046,"flow_dst_last_pkt_time":1517275687767537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275687767537,"pkt":"AAwptbZICAAnHabCCABFAAA0XoNAAIAGAAAKAAB+CgAAmxoFwGLcsiLWzhjNMoASIAAVPwAAAgQFtAEDAwgBAQQC"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1517275687768024,"flow_dst_last_pkt_time":1517275687767537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1517275687768024,"pkt":"CAAnHabCAAwptbZICABFAAAoeuBAAIAGatcKAACbCgAAfsBiGgXOGM0y3LIi11AQAQAkfwAAAAAAAAAA"} +01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1517275687769050,"flow_dst_last_pkt_time":1517275687767537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":667,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":667,"pkt_l4_len":633,"thread_ts_usec":1517275687769050,"pkt":"CAAnHabCAAwptbZICABFAAKNeuFAAIAGaHEKAACbCgAAfsBiGgXOGM0y3LIi11AYAQDF3AAAC01TSHxeflwmfFNlbmRpbmdBcHB8U2VuZGluZ0ZhY3xSZWNlaXZpbmdBcHB8UmVjZWl2aW5nRmFjfDIwMTIwNDExMDcwNTQ1fHxPUk1eTzAxfDU5Njg5fFB8Mi4zDVBJRHwxfDEyMzQ1fDEyMzQ1Xl5eTUlFJjEuMi44NDAuMTE0Mzk4LjEuMTAwJklTT15NUnx8TU9VU0VeTUlDS0VZXlN8fDE5MjgxMTE4fE18fHwxMjMgTWFpbiBTdC5eXkxha2UgQnVlbmEgVmlzdGFeRkxeMzI4M3x8fHx8fHx8fHx8fHx8fHx8fHwNUFYxfDF8fDdeRGlzbmV5XldhbHReXk1EXl5eXnx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8Xl5eXl4xLjIuODQwLjExNDM5OC4xLjY2OC4xMTk5OTExNjExMDExOTk3MTA4MTA4OTc5OTEwMXx8DU9SQ3xOV3wyM3x8fFBlbmRpbmd8fF5eXl5eMHx8MjAxNTAzMjUxNzAyMjh8MjZeSGF6ZWxeRGFsbGFzfHw4XlNlbGVuaXVtXlNlbGVuaXVtfF5eXl5PRkZJQ0VeXl5eXk9mZmljZXxeXl50ZXN0QGVtYWlsLmNvbXx8fHx8fHx8fHwNT0JSfDF8MjN8fDEyM15DUkVBVElOSU5FfDB8fHx8fHx8fHx8fDheU2VsZW5pdW1eU2VsZW5pdW18fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8DU9CUnwyfDIzfHw4MDA2MV5MSVBJRA0cDQ=="} +01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1517275687767046,"flow_src_last_pkt_time":1517275687769050,"flow_dst_last_pkt_time":1517275687767537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":613,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275687769050,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49250,"dst_port":6661,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1517275687769050,"flow_dst_last_pkt_time":1517275687781814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1517275687781814,"pkt":"AAwptbZICAAnHabCCABFAACiXoRAAIAGAAAKAAB+CgAAmxoFwGLcsiLXzhjPl1AYAQAVrQAAC01TSHxeflwmfFJlY2VpdmluZ0FwcHxSZWNlaXZpbmdGYWN8U2VuZGluZ0FwcHxTZW5kaW5nRmFjfDIwMTgwMTI5MTkyODA3Ljc3NHx8QUNLfDIwMTgwMTI5MTkyODA3Ljc3NHxQfDIuMw1NU0F8QUF8NTk2ODkNHA0="} +01096{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422285397,"flow_dst_last_pkt_time":1517275422284848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":477,"flow_dst_max_l4_payload_len":168,"flow_src_tot_l4_payload_len":1431,"flow_dst_tot_l4_payload_len":504,"midstream":0,"thread_ts_usec":1517275687786637,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1517275751433916,"flow_src_last_pkt_time":1517275751433916,"flow_dst_last_pkt_time":1517275751433916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275751433916,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49252,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1517275751433916,"flow_dst_last_pkt_time":1517275751433916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275751433916,"pkt":"CAAnHabCAAwptbZICABFAAA0eulAAIAGasIKAACbCgAAfsBkGgVMiwS4AAAAAIACIAAOSwAAAgQFtAEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1517275751433916,"flow_dst_last_pkt_time":1517275751434678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275751434678,"pkt":"AAwptbZICAAnHabCCABFAAA0XpVAAIAGAAAKAAB+CgAAmxoFwGS6t9GrTIsEuYASIAAVPwAAAgQFtAEDAwgBAQQC"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1517275751435020,"flow_dst_last_pkt_time":1517275751434678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1517275751435020,"pkt":"CAAnHabCAAwptbZICABFAAAoeupAAIAGas0KAACbCgAAfsBkGgVMiwS5urfRrFAQAQDhqQAAAAAAAAAA"} +02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1517275751439468,"flow_dst_last_pkt_time":1517275751434678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1517275751439468,"pkt":"CAAnHabCAAwptbZICABFAAXceutAAIAGZRgKAACbCgAAfsBkGgVMiwS5urfRrFAQAQAMjwAAC01TSHxeflwmfFNlbmRpbmdBcHB8U2VuZGluZ0ZhY3xSZWNlaXZpbmdBcHB8UmVjZWl2aW5nRmFjfDIwMTIwNDExMDcwNTQ1fHxPUlVeUjAxfDU5Njg5fFB8Mi4zDVBJRHwxfDEyMzQ1fDEyMzQ1Xl5eTUlFJjEuMi44NDAuMTE0Mzk4LjEuMTAwJklTT15NUnx8TU9VU0VeTUlOTklFXlN8fDE5MjQwMTAxfEZ8fHwxMjMgTU9VU0VIT0xFIExOXl5GT1JUIFdBWU5FXklOXjQ2ODA4fHx8fHx8fHx8fHx8fHx8fHx8fA1QVjF8MXxPfHx8fHw3MV5EVUNLXkRPTkFMRHx8fHx8fHx8fHx8fDEyMzc2fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fDIwMTIwNDEwMTYwMjI3fHx8fHx8DU9SQ3xSRXx8MTIzNzZ8fHx8fHx8MTAwXkRVQ0teREFTSVl8fDcxXkRVQ0teRE9OQUxEfF5eXnx8MjAxMjA0MTEwNzA1NDV8fHx8fA1PQlJ8MXx8MTIzNzZ8Y2JjXkNCQ3xSfHwyMDEyMDQxMDE2MDIyN3x8fDIyXkdPT0ZeR09PRll8fHxGYXN0aW5nOiBOb3wyMDEyMDQxMDE2MjV8fDcxXkRVQ0teRE9OQUxEfHx8fHx8MjAxMjA0MTAxNjMwfHx8Rnx8Xl5eXl5SfHx8fHx8fHx8fHx8fHx8fHw4NTAyNXwNT0JYfDF8Tk18d2JjXldiY15Mb2NhbF42NjkwLTJeV2JjXkxOfHw3LjB8L25sfDMuOC0xMS4wfHx8fEZ8fHwyMDEyMDQxMDE2MDIyN3xsYWJ8MTJeWFlaIExBQnwNT0JYfDJ8Tk18bmV1dHJvc15OZXV0cm9zXkxvY2FsXjc3MC04Xk5ldXRyb3NeTE58fDY4fCV8NDAtODJ8fHx8Rnx8fDIwMTIwNDEwMTYwMjI3fGxhYnwxMl5YWVogTEFCfA1PQlh8M3xOTXxseW1waHNeTHltcGhzXkxvY2FsXjczNi05Xkx5bXBoc15MTnx8MjB8JXwxMS00N3x8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlhZWiBMQUJ8DU9CWHw0fE5NfG1vbm9zXk1vbm9zXkxvY2FsXjU5MDUtNV5Nb25vc15MTnx8MTZ8JXw0LTE1fEh8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlhZWiBMQUJ8DU9CWHw1fE5NfGVvXkVvc15Mb2NhbF43MTMtOF5Fb3NeTE58fDN8JXwwLTh8fHx8Rnx8fDIwMTIwNDEwMTYwMjI3fGxhYnwxMl5YWVogTEFCfA1PQlh8NnxOTXxiYXNvXkJhc29eTG9jYWxeNzA2LTJeQmFzb15MTnx8MHwlfDAtMXx8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlhZWiBMQUJ8DU9CWHw3fE5NfGlnXkltbSBHcmFuXkxvY2FsXjM4NTE4LTdeSW1tIEdyYW5eTE58fDB8JXwwLTJ8fHx8Rnx8fDIwMTIwNDEwMTYwMjI3fGxhYnwxMl5YWVogTEFCfA1PQlh8OHxOTXxyYmNeUmJjXkxvY2FsXjc4OS04XlJiY15MTnx8NC4wMnwvcGx8NC4wNy00LjkyfEx8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlhZWiBMQUJ8DU9CWHw5fE5NfGhnYl5IZ2JeTG9jYWxeNzE4LTdeSGdiXkxOfHwxMy43fGcvZGx8MTIuMC0xNC4xfHx8fEZ8fHwyMDEyMDQxMDE2MDIyN3xsYWJ8MTJeWFlaIExBQnwNT0JYfDEwfE5NfGhjdF5IY3ReTG9jYWxeNDU0NC0zXkhjdF5MTnx8NDB8JXwzNC00M3x8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlg="} +01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1517275751433916,"flow_src_last_pkt_time":1517275751439468,"flow_dst_last_pkt_time":1517275751434678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275751439468,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49252,"dst_port":6661,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00952{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1517275751439468,"flow_dst_last_pkt_time":1517275751434678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_usec":1517275751439468,"pkt":"CAAnHabCAAwptbZICABFAAFneuxAAIAGaYwKAACbCgAAfsBkGgVMiwpturfRrFAYAQCkEgAAWVogTEFCfA1PQlh8MTF8Tk18bWN2Xk1jdl5Mb2NhbF43ODctMl5NY3ZeTE58fDgwfGZsfDc3LTk4fHx8fEZ8fHwyMDEyMDQxMDE2MDIyN3xsYWJ8MTJeWFlaIExBQnwNT0JYfDEyfE5NfG1jaF5NY2h8fDMwfHBnfDI3LTM1fHx8fEZ8fHwyMDEyMDQxMDE2MDIyN3xsYWJ8MTJeWFlaIExBQnwNT0JYfDEzfE5NfG1jaGNeTWNoY3x8MzJ8Zy9kbHwzMi0zNXx8fHxGfHx8MjAxMjA0MTAxNjAyMjd8bGFifDEyXlhZWiBMQUJ8DU9CWHwxNHxOTXxwbHReUGxhdGVsZXRzfHwyMjF8L25sfDE0MC00MDB8fHx8Rnx8fDIwMTIwNDEwMTYwMjI3fGxhYnwxMl5YWVogTEFCfA0cDQ=="} +01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1517275687767046,"flow_src_last_pkt_time":1517275687786637,"flow_dst_last_pkt_time":1517275687786209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":613,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1517275751462001,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49250,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1517275751433916,"flow_src_last_pkt_time":1517275751462001,"flow_dst_last_pkt_time":1517275751459723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":1779,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1517275751462001,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49252,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":108,"category":"Health"}} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1517275751462001} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 9/9 +~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 645 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 +~~ total layer4 data length..: 4571 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909946 bytes -~~ total memory freed........: 6909946 bytes -~~ total allocations/frees...: 114148/114148 +~~ total memory allocated....: 7497614 bytes +~~ total memory freed........: 7497614 bytes +~~ total allocations/frees...: 125946/125946 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 533 chars -~~ json message max len.......: 1164 chars -~~ json message avg len.......: 842 chars +~~ json message min len.......: 534 chars +~~ json message max len.......: 2480 chars +~~ json message avg len.......: 1498 chars diff --git a/test/results/default/hls.pcapng.out b/test/results/default/hls.pcapng.out index 367440efe..cd68bddd5 100644 --- a/test/results/default/hls.pcapng.out +++ b/test/results/default/hls.pcapng.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721055013596325} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721055013596325} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721055013596325,"flow_src_last_pkt_time":1721055013596325,"flow_dst_last_pkt_time":1721055013596325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721055013596325,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"192.168.88.231","src_port":41644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1721055013596325,"flow_dst_last_pkt_time":1721055013596325,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1721055013596325,"pkt":"RQAAPMH2QABABqddCtetAcCoWOeirB+Q4VphPwAAAACgAv\/\/omMAAAIEJugEAggKkY4cmQAAAAABAwMJ"} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1721055013596325,"flow_dst_last_pkt_time":1721055013597886,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1721055013597886,"pkt":"RQAAMAAAQABABmlgwKhY5wrXrQEfkKKsd+t36+FaYUBwEgQAkMQAAAIEJugDAwkA"} @@ -8,7 +8,7 @@ 01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1721055013596325,"flow_src_last_pkt_time":1721055013598580,"flow_dst_last_pkt_time":1721055013597886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721055013598580,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"192.168.88.231","src_port":41644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.88.231","domainame":"192.168.88.231","http": {"url":"192.168.88.231:8080\/output.m3u8","code":0,"content_type":"","user_agent":"VLC\/3.0.18 LibVLC\/3.0.18"}}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1721055013598580,"flow_dst_last_pkt_time":1721055013598686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1721055013598686,"pkt":"RQAAKAAAQABABmlowKhY5wrXrQEfkKKsd+t37OFaYdRQEAP\/5SkAAA=="} 01250{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1721055013596325,"flow_src_last_pkt_time":1721055018937325,"flow_dst_last_pkt_time":1721055018937476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":323,"midstream":0,"thread_ts_usec":1721055018937476,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"192.168.88.231","src_port":41644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.HLS","proto_id":"7.418","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"192.168.88.231"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1721055018937476} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/hls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1721055018937476} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908176 bytes -~~ total memory freed........: 6908176 bytes -~~ total allocations/frees...: 114157/114157 +~~ total memory allocated....: 7485792 bytes +~~ total memory freed........: 7485792 bytes +~~ total allocations/frees...: 125889/125889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 511 chars ~~ json message max len.......: 1359 chars diff --git a/test/results/default/hots.pcapng.out b/test/results/default/hots.pcapng.out index 7ae4df474..e74b025f1 100644 --- a/test/results/default/hots.pcapng.out +++ b/test/results/default/hots.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654637718943449} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654637718943449} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637718943449,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/EkAAIARAADAqABJGGk4DdVGDowAIBGZ5l00AJcnFPc\/largPjZAABq8Y7Mqyf2l"} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -9,7 +9,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654637719137613,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637719137613,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/E0AAIARAADAqABJGGk4DdVGDowAIBGZ5l00AE+Qups7r8mPrXxAABrIY9cLO2D3"} 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811243833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":540,"midstream":0,"thread_ts_usec":1654637811243833,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3612,"avg":2995064.8,"max":91418317,"stddev":16143814.0,"var":260622725939200.0,"ent":0.2,"data": [39885,24383,63734,66162,61944,34445,30828,61113,3612,33342,62853,57422,6903,91418317,63443,62525,36602,26359,63168,62882,63116,62919,63469,62673,63217,32441,30200,63038,62887,26082,37046]},"pktlen": {"min":48,"avg":54.9,"max":60,"stddev":5.0,"var":25.2,"ent":5.0,"data": [52,48,52,52,52,52,48,52,48,52,52,52,48,52,60,60,60,48,60,60,60,60,60,60,60,60,48,60,60,60,48,60]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.946224213,4.767892838,4.792377472,4.869300842,4.946224213,4.946224213,4.809559822,4.869300842,4.767892838,4.907762527,4.946224213,4.907762527,4.752166748,4.946224213,4.432916641,4.366249561,4.366250038,3.700824261,4.366250038,4.432916641,4.332916737,4.399583340,4.199582577,4.302914619,4.287001610,4.366250038,3.742490768,4.353668213,4.366249561,4.399583340,3.742490768,4.366249561]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654637811370381,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654783675054709} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654783675054709} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1654783675054709,"pkt":"HIcsX1wrXKbmnXAsCABFAAAwCHlAADMRLDMYaTm3wKgASQRfxbEAHHLGAAAAAAAAAAAAAAAAAABAAAnvZd4="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -18,7 +18,7 @@ 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1654783675117304,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675117304,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CIBAADMRK+YYaTm3wKgASQRfxbEAYiR2AAAAAAAAAAAAAAAAAABAAAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1654783675154334,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675154334,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CJ1AADMRK8kYaTm3wKgASQRfxbEAYiRmAAAAAAAAAAAAAAAAAABAEAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654783675999278,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1654785317878340} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1654785317878340} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_usec":1654785317878340,"pkt":"HIcsX1wrXKbmnXAsCABFAABvGAZAADMRHQ4YaTkQwKgASQ6MxbEAW4bbAAAAAAAAAAAAAAAAAABAAEsqg3hSe3s95phNudnvfQibOs38xR2pLkVG09Ss9ri5OJJni8tOOzlPJsNzb+raB889CpbXTuIgbs4COoyi16z\/8Gg="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -29,7 +29,7 @@ 02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785318886180,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785318886180,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1113,"avg":32511.0,"max":62822,"stddev":18812.4,"var":353907232.0,"ent":4.7,"data": [31758,14744,16286,4737,58380,5040,58167,42440,20509,62822,16348,46993,45239,18003,62811,27060,19191,16374,50151,13098,1113,62335,31570,31017,31934,30736,13221,50259,34089,29278,62137]},"pktlen": {"min":48,"avg":105.5,"max":150,"stddev":33.5,"var":1124.4,"ent":4.9,"data": [111,111,48,132,132,103,103,121,121,103,109,109,103,48,150,109,109,48,109,48,150,150,146,48,129,48,138,138,121,48,123,109]},"bins": {"c_to_s": [7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.727404118,5.736169815,3.659157991,5.974259377,6.029637337,5.373315811,5.410210133,5.896153450,5.877972126,5.645791054,5.660812855,5.713362217,5.521955967,3.700824261,6.180423737,5.754983425,5.770836353,3.742490768,5.748058796,3.700824261,6.267391682,6.252244949,6.277539730,3.742491007,6.034878731,3.742490768,6.026935577,6.097950459,5.911030293,3.700824499,5.963339806,5.665075302]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675999278,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785319138383,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1654785319138383} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1654785319138383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915273 bytes -~~ total memory freed........: 6915273 bytes -~~ total allocations/frees...: 114259/114259 +~~ total memory allocated....: 7492869 bytes +~~ total memory freed........: 7492869 bytes +~~ total allocations/frees...: 125990/125990 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2204 chars diff --git a/test/results/default/hpvirtgrp.pcap.out b/test/results/default/hpvirtgrp.pcap.out index 4a07c635f..62d7b6f14 100644 --- a/test/results/default/hpvirtgrp.pcap.out +++ b/test/results/default/hpvirtgrp.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614852331255737} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614852331255737} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331255737,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614852331255737,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614852331284558,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} @@ -7,7 +7,7 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614852331296153,"pkt":"eJS0JASgYDjgxTWgCABFAACs5ERAAD8GMYzAqAJkoCzCQrXqFGfdahKKAppmxVAY\/\/8HHQAAFgCEAKqIQmLfq0myi1Ms5EEjm+6cqoVS+bxA3bvOHHc5Gr2Pc4fCkAGOamMfQ3uS+B4J5cuhz68jJKVEgot70CvKeNsy83XzEd14C9vITFbQomfEQv2BBG44aXbDk7QFABdKzsf570s20zguGi2FIzxy4bDOl\/aEx4b8vTDa5Lopbwqr"} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331296153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331324408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614852331324408,"pkt":"YDjgxTWgeJS0JASgCABFAAAoPalAADQG46ugLMJCwKgCZBRnteoCmmbF3WoTDlAQchD0HgAAAAAAAAAA"} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614861892925577} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614861892925577} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861892925577,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614861892925577,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892952589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614861892952589,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} @@ -23,7 +23,7 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614861998769322,"pkt":"eJS0JASgYDjgxTWgCABFAACsbURAAD8GqIzAqAJkoCzCQue8FGe3KQNadGbIs1AY\/\/+TrQAAFgCEAAiEIm75Zy9VjUl+5IerSq31im9iiLiR7yC1EKTt3UZUDIvzmJzS8h4KLbNPThmQ1QigRVFIS+UyNjRfUWaAtxQmjZpmMmOXCehX0iRvSqjyAHMyTpdZ0ZK8tTSp4KvvS4Z8D9n4XXG7+pf9mkL4Vd7qfMcpPZN7co6napRCuwTA"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861998769322,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998797954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614861998797954,"pkt":"YDjgxTWgeJS0JASgCABFAAAoFkhAADQGCw2gLMJCwKgCZBRn57x0ZsiztykD3lAQchAkAwAAAAAAAAAA"} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1614876808445263} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1614876808445263} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614876808445263,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614876808445263,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808474414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614876808474414,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} @@ -33,7 +33,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1614876811615624,"flow_dst_last_pkt_time":1614876811644558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614876811644558,"pkt":"YDjgxTWgeJS0JASgCABFAAAoo01AADQGfgegLMJCwKgCZBRn6hA0hHo6h+Mp3lAQchC5UAAAAAAAAAAA"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861898114372,"flow_dst_last_pkt_time":1614861898108226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614862060685520,"flow_dst_last_pkt_time":1614862060713776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1614877863379823} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":61,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1614877863379823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863379823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614877863379823,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614877863406025,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} @@ -41,7 +41,7 @@ 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614877863430508,"pkt":"eJS0JASgYDjgxTWgCABFAACsnQRAAD8GeMzAqAJkoCzCQpzYFGd4ZLUT\/nJevFAY\/\/9h2wAAFgCEAFeCoLQYkZVucFSlTilhAUO4J2Gc\/xNv4bSVAhSEOKUK9H1p9TyCs4HXw0uhyo2PPSWpxWiXGIKnoP1IQOXwjxvjoWs1kUpThTMlaAQYVgOcRiK1tZrmLAdDEfrq3WNHZxnudDyECwqpv67F1VqOqftf2asba7gyuRDMInsQPi\/4"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863430508,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863456632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614877863456632,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPZAADQGdF6gLMJCwKgCZBRnnNj+cl68eGS1l1AQchDb3QAAAAAAAAAA"} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1614880256676767} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1614880256676767} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256676767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614880256676767,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614880256703598,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} @@ -49,7 +49,7 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614880256732594,"pkt":"eJS0JASgYDjgxTWgCABFAACs7gVAAD8GJ8vAqAJkoCzCQosyFGf2oDFfiaoPnFAY\/\/8f0QAAFgCEAJPbSCaIgYJAv72t6+9wMSbhbGCpMIHq4QEiFn9cVpoUpAzAhIkL4Drs1AaCxzLUFgA09j+Bl+RpSUp6DtaLWuhIO9Gnvu5XUzJAq3+jgAYYgyeP7mDgv3z04Kw3cGmW8nIjjnTadh4CWlfCP+aNEWF\/psIZrRbRsmwZNT1hV3yi"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256732594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256758583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614880256758583,"pkt":"YDjgxTWgeJS0JASgCABFAAAoeIFAADQGqNOgLMJCwKgCZBRnizKJqg+c9qAx41AQchC25AAAAAAAAAAA"} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1614892184461059} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1614892184461059} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614892184461059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184461059,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1614892184487051,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184487051,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} @@ -60,7 +60,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877864310689,"flow_dst_last_pkt_time":1614877864559887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":621,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876926772711,"flow_dst_last_pkt_time":1614876907442799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880490543211,"flow_dst_last_pkt_time":1614880490568599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1614894888601792} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1614894888601792} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888601792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614894888601792,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614894888628926,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} @@ -68,7 +68,7 @@ 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614894888640676,"pkt":"eJS0JASgYDjgxTWgCABFAACsczhAAD8GopjAqAJkoCzCQqY4FGfLLz4Z1Us2RlAY\/\/9TSQAAFgCEALAY6sFBRYGCJimG0Yasbc4USwZsJQL+15UsYRSuD34UJT0hT\/I2HwIAh0S2LuxxZ9L1ox\/LsKTAy33IDcyC7gG8qaAvQ8rXlqULmrLWq5FGmibZ+6UKLMjpqZv1GBBNOyGaMw5A5AWqgUlWQ\/HDmuJLLH3YYviE23k6BUVyxAi7"} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888640676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888667157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614894888667157,"pkt":"YDjgxTWgeJS0JASgCABFAAAojUpAADQGlAqgLMJCwKgCZBRnpjjVSzZGyy8+nVAQchBISgAAAAAAAAAA"} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1614898090218683} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1614898090218683} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614898090218683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614898090218683,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090245916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614898090245916,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} @@ -79,7 +79,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614895277741473,"flow_dst_last_pkt_time":1614895277767885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898324146735,"flow_dst_last_pkt_time":1614898324173693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892314018583,"flow_dst_last_pkt_time":1614892314046506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":87,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":135,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1614898324173693} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":135,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1614898324173693} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 135/135 ~~ skipped flows.............: 0 @@ -88,9 +88,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6949216 bytes -~~ total memory freed........: 6949216 bytes -~~ total allocations/frees...: 114378/114378 +~~ total memory allocated....: 7526812 bytes +~~ total memory freed........: 7526812 bytes +~~ total allocations/frees...: 126109/126109 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 986 chars diff --git a/test/results/default/hsrp0.pcap.out b/test/results/default/hsrp0.pcap.out index d4aa933c9..74cabebf8 100644 --- a/test/results/default/hsrp0.pcap.out +++ b/test/results/default/hsrp0.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","vlan_id":10,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551970888102,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":12,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"vlan_id":10,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914757 bytes -~~ total memory freed........: 6914757 bytes -~~ total allocations/frees...: 114170/114170 +~~ total memory allocated....: 7492353 bytes +~~ total memory freed........: 7492353 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/hsrp2.pcap.out b/test/results/default/hsrp2.pcap.out index 70b2a2e1d..270be1b97 100644 --- a/test/results/default/hsrp2.pcap.out +++ b/test/results/default/hsrp2.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643795481192281} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643795481192281} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643795481192281,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643795481220314} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643795481220314} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909995 bytes -~~ total memory freed........: 6909995 bytes -~~ total allocations/frees...: 114148/114148 +~~ total memory allocated....: 7487591 bytes +~~ total memory freed........: 7487591 bytes +~~ total allocations/frees...: 125879/125879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/hsrp2_ipv6.pcapng.out b/test/results/default/hsrp2_ipv6.pcapng.out index 0d7aecb1d..9494e029c 100644 --- a/test/results/default/hsrp2_ipv6.pcapng.out +++ b/test/results/default/hsrp2_ipv6.pcapng.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","vlan_id":16,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369101819741,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -20,7 +20,7 @@ 01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369219022262,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369219022262,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369235852564,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369240383629,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1098,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"vlan_id":16,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":36,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910981 bytes -~~ total memory freed........: 6910981 bytes -~~ total allocations/frees...: 114182/114182 +~~ total memory allocated....: 7488621 bytes +~~ total memory freed........: 7488621 bytes +~~ total allocations/frees...: 125915/125915 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 573 chars ~~ json message max len.......: 1113 chars diff --git a/test/results/default/http-basic-auth.pcap.out b/test/results/default/http-basic-auth.pcap.out index 9b73ad7f4..57560fd46 100644 --- a/test/results/default/http-basic-auth.pcap.out +++ b/test/results/default/http-basic-auth.pcap.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844035028385} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028385,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028385,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54317,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844035028385,"flow_dst_last_pkt_time":1381844035028385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844035028385,"pkt":"TBfruiThKM\/pITwrCABFAABA\/zNAAEAG\/C\/AqAAEwP69qdQtAFChp4vUAAAAALAC\/\/\/9NwAAAgQFtAEDAwQBAQgKH37Y+QAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844035028541,"flow_src_last_pkt_time":1381844035028541,"flow_dst_last_pkt_time":1381844035028541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844035028541,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -213,7 +213,7 @@ 01132{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":36,"flow_first_seen":1381844112303792,"flow_src_last_pkt_time":1381844127675006,"flow_dst_last_pkt_time":1381844127871377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":731,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2153,"flow_dst_tot_l4_payload_len":34743,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} 00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1381844112375802,"flow_src_last_pkt_time":1381844127674931,"flow_dst_last_pkt_time":1381844127867249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844127871377,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54596,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/http-basic-auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":688,"packets-processed":688,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307822,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":16,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":25,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1381844127871377} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 688/688 ~~ skipped flows.............: 0 @@ -222,9 +222,9 @@ ~~ total active/idle flows...: 25/25 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6989121 bytes -~~ total memory freed........: 6989121 bytes -~~ total allocations/frees...: 115248/115248 +~~ total memory allocated....: 7567460 bytes +~~ total memory freed........: 7567460 bytes +~~ total allocations/frees...: 127010/127010 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2465 chars diff --git a/test/results/default/http-crash-content-disposition.pcap.out b/test/results/default/http-crash-content-disposition.pcap.out index 4d42f6329..eb2e5a366 100644 --- a/test/results/default/http-crash-content-disposition.pcap.out +++ b/test/results/default/http-crash-content-disposition.pcap.out @@ -1,5 +1,5 @@ -00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492518365663977} +00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492518365663977} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365663977,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365663977,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365767814,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} @@ -8,7 +8,7 @@ 01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809063,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365809063,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh","domainame":"khu.sh","http": {"url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"text\/plain"}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":99,"pkt_l4_len":79,"thread_ts_usec":1492518365809375,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365968183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":2369,"midstream":0,"thread_ts_usec":1492518365968183,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492518365968183} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492518365968183} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908048 bytes -~~ total memory freed........: 6908048 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7485651 bytes +~~ total memory freed........: 7485651 bytes +~~ total allocations/frees...: 125886/125886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 1178 chars diff --git a/test/results/default/http-lines-split.pcap.out b/test/results/default/http-lines-split.pcap.out index 2ace13e63..1919e44c7 100644 --- a/test/results/default/http-lines-split.pcap.out +++ b/test/results/default/http-lines-split.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593713340401681} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593713340401681} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340401681,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401681,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401724,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401724,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593713340402042,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1593713340402061,"pkt":"YDjgxTWgABjzZLGICABFAAAoPVdAALIGChPAqAAUwKgAAXppmUT8ca\/BK6JZ2FAQAfaBgAAA"} 01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340402236,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340402236,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"toni.lan","domainame":"toni.lan","http": {"url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":"uclient-fetch"}}} 01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340404575,"flow_dst_last_pkt_time":1593713340404597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":1632,"midstream":0,"thread_ts_usec":1593713340404597,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"toni.lan"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1593713340404597} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1593713340404597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908102 bytes -~~ total memory freed........: 6908102 bytes -~~ total allocations/frees...: 114155/114155 +~~ total memory allocated....: 7485733 bytes +~~ total memory freed........: 7485733 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 1296 chars diff --git a/test/results/default/http-manipulated.pcap.out b/test/results/default/http-manipulated.pcap.out index 8fa276348..88d704316 100644 --- a/test/results/default/http-manipulated.pcap.out +++ b/test/results/default/http-manipulated.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946727901369326} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946727901369326} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369326,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369326,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369648,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} @@ -7,7 +7,7 @@ 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":946727901369701,"pkt":"0h+5iIqPABjzZLGICABFAAB0umtAAI8Gr6zAqAAUwKgAB4NgH5BugXMfildOJFAYAfaB0gAAR0VUIC8gSFRUUC8xLjENCmhPc1Q6d3d3dy5sYW46ODA4MA0KVXNlci1BZ2VudDogY3VybC83LjY0LjANCkFjY2VwdDogKi8qDQoNCg=="} 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369701,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wwww.lan","domainame":"wwww.lan","http": {"url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946727901369854,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoC+pAAEAGrXrAqAAHwKgAFB+Qg2CKV04kboFza1AQA+vNJAAAAAAAAAAA"} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":946729142063151} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":946729142063151} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946729142063151,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063151,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063378,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} @@ -17,7 +17,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946729142063498,"flow_dst_last_pkt_time":946729142063714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946729142063714,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoDhZAAEAGq07AqAAHwKgAFB+Qg5SNfRmcETdutlAQA+pgUwAAAAAAAAAA"} 01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901370537,"flow_dst_last_pkt_time":946727901370531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":577,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wwww.lan"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142137542,"flow_dst_last_pkt_time":946729142137586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":5840,"flow_src_tot_l4_payload_len":721,"flow_dst_tot_l4_payload_len":41457,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.lan"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":946729142137586} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":946729142137586} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 40/40 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911448 bytes -~~ total memory freed........: 6911448 bytes -~~ total allocations/frees...: 114201/114201 +~~ total memory allocated....: 7489071 bytes +~~ total memory freed........: 7489071 bytes +~~ total allocations/frees...: 125934/125934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 1319 chars diff --git a/test/results/default/http-proxy.pcapng.out b/test/results/default/http-proxy.pcapng.out index 29d44c633..dc2d736a5 100644 --- a/test/results/default/http-proxy.pcapng.out +++ b/test/results/default/http-proxy.pcapng.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631403550651097} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631403550651097} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550651097,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651097,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0dTpAAIAGAUDAqAFnwKgBkgTZH5Av6J9fAAAAAIAC+vD8JAAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651156,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBNkyQHzDL+ifYIAS+vCEcAAAAgQFtAEBBAIBAwMH"} @@ -8,7 +8,7 @@ 01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550652392,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"http.com","domainame":"http.com","http": {"url":"http:\/\/http.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550654092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631403550654092,"pkt":"KBaoBOm8AAwpTU5kCABFAAAoVkZAAEAGYEDAqAGSwKgBZx+QBNkyQHzEL+ighlAQAfWEZAAA"} 01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403555894600,"flow_dst_last_pkt_time":1631403555894620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":716,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":716,"midstream":0,"thread_ts_usec":1631403555894620,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"http.com"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631403555894620} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1631403555894620} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908134 bytes -~~ total memory freed........: 6908134 bytes -~~ total allocations/frees...: 114155/114155 +~~ total memory allocated....: 7485739 bytes +~~ total memory freed........: 7485739 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1288 chars diff --git a/test/results/default/http-pwd.pcapng.out b/test/results/default/http-pwd.pcapng.out index 4b53a2a8f..8194738bc 100644 --- a/test/results/default/http-pwd.pcapng.out +++ b/test/results/default/http-pwd.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730389991421152} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730389991421152} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730389991421152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421152,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1730389991421152,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB3IMLuM2poQEAAAAAsAL\/\/\/40AAACBD\/YAQMDBgEBCApDaaEzAAAAAAQCAAA="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1730389991421152,"flow_dst_last_pkt_time":1730389991421176,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1730389991421176,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7jcg4DfELnNqaECsBL\/\/\/40AAACBD\/YAQMDBgEBCArdWitYQ2mhMwQCAAA="} @@ -10,7 +10,7 @@ 01527{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421516,"flow_dst_last_pkt_time":1730389991421475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730389991421516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","http": {"url":"localhost:3000\/authorize.html","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.1 Safari\/605.1.15","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Intel Mac OS X 10_15_7"}}} 01418{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991421516,"flow_dst_last_pkt_time":1730389991422019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":1730389991422019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","http": {"url":"localhost:3000\/authorize.html","code":302,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/18.1 Safari\/605.1.15","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Intel Mac OS X 10_15_7"}}} 01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1730389991421152,"flow_src_last_pkt_time":1730389991426436,"flow_dst_last_pkt_time":1730389991426455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":250,"flow_src_tot_l4_payload_len":747,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":1730389991426455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":56451,"dst_port":3000,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":997,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1730389991426455} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-pwd.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":997,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1730389991426455} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908612 bytes -~~ total memory freed........: 6908612 bytes -~~ total allocations/frees...: 114162/114162 +~~ total memory allocated....: 7486307 bytes +~~ total memory freed........: 7486307 bytes +~~ total allocations/frees...: 125896/125896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1532 chars diff --git a/test/results/default/http.pcapng.out b/test/results/default/http.pcapng.out index da62405bb..29a218c80 100644 --- a/test/results/default/http.pcapng.out +++ b/test/results/default/http.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="} @@ -8,7 +8,7 @@ 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","domainame":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907965 bytes -~~ total memory freed........: 6907965 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7485572 bytes +~~ total memory freed........: 7485572 bytes +~~ total allocations/frees...: 125884/125884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1070 chars diff --git a/test/results/default/http2.pcapng.out b/test/results/default/http2.pcapng.out index 7dc355056..2907a592c 100644 --- a/test/results/default/http2.pcapng.out +++ b/test/results/default/http2.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591863460344658} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591863460344658} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":132,"pkt_l4_len":96,"thread_ts_usec":1591863460344658,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAHTWREAAQAZmPX8AAAF\/AAABk8BzThxFL\/aifuWbgBgCAP5oAAABAQgK5nwLseZ8C7FQUkkgKiBIVFRQLzIuMA0KDQpTTQ0KDQoAABIEAAAAAAAAAgAAAAAABABAAAAABgCgAAAAAAQIAAAAAABAAAAA"} 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} @@ -8,7 +8,7 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":101,"pkt_l4_len":65,"thread_ts_usec":1591863460344901,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAFUcL0AAQAYgcn8AAAF\/AAABc06TwKJ+5ZscRTEsgBgCAP5JAAABAQgK5nwLseZ8C7EAABgEAAAAAAAABQAQAAAAAwAAAPoABgAQAUAABAAQAAA="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344921,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":90,"pkt_l4_len":54,"thread_ts_usec":1591863460344921,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAEocMEAAQAYgfH8AAAF\/AAABc06TwKJ+5bwcRTEsgBgCAP4+AAABAQgK5nwLseZ8C7EAAAAEAQAAAAAAAAQIAAAAAAAADwAB"} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460346370,"flow_dst_last_pkt_time":1591863460348007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":272,"midstream":1,"thread_ts_usec":1591863460348007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1591863460348007} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1591863460348007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909951 bytes -~~ total memory freed........: 6909951 bytes -~~ total allocations/frees...: 114148/114148 +~~ total memory allocated....: 7487547 bytes +~~ total memory freed........: 7487547 bytes +~~ total allocations/frees...: 125879/125879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/http_asymmetric.pcapng.out b/test/results/default/http_asymmetric.pcapng.out index d77426b3a..7b6e47183 100644 --- a/test/results/default/http_asymmetric.pcapng.out +++ b/test/results/default/http_asymmetric.pcapng.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -17,7 +17,7 @@ 01413{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210504093,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210504093,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local"}} 01403{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1631378215504945} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911339 bytes -~~ total memory freed........: 6911339 bytes -~~ total allocations/frees...: 114192/114192 +~~ total memory allocated....: 7489015 bytes +~~ total memory freed........: 7489015 bytes +~~ total allocations/frees...: 125925/125925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2520 chars diff --git a/test/results/default/http_auth.pcap.out b/test/results/default/http_auth.pcap.out index 31457271c..9ba549287 100644 --- a/test/results/default/http_auth.pcap.out +++ b/test/results/default/http_auth.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050222515,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050222515,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050402547,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} @@ -10,7 +10,7 @@ 01480{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050802943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844050802943,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","domainame":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}} 02450{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844055865656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057134728,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":405011.4,"max":4861829,"stddev":1193509.9,"var":1424465723392.0,"ent":2.2,"data": [180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016]},"pktlen": {"min":52,"avg":626.9,"max":1500,"stddev":665.6,"var":443042.2,"ent":4.1,"data": [64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844057320871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057320871,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1381844057320871} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1381844057320871} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908863 bytes -~~ total memory freed........: 6908863 bytes -~~ total allocations/frees...: 114181/114181 +~~ total memory allocated....: 7486507 bytes +~~ total memory freed........: 7486507 bytes +~~ total allocations/frees...: 125914/125914 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2455 chars diff --git a/test/results/default/http_connect.pcap.out b/test/results/default/http_connect.pcap.out index b2c596129..5bc4e7726 100644 --- a/test/results/default/http_connect.pcap.out +++ b/test/results/default/http_connect.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631454722864133} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631454722864133} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631454722864133,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864133,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864165,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"} @@ -17,15 +17,15 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1631454722867862,"flow_dst_last_pkt_time":1631454722876712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631454722876712,"pkt":"AAwpTU5kACWQX+cTCABFAAA8AABAADwG4piXZQKEwKgBkgG7jICt6jOtEw+e26AS\/\/+T8gAAAgQFdAQCCAosPaiUCgRXhAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1631454722876748,"flow_dst_last_pkt_time":1631454722876712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722876748,"pkt":"ACWQX+cTAAwpTU5kCABFAAA0Fy5AAEAGx3LAqAGSl2UChIyAAbsTD57breozroAQAfZcSgAAAQEICgoEV40sPaiU"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1631454722879577,"flow_dst_last_pkt_time":1631454722876712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1631454722879577,"pkt":"ACWQX+cTAAwpTU5kCABFAAI5Fy9AAEAGxWzAqAGSl2UChIyAAbsTD57breozroAYAfZeTwAAAQEICgoEV5AsPaiUFgMBAgABAAH8AwNKbqVeB0hg1Iz03rsRT54qh9DvaE0KznjbjSIyNp7cYCCkErcVHGTEmCQY9rHCEa\/ZYDAfh9TerCT\/jK7gFrSQ8AAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAA8ADQAACmFwYWNoZS5vcmcAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCdJ9XqvtFW17bb9M2FtWw+n9vONSfuW+JI3CE\/\/5LYQgAXAEEEldIkasdhQgZ5ODWL5BnD78ViKJCkFAlSTs0mXM8mbNvOWtmJX\/\/zZiCxLp1yFNBfz9p1zVxTIBL+53N7CKH03wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEAHAACQAEAFQCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722879577,"flow_dst_last_pkt_time":1631454722876712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631454722879577,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apache.org","domainame":"apache.org","tls": {"version":"TLSv1.2","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","ja4":"t13d1813h2_e8a523a41297_f81080dfc557","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722879577,"flow_dst_last_pkt_time":1631454722876712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631454722879577,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apache.org","domainame":"apache.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_f81080dfc557","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1631454722879577,"flow_dst_last_pkt_time":1631454722888059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722888059,"pkt":"AAwpTU5kACWQX+cTCABFAAA0xttAADwGG8WXZQKEwKgBkgG7jICt6jOuEw+g4IAQARG\/UwAAAQEICiw9qJ8KBFeQ"} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722879577,"flow_dst_last_pkt_time":1631454722895566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1384,"midstream":0,"thread_ts_usec":1631454722895566,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apache.org","domainame":"apache.org","tls": {"version":"TLSv1.3","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1813h2_e8a523a41297_f81080dfc557","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722879577,"flow_dst_last_pkt_time":1631454722895566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1384,"midstream":0,"thread_ts_usec":1631454722895566,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apache.org","domainame":"apache.org","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1813h2_e8a523a41297_f81080dfc557","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02129{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722915624,"flow_dst_last_pkt_time":1631454722915766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":14818,"midstream":0,"thread_ts_usec":1631454722915766,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":3086.0,"max":16011,"stddev":4867.3,"var":23690602.0,"ent":3.4,"data": [8850,8886,2829,11347,7507,16011,65,50,21,19,18,33,7291,458,15010,14,4004,11279,678,666,42,41,26,25,27,27,115,115,31,32,149]},"pktlen": {"min":52,"avg":549.0,"max":1436,"stddev":627.7,"var":394029.6,"ent":4.0,"data": [60,60,52,569,52,1436,52,1436,52,1436,52,971,52,116,541,52,52,111,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.679967880,5.108291149,5.100070000,5.268876553,5.138531685,7.847479820,5.061608315,7.859804630,5.061608315,7.874018669,5.061608315,7.772319317,5.061608315,6.130341530,7.577058315,5.047091484,5.047091484,6.133301258,5.100070000,7.864048481,5.100070000,7.878256798,5.100070000,7.852052212,5.061608315,7.879714489,5.100070000,7.869248867,5.023146629,7.862973690,5.100070000,7.856719017]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02302{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722971434,"flow_dst_last_pkt_time":1631454722971505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5536,"flow_src_tot_l4_payload_len":1512,"flow_dst_tot_l4_payload_len":22723,"midstream":0,"thread_ts_usec":1631454722971505,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":6924.9,"max":53379,"stddev":12836.3,"var":164771856.0,"ent":3.4,"data": [32,2664,352,3052,9578,12352,2730,16207,17263,6110,7163,474,478,42,22,11387,743,133,163,12593,29,193,4,101,98,705,4022,50186,53379,1210,1208]},"pktlen": {"min":40,"avg":799.0,"max":5576,"stddev":1594.6,"var":2542806.0,"ent":3.2,"data": [52,52,46,243,40,116,557,40,5111,46,104,40,210,40,359,40,99,5576,2808,1424,71,46,40,46,5576,1424,949,46,173,40,115,40]},"bins": {"c_to_s": [7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1],"entropies": [4.439885139,4.777055740,4.478915215,5.741591930,4.562815189,5.677224636,5.225388527,4.612814903,7.961506844,4.522394180,6.123366356,4.662815094,7.000855446,4.662815094,7.384087086,4.612815380,5.976536274,7.968001366,7.926353455,7.858606339,5.619441509,4.435437202,4.593943596,4.462504864,7.966147423,7.859233379,7.772559643,4.522394180,6.695012093,4.662815094,6.320215225,4.662815094]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Connect","proto_id":"130","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apache.org"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1631454722867400,"flow_src_last_pkt_time":1631454722867400,"flow_dst_last_pkt_time":1631454722867500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apache.org"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":30,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722977215,"flow_dst_last_pkt_time":1631454722977251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":1701,"flow_dst_tot_l4_payload_len":30951,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"apache.org"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":22,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722976969,"flow_dst_last_pkt_time":1631454722977036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5536,"flow_src_tot_l4_payload_len":1904,"flow_dst_tot_l4_payload_len":22723,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP_Connect","proto_id":"130","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apache.org"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1631454722977251} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1631454722977251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6995299 bytes -~~ total memory freed........: 6995299 bytes -~~ total allocations/frees...: 114279/114279 +~~ total memory allocated....: 7572910 bytes +~~ total memory freed........: 7572910 bytes +~~ total allocations/frees...: 126011/126011 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2307 chars diff --git a/test/results/default/http_guessed_host_and_guessed.pcapng.out b/test/results/default/http_guessed_host_and_guessed.pcapng.out index 41d072a64..f54af15b5 100644 --- a/test/results/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/default/http_guessed_host_and_guessed.pcapng.out @@ -1,10 +1,10 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1662455432036237} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1662455432036237} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1662455432036237,"pkt":"AAEC+XM\/AAAA511OCABFSABtI0VAAOcG+C2qIQ0FwKgAAQBuALMAAGWhAAAAxaD\/\/\/9CugAAAgT+OgQCCArnAWpiC3VqYgEDAw6Eya9BxX8AAPZJNc84IkHxNiBIVFRQLzEuMQ0KSG9zdDogcG9ybmh1Yi5jb20NCg0K"} -01438{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"POP3","proto_id":"2","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}} +01545{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"POP3","proto_id":"2","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}} 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1662455432036237} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1662455432036237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909739 bytes -~~ total memory freed........: 6909739 bytes -~~ total allocations/frees...: 114141/114141 +~~ total memory allocated....: 7487354 bytes +~~ total memory freed........: 7487354 bytes +~~ total allocations/frees...: 125873/125873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 641 chars -~~ json message max len.......: 1443 chars -~~ json message avg len.......: 998 chars +~~ json message max len.......: 1550 chars +~~ json message avg len.......: 1045 chars diff --git a/test/results/default/http_invalid_server.pcap.out b/test/results/default/http_invalid_server.pcap.out index f7d096de5..c01a1a235 100644 --- a/test/results/default/http_invalid_server.pcap.out +++ b/test/results/default/http_invalid_server.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610492040,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1689351610492040,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdj8wOt8lQAFD6kEYtAAAAALAC\/\/9gewAAAgQFtAEDAwYBAQgKTnqLxQAAAAAEAgAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1689351610504245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAAPIGKHOPzA63wKgBHQBQyVB61nu9+pBGLqAS\/\/+ARwAAAgQFoAQCCAoTAnk8TnqLxQEDAwk="} @@ -9,7 +9,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610516723,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07CcAAPIGfFOPzA63wKgBHQBQyVB61nu++pBGgIAQAICuFwAAAQEIChMCeUhOeovR"} 01381{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","domainame":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} 01249{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908091 bytes -~~ total memory freed........: 6908091 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7485715 bytes +~~ total memory freed........: 7485715 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 1386 chars diff --git a/test/results/default/http_ipv6.pcap.out b/test/results/default/http_ipv6.pcap.out index 2b1314465..798418cd5 100644 --- a/test/results/default/http_ipv6.pcap.out +++ b/test/results/default/http_ipv6.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1448269123954061} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1448269123954061} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269123954061,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123954061,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123971846,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} @@ -10,7 +10,7 @@ 01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127395120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269127395195,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269127400446,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_usec":1448269127400446,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269127400446,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","domainame":"www.google.it","quic": {"user_agent":"Chrome\/46.0.2490.80 Linux x86_64","quic_version":"Q025"}}} +01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269127400446,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","domainame":"www.google.it","quic": {"quic_version":"Q025"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127419269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269127419269,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="} 00956{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127419269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269127419269,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127419302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269127419302,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBABMJ2aAAABAQgK493E7RINbDw="} @@ -36,24 +36,24 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1448269138575474,"flow_dst_last_pkt_time":1448269138600079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269138600079,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1448269138600097,"flow_dst_last_pkt_time":1448269138600079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269138600097,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1448269138600311,"flow_dst_last_pkt_time":1448269138600012,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"thread_ts_usec":1448269138600311,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBgA4WvmAAABAQgKEg13LQBerOcWAwEAzwEAAMsDA3KnuJVYkfUxfYZivfoDxsSlMXT0r7J\/8CEfMp57IxYdAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138600311,"flow_dst_last_pkt_time":1448269138600012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269138600311,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138600311,"flow_dst_last_pkt_time":1448269138600012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269138600311,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1448269138600449,"flow_dst_last_pkt_time":1448269138600079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"thread_ts_usec":1448269138600449,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBgA4WvmAAABAQgKEg13LQBerOcWAwEAzwEAAMsDA6vh\/5Bm8Zaj64wlmhNi+L0mv17cXjOZyxYSV5DW8g55AAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138600449,"flow_dst_last_pkt_time":1448269138600079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269138600449,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138600449,"flow_dst_last_pkt_time":1448269138600079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269138600449,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1448269138600311,"flow_dst_last_pkt_time":1448269138625594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269138625594,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXm2Y1W5HgBAAdLB9AAABAQgKAF6s7RINdy0="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1448269138600449,"flow_dst_last_pkt_time":1448269138625652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269138625652,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziiw8Z4igBAAdN\/EAAABAQgKAF6s7RINdy0="} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138600449,"flow_dst_last_pkt_time":1448269138627411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269138627411,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138600311,"flow_dst_last_pkt_time":1448269138628475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269138628475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} -01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138628652,"flow_dst_last_pkt_time":1448269138635605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269138635605,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} -01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138627538,"flow_dst_last_pkt_time":1448269138636898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":2668,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269138636898,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138600449,"flow_dst_last_pkt_time":1448269138627411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269138627411,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138600311,"flow_dst_last_pkt_time":1448269138628475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269138628475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138628652,"flow_dst_last_pkt_time":1448269138635605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269138635605,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} +01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138627538,"flow_dst_last_pkt_time":1448269138636898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":2668,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269138636898,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139219031,"flow_dst_last_pkt_time":1448269139219031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269139219031,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1448269139219031,"flow_dst_last_pkt_time":1448269139219031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269139219031,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1448269139219031,"flow_dst_last_pkt_time":1448269139239626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269139239626,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1448269139239713,"flow_dst_last_pkt_time":1448269139239626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269139239713,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1448269139239900,"flow_dst_last_pkt_time":1448269139239626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"thread_ts_usec":1448269139239900,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBgA4WvmAAABAQgKEg13zQBerYcWAwEAzwEAAMsDAxNG7IQgXbVqJt444LAcQyYZDBjNyphCo4eH+1bCSic4AAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139239900,"flow_dst_last_pkt_time":1448269139239626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269139239900,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139239900,"flow_dst_last_pkt_time":1448269139239626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269139239900,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1448269139239900,"flow_dst_last_pkt_time":1448269139260425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269139260425,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8cOHPWvgBAAdJbuAAABAQgKAF6tjBINd80="} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139239900,"flow_dst_last_pkt_time":1448269139263228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269139263228,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} -01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139263396,"flow_dst_last_pkt_time":1448269139267415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269139267415,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139239900,"flow_dst_last_pkt_time":1448269139263228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269139263228,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139263396,"flow_dst_last_pkt_time":1448269139267415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269139267415,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269139314022,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139314022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269139314022,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139314022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269139314022,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139321037,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269139321037,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="} @@ -68,10 +68,10 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1448269144450926,"flow_dst_last_pkt_time":1448269144475600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269144475600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1448269144475660,"flow_dst_last_pkt_time":1448269144475600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269144475660,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1448269144475880,"flow_dst_last_pkt_time":1448269144475600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"thread_ts_usec":1448269144475880,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBgA4WvmAAABAQgKEg186gBesqQWAwEAzwEAAMsDA4LVJCHbKPrRWLN7cMDCu4vR3mRdCUE46R109x1CWpcaAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144475880,"flow_dst_last_pkt_time":1448269144475600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269144475880,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144475880,"flow_dst_last_pkt_time":1448269144475600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269144475880,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1448269144475880,"flow_dst_last_pkt_time":1448269144500458,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269144500458,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+TAHnzbqgBAAdIShAAABAQgKAF6yqhINfOo="} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144475880,"flow_dst_last_pkt_time":1448269144502317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269144502317,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} -01758{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144502441,"flow_dst_last_pkt_time":1448269144508746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269144508746,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144475880,"flow_dst_last_pkt_time":1448269144502317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1448269144502317,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01724{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144502441,"flow_dst_last_pkt_time":1448269144508746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":4752,"midstream":0,"thread_ts_usec":1448269144508746,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","domainame":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"shop.ntop.org,www.shop.ntop.org","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34","blocks":0}}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145458059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269145458059,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145458059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269145458059,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269145478561,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="} @@ -84,14 +84,14 @@ 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1448269146905115,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269146912258,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1448269146912275,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269146912275,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146912188,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":310,"pkt_l4_len":256,"thread_ts_usec":1448269146912481,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAQAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBgA4dVWAAABAQgKEg1\/Sxvn+wEWAwEA2wEAANcDA983Ohoy\/qhBKvCaVPmNiUY3vp8oIoa+qbmtm60AZHnPAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACO\/wEAAQAAAAAdABsAABhzLXN0YXRpYy5hay5mYWNlYm9vay5jb20AFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146912188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912481,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146912188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912481,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":310,"pkt_l4_len":256,"thread_ts_usec":1448269146912613,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAQAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBgA4dVWAAABAQgKEg1\/Sxvn+wEWAwEA2wEAANcDA2fZZiw9kTAlONWXaPhqH8RvUelTTuaSCvPTIzelaImLAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACO\/wEAAQAAAAAdABsAABhzLXN0YXRpYy5hay5mYWNlYm9vay5jb20AFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912613,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146912258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269146912613,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","blocks":0}}} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146919451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269146919451,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTfEj67UgBADiC68AAABAQgKG+f7CBINf0s="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146919741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269146919741,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmUALSrwKgBADiNv9AAABAQgKG+f7CBINf0s="} -01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146921030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921030,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} -01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146921142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1448269146921142,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","blocks":0}}} -01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146921170,"flow_dst_last_pkt_time":1448269146921369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921369,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} +01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146912481,"flow_dst_last_pkt_time":1448269146921030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921030,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} +01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146912613,"flow_dst_last_pkt_time":1448269146921142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1448269146921142,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","blocks":0}}} +01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146921170,"flow_dst_last_pkt_time":1448269146921369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":3547,"midstream":0,"thread_ts_usec":1448269146921369,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s-static.ak.facebook.com","domainame":"s-static.ak.facebook.com","tls": {"version":"TLSv1.2","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d1612ht_94fc43e2fc61_c9eaec7dbab4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","advertised_alpns":"http\/1.1,spdy\/3.1,h2-14,h2","negotiated_alpn":"http\/1.1","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A","blocks":0}}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146970056,"flow_dst_last_pkt_time":1448269146931566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146966054,"flow_dst_last_pkt_time":1448269146929757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01008{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} @@ -106,15 +106,15 @@ 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138746011,"flow_dst_last_pkt_time":1448269138745943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138746157,"flow_dst_last_pkt_time":1448269138746120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":2668,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139339552,"flow_dst_last_pkt_time":1448269139339485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144884783,"flow_dst_last_pkt_time":1448269144884725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":833,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":2757,"flow_dst_tot_l4_payload_len":10608,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138746011,"flow_dst_last_pkt_time":1448269138745943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138746157,"flow_dst_last_pkt_time":1448269138746120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":2668,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139339552,"flow_dst_last_pkt_time":1448269139339485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144884783,"flow_dst_last_pkt_time":1448269144884725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":833,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":2757,"flow_dst_tot_l4_payload_len":10608,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127450459,"flow_dst_last_pkt_time":1448269127510990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":506,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":751,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01044{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":29,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269138520009,"flow_dst_last_pkt_time":1448269138494637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5695,"flow_dst_tot_l4_payload_len":6438,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":193,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1448269146970056} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":193,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1448269146970056} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 193/193 ~~ skipped flows.............: 0 @@ -123,9 +123,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7044696 bytes -~~ total memory freed........: 7044696 bytes -~~ total allocations/frees...: 114574/114574 +~~ total memory allocated....: 7622259 bytes +~~ total memory freed........: 7622259 bytes +~~ total allocations/frees...: 126304/126304 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 579 chars ~~ json message max len.......: 2386 chars diff --git a/test/results/default/http_on_sip_port.pcap.out b/test/results/default/http_on_sip_port.pcap.out index 6d64a581e..a52b76772 100644 --- a/test/results/default/http_on_sip_port.pcap.out +++ b/test/results/default/http_on_sip_port.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744016209720} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744016209720} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744016209720,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744016209720,"pkt":"AAAAAAAAAAsAxhT1CABFAAA8sxJAAD4GBd5Ssm\/dLTqUAhPEIrha1ycbAAAAAKAC\/\/9M3wAAAgQFUAQCCAoQxK6EAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016342703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744016342703,"pkt":"AAAAAAAAAAUAQPTMCABFAAA0AABAADMGw\/gtOpQCUrJv3SK4E8QPDztmWtcnHIAS\/\/\/oTwAAAgQFtAEBBAIBAwMI"} @@ -8,7 +8,7 @@ 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1618744016532140,"pkt":"AAAAAAAAAAUAQPTMCABFAAV45dJAADMG2OEtOpQCUrJv3SK4E8QPDztnWtcn+1AQAQUxMQAASFRUUC8xLjEgNDAzIEZvcmJpZGRlbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMTowNDo0MCBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxMTY3DQpTZXJ2ZXI6IEZsdXNzb25pYw0KWC1Sb3V0ZS1UaW1lOiAxMTINClgtUnVuLVRpbWU6IDI0MQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQsIFBVVCwgREVMRVRFLCBPUFRJT05TDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLCByYW5nZSwgWC1SdW4tVGltZSwgQ29udGVudC1MZW5ndGgsIExvY2F0aW9uDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXZzYWFzLXNlc3Npb24sIHgtbm8tcmVkaXJlY3QsIG9yaWdpbiwgYXV0aG9yaXphdGlvbiwgeC1yZWFsLWlwLCBhY2NlcHQsIHJhbmdlDQpYLURlbnktUmVhc29uOiBjYWNoZWRfbmVnYXRpdmUNCg0KPCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICA8dGl0bGU+Rmx1c3NvbmljIHN0cmVhbWluZyBzZXJ2ZXI8L3RpdGxlPgogIDxtZXRhIG5hbWU9ImZyYWdtZW50IiBjb250ZW50PSIhIiAvPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICA8bWV0YSBjaGFyc2V0PSJ1dGY4Ij4KPC9oZWFkPgo8Ym9keT4KCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmJvZHkgewogIGZvbnQtZmFtaWx5OiAiSGVsdmV0aWNhIE5ldWUiLCBIZWx2ZXRpY2EsIEFyaWFsLCBzYW5zLXNlcmlmOwogIGZvbnQtc2l6ZTogMTRweDsKICBsaW5lLWhlaWdodDogMS40Mjg1NzE0Mjk7CiAgY29sb3I6ICMzMzMzMzM7Cn0KLmNvbnRhaW5lciB7CiAgbWFyZ2luLXJpZ2h0OiBhdXRvOwogIG1hcmdpbi1sZWZ0OiBhdXRvOwogIHBhZGRpbmctbGVmdDogMTVweDsKICBwYWRkaW5nLXJpZ2h0OiAxNXB4Owp9CkBtZWRpYSAobWluLXdpZHRoOiA3NjhweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA3NTBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiA5OTJweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA5NzBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiAxMjAwcHgpIHsgLmNvbnRhaW5lciB7IG1heC13aWR0aDogMTE3MHB4OyB9IH0KLnBhZ2UtaGVhZGVyIHsKICBwYWRkaW5nLWJvdHRvbTogOXB4OwogIG1hcmdpbjogNDBweCAwIDIwcHg7CiAgYm9yZGVyLWJvdHRvbTogMXB4IHNvbGlkICNlZWVlZWU7Cn0KaDEgewogIGZvbnQtc2l6ZTogMzZweDsKICBtYXJnaW4tdG9wOiAyMHB4OwogIG1hcmdpbi1ib3R0b206IDEwcHg7CiAgZm9udC13ZWlnaHQ6IDUwMDsKICBsaW5lLWhlaWdodA=="} 01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"45.58.148.2","domainame":"45.58.148.2","http": {"url":"45.58.148.2\/star-123456\/index.m3u8?token=89b198b8844824ca15b8b379c26fc1b7dfcba368-5KUJTJ5Y73AGIAOV-1618753174-1618742374","code":403,"content_type":"","user_agent":"exoplayer-codelab"}}} 01354{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"45.58.148.2"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1618744016532140} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1618744016532140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908297 bytes -~~ total memory freed........: 6908297 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7485905 bytes +~~ total memory freed........: 7485905 bytes +~~ total allocations/frees...: 125884/125884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 558 chars ~~ json message max len.......: 2360 chars diff --git a/test/results/default/http_origin_different_than_host.pcap.out b/test/results/default/http_origin_different_than_host.pcap.out index acaeb5399..214731d51 100644 --- a/test/results/default/http_origin_different_than_host.pcap.out +++ b/test/results/default/http_origin_different_than_host.pcap.out @@ -1,5 +1,5 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211829809412} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666211829809412} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829809412,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829809412} 00479{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwAGCpgAAAQBGTHgqGGQUKhA+wCGgIaABMB\/0w\/wA8B+ApokUAADz3BkAAPQaM8QqMzkoSh85mhugAUDlR2BoAAAAAoAL\/\/8ZVAAACBAW0BAIICgAlLxwAAAAAAQMDCA=="} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829952951,"packet_id":2,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829952951} @@ -8,7 +8,7 @@ 01273{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":717,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":717,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwArevqQAAQBGKngqGGQUKhA+wCGgIaAKjA08w\/wKTB+ApokUAApP3CEAAPQaKmAqMzkoSh85mhugAUDlR2Bva3fe5gBgBVxwmAAABAQgKACUvS\/xqn1tHRVQgLz90b3ByZWZlcmVyPW9wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20gSFRUUC8xLjENCkhvc3Q6IGNzYi5wZXJmb3JtZ3JvdXAuaW8NCkNvbm5lY3Rpb246IFVwZ3JhZGUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgSktNLUxYMSBCdWlsZC9IVUFXRUlKS00tTFgxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzEwNi4wLjUyNDkuMTE4IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpVcGdyYWRlOiB3ZWJzb2NrZXQNCk9yaWdpbjogaHR0cDovL29wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBhci1PTSxhcjtxPTAuOSxlbi1VUztxPTAuOCxlbjtxPTAuNw0KU2VjLVdlYlNvY2tldC1LZXk6IHNiOUgzWXpZc1ZQUi9xUGdtaUxlRVE9PQ0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiBwZXJtZXNzYWdlLWRlZmxhdGU7IGNsaWVudF9tYXhfd2luZG93X2JpdHMNCg0K"} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211830159716,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211830159716} 00685{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":276,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAAP4wwgAAOxEQbwqED7AKhhkFCGgIaADqAAAw\/wDa39WxhkUAANrwJ0AA3wbxMRKHzmYKjM5KAFCG6Nrd97k5Udp6gBgAbjGkAAABAQgK\/GqgKwAlL0tIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KRGF0ZTogV2VkLCAxOSBPY3QgMjAyMiAyMDozNzoxMCBHTVQNCkNvbm5lY3Rpb246IHVwZ3JhZGUNClVwZ3JhZGU6IHdlYnNvY2tldA0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IHhFNmRMWHh4TWFpSGFsYzcrTFFoQ01HdzNYST0NCg0K"} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1666211830159716} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1666211830159716} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/0 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 324 chars ~~ json message max len.......: 1278 chars diff --git a/test/results/default/http_starting_with_reply.pcapng.out b/test/results/default/http_starting_with_reply.pcapng.out index 5515b4400..2525249e2 100644 --- a/test/results/default/http_starting_with_reply.pcapng.out +++ b/test/results/default/http_starting_with_reply.pcapng.out @@ -1,5 +1,5 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210397220} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210397220} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1631378210397220,"pkt":"KBaoBOm8AAwpTU5kCABFAAXcUgZAAEAGXszAqAGSwKgBZwBQBBTvVdXBMy1lhFAQAfUyfwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDExIFNlcCAyMDIxIDE2OjM2OjUwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjQxIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDA2IFNlcCAyMDIxIDAyOjAyOjE5IEdNVA0KRVRhZzogIjJhYTYtNWNiNGEwOWZmM2I5YS1nemlwIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KQ29udGVudC1MZW5ndGg6IDMxMzgNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NSwgbWF4PTEwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCg0KH4sIAAAAAAAAA71a63PbNhL\/7r8CVafTJCeRlpO6siJ7JvFj0pmk8STK3fWTDyIhCWOI4AGgZDXt\/367AEjxJcrJNdXEkUgC+8Lubx\/S0eS7q\/eX099ur8nSrAS5\/fT67S+XpDcIw389vwzDq+kV+feb6bu3ZBgck6miieaGy4SKMLz+tUd6S2PScRhuNptg8zyQahFOP4QPSGuIm\/3HgSntDGIT9y6OJpbhw0ok+ryFzPDs7MzthrWETL4bDOCNkHcy5nPOYjJXckXMkpErNuM0IVLxBQfyZC4V+TTLEpPZDW+pNiRLY2pYPCYnx8PTwXA4GJ7ahx8ZGxNkroG7oFkSLVMaBwkz4Sxb6HB4Mhqdnh3D2sHAirFkNL6wWycrZqjdO2D\/zfj6vHcpE8MSM5huU9Yjkbs67xn2YEJU5CWJllRpZs4\/TW8Gox4JPSXDjWAXr1IaLdmJlx3UmtNMGHJLFyDjL4ZspLrXk9Atdhu12QpGDPDzbCKte2TFYk7PezpSjCXWes\/IZ7thRRXYaEyO04fy30v7EBSPebJoffrnEfw3k\/G27\/zkc3XHc1hZ+nt5ZB\/PaHS\/UDJL4kEkhVRj8v3V6Or19Yl\/PgcLDeZ0xcV2TP7JVEwT2icaPGWgmeLzl7tVmv8ORhgOU+NuorIDKvgClInAykwVUsZ8HawoT+5SMFwuqHTONyaKCWr4mjkyMdepoMDd0JlgXqwNj81yTEbHx4Umzm6DmTRGrsZOxdJ9weZmTGhmZOU2OOSycn+\/hZ29pIqZGnj+JzkTfzs34cnw5Ofno8oj6wZjoqXg8X7b39iXf37AgGi7O\/R1prwJl8xpc3aWy+XlHB4f\/9DB9Keb05uf99LWKURu1TeHP5WM89POOmU\/GCHL4ubGizaTIt7Lia8WNUbPS3xe1E9h3BoBSNS6yp2c3\/kA155sJBiFbegLudeAD+SH2XCmLwiavQfneHXJdscNW+0VsHmCuWwv2h30gGz5zWP7akbqY+WltZM6LUlzWjsOv\/NOswgjvOWM\/2Ib1xje4eI6HqL5RuhW7r3DPGWvPnZe3c0pVaym48hbZtQK5iP\/ZFQRpQo1wxrUeDyJAe5Y3ApCuQqHwr6ko6PJDdg1eoSaFSUL5D1w+m5vJvr7HwredVjDOoN8bwULK3nv1LvXaZd7ja7PLl+f1Pwg97m9QFZLfic\/PCr5VUW+U1Arfd4n1+XVyfDFTdf2hWLb\/fvPbs6ej06L\/cFcSEivyeKOCbYC0Q7kX7v8C3Ch33XsOWpY88Qskoo6nolMWIeVD3IdC57c9w8tWnPQkcUH19EI9c8xuQEJh6VZynXhiS1HUgnNpqt1h05V1z1LSpp2Laso2lYLXl7dXJ\/uxcZDgn6NGXKWJeprCCToDaQj9aerq0OLVrbgD\/OKf4Llr6+7YSOkU6qhcylKzZ57Vn1arkDqsVFsgC1YnWgVnfdCDurqMLM9wEDIhQzSZNEjVEAn4TuDt3C3l3M="} 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} @@ -11,7 +11,7 @@ 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"thread_ts_usec":1631378210486956,"pkt":"AAwpTU5kKBaoBOm8CABFAAGFWfBAAIAGAADAqAFnwKgBkgQUAFAzLWWE71XjVlAYBAKFwQAAR0VUIC9pY29ucy91YnVudHUtbG9nby5wbmcgSFRUUC8xLjENCkhvc3Q6IHByb3h5LndpcmVzaGFya2Zlc3QuYWNyb3BvbGlzLmxvY2FsDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjANCkFjY2VwdDogaW1hZ2Uvd2VicCwqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vcHJveHkud2lyZXNoYXJrZmVzdC5hY3JvcG9saXMubG9jYWwvDQoNCg=="} 01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":557,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":3477,"flow_dst_tot_l4_payload_len":349,"midstream":1,"thread_ts_usec":1631378210486956,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local","domainame":"proxy.wiresharkfest.acropolis.local","http": {"url":"proxy.wiresharkfest.acropolis.local\/icons\/ubuntu-logo.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}} 01148{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378215504662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":688,"midstream":1,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1631378215504945} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908443 bytes -~~ total memory freed........: 6908443 bytes -~~ total allocations/frees...: 114165/114165 +~~ total memory allocated....: 7486119 bytes +~~ total memory freed........: 7486119 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2529 chars diff --git a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out index c6b926bae..26f827fbd 100644 --- a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -1,5 +1,5 @@ -00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1506664814072079} +00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1506664814072079} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1506664814072079,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814072079,"pkt":"AAAAgIP1SEb77F8hCABFAAA81NpAAD8GNx7+fYeAQphnLVNvAFDG58bVAAAAAKAC\/\/8jsQAAAgQFeAQCCAoBPBIPAAAAAAEDAwc="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814272267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814272267,"pkt":"AAAAgIP1SEb77F8hCABFAAA8AABAAOcGY\/hCmGct\/n2HgABQU28gJ4bfxufG1qASaN\/42QAAAgQFtAQCCAonS\/NXATwSDwEDAwg="} @@ -10,7 +10,7 @@ 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1506664814304061,"flow_dst_last_pkt_time":1506664814506288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1506664814506288,"pkt":"AAAAgIP1SEb77F8hCABFAAC1dXxAAOcG7gJCmGct\/n2HgABQU28gJ4bgxufNVYAYAHwEBgAAAQEICidL854BPBI6SFRUUC8xLjEgMjAwIA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpEYXRlOiBGcmksIDI5IFNlcCAyMDE3IDA2OjAwOjE0IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664884688466,"flow_dst_last_pkt_time":1506664884891709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":16613,"flow_dst_tot_l4_payload_len":1748,"midstream":0,"thread_ts_usec":1506664884891709,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2278,"avg":4562452.0,"max":23451757,"stddev":7140164.0,"var":50981941280768.0,"ent":3.5,"data": [200188,228774,3208,234021,1087486,3262,1090830,5345683,5834,5351689,23448878,3179,23451757,8290030,3196,8292329,1123787,3421,1127523,8802271,4342,8806776,19530296,2278,19532387,1784873,3657,1788814,938512,3420,943316]},"pktlen": {"min":60,"avg":626.3,"max":1440,"stddev":557.2,"var":310424.4,"ent":4.5,"data": [60,60,1440,327,181,1440,259,181,1440,535,410,1440,257,181,1440,327,181,1440,257,181,1440,461,410,1440,258,181,1440,313,181,1440,259,181]},"bins": {"c_to_s": [1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0],"s_to_c": [1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.739262104,5.106893539,5.867009163,5.823337078,5.714051723,5.877876282,5.739666462,5.708738327,5.861988068,5.999320984,5.770567417,5.882071018,5.723089695,5.732763290,5.864256382,5.841103554,5.697688103,5.890019894,5.735716343,5.730837822,5.881994724,5.957257271,5.801627636,5.887722969,5.723830700,5.705350399,5.852463722,5.804970741,5.650331974,5.849934578,5.692368984,5.757890701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"va.origin.startappservice.com"}} 01038{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":39,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506665200702631,"flow_dst_last_pkt_time":1506665200902775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":62424,"flow_dst_tot_l4_payload_len":6280,"midstream":0,"thread_ts_usec":1506665200902775,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"va.origin.startappservice.com"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":115,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1506665200902775} +00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":115,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1506665200902775} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 115/115 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910978 bytes -~~ total memory freed........: 6910978 bytes -~~ total allocations/frees...: 114254/114254 +~~ total memory allocated....: 7488604 bytes +~~ total memory freed........: 7488604 bytes +~~ total allocations/frees...: 125986/125986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2428 chars diff --git a/test/results/default/i3d.pcap.out b/test/results/default/i3d.pcap.out index 24d369e18..89d52b156 100644 --- a/test/results/default/i3d.pcap.out +++ b/test/results/default/i3d.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643566147188000} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643566147188000} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643566147188000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU1sAAH8R+EzAqAJk1aNXL+w8w1QAUphQAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA95U="} 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643566147224000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1643566147224000,"pkt":"eJS0JASgYDjgxTWgCABFAACoU10AAH8R+AjAqAJk1aNXL+w8w1QAlAApkHiUJQdnxvIAA8+ovt4AAfZr38uFzZsIi8ZCCYTQPXHtOHv0CzWfwBUspYBgwVoFrs7CIolbntTbNC\/JUzHrMPTo+XsMJQLsyF07SXVZB\/s4ty9sKDXZEitaLRpRsI4IOF0cfX+Uc0Uf1VgbctkHIRIB7WkAQW7E9Ft4IwjFcGTVfDpX71058AMMAIA="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643566147248000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1643566147248000,"pkt":"eJS0JASgYDjgxTWgCABFAACrU14AAH8R+ATAqAJk1aNXL+w8w1QAl9LykHiUJgdnyrIAA8+ovt4AAUA1qdRM+p5pr\/oqX0DhEzCeQnh79unVEDHbUO6dzrEHo2ZrwkpnXYNjri9KSft0NfMTwIic7YV89\/hFWxptbKzflgOcvR8B2Shl\/WZiU1Z\/KdIDbewpUyY21lOye5L\/XBpzfqg5wywFSTueNycE9miVE9BmO5SMOudQFQQMAIA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643566147266000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1643566147266000,"pkt":"eJS0JASgYDjgxTWgCABFAACpU18AAH8R+AXAqAJk1aNXL+w8w1QAlT\/NkHiUJwdnznIAA8+ovt4AAaP5Ah92yNJfzjWLY8WE\/BTJnxusxn0vEFtrrFPiJ6xYLwBoyHyq9NbUJFz9dnZHmE98BUSEEm1g\/uLK67zcvjWDSrCKLxOx4sj+Tlk9Iq149UdWaGtJ\/sUWb\/A24Vz1gJvdeF4k3J4DeZ1+PNY96GPVMAZTD3\/NwRsFDACA"} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643572927206000} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643572927206000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643572927206000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU0sAAH8R+FzAqAJk1aNXL9elw1QAUhLaAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkaM="} 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643572927260000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"thread_ts_usec":1643572927260000,"pkt":"eJS0JASgYDjgxTWgCABFAAGIU08AAH8R9zbAqAJk1aNXL9elw1QBdHLBkHjAYRrNp\/IAA8+ovt4AAQHk2SbeSru+vmqqbBAlqKnhi8VOiprTRfevAGdGL56u0jSjwF44BlGyfOIsOe9k0bILizQNN9KH2Zs3ouDH7gMA9MStaqggeVFFdLPjTFIOSwvUil8bbIvJDO17475aYHIEDMOMgQstUnNA1RgrYS2\/2kVGl7KJZGY\/L7D3V\/CVrqy8Mdz69R1bcRh4OUlMGYs20rRHySB1Dhuk3gj5oX3QZZFzW5+1AKlyFgaMG20J+gfaDs7fR+LJlT0e6ZIGmglv7IbxFn2ezOoMl1oHeUBvAHNKh2tBHj\/gvzBn3\/p9RQD7uVLnyG8g2NlN1VCjLyvFh8dNYVS+\/1yAqn2zPJoP+JrJzw9WOJbDrEms0RCwLivIgUxmOAjwuWkis3CQGN4xLBnm5cm+kzvuz3uOJtKDlrGmtcqqXSMQb0l4w2rAPaz+w\/ddGa7GkvH8mbylSiRSECJE2x\/+OAYZgA=="} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643572927277000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1643572927277000,"pkt":"eJS0JASgYDjgxTWgCABFAAGSU1AAAH8R9yvAqAJk1aNXL9elw1QBfqV4kHjAYhrNq7IAA8+ovt4AAaUWvsT0DCayFUbzabzV8jrCDKi9xfLgbBSBd+F0MC5A+pFm70pntapcdGBWkcOJ2oBsj+J4Zj69ESkk995NOgz4qWa9pVXVwvtTkiJzlG54oXs0w5VAZ2rxJEg5VEqP+nv1E5RDoKP2xPW8K5HGyKJiu0\/uTpIYXdCxbJI2WdJND01cc6LoQfKwTvwIAKPWe0VI5agSTTuy7uGlybczfeWU99AcaDWIBivRoBkrqFIBd4hohB5csBM+jGqze6sHojZJ+Bp84hb\/kpOEfRWPRRuFJYkInwdmn\/rgt0qrGDGY7Nx6Q+l4Q7yCAdXGlZZvWRHal998LFuUaEsGR7CY01GlVfOg284fA6pzmM3AdmuhBDB+OioFOQS1sl\/4XCLOCRDdbDU7EeqPTo7TztdlkwgXxffBx0jewOZjWR3XfjE5CAFbhNK9B1i9zRJljHex1EUOznrGM6z2tTbOvpxOAz0IvjkGGYA="} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147407000,"flow_dst_last_pkt_time":1643566147319000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":331,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2349,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1643572927312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1643574967215000} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1643574967215000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643574967215000,"pkt":"eJS0JASgYDjgxTWgCABFAABm4pkAAH8RaQ7AqAJk1aNXL\/Scw1QAUnfBAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8U="} 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -34,7 +34,7 @@ 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643575387255000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1643575387255000,"pkt":"eJS0JASgYDjgxTWgCABFAATb+uwAAH8RTEbAqAJk1aNXL\/P9w1QEx8XFkGfzn+7YC1wAA8+pvt4AA8\/rBnO98lR\/HxLTpIP\/EbMQx2RnswfttY95fPW12k+sMZPRUpXQ6rdFgdvebGO7p1UVM3QV79HT48Lutvo7rBD1EQGn3G1lnzMH\/HYoOApYSztH3SoK71xEoS1y8yXoqwttVhKJwdDpP0dYo+6JgRJC8a80fv+q8dukV27\/jVfVPNuEOGAKsYLKK3d3pDVBr3zFRvp+CUrx4k8Q3SmQ3FdvyBKUErJJCQMDIji2wBw\/6oOgUQdC4DfvZgCq2ehheOE\/QsbTet00OotAumju1CQN9Ie6XatcDMZEuVkd\/D\/4BNSUP8nLk2iECQ5jtpH0za6z9XycB9r30SzB4diSF71CS3FM8x6aWeAPxHuthE+qizcIjWCTi+uD+tksuJ3IgwTOIYtLJAmqBWmSSbw6uqz8LcdkStr7tMJaqmyNp0jfhJUWKXSVLeeaB7dE8vLAU\/AaDLNlX7cI97Q9sT4yJ7Ck0Xf38Wbaf70ad0+uLgBbGKMZzc0Qinka6L0063NVp3KQEb0W7+ZtTH+F7khBVzSgEGbYSk5P6L4+w1W84JNRtMzWLexqMRbia63\/XlTmx3sjYEiOU7SeNg\/VV7tUmAh00XrF94xyB5IuISYVkB63iOTwwjLGd+XPIC+xHPrVpy7d5\/0MnalC+TtBhFqQnVaipTWP5pTB6aF4HDpdAG\/Rsi\/jlYTPiwR\/+06YhuScTKbIDskrucwHhjvSpnvj6KdX7eJb+0f\/dGV1IR6XpjxXnm16GYSfek2plgRY7BcmryqhO8+u57C4lQPTdhp9tFjWMl1dmpGwleRQLABunADSt5n52m5UHlaEuruXoTSXj9yg5uc8GO3+7UV8mGSRFe35dZLCx1fvxLHAWLieOXgy10+sPWgTzBqbHdVA8G9uU1gL0jJCQ+ge4NIeEvEK2v26py+DrxUZ60wRYOUn0g+EctdA6BkYQ7axrLaAByXKmU+xaI8PcDwzjV5piTIMfvW5xrMWnuL8uImiF2SPyss62VgrI3kAwzdR1oqaEPB3uwvPTduUQ+N4uIEjkeW8TelrAHdYXTVkcW+KD\/qD9R4sMNfYyWoSviEKw0OOIkW3\/U0JwSQqOjw1KSUDkqHq\/KyJv++I37PjSRk9mkJHQKggsRDYpWzlCTtryb8Uw1N9dk2juxtTHXxH5dFsqFyNr7JLXTkJTh7bfr6gqnKuzSbbt6h0jpTjdtLTrNwDnd+cljHqP32B+son64QJeY+jueVGuppoG7wUpq9JyqWs0peerVl4SqbRUoTVTImfH4YMaQgSagkAM1uLSfdEHTdncPe4QqZpCf6Ay8IVOgBWQUUUGJ5tOIqcY9sNHfHZj+UXJJzimbNgyQmLAVgGyrWp1k3cCO9aHcm70ZW\/fksx8g38UefAJrWV5AcZKxBoIRLhAQKQrUJrNFP2Yu7+3wkMjdrjMpb0eLnX749AFyY0EfVxc8EaD1Zvrdq9MJLJbzBl00Bvh3hnjWjJNNa8ogp\/jNsv03rLCsySZbzzJq10nEyw\/TWESfJ1nM1aVj21VveY1DdXxYRzhGtEydneMsYwjGJ8zEkLQm++YbhIJDKJH2vuRum8N8aCn074\/\/PAqyWA"} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643575387216000,"flow_src_last_pkt_time":1643575387266000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1216,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":15879,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967460000,"flow_dst_last_pkt_time":1643574967246000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1210,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":4511,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1643575387266000} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1643575387266000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916493 bytes -~~ total memory freed........: 6916493 bytes -~~ total allocations/frees...: 114230/114230 +~~ total memory allocated....: 7494089 bytes +~~ total memory freed........: 7494089 bytes +~~ total allocations/frees...: 125961/125961 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 610 chars ~~ json message max len.......: 2172 chars diff --git a/test/results/default/iax.pcap.out b/test/results/default/iax.pcap.out index ae0d77b9e..d6a4f19ec 100644 --- a/test/results/default/iax.pcap.out +++ b/test/results/default/iax.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1123840005963862} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1123840005963862} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1123840005963862,"pkt":"AMDwli5rAOCBJ2JwCABFEABeAABAAEARAJ1SbiRUwKgCeBHZEdYASpLMgAQAAAAAAAEAAAYBCwIAAgEMNDQyMDg4MjA1MTU1Agw0NDc3ODIyNjc5NDkEAAoCZW7\/BAAAAAIMAgAAHwQLDFXW"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -9,7 +9,7 @@ 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1123840005971515,"flow_dst_last_pkt_time":1123840005995531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1123840005995531,"pkt":"AOCBJ2JwAMDwli5rCABFAAAoV79AAEARqSPAqAJ4Um4kVBHWEdkAFBz1gBcABAAAAB8BAQQE"} 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006456930,"flow_dst_last_pkt_time":1123840006059195,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3882,"flow_dst_tot_l4_payload_len":372,"midstream":0,"thread_ts_usec":1123840006456930,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":948,"avg":18980.7,"max":51403,"stddev":10969.1,"var":120322248.0,"ent":4.7,"data": [2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140]},"pktlen": {"min":40,"avg":161.5,"max":200,"stddev":59.5,"var":3538.2,"ent":4.9,"data": [94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192]},"bins": {"c_to_s": [3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.666565895,4.339823723,4.439823151,4.354552269,4.384184837,4.354552269,1.312757373,1.546443224,1.322564363,4.327484608,1.142194629,1.312757373,1.944322586,1.302340746,1.312757373,1.312757373,1.312757373,1.302340746,1.312757373,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.321057439,1.335405827,1.335405827,1.335405827,1.335405827]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006472888,"flow_dst_last_pkt_time":1123840006489877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":4046,"flow_dst_tot_l4_payload_len":3008,"midstream":0,"thread_ts_usec":1123840006489877,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1123840006489877} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1123840006489877} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909063 bytes -~~ total memory freed........: 6909063 bytes -~~ total allocations/frees...: 114187/114187 +~~ total memory allocated....: 7486659 bytes +~~ total memory freed........: 7486659 bytes +~~ total allocations/frees...: 125918/125918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2186 chars diff --git a/test/results/default/icmp-tunnel.pcap.out b/test/results/default/icmp-tunnel.pcap.out index fcceeb05f..956650279 100644 --- a/test/results/default/icmp-tunnel.pcap.out +++ b/test/results/default/icmp-tunnel.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227866459330,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAFvrPQgAAS1uE1EtSQYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.703333}} @@ -20,7 +20,7 @@ 01178{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":98,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228358273374,"flow_dst_last_pkt_time":1360228358272926,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20874,"flow_dst_tot_l4_payload_len":16482,"midstream":0,"thread_ts_usec":1360228358273374,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":107,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228402597860,"flow_dst_last_pkt_time":1360228402596581,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22210,"flow_dst_tot_l4_payload_len":17950,"midstream":0,"thread_ts_usec":1360228402597860,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":109,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228442640689,"flow_dst_last_pkt_time":1360228442640274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22290,"flow_dst_tot_l4_payload_len":18030,"midstream":0,"thread_ts_usec":1360228442640689,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":298,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1360228467662193} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":298,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1360228467662193} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":114,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228485957206,"flow_dst_last_pkt_time":1360228485957682,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22995,"flow_dst_tot_l4_payload_len":18623,"midstream":0,"thread_ts_usec":1360228485957682,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":154,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228522817624,"flow_dst_last_pkt_time":1360228522818134,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":28272,"flow_dst_tot_l4_payload_len":23795,"midstream":0,"thread_ts_usec":1360228522818134,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":192,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228557159010,"flow_dst_last_pkt_time":1360228557159568,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":33486,"flow_dst_tot_l4_payload_len":28699,"midstream":0,"thread_ts_usec":1360228557159568,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -36,7 +36,7 @@ 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":371,"flow_dst_packets_processed":337,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228942890883,"flow_dst_last_pkt_time":1360228942891404,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":51973,"flow_dst_tot_l4_payload_len":46675,"midstream":0,"thread_ts_usec":1360228942891404,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":423,"flow_dst_packets_processed":390,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228984799284,"flow_dst_last_pkt_time":1360228984799441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":57434,"flow_dst_tot_l4_payload_len":52234,"midstream":0,"thread_ts_usec":1360228984799441,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":448,"flow_dst_packets_processed":415,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228988973603,"flow_dst_last_pkt_time":1360228988973740,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":83334,"flow_dst_tot_l4_payload_len":78134,"midstream":0,"thread_ts_usec":1360228988973740,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":961,"packets-processed":863,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1360228988973740} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":961,"packets-processed":863,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1360228988973740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 961/863 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6932691 bytes -~~ total memory freed........: 6932691 bytes -~~ total allocations/frees...: 115002/115002 +~~ total memory allocated....: 7510287 bytes +~~ total memory freed........: 7510287 bytes +~~ total allocations/frees...: 126733/126733 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 621 chars ~~ json message max len.......: 2472 chars diff --git a/test/results/default/iec60780-5-104.pcap.out b/test/results/default/iec60780-5-104.pcap.out index aa0c21cc0..909fac2dc 100644 --- a/test/results/default/iec60780-5-104.pcap.out +++ b/test/results/default/iec60780-5-104.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992231267238,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267238,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267345,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} @@ -45,12 +45,12 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819944348,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992819944348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819947305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819947305,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992781349438,"flow_dst_last_pkt_time":1219992781349461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1219992910077446,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992818955088,"flow_dst_last_pkt_time":1219992818955112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":6,"midstream":0,"thread_ts_usec":1219992961194617,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992991664467,"flow_dst_last_pkt_time":1219992991860370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":207,"midstream":0,"thread_ts_usec":1219992991860370,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":133,"avg":11085131.0,"max":32516052,"stddev":10877058.0,"var":118310385483776.0,"ent":4.1,"data": [133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039]},"pktlen": {"min":40,"avg":51.6,"max":104,"stddev":11.5,"var":132.4,"ent":5.0,"data": [48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1],"entropies": [4.558206558,4.926427364,4.435436726,4.740953922,4.740953445,4.478915215,4.605515957,4.522393703,4.811381817,4.822690010,4.522393703,4.922443390,4.864342690,4.462504864,4.862554550,4.781687260,5.115302563,5.039213181,4.478915215,4.878964901,4.781687260,4.824862003,4.478915215,5.079588413,4.986872673,4.972445488,4.999047756,4.478915215,4.964986324,4.478915215,4.922443390,4.781687260]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":19,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219993055118751,"flow_dst_last_pkt_time":1219993055118603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":263,"midstream":0,"thread_ts_usec":1219993055118751,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":147,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1219993055118751} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":147,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1219993055118751} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 147/147 ~~ skipped flows.............: 0 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923926 bytes -~~ total memory freed........: 6923926 bytes -~~ total allocations/frees...: 114345/114345 +~~ total memory allocated....: 7501522 bytes +~~ total memory freed........: 7501522 bytes +~~ total allocations/frees...: 126076/126076 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2259 chars diff --git a/test/results/default/ieee_c37118.pcap.out b/test/results/default/ieee_c37118.pcap.out index 3c47ae889..2f5d8c321 100644 --- a/test/results/default/ieee_c37118.pcap.out +++ b/test/results/default/ieee_c37118.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1218021007698753} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1218021007698753} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007698753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218021007698753,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007698753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1218021007698753,"pkt":"ADCnAA06AAlrk3uDCABFAAA846tAAEAG1LrAqAAUwKgA8Y\/jEmgIDYWkAAAAAKACFtAWCwAAAgQFtAQCCAoCxGYPAAAAAAEDAwY="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007699989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1218021007699989,"pkt":"AAlrk3uDADCnAA06CABFAABAZWQAAEAGkv7AqADxwKgAFBJoj+PZe3k4CA2FpbASIfAmuQAAAgQFtAEDAwABAQQCAQEICnGgDcwCxGYP"} @@ -8,7 +8,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007700230,"flow_dst_last_pkt_time":1218021007699989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218021007700230,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1218021007700230,"flow_dst_last_pkt_time":1218021007701832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1218021007701832,"pkt":"AAlrk3uDADCnAA06CABFAAA0ZWUAAEAGkwnAqADxwKgAFBJoj+PZe3k5CA2Ft4AQId5ngwAAAQEICnGgDcwCxGYQ"} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007982488,"flow_dst_last_pkt_time":1218021007965319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":890,"midstream":0,"thread_ts_usec":1218021007982488,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":207,"avg":17751.6,"max":40001,"stddev":13277.6,"var":176295104.0,"ent":4.5,"data": [1236,1270,207,1843,699,2315,976,1753,1047,20120,38956,19861,2840,19920,19921,20016,39141,19972,20168,38019,19966,20020,40000,19866,22584,20167,20073,37505,19862,19977,40001]},"pktlen": {"min":52,"avg":81.6,"max":186,"stddev":31.5,"var":989.7,"ent":4.9,"data": [60,64,52,70,52,186,52,70,52,106,106,52,106,52,106,52,106,52,106,106,52,106,106,52,106,52,106,106,52,106,106,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,14,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0],"entropies": [4.496836185,5.048533440,4.931210041,4.651202679,4.969671726,4.443276405,4.931210041,4.690558434,4.969671249,5.657071114,5.579102516,4.969671249,5.555610657,4.969671726,5.699430466,4.969671726,5.692310333,5.008132935,5.652293205,5.602812290,4.931209564,5.597970963,5.583358288,4.931209564,5.605093002,4.931209564,5.657070637,5.635706902,5.008132935,5.642828465,5.594747066,5.008132935]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":418,"packets-processed":417,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1218023578251598} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":418,"packets-processed":417,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1218023578251598} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218023578251598,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1218023578251598,"pkt":"AKD0AaNIAB1gY4VACABFAAAualcAAIARTtHAqAAKwKgAPBJoEmkAGlB5qkEAEgA8SJmQmgA0LtUAAVYL"} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218023578251598,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -19,7 +19,7 @@ 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578622812,"flow_dst_last_pkt_time":1218023579169239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":374,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1718,"midstream":0,"thread_ts_usec":1218023579169239,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19796,"avg":41576.0,"max":318010,"stddev":73009.0,"var":5330315264.0,"ent":3.9,"data": [316833,318010,54381,59605,20198,20004,19807,20001,20003,20201,19799,19994,20205,19798,20210,19796,20005,19991,20008,20200,19801,19996,20004,20000,20202,19800,20004,20000,20002,20201,19796]},"pktlen": {"min":46,"avg":83.4,"max":402,"stddev":57.9,"var":3351.1,"ent":4.8,"data": [46,46,402,46,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76]},"bins": {"c_to_s": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,28,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.419025898,4.245112896,4.107680798,4.419026375,4.914726734,4.888411045,4.977291107,4.801239491,4.941042423,4.941042423,4.977291107,4.950975418,4.950975418,4.941042423,5.003606796,4.860224247,4.898343563,4.924659729,4.977291107,4.950975418,5.024288177,4.814043045,4.950975418,4.902923107,5.076920033,4.801239491,4.814043045,4.929238796,4.924659729,4.898343563,4.925475597,4.899159908]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":258,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021012734335,"flow_dst_last_pkt_time":1218021012734317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":13742,"midstream":0,"thread_ts_usec":1218023585746411,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":357,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023585746411,"flow_dst_last_pkt_time":1218023585729395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":374,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":17462,"midstream":0,"thread_ts_usec":1218023585746411,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":778,"packets-processed":778,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1218023585746411} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":778,"packets-processed":778,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1218023585746411} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 778/778 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6932578 bytes -~~ total memory freed........: 6932578 bytes -~~ total allocations/frees...: 114927/114927 +~~ total memory allocated....: 7510174 bytes +~~ total memory freed........: 7510174 bytes +~~ total allocations/frees...: 126658/126658 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2195 chars diff --git a/test/results/default/imap-starttls.pcap.out b/test/results/default/imap-starttls.pcap.out index b02667dff..ee6beec5e 100644 --- a/test/results/default/imap-starttls.pcap.out +++ b/test/results/default/imap-starttls.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437584567812552} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437584567812552} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437584567812552,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1437584567812552,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584568002342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437584568002342,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} @@ -12,7 +12,7 @@ 01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584568767550,"flow_dst_last_pkt_time":1437584568769690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":5492,"midstream":0,"thread_ts_usec":1437584568769690,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02540{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":188486.4,"max":1677753,"stddev":378167.8,"var":143010873344.0,"ent":3.3,"data": [189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432]},"pktlen": {"min":40,"avg":235.2,"max":1500,"stddev":424.6,"var":180326.2,"ent":3.6,"data": [64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46]},"bins": {"c_to_s": [15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1],"entropies": [4.577819824,4.737868309,4.461769104,5.374657631,4.734183788,5.080696583,4.457919598,5.160151482,4.684183598,5.024262428,5.301461220,4.501398087,4.784183979,5.382153988,6.856912613,7.178915024,4.665312290,7.104553223,7.666580677,4.403056622,4.684184551,6.516188145,5.466528416,4.684184074,5.702392578,6.104408741,5.134844303,4.665312290,4.734184265,5.452422619,4.492897511,3.926021099]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01337{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1437584570828629} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1437584570828629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927019 bytes -~~ total memory freed........: 6927019 bytes -~~ total allocations/frees...: 114184/114184 +~~ total memory allocated....: 7504615 bytes +~~ total memory freed........: 7504615 bytes +~~ total allocations/frees...: 125915/125915 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2545 chars diff --git a/test/results/default/imap.pcap.out b/test/results/default/imap.pcap.out index 16dbcf85d..f1a7c04c9 100644 --- a/test/results/default/imap.pcap.out +++ b/test/results/default/imap.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1213095262213846} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1213095262213846} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213095262213846,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213846,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213972,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} @@ -9,7 +9,7 @@ 01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266594138,"flow_dst_last_pkt_time":1213095262264097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":65,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1213095266594138,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","imap": {"user":"samir","password":"pfres","auth_failed":0}}} 02377{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780228,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780369,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":88,"avg":294609.8,"max":4331408,"stddev":1060070.4,"var":1123749068800.0,"ent":1.4,"data": [126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190]},"pktlen": {"min":52,"avg":101.9,"max":748,"stddev":125.9,"var":15857.5,"ent":4.4,"data": [60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748]},"bins": {"c_to_s": [18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1],"entropies": [4.466519356,4.994044781,4.884933472,5.545080185,4.923395157,5.188045025,5.565508366,4.846471786,5.532327652,4.923395157,5.445330620,5.491897583,4.961857319,5.242550373,5.321550369,4.892440796,5.645212650,4.899451256,5.225256920,5.331891060,4.961856842,5.594664574,4.961857319,5.357347012,5.240169048,4.961857319,5.602889538,4.923395157,5.631970406,5.824433327,4.923395157,5.541430473]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780387,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780387,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1213095266780387} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":33,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1213095266780387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910669 bytes -~~ total memory freed........: 6910669 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7488265 bytes +~~ total memory freed........: 7488265 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2382 chars diff --git a/test/results/default/imaps.pcap.out b/test/results/default/imaps.pcap.out index aae9698e5..597024f9d 100644 --- a/test/results/default/imaps.pcap.out +++ b/test/results/default/imaps.pcap.out @@ -1,15 +1,15 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590857744659641} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590857744659641} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1590857744659641,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1590857744659641,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1590857744706356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1590857744706435,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1590857744706435,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1590857744710196,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEXAABAAEAG+SjAqAEIp2PXpMVKA+HRNM\/OzIui24AYECzQ0gAAAQEIChRNnWSpw+fsFgMBAN4BAADaAwNe0pAQoUxdbqNEmHqACTYoEy7RbC2uNC4pbnZPkmPkMyAkUBxuKNil5bUhgr6oHofj7e9MtyuIV+orRKnjfI7R5wBCAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ8AngBrAGcAOQAzABYAnQCcAD0APAA1AC8ACsAHwBEABQAEAQAATwAAABIAEAAADW1haWwubnRvcC5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1590857744710196,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1590857744710196,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744749621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1590857744749621,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NrtAADQGz1CnY9ekwKgBCAPhxUrMi6Lb0TTQsYAQAfwWAAAAAQEICqnD6BkUTZ1k"} -01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1590857744765146,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1590857744765232,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1610477173150912} +01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1590857744765146,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1590857744765232,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1610477173150912} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477173150912,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173150912,"pkt":"AAAAAAAAAAUA1\/WMCABFAABAAABAAEAGZgTAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82MwAAAgQFggEDAwUBAQgKD7SLwQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1610477173152406,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173152406,"pkt":"AAAAAAAAAAwAMjBoCABFAABAAABAAD4GaATAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82PQAAAgQFeAEDAwUBAQgKD7SLwQAAAAAEAgAA"} @@ -18,9 +18,9 @@ 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1610477173289062,"flow_dst_last_pkt_time":1610477173231766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1610477173289062,"pkt":"AAAAAAAAAAUA1\/WMCABFAAI5AABAAEAGZAvAqAABCgoKAclJA+FNynXeyKgT5oAYEBhb4AAAAQEICg+0jDc9+PjxFgMBAgABAAH8AwPJJNOYA0FPL19\/ipGQY0QavUToIgbUdOyt2CPebse1USC2IYmUkuoD35YLGAkrR9lEXpqWFphMgx+UGR8Qqyhy2QA2iooTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfVpaAAAAAAAfAB0AABppbWFwLmFzaWEuc2VjdXJlc2VydmVyLm5ldAAXAAD\/AQABAAAKAAwAClpaAB0AFwAYABkACwACAQAABQAFAQAAAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBABIAAAAzACsAKVpaAAEAAB0AIJbKVW8vx1mh1UrotJZOXKe\/EgfZLu2x6rWjqQX6O\/MMAC0AAgEBACsACwra2gMEAwMDAgMBSkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173289062,"flow_dst_last_pkt_time":1610477173231766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477173289062,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1610477173366776,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744949604,"flow_dst_last_pkt_time":1590857744987000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3308,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744949604,"flow_dst_last_pkt_time":1590857744987000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3308,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":2776,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1610477173366841} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1610477173366841} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924640 bytes -~~ total memory freed........: 6924640 bytes -~~ total allocations/frees...: 114190/114190 +~~ total memory allocated....: 7502236 bytes +~~ total memory freed........: 7502236 bytes +~~ total allocations/frees...: 125921/125921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 1244 chars diff --git a/test/results/default/imo.pcap.out b/test/results/default/imo.pcap.out index 2e745b17c..e49755da7 100644 --- a/test/results/default/imo.pcap.out +++ b/test/results/default/imo.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646579366752245} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646579366752245} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646579366752245,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_usec":1646579366752245,"pkt":"CL6sCxdumt9Y+uvcCABFAADkB2xAAEARIpLAqAypuZuJHsA3jrcA0NESgTwOaEjDNFXzxmxamfOGor3xFD3A7FnCXNc+hJhFKrJOPpMIHUdqj1x7ZYe+fmL104ZlZ8QSGjgMDxxGQ47M5ARZG9YmBTkKmoomp0C2r5k7+UuqXgkHofa9I06kfQJKjgPnNwBdZocQSlex2Z6G1oBdByRvxIbfLnB1AU5Z2+ssSUPzcUN05190AJa8ogAW0Cie1vmNKFuiNZVeV2v82D2eARVTcN232VacWZMHJ\/PcqQx4XLqiWe9HSh0LDQkCIZoCAAAAAAA="} 00953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646579366752641,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1646579366752641,"pkt":"CL6sCxdumt9Y+uvcCABFAAFlB21AAEARIhDAqAypuZuJHsA3jrcBUW71gkcNAABefWxEZ6P52eWWE1NsVUgX\/f\/SEU49gh0z128SrDnndBBJ7Xzv30Qrd+KJJN6jW88s97nwOxW1SXOJ19HPmvCIhrHR5EVDIS67bqqmEITlpL2AWZxihzDdfZ9+dgCuOQIy4YhI67L+NII4MlG7p6wa+Z43u8VCM7MQ94E5SdjxWl3zDFPxVycVf7KV2xCPfzi+nLVEj6bW7qHP3SW0XSDmXsZYCq\/fkVzkG6GD9VCFwOzRvPlMFOvXxrdNScJnQTp3jwA9ixJO\/EZEvZGmxF8KX1lLWK60\/AnhsK8ResfH4lG\/M+7QsKf8h+0F6\/JreyOlSKUahDlCIMAkz9CNbMMyQvDt1lT9Ujr+5G5FKQSNp7Os7CbxgGOrC+XUDj1qcRw+csAXbivPEt1405allpHSrfAa3hDWEw734vz46COasfJjrLY="} @@ -18,7 +18,7 @@ 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579368878172,"flow_dst_last_pkt_time":1646579368918568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":11806,"flow_dst_tot_l4_payload_len":720,"midstream":0,"thread_ts_usec":1646579368918568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":138459.7,"max":1002796,"stddev":305661.1,"var":93428727808.0,"ent":2.8,"data": [396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553]},"pktlen": {"min":38,"avg":419.4,"max":1252,"stddev":488.9,"var":239046.1,"ent":4.1,"data": [228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39]},"bins": {"c_to_s": [0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1],"entropies": [6.951599121,7.408638477,4.155817986,6.605685711,7.827155590,7.851851463,6.958688259,6.942827225,7.823550224,7.844932079,7.851901054,7.830797195,6.188582897,7.144678593,4.053254128,7.818601608,4.339262486,7.858332157,6.930744171,4.391894341,4.391894341,4.391894341,4.391894341,4.155817986,6.930866241,6.293650627,7.455466747,6.412575722,6.928594112,4.207099915,6.941227913,4.207099915]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579369944784,"flow_dst_last_pkt_time":1646579369921382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":12230,"flow_dst_tot_l4_payload_len":731,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":37,"flow_first_seen":1646579366870607,"flow_src_last_pkt_time":1646579370069590,"flow_dst_last_pkt_time":1646579370091576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1052,"flow_dst_max_l4_payload_len":1039,"flow_src_tot_l4_payload_len":6713,"flow_dst_tot_l4_payload_len":11506,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1646579370091576} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1646579370091576} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912962 bytes -~~ total memory freed........: 6912962 bytes -~~ total allocations/frees...: 114250/114250 +~~ total memory allocated....: 7490558 bytes +~~ total memory freed........: 7490558 bytes +~~ total allocations/frees...: 125981/125981 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 512 chars ~~ json message max len.......: 2199 chars diff --git a/test/results/default/instagram.pcap.out b/test/results/default/instagram.pcap.out index 5a6339d89..d41be1bd9 100644 --- a/test/results/default/instagram.pcap.out +++ b/test/results/default/instagram.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436720898354402} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1436720898354402} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720898354402,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720898354402,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898386781,"flow_src_last_pkt_time":1436720898386781,"flow_dst_last_pkt_time":1436720898386781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1365,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1365,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720898386781,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -9,11 +9,11 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898499269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720898499269,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1436720898499483,"flow_dst_last_pkt_time":1436720898499269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720898499483,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"} 01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1436720898501130,"flow_dst_last_pkt_time":1436720898499269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":530,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":530,"pkt_l4_len":496,"thread_ts_usec":1436720898501130,"pkt":"ABsv8H60QPMIw47hCABFAAIETyxAAEAGD7jAqABnrfxrBNw+AbsehKWjVxTFlYAYAOUQ3QAAAQEICgAD6pe8TYT0FgMBAcsBAAHHAwFVop8CNJ6Qudiud2vb4pMs1Ustmw2JKPU\/VGUbAAAfqCAvcExfwJCbXHILQOxXqreX44nTobQUpbpO1CIvwxwdmABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAATgAAAAgAB4AABt0ZWxlZ3JhcGgtYXNoLmluc3RhZ3JhbS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMA0ESu3Am+FRFWL6GFZ5cqeqMrKeBDNApsKnRfHnB5aZ0M+PnsUszH1NK1OcamWdgk3loMTjkeuY8vQf2EKeUIJw0J8WDG8kiJQeedkexy97ZHld7N8L4SURKmoEJD\/aT59gmDPLTPklzVSlv38lUivPzyDaJ4xWo0Y51eIH5hGdTyPxvePHdwmlZHT25nawNC\/q4GMjx1H6cysD5DjhLucBMKfR+thQ8RsDmqWIcBbaeRKiGNOGevr+YgzwaPf99rNe8LLrWBk293Kmn5cEdDLBg="} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898501130,"flow_dst_last_pkt_time":1436720898499269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720898501130,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"telegraph-ash.instagram.com","domainame":"telegraph-ash.instagram.com","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898501130,"flow_dst_last_pkt_time":1436720898499269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720898501130,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"telegraph-ash.instagram.com","domainame":"telegraph-ash.instagram.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1436720898386781,"flow_dst_last_pkt_time":1436720898551576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_usec":1436720898551576,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1436720898551759,"flow_dst_last_pkt_time":1436720898551576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720898551759,"pkt":"ABsv8H60QPMIw47hCABFAAA0a5FAAEAGkeLAqABnHw1dNISQAbuIwZOHpNSV\/YAQATA9dwAAAQEICgAD6pxaUquV"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1436720898501130,"flow_dst_last_pkt_time":1436720898646547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720898646547,"pkt":"QPMIw47hABsv8H60CABFAAA0QOlAAFIGDcut\/GsEwKgAZwG73D5XFMWVHoSnc4AQAD2vaQAAAQEICrxNhYIAA+qX"} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898501130,"flow_dst_last_pkt_time":1436720898646669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1436720898646669,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"telegraph-ash.instagram.com","domainame":"telegraph-ash.instagram.com","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898501130,"flow_dst_last_pkt_time":1436720898646669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1436720898646669,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"telegraph-ash.instagram.com","domainame":"telegraph-ash.instagram.com","tls": {"version":"TLSv1","ja3s":"acb741bcdffb787c5a52654c78645bdf","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 01896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1436720900074495,"flow_dst_last_pkt_time":1436720898551576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"thread_ts_usec":1436720900074495,"pkt":"ABsv8H60QPMIw47hCABFAAQZa5JAAEAGjfzAqABnHw1dNISQAbuIwZOHpNSV\/YAYATACCAAAAQEICgAD6zRaUquVFwMBA+DkDUivvS2eBjkT2Urn2+KTbKUSC66\/qxC\/xD+VJohS0ez2+Xkk+lV7Cay4T3qDmms3u0VgM6A5H+3n7TePnJIVLW9eS+znnQVMaWWcj7eNfDCCii6movZtXtYSdlkSdYe+AV3zuKPoRQe5W8+BL8aUzaU2mxJIwHIuhCp\/wOHHZVlWSX4j0W\/HLVFrJ9+SKhoT3ymYn6vBersE+9\/7sKY+2J2IhMFbr+TBY2rnZnSngLvIZzDfQST7NLriH0JokZzVgg3Ff+3n4QivAvWspXgy0oaU2g3aaDd4f2+JfRt8qI3InhGx76jPbTiLxX9qaNV0iJsMs2R9Zbz45LheHPpmkG0V7bDGgEIpOaqiTMwB5vyiMd\/P54jKSzhcXbkTjVX9JupxlspvQCMzw0zD7LT5v7dAePpfjXlY31iS4F3oERk0vcdtXClQ+kXUQjRXrDfn9G+KdjJsBcQpenUtTCuLGDPpVEgTnSXS+lToADvcPr1rkPRhfbj8IUBcJUIcSlUm5rrXzhJko8lPknZB4TnyuXiKwn+lAlEw7TCskEcsZeQDg7bIBvRlAT+vSZ9c\/hnBukQ3DX+eHXRlNu5QwYmyZQpchItAPD2sjwtp\/oacDnxXBTJxsrxKApeuzP\/F7cUhAz3iRYmA+QEhh8k0MFPh1enJh7Kg+utJPgoLoxjJA75oFbTtLOl56uGfhjMFQHnFTdo3E\/LchZ\/qJhKBdosqvqoH0oDg1hr9cOpebAeBh5WDig+m+zUDnjg0RfFKufLkN8F9SJHwXapjQlt6wf1Hic6HUpgV\/iLxA9EMlB3SfwmMyFembYPapDW4zh2E5uvMtAkfyWhX4TjOep0+g9TfyHFxLf12hCwmMJCcMNg5ZrXrXlWtfXpEKK20uuRmxStID9PEDCx0YdLB1sqMlysgu3FFVUuTE3jBH4Jwvk3aPClCUFz90QKRSdGoGgxY7drYTMj6pGovLyduLCALkBZipLVkKctZ1E7Ahw5sKzGcL6KbFjtVL7X8kSt1FcYBkyXAuypyLFY9275D4SQbnyhaKWjTlx\/V1CS7UCPW3JEUwSje6VUwEW5quscLQyd0gztKVxa3hEEgOJwAV6TViRkF7y8ryi3k2JQ0HOzInxyLgtSoxlQqipvdMVM5Q0wtS4uxyXBjW6c2ixJ9VZqnfjNOGz7U8L44QPKln\/uZVp53Pa7zdtLnKiQSc6vzq4nlYDa2P+ZCCh17L5ayDcf87iSrR1Eolw6s9V29UDAylOQWQYmeknlyQuZCXxbBC54zMyAdL0o9OXP25quGIX+qhLqVNGvteb1pX5mGkXMRqWGnow=="} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1436720898386781,"flow_src_last_pkt_time":1436720900498659,"flow_dst_last_pkt_time":1436720900498598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1365,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":2362,"flow_dst_tot_l4_payload_len":17365,"midstream":1,"thread_ts_usec":1436720900498659,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":61,"avg":136248.2,"max":1572479,"stddev":382122.6,"var":146017665024.0,"ent":2.2,"data": [88898,75897,164978,1522736,1572479,340302,390014,2197,2137,122,91,92,92,91,91,61,61,92,92,61,91,91,61,92,92,29907,29999,733,671,702,672]},"pktlen": {"min":52,"avg":668.5,"max":1450,"stddev":663.9,"var":440818.0,"ent":4.2,"data": [1417,52,665,52,1049,52,1450,52,195,52,1450,52,1283,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0,0,0]},"directions": [0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [7.861261845,5.070539474,7.656534195,5.014835358,7.778872013,5.017560959,7.868881702,5.053297043,6.745593071,5.053297043,7.855556488,5.091758728,7.839184761,5.091758728,7.864506721,5.038780212,7.844711781,5.115703106,7.864735603,5.077241421,7.847777367,5.077241898,7.868622303,5.077241421,7.866432190,5.115703106,7.875942230,5.115703106,7.870041847,5.115703106,7.866209507,5.077241421]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720900684083,"flow_src_last_pkt_time":1436720900684083,"flow_dst_last_pkt_time":1436720900684083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720900684083,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -125,31 +125,31 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1436720908572816,"flow_dst_last_pkt_time":1436720908594270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720908594270,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1436720908594484,"flow_dst_last_pkt_time":1436720908594270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908594484,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"} 01156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1436720908596986,"flow_dst_last_pkt_time":1436720908594270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"thread_ts_usec":1436720908596986,"pkt":"ABsv8H60QPMIw47hCABFAAH2iDxAAEAGeufAqABnLiFGrq4OAbuyG2a95av4sIAYAOVksQAAAQEICgAD7oiuiQq2FgMBAb0BAAG5AwFVop8Msco7JTYCiSEgd5WJ6x+wAZ09x9pH2BTgSj6HeiAsyBjUAkvNj+Oeiua6fMd0i3Te2wBseBO7KkfIYnjxtQBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAASoAAAAiACAAAB1pZ2Nkbi1waG90b3MtaC1hLmFrYW1haWhkLm5ldAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwDAgpVMjhoyukvbzvvgY8vKz+CVeFzcF\/g\/VPAKm5BNPcEPZvcKEyInje21R26PDrL8bgtYDZ3N9U9y5AXbnH7jp0cPyRAfWjA4cSGxi6h4zhjIqjk5h+7xiaMe9xN6RSCAZQUZ6fmY2fdoTp8v32IaNBDsu8cfAr9L6MK8is0ChbSYf3ZmxGQXC+FeEH\/YYAM86nfFaXHSgF53711tVoXkoJQDN\/pSPqcebe7sZk6+jIr\/+yFd3LQbo6ok\/ZYVZAVO"} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908596986,"flow_dst_last_pkt_time":1436720908594270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908596986,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-h-a.akamaihd.net","domainame":"igcdn-photos-h-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908596986,"flow_dst_last_pkt_time":1436720908594270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908596986,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-h-a.akamaihd.net","domainame":"igcdn-photos-h-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1436720908581361,"flow_dst_last_pkt_time":1436720908603242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720908603242,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1436720908603425,"flow_dst_last_pkt_time":1436720908603242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908603425,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1436720908606294,"flow_dst_last_pkt_time":1436720908603242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1436720908606294,"pkt":"ABsv8H60QPMIw47hCABFAAE2pvpAAEAGXQ\/AqABnLiFGiO3sAbtrdUiA0XyTL4AYAOW8wAAAAQEICgAD7onOjo1YFgMBAP0BAAD5AwFVop8MQRa\/LNGPcOhfcnf+rMAKLSf4OFV0ZRHxry69ZyCXpJ10n72tSFpYW4ZT6kMvwtZuo9Q9LTXctqN9z+ZxLABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAGoAAAAiACAAAB1pZ2Nkbi1waG90b3MtZy1hLmFrYW1haWhkLm5ldAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908606294,"flow_dst_last_pkt_time":1436720908603242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908606294,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-g-a.akamaihd.net","domainame":"igcdn-photos-g-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908606294,"flow_dst_last_pkt_time":1436720908603242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908606294,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-g-a.akamaihd.net","domainame":"igcdn-photos-g-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1436720908576723,"flow_dst_last_pkt_time":1436720908615114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720908615114,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1436720908615266,"flow_dst_last_pkt_time":1436720908615114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908615266,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1436720908577363,"flow_dst_last_pkt_time":1436720908616060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720908616060,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1436720908616151,"flow_dst_last_pkt_time":1436720908616060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908616151,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1436720908617006,"flow_dst_last_pkt_time":1436720908615114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1436720908617006,"pkt":"ABsv8H60QPMIw47hCABFAAEWnwdAAEAGbNzAqABnUlUamqDdAbvgTnGEA9q1Z4AYAOWB4wAAAQEICgAD7opUeSUGFgMBAN0BAADZAwFVop8M+5Fn2JtR0XC3DjC1k6QlRCdk+PzEKMeFZf\/I9AAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABqAAAAIgAgAAAdaWdjZG4tcGhvdG9zLWEtYS5ha2FtYWloZC5uZXQACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAA=="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908576723,"flow_src_last_pkt_time":1436720908617006,"flow_dst_last_pkt_time":1436720908615114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908617006,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908576723,"flow_src_last_pkt_time":1436720908617006,"flow_dst_last_pkt_time":1436720908615114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908617006,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1436720908619081,"flow_dst_last_pkt_time":1436720908616060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1436720908619081,"pkt":"ABsv8H60QPMIw47hCABFAAEWGZ1AAEAG8kbAqABnUlUamqDeAbviOvceYZgUGoAYAOU9twAAAQEICgAD7otUeSUGFgMBAN0BAADZAwFVop8Mx+4o5JlDiMj20RJ7KJRI3UtRsi0RYXWiY3UJSAAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABqAAAAIgAgAAAdaWdjZG4tcGhvdG9zLWEtYS5ha2FtYWloZC5uZXQACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAA=="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908577363,"flow_src_last_pkt_time":1436720908619081,"flow_dst_last_pkt_time":1436720908616060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908619081,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1436720908577363,"flow_src_last_pkt_time":1436720908619081,"flow_dst_last_pkt_time":1436720908616060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720908619081,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1436720908596986,"flow_dst_last_pkt_time":1436720908623750,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908623750,"pkt":"QPMIw47hABsv8H60CABFAAA08nxAADkGGWkuIUauwKgAZwG7rg7lq\/iwshtof4AQAebuTQAAAQEICq6JCtQAA+6I"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1436720908606294,"flow_dst_last_pkt_time":1436720908630189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908630189,"pkt":"QPMIw47hABsv8H60CABFAAA0HkFAADkG7couIUaIwKgAZwG77ezRfJMva3VJgoAQAebrQwAAAQEICs6OjXMAA+6J"} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908606294,"flow_dst_last_pkt_time":1436720908633180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908633180,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-g-a.akamaihd.net","domainame":"igcdn-photos-g-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908634035,"flow_dst_last_pkt_time":1436720908634645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908634645,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-g-a.akamaihd.net","domainame":"igcdn-photos-g-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908596986,"flow_dst_last_pkt_time":1436720908636842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908636842,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-h-a.akamaihd.net","domainame":"igcdn-photos-h-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908638521,"flow_dst_last_pkt_time":1436720908638551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908638551,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-h-a.akamaihd.net","domainame":"igcdn-photos-h-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908606294,"flow_dst_last_pkt_time":1436720908633180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908633180,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-g-a.akamaihd.net","domainame":"igcdn-photos-g-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908634035,"flow_dst_last_pkt_time":1436720908634645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908634645,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-g-a.akamaihd.net","domainame":"igcdn-photos-g-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908596986,"flow_dst_last_pkt_time":1436720908636842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908636842,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-h-a.akamaihd.net","domainame":"igcdn-photos-h-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"7df57c06f869fc3ce509521cae2f75ce","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908638521,"flow_dst_last_pkt_time":1436720908638551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908638551,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-h-a.akamaihd.net","domainame":"igcdn-photos-h-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3s":"7df57c06f869fc3ce509521cae2f75ce","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1436720908617006,"flow_dst_last_pkt_time":1436720908656038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908656038,"pkt":"QPMIw47hABsv8H60CABFAAA0kE1AADkGg3hSVRqawKgAZwG7oN0D2rVn4E5yZoAQAeYwFAAAAQEIClR5JS4AA+6K"} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908576723,"flow_src_last_pkt_time":1436720908617006,"flow_dst_last_pkt_time":1436720908660280,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908660280,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908576723,"flow_src_last_pkt_time":1436720908660982,"flow_dst_last_pkt_time":1436720908661561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908661561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908576723,"flow_src_last_pkt_time":1436720908617006,"flow_dst_last_pkt_time":1436720908660280,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908660280,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908576723,"flow_src_last_pkt_time":1436720908660982,"flow_dst_last_pkt_time":1436720908661561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908661561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1436720908619081,"flow_dst_last_pkt_time":1436720908663240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1436720908663240,"pkt":"QPMIw47hABsv8H60CABFAAA0MTFAADkG4pRSVRqawKgAZwG7oN5hmBQa4jr4AIAQAebsFwAAAQEIClR5JTEAA+6L"} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908577363,"flow_src_last_pkt_time":1436720908619081,"flow_dst_last_pkt_time":1436720908663820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908663820,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908577363,"flow_src_last_pkt_time":1436720908664461,"flow_dst_last_pkt_time":1436720908665864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908665864,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1436720908577363,"flow_src_last_pkt_time":1436720908619081,"flow_dst_last_pkt_time":1436720908663820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1436720908663820,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1436720908577363,"flow_src_last_pkt_time":1436720908664461,"flow_dst_last_pkt_time":1436720908665864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1436720908665864,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"igcdn-photos-a-a.akamaihd.net","domainame":"igcdn-photos-a-a.akamaihd.net","tls": {"version":"TLSv1","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23","blocks":0}}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1436720908719331,"flow_dst_last_pkt_time":1436720908464754,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1436720908719331,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1436720908719331,"flow_dst_last_pkt_time":1436720908464754,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1436720908719331,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"} 02442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1436720908466005,"flow_dst_last_pkt_time":1436720908720674,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_usec":1436720908720674,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"} @@ -203,15 +203,15 @@ 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1436720906017091,"flow_src_last_pkt_time":1436720906024293,"flow_dst_last_pkt_time":1436720906017091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906022462,"flow_src_last_pkt_time":1436720906022462,"flow_dst_last_pkt_time":1436720906022462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":103,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":635,"packets-processed":633,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":24,"total-detection-updates":12,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1568796253770116} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":635,"packets-processed":633,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":24,"total-detection-updates":12,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1568796253770116} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796253770116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1568796253770116,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1568796253782515,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1568796253784713,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796253784713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1568796253784771,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1568796253784771,"pkt":"xiwDYGpkxGGLNYKpCABFAAESAABAAEAGAezAqAIRHw1WNMDLAbuZigak9a8KwoAYCAzr2wAAAQEICg1wcq86Lg6wFgMBANkBAADVAwMjksyrSJEnHCj7+pBcrNa+PodYLpB74VGVqR+HKhs0GiApLypFPPq32Fv9\/MlD5ecljmzHmnbSZyDhqsHB+Vrs\/QAGEwETAhMDAQAAhgArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgnrlXRF005fDXmdLGrmWHWUR+fUpyzgm8LYNWZJbzAl8ADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEA"} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253784771,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796253784771,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","ja4":"t00d0307ht_55b375c5d22e_1472448224a5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253784771,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796253784771,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0307ht_55b375c5d22e_1472448224a5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1568796253784771,"flow_dst_last_pkt_time":1568796253797139,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796253797139,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cqAAAFQGvCkfDVY0wKgCEQG7wMv1rwrCmYoHgoAQAHERQAAAAQEICjouDr8NcHKv"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253784771,"flow_dst_last_pkt_time":1568796253798864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1568796253798864,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t00d0307ht_55b375c5d22e_1472448224a5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253784771,"flow_dst_last_pkt_time":1568796253798864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1568796253798864,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t00d0307ht_55b375c5d22e_1472448224a5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796254514906,"flow_dst_last_pkt_time":1568796254514906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254514906,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1568796254514906,"flow_dst_last_pkt_time":1568796254514906,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1568796254514906,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796254515573,"flow_src_last_pkt_time":1568796254515573,"flow_dst_last_pkt_time":1568796254515573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254515573,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -223,19 +223,19 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1568796254527339,"flow_dst_last_pkt_time":1568796254526002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796254527339,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1568796254527802,"flow_dst_last_pkt_time":1568796254526651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796254527802,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"} 01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1568796254528580,"flow_dst_last_pkt_time":1568796254526002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"thread_ts_usec":1568796254528580,"pkt":"xiwDYGpkxGGLNYKpCABFAAHXAABAAEAGASfAqAIRHw1WNMDNAbsBxqpPpr5nHYAYCAy4mgAAAQEICg1wdVcU9Z3GFgMBAZ4BAAGaAwNVNSF4TcFES2A3bmDoQzoKoPRK88lF8GU0rvqEfWOJnSDMB3SW0+oLedhnRZBEjRhfhuHo9hBvfR7yTL5mOscQSAAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAg7SCrt+XZhOafPhg5Ng9ZqV0HRY1FsJgqY47HJ+ANL2gADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAL0AmACSWIXdmmwR1laYI9MTX9Ylv6k3elrG822PBXIhOrmLQkwAAAAAnwMCQs2b3VbV6udwJ8GZokFPTbUvCekbgT+BE2sGbBQUFuwMj\/BU7jg475T8N6D\/+oAuA0+LsqVikNMpi1cAr7ywQ08ClMJVucSZVkvAlpilkoy0GQXRkFz5t6c1Jfa9Pt8cBpvXHFxdvY3OoCRzMPoyACEgfw4JqUsziZWqGwVKYBDzRhcnnFsa29JbVyz1lE1jNn8="} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796254528580,"flow_dst_last_pkt_time":1568796254526002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":419,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254528580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796254528580,"flow_dst_last_pkt_time":1568796254526002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":419,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254528580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01352{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1568796254529128,"flow_dst_last_pkt_time":1568796254526002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":663,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":663,"pkt_l4_len":629,"thread_ts_usec":1568796254529128,"pkt":"xiwDYGpkxGGLNYKpCABFAAKJAABAAEAGAHXAqAIRHw1WNMDNAbsBxqvypr5nHYAYCAwVNAAAAQEICg1wdVcU9Z3GFAMDAAEBFwMDAkrDUEGtzNssmdqTSNjThUpw9Gls3D5hJUvevqfxbpL2EvuYq\/xiBCWVUG44FmqupL3\/bCDe+Rj9sMP0S4s+LQPzEW6A5hhKzX6qMaE2oA2a+cyuw1W+Bw159hfwEaT5JaJhskpw2sZqBuPMouecOua99GDqlpE1OnBarxBfCM0SomVAI6hLrbybrwRUe8xCwbFhC+gcJ9vGsoZCalYYSFG6x1EiFpdz3sP6rMiC\/odi\/\/toF9HGlivcgXFqyi+wt2xIFAo5w2BagrM7YYesUZ6DvhPqN64yKJw+1G\/a05UNE3LulZdscm8atA3bJBUkFQj5GT8SSi8DgkMU5oYwLeQcI+OKsHc8qhpAqeo8BlHo1JdH47AP9VANK+8a8dWoErgKuHfO6nhlve4GhvIQI0dtginqfSN++9g3Ad0oGTbj9rYAYBLYkcJj59HZKjUqWV8P+m6JefwYjP6BGSX5oM5eL4j2YuJTWPJuV9FVHqGKKMjbjgccdOs2nLQR+l+aXFE8SknMyuv1kPi\/ZU1dwbtkc1X4HmfXuoqlylB6wbqd+cRm7M64sTJQ4B2GaVteHHowcVsvnV18Ip7NEoxP4opr3Mj1WOujvLVXplduA1wSVVP+x5aKMrisvqqIPAGFPnxwuL1j43Unto5sm1jK9xZqfUtFET8ygvgIbl2oMszNX3zDR1OF4w7m11oqSdPiwe4BQHPLVrXKxZMgD9\/U2HUIndKFenxAfYIHejPKA6kDWmb2WHrTQqnQLqEdZDORV+V6Su21qULR5TO7"} 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1568796254531233,"flow_dst_last_pkt_time":1568796254526651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"thread_ts_usec":1568796254531233,"pkt":"xiwDYGpkxGGLNYKpCABFAAHXAABAAEAGASfAqAIRHw1WNMDOAbvBtYQcmxhZHYAYCAzKGQAAAQEICg1wdVjYQyzxFgMBAZ4BAAGaAwOyMt4E+HaZDiJZVBg5k8\/oA3Xa304Knp2ME68TY60GtiA+ZFjEC79ZWsyfIhM6TAFNirQ6Wfjdb2VnPIAynKQowgAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgfb7BCArOXiMwbKgWAHmAk0wvUIjhAM0LzhIthYUKAh0ADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAL0AmACSWIXdmmwR1laYI9MTX9Ylv6k3elrG822PBXIhOrmLQkwAAAAAnwMCQs2b3VbV6udwJ8GZokFPTbUvCekbgT+BE2sGbBQUFuwMj\/BU7jg475T8N6D\/+oAuA0+LsqVikNMpi1cAr7ywQ08ClMJVucSZVkvAlpilkoy0GQXRkFz5t6c1Jfa9Pt8cBpvXHFxdvY3OoCRzMPozACEgiwZ0SDMJf0KnFfH6w3CAZJjEaXEjNKUfikqv6iXoWvE="} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796254515573,"flow_src_last_pkt_time":1568796254531233,"flow_dst_last_pkt_time":1568796254526651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":419,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254531233,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796254515573,"flow_src_last_pkt_time":1568796254531233,"flow_dst_last_pkt_time":1568796254526651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":419,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254531233,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1568796254531371,"flow_dst_last_pkt_time":1568796254526651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":595,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":595,"pkt_l4_len":561,"thread_ts_usec":1568796254531371,"pkt":"xiwDYGpkxGGLNYKpCABFAAJFAABAAEAGALnAqAIRHw1WNMDOAbvBtYW\/mxhZHYAYCAw5RgAAAQEICg1wdVjYQyzxFAMDAAEBFwMDAgY9IGVXL7OvWyqJahOvSUCJY8iw4p2I6w\/z9tqJYZ1qXlO8Ua4m0cjVttEEGsPKDnBhRcK\/RalKos02Wn2xrlKYE1kVBerOO6e+pJef251bfBnfTJT1bwC8WKoRJl7kN7nDOtO7so2rzZ\/bcKL0FJXKHriy1XEt\/vnjXVDsu9L9Uc8+ow25VVkb3mBz4yMPtWqKPBiy4xHCI8x0nRp54gC\/14QlNex1yYUz1AivdOTQ8FLkFhLArjpkuy3iyUrKOU6rsMaYWY8A2EmiwZFKe6t1eXUVkBPUTdQ2XLkLKdofF8Efyh7fEeBDGNQ5DUTMUaTcgsYWE9zLKbE8VQKPwSDlp33V8ATrg3wWNvkiXPZCNhc8GC1PSzSINWsFe4Wd0O\/CnGWAdPvCFeMoT9TG\/SG7CyMo\/elguQVkUCtPd58eq0YOTFDEUGlB3mM1aLgfDKP5+kB38uFg7l5jHqSl8qk53E+dY5RysX98A33pPQW+0EzBPkYDrRP\/sxH\/bb\/09vW+LT5D6G7AYAYP8HHiyRmNSUQH+L+jCK4DB9tGXgtn9iaLUMeXUqeq1pvGySfdp\/g1nvnZCTarJPrr\/4uJCyFWnvLYDEoQAZevWP7d9Y0+ARPa7a9d70xkRUctmvrerk5KnemtryInvBJDk8i3u1GPLfDJw\/XSMPhk4o0RKeBLn1JNL2qVHQ=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1568796254524506,"flow_dst_last_pkt_time":1568796254536521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1568796254536521,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1568796254538625,"flow_dst_last_pkt_time":1568796254536521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796254538625,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"} 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1568796254539181,"flow_dst_last_pkt_time":1568796254536521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"thread_ts_usec":1568796254539181,"pkt":"xiwDYGpkxGGLNYKpCABFAAHXAABAAEAGASfAqAIRHw1WNMDPAbv9TOkT6UFCBIAYCAzILQAAAQEICg1wdWAUEKcNFgMBAZ4BAAGaAwNlUhwheJ1rDpnKdGJYXxWfmrHMAvJ7gaS6dCikYDaQniBlqQjva1tIZWpLGugxipAgopwgiPn9JIzY3sS4pJS4iwAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgTGMSfgTb9pv4uxSFqccgvnRx7yS7zib2zW+R1uGk7QkADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAL0AmACSWIXdmmwR1laYI9MTX9Ylv6k3elrG822PBXIhOrmLQkwAAAAAnwMCQs2b3VbV6udwJ8GZokFPTbUvCekbgT+BE2sGbBQUFuwMj\/BU7jg475T8N6D\/+oAuA0+LsqVikNMpi1cAr7ywQ08ClMJVucSZVkvAlpilkoy0GQXRkFz5t6c1Jfa9Pt8cBpvXHFxdvY3OoCRzMPo8ACEgiSy9JdX7OlfqJ\/YCqY0dSnI3XG0iGbXAIYi1fb3W7sU="} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539181,"flow_dst_last_pkt_time":1568796254536521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":419,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254539181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539181,"flow_dst_last_pkt_time":1568796254536521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":419,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254539181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254536521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":579,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":579,"pkt_l4_len":545,"thread_ts_usec":1568796254539348,"pkt":"xiwDYGpkxGGLNYKpCABFAAI1AABAAEAGAMnAqAIRHw1WNMDPAbv9TOq26UFCBIAYCAw8GQAAAQEICg1wdWAUEKcNFAMDAAEBFwMDAfYvjhL\/+unS7fozXeu+ozxeGqpWneH0HAeI4D12qSAbXRvGRbvMhlA3iIqYmg5W04CTNdoRnvHAcH9UKBkK8nk0eqw6Lhz8z+Z2pVE8YWmDMIUMAV4rml4gpqR5NE9shLAYrDcYLpTh6j8xdJfxBdlwXwAWk210uYkgtuVuGuAnA4rnADq87jctIM9LiVkznCL2RzAY+gpboIwcuxgqu+EVizFiw2WR4uBEpKJKcbtNp0NoyX54JW\/gnMLjBN\/87vIPBv5dTm6TKLVlDp9lxyBnYixGQBNuoVLbmHnwC0aYofRUdyRh+c\/w6AoWx5rLfmHeffFzQrKGxK7sz9aAVpyhUAnh3zhBdKDggPO+6tm7CAajdCATmaQIgAvUVGoK7Uk+mfymr1oiVyk7Evq9zGae3DMM1fE+dXeV3Ab8UTZXFvYsP99GZeLIQ0WY2fjuNegANWdHgNpN0dOaBxX28gM88hX8yr3skN4tehJ6Vqt6SsMgduyRNxC3C8rxm3T5VUSfbxMEX0mW\/PQOOxd3ffNrCbzUUyPABQkACGAJqcVFv\/4jI6ozCl+4+nJN\/lKDnInz6a14ysMia7tXB3moLgsg4RF\/ZiOq9QOivt427n9iwBq6ZFBHPx\/TukI96jX8DH\/wJq1xVlsZxtNA62zSqWFqQlJ2mEEZ"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796254529128,"flow_dst_last_pkt_time":1568796254539971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":1016,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796254539971,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} -01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796254515573,"flow_src_last_pkt_time":1568796254531371,"flow_dst_last_pkt_time":1568796254543357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":529,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":948,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796254543357,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} -01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":678,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254551766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":932,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796254551766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796254529128,"flow_dst_last_pkt_time":1568796254539971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":1016,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796254539971,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796254515573,"flow_src_last_pkt_time":1568796254531371,"flow_dst_last_pkt_time":1568796254543357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":529,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":948,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796254543357,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":678,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254551766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":932,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796254551766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720899158632,"flow_dst_last_pkt_time":1436720899122651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":165,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720901262544,"flow_src_last_pkt_time":1436720901262544,"flow_dst_last_pkt_time":1436720901262544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":258,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","proto_id":"7.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720908533449,"flow_src_last_pkt_time":1436720908533449,"flow_dst_last_pkt_time":1436720908579988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"igcdn-photos-g-a.akamaihd.net"}} @@ -282,13 +282,13 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1568796265159904,"flow_dst_last_pkt_time":1568796265158802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796265159904,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1568796265160373,"flow_dst_last_pkt_time":1568796265159201,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1568796265160373,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"} 01097{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1568796265162664,"flow_dst_last_pkt_time":1568796265158802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1568796265162664,"pkt":"xiwDYGpkxGGLNYKpCABFAAHIAABAAEAGATbAqAIRHw1WNMDQAbvb0IW2x+rPAIAYCAyIwgAAAQEICg1wnqtocroGFgMBAY8BAAGLAwPdyPi3QPqLzsTAPn4hA3TSqwNIH2VLRQoVcBAkqqgQZiAVVtgPkL5YKAYDZH3R54j++7adj7J3C5T+\/WxuRVW3nAAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgEap\/WHdrgE\/7MIaVYINPxAabJBwz3YigseE3IZK\/GAYADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAK4AiQCDk7JELb9TNLP0bj9gRMRkOJvPqRKtoboU\/jiXhirj8KoAAAAA0R83NY2xlS21RB+Ky1WN+gPP8p0w8+O2jdwGhxiwtDX77+HilbLh9lPlIOCv+O6DXIIy461AN\/1VgaFznAAOuF6g91qcCRHhPuyIutRIMLcftRUTfgFJZajUo+ztdbr8DWSWACEgpjCChLFmbc5\/ZokbEyiu1hK1B1OCPU\/bxY3bS\/GUuzE="} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265162664,"flow_dst_last_pkt_time":1568796265158802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796265162664,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265162664,"flow_dst_last_pkt_time":1568796265158802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796265162664,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1568796265162734,"flow_dst_last_pkt_time":1568796265158802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1568796265162734,"pkt":"xiwDYGpkxGGLNYKpCABFAAJCAABAAEAGALzAqAIRHw1WNMDQAbvb0IdKx+rPAIAYCAyE1gAAAQEICg1wnqtocroGFAMDAAEBFwMDAgPq5dxiU+XpJOXyTkDHGhxF+P8r+cTDmHS6C7PaSxO9z+v3cTmbSBNiRx5dWKPSeHOZKxg9Q4N3JkRA6iofTHFoLw1F3kCMA+3nQ7C+Z5X1dLhjQ8q9X7K7zwxP3TxeCjpmVhYbfKK88YN40oY14MasZmWgnmKmKRGFu87Q8KxPBBbd8JlkqP0Hx8vwnVFTdH9qh2ysqVCLEZ5B5gPdxaH+2CBDP4O845J+zQpC9MJGTCHkkaVdnSn360eVwI8aB\/9nxBWWo\/r1SG+g9O+vGwuFKbBoCDcBDGnA765iRTN22nnBB+ZiWM98HwEKJg\/mR9GqK+s0bdxfEfcAsSs+60qTqh0dE1hV86SS2RQ\/DHP9Skr0P\/c8ALAGd\/7DedBxhJMwjhO+yiEpH4aR9uF9MZObdbuQPE\/kOnGp8HKoWepztTlmqnwu52NR8dvA1r9xDGnwfTGd4QNoShfDncOL8sY2D9RTihxBwfBtN0bo8DkWgYy++4Gf\/16ge1CmGXy97R9nX7WGI1uOhXZ3pCTLef2UNDY5jRWIZQ0x6IOt8Ub19WcRqsLOzNUrX6Y7HWFgYdf7wgfA3GmsjmBBLdF1zMixD9fbcxC2QIn8uQOaowhRcRb0sMaEIYIK3i+0Rlo93Qhi6ABoF2pO2KDdliqXqqDkvrKu7mNFNBTIq89smWsWYJwuPA=="} 01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1568796265162908,"flow_dst_last_pkt_time":1568796265159201,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1568796265162908,"pkt":"xiwDYGpkxGGLNYKpCABFAAHIAABAAEAGATbAqAIRHw1WNMDRAbs6ii8bgLM6YIAYCAxkcwAAAQEICg1wnqxsGJ0PFgMBAY8BAAGLAwOAqhQQeNECe\/+9\/hWEsCUXoBmc17WJwpN6Dv+uZppp4CCxDRGsDttILxCLJQMyNqEqreyralyMGp7g0Opm0yvFgwAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgDflfr8Yn3nqwAFG2UPszT201MszUPsD3TkZS35zQnVoADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAK4AiQCDk7JELb9TNLP0bj9gRMRkOJvPqRKtoboU\/jiXhirj8KoAAAAA0R83NY2xlS21RB+Ky1WN+gPP8p0w8+O2jdwGhxiwtDX77+HilbLh9lPlIOCv+O6DXIIy461AN\/1VgaFznAAOuF6g91qcCRHhPuyIutRIMLcftRUTfgFJZajUo+ztdbr8DWSXACEgUIntR5IHbn7YSyVV4jLlbmIrJs0jkHe7vUfeBcNmXco="} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265162908,"flow_dst_last_pkt_time":1568796265159201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796265162908,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265162908,"flow_dst_last_pkt_time":1568796265159201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796265162908,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1568796265163365,"flow_dst_last_pkt_time":1568796265159201,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1568796265163365,"pkt":"xiwDYGpkxGGLNYKpCABFAAJCAABAAEAGALzAqAIRHw1WNMDRAbs6ijCvgLM6YIAYCAw4cgAAAQEICg1wnqxsGJ0PFAMDAAEBFwMDAgNo3PMGBE3Uy7mxkQeoZAJTCt\/t5mahCav99zTkK60ANTi+qGC30\/CXHNXA43ZPIq7\/C8M0ztacgfWPQTZMeHj28d+rHdUOBleRXFAAr12VCclSZPY11daZ7KPyEgGZ1WfWSKHMsGqUqVO9ISzL9tqh0xQi2oegbTDcvXAEaEeixyc7iE\/5Fbfdm2zGSkEoYdL8VOMoTV5Fq6WPjUf3uU0vQaabxg+nUWJATEYIamAT4GZ3pXch4q0Pzta37XFFiNMjS9UwN+uf\/W0VKBeUeWGMENVCs+41kjAjNqhNA7OfvACTE5Oe+EDw3SyWrtv2H+tuBRZlWOstBndp0uXzEtziTTvaW56JowDlFZSKZhr2YrXphECVIbTUjw1e3xB2U8ZXoCyUpn7KM6E36TKhlSct49iYusL+24jY\/PlEgf33kx8t\/PfC+6\/SSu\/dfiM6b+kqTUwfBrh39j9f4gYAdXaMfaJYEoLOjAFRa9RvR7Vc1i\/9QTr6DBNO5geRmghq+lJPdQsftLL4yiZTtBTj+OyJQ+uaUvyImw8J3xyAmoT8+rJ3HDj74zCanSiyVtZOpN9wGncTMVd6u26hqRxKasSy5t3bDDXyPWVlSvqe6TG0IgEdl7\/lgVcyv9nm82si\/V1YhXj4nvJRWMnZnYXuWFehOLEv3hLdjMFgwTI+1\/aCR\/7VBg=="} -01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265162734,"flow_dst_last_pkt_time":1568796265175583,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796265175583,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} -01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265163365,"flow_dst_last_pkt_time":1568796265176036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796265176036,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265162734,"flow_dst_last_pkt_time":1568796265175583,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796265175583,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265163365,"flow_dst_last_pkt_time":1568796265176036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796265176036,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com","domainame":"scontent-mxp1-1.cdninstagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":735,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796265194500,"flow_dst_last_pkt_time":1568796265280665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2170,"flow_dst_tot_l4_payload_len":10887,"midstream":0,"thread_ts_usec":1568796265280665,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":691785.6,"max":10469815,"stddev":2560795.0,"var":6557671096320.0,"ent":1.2,"data": [11096,12433,1241,548,13252,614,103,14204,568,14367,12466,169576,258,200,98,307,55,169,229,6,169709,106,1819,218,113,542,10413415,52212,10469815,9752,75862]},"pktlen": {"min":52,"avg":460.7,"max":1440,"stddev":528.6,"var":279392.3,"ent":4.1,"data": [64,60,52,471,649,52,52,274,52,136,230,52,825,1440,1440,1440,1440,1440,628,1440,86,52,52,52,52,52,52,587,587,52,52,828]},"bins": {"c_to_s": [10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1],"entropies": [4.215376377,5.115063667,4.860988617,7.062851906,7.630533695,5.014835358,4.976373672,6.836615562,4.884933949,6.378606796,7.007258415,4.822527409,7.742178440,7.852344990,7.873802185,7.849394321,7.865141869,7.857724190,7.720446110,7.850056171,5.757548332,4.976373672,4.976373672,4.937912464,4.937911987,4.899450779,4.976373672,7.590856075,7.594714642,5.053297043,5.053297043,7.784784317]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253816628,"flow_dst_last_pkt_time":1568796253816389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":498,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":784,"flow_dst_tot_l4_payload_len":3925,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01037{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":63,"flow_dst_packets_processed":81,"flow_first_seen":1568796254514906,"flow_src_last_pkt_time":1568796268054084,"flow_dst_last_pkt_time":1568796268052355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2170,"flow_dst_tot_l4_payload_len":95612,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"scontent-mxp1-1.cdninstagram.com"}} @@ -296,7 +296,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254552721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":932,"flow_dst_tot_l4_payload_len":2243,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265177487,"flow_dst_last_pkt_time":1568796265178429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":6430,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265178757,"flow_dst_last_pkt_time":1568796265176036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":847,"packets-processed":846,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":299,"global_ts_usec":1568796268054084} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":847,"packets-processed":846,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":299,"global_ts_usec":1568796268054084} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 847/846 ~~ skipped flows.............: 0 @@ -305,9 +305,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7255728 bytes -~~ total memory freed........: 7255728 bytes -~~ total allocations/frees...: 115553/115553 +~~ total memory allocated....: 7833506 bytes +~~ total memory freed........: 7833506 bytes +~~ total allocations/frees...: 127291/127291 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2493 chars diff --git a/test/results/default/ip_fragmented_garbage.pcap.out b/test/results/default/ip_fragmented_garbage.pcap.out index 44566c640..33f9e99e8 100644 --- a/test/results/default/ip_fragmented_garbage.pcap.out +++ b/test/results/default/ip_fragmented_garbage.pcap.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244024697756,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} 00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697792,"packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697792} @@ -48,7 +48,7 @@ 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00873{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025001741,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025001741,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1252,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1534244025612419} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1252,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1534244025612419} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1252/4 ~~ skipped flows.............: 0 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914757 bytes -~~ total memory freed........: 6914757 bytes -~~ total allocations/frees...: 114170/114170 +~~ total memory allocated....: 7492353 bytes +~~ total memory freed........: 7492353 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 333 chars ~~ json message max len.......: 878 chars diff --git a/test/results/default/iphone.pcap.out b/test/results/default/iphone.pcap.out index 312ac0ce7..346f2f1b5 100644 --- a/test/results/default/iphone.pcap.out +++ b/test/results/default/iphone.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_usec":1582454552576659,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -102,13 +102,13 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598252419,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598402840,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598404960,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598404960,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598405072,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqn\/AqAIREfi5jMWPAbsN6rbVpgxzC4AYBAuh0wAAAQEIChHf52v26Z7FFgMBAgABAAH8AwN8\/m8PXyQO32u1iV6RcZDnMbTrrPixNIjOuJcPKyu2YCAqbhRZg6XgGUsXaOUau6tuuVwQheEDrsOtyWvnbE4KuAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAAB0AGwAAGHAyNi1mbWZtb2JpbGUuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAqltozl1XctQvleGh0N7IIp3TCS7HFVxwjJhj0\/2bbZgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598405072,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598405072,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598377826,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598412214,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1582454598412843,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="} 01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598373077,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1582454598412843,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"mesu.apple.com","domainame":"mesu.apple.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.105.202,ttl=15","17.253.53.203,ttl=15"]}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598413932,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598413932,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598414051,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598416547,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598416547,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598418108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598418108,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -116,7 +116,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598387073,"flow_dst_last_pkt_time":1582454598426588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598426588,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598385187,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598427688,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598447691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598447691,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598453979,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598459069,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598542807,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598542807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598542807,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -127,28 +127,28 @@ 01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598387073,"flow_src_last_pkt_time":1582454598545135,"flow_dst_last_pkt_time":1582454598426588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":131,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598545135,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","proto_id":"7.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"captive.apple.com","domainame":"captive.apple.com","http": {"url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598545149,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598545149,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598545339,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGYlTAqAIREYICLsWRAbsZOusY368Fo4AYBAtvbAAAAQEIChHf5\/C1T9HeFgMBAgABAAH8AwM6mEOdusbq\/ybUNBuomqShrPK58qj3XjuDYY2EHh6A2yDTYkCcwL+VPEDok15qjRZu79\/9di6dUR8br4F4StJmaAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABsAGQAAFmdzcDg1LXNzbC5scy5hcHBsZS5jb20AFwAAACMAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIN+r0D4xweI5p++PFWedre1z33L6xxisP0vyRpUTwaJfAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598545339,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598545339,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598546213,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598546213,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598546273,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWTAbsyJO8WaVjUYYAYBAtPcwAAAQEIChHf5\/cAH8DDFgMBAgABAAH8AwOBTBzeu5w1Vp+4geGIpFJ17FWadQ3l1s5HLAc6L2e5gyD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zswA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIPp0HJk26NqhkuEuWSOpHU2lL9tl\/4KvwEcCcIghS34tAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546273,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546273,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598546318,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598546318,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598546492,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWSAbt\/OqmN8vqp6oAYBAvCpQAAAQEIChHf5\/iK\/qiVFgMBAgABAAH8AwOL0zmb\/pU6qAogKIFd\/Y4fHsvdGFAF8ZjXl6m9+L0uvyBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGFNND5R7cze3Z4nraCyXLPxW4F9FRO9m0bNnjdxh\/Y+AC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546492,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546492,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598556458,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598556458,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0f0MAADEGfEMR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6uuGQAAAQEICvbpn14R3+dr"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598558094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598558094,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03561{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598559758,"flow_dst_last_pkt_time":1582454598568201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454598568201,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598558094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598558094,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03520{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598559758,"flow_dst_last_pkt_time":1582454598568201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454598568201,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2","blocks":0}}} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598582484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_usec":1582454598582484,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="} 01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598542807,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598582484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1582454598582484,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","proto_id":"5.143","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.248.176.75,ttl=34","17.248.177.133,ttl=34","17.248.176.40,ttl=34","17.248.176.141,ttl=34"]}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598584084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598584084,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0nTYAADIGrQ0R\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVURAAAAQEICgAfwUQR3+f3"} -01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598584601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598584601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598584601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598584601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598545135,"flow_dst_last_pkt_time":1582454598585123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598585123,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jIAADIGTBER\/WnKwKgCEQBQwACbtSzOLJXrtYAQAHVahwAAAQEICh00JSQR3+fp"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598587648,"flow_dst_last_pkt_time":1582454598587648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598587648,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598587648,"flow_dst_last_pkt_time":1582454598587648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598587648,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598589226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598589226,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06hUAADIGyEURggIuwKgCEQG7xZHfrwWjGTrtHYAQAANrugAAAQEICrVP0n8R3+fw"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598590442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598590442,"pkt":"xGGLNYKpxiwDYGpkCABFAAA00AIAADIGekER\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHV62AAAAQEICor+qRgR3+f4"} -01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598590958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598590958,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598592070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01659{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3606,"midstream":0,"thread_ts_usec":1582454598592156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51","blocks":0}}} +01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598590958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598590958,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598592070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01618{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3606,"midstream":0,"thread_ts_usec":1582454598592156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","server_names":"*.ls.apple.com","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598587648,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598621600,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598713167,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598713167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598713167,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598713167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598713167,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="} @@ -178,7 +178,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598721885,"flow_dst_last_pkt_time":1582454598721885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598721885,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598723398,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598723398,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598723584,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WUAbuGKOrEAHfVYYAYBAvpygAAAQEIChHf6IhbEwd4FgMBAgABAAH8AwMzFRfGYqEP+F2R9Wbx8vDWDUZY+c8QBvM8\/0aM\/WEb9iAqPOeRwqVGvKjyGH\/94GF\/v\/oQUTEAuuxnTPPcBfvphwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACDRnQWWCbYOcip82sNQrIRN4GlIi3Ilb2X7z1S+9ioubgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598723584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598723584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598755439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1582454598755439,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="} 01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713167,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598755439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1582454598755439,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","proto_id":"5.143","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.icloud.com","domainame":"www.icloud.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["23.45.74.46,ttl=24"]}}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713214,"flow_dst_last_pkt_time":1582454598756296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":1582454598756296,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="} @@ -190,7 +190,7 @@ 01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713473,"flow_src_last_pkt_time":1582454598713473,"flow_dst_last_pkt_time":1582454598758732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1582454598758732,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"bag.itunes.apple.com","domainame":"bag.itunes.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["95.101.24.53,ttl=23"]}}} 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713711,"flow_dst_last_pkt_time":1582454598758813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":1582454598758813,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="} 01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713711,"flow_src_last_pkt_time":1582454598713711,"flow_dst_last_pkt_time":1582454598758813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1582454598758813,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"bag.itunes.apple.com","domainame":"bag.itunes.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["95.101.24.53,ttl=23"]}}} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598759177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598759177,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598759177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598759177,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713833,"flow_dst_last_pkt_time":1582454598759486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1582454598759486,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"} 01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713833,"flow_src_last_pkt_time":1582454598713833,"flow_dst_last_pkt_time":1582454598759486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1582454598759486,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"init.itunes.apple.com","domainame":"init.itunes.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["95.101.24.53,ttl=27"]}}} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713588,"flow_dst_last_pkt_time":1582454598760578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1582454598760578,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="} @@ -199,7 +199,7 @@ 01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713413,"flow_src_last_pkt_time":1582454598713413,"flow_dst_last_pkt_time":1582454598760726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":170,"midstream":0,"thread_ts_usec":1582454598760726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"cl4.apple.com","domainame":"cl4.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["104.73.61.30,ttl=15"]}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598766077,"flow_dst_last_pkt_time":1582454598766077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598766077,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598766077,"flow_dst_last_pkt_time":1582454598766077,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598766077,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"} -01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598768102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454598768102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} +01700{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598768102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454598768102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598766077,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598801586,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598721885,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598867837,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598885958,"flow_src_last_pkt_time":1582454598885958,"flow_dst_last_pkt_time":1582454598885958,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598885958,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -212,21 +212,21 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598888448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598888448,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598888916,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598888916,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598889102,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598892865,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598892865,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598893224,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598893224,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598893224,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598925453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598925453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"} -01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598926741,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598934682,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598934682,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598934804,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598972842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598972842,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"} -01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599039138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599039138,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599041842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599041842,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -04040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599054383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454599054383,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599041842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599041842,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03999{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599054383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454599054383,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F","blocks":0}}} 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599054579,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599054579,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1582454599054579,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"} 00887{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599054579,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599054579,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -246,10 +246,10 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599225110,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599259226,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1582454599261184,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599261184,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454599261304,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WYAbuypew79Fp1GIAYBAuhcQAAAQEIChHf6p1bEwn1FgMBAgABAAH8AwOqol5kmYHgPoq84\/\/Da6\/5UhNT\/nZAKlLwtuCLeOmg2yA8i7r3+6nZyxj+LpdSSvhjZQ\/dp+uNkXD86w44FnW6iwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACADkr8qMij58U130ShRmVJ57YHqBPAcvleuo4UFzSZLegAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599261304,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599261304,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599293969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599293969,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0rPkAAC4GWs4R+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6u6vgAAAQEIClsTChkR3+qd"} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599295578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599295578,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599297969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599297969,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599295578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599295578,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01700{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599297969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599297969,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599396067,"flow_dst_last_pkt_time":1582454599396067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599396067,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599396067,"flow_dst_last_pkt_time":1582454599396067,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454599396067,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599396209,"flow_dst_last_pkt_time":1582454598373420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1582454599396209,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"} @@ -258,19 +258,19 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599396067,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599585460,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1582454599602893,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599602893,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454599603102,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGvlfAqAIREYmmI8WZAbu9h96y\/4UcMIAYBAvDAwAAAQEIChHf7BTKEDlZFgMBAgABAAH8AwMQmWdlc9Dfkc1LTp0B8prq1RD11s0EClXeRC7LPUuboSA7ltXQId7DryBOaTjcsMFd7i63qypbauhtrKXc6bkI8wA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWdzYS5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAALAAkIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgrVr\/fu0h15DcdosIeP8S9EdnaZyYtU\/hcTn61FxtjHIALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599603102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599603102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599740262,"flow_dst_last_pkt_time":1582454599740262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599740262,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599740262,"flow_dst_last_pkt_time":1582454599740262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454599740262,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599740262,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599774111,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1582454599776186,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599776186,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454599776389,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WaAbsCzUbEtxQHi4AYBAtFmAAAAQEIChHf7JhbEwv6FgMBAgABAAH8AwNJX\/Eg20C+2ys6T03zkHgGLiGZXi9UmQqJ4J0DwpXX4SAQcYer1CdJmG86iQRBRTj9FNUOUTD+JW73wsBQqImhngA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAWHeLk31ojbBM2sakys3+a3F5WQLHPz5v8kP2YwKoSSAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599776389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599776389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599791465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599791465,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0JhcAACsG70cRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEF4nwAAAQEICsoQOigR3+wU"} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599793104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599793104,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599794234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1582454599794234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6","blocks":0}}} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599793104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599793104,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01590{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599794234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1582454599794234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","server_names":"gsas.apple.com,gsa.apple.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599810214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599810214,"pkt":"xGGLNYKpxiwDYGpkCABFAAA03G4AAC0GLFkR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6u24QAAAQEIClsTDB0R3+yY"} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599811781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599811781,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599814156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599814156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599811781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599811781,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01700{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599814156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599814156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599929249,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599929249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599929249,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599929249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1582454599929249,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} 01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599929249,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599929249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599929249,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -282,9 +282,9 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599934729,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599967985,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600080813,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600080813,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600080888,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600115292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600115292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454600252426,"flow_dst_last_pkt_time":1582454600287478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2233,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1582454600287478,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":67409.2,"max":654765,"stddev":146324.1,"var":21410738176.0,"ent":2.9,"data": [34116,36074,120,34743,1609,104,2287,55,140235,397,7279,143339,13,33865,58,1492,19,11,252,423,44,150,34850,6,1213,30,128241,155238,167955,510701,654765]},"pktlen": {"min":40,"avg":299.4,"max":1492,"stddev":449.8,"var":202280.4,"ent":3.8,"data": [64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52]},"bins": {"c_to_s": [9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1],"entropies": [4.410132408,5.160978794,5.101186275,4.520410061,5.142373085,6.747455597,7.544580936,7.534257412,7.316954136,4.932822704,5.009746075,6.044896126,5.671187878,6.038887501,4.985801220,5.024262905,5.722696304,5.781558990,5.543742657,7.804463387,5.504428864,7.447539806,5.482206821,4.932822704,5.457657814,4.988526344,4.974009514,4.894361019,7.697007179,5.009746075,4.521928787,5.089394093]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600290030,"flow_dst_last_pkt_time":1582454600371223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":5165,"midstream":0,"thread_ts_usec":1582454600371223,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25541.8,"max":147307,"stddev":44603.2,"var":1989448704.0,"ent":3.2,"data": [33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566]},"pktlen": {"min":52,"avg":322.1,"max":1492,"stddev":461.1,"var":212650.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1],"entropies": [4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 02207{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454600432880,"flow_dst_last_pkt_time":1582454600398737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":13211,"flow_dst_tot_l4_payload_len":8177,"midstream":0,"thread_ts_usec":1582454600432880,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":109285.4,"max":803512,"stddev":185220.7,"var":34306707456.0,"ent":3.4,"data": [145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245]},"pktlen": {"min":52,"avg":721.0,"max":1492,"stddev":667.3,"var":445284.8,"ent":4.3,"data": [64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492]},"bins": {"c_to_s": [8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0],"entropies": [4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -298,9 +298,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1582454600508065,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454600541627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600545275,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600545275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600545389,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600579000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600579000,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1582454553219847,"flow_src_last_pkt_time":1582454596366527,"flow_dst_last_pkt_time":1582454553219847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454595354441,"flow_src_last_pkt_time":1582454595354441,"flow_dst_last_pkt_time":1582454595354441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454556158287,"flow_src_last_pkt_time":1582454586170857,"flow_dst_last_pkt_time":1582454556158287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -353,7 +353,7 @@ 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585624880,"flow_src_last_pkt_time":1582454585624880,"flow_dst_last_pkt_time":1582454585624880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585625038,"flow_src_last_pkt_time":1582454585625038,"flow_dst_last_pkt_time":1582454585625038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454600252093,"flow_dst_last_pkt_time":1582454600443725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3842,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 ~~ skipped flows.............: 0 @@ -362,10 +362,10 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7564852 bytes -~~ total memory freed........: 7564852 bytes -~~ total allocations/frees...: 115493/115493 +~~ total memory allocated....: 8142466 bytes +~~ total memory freed........: 8142466 bytes +~~ total allocations/frees...: 127225/127225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars -~~ json message max len.......: 4045 chars -~~ json message avg len.......: 2286 chars +~~ json message max len.......: 4004 chars +~~ json message avg len.......: 2266 chars diff --git a/test/results/default/ipp.pcap.out b/test/results/default/ipp.pcap.out index e56a13428..2a949d454 100644 --- a/test/results/default/ipp.pcap.out +++ b/test/results/default/ipp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1210953938216729} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1210953938216729} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938217203,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217203,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217778,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="} @@ -25,7 +25,7 @@ 01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938237615,"flow_dst_last_pkt_time":1210953938237601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":430,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}} 01258{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":84,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953939433071,"flow_dst_last_pkt_time":1210953939433061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":201,"flow_src_tot_l4_payload_len":227621,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}} 01253{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939492942,"flow_dst_last_pkt_time":1210953939492928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":267,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":279,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1210953939492942} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":279,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1210953939492942} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 279/277 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920682 bytes -~~ total memory freed........: 6920682 bytes -~~ total allocations/frees...: 114451/114451 +~~ total memory allocated....: 7498377 bytes +~~ total memory freed........: 7498377 bytes +~~ total allocations/frees...: 126188/126188 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2430 chars diff --git a/test/results/default/ipsec_isakmp_esp.pcap.out b/test/results/default/ipsec_isakmp_esp.pcap.out index 35383d22c..89fa37f14 100644 --- a/test/results/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/default/ipsec_isakmp_esp.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946744635161000} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946744635161000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_usec":946744635161000,"pkt":"eJS0JASgYDjgxTWgCABFAANMRLRAAD8RBzLAqAJkbe27wTikEZQDOKGBAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAQAAAywjAAMQxP+M24ss5zxVviUOnYt8V91Yfad7H5TKYI1AzQJmVQ1775vqK4lAOGdGsvlvOkX2Namze+gxnoVLyUAsp8SwHxJQwtql3LAOZXSDDfTnjzJHUODCqYiBpOt6uikxP095kw8q3tMwzSSPxcuj7XnW6PzRBCGEtG5neD4sVk+l1JkUVcikyt4uOcC\/FA8QvmxhLpkegjtMpjAsxLE3vpMBtiZj+zT0jhYqc9k6vSPwaeAn85HWGyImbG4DzrmeTU5UQgHG42GPzTrJc4WLmObte9S00AsQVQ9A9LBK7HPddpmzlyoydy05a7OrcGa87mSenEZtlJg6Srp22ovHxgUAaNXH5mPObtMfqQ\/ZO07eMESAHqJ0a5Gd6IHROQKUZIGLAHdP0GpNPOgz2hcQhC5MCG8SlPoyqs7YHAhIq7dkn82ncfrQg5LG4rFBalatIKS6za3YCBaUd6HgjP76noPl8Do6aqlBwL8fyDSwzzm05t4rCUJTqDfHbdLklbf0nPbCgstxAP6c4hbiTTjn\/qk7utZRt9YQcbWpqDJcanmCdmb1nL0mJbhqNJKT0laV1UV3x3fjRglRQgmAhhs2hUSJo0d4NihfES7R2EorTgVqgQI4yo5XdLXhVuIgKP4Ku8zRjlfJmEVoLMy3a7RLdjn6RWIc0T1R9cczYK8i8MjgqoZquR76DAlISwr878UZk6Dw9jKHBkUClj00siMfCWOzBAbTMxpNKDHfy5dB\/OC4DjkU8Jx5Ww4kZ1bGo0YToz8QCnkfhb905KjwaC0BtYJKhTYqKepBpdMk1ABAYnlGAgpGml\/BnBm2gK1KR+5V00l\/SciWQJHFxEldf+2DOoJtw884NKtF1vFW7EhPfWqLyLXCFeo6LZks4jdktwG9EUQtt4BLPuvVyXAU3LtPeLt60tAwN\/SuEqqQh6CheihsGUzntaWNdK9vF\/rZwhofpjFdB6Jch8YOvyjSwYpP+j6pyZmT7Nw0n6FlxB2xOH4XiWJP3RrVBIW46wWavhUPTR1GC0LhX7Jubx5eaacA"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -16,13 +16,13 @@ 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946744683923000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946744683923000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkUf9AAD8R+g7AqAJkbe27wSkEAfQDEIC\/ptvAsDZxz3MAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKPdYigCp+92KcKsuEXZlhnHEhuifLSZc8ZATBK6Am\/FFkwLlLxi01\/su8846WqabjAARNRwfB5z5193Pwphmzmp266RnBoUl\/3pz4mlU\/n9muh+gHNxHK+YFKeysDnwZmLXN750iFjSq5jxx6VyhfOwRA8rRoUTc\/7ouz932qxpKQAAJLQ7vRlmydL+Ul7bbDT08bC8+Hw80zjeO6j+Uiw0ZsUfKQAAHAAAQAQxxY4jLA7mgVTyahplR1WBbxOGLAAAABwAAEAFT\/jiVZwITEymCyywlo+4FnUs+\/Q="} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946744683965000,"flow_dst_last_pkt_time":946744683994000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744638478000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":946745300340000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":946745300340000} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745300381000,"flow_dst_last_pkt_time":946745300411000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745301909000,"flow_dst_last_pkt_time":946745301906000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":11540,"flow_dst_tot_l4_payload_len":3360,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 02243{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745723299000,"flow_dst_last_pkt_time":946745723443000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":12356,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":946745723443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":70207096.0,"max":662067000,"stddev":185660096.0,"var":34469670203424768.0,"ent":2.0,"data": [122000,677000,771000,222000,34000,2372000,0,1000,23000,2387000,0,0,22000,24000,661960000,662067000,681000,743000,195000,34000,407000,0,0,421000,0,4000,138000,188000,12771000,421390000,408766000]},"pktlen": {"min":108,"avg":528.1,"max":1360,"stddev":468.7,"var":219671.5,"ent":4.5,"data": [844,236,140,108,124,444,1360,1360,928,1360,160,160,160,928,160,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236]},"bins": {"c_to_s": [0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0],"s_to_c": [0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1],"entropies": [7.741627216,6.965078831,6.116603374,5.779674053,6.059063911,7.410885334,7.860165119,7.863566875,7.772638798,7.854592800,6.636003017,6.657938480,6.612657070,7.764769077,6.596687317,7.754736900,6.881987095,6.222157478,5.801217556,6.004589081,7.442288876,7.852550507,7.852631569,7.794322968,6.638905048,6.506283283,6.772091866,7.817639828,6.695438385,5.748310089,7.756398201,6.820323944]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745725650000,"flow_dst_last_pkt_time":946745725647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":16260,"flow_dst_tot_l4_payload_len":5568,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":946747247312000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":946747247312000} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747248843000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7776,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747261671000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946747261671000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":946747358471000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946747358471000,"pkt":"eJS0JASgYDjgxTWgCABFAAMky5lAAD8RgHTAqAJkbe27wSkEAfQDENE8Xx5ARHc3sUwAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALUzPvLATEvPAmt1+v3XgV5BrU6J8VIxBpzDlj7BbeRNWAeR+8a6CYsZa06yqW3zsF6dcdKcWUe6Yw5aaNYgBvSZpq61fWVMVSdZ8vTOeYSlweaX2ssPB\/CLmB1N5ipdRNjAgrEkk9c1K4SgeaBkstUpKGoCBtx3xfTXB+gmzf1VKQAAJNNNASfat4S6z1UcMvvGsu3JcFrPuvzdGt3NKTAK0PVQKQAAHAAAQASzXyQsxaFEsHhWCH0QAz432xWiKQAAABwAAEAFGLDWKxL5PHcyhK2S4pdCoubwZjU="} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747358511000,"flow_dst_last_pkt_time":946747358542000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":946748116878000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":946748116878000} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748252067000,"flow_dst_last_pkt_time":946748252067000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946748252067000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -61,11 +61,11 @@ 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":946748298621000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946748298621000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk81pAAD8RWLHAqAJkbe27wykEAfQDEL4wXlzqAsgd3NEAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAABGkLDJYlvimMVikZIJao0l8nDn5kMqeV19l95wHRHg9qC4yVoqQEAO1wxZCuFKvX1LBIU3s3wsGe2N4evBpjao\/Pny14kuwEp6ydRCF3auK2xgcGKEllo4hRl7tYj+cK0SHIn+CMGzAqT3kd2PlYpMZaQJfJG+3Ev+EkkpdUOoeKQAAJP6NnJfRkTTcKCv\/VqdU4oNffpYomKHKD1rwmiNSWBc0KQAAHAAAQATpeanOKc+14oR62Hrez\/POQ4Wy9QAAABwAAEAF\/Ci4af9LO9\/uVfyqcmROV6J9p6c="} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748253414000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":127,"packets-processed":126,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":946748870137000} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":127,"packets-processed":126,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":946748870137000} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748266345000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748871538000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":946749778334000} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":946749778334000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946749778334000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk5zNAAD8RZNnAqAJkbe27wikEAfQDEPyMUUmluBAEMEQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -81,13 +81,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":946749779343000,"flow_dst_last_pkt_time":946749779338000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946749779343000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8539AAD8RZzXAqAJkbe27wjikEZQAaLvWAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAwAAAFwnAABAaLDB2lNfq5sjiritMiyPVcJ5MmrNl4SJCasAkAUouZiTrZ8tDkbm1r1Trbr79D49MfumEFkLpOp1YiWs"} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748884718000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":946750800427000} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":946750800427000} 01562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946749778401000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946750802633000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkr8NAAD8RnEnAqAJkbe27wikEAfQDELXOkEkalVBl\/K0AAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAPyiRqRb\/A0IFjOXjhDiq5RFCImpZ68NNwcQxBZvgJzrKNK3+3xuRAJ7jQNQpEgz+2L\/Td5c14rGxSZM6w9sUYgwqqMGXpA72jiv\/4czuKxD6SbMc+8pGVZ\/1CSN9hccLjaN\/KNarwgaRjmkaTYnGsewHe4MLp6coknVTYnEyT2TKQAAJEJGvKF8VnGtvSnxxMrOeTU3kL1E+nVj3FJ6ZUXX52S9KQAAHAAAQATEmVA1Ayed3Mzf6OPwNFqxXeNCkgAAABwAAEAFVSBGs\/2jTbJ\/AAS7m7ud3qwGOy8="} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802633000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750900940000,"flow_dst_last_pkt_time":946750900970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":188,"packets-processed":187,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":946752053636000} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":188,"packets-processed":187,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":946752053636000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946752053636000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkWWVAAD8R8ojAqAJkbe274SkEAfQDENTXeUX3Y1A5a1kAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -118,11 +118,11 @@ 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":946752615801000,"flow_dst_last_pkt_time":946752615796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946752615801000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8YjtAAD8R7LjAqAJkbe27gzikEZQAaKKDAAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAwAAAFwnAABAYgQABklwqk19f3RLLUrXcdZeQThgHvokOw7ZgiIiV+xRm\/Vegbdr0vddHFArr2AxvmIdMXYfOPpikICD"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053676000,"flow_dst_last_pkt_time":946752053697000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":1576,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946752053740000,"flow_src_last_pkt_time":946752055364000,"flow_dst_last_pkt_time":946752068592000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":946753056378000} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":946753056378000} 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":946753056378000,"flow_dst_last_pkt_time":946752614899000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946753056378000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk4A9AAD8RbDzAqAJkbe27gykEAfQDEL8VqoLIT\/EzCLAAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAOdvu1j09owjt9UvseK9VIuxoPZR\/bYWO5S4TN7oD3jev443nVodeHch6RFayzZEki5emMomRCrgNFuvlRgaeRpHEemxNYFdAWJKFtbMtNDl30\/geXBa5nSc5USTy9ixtngfOPCaTM957Vt8FfYS+xLvKJ1ZIlggi4aea4oqGzEWKQAAJB64swUSkLQn4x1pHHMTfvky6JcWpGBjhuSQsyO5UHP2KQAAHAAAQATXS05uAu8\/AgvnrnqUJli+KXDKcwAAABwAAEAFE4a6Haq4k5w5SGwuMbDqbj1ZWRI="} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753058095000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":245,"packets-processed":244,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":946756085796000} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":245,"packets-processed":244,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":125,"global_ts_usec":946756085796000} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_usec":946756085796000,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAuBAAP0RjIXAqAJkbe27wasjEZQBuEiAAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAQAAAawjAAGQQF79b6huHtPKErITdIUO\/QjlpSHswO\/9ioYhBnLYsJUoIUmfnUpBr3Po\/OdJJVNMepzAOvSeggL2pjZTj9dKmnR3\/PM3fhBDF8NcMDQbBXvC7QxTKJZTnUfkk881X5a\/g77eRsDByk24BKRFupHgXm9JxMuUqz9AuVOnm4NBfwKTMVXjUNEQtkAzVuhsDcyqKusYnJ81cfYdIk5LwLgUQczUBvlDCka3OorgvxScDCOZppjI661UpcnKSAOl10AUzitOXX4Sf1q4\/2+eSwMmz9NIx5gR4C8OsKHWrS46IlJialinycMwsZsTGmE66+bCHIal8y8Ar1mZux6G9skkXM0\/xDcT8HX0NJm3xHn4rYAEy6+FVyThDICTkGOQ8\/OGbAHfatyTPGmM7gUHR\/CIqk2d\/5qVY\/q+N89fy1rlbMoNv1B8muSwUse4B1yQM9+HJ7F8cmircdWKEpZAIvPkrObfa2jQuXUNlIRVLPokutIPku+Rs972Lm4Ub8AH5EGOnNdgwZBbtxuUUUg4"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -139,7 +139,7 @@ 01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":946756088542000,"flow_dst_last_pkt_time":946756088542000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":946756088542000,"pkt":"eJS0JASgYDjgxTWgCABFAAHsAt5AAP0RjGfAqAJkbe27wasjAfQB2PjuV1VaYDODcC0AAAAAAAAAACEgIggAAAAAAAAB0CIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAA4DAAAIBAAABQAAAAgEAAACKAABCAAOAAASaTFF62fUXHpfs421Rj\/gYaPc2AkWEe7D1IKcm3l6qaEq6h066W69gZ+A399DYsfZndmEGgax9bhjEGbDeL91KQ5kk8G\/ZkID33MXl58dgACMQOV2mwGoscE8xtRB+E32RcQuG7Nonwhc00cnnFpxVz54FULdUSbtCVV\/NJupUcqjc6oaj9SBnERU6TDP8ODv30ZRO8RPNYMJ\/Ci\/se1NSrmxSgCJbX4M7XFLRP+h1qNGc6gcZZyTDUYfAjaqE5Mcwoz2lDCUcBdmnuShzdw+sjHtwCatv+tdhBkIHppgjI3v+rdOmcf6h4xWdhiO2fobg7Zsnzmo+WEBgaX0p7s5KQAAGFc4NCc5\/VYp3Uji1ua\/t8i0d0i9KQAAHAAAQARFpSuayCZd17VHTR3uyF2NADufcwAAABwAAEAFsrc\/ZzzlOYJlIxNu77WxSEj0O24="} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753071332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":142,"global_ts_usec":946763512822000} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":142,"global_ts_usec":946763512822000} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946763512822000,"pkt":"eJS0JASgYDjgxTWgCABFAAMktR9AAD8Rly7AqAJkbe27gSkEAfQDENJ58zGl\/JiX39YAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -318,7 +318,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":33,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":18700,"flow_dst_tot_l4_payload_len":13920,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946763512920000,"flow_src_last_pkt_time":946763514604000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":834,"packets-processed":834,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":416694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":321,"global_ts_usec":946763527783000} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":834,"packets-processed":834,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":416694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":321,"global_ts_usec":946763527783000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 834/834 ~~ skipped flows.............: 0 @@ -327,9 +327,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7015193 bytes -~~ total memory freed........: 7015193 bytes -~~ total allocations/frees...: 115359/115359 +~~ total memory allocated....: 7592789 bytes +~~ total memory freed........: 7592789 bytes +~~ total allocations/frees...: 127090/127090 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 573 chars ~~ json message max len.......: 2248 chars diff --git a/test/results/default/ipv6_in_gtp.pcap.out b/test/results/default/ipv6_in_gtp.pcap.out index 5b6c6ca4c..02c51acc2 100644 --- a/test/results/default/ipv6_in_gtp.pcap.out +++ b/test/results/default/ipv6_in_gtp.pcap.out @@ -1,11 +1,11 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536839120404326} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536839120404326} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536839120404326,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536839120404326} 00500{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1536840494424533} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5,"global_ts_usec":1536840494424533} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536840494424533,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536840494424533} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1536840494424533} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1536840494424533} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/0 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 304 chars ~~ json message max len.......: 844 chars diff --git a/test/results/default/iqiyi.pcap.out b/test/results/default/iqiyi.pcap.out index 8f092595f..05d7a8727 100644 --- a/test/results/default/iqiyi.pcap.out +++ b/test/results/default/iqiyi.pcap.out @@ -1,11 +1,11 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713802717628036} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713802717628036} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713802717628036,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802717628036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713802717628036,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"116.211.199.199","src_port":50412,"dst_port":16600,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802717628036,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":163,"pkt_l4_len":143,"thread_ts_usec":1713802717628036,"pkt":"RQAAo3XeQABAEc\/4CtetAXTTx8fE7EDYAI85khxAhwBEdHF6pPgrtzAH9GsCAAAAAAAAFJfdTmBscmVis14SaQ7j4ckAAAAAAACgIYIEAQAIAAwoAQIAAAAAAAAAAAAAAAoAAQAYAAUIAAD\/\/wAAAAAAAAAAAAAAAAAAAFBQU3RyZWFtAABAHbT1QnoJAAEMwIrER+lAn7VOD3NGKPXiYWT40w=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713802717628036,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802717628036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713802717628036,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"116.211.199.199","src_port":50412,"dst_port":16600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"iQIYI","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802718068540,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":164,"pkt_l4_len":144,"thread_ts_usec":1713802718068540,"pkt":"RQAApAAAQABAEUXWdNPHxwrXrQFA2MTsAJAAAJxgiABVdRd6pPgrtzAH9BsKAAAAAAAAFJfdTmBscmVis14SaQ7j4ckAAAAAAAAUAAAAAAAAADwA\/nj\/RhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMO\/nl5WrwE="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1713802717628036,"flow_src_last_pkt_time":1713802717628036,"flow_dst_last_pkt_time":1713802718068540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1713802718068540,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"116.211.199.199","src_port":50412,"dst_port":16600,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"iQIYI","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1713802718068540} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iqiyi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1713802718068540} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 974 chars diff --git a/test/results/default/irc.pcap.out b/test/results/default/irc.pcap.out index a9a400eba..721343795 100644 --- a/test/results/default/irc.pcap.out +++ b/test/results/default/irc.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387554241634815} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387554241634815} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387554241634815,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241634815,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241665525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241665525,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} @@ -8,7 +8,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387554241665610,"flow_dst_last_pkt_time":1387554241695656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387554241695656,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"} 01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241695673,"flow_dst_last_pkt_time":1387554241695929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1387554241695929,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}} 01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554256171358,"flow_dst_last_pkt_time":1387554256201831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":6901,"midstream":0,"thread_ts_usec":1387554256201831,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387554256201831} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387554256201831} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910553 bytes -~~ total memory freed........: 6910553 bytes -~~ total allocations/frees...: 114169/114169 +~~ total memory allocated....: 7488170 bytes +~~ total memory freed........: 7488170 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 1314 chars diff --git a/test/results/default/iso9506-1-mms.pcap.out b/test/results/default/iso9506-1-mms.pcap.out index 41d29d67b..19355aeb5 100644 --- a/test/results/default/iso9506-1-mms.pcap.out +++ b/test/results/default/iso9506-1-mms.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216384411913551} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216384411913551} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411913551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216384411913551,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411913551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1216384411913551,"pkt":"AAAjBjHKABshAvedCABFAAAwHcpAAIAGunKsEABlrBDKBQVBAGaSqRQbAAAAAHAC\/\/+0KAAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411916598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1216384411916598,"pkt":"ABshAvedAAAjBjHKCABFAAAsDFVAAEAGC+ysEMoFrBAAZQBmBUFKLAn9kqkUHGASIABU9QAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1216384411916691,"flow_dst_last_pkt_time":1216384411922643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1216384411922643,"pkt":"ABshAvedAAAjBjHKCABFAAAoDFZAAEAGC++sEMoFrBAAZQBmBUFKLAn+kqkUMlAQH+5srgAAAAAAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384411923486,"flow_dst_last_pkt_time":1216384411923392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":189,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1216384411923486,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ISO9506-1-MMS","proto_id":"366","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384412526501,"flow_dst_last_pkt_time":1216384412526472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":374,"flow_dst_tot_l4_payload_len":283,"midstream":0,"thread_ts_usec":1216384412526501,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ISO9506-1-MMS","proto_id":"366","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1216384412526501} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1216384412526501} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910324 bytes -~~ total memory freed........: 6910324 bytes -~~ total allocations/frees...: 114161/114161 +~~ total memory allocated....: 7487920 bytes +~~ total memory freed........: 7487920 bytes +~~ total allocations/frees...: 125892/125892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 992 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/default/ja3_lots_of_cipher_suites.pcap.out index 137ff7616..48dedd9ea 100644 --- a/test/results/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites.pcap.out @@ -1,5 +1,5 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557818846743554} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557818846743554} 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846743554,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846743554} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="} 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846744536,"packet_id":2,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846744536} @@ -22,7 +22,7 @@ 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="} 00315{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846965822,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846965822} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1557818846965822} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1557818846965822} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/0 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 318 chars ~~ json message max len.......: 2360 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index a1ec09437..344fa28e2 100644 --- a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,5 +1,5 @@ -00637{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} +00637{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830} 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 00368{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639} 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724526501623,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724526501639,"flow_dst_last_pkt_time":1505724526702991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1160,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2974,"flow_dst_tot_l4_payload_len":2858,"midstream":0,"thread_ts_usec":1505724526702991,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} +00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908396 bytes -~~ total memory freed........: 6908396 bytes -~~ total allocations/frees...: 114164/114164 +~~ total memory allocated....: 7485992 bytes +~~ total memory freed........: 7485992 bytes +~~ total allocations/frees...: 125895/125895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 371 chars ~~ json message max len.......: 1948 chars diff --git a/test/results/default/jabber.pcap.out b/test/results/default/jabber.pcap.out index ceb49453c..6f35494bf 100644 --- a/test/results/default/jabber.pcap.out +++ b/test/results/default/jabber.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502379693992994} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502379693992994} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502379723841804,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502379723841804,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502379723841804,"pkt":"Tl6SKSKGaFs1pN2oCABFAABAZ6hAAEAGAACsEAA+rBABit8GFGbDqJX1AAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKTgMEJwAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723842248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1502379723842248,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3wagxQKCw6iV9qASOJCmRgAAAgQFtAQCCAoAGMyaTgMEJwEDAwc="} @@ -30,7 +30,7 @@ 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1502380249631374,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_usec":1502380249634488,"pkt":"aFs1pN2oTl6SKSKGCABFAAE1Pq1AAEAGoS2sEAGKrBAAPhRm3ylj1cyM0mps5oAYALXYFQAAAQEICgAg0ohOCwBMPGlxIHhtbDpsYW5nPSdlbicgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY3MteG1wcC5sYW4nIHR5cGU9J3Jlc3VsdCcgaWQ9J3B1cnBsZWRkZTgwZmRhJz48Y29tbWFuZCBzdGF0dXM9J2NvbXBsZXRlZCcgc2Vzc2lvbmlkPScyMDE3LTA4LTEwVDE1OjUxOjAxLjI1MjkxMlonIG5vZGU9J3BpbmcnIHhtbG5zPSdodHRwOi8vamFiYmVyLm9yZy9wcm90b2NvbC9jb21tYW5kcyc+PG5vdGU+UG9uZzwvbm90ZT48L2NvbW1hbmQ+PC9pcT4="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1502380249634544,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380249634544,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YMNAAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAQH+9aDwAAAQEICk4LAE8AINKI"} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1502380277582533,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1502380277582533,"pkt":"Tl6SKSKGaFs1pN2oCABFAADNNV5AAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAYIABaqAAAAQEICk4LbPsAINKIPGlxIHR5cGU9J3NldCcgaWQ9J3B1cnBsZWRkZTgwZmRiJyB0bz0ndG9tQGNzLXhtcHAubGFuL2RhcmtzdGFyJz48Y29tbWFuZCB4bWxucz0naHR0cDovL2phYmJlci5vcmcvcHJvdG9jb2wvY29tbWFuZHMnIG5vZGU9J3BpbmcnIGFjdGlvbj0nZXhlY3V0ZScvPjwvaXE+"} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":192,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1502380393542116} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":192,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1502380393542116} 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1502380213387324,"flow_src_last_pkt_time":1502380213388002,"flow_dst_last_pkt_time":1502380213388141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1502380400412342,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502380724652555,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502380724652555,"pkt":"Tl6SKSKGaFs1pN2oCABFAABA60NAAEAGAACsEAA+rBABit87FGY\/5vETAAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKThI3ywAAAAAEAgAA"} @@ -47,9 +47,9 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1502380915486271,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486271,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0E55AAEAGAACsEAA+rBABit89FGZwJ5T3nxoW8IAQH+ZaDwAAAQEICk4VHZ0AKvuW"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1502380915486274,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486274,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YBZAAEAGAACsEAA+rBABit89FGZwJ5T3nxoXaIAQH99aDwAAAQEICk4VHZ0AKvuW"} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380725074115,"flow_dst_last_pkt_time":1502380725074074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":285,"flow_src_tot_l4_payload_len":654,"flow_dst_tot_l4_payload_len":772,"midstream":0,"thread_ts_usec":1502380919392608,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":260,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1502381519875958} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":260,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1502381519875958} 02299{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381566576939,"flow_dst_last_pkt_time":1502381566616902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1086,"flow_dst_tot_l4_payload_len":2076,"midstream":1,"thread_ts_usec":1502381566616902,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":42007464.0,"max":600487770,"stddev":147104800.0,"var":21639823353708544.0,"ent":1.4,"data": [5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992]},"pktlen": {"min":52,"avg":150.8,"max":515,"stddev":117.9,"var":13893.8,"ent":4.6,"data": [291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52]},"bins": {"c_to_s": [9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [5.572191238,5.460877895,5.502878189,4.891996861,4.853535175,5.455323696,5.262341499,4.891996861,5.508277893,5.549472332,4.853535175,5.489766598,5.608968258,5.516506672,5.456765175,4.747577667,5.601363182,4.800556183,5.462725163,4.870416641,5.430274010,4.908877850,5.580210686,4.647958755,5.434380531,5.509377956,4.699688911,4.762538910,5.683691025,4.646709919,5.424290180,4.908878326]},"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":289,"packets-processed":270,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1504181789350325} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":289,"packets-processed":270,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1504181789350325} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1504181789350325,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789350325,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789365849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789365849,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} @@ -61,7 +61,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":42,"flow_first_seen":1502380175298881,"flow_src_last_pkt_time":1502380177456026,"flow_dst_last_pkt_time":1502380177455920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":611,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2785,"flow_dst_tot_l4_payload_len":11026,"midstream":0,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1502380249631374,"flow_src_last_pkt_time":1502380673059689,"flow_dst_last_pkt_time":1502380673059601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":415,"flow_src_tot_l4_payload_len":1810,"flow_dst_tot_l4_payload_len":1679,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381571702000,"flow_dst_last_pkt_time":1502381571701912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":2292,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":302,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1642668994159000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":302,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":64,"global_ts_usec":1642668994159000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642668994159000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642668994159000,"pkt":"eJS0JASgYDjgxTWgCABFAAA800FAAD8GO9vAqAJkoCzJZoWqFGdT1L5OAAAAAKAC\/\/8mUQAAAgQFtAQCCAoBJke0AAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642668994188000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnhar53fA8U9S+T2ASchBjHgAAAgQFrAAA"} @@ -70,7 +70,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642668994258000,"flow_dst_last_pkt_time":1642668994287000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642668994287000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoSzhAADQGzvigLMlmwKgCZBRnhar53fA9U9S+lFAQchB6jgAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994559000,"flow_dst_last_pkt_time":1642668994588000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642668994588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789417901,"flow_dst_last_pkt_time":1504181789418468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642669000423000,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":317,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642778258433000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":317,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642778258433000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642778258433000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642778258433000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d8hAAD8Gl1TAqAJkoCzJZpLuFGecNBm6AAAAAKAC\/\/9wIgAAAgQFtAQCCAoBEkznAAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642778258461000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnku46NBuqnDQZu2ASchBGSwAAAgQFrAAA"} @@ -79,7 +79,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1642778258489000,"flow_dst_last_pkt_time":1642778258516000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642778258516000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo48VAADQGNmugLMlmwKgCZBRnku46NBurnDQaAFAQchBduwAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258571000,"flow_dst_last_pkt_time":1642778258598000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642778258598000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642669300326000,"flow_dst_last_pkt_time":1642669300354000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1642778258609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":332,"packets-processed":313,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1643022225544000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":332,"packets-processed":313,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1643022225544000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643022225544000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643022225544000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zN5AAD8GQj7AqAJkoCzJZuQUFGd9pY4kAAAAAKAC\/\/92oQAAAgQFtAQCCAoAzZ+rAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225570000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1643022225570000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRn5BT7kgHsfaWOJWASchD3qAAAAgQFrAAA"} @@ -88,7 +88,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1643022225794000,"flow_dst_last_pkt_time":1643022225820000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1643022225820000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCxAADQGfgSgLMlmwKgCZBRn5BT7kgHtfaWOalAQchAPGQAAAAAAAAAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225968000,"flow_dst_last_pkt_time":1643022225994000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1643022225994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778652194000,"flow_dst_last_pkt_time":1642778652221000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1643022226078000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":347,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1644679789249000} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":347,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1644679789249000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644679789249000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1644679789249000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86SVAAD8GJffAqAJkoCzJZqHMFGfTtLH2AAAAAKAC\/\/\/oLAAAAgQFtAQCCAoAcfbiAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789279000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1644679789279000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnocwJMPUa07Sx92ASchC\/QwAAAgQFrAAA"} @@ -97,7 +97,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1644679789350000,"flow_dst_last_pkt_time":1644679789379000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1644679789379000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo8ipAADQGKAagLMlmwKgCZBRnocwJMPUb07SyPFAQchDWswAAAAAAAAAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789719000,"flow_dst_last_pkt_time":1644679789612000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":305,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1644679789719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022526171000,"flow_dst_last_pkt_time":1643022526197000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1644679789757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":362,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":100,"global_ts_usec":1655985683694000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":362,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":100,"global_ts_usec":1655985683694000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655985683694000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655985683694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eV5AAD8Glb7AqAJkoCzJZoUWFGfmtmUZAAAAAKAC\/\/8wrwAAAgQFtAQCCAoAZQT+AAAAAAEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683717000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655985683717000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADQGGimgLMlmwKgCZBRnhRZwZZi25rZlGnASchD1\/AAAAgQFrAEBBAI="} @@ -107,7 +107,7 @@ 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683850000,"flow_dst_last_pkt_time":1655985683872000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1655985683872000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679824897000,"flow_dst_last_pkt_time":1644679789748000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":339,"flow_dst_tot_l4_payload_len":69,"midstream":0,"thread_ts_usec":1655985690292000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985963380000,"flow_dst_last_pkt_time":1655985963406000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1655985963406000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":376,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1655985963406000} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":376,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1655985963406000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 376/358 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6969054 bytes -~~ total memory freed........: 6969054 bytes -~~ total allocations/frees...: 114640/114640 +~~ total memory allocated....: 7546650 bytes +~~ total memory freed........: 7546650 bytes +~~ total allocations/frees...: 126371/126371 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2304 chars diff --git a/test/results/default/jrmi.pcap.out b/test/results/default/jrmi.pcap.out index bf76c9c30..fc3c294ac 100644 --- a/test/results/default/jrmi.pcap.out +++ b/test/results/default/jrmi.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1718291266163791} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1718291266163791} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1718291266163791,"flow_src_last_pkt_time":1718291266163791,"flow_dst_last_pkt_time":1718291266163791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1718291266163791,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":34450,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1718291266163791,"flow_dst_last_pkt_time":1718291266163791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1718291266163791,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/GFAAEAGP1h\/AAABfwABAYaSBEv5xj3yAAAAAKAC\/9f\/MAAAAgT\/1wQCCAr\/Ca0RAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1718291266163791,"flow_dst_last_pkt_time":1718291266163822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1718291266163822,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGO7p\/AAEBfwAAAQRLhpIUECmA+cY986AS\/8v\/MAAAAgT\/1wQCCAryONNh\/wmtEQEDAwc="} @@ -8,7 +8,7 @@ 00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1718291266163791,"flow_src_last_pkt_time":1718291266174673,"flow_dst_last_pkt_time":1718291266163822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1718291266174673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":34450,"dst_port":1099,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"JRMI","proto_id":"416","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1718291266174673,"flow_dst_last_pkt_time":1718291266174736,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1718291266174736,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AI9AAEAGOzN\/AAEBfwAAAQRLhpIUECmB+cY9+oAQAgD\/KAAAAQEICvI402z\/Ca0c"} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1718291266163791,"flow_src_last_pkt_time":1718291266325817,"flow_dst_last_pkt_time":1718291266325789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":323,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1718291266325817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":34450,"dst_port":1099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"JRMI","proto_id":"416","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1718291266325817} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/jrmi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1718291266325817} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908188 bytes -~~ total memory freed........: 6908188 bytes -~~ total allocations/frees...: 114157/114157 +~~ total memory allocated....: 7485784 bytes +~~ total memory freed........: 7485784 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 961 chars diff --git a/test/results/default/jsonrpc.pcap.out b/test/results/default/jsonrpc.pcap.out index 658a609bf..b5e7e6c32 100644 --- a/test/results/default/jsonrpc.pcap.out +++ b/test/results/default/jsonrpc.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702942987672326} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702942987672326} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702942987672326,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702942987672326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702942987672326,"pkt":"AAAAAAAAAAAAAAAACABFAAA8+WJAAEAGQ1d\/AAABfwAAAY8mH5DaosURAAAAAKACggD+MAAAAgT\/1wQCCAofUODzAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672335,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702942987672335,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAR+QjyZvObaZ2qLFEqASggD+MAAAAgT\/1wQCCAofUODzH1Dg8wEDAwc="} @@ -17,7 +17,7 @@ 01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702942987682387,"flow_src_last_pkt_time":1702942987682387,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1070,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"192.168.8.251","dst_ip":"179.99.210.200","src_port":51084,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.JSON-RPC","proto_id":"7.375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"mdotti.dyndns.org","domainame":"mdotti.dyndns.org","http": {"url":"mdotti.dyndns.org\/zabbix\/jsrpc.php?output=json-rpc","code":200,"content_type":"application\/json-rpc","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/39.0.2171.95 Safari\/537.36","request_content_type":"application\/json-rpc","detected_os":"Intel Mac OS X 10_9_2"}}} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702942987672326,"flow_src_last_pkt_time":1702942987682379,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"JSON-RPC","proto_id":"375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702942987682387,"flow_src_last_pkt_time":1702942987682387,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1070,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"192.168.8.251","dst_ip":"179.99.210.200","src_port":51084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.JSON-RPC","proto_id":"7.375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"mdotti.dyndns.org"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1791,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1702942987682387} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1791,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1702942987682387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912891 bytes -~~ total memory freed........: 6912891 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7490580 bytes +~~ total memory freed........: 7490580 bytes +~~ total allocations/frees...: 125911/125911 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 1964 chars diff --git a/test/results/default/kafka.pcapng.out b/test/results/default/kafka.pcapng.out index 45a433e5c..af2960ea0 100644 --- a/test/results/default/kafka.pcapng.out +++ b/test/results/default/kafka.pcapng.out @@ -1,21 +1,21 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681844706292198} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1681844706292198} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681844706292198,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706292198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681844706292198,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":49280,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706292198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681844706292198,"pkt":"+hY+WLcoABY+cE49CABFAABNF75AAEAGuGysEBFlrB4A7cCAI4TCbO0Rtom0OoAYAepqwAAAAQEICh9sM73hRtgfAAAAFQASAAAAAACBAAdyZGthZmthAAAAAA=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681844706292198,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706292198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681844706292198,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":49280,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681844706292198,"flow_dst_last_pkt_time":1681844706319485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1681844706319485,"pkt":"ABY+cE49+hY+WLcoCABFAAGStuRAAD0GGwGsHgDtrBARZSOEwIC2ibQ6wmztKoAYgAB26gAAAQEICuFG2DwfbDO9AAABWgAAAIEAAAAAADgAAAAAAAkAAQAAAAwAAgAAAAYAAwAAAAsABAAAAAUABQAAAAMABgAAAAcABwAAAAMACAAAAAgACQAAAAcACgAAAAMACwAAAAcADAAAAAQADQAAAAQADgAAAAUADwAAAAUAEAAAAAQAEQAAAAEAEgAAAAMAEwAAAAcAFAAAAAYAFQAAAAIAFgAAAAQAFwAAAAQAGAAAAAMAGQAAAAMAGgAAAAMAGwAAAAEAHAAAAAMAHQAAAAIAHgAAAAIAHwAAAAIAIAAAAAQAIQAAAAIAIgAAAAIAIwAAAAIAJAAAAAIAJQAAAAMAJgAAAAIAJwAAAAIAKAAAAAIAKQAAAAIAKgAAAAIAKwAAAAIALAAAAAEALQAAAAAALgAAAAAALwAAAAAAMAAAAAEAMQAAAAEAMgAAAAAAMwAAAAAAOAAAAAAAOQAAAAAAPAAAAAAAPQAAAAA="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681844706319485,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1681845006101184,"pkt":"+hY+WLcoABY+cE49CABFAABgF8BAAEAGuFesEBFlrB4A7cCAI4TCbO0qtom1mIAYAehq0wAAAQEICh9wxuDhRtg8AAAAKAADAAIAAACCAAdyZGthZmthAAAAAQARTEJfTUFJTl9MT0dfSU5QVVQ="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681845006128992,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681845006128992,"pkt":"ABY+cE49+hY+WLcoCABFAACstuZAAD0GG+WsHgDtrBARZSOEwIC2ibWYwmztVoAYgACshwAAAQEICuFLa10fcMbgAAAAdAAAAIIAAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":539,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1681845606130644} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":539,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1681845606130644} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681845606130644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681845606130644,"pkt":"ABY+cE49+hY+WLcoCABFAACstuhAAD0GG+OsHgDtrBARZSOEwIC2ibYQwmztgoAYgABcSAAAAQEICuFUkx8fee6mAAAAdAAAAIMAAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":659,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681849206507695} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":659,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1681849206507695} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681849206507695,"flow_src_last_pkt_time":1681849206507695,"flow_dst_last_pkt_time":1681849206507695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681849206507695,"l3_proto":"ip4","src_ip":"172.30.0.237","dst_ip":"172.16.17.101","src_port":9092,"dst_port":58052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681849206507695,"flow_dst_last_pkt_time":1681849206507695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1681849206507695,"pkt":"ABY+cE49+hY+WLcoCABFAAGSoXxAAD0GMGmsHgDtrBARZSOE4sSUXCuwa5w4kYAYgAC0VAAAAQEICuGLgxkfsN6\/AAABWgAAAIwAAAAAADgAAAAAAAkAAQAAAAwAAgAAAAYAAwAAAAsABAAAAAUABQAAAAMABgAAAAcABwAAAAMACAAAAAgACQAAAAcACgAAAAMACwAAAAcADAAAAAQADQAAAAQADgAAAAUADwAAAAUAEAAAAAQAEQAAAAEAEgAAAAMAEwAAAAcAFAAAAAYAFQAAAAIAFgAAAAQAFwAAAAQAGAAAAAMAGQAAAAMAGgAAAAMAGwAAAAEAHAAAAAMAHQAAAAIAHgAAAAIAHwAAAAIAIAAAAAQAIQAAAAIAIgAAAAIAIwAAAAIAJAAAAAIAJQAAAAMAJgAAAAIAJwAAAAIAKAAAAAIAKQAAAAIAKgAAAAIAKwAAAAIALAAAAAEALQAAAAAALgAAAAAALwAAAAAAMAAAAAEAMQAAAAEAMgAAAAAAMwAAAAAAOAAAAAAAOQAAAAAAPAAAAAAAPQAAAAA="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681849506130446,"flow_dst_last_pkt_time":1681849206507695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681849506130446,"pkt":"ABY+cE49+hY+WLcoCABFAACsoX5AAD0GMU2sHgDtrBARZSOE4sSUXC0Oa5w4vYAYgADrYgAAAQEICuGQFYEftXEqAAAAdAAAAI0AAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1681849506130446,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1681849806180390,"pkt":"+hY+WLcoABY+cE49CABFAABg\/Z1AAEAG0nmsEBFlrB4A7eLEI4RrnDi9lFwthoAYAehq0wAAAQEICh+6BVvhkBWBAAAAKAADAAIAAACOAAdyZGthZmthAAAAAQARTEJfTUFJTl9MT0dfSU5QVVQ="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681849806209304,"pkt":"ABY+cE49+hY+WLcoCABFAACsoYBAAD0GMUusHgDtrBARZSOE4sSUXC2Ga5w46YAYgADCVQAAAQEICuGUqa8fugVbAAAAdAAAAI4AAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1681849806209304,"pkt":"ABY+cE49+hY+WLcoCABFAACsoYBAAD0GMUusHgDtrBARZSOE4sSUXC2Ga5w46YAYgADCVQAAAQEICuGUqa8fugVbAAAAdAAAAI4AAAABAAAD6QAMMTcyLjMwLjAuMjM3AAAjhP\/\/ABZRNU5OaVhQZlIycVRBb0Y1aTczSlBnAAAD6QAAAAEAAAARTEJfTUFJTl9MT0dfSU5QVVQAAAAAAQAAAAAAAAAAA+kAAAABAAAD6QAAAAEAAAPp"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1681858206109620} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1681858206109620} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681858206109620,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206109620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681858206109620,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":40042,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206109620,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1681858206109620,"pkt":"+hY+WLcoABY+cE49CABFAABgBT9AAEAGytisEBFlrB4A7ZxqI4Q9lP9C7RFkxIAYAehq0wAAAQEICiA6MeDiC6+6AAAAKAADAAIAAACkAAdyZGthZmthAAAAAQARTEJfTUFJTl9MT0dfSU5QVVQ="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681858206109620,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206109620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681858206109620,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":40042,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -23,12 +23,12 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1681844706292198,"flow_src_last_pkt_time":1681845006101184,"flow_dst_last_pkt_time":1681845606130644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":350,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":590,"midstream":1,"thread_ts_usec":1681858206137402,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":49280,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1681849206507695,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":710,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1681858206137402,"l3_proto":"ip4","src_ip":"172.30.0.237","dst_ip":"172.16.17.101","src_port":9092,"dst_port":58052,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1681849206507695,"flow_src_last_pkt_time":1681849806209304,"flow_dst_last_pkt_time":1681849806180390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":710,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1681858206137402,"l3_proto":"ip4","src_ip":"172.30.0.237","dst_ip":"172.16.17.101","src_port":9092,"dst_port":58052,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1577,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1681860006461064} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1577,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1681860006461064} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681860006461064,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006461064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681860006461064,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":56556,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006461064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681860006461064,"pkt":"+hY+WLcoABY+cE49CABFAABN+I1AAEAG15ysEBFlrB4A7dzsI4Si6W0AVXZVa4AYAepqwAAAAQEICiBVqpDiME5qAAAAFQASAAAAAACoAAdyZGthZmthAAAAAA=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681860006461064,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006461064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681860006461064,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":56556,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006489735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1681860006489735,"pkt":"ABY+cE49+hY+WLcoCABFAAGSQEpAAD0GkZusHgDtrBARZSOE3OxVdlVroultGYAYgADK3AAAAQEICuIwToggVaqQAAABWgAAAKgAAAAAADgAAAAAAAkAAQAAAAwAAgAAAAYAAwAAAAsABAAAAAUABQAAAAMABgAAAAcABwAAAAMACAAAAAgACQAAAAcACgAAAAMACwAAAAcADAAAAAQADQAAAAQADgAAAAUADwAAAAUAEAAAAAQAEQAAAAEAEgAAAAMAEwAAAAcAFAAAAAYAFQAAAAIAFgAAAAQAFwAAAAQAGAAAAAMAGQAAAAMAGgAAAAMAGwAAAAEAHAAAAAMAHQAAAAIAHgAAAAIAHwAAAAIAIAAAAAQAIQAAAAIAIgAAAAIAIwAAAAIAJAAAAAIAJQAAAAMAJgAAAAIAJwAAAAIAKAAAAAIAKQAAAAIAKgAAAAIAKwAAAAIALAAAAAEALQAAAAAALgAAAAAALwAAAAAAMAAAAAEAMQAAAAEAMgAAAAAAMwAAAAAAOAAAAAAAOQAAAAAAPAAAAAAAPQAAAAA="} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1952,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1681878308076966} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1952,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1681878308076966} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681878308076966,"flow_src_last_pkt_time":1681878308076966,"flow_dst_last_pkt_time":1681878308076966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681878308076966,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":38176,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1681878308076966,"flow_dst_last_pkt_time":1681878308076966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_usec":1681878308076966,"pkt":"+hY+WLcoABY+cE49CABFAAH0JpZAAEAGp+2sEBFlrB4A7ZUgI4RBpO5PlVpho4AYAehsZwAAAQEICiFs7eTjR5EYAAABvAAAAAMAAAACAAdyZGthZmth\/\/8AAQAAE4gAAAABABFMQl9NQUlOX0xPR19JTlBVVAAAAAEAAAAAAAABgAAAAAAAAAAAAAABdAAAAAACQ2zQNQAAAAAAAAAAAYeXwlC4AAABh5fCULj\/\/\/\/\/\/\/\/\/\/wAA\/\/\/\/\/wAAAAGCBQAAAAH0BHsidGltZXN0YW1wIjoiMTY4MTg3ODMwNyIsInJlY2VpdmVkIjoiMTY4MTg3ODMwNyIsIm1lc3NhZ2UiOiJBcHIgMTkgMDY6MjU6MDcgcnN5c2xvZ2Q6ICBbb3JpZ2luIHNvZnR3YXJlPVwicnN5c2xvZ2RcIiBzd1ZlcnNpb249XCI4LjMyLjBcIiB4LXBpZD1cIjE5OVwiIHgtaW5mbz1cImh0dHA6Ly93d3cucnN5c2xvZy5jb21cIl0gcnN5c2xvZ2Qgd2FzIEhVUGVkIiwiaG9zdCI6ImxvZy1jb2xsZWN0b3IiLCJzZXZlcml0eSI6ImluZm8iLCJmYWNpbGl0eSI6InN5c2xvZyIsInByb2dyYW1uYW1lIjoicnN5c2xvZ2QiLCJ0YWciOiJyc3lzbG9nZDoifQ0KAA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681878308076966,"flow_src_last_pkt_time":1681878308076966,"flow_dst_last_pkt_time":1681878308076966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681878308076966,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":38176,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -41,15 +41,15 @@ 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1681878308632420,"flow_dst_last_pkt_time":1681878308660971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1681878308660971,"pkt":"ABY+cE49+hY+WLcoCABFAABxeTpAAD0GWcysHgDtrBARZSOElSCVWmHgQaTxjIAYhDCRegAAAQEICuNHk2EhbPAQAAAAOQAAAAMAAAABABFMQl9NQUlOX0xPR19JTlBVVAAAAAEAAAAAAAAAAAAAAKs8Iv\/\/\/\/\/\/\/\/\/\/AAAAAA=="} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1681860006461064,"flow_src_last_pkt_time":1681860006461064,"flow_dst_last_pkt_time":1681860006489735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":350,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":350,"midstream":1,"thread_ts_usec":1681878308660971,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":56556,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1681858206109620,"flow_src_last_pkt_time":1681858206109620,"flow_dst_last_pkt_time":1681858206137402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":120,"midstream":1,"thread_ts_usec":1681878308660971,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":40042,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3328,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1681879208222000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3328,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1681879208222000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681879208222000,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681879208222000,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":58300,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681879208222000,"pkt":"+hY+WLcoABY+cE49CABFAABN1nxAAEAG+a2sEBFlrB4A7eO8I4TXshQ4goGTkYAYAepqwAAAAQEICiF6qh3jVU1JAAAAFQASAAAAAAAEAAdyZGthZmthAAAAAA=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681879208222000,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681879208222000,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":58300,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3353,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":7,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1681883408373461} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3353,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":7,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1681883408373461} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681883408373461,"flow_src_last_pkt_time":1681883408373461,"flow_dst_last_pkt_time":1681883408373461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681883408373461,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":53052,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1681883408373461,"flow_dst_last_pkt_time":1681883408373461,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1681883408373461,"pkt":"+hY+WLcoABY+cE49CABFAABNsmNAAEAGHcesEBFlrB4A7c88I4SykL7z5TL1+oAYAepqwAAAAQEICiG6wRvjlWQgAAAAFQASAAAAAAAPAAdyZGthZmthAAAAAA=="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681883408373461,"flow_src_last_pkt_time":1681883408373461,"flow_dst_last_pkt_time":1681883408373461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1681883408373461,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":53052,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3378,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":8,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1703132756328165} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3378,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":8,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1703132756328165} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703132756328165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703132756328165,"pkt":"AAAAAAAAAAAAAAAACABFAAA8Eq5AAEAGKgx\/AAABfwAAAbQ4I4TC+vYrAAAAAKACQQD+MAAAAgT\/1wQCCApRp0SoAAAAAAEDAwA="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703132756328170,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASOEtDhFvmxLwvr2LKASyyD+MAAAAgT\/1wQCCApRp0SoUadEqAEDAwA="} @@ -62,7 +62,7 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681879208222000,"flow_src_last_pkt_time":1681879208222000,"flow_dst_last_pkt_time":1681879208222000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1703132763110994,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":58300,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1681878308076966,"flow_src_last_pkt_time":1681878308632420,"flow_dst_last_pkt_time":1681878308660971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":381,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":1210,"flow_dst_tot_l4_payload_len":122,"midstream":1,"thread_ts_usec":1703132763110994,"l3_proto":"ip4","src_ip":"172.16.17.101","dst_ip":"172.30.0.237","src_port":38176,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132769960435,"flow_dst_last_pkt_time":1703132769960418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":307,"flow_dst_tot_l4_payload_len":660,"midstream":0,"thread_ts_usec":1703132769960435,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4345,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1703132769960435} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4345,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1703132769960435} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929914 bytes -~~ total memory freed........: 6929914 bytes -~~ total allocations/frees...: 114268/114268 +~~ total memory allocated....: 7507510 bytes +~~ total memory freed........: 7507510 bytes +~~ total allocations/frees...: 125999/125999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1166 chars diff --git a/test/results/default/kcp.pcap.out b/test/results/default/kcp.pcap.out index 8e29546c6..53124dbd9 100644 --- a/test/results/default/kcp.pcap.out +++ b/test/results/default/kcp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704996858262666} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1704996858262666} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996858262666,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1534,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1534,"pkt_l4_len":1480,"thread_ts_usec":1704996858262666,"pkt":"AAAAAAAAAAAAAAAAht1gD7F6BcgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABuPwfQAXIBdsKAAAAUQKAABQAAAAAAAAAAAAAAKgFAAAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmpw=="} 00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996858262666,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -33,7 +33,7 @@ 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996873963581,"flow_src_last_pkt_time":1704996873963581,"flow_dst_last_pkt_time":1704996873963581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":43926,"dst_port":41488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":17,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996864252409,"flow_dst_last_pkt_time":1704996864252351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":19536,"flow_dst_tot_l4_payload_len":4816,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996864362941,"flow_src_last_pkt_time":1704996864362941,"flow_dst_last_pkt_time":1704996864362941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":52761,"dst_port":8661,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1704996873963581} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1704996873963581} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923343 bytes -~~ total memory freed........: 6923343 bytes -~~ total allocations/frees...: 114253/114253 +~~ total memory allocated....: 7500939 bytes +~~ total memory freed........: 7500939 bytes +~~ total allocations/frees...: 125984/125984 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2540 chars diff --git a/test/results/default/kerberos-error.pcap.out b/test/results/default/kerberos-error.pcap.out index 08681215b..9a8cc2077 100644 --- a/test/results/default/kerberos-error.pcap.out +++ b/test/results/default/kerberos-error.pcap.out @@ -1,11 +1,11 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","vlan_id":2008,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_usec":1645515964250491,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"} 01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","vlan_id":2008,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_usec":1645515964609203,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1645515964609203,"vlan_id":2008,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 624 chars ~~ json message max len.......: 1042 chars diff --git a/test/results/default/kerberos-login.pcap.out b/test/results/default/kerberos-login.pcap.out index 0f1e9fbc7..3413534c3 100644 --- a/test/results/default/kerberos-login.pcap.out +++ b/test/results/default/kerberos-login.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946716066779388} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946716066779388} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_usec":946716066779388,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAJUAAIAREnkKAQwCCgUDAQQlAFgEw4XHbIIEtzCCBLOhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgGCx7fTnQzvvnXnzi9LJ0rtprAMBwPNDorbgvJI4BV8TZb2vtoAMBvn\/H0kv3attbzNMWzuI4cmR96epkzzc9Em+P1ZASZGSdvfOcM7pYzUfVYcU+almrfJGc226OPAiNqdT5WqhctEEk6M\/WBsVhSCIKFwQ0F6xriZzYptSncn2pHIwcKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoyEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBAvCgSioGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} 00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}} @@ -55,7 +55,7 @@ 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":1237,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":946724453221239} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":946724453221239} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946724453221239,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221239,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221278,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="} @@ -77,7 +77,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":1228,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":1202,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":1202,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453222354,"flow_dst_last_pkt_time":946724453222308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":1554,"flow_src_tot_l4_payload_len":3110,"flow_dst_tot_l4_payload_len":3108,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":946724453222354} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":946724453222354} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6937328 bytes -~~ total memory freed........: 6937328 bytes -~~ total allocations/frees...: 114309/114309 +~~ total memory allocated....: 7514924 bytes +~~ total memory freed........: 7514924 bytes +~~ total allocations/frees...: 126040/126040 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2199 chars diff --git a/test/results/default/kerberos.pcap.out b/test/results/default/kerberos.pcap.out index 3d4c96ac5..b3298d8fa 100644 --- a/test/results/default/kerberos.pcap.out +++ b/test/results/default/kerberos.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1549337929790448} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1549337929790448} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337929790448,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} 01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}} @@ -187,7 +187,7 @@ 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1549337952283232} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":190,"global_ts_usec":1549337952283232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -196,9 +196,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7045254 bytes -~~ total memory freed........: 7045254 bytes -~~ total allocations/frees...: 114649/114649 +~~ total memory allocated....: 7622850 bytes +~~ total memory freed........: 7622850 bytes +~~ total allocations/frees...: 126380/126380 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 2499 chars diff --git a/test/results/default/kerberos_fuzz.pcapng.out b/test/results/default/kerberos_fuzz.pcapng.out index e7ebe014d..5629f5d5f 100644 --- a/test/results/default/kerberos_fuzz.pcapng.out +++ b/test/results/default/kerberos_fuzz.pcapng.out @@ -1,10 +1,10 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633884084000000} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633884084000000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_usec":1633884084000000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633884084000000} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633884084000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907614 bytes -~~ total memory freed........: 6907614 bytes -~~ total allocations/frees...: 114137/114137 +~~ total memory allocated....: 7485210 bytes +~~ total memory freed........: 7485210 bytes +~~ total allocations/frees...: 125868/125868 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars ~~ json message max len.......: 1044 chars diff --git a/test/results/default/kismet.pcap.out b/test/results/default/kismet.pcap.out index 8d48bf1cc..72014a8d7 100644 --- a/test/results/default/kismet.pcap.out +++ b/test/results/default/kismet.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1144004385285325} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1144004385285325} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1144004385285325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285325,"pkt":"AAAAAAAAAAAAAAAACABFAAA0PIZAAIAGwDt\/AAABfwAAAYURCcWza5HWAAAAAIACf\/\/iowAAAgRADAEBBAIBAwMC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285353,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIAG\/MF\/AAABfwAAAQnFhRGzPp6Js2uR14ASf\/+QygAAAgRADAEBBAIBAwMC"} @@ -9,7 +9,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1144004385285602,"flow_dst_last_pkt_time":1144004385285561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1144004385285602,"pkt":"AAAAAAAAAAAAAAAACABFAAAoPIhAAIAGwEV\/AAABfwAAAYURCcWza5HXsz6fUVAQIABrKAAA"} 02234{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004397698680,"flow_dst_last_pkt_time":1144004398798485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1777,"midstream":0,"thread_ts_usec":1144004398798485,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":28,"avg":836339.2,"max":1099852,"stddev":406205.2,"var":165002641408.0,"ent":4.7,"data": [28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828]},"pktlen": {"min":40,"avg":128.9,"max":1085,"stddev":184.2,"var":33913.2,"ent":4.2,"data": [52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.152935505,4.370187283,4.291446209,5.295236588,4.191446304,4.892910004,4.291446209,4.891900063,4.458695412,4.585392952,4.341446400,5.037372112,4.341446400,5.005887508,4.291446686,5.014514446,4.341446400,4.979419708,4.291446686,5.025943279,4.341446400,5.016745567,4.291446686,4.993078232,4.341446400,5.021629810,4.341446400,5.025943279,4.341446400,5.025943279,4.291446209,5.037371635]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004399898338,"flow_dst_last_pkt_time":1144004399898316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1912,"midstream":0,"thread_ts_usec":1144004399898338,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":35,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1144004399898338} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":35,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1144004399898338} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 35/35 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910701 bytes -~~ total memory freed........: 6910701 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7488297 bytes +~~ total memory freed........: 7488297 bytes +~~ total allocations/frees...: 125905/125905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2239 chars diff --git a/test/results/default/knxip.pcapng.out b/test/results/default/knxip.pcapng.out index 07f13f69c..97424b7a5 100644 --- a/test/results/default/knxip.pcapng.out +++ b/test/results/default/knxip.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713288329876632} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1713288329876632} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876632,"flow_src_last_pkt_time":1713288329876632,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713288329876632,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"224.0.23.12","src_port":41343,"dst_port":3671,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1713288329876632,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1713288329876632,"pkt":"AQBeABcM8C90rUP1CABFAAAwVd9AAAERE0LAqFjn4AAXDKF\/DlcAHBDKBhACCwAUCAHAqFjnoX8GBAECBgc="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876632,"flow_src_last_pkt_time":1713288329876632,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713288329876632,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"224.0.23.12","src_port":41343,"dst_port":3671,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876649,"flow_src_last_pkt_time":1713288329876649,"flow_dst_last_pkt_time":1713288329876649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1713288329876649,"l3_proto":"ip4","src_ip":"192.168.1.28","dst_ip":"192.168.1.24","src_port":3671,"dst_port":54445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876649,"flow_src_last_pkt_time":1713288329876649,"flow_dst_last_pkt_time":1713288329876649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1713288329876649,"l3_proto":"ip4","src_ip":"192.168.1.28","dst_ip":"192.168.1.24","src_port":3671,"dst_port":54445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1713288329876632,"flow_src_last_pkt_time":1713288329876649,"flow_dst_last_pkt_time":1713288329876632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713288329876649,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"224.0.23.12","src_port":41343,"dst_port":3671,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KNXnet_IP","proto_id":"410","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1713288329876649} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/knxip.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1713288329876649} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910052 bytes -~~ total memory freed........: 6910052 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487648 bytes +~~ total memory freed........: 7487648 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/ldp.pcap.out b/test/results/default/ldp.pcap.out index a5a48191d..7619c66fe 100644 --- a/test/results/default/ldp.pcap.out +++ b/test/results/default/ldp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216142593122052} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1216142593122052} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216142593122052,"flow_src_last_pkt_time":1216142593122052,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142593122052,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1216142593122052,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1216142593122052,"pkt":"AQBeAAACwgVjTQAACABFwAA+AAAAAAERzusKAAAC4AAAAgKGAoYAKvMyAAEAHgoAAAYAAAEAABQAAAAABAAABAAPAAAEAQAECgAABg=="} 00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216142593122052,"flow_src_last_pkt_time":1216142593122052,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142593122052,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216142595491091,"flow_src_last_pkt_time":1216142595491091,"flow_dst_last_pkt_time":1216142595491091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142597402306,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1216142593122052,"flow_src_last_pkt_time":1216142597202298,"flow_dst_last_pkt_time":1216142593122052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216142597402306,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"224.0.0.2","src_port":646,"dst_port":646,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1216142597274254,"flow_src_last_pkt_time":1216142597346274,"flow_dst_last_pkt_time":1216142597402306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":244,"midstream":1,"thread_ts_usec":1216142597402306,"l3_proto":"ip4","src_ip":"10.0.1.1","dst_ip":"10.0.0.6","src_port":45334,"dst_port":646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LDP","proto_id":"409","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":604,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1216142597402306} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ldp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":604,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1216142597402306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912520 bytes -~~ total memory freed........: 6912520 bytes -~~ total allocations/frees...: 114164/114164 +~~ total memory allocated....: 7490116 bytes +~~ total memory freed........: 7490116 bytes +~~ total allocations/frees...: 125895/125895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out index 782e41a0f..bb38b62bf 100644 --- a/test/results/default/line.pcap.out +++ b/test/results/default/line.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":608455689} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00823{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":608455689} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608455689,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak4AAIARRmgKAAIPfdH80saTUIIDcGeR22QAuQYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxpqxcwsrZxwhx1xKWqCFVz8ThMLekrlMqzL884f90GP2NtK7Ce8hzDQNrwRj9rBBTjTz8s6H2gTPjSg0VDLz20S\/lg6tSMQGiPk18OAgr8Cvvp\/hozCjTC4rWGtBZMNzWhsdRZ0vEFqySrtoCKzbjIs8sYLfeI\/Srmdhg38hXlV6rP9b8ENgYDmhrGulF6otA0UNGy35B4kYdo\/MhPSqQjQ8pcsGIy70IR4UFuSLysmmi75oS+WVNM3dgKIvi143xwOy7qgdOdPV5c+gyBB3mtuSgX0e6xOZRh+2kBmE1\/y0Gdj0dNsXH1vof4pPU4HsRVsS0JvYE0U4YlCdanTAcZNPEnmP1noc5qyuh3us6i5xZtmZnUx0T0dXCf0c9mjorZc3Lgg0l497C2CPwMYdagIqBvgEBhiD2cLJ1VerQb93JW2WKPOLzzLgg0\/tyC748UEXnP1gVpyk34Qd6ThuEIyp\/P3Utszr2wDnYN9cXknXxovlsHtIUI308PKUR7uibVl6bPutV6morvNcIbC58Fk8I1neHuYJPbML1G3OCQjgPc+UH2RxL9dDmY3xJLGPaDlORHwLn0Y9UQRY8Lhk7amd4Z88RICqBguRbixN34f9ZzfQZMdoKSWIV7icBWCmxX4crcCBO1D2278Obn+4x7poeFXGeVaVtHFvQ6rkr5dyofRWaIN1msakDrm5L5U8AF0mUYN0+12kJO8yLievpdn6xzNd4bKeYsb3C1FFeKFwSAPzqOUDv9aT+WW4SKHyylw0pdUVK4cuveXzIF5ZRqBwY2i+cjXDSGbNnaKBH2ErXqKoIrNiwz6KvRlsA2pt5TBITtHSGuD8PCKzt2UbnDxqzPIw8XsLbhafMorn0W89jxSC0Q8Vcy5wNKz19TflD1049Gv1NMbjNbekdfzuC5B7dQh0znvHrAE2PGpwN4BiBtJYQuHSvS+0685SuSAtdMbRHQMsckK4xIqoTfFa8AuUNh26FRzuRQPpkBBXrr2KepLiEo\/cCleIvjlciTpS1Gl7qHYI81WnNc9aJzRlAfia2MhNrGqry00clXMkM3NxH01kLKkBz0CIEQ="} 00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -8,7 +8,7 @@ 01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":609533458,"pkt":"CAAn5uVZUlQAEjUCCABFAAMAuboAAEARN4B90fzSCgACD1CCxpMC7Cmf2uAAZwYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpZJyG\/GGz9dcm\/Mr8\/7LWMlqzk54MO7ELXqtqSqfd\/YBdqlDZSVUrL97nZoyannQ+4sHLstSS32UsGeYFShNlIkPzze5YiNYv50x\/mH\/A9pbgu69Q+WF2ip97UNP5700H4+qhxbmcY9HS8ZIxXwfhRpVqXecYovPU98m66ZIHMk3AxDUggZJzXM8Cg9Ioa5PEOWCC0RQ\/+ZM\/xmE25dREFZwuEuTY4v54VaBEf\/1fcmWRmuO56S4CdHmd3r6UrJgdv7HOPYh1FHZImH9K6Vp5v43+PDFYehvgjuZevIzB9KNNpgRaXiJIoH9HKjsrlk8bFBNxGh\/Z3wVkNzkk6aZPEyGQfpJxhMdxxwGT2MsqjyEwRxvenqN6ZiCnhNKvKa1MoubR4Q69dsKI5vcArBU28dcnpBI49S+Gue7Y63pIbagOo3yJzlth5QkSgGoh3WTgewJUJPSW2CESchMymRIYmXZ453SQiLQDUOijjH9BTXQLRM1Jktgb1Ku3YtQhwOuoynAJXV8IgsD1XNcPeHVXH4cjiPxry8hY2LXG+Dpn0+ElcIAmuYGLXgyIWmFgMDccUsS4PEmO+H98\/37Xgd\/JFCN+BdEPL8h+w8JjEm76kq4pMrFkodu9TWUlq\/f5btNgcE3NZ5tj5unKE3tunn\/9XLrY2YdRaUSo3NFlLxzIy1Ls5OLl\/yp4rUeg\/491eKamydkxVOtbP5kUPMBZAToihwFzkbtaPi\/sHlzwamjGpc5urLdFERd4ubko4hgkGPbUQFvpEefL+PiNep0MCAfLSiIccfs7kEszIxBA1tUC\/E7ZoDjNG8bd9x9za\/H5o\/i6SrM4jgqtlvtdLcuIQKuEI0hJJAH84pOvAZwnqFLwqt9Aj1HWP7oTHWsPEdIMwTkD1+nw0mJ4o="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":609557906,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":609557906,"pkt":"UlQAEjUCCAAn5uVZCABFAAA6alAAAIARSbAKAAIPfdH80saTUIIAJgbQgOUAAQAAOrIJvaZ41xf3vWhbythM\/0LTmd0td5YJ"} 02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"} 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -21,10 +21,10 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1663913333003014,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663913333240356,"pkt":"hKk4ukxYwurksClYCABFAAA0AABAACoGvDqTXPLoCsgDfQG74zCmOsdicOgdNoASchCH0wAAAgQFoAEBBAIBAwMH"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1663913333240619,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1663913333240619,"pkt":"iJCNB9vohKk4ukxYCABFAAAo6jJAAIAGAAAKyAN9k1zy6OMwAbtw6B02pjrHY1AQBAWUpAAA"} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1663913333241633,"pkt":"iJCNB9vohKk4ukxYCABFAAIt6jNAAIAGAAAKyAN9k1zy6OMwAbtw6B02pjrHY1AYBAWWqQAAFgMBAgABAAH8AwOHxdSm8pDYiM262rsRrsVb3S2iAZUBdDGbyJja2Pz91SAsDdaBHWvKVYoWhZs2v6Jo59j43AlMNwj4yrxB+w0qlwBcEwITAxMBwCzAMMArwC8AowCfAKIAnsCvwK3AJMAowArAFMCjwJ8AawBqADkAOMCuwKzAI8AnwAnAE8CiwJ4AZwBAADMAMgCdAJzAocCdwKDAnAA9ADwANQAvAP8BAAFXAAAAHAAaAAAXdXRzLWZyb250LmxpbmUtYXBwcy5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsABwYDBAMDAwIALQACAQEAMwAmACQAHQAghk0AnRWAgnsc9r0fj+Be4pubOuIc94egHfE50H0TnGUAFQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333241633,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","blocks":0}}} +01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333240356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913333241633,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","blocks":0}}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333480027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1663913333480027,"pkt":"hKk4ukxYwurksClYCABFAAAoWBhAACoGZC6TXPLoCsgDfQG74zCmOsdjcOgfO1AQAO03sAAAAAAAAAAA"} -01439{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","blocks":0}}} -01721{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96","blocks":0}}} +01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","ja3s":"567bb420d39046dbfd1f68b558d86382","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","blocks":0}}} +01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","domainame":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3s":"567bb420d39046dbfd1f68b558d86382","ja4":"t13d461100_5052069a8e11_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96","blocks":0}}} 02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02325{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913342823022,"flow_dst_last_pkt_time":1663913342822836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4192,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":633542.9,"max":7306445,"stddev":1725177.1,"var":2976235913216.0,"ent":2.7,"data": [237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727]},"pktlen": {"min":40,"avg":272.5,"max":1500,"stddev":367.3,"var":134881.6,"ent":4.1,"data": [52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0],"entropies": [4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -48,7 +48,7 @@ 01149{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":290,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":290,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 290/290 ~~ skipped flows.............: 0 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6944679 bytes -~~ total memory freed........: 6944679 bytes -~~ total allocations/frees...: 114486/114486 +~~ total memory allocated....: 7522275 bytes +~~ total memory freed........: 7522275 bytes +~~ total allocations/frees...: 126217/126217 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2330 chars diff --git a/test/results/default/linecall_falsepositve.pcap.out b/test/results/default/linecall_falsepositve.pcap.out index 9cb7da311..1981e5a6d 100644 --- a/test/results/default/linecall_falsepositve.pcap.out +++ b/test/results/default/linecall_falsepositve.pcap.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444966772848} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444966772848} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966772848,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966772848} 00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":191,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":191,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAKkwrEAAPhGgXAoNgR4KCtYG2+cT5QCV4AsAAA9iAAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkh9MSFhcnIweGckSj5BYG9WQXtmW2JTX1hbKTpAQ0dIOkAlTEBBRVJnWDFrVFdiZmNbJEo+QWRsaVR7YFtVYG9IPilKXVtmaF5bJV5ZXkVSSF0xZF9XW29cWSRnPkFFUkg+ewA="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966785736,"packet_id":2,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966785736} @@ -64,7 +64,7 @@ 00932{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":466,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":466,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAbwR40AAPhG+EgoNgR4KCtYG2+cT5QGo\/XgAAA92AAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkhuMShyZHwwcT4kSj4zNEUyKXtMQEM3PzQuKTktLzhAO0AlTEAtRFFHMDE7LjA0PzY9JEk9diUhJ257Ki4yJyI7MSk4PUBEYltRJVg9QERDOikxNisuLz40PSRJPVdYcWlUe0k9QGNvZF8pV1RPO2FiXyVaV1VgSCJ8MUk9QDc\/NDAkODEtNTw3PXtJPTMyPjgtKTksMi9FRz0lSTAuMUU2KDE3KS0wUUc9JDwrLTVBNyx7OykrRFFHLSk7LEBEUTs9JUk9M0RRRzAxPT1AREVHPSRJbW51LyNvezovI3RFOzApST1AJj43MSU8LC8jPDh+MTctLDMzMy4kLHx9MEM2LXs1MX0zPygvKUk9QEdUSkAlTEA0R1RKMTFMQEM4T0UxJEc7PjhPOzt7RzE+QkVFOylHO0NHVEg+JUpdW2ZoXlsxXlleRVJIXSRkX1dbb1xZe2c+QUVxYl8pYFReWW1lPiVKPmBfc15UMWdSXGJSSD4kSj5BAA=="} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673445117157636,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673445117157636} 00706{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAARQvkwAAdhGpCgoK1gYKDYEeE+Xb5wEADn4AAA92AAAAAC0fSDcsMC0xQzl+eyp0QUVSX1spU0FdWGheUSVVTUFFUjQ9MUk9MzZCNy0kNyxARFF9fXt4fHElQjkgKXkxNDNRRz0lWlFUU1FHPTE7MCwxPzUoJDYqQERRXlF7aV9XRFFHXClnWmJSaFY0JVlYYlVrXFkxQHcgRFFHMCQ3KjMzRTQuezQtQERROispNi4wND85LCU8PUBERDUqMT0sKzI9NCkkST1ANz80Lns5LS42QDs9KUk9MDZARz0lSTFARFE6PTFJPTM4UUc9JD09QEQidW57J3hyNUMqbSk9MTNEUUc+JUo+NEVSSDExSj5BAA=="} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":42,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1673445117157636} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":42,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1673445117157636} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 42/0 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 314 chars ~~ json message max len.......: 1290 chars diff --git a/test/results/default/lisp_registration.pcap.out b/test/results/default/lisp_registration.pcap.out index f8aec52df..9307d5a56 100644 --- a/test/results/default/lisp_registration.pcap.out +++ b/test/results/default/lisp_registration.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597152685554430} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597152685554430} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1597152685554430,"pkt":"qrvMAAEAqrvMAAIACABFwAB0AJYAAP8RsB8KAHsCCgB7ARD2EPYAYGa4MgABAWerkx+ei5dKAAEAFLdG1odgiOW+z\/RAIKtUGCaiNO0QAAAFoAEgEAAAAAABCgAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -32,7 +32,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685555426,"flow_dst_last_pkt_time":1597152685560246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":400,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1597152687289150,"flow_src_last_pkt_time":1597152687645409,"flow_dst_last_pkt_time":1597152687439147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":452,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":467,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1597152711673703,"flow_src_last_pkt_time":1597152712034854,"flow_dst_last_pkt_time":1597152711822587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":660,"flow_dst_max_l4_payload_len":532,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1597152712034854} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1597152712034854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919769 bytes -~~ total memory freed........: 6919769 bytes -~~ total allocations/frees...: 114204/114204 +~~ total memory allocated....: 7497365 bytes +~~ total memory freed........: 7497365 bytes +~~ total allocations/frees...: 125935/125935 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 1436 chars diff --git a/test/results/default/log4j-webapp-exploit.pcap.out b/test/results/default/log4j-webapp-exploit.pcap.out index 3b1ea18b2..5cbd7a0dc 100644 --- a/test/results/default/log4j-webapp-exploit.pcap.out +++ b/test/results/default/log4j-webapp-exploit.pcap.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639425815407353} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639425815407353} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425815407353,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407353,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407439,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} @@ -59,12 +59,12 @@ 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1639425815682954,"flow_src_last_pkt_time":1639425833591234,"flow_dst_last_pkt_time":1639425833591196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1639425834628601,"flow_src_last_pkt_time":1639425834647737,"flow_dst_last_pkt_time":1639425834647705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":178,"flow_dst_packets_processed":176,"flow_first_seen":1639425815944677,"flow_src_last_pkt_time":1639425833586092,"flow_dst_last_pkt_time":1639425833586029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":828,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -01004{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639425834645933,"flow_src_last_pkt_time":1639425834645933,"flow_dst_last_pkt_time":1639425834646074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01111{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639425834645933,"flow_src_last_pkt_time":1639425834645933,"flow_dst_last_pkt_time":1639425834646074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00790{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639425834645933,"flow_src_last_pkt_time":1639425834645933,"flow_dst_last_pkt_time":1639425834646074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425834697105,"flow_dst_last_pkt_time":1639425834693853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":646,"flow_dst_max_l4_payload_len":223,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":223,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.13.31"}} 01377{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1639425815910226,"flow_src_last_pkt_time":1639425815918224,"flow_dst_last_pkt_time":1639425815918340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"172.16.238.11"}} 01377{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1639425834639606,"flow_src_last_pkt_time":1639425834642327,"flow_dst_last_pkt_time":1639425834642463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"172.16.238.11"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":426,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1639425834697105} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":426,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1639425834697105} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 426/422 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6941223 bytes -~~ total memory freed........: 6941223 bytes -~~ total allocations/frees...: 114659/114659 +~~ total memory allocated....: 7518965 bytes +~~ total memory freed........: 7518965 bytes +~~ total allocations/frees...: 126397/126397 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 1934 chars diff --git a/test/results/default/lol_wild_rift_udp.pcap.out b/test/results/default/lol_wild_rift_udp.pcap.out index 6685bef20..b5f698651 100644 --- a/test/results/default/lol_wild_rift_udp.pcap.out +++ b/test/results/default/lol_wild_rift_udp.pcap.out @@ -1,33 +1,33 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710911302293916} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710911302293916} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302293916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911302293916,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302293916,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1710911302293916,"pkt":"RaAAYWQaQABAEQQWCtetATMU5s+5ZjqcAE2CrwQAAACh9XQVvynm3jlTFezfZZqyfZoXyZsTCGjMLyjs+Y3tCAEUfeFcvT\/yKWqSsdjGNUvABjA9CDZgnH3gykdzsp0jgQ=="} 00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1710911302381932,"pkt":"RQABgwAAQABAEWeuMxTmzwrXrQE6nLlmAW8AABAAAADTKHtCW8tRXckVVQkLpT\/aWfbg1Lmx7lculXBv4U0dQQZcx8zU\/q24iJtXX7sGEupLbx3GjC6mfunWQPiiCNqPo69FyyLtT\/tA+RZxBX66xbwWY5BugzEwtVbxMQCHCDFZWummpaHL0Qj8dD6KVzPystUdtEGtJihnqek1GPXpljG6Ety3qsU9X4nXcdT3eVz\/43SuquNG6d\/XAMAzNli7syQ9c5dFVn\/d2T9Iy6DGoeJOtrag8MXh1HhyrJe91tGEPgtsQIvG9FvBnb\/1rXrLGEzbCAemdMNenqnDO\/ue+cDxJL7gyVUTqMkNl21tpyI7dXmopr5pqntSmOHIk0I1ZDn\/ftXVx\/gC\/qz7yTT79NsVZORBwhSEFmcKGQzXmaRSJxaJzUJkIm8hPIC25WHoN1mqRY78rBple094RjMNz2I1Nqu7nGYcckXXMKuoaklHCuRLCMosRNx2TZQLmpAcJ1jw"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710911302381932,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1710946531679896} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1710946531679896} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531679896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946531679896,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531679896,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1710946531679896,"pkt":"RaAAYeWHQABAEbnVCtetAQ0z1YOqpjqfAE0i0AQAAAAhE+HV\/OESvjMRa9EQGci8CKwOM7i6HIRDu9XsSlqH420oYREY\/NhdqMY9iLOQjWQm2z\/45VJYnKqhlugCbIrYnA=="} 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1710946531710705,"pkt":"RQABgwAAQABAEZ7bDTPVgwrXrQE6n6qmAW8AABAAAAAjmCl9zbSxZT2LhK\/0kLs0YAweDzs9Vagi0Uudkts7mDChXZpEk4H0Q6zPLQV84oQLChe53JwCr24wJyrgU2c6kx3nN35rITQV5kGmwXXou2V4iyaSshImtCozbrYH6tTo1cBsP4CDrdOHCWWiu2vFT2bqrsg7gXU0J3LHCYMURuPJvASKZ6mmhp12rbl1kwrk2vPOL+G7SATENzWYxsHd8sZ0OeAaq3GdR1YwicjlyJr3lQRZzAKoOZ4Rl0j\/i\/9HOZPJck4U7xF86ZzZGY6fYyHBinsuzC8vhIeq+uePSRb+juH2SNJFZsSsMX491JJQBx94W548vqB\/dsq7amx+tz+\/KIeOYLRtG+tYMCmo2VZb2Htj499t2dEZEu8MLyywkoFOepy1zfS+ErPMv1W5KXu3OTIlocbaoXN8tjs44z+CtaLNt\/8DpizZLEebDeNK8wZ84cILoJ7rsJonPfrx2019"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1711107097463454} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1711107097463454} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097463454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711107097463454,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097463454,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1711107097463454,"pkt":"RaAAYWulQABAEfyKCtetATMU5s+2bjqfAE3yWgQAAABkObg21AeJfuTSNfG+n9sxT5Ti\/xrRPIt\/\/gSOX2Ei5azZk+jNjaa16ReYrT1AZqjhbsD5bPvYW7XZqK\/CIPXArg=="} 00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1711107097538920,"pkt":"RQABgwAAQABAEWeuMxTmzwrXrQE6n7ZuAW8AABAAAADwPdK8Ol+RTuXwrJRgWUKTNvFNmNv68s\/3rogA\/tIc5B1eaa2qC9cdkQEKyGLMKXJ+Q5rzt5IaNlzS4DPUh6lqlzCdMSfRBucDYjyNulavYm2xWGQTE9VRb21wtDxvpkfoLEZ1aPcyV\/JA7h0PBFPNXCRs8lO0uNnoZ0wcad9B+JKlM9dDEi0V7Ppz0JKi3roz1oWOKRGZ0tNqlXFTGPwwiK16Jw18t2v\/fO2GG6LBuJOfAdbqGtN3lHxPRN76f2ltEKFTpZpK3nysHZU\/6bV2ej3lzSUBSqGpU7heakpEU+UnOoZ\/5p5r86FRaz\/pXa3wfebFrhyGSdY8cTc\/xO7D5LehUXK5Ui\/kyo+ci7kaYBQy+Sjp\/rfJFqbpYzPrtaLbERbwnSVgF3ccggGQSdoviAElTyq032pwFaUMXT0VoGAUUv46u2gBXCck9nIP+8Ra+Z6FsXffRLdeNuS0po2KFLuj"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1711524139588152} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1711524139588152} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1711524139588152,"pkt":"RQAAMh6VQABAER0HCtetAQ01OhKt4UZRAB6\/kgECyEEAAAABAAEAAAAeAAQABEEwQjE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1711534335502177} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1711534335502177} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1711534335502177,"pkt":"RQAAMhjdQABAESK\/CtetAQ01OhKh4EZRAB7LTQECyEEAAAABAAEAAABkAAQABEEwQjE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1328,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1711534335502177} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1328,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1711534335502177} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917452 bytes -~~ total memory freed........: 6917452 bytes -~~ total allocations/frees...: 114192/114192 +~~ total memory allocated....: 7495048 bytes +~~ total memory freed........: 7495048 bytes +~~ total allocations/frees...: 125923/125923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 996 chars diff --git a/test/results/default/long_tls_certificate.pcap.out b/test/results/default/long_tls_certificate.pcap.out index ba01e7ff8..94adf4f0b 100644 --- a/test/results/default/long_tls_certificate.pcap.out +++ b/test/results/default/long_tls_certificate.pcap.out @@ -1,17 +1,17 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609756181300869} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609756181300869} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609756181300869,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181300869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181671657,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1609756181671808,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1609756181671808,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1609756181681181,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1609756181681181,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGqFzAqAE8ag9ke9glAbsIXeEapWwtclAY\/\/+6nwAAFgMBAgABAAH8AwPaLdEq+3GSHdtF+4ttW9KB\/sTfZhziqSrMTPedTeLckgAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABwAGgAAF2JlYWNvbi1hcGkuYWxpeXVuY3MuY29tAAsABAMAAQIACgA6ADgADgANABkAHAALAAwAGwAYAAkACgAaABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQANACYAJAYBBgIGA+\/vBQEFAgUDBAEEAgQD7u7t7QMBAwIDAwIBAgICAzN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181681181,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609756181681181,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181681181,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609756181681181,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1609756181681181,"flow_dst_last_pkt_time":1609756182032584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1609756182032584,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAosodAACkGDtpqD2R7wKgBPAG72CWlbC1yCF3jH1AQHIRqpQAAAAAAAAAA"} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181681181,"flow_dst_last_pkt_time":1609756182035428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1609756182035428,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -05468{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182035731,"flow_dst_last_pkt_time":1609756182035821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6858,"midstream":0,"thread_ts_usec":1609756182035821,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA","blocks":0}}} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181681181,"flow_dst_last_pkt_time":1609756182035428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1609756182035428,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +05427{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182035731,"flow_dst_last_pkt_time":1609756182035821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6858,"midstream":0,"thread_ts_usec":1609756182035821,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","domainame":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA","blocks":0}}} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182512712,"flow_dst_last_pkt_time":1609756182787262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":906,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1609756182787262,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":87039.9,"max":370939,"stddev":130477.0,"var":17024251904.0,"ent":3.4,"data": [370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6]},"pktlen": {"min":40,"avg":370.7,"max":1492,"stddev":546.6,"var":298744.2,"ent":3.7,"data": [64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1],"entropies": [4.353732109,4.287687778,4.680641651,4.404402256,4.565872192,6.234030724,4.660021305,4.709488392,4.630641460,6.835905075,4.680641651,7.511188984,4.580641747,7.512306690,4.740514278,6.280318737,6.238153934,4.870416164,5.914383888,6.170372486,4.680641651,4.680641651,5.707346439,5.695815086,5.241580486,6.007335186,5.319273472,6.145098209,4.778975964,5.063529015,5.025067329,5.063529015]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01034{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756183156414,"flow_dst_last_pkt_time":1609756183162351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":11027,"midstream":0,"thread_ts_usec":1609756183162351,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1609756183162351} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":47,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1609756183162351} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7308319 bytes -~~ total memory freed........: 7308319 bytes -~~ total allocations/frees...: 114380/114380 +~~ total memory allocated....: 7885915 bytes +~~ total memory freed........: 7885915 bytes +~~ total allocations/frees...: 126111/126111 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars -~~ json message max len.......: 5473 chars -~~ json message avg len.......: 2876 chars +~~ json message max len.......: 5432 chars +~~ json message avg len.......: 2857 chars diff --git a/test/results/default/lru_ipv6_caches.pcapng.out b/test/results/default/lru_ipv6_caches.pcapng.out index 7ed9b7993..4b4b5d907 100644 --- a/test/results/default/lru_ipv6_caches.pcapng.out +++ b/test/results/default/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} @@ -35,42 +35,42 @@ 01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052959035612,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} -01173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969360318,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969360318,"pkt":"AAAAAAAAAAgAKih5ht1gChT5ACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy8wKP2CEgBL\/\/+ibAAACBAVQAQEEAgEDAwo="} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517969,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy80KP2KJUBAAQlzUAAAWAwMAUAIAAEwDA2Gx9qmsk0SkPB6KDAiZvXlLcIQwNUuS8UsCtY0L22BDAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517992,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESW0R0KP2KJUBAAQnUtAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHIMAABuAwAdIDwd"} -01611{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969585053,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969585053,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzACAGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1XdwhBagBL\/\/\/uQAAACBAVQAQEEAgEDAwo="} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1bdwhJfUBAAQnm1AAAWAwMAUAIAAEwDA2Gx9qme4uujwv1+7XVRUWnJHpI6\/iAaaJ7rvPDDXG+vAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5VKbdwhJfUBAAQpK1AABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIDGI"} -01619{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01577{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052971296401,"pkt":"AAAAAAAAAAgAVrKUht1gDJJRAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBwt+hkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxCYpebxBOzZP3H84ohCF\/4mXRlMTpxOTpnZXRfcGVlcnMxOnQyOhlZMTp2NDpMVAECMTp5MTpxZQ=="} 01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052971296401,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974554138,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052974554138,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1YLBRqPgBL\/\/4UNAAACBAVQAQEEAgEDAwo="} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704392,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1cLBRtIUBAAQtsqAAAWAwMAUAIAAEwDA2Gx9q7NW\/InZk3e9l0G3VMCEwBfKMJf26DLOUsrrRkmAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704415,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aMKcLBRtIUBAAQgdNAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIEe5"} -01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01578{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} -01173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} -01173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"} @@ -86,7 +86,7 @@ 01277{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01273{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1639052981556623} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -95,9 +95,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6951322 bytes -~~ total memory freed........: 6951322 bytes -~~ total allocations/frees...: 114378/114378 +~~ total memory allocated....: 7529058 bytes +~~ total memory freed........: 7529058 bytes +~~ total allocations/frees...: 126114/126114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 580 chars ~~ json message max len.......: 2401 chars diff --git a/test/results/default/lustre.pcapng.out b/test/results/default/lustre.pcapng.out index fdd46888b..0a2587ea4 100644 --- a/test/results/default/lustre.pcapng.out +++ b/test/results/default/lustre.pcapng.out @@ -1,4 +1,4 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":33797609,"flow_src_last_pkt_time":33797609,"flow_dst_last_pkt_time":33797609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":33797609,"l3_proto":"ip4","src_ip":"192.168.88.132","dst_ip":"192.168.88.131","src_port":1022,"dst_port":988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":33797609,"flow_dst_last_pkt_time":33797609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":33797609,"pkt":"CAAn2I68CAAnL2M6CABFAAA8y3hAAEAGPOvAqFiEwKhYgwP+A9zvSIOYAAAAAKACchDPdgAAAgQFtAQCCAr8LF04AAAAAAEDAwc="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":33797609,"flow_dst_last_pkt_time":33797676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":33797676,"pkt":"CAAnL2M6CAAn2I68CABFAAA8AABAAEAGCGTAqFiDwKhYhAPcA\/4IwIVt70iDmaAScSDm9QAAAgQFtAQCCApoePK5\/CxdOAEDAwc="} @@ -15,7 +15,7 @@ 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":117287839,"flow_dst_last_pkt_time":117287695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":117287839,"pkt":"CAAn2rO9CAAn\/ppgCABFAAHcueVAAEAGTPjAqFh2wKhYdwP\/A9wz0HPLv84EwIAYAP5WigAAAQEICqDGlVtngMkgwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd1iowAAAAgB2WKjAAAACADkwAAA5MAAAAQAAAEgBAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/gAAA4nVtBgAAAAAAAAAAABoAAAAAAAAAAgAAAAAAAAPTC9ALWAEAAAAAAAADAAAAAAAAAAAAAAC4AAAAaAAAAERXnpmaENjUZxIAAAMABABlAAAABgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAOJ1bQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAbHVzdHJlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMN3XXQVdaVUAAAAAAAAAAA=="} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":33797609,"flow_src_last_pkt_time":33797888,"flow_dst_last_pkt_time":33797935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":117289748,"l3_proto":"ip4","src_ip":"192.168.88.132","dst_ip":"192.168.88.131","src_port":1022,"dst_port":988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Lustre","proto_id":"425","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":117287477,"flow_src_last_pkt_time":117289748,"flow_dst_last_pkt_time":117288580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":3512,"flow_dst_tot_l4_payload_len":2128,"midstream":1,"thread_ts_usec":117289748,"l3_proto":"ip4","src_ip":"192.168.88.118","dst_ip":"192.168.88.119","src_port":1023,"dst_port":988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Lustre","proto_id":"425","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":117289748} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/lustre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":117289748} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914751 bytes -~~ total memory freed........: 6914751 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7492347 bytes +~~ total memory freed........: 7492347 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 523 chars ~~ json message max len.......: 1375 chars diff --git a/test/results/default/malformed_dns.pcap.out b/test/results/default/malformed_dns.pcap.out index d4f3a5408..6e19ee929 100644 --- a/test/results/default/malformed_dns.pcap.out +++ b/test/results/default/malformed_dns.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591551760342902} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591551760342902} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551760342902,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","domainame":"www.xt.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -9,7 +9,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551760372114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551765342879,"pkt":"AAAAAAAAAAAAAAAACABFAAA4ny8AAEAR3YN\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 02726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765355529,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551765355529,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="} 01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765368813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1591551765368813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591551765368813} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591551765368813} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907859 bytes -~~ total memory freed........: 6907859 bytes -~~ total allocations/frees...: 114146/114146 +~~ total memory allocated....: 7485455 bytes +~~ total memory freed........: 7485455 bytes +~~ total allocations/frees...: 125877/125877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 2731 chars diff --git a/test/results/default/malformed_icmp.pcap.out b/test/results/default/malformed_icmp.pcap.out index 171b89152..de3373143 100644 --- a/test/results/default/malformed_icmp.pcap.out +++ b/test/results/default/malformed_icmp.pcap.out @@ -1,10 +1,10 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593066612951269} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593066612951269} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"thread_ts_usec":1593066612951269,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"} 01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01058{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1593066612951269} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1593066612951269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907669 bytes -~~ total memory freed........: 6907669 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485265 bytes +~~ total memory freed........: 7485265 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 519 chars ~~ json message max len.......: 1063 chars diff --git a/test/results/default/malware.pcap.out b/test/results/default/malware.pcap.out index aacf436fb..f93615b2d 100644 --- a/test/results/default/malware.pcap.out +++ b/test/results/default/malware.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569571466977364} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569571466977364} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1569571466977364,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -10,7 +10,7 @@ 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571470672893,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.297900}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571476362891,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569571476362891,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569579408876326} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1569579408876326} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1569579408876326,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} 01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","http": {"url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0","detected_os":"Windows 10"}}} @@ -20,29 +20,29 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1569579416636584,"flow_dst_last_pkt_time":1569579416828379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569579416828379,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1569579416828406,"flow_dst_last_pkt_time":1569579416828379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569579416828406,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"} 01221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579416828379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569579416830077,"pkt":"CGoKOl4eMFLLbJwbCABFAAItxfBAAEAGCoLAqAcHQ9dc0omkAbvdSlrsHWnKP1AYAfZqeAAAFgMBAgABAAH8AwNiGwz6Nx6gZEkQ5mHfc0bz9cG8Q1IQ44DgAeGoVKlHzyC81+PdFDLSNn+Pdda1KG5hVhfTFmh4W9u7vJ1FmUKJWAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAABwAGgAAF3d3dy5pbnRlcm5ldGJhZGd1eXMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACCsOS9UcRaQolAvHH2lkEhvl6dNSVE29u8oKtYL+CH9BQAXAEEEoQXtl8vTSjgX92dpSeeQSX7Rmu4m1tT+guDWflQ+qUwx5JY0QUT2kxtvCYRY4\/6+TGd5ECmhJM43gC52CQwAHQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579416828379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579416830077,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","tls": {"version":"TLSv1.2","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579416828379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579416830077,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579417018328,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569579417018328,"pkt":"MFLLbJwbCGoKOl4eCABFAAAoJgFAADgGtHZD11zSwKgHBwG7iaQdaco\/3Upc8VAQAO2ZSgAAAAAAAAAA"} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579417029746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569579417029746,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","tls": {"version":"TLSv1.2","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417029833,"flow_dst_last_pkt_time":1569579417030048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1569579417030048,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","proto_id":"91.225","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","tls": {"version":"TLSv1.2","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579417029746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569579417029746,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","tls": {"version":"TLSv1.2","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +02800{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417029833,"flow_dst_last_pkt_time":1569579417030048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1569579417030048,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","proto_id":"91.225","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","domainame":"www.internetbadguys.com","tls": {"version":"TLSv1.2","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C","blocks":0}}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571467001085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1698873191201916} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1698873191201916} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191201916,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191201916,"pkt":"YDjgxTWgABjzZLGICABFAAA08cpAAJsGFlTAqAAUwW1Ve6EYAbv2WX9aAAAAAIAC+vDXywAAAgQFtAEBBAIBAwMH"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191268235,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADYGbR\/BbVV7wKgAFAG7oRhDPWNP9ll\/W4ASchBmPgAAAgQFrAEBBAIBAwMH"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1698873191268310,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698873191268310,"pkt":"YDjgxTWgABjzZLGICABFAAAo8ctAAJsGFl\/AqAAUwW1Ve6EYAbv2WX9bQz1jUFAQAfbXvwAA"} 01409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":706,"pkt_l4_len":672,"thread_ts_usec":1698873191276094,"pkt":"YDjgxTWgABjzZLGICABFAAK08cxAAJsGE9LAqAAUwW1Ve6EYAbv2WX9bQz1jUFAYAfbaSwAAFgMBAocBAAKDAwNZALD8xD8Q+yl+0KOqmQwd9gXJJBI9kolSl2GL2ReWNiCzs2NfI2JybZYU5Icxytbz6e632+0qvEWXLo8a8wqg1gAeEwETAxMCwCvAL8ypzKjALMAwwBPAFACcAJ0ALwA1AQACHAAAABEADwAADGhvYmJlYWNoLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAIAAYEAwUDBgMAMwBrAGkAHQAgcjjpRBYP\/LqjyeDcLJLQffjl2smK2ysllsrTP\/YNNzsAFwBBBLl\/Nov1e2X7YY8UFT1OgkDeiwvc58iBUeWZ23ywSHc3AQjLTV+lIofWWkxEGhBcgbbZ9Htvq4dOfSXR7opV40gAKwAFBAMEAwMADQAWABQEAwUDBgMIBAgFCAYEAQUBBgECAQAtAAIBAQAcAAJAAf4NARkAAAEAAX0AIMTFqBnFG9O6mmr20NCghz9vx9Ddz6otgXsR8gyu6h7WAO+yE1\/\/QwSzZEaH6O1OxJ9t+T+v+mGq5\/odUILRIoeCTfBD8XbYXXrTh2OFwu3Fx+euNL7RqjppJqXB5FAlxffyZl7obXXRjTsHhoREObJk46izW3azMo8F16kgHph8zeguNu+hQWCNCr6k2LaOWcsIT4h5ZRJQe6mr4GGpaKynhiEGqLQHfY20kUhUK0wkx8w4ouFKNJrH1+WIUkQrAU1++cxRc1xz3E6O8+4SKSjzV4V6tBwY28soLcK5gGWXcLLqYHkrURuNrVYGsik68JJ4JfFbW\/LYtJEPEGqrYr5vPpTvf6wElHwFsr3qn\/E+8Q=="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191276094,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","domainame":"hobbeach.com","tls": {"version":"TLSv1.2","ja3":"9a7f6a45c84d90c9e8baecb0c9ae8dff","ja3s":"","ja4":"t13d1515h2_8daaf6152771_6a09c78d0dc2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191276094,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","domainame":"hobbeach.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_6a09c78d0dc2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191342966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1698873191342966,"pkt":"ABjzZLGIYDjgxTWgCABFAAAoSE9AADYGJNzBbVV7wKgAFAG7oRhDPWNQ9lmB51AQAO8VngAAAAAAAAAA"} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191346145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1698873191346145,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","domainame":"hobbeach.com","tls": {"version":"TLSv1.2","ja3":"9a7f6a45c84d90c9e8baecb0c9ae8dff","ja3s":"d154fcfa5bb4f0748e1dd1992c681104","ja4":"t13d1515h2_8daaf6152771_6a09c78d0dc2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01503{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191346226,"flow_dst_last_pkt_time":1698873191346291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":2985,"midstream":0,"thread_ts_usec":1698873191346291,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","domainame":"hobbeach.com","tls": {"version":"TLSv1.2","server_names":"hobbeach.com","ja3":"9a7f6a45c84d90c9e8baecb0c9ae8dff","ja3s":"d154fcfa5bb4f0748e1dd1992c681104","ja4":"t13d1515h2_8daaf6152771_6a09c78d0dc2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=R3","subjectDN":"CN=hobbeach.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"30:C9:08:A7:5D:AC:71:2C:07:00:51:20:4D:91:DC:3C:BA:7E:0A:46","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191346145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1698873191346145,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","domainame":"hobbeach.com","tls": {"version":"TLSv1.2","ja3s":"d154fcfa5bb4f0748e1dd1992c681104","ja4":"t13d1515h2_8daaf6152771_6a09c78d0dc2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01462{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191346226,"flow_dst_last_pkt_time":1698873191346291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":2985,"midstream":0,"thread_ts_usec":1698873191346291,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","domainame":"hobbeach.com","tls": {"version":"TLSv1.2","server_names":"hobbeach.com","ja3s":"d154fcfa5bb4f0748e1dd1992c681104","ja4":"t13d1515h2_8daaf6152771_6a09c78d0dc2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=R3","subjectDN":"CN=hobbeach.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"30:C9:08:A7:5D:AC:71:2C:07:00:51:20:4D:91:DC:3C:BA:7E:0A:46","blocks":0}}} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191527805,"flow_dst_last_pkt_time":1698873191527955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1216,"flow_dst_tot_l4_payload_len":15979,"midstream":0,"thread_ts_usec":1698873191527955,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":21029.9,"max":110516,"stddev":35172.1,"var":1237078016.0,"ent":3.2,"data": [66319,66394,7784,74731,3179,70080,59,0,52,87,88,2895,69320,66866,105647,5079,239,110516,108,104,86,291,185,72,128,388,325,210,535,106,55]},"pktlen": {"min":40,"avg":579.6,"max":1492,"stddev":653.5,"var":427088.1,"ent":4.0,"data": [52,52,40,692,46,1492,40,46,121,52,1492,40,133,314,511,46,1492,1492,40,46,1367,1492,40,1492,46,1269,40,1492,1492,40,46,1492]},"bins": {"c_to_s": [9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1],"entropies": [4.739399433,4.931210041,4.784183979,7.178894043,4.434307575,7.386115074,4.884183884,4.434307098,6.317144871,4.988526344,7.610246658,4.884183884,5.998999596,7.235376835,7.554747581,4.434307098,7.863018513,7.867267132,4.834183693,4.434307575,7.860304356,7.871340752,4.884183884,7.867784977,4.434307098,7.823972225,4.884183884,7.868661404,7.861267567,4.834183693,4.477785587,7.882142067]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417280185,"flow_dst_last_pkt_time":1569579417280169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":674,"flow_dst_tot_l4_payload_len":5344,"midstream":0,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","proto_id":"91.225","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":52,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873192090163,"flow_dst_last_pkt_time":1698873192090406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":793,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2794,"flow_dst_tot_l4_payload_len":46132,"midstream":0,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579409087861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":55513,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1698873192090406} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":55513,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1698873192090406} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -51,10 +51,10 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6970914 bytes -~~ total memory freed........: 6970914 bytes -~~ total allocations/frees...: 114369/114369 +~~ total memory allocated....: 7548534 bytes +~~ total memory freed........: 7548534 bytes +~~ total allocations/frees...: 126101/126101 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars -~~ json message max len.......: 2846 chars -~~ json message avg len.......: 1686 chars +~~ json message max len.......: 2805 chars +~~ json message avg len.......: 1666 chars diff --git a/test/results/default/memcached.cap.out b/test/results/default/memcached.cap.out index 192bed3e3..3f273132f 100644 --- a/test/results/default/memcached.cap.out +++ b/test/results/default/memcached.cap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534343745954071} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534343745954071} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534343745954071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954071,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954090,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} @@ -8,7 +8,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1534343745954238,"pkt":"AAAAAAAAAAAAAAAACABFAAA0B5VAAEAGNS1\/AAABfwAAASvL6NTLJnx7LJHe2IAQAVb+KAAAAQEICikge+4pIHvu"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954346,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954749,"flow_dst_last_pkt_time":1534343745954737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1534343745954749} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1534343745954749} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909975 bytes -~~ total memory freed........: 6909975 bytes -~~ total allocations/frees...: 114149/114149 +~~ total memory allocated....: 7487571 bytes +~~ total memory freed........: 7487571 bytes +~~ total allocations/frees...: 125880/125880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/merakicloud.pcapng.out b/test/results/default/merakicloud.pcapng.out index 7afe6a3f0..7ff5c0622 100644 --- a/test/results/default/merakicloud.pcapng.out +++ b/test/results/default/merakicloud.pcapng.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444916586594} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1673444916586594} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1673444916586594,"pkt":"AAAAAAAAAAEC+qKgCABFAACM6EcAAPkR334CJOqF0c47IrjFHLcAeI5V\/vcokQ0BAHAGihtOAAAAACpmyZcAAAAAAFYCCGO+vhsqCRUEAyQc8x5t8LeScWQ7JhVYfzr5StSHn5mSLCeBOnIKUwGFNtdHnBkECAAAAHcAUa57BQgAAIDsAACAXAcIAAAAAjgFaqcGAQQIA+DLvA=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445216593721,"flow_dst_last_pkt_time":1673445216785656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2231,"flow_dst_tot_l4_payload_len":1338,"midstream":0,"thread_ts_usec":1673445216785656,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445266594530,"flow_dst_last_pkt_time":1673445266791083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2455,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1673445266791083,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445316595722,"flow_dst_last_pkt_time":1673445316799009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2679,"flow_dst_tot_l4_payload_len":1522,"midstream":0,"thread_ts_usec":1673445316799009,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1673445316799009} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1673445316799009} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908889 bytes -~~ total memory freed........: 6908889 bytes -~~ total allocations/frees...: 114181/114181 +~~ total memory allocated....: 7486485 bytes +~~ total memory freed........: 7486485 bytes +~~ total allocations/frees...: 125912/125912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 2307 chars diff --git a/test/results/default/mgcp.pcap.out b/test/results/default/mgcp.pcap.out index 58ea4dd82..177cfa648 100644 --- a/test/results/default/mgcp.pcap.out +++ b/test/results/default/mgcp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1008850756991000} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1008850756991000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850756991683,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -8,7 +8,7 @@ 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1008850833713523,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1008850833713523,"pkt":"AJD4ADLsABCk62CzCABFAAAvAABAAEAR37KsEAF0rBABdwl7CXsAG7oNMjAwIDMxNjU2ODYwIG9rDQoNCg=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1008850833723445,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850833723445,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1008850837740350,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1463066849887905} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1463066849887905} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1463066849887905,"pkt":"AFBWWvA7AAtFuLlqCABFaABPAQAAAP4RztYKCuRICgr0Agl7CXsAO7a8UlNJUCAyNjI2NjIxMzQgKkB2ZzIyNCBNR0NQIDAuMQpSTTogZ3JhY2VmdWwKUkQ6IDAK"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -17,23 +17,23 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066853412310,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5IpMjAwIDI2MjY2MjEzNiAK"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1463066853412475,"pkt":"AAtFuLlqAFBWWvA7CABFYABaAABAAEARTdQKCvQCCgrkSAl7CXsARu+2UlFOVCA4MCBBQUxOL1MyLzFAdmcyMjQgTUdDUCAwLjEKWDogMgpSOiBML2hkClE6IHByb2Nlc3MsbG9vcAo="} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1463066856144135,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1686372010814355} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1686372010814355} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686372010814355,"pkt":"ilE1KSR8ZJY1Gdp3CABFAABUWtAAAG4RuMu7KyW8xKc7fJ9eCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066856143684,"flow_dst_last_pkt_time":1463066856144135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":166,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"vg224"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1686543048544843} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1686543048544843} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686543048544843,"pkt":"K5AY5etoTv\/LX0MOCABFAABUkT8AAGwRhFxD6LT6unCAs5VeCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1686675230897603} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1686675230897603} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686675230897603,"pkt":"7\/8xXMRAPxLVY\/fxCABFAABUIe0AAG4R8bJcrabVU\/rvIcryCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gateway44.myplace.com"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1686675230897603} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1686675230897603} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/23 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917800 bytes -~~ total memory freed........: 6917800 bytes -~~ total allocations/frees...: 114204/114204 +~~ total memory allocated....: 7495396 bytes +~~ total memory freed........: 7495396 bytes +~~ total allocations/frees...: 125935/125935 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 1003 chars diff --git a/test/results/default/mikrotik_mndp.pcap.out b/test/results/default/mikrotik_mndp.pcap.out new file mode 100644 index 000000000..4304fa5bd --- /dev/null +++ b/test/results/default/mikrotik_mndp.pcap.out @@ -0,0 +1,31 @@ +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104390741932} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} +01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1731593241768332} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731593241768332,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip4","src_ip":"192.168.2.106","dst_ip":"255.255.255.255","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1731593241768332,"pkt":"\/\/\/\/\/\/\/\/SKmKDeSdCABFAADNAAAAAEARtw7AqAJq\/\/\/\/\/xYuFi4AuZvifQUCAAABAAZIqYoN5J0ABQAMTWlrcm9UaWsgQXgzAAcAITcuNyAoc3RhYmxlKSBKYW4vMTIvMjAyMyAwNzozNTo0NQAIAAhNaWtyb1RpawAKAATLC7EAAAsACUFUTEYtQVBFRAAMABNDNTNVaUcrNUhQYXhEMkhQYXhEAA4AAQEADwAQ\/oAAAAAAAABKqYr\/\/g3knQAQABFicmlkZ2VfbGFuL2V0aGVyMQARAATAqAJq"} +01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731593241768332,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip4","src_ip":"192.168.2.106","dst_ip":"255.255.255.255","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"48:A9:8A:0D:E4:9D","identity":"MikroTik Ax3","version":"7.7 (stable) Jan\/12\/2023 07:35:45","software_id":"ATLF-APED","board":"C53UiG+5HPaxD2HPaxD","iface_name":"bridge_lan\/ether1","ipv6_addr":"fe80::4aa9:8aff:fe0d:e49d","uptime":3406541056}}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731593241768332,"flow_src_last_pkt_time":1731593241768332,"flow_dst_last_pkt_time":1731593241768332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":177,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731593241768332,"l3_proto":"ip4","src_ip":"192.168.2.106","dst_ip":"255.255.255.255","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mikrotik_mndp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":435,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1731593241768332} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 3/3 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 435 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7489972 bytes +~~ total memory freed........: 7489972 bytes +~~ total allocations/frees...: 125890/125890 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 623 chars +~~ json message max len.......: 1218 chars +~~ json message avg len.......: 918 chars diff --git a/test/results/default/mining.pcapng.out b/test/results/default/mining.pcapng.out index 40f26b5df..651a64d2d 100644 --- a/test/results/default/mining.pcapng.out +++ b/test/results/default/mining.pcapng.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484655421797845} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421797845,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484655421797845,"pkt":"AASWHU4wHG9l2GloCABFAAA0A\/tAAIAGAACT5Q3euUdCJ8CbJw\/zdEGlAAAAAIACIACdWAAAAgQFtAEDAwIBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484655421816250,"pkt":"HG9l2GloAASWHU4wCABFAAAoAABAADEGrJ65R0Ink+UN3icPwJv+A6hh83RBplASAABPdQAAAAAAAAAA"} @@ -8,7 +8,7 @@ 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1484655421843996,"pkt":"AASWHU4wHG9l2GloCABFAADWA\/1AAIAGAACT5Q3euUdCJ8CbJw\/zdEGm\/gOoYlAY\/3Cd+gAAeyJ3b3JrZXIiOiAiZXRoMS4wIiwgImpzb25ycGMiOiAiMi4wIiwgInBhcmFtcyI6IFsiMHg5Yzk5ZDIxMmY3ZTVkYWExOGFiNTA4MTBlMGZkMjU1ZDFmMDQzMDNiL3Rlc3Rlci53b3JrZXIxL3Z2ZXNlbHlAbWFpbGluYXRvciIsICJ4Il0sICJpZCI6IDIsICJtZXRob2QiOiAiZXRoX3N1Ym1pdExvZ2luIn0K"} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421843996,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655452163379,"flow_dst_last_pkt_time":1484655451963831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":243,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":2226,"midstream":0,"thread_ts_usec":1484655452163379,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1952629.6,"max":9791290,"stddev":3004713.0,"var":9028300177408.0,"ent":3.5,"data": [18405,18478,27683,27673,25791,11368,1,37175,8284,48338,236647,209260,12613,9755422,9791290,235473,2439803,2440063,7323703,7588500,64939,25659,10296,234651,3831832,3833133,885298,890088,5008744,5252462,238448]},"pktlen": {"min":40,"avg":131.1,"max":283,"stddev":104.0,"var":10823.6,"ent":4.6,"data": [52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]},"bins": {"c_to_s": [11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0],"entropies": [4.421030521,4.206097126,4.730641365,4.390829086,5.638098717,4.565871716,5.435059071,5.159528255,4.561769485,5.337047100,5.173661709,4.730641365,5.160906792,4.680641174,5.323744297,5.159528255,4.730641365,5.122583389,4.680641651,4.630837917,4.652828693,5.353575706,4.652828693,5.170008659,4.711769104,5.164538860,4.780641556,5.164218426,4.680641651,5.337047100,5.144396782,4.780641556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1514196094240063} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} @@ -33,12 +33,12 @@ 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"} 02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1514196703786322} 02379{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":673,"packets-processed":673,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1514197279769698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 673/673 ~~ skipped flows.............: 0 @@ -47,9 +47,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6942558 bytes -~~ total memory freed........: 6942558 bytes -~~ total allocations/frees...: 114851/114851 +~~ total memory allocated....: 7520154 bytes +~~ total memory freed........: 7520154 bytes +~~ total allocations/frees...: 126582/126582 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2384 chars diff --git a/test/results/default/modbus.pcap.out b/test/results/default/modbus.pcap.out index b8eb2806a..9070278bd 100644 --- a/test/results/default/modbus.pcap.out +++ b/test/results/default/modbus.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1223541953927963} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1223541953927963} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541953927963,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1223541954942774,"flow_dst_last_pkt_time":1223541953930003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541954942774,"pkt":"ABzAX0kKAArkxYMKCABFAAA0jABAAIAGEGXAqG6DwKhuiggaAfZB0ure4RU65FAY\/LAAGAAAANMAAAAGAQMAAQAB"} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541960939284,"flow_dst_last_pkt_time":1223541960940128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":176,"midstream":1,"thread_ts_usec":1223541960940128,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":835,"avg":452370.5,"max":1014211,"stddev":497296.8,"var":247304159232.0,"ent":3.8,"data": [1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912]},"pktlen": {"min":51,"avg":51.5,"max":52,"stddev":0.5,"var":0.2,"ent":5.0,"data": [52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.526987553,4.730195045,4.438603878,4.877732754,4.429176807,4.636961937,4.429176331,4.877732754,4.622483730,4.730195045,4.589393616,4.838517189,4.622483730,4.730195045,4.550931931,4.916948318,4.569504738,4.769410610,4.627855301,4.916948318,4.622483730,4.730195045,4.627855301,4.916948795,4.622483730,4.769410610,4.627855301,4.862931252,4.607966423,4.769410610,4.627855301,4.916948318]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":51,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541977036283,"flow_dst_last_pkt_time":1223541977037227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":561,"midstream":1,"thread_ts_usec":1223541977037227,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1223541977037227} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1223541977037227} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910571 bytes -~~ total memory freed........: 6910571 bytes -~~ total allocations/frees...: 114239/114239 +~~ total memory allocated....: 7488167 bytes +~~ total memory freed........: 7488167 bytes +~~ total allocations/frees...: 125970/125970 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2185 chars diff --git a/test/results/default/monero.pcap.out b/test/results/default/monero.pcap.out index 2b7565a64..0f80db269 100644 --- a/test/results/default/monero.pcap.out +++ b/test/results/default/monero.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1701104895769153} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1701104895769153} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1701104895769153,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895769153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1701104895769153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"159.69.36.66","src_port":48882,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895769153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1701104895769153,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f\/1AAKYGzjLAqAJkn0UkQr7yRqCc4ZKwAAAAAIAC+vC4ZwAAAgQFtAEBBAIBAwMH"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895788356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1701104895788356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADUGvzCfRSRCwKgCZEagvvI97mFBnOGSsYAS+vAZLwAAAgQFrAEBBAIBAwMH"} @@ -32,7 +32,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1701104939473517,"flow_src_last_pkt_time":1701104939579240,"flow_dst_last_pkt_time":1701104939579219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.56.22.89","src_port":39378,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1701104939579240,"flow_src_last_pkt_time":1701104939579240,"flow_dst_last_pkt_time":1701104939579240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":13068,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"62.210.127.86","src_port":42810,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1701104895769153,"flow_src_last_pkt_time":1701104895815129,"flow_dst_last_pkt_time":1701104895814555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":7260,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"159.69.36.66","src_port":48882,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1701104941815016} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1701104941815016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924785 bytes -~~ total memory freed........: 6924785 bytes -~~ total allocations/frees...: 114238/114238 +~~ total memory allocated....: 7502381 bytes +~~ total memory freed........: 7502381 bytes +~~ total allocations/frees...: 125969/125969 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 992 chars diff --git a/test/results/default/mongo_false_positive.pcapng.out b/test/results/default/mongo_false_positive.pcapng.out index cd96f2343..b5daa183e 100644 --- a/test/results/default/mongo_false_positive.pcapng.out +++ b/test/results/default/mongo_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593581341477440} +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593581341477440} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593581341477440,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341477440,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0JV9AAH8G7i28S7gU+7Z4IMGGAbvEY9K7AAAAAIACIAAM3AAAAgQFUAEDAwgBAQQC"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341641115,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341641115,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0AABAADIGYI37tnggvEu4FAG7wYZmWxUYxGPSvIAS\/\/+x9gAAAgQFtAEDAwYEAgAA"} @@ -8,7 +8,7 @@ 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593581357451506,"flow_dst_last_pkt_time":1593581341827549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1248,"pkt_l4_len":1214,"thread_ts_usec":1593581357451506,"pkt":"AAAAAAAAAAUAoyAkCABFAATSKtxAAH8G5BK8S7gU+7Z4IMGGAbvEY9ZmZlsVoFAYAQP4xQAAS0UAAAIIAVUAAASeAQAAAI\/gqM9riCEBZYhSLZSYIvOnmKRFB1NH6SXBoy7HXkHy40xvUKjvN0P2kmQjQ6DOJ\/5cEoTXNc9mpVRRLoaSI0cG53iUIfmCUiYw+Y2Sl96EE3U2XAkcPoGzDfTJB\/4Q3V2JDnKBv7l1qffhqhUQAIC6t6pZb99IWuexXkN6yB+mvcOEgMwSBf+h+EUCXgsmqP0yLGzvhkgeX28Bw3eETrEPbqAcZrSLobMjufoukl580KLwDyb2crXEgXjGPeF78olOb7Pg6sYD\/BN2j6yyAilyS\/tsTsWdhE+MCi3x5py9sPxTra7gQ0k4JVWelsjoabSCP1lmKLze8v5MMRAJvDPMj62ID+lDhFnbLhlQC6f5chGBrpOPgdJC7YHTTF4Yaf6L2LV9kjRaUcpKIzDRzI4KZEonFYhWkM5vOOS0rSPo37Rv1SVkW2EcWQ2nQMbuDtjp\/0tfEZD2geTmvG3etyx+TgAVYG\/awgCrGTG3iBmJ7IP7zvy92HfzRnvpcGwV33VQOmQy5VfPpKlN52Cr9V1cGuATB5Vh71AWy+ZYpCZzbZfNP2tvigsP0wsvXvelhfciLnm+AL8wmySYqBybE3J8dIwFlfoj7ne6sMBf4pGb7AOGBSpiJm38MExrzCRihBJLXRJ7gyu6wZOC7RBoSZhJFfDca7WbjzMcnjgrHhyKz7epOIMZ8KKfdXHIH30WC1WQoyV\/9CDm5Ir6TpnIabDx8aCrVGR2AUJbloUstI06uyojdmfgzlH2RmIEF2wn3MlvapkeTrV1P4YJJdmxgPb+FA1\/KyNKbcQxAZocuyqW5naMFGfnn8cKSFj9nazboTcTzqdyByCcDm0GrOo3lrIAZtJkE4CvuhkCMnF\/7JeMLrrHxrPW\/dOVxglbGTGZaX4aT3qhzlyIFJZcUHvZNd3L8oPPptY03zEYYfgWCY4GCrFbxLpdYS7o3iQ6k\/DOgQDA40F9R\/6bQJtbjUri8cebmGyUgBOFyL4HK+5LP6+wjr7LJLwLOZr12rvbCPH8a5EH0l1+xVGuaHOLPsAloGyPylmUINBBTcC0sBxRxaBR\/z80E26qGGDqcQyyURDhKppNliDigSFs8+fsUbS5ChJOzYl3IpHKfgGOcDcCR3WpoBdqmuOu1DoFstMVlUlLCVIoZpzTcK\/pDo3hPn1LcKZJSo+8BwXkti9ovEfAleUdmchy9h9nbK2GihR4oEJcIGKAmAFjAQTS\/er1a5369himCid2qwxR2G7q+GqiY8Cn5xeTqwJbetF0TDu5o6tQyVaRc80I8hhALVCzmghQGdamem8nIsmKHrqNvthCPs+00k05hS685h68ipvQ5I1mMeEDxQq1lu8OpLGal1I9Y3xEuO7SPNISELRvLy4gXrN6aofFkqLD8VWXc4G\/cbiW1E9zBGFi1T+pcQFhf1bs\/6QwJKdFYF5BC7W4O+tHL6pVuEXRZVBwUo+m8l\/ua1HBIbsTdUY+YmTTIi21zXssBXBCMdMJdRVAPaXcfXoiCOAqgS9a86IMwkmsfZDP8haAQx+y3AlmY8zPj52JGBOc0NBkRzLhTZ25JePs"} 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593581425923470} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593581425923470} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910411 bytes -~~ total memory freed........: 6910411 bytes -~~ total allocations/frees...: 114164/114164 +~~ total memory allocated....: 7488007 bytes +~~ total memory freed........: 7488007 bytes +~~ total allocations/frees...: 125895/125895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 2161 chars diff --git a/test/results/default/mongodb.pcap.out b/test/results/default/mongodb.pcap.out index 7945b77b3..6e1770ec5 100644 --- a/test/results/default/mongodb.pcap.out +++ b/test/results/default/mongodb.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959080,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -9,7 +9,7 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":50,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":317,"pkt_l4_len":279,"thread_ts_usec":1483459979301746,"pkt":"LGv11hfFABsXAAIwgQABLAgARQABK\/fXQAA\/BjNnCgoKCgoKCgvKbmmJmGzsIz6ahkKAGBAaRyIAAAEBCApv\/F3CXOpDgPcAAACYNm5NAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAA\/\/\/\/\/9AAAAAQaXNtYXN0ZXIAAQAAAANjbGllbnQAtQAAAANkcml2ZXIAKgAAAAJuYW1lAAgAAABQeU1vbmdvAAJ2ZXJzaW9uAAYAAAAzLjQuMAAAA29zAFUAAAACdHlwZQAHAAAARGFyd2luAAJuYW1lAAcAAABEYXJ3aW4AAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAgAAAAxMC4xMS42AAACcGxhdGZvcm0AFwAAAENQeXRob24gMi43LjEwLmZpbmFsLjAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1483558834969479} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1483558834969479} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969493,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -22,7 +22,7 @@ 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959080,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459978959080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1483726705497076} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1483726705497076} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} @@ -32,7 +32,7 @@ 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969493,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558834969493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1483737232974198} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1483737232974198} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} @@ -40,7 +40,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":100,"flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1483814916005019} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1483814916005019} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","vlan_id":300,"flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005036,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,7 +55,7 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005036,"flow_src_last_pkt_time":1483814916107729,"flow_dst_last_pkt_time":1483814916098086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":50,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":300,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"vlan_id":100,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1483814916108514} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1483814916108514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927298 bytes -~~ total memory freed........: 6927298 bytes -~~ total allocations/frees...: 114250/114250 +~~ total memory allocated....: 7504917 bytes +~~ total memory freed........: 7504917 bytes +~~ total allocations/frees...: 125982/125982 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 567 chars ~~ json message max len.......: 1118 chars diff --git a/test/results/default/mpeg-dash.pcap.out b/test/results/default/mpeg-dash.pcap.out index f5ce608e6..1644599b5 100644 --- a/test/results/default/mpeg-dash.pcap.out +++ b/test/results/default/mpeg-dash.pcap.out @@ -1,12 +1,12 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744212035234} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744212035234} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212035234,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744212035234,"pkt":"AAAAAAAAAAQAk2VwCABFAAA8XJFAAEAGk4MKVAFRpviYCu3+AFDXU1UdAAAAAKAC\/\/+5fwAAAgQFtAQCCArQulhbAAAAAAEDAwo="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744212169869,"pkt":"AAAAAAAAAAMAbDnzCABFAAA0AABAADAGAB2m+JgKClQBUQBQ7f6v9cxW11NVHoASchAbdQAAAgQFeAEBBAIBAwMK"} 00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_usec":1618744212202980,"pkt":"AAAAAAAAAAQAk2VwCABFAAFwXJNAAEAGkk0KVAFRpviYCu3+AFDXU1Uer\/XMV1AYAFYA8wAAR0VUIC9hcy9iaWdvLWFkLWNyZWF0aXZlcy8zczMvMmxPVEE3Lm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BNzE1RiBCdWlsZC9SUDFBLjIwMDcyMC4wMTI7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODkuMC40Mzg5LjEwNSBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KYmlnby1oYXNoOiBWRkJOek8zaVZjdkdwV05kDQpIb3N0OiBnZGwubmV3cy1jZG4uc2l0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} 01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212202980,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"gdl.news-cdn.site","domainame":"gdl.news-cdn.site","http": {"url":"gdl.news-cdn.site\/as\/bigo-ad-creatives\/3s3\/2lOTA7.mp4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; SM-A715F Build\/RP1A.200720.012; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/89.0.4389.105 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1618744212338460,"pkt":"AAAAAAAAAAMAbDnzCABFAAWg4TBAADEGGICm+JgKClQBUQBQ7f6v9cxX11NWZlAQAB7VHwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMToxMDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogdmlkZW8vbXA0DQpDb250ZW50LUxlbmd0aDogNTczNDAyMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KS2VlcC1BbGl2ZTogdGltZW91dD0xODANCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzE1MzYwMDAwDQpBZ2U6IDUxMDMyMQ0KWC1CLUNIOiAxMg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQNCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCgAAABhmdHlwbXA0MgAAAABtcDQyaXNvbQAAJHhtb292AAAAbG12aGQAAAAA3Jn4utyZ+LoAAKxEAAoYKAABAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAGGlvZHMAAAAAEICAgAcAT\/\/\/Aij\/AAAV1HRyYWsAAABcdGtoZAAAAAHcmfi63Jn4ugAAAAEAAAAAAAoYKAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAHgAAABDgAAAAAFUxtZGlhAAAAIG1kaGQAAAAA3Jn4utyZ+LoAAAPoAAA6mVXEAAAAAAAhaGRscgAAAAAAAAAAdmlkZQAAAAAAAAAAAAAAAAAAABUDbWluZgAAABR2bWhkAAAAAQAAAAAAAAAAAAAAJGRpbmYAAAAcZHJlZgAAAAAAAAABAAAADHVybCAAAAABAAAUw3N0YmwAAACXc3RzZAAAAAAAAAABAAAAh2F2YzEAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAHgAQ4AEgAAABIAAAAAAAAAAEOSlZUL0FWQyBDb2RpbmcAAAAAAAAAAAAAAAAAAAAAAAAY\/\/8AAAAxYXZjQwFkACj\/4QAaZ2QAKKzTAeAIn5YQAAADABAAAAMDKPGDE4ABAARo6qXLAAAAKHN0dHMAAAAAAAAAAwAAAXUAAAAoAAAAAQAAACkAAAABAAAAKAAABfBzdHN6AAAAAAAAAAAAAAF3AAB17QAATqoAADwfAABKDQAALQ8AADvvAAAXxQAAXEwAAC1ZAAAr5QAAJm4AACAKAABLlQAAQr8AAE0YAABOtQAAUW8AAFpkAABHZgAAUdsAAEcyAABAngAAZToAAFcgAAAsRQAAKiMAAExwAAA7HwAAQeIAAEQlAABNNwAAU+0AAGDfAABbEQAAWSoAAGbxAAA8+wAAa4YAAFSgAABeNwAAYlYAAGMnAABCmAAAUk0AACoeAABQmwAAKhUAAGFUAAAojwAAUS0AABpWAABcPAAAHkwAACT0AABL3QAAJLwAACcJAABcSwAAXB8AADEmAABYNQAAOTYAACO4AAAUHgAAE7AAABFSAAAVwgAAEFwAAAn+AABsdgAATC4AACvgAABNFgAAXQwAAFqsAABYdQAAVGMAAFgYAABUZgAAU8cAAFryAABg8AAAqyMAAFolAAAkVAAAY10AACpxAAAwBwAAZMwAACwZAABKewAAV54AAGyKAAB+PwAAQKUAADHWAAB1LQAANx0AAGBIAAAwugAASkMAAC3mAABZGQAAMMwAAGUbAABEVwAASzkAAGchAAA8YwAAbrIAAC2hAABElwAAYSgAAC2YAAA="} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1652784807797513} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1652784807797513} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807797513,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807797513,"pkt":"tKXvZygQwDiWIaSpCABFAAA8gI1AAEAGWyfAqAJpNqFlVecGAFDeWzbUAAAAAKAC+vAGuAAAAgQFtAQCCArGziP6AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807901734,"pkt":"wDiWIaSptKXvZygQCABFAAA8AABAAOwGL7Q2oWVVwKgCaQBQ5waq30sm3ls21aASaN+YUwAAAgQFrAQCCAqvHVtJxs4j+gEDAwc="} @@ -27,7 +27,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"gdl.news-cdn.site"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1652784814543352} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1652784814543352} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915905 bytes -~~ total memory freed........: 6915905 bytes -~~ total allocations/frees...: 114199/114199 +~~ total memory allocated....: 7493576 bytes +~~ total memory freed........: 7493576 bytes +~~ total allocations/frees...: 125934/125934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 2481 chars diff --git a/test/results/default/mpeg.pcap.out b/test/results/default/mpeg.pcap.out index a4b3907f1..279899e26 100644 --- a/test/results/default/mpeg.pcap.out +++ b/test/results/default/mpeg.pcap.out @@ -1,15 +1,15 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434379491040018} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1434379491040018} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434379491040018,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434379491040018,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1434379491117076,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1434379491117149,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1434379491117149,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1434379491117217,"pkt":"yGyHABajPBXCt3IOCABFAADI62NAAEAGcafAqFCgLmWdd9n8AFBP68YpjyI6XYAYECBs0gAAAQEIChUohk0Au5vaR0VUIC8wLm1wMyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogV2dldC8xLjE2LjMgKGRhcndpbjE0LjEuMCkNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpIb3N0OiBsdWNhLm50b3Aub3JnDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434379491117217,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"luca.ntop.org","domainame":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434379491117217,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"luca.ntop.org","domainame":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1434379491158095,"pkt":"PBXCt3IOyGyHABajCABFAAA0obBAADIGye4uZZ13wKhQoABQ2fyPIjpdT+vGvYAQAHamjgAAAQEICgC7m+0VKIZNJ8A="} -01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1434379491158121,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org","domainame":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}} -00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491221137,"flow_dst_last_pkt_time":1434379491221072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":9215,"midstream":0,"thread_ts_usec":1434379491221137,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434379491221137} +01121{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1434379491158121,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org","domainame":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}} +01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491221137,"flow_dst_last_pkt_time":1434379491221072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":9215,"midstream":0,"thread_ts_usec":1434379491221137,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org"}} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1434379491221137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908268 bytes -~~ total memory freed........: 6908268 bytes -~~ total allocations/frees...: 114161/114161 +~~ total memory allocated....: 7485878 bytes +~~ total memory freed........: 7485878 bytes +~~ total allocations/frees...: 125893/125893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars -~~ json message max len.......: 1119 chars -~~ json message avg len.......: 824 chars +~~ json message max len.......: 1126 chars +~~ json message avg len.......: 828 chars diff --git a/test/results/default/mpegts.pcap.out b/test/results/default/mpegts.pcap.out index c303e5b51..c432f4273 100644 --- a/test/results/default/mpegts.pcap.out +++ b/test/results/default/mpegts.pcap.out @@ -1,10 +1,10 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","vlan_id":3359,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_usec":1435209297954335,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"vlan_id":3359,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907614 bytes -~~ total memory freed........: 6907614 bytes -~~ total allocations/frees...: 114137/114137 +~~ total memory allocated....: 7485210 bytes +~~ total memory freed........: 7485210 bytes +~~ total allocations/frees...: 125868/125868 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 616 chars ~~ json message max len.......: 2813 chars diff --git a/test/results/default/mqtt.pcap.out b/test/results/default/mqtt.pcap.out index 3d25a89d5..2ad06a034 100644 --- a/test/results/default/mqtt.pcap.out +++ b/test/results/default/mqtt.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643014009283854} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643014009283854} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643014009283854,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643014009283854,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009286927,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643014009286927,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} @@ -12,7 +12,7 @@ 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"vlan_id":1008,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014010067160,"flow_dst_last_pkt_time":1643014010972297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910254 bytes -~~ total memory freed........: 6910254 bytes -~~ total allocations/frees...: 114157/114157 +~~ total memory allocated....: 7487850 bytes +~~ total memory freed........: 7487850 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/mssql_tds.pcap.out b/test/results/default/mssql_tds.pcap.out index 8e8355833..436880f07 100644 --- a/test/results/default/mssql_tds.pcap.out +++ b/test/results/default/mssql_tds.pcap.out @@ -1,12 +1,12 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1240877917888015} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1240877917888015} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1240877917888015,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1240877917888358,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_usec":1240877917918653,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877918029044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1240877918029044,"pkt":"AFBWwAABAAwpiUrKCABFAAGaA29AAIAGchAKAAABCm9vbwWZBFdZIVC0PuQw2IAYQImkmQAAAQEICgABW84EC7DnBAEBZgA1AQCBBAAAAAAACQDvPAAJBNAANARuAGEAbQBlAAAAAAAJAO88AAkE0AA0B3MAdQByAG4AYQBtAGUAAAAAAAkA71AACQTQADQEYwBpAHQAeQAAAAAACAA4AmkAZADRPAB6AHoAegAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAA8AGIAYgBiACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAAYwB4AHgAeAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAACAAAA\/xEAwQABAAAAAAAAAHkAAAAArAAAAAEAAAAAAAAmBAQBAAAA\/gAA4AAAAAAAAAAAAA=="} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1259762400004437} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1259762400004437} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1259762400004437,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} @@ -37,7 +37,7 @@ 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1259762482456090,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1278068444584977} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1278068444584977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1278068444584977,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} @@ -62,7 +62,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444650715,"flow_src_last_pkt_time":1278068444650715,"flow_dst_last_pkt_time":1278068444650715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":268,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444666075,"flow_src_last_pkt_time":1278068444666075,"flow_dst_last_pkt_time":1278068444666075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004540,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":17,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1278068444666075} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1278068444666075} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936943 bytes -~~ total memory freed........: 6936943 bytes -~~ total allocations/frees...: 114297/114297 +~~ total memory allocated....: 7514539 bytes +~~ total memory freed........: 7514539 bytes +~~ total allocations/frees...: 126028/126028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 2493 chars diff --git a/test/results/default/mullvad_dns.pcap.out b/test/results/default/mullvad_dns.pcap.out index 0aab6c768..66dcd3617 100644 --- a/test/results/default/mullvad_dns.pcap.out +++ b/test/results/default/mullvad_dns.pcap.out @@ -1,12 +1,12 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989392454764} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989392454764} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1690989392454764,"pkt":"LpGu0BOrUqbfQmqICABFAABU8HEAAD8RPmLAqHoLCQkJCcnwADUAQE0XWYYBIAABAAAAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABAAApBNAAAAAAAAwACgAIwhcGhsoKkzM="} 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","domainame":"www.mullvad.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1690989392507188,"pkt":"UqbfQmqILpGu0BOrCABFAABmAu0AADgRMtUJCQkJwKh6CwA1yfAAUpRhWYaBoAABAAIAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABwAwABQABAAAG1wACwBDAEAABAAEAAAALAAQtU9\/RAAApBNAAAAAAAAA="} 01123{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","domainame":"www.mullvad.net","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["45.83.223.209,ttl=11"]}}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1690989392507188} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1690989392507188} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 592 chars ~~ json message max len.......: 1128 chars diff --git a/test/results/default/mullvad_wireguard.pcap.out b/test/results/default/mullvad_wireguard.pcap.out index a82395985..8ec793a55 100644 --- a/test/results/default/mullvad_wireguard.pcap.out +++ b/test/results/default/mullvad_wireguard.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989590945292} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690989590945292} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989590945292,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989590945292,"pkt":"LpGu0BOrUqbfQmqICABFAAB83fQAAEARGDDAqHoLxjaDYlhDE8QAaITGBAAAABV2SXkTAAAAAAAAADvIU5XIGqFEsZ+W5jn7BLiciIB2fPEUKgOh7JJ8k\/FEcfAVrKf6uU7CHWMuDpSvWjtQYEvV9cMoDP4zIz5uBNzGTNEAB8QP+U4duw0xthm\/"} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989591192470,"pkt":"UqbfQmqILpGu0BOrCABFCAB8BUcAACsRBdbGNoNiwKh6CxPEWEMAaIuGBAAAALBIEBwPAAAAAAAAAAsITpzs3Nqj\/mngBcwLuctA0JbR014xS\/DoFTXDrk8w1scffwPGXVQhk89PWb8vtw+pOPrZNyooWu5tHm9KcXVq4hier14EKnEpPtrq0py+"} @@ -8,7 +8,7 @@ 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1690989591192829,"pkt":"LpGu0BOrUqbfQmqICABFAAC83hIAAEARF9LAqHoLxjaDYlhDE8QAqIUGBAAAABV2SXkVAAAAAAAAAJ2fNtGME5zwSTdTMQkGmaiCH+Wo\/9gCMeD01GNIb8pBUhJF3FFtz4RVJRfxx9PzIa8nYPqq4P5DoSH+YsbbogMXQb97+TfgyZWaD5D38iAu+73Y9mXDRYIdZgkSk3b17pGL+yVTFX7rQWUh\/xcnUYDcXFPo8xpMcVnDhl\/Gv\/0VmzIFSzjVfEcbvM2LkUIVmw=="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591426538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1690989591426538,"pkt":"UqbfQmqILpGu0BOrCABFCABsBWYAACsRBcfGNoNiwKh6CxPEWEMAWOEUBAAAALBIEBwQAAAAAAAAAOmugALEfSDtPyEnUa4GVP4WD6vx6vmcdq74p5uWI8wZndweTg2aIL6E2AQEi74KoRmz+vx\/BmWI2O6toM6+Rk0="} 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989591911796,"flow_dst_last_pkt_time":1690989591911742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":672,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":928,"midstream":0,"thread_ts_usec":1690989591911796,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard.Mullvad","proto_id":"206.348","proto_by_ip":"Mullvad","proto_by_ip_id":348,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1690989591911796} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1690989591911796} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907955 bytes -~~ total memory freed........: 6907955 bytes -~~ total allocations/frees...: 114149/114149 +~~ total memory allocated....: 7485551 bytes +~~ total memory freed........: 7485551 bytes +~~ total allocations/frees...: 125880/125880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 627 chars ~~ json message max len.......: 1135 chars diff --git a/test/results/default/mumble.pcapng.out b/test/results/default/mumble.pcapng.out index 307bea725..2cd63bff6 100644 --- a/test/results/default/mumble.pcapng.out +++ b/test/results/default/mumble.pcapng.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705621398492193} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705621398492193} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705621398492193,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398492193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398492193,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"5.39.185.162","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398492193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705621398492193,"pkt":"SKmKCiNtCAAniDE8CABFAAAo21MAAIARAADAqFjQBSe5osOl\/OIAFNhnAAAAAAPXIAD6dih+"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705621398533743,"flow_src_last_pkt_time":1705621398533743,"flow_dst_last_pkt_time":1705621398533743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398533743,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"87.122.110.156","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -13,13 +13,13 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705621398587907,"pkt":"CAAniDE8SKmKCiNtCABFQAA0AABAADwGSs2XZULZwKhY0AG7w4vPOsZJqgA344ASBaA5FQAAAgQFoAEBBAIBAwMB"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705621398587907,"pkt":"SKmKCiNtCAAniDE8CABFAAAoDQZAAIAGAADAqFjQl2VC2cOLAbuqADfjzzrGSlAQBAXz0QAA"} 01221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1705621398587907,"pkt":"SKmKCiNtCAAniDE8CABFAAItDQdAAIAGAADAqFjQl2VC2cOLAbuqADfjzzrGSlAYBAX11gAAFgMBAgABAAH8AwOO7IQoIwXN6hw6ZXhkzI2RzUDAUKWLdpWeFOBgwL0CfiBVQy6CjPYyR51iD5j9krijEgamH45PY2l37sePPMYiSAByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABgAFgAAE3B1Ymxpc3QubXVtYmxlLmluZm8ACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACBNORUtPPq4Ebas6P+jVaKvRhWp1gaWtW1N1zjdtCkqTgAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP","hostname":"publist.mumble.info","domainame":"publist.mumble.info","tls": {"version":"TLSv1.2","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP","hostname":"publist.mumble.info","domainame":"publist.mumble.info","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1705621398587907,"pkt":"CAAniDE8SKmKCiNtCABFQAAodTFAADwG1aeXZULZwKhY0AG7w4vPOsZKqgA56FAQBOh4gAAAAAC8iPRq"} -01446{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP","hostname":"publist.mumble.info","domainame":"publist.mumble.info","tls": {"version":"TLSv1.2","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"1d8db21618511d0ab31a2c2a0de6d7a7","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01405{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP","hostname":"publist.mumble.info","domainame":"publist.mumble.info","tls": {"version":"TLSv1.2","ja3s":"1d8db21618511d0ab31a2c2a0de6d7a7","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705621398492193,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398539803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"5.39.185.162","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mumble","proto_id":"387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705621398533743,"flow_src_last_pkt_time":1705621398533743,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"87.122.110.156","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mumble","proto_id":"387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2029,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1705621398587907} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2029,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1705621398587907} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -28,10 +28,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916822 bytes -~~ total memory freed........: 6916822 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7494418 bytes +~~ total memory freed........: 7494418 bytes +~~ total allocations/frees...: 125905/125905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars -~~ json message max len.......: 1451 chars -~~ json message avg len.......: 987 chars +~~ json message max len.......: 1410 chars +~~ json message avg len.......: 967 chars diff --git a/test/results/default/munin.pcap.out b/test/results/default/munin.pcap.out index 8ef965c31..7900fab95 100644 --- a/test/results/default/munin.pcap.out +++ b/test/results/default/munin.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666226102691709} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666226102691709} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666226102691709,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102691709,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8V+BAAEAGaOisEBBsrBARZ7JWE1Uxv3OfAAAAAKAC9QCa0AAAAgQjAAQCCArNYOiDAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102717855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102717855,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsisEBFnrBAQbBNVslYbuawOMb9zoKAS\/+CLmwAAAgQFnAQCCAq\/Z5p4zWDogwEDAwc="} @@ -7,7 +7,7 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1666226102759806,"pkt":"ABY+T3\/T+hY+\/yO1CABFAABSYdhAAD4GYNqsEBFnrBAQbBNVslYbuawPMb9zoIAYAgB0FgAAAQEICr9nmqLNYOieIyBtdW5pbiBub2RlIGF0IGtpYmFuYS1ub2RlMDEK"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666226102759806,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666226102761116,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666226102761116,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0V+JAAEAGaO6sEBBsrBARZ7JWE1Uxv3OgG7msLYAQAeq3uQAAAQEICs1g6Mi\/Z5qi"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666249807376910} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666249807376910} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666249807376910,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807376910,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8eSRAAEAGR6WsEBBsrBARZtfYE1VvZhzuAAAAAKAC9QC3lwAAAgQjAAQCCAr\/Q41iAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807402712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807402712,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsmsEBFmrBAQbBNV19hQR58Xb2Yc76AS\/+DsEwAAAgQFnAQCCAq2AziU\/0ONYgEDAwc="} @@ -16,7 +16,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807404027,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":0,"thread_ts_usec":1666249807436639,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1666249807438107,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666249807438107,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0eSZAAEAGR6usEBBsrBARZtfYE1VvZhzvUEefN4AQAeoYQgAAAQEICv9DjZ+2Azi1"} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102892589,"flow_dst_last_pkt_time":1666226102941764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666249807610393,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"kibana-node01"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1666266002857038} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1666266002857038} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666266002857038,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002857038,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8yJJAAEAG+DesEBBsrBARZdBCE1WX5J9vAAAAAKAC9QDfsAAAAgQjAAQCCAp1q0t5AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002883378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002883378,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsqsEBFlrBAQbBNV0EJ2nLwRl+SfcKAS\/+DhLwAAAgQFnAQCCAqHPlcHdatLeQEDAwc="} @@ -25,7 +25,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002884343,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666266002914766,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666266002915853,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666266002915853,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0yJRAAEAG+D2sEBBsrBARZdBCE1WX5J9wdpy8MIAQAeoNYgAAAQEICnWrS7SHPlcn"} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807564073,"flow_dst_last_pkt_time":1666249807610393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":267,"midstream":0,"thread_ts_usec":1666266003076418,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"elastic-node02"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1666274401982227} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1666274401982227} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666274401982227,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274401982227,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8CtBAAEAGtl6sEBBsrBARAeo2E1Wjl90YAAAAAKAC9QCoZQAAAgQjAAQCCAp4RB0\/AAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274402007121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274402007121,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD8Gwi6sEBEBrBAQbBNV6ja\/dPxso5fdGaAS\/+B4GQAAAgQFnAQCCArx85TpeEQdPwEDAwc="} @@ -35,7 +35,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1666274402039419,"flow_dst_last_pkt_time":1666274402037918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666274402039419,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0CtJAAEAGtmSsEBBsrBARAeo2E1Wjl90Zv3T8g4AQAeqkVwAAAQEICnhEHXjx85UH"} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266003040348,"flow_dst_last_pkt_time":1666266003076418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"log-collector"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274402167889,"flow_dst_last_pkt_time":1666274402201343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":365,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gw-ct"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1666274402201343} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1666274402201343} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916589 bytes -~~ total memory freed........: 6916589 bytes -~~ total allocations/frees...: 114234/114234 +~~ total memory allocated....: 7494185 bytes +~~ total memory freed........: 7494185 bytes +~~ total allocations/frees...: 125965/125965 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 1002 chars diff --git a/test/results/default/mysql.pcapng.out b/test/results/default/mysql.pcapng.out index 3647a087c..eb8f516ae 100644 --- a/test/results/default/mysql.pcapng.out +++ b/test/results/default/mysql.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705960164821097} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705960164821097} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705960164821097,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705960164821097,"pkt":"CAAncIgi8C90rUP1CABFAAA82jtAAEAGLX\/AqFjnwKhYyY98DOp2PS8IAAAAAKACfXgzMAAAAgQFtAQCCAppS\/T6AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705960164821230,"pkt":"8C90rUP1CAAncIgiCABFAAA8AABAAEAGB7vAqFjJwKhY5wzqj3zoGIATdj0vCaAS\/oj7XQAAAgQFtAQCCAodC\/XcaUv0+gEDAwc="} @@ -7,7 +7,7 @@ 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1705960164821258,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1705960164821452,"pkt":"8C90rUP1CAAncIgiCABFCACi\/KRAAEAGCqjAqFjJwKhY5wzqj3zoGIAUdj0vCYAYAf4QPQAAAQEICh0L9dxpS\/T6agAAAAo1LjUuNS0xMC42LjEyLU1hcmlhREItMHVidW50dTAuMjIuMDQuMQAgAAAAR2dQPSErVEgA\/vctAgD\/gRUAAAAAAAAdAAAASXY3T2UvWVJtUjE+AG15c3FsX25hdGl2ZV9wYXNzd29yZAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960164821258,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":1705960164821452,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1705960164821461,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705960164821461,"pkt":"CAAncIgi8C90rUP1CABFCAA02j1AAEAGLX3AqFjnwKhYyY98DOp2PS8J6BiAgoAQAPszKAAAAQEICmlL9PodC\/Xc"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1705961445154157} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1705961445154157} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705961445154157,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705961445154157,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.200","src_port":36272,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705961445154157,"pkt":"CAAnuVBs8C90rUP1CABFAAA8HqhAAEAG6RPAqFjnwKhYyI2wDOriY1z8AAAAAKACfXgzLwAAAgQFtAQCCApboWQSAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705961445154294,"pkt":"8C90rUP1CAAnuVBsCABFAAA8AABAAEAGB7zAqFjIwKhY5wzqjbCh\/Uwo4mNc\/aAS\/oihhAAAAgQFtAQCCAroGgTyW6FkEgEDAwc="} @@ -17,7 +17,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1705961445178850,"flow_dst_last_pkt_time":1705961445178841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705961445178850,"pkt":"CAAnuVBs8C90rUP1CABFAAA0HqpAAEAG6RnAqFjnwKhYyI2wDOriY1z9of1Md4AQAPszJwAAAQEICluhZCvoGgUK"} 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1705961445154157,"flow_src_last_pkt_time":1705961447627544,"flow_dst_last_pkt_time":1705961447627529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":322,"flow_dst_max_l4_payload_len":2218,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":2981,"midstream":0,"thread_ts_usec":1705961447627544,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.200","src_port":36272,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960167087269,"flow_dst_last_pkt_time":1705960167087249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1705961447627544,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1705961447627544} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1705961447627544} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911230 bytes -~~ total memory freed........: 6911230 bytes -~~ total allocations/frees...: 114191/114191 +~~ total memory allocated....: 7488826 bytes +~~ total memory freed........: 7488826 bytes +~~ total allocations/frees...: 125922/125922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 984 chars diff --git a/test/results/default/nano.pcapng.out b/test/results/default/nano.pcapng.out index 229e7ec89..d9dc82329 100644 --- a/test/results/default/nano.pcapng.out +++ b/test/results/default/nano.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721295318976755} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721295318976755} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721295318976755,"flow_src_last_pkt_time":1721295318976755,"flow_dst_last_pkt_time":1721295318976755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721295318976755,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"37.120.187.138","src_port":59642,"dst_port":7075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1721295318976755,"flow_dst_last_pkt_time":1721295318976755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721295318976755,"pkt":"SKmKCiNt8C90rUP1CABFAAA8jZVAAEAGspTAqFjnJXi7iuj6G6Ogx8U+AAAAAKAC+vD6wAAAAgQFtAQCCAoPwsSRAAAAAAEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1721295318976755,"flow_dst_last_pkt_time":1721295319028262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721295319028262,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADQGTColeLuKwKhY5xuj6PpeKTrgoMfFP6AS\/ojNPwAAAgQFoAQCCApGamM8D8LEkQEDAwc="} @@ -8,7 +8,7 @@ 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1721295318976755,"flow_src_last_pkt_time":1721295319028342,"flow_dst_last_pkt_time":1721295319028262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721295319028342,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"37.120.187.138","src_port":59642,"dst_port":7075,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nano","proto_id":"420","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1721295319028342,"flow_dst_last_pkt_time":1721295319083243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1721295319083243,"pkt":"8C90rUP1SKmKCiNtCABFAAA0TKtAADQG\/4YleLuKwKhY5xuj6PpeKTrhoMfFZ4AQAf338wAAAQEICkZqY3APwsTF"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1721295318976755,"flow_src_last_pkt_time":1721295319028342,"flow_dst_last_pkt_time":1721295319083277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1721295319083277,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"37.120.187.138","src_port":59642,"dst_port":7075,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nano","proto_id":"420","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1721295319083277} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nano.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1721295319083277} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907811 bytes -~~ total memory freed........: 6907811 bytes -~~ total allocations/frees...: 114144/114144 +~~ total memory allocated....: 7485407 bytes +~~ total memory freed........: 7485407 bytes +~~ total allocations/frees...: 125875/125875 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/natpmp.pcap.out b/test/results/default/natpmp.pcap.out index f46bf5eec..81d0f6c53 100644 --- a/test/results/default/natpmp.pcap.out +++ b/test/results/default/natpmp.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631961259127898} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631961259127898} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1631961259127898,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAeV7pAAEARXkbAqAGAwKgB\/o\/0FOcACtYvAAA="} 01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}} @@ -8,7 +8,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631961267470917,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAoXGBAAEARWZbAqAGAwKgB\/o\/0FOcAFDZeAAIAAMjVyNUAAA4Q"} 01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1631961267470917,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":51413,"external_port":51413,"external_address":"10.201.213.174"}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961267496338,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631961267496338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAssMEAAEARRTHAqAH+wKgBgBTnj\/QAGPrFAIIAAAArOuXI1cjVAAAOEAAA"} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663058610829000} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1663058610829000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1663058610829000,"pkt":"eJS0JASgYDjgxTWgCABFAAAe7gNAAKIRZRXAqAJkwKgCAY\/tFOcACoXRAAA="} 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}} @@ -28,7 +28,7 @@ 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1663058622646000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622646000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":59817,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1663058622897000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622897000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":35763,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1663058622897000} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1663058622897000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915128 bytes -~~ total memory freed........: 6915128 bytes -~~ total allocations/frees...: 114183/114183 +~~ total memory allocated....: 7492724 bytes +~~ total memory freed........: 7492724 bytes +~~ total allocations/frees...: 125914/125914 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 516 chars ~~ json message max len.......: 1161 chars diff --git a/test/results/default/nats.pcap.out b/test/results/default/nats.pcap.out index 46e4e6685..c1661c2d9 100644 --- a/test/results/default/nats.pcap.out +++ b/test/results/default/nats.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1586288040558498} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1586288040558498} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1586288040558498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558498,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558594,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558594,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} @@ -16,7 +16,7 @@ 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288040575609,"flow_dst_last_pkt_time":1586288040577107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":1586288040577107,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040570938,"flow_dst_last_pkt_time":1586288040570821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":315,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288042776117,"flow_dst_last_pkt_time":1586288042776134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":321,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1586288042776134} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1586288042776134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914920 bytes -~~ total memory freed........: 6914920 bytes -~~ total allocations/frees...: 114179/114179 +~~ total memory allocated....: 7492516 bytes +~~ total memory freed........: 7492516 bytes +~~ total allocations/frees...: 125910/125910 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 962 chars diff --git a/test/results/default/naver.pcap.out b/test/results/default/naver.pcap.out index 3283944ac..b2bebc099 100644 --- a/test/results/default/naver.pcap.out +++ b/test/results/default/naver.pcap.out @@ -1,33 +1,33 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730387261423525} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730387261423525} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261423525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261423525,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261423525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387261423525,"pkt":"AgAAAAABAgAAAAACCABFAAA8GPlAAEAG\/eYK160BFzRU0JxaAbsaMFI+AAAAAKAC\/\/+b7AAAAgQm6AQCCArcYYAbAAAAAAEDAwk="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387261449768,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGFuwXNFTQCtetAQG7nFp363frGjBSP3ASBAA4owAAAgQm6AMDCQA="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1730387261449929,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261449929,"pkt":"AgAAAAABAgAAAAACCABFAAAoGPpAAEAG\/fkK160BFzRU0JxaAbsaMFI\/d+t37FAQAICRGwAA"} 01213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1730387261453362,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387261453362,"pkt":"AgAAAAABAgAAAAACCABFAAIoGPtAAEAG+\/gK160BFzRU0JxaAbsaMFI\/d+t37FAQAIBUzAAAFgMBAgABAAH8AwPX38a3MCvLk8uZ1hRP4mrIcI\/KE5Ca09x0fVESciasXyAHVzLhzlLebn9ANLoi0ghqpVMwaJhABDq537sQ5LecrAAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABAADgAAC20ubmF2ZXIuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBTdWagI7SgZgL7PYcAj7Gok6yNBt0GqqRKhpu0eBDiIwAtAAIBAQArAAUEAwQDAwAVAPIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1730387261453362,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261453466,"pkt":"AgAAAAABAgAAAAACCABFAAAoAABAAEAGFvQXNFTQCtetAQG7nFp363fsGjBUP1AQA\/+LnAAA"} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261453544,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3":"f79b6bad2ad0641e1921aef10262856b","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3":"f79b6bad2ad0641e1921aef10262856b","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261453544,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAA8O\/FAAEAGOzUK160Bbl2dYKQ4AbsIxNkQAAAAAKAC\/\/9rfQAAAgQm6AQCCAotHELSAAAAAAEDAwk="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGdzJuXZ1gCtetAQG7pDh363frCMTZEXASBAAbpQAAAgQm6AMDCQA="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAoO\/JAAEAGO0gK160Bbl2dYKQ4AbsIxNkRd+t37FAQAIB0HQAA"} 01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAIoO\/NAAEAGOUcK160Bbl2dYKQ4AbsIxNkRd+t37FAQAIDGAgAAFgMBAgABAAH8AwO+WVIKKHo4iEcoj\/2Pni3Ip89I+2z4VSX\/b8wvs98HySB7XO7+kUJfvAJd5\/Eq9AEree5Z8A+qIo2kx6RomAIoFAA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAF1AAAAIgAgAAAda3ItY29sLWV4dC5uZWxvLm5hdmVyY29ycC5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgzdAAAABAACwAJCGh0dHAvMS4xABYAAAAXAAAAMQAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgHONekpeLZ\/26p8X\/\/d9UWhxjgWruEmQYfGC\/OrMdsG8AFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAtO\/RAAEAGO0EK160Bbl2dYKQ4AbsIxNsRd+t37FAYAIByEAAAAAAAAAA="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"kr-col-ext.nelo.navercorp.com","domainame":"kr-col-ext.nelo.navercorp.com","tls": {"version":"TLSv1.2","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01814{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261663060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4356,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1730387261663060,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"kr-col-ext.nelo.navercorp.com","domainame":"kr-col-ext.nelo.navercorp.com","tls": {"version":"TLSv1.2","server_names":"*.nelo.navercorp.com,*.slog.navercorp.com,slog.navercorp.com,*.nelo2.navercorp.com,nelo2.navercorp.com,*.nelo2-col.navercorp.com,nelo2-col.navercorp.com,nelo.navercorp.com","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Corp., CN=*.nelo.navercorp.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"C0:F0:CB:37:C1:2D:17:DC:21:40:1D:14:10:E5:3B:78:0F:37:B6:EA","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"kr-col-ext.nelo.navercorp.com","domainame":"kr-col-ext.nelo.navercorp.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01773{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261663060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4356,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1730387261663060,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"kr-col-ext.nelo.navercorp.com","domainame":"kr-col-ext.nelo.navercorp.com","tls": {"version":"TLSv1.2","server_names":"*.nelo.navercorp.com,*.slog.navercorp.com,slog.navercorp.com,*.nelo2.navercorp.com,nelo2.navercorp.com,*.nelo2-col.navercorp.com,nelo2-col.navercorp.com,nelo.navercorp.com","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Corp., CN=*.nelo.navercorp.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"C0:F0:CB:37:C1:2D:17:DC:21:40:1D:14:10:E5:3B:78:0F:37:B6:EA","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269609964,"flow_dst_last_pkt_time":1730387269609964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269609964,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1730387269609964,"flow_dst_last_pkt_time":1730387269609964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387269609964,"pkt":"AgAAAAABAgAAAAACCABFAAA8ps9AAEAGWx4K160BuDLIw7IKAbuEfl3+AAAAAKAC\/\/\/PPQAAAgQm6AQCCAqf4OiaAAAAAAEDAwk="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1730387269609964,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387269634792,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGAfq4MsjDCtetAQG7sgp363frhH5d\/3ASBACX8gAAAgQm6AMDCQA="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1730387269634949,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387269634949,"pkt":"AgAAAAABAgAAAAACCABFAAAoptBAAEAGWzEK160BuDLIw7IKAbuEfl3\/d+t37FAQAIDwagAA"} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1730387269636387,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387269636387,"pkt":"AgAAAAABAgAAAAACCABFAAIoptFAAEAGWTAK160BuDLIw7IKAbuEfl3\/d+t37FAQAIBuHgAAFgMBAgABAAH8AwNZH7rBuBt1xrwIbjDlhPOR+5G6F4LrPLdIPSTRSpxo7CA+vFrtGzprO63Vue4VRezFRaS1Ecv5l\/tFSXo37dw7hAAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAAB0AGwAAGGR0aHVtYi1waGluZi5wc3RhdGljLm5ldAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAg78Ojm6jaXZuX1wRTpsRNjRNdUV3aV2AqjZhzlffXTnkALQACAQEAKwAFBAMEAwMAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"thread_ts_usec":1730387269636423,"pkt":"AgAAAAABAgAAAAACCABFAAAtptJAAEAGWyoK160BuDLIw7IKAbuEfl\/\/d+t37FAYAIDuXQAAAAAAAAA="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269636423,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","ja3":"f79b6bad2ad0641e1921aef10262856b","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01638{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","server_names":"*.pstatic.net,pstatic.net","ja3":"f79b6bad2ad0641e1921aef10262856b","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269636423,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","server_names":"*.pstatic.net,pstatic.net","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB","blocks":0}}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261663060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4356,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1730387269664358} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1730387269664358} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -36,10 +36,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6937547 bytes -~~ total memory freed........: 6937547 bytes -~~ total allocations/frees...: 114216/114216 +~~ total memory allocated....: 7515143 bytes +~~ total memory freed........: 7515143 bytes +~~ total allocations/frees...: 125947/125947 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars -~~ json message max len.......: 1819 chars -~~ json message avg len.......: 1172 chars +~~ json message max len.......: 1778 chars +~~ json message avg len.......: 1152 chars diff --git a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out index 9b86beb39..cbb61370b 100644 --- a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,5 +1,5 @@ -00643{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258162014557086} +00643{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258162014557086} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258162014557086,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1258162014557086,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_usec":1258162014576991,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} @@ -8,9 +8,9 @@ 01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1126,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":1258162014582846,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"10.68.137.118","domainame":"10.68.137.118","http": {"url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":200,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1","request_content_type":""}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1258162014587557,"pkt":"AFBWmXinAB9ro6gACABFAAAoMZ1AADwGZmMKAwkTCkSJdp64H5sCrVUelwIr+1AQwhBt1wAAAAAAAAAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162020091627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1258162020091627,"pkt":"AAAMB6wcAFBWmXinCABFAAAoOz5AAIAGGMIKRIl2CgMJEx+bnriXAiv7Aq1VHlAR9jim6gAA"} -00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1258165452647609} +00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1258165452647609} 01289{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258165452688667,"flow_dst_last_pkt_time":1258165452688687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1126,"flow_dst_max_l4_payload_len":685,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1258165452688687,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"10.68.137.118"}} -00873{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1258165452688687} +00873{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1258165452688687} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908159 bytes -~~ total memory freed........: 6908159 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7485794 bytes +~~ total memory freed........: 7485794 bytes +~~ total allocations/frees...: 125889/125889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 2070 chars diff --git a/test/results/default/nest_log_sink.pcap.out b/test/results/default/nest_log_sink.pcap.out index ecedbe8b1..8e3e565ce 100644 --- a/test/results/default/nest_log_sink.pcap.out +++ b/test/results/default/nest_log_sink.pcap.out @@ -1,15 +1,15 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536712992228658} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1536712992228658} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536712992228658,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536712992228658,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536712992289465,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536713052295189,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052360453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052360453,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpVAAC0G7ecjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052805060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052805060,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpZAAC0G7eYjrlLtwKjyDytX92zEgGGECKi\/QFAQgdDz\/gAA"} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":51,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1536713593921755} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":51,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1536713593921755} 02069{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":60807,"avg":38820860.0,"max":60122070,"stddev":28558074.0,"var":815563555209216.0,"ent":4.3,"data": [60807,60066531,60070988,444607,512208,60052382,60122070,60064103,60058548,139368,204086,59876012,59944753,60065849,60071735,305546,379257,59710128,59782330,60066153,60065042,470660,541865,60021230,60097006,60071977,60059874,163527,227320,59833996,59896720]},"pktlen": {"min":40,"avg":43.0,"max":46,"stddev":3.0,"var":9.0,"ent":5.0,"data": [46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [4.501398087,4.881687164,4.457920074,4.881687164,4.881687164,4.501398087,4.457919598,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.414441586,4.881687164,4.881687164,4.441509247,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164]}} 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":101,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1536714195599741} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":101,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1536714195599741} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536714602587299,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -45,10 +45,10 @@ 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1536714610253460,"flow_src_last_pkt_time":1536714615546363,"flow_dst_last_pkt_time":1536714615544009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":41,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536714607325706,"flow_dst_last_pkt_time":1536714607385830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":276,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1536714800447381} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":276,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1536714800447381} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714795433354,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":326,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1536715402175361} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":376,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1536716003807368} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":326,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1536715402175361} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":376,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":51,"global_ts_usec":1536716003807368} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536716402804764,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -85,8 +85,8 @@ 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 02255{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716592513963,"flow_dst_last_pkt_time":1536716532889304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536716592513963,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6654,"avg":10037526.0,"max":60065954,"stddev":21842106.0,"var":477077551710208.0,"ent":2.6,"data": [66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627]},"pktlen": {"min":40,"avg":162.2,"max":717,"stddev":185.8,"var":34538.8,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0],"entropies": [4.390829086,5.012806416,4.434307098,6.960905552,4.931687355,7.109922409,4.501398087,5.422218800,4.931687355,7.525271416,4.762814999,5.747631550,6.463061810,7.686710835,4.434307098,6.746978760,6.772123814,6.796743393,6.668047905,6.846702099,6.720046520,4.457919121,7.263835907,5.855727196,4.441509247,4.501398087,4.981687546,4.501398087,4.981687546,4.981687546,4.501398087,4.501398087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716592575967,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":547,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1536716652586979} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":595,"packets-processed":452,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1536717254253428} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":547,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1536716652586979} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":595,"packets-processed":452,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1536717254253428} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536717427961883,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","domainame":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -117,7 +117,7 @@ 01014{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717632764427,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 02258{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717692809761,"flow_dst_last_pkt_time":1536717693064770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536717693064770,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4297,"avg":15667489.0,"max":60116188,"stddev":26141992.0,"var":683403720523776.0,"ent":3.1,"data": [65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155]},"pktlen": {"min":40,"avg":145.1,"max":718,"stddev":181.0,"var":32752.9,"ent":4.2,"data": [46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40]},"bins": {"c_to_s": [10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1],"entropies": [4.303872585,4.967351913,4.390829086,7.000074863,4.931686878,7.083823204,4.501398087,5.370536327,4.981687069,6.850469589,4.881687164,5.621728897,6.422999859,7.639559269,4.347350597,6.781757832,6.666656017,4.544876099,6.837507248,6.783583164,7.269664764,5.833524227,4.501398087,4.390829086,4.931686878,4.457919598,4.931686878,4.501398087,4.931686878,4.501398087,4.931686878,4.981687069]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":727,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":4,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":120,"global_ts_usec":1536717873194026} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":727,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":4,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":120,"global_ts_usec":1536717873194026} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718052990525,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536718052990525,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718053059160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536718053059160,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} @@ -161,11 +161,11 @@ 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718392321066,"flow_dst_last_pkt_time":1536718332214337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536718392321066,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4658,"avg":10044835.0,"max":60173109,"stddev":21953530.0,"var":481957439864832.0,"ent":2.6,"data": [65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330]},"pktlen": {"min":40,"avg":162.2,"max":716,"stddev":185.8,"var":34529.8,"ent":4.3,"data": [46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0],"entropies": [4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718392405835,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com"}} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":900,"packets-processed":713,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1536718512170528} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":950,"packets-processed":743,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":165,"global_ts_usec":1536719113902134} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1000,"packets-processed":773,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1536719715232392} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":900,"packets-processed":713,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1536718512170528} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":950,"packets-processed":743,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":165,"global_ts_usec":1536719113902134} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1000,"packets-processed":773,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1536719715232392} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":46,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536719715232392,"flow_dst_last_pkt_time":1536719655557559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536719715232392,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1000,"packets-processed":774,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":168,"global_ts_usec":1536719715232392} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1000,"packets-processed":774,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":168,"global_ts_usec":1536719715232392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 ~~ skipped flows.............: 0 @@ -174,9 +174,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6993991 bytes -~~ total memory freed........: 6993991 bytes -~~ total allocations/frees...: 115136/115136 +~~ total memory allocated....: 7571587 bytes +~~ total memory freed........: 7571587 bytes +~~ total allocations/frees...: 126867/126867 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2263 chars diff --git a/test/results/default/netbios.pcap.out b/test/results/default/netbios.pcap.out index 549cd3906..5d3a0aa3f 100644 --- a/test/results/default/netbios.pcap.out +++ b/test/results/default/netbios.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1447772210350540} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1447772210350540} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210350540,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00968{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy","domainame":"xstream_hy"}} @@ -14,7 +14,7 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1447772212892274,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772212892274,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOMrEAAIAR6AYKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772214344593,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1447772214344593,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGUCABFAADlUKwAAIARylQKAAUJCgAF\/wCKAIoA0VBGEQ7C9AoABQkAigC7AAAgRU9GR0ZDREpDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATlZSOQAAAAAAAAAAAAAAAAYBBxABAA8BVaoA"} -01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772214344593,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9","domainame":"nvr9"}} +00966{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772214344593,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9","domainame":"nvr9"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1447772214403136,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772214403136,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOPwoAAIAR260KAAXpCgAF\/wCJAIkAOuDzmiABEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1447772215152486,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772215152486,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOQZcAAIAR2SAKAAXpCgAF\/wCJAIkAOuDzmiABEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772216537634,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -45,7 +45,7 @@ 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772234353315,"flow_src_last_pkt_time":1447772234353315,"flow_dst_last_pkt_time":1447772234353315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772234353315,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"guru","domainame":"guru"}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772235481236,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1447772235481236,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGmCABFAADlboAAAIARrCwKAAVdCgAF\/wCKAIoA0eR9EQ7pCQoABV0AigC7AAAgRUNFUEZIRUpFRkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAQk9XSUUAAAAAAAAAAAAAAAYBBxABAA8BVaoA"} -01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772235481236,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"bowie","domainame":"bowie"}} +00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772235481236,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"bowie","domainame":"bowie"}} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238479125,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772238479125,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479125,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772238479125,"pkt":"ABzEEHkPAOCBt8asCABFAABOD1sAAIARDUQKAAXpCgAEGACJAIkAOgf\/mi8AAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772238479125,"flow_src_last_pkt_time":1447772238479125,"flow_dst_last_pkt_time":1447772238479125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772238479125,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*","domainame":"*"}} @@ -63,10 +63,10 @@ 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1447772251795278,"pkt":"ACFislxDABzEEHkPCABFAADLQERAAIARoG8KAAQYCgABVwCJ4kEAt5PzIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772261156213,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772261156213,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy"}} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":0,"flow_first_seen":1447772211392771,"flow_src_last_pkt_time":1447772261068348,"flow_dst_last_pkt_time":1447772211392771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772261156213,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"ozi"}} -01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772261156213,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}} +00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772261156213,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772239929129,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"muli"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":261,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":5,"current-active-flows":15,"total-active-flows":15,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1645514718788263} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":261,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":5,"current-active-flows":15,"total-active-flows":15,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1645514718788263} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","vlan_id":2308,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_usec":1645514718788263,"pkt":"AAAAAAAAAA8AAAAIgQAJBAgARQAAcA92QAB7BiK1ChNHuAoRcYHYwQCLJGKEaMHxGvdQGAEALEoAAIEAAEQgRUpFQ0VKRUdFSUZCREJEQkZIRkREQURDRERDQUNBQ0EAIEZDRVBGREVHRUlGQkRBREhGSEZEREFEQURFQ0FDQUFBAA=="} 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":""}} @@ -80,14 +80,14 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772230221577,"flow_src_last_pkt_time":1447772230221577,"flow_dst_last_pkt_time":1447772230221577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"guru"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1447772221882535,"flow_src_last_pkt_time":1447772239929129,"flow_dst_last_pkt_time":1447772221882535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"muli"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":181,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772269972130,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy"}} -01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"bowie"}} -01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772235481236,"flow_src_last_pkt_time":1447772235481236,"flow_dst_last_pkt_time":1447772235481236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"bowie"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772214344593,"flow_src_last_pkt_time":1447772214344593,"flow_dst_last_pkt_time":1447772214344593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"nvr9"}} 00957{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":""}} 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772221776592,"flow_src_last_pkt_time":1447772221776592,"flow_dst_last_pkt_time":1447772221776690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1645514718788263,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"*"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514718788263,"flow_src_last_pkt_time":1645514718788263,"flow_dst_last_pkt_time":1645514718788263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1645514718788263,"vlan_id":2308,"l3_proto":"ip4","src_ip":"10.19.71.184","dst_ip":"10.17.113.129","src_port":55489,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1645514718788263} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1645514718788263} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 ~~ skipped flows.............: 0 @@ -96,9 +96,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6952678 bytes -~~ total memory freed........: 6952678 bytes -~~ total allocations/frees...: 114555/114555 +~~ total memory allocated....: 7530274 bytes +~~ total memory freed........: 7530274 bytes +~~ total allocations/frees...: 126286/126286 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2230 chars diff --git a/test/results/default/netbios_wildcard_dns_query.pcap.out b/test/results/default/netbios_wildcard_dns_query.pcap.out index df5f86637..45b5f0cda 100644 --- a/test/results/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/default/netbios_wildcard_dns_query.pcap.out @@ -1,10 +1,10 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597866040493657} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597866040493657} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1597866040493657,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","domainame":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr": []}}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1597866040493657} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1597866040493657} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 599 chars ~~ json message max len.......: 1134 chars diff --git a/test/results/default/netease_games.pcapng.out b/test/results/default/netease_games.pcapng.out index 12760b6ae..e1fe5f21b 100644 --- a/test/results/default/netease_games.pcapng.out +++ b/test/results/default/netease_games.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709433506952336} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709433506952336} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433506952336,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1709433506952336,"pkt":"SKmKCiNt8C90rUP1CABFAABJMA1AAEARPKvAqFjnrBEIS8DhADUANc4y4I0BAAABAAAAAAAAC2RhdGEtZGV0ZWN0A25pZQdlYXNlYmFyA2NvbQAAAQAB"} 01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433506952336,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetEaseGames","proto_id":"5.402","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -13,17 +13,17 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1709433507070792,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709433507351478,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAO8GB4UjSUdewKhY5wG7xOIKaGYq1g0Eo6ASaN\/PXAAAAgQFoAQCCApB0ruuKdlSUQEDAww="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1709433507351502,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709433507351502,"pkt":"SKmKCiNt8C90rUP1CABFAAA0+9VAAEAGurfAqFjnI0lHXsTiAbvWDQSjCmhmK4AQAPuEXQAAAQEICinZU2pB0ruu"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1709433507351873,"pkt":"SKmKCiNt8C90rUP1CABFAAI5+9ZAAEAGuLHAqFjnI0lHXsTiAbvWDQSjCmhmK4AYAPuGYgAAAQEICinZU2pB0ruuFgMBAgABAAH8AwPBdm3KPGzDPK22YgFlBXUjthtpiGGA5rsCuXWMw+VqOgAAeMAwwCzAKMAkwBTACgCjAJ8AawBqADkAOACIAIfAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCiAJ4AZwBAADMAMgCaAJkARQBEwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABPADcADAAoA\/wEAAVsAAAAgAB4AABtkYXRhLWRldGVjdC5uaWUuZWFzZWJhci5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433507351873,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3":"b502ea5e20e42ca41d28d47e8df496fa","ja3s":"","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433507351873,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709433507632515,"pkt":"8C90rUP1SKmKCiNtCABFAAA06wpAAO8GHIIjSUdewKhY5wG7xOIKaGYr1g0GqIAQAAdiugAAAQEICkHSvMgp2VNq"} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709433507632845,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3":"b502ea5e20e42ca41d28d47e8df496fa","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1017,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1709434482083790} +01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709433507632845,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","domainame":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1017,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1709434482083790} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709434482083790,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1709434482083790,"pkt":"SKmKCiNt8C90rUP1CABFAAAodiIAAEAR+AnAqFjnI\/bPE90MEaEAFAy\/AbXQAREqPQMAAQEB"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709434482083790,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1709434482120278,"pkt":"8C90rUP1SKmKCiNtCABFAAAo5LVAADsRTnYj9s8TwKhY5xGh3QwAFIL5ARTTAREqPQNIQRcBAAAAAAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1709434482121282,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1709434482121282,"pkt":"SKmKCiNt8C90rUP1CABFAAAodicAAEAR+ATAqFjnI\/bPE90MEaEAFAy\/AhbRAhIpPgBLQhQC"} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952340,"flow_dst_last_pkt_time":1709433507015335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":157,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":1709434482121282,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetEaseGames","proto_id":"5.402","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"data-detect.nie.easebar.com"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1053,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1709581314209472} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1053,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1709581314209472} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709581314209472,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1709581314209472,"pkt":"SKmKCiNt8C90rUP1CABFAAA6RO0AAEAR14HAqFjnI+Qg0aBQEEoAJl58s6+N6P8Aclc1XFxuZmNxakkvVFpnY3R0VVN6aUIr"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709581314209472,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -39,7 +39,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482121282,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314252567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1709581314252567} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1709581314252567} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -48,10 +48,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6921869 bytes -~~ total memory freed........: 6921869 bytes -~~ total allocations/frees...: 114206/114206 +~~ total memory allocated....: 7499465 bytes +~~ total memory freed........: 7499465 bytes +~~ total allocations/frees...: 125937/125937 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars -~~ json message max len.......: 1413 chars -~~ json message avg len.......: 976 chars +~~ json message max len.......: 1372 chars +~~ json message avg len.......: 955 chars diff --git a/test/results/default/netflix.pcap.out b/test/results/default/netflix.pcap.out index dbb39ef2e..7894e87ce 100644 --- a/test/results/default/netflix.pcap.out +++ b/test/results/default/netflix.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319030789585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319030789585,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032865799,"flow_dst_last_pkt_time":1484319032865799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032865799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -22,53 +22,53 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032888907,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319032934932,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1484319032937482,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032937482,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319032938079,"pkt":"gCqoTGHM5JjWH70UCABFAAEElg9AAEAG3v7AqAEHNkXM8c9xAbuJGKiENDLBHIAYEBXrWQAAAQEICh9kuFqFp0\/bFgMBAMsBAADHAwNYeOk4DbsWWYY8cJvWjkCo5DadBeFv01+sAqDDmGng8gAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAeAAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQABsAGQhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032938079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909sp_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032934932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032938079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909sp_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032896759,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319032943560,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1484319032944993,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032944993,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319032959853,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KnhAAEAGBKbAqAEHNr8RM896Abu7NDMyUqkvnoAYEBUG0wAAAQEICh9kuG6tijmlFgMBAgABAAH8AwPIzq7iU2TICMXjbnaJ8nYAFVnlxMLpFZucgYzvL7X8EAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032959853,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319032943560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032959853,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319032984566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032984566,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319032984566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319032984566,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319032986624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032986624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319032986624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319032986624,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032988935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319032988935,"pkt":"5JjWH70UgCqoTGHMCABFIAA0jvtAACkG\/cI2RczxwKgBBwG7z3E0MsEciRipVIAQAEsLVQAAAQEICoWnT+gfZLha"} -01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032990546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319032990546,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909sp_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01727{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032991535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319032991535,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909sp_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032990546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319032990546,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909sp_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319032938079,"flow_dst_last_pkt_time":1484319032991535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319032991535,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909sp_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033007001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033007001,"pkt":"5JjWH70UgCqoTGHMCABFIAA0Fi9AACkGMdQ2vxEzwKgBBwG7z3pSqS+euzQ1N4AQAD1p4wAAAQEICq2KObUfZLhu"} -01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033008803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033008803,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033017833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319033017833,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033008803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033008803,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319032959853,"flow_dst_last_pkt_time":1484319033017833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319033017833,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032984566,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033029291,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1484319032986624,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033032121,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033032720,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033032720,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_usec":1484319033033170,"pkt":"gCqoTGHM5JjWH70UCABFAAEc3y1AAEAGoLrAqAEHNCDEJM97AbvHy0pv3t3NXYAYEBXi\/gAAAQEICh9kuLK2m8VuFgMBAOMBAADfAwNYeOk5dpq52Q92jK0dByt7moyBAevty9H6iponk2lhXQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033033170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033029291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033033170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033038452,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033038452,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_usec":1484319033038729,"pkt":"gCqoTGHM5JjWH70UCABFAAEcC4pAAEAGdF7AqAEHNCDEJM98AbvweU0sS1mFlIAYEBVXdAAAAQEICh9kuLS2m8VvFgMBAOMBAADfAwNYeOk5CCoWDbSK0ezQ7KNuUeOfkDpWv85W1iHK1VuIfQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033038729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033032121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033038729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033084527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033084527,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CCZAACkGj4o0IMQkwKgBBwG7z3ve3c1dx8tLV4AQAEvXuQAAAQEICrabxXwfZLiy"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033086430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033086430,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033087423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033087423,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033086430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033086430,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319033033170,"flow_dst_last_pkt_time":1484319033087423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033087423,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033098473,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QOhAACoGVcg0IMQkwKgBBwG7z3xLWYWU8HlOFIAQAEuHmAAAAQEICrabxX0fZLi0"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033098983,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033112752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033112752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033098983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033098983,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319033038729,"flow_dst_last_pkt_time":1484319033112752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033112752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033206431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033206431,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033206431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033206431,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033206431,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033258390,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033259678,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033259678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319033261891,"pkt":"gCqoTGHM5JjWH70UCABFAAEEjf5AAEAG8gHAqAEHNCDEJM99AbszkZRh0pqER4AYEBXfdQAAAQEICh9kuYe2m8WoFgMBAMsBAADHAwNYeOk5L\/hvHF8lhL712a\/A3K+7eM0TUzNDC5BydZXwIiBWLEL7mQRMMcaBC1F+lWnOx+fqhp3XmUAyc5sg8zTJFwAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033258390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033261891,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033311591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033311591,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QfNAACoGVL00IMQkwKgBBwG7z33SmoRHM5GVMYAQAEt2YwAAAQEICrabxbUfZLmH"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319033261891,"flow_dst_last_pkt_time":1484319033312558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319033312558,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319033506287,"flow_dst_last_pkt_time":1484319033504279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5139,"midstream":0,"thread_ts_usec":1484319033506287,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":39766.2,"max":363670,"stddev":81851.3,"var":6699630080.0,"ent":3.2,"data": [46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137]},"pktlen": {"min":52,"avg":265.2,"max":1500,"stddev":396.8,"var":157454.8,"ent":3.9,"data": [64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033631945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033631945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319033631945,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033631945,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319033678956,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033680304,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033680304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319033681980,"pkt":"gCqoTGHM5JjWH70UCABFAAEZsrxAAEAGwjzAqAEHNkXM8c9+AbvPvqpBvxwx6IAYEBWxNAAAAQEICh9kux+Fp1CVFgMBAOABAADcAwNYeOk5uUi+rD99Z+Le1911L3kiB9I95LIt9NFo8L\/pTgAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033681980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033678956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033681980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033732036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033732036,"pkt":"5JjWH70UgCqoTGHMCABFIAA0YUhAACoGKnY2RczxwKgBBwG7z36\/HDHoz76rJoAQAEvDmgAAAQEICoWnUKIfZLsf"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033734598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033734598,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033735587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033735587,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033734598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319033734598,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319033681980,"flow_dst_last_pkt_time":1484319033735587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319033735587,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033886061,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319033886061,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319033886061,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033886061,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} @@ -78,10 +78,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1484319033990083,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319033990083,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1484319033993988,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1484319033993988,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319033997529,"pkt":"gCqoTGHM5JjWH70UCABFAAEZ\/SBAAEAGd9jAqAEHNkXM8c9\/Abtb3TwXSCXhKoAYEBWh7QAAAQEICh9kvE+Fp1DiFgMBAOABAADcAwNYeOk6Kk2knMSNhioRrvxRb2utqcQBAlus3bTpE7nGoQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033997529,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319033988686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319033997529,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034046936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319034046936,"pkt":"5JjWH70UgCqoTGHMCABFIAA0scVAACkG2vg2RczxwKgBBwG7z39IJeEqW908\/IAQAEtr2wAAAQEICoWnUPEfZLxP"} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034048780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319034048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034049759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319034049759,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034048780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319034048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319033997529,"flow_dst_last_pkt_time":1484319034049759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319034049759,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319034890998,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_usec":1484319034890998,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"} 00889{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319034890998,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -99,23 +99,23 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1484319035080111,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319035130944,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035132214,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035132214,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035134770,"pkt":"gCqoTGHM5JjWH70UCABFAAEEsStAAEAGazXAqAEHNFkni8+MAbsc0sO15elB0YAYEBWGUAAAAQEICh9kwKOtiMj8FgMBAMsBAADHAwNYeOk76erORdznXBXvPSpQVtkmxHNGba3wUCSzaRztoSCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035134770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035129030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035134770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035136106,"pkt":"gCqoTGHM5JjWH70UCABFAAEEDNVAAEAGD4zAqAEHNFkni8+NAbuZGBE\/BwX5PIAYEBWJrgAAAQEICh9kwKStiMj8FgMBAMsBAADHAwNYeOk7lPRrg34Uu\/Y+HzZqHJ9SINdd1V+d8fl0kU8rKiCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035136106,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035130944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035136106,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035183349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035183349,"pkt":"5JjWH70UgCqoTGHMCABFIAA0iNlAACoGqjc0WSeLwKgBBwG7z4zl6UHRHNLEhYAQAEsn6gAAAQEICq2IyQkfZMCj"} -01391{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035185788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035185788,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01848{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035186784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035186784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035185788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035185788,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319035134770,"flow_dst_last_pkt_time":1484319035186784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035186784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035199804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035199804,"pkt":"5JjWH70UgCqoTGHMCABFIAA0MDRAACkGA900WSeLwKgBBwG7z40HBfk8mRgSD4AQAEuFjwAAAQEICq2IyQsfZMCk"} -01391{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035200353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035200353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01848{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035215028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035215028,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035200353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319035200353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035136106,"flow_dst_last_pkt_time":1484319035215028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319035215028,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035342783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035342783,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035342783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319035342783,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1484319035342783,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319035397916,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035399304,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035399304,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319035401110,"pkt":"gCqoTGHM5JjWH70UCABFAAEE6LNAAEAGM63AqAEHNFkni8+OAbvRf5R+2AMl5IAYEBVXjgAAAQEICh9kwZ6tiMk\/FgMBAMsBAADHAwNYeOk7vNJQcIWTHxOYmxRdvE73iLawThqSAEUf4RBG+yAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035397916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319035401110,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319035449002,"pkt":"5JjWH70UgCqoTGHMCABFIAA07K5AACoGRmI0WSeLwKgBBwG7z47YAyXk0X+VToAQAEvLBgAAAQEICq2IyUwfZMGe"} -01389{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319035401110,"flow_dst_last_pkt_time":1484319035449894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319035449894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319035720714,"flow_dst_last_pkt_time":1484319035719060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2402,"flow_dst_tot_l4_payload_len":12882,"midstream":0,"thread_ts_usec":1484319035720714,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":143,"avg":41275.9,"max":350146,"stddev":77246.2,"var":5966969856.0,"ent":3.5,"data": [50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338]},"pktlen": {"min":52,"avg":530.2,"max":1500,"stddev":630.5,"var":397553.6,"ent":4.0,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52]},"bins": {"c_to_s": [11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0],"entropies": [4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1484319035889509,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319035889509,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1484319035997063,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1484319035997063,"pkt":"AQBef\/\/65JjWH70UCABFAACZwp8AAAERRQvAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} @@ -129,10 +129,10 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1484319036854344,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319036865722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1484319036868771,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036868771,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1484319036870445,"pkt":"gCqoTGHM5JjWH70UCABFAAEXqU5AAEAGBNrAqAEHaFZhs8+VAbsXO1WEkf8WmIAYEBU64wAAAQEICh9kxzYCM2vSFgMBAN4BAADaAwNYeOk8NZkQnOsfGkUHC3oH4Rk0tFCgXSVuPClH26lOAAAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAiwAAABYAFAAAEWFydC1zLm5mbHhpbWcubmV0AAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAzN0AAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAUABQEAAAAAABIAAAAXAAA="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036865722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319036870445,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036886851,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036886851,"pkt":"5JjWH70UgCqoTGHMCABFIAA0fX9AADwGNWxoVmGzwKgBBwG7z5WR\/xaYFztWZ4AQA6urGQAAAQEICgIza+cfZMc2"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01765{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01724{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","domainame":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26","blocks":0}}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1484319037897807,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319037897807,"pkt":"AQBef\/\/65JjWH70UCABFAACWcF0AAAERl1DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -205,11 +205,11 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049740377,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049743556,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049743556,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319049748048,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KeBAAEAGBT7AqAEHNr8RM8+qAbupwyRbcKY8y4AYEBVJ9gAAAQEICh9k+C6tikoKFgMBAgABAAH8AwPYXvBe7OTKRo\/HluRIJZi3JSt\/Gg\/Ui4yLFjBV5BYvDAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","domainame":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049807153,"pkt":"5JjWH70UgCqoTGHMCABFIAA0dtFAACoG0DE2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD0OrAAAAQEICq2KShofZPgu"} -01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01727{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050652467,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319050652467,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319050677236,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="} @@ -369,22 +369,22 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064723412,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064723412,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064724096,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064724096,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064728551,"pkt":"gCqoTGHM5JjWH70UCABFAAI52vZAAEAGVCfAqAEHNr8RM8\/JAbsptVYeqmuNy4AYEBU\/AQAAAQEICh9lMBGtilitFgMBAgABAAH8AwOssLX4r6P7GP1cyM+\/QL5jcos5eemrJxEB7qfdYiVRRQAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064729673,"pkt":"gCqoTGHM5JjWH70UCABFAAI526xAAEAGU3HAqAEHNr8RM8\/SAbtTxg2VXDZIdIAYEBX36QAAAQEICh9lMBOtilitFgMBAgABAAH8AwM\/Ud3IJ+zS9aVmySryI5irQf+M2+tqC0+UPSJWqvpDqAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064781140,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1333,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064782652,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064782652,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1334,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064783171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064783171,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EM5AACoGNjU2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD09hgAAAQEICq2KWL0fZTAT"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319064785302,"pkt":"gCqoTGHM5JjWH70UCABFAAEZfjdAAEAGoNfAqAEHNCUk\/M\/TAbvE99WTX4M6HoAYEBXgSwAAAQEICh9lMEiFpSALFgMBAOABAADcAwNYeOlYxBLS5gM2ky3bQNFyoxLviT91lQxxEizDalFYdwAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="} -01260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1337,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1337,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064796538,"pkt":"5JjWH70UgCqoTGHMCABFIAA01XFAACkGcpE2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD2LiwAAAQEICq2KWL4fZTAR"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064836708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064836708,"pkt":"5JjWH70UgCqoTGHMCABFIAA0GgVAACoGG880JST8wKgBBwG7z9NfgzoexPfWeIAQAEtfkAAAAQEICoWlIB4fZTBI"} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1344,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1349,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1344,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1349,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","domainame":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F","blocks":0}}} 02338{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1408,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 02512{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140"}} @@ -426,10 +426,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319114455348,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114457327,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114457327,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319114464321,"pkt":"gCqoTGHM5JjWH70UCABFAAI5Y7ZAAEAGyGPAqAEHNCAW1s\/2Abt+TgYKSUprD4AYEBXEQwAAAQEICh9l6gK2sSMxFgMBAgABAAH8AwPYD50dwaa6SBFM+FER3hNsABrlY\/SCFZdiIuSkbU7v5QAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114523056,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDFAACkG\/M00IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD16GQAAAQEICraxIz8fZeoC"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1484319117511945,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1565,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","domainame":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -442,17 +442,17 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117664151,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117667082,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117667082,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117668880,"pkt":"gCqoTGHM5JjWH70UCABFAAI59gxAAEAGLtXAqAEHNCkeBc\/3Abv7qhZUzpmKroAYEBUUlAAAAQEICh9l9feh\/Yo1FgMBAgABAAH8AwNYeOmNAe5Q0hcaTI2Ej50ifhjlODvil\/8YZ4JhR3RxkSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAAGNAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMzdAAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQAFAAUBAAAAAAASAAAAFwAAABUA+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117703150,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117704525,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117704525,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117713351,"pkt":"gCqoTGHM5JjWH70UCABFAAI5taBAAEAGdnnAqAEHNCAW1tAAAbtmeMEhXwOe+oAYEBXylgAAAQEICh9l9hq2sSZcFgMBAgABAAH8AwN8q\/ZLhsSOm12ptnIT0OvNxxjn3f9+RlJ5hY7lfSkXAAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117734717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117734717,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOhAACkGPN80KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD3iAQAAAQEICqH9ikcfZfX3"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -01781{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1910h2_b5dc49c6fcca_f44caba5725b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117767728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117767728,"pkt":"5JjWH70UgCqoTGHMCABFIAA0uJNAACkGjGs0IBbWwKgBBwG70ABfA576ZnjDJoAQAD194wAAAQEICraxJm0fZfYa"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1590,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1590,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","domainame":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d910600_383454ac02f4_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117826887,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117826887,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1599,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117827967,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -460,15 +460,15 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117879588,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117881117,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117881117,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117885772,"pkt":"gCqoTGHM5JjWH70UCABFAAEEKuFAAEAG+zXAqAEHNCkeBdABAbshc+wiWjzIs4AYEBUAlAAAAQEICh9l9sOh\/YpsFgMBAMsBAADHAwNYeOmNxGxgi8I9EIqk5oJkWnJI9VweKmO\/JyQkao7GaCDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1605,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1605,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117886937,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117890575,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117890575,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117892631,"pkt":"gCqoTGHM5JjWH70UCABFAAEEuTxAAEAGbNrAqAEHNCkeBdACAbuRqNIG4ZYSCoAYEBUMGAAAAQEICh9l9seh\/YptFgMBAMsBAADHAwNYeOmNE5tkHrD0G2XjxlOstOMmL3TKkSrM+b+7cNSu7CDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1608,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117929656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117929656,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QsRAACoG+gI0KR4FwKgBBwG70AFaPMizIXPs8oAQAD0c8QAAAQEICqH9ingfZfbD"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117941532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117941532,"pkt":"5JjWH70UgCqoTGHMCABFIAA0mHNAACkGpVM0KR4FwKgBBwG70ALhlhIKkajS1oAQAD32HgAAAQEICqH9insfZfbH"} -01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","domainame":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d190700_b5dc49c6fcca_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1484319118629811,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"} @@ -554,7 +554,7 @@ 01272{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319065147554,"flow_dst_last_pkt_time":1484319065269365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":10445,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} 01270{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070825326,"flow_dst_last_pkt_time":1484319070905880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":8954,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133"}} 01273{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091498293,"flow_dst_last_pkt_time":1484319091694942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":22028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1793,"packets-processed":1793,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1484319120726362} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1793,"packets-processed":1793,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1484319120726362} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1793/1793 ~~ skipped flows.............: 0 @@ -563,9 +563,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7671245 bytes -~~ total memory freed........: 7671245 bytes -~~ total allocations/frees...: 117249/117249 +~~ total memory allocated....: 8249244 bytes +~~ total memory freed........: 8249244 bytes +~~ total allocations/frees...: 129006/129006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2539 chars diff --git a/test/results/default/netflow-fritz.pcap.out b/test/results/default/netflow-fritz.pcap.out index 5b11c2c6e..261565e52 100644 --- a/test/results/default/netflow-fritz.pcap.out +++ b/test/results/default/netflow-fritz.pcap.out @@ -1,10 +1,10 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498072707863157} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498072707863157} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1498072707863157,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1498072707863157} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1498072707863157} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 623 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/netflowv9.pcap.out b/test/results/default/netflowv9.pcap.out index 18f733253..df7778270 100644 --- a/test/results/default/netflowv9.pcap.out +++ b/test/results/default/netflowv9.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568213026961189} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568213026961189} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02373{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1568213026961189,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568213026961481,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1568213026961481,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBlAAEARgtfAqAKGwKgC3r31CAkFNPSKAAkAECROCO5dZ6gMFm+miwAAAAEBAwR0AAoEJE2MQyRNjEMAAAAAAAAAKAAAAAAAAAABBoG7GHW5sBu2oskQ8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2N2iRNjdoAAAAAAAAAKAAAAAAAAAABBo1U+k3KfY5lynQNPQIAkwAAJVUAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE18SSRNfEkAAAAAAAAAKAAAAAAAAAABBoOfK0xgJbzk0x8idgIAkwAAQZMAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE138SRNd\/EAAAAAAAAAKAAAAAAAAAABBo0ow7ZcdiVKtb35CAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2GQyRNhkMAAAAAAAAAKAAAAAAAAAABBor0wQFcdiVKtb3HUgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DfiRNg34AAAAAAAAAKAAAAAAAAAABBor2FrZcdiVS2B5qjAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE18PyRNfD8AAAAAAAAAKAAAAAAAAAABBo1Up0FcdiVS2B5r1QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE17iyRNe4sAAAAAAAAAPAAAAAAAAAABBg3sBqCBu1q758J2XwIAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NhiRNjYYAAAAAAAAAKAAAAAAAAAABBor1iT+zPH\/q+PWRXwIAkwAEAA8AADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2S4iRNkuIAAAAAAAAAKAAAAAAAAAABBo1UPAVcdiVKtb3HQAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zyiRNf34AAAAAAAAAaAAAAAAAAAACBoG7N9cYhuyhXSkMOAIAkwAAemYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10QyRNicMAAAAAAAAOTQAAAAAAAAAOBkWtkIyNVA4cyLQBuxsAkwAAMhAAAGgrhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10VCRNiaAAAAAAAAAWCAAAAAAAAAAOBo1UDhxFrZCMAbvItBsAkwAAaCsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE19oiRNfaIAAAAAAAAAKAAAAAAAAAABBo0otGR9QF7TkZskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoBAgCkAAoEJE1+RiRNfkYAAAAAAAACnwAAAAAAAAABEY0or7OjrOWoV\/4TxACTAAAyTAAAMhDYZ9kYj9qEeKwVnUIAAAAAACAAAAAAAAAAAAAAAAAACgQkTYvDJE2LwwAAAAAAAABBAAAAAAAAAAERjVTKyMf3HnvTFQA1AJMAAE\/5AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="} 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568213026961588,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1568213026961588,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVELBpAAEARgtrAqAKGwKgC3r31CAkFMBHrAAkAECROCO5dZ6gMFm+mjAAAAAEBAwUUAAoEJE2SMCRNkjAAAAAAAAAAKAAAAAAAAAABBo0oeEF9QF7TgbUkWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JaCRNiWgAAAAAAAAAKAAAAAAAAAABBo1UNRi50QAh4ToRYwIAkwAAl54AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5IiRNcjMAAAAAAAAZGgAAAAAAAAAUBhH4kiqK9g5D6DsBuxsAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5KyRNcicAAAAAAAA1qwAAAAAAAAAUBor2DkMR+JIqAbvoOxsAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AfyRNgH8AAAAAAAAAKAAAAAAAAAABBor2smFcdiVS2B5l6QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1vXSRNb10AAAAAAAAAKAAAAAAAAAABBo0oMRxcd6AhqNceOgIAkwAAwWEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1wriRNcNYAAAAAAAADlQAAAAAAAAALBhcAJ1qBuwkVzSYBuxoAkwAAMhAAAEDxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1wtyRNcQcAAAAAAAARmgAAAAAAAAAIBoG7CRUXACdaAbvNJhoAkwAAQPEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1voCRNb6AAAAAAAAAAKAAAAAAAAAABBo1Ua7JcdiVKtb08AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SPCRNkjwAAAAAAAAAKAAAAAAAAAABBoOftxy5sBu2oskg6gIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zjiRNc44AAAAAAAAAKAAAAAAAAAABBor0fg92t70V0O4XDAIAkwAAECYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SXiRNkl4AAAAAAAAAKAAAAAAAAAABBoG7fy+5sBu2oskgdQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zoCRNc6AAAAAAAAAAKAAAAAAAAAABBo0nrI+5sBv2sRRsPgIAkwADHowAAAKo2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MviRNj0UAAAAAAAAE2wAAAAAAAAAGBmj0KkiK9gKH15wBuxgAkwAAMhAAADRmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MxyRNjxMAAAAAAAAC1wAAAAAAAAAFBor2Aodo9CpIAbvXnBgAkwAANGYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE15TyRNeU8AAAAAAAAAKAAAAAAAAAABBor1eIW5sBu2oskcOQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAA"} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026962107,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13468,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026962107,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568213026962107} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568213026962107} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907903 bytes -~~ total memory freed........: 6907903 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7485521 bytes +~~ total memory freed........: 7485521 bytes +~~ total allocations/frees...: 125879/125879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 2379 chars diff --git a/test/results/default/nfsv2.pcap.out b/test/results/default/nfsv2.pcap.out index 58fc3acf2..0619ea159 100644 --- a/test/results/default/nfsv2.pcap.out +++ b/test/results/default/nfsv2.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207338400000} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207338400000} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207338400000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZMIAAEAR0zSLGRYCixkWZgzZAG8ASG3iOEEWnwAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -39,7 +39,7 @@ 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338440000,"flow_src_last_pkt_time":944207338440000,"flow_dst_last_pkt_time":944207338450000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338880000,"flow_src_last_pkt_time":944207338880000,"flow_dst_last_pkt_time":944207338890000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338450000,"flow_src_last_pkt_time":944207338450000,"flow_dst_last_pkt_time":944207338450000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":156,"packets-processed":156,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":944207338890000} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":156,"packets-processed":156,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":944207338890000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 156/156 ~~ skipped flows.............: 0 @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6926417 bytes -~~ total memory freed........: 6926417 bytes -~~ total allocations/frees...: 114359/114359 +~~ total memory allocated....: 7504123 bytes +~~ total memory freed........: 7504123 bytes +~~ total allocations/frees...: 126095/126095 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2121 chars diff --git a/test/results/default/nfsv3.pcap.out b/test/results/default/nfsv3.pcap.out index 1f9c49837..303b1fa95 100644 --- a/test/results/default/nfsv3.pcap.out +++ b/test/results/default/nfsv3.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207397280000} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":944207397280000} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207397280000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZTwAAEAR0rqLGRYCixkWZgzfAG8ASDUOOENPaQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAADAAAAA3VkcAAAAAAAAAAAAA=="} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -44,7 +44,7 @@ 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397740000,"flow_src_last_pkt_time":944207397740000,"flow_dst_last_pkt_time":944207397740000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397290000,"flow_src_last_pkt_time":944207397290000,"flow_dst_last_pkt_time":944207397290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397330000,"flow_src_last_pkt_time":944207397330000,"flow_dst_last_pkt_time":944207397330000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":128,"packets-processed":128,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":944207397750000} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":128,"packets-processed":128,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":944207397750000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 128/128 ~~ skipped flows.............: 0 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927985 bytes -~~ total memory freed........: 6927985 bytes -~~ total allocations/frees...: 114342/114342 +~~ total memory allocated....: 7505713 bytes +~~ total memory freed........: 7505713 bytes +~~ total allocations/frees...: 126079/126079 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2123 chars diff --git a/test/results/default/nintendo.pcap.out b/test/results/default/nintendo.pcap.out index 365c28c27..33ec85cfa 100644 --- a/test/results/default/nintendo.pcap.out +++ b/test/results/default/nintendo.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1500731320644357} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1500731320644357} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1500731320644357,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -46,10 +46,10 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1500731326644516,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1500731326676754,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1500731326680974,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731326680974,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1500731326686105,"pkt":"AA6OGXEMfLuKifuECABFAAEIEXVAAEAGCMjAqAxyNsAb2aItAbvSLGpFwBwN1IAYAg7fBQAAAQEICgAacbOn0Wp9FgMBAM8BAADLAwPpevzeArLIKOrS51pZ0JeD5YrYSKYz0y0ak5UBe34eswAANMArwC\/MqcyowArACcATwCPAJ8AUAJ7MqgAzADIAZwA5ADgAawAWABMAnAAvADwANQA9AAoBAABuAAAANwA1AAAyZTBkNjdjNTA5ZmIyMDM4NThlYmNiMmZlM2Y4OGMyYWEuYmFhcy5uaW50ZW5kby5jb23\/AQABAAAKAAgABgAXABgAGQALAAIBAAANABgAFgQBBQEGAQIBBAMFAwYDAgMFAgQCAgI="} -01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731326686105,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326676754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731326686105,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326720507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731326720507,"pkt":"fLuKifuEAA6OGXEMCABFAAA0Z1VAAPUG\/ro2wBvZwKgMcgG7oi3AHA3U0ixrGYAQAHYjVAAAAQEICqfRaoEAGnGz"} -01449{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326729816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731326729816,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326731294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731326731294,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} +01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326729816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731326729816,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731326686105,"flow_dst_last_pkt_time":1500731326731294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731326731294,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329336127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731329336127,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329336127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1500731329336127,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1500731329520313,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"} @@ -91,10 +91,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1500731341201471,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1500731341241134,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1500731341242243,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731341242243,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1500731341246098,"pkt":"AA6OGXEMfLuKifuECABFAAEIEZhAAEAGCXbAqAxyNsAbCHphAbtX9RryfZacgoAYAg5SDAAAAQEICgAaqpeoOPNAFgMBAM8BAADLAwNvKK+fQ4F0D04V95LMArBCLWBC88S5\/t3m1SoEKefZLwAANMArwC\/MqcyowArACcATwCPAJ8AUAJ7MqgAzADIAZwA5ADgAawAWABMAnAAvADwANQA9AAoBAABuAAAANwA1AAAyZTBkNjdjNTA5ZmIyMDM4NThlYmNiMmZlM2Y4OGMyYWEuYmFhcy5uaW50ZW5kby5jb23\/AQABAAAKAAgABgAXABgAGQALAAIBAAANABgAFgQBBQEGAQIBBAMFAwYDAgMFAgQCAgI="} -01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731341246098,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341241134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731341246098,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341283400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1500731341283400,"pkt":"fLuKifuEAA6OGXEMCABFAAA0b8ZAAPUG9xo2wBsIwKgMcgG7emF9lpyCV\/UbxoAQAHYHRQAAAQEICqg480QAGqqX"} -01449{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731341285479,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731341285901,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} +01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":1348,"midstream":0,"thread_ts_usec":1500731341285479,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341246098,"flow_dst_last_pkt_time":1500731341285901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":2696,"midstream":0,"thread_ts_usec":1500731341285901,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","domainame":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","tls": {"version":"TLSv1.2","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d260500_f64c77d06cfa_b289314254d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94","blocks":0}}} 02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1500731322454625,"flow_src_last_pkt_time":1500731342015923,"flow_dst_last_pkt_time":1500731342041758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":1094,"midstream":1,"thread_ts_usec":1500731342041758,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":1262852.6,"max":14019058,"stddev":3442938.0,"var":11853821378560.0,"ent":2.4,"data": [6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768]},"pktlen": {"min":52,"avg":120.2,"max":457,"stddev":98.4,"var":9678.6,"ent":4.6,"data": [152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103]},"bins": {"c_to_s": [8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1],"entropies": [6.479545116,5.785408020,5.038780212,5.979954243,4.955154419,6.040005207,6.008045197,5.003043652,5.726619720,6.592999458,6.614606380,4.988526344,5.077241898,5.668902874,5.000318527,7.493407249,5.115703106,6.091131687,7.370351791,6.507602692,5.003043175,5.784872532,5.077241898,7.341584682,5.077241898,6.192684174,5.995468616,5.079966545,5.751333237,5.077241898,6.654079914,5.719826698]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731342849734,"flow_src_last_pkt_time":1500731342849734,"flow_dst_last_pkt_time":1500731342849734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731342849734,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1500731342849734,"flow_dst_last_pkt_time":1500731342849734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1500731342849734,"pkt":"AA6OGXEMfLuKifuECABFAABoEaUAAAQRdQ7AqAxyuXapQdpra4AAVCIdMquYZAIAAADswAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4rX5hDUY6wfFQBAZE4XnJazusJzbVQnhevgQppjVzdvQ=="} @@ -161,7 +161,7 @@ 00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1500731329336127,"flow_src_last_pkt_time":1500731329336127,"flow_dst_last_pkt_time":1500731329520313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1500731340951426,"flow_src_last_pkt_time":1500731340966394,"flow_dst_last_pkt_time":1500731340966499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":232,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","proto_id":"5.173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"g2df33d01-lp1.p.srv.nintendo.net"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1000,"packets-processed":996,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1500731348756457} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1000,"packets-processed":996,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1500731348756457} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/996 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7002223 bytes -~~ total memory freed........: 7002223 bytes -~~ total allocations/frees...: 115375/115375 +~~ total memory allocated....: 7579819 bytes +~~ total memory freed........: 7579819 bytes +~~ total allocations/frees...: 127106/127106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2209 chars diff --git a/test/results/default/nntp.pcap.out b/test/results/default/nntp.pcap.out index 1172c0ab4..710cfd379 100644 --- a/test/results/default/nntp.pcap.out +++ b/test/results/default/nntp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423829,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="} @@ -9,7 +9,7 @@ 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":4345908.0,"max":25684268,"stddev":7782391.0,"var":60565611347968.0,"ent":3.1,"data": [157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283]},"pktlen": {"min":40,"avg":205.9,"max":1500,"stddev":397.4,"var":157950.1,"ent":3.6,"data": [60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0],"entropies": [4.471673489,4.918822765,4.878231525,5.476410866,4.931209564,5.179985523,4.961856842,5.561774254,5.435857296,5.000318050,5.478010178,4.892747879,5.210754871,5.673897266,4.969671249,5.291449070,5.852569103,4.878231049,5.413592815,4.878231049,5.543476105,5.549430847,4.931209564,5.298630238,5.766685963,4.767184258,5.374790192,4.825252533,4.982897282,4.817437172,5.532413483,3.670482159]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1258844993785292} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1258844993785292} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910612 bytes -~~ total memory freed........: 6910612 bytes -~~ total allocations/frees...: 114171/114171 +~~ total memory allocated....: 7488208 bytes +~~ total memory freed........: 7488208 bytes +~~ total allocations/frees...: 125902/125902 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2198 chars diff --git a/test/results/default/no_sni.pcap.out b/test/results/default/no_sni.pcap.out index a900d42b8..0309b6467 100644 --- a/test/results/default/no_sni.pcap.out +++ b/test/results/default/no_sni.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1604822444474923} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1604822444474923} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1604822444474923,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -14,19 +14,19 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604822444486731,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822444624675,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604822444624753,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822444624753,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"} 01354{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604822444629426,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_usec":1604822444629426,"pkt":"EBMxuRBeeDHBvV4kCABFAAKQAABAAEAGFD\/AqAF3aBD5+cmWAbsdU0Zq51fs4FAYEACqFQAAFgMBAmMBAAJfAwM4QGbYN4X20uSmpCi+qLH24nxablHacDaB7g46zEyvJCCS0jgQR8zClHgewuqoUAH32VWvHW5IuO5vXWulcb1skAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQAB8gAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHmVJzDe7D6qJNs1W0qD8RIXzzYXXPM\/3vnHoxYUiJkqABcAQQTWxNAmZdh04nOlC2Wggbf1TQ5Pxz25m+va297qXK9jD3ovCZ5UT7sdbxNYgxx9TZMDsDXvKRSDpVE90jpfHkDFACoAAAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwDOWKpJVdqJ22Z6lGoaHhJKmtmYwswNzWnU5DNuC8HGbdiXoFAZXxZG56tM93v7A4wn4E03RF1w530ZLeasMMIMsYEC4asY+xpMYZn2lZDq8jUcVaGkQ1uyuuJKtxOTpieuSHwZbHKadjDUlTR7uiwEOMjeGRMdOORxuffgTWS\/WKkZmXbE85P+ToRCh8lvZip4mWqQ0NEC5HrF38UgI1faKYf2KszBanKyjpCdEBVxPT1o2z7xi9N1pX8fd5IJJ3Dhki3gAISCp9COAa94cIbcD4ODGkygxHHNgI8KCuth8lpXGNGBiug=="} -01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444629426,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":616,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822444629426,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.2","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","ja4":"t13d1814h2_e8a523a41297_7673359314f0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444629426,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":616,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822444629426,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_7673359314f0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604822444629706,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1604822444629706,"pkt":"EBMxuRBeeDHBvV4kCABFAAAuAABAAEAGFqHAqAF3aBD5+cmWAbsdU0jS51fs4FAYEABd6QAAFAMDAAEB"} -01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444629799,"flow_dst_last_pkt_time":1604822444807971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":682,"midstream":0,"thread_ts_usec":1604822444807971,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1814h2_e8a523a41297_7673359314f0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444629799,"flow_dst_last_pkt_time":1604822444807971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":682,"midstream":0,"thread_ts_usec":1604822444807971,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1814h2_e8a523a41297_7673359314f0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822444913120,"flow_dst_last_pkt_time":1604822444913120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822444913120,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444913120,"flow_dst_last_pkt_time":1604822444913120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822444913120,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444918595,"flow_dst_last_pkt_time":1604822444918472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":1416,"midstream":0,"thread_ts_usec":1604822444918595,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":27858.2,"max":180261,"stddev":53974.2,"var":2913210624.0,"ent":3.0,"data": [137944,138022,4673,280,93,180261,3035,178242,156,4,141,2334,6395,1417,5511,15440,136,687,115,1388,73966,13479,4177,2946,6,76790,62,5422,2521,12,7950]},"pktlen": {"min":40,"avg":127.2,"max":722,"stddev":163.8,"var":26828.9,"ent":4.2,"data": [64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40]},"bins": {"c_to_s": [10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0],"entropies": [4.396777153,4.868495941,4.453056812,7.114666462,4.555532932,6.968688488,4.414441109,7.666847229,4.630641460,6.135609627,4.457919598,4.630641460,6.314809799,4.414441109,5.619441509,4.511769772,6.797011852,6.413628101,6.156311035,6.369709969,5.547562122,4.414441109,4.414441109,4.414441109,7.324114323,5.703947544,4.630641460,4.630641460,4.457919598,7.272934914,5.647610664,4.630641460]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1604822444913120,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822445034293,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1604822445034393,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822445034393,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"} 01810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1001,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1001,"pkt_l4_len":967,"thread_ts_usec":1604822445039824,"pkt":"EBMxuRBeeDHBvV4kCABFAAPbAABAAEAGkI3AqAF3aBB8YMmcAbs\/DuN7hGv40FAYEADx5QAAFgMBA64BAAOqAwOKZdoIJJLXVGZA4tLet+CaUHoCgYsVNfGcUO5E5Yyw\/iDkSSMrT+G4DHKylGZE+9t1xT9Bwk1il4gkdGKmixfHxQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQADPQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACDGOo4vonTOM2GYlWlh+M28Bv4rBtCSolJUMSM6byGyQgAXAEEEsB47X5x8IY\/5MH1UqXpFAzbgAcO0IeN+cLY8gPqZEdzm0gMalJCJbmIbZn57y5aw8W4ViyGLcMicP949QRl9egArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQH\/zgFuEwEAHQAgPGWhhHXhSBIvBL4hXbOZcIM+rNQD2DcGROPY4ll\/rXoAINowFgSFokV0+8oDzPiOBNFVqPuEsCkk5QU+JZFVeXqbASQVT3cyI9DPD+8Kd3Ww2Vi2d0E4DueGAORAkX1nZsCd92axwR+an6cI7N5dHl3UWilB1dYjPA\/Cb+kdo\/rtnIL2uvuu1ZO84mgnhL6aaGeyGgbrvNPbA3g3+pnNDT4RerDjfoe6\/qjpiEkt\/Cxegk8zCUdDD7xu0Ze3gFLPNBw+NMoVVk69a4J2D0HN5dwh\/g8OZb9iLxYQWYC6JERpN1lgtG78xLVcvV7ggnnVMs5uIwGEnfiUjF5hH5552rRr3aNqybi0n1REe12jTc0CaJnSAjssolOGEIF7Eaz0cCSNxSIxNWYS+ViM9d+mFqlG4AnoxOS3kAdhb0o3XzgfHmqOXT\/Qig2tFDnf48VJlSDMHfMizonuSCJtbeL2gpig1kFTmUpSABwAAkABACkA6wDGAMDNhC2AFFGfXEp15it59dLTTVcyyn8S81OKgZyxn+d71MvWDP\/H\/yZ0CKRnioxg4kYE8g9KY6NDndAUJAO9irc5kVyEUHYiCa1\/b7\/PO7UXyHtWF05jOnlW5epvkBcUEoz1cKj1FoHg8jVn4OXxB+hMeVp6O5W\/MXtAJMwvSY1RBUIJUwEcBDbTUg50wHii6KzVTxBq1wBqLSaTaWlzZDkiUB263uSuAwEWUj4P6lD3GW+slylGFmC4b7jJ6LG5XizAQoRaACEg2Q4sqc9BVWDARn8I0Hf4LU0dkZ+vNaoeVKdqU0RHzqY="} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822445039824,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","ja4":"t13d1813h2_e8a523a41297_a36e8500eb55","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01520{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822445039824,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_a36e8500eb55","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445134722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822445134722,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo0tZAADkGyGloEHxgwKgBdwG7yZyEa\/jQPw7nLlAQAEKaMQAAAAAAAAAA"} -01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445135087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":232,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":232,"midstream":0,"thread_ts_usec":1604822445135087,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1813h2_e8a523a41297_a36e8500eb55","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445694881,"flow_dst_last_pkt_time":1604822445694834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":8322,"midstream":0,"thread_ts_usec":1604822445694881,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":120,"avg":50434.7,"max":472643,"stddev":107031.5,"var":11455736832.0,"ent":3.0,"data": [121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593]},"pktlen": {"min":40,"avg":367.0,"max":1500,"stddev":489.4,"var":239474.4,"ent":3.9,"data": [64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40]},"bins": {"c_to_s": [12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [4.459277153,4.906957626,4.434184551,7.493985176,4.501398087,6.837790012,4.611769199,6.011372089,6.893880844,7.790526867,4.501398087,7.625611782,4.561769009,4.501398087,5.703947067,4.561769009,5.575730801,4.457919598,4.501398087,7.808494568,4.611769199,7.795384884,4.611769199,7.862168789,4.611769199,7.876565933,4.611769199,7.855591774,7.425184250,4.611769199,7.806784630,4.611769199]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445135087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":232,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":232,"midstream":0,"thread_ts_usec":1604822445135087,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1813h2_e8a523a41297_a36e8500eb55","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02509{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445694881,"flow_dst_last_pkt_time":1604822445694834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":8322,"midstream":0,"thread_ts_usec":1604822445694881,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":120,"avg":50434.7,"max":472643,"stddev":107031.5,"var":11455736832.0,"ent":3.0,"data": [121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593]},"pktlen": {"min":40,"avg":367.0,"max":1500,"stddev":489.4,"var":239474.4,"ent":3.9,"data": [64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40]},"bins": {"c_to_s": [12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [4.459277153,4.906957626,4.434184551,7.493985176,4.501398087,6.837790012,4.611769199,6.011372089,6.893880844,7.790526867,4.501398087,7.625611782,4.561769009,4.501398087,5.703947067,4.561769009,5.575730801,4.457919598,4.501398087,7.808494568,4.611769199,7.795384884,4.611769199,7.862168789,4.611769199,7.876565933,4.611769199,7.855591774,7.425184250,4.611769199,7.806784630,4.611769199]},"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447227531,"flow_dst_last_pkt_time":1604822447227531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447227531,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1604822447227531,"flow_dst_last_pkt_time":1604822447227531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822447227531,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447249969,"flow_dst_last_pkt_time":1604822447249969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447249969,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -40,11 +40,11 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447227531,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447311202,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447311306,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447311306,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"} 01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1604822447321601,"pkt":"EBMxuRBeeDHBvV4kCABFAAItAABAAEAGSHXAqAF3aBHGJcmzAbtjbURPShn2q1AYEABxjAAAFgMBAgABAAH8AwOOdaINkrkni1lkg0EYhB7CXywxYLUEQaB94XZ7swcviyDoXf8Mnld+CWLGSYqiJkQGZZHCItfbHLw5GpALvsX0fwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAEIAQAAAPTk1MWM1NThhLTVlMDctNDdjYS1hMGMwLTIyNWRhMWIzMzE2My5pcy1jZi5oZWxwLmV2ZXJ5MWRucy5uZXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIOfwyLIVH0Su0me3OGwu5ql9kHcNhOKA2\/oA4t1UmEYWABcAQQQbVWVY2y3r6Noo9p6qd3fGD31lfhwkBleOSQVZR94Q2uMqa3NtF3kY1er0qJelDJ3SvS5bjVDkBqwPJYfE80afACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447321601,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","tls": {"version":"TLSv1.2","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447321601,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447249969,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447325440,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447325515,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447325515,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"} 01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1604822447330671,"pkt":"EBMxuRBeeDHBvV4kCABFAAItAABAAEAGSHXAqAF3aBHGJcm0AbsYxEgGIKm4bVAYEACqNQAAFgMBAgABAAH8AwMTMNwzO21ZEZnBJ8YoE109\/i6YNzxxygde+NFPk4Vg0yBtnXms51StvlcYPwUtQJ3a2Aae1RGCTFOxqXrJXOFBFAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAEMAQQAAPjk1MWM1NThhLTVlMDctNDdjYS1hMGMwLTIyNWRhMWIzMzE2My5pcy1kb2guaGVscC5ldmVyeTFkbnMubmV0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAAGB+Ylz9tQWb3UZnj0MzC1iRLGQar+XyEWlMZnweIGQAXAEEEqEtOLMcAlryMSCaEMrbAEwrL0bH8mkD8soGNzp04CSJANtzqXJe3j\/dKAkxSvfkPUgnR4yBBz+PZw0ry7VkmCQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447330671,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","tls": {"version":"TLSv1.2","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447330671,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447287011,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447368937,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447369036,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447369036,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447287254,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447370587,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"} @@ -52,31 +52,31 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447287617,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447373226,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447373287,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447373287,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"} 01496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1604822447374307,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm1AbvwpFryQ4gHblAYEAByzwAAFgMBAsMBAAK\/AwOo7n9Ps15wBazvRSwP0XknzspI1stxfxt\/UzR\/iTVJEyAC8G++cc8\/RPDfJFBfMKnQnmiwhlHCQVzbLmLhap\/o+wAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgTLq0AqwNou6MGsB1+SYEgJSmTUTOD\/TxJYrSVvP1oDoAFwBBBKeqi+5mZF4FqrZM+Nc98bOF1LLJjzR7iMhqwT8EHpJcTJIoY3Ocwhydzi6GkM5amaGkSUUhnwcxZgCBpYGYspkAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIFOmheJL4xy5gpY\/yJcKeKS\/9XQSn93DrBI1rxRCLVANACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkut4Z8rAnlJ\/BQOlO633VmiJBVo0HHpTYKwow\/UrgM4eV1qOMwieMsrNSqM1l6bwtgDOlVaEPC0GRn4aCQtU1XP2X4FcQcEBgB0TQYfr+VqTH9px\/hRvQKbytE9L34VP2TUenG1F8iF0heywb5ZSJNRlrHCwIxo1Q1cFXgSmt+bxqFdr2xk3KCZcGELX4JsHF1xtxipkI9hU2eSqna\/RV\/6OZjs+0xDobkL7dH+C4x8IS+6ZbU9dcdpF1KnVLSsBAwCn4gdmjyqOcJkFmyD9MzJR7Kox31au\/1ccnVPYgJWTBHIf96KJnmFelvEa3Tqt25pUSu5EXfJqkJM4E5MPphlNhuXtutSQatEVfktgwClJtegRW83L4awezF4ogcf6f2s73jwAcAAJAAQ=="} -01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447374307,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447374307,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1604822447380742,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm3AbsAL2HqAUMAtVAYEAAkOwAAFgMBAsMBAAK\/AwNVI7InNdA1ot5OdKof1kA6BpGq39LpfrSaqLEJ4t4pyCCv0oSr4LDlh2WzJ9HwxgZARteBYDIbmU3nj0BJKwky+gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg7QAbQ7koWJMYoOecI197XFg+d23v8PjWib7icO3n\/FwAFwBBBA8OlHTHMCeAOzQUay5DCVe2ET8f6buSW4LVGxdHe8jrqvhXpCb+NoAKMsX\/aFrJFFo51N2cc4w\/Fh30MOpOulUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIEjhe5bsavzQ67r6YZd7oG78oUtyH0sMqVomsLYebm5wACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkGl0dzIxH3UbiFXD\/ti+ZnNhfaZg98I\/A6UThXpUgVWxUYvURDuH8NPk4Yq3Wst5v1HkmMCj4IVcnOzpyhEPOCiWeUPZXAZ4C3Zu0CMcpfFQbdWpVdpuIwE+\/Jo9nfuvAdM6x2QV3DWfmZjs5LPCegAhmYb1Z9kADX+9l3va5NlStNZ2VFMQja7+fVl0pkiRHXepdGBP3rxz5pEAqsK2x3S0wdezniiFt5uiKguifcr2z7DsmYE1kM\/9e9xwV\/H4+Yk7MFcFkSsTPg5EZY2llGE2vj8EVxsCSYDBvziAk02Bjbvs5qsudzlQiboR7Y1bxovyogiImbMIdV17\/v5\/g9VPZmxrlZKp6AB2jx3X\/4Z3P+WoYFKr4VUuHGSa2WCRn\/aBSJAAcAAJAAQ=="} -01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447380742,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447380742,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1604822447386869,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm2AbtLPosY62hp81AYEADBvgAAFgMBAsMBAAK\/AwNRUOqW8fcFAIVJ2wDVWV7C3Kd3FLHiQcf08yw4FN3iXSCr++V7bGNoaO02ERHmP51fO+JZbR4AQQj87xtTZ0QmgwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg1\/nF9GBjzoBJP3vChsI3TG08\/GK1TsqGFkFsvA4YsTYAFwBBBM6shgU+jIrVFTkZ9XOduv8uISc+1jmvtR4\/i\/iVQ5mkzXP3UH4e2gztWXshEhxsgD9Q5DnmNDoCVwQBrWyhBo4AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIIL8GVgWuqJ31PIAS9EwGQtG8rU0tCk\/N7q9r130NnNwACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkS8IkWC2D2bmZ1aalyMpfcETszLdbZEvlB692JDGmKS2g777tYyoryGh1b\/cgxb2Dw0XmCzUpt799pNsl5lfgsSb\/zWK7FUTYSo2B\/3jOPhS7A9xCnyXTSYLUKwD33PzWwKbZHq+itqMzgYfes2eqKe1zHFL9BWGSPB\/yCuItpWVRqR\/vBTR8RtAcUd7v1jo1gB8dmhG7Jx6xY5Eufjxl6HfZY3+g7L+DeH+NKvI3qqQ+O8gr2YFAyaInp+4djrXbPsVdnGNailJditx+fCJhojUSCluxDsiDydGVbRxMt9OyK2BuCFCC7gNcCbFUB04DHqlhZREnseT0GjaFHQJqQMbN02cS6Eo6rN7cQDGYg6nBwThwqMwQ555qhDUtBoETTMl5QQAcAAJAAQ=="} -01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447386869,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447386869,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447410183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447410183,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo1yZAADcGfFNoEcYlwKgBdwG7ybNKGfarY21GVFAQAEIJRwAAAAAAAAAA"} -01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447412088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447412088,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","tls": {"version":"TLSv1.3","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447412088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447412088,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447437859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447437859,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo2NFAADcGeqhoEcYlwKgBdwG7ybQgqbhtGMRKC1AQAEK35gAAAAAAAAAA"} -01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447447323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447447323,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","tls": {"version":"TLSv1.3","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447447323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447447323,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447498308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447498308,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoH25AADQGtIJoFkiqwKgBdwG7ybVDiAdu8KRdulAQAELX7AAAAAAAAAAA"} -01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447500011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447500011,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447500011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447500011,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447502334,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447502334,"pkt":"eDHBvV4kEBMxuRBeCABFAAAofoRAADQGVWxoFkiqwKgBdwG7ybcBQwC1AC9kslAQAEIKZwAAAAAAAAAA"} -01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447506495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447506495,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447506495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447506495,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447513175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447513175,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoowNAADQGMO1oFkiqwKgBdwG7ybbraGnzSz6N4FAQAEJCxgAAAAAAAAAA"} -01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447515088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447515088,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447783794,"flow_dst_last_pkt_time":1604822447783495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5882,"midstream":0,"thread_ts_usec":1604822447783794,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":32040.9,"max":143742,"stddev":43042.9,"var":1852691072.0,"ent":3.8,"data": [81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500]},"pktlen": {"min":40,"avg":271.3,"max":1500,"stddev":409.4,"var":167573.6,"ent":3.8,"data": [64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40]},"bins": {"c_to_s": [12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [4.459277153,4.906957626,4.521928787,7.339107990,4.501398087,7.864248276,7.833704948,4.680641651,5.877521515,6.990070820,7.449111938,6.292889118,6.375582218,7.833081245,4.709867954,4.544876099,7.609548569,4.680641651,5.444761276,4.457919598,5.626344681,4.680641651,7.643690109,5.580639362,4.630641460,4.630641460,7.406938553,4.680641651,5.636977673,4.680641651,7.347516537,4.680641651]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447515088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447515088,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02511{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447783794,"flow_dst_last_pkt_time":1604822447783495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5882,"midstream":0,"thread_ts_usec":1604822447783794,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":32040.9,"max":143742,"stddev":43042.9,"var":1852691072.0,"ent":3.8,"data": [81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500]},"pktlen": {"min":40,"avg":271.3,"max":1500,"stddev":409.4,"var":167573.6,"ent":3.8,"data": [64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40]},"bins": {"c_to_s": [12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [4.459277153,4.906957626,4.521928787,7.339107990,4.501398087,7.864248276,7.833704948,4.680641651,5.877521515,6.990070820,7.449111938,6.292889118,6.375582218,7.833081245,4.709867954,4.544876099,7.609548569,4.680641651,5.444761276,4.457919598,5.626344681,4.680641651,7.643690109,5.580639362,4.630641460,4.630641460,7.406938553,4.680641651,5.636977673,4.680641651,7.347516537,4.680641651]},"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00954{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444594879,"flow_dst_last_pkt_time":1604822444595017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":114,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822448523987,"flow_dst_last_pkt_time":1604822448523926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":6898,"flow_dst_tot_l4_payload_len":10164,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com"}} -00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445727508,"flow_dst_last_pkt_time":1604822445705929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":12913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01316{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445727508,"flow_dst_last_pkt_time":1604822445705929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":12913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447574511,"flow_dst_last_pkt_time":1604822447785853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":3583,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447595974,"flow_dst_last_pkt_time":1604822447807205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":3582,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447785923,"flow_dst_last_pkt_time":1604822447869770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447844256,"flow_dst_last_pkt_time":1604822447844195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447839595,"flow_dst_last_pkt_time":1604822447839532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":442,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1604822448523987} +01315{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447785923,"flow_dst_last_pkt_time":1604822447869770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01309{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447844256,"flow_dst_last_pkt_time":1604822447844195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01309{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447839595,"flow_dst_last_pkt_time":1604822447839532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":442,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1604822448523987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 442/442 ~~ skipped flows.............: 0 @@ -85,10 +85,10 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7082488 bytes -~~ total memory freed........: 7082488 bytes -~~ total allocations/frees...: 114727/114727 +~~ total memory allocated....: 7657872 bytes +~~ total memory freed........: 7657872 bytes +~~ total allocations/frees...: 126462/126462 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars -~~ json message max len.......: 2170 chars -~~ json message avg len.......: 1349 chars +~~ json message max len.......: 2516 chars +~~ json message avg len.......: 1521 chars diff --git a/test/results/default/nomachine.pcapng.out b/test/results/default/nomachine.pcapng.out index 0e1181ac7..d1c1d8c06 100644 --- a/test/results/default/nomachine.pcapng.out +++ b/test/results/default/nomachine.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703593377933911} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1703593377933911} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703593377933911,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377933911,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703593377933911,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":48084,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377933911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703593377933911,"pkt":"CAAniDE88C90rUP1CABFAAA8XExAAEAGq2fAqFjnwKhY0LvUD6Ca7uG5AAAAAKACfXgzNwAAAgQFtAQCCAq5wW2uAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377934101,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703593377934101,"pkt":"8C90rUP1CAAniDE8CABFAAA0fEFAAIAGS3rAqFjQwKhY5w+gu9QTl9o0mu7huoAS\/\/8GDgAAAgQFtAEDAwgBAQQC"} @@ -17,7 +17,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1703593431350223,"flow_dst_last_pkt_time":1703593431337702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":52,"pkt_l4_len":18,"thread_ts_usec":1703593431350223,"pkt":"CAAniDE88C90rUP1CABFEAAmt+RAAEART8rAqFjnwKhY0NrTD6AAEjMsAQABAAoAAwAAAA=="} 01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1703593377933911,"flow_src_last_pkt_time":1703593388402510,"flow_dst_last_pkt_time":1703593388402639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":2598,"midstream":0,"thread_ts_usec":1703593431783751,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":48084,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"NoMachine","proto_id":"378","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1703593431289999,"flow_src_last_pkt_time":1703593431710396,"flow_dst_last_pkt_time":1703593431783751,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1703593431783751,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":56019,"dst_port":4000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"NoMachine","proto_id":"378","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":73,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703593431783751} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":73,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1703593431783751} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 73/73 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912166 bytes -~~ total memory freed........: 6912166 bytes -~~ total allocations/frees...: 114224/114224 +~~ total memory allocated....: 7489762 bytes +~~ total memory freed........: 7489762 bytes +~~ total allocations/frees...: 125955/125955 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2301 chars diff --git a/test/results/default/ocs.pcap.out b/test/results/default/ocs.pcap.out index a5654a1d0..f7ee256f9 100644 --- a/test/results/default/ocs.pcap.out +++ b/test/results/default/ocs.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449652784341686} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449652784341686} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652784341686,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652784341686,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786071163,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} @@ -40,13 +40,13 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1449652787003032,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652787003032,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1449652787075138,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787075138,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1449652787100546,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_usec":1449652787100546,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01371{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652787003032,"flow_src_last_pkt_time":1449652787100546,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787100546,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652787003032,"flow_src_last_pkt_time":1449652787100546,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787100546,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1449652787155971,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652787155971,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1449652787196365,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652787196365,"pkt":"RQAAQLBkQABABm0\/wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlgxwAAAEBCAoANYLTGASmTQEBBQrizMI04szHoA=="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787196993,"flow_dst_last_pkt_time":1449652787003032,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652787196993,"pkt":"RQAAQLBlQABABm0+wKi0Atg60C6hBwG7mRQzWuLMvMiwEADlffQAAAEBCAoANYLTGASmTQEBBQrizMI04szMyA=="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1449652787273902,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787273902,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":273,"pkt_l4_len":253,"thread_ts_usec":1449652787289491,"pkt":"RQABESFOQABABqYRwKi0AhcV5seZXwG7KAKjIVpZIEyAGADlY\/8AAAEBCAoANYLdl2cJ1hYDAQDYAQAA1AMBVmhd8h0B5s6XDqG2jAg9OuLJnsmZQXwY4InZKY+7bC8AAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAZQAAAB0AGwAAGHNldHRpbmdzLmNyYXNobHl0aWNzLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABkAIwAA"} -01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787289491,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer","hostname":"settings.crashlytics.com","domainame":"settings.crashlytics.com","tls": {"version":"TLSv1","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1449652786152820,"flow_src_last_pkt_time":1449652787289491,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787289491,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","proto_id":"91.275","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":4,"category":"DataTransfer","hostname":"settings.crashlytics.com","domainame":"settings.crashlytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787439592,"flow_dst_last_pkt_time":1449652786152820,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787439592,"pkt":"RQAANCFPQABABqbtwKi0AhcV5seZXwG7KAKj\/lpZJECAEAEE+OkAAAEBCAoANYLsl2cKCg=="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1449652787479949,"flow_dst_last_pkt_time":1449652786395470,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652787479949,"pkt":"RQAANGAeQABABlqlwKi0AomHgc6vnwBQfAzi7h3gADyAEAD1OwIAAAEBCAoANYLwvXlNHw=="} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652787507858,"flow_src_last_pkt_time":1449652787507858,"flow_dst_last_pkt_time":1449652787507858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652787507858,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} @@ -66,7 +66,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1449652788109953,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652788109953,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1449652788188776,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652788188776,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1449652788195073,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_usec":1449652788195073,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652788109953,"flow_src_last_pkt_time":1449652788195073,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788195073,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.OCS","proto_id":"91.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocs.labgency.ws","domainame":"ocs.labgency.ws","tls": {"version":"TLSv1","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","ja4":"t10d350300_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652788109953,"flow_src_last_pkt_time":1449652788195073,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652788195073,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.OCS","proto_id":"91.218","proto_by_ip":"OCS","proto_by_ip_id":218,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"ocs.labgency.ws","domainame":"ocs.labgency.ws","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350300_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1449652788328873,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652788328873,"pkt":"RQAAQMDeQABABoH\/wKi0ArL40DbC2QBQ64tGkd7mVuSwEADl2G4AAAEBCAoANYNFRwX+CwEBBQre5lxQ3uZhvA=="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1449652788329445,"flow_dst_last_pkt_time":1449652787983929,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_usec":1449652788329445,"pkt":"RQAASMDfQABABoH2wKi0ArL40DbC2QBQ64tGkd7mVuTQEADlJtQAAAEBCAoANYNFRwX+CwEBBRLe5mco3uZslN7mXFDe5mG8"} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1449652788467521,"flow_dst_last_pkt_time":1449652788109953,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_usec":1449652788467521,"pkt":"RQABBDlpQABABgixwKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlC+8AAAEBCAoANYNTRwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} @@ -80,7 +80,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1449652797357367,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652797357367,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1449652797427671,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652797427671,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1449652797442905,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_usec":1449652797442905,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652797357367,"flow_src_last_pkt_time":1449652797442905,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652797442905,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652797357367,"flow_src_last_pkt_time":1449652797442905,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652797442905,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1449652797505002,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652797505002,"pkt":"RQAANAMXQABABslcwKi0AkDpuLyAsgG7QZiGtKTu+oaAEAES8esAAAEBCAoANYbaHkOF7A=="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1449652797508005,"flow_dst_last_pkt_time":1449652797357367,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652797508005,"pkt":"RQAANAMYQABABslbwKi0AkDpuLyAsgG7QZiGtKTu\/\/KAEAE\/7FEAAAEBCAoANYbbHkOF7A=="} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652798230623,"flow_src_last_pkt_time":1449652798230623,"flow_dst_last_pkt_time":1449652798230623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798230623,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} @@ -90,7 +90,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1449652798305095,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652798305095,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1449652798386903,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1449652798386903,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1449652798392604,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_usec":1449652798392604,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01372{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652798305095,"flow_src_last_pkt_time":1449652798392604,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798392604,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1449652798305095,"flow_src_last_pkt_time":1449652798392604,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652798392604,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1449652798478689,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652798478689,"pkt":"RQAAQHALQABABm65wKi0AkDppl+6uwG7gNP32xI082ewEADl\/WcAAAEBCAoANYc8AMsH6wEBBQoSNPjTEjT+Pw=="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1449652798479498,"flow_dst_last_pkt_time":1449652798305095,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1449652798479498,"pkt":"RQAAQHAMQABABm64wKi0AkDppl+6uwG7gNP32xI082ewEADl+h8AAAEBCAoANYc8AMsH6wEBBQoSNPjTEjUBhw=="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1449652802635237,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652802635237,"pkt":"RQAAPDy8QABABnyZwKi0AomHgzS0VhQCr\/++QwAAAACgAjkIzeQAAAIEBbQEAggKADWI3AAAAAABAwMG"} @@ -134,7 +134,7 @@ 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652818681770,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"Azure","proto_id":"276","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1449652787596837,"flow_src_last_pkt_time":1449652818681770,"flow_dst_last_pkt_time":1449652787596837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":946,"packets-processed":946,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1449652846380718} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":946,"packets-processed":946,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1449652846380718} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 946/946 ~~ skipped flows.............: 0 @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7005512 bytes -~~ total memory freed........: 7005512 bytes -~~ total allocations/frees...: 115337/115337 +~~ total memory allocated....: 7583199 bytes +~~ total memory freed........: 7583199 bytes +~~ total allocations/frees...: 127073/127073 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 2403 chars diff --git a/test/results/default/ocsp.pcapng.out b/test/results/default/ocsp.pcapng.out index f4a2fcc06..62b437634 100644 --- a/test/results/default/ocsp.pcapng.out +++ b/test/results/default/ocsp.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623221248283182} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623221248283182} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248283182,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623221248283182,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_usec":1623221248292856,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} @@ -7,7 +7,7 @@ 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":405,"thread_ts_usec":1623221248318158,"pkt":"pJGxgjQ56CrqthSFCABFAAGp7YpAAIAG62\/AqAHjbUbwgsKVAFBAnkIfoZ8N0VAYAgFHiQAAR0VUIC9WQS9BVVRILVJPT1QvTUZFd1R6Qk5NRXN3U1RBSkJnVXJEZ01DR2dVQUJCU3c0eDV2NGJUbGl6ak5SbVRka1lTeTdxMFI5Z1FVVXRpSU9zaWZlR2J0aWZON09IQ1V5UUlDTnRBQ0VFV1hNdGp6R010MWs2TDBhQSUyQlE2dGslM0QgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2UgPSAxMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBXZWQsIDIxIEFwciAyMDIxIDEzOjQ5OjM4IEdNVA0KSWYtTm9uZS1NYXRjaDogImRlMDQyYTM0N2M4MzUwNDcwNTI4NTdkZTE4NThjYTA2Yjc3ZTc4NmUiDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzEwLjANCkhvc3Q6IG9jc3AwNy5hY3RhbGlzLml0DQoNChmBEQkAUQBRAWQAAQAAAggAAAAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyeeDo="} 01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":385,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":385,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248318158,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp07.actalis.it","domainame":"ocsp07.actalis.it","http": {"url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248329809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_usec":1623221248329809,"pkt":"6CrqthSFpJGxgjQ5CABFAAAoCt1AADUGGp9tRvCCwKgB4wBQwpWhnw3RQJ5DoFAQAB+YzAAAAAAAAAAAGYERCQBRAFEBZAABAAACCAAAAAAAAAAAAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVd3OEQ=="} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1623222699655905} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1623222699655905} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222699655905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699655905,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699659281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699659281,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} @@ -41,7 +41,7 @@ 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623223091739953,"flow_dst_last_pkt_time":1623223091766742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623223091766742,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA09eZAAC8GfBuXi4AOwKgBgABQhiREDjpl1HrQroAQAQXUjAAAAQEICnuayJLLCQ4hGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JxURA=="} 01001{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222909833905,"flow_dst_last_pkt_time":1623222909829628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"r3.o.lencr.org"}} 01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222892672181,"flow_dst_last_pkt_time":1623222892670553,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":702,"flow_src_tot_l4_payload_len":788,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.pki.goog"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1623226796047107} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1623226796047107} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226796047107,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796047107,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796050182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796050182,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} @@ -52,7 +52,7 @@ 01010{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223090984057,"flow_src_last_pkt_time":1623223156058732,"flow_dst_last_pkt_time":1623223156084748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":393,"flow_dst_max_l4_payload_len":728,"flow_src_tot_l4_payload_len":393,"flow_dst_tot_l4_payload_len":1199,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"geant.ocsp.sectigo.com"}} 01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223091709422,"flow_src_last_pkt_time":1623223156773701,"flow_dst_last_pkt_time":1623223156800666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":917,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.usertrust.com"}} 02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226898935296,"flow_dst_last_pkt_time":1623226888697884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623226898935296,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":297,"avg":6307708.5,"max":10240173,"stddev":4932344.5,"var":24328020164608.0,"ent":4.3,"data": [3075,7547,2588,10413,297,8000,10198565,10205648,10239932,10239686,10240046,10239807,10240147,10240173,10239675,10239894,594543,595404,7786,346,7916,7271,10142015,10148632,10239909,10240023,10239943,10239865,10239954,10239944,10239922]},"pktlen": {"min":104,"avg":215.7,"max":903,"stddev":247.8,"var":61420.8,"ent":4.3,"data": [112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0],"entropies": [3.868270159,4.279380798,4.030010700,6.270659924,4.342348576,7.048072815,4.407741547,4.407741547,4.327831268,4.388510704,4.373551369,4.383797169,4.361579418,4.395769119,4.336050510,4.388510704,4.327831268,6.267565727,7.008815289,4.357307434,6.261363029,7.018546581,4.348686218,4.395769119,4.303886890,4.330818176,4.342348576,4.395769119,4.342348576,4.414999962,4.272684097,4.376538277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.digicert.com"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1623227471703092} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1623227471703092} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227471703092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471703092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471715055,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} @@ -70,7 +70,7 @@ 01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":23,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226963037756,"flow_dst_last_pkt_time":1623226963033362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623227472228502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.digicert.com"}} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227472211039,"flow_src_last_pkt_time":1623227587349174,"flow_dst_last_pkt_time":1623227584757187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":401,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1998,"midstream":0,"thread_ts_usec":1623227587349174,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7344654.5,"max":10240632,"stddev":4532510.5,"var":20543650660352.0,"ent":4.5,"data": [3378,7400,923,8114,615,0,9140,0,10126876,10134843,10240392,10240491,10239169,10239578,10239933,10239705,10239910,10239519,10239942,10240185,10239877,10240084,10240632,10240175,10239571,10239443,10239518,10240005,10239975,10240013,2594877]},"pktlen": {"min":104,"avg":179.5,"max":1448,"stddev":263.0,"var":69147.6,"ent":4.2,"data": [112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.821438313,4.185985565,4.099675179,6.228553295,4.350049019,6.867750645,7.448840618,4.438944817,4.354762554,4.362021446,4.304766178,4.350049019,4.400483131,4.381252289,4.400483131,4.354762554,4.328273296,4.342790604,4.381252289,4.419713974,4.400483131,4.419713974,4.373993397,4.347504139,4.362021446,4.362021446,4.400483131,4.400483131,4.400483131,4.354762554,4.381252289,4.362021446]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.globalsign.com"}} 02336{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623227587366039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":379,"avg":7461984.0,"max":10240568,"stddev":4364520.0,"var":19049033498624.0,"ent":4.6,"data": [11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865]},"pktlen": {"min":104,"avg":148.3,"max":1110,"stddev":185.9,"var":34567.0,"ent":4.5,"data": [112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.sca1b.amazontrust.com"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1623229632695852} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1623229632695852} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229632695852,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632695852,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632706990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632706990,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} @@ -90,7 +90,7 @@ 01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229697731607,"flow_dst_last_pkt_time":1623229697742645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":399,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":2325,"midstream":0,"thread_ts_usec":1623229853240025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp09.actalis.it"}} 02268{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229914599193,"flow_dst_last_pkt_time":1623229904370774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229914599193,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3776043.2,"max":10241196,"stddev":4797137.5,"var":23012529143808.0,"ent":3.6,"data": [12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196]},"pktlen": {"min":104,"avg":324.2,"max":1552,"stddev":431.7,"var":186386.9,"ent":4.1,"data": [112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net"}} 01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229968257993,"flow_dst_last_pkt_time":1623229968253231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229968257993,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"ocsp.entrust.net"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":344,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":93,"global_ts_usec":1623229968257993} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":344,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":93,"global_ts_usec":1623229968257993} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 344/344 ~~ skipped flows.............: 0 @@ -99,9 +99,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6940965 bytes -~~ total memory freed........: 6940965 bytes -~~ total allocations/frees...: 114647/114647 +~~ total memory allocated....: 7518750 bytes +~~ total memory freed........: 7518750 bytes +~~ total allocations/frees...: 126388/126388 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 610 chars ~~ json message max len.......: 2341 chars diff --git a/test/results/default/oicq.pcap.out b/test/results/default/oicq.pcap.out index a76e4dd9f..4dbd813f0 100644 --- a/test/results/default/oicq.pcap.out +++ b/test/results/default/oicq.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268613307049} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268613307049} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268613307049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPScAAH8RGbBak0XSOjwKLes1H0AANIavAjsLAAEAF1YfDHsAAAAAAAAAAAMMlJ+zUQxZy9Un0Z5pU0guyHcIAQMORwM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -7,12 +7,12 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268913703107,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSgAAH8RGa9ak0XSOjwKLcqsH0AANFdMAjsLAAEAGFYfDHsAAAAAAAAAAJUhAaG8xF21dBTbCxrBaZ+t+aiKzUY1kAM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1680269514154280} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1680269514154280} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680269514154280,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSkAAH8RGa5ak0XSOjwKLc7\/H0AANPYkAjsLAAEAGVYfDHsAAAAAAAAAAKhtUEIbzHlgMmERsceS0laTgR+KI\/5vkgM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1680270114424358} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1680270114424358} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270114424358,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSoAAH8RGa1ak0XSOjwKLeuAH0AANLaSAjsLAAEAGlYfDHsAAAAAAAAAAHIfgiYehh8JPACfYPLg8l+caYHP9b+9JgM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -21,12 +21,12 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270414717786,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSsAAH8RGaxak0XSOjwKLdycH0AANEx1AjsLAAEAG1YfDHsAAAAAAAAAANpJfKYT0Ryz+aBUCJQmm3E1JJMTGfDeMAM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271315336178} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1680271315336178} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680271315336178,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPSwAAH8RGaNak0XSOjwKLfaQH0AAPKJVAjsLAAEAHFYfDHsAAAAAAAAAAKF1kSEZtb31Z91P5eVH+3H\/XNRbq1mbBkN1QzOmufZjAw=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680272216023814} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1680272216023814} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272216023814,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS0AAH8RGapak0XSOjwKLf78H0AANGR+AjsLAAEAHVYfDHsAAAAAAAAAABC\/b\/FaO8NX3ow0SpVuxleAYQpSAJHDrAM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -35,12 +35,12 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272516212933,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS4AAH8RGalak0XSOjwKLf2UH0AANMlWAjsLAAEAHlYfDHsAAAAAAAAAAI+qjiPRJ\/u\/cdGMS8LW+dngAZ0OFZuzPgM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1680273116819582} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1680273116819582} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273116819582,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS8AAH8RGahak0XSOjwKLcC8H0AANKFRAjsLAAEAH1YfDHsAAAAAAAAAAGiC69yGgMUx92oMUP15OHaWEtAFKBJg6gM="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1680273717338677} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":43,"global_ts_usec":1680273717338677} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273717338677,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTAAAH8RGadak0XSOjwKLeRCH0AANBEEAjsLAAEAIFYfDHsAAAAAAAAAAOQm9qMvASjhq0T6Cr3RQBjzmxHyj0olfgM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -49,12 +49,12 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680274017625228,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTEAAH8RGaZak0XSOjwKLdgqH0AANBk0AjsLAAEAIVYfDHsAAAAAAAAAALAMY\/61mJRnLdmXH\/a+5XvG93JYzPFyvwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1680274918349074} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1680274918349074} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680274918349074,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTIAAH8RGZ1ak0XSOjwKLdPZH0AAPHdfAjsLAAEAIlYfDHsAAAAAAAAAABJ4YEXvzr3zkL8fAPHU+AaqqxE1nh1DPhgzD2yLU4OaAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1680275819196595} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1680275819196595} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680275819196595,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTMAAH8RGaRak0XSOjwKLdneH0AANEhvAjsLAAEAI1YfDHsAAAAAAAAAAA7tzaHdQBYXiEP2eDEHbqtlCQx3mvOOQwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -63,12 +63,12 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276119381110,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTQAAH8RGaNak0XSOjwKLc23H0AANGQTAjsLAAEAJFYfDHsAAAAAAAAAAH5\/86O6C\/6oc6QtupshFzvfGOzGq1kWMAM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1680276720080049} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1680276720080049} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276720080049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTUAAH8RGaJak0XSOjwKLeWtH0AANCNuAjsLAAEAJVYfDHsAAAAAAAAAAOfQosq40rbQVcEHr6+k1HsQqBLVBYy2SwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1680277320536086} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1680277320536086} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277320536086,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTYAAH8RGaFak0XSOjwKLcSLH0AANDKiAjsLAAEAJlYfDHsAAAAAAAAAABPcV9TW4fy3oyeAa\/WodHk3effNstz6EQM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -77,7 +77,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277620833862,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTcAAH8RGaBak0XSOjwKLf6LH0AANLaQAjsLAAEAJ1YfDHsAAAAAAAAAANS9Q3kd0FmYWd3Uf+Xg+P4mhn413hSayQM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277620833862,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65163,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1680278521565201} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1680278521565201} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680278521565201,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTgAAH8RGZdak0XSOjwKLemaH0AAPB4SAjsLAAEAKFYfDHsAAAAAAAAAAKFll4WxNdJzXtLohsymAZ1jNPZvKGZFaXXrxKKKG7vTAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -86,7 +86,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279061837712,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTkAAH8RGZZak0XSOjwKLewSH0AAPPJqAjsLAAEAKVYfDHsAAAAAAAAAAJhDGOK9LMdpjjjviAsbixbbc8osj3yMjsE0K023rJnBAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279061837712,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60434,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1680279121904368} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1680279121904368} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680279121904368,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPToAAH8RGZ1ak0XSOjwKLewUH0AANBeiAjsLAAEAKlYfDHsAAAAAAAAAABvY2XPSxvc7WnJKZ5fJlh+djy9P\/NTEXwM="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -129,7 +129,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279662417873,"flow_src_last_pkt_time":1680279662417873,"flow_dst_last_pkt_time":1680279662417873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49199,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279542287953,"flow_src_last_pkt_time":1680279542287953,"flow_dst_last_pkt_time":1680279542287953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":57872,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1680279722494153} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1680279722494153} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279722494153,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPUIAAH8RGY1ak0XSOjwKLe7rH0AAPKRcAjsLAAEAMlYfDHsAAAAAAAAAANlKD4uzkK+P1FvZR1\/HG2wowc5Ia4pes0u+tN09VwqFAw=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -143,7 +143,7 @@ 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279962659139,"flow_src_last_pkt_time":1680279962659139,"flow_dst_last_pkt_time":1680279962659139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64420,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1680279962659139} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1680279962659139} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -152,9 +152,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6975094 bytes -~~ total memory freed........: 6975094 bytes -~~ total allocations/frees...: 114474/114474 +~~ total memory allocated....: 7552690 bytes +~~ total memory freed........: 7552690 bytes +~~ total allocations/frees...: 126205/126205 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/ookla.pcap.out b/test/results/default/ookla.pcap.out index 16b7c6b50..8c76e586a 100644 --- a/test/results/default/ookla.pcap.out +++ b/test/results/default/ookla.pcap.out @@ -1,4 +1,4 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,15 +31,15 @@ 00919{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1679653269908388,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269908388,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0d9xAAEAGx6LAqAGAaBDRDL7WAbvTK4fea1RAWIAQAfZrSQAAAQEICo25BcBAz3Kn"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1679653269910213,"pkt":"ILAB4IZiPKn0qB\/sCABFAAI5d91AAEAGxZzAqAGAaBDRDL7WAbvTK4fea1RAWIAYAfa4FAAAAQEICo25BcJAz3KnFgMBAgABAAH8AwOTb4oxeXvjc\/45zkuVq4G3Zgn7TLoS1mljZT9BkHGn2CDtXOYXkAvuYV+YZrFG8XIpj5iT35mrgepNsvEywjPasgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuc3BlZWR0ZXN0Lm5ldAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA0PGs+cvY7SZzZ7ub5BC\/x6sXI+NPwgqK8CA+8hBBoUAAXAEEE8gwagQRgBRZQFjLsDlZBIDoi55K5OCyygtEfRg6ZTvyJ0PS0\/RImIv79eDtxwURuWaTzp0u6GF0tY0r+YgsRoAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269924034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269924034,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0tiRAADkGkFpoENEMwKgBgAG7vtZrVEBY0yuJ44AQAAhrHwAAAQEICkDPcriNuQXC"} -01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01149{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069114050266,"flow_dst_last_pkt_time":1491069114084923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":1434,"flow_dst_tot_l4_payload_len":1546,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"massarosa-1.speedtest.welcomeitalia.it"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069115874461,"flow_dst_last_pkt_time":1491069115908957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306712675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306712675,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,12 +47,12 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653306719019,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGuYlZYGyqwKgBgB+Qi\/ZNWoqZHmeg66AScSCZvQAAAgQFtAQCCApaPwmg5DYp\/AEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1679653306719028,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306719028,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0211AAEAG1zPAqAGAWWBsqov2H5AeZ6DrTVqKmoAQAfY3rQAAAQEICuQ2KgNaPwmg"} 01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_usec":1679653306722610,"pkt":"ILAB4IZiPKn0qB\/sCABFAAKo215AAEAG1L7AqAGAWWBsqov2H5AeZ6DrTVqKmoAYAfbO\/gAAAQEICuQ2KgZaPwmgFgMBAm8BAAJrAwP259mDz8GEpoy1f+OzLC\/9thLG4EqdLGdZzXCGK9Q4uiBQNxCTYiOnTdmODfCjz\/77scOJabNQfOM8CXn\/Kv428AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAgAAAAAjACEAAB5zcGQtcHViLW1pLTAxLTAxLmZhc3R3ZWJuZXQuaXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCmIGoQSjFxbhP0oQ2mf3jldqLVT4IJ26DAHB\/y9dgXLwAXAEEE8z8E+HP3NhUI\/F3JutRCkkZAA38B+4XEE0qHvfJW\/ErxaU6ku0G019ynBdDwM0s6b8hWwbPTFIbOGQegCvJDQAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwB8AhNezxWqfHNqTai25upcAXujZ45XM67IJ06apg7LqGTJweebMuDRIw07Sj31fESMcFNp17AprOYwSXu+YS9IV7JhT9qQ4OZmstow1igpGfzEfe\/xOI8FkLjugMpGDY1pCU3HpxsD9EoT1P15QOhLf1dMPMUABrcy7YEdQeCwvbp2qZm8hgV1Lh+SnlNLe9mxhXktl5gH4Z6wg4QeX0rx2IRHvSjtKcrCLpyghx76lSgi1P+ZDn7AN\/VgIhiOzujGKo4YAISC+J4uYrIYL20ogu5h0JOx5bT1YAelSKoit\/6udwZ+98w=="} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01361{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306727552,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0gz1AADkGNlRZYGyqwKgBgB+Qi\/ZNWoqaHmejX4AQAO02NQAAAQEIClo\/CarkNioG"} -01445{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7078439 bytes -~~ total memory freed........: 7078439 bytes -~~ total allocations/frees...: 114343/114343 +~~ total memory allocated....: 7656103 bytes +~~ total memory freed........: 7656103 bytes +~~ total allocations/frees...: 126076/126076 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 520 chars ~~ json message max len.......: 1469 chars diff --git a/test/results/default/opc-ua.pcap.out b/test/results/default/opc-ua.pcap.out index f93ab9697..0e427d578 100644 --- a/test/results/default/opc-ua.pcap.out +++ b/test/results/default/opc-ua.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1667935846902658} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1667935846902658} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667935846902658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902658,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1667935846902658,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB4EwS6GFQCpcAAAAAsAL\/\/\/40AAACBD\/YAQMDBgEBCAoPc0QGAAAAAAQCAAA="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902713,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1667935846902713,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEujgTNa5EYBhUAqYsBL\/\/\/40AAACBD\/YAQMDBgEBCArMdzRpD3NEBgQCAAA="} @@ -9,7 +9,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846902780,"flow_dst_last_pkt_time":1667935846902729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667935846902780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02095{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846904298,"flow_dst_last_pkt_time":1667935846904284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":608,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":1518,"midstream":0,"thread_ts_usec":1667935846904298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":105.4,"max":198,"stddev":44.3,"var":1960.7,"ent":4.8,"data": [55,64,16,58,86,65,129,99,163,105,151,161,191,96,147,149,198,71,115,70,128,91,151,80,135,60,116,75,126,40,75]},"pktlen": {"min":52,"avg":127.3,"max":660,"stddev":136.7,"var":18687.8,"ent":4.5,"data": [64,64,52,52,108,52,80,52,184,52,187,52,145,52,556,52,218,52,660,52,213,52,148,52,179,52,123,52,185,52,128,52]},"bins": {"c_to_s": [9,1,1,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,2,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [3.813809156,4.504331589,4.429176807,4.429176807,4.495126247,4.429176807,3.962491751,4.429176807,4.640767574,4.429176331,4.837442398,4.429176807,4.591342926,4.429176807,5.161721230,4.467638016,4.647413254,4.506099701,5.545300007,4.506099701,4.926007271,4.506099701,5.000817299,4.467638016,4.492839813,4.429176331,4.218745708,4.467638016,4.550030231,4.506099701,4.219731808,4.506099701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":191,"flow_dst_packets_processed":190,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846916720,"flow_dst_last_pkt_time":1667935846916692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":608,"flow_src_tot_l4_payload_len":12547,"flow_dst_tot_l4_payload_len":11671,"midstream":0,"thread_ts_usec":1667935846916720,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":381,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1667935846916720} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":381,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1667935846916720} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 381/381 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918686 bytes -~~ total memory freed........: 6918686 bytes -~~ total allocations/frees...: 114519/114519 +~~ total memory allocated....: 7496282 bytes +~~ total memory freed........: 7496282 bytes +~~ total allocations/frees...: 126250/126250 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2100 chars diff --git a/test/results/default/openflow.pcap.out b/test/results/default/openflow.pcap.out index b61c8a4fa..97184c332 100644 --- a/test/results/default/openflow.pcap.out +++ b/test/results/default/openflow.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1510651647846988} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1510651647846988} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647846988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1510651647846988,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647846988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1510651647846988,"pkt":"AAAAAAAAAAAAAAAACABFwAA8Z\/pAAEAG4fNrbgyZa24MmcBSGf3IJEYqAAAAAKACqqrwPAAAAgT\/1wQCCAoALSHQAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647847008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1510651647847008,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGSq5rbgyZa24MmRn9wFJJ4VK7yCRGK6ASqqrwPAAAAgT\/1wQCCAoALSHQAC0h0AEDAwk="} @@ -8,7 +8,7 @@ 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647847632,"flow_dst_last_pkt_time":1510651647847008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1510651647847632,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenFlow","proto_id":"374","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1510651647847632,"flow_dst_last_pkt_time":1510651647847645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1510651647847645,"pkt":"AAAAAAAAAAAAAAAACABFAAA0c2xAAEAG10lrbgyZa24MmRn9wFJJ4VK8yCRGO4AQAFbwNAAAAQEICgAtIdAALSHQ"} 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647905026,"flow_dst_last_pkt_time":1510651647905037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":332,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1510651647905037,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenFlow","proto_id":"374","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1510651647905037} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1510651647905037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908246 bytes -~~ total memory freed........: 6908246 bytes -~~ total allocations/frees...: 114159/114159 +~~ total memory allocated....: 7485842 bytes +~~ total memory freed........: 7485842 bytes +~~ total allocations/frees...: 125890/125890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 984 chars diff --git a/test/results/default/openvpn-tlscrypt.pcap.out b/test/results/default/openvpn-tlscrypt.pcap.out index 383160dd7..54ed1f847 100644 --- a/test/results/default/openvpn-tlscrypt.pcap.out +++ b/test/results/default/openvpn-tlscrypt.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1650106007514745} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1650106007514745} 00318{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007514745,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007514745} 00842{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":405,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":405,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAHDwABaRFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHbwASqAWkBfFCq4GUSOSo9cQoBAAFiWp6XherXcA1dGNrI8eubMXtGovw1Gcq1hdE0qSUXmN9QbxiDHRd46a7OiejGf1dD0MPk4iucd50FgFsaMnpdKvypl7fcSL6ohZSXGm7q1VBY8vKe9uQ52nT4SNExbKeYnzCdcXAfwk\/FqGgC\/tbvoBcc74afkQpK7kdFf49mTbep5TnmLGPzWHjnLPlPib+XvNsvz0ntneaqSEej3IloClIOfCArUmV3ucL7TMZRFHq4GBHofdtPNchyySFJKbBdlA8tkOwMjwU8ATZ0thPHxVzFj6Nwe+jwNEVhalfdlupTlLKZ\/EsuTPZvrhx5yq9zVSvCFUM8sE580FCdW+ddBcK4ILd7gpE\/ORn10yhAhU\/9fhK2ZDFkqZpIcAVdnYrSLyTUxrnVjIDSZoHpnudZAn49hekKUis716LXd7iG+kOAQ8ppqcL3Vjv6f\/S9\/soh9AEr"} 00318{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007515553,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007515553} @@ -26,7 +26,7 @@ 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":248,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":248,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAABwAAzBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEEqtvAAMwA3yBTyW3Qg3JP0gAAAAZiWp6X4TDBIj8FMKCaMGy\/5ppNpwFzKVqGm07B36mb8sfDutACsCazoooxAb09CRBKtSSDOB3ZoXaoXyS+AxDcWnf8fqBBdRVMr4bMrblk8fe\/T314qX91El37bQjPox1pBmWax8jkLpKXOvxWBajpFyDQTvf1njtU3SEGXPy3HJLedps5puK\/Wtnjr0\/0cynLmVYV7YNEe3kt2L0G+rZHwBdj5AWPBi0k23NNNWJhCbObgxbiUXc="} 00320{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007530072,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007530072} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAHDwAARhFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHbwASqAEYAWSiq4GUSOSo9cQoBAAdiWp6XPFguvZHWBZ3ZLhr23uKiXBCtKXDrqUfT5cYY6helo7UeWDO\/E8ZZKOGZeZDi"} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1650106007530072} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1650106007530072} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/0 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 323 chars ~~ json message max len.......: 1969 chars diff --git a/test/results/default/openvpn.pcap.out b/test/results/default/openvpn.pcap.out index e13f5ff00..1b4663ec9 100644 --- a/test/results/default/openvpn.pcap.out +++ b/test/results/default/openvpn.pcap.out @@ -1,4 +1,4 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62262978,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":62262978,"pkt":"UlQAOP1WCAAnCEHSCABFAAAqNcoAAIARnYrAqEsSpqG1EuspAbsAFurKODNIV3A9lts5AAAAAAA="} 00741{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":62409352,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62409352,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -13,7 +13,7 @@ 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562792,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc0AAIARnX\/AqEsSpqG1EuspAbsAHlkyKDNIV3A9lts5AQAAAAHTHDppZGAvoA=="} 01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":291,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":349,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62562792,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":62562858,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562858,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc4AAIARnX7AqEsSpqG1EuspAbsAHlkxKDNIV3A9lts5AQAAAALTHDppZGAvoA=="} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1358197736781122} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1358197736781122} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="} @@ -24,37 +24,37 @@ 02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":64743583,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62569622,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2915,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1467904946700231} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1467904946700231} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467904946700231,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946700231,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946755145,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1467904946755184,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467904946755184,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1467904947700508,"pkt":"hCYVLjtSAA6OGXEMCABFAABgANdAAEAGYYzAqAFNLmXn2ursAbu+lXufbMVVl4AYOQicxwAAAQEICgANe68ANCgCACo4krivSnd\/x0J4ECTCdtmhqMIyGHmgImSzzLyAdwAAAAFXfnOzAAAAAAA="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947752893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467904947752893,"pkt":"AA6OGXEMhCYVLjtSCABFoAA0fZtAADQG8FMuZefawKgBTQG76uxsxVWXvpV7y4AQOJDXpgAAAQEICgA0KPsADXuv"} -01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947753377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1467904947753377,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904948037674,"flow_dst_last_pkt_time":1467904948077757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":1940,"midstream":0,"thread_ts_usec":1467904948077757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":124,"avg":87579.6,"max":997748,"stddev":233509.3,"var":54526590976.0,"ent":2.7,"data": [54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117]},"pktlen": {"min":52,"avg":140.3,"max":357,"stddev":75.3,"var":5671.5,"ent":4.8,"data": [60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]},"bins": {"c_to_s": [6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1],"entropies": [4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947753377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1467904947753377,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02315{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904948037674,"flow_dst_last_pkt_time":1467904948077757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":1940,"midstream":0,"thread_ts_usec":1467904948077757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":124,"avg":87579.6,"max":997748,"stddev":233509.3,"var":54526590976.0,"ent":2.7,"data": [54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117]},"pktlen": {"min":52,"avg":140.3,"max":357,"stddev":75.3,"var":5671.5,"ent":4.8,"data": [60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]},"bins": {"c_to_s": [6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1],"entropies": [4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1467904951543523,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1470218591746723} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1470218591746723} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470218591746723,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1470218591746723,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1470218591941902,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"} -01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1470218591941902,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1470218591941902,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1470218591942539,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470218591942539,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1470218591943377,"pkt":"mAyC0zx8AAjKQoXqCABFAAFL3udAAEARTEHAqCsMizuXiaIjNXABN2YDILAsz\/G18BdPpXrCc4HfKvVooXdu\/RWr9x4wrZ0AAAADV6HBXwAAAAABFgMBAQABAAD8AwNE5fcPgzd79Sso6M19xG8bQl07yo41gslSLfJlFeywdgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218592119150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_usec":1470218592119150,"pkt":"AAjKQoXqmAyC0zx8CABFAAC2YKNAADIR2RqLO5eJwKgrDDVwoiMAohzKIPd\/wu\/b4j9X60eERHhjQN5zfeMCAdw3JKHt7ZoAAAACV6HBXwEAAAABsCzP8bXwF08AAAABFgMDAD4CAAA6AwNhg33pw8JOvroEJqnLpGmzYm+g0be9hVzmVAUEjVB5vQDAMAAAEv8BAAEAAAsABAMAAQIADwABARYDAwWWCwAFkgAFjwACzTCCAskwggGxoAMCAQICAQEwDQ=="} -02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218592449269,"flow_dst_last_pkt_time":1470218592448973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":2054,"midstream":0,"thread_ts_usec":1470218592449269,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":395,"avg":45316.0,"max":195816,"stddev":59561.3,"var":3547546112.0,"ent":3.9,"data": [195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865]},"pktlen": {"min":70,"avg":126.4,"max":331,"stddev":58.6,"var":3436.1,"ent":4.9,"data": [70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":51,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467905010834916,"flow_dst_last_pkt_time":1467905010834882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":4602,"flow_dst_tot_l4_payload_len":4492,"midstream":0,"thread_ts_usec":1470218600860349,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":395,"packets-processed":394,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1472334890224928} +02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218592449269,"flow_dst_last_pkt_time":1470218592448973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":2054,"midstream":0,"thread_ts_usec":1470218592449269,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":395,"avg":45316.0,"max":195816,"stddev":59561.3,"var":3547546112.0,"ent":3.9,"data": [195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865]},"pktlen": {"min":70,"avg":126.4,"max":331,"stddev":58.6,"var":3436.1,"ent":4.9,"data": [70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":51,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467905010834916,"flow_dst_last_pkt_time":1467905010834882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":4602,"flow_dst_tot_l4_payload_len":4492,"midstream":0,"thread_ts_usec":1470218600860349,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":395,"packets-processed":394,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1472334890224928} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472334890224928,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334890224928,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334892420816,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1472334892467380,"pkt":"MFLLbJwbmAyC0zx8CABFAABSgmRAADERuLeLO5eJwKgrEjVwNXAAPoh1QDWQheTdAi5E5ZNzw1yvtD56Ix7qRbnOSoCURYgAAAABV8IMLQEAAAAAZg7imqSQsFkAAAAA"} -01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1472334892467380,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":54,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1472334892467380,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1472334892467532,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1472334892467532,"pkt":"mAyC0zx8MFLLbJwbCABFAABOfN1AAEARr0LAqCsSizuXiTVwNXAAOg7LKGYO4pqkkLBZccsCgHbPMustlcqr4N4\/rNnPtukAAAADV8IMKgEAAAAANZCF5N0CLkQ="} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1472334892467660,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1472334892467660,"pkt":"mAyC0zx8MFLLbJwbCABFAAFLfN5AAEARrkTAqCsSizuXiTVwNXABNw\/IIGYO4pqkkLBZmyjlNBaAxD3dZ4KkKKFzUtIqpCkAAAAEV8IMKgAAAAABFgMBAQABAAD8AwPWitxhdgXJqtNghCcqHLNlospc\/gDFPYmAVgJE80nHTgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} -02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334893134977,"flow_dst_last_pkt_time":1472334893134900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1087,"flow_dst_tot_l4_payload_len":1962,"midstream":0,"thread_ts_usec":1472334893134977,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":187742.6,"max":2242452,"stddev":537269.1,"var":288658030592.0,"ent":2.4,"data": [2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299]},"pktlen": {"min":70,"avg":123.3,"max":331,"stddev":58.9,"var":3466.4,"ent":4.9,"data": [70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218600860349,"flow_dst_last_pkt_time":1470218600859207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":5802,"flow_dst_tot_l4_payload_len":4271,"midstream":0,"thread_ts_usec":1472334896789781,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":515,"packets-processed":514,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1512848303527265} +02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334893134977,"flow_dst_last_pkt_time":1472334893134900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1087,"flow_dst_tot_l4_payload_len":1962,"midstream":0,"thread_ts_usec":1472334893134977,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":187742.6,"max":2242452,"stddev":537269.1,"var":288658030592.0,"ent":2.4,"data": [2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299]},"pktlen": {"min":70,"avg":123.3,"max":331,"stddev":58.9,"var":3466.4,"ent":4.9,"data": [70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218600860349,"flow_dst_last_pkt_time":1470218600859207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":5802,"flow_dst_tot_l4_payload_len":4271,"midstream":0,"thread_ts_usec":1472334896789781,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":515,"packets-processed":514,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1512848303527265} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="} @@ -63,8 +63,8 @@ 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1512848303865302,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_usec":1512848303865302,"pkt":"AAAArFWYSEb7fvLiCABFAACOIDYAAD4RT0EDb6ZOVYYNpcfKBKoAelMSIDn97S2qEKQ3AAAAAAEWAwEAjAEAAIgDA5yZa+33hsQlHJybi\/1GEeSPsfPEVsCkgrx0k4rbr7kYAAAOwC7AMgCfwCzAMAAvAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAM"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1512848303868693,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1512848303868693,"pkt":"AAAArFWYSEb7fvLiCABFAABXqX4AAD4Rxi8Db6ZOVYYNpcfKBKoAQ1UHIDn97S2qEKQ3AAAAAAIACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":58,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334909464448,"flow_dst_last_pkt_time":1472334909465454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":8904,"flow_dst_tot_l4_payload_len":14228,"midstream":0,"thread_ts_usec":1512848313443088,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":615,"packets-processed":614,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1674530805823658} +01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":58,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334909464448,"flow_dst_last_pkt_time":1472334909465454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":8904,"flow_dst_tot_l4_payload_len":14228,"midstream":0,"thread_ts_usec":1512848313443088,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":615,"packets-processed":614,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1674530805823658} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674530805823658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1674530805823658,"pkt":"3q0AAL7vyv4AALq+CABFAAA8en1AAEAG6fp\/AAABfwAAAY0qAbtCnC8cAAAAAKAC+vDWcgAAAgQFtAQCCAqSkA+aAAAAAAEDAwc="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805845857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1674530805845857,"pkt":"yv4AALq+3q0AAL7vCABFAAAsFhoAAIAGTm5\/AAABfwAAAQG7jSoFklDgQpwvHWAS+vBv0AAAAgQFtAAA"} @@ -74,7 +74,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805872386,"flow_dst_last_pkt_time":1674530806093884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1674530806093884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530806238844,"flow_dst_last_pkt_time":1674530806238807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":3980,"flow_dst_tot_l4_payload_len":4153,"midstream":0,"thread_ts_usec":1674530806238844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":26785.0,"max":221529,"stddev":54768.3,"var":2999562752.0,"ent":3.1,"data": [22199,22283,1235,1541,24351,24605,380,617,225,122,221396,221529,844,1007,149,112,201,197,52335,56406,4152,2697,123,2780,147,117,34,22205,65582,61984,18780]},"pktlen": {"min":40,"avg":296.7,"max":1500,"stddev":446.1,"var":199012.8,"ent":3.8,"data": [60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40]},"bins": {"c_to_s": [7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0],"entropies": [4.369529724,4.398030758,4.339823246,5.763498783,3.898455381,5.946529865,4.389823437,5.850727081,3.985411644,7.430057526,3.941933870,7.823157787,4.339823246,5.788781643,7.836597443,4.289823055,3.985411644,5.865244389,3.985411644,7.759013176,5.942167759,3.985411882,7.803529263,7.856170654,3.985411882,7.761924267,3.985411882,3.941933393,5.743062019,4.172574520,7.582319260,4.339823246]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":49,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848321248132,"flow_dst_last_pkt_time":1512848321143065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":4911,"flow_dst_tot_l4_payload_len":6351,"midstream":0,"thread_ts_usec":1674530807378228,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":661,"packets-processed":660,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1721749298243731} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":661,"packets-processed":660,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1721749298243731} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298243731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721749298243731,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298243731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1721749298243731,"pkt":"CL6sCxduJjb1W8R1CABFAAByFAlAAEARlwnAqAyca6FWg6CtAbsAXg+VOJdTVokkhC97pkUdALIEVCzsEYPShleceg0bTnfJM70eRMd4BDg1OZ5GwVuYb5HRiDRn8gPDee+EOUPJkfTX+iIJOkv\/k4ZPuAAAAAFmn88xAAAAAAA="} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1721749298243731,"flow_dst_last_pkt_time":1721749298379296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1721749298379296,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+HVVAADERnLFroVaDwKgMnAG7oK0AaiqzQCYSWT7juyd60fFK\/YXMArx70GFSVLH9+IflmzkT3Z4AnU2vhwbw7\/JWQwQE7vFMojC0XbJhUjJBToQYaU1A50et1DLK3772IwAAAAFmn88yAQAAAACXU1aJJIQvewAAAAA="} @@ -83,7 +83,7 @@ 02037{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298531546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1170,"pkt_l4_len":1136,"thread_ts_usec":1721749298531546,"pkt":"Jjb1W8R1CL6sCxduCABFAASEHXNAADERmI1roVaDwKgMnAG7oK0EcNg8ICYSWT7juyd6nyJXQq7IbIKHQupGskFMGQhmn1uEHfvrLI9agQwLpbq42xt\/cQlErfDfWuqU4rhEMOkaQOsnGRXSIHh6c0qfjAAAAAJmn88yAQAAAAGXU1aJJIQvewAAAAEWAwMAegIAAHYDA06PUH1GbY+hevPYpm8KVJPvOmQQ11f5kIP3iYHNYzsDICbc8cLWFEyBp1Wq3e1+ElooyI9VE1b4rrpefMTYAvguEwIAAC4AKwACAwQAMwAkAB0AIJ8nsxRIqIEANks\/1Ly60GQOU3SO+XmMBrwr2bfmY1pLFAMDAAEBFwMDABcO1biAGtbpY7gLXPQ71amHlRRFYzA5ERcDAwwYiW5x8Xd1PuquDLBQGt5hepR+t+XKjEBRP98VozUYXu0SSaxZ0pHBM60V6G82iQGk28JGyyh4ZrAXJfQrTf5o4pVb4A59XlSgrTg\/Hmb4aE5sR4usYpB4Sr5CcxD71gDcjnS+9+SQUIufQI0Y6NMMJFNoCANXMYni41VuiFo3gsCIT3SrA7dlt2hHjjNWZ\/Rx1NBN38Ol+ZkHBMCv8JV\/KrTSmG3rB2p5sAjxTCwA+ppmg09Pij62Uwi+re9HWQrPmbw+9oXvZY+77y7\/K1geAA5MOlyymCule813Vw0Cofqdb4UTyyoO4qhgS8XNZiN3EQGM1Lv+aU+ToL4urZ45g8wvAvMW5JD2FFI2UvM\/qXHhGpGddqNAdlN7KA+TO8jvq+AkItMOXJ4b0D5ljfH3cpmxUQmZP+66iVpyNLSivKCcSqy2QbhySglUa+xcreYgpzIdhwv9KnTUtpr9A3H58Y8\/5lDVhX8FI5wJ3ZZEB+iRT5SwSHdT99Za42NkLEvMhzXJmbusL0C8wqnFUltqV2Q7c217SGOXg7o+ruQoRFxb64n3baK1kqGswWdArDMrNXhVkdv5IS\/3ZYLVwXGxHcfhX\/rI6S1tdwR4jNXWgHdpgfzKAi13xAu5WlCsCdK4vDkIQNUL7tmbFcWJuEUYXzzecEX9SqWCLqPGE6eVW6fS397jfbH83VSlX6TnmTV9s7RNlAPELxKeUktSr+zt\/WmPbZt2Pg0jGIT66bQ7x5DNOoGF83+eBytUIwi5i3FhD8T1XkOcwkflHd7GCTXsVJzJNaazi6+EtvQYOReV3nphBOy9RnC1cEWyfKLlsygEog3eJlPk1dmlVg2MaN9lX17XIrlfdxGrbooTcRwRPV43RLreI5gBFL3U4kD+lvQW3QHwHrlUarebZMabotE+Bt2a0+tSAaw7PCLpD++tZxVE9r0czsx3v6FDuGR5HTVB7\/7dbcV\/kXoY\/PKTPNGxwMOMlNhLdhImcqKduXsvgnrB8uYVuK9fq5pSKDSrFdfIukfN4VOBPzjzV\/E1P7Z\/qDhLJ3tyzmny4lUewQSRxEwB\/Be0NCDpOEQF1mkno7d6cKZHKK6t+ZRD\/r7geSc34pz40tYzeBf023wAvNzvW7rdvTEGFLurNABtfANjp+Z5"} 01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749298394584,"flow_dst_last_pkt_time":1721749298531546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1128,"flow_src_tot_l4_payload_len":549,"flow_dst_tot_l4_payload_len":1226,"midstream":0,"thread_ts_usec":1721749298531546,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":23,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530807378228,"flow_dst_last_pkt_time":1674530807378181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":4290,"flow_dst_tot_l4_payload_len":4516,"midstream":0,"thread_ts_usec":1721749299378529,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":692,"packets-processed":691,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1722426295459977} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":692,"packets-processed":691,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1722426295459977} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295459977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722426295459977,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295459977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1722426295459977,"pkt":"CL6sCxduJjb1W8R1CABFAABy+w1AAEAR03LAqAyc2YrFK5IHBNIAXtnFOI\/dK55B2KvqxsN8gytkwVh5kGTwbRjoLCbcCU1yQV4PR9iCp\/ikWCzQ2bVD9uuCRAyJ4\/8WjdJ5Z7S\/b9UE8MBYgjT6V286AQAAAAFmqiO2AAAAAAA="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1722426295459977,"flow_dst_last_pkt_time":1722426295463060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1722426295463060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+3+1AADgR9obZisUrwKgMnATSkgcAas\/4QPun5+al\/RJ3+vfB3LWDZwxirRfxNlIkahL4Jiuhp+o\/w8wjNxPFCQXubnU\/xVrVIuP3OB2yztl88I4zr0jZsBsM\/jki2a+LtAAAAAFmqiO3AQAAAACP3SueQdir6gAAAAA="} @@ -93,7 +93,7 @@ 02030{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1722426295465818,"flow_dst_last_pkt_time":1722426295473946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722426295473946,"pkt":"Jjb1W8R1CL6sCxduCABFAAR43\/BAADgR8onZisUrwKgMnATSkgcEZKG1IPun5+al\/RJ3z9xoyS\/6NYkWIP+E\/StwZOexNqFphaUNSbkbFC+6P2KsMWt8PmzNpo6pdhvrrPCYmvXQ6Jr42Gm71AEIZNgxFAAAAANmqiO3AAAAAAEWAwMAegIAAHYDA7q6lvZV+wG+N+iVVUFAXSDj9NGQbDFNNK8zWybgE4s2IM0KzkTCLxWpalLIN1XgyDzss0Uhpeld7k70gGpy01JTEwIAAC4AKwACAwQAMwAkAB0AIJeeDgZWdLstoQ7r1ztT4X6\/lx4iikqGvChGOtY\/SV9xFAMDAAEBFwMDABf438pj9h5fKSmGQXScjUbDiTUoBjBOvBcDAw\/XrEOb2tP+hJ6gg1f4fqr0jRq\/l9c7FrLibzEm7szAv0G+NYIuqgsKlPKMgoX1yg2b17yKsaM1iEUmp3c7u1X1DgT3zlRiMO2KOwAVAaHNvRWBV0M1qpl\/fB\/zTXV336VmlGN1EB2xQtq0Dh7IgHeTR4Gr1E1XhW9Jwbn1zCiTL1yXXtdXHDgYex0uPBICTykMDQ\/Tqv\/uO\/gkhBRdF23f6vg5FTfNuGt+Xy0Fk0ebg0v+GcG59TjCqaQUy+Q03NPLM6yy3yxzJpxPfyn\/mYzwz9EuGm9lP2P0Vvcp18W3EF2kwHKIkJ6mylHoAHh04HK9eJE1ouC0zkv6PLm3RhSZBhiD0NKQvOONiuCyy7ApWTFTvp9eUTzzhk6x16AirTEdZBK+7kCBftO13E0XwSBqRs0OEtQoiUjWPa\/4WyOXRa1ItLraxUvg9lXQYOC3ks5uCttsPvDOiiexC1NlkCoT+1cbgZ93W\/Zw0hQVQEv9nHWQeKHlYFITaSycvKpslooCRfq2oQc2xVZMjgR\/w6Ell9pM48XE49mzAFHa1+X5TBSv4Mg5+jtttTPmA4HycFkAC6Bvaw+o86yDA659C1tYv+GqHmnD6n\/cAChXO5axknJZyf8k2FkfqeEk0J9JjuK9Vk+a49trVCFJoef+roiyXVfXk5iVhyCM6greJpD4Q+M\/CmpdRxk8eefzJbl8exyfr6nL1mReMuS5t4NQSsaLZgubcW3ELfW8c4zkWXK0RID9qY4D8RcQ3qzQBM1xwO9ocFeNPyvL\/iTrZLMifvlcO12hy8uCdZQURdjwxNJ9OzIwyyFwbwyh5T7CN2Gh88GCRNSHVDqC5AeT7yU+P6DGljhpOFK8obCc6HCJVoYBNs5MMEV4KS3j0eQ4KcHSYDRk9oNOnB6CAVT3VazUjrH\/mRaW0rn3iJ+6DRo1q8\/n5aTbYIR31blR6n7qEC9hYsNNR\/ciLMpQyndPKFWmy3pmrISMkM2SLmxD+WJk4g4e6nw2jk+49ZnN+rrNs1tThwzvWfK8tDa0wEY4CZcbKlpXXOPqAPVx555vGYFx3O7s3ZFNqWli24dSWjGQaXYdBMNV\/oHx1sEfLG2WOs+T3JFYZ84H\/ENfWq6nHLhQihj5fuhwjtbsxEA9uLuHd\/kHVOE4"} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1722426295459977,"flow_src_last_pkt_time":1722426295518153,"flow_dst_last_pkt_time":1722426295520888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":1617,"flow_dst_tot_l4_payload_len":5715,"midstream":0,"thread_ts_usec":1722426295520888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"217.138.197.43","src_port":37383,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN.NordVPN","proto_id":"159.426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01210{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":10,"flow_first_seen":1721749298243731,"flow_src_last_pkt_time":1721749299342384,"flow_dst_last_pkt_time":1721749299378529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":749,"flow_dst_max_l4_payload_len":1128,"flow_src_tot_l4_payload_len":2863,"flow_dst_tot_l4_payload_len":5527,"midstream":0,"thread_ts_usec":1722426295520888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.131","src_port":41133,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":706,"packets-processed":706,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1722426295520888} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":706,"packets-processed":706,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":101830,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1722426295520888} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 706/706 ~~ skipped flows.............: 0 @@ -102,10 +102,10 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6955958 bytes -~~ total memory freed........: 6955958 bytes -~~ total allocations/frees...: 114957/114957 +~~ total memory allocated....: 7533620 bytes +~~ total memory freed........: 7533620 bytes +~~ total allocations/frees...: 126691/126691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 508 chars -~~ json message max len.......: 2325 chars -~~ json message avg len.......: 1415 chars +~~ json message max len.......: 2332 chars +~~ json message avg len.......: 1419 chars diff --git a/test/results/default/openvpn_nohmac.pcapng.out b/test/results/default/openvpn_nohmac.pcapng.out index 54d57913a..f9eef0df4 100644 --- a/test/results/default/openvpn_nohmac.pcapng.out +++ b/test/results/default/openvpn_nohmac.pcapng.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512848303527265} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1512848303527265} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="} @@ -10,7 +10,7 @@ 02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":922,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":581,"flow_dst_packets_processed":340,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848356295428,"flow_dst_last_pkt_time":1512848355480664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":112143,"flow_dst_tot_l4_payload_len":149150,"midstream":0,"thread_ts_usec":1512848356295428,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":594,"flow_dst_packets_processed":350,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848376745041,"flow_dst_last_pkt_time":1512848376774734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":113447,"flow_dst_tot_l4_payload_len":150832,"midstream":0,"thread_ts_usec":1512848376774734,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":944,"packets-processed":944,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":264279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1512848376774734} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":944,"packets-processed":944,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":264279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1512848376774734} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 944/944 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6934989 bytes -~~ total memory freed........: 6934989 bytes -~~ total allocations/frees...: 115081/115081 +~~ total memory allocated....: 7512585 bytes +~~ total memory freed........: 7512585 bytes +~~ total allocations/frees...: 126812/126812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 2207 chars diff --git a/test/results/default/openvpn_nohmac_tcp.pcapng.out b/test/results/default/openvpn_nohmac_tcp.pcapng.out index 612c96a3b..771d61d04 100644 --- a/test/results/default/openvpn_nohmac_tcp.pcapng.out +++ b/test/results/default/openvpn_nohmac_tcp.pcapng.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1358197736781122} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1358197736781122} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="} @@ -9,7 +9,7 @@ 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737794869,"flow_dst_last_pkt_time":1358197737799430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1358197737799430,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1358197768802378,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":195,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14695,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1358197768802378} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":195,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14695,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1358197768802378} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 195/195 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915340 bytes -~~ total memory freed........: 6915340 bytes -~~ total allocations/frees...: 114334/114334 +~~ total memory allocated....: 7492936 bytes +~~ total memory freed........: 7492936 bytes +~~ total allocations/frees...: 126065/126065 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2173 chars diff --git a/test/results/default/openvpn_obfuscated.pcapng.out b/test/results/default/openvpn_obfuscated.pcapng.out index cdd23a850..4c16ba60e 100644 --- a/test/results/default/openvpn_obfuscated.pcapng.out +++ b/test/results/default/openvpn_obfuscated.pcapng.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} @@ -14,7 +14,7 @@ 01034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} 02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} @@ -27,7 +27,7 @@ 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01078{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6921655 bytes -~~ total memory freed........: 6921655 bytes -~~ total allocations/frees...: 114340/114340 +~~ total memory allocated....: 7499251 bytes +~~ total memory freed........: 7499251 bytes +~~ total allocations/frees...: 126071/126071 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 558 chars ~~ json message max len.......: 2040 chars diff --git a/test/results/default/openwire.pcapng.out b/test/results/default/openwire.pcapng.out index ca07aab9f..5e0f40254 100644 --- a/test/results/default/openwire.pcapng.out +++ b/test/results/default/openwire.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721660189198049} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721660189198049} 00312{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1721660189198049,"packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","layer_type":402653184,"global_ts_usec":1721660189198049} 00394{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":76,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1721660189198049,"pkt":"GAAAAGALVdYAIAaAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHH1fCwzqyAygAAAACAAv\/\/bQEAAAIE\/8MBAwMIAQEEAg=="} 00312{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1721660189198100,"packet_id":2,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","layer_type":402653184,"global_ts_usec":1721660189198100} @@ -32,7 +32,7 @@ 00377{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_usec":1721660189198049,"pkt":"GAAAAGANetYAFAaAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHwsMfVzqdbMs6sgtFQECf1U\/8AAA=="} 00314{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1721660189201914,"packet_id":16,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","layer_type":402653184,"global_ts_usec":1721660189201914} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":78,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_usec":1721660189198049,"pkt":"GAAAAGANetYAIgaAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHwsMfVzqdbMs6sgtFQGCf1Nd0AAAAAAAoeAAAAAAAAAAAC"} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":43,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1721660190272682} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/openwire.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":43,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1721660190272682} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/0 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 317 chars ~~ json message max len.......: 846 chars diff --git a/test/results/default/opera-vpn.pcapng.out b/test/results/default/opera-vpn.pcapng.out index 414152efd..65263645e 100644 --- a/test/results/default/opera-vpn.pcapng.out +++ b/test/results/default/opera-vpn.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694275752994885} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1694275752994885} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275752994885,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275752994885,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjGAbuXrZxyAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKE5KNpgAAAAAEAgAA"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753007782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753007782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,47 +55,47 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753023076,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMYj3Z30l62cc6AS\/oghkgAAAgQFrAQCCAqZASa0E5KNpgEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753023141,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753023141,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjGAbuXrZxzI92d9YAQCBYGoQAAAQEIChOSjcOZASa0"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753023424,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjGAbuXrZxzI92d9YAYCBYIpgAAAQEIChOSjcOZASa0FgMBAgABAAH8AwODTQ+x0ACNPOHtoKai4yCZQ20u2rDfUoEQwogUwdnnMSB8yEYE1qAtbbSGJViXkvsb6YZ5S2BjaSvP5J7n1VDmMgAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT6uoAAAASAABEaQAFAAMCaDIAMwArAClaWgABAAAdACAvd0922QaYg2tEMSKwr6XMiszOHEkrNy\/\/MmfZeGkgZwAQAA4ADAJoMghodHRwLzEuMQArAAcGCgoDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAFAAUBAAAAAAALAAIBAAAtAAIBAQAXAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AIwAAABsAAwIAAv8BAAEAAAoACgAIWloAHQAXABgqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753023424,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b96f72c556a76c5b13acec3b59f520dd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753023424,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753035867,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yMcH4P5HeE6jtaAS\/ohCrwAAAgQFrAQCCAqZASbDJksthwEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753035983,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753035983,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjHAbt4TqO1B+D+SIAQCBYGoQAAAQEICiZLLaOZASbD"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753036367,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjHAbt4TqO1B+D+SIAYCBYIpgAAAQEICiZLLaOZASbDFgMBAgABAAH8AwMSE63FkdokmS+Fz8J0CVx\/C3da+56yXF5P+Uw6YnyBDSA5HiMw+\/OHzDUauhyPJ8JlfxwOlPgeWiegDyX+TF4QegAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAArAAcGmpoDBAMDRGkABQADAmgyAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABsAAwIAAgASAAAAIwAAAAoACgAIenoAHQAXABgADQASABAEAwgEBAEFAwgFBQEIBgYBAC0AAgEBAAsAAgEAADMAKwApenoAAQAAHQAg0pSGgcpOxt7X6rYDm+drJz1synalQGrhfKxLDUGgQgz\/AQABAAAXAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753036367,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"485d321608abf60490d88c6b010221af","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753036367,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008024,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753037252,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yMgmGyyumuIGo6AS\/oiGtAAAAgQFrAQCCAqZASbFsEmNXQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753037353,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753037353,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjIAbua4gajJhssr4AQCBYGoQAAAQEICrBJjXuZASbF"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753037849,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjIAbua4gajJhssr4AYCBYIpgAAAQEICrBJjXuZASbFFgMBAgABAAH8AwNL+atkM8wKSpDJQgNkwvRuXFo5ydk4Igg3EuddtJLY7yByKo1r+sVL5cokBL0V0OYFfUW3PxzvfUOEyYkhdywPlAAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEABQAFAQAAAAAAFwAAAAsAAgEAAC0AAgEBAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tADMAKwAp+voAAQAAHQAg756NKqB\/Cf7tOGZ3m5gi5e1ynLLv\/BExgsR5ICRQX3kAEgAAACsABwba2gMEAwNEaQAFAAMCaDL\/AQABAAAKAAoACPr6AB0AFwAYACMAAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAJ6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753037849,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"f40971697b0dd2827eea54ea65d19395","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753037849,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008266,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753038325,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yMlbRPVio1atm6AS\/ojbBgAAAgQFrAQCCAqZASbGp7WUUgEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753038405,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753038405,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjJAbujVq2bW0T1Y4AQCBYGoQAAAQEICqe1lHGZASbG"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753038526,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjJAbujVq2bW0T1Y4AYCBYIpgAAAQEICqe1lHGZASbGFgMBAgABAAH8AwPINUOA2GBWs7l8JGHdrNIJ0Uc7JZgPZ5k\/k3OtGj+eIyAUrYEo9rKtJRIFyLLtmPNIQtJuBl6QEVv+VdhQc8DBGgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTysoAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAFwAAACsABwaamgMEAwNEaQAFAAMCaDIAGwADAgACAAoACgAIGhoAHQAXABgAMwArACkaGgABAAAdACDQ8zz5gxphaeZkXBsb0YhVONREHtsxuDVSaX2PA1ezPf8BAAEAAC0AAgEBAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAUABQEAAAAAACMAAAALAAIBAAAQAA4ADAJoMghodHRwLzEuMQASAAAqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753038526,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"310fa0bcc8223ddf7149498a30f17097","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753038526,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008755,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753039487,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMuguxaSLDLiYKAS\/ojm1AAAAgQFrAQCCAqZASbHftuNFAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753039543,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753039543,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjLAbssMuJgoLsWk4AQCBYGoQAAAQEICn7bjTOZASbH"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753039664,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjLAbssMuJgoLsWk4AYCBYIpgAAAQEICn7bjTOZASbHFgMBAgABAAH8AwPwEt+gNZnrB+aqiYIbe4IdBRBT3gEEXfKmvq+9HWPLuCAyVaRgFk9ZybocjjzMo77JnwemW4KFcWHoPEVQFhebawAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTWloAAAAzACsAKRoaAAEAAB0AIHZUkt\/t5KT6AL2QB6\/FZxAyMlpiMZco5gfZAuyaOXJQABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAARGkABQADAmgyAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAsAAgEAABIAAAAjAAAACgAKAAgaGgAdABcAGAANABIAEAQDCAQEAQUDCAUFAQgGBgH\/AQABAAArAAcGamoDBAMDABcAAAAtAAIBAQAbAAMCAAK6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753039664,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"58c47ed77ccd0602805bfe75ed4283ba","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753039664,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008879,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753040749,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMyG7XXhOV8MYKAS\/ojiNAAAAgQFrAQCCAqZASbI53msZgEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753040797,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753040797,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjMAbs5Xwxghu114oAQCBYGoQAAAQEICud5rIaZASbI"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753040918,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjMAbs5Xwxghu114oAYCBYIpgAAAQEICud5rIaZASbIFgMBAgABAAH8AwP+LPLxj64daGunqxMwea5XKyiqIejJs9Y\/tVcQ5KNiISBXKUGB9lbjOGpaf+D09e7T5JroyL0f\/Ic5fdvWC0+MLgAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAFAAUBAAAAAAAtAAIBAQALAAIBAAAzACsAKWpqAAEAAB0AILfHsd6xyChl6k6BdLw4o6eco5HOeLHqqYlLnIcBPa8EABAADgAMAmgyCGh0dHAvMS4xABcAAAAbAAMCAAIACgAKAAhqagAdABcAGAAjAAAAEgAAACsABwZqagMEAwNEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20ADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQCamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753040918,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"afd51562845a41020a43e5d659f59308","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753040918,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009120,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753042084,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yM20aXnn4ut2w6AS\/ogX4AAAAgQFrAQCCAqZASbJc0eleQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753042116,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753042116,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjNAbvi63bDtGl56IAQCBYGoQAAAQEICnNHpZqZASbJ"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009419,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753042241,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yM5b1aswEkCl\/KAS\/ogv0gAAAgQFrAQCCAqZASbKb6xZ3gEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753042269,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753042269,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjOAbsSQKX8W9WrMYAQCBYGoQAAAQEICm+sWf+ZASbK"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753042389,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjNAbvi63bDtGl56IAYCBYIpgAAAQEICnNHpZqZASbJFgMBAgABAAH8AwMNDmGJBtZJmmErQ1OYvrDi0OdB6KpoapreMQC7zYf26CAU2q6RLazLBRLbB1KDiXaYm4um8f86s1k9C\/yNg94kNAAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEACwACAQAABQAFAQAAAAD\/AQABAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAAEgAAAC0AAgEBAAoACgAI6uoAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjEAKwAHBrq6AwQDA0RpAAUAAwJoMgAbAAMCAAIAFwAAADMAKwAp6uoAAQAAHQAgR0wxtwpaB6jhdQtUUT0IbQRFlDhx4xM2r7W+zvSD8nO6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753042389,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"44f9748950032beeac19dc7e2f233d77","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753042389,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753042389,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjOAbsSQKX8W9WrMYAYCBYIpgAAAQEICm+sWf+ZASbKFgMBAgABAAH8AwOf6G+piJ4EhpBoR6DjY1pXjhWeeBntMMEgc5THmSYHuiCcbUl9kHjWraAmyxNgZHE3pI7NjnPw5asZviecBH3KTAAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAtAAIBAURpAAUAAwJoMv8BAAEAAAoACgAI6uoAHQAXABgACwACAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AMwArACnq6gABAAAdACBb78AgaBMHOaxwOTME+QtKdoakjvtm8m8nD990kSRUJAAbAAMCAAIADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAAjAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xACsABwYqKgMEAwMABQAFAQAAAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753042389,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"31c32357f806723eb0eaab101578edf5","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753042389,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008511,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753043578,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMoGnMmSP+bg26AS\/oh9yQAAAgQFrAQCCAqZASbGN2wSgQEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753043612,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753043612,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjKAbs\/5uDbBpzJk4AQCBYGoQAAAQEICjdsEqWZASbG"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009698,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753043705,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNDMQDF5+1AIWqAS\/oj7TwAAAgQFrAQCCAqZASbMGyigvgEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753043732,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753043732,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjQAbv7UAhazEAxeoAQCBYGoQAAAQEIChsooOGZASbM"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753043733,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjKAbs\/5uDbBpzJk4AYCBYIpgAAAQEICjdsEqWZASbGFgMBAgABAAH8AwNFaTjBublFWhGwAFZAZxaOlxmdLUShYTjMNZ3d05zLRSB3Duoyp3gJDGUGPK4u0uFbMxJoQDCwT0VzvB6AUDm38gAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAALAAIBAP8BAAEAAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAURpAAUAAwJoMgAXAAAAMwArACnq6gABAAAdACDlADbl3fS2mH4GGaZWehOfQJTYFIOUOtRFCvFtCzFuNAAjAAAACgAKAAjq6gAdABcAGAAQAA4ADAJoMghodHRwLzEuMQASAAAAGwADAgACAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwa6ugMEAwOamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753043733,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"e415684488869452bd654e636a258ffc","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753043733,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753043852,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjQAbv7UAhazEAxeoAYCBYIpgAAAQEIChsooOGZASbMFgMBAgABAAH8AwOQv40HvKuMY4T6dlmnD82RO8BDnsMdRsS4j5jvovKSfSCEZs8aZ4vmBrKxVDXepvEE9hFF21Fj9eO6NwGk5RgdYQAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAbAAMCAAL\/AQABAAALAAIBAAAXAAAAEgAAACsABwYqKgMEAwMABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEAIwAAAAoACgAI+voAHQAXABgALQACAQEAMwArACn6+gABAAAdACCuux4wuDlWUU1SvOvMtlp8m5VPG\/MGFM9oAB84+LhXKQANABIAEAQDCAQEAQUDCAUFAQgGBgFEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb22KigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753043852,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"0915bf8869a023d47778f806f5d3b256","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753043852,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010306,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753045777,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNPKGUHquGgJ1aAS\/ojjyQAAAgQFrAQCCAqZASbNGBnucgEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753045813,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753045813,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjTAbu4aAnVyhlB64AQCBYGoQAAAQEIChgZ7paZASbN"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753045932,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjTAbu4aAnVyhlB64AYCBYIpgAAAQEIChgZ7paZASbNFgMBAgABAAH8AwMIfToIxgvtsOokeLWwcfJnl89I6TXHwvA9lkxtxdJRoCCKCJx9vw+6RjES4iyp9Hb6uov2pqaoehhVFoKuaOT3xQAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAALAAIBAP8BAAEAAAUABQEAAAAAADMAKwApuroAAQAAHQAg8tuuDvktetRD6XgEZnKXyOGidOwSP5INl3x42Qs+XR4ADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQArAAcG6uoDBAMDACMAAAAtAAIBAQASAAAAGwADAgACAAoACgAIuroAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjFEaQAFAAMCaDLKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753045932,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5ba1797d57b7ba42ce82582e43b0217f","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753045932,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753047174,"flow_dst_last_pkt_time":1694275753047174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047174,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753047174,"flow_dst_last_pkt_time":1694275753047174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753047174,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjgAbscW7MpAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKdtb7VQAAAAAEAgAA"} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010307,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047438,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNQr+nh1T1xLAaAS\/ogu5QAAAgQFrAQCCAqZASbNU+\/29AEDAwc="} @@ -103,151 +103,151 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009947,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047588,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNFQTSbJmZXOHKAS\/oil5AAAAgQFrAQCCAqZASbMyzhotAEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047616,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjRAbuZlc4cUE0myoAQCBYGoQAAAQEICss4aNmZASbM"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047616,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjUAbtPXEsBK\/p4doAYCBYIpgAAAQEIClPv9xmZASbNFgMBAgABAAH8AwMB2sF+yhJjs9sO7yHO3piZckUy825XFmsqs61DnTQJYiAiu6fmxWrAQIweNv1GgBOn6P0+NCZM5TzkfL7YKoxe5wAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTWloAAAAjAAAALQACAQH\/AQABAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAEAAOAAwCaDIIaHR0cC8xLjEAFwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAFAAUBAAAAAAAKAAoACLq6AB0AFwAYADMAKwApuroAAQAAHQAg++99Ni5egRa0nYqeIqU3vDp9vh5Litm18Dznkzrh9zBEaQAFAAMCaDIAKwAHBtraAwQDAwASAAAACwACAQAaGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047616,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5c72c0972b0ef2b8d71f00feaa086760","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047616,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047738,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjRAbuZlc4cUE0myoAYCBYIpgAAAQEICss4aNmZASbMFgMBAgABAAH8AwPQKCTMtar9KWwPdnulStaKry7mdCnrGzSwrgYr4WvxZCAFRu6M\/foVK+qr6Lz7k89D\/oD+ws9jnzZWxiwmtoZFNQAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAtAAIBAQASAAAAMwArACkqKgABAAAdACA57Q6RPcAtbfJLjsgbHWfKpAyExg39eh81Z3FTy29bMQALAAIBAERpAAUAAwJoMgAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAIACgAKAAgqKgAdABcAGP8BAAEAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAFAAUBAAAAAAAjAAAAFwAAACsABwZ6egMEAwOqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047738,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6bfdc9fce41022f28ac0de368e7164cc","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047738,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010578,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047740,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNbs0zQVOLQHbaAS\/ojs2gAAAgQFrAQCCAqZASbPKhNAmgEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047858,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjWAbs4tAdt7NM0FoAQCBYGoQAAAQEICioTQL+ZASbP"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047858,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjWAbs4tAdt7NM0FoAYCBYIpgAAAQEICioTQL+ZASbPFgMBAgABAAH8AwO\/SkqFuTWKi3mCEUyoc\/hGYcyI\/Qf9TigwoYNTlyTC4iASbztcX0CmhjH3p2dGNgz3xzfHcl+zrympB8AgENMckwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAFAAUBAAAAAAAjAAAAKwAHBqqqAwQDAwAzACsAKSoqAAEAAB0AIG\/NOpJYBc6aA0lg5ELFLYFNUPj2SX8UNj+HBFZ29H1qABAADgAMAmgyCGh0dHAvMS4xAC0AAgEBABIAAP8BAAEAAAsAAgEAABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAJEaQAFAAMCaDIACgAKAAgqKgAdABcAGAANABIAEAQDCAQEAQUDCAUFAQgGBgGKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047858,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"353b63511e111884c0a2ae1b74da2093","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047858,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010458,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047901,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNU5JMQRV9QQzqAS\/oin1wAAAgQFrAQCCAqZASbPd0UzngEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047978,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjVAbtX1BDOOSTEEoAQCBYGoQAAAQEICndFM8OZASbP"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047978,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjVAbtX1BDOOSTEEoAYCBYIpgAAAQEICndFM8OZASbPFgMBAgABAAH8AwMv17p7QO01CmQfP4tcGhTiyyixNtDYALe950LvoHGLsCCh4VVk89bhJNBp9Qyqmnx4SYsMnuqYPDpfYDL7ZYByxwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAXAAAAEgAAAAsAAgEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAKAAoACJqaAB0AFwAYRGkABQADAmgyAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tADMAKwApmpoAAQAAHQAgrpLZ6NnlZU7SeavXLLzI2APqBFL8EcTd\/Dp0HJByrUYAIwAAAAUABQEAAAAAAC0AAgEBABsAAwIAAgAQAA4ADAJoMghodHRwLzEuMQArAAcGGhoDBAMD\/wEAAQDKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047978,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"65e9700415d3b43581aa12e23afbfd7e","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047978,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010697,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753048063,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNfa6s+ESGdIgqAS\/oj3HAAAAgQFrAQCCAqZASbPIzJi6QEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753048099,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753048099,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjXAbtIZ0iC2urPhYAQCBYGoQAAAQEICiMyYw6ZASbP"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753048216,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjXAbtIZ0iC2urPhYAYCBYIpgAAAQEICiMyYw+ZASbPFgMBAgABAAH8AwNwDHRb28PFRG1pS1eGVYauky58duCRF+nMX4qdEPychiBDFJ5R7oZjvR0zUkO4u\/0jRYDJxjF1YIoHvaA+6iCPeQAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAzACsAKVpaAAEAAB0AIJ21zSXxECoIEa6sRsbwMdqNPjqa5rmPQ2SJonle79ln\/wEAAQAABQAFAQAAAAAAEgAAABsAAwIAAgALAAIBAAAQAA4ADAJoMghodHRwLzEuMQANABIAEAQDCAQEAQUDCAUFAQgGBgEACgAKAAhaWgAdABcAGAAtAAIBAQAjAABEaQAFAAMCaDIAFwAAACsABwZKSgMEAwMAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb23q6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753048216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"409bb955d02abe4c9736d1184814780d","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753048216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010935,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753049606,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNk\/HlZrWTH5TaAS\/oi1xQAAAgQFrAQCCAqZASbQQaLZHQEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753049683,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753049683,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjZAbtZMflNPx5WbIAQCBYGoQAAAQEICkGi2UWZASbQ"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753049809,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjZAbtZMflNPx5WbIAYCBYIpgAAAQEICkGi2UWZASbQFgMBAgABAAH8AwOf4L+M9VsMAw07XGu8mlwh4raoIQAB4\/aHJJ9sM\/lSxiBQL16L++zX0YI3F3dOSGCf73x0eg+xMNP0ki5OTSwv0gAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAAFAAUBAAAAAAAXAAAAGwADAgACAAsAAgEAABAADgAMAmgyCGh0dHAvMS4x\/wEAAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AKwAHBjo6AwQDAwAKAAoACMrKAB0AFwAYRGkABQADAmgyADMAKwApysoAAQAAHQAgFUPcsRPAGw\/TTJJWBRmA\/mr1CyYAzYmUivP66dm0hxIALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAjAADa2gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753049809,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"91ec3705bc708c10592467e78630e9bd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753049809,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010817,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753050972,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNhkJIzQuWfti6AS\/ohisgAAAgQFrAQCCAqZASbQpAoZ6gEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051027,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051027,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjYAbu5Z+2LZCSM0YAQCBYGoQAAAQEICqQKGhOZASbQ"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009538,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051136,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yM9KI6qCTRTWK6AS\/ogvngAAAgQFrAQCCAqZASbLSkMm1gEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051145,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjYAbu5Z+2LZCSM0YAYCBYIpgAAAQEICqQKGhOZASbQFgMBAgABAAH8AwMxMlmKPFianWmq0LkiAoe7MVy81MPZd0LL67qb0UysmSCJtUtGnP0gVpRC95n3FsmF8rlI5lo\/WitBhc2Fwl7T0wAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAALAAIBAAAKAAoACOrqAB0AFwAYABAADgAMAmgyCGh0dHAvMS4xADMAKwAp6uoAAQAAHQAg6\/Zp9pEpX72jibq7qsYqAUP0svnbOY9Iu8iQw7kdFD8AKwAHBmpqAwQDA0RpAAUAAwJoMgASAAAALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQAAFwAAABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAABQAFAQAAAAB6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051145,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b2140846842f38b9416f56b0b940518a","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051145,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051253,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNvx7aeOjskjPqAS\/ojB7wAAAgQFrAQCCAqZASbRI4KHlQEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051266,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjPAbtNFNYrSiOqg4AQCBYGoQAAAQEICkpDJwCZASbL"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051266,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjPAbtNFNYrSiOqg4AYCBYIpgAAAQEICkpDJwCZASbLFgMBAgABAAH8AwO2ASWT3M0VHg35IOsoC4rxg+yM8ht2kCXzcJBZfWvI8CDYUXut2u+rlKMsKiVVL7V2XJY9ohxxazXdFyPYraKFmAAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAtAAIBAQASAAAAIwAARGkABQADAmgyADMAKwApCgoAAQAAHQAgMvhpe45cLY6UZIRedjBL9ljeEbrNWArAHGtXXlv7XxAAFwAAAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAf8BAAEAABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQALAAIBAAArAAcGmpoDBAMDAAoACgAICgoAHQAXABhaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051266,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"ba575b0efbad4d121f0cf2b83747f586","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051266,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051386,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjbAbuOySM+8e2nj4AQCBYGoQAAAQEICiOCh72ZASbR"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051386,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjbAbuOySM+8e2nj4AYCBYIpgAAAQEICiOCh72ZASbRFgMBAgABAAH8AwMC+V8XPTiT++k0blJmcrXuhw\/zDaf4ooGnYMn+WEeu9iCcpP+VNkIMCldWZPSjN8AwhdHURZq5Qdfv06nXawJ1xwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAArAAcGmpoDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAbAAMCAAIACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xRGkABQADAmgyABcAAAAKAAoACFpaAB0AFwAYAAUABQEAAAAA\/wEAAQAAMwArAClaWgABAAAdACDynMECelNnzFT7h1N3x2erqt8tcFOJvePTTR2Q99LtDQAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQASAAAALQACAQH6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051386,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5a30a421246b25d72f6088cfa70edd09","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051386,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051425,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNqXYK6fWCRVfKAS\/ohtdgAAAgQFrAQCCAqZASbRJNcyngEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051508,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjaAbtYJFV8l2CuoIAQCBYGoQAAAQEICiTXMsaZASbR"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051508,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjaAbtYJFV8l2CuoIAYCBYIpgAAAQEICiTXMsaZASbRFgMBAgABAAH8AwOl+05\/MFLgkQ1sJ9lzWnK1Q\/HqUSfKBAf9+7U3szs9RyAxhyCRshjWjr0yhCQOxk7iBcmXcQO2ioKWmqmUruVZtAAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAQAA4ADAJoMghodHRwLzEuMQAXAAAALQACAQEACgAKAAgKCgAdABcAGAAFAAUBAAAAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAAEgAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQArAAcG+voDBAMDAAsAAgEA\/wEAAQAAGwADAgACADMAKwApCgoAAQAAHQAgXOpE+a70UJJ5e0EPbhtD905uwKYRWnpL0RNTChV5wWtEaQAFAAMCaDJKSgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051508,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"f19d35bfdfe64dff7bb24434aeb3e161","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051508,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011291,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051590,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yN1CTBNdp4zv2KAS\/ojZEgAAAgQFrAQCCAqZASbSaCqKPAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051634,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051634,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjdAbunjO\/YQkwTXoAQCBYGoQAAAQEICmgqimSZASbS"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051758,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjdAbunjO\/YQkwTXoAYCBYIpgAAAQEICmgqimSZASbSFgMBAgABAAH8AwNxCfXm6mvBUrEkBnv1yB7PeVAhvC2noEcSr9WNGSeLqiDYiZskXSyIERuAJ6h\/jMu0\/9ajOZOF7Cy9z5z4RUrzwQAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAERpAAUAAwJoMgAFAAUBAAAAAAASAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAtAAIBAf8BAAEAACsABwZqagMEAwMAIwAAABsAAwIAAgAzACsAKUpKAAEAAB0AIObeazdPwzg5f7WnkTGuNIb59sijbpxLvTo+rI9+zLcqAAoACgAISkoAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjEACwACAQC6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051758,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"3c76792950691cbb72d98c45cc2edb5d","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051758,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011171,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753052187,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNxEVH7MXSIQrqAS\/ojAUAAAAgQFrAQCCAqZASbS9mbQ4AEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753052228,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753052228,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjcAbtdIhCuRFR+zYAQCBYGoQAAAQEICvZm0QqZASbS"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753052349,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjcAbtdIhCuRFR+zYAYCBYIpgAAAQEICvZm0QqZASbSFgMBAgABAAH8AwNE3q3MUDkcFX\/OcURtFYtC0Z4IdyyDWkMduFL2lETNiSA8cc7dp1AHlr1knoJpaNCGUxVngsSYV7bWG7SAQpPM\/AAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAQAA4ADAJoMghodHRwLzEuMQAtAAIBAQAXAAAAKwAHBurqAwQDAwAjAAAAMwArAClqagABAAAdACBkMLGzA1Mp+CcrJjf6EL8cKEGSMOJJgd3s68WslFqgFgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAABsAAwIAAv8BAAEAAAUABQEAAAAAAAsAAgEAAAoACgAIamoAHQAXABhEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20aGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753052349,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b549b9d91b0d29ef395d87455e4d4b34","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753052349,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753053361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753053361,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0Rl9AADQG+epNb\/dFwKgBHQG7yMYj3Z31l62eeIAQAfpKogAAAQEICpkBJtUTko3D"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011411,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753053874,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yN+MpzG4V6nvCKAS\/ohk2gAAAgQFrAQCCAqZASbT6CBmeAEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753053911,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753053911,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjfAbtXqe8IjKcxuYAQCBYGoQAAAQEICuggZqOZASbT"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753054030,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjfAbtXqe8IjKcxuYAYCBYIpgAAAQEICuggZqOZASbTFgMBAgABAAH8AwPgk5iDe8bQICF9ik4uymFrkjZ6We6Rc3R3uTz+SnyRliA2pwpUGQi0EQ2eTZgCzNm\/g8lIgHeVg9rboAEg7dHKuQAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAXAAAACgAKAAgaGgAdABcAGP8BAAEAAAsAAgEAAC0AAgEBACsABwYqKgMEAwMAIwAAAAUABQEAAAAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABsAAwIAAgASAAAAMwArACkaGgABAAAdACBcK1ooqyyaV8IvdbI6SLX8snrz\/kAUzx\/G1JDwz7N0NkRpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753054030,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"e88871a92704f433ae0f5850f26ad461","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753054777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753054777,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b96f72c556a76c5b13acec3b59f520dd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753054030,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753054777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753054777,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011292,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753055353,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yN4RXjtKJpU4TKAS\/oiSIQAAAgQFrAQCCAqZASbTvXC9agEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753055394,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753055394,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjeAbsmlThMEV47S4AQCBYGoQAAAQEICr1wvZaZASbT"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753055633,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjeAbsmlThMEV47S4AYCBYIpgAAAQEICr1wvZaZASbTFgMBAgABAAH8AwO63NXFDeACdCuoqM43zuX4dmL+a0iByOoDp0iey7dpaiAHm\/BNxl2QeF9M4A4cEI2TzyXXVMHPArJ+4u7I6ZOWUQAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAALAAIBAAAtAAIBAQAbAAMCAAIAMwArACkqKgABAAAdACABOwWbCHaZR1v2eBxrUIrgGxzpIwqewtt9vD7BuaHDNwAQAA4ADAJoMghodHRwLzEuMf8BAAEARGkABQADAmgyABcAAAAjAAAADQASABAEAwgEBAEFAwgFBQEIBgYBACsABwaamgMEAwMABQAFAQAAAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AEgAAAAoACgAIKioAHQAXABja2gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753055633,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"d53e8a0d8d816665d3b20df18429aa53","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753055633,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753060213,"flow_dst_last_pkt_time":1694275753060213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753060213,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753060213,"flow_dst_last_pkt_time":1694275753060213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753060213,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjhAbsMLJvYAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK+1B6OAAAAAAEAgAA"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753063184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753063184,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0MmhAADYGC+JNb\/dFwKgBHQG7yMcH4P5IeE6luoAQAfprxgAAAQEICpkBJt4mSy2j"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753064783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753064783,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"485d321608abf60490d88c6b010221af","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753064783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753064783,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753064783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753064783,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0hCNAADYGuiZNb\/dFwKgBHQG7yMlbRPVjo1avoIAQAfoEHAAAAQEICpkBJuCntZRx"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753064784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753064784,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0y51AADYGcqxNb\/dFwKgBHQG7yMgmGyyvmuIIqIAQAfqvygAAAQEICpkBJt+wSY17"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753066150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753066150,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"f40971697b0dd2827eea54ea65d19395","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753066343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753066343,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"310fa0bcc8223ddf7149498a30f17097","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753066150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753066150,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753066343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753066343,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753066673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753066673,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA09wBAADQGSUlNb\/dFwKgBHQG7yMuguxaTLDLkZYAQAfoP6gAAAQEICpkBJuF+240z"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753067683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753067683,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"58c47ed77ccd0602805bfe75ed4283ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753067683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753067683,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753068057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753068057,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0c9NAADQGzHZNb\/dFwKgBHQG7yMyG7XXiOV8OZYAQAfoLSQAAAQEICpkBJuLneayG"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753068417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753068417,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"afd51562845a41020a43e5d659f59308","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753068417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753068417,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753068676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753068676,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0L0ZAADQGEQRNb\/dFwKgBHQG7yM20aXno4ut4yIAQAfpA8gAAAQEICpkBJuRzR6Wa"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753069758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753069758,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"44f9748950032beeac19dc7e2f233d77","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753069758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753069758,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753069903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753069903,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0HcpAADQGIoBNb\/dFwKgBHQG7yM5b1asxEkCoAYAQAfpY5QAAAQEICpkBJuRvrFn\/"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753070279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753070279,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"31c32357f806723eb0eaab101578edf5","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753070279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753070279,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753070550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753070550,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0IIdAADQGH8NNb\/dFwKgBHQG7yNDMQDF6+1AKX4AQAfokYQAAAQEICpkBJuYbKKDh"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753070896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753070896,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"0915bf8869a023d47778f806f5d3b256","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753070896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753070896,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753071853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753071853,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0Mm1AADYGC91Nb\/dFwKgBHQG7yNPKGUHruGgL2oAQAfoM2gAAAQEICpkBJucYGe6W"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753073432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753073432,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5ba1797d57b7ba42ce82582e43b0217f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753073432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753073432,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753074752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753074752,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0oxxAADQGnS1Nb\/dFwKgBHQG7yNbs0zQWOLQJcoAQAfoV6AAAAQEICpkBJusqE0C\/"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753074821,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753074821,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0YOlAADQG32BNb\/dFwKgBHQG7yMoGnMmTP+bi4IAQAfqm0wAAAQEICpkBJuY3bBKl"} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753047174,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753074991,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOAj9thWHFuzKqAS\/oh6bwAAAgQFrAQCCAqZASbpdtb7VQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753075027,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753075027,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjgAbscW7MqI\/bYV4AQCBYGoQAAAQEICnbW+3GZASbp"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753075147,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjgAbscW7MqI\/bYV4AYCBYIpgAAAQEICnbW+3GZASbpFgMBAgABAAH8AwMAaM9E1qsyvsbW1mEEOrhQI\/tP7HCTsDGXxojCbxP0hiBMKuzReOMS2n+MznvgOZ16hhYLmWQnnDO6hWsBG5wnkAAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAKAAoACCoqAB0AFwAYAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAsAAgEAADMAKwApKioAAQAAHQAg63Ywd3332nVb83WebcRvWtF3Y88KFvNUPVWV7xWySR4AGwADAgAC\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAIwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAQAXAABEaQAFAAMCaDIAEgAAAAUABQEAAAAAACsABwY6OgMEAwO6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753075147,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"634bc7704b8a81fccb407b4db9998e0b","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753075147,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753075692,"flow_dst_last_pkt_time":1694275753075692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753075692,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753075692,"flow_dst_last_pkt_time":1694275753075692,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753075692,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjiAbuHIvesAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKPiR2xQAAAAAEAgAA"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753076003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753076003,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"353b63511e111884c0a2ae1b74da2093","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753076003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753076003,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753076208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753076208,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0EsRAADYGK4ZNb\/dFwKgBHQG7yNQr+nh2T1xNBoAQAfpX8QAAAQEICpkBJupT7\/cZ"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753076209,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753076209,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0659AADQGVKpNb\/dFwKgBHQG7yNfa6s+FSGdKh4AQAfogKQAAAQEICpkBJusjMmMP"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753076753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753076753,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5c72c0972b0ef2b8d71f00feaa086760","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753077419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753077419,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"e415684488869452bd654e636a258ffc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753077872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753077872,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"409bb955d02abe4c9736d1184814780d","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753076753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753076753,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753077419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753077419,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753077872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753077872,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753078520,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1694275753078520,"pkt":"nFg8p+7MEBMx8Tl2CABFAAXUDL9AADYGK+tNb\/dFwKgBHQG7yNFQTSbKmZXQIYAQAfqj6AAAAQEICpkBJuzLOGjZFgMDAHoCAAB2AwOQtL5kY4gC6HeTjm0JfrxLKejWS4\/RpTJzjVnQIOCLICAFRu6M\/foVK+qr6Lz7k89D\/oD+ws9jnzZWxiwmtoZFNRMBAAAuACsAAgMEADMAJAAdACAw5qNzPxtnIiWos7zWWxNnB61ODiTmKsiWkWx3srCOBRQDAwABARcDAwAmjVL\/SYY7mTswYFm2pVZEFM95P2bLhLdRc34qPLvCELl1Squ79R0XAwMIgOTpowIziQZK+t\/jx+3UMdW0IDbZEk9BgLWdBpdTh9njT79cWQ5Ooeorv\/Dix8n7Kp+cTAoweD7if1YpWOtn99h+iYmtKlLzTQiRIy7rUCH2chG8iNjsMDMcCxMgSBgFcl\/Qxnd0KCbLNLXkr9EaKCT5VG5KcT12cDDLoQrgJN0r4L4sQ1oDN\/Vf1vjgPPfn+yPCzS\/W\/A7NUk0BmUZTT96FkKuwPUb7y5QYGi4CskrkNpg8z9y0GhafEfBGWV34\/hpXrLLKQ7kqTsop2Y5bdqgC04eMw6ZixOChzugITvqNCMFE5hwJKFqdQybavcYPNAeVkwU00n9IhEqWya3LuVovt7CwMEPdc\/5JKm8daG6bE+x8N0syecTq9d5FnjYh3nI+5C5rgCAIDQiOkHcdLk838nUHWllTyClET2bR\/hon0iB8GwMu6po6ZBN5LjzlXRSZ479Nu2Ct6M9DgD32P6n+LkbLrkl7vBuwSkEdCDERLSTtWfJd0rVEAiBCDc3bnAR8K56tR5t7td7NAE3+8TX3e06fVYAkBpeLMqdU1gtc9JroH0\/0wQIpwfPekurd1yl4U42GtSqHKrD5qANRFL6rrQGhu2jBTyyLSTkI760cgc44yVRxMq\/UanuFqeA42NZTk0xcpByNkZOMhvjmXdsrNSbplZ0JdhUSwxr62TWsGnj8L0wFKt2Vw6kXaOCvcae0Pu8Qk5NRn\/tduKRLHKgzdSZkc2K9La3qzQSfZe2MP0ilxumj\/s3SoiFDHJSU3iibpIoWT7aadXcHBfUiUMWLh4ebrErIecfGLvRWm\/lABoGwP6tRXzU1bYjqaqP4WXnEgbapIvic1paV2fgRM8c7m\/E3r+qB\/V1h5w\/DWjAE2MYjXdTjVDBgx3vjvdzfqb7HZWnVVroZoQXC5nqu3og669WlK3Yhb8D22dgwxgvTgwKQ7Xb7xq5f3KDyOFtgN9PvkRPw6xBUqKy50WOeK5VxVnYvPh+6uSuLU9LRX81wR+1dljk5UfYW8i1HsslRx0\/tHVsOaslxocCncdIsqXCkHQL2n4mbsZ4ezEhT1yDlPnt7f6K8cfWhJq4Scm8YEXqOAXXNY\/jZ0ItVS7yPDfhM6BYjjKVXZ02BSnhzzZRXjE97wTkijjVqXXykVWiEjfBHlSxKc5hB\/JwvvWplM64LfGbf3Z38fl1z+SSG8joUUR7wI7kLcazj3KZ39OvNydrszsmgZywsDx1De7nS9iVX7YzypESFVQmgOonhzhWawYFQtcP7Ni8sp0I8uWxmhtoxiEMGoaP\/S9dEUATf7LUS1h+ei+Pi5UemnMRYQOYNwymSGQbYkJJ747RFYZV7AVRbwDGE3iFSHXc2yd12cAyXgH6WbuClSaNO6wQXeWmXtz8W5viVrYwENLOgv36xwSG7xmW71aNIEDEPllFBQTSAfAQPDhdDHgdfvpiNv\/mu5o0zN4+7hKjKaG9U\/qBt8qpPG5\/j4jigKQNgxzUh\/G57LY+wnMrYm2P8wjByZQNJnB0V48oOBfGdTmFcmL3n5mDyqw5z4ejoSwtL\/gCPXKvewDBAjpo\/d8guM7C0Fg18jQmvwqQH\/YcbacV3M37pCGIn2ve3VxSB8\/5En\/HabfyeSI3kFkkPKe4Gexpqc5yEss6eEDW09DevoVr0A7FjH8ivBvSIzYZnnJsp"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753078520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753078520,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6bfdc9fce41022f28ac0de368e7164cc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753078520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753078520,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753078940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753078940,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0Rh9AADYG+CpNb\/dFwKgBHQG7yNU5JMQSV9QS04AQAfrQ4wAAAQEICpkBJux3RTPD"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753079170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753079170,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"65e9700415d3b43581aa12e23afbfd7e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753079170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753079170,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753079966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753079966,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA08S9AADYGTRpNb\/dFwKgBHQG7yNk\/HlZsWTH7UoAQAfrezgAAAQEICpkBJu1BotlF"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753080428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753080428,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"91ec3705bc708c10592467e78630e9bd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753080428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753080428,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753080518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753080518,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0V+ZAADQG6GNNb\/dFwKgBHQG7yNvx7aePjsklQ4AQAfrq+AAAAQEICpkBJu4jgoe9"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753080518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753080518,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0HV9AADYGIOtNb\/dFwKgBHQG7yNhkJIzRuWfvkIAQAfqLuQAAAQEICpkBJu6kChoT"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753080768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753080768,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5a30a421246b25d72f6088cfa70edd09","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753080768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753080768,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753081776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753081776,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0sshAADYGi4FNb\/dFwKgBHQG7yN1CTBNep4zx3YAQAfoCHAAAAQEICpkBJu9oKopk"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753082002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082002,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b2140846842f38b9416f56b0b940518a","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753082207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082207,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"3c76792950691cbb72d98c45cc2edb5d","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753082002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082002,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753082207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082207,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753082450,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753082450,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0NypAADQGCSBNb\/dFwKgBHQG7yNqXYK6gWCRXgYAQAfqWfgAAAQEICpkBJu8k1zLG"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753082954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082954,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"f19d35bfdfe64dff7bb24434aeb3e161","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753082954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082954,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753083220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753083220,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0whFAADQGfjhNb\/dFwKgBHQG7yNxEVH7NXSISs4AQAfrpVQAAAQEICpkBJvH2ZtEK"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753083337,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753083337,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0ZNpAADQG229Nb\/dFwKgBHQG7yN+MpzG5V6nxDYAQAfqN3wAAAQEICpkBJvHoIGaj"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753083724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753083724,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b549b9d91b0d29ef395d87455e4d4b34","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753083939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753083939,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"e88871a92704f433ae0f5850f26ad461","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753083724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753083724,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753083939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753083939,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753085371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753085371,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0h1hAADYGtvFNb\/dFwKgBHQG7yN4RXjtLJpU6UYAQAfq7JQAAAQEICpkBJvG9cL2W"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753085635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753085635,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"d53e8a0d8d816665d3b20df18429aa53","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753085635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753085635,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753085843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753085843,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA09DhAADYGShFNb\/dFwKgBHQG7yM9KI6qDTRTYMIAQAfpYngAAAQEICpkBJu9KQycA"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753086242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753086242,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"ba575b0efbad4d121f0cf2b83747f586","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753086242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753086242,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753060213,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753087370,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOFaEOXgDCyb2aAS\/oha4AAAAgQFrAQCCAqZASb2+1B6OAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753087419,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753087419,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjhAbsMLJvZWhDl4YAQCBYGoQAAAQEICvtQelOZASb2"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753087542,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjhAbsMLJvZWhDl4YAYCBYIpgAAAQEICvtQelSZASb2FgMBAgABAAH8AwM978zFWmYaZzNJU6cS71hmtUbzS\/IjEpADX4smiBCVMiAk0ymhRd9a3HIDUvCXYGlgwQefqHI2cszDDaVKUqDuQwAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAERpAAUAAwJoMgArAAcGGhoDBAMDAAsAAgEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAjAAAAMwArACna2gABAAAdACDCykCp\/pzIhDFed2Mw3pbPzZrJqCk6zSc1AQg9HOatXP8BAAEAABIAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIABQAFAQAAAAAALQACAQEACgAKAAja2gAdABcAGAAQAA4ADAJoMghodHRwLzEuMQAXAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753087542,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"36fbe47608c33e82b4919ff004bf468f","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753087542,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753095564,"flow_dst_last_pkt_time":1694275753095564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753095564,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753095564,"flow_dst_last_pkt_time":1694275753095564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753095564,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjjAbtxmezmAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK\/yT5UAAAAAAEAgAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753102496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753102496,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA06KdAADQGV6JNb\/dFwKgBHQG7yOAj9thXHFu1L4AQAfqjhQAAAQEICpkBJwV21vtx"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753102981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753102981,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"634bc7704b8a81fccb407b4db9998e0b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753102981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753102981,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753075692,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753102983,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOJTmkKUhyL3raAS\/ojuZwAAAgQFrAQCCAqZAScFPiR2xQEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753103137,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753103137,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjiAbuHIvetU5pClYAQCBYGoQAAAQEICj4kduGZAScF"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753103379,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjiAbuHIvetU5pClYAYCBYIpgAAAQEICj4kduGZAScFFgMBAgABAAH8AwOeSfTqCtJ2rkLboZiHZE42Yy3Y4JSacXoijo9ZN9HsOyA1DHsrfRzFI\/SIX1857h5fX1toeg9FZumRSMsR1nNCSwAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQAjAAAAKwAHBtraAwQDAwAFAAUBAAAAAP8BAAEAADMAKwApWloAAQAAHQAgSM\/PUUiJuTk56zGUgjTaU9vjsMTCFL7FjzUpdanmdmoAFwAAAAoACgAIWloAHQAXABgALQACAQEAGwADAgACABIAAAALAAIBAERpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgFaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753103379,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"18b2b5202ea281d1e8133ba4d9034218","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753103379,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753113486,"flow_dst_last_pkt_time":1694275753113486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753113486,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753113486,"flow_dst_last_pkt_time":1694275753113486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753113486,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjkAbv10zkuAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKA94uygAAAAAEAgAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753116407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753116407,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0EHFAADQGL9lNb\/dFwKgBHQG7yOFaEOXhDCyd3oAQAfqD9gAAAQEICpkBJxL7UHpU"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753116834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753116834,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"36fbe47608c33e82b4919ff004bf468f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753116834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753116834,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02153{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753121216,"flow_dst_last_pkt_time":1694275753121178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1435,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2555,"flow_dst_tot_l4_payload_len":9721,"midstream":0,"thread_ts_usec":1694275753121216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8149.2,"max":34618,"stddev":12737.5,"var":162242736.0,"ent":3.3,"data": [28191,28256,283,30285,1416,31381,64,120,948,119,28177,1,7508,34618,94,21,126,0,26424,2466,28884,208,153,177,2,183,1142,1139,116,1,121]},"pktlen": {"min":52,"avg":436.2,"max":1492,"stddev":558.2,"var":311541.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1487,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,88,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0],"entropies": [4.178360939,5.246035099,4.774691582,4.415835857,5.101991177,7.845096111,4.813152790,7.816174030,4.813152790,5.959872246,7.864091396,5.063529491,5.101990700,5.947135925,4.774691582,5.903012753,5.583068848,4.736229897,7.593397617,5.063529015,7.799862385,4.813152790,7.782990932,4.813152790,7.842496395,7.670236111,4.813152790,7.890326023,4.813152790,7.859270096,5.992159843,4.813152790]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753095564,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753122969,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOPTLOlNcZns56AS\/oikyQAAAgQFrAQCCAqZAScZ\/yT5UAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753123019,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753123019,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjjAbtxmezn0yzpToAQCBYGoQAAAQEICv8k+WqZAScZ"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753123142,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjjAbtxmezn0yzpToAYCBYIpgAAAQEICv8k+WqZAScZFgMBAgABAAH8AwO+3OoQZijlf8A2h9n0OeqcQ5dYOBPg\/i+GwYr8qUAD5iA6VEsuEIKouDuJMIxf2lqrWoG1HCqVahM\/sYbFT+6PqgAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAALAAIBAAAzACsAKRoaAAEAAB0AIF0QHZnD08AORlF22cFvCroYKgo2lPDJsZA8pQM5cHxEABIAAAAtAAIBAQAFAAUBAAAAAAAXAAAAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAERpAAUAAwJoMgAKAAoACBoaAB0AFwAYACsABwY6OgMEAwMAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AIwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAbAAMCAAJ6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753123142,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6b5bd5ac6bb016b178ad970087122ccd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753123142,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753130045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753130045,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0UINAADQG78ZNb\/dFwKgBHQG7yOJTmkKVhyL5soAQAfoXfgAAAQEICpkBJyE+JHbh"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753130960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753130960,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"18b2b5202ea281d1e8133ba4d9034218","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753130960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753130960,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753134178,"flow_dst_last_pkt_time":1694275753134052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":8771,"midstream":0,"thread_ts_usec":1694275753134178,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8026.9,"max":34034,"stddev":12706.7,"var":161459696.0,"ent":3.3,"data": [34007,34034,120,26845,346,27090,181,236,237,0,25956,954,6635,33230,67,118,1011,961,118,26387,361,26641,249,1,247,838,838,491,25,487,123]},"pktlen": {"min":52,"avg":405.9,"max":1492,"stddev":517.2,"var":267501.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0],"entropies": [4.178360939,5.100120068,4.630272388,4.446496964,5.025067329,7.849304199,4.721712589,7.817786694,4.683250904,5.830391407,7.874171257,4.868495941,4.986605644,5.938840389,4.683250904,5.952818394,4.683250904,5.583068848,4.683250904,7.597726345,4.986605644,7.836946011,4.721712589,7.867290497,7.710337639,4.683250904,7.851277351,4.721712589,7.801111221,7.717481613,4.683250904,4.721712589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753138329,"flow_dst_last_pkt_time":1694275753138409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2551,"flow_dst_tot_l4_payload_len":8409,"midstream":0,"thread_ts_usec":1694275753138409,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8262.1,"max":37189,"stddev":13372.1,"var":178813616.0,"ent":3.3,"data": [37131,37189,120,28770,545,29160,956,1038,124,0,26740,1657,3275,31465,58,61,121,120,26978,870,27738,217,211,38,75,126,42,122,581,488,108]},"pktlen": {"min":52,"avg":395.1,"max":1492,"stddev":500.8,"var":250764.7,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1],"entropies": [4.120111465,5.252541542,4.661227226,4.441981792,4.948143959,7.847444057,4.683250904,7.789011955,4.644789219,5.829818249,7.858657837,4.895165443,4.986605644,5.925158024,4.774691105,5.883030891,5.556753159,4.774691105,7.602227688,4.972088814,7.810331345,4.697768211,7.874945164,4.774691105,7.745232582,7.827443600,4.697768211,7.147191525,4.774691105,7.818018913,4.736229420,7.413194656]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753141835,"flow_dst_last_pkt_time":1694275753141802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2551,"flow_dst_tot_l4_payload_len":7566,"midstream":0,"thread_ts_usec":1694275753141835,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8459.5,"max":37402,"stddev":13521.3,"var":182824576.0,"ent":3.3,"data": [37366,37402,117,28146,1663,29721,111,122,119,118,27804,404,4631,32553,112,121,47,128,0,26100,3386,29397,42,119,612,539,200,202,480,1,480]},"pktlen": {"min":52,"avg":368.8,"max":1492,"stddev":501.9,"var":251883.6,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,258,52,1098,52,1098,52,1492,213,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0],"entropies": [4.178360939,5.179368496,4.697768211,4.427728176,5.063529015,7.851000309,4.813152790,7.845917702,4.813152790,5.983621120,7.867543221,5.101990700,5.063529491,5.947135925,4.813152790,6.003946304,4.813152790,5.601069927,4.813152790,7.593391895,5.101990700,7.833882809,4.813152790,7.234455585,4.813152790,7.825290203,4.813152790,7.825061321,4.813152790,7.862779140,6.971473694,4.813152790]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753113486,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753142675,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yORhYSrT9dM5L6AS\/ojKRwAAAgQFrAQCCAqZAScsA94uygEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753142784,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjkAbv10zkvYWEq1IAQCBYGoQAAAQEICgPeLueZAScs"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753142784,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjkAbv10zkvYWEq1IAYCBYIpgAAAQEICgPeLueZAScsFgMBAgABAAH8AwM9+deeUZ5R7+mlt4TS58yeiQvNl5z3bZC6XROM1OeqAyAu3XFgIji8OUQckLLZR\/woofIsVuhM3zOKDE29y9w8CAAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAERpAAUAAwJoMgAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQAzACsAKTo6AAEAAB0AIHH1LR4B4FRmX8x1yBPkBNV0AvrCgHTrMhZ4kWhalpF7\/wEAAQAALQACAQEAKwAHBoqKAwQDAwAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQASAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABsAAwIAAgAjAAAACwACAQAACgAKAAg6OgAdABcAGAAXAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753142784,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6788ea2a94927e5619dd027181568c48","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753142784,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753142905,"flow_dst_last_pkt_time":1694275753142461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":9162,"midstream":0,"thread_ts_usec":1694275753142905,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8703.3,"max":45949,"stddev":13302.1,"var":176947024.0,"ent":3.4,"data": [28085,28201,384,27317,1599,28469,1125,1106,357,0,25792,1376,19099,44,45949,800,799,122,26622,2279,28787,165,155,47,119,188,122,139,2,151,402]},"pktlen": {"min":52,"avg":420.8,"max":1492,"stddev":536.5,"var":287782.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0],"entropies": [4.178360939,5.179368496,4.697768211,4.465671062,5.101990700,7.854944706,4.697768211,7.809875011,4.697768211,5.873664379,7.864662647,4.986606121,5.025067806,5.925158024,6.076579094,4.736229897,5.645633221,4.736229897,7.572972775,5.101990700,7.820736408,4.697768211,7.844255924,4.774691582,7.700018883,4.774691582,7.863183498,4.774691582,7.845855713,7.759230137,4.736229897,6.349943638]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753144458,"flow_dst_last_pkt_time":1694275753144423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":8881,"midstream":0,"thread_ts_usec":1694275753144458,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8801.1,"max":47938,"stddev":13711.5,"var":188006496.0,"ent":3.3,"data": [29228,29329,496,27532,1366,28331,220,238,238,0,26638,1246,20216,47938,148,128,210,130,125,27634,166,27681,1407,1417,201,1,197,181,1,4,186]},"pktlen": {"min":52,"avg":409.5,"max":1492,"stddev":521.5,"var":271995.4,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0],"entropies": [4.096405983,5.212701797,4.644789696,4.448392391,4.948143959,7.855043888,4.659306526,7.778649330,4.659306526,5.925388336,7.864681721,4.986606121,4.986606121,5.916862488,4.721712589,5.903012753,4.721712589,5.593001842,4.721712589,7.630004406,4.972088814,7.828086376,4.661227226,7.798528194,4.736229897,7.867074966,7.685452938,4.736229897,7.846663475,7.118988514,7.517958641,4.736229897]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753146122,"flow_dst_last_pkt_time":1694275753146003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1433,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2553,"flow_dst_tot_l4_payload_len":7460,"midstream":0,"thread_ts_usec":1694275753146122,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8717.9,"max":38748,"stddev":14019.5,"var":196545520.0,"ent":3.3,"data": [38671,38748,126,30360,462,30642,89,118,233,1,27599,252,6053,33665,105,127,447,509,1,27532,2440,29902,175,1,181,283,257,543,552,56,125]},"pktlen": {"min":52,"avg":365.5,"max":1492,"stddev":491.4,"var":241507.3,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0],"entropies": [4.147110939,5.212701797,4.644789219,4.419518471,5.010550022,7.853214264,4.774691105,7.858500004,4.721712589,5.816802502,7.850301266,5.025067329,4.945418835,5.753163815,4.699688435,5.800758362,4.699688435,5.445039272,4.661226749,7.578277588,5.025067329,7.822142601,4.774691105,7.862545013,7.686777592,4.774691105,7.647759438,4.697767735,7.804819107,4.774691105,6.356986523,4.774691105]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753150312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753150312,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0MK9AADQGD5tNb\/dFwKgBHQG7yOPTLOlOcZnu7IAQAfrN4QAAAQEICpkBJzX\/JPlq"} 02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753151836,"flow_dst_last_pkt_time":1694275753151965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":8275,"midstream":0,"thread_ts_usec":1694275753151965,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9117.6,"max":45816,"stddev":14297.3,"var":204412768.0,"ent":3.3,"data": [37162,37280,0,27012,1251,28169,142,144,236,0,24468,55,1310,20125,101,45816,3,283,299,125,27321,439,27637,64,125,1224,1180,265,244,162,3]},"pktlen": {"min":52,"avg":390.4,"max":1492,"stddev":502.9,"var":252956.0,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1467,52,52,52,91,93,52,52,76,52,591,52,1098,52,478,52,1098,52,1098,52,1492,704]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1],"entropies": [4.127655983,5.133453369,4.644789219,4.442614079,5.010550022,7.867527962,4.721712589,7.795043945,4.721712589,5.873665333,7.874347687,5.025067329,5.063529015,4.972088814,5.857666969,5.888303280,4.736229897,4.736229897,5.530437469,4.774691582,7.632213593,5.063529015,7.815135002,4.813152790,7.516163349,4.774691582,7.824700832,4.774691582,7.838304520,4.813152790,7.871241570,7.673780441]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753152492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753152492,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6b5bd5ac6bb016b178ad970087122ccd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753152492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753152492,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":735,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753154865,"flow_dst_last_pkt_time":1694275753154833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2545,"flow_dst_tot_l4_payload_len":8486,"midstream":0,"thread_ts_usec":1694275753154865,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9457.0,"max":57833,"stddev":15109.6,"var":228298688.0,"ent":3.3,"data": [30059,30139,121,26458,1560,27891,273,238,151,119,26523,1202,30388,57833,85,122,81,120,0,27714,879,28536,122,121,521,511,442,436,259,1,261]},"pktlen": {"min":52,"avg":397.3,"max":1492,"stddev":525.3,"var":275956.2,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0],"entropies": [4.178360939,5.279368877,4.774691582,4.459428787,5.101990700,7.858173370,4.813153267,7.814331532,4.813153267,5.795908928,7.870773792,5.101990700,5.101990700,5.819097996,4.736229897,5.874914646,4.736229897,5.671948910,4.736229897,7.660532475,5.140452385,7.835998535,4.721712589,7.805009365,4.721712589,7.869886875,4.760174274,7.682819366,4.721712589,7.854982853,7.199785709,4.721712589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02153{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":764,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753158311,"flow_dst_last_pkt_time":1694275753158853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2629,"flow_dst_tot_l4_payload_len":5409,"midstream":0,"thread_ts_usec":1694275753158853,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9623.4,"max":32850,"stddev":13236.8,"var":175211552.0,"ent":3.5,"data": [32822,32850,120,27662,376,27946,271,248,235,1,26293,93,195,4698,40,31099,4,93,128,330,26028,1860,27534,192,2,191,460,26582,1656,27746,571]},"pktlen": {"min":52,"avg":303.8,"max":1492,"stddev":468.3,"var":219308.0,"ent":3.8,"data": [64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148]},"bins": {"c_to_s": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1],"entropies": [4.127655983,5.133453369,4.683250904,4.385419369,4.830034256,7.850477219,4.608248234,7.807518482,4.608248234,5.853418827,7.877923965,4.834680080,4.796218395,4.906957626,5.894884586,5.904536724,4.721712589,4.721712589,5.593001842,4.668734074,7.673239231,4.986606121,7.827546597,4.721712589,7.875779629,5.149026394,4.721712589,6.340921402,4.948144436,7.214760303,4.721712589,6.508280754]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":780,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753160166,"flow_dst_last_pkt_time":1694275753160196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2537,"flow_dst_tot_l4_payload_len":8486,"midstream":0,"thread_ts_usec":1694275753160196,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9659.5,"max":47892,"stddev":14864.2,"var":220945344.0,"ent":3.4,"data": [37443,37520,0,31039,230,31281,756,693,168,119,26825,1309,20041,47892,47,125,1434,1377,127,27044,1932,28829,219,1,220,947,1,949,415,408,55]},"pktlen": {"min":52,"avg":397.1,"max":1492,"stddev":521.5,"var":271947.3,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.166565895,5.266787052,4.683250904,4.450848103,5.049012184,7.868894100,4.760174274,7.809042931,4.760174274,6.025981426,7.854910374,5.010550499,5.049012184,5.960818291,4.721712589,5.823785782,4.721712589,5.583068848,4.721712589,7.577066422,5.010550499,7.844899654,4.721712589,7.868763924,5.716469765,4.683250904,7.879194260,7.500804424,4.668734074,7.816272259,4.668734074,7.492917061]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -258,7 +258,7 @@ 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":854,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753168577,"flow_dst_last_pkt_time":1694275753168228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":6724,"midstream":0,"thread_ts_usec":1694275753168577,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":45,"avg":10299.8,"max":54249,"stddev":15529.8,"var":241174704.0,"ent":3.4,"data": [30732,30788,121,27186,1010,28059,320,308,250,119,26416,1146,47,27001,54249,45,82,125,126,27432,16741,44044,620,622,141,245,218,124,336,322,320]},"pktlen": {"min":52,"avg":346.9,"max":1492,"stddev":471.5,"var":222289.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200]},"bins": {"c_to_s": [11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0],"entropies": [4.209610939,5.212701797,4.697768211,4.393926620,4.911602974,7.839852333,4.774691105,7.844349861,4.774691105,5.884398460,7.869220257,5.025067329,4.972088814,4.950064659,5.741038799,4.736229420,5.917925358,5.466558933,4.774691105,7.588748932,4.986605644,7.821203709,4.721712589,7.844308853,4.721712589,7.750556469,4.683250904,7.837769032,4.774691582,6.556000710,4.774691105,6.785351276]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753140859,"flow_dst_last_pkt_time":1694275753169011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2647,"flow_dst_tot_l4_payload_len":8540,"midstream":0,"thread_ts_usec":1694275753169011,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9330.9,"max":35953,"stddev":13596.4,"var":184862544.0,"ent":3.5,"data": [35471,35507,119,26076,1579,27544,91,119,131,118,25702,1279,9274,35953,78,119,62,122,0,26721,2955,29610,279,257,260,7,269,85,120,565,28786]},"pktlen": {"min":52,"avg":402.2,"max":1492,"stddev":504.9,"var":254904.0,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,790,52,148,1050]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1],"entropies": [4.209610939,5.279368877,4.736229897,4.435394764,5.025067806,7.849986076,4.774691582,7.816172600,4.774691582,5.942630291,7.852092266,5.101990700,5.101990700,5.837246418,4.774691582,5.982440948,4.774691582,5.576618671,4.736229897,7.621116638,5.010550499,7.824245453,4.774691582,7.795956612,4.774691582,7.864316463,7.690004826,4.774691582,7.748708725,4.736229897,6.344797611,7.815868378]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753171094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753171094,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0vxVAADQGgTRNb\/dFwKgBHQG7yORhYSrU9dM7NIAQAfrzWwAAAQEICpkBJ0kD3i7n"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753171568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753171568,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6788ea2a94927e5619dd027181568c48","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753171568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753171568,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753177076,"flow_dst_last_pkt_time":1694275753177040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2705,"flow_dst_tot_l4_payload_len":8575,"midstream":0,"thread_ts_usec":1694275753177076,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10725.2,"max":40210,"stddev":14136.1,"var":199829872.0,"ent":3.7,"data": [40155,40210,118,29546,1484,32,30956,130,118,29821,29534,73,5139,1,43,5341,249,21300,7591,1187,29771,1326,1,1305,322,1,339,513,26647,1554,27675]},"pktlen": {"min":52,"avg":405.9,"max":1492,"stddev":519.4,"var":269778.8,"ent":4.0,"data": [64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52]},"bins": {"c_to_s": [8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0],"entropies": [4.178360939,5.246035576,4.736229897,4.451525211,5.025067806,7.851028919,7.841320515,4.683251381,5.845689774,7.851963997,5.095714092,5.862931252,5.063529491,5.828950882,5.853408813,5.564821243,4.774691582,7.624622345,5.013759136,5.025067806,7.806596279,4.736229897,7.888963223,7.655417442,4.736229897,7.887620449,7.459178448,4.736229897,6.419945717,4.948144436,7.802871704,4.697768211]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":902,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753181968,"flow_dst_last_pkt_time":1694275753181931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2629,"flow_dst_tot_l4_payload_len":6694,"midstream":0,"thread_ts_usec":1694275753181968,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11025.6,"max":42176,"stddev":14970.6,"var":224118160.0,"ent":3.6,"data": [40200,40333,0,29265,250,29416,955,942,236,0,27565,267,14559,42176,48,64,120,122,27961,1022,28875,175,1,143,1506,56,1572,296,25767,1217,26684]},"pktlen": {"min":52,"avg":344.0,"max":1492,"stddev":469.5,"var":220464.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52]},"bins": {"c_to_s": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0],"entropies": [4.178360939,5.212701797,4.736229897,4.457423210,5.101990700,7.859472275,4.813152790,7.821522236,4.774691105,5.908147335,7.865066528,5.101990700,5.063529015,5.960818291,4.760174274,5.969052792,5.655566216,4.760174274,7.669263363,5.025067806,7.837982178,4.736229897,7.822892189,7.107737064,4.697768211,7.815825462,7.463544846,4.774691105,6.328453064,5.063529015,6.893532276,4.760174274]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753183247,"flow_dst_last_pkt_time":1694275753183183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2623,"flow_dst_tot_l4_payload_len":6562,"midstream":0,"thread_ts_usec":1694275753183247,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11271.2,"max":37291,"stddev":15316.9,"var":234607568.0,"ent":3.6,"data": [35067,35101,121,31243,2598,33715,62,123,121,122,30764,1478,5295,37291,91,17,119,0,31795,2206,33934,52,121,454,401,354,339,394,31850,1346,32834]},"pktlen": {"min":52,"avg":339.7,"max":1492,"stddev":452.7,"var":204941.1,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.209610939,5.179368496,4.721712589,4.376677036,4.986605644,7.859937668,4.721712589,7.809227943,4.721712589,5.884397507,7.882050514,5.025067329,5.025067329,5.969113827,4.760174274,5.896419525,5.601069927,4.760174274,7.617297173,5.063529015,7.812593937,4.721712589,7.472612858,4.760174274,7.815999031,4.760174274,7.750735760,4.760174274,6.306466579,5.063529015,7.681465626,4.760174274]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -274,18 +274,18 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753219923,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753251061,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOVIKF9r2tuYcKAS\/ohDbAAAAgQFrAQCCAqZASeWfinbRgEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753251177,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753251177,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjlAbva25hwSChfbIAQCBYGoQAAAQEICn4p22WZASeW"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753251434,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjlAbva25hwSChfbIAYCBYIpgAAAQEICn4p22WZASeWFgMBAgABAAH8AwM\/vb5WfKAvu6fz6v\/7KbFyVvMn\/aL6uOFWxqtuxnLFwiBQy+suJjuj+jP5vuedVGTiSzAFyQ8W8mCEEURdMBRxnAAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAArAAcG+voDBAMD\/wEAAQAALQACAQEAEgAAABcAAAAKAAoACNraAB0AFwAYACMAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAzACsAKdraAAEAAB0AIG3nDZctsQi0XlT5DFQdTiD9tUTWNg+9LO96XX+NRg8pAAUABQEAAAAAAAsAAgEAABsAAwIAAgANABIAEAQDCAQEAQUDCAUFAQgGBgFaWgABAAAVAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753251434,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b02753cad3bdb6463fc2bc97e8cc794c","ja3s":"","ja4":"t13d151400_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753251434,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d151400_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753282014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753282014,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0LwRAADQGEUZNb\/dFwKgBHQG7yOVIKF9s2tuadYAQAfpsfAAAAQEICpkBJ7V+Kdtl"} -01426{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753283400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753283400,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b02753cad3bdb6463fc2bc97e8cc794c","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d151400_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753283400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753283400,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d151400_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753284172,"flow_dst_last_pkt_time":1694275753284172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753284172,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753284172,"flow_dst_last_pkt_time":1694275753284172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753284172,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjmAbtQJVz7AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK+RQBPQAAAAAEAgAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753284172,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753312288,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yOYfynEvUCVc\/KAS\/oh\/DgAAAgQFrAQCCAqZASfW+RQBPQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753312381,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753312381,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjmAbtQJVz8H8pxMIAQCBYGoQAAAQEICvkUAVmZASfW"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753312502,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjmAbtQJVz8H8pxMIAYCBYIpgAAAQEICvkUAVmZASfWFgMBAgABAAH8AwN0cGcIVOrXJL8XwB88mgODwv9vxvv5pXm2MzL\/0VrVTiDSBKD0SuFY9pYcsNQNRYQiY\/2hD8B11UK13eDBcfCc5gAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAERpAAUAAwJoMgAKAAoACJqaAB0AFwAYADMAKwApmpoAAQAAHQAgT\/1RBvWNpdOMVIxT3TwBBCQunviPjrOX0EPQufzxincAKwAHBioqAwQDAwAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAjAAAACwACAQAALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAASAAAAGwADAgACAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29t\/wEAAQBqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753312502,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"936e6ce83ab4f11d1ce3ffb026e44b8e","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753312502,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1245,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753303434,"flow_dst_last_pkt_time":1694275753329187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2751,"flow_dst_tot_l4_payload_len":5916,"midstream":0,"thread_ts_usec":1694275753329187,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":19694.0,"max":107916,"stddev":28481.2,"var":811176192.0,"ent":3.5,"data": [40372,40455,0,31025,504,31473,64,120,123,121,29003,46,28780,26348,55847,82165,54,124,222,149,126,26281,81732,107916,74,66,120,53,121,588,26443]},"pktlen": {"min":52,"avg":324.2,"max":1492,"stddev":448.2,"var":200860.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,64,52,116,64,91,52,93,52,76,52,591,52,1098,52,498,1098,52,810,52,200,52]},"bins": {"c_to_s": [10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1],"entropies": [4.178360939,5.246035099,4.736229897,4.451611042,5.063529015,7.858956337,4.721712589,7.794020176,4.774691582,5.846198559,7.861629963,5.088054180,5.025067806,5.788827896,5.119304180,5.893327236,4.774691582,5.874913692,4.774691582,5.517536640,4.774691582,7.634633541,5.025067806,7.812478542,4.774691582,7.541460991,7.811731815,4.736229897,7.709799290,4.774691582,6.858570576,5.025067806]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753340708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753340708,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0rfdAADYGkFJNb\/dFwKgBHQG7yOYfynEwUCVfAYAQAfqoJAAAAQEICpkBJ\/L5FAFZ"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753342153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753342153,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"936e6ce83ab4f11d1ce3ffb026e44b8e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753342153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753342153,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02297{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1271,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753359055,"flow_dst_last_pkt_time":1694275753358210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1272,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2678,"flow_dst_tot_l4_payload_len":9521,"midstream":0,"thread_ts_usec":1694275753359055,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8949.0,"max":36574,"stddev":13973.5,"var":195257968.0,"ent":3.4,"data": [31138,31254,257,30953,1386,32001,76,122,2814,124,33216,1227,5063,38,3,36574,123,31144,2873,33906,253,2,224,204,200,196,193,515,523,580,237]},"pktlen": {"min":52,"avg":433.8,"max":1492,"stddev":539.4,"var":290977.1,"ent":4.0,"data": [64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252]},"bins": {"c_to_s": [10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0],"entropies": [4.147110939,5.246035099,4.736229897,4.159043312,5.025067329,7.830972195,4.774691105,7.815896988,4.774691105,5.994354248,7.858992100,5.063529015,5.025067329,5.872906685,5.982440948,5.514054298,4.697767735,7.582472324,4.986605644,7.813449383,4.697767735,7.878967285,7.719236851,4.644789219,7.881211758,4.530653477,7.866177559,4.569114685,7.756382465,4.569115162,6.282574654,6.984082222]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1307,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753403236,"flow_dst_last_pkt_time":1694275753403327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8778,"midstream":0,"thread_ts_usec":1694275753403327,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7684.5,"max":30516,"stddev":12314.1,"var":151637984.0,"ent":3.3,"data": [28116,28209,121,28420,1445,29693,83,119,119,121,26978,42,1,3719,23,47,30516,125,126,27397,1558,28748,106,127,112,124,266,202,721,714,121]},"pktlen": {"min":52,"avg":406.1,"max":1492,"stddev":507.8,"var":257847.6,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.148671150,5.252541542,4.699688911,4.452308655,4.900255203,7.863777637,4.658501625,7.817848682,4.658502102,5.889846802,7.854816914,5.022342205,5.060803890,4.983880520,5.919770718,5.835650444,5.512189865,4.738150120,4.738150120,7.652456760,4.985801220,7.818130970,4.738150120,7.801731110,4.738150120,7.818451881,4.738150120,7.852583885,4.738150120,7.834556580,4.738150120,7.715612888]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1351,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753460341,"flow_dst_last_pkt_time":1694275753460301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2577,"flow_dst_tot_l4_payload_len":10202,"midstream":0,"thread_ts_usec":1694275753460341,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":26654.6,"max":180430,"stddev":53880.0,"var":2903055104.0,"ent":2.9,"data": [27817,27853,120,27505,485,27870,364,362,389,121,26699,1946,152292,180430,83,1,121,136,27341,146601,173862,1373,2,1303,114,121,157,5,141,342,338]},"pktlen": {"min":52,"avg":452.0,"max":1492,"stddev":548.4,"var":300791.0,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,76,52,629,52,1098,52,1492,704,52,1098,52,1492,704,52,1358,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.209610939,5.246035099,4.774691582,4.406749725,5.063529015,7.869228363,4.774691105,7.824818134,4.813152790,5.949138165,7.883416653,5.025067329,5.101990700,5.776699543,4.774691105,5.990557671,5.627385616,4.774691105,7.667889118,5.063529015,7.841457844,4.813152790,7.862190723,7.708991528,4.813152790,7.806630135,4.774691105,7.855051994,7.713768005,4.813152790,7.857409000,4.684499741]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -293,8 +293,8 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754010923,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754038464,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNLpJ5fDGlM8jKAS\/oiAgwAAAgQFrAQCCAqZASqsUIIL6QEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754038604,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754038604,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjSAbsaUzyM6SeXxIAQCBYGoQAAAQEIClCCDAWZASqs"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754038928,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjSAbsaUzyM6SeXxIAYCBYIpgAAAQEIClCCDAWZASqsFgMBAgABAAH8AwMpblNmYGMr2+VJsbgcAw6KwGJgQByz31xIngw5ZDglwyBr5JoB1bKPbRrkBei8AmZowvzektL79y1j5bFVzzCahQAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT6uoAAAAXAAAACgAKAAjKygAdABcAGAALAAIBAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAIwAAAC0AAgEB\/wEAAQBEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAEgAAACsABwaqqgMEAwMAMwArACnKygABAAAdACAfVvRSEsN+a6\/5pQu73ENwGwQIlWQua6eLxVZxnTJUNwANABIAEAQDCAQEAQUDCAUFAQgGBgGqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754038928,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"cd653a825c6c269bdd28283252c5ca8c","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754067676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754067676,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"cd653a825c6c269bdd28283252c5ca8c","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754038928,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754067676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754067676,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754087463,"flow_dst_last_pkt_time":1694275754087463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754087463,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754087463,"flow_dst_last_pkt_time":1694275754087463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754087463,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjoAbtXdiucAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKSZgLiAAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1442,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754109202,"flow_dst_last_pkt_time":1694275754109202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754109202,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -302,26 +302,26 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754087463,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754114575,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yOhElg3jV3YrnaAS\/oiJqQAAAgQFrAQCCAqZASr5SZgLiAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754114687,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754114687,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjoAbtXdiudRJYN5IAQCBYGoQAAAQEICkmYC6SZASr5"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754115657,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjoAbtXdiudRJYN5IAYCBYIpgAAAQEICkmYC6SZASr5FgMBAgABAAH8AwP9232\/YqRYp72+g0kUgBmvBkaVngkWmUUip3Zv8OurtCAuHxuTywKZ4zZe29LhhKK6pU+TM\/fr38OAJ4kLEkmlfQAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAArAAcGenoDBAMDABAADgAMAmgyCGh0dHAvMS4x\/wEAAQAAEgAAAAoACgAIGhoAHQAXABgABQAFAQAAAAAACwACAQAAFwAAACMAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAzACsAKRoaAAEAAB0AIHil1hmRNrGReAIJWcaVBi5y\/R2Y6DbWnpppdDlfBtNXRGkABQADAmgyAC0AAgEBAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAbAAMCAAKKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754115657,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"4afc46d232d77551effc9cce3df35f16","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754115657,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754128769,"flow_dst_last_pkt_time":1694275754128769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754128769,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754128769,"flow_dst_last_pkt_time":1694275754128769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754128769,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjrAbskWJ9iAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKkoTmRgAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754109202,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754135968,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yOmxIYcq47aQBqAS\/og+mgAAAgQFrAQCCAqZASsP\/e7LrAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754136155,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754136155,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjpAbvjtpAGsSGHK4AQCBYGoQAAAQEICv3uy8eZASsP"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754136275,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjpAbvjtpAGsSGHK4AYCBYIpgAAAQEICv3uy8eZASsPFgMBAgABAAH8AwONua86aJNQlHQjz2pRVetaFBx5Eg\/UPYfL9CvJxFiLICCPfnhSpztKKpmNbFTxvds9ns+RK\/cA5Xu1Nym72Z6SggAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAFAAUBAAAAAAASAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb21EaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjEAFwAAAC0AAgEBAAsAAgEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAzACsAKYqKAAEAAB0AIPWNkqMW1zGkkUHfnZujpHSNTA0+xDnDW4HB5kc+yi1wACsABwZqagMEAwP\/AQABAAAbAAMCAAIAIwAAAAoACgAIiooAHQAXABiKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754136275,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"263749057f858bb5c2f786931adb108e","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754136275,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754143203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754143203,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0islAADYGs4BNb\/dFwKgBHQG7yOhElg3kV3YtooAQAfqyvgAAAQEICpkBKxZJmAuk"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754144689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754144689,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"4afc46d232d77551effc9cce3df35f16","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754144689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754144689,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754128769,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754156159,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOsw6MPGJFifY6AS\/oiC8wAAAgQFrAQCCAqZASsjkoTmRgEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754156249,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754156249,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjrAbskWJ9jMOjDx4AQCBYGoQAAAQEICpKE5mKZASsj"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754156498,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjrAbskWJ9jMOjDx4AYCBYIpgAAAQEICpKE5mKZASsjFgMBAgABAAH8AwM5HdE6f2RqdAedwNiNBVBoeWt\/3C1idy74sZsoxY0lySDFMbyVm7aVtSia4atqOJYPhSbuo1q+QLZ7YpfOQunTfQAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAFAAUBAAAAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAACgAKAAhKSgAdABcAGAAtAAIBAQAXAAAAEAAOAAwCaDIIaHR0cC8xLjEAEgAA\/wEAAQAAKwAHBioqAwQDA0RpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAGwADAgACADMAKwApSkoAAQAAHQAgJB+tkl3Sdyfw+u0UTtiVaLS4V0PPYiS+78yVNoRXGhQACwACAQBqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754156498,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"2d6e42ac63c9ed1a1694e4165bde6d99","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754156498,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754163249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754163249,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0PaZAADYGAKRNb\/dFwKgBHQG7yOmxIYcr47aSC4AQAfpnsgAAAQEICpkBKyr97svH"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754163811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754163811,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"263749057f858bb5c2f786931adb108e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754163811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754163811,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1489,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754138286,"flow_dst_last_pkt_time":1694275754165611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2642,"flow_dst_tot_l4_payload_len":6894,"midstream":0,"thread_ts_usec":1694275754165611,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":73662.1,"max":1028278,"stddev":247407.8,"var":61210599424.0,"ent":1.8,"data": [1000737,1028278,27681,324,28645,567,28844,691,697,1111,253,27150,1201,8852,39,35837,4,101,123,600,27345,2874,29634,1307,3,1324,123,129,802,27302,947]},"pktlen": {"min":52,"avg":351.0,"max":1492,"stddev":482.3,"var":232616.9,"ent":3.9,"data": [64,64,60,52,569,52,1492,52,1129,52,116,1459,52,52,91,93,52,52,76,52,591,52,1098,52,1492,528,52,1067,52,167,52,348]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1],"entropies": [4.088861465,4.209610939,5.212701797,4.774691582,4.424145699,5.101990700,7.850503922,4.813152790,7.848980427,4.736229420,5.914655209,7.855607510,5.063529015,5.010550022,5.849371433,5.990558147,4.697768211,4.697767735,5.653701305,4.699688435,7.598402977,4.947340012,7.796793461,4.813152790,7.865888596,7.585998535,4.813152790,7.790732861,4.684499741,6.595388412,5.101990700,7.308109760]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1494,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754173951,"flow_dst_last_pkt_time":1694275754173951,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754173951,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754173951,"flow_dst_last_pkt_time":1694275754173951,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754173951,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjsAbtXXCyTAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKjSiZ1wAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754183341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754183341,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07A5AADQGVDtNb\/dFwKgBHQG7yOsw6MPHJFihaIAQAfqsCgAAAQEICpkBKz6ShOZi"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754184697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754184697,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"2d6e42ac63c9ed1a1694e4165bde6d99","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754184697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754184697,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754185416,"flow_dst_last_pkt_time":1694275754185416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754185416,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754185416,"flow_dst_last_pkt_time":1694275754185416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754185416,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjtAbv3qQ1dAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK8GJ7VAAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1504,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754188438,"flow_dst_last_pkt_time":1694275754188438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754188438,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -329,32 +329,32 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754173951,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754202041,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOyTSe32V1wslKAS\/oiHygAAAgQFrAQCCAqZAStQjSiZ1wEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754202105,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754202105,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjsAbtXXCyUk0nt94AQCBYGoQAAAQEICo0omfOZAStQ"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754202227,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjsAbtXXCyUk0nt94AYCBYIpgAAAQEICo0omfOZAStQFgMBAgABAAH8AwPXIzcRPLRaTHpxU1Ikqi+RRRLkBmxDx5mQ\/nqgxQxymiAKOfEZ8irOMg130vlHqNJeS2a+8iQwvTpHCYAYxd0q0gAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAAKAAoACHp6AB0AFwAYAAsAAgEAABsAAwIAAgASAABEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAAAzACsAKXp6AAEAAB0AIArnhdF+CKge8ZlSyjxw3ModMcWTS1ohLb9lbfdAVWZ\/ACMAAAArAAcGqqoDBAMDAC0AAgEBABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQANABIAEAQDCAQEAQUDCAUFAQgGBgEABQAFAQAAAABaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754202227,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"9b0e7583c7ef3a345ec5a06e7cb11acc","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754202227,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754188438,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754215808,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yO5wE5csW6LOCKAS\/ohyKgAAAgQFrAQCCAqZAStgDw8BxQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754215878,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754215878,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjuAbtbos4IcBOXLYAQCBYGoQAAAQEICg8PAeGZAStg"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754216002,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjuAbtbos4IcBOXLYAYCBYIpgAAAQEICg8PAeGZAStgFgMBAgABAAH8AwNG6xajGlbC\/+0Mg3802vqK7PT820hA\/OUqpwbJodeJRSCu4HKLkAwPGESVtKP5YQa4eWnSp1lasFdXgsRu5DidXAAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAFAAUBAAAAAAAXAAAAIwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAURpAAUAAwJoMgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAEgAAAAsAAgEAACsABwb6+gMEAwP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQAKAAoACHp6AB0AFwAYADMAKwApenoAAQAAHQAg9gADJmcEWvYAoSIp57c\/zAs3QIQSoFgMjRwzaJ0uzWBaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754216002,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"1cd1a944e2d3347798156aa08a0a306a","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754216002,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754185416,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754217215,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yO07+LOT96kNXqAS\/ohTpAAAAgQFrAQCCAqZAStb8GJ7VAEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754217283,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754217283,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjtAbv3qQ1eO\/izlIAQCBYGoQAAAQEICvBie3SZAStb"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754217409,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjtAbv3qQ1eO\/izlIAYCBYIpgAAAQEICvBie3SZAStbFgMBAgABAAH8AwPWlM2q21bYPWVm3dZI6NdZaIu\/vQUL2gFO8bChUYM0AiBnthjfWBtIiah+hdPpKJVWGpyXbLFZjjeSELhkUjMDhwAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTWloAAAAtAAIBAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQAKAAoACDo6AB0AFwAYABIAAP8BAAEAADMAKwApOjoAAQAAHQAgek6VDYMXDlUlzMI82KSXZzbNoqUNGXaTNP70H2d9aDoAKwAHBmpqAwQDAwAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQALAAIBAAAXAABEaQAFAAMCaDIADQASABAEAwgEBAEFAwgFBQEIBgYBABsAAwIAAgAjAAB6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754217409,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"443c0128c0380aacb46492308cacdcaf","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754217409,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1550,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754222775,"flow_dst_last_pkt_time":1694275754222809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":8486,"midstream":0,"thread_ts_usec":1694275754222809,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":53,"avg":7328.4,"max":29008,"stddev":11707.9,"var":137075808.0,"ent":3.3,"data": [26766,26953,120,27281,562,27629,813,839,433,121,25853,1242,2546,29008,63,61,121,118,26073,1611,53,27591,133,175,125,306,255,75,54,127,73]},"pktlen": {"min":52,"avg":397.0,"max":1492,"stddev":481.5,"var":231822.5,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,478,52,52,1098,52,1098,52,882,1098,52,478]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1],"entropies": [4.178360939,5.212701797,4.683251381,4.451683044,5.026988029,7.857296467,4.697768211,7.828640461,4.774691582,5.911512852,7.851897717,5.065449715,5.065449715,5.871349335,4.813152790,5.937906265,5.653701305,4.813152790,7.646155357,5.026988029,7.825329781,7.531569481,4.736229897,4.736229897,7.828527451,4.736229897,7.810995102,4.736229897,7.729085922,7.824745655,4.736229897,7.451065063]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754229437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754229437,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0CLlAADQGN5FNb\/dFwKgBHQG7yOyTSe33V1wumYAQAfqw4AAAAQEICpkBK2yNKJnz"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754230968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754230968,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"9b0e7583c7ef3a345ec5a06e7cb11acc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754230968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754230968,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1579,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754234003,"flow_dst_last_pkt_time":1694275754234527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2545,"flow_dst_tot_l4_payload_len":8833,"midstream":0,"thread_ts_usec":1694275754234527,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":9471.1,"max":57872,"stddev":15017.5,"var":225526784.0,"ent":3.3,"data": [27112,27224,970,28628,1486,29076,93,121,228,122,26977,75,31206,57872,54,125,1121,1044,121,26899,2278,29074,159,50,173,133,201,126,164,131,561]},"pktlen": {"min":52,"avg":408.2,"max":1492,"stddev":535.4,"var":286624.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,52,1492,52,1318,52,422]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1],"entropies": [4.209610939,5.279368401,4.774691582,4.405547142,5.101990700,7.842993259,4.813152790,7.800993443,4.774691582,5.883537769,7.866736889,5.101990700,5.101990700,5.842633247,4.813152790,5.929789066,4.774691582,5.655566216,4.813152790,7.597860336,5.140452385,7.840083122,4.774691105,7.865912437,7.702890873,4.813152790,4.813152790,7.872797966,4.738150120,7.842354298,4.813152790,7.483771801]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754242059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754242059,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA004pAADQGbL9Nb\/dFwKgBHQG7yO5wE5ctW6LQDYAQAfqbQwAAAQEICpkBK3kPDwHh"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754243526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754243526,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"1cd1a944e2d3347798156aa08a0a306a","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754243526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754243526,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754248180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754248180,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0aa1AADQG1pxNb\/dFwKgBHQG7yO07+LOU96kPY4AQAfp8sgAAAQEICpkBK3vwYnt0"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1593,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754249808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754249808,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"443c0128c0380aacb46492308cacdcaf","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1593,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754249808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754249808,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754253928,"flow_dst_last_pkt_time":1694275754254386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2537,"flow_dst_tot_l4_payload_len":8915,"midstream":0,"thread_ts_usec":1694275754254386,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8089.5,"max":39082,"stddev":12490.1,"var":156003200.0,"ent":3.4,"data": [27390,27480,249,27182,1356,28286,92,124,218,120,25685,1244,12558,39082,57,53,128,120,26494,1303,27676,948,933,253,252,356,358,124,2,133,520]},"pktlen": {"min":52,"avg":410.5,"max":1492,"stddev":518.8,"var":269178.6,"ent":4.0,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,1492,52,1492,520,52,480]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1],"entropies": [4.209610939,5.279368401,4.774691582,4.462305069,5.063529491,7.853986740,4.774691105,7.855288506,4.774691105,5.946134090,7.851401806,5.025067329,5.063529015,5.938840866,4.813152790,5.967528820,5.698264599,4.813152790,7.638842583,5.063529015,7.796915054,4.813152790,7.480909824,4.813152790,7.834682941,4.813152790,7.873820305,4.813152790,7.873530388,7.590673923,4.813152790,7.535659313]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1626,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754263304,"flow_dst_last_pkt_time":1694275754263304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754263304,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754263304,"flow_dst_last_pkt_time":1694275754263304,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754263304,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjwAbuqEt3PAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKkvM+WAAAAAAEAgAA"} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754263304,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754291134,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPAm9ybIqhLd0KAS\/ogMsAAAAgQFrAQCCAqZASupkvM+WAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754291189,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754291189,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjwAbuqEt3QJvcmyYAQCBYGoQAAAQEICpLzPnSZASup"} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754291310,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjwAbuqEt3QJvcmyYAYCBYIpgAAAQEICpLzPnSZASupFgMBAgABAAH8AwN\/rsPnuyo3H49M01ABYjRatkcMtX5alBP1e\/Pb1uUsmyBmyGpKj7FISvX4QoLaix1HzsLqrCJb0xYNbU+5WxJO0wAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAP8BAAEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQALAAIBAAAtAAIBAQAzACsAKWpqAAEAAB0AIDnkd89JPA\/2gWK\/OWmqfmleNhCyIfV\/vvmvf8MVsfBbABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbURpAAUAAwJoMgAFAAUBAAAAAAASAAAACgAKAAhqagAdABcAGAAQAA4ADAJoMghodHRwLzEuMQArAAcG6uoDBAMDACMAAAAXAAC6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754291310,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"4de89109ff6576c4d8b4a6688718f393","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754291310,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754318236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754318236,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0xMFAADQGe4hNb\/dFwKgBHQG7yPAm9ybJqhLf1YAQAfo1xgAAAQEICpkBK8WS8z50"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754318782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754318782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"4de89109ff6576c4d8b4a6688718f393","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754318782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754318782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1681,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754292941,"flow_dst_last_pkt_time":1694275754328160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2611,"flow_dst_tot_l4_payload_len":7674,"midstream":0,"thread_ts_usec":1694275754328160,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8812.9,"max":31849,"stddev":12624.9,"var":159387984.0,"ent":3.5,"data": [28090,28154,122,27396,1531,28788,99,125,193,123,28156,1244,2735,31849,112,25,122,123,27184,1733,28734,219,1,215,186,2,1,198,244,27002,8493]},"pktlen": {"min":52,"avg":374.0,"max":1492,"stddev":504.4,"var":254392.6,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584]},"bins": {"c_to_s": [9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.209610939,5.246035099,4.697768211,4.397861958,4.933627129,7.849544525,4.736229897,7.854951859,4.697768211,5.908147812,7.836333752,4.986606121,4.895165920,5.871349335,4.736229897,5.888302803,5.497672081,4.721712589,7.584928513,5.010550499,7.818240643,4.813152790,7.867399693,6.028574944,4.813152790,7.871778011,7.226988792,7.308317184,4.813152790,6.285698891,4.986605644,7.638573647]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1772,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754389266,"flow_dst_last_pkt_time":1694275754415554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3051,"flow_dst_tot_l4_payload_len":5838,"midstream":0,"thread_ts_usec":1694275754415554,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8974.6,"max":35635,"stddev":12697.2,"var":161217744.0,"ent":3.5,"data": [27830,27885,121,27102,546,27529,840,830,274,126,26171,1039,8743,35,35635,102,131,1,26009,5343,31325,209,25,1,154,122,1581,125,123,26933,1322]},"pktlen": {"min":52,"avg":330.4,"max":1492,"stddev":469.3,"var":220240.5,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52]},"bins": {"c_to_s": [9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1],"entropies": [4.209610939,5.146035194,4.697768211,4.450056553,5.025067806,7.871761799,4.774691105,7.827337265,4.774691105,5.826527119,7.855667114,4.986606121,5.063529015,5.820655346,5.916401386,4.774691105,5.655566216,4.774691105,7.614426613,4.986605644,7.813764095,4.736229897,7.864622593,7.699440479,6.489213943,4.736229420,4.774691105,6.518905640,6.645439148,7.327331066,4.986606121,5.025067806]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1842,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754475502,"flow_dst_last_pkt_time":1694275754475507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8279,"midstream":0,"thread_ts_usec":1694275754475507,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":18520.4,"max":122292,"stddev":34250.8,"var":1173117056.0,"ent":3.1,"data": [27370,27440,124,26251,1467,27581,100,125,157,123,25729,67,66,96709,2,0,122292,121,27232,81194,37,108357,4,312,254,158,1,174,324,312,50]},"pktlen": {"min":52,"avg":390.5,"max":1492,"stddev":496.9,"var":246958.9,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271]},"bins": {"c_to_s": [10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.117421150,5.152541161,4.608248711,4.401409626,4.983880997,7.842836380,4.699688911,7.824921131,4.581578732,5.856733322,7.868278027,4.823332310,4.784870625,4.900255680,5.703821182,5.805127621,5.574754238,4.736229897,7.640416622,5.025067806,7.817220211,7.464954376,4.774691582,4.774691582,7.829095840,4.774691582,7.861445904,7.528592587,4.774691582,7.822453022,4.774691582,7.145882607]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -364,34 +364,34 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1880,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754588065,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754615021,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPHllHPF7n+9tqAS\/ojcdAAAAgQFrAQCCAqZASzuzEUEDQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1881,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754615121,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754615121,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjxAbvuf7225ZRzxoAQCBYGoQAAAQEICsxFBCiZASzu"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754615277,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjxAbvuf7225ZRzxoAYCBYIpgAAAQEICsxFBCiZASzuFgMBAgABAAH8AwMHlbsF8BakUAzjaA8e28V6EiKBP2Y43pfzj1u7FbexziB706YBATmvEbUO1DztFMgx1ZTh1DKfzqr6PZAA9CzfNgAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAbAAMCAAL\/AQABAAAKAAoACCoqAB0AFwAYAC0AAgEBAAsAAgEAACsABwZ6egMEAwMAFwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACB4OgQdbZ8h0gvzv\/MVy5kx6ZLWI5ybIJZR7Y+qN5ppPQAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAjAABEaQAFAAMCaDL6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754615277,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"ed5a9e40cd25a82b75ab0bd29f1bbc85","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754615277,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754642143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754642143,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0MxVAADQGDTVNb\/dFwKgBHQG7yPHllHPG7n+\/u4AQAfoFjQAAAQEICpkBLQnMRQQo"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754642602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754642602,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"ed5a9e40cd25a82b75ab0bd29f1bbc85","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754642602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754642602,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1919,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754887605,"flow_dst_last_pkt_time":1694275754887567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8280,"midstream":0,"thread_ts_usec":1694275754887605,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":19323.9,"max":124559,"stddev":35992.1,"var":1295428992.0,"ent":3.1,"data": [26956,27056,156,27122,459,99,27426,137,584,128,26592,49,98688,124559,1229,1205,60,121,122,26221,91359,117424,203,146,254,2,1,259,207,1,217]},"pktlen": {"min":52,"avg":390.5,"max":1492,"stddev":500.1,"var":250056.1,"ent":4.0,"data": [64,60,52,569,52,1492,1129,52,52,116,1465,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,262,52,1098,271,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0],"entropies": [4.123520851,5.154205322,4.683250904,4.412162781,5.010550022,7.834381104,7.791237831,4.721712589,4.721712589,5.949137688,7.879240513,4.948143959,4.909682274,5.859224319,4.721712589,5.771135330,4.721712589,5.514053822,4.721712589,7.619722366,4.972088814,7.835969448,4.760174274,7.801455021,4.760174274,7.874300480,7.673749924,7.163529873,4.721712589,7.815165997,7.164249420,4.721712589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755172671,"flow_dst_last_pkt_time":1694275755172671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755172671,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755172671,"flow_dst_last_pkt_time":1694275755172671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755172671,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjyAbu2e3zpAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKO0TVawAAAAAEAgAA"} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2013,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755172671,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755199573,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yPLHzMixtnt86qAS\/ojbegAAAgQFrAQCCAqZAS82O0TVawEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2014,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755199634,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755199634,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjyAbu2e3zqx8zIsoAQCBYGoQAAAQEICjtE1YaZAS82"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755199755,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjyAbu2e3zqx8zIsoAYCBYIpgAAAQEICjtE1YaZAS82FgMBAgABAAH8AwOhVdMZUZw2Ta90\/AmuRH8LafDWkwL7wvE25AdctOZZISDjd9upw8Ab8sW9OvFMqqdB0NZftfYem1nTiaIzIPDvVgAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAQAA4ADAJoMghodHRwLzEuMQAjAABEaQAFAAMCaDIAGwADAgACAAUABQEAAAAAAAoACgAIWloAHQAXABgACwACAQAAEgAAACsABwaqqgMEAwMAFwAAADMAKwApWloAAQAAHQAgqiMn9qWVoOPvY2IKnREXjvIIuQHHjYv1xpkb9D\/c8GsADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQAALQACAQEAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20qKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2015,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755199755,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6666840c6dacae658c91615526eff942","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2015,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755199755,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2017,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755218416,"flow_dst_last_pkt_time":1694275755218416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755218416,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755218416,"flow_dst_last_pkt_time":1694275755218416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755218416,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjzAbsxEndzAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKDDVGtwAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755218537,"flow_dst_last_pkt_time":1694275755218537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755218537,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755218537,"flow_dst_last_pkt_time":1694275755218537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755218537,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj0AbsZWwXAAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK9tU+aQAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755229473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755229473,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0yV5AADYGdOtNb\/dFwKgBHQG7yPLHzMiytnt+74AQAfoEkAAAAQEICpkBL1Q7RNWG"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2021,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755230954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755230954,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6666840c6dacae658c91615526eff942","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2021,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755230954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755230954,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755218416,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755247149,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPPwt3LIMRJ3dKAS\/ohQ6wAAAgQFrAQCCAqZAS9mDDVGtwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755247226,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755247226,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjzAbsxEnd08LdyyYAQCBYGoQAAAQEICgw1RtOZAS9m"} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755247350,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjzAbsxEnd08LdyyYAYCBYIpgAAAQEICgw1RtOZAS9mFgMBAgABAAH8AwPFjNLmli8qJUGnkKqv53i2tmSxoEoiyOnh0h\/j1WqyqiBkC5aN3NuUvinFD+Nvqi\/akQQ38IO0byUIcM\/65gz+hwAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAbAAMCAAIACgAKAAiqqgAdABcAGERpAAUAAwJoMgAFAAUBAAAAAAAXAAAACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEADQASABAEAwgEBAEFAwgFBQEIBgYBADMAKwApqqoAAQAAHQAg\/bQXccLlpFNqnBu8SkXCxG+3zZiXwi0L+HX4yTDtPiIALQACAQEAEgAAACMAAAArAAcGOjoDBAMD\/wEAAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb226ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2036,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755247350,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b22f4dc436b0a4d4bf71853f6f750b65","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2036,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755247350,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755218537,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755248368,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPSeqGkrGVsFwaAS\/ohTrgAAAgQFrAQCCAqZAS9m9tU+aQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755248433,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755248433,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj0AbsZWwXBnqhpLIAQCBYGoQAAAQEICvbVPoeZAS9m"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755248555,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj0AbsZWwXBnqhpLIAYCBYIpgAAAQEICvbVPoeZAS9mFgMBAgABAAH8AwOXWZu5liF7DjpaLjXmN8QJTZ29QnGv6uJwC0pLqR3JXiB4Soa50lspWbCFxCEkUynBz0JVrwHxuSVJ1+OuOMBpdwAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAASAAAAMwArACmKigABAAAdACDG71m3mFhvex+B2KW7+V0MB\/2VNx3XUCiW20mTH\/qDCgAtAAIBAQAbAAMCAAIAKwAHBkpKAwQDAwALAAIBAAAFAAUBAAAAAAAjAAAAFwAARGkABQADAmgyAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABAADgAMAmgyCGh0dHAvMS4xAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAKAAoACIqKAB0AFwAY\/wEAAQBaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2039,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755248555,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"0db0f419a58896c0dee4527e22867862","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2039,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755248555,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755274581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755274581,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0EW1AADQGLt1Nb\/dFwKgBHQG7yPPwt3LJMRJ5eYAQAfp6AgAAAQEICpkBL4EMNUbT"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2043,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755275149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755275149,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b22f4dc436b0a4d4bf71853f6f750b65","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2043,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755275149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755275149,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755275947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755275947,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0tNVAADQGi3RNb\/dFwKgBHQG7yPSeqGksGVsHxoAQAfp8wQAAAQEICpkBL4P21T6H"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2050,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755277274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755277274,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"0db0f419a58896c0dee4527e22867862","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2050,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755277274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755277274,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2088,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755349874,"flow_dst_last_pkt_time":1694275755349765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2606,"flow_dst_tot_l4_payload_len":9313,"midstream":0,"thread_ts_usec":1694275755349874,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8477.6,"max":41933,"stddev":13035.7,"var":169929040.0,"ent":3.4,"data": [28733,28810,124,27432,568,27899,751,720,296,128,25888,48,1133,15243,41,41933,6,108,146,127,27209,2863,29923,284,1,245,248,248,797,2,853]},"pktlen": {"min":52,"avg":425.1,"max":1492,"stddev":548.5,"var":300824.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0],"entropies": [4.209610939,5.179368496,4.774691582,4.431435585,5.063529015,7.849660397,4.774691105,7.813685417,4.736229420,5.936122894,7.856051445,5.025067329,5.025067329,5.025067329,5.982796192,5.960935116,4.813152790,4.813152790,5.708197594,4.760174274,7.601703644,5.025067329,7.811446667,4.774691105,7.878164768,7.722664356,4.813152790,7.861680031,4.813152790,7.862159729,7.756608009,4.813152790]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2173,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755474480,"flow_dst_last_pkt_time":1694275755477173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1409,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3336,"flow_dst_tot_l4_payload_len":4222,"midstream":0,"thread_ts_usec":1694275755477173,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":16599.3,"max":98727,"stddev":25221.2,"var":636110208.0,"ent":3.6,"data": [29831,29896,122,27579,1327,48,28784,126,253,1,26948,50,14095,65,40762,94,124,130,27112,1236,28283,675,27392,96809,124,98727,36,1194,29729,125,2902]},"pktlen": {"min":52,"avg":288.8,"max":1492,"stddev":419.8,"var":176233.3,"ent":3.9,"data": [64,60,52,569,52,1492,1128,52,52,116,1461,52,52,91,93,52,76,52,608,52,527,52,138,52,172,583,52,52,133,52,105,1098]},"bins": {"c_to_s": [8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1],"entropies": [4.147110939,5.179368496,4.736229897,4.460231304,5.025067329,7.857233524,7.810930252,4.736229897,4.646038055,5.957015991,7.839579105,4.911603451,4.950064659,5.831859112,5.853408813,4.774691105,5.645633221,4.774691105,7.545179844,5.063529015,7.596055508,4.774691105,6.332621574,4.972088814,6.592332363,7.682801247,5.025067806,5.063529015,6.338855743,4.736229420,5.810498714,7.810382843]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2231,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755591179,"flow_dst_last_pkt_time":1694275755591179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755591179,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -404,37 +404,37 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2256,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755591179,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755617537,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPns8LUkWlqxqqAS\/oiUQQAAAgQFrAQCCAqZATDZ4tGJNwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2257,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755617582,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755617582,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj5AbtaWrGq7PC1JYAQCBYGoQAAAQEICuLRiVKZATDZ"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755617701,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj5AbtaWrGq7PC1JYAYCBYIpgAAAQEICuLRiVKZATDZFgMBAgABAAH8AwNBblVKS2hPon0Q7u5q0xBF+xrnRq078gmjdgo56P9T4CCXGI8MGVPdjueAlRhAUrFr25cxEy6524S25poNYBcieQAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAERpAAUAAwJoMgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAALAAIBAAArAAcGmpoDBAMDABcAAAAjAAD\/AQABAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApiooAAQAAHQAg\/12Z2e3qk6WpBKLIlwyRN4APIJI3xyWNZK7lHuj55wEACgAKAAiKigAdABcAGAAtAAIBAQAbAAMCAALKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755617701,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5b895f864c5e0255be1e527a0f8d44b3","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755617701,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2263,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755597605,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755623725,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPrIerr5JceoSKAS\/oiUyAAAAgQFrAQCCAqZATDftdkSOAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2264,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755623772,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755623772,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj6Abslx6hIyHq6+oAQCBYGoQAAAQEICrXZElKZATDf"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755623890,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj6Abslx6hIyHq6+oAYCBYIpgAAAQEICrXZElKZATDfFgMBAgABAAH8AwMzNyawml\/KOra9wtXm9ZfZKXBENN+GtHDnrb\/+1u8mwCBZFiQ5C0IkSnggbrQr3Gtg0IBEDW6gvPfCxApYEDODlQAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgFEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAEgAAADMAKwApmpoAAQAAHQAgr8moM6nHczuCpkYXd+tGZYykCqqU\/7FqOBRpVxUuLFcAKwAHBtraAwQDAwAKAAoACJqaAB0AFwAYABsAAwIAAgAjAAAAFwAA\/wEAAQAALQACAQH6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2265,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755623890,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"13336f4a1d32920be14b7ab819cf7856","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2265,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755623890,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2267,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755624913,"flow_dst_last_pkt_time":1694275755624913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755624913,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755624913,"flow_dst_last_pkt_time":1694275755624913,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755624913,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj8Abvzl+xlAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK4treRwAAAAAEAgAA"} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755603186,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755629945,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yPtmlCswE8gVSKAS\/ojEQQAAAgQFrAQCCAqZATDlc6G7nwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755629981,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755629981,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj7AbsTyBVIZpQrMYAQCBYGoQAAAQEICnOhu7qZATDl"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755630099,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj7AbsTyBVIZpQrMYAYCBYIpgAAAQEICnOhu7qZATDlFgMBAgABAAH8AwPSXSGnWGRpvK6AQdh9X7VjiU0531JEWyzEgTJj\/X5fJiDJiMDHxqTv\/uw1ZiyYFt1kVMh48ORdzq5MoVZHMPWdBgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAP8BAAEARGkABQADAmgyAAoACgAImpoAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjEADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAALAAIBAAArAAcGamoDBAMDAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABsAAwIAAgAXAAAABQAFAQAAAAAALQACAQEAMwArACmamgABAAAdACBRisHa5iUV0jEGFK0NDJj17ej2vV\/EIzpGN0BOiEZVEgAjAAA6OgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2275,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755630099,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"24893e4411f07f81c140a8dee7689f4f","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2275,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755630099,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755644515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755644515,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA04MVAADQGX4RNb\/dFwKgBHQG7yPns8LUlWlqzr4AQAfq9WgAAAQEICpkBMPPi0YlS"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2280,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755644863,"flow_dst_last_pkt_time":1694275755644863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755644863,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755644863,"flow_dst_last_pkt_time":1694275755644863,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755644863,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj9Abt\/JbSWAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKYGFwSwAAAAAEAgAA"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2281,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755645050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755645050,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5b895f864c5e0255be1e527a0f8d44b3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2281,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755645050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755645050,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2287,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755649436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755649436,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0a2lAADQG1OBNb\/dFwKgBHQG7yPrIerr6JceqTYAQAfq94gAAAQEICpkBMPm12RJS"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2288,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755651006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755651006,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"13336f4a1d32920be14b7ab819cf7856","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2288,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755651006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755651006,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755624913,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755652295,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPw7GJOu85fsZqAS\/og+WAAAAgQFrAQCCAqZATD74treRwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755652361,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755652361,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj8Abvzl+xmOxiTr4AQCBYGoQAAAQEICuLa3mOZATD7"} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2299,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755652483,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj8Abvzl+xmOxiTr4AYCBYIpgAAAQEICuLa3mOZATD7FgMBAgABAAH8AwPm69jZyChAAcbLoQo\/fO9eOC1idWAm054SZMWB\/+CuLyBLb8XpDsCR00jON1OyF4XBrCyw6GBV\/\/cZDN2rLnWwOwAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAzACsAKXp6AAEAAB0AIGTNJqj1zAMFw4wmyB4qNLeEUV4lVmcsyJRj7pGcVWdh\/wEAAQAALQACAQEAKwAHBoqKAwQDAwASAAAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAoACgAIenoAHQAXABgAGwADAgACRGkABQADAmgyAAsAAgEAABcAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2299,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755652483,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"21da300403df11ae32db088408a85dc4","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2299,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755652483,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2301,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755656946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755656946,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0J2FAADYGFulNb\/dFwKgBHQG7yPtmlCsxE8gXTYAQAfrtWQAAAQEICpkBMQBzobu6"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2302,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755658497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755658497,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"24893e4411f07f81c140a8dee7689f4f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2302,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755658497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755658497,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2313,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755644863,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755673430,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yP2vUhtKfyW0l6AS\/ojfJAAAAgQFrAQCCAqZATEPYGFwSwEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755673505,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755673505,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj9Abt\/JbSXr1IbS4AQCBYGoQAAAQEICmBhcGeZATEP"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755673634,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj9Abt\/JbSXr1IbS4AYCBYIpgAAAQEICmBhcGeZATEPFgMBAgABAAH8AwPjfg0tVSLoSaetEBjHNBrhhpNUCGsMaaWreh2gW2amuiCxrHVOVlfkefsnz10FmlSXfPfN\/yUHQTkZGojc8Bad7AAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAASAAAACgAKAAja2gAdABcAGAALAAIBAAAXAAD\/AQABAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAIAIwAAAAUABQEAAAAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAQArAAcGOjoDBAMDRGkABQADAmgyADMAKwAp2toAAQAAHQAgMw2JWdOk+fH36BPMY3CgwQT9bdL71BRHrzqp\/yCbk0KKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755673634,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"ef6e2a9a1f67eb7b02766703f54ce119","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755673634,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2325,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755679588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755679588,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0x6FAADQGeKhNb\/dFwKgBHQG7yPw7GJOv85fua4AQAfpnbwAAAQEICpkBMRbi2t5j"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2326,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755680066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755680066,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"21da300403df11ae32db088408a85dc4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2326,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755680066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755680066,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2340,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755700731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755700731,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0sN1AADYGjWxNb\/dFwKgBHQG7yP2vUhtLfyW2nIAQAfoIOwAAAQEICpkBMStgYXBn"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2341,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755702233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755702233,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"ef6e2a9a1f67eb7b02766703f54ce119","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2341,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755702233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755702233,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2379,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755734383,"flow_dst_last_pkt_time":1694275755734310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3172,"flow_dst_tot_l4_payload_len":6067,"midstream":0,"thread_ts_usec":1694275755734383,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9236.6,"max":31972,"stddev":12441.7,"var":154796832.0,"ent":3.6,"data": [26358,26403,119,26978,535,27389,852,861,254,0,25874,1241,5086,31972,77,55,125,128,26000,1592,27438,118,120,294,291,271,123,25492,1251,1328,27710]},"pktlen": {"min":52,"avg":341.3,"max":1492,"stddev":465.2,"var":216385.7,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0],"entropies": [4.178360939,5.246035099,4.736229897,4.450769901,5.010550499,7.831455231,4.774691582,7.821967602,4.736229897,5.812989712,7.870883465,4.948144436,4.909682751,5.871349335,4.774691105,5.904536724,5.655566216,4.774691582,7.625833035,4.948144436,7.843266964,4.697768211,7.834841251,4.697768211,7.848744392,4.697768211,6.287255287,7.592099667,4.986606121,5.063529491,7.216260910,4.774691582]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2383,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755713599,"flow_dst_last_pkt_time":1694275755739336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1409,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3510,"flow_dst_tot_l4_payload_len":3095,"midstream":0,"thread_ts_usec":1694275755739336,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8313.7,"max":34384,"stddev":12122.2,"var":146947904.0,"ent":3.4,"data": [26120,26167,118,25711,1570,27175,107,127,259,0,25689,37,1216,7698,47,34384,92,136,131,25849,1397,27101,130,125,1,139,1,24899,84,1176,39]},"pktlen": {"min":52,"avg":259.0,"max":1492,"stddev":395.4,"var":156313.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52]},"bins": {"c_to_s": [7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1],"entropies": [4.178360939,5.133453369,4.659306526,4.424107075,4.933627605,7.842966080,4.659306526,7.815097809,4.697768211,5.880172253,7.882228851,5.025067329,4.986605644,5.063529015,5.903180122,5.794164658,4.736229897,5.497671604,4.736229897,7.663942814,5.063529015,7.601342678,4.736229897,6.248495102,6.650170803,7.628144741,6.482193947,6.486794472,4.986605644,4.909682274,4.986605644,4.948143959]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2437,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755770788,"flow_dst_last_pkt_time":1694275755770628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3302,"flow_dst_tot_l4_payload_len":3177,"midstream":0,"thread_ts_usec":1694275755770788,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":9406.1,"max":33781,"stddev":12793.0,"var":163659648.0,"ent":3.6,"data": [27382,27448,122,27293,478,27639,107,126,188,128,26067,466,7577,48,33781,141,1198,1103,126,27510,414,27780,313,119,120,26168,43,846,118,26619,122]},"pktlen": {"min":52,"avg":255.1,"max":1492,"stddev":395.4,"var":156328.1,"ent":3.8,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,93,52,52,76,52,612,52,527,52,138,172,537,52,52,52,133,52,105]},"bins": {"c_to_s": [9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0],"entropies": [4.209610939,5.279368401,4.774691582,4.425284386,5.025067329,7.843840599,4.774691105,7.790525913,4.813152790,5.903921127,7.861433029,5.063529491,5.049012184,6.057025433,5.917924881,4.736229897,4.736229897,5.619317532,4.774691582,7.620691299,5.063529491,7.641309261,4.813152790,6.272734165,6.614942074,7.499053478,5.063529491,5.025067329,5.063529015,6.509944439,4.774691582,5.864982128]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -443,9 +443,9 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2450,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755774249,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755805902,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yP6NE3Ex11xHoqAS\/ogaLQAAAgQFrAQCCAqZATGR7FSJ4gEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755806023,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755806023,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj+AbvXXEeijRNxMoAQCBYGoQAAAQEICuxUigKZATGR"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755806268,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj+AbvXXEeijRNxMoAYCBYIpgAAAQEICuxUigKZATGRFgMBAgABAAH8AwNGpkj\/QkdpAIrwvOPJBDEHpKp68mgEznrUbNTQfiZJsyAd3ZVLEIna1q4yvnuXDdQka2nzoE2cvsv\/1uL3Wp88lAAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAKAAoACNraAB0AFwAYAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQArAAcGuroDBAMDABsAAwIAAgAXAAAAIwAAADMAKwAp2toAAQAAHQAga+Vf4pVuQc3pJIAVNiRKKR6ZRWnKOOpIiR3oxeYU2FAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20ALQACAQEAEAAOAAwCaDIIaHR0cC8xLjFEaQAFAAMCaDL\/AQABAAAFAAUBAAAAAAASAAAACwACAQBaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2452,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755806268,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b9673546747d1952575dd5a057ad34e4","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2452,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755806268,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2459,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755837073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755837073,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0z9BAADYGbnlNb\/dFwKgBHQG7yP6NE3Ey11xJp4AQAfpDPAAAAQEICpkBMbDsVIoC"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2462,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755838478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755838478,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b9673546747d1952575dd5a057ad34e4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2462,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755838478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755838478,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2502,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275756014048,"flow_dst_last_pkt_time":1694275756014007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":9684,"midstream":0,"thread_ts_usec":1694275756014048,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":26505.9,"max":177926,"stddev":53972.7,"var":2913053696.0,"ent":2.9,"data": [26759,26795,118,27001,1551,46,28496,132,175,128,25738,41,152514,31,61,177926,5,125,123,26062,149084,174977,1329,1279,230,2,212,261,250,111,121]},"pktlen": {"min":52,"avg":434.6,"max":1492,"stddev":557.9,"var":311277.2,"ent":3.9,"data": [64,60,52,569,52,1492,1128,52,52,116,1471,52,52,91,93,76,52,52,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0],"entropies": [4.147110939,5.212701797,4.659306526,4.448028564,4.911602974,7.852905273,7.816896915,4.584303856,4.584303856,5.874025345,7.854696274,5.063529015,5.025067329,5.806972980,5.845292091,5.602934361,4.697768211,4.697768211,4.697768211,7.632014751,5.101990700,7.819012642,4.736229420,7.817387581,4.697767735,7.876556396,7.676926613,4.683250904,7.875154495,4.736229420,7.877687454,4.736229420]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756080159,"flow_dst_last_pkt_time":1694275756080159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756080159,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756080159,"flow_dst_last_pkt_time":1694275756080159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756080159,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj\/Abt3vHaUAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKlsYSZQAAAAAEAgAA"} @@ -456,13 +456,13 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756080159,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756108690,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yP+UKzdid7x2laAS\/ohJawAAAgQFrAQCCAqZATLClsYSZQEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756108729,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756108729,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj\/Abt3vHaVlCs3Y4AQCBYGoQAAAQEICpbGEoKZATLC"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756108850,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckAAbu7rSinULkKgIAYCBYIpgAAAQEICheIIPCZATLDFgMBAgABAAH8AwOM7K9r300z2h3rvxRH7Rl9yxRzM1Eajc3TrkdtPvoZhSClQjBmN3Q61Yy+jBa3DuhmcxxZUH\/3ij1QjPpb\/CvGqAAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAERpAAUAAwJoMv8BAAEAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwb6+gMEAwMAGwADAgACACMAAAAFAAUBAAAAAAAXAAAACgAKAAhqagAdABcAGAASAAAAMwArAClqagABAAAdACCf1Sjjo7JDU2jqP41GT6oPNZbdTh1FSwoBDhmpDiSgUQANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEALQACAQEACwACAQD6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756108850,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"bee75f12c56aaceb252c1f9ace4b1cfd","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756108850,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756108979,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj\/Abt3vHaVlCs3Y4AYCBYIpgAAAQEICpbGEoKZATLCFgMBAgABAAH8AwPXTqsLkJaS8zXGTCy1QJTfEgiACXVjVo5t8xtkmY0qsSCMuGesL6fk78zK5qVbvLRqUWqXlbnvKiVC8Se7EZCa2gAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAjAAAAEgAAABcAAAAKAAoACHp6AB0AFwAYADMAKwApenoAAQAAHQAgw5SV1kcLdXMNO11pOT8xJb6deEH4NnMba76OAOnl6WREaQAFAAMCaDIACwACAQD\/AQABAAAtAAIBAQANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAGwADAgACAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwZqagMEAwPKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756108979,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"16c00cfec64cfdd4975fc3e3c286e38c","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756108979,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756136634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756136634,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0YjtAADYG3A5Nb\/dFwKgBHQG7yQBQuQqAu60qrIAQAfpdoQAAAQEICpkBMt8XiCDw"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756136942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756136942,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"bee75f12c56aaceb252c1f9ace4b1cfd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756136942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756136942,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756137319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756137319,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0QAdAADYG\/kJNb\/dFwKgBHQG7yP+UKzdjd7x4moAQAfpyfwAAAQEICpkBMt+WxhKC"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2586,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756138504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756138504,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"16c00cfec64cfdd4975fc3e3c286e38c","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2586,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756138504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756138504,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756164882,"flow_dst_last_pkt_time":1694275756164882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756164882,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756164882,"flow_dst_last_pkt_time":1694275756164882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756164882,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckBAbuE6sSOAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKUA6QSwAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756187552,"flow_dst_last_pkt_time":1694275756187552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756187552,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -477,16 +477,16 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2704,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756187552,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756214646,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQKNKt9\/nBjVLKAS\/ogXQgAAAgQFrAQCCAqZATMtvI36SAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756214771,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756214771,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckCAbucGNUsjSrfgIAQCBYGoQAAAQEICryN+mOZATMt"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756214911,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckCAbucGNUsjSrfgIAYCBYIpgAAAQEICryN+mOZATMtFgMBAgABAAH8AwNnw8gnfDAFWO+Hl53t21Euu+C8oHZ7SXHZwzw9+e0OLSBVy\/r4UDBV6rPVBy4OmrKlAWChubsgtffqTEAVL2mz2wAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAArAAcGiooDBAMDAAoACgAICgoAHQAXABgALQACAQEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAA\/wEAAQAADQASABAEAwgEBAEFAwgFBQEIBgYBAAsAAgEAADMAKwApCgoAAQAAHQAgAoZWbW46VpoaOsd4IkSTdo+DM6fRkqp0JtgEuFJLTywAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AGwADAgACRGkABQADAmgyABIAAAAjAACqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756214911,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"596e09444efe3757f9974d243d25949b","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756214911,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756191905,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756219595,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQOThP8U2AJldqAS\/ogrewAAAgQFrAQCCAqZATMyDFmkGwEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756219633,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756219633,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckDAbvYAmV2k4T\/FYAQCBYGoQAAAQEICgxZpDeZATMy"} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2725,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756219808,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckDAbvYAmV2k4T\/FYAYCBYIpgAAAQEICgxZpDeZATMyFgMBAgABAAH8AwNBNv+Y\/DH9B20XHXt0ZqTurHoF50VNINlEZv99MTJGOSCQ8z7ZV\/HpGGxJwJ0tAajAz2nSrtq3T5+M24\/qOi9MuQAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAKwAHBoqKAwQDAwAtAAIBAQAXAAAAEgAAAAsAAgEAAAoACgAISkoAHQAXABgADQASABAEAwgEBAEFAwgFBQEIBgYBADMAKwApSkoAAQAAHQAgLDBinOAJBszBXDfShk5HdsbMBf8PDXMMTUiCAGYAxXUABQAFAQAAAAD\/AQABAAAQAA4ADAJoMghodHRwLzEuMQAjAABEaQAFAAMCaDJKSgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2725,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756219808,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b8ba2f6d9b71a289e9da715328744d81","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2725,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756219808,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2741,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756242245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756242245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0hZxAADQGuq1Nb\/dFwKgBHQG7yQKNKt+AnBjXMYAQAfpAWgAAAQEICpkBM0i8jfpj"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756242648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756242648,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"596e09444efe3757f9974d243d25949b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756242648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756242648,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2748,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756218848,"flow_dst_last_pkt_time":1694275756245531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1427,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3189,"flow_dst_tot_l4_payload_len":5886,"midstream":0,"thread_ts_usec":1694275756245531,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":9808.4,"max":40366,"stddev":13809.4,"var":190699552.0,"ent":3.5,"data": [28531,28570,250,28629,1185,29555,134,124,267,118,26941,101,1109,12512,89,40366,5,43,124,125,28603,7847,36269,163,146,214,213,1933,252,372,29271]},"pktlen": {"min":52,"avg":336.2,"max":1492,"stddev":468.3,"var":219266.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1479,52,52,52,91,93,52,52,76,52,591,52,1098,52,1098,52,1227,52,154,172,472,52]},"bins": {"c_to_s": [10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1],"entropies": [4.166565418,5.279368877,4.774691582,4.430949211,5.101990700,7.842145920,4.774691105,7.799477100,4.813152790,5.983621120,7.876667023,5.025067806,5.063529015,5.063529015,5.960818291,5.831904411,4.774691105,4.813152790,5.708197594,4.813152790,7.600764751,5.025067329,7.816476822,4.721712589,7.827829361,4.774691105,7.836764812,4.736229420,6.433209896,6.698522568,7.518699646,5.063529015]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2751,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756247037,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756247037,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0BdlAADQGOnFNb\/dFwKgBHQG7yQOThP8V2AJne4AQAfpUkQAAAQEICpkBM04MWaQ3"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2752,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756248501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756248501,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b8ba2f6d9b71a289e9da715328744d81","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2752,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756248501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756248501,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2801,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756577868,"flow_dst_last_pkt_time":1694275756577990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2577,"flow_dst_tot_l4_payload_len":9683,"midstream":0,"thread_ts_usec":1694275756577990,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25185.6,"max":168868,"stddev":50651.2,"var":2565544448.0,"ent":2.9,"data": [27094,27219,140,27599,403,50,27790,124,210,124,27860,31,1170,140065,28,97,168868,8,128,152,26059,139165,165009,162,127,199,4,132,297,285,155]},"pktlen": {"min":52,"avg":435.8,"max":1492,"stddev":558.3,"var":311649.1,"ent":3.9,"data": [64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1],"entropies": [4.158905983,5.166786671,4.697768211,4.399245262,4.909682274,7.840191841,7.837791443,4.774691105,4.774691105,5.907286644,7.869675636,5.025067329,5.025067329,4.986605644,5.819097996,5.982440948,5.566686153,4.774691105,4.774691105,4.736229420,7.644417763,4.972088814,7.819730759,4.736229897,7.832448483,4.697768211,7.850809574,7.662927151,4.697767735,7.873144627,4.736229897,7.877857685]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2821,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756606219,"flow_dst_last_pkt_time":1694275756606317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":10554,"midstream":0,"thread_ts_usec":1694275756606317,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":26733.1,"max":179170,"stddev":54307.3,"var":2949282048.0,"ent":2.9,"data": [27690,27728,175,27442,1464,28727,129,124,359,0,26913,42,152474,93,179170,44,121,134,26069,150399,176325,210,1,149,254,243,674,685,383,374,131]},"pktlen": {"min":52,"avg":461.8,"max":1492,"stddev":572.2,"var":327423.8,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1],"entropies": [4.115860939,5.187539101,4.774691582,4.327563286,5.101990700,7.840719700,4.813152790,7.804496288,4.774691582,5.815793037,7.862992764,5.025067806,5.025067806,5.864611149,5.947547913,4.659306526,5.576618671,4.697768211,7.529841423,4.972088337,7.829462051,4.736229897,7.845654964,7.517898083,4.736229897,7.877416134,4.736229897,7.672642231,4.697768211,7.880493164,4.736229897,7.866563320]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2834,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275756803516,"flow_dst_last_pkt_time":1694275756803699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2537,"flow_dst_tot_l4_payload_len":8089,"midstream":0,"thread_ts_usec":1694275756803699,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":74757.7,"max":603769,"stddev":151196.5,"var":22860367872.0,"ent":3.1,"data": [28567,28642,129,27301,1502,62,28686,142,190,134,27027,9,1142,153835,37,181617,5,73,125,121,27364,146477,39,173708,128,603728,16,603769,141336,141257,321]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":500.5,"var":250468.6,"ent":3.9,"data": [64,60,52,569,52,1492,1127,52,52,116,1469,52,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,498,52,1098,52,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1],"entropies": [4.178360939,5.312702179,4.774691582,4.445541382,5.101990700,7.861453056,7.846636772,4.813152790,4.774691582,5.959870815,7.889067650,5.063529015,5.063529015,5.101990700,5.864611149,5.931313515,4.721712589,4.774691582,5.602934361,4.774691582,7.639420509,5.063529015,7.797530651,7.576140404,4.774691105,4.774691105,7.824387074,7.597716331,4.736229897,7.815874100,4.736229897,7.871171951]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -495,27 +495,27 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1694275757175284,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275757202538,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQTa1adBANpVG6AS\/oihzAAAAgQFrAQCCAqZATcJqjKEHgEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2886,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1694275757202671,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275757202671,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckEAbsA2lUb2tWnQoAQCBYGoQAAAQEICqoyhDqZATcJ"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275757202800,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckEAbsA2lUb2tWnQoAYCBYIpgAAAQEICqoyhDqZATcJFgMBAgABAAH8AwNRgbdL1jrYmZzbKg6OewNyR0JGc02qMCLDUqgmR6tAMCBduzxx279jzta\/p+XXZA52M+RYXaE2I\/siVxr+IhTtyAAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAtAAIBAURpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEAKwAHBnp6AwQDAwAXAAAACgAKAAj6+gAdABcAGAAzACsAKfr6AAEAAB0AINWBoUSwbDxBCTlXVcPQWkKmD4pq7dwgGcgLZ\/THOqA6\/wEAAQAACwACAQAAIwAAAAUABQEAAAAAABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQASAADa2gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275757202800,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"7654fdd2ea04b50342e102324ebb3179","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275757202800,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2889,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757229570,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275757229570,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0oBpAADYGni9Nb\/dFwKgBHQG7yQTa1adCANpXIIAQAfrK4wAAAQEICpkBNySqMoQ6"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757230136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275757230136,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"7654fdd2ea04b50342e102324ebb3179","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757230136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275757230136,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2916,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757492754,"flow_dst_last_pkt_time":1694275757486971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2617,"flow_dst_tot_l4_payload_len":7118,"midstream":0,"thread_ts_usec":1694275757492754,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":20295.4,"max":188406,"stddev":45762.7,"var":2094228736.0,"ent":2.9,"data": [27254,27387,129,27032,566,27436,735,685,380,130,25909,1236,11364,39,38078,94,6,123,122,26035,2846,28696,200,49,199,114,132,128,188214,188406,5433]},"pktlen": {"min":52,"avg":356.8,"max":1492,"stddev":487.6,"var":237730.2,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1463,52,52,91,93,52,76,52,52,591,52,1098,52,1492,704,52,1098,52,52,366,52,138]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0],"entropies": [4.077066422,5.160978794,4.646038532,4.421825409,5.026988029,7.840250015,4.684499741,7.833176136,4.684499741,5.919390202,7.872871399,4.873141289,4.988526344,5.885031700,5.697600365,4.646038055,5.627385616,4.646038055,4.646038055,7.556904316,5.026988029,7.815989971,4.684499741,7.887370586,7.723536015,4.607576847,7.814508438,4.646038055,4.684499741,7.322398663,4.646038532,6.244566441]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2935,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758612709,"flow_dst_last_pkt_time":1694275758612709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275758612709,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2935,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1694275758612709,"flow_dst_last_pkt_time":1694275758612709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275758612709,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckFAbtKmLxUAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK0v6ROQAAAAAEAgAA"} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1694275758612709,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275758639698,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQXKIzzxSpi8VaAS\/ogwUAAAAgQFrAQCCAqZATyn0v6ROQEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1694275758639812,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275758639812,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckFAbtKmLxVyiM88oAQCBYGoQAAAQEICtL+kVSZATyn"} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2941,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275758640288,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckFAbtKmLxVyiM88oAYCBYIpgAAAQEICtL+kVSZATynFgMBAgABAAH8AwN+uLsqBAiO4\/T2gv6l\/h+YM0offsZXXQQ9hyBKjWsmdCCHKfgX8MqVfuHE4Qs4Cwr4wWwfQPHSyLOHM3dt1G+VOgAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAKAAoACOrqAB0AFwAY\/wEAAQAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIKDxU9tki5HGSwpEQEPLB8zO7X43GPs9hptGxb4me0ZBABAADgAMAmgyCGh0dHAvMS4xAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwZKSgMEAwNEaQAFAAMCaDIAFwAAABsAAwIAAgAFAAUBAAAAAAALAAIBAAAjAAAALQACAQF6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2941,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275758640288,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"f981da9e71acc8636b6cc19bd9e24bfc","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2941,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275758640288,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758667002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275758667002,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0GmdAADQGJeNNb\/dFwKgBHQG7yQXKIzzySpi+WoAQAfpZZwAAAQEICpkBPMPS\/pFU"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2943,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758668504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275758668504,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"f981da9e71acc8636b6cc19bd9e24bfc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2943,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758668504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275758668504,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2969,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758738453,"flow_dst_last_pkt_time":1694275758738392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2527,"flow_dst_tot_l4_payload_len":8501,"midstream":0,"thread_ts_usec":1694275758738453,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8110.5,"max":34325,"stddev":12021.4,"var":144513856.0,"ent":3.5,"data": [26989,27103,476,27304,1502,28303,101,128,1167,252,26989,1174,7556,104,2,34325,132,503,26102,2855,93,28446,7,100,127,213,3,165,4504,92,4610]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":485.1,"var":235309.8,"ent":4.0,"data": [64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,93,76,52,52,591,52,1098,1098,52,52,922,52,1098,250,52,1098,682,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0],"entropies": [4.178360939,5.133453369,4.736229897,4.428386688,5.025067806,7.849509239,4.813152790,7.802417278,4.813152790,6.007369995,7.864824772,5.063529491,5.101990700,5.901622772,6.003946304,5.734513283,4.813152790,4.774691105,7.663514614,5.010550499,7.834642410,7.832502365,4.774691582,4.774691582,7.779919624,4.646038532,7.825356483,7.156414032,4.774691582,7.856326580,7.713139534,4.774691582]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2992,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759126273,"flow_dst_last_pkt_time":1694275759126273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275759126273,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2992,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1694275759126273,"flow_dst_last_pkt_time":1694275759126273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275759126273,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckGAbvpEOEVAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKGCjLzwAAAAAEAgAA"} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3001,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1694275759126273,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275759153431,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQZcM6686RDhFqAS\/ojneQAAAgQFrAQCCAqZAT6oGCjLzwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1694275759153533,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275759153533,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckGAbvpEOEWXDOuvYAQCBYGoQAAAQEIChgoy+uZAT6o"} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275759153797,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckGAbvpEOEWXDOuvYAYCBYIpgAAAQEIChgoy+uZAT6oFgMBAgABAAH8AwPtOSCl1AmO481ttvg+kA7ObplwQgbPR4k\/fXx98d4\/\/CB+7cjGIJoRGVq6EiiNdx9IavTI6urgYgki0sK2GITaOAAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAXAAAABQAFAQAAAAAAEgAA\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEACgAKAAhaWgAdABcAGAAzACsAKVpaAAEAAB0AICSlEksPOFFIWe\/Xm2+8N7OTvzExWd6ozxIzsF40biIjACMAAAAtAAIBAQArAAcGCgoDBAMDABsAAwIAAgALAAIBAERpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb21KSgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275759153797,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"1d647afc208e5db7a49d19f0a21255a9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275759153797,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759180767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275759180767,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0e\/hAADQGxFFNb\/dFwKgBHQG7yQZcM6696RDjG4AQAfoQkAAAAQEICpkBPsQYKMvr"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3008,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759182241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275759182241,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"1d647afc208e5db7a49d19f0a21255a9","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3008,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759182241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275759182241,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3035,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759247598,"flow_dst_last_pkt_time":1694275759246301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1439,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2655,"flow_dst_tot_l4_payload_len":7569,"midstream":0,"thread_ts_usec":1694275759247598,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7785.6,"max":32741,"stddev":12080.7,"var":145943504.0,"ent":3.4,"data": [27158,27260,264,27336,1474,28531,98,125,379,124,27001,35,6211,88,32741,44,126,128,26061,2835,28773,1190,1136,275,289,191,3,28,204,127,1118]},"pktlen": {"min":52,"avg":372.1,"max":1492,"stddev":488.6,"var":238772.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1491,52,52,91,93,52,76,52,591,52,1098,52,258,52,1098,52,1492,704,610,52,52,148]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0],"entropies": [4.158905983,5.212701797,4.606328011,4.444310665,4.933627605,7.829864025,4.683251381,7.824939728,4.683251381,5.818936348,7.869243145,4.933627605,4.873141766,5.864611149,5.939429760,4.721712589,5.629250050,4.683250904,7.585559368,4.870416641,7.823579788,4.668734074,7.166376114,4.721712589,7.832537174,4.721712589,7.894383907,7.689051628,7.673301697,4.721712589,4.683250904,6.386294842]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760146551,"flow_dst_last_pkt_time":1694275760146551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760146551,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1694275760146551,"flow_dst_last_pkt_time":1694275760146551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275760146551,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckHAbsostIaAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKz+dkDQAAAAAEAgAA"} @@ -524,23 +524,23 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3058,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760146551,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760173411,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQc13AijKLLSG6AS\/ogvSgAAAgQFrAQCCAqZAUKkz+dkDQEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3059,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760173512,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760173512,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckHAbsostIbNdwIpIAQCBYGoQAAAQEICs\/nZCiZAUKk"} 01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3060,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760173637,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckHAbsostIbNdwIpIAYCBYIpgAAAQEICs\/nZCiZAUKkFgMBAgABAAH8AwP0h\/WDQgQIX0XFRAQWypaCIuiaDBsTscvuBB1Mz1jHRSAJDApWsAB8AhKd06yoFqy9hv9ISpbSlv9fTXjOsls\/NgAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTysoAAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAIAEgAAAAoACgAIGhoAHQAXABgALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQBEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AKwAHBkpKAwQDAwAXAAAABQAFAQAAAAAAIwAAADMAKwApGhoAAQAAHQAgBkhdfATxLWEWavv3mJWsQQ86T+tiWYduNooS+8vA82YACwACAQAqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3060,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760173637,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"7c1faee465b44a6322237d36a83f056e","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3060,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760173637,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3064,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760159362,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760187176,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQg3ZSjWQm01iaAS\/oi9xAAAAgQFrAQCCAqZAUKxS2y7GwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3065,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760187256,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760187256,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckIAbtCbTWJN2Uo14AQCBYGoQAAAQEICktsuzeZAUKx"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760187749,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckIAbtCbTWJN2Uo14AYCBYIpgAAAQEICktsuzeZAUKxFgMBAgABAAH8AwNpp6QytMYLhbOW+c6+tO0B4JkvbhFVMaZ6HMNT8ysmQCCGztDZPLdxOVqhwhdLaN7m4MEhCpLflfoqBvqpCbgAsQAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAERpAAUAAwJoMgAzACsAKZqaAAEAAB0AIMB+C8stvN97iLg9+OJOEghhiD+ynUdRAUPfHfPpkO82AC0AAgEBABcAAAArAAcGamoDBAMDAAoACgAImpoAHQAXABgAIwAAABAADgAMAmgyCGh0dHAvMS4x\/wEAAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AGwADAgACAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQALAAIBAAAFAAUBAAAAAAASAAAqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760187749,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"11faa0c756a165d2f663a0316c0cca79","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760187749,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3068,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760188445,"flow_dst_last_pkt_time":1694275760188445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760188445,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3068,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1694275760188445,"flow_dst_last_pkt_time":1694275760188445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275760188445,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckJAbu1qhDYAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKfEZQ+AAAAAAEAgAA"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760199496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760199496,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0wCBAADQGgClNb\/dFwKgBHQG7yQc13AikKLLUIIAQAfpYYgAAAQEICpkBQr\/P52Qo"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3070,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760200987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760200987,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"7c1faee465b44a6322237d36a83f056e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3070,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760200987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760200987,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3079,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760188445,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760214953,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQliG7B1taoQ2aAS\/oj2DAAAAgQFrAQCCAqZAULOfEZQ+AEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3081,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760215101,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760215101,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckJAbu1qhDZYhuwdoAQCBYGoQAAAQEICnxGURKZAULO"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3082,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760215222,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckJAbu1qhDZYhuwdoAYCBYIpgAAAQEICnxGURKZAULOFgMBAgABAAH8AwNwq9rnH9nESDwqeFwjkyKKIsYAnDEl8FOmEmYNIS0HoiDt7kP6TDrf4LAJ1mGmwiciM0StMDXrn2sLhm729+hgYwAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT6uoAAERpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAACsABwbq6gMEAwMACwACAQAABQAFAQAAAAAALQACAQEAIwAAABsAAwIAAgAQAA4ADAJoMghodHRwLzEuMQAKAAoACJqaAB0AFwAY\/wEAAQAAFwAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tADMAKwApmpoAAQAAHQAg53mjWe8c2SbWiidkJuOPAGJ8wJZTo11ZJqoGFZRZ5zuamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3082,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760215222,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"1a3204516366db8b9a04341acd5a5664","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3082,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760215222,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3083,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760215879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760215879,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA06y5AADYGUxtNb\/dFwKgBHQG7yQg3ZSjXQm03joAQAfrm2gAAAQEICpkBQs1LbLs3"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3084,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760216464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760216464,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"11faa0c756a165d2f663a0316c0cca79","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3084,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760216464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760216464,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3098,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760242161,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760242161,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0inRAADYGs9VNb\/dFwKgBHQG7yQliG7B2taoS3oAQAfofJgAAAQEICpkBQul8RlES"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3099,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760242630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760242630,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"1a3204516366db8b9a04341acd5a5664","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3099,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760242630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760242630,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3125,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760266903,"flow_dst_last_pkt_time":1694275760266114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3230,"flow_dst_tot_l4_payload_len":7417,"midstream":0,"thread_ts_usec":1694275760266903,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":7739.2,"max":34150,"stddev":11949.0,"var":142778768.0,"ent":3.4,"data": [26860,26961,125,26085,1491,27383,122,123,242,127,25664,1246,7571,34150,91,48,121,120,26079,2785,28777,348,308,864,864,307,2,302,498,123,128]},"pktlen": {"min":52,"avg":385.3,"max":1492,"stddev":506.9,"var":256960.2,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539]},"bins": {"c_to_s": [10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0],"entropies": [4.209610939,5.179368496,4.644789696,4.375918865,4.909683228,7.825483322,4.736229897,7.837041378,4.736229897,5.880172253,7.862580299,5.025067329,5.025067329,6.035048008,4.774691582,5.939430237,5.550303459,4.774691582,7.634554863,4.895165443,7.804163456,4.646038532,7.867358208,4.646038532,7.727935791,4.646038532,7.871103287,7.172240257,4.646038532,6.254072189,6.532965183,7.611578465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3162,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760281658,"flow_dst_last_pkt_time":1694275760309664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2641,"flow_dst_tot_l4_payload_len":8573,"midstream":0,"thread_ts_usec":1694275760309664,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8793.5,"max":31869,"stddev":12758.7,"var":162784304.0,"ent":3.5,"data": [27814,27894,493,28703,585,28762,647,649,242,123,27168,43,5005,31869,89,47,126,129,27303,4099,31345,165,134,214,2,194,86,122,214,26695,1637]},"pktlen": {"min":52,"avg":403.1,"max":1492,"stddev":505.2,"var":255231.4,"ent":4.0,"data": [64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1],"entropies": [4.147110939,5.166787148,4.606328011,4.419630051,4.933627129,7.819243431,4.659306526,7.802917004,4.659306526,5.959871769,7.870406628,4.986605644,4.948144436,5.947135925,4.697768211,5.982440948,5.655566216,4.697768211,7.635627747,5.025067329,7.836093426,4.697768211,7.836949825,4.736229897,7.868122101,7.667487621,4.697768211,7.753278255,4.736229897,6.269422054,5.025067329,7.793452740]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3175,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760330661,"flow_dst_last_pkt_time":1694275760330585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3236,"flow_dst_tot_l4_payload_len":6065,"midstream":0,"thread_ts_usec":1694275760330661,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":9172.8,"max":31292,"stddev":12464.9,"var":155373488.0,"ent":3.6,"data": [26508,26656,121,27208,469,27459,90,122,166,118,25308,1248,5045,31292,95,50,135,141,26082,1531,27473,147,145,226,218,285,128,25620,80,2433,27757]},"pktlen": {"min":52,"avg":343.3,"max":1492,"stddev":466.3,"var":217422.7,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1184,52,154,659,52,52,274,52]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0],"entropies": [4.209610939,5.279368401,4.736229897,4.419954300,5.101990700,7.829117298,4.813152790,7.823664188,4.813152790,6.035345554,7.863707542,5.140452385,5.101990700,5.872906685,4.813152790,5.931313038,5.576619148,4.813152790,7.646970272,5.101990700,7.820407391,4.813152790,7.792932510,4.813152790,7.834312439,4.813152790,6.429463387,7.615536690,4.948144436,5.025067806,7.217590809,4.736229897]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -549,9 +549,9 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3191,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760781591,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760809649,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQpXe4oCcFmQZ6AS\/oiBzwAAAgQFrAQCCAqZAUUgstODKwEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3192,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760809762,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760809762,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckKAbtwWZBnV3uKA4AQCBYGoQAAAQEICrLTg0iZAUUg"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3193,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760810216,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckKAbtwWZBnV3uKA4AYCBYIpgAAAQEICrLTg0iZAUUgFgMBAgABAAH8AwMcStvOoK1PvGyLvPomCMe4g17RR2Ios3Ij2sGLVhiyFyAXNM2FUJaORzz9vtHxQgIa3+19krk+yoiBQN9xuDB+5wAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAFwAAACMAAAAbAAMCAAIAMwArACmqqgABAAAdACCXd7kNP5tiRcelLXrBSojcQuxUknDRPQqeRCSBfUcaTf8BAAEAAC0AAgEBAAoACgAIqqoAHQAXABhEaQAFAAMCaDIACwACAQAABQAFAQAAAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AKwAHBioqAwQDAwAQAA4ADAJoMghodHRwLzEuMQASAAAaGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3193,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760810216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"d47894a5f64c516049e142a21f8c9ce3","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3193,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760810216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3194,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760838303,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760838303,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0ToFAADYG78hNb\/dFwKgBHQG7yQpXe4oDcFmSbIAQAfqq5AAAAQEICpkBRTyy04NI"} -01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3195,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760839754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760839754,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"d47894a5f64c516049e142a21f8c9ce3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3195,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760839754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760839754,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","domainame":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":31,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275754671493,"flow_dst_last_pkt_time":1694275754696753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1435,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4006,"flow_dst_tot_l4_payload_len":13647,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":20,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275755651319,"flow_dst_last_pkt_time":1694275755651115,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":9416,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":23,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753379590,"flow_dst_last_pkt_time":1694275753379462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3394,"flow_dst_tot_l4_payload_len":10647,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} @@ -604,7 +604,7 @@ 01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275759157216,"flow_dst_last_pkt_time":1694275759157148,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":10622,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756253230,"flow_dst_last_pkt_time":1694275756323026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1427,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3242,"flow_dst_tot_l4_payload_len":6511,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756226056,"flow_dst_last_pkt_time":1694275756299263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3359,"flow_dst_tot_l4_payload_len":10334,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} -01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756192739,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01162{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756192739,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756192739,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":36,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275758638654,"flow_dst_last_pkt_time":1694275758638393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7516,"flow_dst_tot_l4_payload_len":21188,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756784557,"flow_dst_last_pkt_time":1694275756784394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2879,"flow_dst_tot_l4_payload_len":11034,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} @@ -615,7 +615,7 @@ 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760309706,"flow_dst_last_pkt_time":1694275760309664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2641,"flow_dst_tot_l4_payload_len":8573,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760807493,"flow_dst_last_pkt_time":1694275760807237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3236,"flow_dst_tot_l4_payload_len":6089,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760841495,"flow_dst_last_pkt_time":1694275760839879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1996,"flow_dst_tot_l4_payload_len":2516,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3200,"packets-processed":3200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1694275760841495} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3200,"packets-processed":3200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1694275760841495} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3200/3200 ~~ skipped flows.............: 0 @@ -624,9 +624,9 @@ ~~ total active/idle flows...: 62/62 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9905330 bytes -~~ total memory freed........: 9905330 bytes -~~ total allocations/frees...: 118922/118922 +~~ total memory allocated....: 10482946 bytes +~~ total memory freed........: 10482946 bytes +~~ total allocations/frees...: 130654/130654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/default/oracle12.pcapng.out b/test/results/default/oracle12.pcapng.out index fa098e43b..03412a4ba 100644 --- a/test/results/default/oracle12.pcapng.out +++ b/test/results/default/oracle12.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1481291750025382} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1481291750025382} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1481291750025382,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1481291750025382,"pkt":"UlQAEjUCCAAn5\/q0CABFAAA8b5VAAEAGbI0KAAIPCgBIi50iBfF8VCT6AAAAAKACchBeyAAAAgQFtAQCCAoFQUtvAAAAAAEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750026998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1481291750026998,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAsAf4AAEAGGjUKAEiLCgACDwXxnSIAeB4BfFQk+2AS\/\/\/WoAAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750027196,"flow_dst_last_pkt_time":1481291750026998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1481291750027196,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Oracle","proto_id":"167","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1481291750027196,"flow_dst_last_pkt_time":1481291750027391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1481291750027391,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAoAf8AAEAGGjgKAEiLCgACDwXxnSIAeB4CfFQlz1AQ\/\/\/tiQAAAAAAAAAA"} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750055490,"flow_dst_last_pkt_time":1481291750054984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":941,"flow_dst_tot_l4_payload_len":441,"midstream":0,"thread_ts_usec":1481291750055490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Oracle","proto_id":"167","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1481291750055490} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1481291750055490} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908217 bytes -~~ total memory freed........: 6908217 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7485813 bytes +~~ total memory freed........: 7485813 bytes +~~ total allocations/frees...: 125889/125889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 979 chars diff --git a/test/results/default/os_detected.pcapng.out b/test/results/default/os_detected.pcapng.out index 739b1ab25..d9c091b63 100644 --- a/test/results/default/os_detected.pcapng.out +++ b/test/results/default/os_detected.pcapng.out @@ -1,10 +1,10 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1611427514609727} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1611427514609727} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1611427514609727,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="} -01604{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"9addef84847d700f759746b237c405c8","ja3s":"","ja4":"q13d0307h3_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0307h3_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1611427514609727} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1611427514609727} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917931 bytes -~~ total memory freed........: 6917931 bytes -~~ total allocations/frees...: 114163/114163 +~~ total memory allocated....: 7495400 bytes +~~ total memory freed........: 7495400 bytes +~~ total allocations/frees...: 125892/125892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 623 chars ~~ json message max len.......: 2231 chars diff --git a/test/results/default/ospfv2_add_new_prefix.pcap.out b/test/results/default/ospfv2_add_new_prefix.pcap.out index 2ad092d8f..8819d52be 100644 --- a/test/results/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/default/ospfv2_add_new_prefix.pcap.out @@ -1,11 +1,11 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1596626889276433,"pkt":"qrvMAAEwqrvMAAowCABFwABsAPoAAAFZj3MKAQoKCgEKAQIEAFisEAAKAAAABqsnAAAAAAAAAAAAAAAAAAEAASIBrBAACqwQAAqAAAASxYoAPAAAAAMKAAAK\/\/\/\/\/wMAAAGsEAAK\/\/\/\/\/wMAAAEKAQoKCgEKCgIAAAo="} 00897{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"confidence": {"6":"DPI"},"proto":"OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1596626891781999,"pkt":"qrvMAAowqrvMAAEwCABFwABAAqkAAAFZjfAKAQoBCgEKCgIFACwKAAABAAAABjO3AAAAAAAAAAAAAAABIgGsEAAKrBAACoAAABLFigA8"} 00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1596626891781999,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 943 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out index c2d4da459..a290c0e24 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,10 +1,10 @@ -00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675096016031349} +00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675096016031349} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675096016031349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096016031349,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAQACAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096025685767,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAgABAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1675096025685767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HalfLife2","proto_id":"75","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1675103063534227} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1675103063534227} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103063534227,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103063534227,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675103071542564,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103071542564,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} @@ -15,7 +15,7 @@ 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103123821322,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103123821322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":576,"pkt_l4_len":556,"thread_ts_usec":1675103229245464,"pkt":"RQACQAABAABAEXqqfwAAAX8AAAEEXwRgAixmRlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY"} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103229245464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1675104043107099} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1675104043107099} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104043107099,"pkt":"RQAAMgABAABABt2ZwKgBgAyBzoIAAQRfAAAAAAAAAABQACAABe8AAEoAAApmAgrtLWY="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -29,12 +29,12 @@ 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104087883689,"pkt":"RQAAMgABAABABr8dwKgBgAyB7P4AAQRfAAAAAAAAAABQACAA53IAAEoAAApmAgrtLWY="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1675107987924579} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1675107987924579} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675107987924579,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675107987924579,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108033027780,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDGhzoYAAAAAAAA"} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108033027780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1675168617695568} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1675168617695568} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675168617695568,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":17788,"dst_port":17788,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":141,"pkt_l4_len":121,"thread_ts_usec":1675168617695568,"pkt":"RQAAjQABAABAEXxdfwAAAX8AAAFFfEV8AHnX9HEARHRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQUFN0cmVhbQAAAAAAAAAAAAAA"} 00873{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -43,7 +43,7 @@ 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1675181007355625} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1675181007355625} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181007355625,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":41,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":41,"pkt_l4_len":21,"thread_ts_usec":1675181007355625,"pkt":"RQAAKQABAABABrSgwKgBgAECAwQAAQAKAAAAAAAAAABQACAAyaoAAAA="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":129,"pkt_l4_len":109,"thread_ts_usec":1675181007355625,"pkt":"RQAAgQABAABABrRIwKgBgAECAwQAAQAKAAAAAQAAAABQACAAUjUAABYDAQBUAQAAUAMBTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA0AQAABQAAAAAA"} @@ -56,7 +56,7 @@ 01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01334{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1675181373264924} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1675181373264924} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6933822 bytes -~~ total memory freed........: 6933822 bytes -~~ total allocations/frees...: 114265/114265 +~~ total memory allocated....: 7511418 bytes +~~ total memory freed........: 7511418 bytes +~~ total allocations/frees...: 125996/125996 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 523 chars ~~ json message max len.......: 1340 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out index a55abf3a9..72cec8eaa 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -1,4 +1,4 @@ -00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQA8ZEmCAAnnh3HCABFAAA8OlxAAEAGK6zAqAABCgoKASJTfbEpaMgpAAAAAKAC+vBgTwAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAnnh3HUlQA8ZEmCABFAAAsCdUAAEAGnEMKCgoBwKgAAX2xIlMCaioBKWjIKmAS\/\/8FYAAAAgQFtA=="} @@ -7,7 +7,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":330434854,"flow_dst_last_pkt_time":330435114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":330435114,"pkt":"CAAnnh3HUlQA8ZEmCABFAAAoCdYAAEAGnEYKCgoBwKgAAX2xIlMCaioCKWjIT1AQ\/\/8c+AAA"} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":330297046,"flow_src_last_pkt_time":330482740,"flow_dst_last_pkt_time":330571168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":330571168,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":330297046,"flow_src_last_pkt_time":331331838,"flow_dst_last_pkt_time":331332084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6059,"flow_dst_tot_l4_payload_len":4420,"midstream":0,"thread_ts_usec":331332084,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":66768.7,"max":274397,"stddev":88285.8,"var":7794386432.0,"ent":3.8,"data": [136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29]},"pktlen": {"min":40,"avg":369.0,"max":1500,"stddev":516.4,"var":266637.3,"ent":3.8,"data": [60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40]},"bins": {"c_to_s": [5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1],"entropies": [4.593347073,4.569403648,4.267595291,4.557471752,4.561769485,3.980688334,4.511769295,7.562818527,7.355636597,4.442897320,4.561769485,4.850268364,4.354552269,3.829532146,4.398030758,7.720746994,7.806058884,4.287461758,7.654390335,4.561769485,7.519946575,7.677032471,4.611769676,6.499645710,4.460224152,4.611769676,3.810093641,4.611769676,7.548070431,7.340783596,4.611769676,4.561769485]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1258844926423672} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":59,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1258844926423672} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBjsiExABQqZoWVCABFAAA8fZdAAEAGHQesGuumrB5cPtlOAHfZ0lWUAAAAAKACFtBfGwAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -23,7 +23,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":34,"flow_first_seen":330297046,"flow_src_last_pkt_time":332418734,"flow_dst_last_pkt_time":332418496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":13343,"flow_dst_tot_l4_payload_len":14853,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1532126321356858} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1532126321356858} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0KRatOjbl\/kz4CABFiACwAksAAEARGfwKk80qCi17hKnGymwAnLj3AQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -33,7 +33,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1576629231599706} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1576629231599706} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629231599706,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629231599706,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+aeFThYp3nnAAAAALDC\/\/9fRwAAAgQFtAEDAwYBAQgKmyLsDAAAAAAEAgAA"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231600017,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p59bstLWKd56KBScSDq+wAAAgQFtAQCCApyjFlXmyLsDAEDAwc="} @@ -44,7 +44,7 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28904,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1707399362135630} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28904,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1707399362135630} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707399362135630,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399362135630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54898,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1707399362135630,"pkt":"AAAAAAAAAAAAAAAACABFAAA8NEVAAEAGCHV\/AAABfwAAAdZyBRN6JQ1eAAAAAKAC\/9f+MAAAAgT\/1wQCCAo7WdCZAAAAAAEDAwc="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135650,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1707399362135650,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQUT1nLzM9CNeiUNX6AS\/8v+MAAAAgT\/1wQCCAo7WdCZO1nQmQEDAwc="} @@ -62,7 +62,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1707399382437584,"flow_dst_last_pkt_time":1707399382437612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1707399382437612,"pkt":"AAAAAAAAAAAAAAAACABFAAA0qa5AAEAGkxN\/AAABfwAAAQUT2PCtSDGjO\/XObYAQAf\/+KAAAAQEICjtaH+c7Wh\/n"} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1707399362135630,"flow_src_last_pkt_time":1707399371078005,"flow_dst_last_pkt_time":1707399371077977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399396589067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54898,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TruPhone","proto_id":"101","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1707399376146687,"flow_src_last_pkt_time":1707399396589067,"flow_dst_last_pkt_time":1707399396589053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399396589067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":55536,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TruPhone","proto_id":"101","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1707399396589067} +00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1707399396589067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6941778 bytes -~~ total memory freed........: 6941778 bytes -~~ total allocations/frees...: 114331/114331 +~~ total memory allocated....: 7519396 bytes +~~ total memory freed........: 7519396 bytes +~~ total allocations/frees...: 126063/126063 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2324 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out index 32b28056e..08a9f91ff 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -1,5 +1,5 @@ -00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675169383880258} +00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675169383880258} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383880258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383880258,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383880258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675169383880258,"pkt":"pJGxF+92NObXAhsnCABFAAA8dkRAAEAGvUfAqBCtXbjYIuyCAFDeViVwAAAAAKAC+vAHXwAAAgQFtAQCCAqduWMmAAAAAAEDAwc="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675169383978373,"pkt":"NObXAhsnpJGxF+92CABFAAA8PgMAADcGPolduNgiwKgQrQBQ7IKpQ+eb3lYlcaAS\/\/\/BQgAAAgQFrAQCCAoxuMtwnbljJgEDAwk="} @@ -7,7 +7,7 @@ 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1675169383978640,"pkt":"pJGxF+92NObXAhsnCABFAACGdkZAAEAGvPvAqBCtXbjYIuyCAFDeViVxqUPnnIAYAfYHqQAAAQEICp25Y4gxuMtwR0VUIC9tYXBsZXN0b3J5LyBIVFRQLzEuMQ0KSG9zdDogZXhhbXBsZS5jb20NClVzZXItQWdlbnQ6IEFzcElOZXQNCkFjY2VwdDogKi8qDQoNCg=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383978640,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MapleStory","proto_id":"113","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383978640,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MapleStory","proto_id":"113","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1675169383978640} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1675169383978640} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907785 bytes -~~ total memory freed........: 6907785 bytes -~~ total allocations/frees...: 114144/114144 +~~ total memory allocated....: 7485393 bytes +~~ total memory freed........: 7485393 bytes +~~ total allocations/frees...: 125876/125876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out index 3284bd654..15de768f5 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -1,11 +1,11 @@ -00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675108086330330} +00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675108086330330} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675108086330330,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675108086330330,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108097027766,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDFhzsYAAAAAAAA"} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1675108097027766} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1675108097027766} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 522 chars ~~ json message max len.......: 877 chars diff --git a/test/results/default/paltalk.pcapng.out b/test/results/default/paltalk.pcapng.out index 16a77e13a..b4c8f67b3 100644 --- a/test/results/default/paltalk.pcapng.out +++ b/test/results/default/paltalk.pcapng.out @@ -1,19 +1,19 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729781781186613} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729781781186613} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781186613,"flow_dst_last_pkt_time":1729781781186613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781781186613,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1729781781186613,"flow_dst_last_pkt_time":1729781781186613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729781781186613,"pkt":"SKmKCiNtCAAniDE8CABFAAA0lNRAAIAGAADAqFjQA6JwXcpfAbvthAYzAAAAAIAC+vCNngAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1729781781186613,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729781781299173,"pkt":"CAAniDE8SKmKCiNtCABFAAA0AABAAO4G\/0sDonBdwKhY0AG7yl9jQ4ry7YQGNIAS\/\/8zkgAAAgQFoAEBBAIBAwMJ"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1729781781299214,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1729781781299214,"pkt":"SKmKCiNtCAAniDE8CABFAAAolNVAAIAGAADAqFjQA6JwXcpfAbvthAY0Y0OK81AQBAWNkgAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1729781781319028,"pkt":"SKmKCiNtCAAniDE8CABFAADelNZAAIAGAADAqFjQA6JwXcpfAbvthAY0Y0OK81AYBAWOSAAAFgMDALEBAACtAwNnGmAVy17EUPm3FkBHuB439O7oNgXVlaoaOcLg\/LlcogAAKsAswCvAMMAvAJ8AnsAkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFoAAAAQAA4AAAtwYWx0YWxrLmNvbQAFAAUBAAAAAAAKAAgABgAdABcAGAALAAIBAAANABoAGAgECAUIBgQBBQECAQQDBQMCAwICBgEGAwAjAAAAFwAA\/wEAAQA="} -01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781781319028,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3":"ce5f3254611a8c095a3d821d44539877","ja3s":"","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781299173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781781319028,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1729781781432027,"pkt":"CAAniDE8SKmKCiNtCABFAAAoveIAAO4GgXUDonBdwKhY0AG7yl9jQ4rz7YQG6lAQAINzGQAAAAC\/iaj4"} -01376{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1729781781432027,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3":"ce5f3254611a8c095a3d821d44539877","ja3s":"7da0ae90f9693272ed42e89898421495","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1729781781186613,"flow_src_last_pkt_time":1729781781319028,"flow_dst_last_pkt_time":1729781781432027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1729781781432027,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"3.162.112.93","src_port":51807,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Paltalk","proto_id":"91.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"paltalk.com","domainame":"paltalk.com","tls": {"version":"TLSv1.2","ja3s":"7da0ae90f9693272ed42e89898421495","ja4":"t12d210800_76e208dd3e22_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729781826160319,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729781826160319,"l3_proto":"ip4","src_ip":"158.69.169.104","dst_ip":"192.168.88.208","src_port":6845,"dst_port":51887,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1729781826160319,"pkt":"CAAniDE8SKmKCiNtCABFAAAwAABAADEG6KGeRalowKhY0Bq9yq9PmWUJAGGrknASchBq4AAAAgQFoAEDAwk="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1729781826160759,"pkt":"SKmKCiNtCAAniDE8CABFAAAoORpAAIAGAADAqFjQnkWpaMqvGr0AYauST5llClAQBAVhQQAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1729781826160873,"pkt":"SKmKCiNtCAAniDE8CABFAAA8ORtAAIAGAADAqFjQnkWpaMqvGr0AYauST5llClAYBAVhVQAA\/\/+nNQdbcysAAgABAAAABFr9\/\/8="} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1729781826160319,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1729781826160873,"l3_proto":"ip4","src_ip":"158.69.169.104","dst_ip":"192.168.88.208","src_port":6845,"dst_port":51887,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Paltalk","proto_id":"432","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1642,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1729789201455805} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1642,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1729789201455805} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729789201455805,"flow_src_last_pkt_time":1729789201455805,"flow_dst_last_pkt_time":1729789201455805,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201455805,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"84.17.44.229","src_port":50728,"dst_port":7970,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1729789201455805,"flow_dst_last_pkt_time":1729789201455805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729789201455805,"pkt":"SKmKCiNtCAAniDE8CABFAAA0re9AAIAGAADAqFjQVBEs5cYoHyInaWRrAAAAAIAC+vCalQAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1729789201455805,"flow_dst_last_pkt_time":1729789201630864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1729789201630864,"pkt":"CAAniDE8SKmKCiNtCABFAAA0AABAAC8GsVVUESzlwKhY0B8ixiiBQAQNJ2lkbIASchBsKAAAAgQFoAEBBAIBAwMH"} @@ -30,7 +30,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201455805,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"84.17.44.229","src_port":50728,"dst_port":7970,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Paltalk","proto_id":"432","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729789201630971,"flow_src_last_pkt_time":1729789201630971,"flow_dst_last_pkt_time":1729789201630971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":843,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"44.194.181.195","src_port":51825,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Paltalk","proto_id":"7.432","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1729781826160319,"flow_src_last_pkt_time":1729781826160319,"flow_dst_last_pkt_time":1729781826160873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1729789201630971,"l3_proto":"ip4","src_ip":"158.69.169.104","dst_ip":"192.168.88.208","src_port":6845,"dst_port":51887,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Paltalk","proto_id":"432","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1729789201630971} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/paltalk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1729789201630971} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923584 bytes -~~ total memory freed........: 6923584 bytes -~~ total allocations/frees...: 114198/114198 +~~ total memory allocated....: 7501203 bytes +~~ total memory freed........: 7501203 bytes +~~ total allocations/frees...: 125930/125930 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1661 chars diff --git a/test/results/default/path_of_exile.pcapng.out b/test/results/default/path_of_exile.pcapng.out index bbfe54efc..f9a82478f 100644 --- a/test/results/default/path_of_exile.pcapng.out +++ b/test/results/default/path_of_exile.pcapng.out @@ -1,25 +1,49 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709739200863006} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1709739200863006} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200863006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739200863006,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200863006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709739200863006,"pkt":"SKmKCiNt8C90rUP1CABFAAA8sslAAEAGL5rAqFjnxjJ4lo2mF+CghqOtAAAAAKACfXhYhwAAAgQFtAQCCArV2qNjAAAAAAEDAwc="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709739200996369,"pkt":"8C90rUP1SKmKCiNtCABFKAA8AABAACwG9jvGMniWwKhY5xfgjaY9oyG+oIajrqAS\/ogdjAAAAgQFoAQCCAq1gFu61dqjYwEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1709739200996396,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709739200996396,"pkt":"SKmKCiNt8C90rUP1CABFAAA0sspAAEAGL6HAqFjnxjJ4lo2mF+CghqOuPaMhv4AQAPtYfwAAAQEICtXao+m1gFu6"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1709739201000335,"pkt":"SKmKCiNt8C90rUP1CABFAABTsstAAEAGL4HAqFjnxjJ4lo2mF+CghqOuPaMhv4AYAPtYngAAAQEICtXao+21gFu6AAMAN3VgAAIACW5EUElfVGVzdOyP7PIAAAAAQAAAAQ=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739201000335,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739201000335,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1709739201000335} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1736079802056091} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736079802056091,"flow_src_last_pkt_time":1736079802056091,"flow_dst_last_pkt_time":1736079802056091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736079802056091,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"209.192.244.174","src_port":50808,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1736079802056091,"flow_dst_last_pkt_time":1736079802056091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736079802056091,"pkt":"WJz8EDlx8C90rUP1CABFAAA8mWNAAEAGGTTAqAEN0cD0rsZ4U3BRONg3AAAAAKAC+vCIUwAAAgQFtAQCCAqFPB26AAAAAAEDAwc="} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1736079802056091,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736079802203892,"pkt":"8C90rUP1WJz8EDlxCABFAAA8AABAADYGvJfRwPSuwKgBDVNwxng3tNjSUTjYOKAS\/ohq8QAAAgQFoAQCCAoztyvWhTwdugEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1736079802203916,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736079802203916,"pkt":"WJz8EDlx8C90rUP1CABFAAA0mWRAAEAGGTvAqAEN0cD0rsZ4U3BRONg4N7TY04AQAfaISwAAAQEICoU8Hk0ztyvW"} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1736079802211469,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1736079802211469,"pkt":"WJz8EDlx8C90rUP1CABFAABHmWVAAEAGGSfAqAEN0cD0rsZ4U3BRONg4N7TY04AYAfaIXgAAAQEICoU8HlUztyvWAAMAGt5nAAIADI3uHgAAAABAAQ=="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736079802056091,"flow_src_last_pkt_time":1736079802211469,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736079802211469,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"209.192.244.174","src_port":50808,"dst_port":21360,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736079802211469,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1736081650294301} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736081650294301,"flow_src_last_pkt_time":1736081650294301,"flow_dst_last_pkt_time":1736081650294301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736081650294301,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"91.206.197.210","src_port":49554,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1736081650294301,"flow_dst_last_pkt_time":1736081650294301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736081650294301,"pkt":"WJz8EDlx8C90rUP1CABFAAA8iJ1AAEAGzsjAqAENW87F0sGSU3A7XNgBAAAAAKAC+vDjhAAAAgQFtAQCCAoL0xXjAAAAAAEDAwc="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1736081650294301,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736081650304773,"pkt":"8C90rUP1WJz8EDlxCABFAAA8AABAADoGXWZbzsXSwKgBDVNwwZLKwrTPO1zYAqAS\/oh3KAAAAgQFoAQCCArnPD4VC9MV4wEDAwc="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1736081650304800,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736081650304800,"pkt":"WJz8EDlx8C90rUP1CABFAAA0iJ5AAEAGzs\/AqAENW87F0sGSU3A7XNgCysK00IAQAfbjfAAAAQEICgvTFe3nPD4V"} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1736081650306353,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1736081650306353,"pkt":"WJz8EDlx8C90rUP1CABFAABHiJ9AAEAGzrvAqAENW87F0sGSU3A7XNgCysK00IAYAfbjjwAAAQEICgvTFe\/nPD4VAAMAI\/GnAAIAk59+twAAAABABA=="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736081650294301,"flow_src_last_pkt_time":1736081650306353,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736081650306353,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"91.206.197.210","src_port":49554,"dst_port":21360,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":69,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1736082968685045} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736082968685045,"flow_src_last_pkt_time":1736082968685045,"flow_dst_last_pkt_time":1736082968685045,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968685045,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"203.57.83.5","src_port":36492,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1736082968685045,"flow_dst_last_pkt_time":1736082968685045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736082968685045,"pkt":"WJz8EDlx8C90rUP1CABFAAA8bYRAAEAG7UPAqAENyzlTBY6MU3COG0rHAAAAAKAC+vDgIgAAAgQFtAQCCAo5CD0qAAAAAAEDAwc="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1736082968685045,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736082968732889,"pkt":"8C90rUP1WJz8EDlxCABFAAA8AABAADYGZMjLOVMFwKgBDVNwjozs1mOYjhtKyKAS\/ogazAAAAgQFoAQCCApGBocyOQg9KgEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1736082968732913,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736082968732913,"pkt":"WJz8EDlx8C90rUP1CABFAAA0bYVAAEAG7UrAqAENyzlTBY6MU3COG0rI7NZjmYAQAfbgGgAAAQEICjkIPVlGBocy"} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1736082968748872,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1736082968748872,"pkt":"WJz8EDlx8C90rUP1CABFAABHbYZAAEAG7TbAqAENyzlTBY6MU3COG0rI7NZjmYAYAfbgLQAAAQEICjkIPWlGBocyAAMAMD8rAAIAB9ihaQAAAABABA=="} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736082968685045,"flow_src_last_pkt_time":1736082968748872,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"203.57.83.5","src_port":36492,"dst_port":21360,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736079802056091,"flow_src_last_pkt_time":1736079802211469,"flow_dst_last_pkt_time":1736079802203892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"209.192.244.174","src_port":50808,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736081650294301,"flow_src_last_pkt_time":1736081650306353,"flow_dst_last_pkt_time":1736081650304773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"91.206.197.210","src_port":49554,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736082968685045,"flow_src_last_pkt_time":1736082968748872,"flow_dst_last_pkt_time":1736082968732889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736082968748872,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"203.57.83.5","src_port":36492,"dst_port":21360,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1736082968748872} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 4/4 +~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 31 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 +~~ total layer4 data length..: 88 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909801 bytes -~~ total memory freed........: 6909801 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7501101 bytes +~~ total memory freed........: 7501101 bytes +~~ total allocations/frees...: 125925/125925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars -~~ json message max len.......: 977 chars -~~ json message avg len.......: 753 chars +~~ json message max len.......: 978 chars +~~ json message avg len.......: 764 chars diff --git a/test/results/default/pfcp.pcapng.out b/test/results/default/pfcp.pcapng.out index 9f191d20b..c188ef839 100644 --- a/test/results/default/pfcp.pcapng.out +++ b/test/results/default/pfcp.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710239851321696} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1710239851321696} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851321696,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1710239851321696,"pkt":"RQAANAAAAABAEXy2fwAAAX8AAAIiZSJlACCbFyE3ABQAAAAA\/\/\/\/\/wAAAAAAaAAEAAAAEg=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851321696,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PFCP","proto_id":"405","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1710239851332721,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":80,"pkt_l4_len":60,"thread_ts_usec":1710239851332721,"pkt":"RQAAUAAAAABAEXyafwAAAX8AAAIiZSJlADwJcSE2ADAAAAAAAAAAAP\/\/\/wAAswABBwEGAAEBAKwAAQEAeQAJAQAAAAAAAAAAAGgABAAAAAA="} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1710239851337392,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":275,"pkt_l4_len":255,"thread_ts_usec":1710239851337392,"pkt":"RQABEwAAAABAEXvXfwAAAX8AAAIiZSJlAP9hniEFAPMAAAAAAAAACQAADACAEQBKDenWYF4aAAB82\/9\/aEJJqFebf\/8ZcoI29eD\/\/wB9AKbp3Br\/\/xiF82H5ov+cy+CWsUxgAAAAAP\/rb1ul\/\/\/\/\/1Y8kVW0yEgOsgAAmwAE7EAlfwBpAI0A2wABBACfAFM\/eWR2OGxjLXQzYTh2c3AtNnRnOS0zNzRoZXUtaHVrZnhwdTVuMDM3NWJ3N2MzcXQ3ZTk0bTlxdXloc2V4eXpwBm1uYzk5OQZtY2M5OTkEZ3BycwDQAAT\/\/\/\/\/AIoABAAAAAAA6wAEAAAAGgEJAAEBAG4AAQEA7QABA4AJAAZI+QAAACE="} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851360328,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851360328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PFCP","proto_id":"405","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1710239851360328} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1710239851360328} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907932 bytes -~~ total memory freed........: 6907932 bytes -~~ total allocations/frees...: 114148/114148 +~~ total memory allocated....: 7485528 bytes +~~ total memory freed........: 7485528 bytes +~~ total allocations/frees...: 125879/125879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 1035 chars diff --git a/test/results/default/pgm.pcap.out b/test/results/default/pgm.pcap.out index de456a995..984d96576 100644 --- a/test/results/default/pgm.pcap.out +++ b/test/results/default/pgm.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654564815455078} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654564815455078} 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1654564815455078,"pkt":"AQBeAAEviFH7P19UCABFAAA4C7VAABRxIuMK9ECa6wABL9YlAHsAAEcBCvRAmtYlACQAAaJCAFHoKABR6ecAAQAACvRAmg=="} 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -9,7 +9,7 @@ 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654564816353345,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1344,"pkt_l4_len":1310,"thread_ts_usec":1654564816353345,"pkt":"AQBeAAEviFH7P19UCABFAAUyDpFAABRxGw0K9ECa6wABL9YlAHsEAKv+CvRAmtYlBR4AUenrAFHoKENTQQCABAAAbQAFAFBBUkFNAAAAAAAAAAAAAAAAAAAAAP\/\/AADXyjEBPQAAAAr0QJoAAAAAM38AAAAAAAABAAAAAQAAACoAAAAAAA4AAABBQ0NPVU5UX0xJTUlUUwAAAAAAEAAAAEFMR09SSVRITV9UUkFERVIAAAAAAAwAAABBTk5PVU5DRU1FTlQAAAAAAAUAAABCRVRBUwAAAAAADQAAAENUT19BTEdPUklUSE0AAAAAAAsAAABDVk9MX0VOR0lORQAAAAAABAAAAERBWVMAAAAAAAkAAABESVZJREVORFMAAAAAAAgAAABFWENIX01BUAAAAAAAEwAAAEVYRV9FWENIQU5HRV9TWU1CT0wAAAAAAAMAAABGRUUAAAAAAA0AAABGRlRfQUxHT1JJVEhNAAAAAAAIAAAARklUX1RFUk0AAAAAAAcAAABIT0xJREFZAAAAAAAKAAAASU1WX1JFR0lPTgAAAAAACAAAAElNVl9URVJNAAAAAAANAAAASU5TVF9FWENIX01BUAAAAAAACQAAAElOVkVOVE9SWQAAAAAAEgAAAElOVkVOVE9SWV9FWENIQU5HRQAAAAAABgAAAExJTUlUUwAAAAAADgAAAE1BS09fQUxHT1JJVEhNAAAAAAAPAAAATUFLT19QRVJNSVNTSU9OAAAAAAAOAAAATUFLT19QT1JURk9MSU8AAAAAAAsAAABNQUtPX1RSQURFUgAAAAAACwAAAE1BTlVBTF9SQVRFAAAAAAANAAAAT1BTX0FMR09SSVRITQAAAAAADQAAAE9QVF9BTEdPUklUSE0AAAAAAAwAAABPUkRFUl9MSU1JVFMAAAAAAA0AAABPU1RfQUxHT1JJVEhNAAAAAAAMAAAAT1NUX01PTUVOVFVNAAAAAAAJAAAAUE9SVEZPTElPAAAAAAATAAAAUE9SVEZPTElPX0FMR09SSVRITQAAAAAAEwAAAFBPUlRGT0xJT19JTlZFTlRPUlkAAAAAABAAAABQT1JURk9MSU9fTElNSVRTAAAAAAATAAAAUE9TX0VYQ0hBTkdFX1NZTUJPTAAAAAAADAAAAFBPU19FWENIX01BUAAAAAAABwAAAFBST0RVQ1QAAAAAAA8AAABSQVRFX0FESlVTVE1FTlQAAAAAAAoAAABSSVNLX0pQTV8xAAAAAAAOAAAAUklTS19WT0xfTU9WRVMAAAAAAAUAAABST0xMUwAAAAAABgAAAFNZTUJPTAAAAAAADQAAAFNZTUJPTF9MSU1JVFMAAAAAAAgAAABUSUNLX01BUAAAAAAACQAAAFRJQ0tfU0laRQAAAAAACgAAAFVOREVSTFlJTkcAAAAAAAsAAABWT0xfRklUVElORwAAAAAACQAAAFZPTF9NT1ZFUwAAAAAACAAAAFZPTF9QQVRIAAAAAAAPAAAAVk9MX1BBVEhfUkVHSU9OAAAAAAAKAAAAVk9MX1JFR0lPTgAAAAAACgAAAFZPTF9TWU1CT0wAAAAAAAgAAABWT0xfVEVSTQAAAAAABwAAAFZUX0lORk8AAAAAAAsAAABWVF9JTkZPX01BUAAAAAAABgAAAFZUX01BUAAAAAAADQAAAFhHVF9BTEdPUklUSE0AAAAAAA0AAABYSEZfQUxHT1JJVEhNAAAAAAANAAAAWElCX0FMR09SSVRITQAAAAAAEAAAAERFRkxFQ1RPUl9TWU1CT0wA"} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564817394846,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5416,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564817394846,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":62573.2,"max":840685,"stddev":155726.8,"var":24250839040.0,"ent":2.9,"data": [840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009]},"pktlen": {"min":56,"avg":189.2,"max":1330,"stddev":214.8,"var":46132.5,"ent":4.5,"data": [56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113]},"bins": {"c_to_s": [0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.207933426,3.772077084,3.737904549,4.289524555,3.977143764,4.305780411,3.733274460,3.889899492,4.148006916,4.292365074,4.336574078,4.226692677,4.062590599,3.930770159,4.197418690,4.412383080,3.835077763,3.796297789,4.342565060,3.788575172,3.851600647,4.257427692,4.309153080,4.246764660,3.757787228,3.886102915,3.938454628,3.971912861,3.968787670,3.964792728,3.751131535,3.773303032]},"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1000,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564894361003,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564894361003,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1000,"packets-processed":1000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654564894361003} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1000,"packets-processed":1000,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1654564894361003} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/1000 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936585 bytes -~~ total memory freed........: 6936585 bytes -~~ total allocations/frees...: 115136/115136 +~~ total memory allocated....: 7514181 bytes +~~ total memory freed........: 7514181 bytes +~~ total allocations/frees...: 126867/126867 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2252 chars diff --git a/test/results/default/pgsql.pcap.out b/test/results/default/pgsql.pcap.out index bdd47d007..991cfb6ae 100644 --- a/test/results/default/pgsql.pcap.out +++ b/test/results/default/pgsql.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1103453983214636} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1103453983214636} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1103453983214636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214636,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/wlAAEAGPbB\/AAABfwAAAbNqFTjJW\/IgAAAAAKACf\/\/rIgAAAgRADAQCCAoTQg0pAAAAAAEDAwA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214658,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2rJRrU9yVvyIaASf\/9MIgAAAgRADAQCCAoTQg0pE0INKQEDAwA="} @@ -14,7 +14,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1103453983217769,"pkt":"AAAAAAAAAAAAAAAACABFAAA07zdAAEAGTYp\/AAABfwAAARU4s2vJSeIdyQGw44AQf\/\/J7gAAAQEIChNCDSwTQg0s"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983217592,"flow_dst_last_pkt_time":1103453983217889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1576629230565518} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1576629230565518} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629230565518,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629230565518,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+acFThi3YI3AAAAALDC\/\/9QBQAAAgQFtAEDAwYBAQgKmyLoygAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230566452,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45py6PR0kYt2COKBScSBRGwAAAgQFtAQCCApyjFVOmyLoygEDAwc="} @@ -49,7 +49,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231631971,"flow_dst_last_pkt_time":1576629231631919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453998615162,"flow_dst_last_pkt_time":1103453998615143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":282,"flow_src_tot_l4_payload_len":566,"flow_dst_tot_l4_payload_len":864,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983338269,"flow_dst_last_pkt_time":1103453983299534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":438,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1576629231631971} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1576629231631971} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6934505 bytes -~~ total memory freed........: 6934505 bytes -~~ total allocations/frees...: 114292/114292 +~~ total memory allocated....: 7512101 bytes +~~ total memory freed........: 7512101 bytes +~~ total allocations/frees...: 126023/126023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 982 chars diff --git a/test/results/default/pgsql2.pcapng.out b/test/results/default/pgsql2.pcapng.out index 8109be595..91537bc33 100644 --- a/test/results/default/pgsql2.pcapng.out +++ b/test/results/default/pgsql2.pcapng.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682508779830421} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1682508779830421} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682508779830421,"flow_src_last_pkt_time":1682508779830421,"flow_dst_last_pkt_time":1682508779830421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682508779830421,"l3_proto":"ip4","src_ip":"10.220.20.67","dst_ip":"10.220.20.67","src_port":58574,"dst_port":60102,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1682508779830421,"flow_dst_last_pkt_time":1682508779830421,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1682508779830421,"pkt":"AgAAAEUAADRx2kAAgAYAAArcFEMK3BRD5M7qxlP3stMAAAAAgAL\/\/2BOAAACBP\/XAQMDCAEBBAI="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1682508779830421,"flow_dst_last_pkt_time":1682508779830497,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1682508779830497,"pkt":"AgAAAEUAADRx20AAgAYAAArcFEMK3BRD6sbkzph7gihT97LUgBL\/\/0WgAAACBP\/XAQMDAQEBBAI="} @@ -8,7 +8,7 @@ 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1682508779830768,"flow_dst_last_pkt_time":1682508779830787,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_usec":1682508779830787,"pkt":"AgAAAEUAAChx3kAAgAYAAArcFEMK3BRD6sbkzph7gilT97LcUBB\/\/ACMAAA="} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1682508779830421,"flow_src_last_pkt_time":1682508779830768,"flow_dst_last_pkt_time":1682508779832860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1682508779832860,"l3_proto":"ip4","src_ip":"10.220.20.67","dst_ip":"10.220.20.67","src_port":58574,"dst_port":60102,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1682508779830421,"flow_src_last_pkt_time":1682508779839067,"flow_dst_last_pkt_time":1682508779839077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1316,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":1416,"midstream":0,"thread_ts_usec":1682508779839077,"l3_proto":"ip4","src_ip":"10.220.20.67","dst_ip":"10.220.20.67","src_port":58574,"dst_port":60102,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2216,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1682508779839077} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/pgsql2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2216,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1682508779839077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910237 bytes -~~ total memory freed........: 6910237 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7487855 bytes +~~ total memory freed........: 7487855 bytes +~~ total allocations/frees...: 125890/125890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 1119 chars diff --git a/test/results/default/pia.pcap.out b/test/results/default/pia.pcap.out index 404a618fc..292961ef1 100644 --- a/test/results/default/pia.pcap.out +++ b/test/results/default/pia.pcap.out @@ -1,16 +1,16 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613755355148465} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613755355148465} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355148465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613755355148465,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355148465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1613755355148465,"pkt":"poPnuslkAAwplE+vCABFAAA8OxxAAEAGKcTAqFgDj\/QtPN4WAbtUJgkIAAAAAKAC+vChoAAAAgQFtAQCCAoFrZLlAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1613755355163584,"pkt":"AAwplE+vpoPnuslkCABFKAA8AAAAADUGAACP9C08wKhYAwG73hb59a4GVCYJCaAS\/oigRAAAAgQFtAQCCArgC3WqBa2S5QEDAwc="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1613755355163925,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613755355163925,"pkt":"poPnuslkAAwplE+vCABFAAA0Ox1AAEAGKcvAqFgDj\/QtPN4WAbtUJgkJ+fWuB4AQAfbLkwAAAQEICgWtkvXgC3Wq"} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1613755355164695,"pkt":"poPnuslkAAwplE+vCABFAAI5Ox5AAEAGJ8XAqFgDj\/QtPN4WAbtUJgkJ+fWuB4AYAfaJzAAAAQEICgWtkvXgC3WqFgMBAgABAAH8AwNqAjiqdrL0RgLpaTFpnKtDF3eWveWBXq85kZpi974HNiBvCvN1bsUE0sQMgvegfMfncfPIOWlOBNxgLQbSr0coywByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIPVaMwgxTn7pb9sgIvlJXhUQ5DOylTmu3VGn69SpKhxeABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613755355164695,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"ee798410f39b7911fa5306cf3f3e6adc","ja3s":"","ja4":"t13d571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613755355164695,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355179549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613755355179549,"pkt":"AAwplE+vpoPnuslkCABFKAA0fjcAADUGAACP9C08wKhYAwG73hb59a4HVCYLDoAQAfrJegAAAQEICuALdboFrZL1"} -01492{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1613755355184350,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"ee798410f39b7911fa5306cf3f3e6adc","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13d571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01974{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355184360,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"newjersey402","ja3":"ee798410f39b7911fa5306cf3f3e6adc","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13d571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","subjectDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newjersey402, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:93:3C:30:66:5E:3D:9D:AF:2D:89:56:75:07:DF:06:BB:D2:61:3F","blocks":0}}} +01451{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1613755355184350,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13d571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01933{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355184360,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"newjersey402","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13d571000_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","subjectDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newjersey402, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:93:3C:30:66:5E:3D:9D:AF:2D:89:56:75:07:DF:06:BB:D2:61:3F","blocks":0}}} 01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355185778,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355185778,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1613755355185778} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1613755355185778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914944 bytes -~~ total memory freed........: 6914944 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7492540 bytes +~~ total memory freed........: 7492540 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars -~~ json message max len.......: 1979 chars -~~ json message avg len.......: 1224 chars +~~ json message max len.......: 1938 chars +~~ json message avg len.......: 1204 chars diff --git a/test/results/default/pim.pcap.out b/test/results/default/pim.pcap.out index 2924415b1..bacbecbf1 100644 --- a/test/results/default/pim.pcap.out +++ b/test/results/default/pim.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655247781655191} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655247781655191} 00737{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247781655191,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKkAAAFns0PAqMvq4AAADSMAIEwBAMCoy+kAAgDSAQAAIOY+QvwAAQAAAQAHIAql5gIBAAAg5jwrAwABAAABAAcgCqXmAg=="} 00889{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655247784655491,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247784655491,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKwAAAFns0DAqMvq4AAADSMAbUgBAMCoy+kAAgDSAQAAIOY+AP8AAQAAAQAHIAql5gIBAAAg5jwgBAABAAABAAcgCqXmAg=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655247785655415,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247785655415,"pkt":"AQBeAAANUC+oqN+8CABFwABKmK0AAAFnsz\/AqMvq4AAADSMAbUsBAMCoy+kAAgDSAQAAIOY+AP4AAQAAAQAHIAql5gIBAAAg5jwgAgABAAABAAcgCqXmAg=="} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247790665297,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247790665297,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655247790665297} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655247790665297} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907875 bytes -~~ total memory freed........: 6907875 bytes -~~ total allocations/frees...: 114146/114146 +~~ total memory allocated....: 7485471 bytes +~~ total memory freed........: 7485471 bytes +~~ total allocations/frees...: 125877/125877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 936 chars diff --git a/test/results/default/pinterest.pcap.out b/test/results/default/pinterest.pcap.out index cd7a3f975..c7316b356 100644 --- a/test/results/default/pinterest.pcap.out +++ b/test/results/default/pinterest.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605289710318889} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605289710318889} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289710318889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710318889,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710576735,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} @@ -11,10 +11,10 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1605289713743557,"flow_dst_last_pkt_time":1605289713761186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289713761186,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd77q\/EGoBJXgJPPAAACBAV4AQMDAwQCCArCuSBXz6owbQ=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1605289713761240,"flow_dst_last_pkt_time":1605289713761186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289713761240,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBAB+xfPAAABAQgKz6owf8K5IFc="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1605289713761745,"flow_dst_last_pkt_time":1605289713761186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289713761745,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBgB+19tAAABAQgKz6owf8K5IFcWAwECAAEAAfwDA+yBHiy\/5fPide6+4FFrI73bVeU7S3c4gpiD+hriI6L+IHtI+nAWpe15bCFvu1LqSVoZzmB4SUt58o7HnBHfl4P4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LnBpbnRlcmVzdC5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgB5nuO72EAGlBT6bd2ulaiLhiervUWjwUnsjM+bCJUwQALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgAC6uoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713761745,"flow_dst_last_pkt_time":1605289713761186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289713761745,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","domainame":"www.pinterest.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713761745,"flow_dst_last_pkt_time":1605289713761186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289713761745,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","domainame":"www.pinterest.fr","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1605289713761745,"flow_dst_last_pkt_time":1605289713801155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289713801155,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd\/7q\/MLgBALMAxuAAABAQgKwrkgfs+qMH8="} -01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713761745,"flow_dst_last_pkt_time":1605289713802900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289713802900,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","domainame":"www.pinterest.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03183{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713802981,"flow_dst_last_pkt_time":1605289713803139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289713803139,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","domainame":"www.pinterest.fr","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01362{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713761745,"flow_dst_last_pkt_time":1605289713802900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289713802900,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","domainame":"www.pinterest.fr","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713802981,"flow_dst_last_pkt_time":1605289713803139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289713803139,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","domainame":"www.pinterest.fr","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} 02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713845515,"flow_dst_last_pkt_time":1605289714059633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":8219,"midstream":0,"thread_ts_usec":1605289714059633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13485.0,"max":172415,"stddev":32478.6,"var":1054859584.0,"ent":2.7,"data": [17629,17683,505,39969,1745,1,2,41182,41,13,234,2,0,175,23,26,7012,281,424,41621,1,1,33877,492,1,473,243,41960,172415,2,1]},"pktlen": {"min":72,"avg":364.1,"max":1120,"stddev":421.4,"var":177613.6,"ent":4.2,"data": [80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549]},"bins": {"c_to_s": [10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1],"entropies": [4.847575665,5.229952335,5.179864883,4.532552719,5.045369625,6.786690235,4.454385281,6.617737293,5.179864883,5.207642555,5.263197899,7.131698132,7.585322857,6.331103802,5.207642555,5.150118828,5.137001514,6.091404438,6.368394852,7.380807877,5.073147297,5.045369625,7.067039967,5.263197899,6.187361240,5.128702641,5.207642555,5.611329079,5.128702641,7.815224648,7.838888168,7.557251453]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714142423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142423,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714142423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142423,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} @@ -31,11 +31,11 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714171633,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714171727,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714171727,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714172188,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBgB+45nAAABAQgK1mIgIcK5IfIWAwECAAEAAfwDA8cIoCYavuvJ3cclYGmTzcO5vcPxdaWmTmcHbVFGmXkWIAQE24FGTaHp\/I8\/xYwpdYoJEv3RN4\/3JwS5BNqVh3JRACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACDSU2T4PnFCVulVq04gCrqMt7ropfQriFF56F3nM1YPWAAtAAIBAQArAAsKSkoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714172188,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714172188,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714180048,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714180086,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714180086,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714180489,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBgB+6ckAAABAQgK1mIgKcK5IfsWAwECAAEAAfwDA3otstUONYxJRqel+gxt59VketaZiqmW7lVOabrnGXmhICqghU9krTVUXocj19UIfg+9UNudtwL7W30g9XqDFIVFACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACAhW4o44F4ndRfnSItF1Arhn7vovTMKfZIOdsBS0bZaIwAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAI6OgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714180489,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714180489,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181434,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} @@ -45,31 +45,31 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181475,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181475,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181483,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181483,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714181782,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBgB+wk+AAABAQgK1mIgKsK5IfoWAwECAAEAAfwDA8fZsDKFAYPeeYF9BoVFeH6xWP7zl+Qbpemo8n8iOkAJIO+2XqB5SswaLECoDV+oBWri05ofip0ijOA3Db6nod5MACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACDQ8L+t6qDH4DBUOVwSU+oBURitYqBDp2YLq+UXdAtSdwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714181782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714181782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182061,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBgB++OVAAABAQgK1mIgKsK5IfsWAwECAAEAAfwDA92mJPo2aL01mOdVhpY2BeYgOuE8GqohhTbswcdXCK82ICwgtJPAcd3QemZipmKndqHXDNRTDLrVR4Gjwi9JNFNLACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBzyp4wXupLNzvb8sABuM2lxM\/IuPo3b96Pd8Zx+nF3SgAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182319,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBgB+9eLAAABAQgK1mIgK8K5IfsWAwECAAEAAfwDAzRBzSt6OfaWQuGfefwEMKTHqbevEWh0CtAfd3bhvh5GIAWkfBE0ckrIGB0\/YhPYbfnnDbuNbUef6uRX74GQi5ybACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACD9g60FSOGoRydwCiPj9EEgHFxpxy17H17r2OahSqgiPgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAJKSgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182319,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182319,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182602,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBgB+wr6AAABAQgK1mIgK8K5IfsWAwECAAEAAfwDA9ume65XMp2HeShH2kftPGfOVTrng6jVc48Y4obdoCMSICqZyhTW3xviLmKFiyEIbl\/Ph6q3MEMRNQtGI6WLlCCWACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACCGaJJ6CznJgq2rWAQeyxX31Vt1ETNV3hVi2p78QO1VKwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAKqqgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714202238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714202238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2SUKdcjgBALMCrlAAABAQgKwrkiENZiICE="} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714204384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714204387,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714204384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714204387,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714211103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714211103,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe74hzJvgBALMMstAAABAQgKwrkiGNZiICk="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714211558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714211558,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXfDRQiKgBALMIUUAAABAQgKwrkiGNZiICo="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212167,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrsYZEzjGgBEB+8piAAABAQgK1mIgScK5Ifs="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212373,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDFWvprOc6gBEB+9LvAAABAQgK1mIgScK5Ifs="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212431,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfOMpQqoALgBEB+wdlAAABAQgK1mIgScK5Ifs="} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229515,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714212253,"flow_dst_last_pkt_time":1605289714229787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229788,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} -01394{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714229995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714230062,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} -03174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714230027,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} -01394{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714230366,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230369,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229515,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714212253,"flow_dst_last_pkt_time":1605289714229787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229788,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01353{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714229995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714230062,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +03133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714230027,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01353{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714230366,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230369,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","domainame":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714250965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714250965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714250965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714250965,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714250997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714250997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -80,42 +80,42 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714281312,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBhOqRBG+Jl1nfgBAm9NLhAAABAQgKwrkiYM+oHbQ="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714288930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvlZgMDtjdjwYu6gBAMIRHEAAABAQgKwrkiZwxF7DU="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714288932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZE+IqAcsBIEmLB5kd7IUo3\/YpAbuHQp9z38z6OQc1gBALjSOBAAABAQgKwrkiaOM2b+4="} -00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714558209,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714558209,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714558209,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714581709,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714581729,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714581729,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714581951,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/AiUGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBgB++f0AAABAQgKlddlBsK5I4wWAwECAAEAAfwDA7PLbVBgOtGRFhhfXAbYAkw+iamYdzT9SXPsS7L7okIYINk7eET2yUrnprJJWKNt0no0P\/s4mMGITC6JI+53t7c2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGQAXAAAUc2Vzc2lvbnMuYnVnc25hZy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIEvxzjt0\/5GP3sZor6cdXi69M2D9HpE5Nb1aEh4mkXoQAC0AAgEBACsACwpaWgMEAwMDAgMBABsAAwIAAlpaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714581951,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","domainame":"sessions.bugsnag.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714581951,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","domainame":"sessions.bugsnag.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714590794,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714590794,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714613987,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714613987,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpEnJzuDgBALMHNnAAABAQgKwrkjrJXXZQY="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714615889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714615889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","domainame":"sessions.bugsnag.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714615889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714615889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","domainame":"sessions.bugsnag.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714616815,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714616828,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714616828,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="} 01273{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714617005,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBgB+6l5AAABAQgKyRVPIMK5I7AWAwECAAEAAfwDA\/Gk\/9Vg1\/Yj6dUUpOb5DX8WmaenXohw9y+Qd4DnqktzIAb2YuarrlKbgL6YLTJZPQe97f1AtvLN8fLaoxVIuyFiACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIJML4p8NHh5Io\/9KcRl6BBOqQlWgp4uJ9mxBuu8Y\/4wPAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAlpaAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714617005,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714617005,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714651291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714651291,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGb+6kZwgBALMIYoAAABAQgKwrkj0skVTyA="} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714658043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714658043,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714660765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714660765,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714660765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714660765,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714697878,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714697936,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714697936,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714698324,"pkt":"qtsDr8lk5EKm5WPyht1gCBesAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBgB++hnAAABAQgKz6o0KMK5JAEWAwECAAEAAfwDA9jVKfntEh25nXj1BFZE6ZFc6lyzI+CshbYOPn0Jce38IK9kDSD6\/4FSA\/aOBvpuajY1lLZq5tukFPFFFO\/eMmwPACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGwAZAAAWYWNjb3VudHMucGludGVyZXN0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgyukN47oVi6AebwU11bCozo+bX5ZAWB5eRNnx4Nhm1GIALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714698324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","domainame":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714698324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","domainame":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714712098,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1066,"flow_dst_tot_l4_payload_len":4645,"midstream":0,"thread_ts_usec":1605289714737758,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8653.8,"max":43788,"stddev":13864.0,"var":192210288.0,"ent":3.4,"data": [26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257]},"pktlen": {"min":72,"avg":251.0,"max":1280,"stddev":327.8,"var":107441.1,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1],"entropies": [4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714737758,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4dBqQ0uCgBALMAWbAAABAQgKwrkkKc+qNCg="} -01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714739608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289714739608,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","domainame":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714739677,"flow_dst_last_pkt_time":1605289714740234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289714740234,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","domainame":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01376{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714739608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289714739608,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","domainame":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714739677,"flow_dst_last_pkt_time":1605289714740234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289714740234,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","domainame":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714782619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714782619,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="} -02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714795031,"flow_dst_last_pkt_time":1605289714793606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1778,"flow_dst_tot_l4_payload_len":5802,"midstream":0,"thread_ts_usec":1605289714795031,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15232.9,"max":132689,"stddev":29577.9,"var":874849472.0,"ent":3.1,"data": [23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74]},"pktlen": {"min":72,"avg":309.4,"max":1280,"stddev":401.1,"var":160869.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571]},"bins": {"c_to_s": [11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0],"entropies": [4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714795031,"flow_dst_last_pkt_time":1605289714793606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1778,"flow_dst_tot_l4_payload_len":5802,"midstream":0,"thread_ts_usec":1605289714795031,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15232.9,"max":132689,"stddev":29577.9,"var":874849472.0,"ent":3.1,"data": [23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74]},"pktlen": {"min":72,"avg":309.4,"max":1280,"stddev":401.1,"var":160869.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571]},"bins": {"c_to_s": [11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0],"entropies": [4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714832909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714832956,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714832956,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714833176,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBgB+9wiAAABAQgKdGBlEcK5JIcWAwECAAEAAfwDA\/Ezw4mbUrI42jPHW\/R2JVq8HiENkzAbEci0fYqAxMkBIKC\/V9JydIygOtZAUS0JoPRGfzSMLpt5E5aZDM7pIRYPACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGAAWAAATaW1hZ2VzLnVuc3BsYXNoLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgXafHcjSuu0lDRwVYnybRA+hptEDEqNkxm07M0aaWohAALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACGhoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714833176,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","domainame":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714833176,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","domainame":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714864628,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714864628,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFvOS7yogBALMJWfAAABAQgKwrkkp3RgZRE="} -01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714867730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714867730,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","domainame":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714868409,"flow_dst_last_pkt_time":1605289714869584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1605289714869584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"images.unsplash.com","domainame":"images.unsplash.com","tls": {"version":"TLSv1.2","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6","blocks":0}}} +01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714867730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714867730,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","domainame":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03571{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714868409,"flow_dst_last_pkt_time":1605289714869584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1605289714869584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"images.unsplash.com","domainame":"images.unsplash.com","tls": {"version":"TLSv1.2","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6","blocks":0}}} 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873020,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289714873020,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13869.2,"max":89623,"stddev":22425.8,"var":502918720.0,"ent":3.3,"data": [39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623]},"pktlen": {"min":72,"avg":300.8,"max":1120,"stddev":374.8,"var":140490.0,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0],"entropies": [4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 02153{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714902517,"flow_dst_last_pkt_time":1605289714903070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":12561,"midstream":0,"thread_ts_usec":1605289714903070,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7753.2,"max":50337,"stddev":15382.7,"var":236626480.0,"ent":2.9,"data": [50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589]},"pktlen": {"min":72,"avg":498.7,"max":1460,"stddev":595.9,"var":355070.7,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460]},"bins": {"c_to_s": [12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1],"entropies": [4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715133578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715133578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -123,42 +123,42 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715210396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715210445,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715210445,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715212290,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBgB+6OKAAABAQgKOIhOV8K5JdgWAwECAAEAAfwDAyko5RIhdw7iSMvL+JxYqZMyWbwdT4mua+Aq4PLn7o6AIHiamGncKVvaC4Qe+Wkd02CeOTDRVPAoUdvjHzZzHWAnACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAFAASAAAPd3d3LmdzdGF0aWMuY29tABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACCRstqE9fnS4cN2o44Xylwq4VObB7JF4wgnATR+54QtdwAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715212290,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715212290,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715221747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715221747,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715257682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715257682,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV\/hz5v9gBALMCzUAAABAQgKwrkmIDiITlc="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715273354,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715273482,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715273482,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715274121,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBgB+5ZOAAABAQgKcHSetcK5JicWAwECAAEAAfwDA\/Wo9zH9kIsC3p0+x0Ogp3CBXjA+aSeyGzEE6vb9ZTk9IJABGD2ndVeTf+odvyDjSMzv7BNGBBHaaAJBgxYc9sAYACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACB2WXZxKMS9tF781JcLrIeE0V3s7s7Xei6L\/wVkpPzjGAAtAAIBAQArAAsK+voDBAMDAwIDAQAbAAMCAALq6gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274358,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715274358,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="} -01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715287643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715287643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715287643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715287643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSi29A1CgBALMBIOAAABAQgKwrkmW3B0nrU="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715301435,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301435,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="} 01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715301671,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBgB+0gHAAABAQgKuEzcJcK5JlkWAwECAAEAAfwDA5gekqpKhlC2ipL2zI8L5\/kv3e0nxnbXEmgavka1LHWVIBeXyfu8UN0TfZ\/W27lJZzaKDZAJHcd7oBhNLgsTwfr\/ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGQAXAAAUY29ubmVjdC5mYWNlYm9vay5uZXQAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIGc+3YDJXOpck3uyogqFw1bonkkYAWZ3xkO5tRdYSBRhAC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAurqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715301671,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","domainame":"connect.facebook.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715321807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715321807,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715301671,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","domainame":"connect.facebook.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715321807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715321807,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715333683,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi9yub6MgBALMKNIAAABAQgKwrkmebhM3CU="} -01389{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289715333684,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","domainame":"connect.facebook.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289715333684,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","domainame":"connect.facebook.net","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715471680,"flow_dst_last_pkt_time":1605289715427326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1605289715471680,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11299.7,"max":93180,"stddev":21751.5,"var":473125984.0,"ent":3.0,"data": [26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879]},"pktlen": {"min":72,"avg":271.0,"max":1452,"stddev":368.4,"var":135732.3,"ent":4.1,"data": [80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199]},"bins": {"c_to_s": [12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0],"entropies": [5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715782853,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715782853,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715833903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715833970,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715833970,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715834672,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBgB+\/QzAAABAQgKZx9sAMK5KF8WAwECAAEAAfwDA15ScC6cz0Mm40ZOuOfJU9tsVGcffyVHK66YSdKRGbaAIPaARvdX8cCHMx9rMsZJhiJlEhn0QL88TbX34lqqt\/OKACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgpYv7qRG6do7VtNy5242ZZbX6mD8VP8lQEUUuZeSYdj0ALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715834672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715834672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715966342,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715966342,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716018193,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+ENkW7dwgBALMFGYAAABAQgKwrkok2cfbAA="} -01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289716018194,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289716018194,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","domainame":"www.facebook.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289716021823,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716021899,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716021899,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289716024503,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBgB+960AAABAQgKqS9KF8K5KQkWAwECAAEAAfwDAz7PSjjgfHJf+nCfn3DPMxydUwVUjvYQFiNHK08caRmgIChBHphlkCrDONZuzjKATga3CNpgPdLG1nC8FJaIcfu7ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAJAAiAAAfY29udGVudC1hdXRvZmlsbC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgphW3bcEnLefm+sIpksFu2OouFtq8r6bigf0SizCebCQALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACCgoAAQAAFQC9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01361{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289716024503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289716024503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716066903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716066903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HUBv4e4kgBALMFoOAAABAQgKwrkpWqkvShc="} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716084706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289716084706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716084706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289716084706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_usec":1605289716168715,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -174,9 +174,9 @@ 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717572004,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605289717572182,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717572182,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289717572787,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBgB+0DvAAABAQgKMYb1\/cK5LzoWAwECAAEAAfwDA800cC9OVh30oKukmv7TjuGOfIQsAXjOcIds0bgi09HFIBoSrrmErFO1TCZKJVvIhS6wQO5Ret2I7u3t0EJASsOHACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACHp6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApenoAAQAAHQAg3SQzsRLwlL1ZHWLzcJyUxb7R5EthsHkv9Gz6Dx5HIhsALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACysoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717572787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717572787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717599829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717599829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75nuz2pEgBALMPCFAAABAQgKwrkvVjGG9f0="} -01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717605090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289717605090,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717605090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289717605090,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02207{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289717653626,"flow_dst_last_pkt_time":1605289716195463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1605289717653626,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61819.5,"max":1485939,"stddev":260701.6,"var":67965321216.0,"ent":1.6,"data": [55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939]},"pktlen": {"min":72,"avg":238.1,"max":1280,"stddev":317.7,"var":100919.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]},"bins": {"c_to_s": [11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0],"entropies": [4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717681759,"flow_dst_last_pkt_time":1605289717681662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":10121,"midstream":0,"thread_ts_usec":1605289717681759,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8589.7,"max":42968,"stddev":12964.6,"var":168080032.0,"ent":3.5,"data": [23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32]},"pktlen": {"min":72,"avg":418.8,"max":1280,"stddev":492.4,"var":242485.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0],"entropies": [4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718346936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -194,7 +194,7 @@ 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720502835,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289720502835,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720502835,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289720502835,"pkt":"qtsDr8lk5EKm5WPyht1gDE+lACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgIBuwZ3AS1n9K5wgBAD7qJGAAABAQgK1mI428K4iuQ="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289720592524,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWAmf0rnAGdwEugBAMdPzqAAABAQgKwrk63tZgJbc="} -00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722442860,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722442860,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722442860,"pkt":"qtsDr8lk5EKm5WPyht1gCa8jACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt0YBu4XaMRXguiMogBAB9ZuaAAABAQgKldeDu8K4iwE="} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722610839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722610839,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722610839,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722610839,"pkt":"qtsDr8lk5EKm5WPyht1gDvD\/ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgYBu\/ADYY+SLdnAgBBf+pZ\/AAABAQgK1mJBF8K4kuY="} @@ -219,16 +219,16 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733005669,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733005713,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733005713,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733006105,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4AiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBgB+9rPAAABAQgK1mJps8K5a3MWAwECAAEAAfwDA+FylCmx+RqDY+2Dyo1rIa8zFwFxgekrVpZ57dzQTQpcIGR5x9GwiLhejRSyDSJCULhaEPuWcuSSd\/4qtnhsMGhMACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGQAXAAAUYXNzZXRzLnBpbnRlcmVzdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIL6rS5lo+mbnIbk9M9oSvrL6u11X7ZgUutxoF0rBS5t\/AC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAApqaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733006105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","domainame":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733006105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","domainame":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733019634,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733019649,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733019649,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733019850,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBgB+1dmAAABAQgKWG5gYcK5a4MWAwECAAEAAfwDA\/e7AWI4IOqe24e3Dy8GtjgX\/HGd3ql+YvtlwSVKxHHMIG0UA7UP8cWM1+OIpoJabPxwYFuj3vVPyVClxgciYoq4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAHQAbAAAYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACB3ZVhMGdknHjr8mYsq4A0iDM3P9MVWSPmKERKJV0rOKQAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733019850,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733019850,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733055452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733055452,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhsjTam+gBALMDa6AAABAQgKwrlrnNZiabM="} -01411{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":752,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733059043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289733059043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","domainame":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733059060,"flow_dst_last_pkt_time":1605289733060311,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733060311,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","domainame":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":752,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733059043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289733059043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","domainame":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733059060,"flow_dst_last_pkt_time":1605289733060311,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733060311,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","domainame":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733131664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733131664,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99QLvB6QgBALMFy2AAABAQgKwrlrtVhuYGE="} -01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733177092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289733177092,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733177092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289733177092,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733216831,"flow_dst_last_pkt_time":1605289733216812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":9927,"midstream":0,"thread_ts_usec":1605289733216831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15747.2,"max":157269,"stddev":35268.1,"var":1243837184.0,"ent":2.7,"data": [46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3]},"pktlen": {"min":72,"avg":413.0,"max":1280,"stddev":486.7,"var":236885.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0],"entropies": [4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":22897.1,"max":135965,"stddev":39614.3,"var":1569289984.0,"ent":3.2,"data": [46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0]},"pktlen": {"min":72,"avg":430.6,"max":1460,"stddev":544.3,"var":296293.8,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460]},"bins": {"c_to_s": [9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1],"entropies": [4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733399863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733399863,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -236,10 +236,10 @@ 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733420828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733420877,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733420877,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733421383,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBgB+675AAABAQgKxbpMo8K5bSMWAwECAAEAAfwDA7uZ92OCVBC1xHN5t0YDziRYjgNrfeva8SX+HQQ5ROpDIGM8p3TwGS60madRKYlLsuurfXOUOAhO6IRjgC5z9cQPACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGgAYAAAVanMtYWdlbnQubmV3cmVsaWMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACDbqzY6q3LDK4eXjQESdTDrPCFqSpzdCjXjZG6IpYhacgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733421383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","domainame":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733421383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","domainame":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733457928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733457928,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoisAcZgPgBALMJWdAAABAQgKwrltR8W6TKM="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733466833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289733466833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","domainame":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733466898,"flow_dst_last_pkt_time":1605289733468841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289733468841,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","domainame":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0","blocks":0}}} +01394{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733466833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289733466833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","domainame":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733466898,"flow_dst_last_pkt_time":1605289733468841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289733468841,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","domainame":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0","blocks":0}}} 02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":6845.7,"max":45476,"stddev":12150.2,"var":147627232.0,"ent":3.2,"data": [20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2]},"pktlen": {"min":72,"avg":377.7,"max":1120,"stddev":441.2,"var":194656.5,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1],"entropies": [4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -275,9 +275,9 @@ 01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":74,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289731068178,"flow_dst_last_pkt_time":1605289731068352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2450,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":47763,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":33,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716200922,"flow_dst_last_pkt_time":1605289716373420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":31865,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":35,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733369116,"flow_dst_last_pkt_time":1605289733399291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":23429,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} -00961{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289715028550,"flow_dst_last_pkt_time":1605289715083530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1817,"flow_dst_tot_l4_payload_len":6047,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com"}} +00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289715028550,"flow_dst_last_pkt_time":1605289715083530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1817,"flow_dst_tot_l4_payload_len":6047,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901:0:7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com"}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":30,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289733369025,"flow_dst_last_pkt_time":1605289733391818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":4693,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} @@ -294,7 +294,7 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715325511,"flow_dst_last_pkt_time":1605289715321808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":934,"flow_dst_tot_l4_payload_len":2656,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":911,"packets-processed":911,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":297,"global_ts_usec":1605289733529878} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":911,"packets-processed":911,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":297,"global_ts_usec":1605289733529878} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 911/911 ~~ skipped flows.............: 0 @@ -303,10 +303,10 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8285324 bytes -~~ total memory freed........: 8285324 bytes -~~ total allocations/frees...: 116751/116751 +~~ total memory allocated....: 8862920 bytes +~~ total memory freed........: 8862920 bytes +~~ total allocations/frees...: 128482/128482 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars -~~ json message max len.......: 3617 chars -~~ json message avg len.......: 2096 chars +~~ json message max len.......: 3576 chars +~~ json message avg len.......: 2076 chars diff --git a/test/results/default/pluralsight.pcap.out b/test/results/default/pluralsight.pcap.out index e3b97d9c7..4dfe1bce4 100644 --- a/test/results/default/pluralsight.pcap.out +++ b/test/results/default/pluralsight.pcap.out @@ -1,62 +1,62 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373355952549,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139861,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqW9AAOAGNyw2RbwSwKgBgAG7ppJ9QO7TOZprmoAQAG5jngAAAQEIClIxHsWK+PqXFgMDAEYCAABCAwOA5WC3JqevYzzUx7sAgkcnkWLtUg1Xcif8LAl\/TJHvdQDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDFCsLABQnABQkAAa\/MIIGuzCCBaOgAwIBAgIIRQTgxdAUfGQwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwNTAyMTYwMjA4WhcNMjIwNzAxMjM0MjI4WjA\/MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGjAYBgNVBAMMESoucGx1cmFsc2lnaHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSJg4wZgzdbbQJBQZhpcu6kt1yALpBEwdrVeNm1058LHSvcFCpcQ7k2VflDO787iBTgMlrfWy2xPSA7dEEi3sWmGvwZhI42laHi\/cRXRuYGgAg+p5ED1\/KI4VgH0+\/DEDlJmdBUPV4w70Lzu\/VFvb5N6Kw9OPAje4RaJcjYC6fjHvQDyP8IefKIgkzP\/J68B00drY5eqZcv63b1GwhRozV7ChHkjNJwACK6ZKNc1d65kuAAQlO8yxZbKqqIP8vsHzhwdrLvF2OkMFV9i\/YcFzJmEwdUHpo2qHLQXdNUUdz0lxCntTc5uG8AFLCsuVyzRahyj9I2frvleD\/hGr412owIDAQABo4IDQzCCAz8wDAYDVR0TAQH\/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH\/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0xOTI1LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG\/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMC0GA1UdEQQmMCSCESoucGx1cmFsc2lnaHQuY29tgg9wbHVyYWxzaWdodC5jb20wHQYDVR0OBBYEFHGsEKvGACoriNxVjIM6FsyWy5xFMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXHWH6HXAAAEAwBHMEUCIQCdq2ML0Jumv\/iwktHg9EsmJGw6zFWoVcwtyGu\/OquCpwIgJNt1t1fAS5zanYUHVg1aMgxKZxKpYR6jQNCINKhMD8EAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXHWH6eYAAAEAwBHMEUCIQDOz0qVjezJW1dWI7uBCCgp8Vare8XuroiKxVinR889OwIgTBWtS\/mx69sNFk2T86UGhx90X2tLUGINGtaF04Pqrs0AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMA="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139917,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139917,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqXBAAOAGNys2RbwSwKgBgAG7ppJ9QPR7OZprmoAQAG5r5gAAAQEIClIxHsWK+PqX75SYVdaJ0N0AAAFx1h+p5gAABAMARzBFAiArTqTaTNvTVBxKcE\/cBnjdmdOpwF7wOjcm630XBESqNQIhAP9I\/m28a30n87OXSSWJMlzY0ZubLGqcj8tRe9nxjdH6MA0GCSqGSIb3DQEBCwUAA4IBAQArJTxpGLwd+6RFESgocdVAaUnnWVF05CS6VyiI\/I\/6hlgY98VaPMbYAUs625+z4QW6RINrj\/dBbui4MFxolC+9fx01MHlq8FWGhd6ATKhv9SsO39\/E7GyBeHsdEDqXs5\/rAOwx7YkF9iaJEzlt9DxDaybhln4vlGlbk4WSRU8XJJEXZcvvMBDpLw2v2xC1PTQ+qQYru7XvN8uqc5qpIflenl6uZn8fv8mM9AIofo2gd0QTddupk+TbkOroHXLBf9I4mGcXV7ofNOZhiVDQs179yI7PbSfDz\/HBeL8engijD\/xuPLda37wCjIJ07hx0Z0ehQNPvZtHGLsnh96sdovIjAATUMIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v\/z5lz4\/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK\/6AYZ15V8TPLvQ\/MDxdR\/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR\/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv\/oV9PBO9sPpyIBslQj6Zz91cxG7685C\/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6Enrg="} -01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} +01665{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357854664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357854664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357861427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357861427,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357870317,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357870481,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357870481,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357870481,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357879338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357879453,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357879453,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357879453,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357887214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwy7JAADkG3ZGSSz7QwKgBgAG7px6MpPZpf\/N244AQAQnCdgAAAQEICkLpCKmuLco3FgMDAFICAABOAwO6XIhZjRsIbZDozpr1cCQJ4YRKyEEKscq5XpJVSzbGlADALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDCzYLAAsyAAsvAAZzMIIGbzCCBVegAwIBAgIQAS9nOSftrM\/NLZrw\/SoL\/DANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UEAxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA1MTAyMzA5NTdaFw0yMjA2MTEyMzA5NTZaMBYxFDASBgNVBAMMCyouaW1naXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM2d7k3mMXLoGZ8dsCzKEv\/iAG7db5OS9zWBDVE3gTu2BP7KvkzsRhp3tj40M5uHOpBk78Onyv05WUN8dlLDCKppJ1MyuTtZ7Js+LE1GTMKOIrO13a9rwuvdYmoe2V4ccVVbXeX34ZVJPDHkMOWMH99sBaFNROtf64LhLu1ng8NBkUjhNzWSfQdrg2G\/BGXVWv5UQf9\/TXXwzGZV+7k\/SIXwWlwMiRImjm2IPCyM7xO9PdPs1F0mep723FE9NdEjZx6bVITNwxRluW8EDNnV2OGfJc4svjsY9F0fTNEehrrkyA78fo0co8gFcYFIfYoFQ8Tx0Ye2nmOI71+eH20DfwIDAQABo4IDeDCCA3QwOQYDVR0RBDIwMIILKi5pbWdpeC5jb22CCyouaW1naXgubmV0gglpbWdpeC5jb22CCWltZ2l4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU6xzs2st5sPHVa9gktTgoye33VTBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQwHwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho\/nwwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABeViLVtAAAAQDAEYwRAIgFJUbp8zRVM2ymHpaBv7zGx+3V0vX1oW8W6pafQNwJIECIF82EX0oLSxMljZcWPIehFSBOYBdc5vOapX2e2OMeIbUAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF5WItWyAAABAMASDBGAiEA76uJqqwZa4Jhk2SQ2jcwQBZYH7n+uyGeoOr2oOiiF0MCIQDtiVL1M\/n0TGXMpgng7tQ="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357887214,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357887214,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357887220,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwy7NAADkG3ZCSSz7QwKgBgAG7px6MpPulf\/N244AQAQkZKgAAAQEICkLpCKmuLco3ahV8ZpdERTsq5aiKCdel9zgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXlYi1c\/AAAEAwBHMEUCIQD88phuR9bgOJ50FssFiYaBo4yrHB5J95ouhbRLpptKlQIgcaHKzP6l2VLeTLrHXQKoXz9kqKD4AiCQzgcvVBxkOhYwDQYJKoZIhvcNAQELBQADggEBACRyUMLxw3XkYr0iGFf7LSN1EpWsOR0qXYUJeSD+gEbwZ6e\/2WbwIcpz7MW0qa2Kp7tFkw9Uh7Cp+zdjYfMQKhzpCp2+Ws0mTcAssCHYkeGkfwBHRVpFnbCnZ7cqA6x5\/ERoiJ6e9ShnTl8gREqPjEe\/kqgGIH6VxnEajqxXNAXu847jy+zUobNrPprEr8sJU1Wn1tZELcR+VzsTicoSUiddXVVqYB7uusn9fYRaNBwA3PFergkTUdpoJjRwrj5fri9mQErJKsKdU+gfusdKByvu6KA3arN\/Gv3F\/C3AwZv02+50jWZTEjyDjcvNw364BTNfQ8iLfDIFMzK\/BFImhL0ABLYwggSyMIIDmqADAgECAhB4AxggzwI286aFGLrvt\/cBMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTIwMDcyODAwMDAwMFoXDTI5MDMxODAwMDAwMFowVTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKzApBgNVBAMTIkdsb2JhbFNpZ24gQXRsYXMgUjMgRFYgVExTIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJp0\/QYg1WB2tVDaYfybSL6DdaL9KMIEKnP0tn3z15ZGtqDjONRzmzZYn09a\/Vc5sXRuEu02evPRsKhrC1C6fp02XmYdgHV9sUiJIhT74j1X1sYezj1puaAA9YtIXhR+kqgmEn9t2P0Nff8s8Jn7vT+xFdcb+qwtgjTlYZYS2qdWfjBcQv6FagKfzJCOxvBTAAKrQyMiBHKlpuZPc5E4sYTr\/Z8e5Dk\/QgeMtSmi+QXMiJN2hffcsYUa2zcdzv4NohbwyxTVu3ZQmuSeUuEZmXf0A+GdqWZ\/kCoXCxw6UKSrTmma9hHJy+LlWii\/4FJzmpgTYtxLiqTf0QLnpCf+8FAgMBAAGjggGFMIIBgTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEJtVy1PHyZ3dKYnZPaA+o9IaP58MB8GA1UdIwQYMBaAFI\/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1yMy5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3M="} -01613{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357887226,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} +01572{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357887226,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357901597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwx75AADkG4YWSSz7QwKgBgAG7pyYtR\/VMmAavmYAQAQkZkgAAAQEICvWEFyKuLcpAFgMDAFICAABOAwMgeDaCaH+ifl7BHuGkMXIEJdYJhJkayUt39GpkFgu93wDALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDCzYLAAsyAAsvAAZzMIIGbzCCBVegAwIBAgIQAS9nOSftrM\/NLZrw\/SoL\/DANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UEAxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA1MTAyMzA5NTdaFw0yMjA2MTEyMzA5NTZaMBYxFDASBgNVBAMMCyouaW1naXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM2d7k3mMXLoGZ8dsCzKEv\/iAG7db5OS9zWBDVE3gTu2BP7KvkzsRhp3tj40M5uHOpBk78Onyv05WUN8dlLDCKppJ1MyuTtZ7Js+LE1GTMKOIrO13a9rwuvdYmoe2V4ccVVbXeX34ZVJPDHkMOWMH99sBaFNROtf64LhLu1ng8NBkUjhNzWSfQdrg2G\/BGXVWv5UQf9\/TXXwzGZV+7k\/SIXwWlwMiRImjm2IPCyM7xO9PdPs1F0mep723FE9NdEjZx6bVITNwxRluW8EDNnV2OGfJc4svjsY9F0fTNEehrrkyA78fo0co8gFcYFIfYoFQ8Tx0Ye2nmOI71+eH20DfwIDAQABo4IDeDCCA3QwOQYDVR0RBDIwMIILKi5pbWdpeC5jb22CCyouaW1naXgubmV0gglpbWdpeC5jb22CCWltZ2l4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU6xzs2st5sPHVa9gktTgoye33VTBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQwHwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho\/nwwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABeViLVtAAAAQDAEYwRAIgFJUbp8zRVM2ymHpaBv7zGx+3V0vX1oW8W6pafQNwJIECIF82EX0oLSxMljZcWPIehFSBOYBdc5vOapX2e2OMeIbUAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF5WItWyAAABAMASDBGAiEA76uJqqwZa4Jhk2SQ2jcwQBZYH7n+uyGeoOr2oOiiF0MCIQDtiVL1M\/n0TGXMpgng7tQ="} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357901597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwx79AADkG4YSSSz7QwKgBgAG7pyYtR\/qImAavmYAQAQlntQAAAQEICvWEFyKuLcpAahV8ZpdERTsq5aiKCdel9zgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXlYi1c\/AAAEAwBHMEUCIQD88phuR9bgOJ50FssFiYaBo4yrHB5J95ouhbRLpptKlQIgcaHKzP6l2VLeTLrHXQKoXz9kqKD4AiCQzgcvVBxkOhYwDQYJKoZIhvcNAQELBQADggEBACRyUMLxw3XkYr0iGFf7LSN1EpWsOR0qXYUJeSD+gEbwZ6e\/2WbwIcpz7MW0qa2Kp7tFkw9Uh7Cp+zdjYfMQKhzpCp2+Ws0mTcAssCHYkeGkfwBHRVpFnbCnZ7cqA6x5\/ERoiJ6e9ShnTl8gREqPjEe\/kqgGIH6VxnEajqxXNAXu847jy+zUobNrPprEr8sJU1Wn1tZELcR+VzsTicoSUiddXVVqYB7uusn9fYRaNBwA3PFergkTUdpoJjRwrj5fri9mQErJKsKdU+gfusdKByvu6KA3arN\/Gv3F\/C3AwZv02+50jWZTEjyDjcvNw364BTNfQ8iLfDIFMzK\/BFImhL0ABLYwggSyMIIDmqADAgECAhB4AxggzwI286aFGLrvt\/cBMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTIwMDcyODAwMDAwMFoXDTI5MDMxODAwMDAwMFowVTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKzApBgNVBAMTIkdsb2JhbFNpZ24gQXRsYXMgUjMgRFYgVExTIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJp0\/QYg1WB2tVDaYfybSL6DdaL9KMIEKnP0tn3z15ZGtqDjONRzmzZYn09a\/Vc5sXRuEu02evPRsKhrC1C6fp02XmYdgHV9sUiJIhT74j1X1sYezj1puaAA9YtIXhR+kqgmEn9t2P0Nff8s8Jn7vT+xFdcb+qwtgjTlYZYS2qdWfjBcQv6FagKfzJCOxvBTAAKrQyMiBHKlpuZPc5E4sYTr\/Z8e5Dk\/QgeMtSmi+QXMiJN2hffcsYUa2zcdzv4NohbwyxTVu3ZQmuSeUuEZmXf0A+GdqWZ\/kCoXCxw6UKSrTmma9hHJy+LlWii\/4FJzmpgTYtxLiqTf0QLnpCf+8FAgMBAAGjggGFMIIBgTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEJtVy1PHyZ3dKYnZPaA+o9IaP58MB8GA1UdIwQYMBaAFI\/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1yMy5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3M="} -01611{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} +01570{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358908144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358908144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358948816,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373358949276,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358988767,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRJAAOUGNN0Sy8k4wKgBgAG7pnpgCgHKF43OUIAQAG7AjQAAAQEICpVe25C7LqGoFgMDAEYCAABCAwONSvORfRK+oCxj36Hg6J2Hj1QoaCg2HEgsIONHMtI7MQDALwAAGgAAAAD\/AQABAAALAAQDAAECABAABQADAmgyFgMDD1QLAA9QAA9NAAbPMIIGyzCCBbOgAwIBAgIQB\/B75x6f37TLIkIFT5mkADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTEwMDEwMDAwMDBaFw0yMjEwMDEyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHDAaBgNVBAMTE3N0dC5wbHVyYWxzaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr0xSOZf6cCydxEcuFpMVtE13xSxgvN+BhmKgaQAFAzHuwpqwKyaYNmuuLH\/VY4kWvt8oOW3wCuzOM+EMY1K7qcL+jle28Q47YlvtlMucVxaWwRNmKApjrDY2t5SUUQdf2joKa3AMbeENJerDPlu+0VGDcQTqWT9piC0Gkf4X3KOy\/pQfvHRbuzGVd27UtimfLJFXU0JlWM+hCFgHHXQ0OsRQGtSRQn7NHHZvcjzGEcKei5SlMP5F+AbeUb0TDvIhz8x1hWofd9DhmJevyeADezC\/ufKEHGqCAV5PP3Z1d2enMQP1jzKpQXhefR9QTTv1Xw+xqOoPmo8RYBDpRcC6HAgMBAAGjggN4MIIDdDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUBvB7mWhufk4oLyHNuYTGk+hRL+IwHgYDVR0RBBcwFYITc3R0LnBsdXJhbHNpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB\/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfD5FpRQAAAQDAEgwRgIhANbj9wEZj1VoGi2UMZnu3XdkngNqGzgH0H+SQhnbt3jmAiEAqwd+SxYB3DbbxtBV\/7joXhChyIF2XFd33lGbzb6QjcEAdwBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXw+RaUVAAAEAwBIMEYCIQDAIrZL2u\/2JggDkhT0JCtofKLodQnV8LO7lcpEm5pVngIhAM0ARgZECXgacp8gNEXiUuDbe\/K5+5FF6yOd5k8zoidrAHYA36Veq2iCTx8="} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358992536,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRNAAOUGNNwSy8k4wKgBgAG7pnpgCgdyF43OUIAQAG4ZwQAAAQEICpVe25C7LqGobK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfD5FpVkAAAQDAEcwRQIgD\/C+dWI8FNoRd7swKXa4Z3HVOZE6Xo7KLlhYwlDQxUUCIQCORa5g5oY\/p0EanlV0l9hVbXFwuN3kDs7vi8zHYx0FHzANBgkqhkiG9w0BAQsFAAOCAQEAi6q+Yac3NG5zNVZmjOqlgVySNn4urWYHVdnWUcpSV1FJEbUvEiDf6tt46etJ35ZdH6y8l394Q7SRjdYbsn4fD\/+G1nXxjmE4R1M4s9O9PIX353I\/EynAH\/JMAEHRHDLvAMSqCPTBDGQoI\/MgZeEqkZ45e6CE1was5eBG\/IVEv5AISEuq9PMyxIRwHqPEyekxORc5LUg\/jZoUKL9sOGiDWpuM4l2CFZJFEqYf9Qquu5ANUnEjWiMeqiIu55kD1AtVpL5t6znkbU19ECEyuL9lJ\/R1BjOCUDSFpmWLJRHg1pEVTh3mx2+HxqVgJwUWZ8rKriBkPEnLAZJWN54WtrOPrQAEwjCCBL4wggOmoAMCAQICEAbY2QTVWENG9oovp1QifsQwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjEwNDE0MDAwMDAwWhcNMzEwNDEzMjM1OTU5WjBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFLs2VHcLzdT1jb7Jztw2blHzETVK1KZkYfLArsZAflLtzcuQog7d\/jxNCemql6HYKI5RFW2x6fWMJR5yw0DS7SkuFWy\/F5X7O7h8olA3uaUkFmEGBPVxNJ8Og3Z4Pf59NLZ0wiUabfDpkQ7VdRdCbifcfKYi4TG38jiCVTb8E0WACLhP\/4vqdYSSJ7lq2iiJsVvKB83+lRqNWw7TfiNrSCS2K1SZrsx2fW4z7149YSXkTxv3FCfViEA4CxgQH6+coyu7SOJ4cnxSt01KjWl97DZPnKzlOiVrx4F45JAymu+0lPpBW5zvJcGVdta3mnK6InIBO10D1A0yEwB5PqmfUCAwEAAaOCAYIwggF+MBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLdrouqoqoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG\/WwCATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEAgDLOXgvdbloNCq\/h1oTLwI76hXDt2l2zDPcrdUD+hQr68zF4t3BLGolYuoC982sd6X7PC7pYnFnUkNP9bP3QmG23cYJbz20LWgnQe97EQ9gqpN6eQSZfu4+Zy92u4ahvn4c="} -01652{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} +01611{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359576448,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359576448,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359597402,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359600685,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359600685,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359600685,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359621466,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcUA5AADkGH1NoE6J\/wKgBgAG7vzSUVFy13W9PjFAQAEN7JQAAFgMDAHoCAAB2AwP2A+As2n18m0TB8jYY2sY624Si9JzWk3n9xO7CVTKi4CA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHhMBAAAuADMAJAAdACAiOXjhETkQ4gsvJVg73916HOcBZsIAzfHY15rQ215hVQArAAIDBBQDAwABARcDAwfOcAF\/5E51Sf0bJ0BGworKSnQ8uQGhQ+8YRQ8HA7lFgceS0e147fyx2dg\/er0k9EfR4+8g7kA8C5yG0MP0ctVxAi31I1vbQcrFcTG5BRrW+J3BvZAupknRPpB2G0qIOGo3utPvQDdWA3bcXxkc4J9derN0WXMPIDrpeWBwY1IQGQFxfYiER5N1\/u\/Bs9hoxhUa7MKPB1DbN17Dw2+76X9BXfJYTGG2+oe3VURo9b\/CHvqAA7L0EvD4zjBOXSVAEsr4NA1JQ\/tIIVIUtX31vA+LsJzPj5N9gJADJMdt2FyOjyuDHB1F6xleVBsn2uzOA+DCR+u4sHyIKINsJaS\/Wk8Lyo0lA8DzJUTq9LW9zJG4XkGnPJ+lYmXGXbXvzOKn6Q5dO9hAHxG6iBQfQWa5dWCJ6SE7RrXJ+46aA5tjNsE4jdkFrcnChExyvsra\/bDhM7678iRq5nFqST5Au0r5M5ykliVYcCYa45fmWTJjouzh3OzCOLe\/8ddMbsw2A444sU5tduvnkgHpzIRFQwQdYCX6juY5GnGVZ66RFAiruFOq0XQWeRelvFObDZtsNyWqJUkJWSva+PqlQiRvaw976+dwVabEQ8MTycAR\/piLInqJxloBeVfLFvmEV51MdWe+s4tPmHRdwgrA2xUyGbVYNuDTpS6I+4tCd5UP5ktCw3WNNaS8jr6RHVVCawxM4haHVgPtrAO2l5HVKNZtiyL8KpJbQyXWChKWjNEvuvB4uNQbzaRs+lnSHeQNgHfGDVd9dRAwIMZ5tgVIHYwjuSYwIISaLjXDYSasOOVyIsSdR07+XHsofhuZ8VluEqfjaJitPdZ2vMbflj\/qyYnDZyKkv+tXyYThWOL\/Dq4H4QNyHD\/Ap1H0iRDfCgpwuxwWNfDfVn7S0ccy5LvwvLo++Fena1EE2Q1NobG4k3ch19wjk4BMgoYH0frT22KM4kfw+7+Wy+Ppjd5FHjezdnUHv2AHx9zTmN+Nwr+bFFsrbJwnRIlsRV05xxKtaAa4XHXawh3apLnxaUPXW3BLN7lF0CiwUUS6uzy6eyUIf37mQz1u\/zTbAXpjma696kPL2EiRqNLldlWSxDoXSEn\/DFMiGrYpAnexhYlRPUju7yKIRjDYW6sJNfpMyiCyzezIV8ROrKCYUeLsv+ENJ1j0+oBrom1tVBzoSsz6ApwgtYUTNomsCBx+77hYwkdTRswoBo9l+oZy2SgYDMTiUH1TALmuyj56miHHvAfIevP22nFB3piotWvfiOGeTw59T\/qShe9eHBSCK5s2TMkbYcH72BTOXawzSc2pSb0uN0orUwaruxzKBkOJnfLmzdUfNF8jA2TTKfaSxRVehOneQ081r6HjVlARpUaEU2SN8UahiKh8aL8aGIq9inh7cYvLqG2lI767yOrFCLo2umRGqSXA+\/J1utRkHtkqvIW43IiNicTMkQCrkCF37IUkoNFE4rIhv8uaxDJ4Aoaf2tkKsVtDkwAduS81ULSAiec\/tvz\/2uuGWgQo2fxcPHiNp+xEv0VcSqGV\/0jOGUSohk7ar5z7aULgUE\/K6F4Xls5KOhHVPZuY57NwwYmvY19AhBICcLc\/kr+XXMg2xtl9mvGC+MjoIpZbVLL2D2xpgPWQX4DfF5NtProg8W5JEi+MBDKl+\/O2N8hMZrQHnnlSi2VACm4mdXeCwRdwyDXz8VHhslqVyL6VAcDHcAoa5qazxz8ZuprG1OKZQ9Q8pyVkrO4J5dZeNCvGvI6O9rFvHIE48bjRJtkfkew="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359621466,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359621466,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359646502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359646502,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359662167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"} 01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359662306,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359681609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXciMBAADkGtzFoEdHwwKgBgAG7ruI30m4WyDHTqVAQAEMEpAAAFgMDAHoCAAB2AwPh3f4G6bvkpAQiBlVF27q7BUriTXi+L8W0hRbgEpZaoiDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRhMBAAAuADMAJAAdACA1SyvSQZLLx5CIHv4HSvtmmCUXoZblQcltm9P7V5WpIAArAAIDBBQDAwABARcDAwwzmT+Htjc5hkKanw\/IShWHFSoHCihsxypO2X+bsSjpwMmM9sH5YD79mqbLGND5TLQzhnwEx6cw5hrszrANTqt\/hHmfTxGJHTmIg9d+PzYlznjyJf8kSYA45HzBeXkEMc6uPO4NwiMvO2n78Gu30CV+TWYgfT0b15WA5H9vY9Xu\/V8RFdxMbaKGFia36IyaX5O\/8ke0pBwdrJXOVuqOQhF8CeV8Fh6w3PUEfuYXD4+Ho33B12ArNvK3hYu7A\/s3k2BRfDaPzqCtp086iJx0y39Ho2dJBXgxQFyVWnmnsd20f5YDk4M\/xkmxuKOOOArMJPwKYBoPrXvq3\/JRU2QhZBOxUwgBpJglNvZBrqKKvpCkGjiHYTVStQx9RudFVvC3myuChgy\/1G0vy80sg6Ky+Y\/\/3kNqAM\/tANNu5mQx3WbYrvvfTmDGCU9AYGcppPTP09XJnodaV8\/CkiqTbPMuyCkYqvCI5WwnyGC8WZYpKt+2TazshOiXqO9SL1RHv6Dn8te02a+10maxCvSlAqJBWR1+x+r+ThqQTllwTjIE9ldAyhj8ENZbbjj+ocUdjDQ\/suSJ9GPBe7o5y5U0tgXCBLgkqjGoTeMbYy6LVJn1ShYjby7XjWr1QSKmsm3D5VZ91QCbp8LXn28LvZldZyecaHfl8wO7ipN+ECY2WQUeLyHyxoJRrxRDNi43\/BsYJnohonEepMLiaGMHeGTkbT+FozcpsymnssgPxEzVyGVodKDyDiMtOS2\/4gVH00s+CjiEOvU\/WA2WYO+W0GaBoObQCC8C+wgP8X+9\/Lly4MJ8uYHzwJZULnomHy4Zhu3eO8OaaOD8adiKrmX6nf6RRAu9XTBSP6Pea+PT8ApgiP6cHHICUjEIoh1EKF0UWXUO9dydWy8GNBhCnF52mzdJWkKFMi4\/fZktIi123bVOx\/8O85m8SxP9YAHKNNRoCN75\/KXIi7BsS\/yRQl3sqhWASSR7qZOvy+t0usBhHJ97tgy43o+oXVboG5ECaj0mauoYvu75AmhrEMI5qxh+LSqg+vNZHX32i43L5wOTf5bLMarYHZ2zd3Pg+FItI\/oos+WGxlPPYSigPsvRd0ylS\/YCDOt9L5JYmtpF33miRvOv++1Yk\/XWR5vMXeGReVxoq8ugQklfwnbSUSgD6wAX+kbj8AKGs5ZYuXyk7kqFG\/vMOTQPPCPk\/rCLij28VaGG3XQju7sjATGtsw5czsHJGiGwlP5tELr5hlojoMQrDMZr03CYMBu\/6EmnFBWmF1oJZfg4bGfWGEPfI7OoSqGHyoSay0AIlQVjj+d9f0FDqQ97cabxH0umDoaC\/FKH6X\/yc\/hrjIl4HmRt7VMpQyz2KdTzE8B4vzoujGXvtombEVZZCjytpnXTvHrVZua0Nx6vnYWN6U8hOPTiQzVv6YW6MflR92hbAH3p76MQVsREGfgb9bUAvIi+LGIt8MS39s03IWH5ITKktk1M0EDFu9rxI3fMzRA2+G+N4DZBBqlW0y+82xrp9wlYKMPmZCijkiUoYkreaDPjpGYTvkJAsDo1MY+vTQW3dm5sfsFKLG7cIjM6A3z4yo\/7FFTyhkQz7qkQuhIb45msYMVl46RKf8E4zW5YOVa5yF4IQYePRSUh+e\/LuyeYbl7fd6XURSxrpcv5Ie0Xz51vOk3KidEbdAfwA3A5yNwHZ+P2B22mjmaE\/kNxdDWA\/RSgensrsfzyAwjZrMsqHPSI5rKW2m9kOpusiMUcPgzvTzqRcYx8vb4upSN5jLk="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6979279 bytes -~~ total memory freed........: 6979279 bytes -~~ total allocations/frees...: 114298/114298 +~~ total memory allocated....: 7556875 bytes +~~ total memory freed........: 7556875 bytes +~~ total allocations/frees...: 126029/126029 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 2523 chars diff --git a/test/results/default/pop3.pcap.out b/test/results/default/pop3.pcap.out index 0519ff07b..790c36396 100644 --- a/test/results/default/pop3.pcap.out +++ b/test/results/default/pop3.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1349776771892023} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1349776771892023} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1349776771892023,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776771892023,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776772030343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776772030343,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} @@ -7,7 +7,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1349776772030396,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1349776772168746,"pkt":"AMCfw1sHABffs8QACABFAABX02RAADUGrLlK0AUcj+HltQBuidcdXnV8YJLCuIAYAAzvdAAAAQEIClOkphgAYD5GK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaWdteHVzMDA1DQo="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1349776772168788,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1349776772168788,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/w1AAEAGdiOP4eW1StAFHInXAG5gksK4HV51n4AQAFzFqQAAAQEICgBgPtFTpKYY"} 01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776780730528,"flow_dst_last_pkt_time":1349776777636137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1349776780730528,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo","auth_failed":0}}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1377201663814560} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1377201663814560} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201663814560,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663814560,"pkt":"TBfrZBZJyPczS4I3CABFAAA0TaRAAIAGB+rAqAAE1OMPpmagAG635okIAAAAAIACIAAB4wAAAgQFtAEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663880379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663880379,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZqD\/+KO8t+aJCYASFtBnRQAAAgQFtAEBBAIBAwMJ"} @@ -50,7 +50,7 @@ 01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698460579,"flow_dst_last_pkt_time":1377201698507279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201701042241,"flow_dst_last_pkt_time":1377201701091336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":297,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":30,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201784963062,"flow_dst_last_pkt_time":1377201785011707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":19651,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":144,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1377201785011707} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":144,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1377201785011707} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 144/144 ~~ skipped flows.............: 0 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936163 bytes -~~ total memory freed........: 6936163 bytes -~~ total allocations/frees...: 114349/114349 +~~ total memory allocated....: 7513759 bytes +~~ total memory freed........: 7513759 bytes +~~ total allocations/frees...: 126080/126080 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2298 chars diff --git a/test/results/default/pop3_stls.pcap.out b/test/results/default/pop3_stls.pcap.out index 12bfc2e99..3a55ce904 100644 --- a/test/results/default/pop3_stls.pcap.out +++ b/test/results/default/pop3_stls.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1346096808946579} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1346096808946579} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1346096808946579,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096808946579,"pkt":"ABqMFgo4nI6ZO0MBCABFAAA0SZ1AAIAGaj\/AqBQSSPkpNMWXAG5IB2JyAAAAAIACIACXrwAAAgQFtAEDAwIBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096809014772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096809014772,"pkt":"nI6ZO0MBABqMFgo4CABFAAA0AABAADEGAt1I+Sk0wKgUEgBuxZf63xAkSAdic4ASFtCVygAAAgQFtAEBBAIBAwMC"} @@ -8,11 +8,11 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1346096809136177,"flow_dst_last_pkt_time":1346096809083433,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1346096809136177,"pkt":"ABqMFgo4nI6ZO0MBCABFAAAuSZ9AAIAGakPAqBQSSPkpNMWXAG5IB2Jz+t8QMFAYQCYKgQAAQVVUSA0K"} 01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810211494,"flow_dst_last_pkt_time":1346096810279387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":188,"midstream":0,"thread_ts_usec":1346096810279387,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}} 01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810351879,"flow_dst_last_pkt_time":1346096810349671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1346096810351879,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810351879,"flow_dst_last_pkt_time":1346096810420652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":1685,"midstream":0,"thread_ts_usec":1346096810420652,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":11,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810421794,"flow_dst_last_pkt_time":1346096810490233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":4965,"midstream":0,"thread_ts_usec":1346096810490233,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -02426{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096812985585,"flow_dst_last_pkt_time":1346096813059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":5522,"midstream":0,"thread_ts_usec":1346096813059760,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":215,"avg":262973.8,"max":2072094,"stddev":524859.6,"var":275477528576.0,"ent":3.3,"data": [68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810]},"pktlen": {"min":40,"avg":234.5,"max":1500,"stddev":417.0,"var":173868.9,"ent":3.7,"data": [52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89]},"bins": {"c_to_s": [9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01230{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":30,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096814309972,"flow_dst_last_pkt_time":1346096814377321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":805,"flow_dst_tot_l4_payload_len":7462,"midstream":0,"thread_ts_usec":1346096814377321,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"pop.lavabit.com"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":53,"packets-processed":53,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1346096814377321} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810351879,"flow_dst_last_pkt_time":1346096810420652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":1685,"midstream":0,"thread_ts_usec":1346096810420652,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":11,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810421794,"flow_dst_last_pkt_time":1346096810490233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":4965,"midstream":0,"thread_ts_usec":1346096810490233,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +02529{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096812985585,"flow_dst_last_pkt_time":1346096813059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":5522,"midstream":0,"thread_ts_usec":1346096813059760,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":215,"avg":262973.8,"max":2072094,"stddev":524859.6,"var":275477528576.0,"ent":3.3,"data": [68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810]},"pktlen": {"min":40,"avg":234.5,"max":1500,"stddev":417.0,"var":173868.9,"ent":3.7,"data": [52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89]},"bins": {"c_to_s": [9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01333{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":30,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096814309972,"flow_dst_last_pkt_time":1346096814377321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":805,"flow_dst_tot_l4_payload_len":7462,"midstream":0,"thread_ts_usec":1346096814377321,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"pop.lavabit.com"}} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":53,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1346096814377321} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 53/53 ~~ skipped flows.............: 0 @@ -21,10 +21,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927439 bytes -~~ total memory freed........: 6927439 bytes -~~ total allocations/frees...: 114202/114202 +~~ total memory allocated....: 7505067 bytes +~~ total memory freed........: 7505067 bytes +~~ total allocations/frees...: 125934/125934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars -~~ json message max len.......: 2431 chars -~~ json message avg len.......: 1400 chars +~~ json message max len.......: 2534 chars +~~ json message avg len.......: 1450 chars diff --git a/test/results/default/pops.pcapng.out b/test/results/default/pops.pcapng.out index decc389e7..06b5ade30 100644 --- a/test/results/default/pops.pcapng.out +++ b/test/results/default/pops.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938117011128} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938117011128} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938117011128,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117011128,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117270908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117270908,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1614938117559599,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1614938117559643,"pkt":"AAAAAAAAAAgACwgJCABFAAUUApJAADMGa54KCgoBwKgAAQPj1yVpzHcJfESPnVAQAO37bQAAAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1Kj57XgAABAMASDBGAiEA8j5baLiEIkTcbcZDABP4GJpWXp+06QQVFV630SxUILYCIQCDK32qxQgusvwfZLztsKe1sExloQAz78NZOf78r+fvzwB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdSo+fKAAAAQDAEcwRQIgJT0AYFVnglOCOaGN7l1SKLjGXhuzMTCXCBmGdX42LTgCIQCfWe+ZBNqoJSwcEADrGXYZNr0\/9Heh713uW+5hOa2VGjANBgkqhkiG9w0BAQsFAAOCAQEA0Qmjspa\/kI1EQ6yfcRTHLjt5vvDewoH2UzJ4cLdAPXM27Cp\/11UUUl4HrRDZAbA+HQVP3cQkEYalNzb2lLXsdilDG+U+DmO0IzpUJcOT72BFiqdI6lVVf7rbadDzITyfZHiawnHnynoXooWk\/wt3aFZ11wac1zGjK6L31+lmwno6esiT6G52J791KjLuT5SCkGrQn3wFeTFN1+aNUXkem1ekPkX4J4CuT2rAymo4g\/OzzwLTw5ozywc4vhY1q2TyVP94XMQ2Hx3zHwcBaV3Ou5GA+S1JJi2ljvslmQ6cbEleC3BDXcKzCFtPo6YVHBLnIYNCZN\/X6IskUXfhP5tGZwAFBDCCBQAwggPooAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0zMTA1MDMwNzAwMDBaMIHGMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMqaHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYDVQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZBmS+z5RnGpIIO+6Wy\/SslIaYF1Tm0k9ssXE\/iwcVmEemsrhaQ0tRbly8zpQXAspC7W+jJ94ajelBCsMcHA2Gr\/WSerdtb8C3RruKeuP8RU9LQxRN2TVoykTF6bicskg5viV3232BIfyYVt9NGA8VCbh67UCxAF+ye6KG0X6Q7WTbk5VQb\/CiQFfi\/GHXJs1IspjFd92tnrZhrTT6fff1LEMMWlyQ4CxVO\/dzhoBiTDZsg3fjAeRXEjNf+Q2Cqdjeewkk08fyoKk9zNFkZl92CEi3ZLkSdzFJLg6u6PFuqNDj52F799iYCAREPnLeBDCXXaNuit24k69V0SjiMEgwIDAQABo4IBLDCCASgwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8E"} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":2520,"midstream":0,"thread_ts_usec":1614938117559643,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1614938117559643} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1614938117559643} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914309 bytes -~~ total memory freed........: 6914309 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7491905 bytes +~~ total memory freed........: 7491905 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2228 chars diff --git a/test/results/default/portable_executable.pcap.out b/test/results/default/portable_executable.pcap.out index b1a91fe16..84c7dc39b 100644 --- a/test/results/default/portable_executable.pcap.out +++ b/test/results/default/portable_executable.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598333619339961} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598333619339961} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619339961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333619339961,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619339961,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333619339961,"pkt":"QM4kHluGABxCsmFuCABFAAA0Y\/NAAIAG2sysEGPJQONrRwbEEVy3KsGDAAAAAIAC+vAnTQAAAgQFtAEDAwgBAQQC"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619669445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333619669445,"pkt":"ABxCsmFuQM4kHluGCABFAAA0AABAADAGjsBA42tHrBBjyRFcBsRoGQadtyrBhIASchBCMwAAAgQE6AEBBAIBAwMH"} @@ -12,11 +12,11 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1598333691208416,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1598333691208416,"pkt":"ABxCyWFDQM4kHluGCABFAgAs9u9AADAGmJVA42tHrBBjCgA1wfTp\/DSxRxCtilAYAOXYewAAQ7ACAA=="} 02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1598333691210768,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"thread_ts_usec":1598333691210768,"pkt":"ABxCyWFDQM4kHluGCABFAgUQ9vBAADAGk7BA42tHrBBjCgA1wfTp\/DS1RxCtilAQAOVQQgAATVroAAAAAFtSRVWJ5YHD1kIAAP\/TgcMjaQIAiTtTagRQ\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAC7RahV\/yTGBv8kxgb\/JMYGuXUnBtskxga5dRkG6CTGBrl1JgZ8JMYG\/yTHBj0kxgb2XFUG7iTGBvZcRQb+JMYG8nYZBv4kxgbydiYG4yTGBvJ2Ggb+JMYG8nYYBv4kxgZSaWNo\/yTGBgAAAAAAAAAAAAAAAAAAAABQRQAATAEEADau9l4AAAAAAAAAAOAAAiELAQwAAPYBAADqAAAAAAAAFTkBAAAQAAAAEAIAAAAAEAAQAAAAAgAABQAAAAAAAAAEAAAAAAAAAAAQAwAABAAAcyQDAAIAAAEAABAAABAAAAAAEAAAEAAAAAAAABAAAADwVwIAVQAAAEhYAgC0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPACAFAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBTAgBAAAAAAAAAAAAAAAAAEAIA9AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAATPUBAAAQAAAA9gEAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAKpYAAAAEAIAAFoAAAD6AQAAAAAAAAAAAAAAAABAAABALmRhdGEAAABkdwAAAHACAABAAAAAVAIAAAAAAAAAAAAAAAAAQAAAwC5yZWxvYwAAUBcAAADwAgAAGAAAAJQCAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7FaLdQhXM\/85PnQXi8ZQ6DwAAABHacekAAAAWQPGgzgAdetfXl3DVYvsVot1CFcz\/zk+dBeLxlDoaQAAAEdpx6QAAABZA8aDOAB1619eXcNVi+xWV7+kAAAAV+h15gAAi\/BZhfZ1BWoIWOs2V\/91CFbo+OYAAKGgrgIQg8QMhcB0C4mwoAAAAKGgrgIQg6agAAAAAImGnAAAADPAiTWgrgIQX15dw1WL7FNWizWgrgIQu5AEAABXM\/\/rGotFCP82\/zDo9+wAAFlZhcB0Dov+i7acAAAAhfZ14uswi4acAAAAhf90CIk="} 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1598333691210789,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"thread_ts_usec":1598333691210789,"pkt":"ABxCyWFDQM4kHluGCABFAgUQ9vFAADAGk69A42tHrBBjCgA1wfTp\/DmdRxCtilAQAOWiWwAAh5wAAADrBaOgrgIQi4acAAAAhcB0Bom4oAAAAFboleUAAFkz219ei8NbXcPrGmoA\/zWkrgIQ6LM5AABZWYXAdAdQ6BOOAABZ\/zWkrgIQ6HI5AABZhcB11sNVi+yD7BBXi30MjUXwUGgBAAEAV8dF\/AEAAADoASoAAIPEDIXAD4WyAAAAU1aLdfhW6FYDAABWi9jolgMAAIvwWVmF23U1hfZ1QlfobiUAAFk5Xyx0EmoyaAQAAgBQ6E4nAACDxAzrc1D\/dQhqMujnKwAAV+j4JQAA611XU+hpAAAAWVmFwHVChfZ0DVdW6FgAAABZWYXAdTGDfywAdStqCOjw5AAAUFf\/dQiJGGgREwAQiXAE6E6MAACDxBSFwHQaUOjqjAAAWesRV\/91CFZT6I0BAACJRfyDxBBeW4tF\/F+L5V3DM8DDM8DDVYvs\/3UM6PIoAAAz0lmLTQgrwnQUSHQIg+gJdAxIdQU5UVR1CTPAXcM5UQh08jPAQF3DVYvsg+wUVlf\/dQzouigAAFkzyYv5g\/gBdA2D+At0CItFCIPABOsGi0UIg8BQiUX8i\/GNReyJTfhQUVHrXoX\/dWmLRfyLQEiFwHQTJf\/\/\/w878HUK98YAAAAQdE4z9o1F7FD\/dQzocSgAAFlZPQAAAQB1GY1F7FDoLSgAAFmFwHQLi0X8aldfO3BIch6LRfiNTexRRkBqAIlF+FD\/dQzooygAAIPEEIXAdJOLx19ei+Vdw1WL7FaLdQiF9nUFagZY631Ti14Qhdt1BGoG6wyLRhSJRQiFwHUFag1Y62FXi34Yhf91BGoN6xmhpK4CEIXAdRPo0TYAAKOkrgIQhcB1BWoGWOs4VlDoAjgAAP91CFP\/dwT\/N+gqAAAAVv81pK4CEOjxNwAAg8QghcB0B1bozosAAFlX6AbjAABZM8BfW15dwgQAaihoYFQCEOih6gAAx0XkAQAAAItFCIlF1ItFDIlF2INl\/AAz24t1FIld4IP7Ag+DkwAAAIt8ndSF\/w+EgQAAAItFEItIIDlIHHQHUf8VSBACEFZX6GP+\/\/9ZWYXAdWJW6CEnAABZiUXci8iD6QB0G0l0CIPpCXQTSXVGi0dUhcB1EFb\/dRD\/V1DrMYtHCIXAdCONTQhRVv91EP\/Qg8QMhcB0C4N95AB0BTPAQOsCM8CJReTrDFb\/dRD\/VwRZiUUIWUPpYf\/\/\/41FyFBoAgABAFbo6SYAAIPEDItNCIXAD0RN0ItF3IP4AXQFg\/gLdRGFyXQNUVb\/dRDoxSoAAIPEDINN\/P\/rDjPAQMOLZeiDTfz\/i3UUg34sAHUHVujvIgAAWYtF5Oi\/6QAAw1WL7FYz9lc5NRBwAhB0Kb8QcAIQi8f\/dQj\/MOjT6AAAWVmFwHQYRmnGpAAAAI2AEHACEIM4AHXeM8BfXl3DacakAAAAA8fr8lWL7FaLNaCuAhDrFv91CP826JXoAABZWYXAdA+LtpwAAACF9nXmM8BeXcOLxuv5VYvsahBqAehx6gAAWVmLTQyJAYXAdQVqDlhdw4tFCMcAEAAAADPAXcNVi+yB7DAEAACDZfwAU1aLdQxXaK8BAQBWx0XsCAAAAOhbJgAAaLIBAgBWi9jolyYAAIv4aLEBAgBWiX3o6IcmAABotwECAFaJRfDoeSYAAGi4AQIAVolF+OhrJgAAg8Qoi8g="} -01107{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":11,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333620073445,"flow_dst_last_pkt_time":1598333620073297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1256,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":11308,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01180{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":11,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333620073445,"flow_dst_last_pkt_time":1598333620073297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1256,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":11308,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"DigitalOcean","proto_id":"442","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":11,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333620073445,"flow_dst_last_pkt_time":1598333620073297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1256,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":11308,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01301{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} +01308{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22616,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1598333691211662} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22616,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1598333691211662} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915149 bytes -~~ total memory freed........: 6915149 bytes -~~ total allocations/frees...: 114186/114186 +~~ total memory allocated....: 7492745 bytes +~~ total memory freed........: 7492745 bytes +~~ total allocations/frees...: 125917/125917 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2264 chars diff --git a/test/results/default/pptp.pcap.out b/test/results/default/pptp.pcap.out index 1e9c74b52..d6ffba0f4 100644 --- a/test/results/default/pptp.pcap.out +++ b/test/results/default/pptp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1451895531141577} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1451895531141577} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531141577,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531141577,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531183155,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="} @@ -8,7 +8,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531183451,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531235075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1451895531235075,"pkt":"0N+aZRdHAhoR+E9+CABFUAA0Q8NAAPwGUou\/ZT0BwKgrFga7oZZ1tjA5flC3IYAQEDJHpQAAAQEICgu3qyIAB\/ws"} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895536574011,"flow_dst_last_pkt_time":1451895536573938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1451895536574011,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1451895536574011} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1451895536574011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910381 bytes -~~ total memory freed........: 6910381 bytes -~~ total allocations/frees...: 114163/114163 +~~ total memory allocated....: 7487977 bytes +~~ total memory freed........: 7487977 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 970 chars diff --git a/test/results/default/profinet-io-le.pcap.out b/test/results/default/profinet-io-le.pcap.out index 112eb8c97..a2979ed99 100644 --- a/test/results/default/profinet-io-le.pcap.out +++ b/test/results/default/profinet-io-le.pcap.out @@ -1,11 +1,11 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1287088627587076} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1287088627587076} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1287088627587076,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1287088627587076,"pkt":"AAmRRCAXAJAnTuP8CABFAADAsogAAIARcnoKCgCWCgoAgQYeiJQArGiVBAAIABAAAAAAAKDel2zREYJxAAEAAwFaAQCg3pds0RGCcQCgJELffduruuwdAFRDslALAWMKuv0AAAAAAQAAAAAAAAAFAP\/\/\/\/9UAAAAAABAgAAAQAAAAECAAAAAAAAAQAAAAAAJADwBAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD4QAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1287088627587076,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627589136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":310,"pkt_l4_len":276,"thread_ts_usec":1287088627589136,"pkt":"AJAnTuP8AAmRRCAXCABFAAEoAAwAAEARZI8KCgCBCgoAloiUBh4BFETGBAIoABAAAAAAAKDel2zREYJxAAEAAwFaAQCg3pds0RGCcQCgJELffduruuwdAFRDslALAWMKuv0BAAAAAQAAAAAAAAAFAP\/\/\/\/+8AAAAAAAAAAAAqAAAAECAAAAAAAAAqAAAAIAJADwBAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD4QAAAAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAsAQAAAQAAAAAAAgAAAAAAAQACAAEAAAABAAP\/\/wEKAAH\/\/4FAAAEAAf\/\/gUAAMQAYAQAAAQAAAAAAAQAB\/\/+BQAABAAH\/\/4FAADIAGAEAAAEAAAAAAAEAAAAAAAEAAQABAAAAAQ=="} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627589136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":268,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":268,"midstream":0,"thread_ts_usec":1287088627589136,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":432,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1287088627589136} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":432,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1287088627589136} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485288 bytes +~~ total memory freed........: 7485288 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 624 chars ~~ json message max len.......: 1133 chars diff --git a/test/results/default/protobuf.pcap.out b/test/results/default/protobuf.pcap.out index c55c04b20..559ae7a3d 100644 --- a/test/results/default/protobuf.pcap.out +++ b/test/results/default/protobuf.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1698073727888861} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1698073727888861} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888861,"pkt":"AAAAAAAAAAAAAAAACABFAAA03e5AAJAGDtN\/AAABfwAAAcyoMDkdqwhsAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888873,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJAG7MF\/AAABfwAAATA5zKjehuu5HasIbYAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -7,7 +7,7 @@ 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1698073727888912,"pkt":"AAAAAAAAAAAAAAAACABFAABs3fBAAJAGDpl\/AAABfwAAAcyoMDkdqwht3obrulAYAgD+YAAAEgNibGEiCQgBEgV0ZXN0MSIJCAISBXRlc3QyIgkIAxIFdGVzdDMt8yOnRDHnHafoiOSUQDikA0IIQUFBQUJCQkJYAwo="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698073727888919,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6hdAAJAGArZ\/AAABfwAAATA5zKjehuu6HasIsVAQAgD+HAAA"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1698080984189366} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1698080984189366} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189366,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189366,"pkt":"AAAAAAAAAAAAAAAACABFAAA0LOBAAIIGzeF\/AAABfwAAAcngMDmHrWfCAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189379,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIIG+sF\/AAABfwAAATA5yeDA+8keh61nw4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -16,7 +16,7 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1698080984189428,"flow_dst_last_pkt_time":1698080984189436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698080984189436,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6alAAIIGESR\/AAABfwAAATA5yeDA+8kfh61n1VAQAgD+HAAA"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073797890442,"flow_dst_last_pkt_time":1698073797890423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081014189987,"flow_dst_last_pkt_time":1698081004189871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081014189987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1698081882092605} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1698081882092605} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092605,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092605,"pkt":"AAAAAAAAAAAAAAAACABFAAA0\/YtAAMEGvjV\/AAABfwAAAZtqMDmCwWFGAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092621,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAMEGu8F\/AAABfwAAATA5m2rz+Zn5gsFhR4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -25,7 +25,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698081882092697,"pkt":"AAAAAAAAAAAAAAAACABFAAAo\/YRAAMEGvkh\/AAABfwAAATA5m2rz+Zn6gsFjbVAQAfz+HAAA"} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081034190396,"flow_dst_last_pkt_time":1698081034190368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1698083246943488} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1698083246943488} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943488,"pkt":"AAAAAAAAAAAAAAAACABFAAA04rBAAJwG\/hB\/AAABfwAAAaV2MDmpa4jnAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943511,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJwG4MF\/AAABfwAAATA5pXZXI6mhqWuI6IAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -34,7 +34,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943596,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698083246943613,"pkt":"AAAAAAAAAAAAAAAACABFAAAoxGZAAJwGHGd\/AAABfwAAATA5pXZXI6miqWuJK1AQAgD+HAAA"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081892093087,"flow_dst_last_pkt_time":1698081892093022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943712,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1698349716647378} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1698349716647378} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349716647378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647378,"pkt":"AAAAAAAAAAAAAAAACABFAAA0QzZAAKkGkIt\/AAABfwAAAeaWMDkAqb1mAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647390,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAKkG08F\/AAABfwAAATA55pYXbk5qAKm9Z4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -44,7 +44,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1698349716647435,"flow_dst_last_pkt_time":1698349716647442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698349716647442,"pkt":"AAAAAAAAAAAAAAAACABFAAAoZpdAAKkGbTZ\/AAABfwAAATA55pYXbk5rAKm9xlAQAf\/+HAAA"} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349719647622,"flow_dst_last_pkt_time":1698349719647600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943712,"flow_dst_last_pkt_time":1698083246943682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1698349719647622} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":47,"global_ts_usec":1698349719647622} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929238 bytes -~~ total memory freed........: 6929238 bytes -~~ total allocations/frees...: 114251/114251 +~~ total memory allocated....: 7506834 bytes +~~ total memory freed........: 7506834 bytes +~~ total allocations/frees...: 125982/125982 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1312 chars diff --git a/test/results/default/protonvpn.pcap.out b/test/results/default/protonvpn.pcap.out index ba4a11fda..ab4d19fa1 100644 --- a/test/results/default/protonvpn.pcap.out +++ b/test/results/default/protonvpn.pcap.out @@ -1,13 +1,13 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00742{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":34930679,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34930679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":34930679,"pkt":"UlQAEjUCCAAns+YuCABFAAA8D8BAAEAGxbkKAAIPuZ+flJOyAbvBn1OFAAAAAKAC+vAjGgAAAgQFtAQCCAq0w2VcAAAAAAEDAwc="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":34952976,"pkt":"CAAns+YuUlQAEjUCCABFAAAsACQAAEAGFWa5n5+UCgACDwG7k7IAC7gBwZ9ThmAS\/\/\/QMwAAAgQFtA=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":34953293,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":34953293,"pkt":"UlQAEjUCCAAns+YuCABFAAAoD8FAAEAGxcwKAAIPuZ+flJOyAbvBn1OGAAu4AlAQ+vDs\/wAAAAAAAAAA"} 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":34954359,"pkt":"UlQAEjUCCAAns+YuCABFAADeD8JAAEAGxRUKAAIPuZ+flJOyAbvBn1OGAAu4AlAY+vCpEwAAFgMBALEBAACtAwN9l3wt5B01QIFRM8RNwrPTEHye7EdIkYl0bFSfzfNN6QAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGz\/AQABAAAAABYAFAAAEXZwbi1hcGkucHJvdG9uLm1lABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} -01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34954359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34954359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34954468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":34954468,"pkt":"CAAns+YuUlQAEjUCCABFAAAoACUAAEAGFWm5n5+UCgACDwG7k7IAC7gCwZ9UPFAQ\/\/\/nOgAA"} -01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34976282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":34976282,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01610{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":34930679,"flow_src_last_pkt_time":34976622,"flow_dst_last_pkt_time":34980000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":5495,"midstream":0,"thread_ts_usec":34980000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","server_names":"*.pr.tn,*.proton.me,*.storage.proton.me,pr.tn,proton.me","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=R3","subjectDN":"CN=proton.me","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AC:31:4E:05:15:6C:29:0B:D7:4F:31:3D:DE:CA:0F:C8:FF:E9:C6:4D","blocks":0}}} +01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34976282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":34976282,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":34930679,"flow_src_last_pkt_time":34976622,"flow_dst_last_pkt_time":34980000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":5495,"midstream":0,"thread_ts_usec":34980000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","server_names":"*.pr.tn,*.proton.me,*.storage.proton.me,pr.tn,proton.me","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=R3","subjectDN":"CN=proton.me","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AC:31:4E:05:15:6C:29:0B:D7:4F:31:3D:DE:CA:0F:C8:FF:E9:C6:4D","blocks":0}}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":50897445,"flow_src_last_pkt_time":50897445,"flow_dst_last_pkt_time":50897445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":50897445,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":50897445,"flow_dst_last_pkt_time":50897445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":50897445,"pkt":"UlQAEjUCCAAns+YuCABFAACwggJAAEARz8gKAAIP2RcDTOFlAbsAnDPzAQAAAJBDFkxxQ+W6EOeDrsFmV59cj6HNKPBVRgi4GprZiC5m8UZ6Iq+WTWs4Uki2GBpJ1FQLblGrXMpQlYNmPC8j4UNvqi+zo8bJVELCOKbzsH+GppmpvbrCk16DfPPSG+c6vFFgF1DQRaCzOZteKYZkLN6M7DJbWzTn8pp6q3r7y0s4AAAAAAAAAAAAAAAAAAAAAA=="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":50897445,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":50921032,"pkt":"CAAns+YuUlQAEjUCCABFAAB4Aj4AAEARj8XZFwNMCgACDwG74WUAZOBaAgAAAFqA0k6QQxZMJ9RXnE+Y5cqOJ7ViEm8fIe3zOE9hMTUEIE3pvJRNCgngw86WWgQPM+GHW682pdEs\/jXe5jKkpRp6aY27MOujigAAAAAAAAAAAAAAAAAAAAA="} @@ -15,14 +15,14 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":50921855,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":50921855,"pkt":"UlQAEjUCCAAns+YuCABFAAA8ggNAAEAR0DsKAAIP2RcDTOFlAbsAKDHlBAAAAFqA0k4AAAAAAAAAALO1qui1E3gr64yba6DzHY0="} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":50923026,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50923026,"pkt":"UlQAEjUCCAAns+YuCABFAACMggRAAEARz+oKAAIP2RcDTOFlAbsAeC0gBAAAAFqA0k4BAAAAAAAAAF4\/Rs\/bZ5rJgjR49A7fwbBmyr\/63WBJDwuVnzl4A4pXfnPOZYLKRVrAFPmUTxZtFFUY\/ygw5snpyOqRAP6xav5VAHNARAiOiRt60FdTFozGozRICRBukHLcFDs4iULCdA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":50926430,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50926430,"pkt":"UlQAEjUCCAAns+YuCABFAACMggdAAEARz+cKAAIP2RcDTOFlAbsAeBOmBAAAAFqA0k4CAAAAAAAAAD+yacW+Jee9sR0ypoOh8MaQ9gxbsztxJ2kZqazGAeL5NW1pKQLnHbPaHw3gPyLDD2rfIVvAXcZtIMwiZTZxrxOlD0VgEqedFRP3HFFojGTkub8sZpeXm7iOxsEEbnhzOQ=="} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690392292895682,"pkt":"ILAB6wYYNObX3kTiCABFAAA8lQ9AAEAGoh8COvFDCAgICJNOAbuMC89NAAAAAKAC+vAL\/QAAAgQFtAQCCApqQ+LfAAAAAAEDAwc="} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":34930679,"flow_src_last_pkt_time":35025668,"flow_dst_last_pkt_time":35025741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":5847,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01152{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"45": {"risk":"Anonymous Subscriber","severity":"Medium","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":50897445,"flow_src_last_pkt_time":50986726,"flow_dst_last_pkt_time":50986365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":604,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -31,10 +31,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6930282 bytes -~~ total memory freed........: 6930282 bytes -~~ total allocations/frees...: 114219/114219 +~~ total memory allocated....: 7507878 bytes +~~ total memory freed........: 7507878 bytes +~~ total allocations/frees...: 125950/125950 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 510 chars -~~ json message max len.......: 1615 chars -~~ json message avg len.......: 1061 chars +~~ json message max len.......: 1574 chars +~~ json message avg len.......: 1041 chars diff --git a/test/results/default/psiphon3.pcap.out b/test/results/default/psiphon3.pcap.out index 2b5332595..e4d86456d 100644 --- a/test/results/default/psiphon3.pcap.out +++ b/test/results/default/psiphon3.pcap.out @@ -1,17 +1,17 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613865079123029} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613865079123029} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079123029,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079123029,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079129032,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1613865079140404,"pkt":"RQAANAAAQAA8Bn3kaBKXvsCoAGcBu55t3jKOvkIuAxWAEv\/\/W\/0AAAIEBXgBAQQCAQMDCg=="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1613865079140404,"pkt":"RQAANAAAQAA8Bn3kaBKXvsCoAGcBu55t3jKOvkIuAxWAEv\/\/W\/0AAAIEBXgBAQQCAQMDCg=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1613865079143404,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1613865079143404,"pkt":"RQAAKJ+LQABABtpkwKgAZ2gSl76ebQG7Qi4DFd4yjr9QEACsm+oAAA=="} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079143404,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079143404,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"2d703033628575a99d44820c43b84876","ja3s":"","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01496{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01812{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":2422,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079143404,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079143404,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01455{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01771{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":2422,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C","blocks":0}}} 02386{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079254264,"flow_dst_last_pkt_time":1613865079202653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2038,"flow_dst_tot_l4_payload_len":5498,"midstream":0,"thread_ts_usec":1613865079254264,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6801.9,"max":46102,"stddev":10684.6,"var":114161304.0,"ent":3.6,"data": [6003,17375,0,14372,0,0,998,15961,7000,4998,0,0,3002,27963,1997,2998,1002,0,7002,25852,0,1389,0,0,4047,20760,1037,46102,1001,0,0]},"pktlen": {"min":40,"avg":277.5,"max":1500,"stddev":421.9,"var":177964.3,"ent":3.8,"data": [60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048]},"bins": {"c_to_s": [10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0],"entropies": [4.559092522,4.559092522,4.801308632,4.801308632,4.780641556,5.412927151,4.780641556,5.412927151,4.780641079,4.780641079,6.953819275,7.189953327,6.953819275,7.189953327,4.780641556,4.780641556,4.780641556,4.780641556,5.944580555,5.944580555,4.780641079,4.780641079,7.039272308,5.966729164,7.039272308,5.966729164,4.730641365,4.730641365,6.272472382,7.310267448,5.370555401,7.811244488]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079845431,"flow_dst_last_pkt_time":1613865079841273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3700,"flow_dst_tot_l4_payload_len":5574,"midstream":0,"thread_ts_usec":1613865079845431,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1613865079845431} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1613865079845431} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 62/62 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916159 bytes -~~ total memory freed........: 6916159 bytes -~~ total allocations/frees...: 114212/114212 +~~ total memory allocated....: 7493755 bytes +~~ total memory freed........: 7493755 bytes +~~ total allocations/frees...: 125943/125943 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 514 chars ~~ json message max len.......: 2391 chars -~~ json message avg len.......: 1400 chars +~~ json message avg len.......: 1398 chars diff --git a/test/results/default/ptpv2.pcap.out b/test/results/default/ptpv2.pcap.out index a13115bd9..a5a0a98cf 100644 --- a/test/results/default/ptpv2.pcap.out +++ b/test/results/default/ptpv2.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1316198630678965} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1316198630678965} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198630678965,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":118,"pkt_l4_len":64,"thread_ts_usec":1316198630678965,"pkt":"ALCuAfkhACCUAAANht1gMAAAAEAR\/\/6AAAAAAAAAAAAAIJQAAA3+gAAAAAAAAAKwrv\/+AfkhAUABQABAaE4MAgA2AAAEAAAAAAAAAAAAAAAAAAAglP\/+AAANAAEAAQX\/\/\/\/\/\/\/\/\/\/\/\/\/\/wAEAAawAAAAASwAAA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198630678965,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -20,7 +20,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198631064912,"flow_src_last_pkt_time":1316198631064912,"flow_dst_last_pkt_time":1316198631064912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::2b0:aeff:fe01:f921","dst_ip":"fe80::20:9400:d","src_port":319,"dst_port":319,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1316198630878946,"flow_src_last_pkt_time":1316198630986113,"flow_dst_last_pkt_time":1316198630878946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::20:9400:e","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630939923,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":408,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1316198631064912} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1316198631064912} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912779 bytes -~~ total memory freed........: 6912779 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7490375 bytes +~~ total memory freed........: 7490375 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 606 chars ~~ json message max len.......: 981 chars diff --git a/test/results/default/punycode-idn.pcap.out b/test/results/default/punycode-idn.pcap.out index f1c44120e..a8bd9c957 100644 --- a/test/results/default/punycode-idn.pcap.out +++ b/test/results/default/punycode-idn.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643874953669881} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643874953669881} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1643874953669881,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","proto_id":"5.156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"i.scdn.co","domainame":"i.scdn.co","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -21,7 +21,7 @@ 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953689789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","proto_id":"5.156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"i.scdn.co"}} 01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1643874961730191,"flow_src_last_pkt_time":1643874962305077,"flow_dst_last_pkt_time":1643874962304897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":711,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":711,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.love.xn--55qx5d"}} 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953695008,"flow_src_last_pkt_time":1643874953695008,"flow_dst_last_pkt_time":1643874953696562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643874962305077} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643874962305077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912990 bytes -~~ total memory freed........: 6912990 bytes -~~ total allocations/frees...: 114183/114183 +~~ total memory allocated....: 7490606 bytes +~~ total memory freed........: 7490606 bytes +~~ total allocations/frees...: 125915/125915 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 1333 chars diff --git a/test/results/default/quic-23.pcap.out b/test/results/default/quic-23.pcap.out index 05e09fa0c..a87cd1c02 100644 --- a/test/results/default/quic-23.pcap.out +++ b/test/results/default/quic-23.pcap.out @@ -1,14 +1,14 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568282515655367} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568282515655367} 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02277{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_usec":1568282515655367,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org","domainame":"quic.aiortc.org","quic": {"quic_version":"Draft-23","tls": {"version":"TLSv1.3","ja3":"d9e7bdb15af8e499820ca74a68affd78","ja3s":"","ja4":"q13d0308h3_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-22","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org","domainame":"quic.aiortc.org","quic": {"quic_version":"Draft-23","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0308h3_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-22","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02273{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515692122,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_usec":1568282515692122,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNBQgRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowUIuNfA\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtABAtpp6lo422zhpwEmkM9jMJwXgbUjN1owR7TPZ1JXY0x3to1D6g0dAafVV30k+fGVC\/0C4Lnu2sLDcx8bF+ojnk3GSUQTIdHu8ZX\/oVbrFn8IuIOJ3OaMKQNh30NDOQmduQ87svdAwpsnJ5RCWJgsXaKkJYeNxtTrcf\/UMkEEGwqmH7iXERiPPP6YaygHazOGgvsi3IgRqxtSyogodVJFIEF7\/I\/hK4c4fV\/Fp6TOnZq7yPU8RHUGd6f8AABcI3GVpHcc1qnMIRXPGBLrjR7REF+M5klzW6SVGEmXEZf3SgmWO3YJGZMJzHMMmsHpZMJuleNbNpwTfLHRv+w8U8jTxrick9JoK2C0BLjMMU4lyZBfsOtqy8CVjK71G6biWjirvwKveDUbbdnabD6oNKRkjU10KrpsRv07\/rr3\/DxiYNICA4+aqMz+EOwXWo58jzMZwzCPamN69kB0IxZj8SzHACrAvpI3mhJaTesCVi09n+Vjx8LN1j9+ciB82njpNGQqupy7Qg1DSJdzbPwEAh71uJyF2iB3iJGpO+cy2cML4KVvm81IPGXCiOmV58o3v5\/zmODjNmo2sfVOW9wf6PkvwpMzRrLhfpb7g\/8GFhwl4Yw4+ghn0eekbQWZnpZKkF4+ktWY8mTGVecRfIhXVpZaHrV6+jU8BF4DL68+dkgY\/AI15OZZ52IXevPDJv5nQvF4MBVYN4PDEtox+qpac1LTHNAeqQxSa69g15gLUO1TxuS1ywL2AY+BTIWioy9hE61HxGs\/ZqgzZK9mcRJcA1dvWBNaIUiSpdORjz8n0pKG8K\/4ou3pHJN8tLdmk66Qlvhq4T7hwQDIwVgb9q3keP6FrYLSeg\/J0qh+c2s9xPzmAsIVg9ZVDDHWX3Bcun6KxexZ4flHGnhxx5gihdcmy838IeEFcy7du2wwafPbat0Jj+jGrpEh+yIEM+DtfZqs9yQEdy\/MqTQFZpt+aZuMVHvsRxgp9ckGC0lTv66FWbXDl0UazKFBVhBALr2J0iQx9RaI2aenslg1ZNK4Bc+Cb91EVBWrZM10MM25SZ+fC29ATKbXKDxWyuH+nM3ACeSqc9x6e7lODjH2H79xEPA8nXIZozszF8WDBA9K6wgnma97DIVxV4gV9QTaSzRRZf7GOTqGIfycjVC4dW+EtiHjVND4FWrZia3IFSniSe\/c6Z8zy01Y4U7isxhUZE84FRn4gZ+V\/LlAqURAOifpcMdrbloG+azDOECnPpupOebIuXwWz7aOW1fuY\/H1I+R4NtFDR8J3Xw+payk7QhXdsFx5GWInJP3dTMaCf7cVsQwH9u0KYAcwhL8Cwh+DnwFPiuH4IialTTqxwU\/T+06FOuOrMPq+bKnPZ5FwJAgHNilWYjP7NfZyL47Oq9aVGecGeTMEVn1UOO1QiFCmqyGvATws+6y3jOAqvQGQaZwrrHaE+V+KOl6f9J9WMLa6SkuWVKt++KVL5CFRWylgx+1d9Uek8ct9jA8ZlmfNzZ9cA+5HqJ1DeuTlGJqOlBCtnXfinCTal7z1JN5uB10EcGFFvKfAbK7xwlVGsEn6XXUBj0DLCMr40cur5GW3A0wuiby+nlkq7AslBw7l3uUqOibKhCVQJrTyCrMLKjl7uaVf6toOqyI\/5H1Aamf9JQmaiBUuE66iZeoeNEFEyhhGDVA=="} 01840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1017,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1017,"pkt_l4_len":963,"thread_ts_usec":1568282515692143,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNA8MRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowPDFkLs\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtEMUyYrBFar3hn3903Wyiwal5ts19EiC\/\/0o403TuQXHzpo07QLjQNsCS6rfVQ9h\/bhZfcPHM1NTnnZdcI\/w+qZX0yTnNRovgdVWw6cVvyMMf\/AR4wKYphPcoUgcwsn7KReOxOm3nR3LYOawLtgN5YWMmql7MzZUW1CzcSjBB+M6TJiRoKw93nPerpbhVcyLUx25I3\/NADqEJnBz21jEouIL682I+IDJYwKoa48yaEr6CLTsyyGj\/lts\/4JjTKWASRBqsw7OY\/PZ+1W1OwDSwb\/PFJvlZQUl\/G5xBYfmg9n3A5KSgPg+AWI0iah3p4kBgWKDCRmgMv5aLdZqf97KuUEYmV3E77OatXFisUIwNgupj2ZBePSzcVFv6BviacQ0eIFnW\/WBQ8G99nQvGQgIVYRbS86l3ozgh4LzmRsw5Qx1M20rfV7sH8J5eDfvoJvM8Kt39vBoA2a\/YDhQooz13TukgVejyLKskuIKc854y2yoygBAiap3h\/2UZI1Hy+ylvot5B+\/VTalIWeEUdzPMUhYFiTMO6\/2d1DRzWkipTCjRPVLHWEScPJdEJ+VMNpVWsin+bWqHvT4BQnmP9jratt0VWOV2ObUqvupTouCJiGV9bM1dHvlMD7MRwtSrbsmRdsKZ3s9ntmpvH57yloY2vd7s1jXD5Tju8J3B+9DUXz6xNltvws\/LFUo2CSsbLQjNtWY3s5dPyf5CxKUWscmwismYbV97k961UCmVvPNlUhdtJ0fKJNxq75eNdsxnG3\/awZI3OuFYwxViRQiZCNMdgzOZGSKYfAy7Lp\/MhmSQ7bAc+NzZptzeI2dGY6EavQ3CQJraclZiH\/R2wGoMhKXvX1vwKDaGVZ6fDICtnupheoKdKLVVe1JbFxgSvP1CvU\/Fz5zvnUrUFgqsCm6EqZc9b0Nx46hJuQ+nXvuD7J3wzTSb4pIdJo3654drX\/so2eyJPJ93U+qbVr7vq7ywwBxcwDyk3BB58zXgOMZkN4mMUtFH32aXAokBlkhQ6f8WPzuTxuiyG3qJM8aRb4I2zN7cmOkjaJPcEMZK3GVpHcc1qnNubgcg9n\/B+tCxShTYqf9BsxGc4HfmCIwhwjiuwdU27nolghC\/g0vijyYzvRU15Q2hMyPcrtTOsXP1UDcSAxAEOHoM9K86QNjMEWUkGPI0wcCBc5w6OEh9AHnk5JwjWpUceKbwoH7jh6GuoflfGRMbCEmAFjB4Wu0Zq5vel1+DIem2Tl+i"} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568282515693812,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":159,"pkt_l4_len":105,"thread_ts_usec":1568282515693812,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AGkRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwBp0e\/G\/wAAFwhFc8YEuuNHtAjcZWkdxzWqcwBAF6fDAMMAJhGASeFDmt2B3PV5oRmlcgvC6v8AABcIRXPGBLrjR7QI3GVpHcc1qnNAF9ROAvn0lqrzo1vnuX+cMCbpFjsj7q4P"} 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568282515696184,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":422,"pkt_l4_len":368,"thread_ts_usec":1568282515696184,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AXARQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwFw4G3t\/wAAFwhFc8YEuuNHtAjcZWkdxzWqc0BPvLjwGAX6prrgTX3a3E9nV\/neLy6f6D1aL4AW7ZFFhtBTGIbvF48hHGdbgiiU81tgt+vmodZ2RG8bv++nz9H+TrtSRG\/V1bZo0rRqEJ6uLXtFc8YEuuNHtHe3YJ2mYY5Kj7VLPlyFWTxVj3D4ynrgMtP+ES8J5hYlasmgbcBjiaeIIGSM78XD0ZetULbmnYcr+261YjWGmgCHllE6ESDqENGKO9\/x6EPOzep5GXe6WsLwnro5QyXOgBT4DvhCB3s2Y5VMa71Sq8ea4xzabidQXJjSHOOoKBNwBetck2ZXZdBc22naoNcPPENdt+s1XW\/6i6FmYBAofaF5GgIdqv6jzc3ryObFofA1sVmUhrut2xxxw\/HgFM3t2fgK4\/Jlix6BDZV98FXGVnpQWoXGUnU7Jf1K1riT2lPHPc9slQktbx5sUNLfGBqV\/vYSeh7Nq1c="} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515734274,"flow_dst_last_pkt_time":1568282515762416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1993,"flow_dst_tot_l4_payload_len":3958,"midstream":0,"thread_ts_usec":1568282515762416,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568282515762416} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1568282515762416} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918375 bytes -~~ total memory freed........: 6918375 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7495971 bytes +~~ total memory freed........: 7495971 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2282 chars diff --git a/test/results/default/quic-24.pcap.out b/test/results/default/quic-24.pcap.out index 78f0b2046..e8baad0d7 100644 --- a/test/results/default/quic-24.pcap.out +++ b/test/results/default/quic-24.pcap.out @@ -1,14 +1,14 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574209133040250} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1574209133040250} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133040250,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","quic": {"quic_version":"Draft-24","tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","ja4":"q13d0512h3_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-24","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","quic": {"quic_version":"Draft-24","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0512h3_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-24","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133041078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1574209133041078,"pkt":"zivom94WClnTQ78JCABFAACjQSNAAEAR5RIKCQACCgkAAQG7odwAjxS18P8AABgR9cNSVpuO+PfYTEePbwr8vNYSuDzEUSnLqX7jSNZH88cG3IWnEimaskmn9Y1GfWhcqSCJTOvPGgt6q75e4Qn+zUFJSyFY0SIiHRpQLjIDBESVGuKc8OTad8PhKZ1BA74OASFH4nOmQVGBciF1MYu4zBXJkM1rI\/zCp6CTKJAyA9IF"} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1574209133041861,"flow_dst_last_pkt_time":1574209133041078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133041861,"pkt":"ClnTQ78Jzivom94WCABFAAUA04tAAEARTk0KCQABCgkAAqHcAbsE7BkSzv8AABgSuDzEUSnLqX7jSNZH88cG3IWnEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURs4UrqJXSOmdlzOQkT83Thm0cw7nGhY1Dqr9WBER804ydL76SsuNgGBxQl7a0HOKMMpAXLx8NIbh0fGKNE2byFJvnpcszX0hTK6rJr5u2g5MPDhCWVAqZWA\/ogTmUNM\/hiTPfQkeihINkuu2xiOaqPKq8sMuQjF678ZOS3GHn+0TKDo1\/YbLwJy\/ZpXJGxt30cfRSaAH1ZjGC\/le3BtTf6Ee25IG79XjyhHYyykWI2qhKWR0WZIipTrVnQ8OQ9VFey3MfNakIGaPPsyV69yfAmkmASAVXFu7Mo6y0Wz\/k+XakzO7FNz+SVS8r\/HampTgbi4jZsv70uNhIa7mA4qtW67mQ4Rtz5mrDrLhqz2cchVuQJJMooj0k2Xmg5SrVAA8L+yguIaKrDD971nuLq358VPAy8fRB724dILFO0lMVCte\/by\/Z5smTmpZsXjBALsYbcl4FVVEwEstKsA+gV11h+TKoi0PysZzUv4Co6O8\/IBnHMvA3aNldZ6T2\/ehbVZg8kV+TWp68hUC2ZNn0WR\/hIHa\/ud6KCIM2HuunHoyDST3M99tIIw9T05lx57290aLBbTURhE0FEw+sGowcXu3C80nVKiDimHMp1c6mqiWhDKZbGOAdpIWwpYqyGb1wbm5oAoXEAR7Mc+jjR0J8zJlFvt86aEVTtTJma3fejOJ3C6CfSBtcEM9aVUQVmL1wf7Fi6TTqbbFA9hnROhk7vqewbhtVmirjNaHoW3nHcl5Ky2MEXCHIhVYecuDZG8tKTrUF\/HFpCaGl9ktkqkasn0g56PGXthtx8q15PYDSjv9yWDxzwqk6QO6Yvxw5QtpcdW836IfXVH9twCWk7tokUrBa+jkGq4sxymyp8HJzlBaLvbaRQuaENeIm3CsGj3g9j2MS5rx5x6bLrNsqG7vyWFoKKK6rqr6vFuCF2irBVzzRdUFclg1SSHgOpaIic+xLUKXq+lZZKiY1RKji5vWjtQKTKYEV029kaxm787YffQ8yTZZB6Hh6BkDWEPJYKpvcHrYxyRBFLQRGWx4ITq5kdTA0MWD1a5s3\/Tz1ghAL0hkcPsti\/Um+kiW+XSNOONWqykERpHTJUdF9XR9VjidFyK82bmGKcNXGpEf6KxiEWWOfrwygEpxaXYc1XPpi+3jqe95\/5QRYGsINOcrD5IkF6QniULDRMMwwkr\/ECjICIiZDSB0yvurV+rIeACZwQwc9BCfZ20PoMtA9Sb0+HvwlI89lLwU1WoQ\/uQFCU2G+iaFma79WKu7nfdJy0UCSpgYk\/WwxenGfaRqde0duIKqJ4VQR7DQ\/1P+Fdg7iOLJglPQ16bgg\/VS+HMi5ElBV9H43KK0X9+d\/wx6yTnUwB9LBosIDE739HoREBuU9qFyhmlmKq9iiXdK9S72zzDVpgLdZ5NTJCzLKyehhNiJq3WHWlmpoiXXclIQS2qvLhF3s8CmoQTCIFD2YwbMLNLc3NR5kX4hROEBrWwC9+79LiHN5YezdiHlgZ3UHXQ0QcCITAtA=="} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1574209133041861,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1574209133046090,"pkt":"zivom94WClnTQ78JCABFAACaQSRAAEAR5RoKCQACCgkAAQG7odwAhhSswv8AABgR9cNSVpuO+PfYTEePbwr8vNYS4JjP5xnPhXULMwsGez9pmn\/bAEBR7JWFbqBk4i5AJ7l7qSlE+tX2yrubmhFzRlx21yBiPVDLnRsXzX9MvNztVp29bxmR1P08S3NdkCTmJvy4iWq\/7WRG5bc9bbtXoIExxVobW\/gF"} 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574209133047397,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133047397,"pkt":"ClnTQ78Jzivom94WCABFAAUA041AAEARTksKCQABCgkAAqHcAbsE7BkSzf8AABgS4JjP5xnPhXULMwsGez9pmn\/bEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURsHHBv+mMkgMKbL1L8HaaigAV7t4eD5XPruskWTZTpFm1h9Cm3DzPxeQvTSEwHtDrEOpz6YFy82UDJYYLzV8itjsSuAl3BN2XPA7e06ZEWotlL9Br9TZWw4p83NDVQGkChBgIL6f1nIN2ojZvrHvpzk0MfCiu\/boqXdpIsBERYdwXRPlbEhxdUMcMYA7eh8N4TKuC9HmChlfkHaTI9GkWRyMAMzxtZMhCl3LoimMkhWCfqmVgDVhtz4Dif9R3RkIY9hzuUCMKU7oaOOUiDfZuxIU3WloNXp8o12YBXza0fzRQpYGqa7piZ7PVUXOGcUM\/cFuqscmeLVQOsoy4i4CGC+MSSW43OpT+j2aHawId4E4DeDRugsomOlKszLuMP4ykA2XzxEcbZMu330eInLeApkaX+snpful9w18f09BHmkH10HjWW+o+8oFuEG0J2hwlJ3TmZuH+IBwCzohntVbymn7aQKhoP0MV8t5fXtaD3vzu3igqOoz64Q+7\/Sx9TpI8jZHMY5bI6Kx+leY4ybxXsUaY9q0gvlZcgyTiYn8SSRvRZMXNcQW2xksYLy8WttjxWgRkmFmsQrwrmI+8rN1prhvjqtq9svG38UVICHD+O9YB6LgA6f2DnN5DLokrYt0c0SwvSqZm2zBXMqoCDF3Mvxf5duIyZR8amJWjBMoLkZN+I+jb+DRrnFUITzuCvlxJQBLZbBvmXcpD7KXKyeyqlEx5yPFydiu3Ptcszr+5KTMkbP82kPXV\/bjI4L9oBErJhJCans3wo72EkAcuKLd6CCThJXE7Eh\/LDUjZHt\/8eNb7S3jzPF8xwguDIHq5S3aAjhS3QICFDHNn54BjdvvO5iW7zqJCZLSz3CwZ1+MRXms7+nxM12o9227S7LvP9CKQt3pRuzfLorLdpjg9GKs8caLZS\/zPBPaxxYsAkVs\/TxyqkBKa+anVJ99dxXNbDJQmTbQiadhbUe5CTXS5up1QYApDHCBfC0uOVL5lGIcrbl3PMnI1Dz2NdmW84pfg6c+eP0VFTKo0ia+JMYIRzTujqTSk0FE2waqFp3fDr8Hyu8mFx9hmtHgkYMyRj0Bt4LlwBJ79sxjVaEgTqHIx9xF9TjPLkAQXWiLTUTtZO41N3FxjyHC7iUvDol\/CotNpvZxVVNzqh35++58kx3dGzWg7RNObbhbgYckZgts8lfGtJHdaWCmm68Pkjb25Blv1HmPokRC5N98vgYvduuuS7fDGGlvtjz\/JIS10RWkuAlJb\/TeU30L5OeUDpr4zmcBbCs18tprlmixC6jVnlsoejFSyGESEQ56JY+Y6YELlJh011Icv+\/BxJXul2kP65qokwiQy6MoaIpxYelTFp5PRef54cjqcJi3DU8ahYYjMd+pFAh\/vGQ66+sQubQDPeRB01N5+3eG5Zyh2ZkNxzZLSsfMGkHSVTT3SqZ+mT2IOgPbQy8Y2nObPD5adavrO8MXO+JeqH6a5Ct3KlMPOBt4e134vezowr\/x2Ai2BFLL0Buw=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209163081103,"flow_dst_last_pkt_time":1574209133073692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4378,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1574209163081103,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574209163081103} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1574209163081103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918156 bytes -~~ total memory freed........: 6918156 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7495752 bytes +~~ total memory freed........: 7495752 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2215 chars diff --git a/test/results/default/quic-27.pcap.out b/test/results/default/quic-27.pcap.out index 606641584..0f055e96c 100644 --- a/test/results/default/quic-27.pcap.out +++ b/test/results/default/quic-27.pcap.out @@ -1,14 +1,14 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388075915836} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388075915836} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075915836,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"} -01388{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","quic": {"user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","quic_version":"Draft-27","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-27","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","quic": {"quic_version":"Draft-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-27","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075921678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075921678,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6\/nTM\/wAAGwAIe6d1Co879VYARSBTj79W6cwNvYIa4eRJRqYVEF\/FFQs4\/YFJNsPxXKvEgdRDTO3utbDdVpsr9xE5Fa\/TpG177HOYaSrCAz5Jo2+BV5oFjmMd9bTEkWInl1UOdHKW2niDF5nMaLe02aYd0mp25Hmgx4h+P4ZNUU2g7lMQwO8oh5pyFwebO4ynZaVfKfuvlderCYi9W3A+nCI5swIBOg\/\/GR\/eRpRy+l1xUDMEIkXKJ9xm\/36tgV9mPj+QnGLik9ENPu+ZN+Me0EJ5sHt5U9N9HC21bIxbx2522Px9RzM8EV5k0bNaVeSUX6Kx86PSOGKlOzKToSyBuVcP\/8Y\/pj31FFMn4jXKSKIZkR4jdHKqC8A0U8JWz+lo5qygK0a0s0j3vnz5UfxKqxBqYcCTRyIv0ihPq9lNS2XBnJHxjyGSIIPIjQ8xsASU2vSfjgEk5w8+ci+un+2IlNQ9pkFNXyipoW9wTbokYSnOTxLk6sFfH3dsyfqGWWE1tcdt7fy7oyiEsvZGRhn\/L+h2S5jSKsdHx7NdNgIdO39fvhXOA8HjSqb3VALAtyj6ehundx3BZcRNfsuUa5ZwC219uau0CpTuX2Tcg4sLjnvZG2Lvryln9pXYVKexJ7M82YgjmrH3wKorHuQt5fR9o7MWyn4djeqsrjK1KyRTCzgfjFDh3HyEU84LAmn6y\/vAo6GV5tlhx7mhZNMKhoPxPwLQjI9LlPc\/eMbJSDiPSdtQN0Aka6OS5JgFtfkS4GGEZrqH3Wmy218ogEMrR323mHZfknuU+di+qZFkdH\/EQiWObuHXwvxT+d8mUKnyAB02BTcx6ikllxkk+7Anulz\/alZEZCKgpjN62uDEL1zgUQWaEwOMai6Bq8aLpyIjWmfI3mXlEoQL9YGtvFU3NA0ZJr0FsSmnF79XixoAiidGmVLveJwbz2v70EltiOw6GW4XT1Nx8GJbOHEb4lw8Nf+y1YmbiOSl6N6MqAV+LTudvCC93HluIlhU0E3uX9LGDS+ScDF\/SXTW4zk9DPu\/I2vtwGCJX81Rv1WV8uy3YU63ClpeYXvX7h3rAbpodg\/tjIJpSxX8PbWv2L+X7I9n9ASbVRLPybgw1VXro90q6rMYVQ\/J4rPmhLpWzdEAazqGLHFi9KCGNiyg\/RvVoTwUKLYJ2wN2A7fA5TkKjD7w9oSn095bN7P+h75McGVrIyVqdEh4yuOB+Tvz9c62lXezMJJBw0zLwBGL\/8fc+U1+0HGaZ8c8r\/a9gzaAu\/1hL\/GX6BDxGvNlvCbNJSR7uYc+tLK+p8LJwdEE6O1NRlrVaqPbBG+gZN39wLrBIi\/4C1PvaV8uwXWpwJT4\/2iKYJmYuzWYHqOYb26qPVfaWtKa8zR+ytS6h93OrCLmPemuHc\/JEUEpO0dp8igHMSUL1C+oRr6S3mhQFj3DoLOC25YV2Nz23shcZvt4jUGqP33atbdN9fs6Z6FU668dqDsydPhc\/SLsWEHLNI2dYaUpYVsKq4rnVyNmOwE\/6yXFioayjL1rahnUdwSUA+95p6JoySDTBjZ0UNSLSl7C2+U5OFwI7ckGRhoW0KKahovJhm17+fTYxdp+9HuvzWSSUY0fZvLQBV7yxLsR4PcQVPaqkZsrRSNzLBu5zsWgsJ7iTP5Pui\/izmglDfXm4vEH6laDbuG6URrQ7dv3yhcwEz\/QEq4E36vx+7mzPgws4U6N6vHcQkT\/3gkAaI1tEvZMgcRaUphUC3VFG3nl7XwQxFcW31F+TgbWi2aESvVU"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388075921678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075957479,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6q+fA\/wAAGwh7p3UKjzv1VgAARSD7U2hL0O88k3UZXjUbrBBd+WZB0UG\/j7758xlBZzizfYUS+JxzLcKYGo8WQzFU7GyiuzvE8f9eov2KYsEVwanC7Vc9pLDljUq9fi2hrf+FzyyRcUlliaDQXxX7n1Ivm9KRXOqnnKdmfHVEvBFAffLmUIXWbO+YgkFjGfD8GnPXDCrAqvwlSSmWge5izab1xOS9Wo1XnWifp0lpGLQpE1MqqxNhBIDxbfaVbjuMEAWyrxRLEqh16GZ0\/jsodxxqlZew4w347xtEtqPzlLyHr4poFBV0Y0YYyCJ1yuoIhaXm+33Z+1T2cYWE7O6I9WEk+mBcGSHxZEZP4CaDr0T3d2jgKsNoKY7bkKT1W4j+vuMJDFuHBaV9SRkGAElCQfGPawy8Ys82dsHnmEEyzp8V6ce7FzsZZVA9JPutVgoejftdzH\/RLPkp8RBEvUi+HMOKcmfLfnWgmtZUoG2P5WRsd4keUAJzFzPu8JDFkn8Qz7I2ryzN2cOlRhia\/jz4PgIUt+4ZQKXncNfyTzS2OteWVaV9zMESXfyvD0pVAT08qEHRc6laTl0ufuUQBtHn5CKjoJYFHspiVeCiJegPMoj4HilpDrhpSZdELNW8O6lX\/+Ya\/E5+xP\/XiQg9mVqUhmMopCMRpiLIe2Y5jGt3vKxJGa5gox\/Ao+2MtfZQZSIoFcP8KluOAfCrb5sGinc+sTc+ZKeAOQmz2FRpTh4fxO1mAo2o9ZJLguqcLrOlyxUUSOHnuLgNLS7XObH1LUUip1vPpeYTmlqzrANNh9EYL2PlIErptyjoZYKQJ8rGcKFCKO11+88Wp\/LRi79APRPkY6RnAKucyRnsrN5ZraDdPgKee842vxIdbP4CvpQKByezNr0Y4u9e5janU208elx\/zNNPzGR9+gsEJIstRXxFey8H0re4AXkIgXjqAReUAEftPwSWT1yW9+jva9RQbrdrR5MlklIvCCr\/7U5+3OUw9\/43s\/O3pgzG2DXT5bg3D27JwIW8euuy95GFovl\/nwOfDJmNLw18bQ3hbUqIFcvmzSmF4CVgS8f8nD5zXQn0Y6t6H\/0dRw6m\/fNV\/hHkJp2gXqQ7165w9HG2aJNS+9mCFSeYNr4H2pXUCnIsj\/Pby8rM4BOGLZX6zg3e6S5gFfYBAXTKRGfLDh+HC8x9D89XnWP0cyQWheKUU2YWacOr4WVE0zJK4qj2v39Y03nQgSY7Oa54R2PRMjuzzTSkaITdQ1fo\/eapkrPXa1eGFgwwF6EMe47fkokLHjscKhQ9hUwVD1WZo132hEoWEgCk6GBm9kpFczYiEdZUPhpULGvCKI1iCSBgMjY4vkSPjkj\/CUDk9lkmQxFPWmRRIn5bNqB\/16pGMD5AZgW1l2kOJo5CYfNF1x84eGg+l3fSTIrHWDb7BvF8kmCbEpzK5xtWGHGjxOpk\/7a+pTOyHHSCngxZDzPdni8BcsxtcevFPBg2cOlxb2H\/0wK6HxkRNoGyDH5CwTV\/9XVHoipCcVdCRMqh2JweXzA8wyDxryIMQur2tx3A0CW64wtn\/h7BSyKnDTRXR1V+Wa7DymTTmnRiQ6l5f3ecwcceih\/JZP\/GSUvQLB1MZBKOprH4Whg11Rc2g4AjShZ7+YxYeeQtOgNFCRS53FA6JbVYqDpNySia3zORBhbds4Rqs3FtKCEuzx1fAYtgyzWdf8adqeSwRKSlOPPdqsVh5zsBNqK4beqT9\/RPVDkfR2bjUTRJesgqyVO6iWDbnnnAdtd3"} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028071,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6ViHv\/wAAGwAIe6d1Co879VZFIRhTciPGRElj\/q2UJV8WLuy+v+X6eYq5nfLS\/1g27PmgUSjybm5KzQzU1ILEhmniPOAZEvqheEyUNT3LDVYKkiUNtyVizLS+ix05UKwF9ULcCkrPIH2L1yPWwyFY4cNmCg5gqYtxA3Cd8FBtd7huXtciiCUG3GeekKTzDtj3mZ+8a9Kr7COQN+1+KOPGR1jsFDY8WBXFdrZD5ySECX4kUsUr19bjb\/U5cZvpbI9cdcp5bwfzrC2mH6vd4a7R7sGpYQC\/LmTmcUYGX34JRALcKFzBObhoO2vaDi7novDaIcCjAgVKgIi2QDsp0UHLCVfN6EaAaXbvuQGWGiPLw9zau68I+RrJ6y0kJVxIbdnl\/EUZWmki\/uzG7tgnHXtuPP4eyAbjSMJ0hjsteGZnRo8ugg1QBkP3BhHBIDcYpS7Rg5p+Q87bHy7pRrvmcYBKovHJI1C9UPa2SFGuec7pa\/6HIeRhWWTMUnz\/ZwqGW8sEZEBwfq8qOUwgi\/B\/AddMPb0L8G7SIQ6+A8kHT0aXnCw79xDImZQvGx+xV4Q8IQAkfmLfJgljliS\/pFSe7vKQTDUfFC487WlTMSbh8p4v14NGz4\/+IbJnlPne+z3aiBWY4W5BT+eNpvI1FrAsB6dTWYb1WMRGu+babBDC7DyDPqG37z1zhaan\/jgx4fju6203mIVVCgDDa4YMwuMWuzKcp++h85i7nfzPqf7Wk8JcZqDZQ7\/7XjA0cDDeckdiS7HK2HclGO5lmUAmfBv6xhN3kqSBMN6IqsmjPmE60BN1fOygdU+Te\/f2Zs3Hxj7prJm6c8So+FZaiXzdcjyeQIKQ7Qv7uvRxvkajwom8lMmtPepS8E1yN2bhced3EHv6plGn43Vp+3XSbgOKY9S2AogFV857hcfhi+38yUYhyudlbkP279FCQJSOQonnRS8vvcxIp1D3jJKLwM7lBzaN71oIr+jZYmimJVYS+TZyf2NTpdZEOqUdfyfjGsgBeO+zxCodqOAYfcQN6t\/ocUaCgoHwIrFh0DNA8BNDZ3BGwDpWjDGxjT2MDsyXTPzdJOrwupelUXdrY5ldlO0BOU4mi86dMKwmn3N98YIh7Xk16l5iWGVTV4G7BiDgSJjCmtvL4gIyWDqlNk4rKdN30XBAMceNyzUL3I+J9QvbqKGfekV6XugZlAoULV4ad+umJRK2vmBuKK0I6o4wTokYu28rX8sUaoMhaobdOad13wg48RmxbjTjdVBAPfX1KeyZee+F+tEvJH5c76CbSftxDPZQcvK0IFFWHU3fXRowm7y0cXr5ihgo+viz0RYExACCOzUg7yyTUEr1K5pmd+JJe\/u6dmlpru9YEnDkl0FaQ69KgHJy4lAr1a6N7vOW5UVyYYpXufTEaXlc\/8T1+66MUdctqR87rt+GkJYJBgPUPk4vo26994MdlTljOZGjiPv2mj5\/nUWzoMXcG2WfI4Qc6qCD4Pv1VD6RdmOwoJjV\/su+wg4zNBn5R6iJ+ATQnf2WSumgGNmoSRr4mJgiWWxiEWYUww8aIC7q0BmFcfSOGzsQu+p4VSWP6YjS77bvflLoX3O75q7WJVNOS+lJu43OyzHz5fgIDeXGokHeXy9NpCGJdtgA3NQbjooA3dcAcQ4tGZv6kkVjgPSkmu0AJzjNvJuEpULFm5FZxpfYNwEra0h8ooobuNRKlg4azk0ZN39GAv2Rb82ENGYGAK8P6\/LrlPwKtRzuXRWUzO0rErD\/GlE5wROht4c6ajGM"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028126,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6Cu\/h\/wAAGwAIe6d1Co879VZFISUoS3c1LeI1f3kGlK6\/QNOr\/NABLaBx5LTjTiMM9smnvfjoOua+FQJnE+ZH3t9qb\/LL3ilj\/FL3JWoQ5AsutZ2v0Ov5AHIE\/ZIUWiM\/b1\/Psqe7HjCEfGa\/Pn04VrjRCrsUglRK8pqyMk+t9GQppn+F+FNln3t\/Ds1nPF8o5QqtUE\/q8LSytE5W4tmuafAvGb28tHvlqcR\/91RGVeuyv4ZdYWnJdOAVFbjKuvIKEBKANwTaD3AkFWVEqaZvu2l7N+bGHJMJgiqgp+9b0cttal7FMoGFs6adg3LTgTWujkwfJekftt71zIfnuU+0PrD0d1qsB9TfSCuwGwbbbDRgYG8XVwL8zxmRLn9Auhuso8795903Gpq9LAC7cKoiShGW3C0jUGDF2xTE5Ylh6zMUGg6TDya5bEvipHZ153rW7TWJT4vkCkw69eqhsXJvjw4jYdOmvyvgSYObUpBV9iMJbMO+hRaTJxltiDxz92XCBsPx8yqbUs2tFBONzhIyzkw6xcC\/ZeQUgpLso2N\/diUisa0e7nV+xuLNdIjwkxLf7DoY9I1jzeq6G50DsNvHoUCKgd3CqYNQEn6n3zvfWs0l1E+3sjvio+tlZOFbR5\/DYOBTvbtb5ssrxMIMX8I3hPzw9rkivT0lYBRX+etHZhXt8hIL1OE+80IRt8mWNHPnEXuvPuDJByNp6x\/JtjAfFDInDCqMZK5djoXSTtUp6qQpvlMtB5m7uyaaysgNqyHnSwGOB1dQccM7cak0t+MN\/+IlDtPj\/wmwqBImSV0mDKjXywQ7bsYfqHPAw4CcwzLo9zcIEtNjvcoF\/TZi238\/qiq1vOsMzk+82E4taf5+VHAoT267xBTLDM+smuKoEbkSDtxc4QmjrDMSSWkWQOyC8j+c8nyi51Tgg9IM+iQxLRMFa1CGft8h+1xKuJc\/FoiSqN62L+IA1P\/LA6XLD1NcjJXY8IFwooUg5\/l4urKJmXSLnA14ps26fW5korJedu9wd8F7Xmfcc1UPazcpuQfJHQG7YeUVyqtcnf\/M50G948rp3i8MlfdgRmcCkEymW6bJzm9H1yUPHWWVg8HOVbIhOYXhjPZBSQAlSaAvFYwI0hnoFbYkJj+9n2WEPggdOcoa14iw5SpNWfyjQ7xR+ONzyW6OQ6pGo\/5atAj5QVcoQwnpzOt5tX8qNfNp+ZLgOF6ctVOufCLbzzxeGWcDSRiSqOuzJgCM2yRC6LvUvJkH91CInawmzFG3KkPQdB+K5Jeq9ffHYQN97+fJAdP1OG16UX\/SX3t9htwnBd5Z2+nh6hjwV4n1SIuOG3Hkxljd3DTBhpYrha5Q6nDeBc80QdbhiBU+OOsYLrGr5FFnb7THO1Vnn24CyVDvtg15ACcXDu5+GlJ8RYCR2Wabyq5m4hTyIb0TZAJQQbQFrD4b0mSxbusJpuXWArhNyDl\/EBNhAQww3zF3I9SOtZCwpTDRceQbTQOAJV7CfIzUtg8zRWTrK7m31aSg+RyqaQizvPHdNQMSy\/YFccGhfumDWmke3xEkgTdSt8YZMA\/WkC3aY4yD7Wur7Pzm6lg+b3UbI0ywVjTd\/xHuOKwpoNWGHWnV5hMMRvNQhiEaJSz6nqjVsSK7kruepr8Ko0ZQkHqE88t8AwjTdaguGXi2F0WBsYS18MpGKpw47jOcMsAq0ON0Xc5cprtI18jJDmrM5xRj17Fxa6cgxyolfwWbwqSt2+gabY+qJoNGuHEvOX+LyDBXyyTtHBoULbRF"} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388084312705,"flow_dst_last_pkt_time":1592388084373772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":5523,"flow_dst_tot_l4_payload_len":6124,"midstream":0,"thread_ts_usec":1592388084373772,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388084373772} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388084373772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918537 bytes -~~ total memory freed........: 6918537 bytes -~~ total allocations/frees...: 114179/114179 +~~ total memory allocated....: 7496080 bytes +~~ total memory freed........: 7496080 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/quic-28.pcap.out b/test/results/default/quic-28.pcap.out index 1a09f3a36..2f9fd0fe9 100644 --- a/test/results/default/quic-28.pcap.out +++ b/test/results/default/quic-28.pcap.out @@ -1,15 +1,15 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591267474847575} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591267474847575} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474847575,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","domainame":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","domainame":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474861209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1591267474861209,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474861209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474861366,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474875141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1591267474875141,"pkt":"bmImQfCg7jdRvai\/CABFAABj8Y9AADkR0eVoGgvwCgkAAgG76soAT+eKyv8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAFv5HsDxxmd5VEpKl2hES\/adSPHMDBUM="} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474876194,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1591267474876194,"pkt":"bmImQfCg7jdRvai\/CABFAAC98ZBAADkR0YpoGgvwCgkAAgG76soAqc9DwP8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAQG\/1pyxQuqr\/rtpFC2WVmtFOhv9JrpeHuopL7hMPE9fxl6sTSmvxfRAUwl+0yU2EdY5OnjwmP8hll9t175YCQMzKJKMegfWSiSk2V1nk0gFVDaY\/3+57WXWRq1p2wGvEOZh04iEYFueX23hrwDr59zo="} 02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474935131,"flow_dst_last_pkt_time":1591267474949617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":4297,"flow_dst_tot_l4_payload_len":5362,"midstream":0,"thread_ts_usec":1591267474949617,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6116.1,"max":20960,"stddev":7174.9,"var":51478880.0,"ent":3.9,"data": [13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076]},"pktlen": {"min":71,"avg":329.8,"max":1228,"stddev":425.6,"var":181138.2,"ent":4.0,"data": [1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72]},"bins": {"c_to_s": [0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1],"entropies": [7.825420856,5.391368389,7.839229107,6.043497086,6.731246471,7.843968391,7.815639019,7.852266788,7.065521240,6.543905735,6.067143917,5.873550892,5.873550892,6.748120308,6.120771885,7.600786686,5.845381737,5.732706547,6.072868347,5.683273315,5.722074032,5.818619251,5.778411865,5.760875225,7.744878292,5.750242710,6.580695629,5.778411865,7.773950577,5.873550892,6.249063969,5.721802711]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":219,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267477602863,"flow_dst_last_pkt_time":1591267477602221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5428,"flow_dst_tot_l4_payload_len":230739,"midstream":0,"thread_ts_usec":1591267477602863,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":253,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591267477602863} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":253,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1591267477602863} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 253/253 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924959 bytes -~~ total memory freed........: 6924959 bytes -~~ total allocations/frees...: 114411/114411 +~~ total memory allocated....: 7502555 bytes +~~ total memory freed........: 7502555 bytes +~~ total allocations/frees...: 126142/126142 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2172 chars diff --git a/test/results/default/quic-29.pcap.out b/test/results/default/quic-29.pcap.out index 0b1ff0480..5e8d9f585 100644 --- a/test/results/default/quic-29.pcap.out +++ b/test/results/default/quic-29.pcap.out @@ -1,14 +1,14 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592171671664832} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592171671664832} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671664832,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","ja4":"q13d0512h3_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0512h3_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671665593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1592171671665593,"pkt":"7jdRvai\/bmImQfCgCABFAACRmvtAAEARi0wKCQACCgkAAQG7juwAfRSj8P8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSLpoy7UXJBmrU+awywdI8GeSAtpBzddspmsO4wBFhAc+lOZRs3AvW96rBMIqSb8d5pE1izlVnQvJ\/MknH+txz1mHxROZRbUIezbGG599\/tfDcAoDEnt9M4O+IUzLE"} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592171671666257,"flow_dst_last_pkt_time":1592171671665593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671666257,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z5AAEARMDoKCQABCgkAAo7sAbsE7BkSzv8AAB0SLpoy7UXJBmrU+awywdI8GeSAEUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHwK3nve7Gs3tZecUJrzqDFyJk9VgauDIb0Z+rvJbpolNkK6o7LgasAqmBRAbZcMPXVvUfKsLiSsD4SILcWD+XvuWr3Bh6tm+Qfkza+b6iZPubm3DVwSuys\/Xdp90g3J3Xk1P0fVr4\/DBW7XGGDkoxhXT\/JK9l4UPRIVyi5S\/s\/HCP+EDwylk5NF4afjQaGSFHvpGz1rfWgSbWW9+sMKYreG0NJGBDTiOkzrmoNuPwZsLcClKrT8DHkz+OgR9k4HlGmCBbxjhS5EqHAPTN0p9tNIZWR+C\/qUiEONzWWHajForYbyQn2DUiK6yBo+OQYvqxa3oZpGE1ifu6+st0otshaii7hYat8QkKrneLy15mdLcw7PZ9xSTYArs9hr4+vj1cqKUtxqRPTiLF4dCvRIhEX4wsiVHTQs1H5VlPwKxJq579LyeS+qFj4KdmvZBFiZFw+OSy3NncA0jvHpvDNazCZw8\/tYybqvtyop8EVUiQlHyJg8YNQ+aWO8ypOTwvNIGYKTaPxXZMvN35yLXrvtf4haVdzH0G1+kC1uUCGWP2BWNjQ\/TVG8grG7RsHGbnZn8RfXhU4qdScFjhJ31TwgAH0lYn4+u9lnJAIs5sT9WTUkrdZcS\/sM3LeHI6MKWpycP8D28jlxLUcx\/dMgCF27Jh3BsCbctlNdL8hYW38Zr2U49ykd7WZpXsGAA1nzsNfuIwfkQE4VyGHnLjXrXxRxrD6N7QDeL7eK3kUjZyC5W534QYFYrh0HWuZfiukwt3neFrc0vgyMMdUKTmaa96v1P5OJVaakJ7Ko50Ic\/ccvWMdP83+NPcs+7HRXK4yG1yRzMwkmF0e\/57Dhb4ZsYBnI3JAGnaJwAbPLn7nBCtX11JVis76ALA\/EFVyoyCMj1RVsAHT\/DccWKXtdquQdm5INifNuOA564SVFMA0ccofKzicAZJiC7kfXk6QXdl0MLrIa5kBoBc0Jy5c\/hRqi1jxPFSJ4InRQNc9l\/l2XOPXUXc7GNf40YnCF9ge02seRVw5QgAxzztym8sQ\/GYuUd0UgGwdukDWiwqiuJGtn0Mf0hSpoDxXo0GxXy5ROaCq+Yj9+rOhxfWf+y2j1esQpB+lboWDqRNGPph3H9QluST7Lui0v+n2oEV84+fsaSRoIRNleP\/qkuvCpXsIrFGtk7NdB1Z8Zdm3+Q8oB0824BsnbIqBS6PVSMa5uQ7IDT19Rii201P9HjbIFdWd6f4nkoa7QLBzeQZCl5mk4NmwWPlKeVRJy8VolVes2J755oyt5f4B18ZbY7A13RZDfxUDmg9vvPRXS5gGtrj7EEBsE5b+jNiBsYGPfCajHLvvXuZJzWTgs5GIF2fZMlW3pKokAdhk\/JtyHS9+vfZXldxcnCxBcwh\/+X5Jvp0OY666uN2Hix0VsHswxfto+CE3l1fROmKv5hQv6DrppojEXU\/Bywn1HyxPBMx4G4LIAeSl0XzQ9LpI\/snJgv3oFDbMQMXW6dKIL6toQLmRPmeW2MoTht4gvwKXj8RRQP4umFHd\/MZAMVQ=="} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592171671666257,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1592171671669893,"pkt":"7jdRvai\/bmImQfCgCABFAACamvxAAEARi0IKCQACCgkAAQG7juwAhhSsyf8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSuOhEpZ26G1apwTYmb8yCval\/AEBRPcuzOLEauCutm8Cg9Aw7MEJCqo0x9rzS4t7RXw9ZHJwjm4cjcaToOiMOaFfu+VVWYB5tVycdZGiAgFBsUfDxzpzoGAp5IeyX8RBhrIPQ+UnY"} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592171671671308,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671671308,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8aBAAEARMDgKCQABCgkAAo7sAbsE7BkSzP8AAB0SuOhEpZ26G1apwTYmb8yCval\/EUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHxHyuth7w4wAlhBFzSbC5OjU44\/1Io1dfhnPLBERJDclqgYkhsGCW5n5pq4++z17AmNcn8dBqWB48xy31i6C8\/7XLxAdE6MTkI1znSj0vPZF3m092HE5ICx5Cq8tPNqgLlGyC4nLFjq9OvRGmiuiF1TIpM9PmTRo8CoFdISqcZiGUU3ZatNhq0BrGHwqcNi5TGpNATNj+HPUET0xXmYCe8+PpzJ03gSTlzB0FLjb7iGX7ScJzGIFrKQ0gxbXNX3pdkMqQzBo0EnthbcmLKitGXotm1rEcUwvAV2ofjpp+dpKuUM0Owe+S7aqtPBkDFA45e1ipUu3IPJnxQFqqPunboo+Hnv3g9HksDbGOV3\/88bS6N0HERX9+EEPSf+jFcHugxRyYYN\/nLcw3xaDYPvLEu\/7m+N0ENIH2eff2kSd\/4XAYxOrjtXzzXRz0ZawsdnnAulk+tBvPHcTQAHUIJtSG+aaebsXHD40\/zcrQasAOlyD6+yxXtZkfWCz6DKTsNoXXFNYoferb8IbDYILPjauQdiYr\/Fqo4b8wg9zsOUqrTzOoLvaV1yqY6LGS5ESEAk+jr3ZvB3fzAjmUOGFx2kYo4hL1jK\/EcQPM5W10+VV3AoK53O1\/QDStMfKAH8\/GDuEx9GqesH0qCt5vMkOqn5YK1S7fYqFQJ0GQz1CMuXWrBTC2CpitU+UBl95E6pJUw+3rLOJIBV3NR9umg3dlzgZskQRIcO79GrkmsL6EakUlWb0zm1fkXRDVTVfkzGUPboF+IMWjDBLtqq0ad1m\/KEYu7JQMB2PIUND0ZOxU+8ur4pEZXiMKJMG\/vwK0qb80\/Sn812LEChKfMFqSLohC2gQC\/NCnWpwdff+PmCNJuaL7vvsQA+2EOqwBf3200Pla7XD+8mVcbikS\/Axog1Qu9D4fpVUG1Li3QEQ4yRBnPcG79jBpRS28cTqfVW5YH7i1z4Fqql03+ZGuyEqkhrg406IpTvdPVviAPFL6DVkypnWagcwF88ejZKMTBlSjOr\/eOnsSl23grex3BTGaO74gsy9a58KneVSew6h0i8MIAQY6ELejtpPDdIQT86X5SIhP9cpOQmuAOMAq68Vn9EEpUauLD0Ge\/pPsj020Ul4kT8YAmuqz2gf\/kHYlT+\/P\/xA7QdRVyw2RjbzYPDYQRVXfhs94sPTmHrCVUkiCWYkJMxWHBeSC2ADg8+ZvTBGDo1xzCm5P52WKcTaM0hKTzFhYXwpuMbeF5P5pR52zCrQWIE+qQW4s8tAphPljw12Jq6qoamxgL4\/mTWk84qzfcREKHpYIkc9qxIJr5H9EucfXGvqqcetWkoTg81lO9Haye5wgzOsUzheY9Lh1TUgo0WRNXVUuSv\/JGnmIG5uovTlVRwenPJouIS+CmrkTUvFwZ2e2QG\/xLBHcJ9L4V+YN+31gwg116TB1\/ngwjfvqla5cotuv7AWW+WckNMQGoS2EYDWJH4Uq0ZUbTENG\/qanNdGm8G85c0h2dl0eq8kn4sXYTc7lihVx7DpaoIJtYZ4ewJlA=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671699048,"flow_dst_last_pkt_time":1592171671697674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4303,"flow_dst_tot_l4_payload_len":4453,"midstream":0,"thread_ts_usec":1592171671699048,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592171671699048} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592171671699048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918156 bytes -~~ total memory freed........: 6918156 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7495752 bytes +~~ total memory freed........: 7495752 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2220 chars diff --git a/test/results/default/quic-33.pcapng.out b/test/results/default/quic-33.pcapng.out index fa751d792..dd8410450 100644 --- a/test/results/default/quic-33.pcapng.out +++ b/test/results/default/quic-33.pcapng.out @@ -1,14 +1,14 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1607938456563491} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1607938456563491} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1607938456563491,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="} -01664{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} +01623{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1607938456566304,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gTYBOuKAAAAAQijB72XkxHdoQg7VxcI2Jvc+wBAmyNACkF8YFqpKbrULKoDb19+uZg6qvjJtwEJ\/uOaQSa3OSU6O4kzdS3stlDlI1x0pxU6U1p+48IkszqoivEYtB69bd+ITaYbTkxaelp3jMONrgP7+RVKaRNSt1HkpjhOcLPrzWczoHNZnIhNfvDy2JT2t08AucggcJe2\/4B\/vdnrtpqK6V\/yqwGFTMu1rQIkxS92C6tKauoy9+VqrwAAAAEIowe9l5MR3aEIO1cXCNib3PtEAuCsTgG\/NlsvOl6GJP2fa9o99BT145OKWZuTcmr433tc4jI7eA6S9XkiunJFKo6ZwPI0CMllqhzpZg\/M2oExoGin\/1BGN9cmCUQfuYgNqfFCtG+9ndT9HYjrsBCdjtJLmxL7rPr9q0tjGpDyuXZi9R4mNROPUrln\/PkhZzgiM0sHtdd5p\/bNeUYtEqE7ldAVt6\/n44lU+YN3SU+JWXbqssVrfvVzr36h3ab7fYZ2wDsFWfe3UAXx72w0FuOOYB7+7UQe00b5Z0z5SyfSm4P9dPYqojw9+jCHeJHd8IAkR4khzwJfJ3q7ZLCXjemRtbjS+jOnIFHSC581L8cRfFE0puRn3ZcyA6eigK1\/b\/IulmnDweMhm5uzPfRzVpuYtDAmfupBBO\/lq0x9UE6G6aXlrZk5pUsV\/Pqkms2\/6G+WtFFZQVjHMyjk00Lt801D4RBFQF6Pahphh1rFyerbrHyGpVjzLCCjQyphY+Ef9GwnSwZSXfDtl5l6V75F8hdBb7eRQwoSsYy2TAPUn+5EgUUMa1L0FdqwqulhpTwuiKxlEjCwVmTxOQ9cg0ckmklTggiUpDihR6CGEJh4wbwQvtSQI7moaNImb3zhI+1KDCqOesSmC0luDPiQ6HVXRRmZBTcfdXaVe6yn8aOTSuCvFQcYVZJMmDXWA3tjd8oaA17lJRBbd52Hesk8cJ\/YJxx85q2dKnHlb3PDDd1GsYUOHckqW9oBPW3OnKOCPAmLbdAwZewxw5NCtlvRr65YuEBJebGFHlf1HDlzUGnZEYOFz7QCUVI0Cm1TQGPnrse0LdnJMU4XAsVFTZ0rmN1WZ7lpL6siOc2kDO70InGs0erREqxP56ACsZJMVSLIWh+Wtd1TXT7s1cqcJTYFE1niy2vrWekG6gLj5S6d+RexzQMJFxrY7r+11SACpmCHMFInRkZ2X9ItKQsY5EbZalkFRVlIPVyM4egzMKz9sn52T\/vMFKgNzwFrf2sp17iUQaz1IyM4BWPhByUmfVEtsPpNhTudVAjT+DAK93H3WyrArXi\/C2kIO6kQjQL8MrdQf21Vn+lMg29055+PrObIIyJyGedJEXiBJHhcPUZyzw5wKIN3qGujdkkwR3NWZGQsR9D9oFcHebuLVvyY9rfcmZsewBxwBuE+3j7ZET5hnurVax3LpMwvKOC7lHimTxsExq+Apn9MfGeNafcclrRpd8qOhu5Y\/D9oPxLb43JPWxWrwE9\/H\/\/i9MLl+t0zWNInh13oyE1g07E++NmYobon6Smh\/KGoGULC6seHfmLDTFHYkzCH+jMiW6zoYiu7MVxzW\/pT13bjivVb6\/E5Iu6Gt0D2z7Y6bkUG7P9GxtXA2I4cOhOe8m7St\/U9gg=="} 01549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566431,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"thread_ts_usec":1607938456566431,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1502,"pkt_l4_len":1448,"thread_ts_usec":1607938456566452,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBagRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gWoBbtZowe9l5MR3aGoPMUlC8ojkveWDrnmED9W5sa4X9wCktDzDDXCYZSRQMxMbCVxwWOrGcoL7RjNrb\/aR0XYpCUrMVMGYc7NbMVcmFh+U7ptII9ng3LovEtfWD+Vs23WbaIHZ861LaEHA\/O3BXXbVKR+D5AvGegGrVyCDUDTVwsI0xjlHU6np3nq2hUuH8yJbDa8RRLpXgKEnKNLc11Kr0rcxDebjOz1dBKCk6MJE+RaErF7rEtrFcdkqX2anO2s+oQdnjsu5lzh2gt+Pax4A51\/PBeBgwzAMnnreukUaaOMmSVWTRc\/VoG6UCj\/Tagguq1zlSUsuPKfS4A\/Hj9PMCdEQl7Hayptql87eJvYWKvnKSw09TobsgFvbTKw8NsJvq53AE7lTrO3TaA+nGZFRkq+M1ZrN2+BdXW26C2KraejfRHNrX6gAfXr\/p6NjeOzTSfUp6nCX0A3akd5q4pDQzfTm\/ZODmJRSSua6qoJNXn0ZXKLdWfGo2HyscrTneMhF6bQ007r+YHFANXKovRp2EPpw\/UJ\/vmL8V6IY0+HgZbj0\/d8FIx79RtbyabSwl8zeJibsQ1efkYJNgJ++\/KCwNGDs8asJAde9mkZ\/dD1+61ArTNYb49TexSktCvy4pG\/lsRXKxM72Y\/+4TJXT4xFdvuvm+PYjyD61bnMUmH40\/yen\/A\/WgtDFdjYfUH767jw9eFdVWB3ZsqeIHitWtMaap9xJIluBD+y2SxNS2T8mAjyctwWenF7C6shXsh0qrLybxoQ0mpuErDwRdnKd4mSsuqiuoQGfGbICbCc2dii\/7aSWW9g0280LQsrjBCl\/YvBCm88jWP2XY0b7UwDAZYeSSdHwaFhBXowhDhxXzH8R0g9ke2rFjs\/\/TBqq0T\/ZB1XqZLLhRVNSNff9p8XMZhqF6nYP3WZjj1DqFa2r\/223NsQ6wlp7tG634D7micOuvJWURO+AlGXtvI7zygsUz0CgkusaQEP4TAWCgn0lXeK6Jy3aZ6m0zQtfsa2SiY0Pyf1PWTuWCeXEhhqN0+G6HwVWdmaL2uYxjn01+QKvB6cqgjzUHj7ISnkgdtIrQ+jDb3\/YuMI9cxUejbp+0glcdsH4JO3WK3bIkjHXe4nJtvi554x5sT83RqdBEWrCT8Hz8DvHMAfbR+\/XpS4NJ6rIBJZTfZnrcqqNHxc+q5Z3+z9E3mEki3zOsCZbUzk0otiSbbusPTJ7Es\/ZnRISPdeCvvH5UBZA\/ITRUTY11l7ptIDwkxD3Q2fTkbX2WLeZoRV1F5rZs22rukFjdfZFbVimjaztzg6Wex3ilHTBU66\/wagcJ+boiTqvzD9shT8g+9ztRyM6oDrvueAWdlAP374US8GzN2ocd+LWy3Qh0kD76f8cnFVOhNIJ74ji8WV\/lEp7vTYYUDMrlFJm1g2QBxreEzVyyxzw\/kWu2secXUHFiuq\/aLl8lirZilXXB6BKhwYA6VsFx\/wQgXMGW7N576ppMuzN4q3u6+qKsFRgykE6xWMCIu8rfyHPKLU8hwJI\/Un9U+WP4ym96BQBToDbbY5w60F\/Fn+reGqzEXYBrNxFHbTy+34B9XFDXGRJuNXJEdt2xpxpJ4rLfkfhcpUBhpHxNFrGGx2u1ISXuanPkdl0U8p9iUo64xVk85WGi67+\/Po3\/vbJft1SNF4cB9lwe3oY2I+j\/MHJ8WFVg+W3w5clz+ifKEtQv0lEwiQL+Eicb9gfq3tlAR\/Zi7S7qlLM5dHBagD9XgE\/DssV\/nw3KYmdu4Cl7igYDAaGwJ\/prNC9sgv+k4qxakCz31iRthWoHa0gjjPRWdkJJ2NsNi51hPYr48FsvBgPM\/Y\/atiNkibfUawrvmDvK1kNir+duSpeLrnsGaquwEZKhLjOOhl7z2u7XrHBakQNuP2txJ4w+obo1p2YnKmbYM="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1607938456566937,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":115,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":115,"pkt_l4_len":61,"thread_ts_usec":1607938456566937,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwAD0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwA9AFCoAAAAAQg7VxcI2Jvc+wijB72XkxHdoUAcmTt8MUVh5MfFjPiR6HrZ0x4AXuWw5hgay8870A=="} 01306{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456567204,"flow_dst_last_pkt_time":1607938456567051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1607938456567204,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1607938456567204} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1607938456567204} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918025 bytes -~~ total memory freed........: 6918025 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7495642 bytes +~~ total memory freed........: 7495642 bytes +~~ total allocations/frees...: 125899/125899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/default/quic-34.pcap.out b/test/results/default/quic-34.pcap.out index ffa96c82e..fb2305304 100644 --- a/test/results/default/quic-34.pcap.out +++ b/test/results/default/quic-34.pcap.out @@ -1,13 +1,13 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646827637244077} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1646827637244077} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1646827637244077,"pkt":"CAAnfrFjCgAnAAAACABFAgUATWVAAEAR9m3AqDgBwKg4xtpIEVsE7ChNxv8AACIIoSj95jI1XLcIjUy3QAcovkkARMqtPUg7uXRSK4kMXX53Es5onLzxtRemVGyuMExaFbMut6vDuqB2U\/DpzOfUlq0FvRt9rUJpjW6yDtUJ\/70ztz+CDYIV8VpKhQLQtYfPD3mmkKn2FxkrrQO4KafazVucb4cvV7T4N0u43AnJcMtc4d\/GXnMaac4VfAlfHe4y11Dgg0O+0aKijzEWoPXxyRR4t51aC7Nkbv\/0J5dgWKDBQk9w37dytb5zwjbfQHpRVluNBzZHs5I4DMZ\/JnNB+PrUyuyBmXrp0gR2XnwVjzQ3flNPFgcQgu2\/JTVF0L13Ckxt\/+QZlc9B3wBoysEquMpFluVCxlhpsJNoFK7jPg3r2c+uxRQG0p8pcZpnvTksWL+f8WqFT5coLPPdZlZwBn02RKfGTA+uAZ0LaE0O1ka34WEpgqpoVc8fayaTadrjLyO\/JlS+dq\/Kdd3y9KPe38jjexcirOrW1+qlPzhwIx8piSprhOCyEQY2+fljrQNCpUoPKvzdasj+8Y\/vgOi4aANXTAspd+NPZCshlwQpGBYQdC7CEZbf5QlwUnySFyecnPIsokfcy7EJCJxGVFXATop39f5agqqDgJBBxbV7Vy06FK1qkx\/0u8uhGfVjqVKRKmprwi9X1kSSqhXt2GH8bZxjiM01oC4BQV78N199Rg9tYJupRv8l6yvhDS9rct08zWWNVxr58lebQUaKNYadQRmZaFtRmnN0sxjkvcxweUxbZooL7E4GGIqIljR4ZhLlzlK3E7B66OJGtQAC7VyR46GafnwhTxp3HrOyLyoZp0Rw7xcWItz9Tv6lT2BoA4Y0DSNY9olTp+DPyrMnUG0vqRxzRhJ8374jg6MVKZMEa\/87MY2irhA8kK8hZoC3M19FTaOnneltuWAhMrf+Q8t8BAlD7kUkH6oHx9vkYnEZiK9+\/sfx6Qq8taGMG\/mcWDWaYEb3NXAZqmf41FHteU\/OwdmlZSqoqDS5DlVhB2wq7tLwmLKxoxTkhjVXaunTU\/kfczBDm1AwklxFw3Hw5J5l+LHrwOolcProF6qLDBkbDOvOptyE1ll3vB0t4SH06Wr36sHzRz1uCQR21A9SHZvKyJK\/SCg1uApsLqdmJZ1f\/+1id8zTEwjq1qmsHED38lQ4CrlbWfoLvOR3f3s\/z\/QkitvfGtHhVZt0j0WepakKe07\/NGHX1V0dM0mTgqZKJh2Io3kvFvctAo6sUjbANXF0S8wxlOujZbFzW1LOki1CXDYWdPlq+SJtyeBxUEDNzFZ71VrbnwsnJNOpHvvMzPqdRV+ndVLZfpyQXSEsFc65QVoQNOu0MGerIkZa7wLe0y4mX0pnI8L\/R\/y1JTawqiJeeUx8r1l44ku\/g3ZE2uSVEJxuuTdY8TSHXRMxr7nqZuOWpvSIaUcGS3Q1TZnsiOTFYcvBWzEbQ72OmSRWUJzCCABBzidjiDpGWzPkhe8\/ROyjlc\/5TRQg67rXC2fAj53uXQRWw3a6jszT4xodZsJKooKIos5G3CpYzzQSJCrtOeOr5\/ce4c+q3Hx2rzKhdgv5WRhVAr2UV23TNUJd0OkmVeoZzs9v+FDb0PtPPYVDKHvjJqHAzOy1dUyjTbdc+UjRQ\/Xh3vEMPhsnnFc+0+ln6b2hntZL0z9eF8yMJK4KNw=="} -01749{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"Draft-34","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} +01708{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"Draft-34","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1646827637247874,"pkt":"CgAnAAAACAAnfrFjCABFAgUAqq4AAEAR2STAqDjGwKg4ARFb2kgE7EgDif8AACIIjUy3QAcovkkIkbyxu2YmbzcAQJwuFyenENUqJ+JAUUd0pzPM6YfLXJbr4Ls6WaBQnpeEVYscLYmqST86NZIZE4bUhuMV7nVVeeqYe8GuuwtatPAGGTW6q7p5GlzaMgwDpbi8BdNdLtW13Hqdt9WnjpqVBlTPXGjJKFNPYUL1p5wtvsDZQ4TlC3npqKXhES1sS6J094lDKZtXU+v7T8eCFSNuI7Td4nHjGGqNqUKgJSus\/wAAIgiNTLdAByi+SQiRvLG7ZiZvN0QVSPjoxHY6BY1VSgy5etewIoW+11THSEpbinUyFsFkXsGASC8punYhUcJKCOC4rBIzaCstKMtMJHeFT+sUXNNib04LBnzYQKYceojlYPsGe5Ro3OtptLvx4kbgnpc62cqQ1nxvDHT\/fJKWJpgJvoU08oiVUiGs3B1bAvXl\/Wd+wkAF\/wAEMtHf7gZ1kaIq4RaPvn5a9A7UzqeEBuYGDShEpWXMe8q8vuDy24QsQNetariaa4kyNHYl4QdNhygXx\/G6ImAU3U1WThFZHC7AGd0gIgLIGzJf\/9m58rpSdM8Ie6D0sH7LUz+QS+Z4XNqqQcfZPaTaAVOFR6VUyiMeaj3F8bkj\/3MFBH1Z7mXRy8N0qVksEG1OlaU1eLaFjqcM9ZlnatIXhDVNsU98jz1VfTd5sFlnZuyyy7JoZ94aXeRH\/zazdoWlaXePukQ+pl9yYFQPdkgJYi+xKQurw0sw\/SIjNt6qV1Kt0\/FKxwfio1WQ7xlNXzsikFbr81oDdnzQYE6rGMYuxy0RnbfRhLVdsGTc9\/tp7zhIS4DV21JLjrv9UwKPcwJ4JD\/1Rxmkn3Jgw\/xQKXSa6JKSiLv0t\/weF0kbZssWUTcVDcUkDhsJSAH0njJoT2cFwm4lWcM5\/27nvncmYaxDvQXBfFPVW+m3Kwufpk8Xq\/eZbeo\/gSSLUYZOuQu+1ySiHDi5lLzsrpugFKrtUw8ayavMdKrm7oT2ZHXYsRczEGy\/6j7hln+rc24EWxZc0x2eirzNMVxjgu\/0CooTXqD4vghqN1FykIiDm0ZniCVUNexnbGWB7jTgFGcio0\/OnikmQ4dYt56aiM9sIGNcOvsTnFVh+cqJS5HY98vC1U2OBDew6qoIOHDQ21GKLwwRZV1T6U5f6o+37jaPoC1trLLadI2tORnFYqRZm7glwbD9lNFVr+PbofAndUgCf6Zk2CDaE686Awtk3d4hYhQQ3WNznovhVpr8uhbkmAY+WL7y023sNxtRIBnWlXFZPHQuiB37VW1mvmc13p6ljSnKt94wjvyH1FOprPa3tga3zWcYEvWdg5Xqw1ju7gmEzi+VGOvWFAXTzHEhgyFz4BPL84om6p0ALU6sMz8ZdCVqy3kojlACSWsh5\/A6tV3eZJDcnfn7IV6RS+dpvmNwYoFMJn6YSfH1ddeM9mWwCcbnxFV4aWagX1z8fcqVLI6IMYAb37L0\/zdSO2uZe\/h4kSA2SLJTWfPj+TnqT2qI8MlPDZYgXs2XiIdxOOzSUnZDmRgGIMADHBZPrEl6WERC1eVKU\/qCzCib8\/Q0YyKXEfqbm+ia9lXh1\/rbg1B\/\/CXdzCHVzZc3ir8TnofN+5SG6M6PapINQPVY7HwnTlqNqDNVMVGtlLYsPe7LMJnAoGEI2aKSrQZRaA=="} 01488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1646827637247940,"pkt":"CgAnAAAACAAnfrFjCABFAgLwqq8AAEAR2zPAqDjGwKg4ARFb2kgC3Huyr\/8AACIIjUy3QAcovkkIkbyxu2YmbzdBBIfexsm7espBXzGKaZrAS7pggZDUUIfbdQ\/09SYdxmJiPOboVA5GNyIN0WKEZEb2ChDB1GilmJgW7Qp24EMucpJ8B17AVuDTPfEx7nyxUZnDxLnOV1NZxSPDEwEtlJluh20qRikrub3PX5DmXIcRaHLRejZJ9hsaCYWsq6n5Gfas0GF7MLGzHn117Y0pGUO2eqVFiwenMssI9+ug1E1aDiNVvZMQKSFdyDe9LiLFeCdes2+kAlg73TsTCPbewTMdEgVZBgLZaqO0un1mix5Qt6BKTBkVA8VSZ95v+EfSMYEwA9xZi0jAFqqTGyp+ZP95tU0r4nGCl85tIQDBKXfcBXQge764C41Mt0AHKL5JAwe7F8jwhPqhtghmuHu5o5uyPLm0TwLbmCTREzsDZ3DsGt5qVRU9QIvOhWBrh4V4uljh\/BtTxVptxRkCktu+NWT04G8qsIYXDgRKJUfYMbGUdCKTsE7gC0FAzqopaBfgolmLGZhX7ZxOjTG5NpEGFq+sEmPjGPlDauhq8NTECzVYfToMEehRp8C3bVLHR8m\/W+k90FLQ1TlaEbOqjuZyM\/9ouIFSCmQMPUymc3wxlPi0V28D1yaErAIjX4TP0GolGAZO78ybzC72YMWFqgmnosw3ju1DxFOnMm4S5978OZU\/wmbSWd91srzQp2fOyLvD3wvvNCgP73nEBs88atgYEK5VcrbDFNBrhyEvYixxRMTIqYTLkuWudZVMFEpbA6nhu6WPpaKYD3hORyKUUBLP\/t\/DIvXUYAsZ4s7fmfApFG7wJnzGak9JU7Tkzy0XAM9yEGedigZBltqQA4wPLvuXascBjTXzqxcRPwVbbiOpsQwIpMGnMJz4+XgHNI2WaH8iPl9H\/sYwWUugeEAk511PGx++JwUxDqTYxBlG36Eym55D9c1vN\/8RDw+9AAMguw=="} 02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1482,"pkt_l4_len":1448,"thread_ts_usec":1646827637247974,"pkt":"CgAnAAAACAAnfrFjCABFAgW8qq9AAEARmGfAqDjGwKg4ARFb2kgFqI1IDI1Mt0AHKL5JJhXLILeyY0WWPPDGqu29pNjeQrsiCTUma2TcFGcgbIzRZdr6JWtplLqpt4qp74KLFQm7PESBrbW0e3kxD7S6yxhRI9JMLupNpVNheQDAE\/K7XDfSJm30AU1TktsrpLm7TfiD8USojXAxktLUfFjAiN6LG6fZddkhXh9AYZ7\/h0cSCCBipC+n3QCl4ZZLZob0nwewGNweDzedLSJHUiGlnnueifyEhuiUGtXgMNSJQ2JCiSHUKseCTMenBQSit9kmsy7m3CDkV8IpQHFpr\/KQRujoM5BDa8Yse\/Kl72IM405uisqQWn\/dXsCi5ce0bromjyo8SztDtTdIO91cc6sieObVALVrCc80ocAoEYgJTF5jiB7H5bYa3WWexHOJ0RxlkZABh5u2jRD60ENUaaMQfRFLTHtUlzezGzCFCF2IcS+WMBhwrHXLKOqpraJzqb1zDOgJyBdik0G2V7FsAOmmWq3kzNfjGuZ9T+fzSlxcobToHpyKVTh6yk3HH\/NbQjEutFtjDN8kzm6LZzftTMHupCPhu4ZLvz3A+qM2A1zwi5jSX7eTyP43nddNE8lSxbMriLhIHzadZrX75JISFbO5VwDvJNjuwIti4mRzJx\/4KzmR2yO+rvFcWV0dZs0\/MF6uYevBnu2YYbkzfUlVDt3QOqbxYzfYCPmQ52L75hajvvSWRTptBZWSpmDGOJ4XTD4avP\/kx9dpBnYVyb7KTOWud3jCtY9Dy0IFLUvwQTXGMQvxY1rW6hgIdpP+kthOl\/nWzDcHa\/PUhjS5EgK7B4SmuoeF3ytxRLbZxnjULC98CUv5fo7Ts14EjgMrhQbXmvegnsHXM\/e81QlFpnv8g5MxanFkxvc8tpr5XG8iFjGEj0B5WpJtuN7iq3z7nOCacYdJnYIiQ1mj01qFmCvBgbk7YWiMeiphglTgqhzvKbmvdg64HnjW1Es3AsdqJIZcqRus1DnD6rJkzYrRXchiyBhuQib+k4UQlm5hCqRnHhCo0J6LX8G3XGKSCadYx0g\/je+W+T0O4r2F5fhnLGmT5SAaG0edh3T2twOAFHIE1AKO0jwTDI8WzmuX8IYPD0YnpDPvt17DYPFIyDeOH5gIqsgYQjFZlXs0IHo2lM5JW0A12vTGEMsk8+9e6Z5fzuyATmFSi\/OqkgDSsNxnDgACPXJNiajuXioxc3erSKiDoxs9ouJzkif1wm\/7ixnjoy5M0DOvckjBD\/OuCCshIfuURfWTv6hvrPEQlix1SFn3RMCx1Pk8jg9thsFNFl\/Ho4MdvMw2RhXIz1+gcRUh14NXK1ApyZGsrTB7ViLQn5jNKtp2pdyf3KZPbaFL0Y7xQwOI0mvHL8HI43doiRf2crOMA1e0xs022LMvm5ySxZslF3z12zvalkvgvXb5OTKfwdssL2Oe\/UhdSppJObBzjA+FEs6Qfqh5bbz5aLbnxUlfYLmaNH+0BGi0hDTR9gZKHvTc2n4i900kDzzljVKsSlloNHgG4EshpTKWF2qFT2gsSKXypzJ7NmQ828JJYAZILIPg+FVeltdmCKZo2lO8FnakEKnB+A1cgn3\/xiCZQ+iDtSE0PJPFtZhhnpzFVQskhj6YomziDSO1a9fnQS0ICnwazdMcaC79GE+Zu7g1HThSx1E+aCxOD5MiNFMbrPUttd31nncq5ZDTQlklu9YFBeFEnNhjw7XV5SoHsICDX3Y807hcaww8O+S3\/ZZCHYrSiEoVXHK08+KrmgIfxu+0uDlNCswB4hQR1\/YEd7kLTjTbBWxK5h2KWCvESNP9hSvk0ChuucR4GXTRQ8ZJIb6PxRfICjZ8FJPDMEqg\/LMJKaLCiKRq62PLTEgbmtE7W7wFMwBCvtRBZFheSD6YcHVovYACuFKvgHYWtpT3Rd1wYRfqLJlwTjGraxth34Sw"} 01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":3416,"midstream":0,"thread_ts_usec":1646827637247974,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1646827637247974} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1646827637247974} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918040 bytes -~~ total memory freed........: 6918040 bytes -~~ total allocations/frees...: 114164/114164 +~~ total memory allocated....: 7495657 bytes +~~ total memory freed........: 7495657 bytes +~~ total allocations/frees...: 125896/125896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2460 chars diff --git a/test/results/default/quic-forcing-vn-with-data.pcapng.out b/test/results/default/quic-forcing-vn-with-data.pcapng.out index 210c4eb79..c9bc68133 100644 --- a/test/results/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/default/quic-forcing-vn-with-data.pcapng.out @@ -1,15 +1,15 @@ -00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679647550075975} +00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679647550075975} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550075975,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJpAAEARv2bAqDhnwKg4aNjjEVEEuDJfz7q6uroQVl708WxeHhsa5mBcIA3qIxSa1qUCjpCO14+hDyjRFC7TMDsu8ABBMJ\/Xmnp2jeT+WoWwVvVQ1b6O31rw\/qrqxPBc6dRBLf3lEnWUBd3\/w\/JQS4pKYmUdU5xWZGvD8Ne8oIH04WmJmwXaQ\/wvsWrbYxMO92iL54vc6xp1YgRdxw06FeOPLguy4cuHkDCcnYaGKZtOt7y8kZNvtvYqVsxKCmdDYro3zFaHRpQGMtI\/2BuaZBboKETxeu8KUSeXMOryg\/KX2YYDmA7UmGc3kubU3ivUS1f+9ssIOdiFDX3AjohVcBNsmGvrXwTji3o4Dv2KTrLwBHjARD+\/HIuQNvwgHIVOT5\/pWNHA5WLk3tGMFGtipZ3L0RwYWrpR0zUek07xhYkSEEfPEtxXB+OXiXWb+BcdhWB\/SBgLI2MZqCKctIdHgsKw9gQe9RKvDyUP9hML1+k5xfL1Z\/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1679647550076388,"pkt":"CAAn8IWkCAAnf+BDCABFAABXibFAAEARvsTAqDhowKg4ZxFR2OMAQ\/J0nwAAAAAUmtalAo6QjtePoQ8o0RQu0zA7LvAQVl708WxeHhsa5mBcIA3qIwAAAAH\/AAAd\/wAAHP8AABs="} 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550077389,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJtAAEARv2XAqDhnwKg4aNjjEVEEuNtQwgAAAAEQVl708WxeHhsa5mBcIA3qIxSa1qUCjpCO14+hDyjRFC7TMDsu8ABBMA54Th2uKKBTyuFZSj\/k\/wVni1\/VEb4BwEd2wFchfVvbsaxQSyafFU602xdhY\/hqar3jkXSMDx4Yap9GDIKZkoKX712k+krCrY1LxWCZrqSZ5o\/n+IAhPJv6cc1afVhlFktUj7Ej5rZTIzF3usencZcTKebYdF+AofoUiIpMDeGk5q40inVVx2Tq3oiUvrWff2oHgfyzHIPYWDBQJzGlYdeJeXC8ovohighPQjpowSQ0MAQJbZn8zvwsLjPhaNP87kkehttCVjTBObELNAx8vzApvZ4jVGUqRU1\/g1tZlIH8u4AP15PU12drUf16x1tPlNvnJKiF8GunDRZjKaGQA6rtxYnlafWaArCeN7VOyBATjJkYKwZaZcohVq9\/pCDytSn6SR1eUTlsjMkcUWeYHuYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01678{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1679647550077389,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"86871fd0d48de0c82beec154cd3f1744","ja3s":"","ja4":"q13d0307h3_55b375c5d22e_f0736a66fa6b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3,h3-29,h3-28,h3-27,hq-interop,hq-29,hq-28,hq-27,http\/0.9","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01637{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1679647550077389,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0307h3_55b375c5d22e_f0736a66fa6b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3,h3-29,h3-28,h3-27,hq-interop,hq-29,hq-28,hq-27,http\/0.9","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1679647550077628,"pkt":"CAAn8IWkCAAnf+BDCABFAACBibJAAEARvpnAqDhowKg4ZxFR2OMAbfKe8AAAAAEUmtalAo6QjtePoQ8o0RQu0zA7LvAUcWOciqnjsDzc3SKuu6g5K5ExooZxdWljaGUAAAAAAAAAAAAA\/\/\/AqDhnVl708WxeHhsa5mBcIA3qI4k9mX2UyYvHNrwCtPdyFmY="} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679647550078584,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550078584,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJxAAEARv2TAqDhnwKg4aNjjEVEEuO20wAAAAAEUcWOciqnjsDzc3SKuu6g5K5ExooYUmtalAo6QjtePoQ8o0RQu0zA7LvAmcXVpY2hlAAAAAAAAAAAAAP\/\/wKg4Z1Ze9PFsXh4bGuZgXCAN6iNBMBQ6vULpecHOMAGYvn9a7v5AvMXNhHDADjN9w8+4JawyIsFcXHSykMFbD54LHYQ0Y0\/gglw5uN0p44Z+7ai6KXvl9RuyJhEtdciJ+dYAYmzMp2MiXXnkeLuE7JLbpEpT6gFTjs4NN7ToadJAWHHhNOX60rnA9b5iTYa0VCKX7vVloRLUhxpcePABr\/SxFgF5LMJGd87ISOSaIaeoCltsIM8MOeB3o1aJEgNsGDysB\/iMwRNBSdVFP7ziX73ptxXwVuRIPMSsvRNOYSXyJinUqBZWtKWf3C2oKmz9VL8pHiF1GH8SnrZmbB4PXoA2kAqm\/7vQUDXwqk97ThrGeX2UciEQiyQkeuDFANh6SgmEVjeCan9sdW84wWot93kMdgpOk9VZI9f+t6L8EyrjtnFkadoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01348{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550087772,"flow_dst_last_pkt_time":1679647550087186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5466,"flow_dst_tot_l4_payload_len":2691,"midstream":0,"thread_ts_usec":1679647550087772,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679647550087772} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1679647550087772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916610 bytes -~~ total memory freed........: 6916610 bytes -~~ total allocations/frees...: 114181/114181 +~~ total memory allocated....: 7494227 bytes +~~ total memory freed........: 7494227 bytes +~~ total allocations/frees...: 125913/125913 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2149 chars diff --git a/test/results/default/quic-fuzz-overflow.pcapng.out b/test/results/default/quic-fuzz-overflow.pcapng.out index 65e70917a..07f32e71d 100644 --- a/test/results/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/default/quic-fuzz-overflow.pcapng.out @@ -1,10 +1,10 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633957625000000} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1633957625000000} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 03089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"thread_ts_usec":1633957625000000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="} 01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q024"}}} 01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633957625000000} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1633957625000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907655 bytes -~~ total memory freed........: 6907655 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485272 bytes +~~ total memory freed........: 7485272 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 630 chars ~~ json message max len.......: 3094 chars diff --git a/test/results/default/quic-mvfst-22.pcap.out b/test/results/default/quic-mvfst-22.pcap.out index 40d728587..1b2756552 100644 --- a/test/results/default/quic-mvfst-22.pcap.out +++ b/test/results/default/quic-mvfst-22.pcap.out @@ -1,7 +1,7 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":24710880,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="} -01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-22","tls": {"version":"TLSv1.3","ja3":"a3795d067fbf6f44c8657f9e9cbae493","ja3s":"","ja4":"q00d0109h3_0f2cb44170f4_01b7bde4a3dd","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05,h1q-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-22","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0109h3_0f2cb44170f4_01b7bde4a3dd","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05,h1q-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} 02197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24717506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":24717506,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAYAAEAR9MMfDVYICgACDwG7ixEE7JMhzPrOsAEACEhjA85S+SrVAETSp3xd4I3jcnRue9L34hUuKLzlfpPUk0DMF1\/VFxThZTibHyGTQPaeM6iOotElwwAC1lRX5vIn9ya6YsAZzR1T20xEKAiW3eJkBYrfQ3apmceqTTBCX0bJxPnVeRIzBODDHWoJM4cXlDC\/p3lohjBDIh+3Pmk8tNap58UqGgjHnaigatc5CgFJHJWL+Kd1f9qcpuyZT1uB\/ns\/WT+PLudF\/jQ9707j1mFbnqiURY6nhTe97ZArhq7t1JVJAsO33k150ABBjgVdT\/6wgI8ik0OKmmJMbfb2L+7Ixq0YAACyySDSzQt+wcslS6ksj5zkeJG1dT9Y35jxFQSLUO32yxmbwQFG+b4QvZMRJyJvqfQ7oSMncZe7gs3wgTuaXe5geZfkx17MmRYXTYrf9pvAukh+MM4Q8hjt2gZyy+8MqEokO31Taq32iXjDeFgjn7q\/sQ6rvlxCVyZt8Ccaw1VxzzUAQNXg6QrtjGJsnqKEgZqyevLn4vgbCyEPYSqzUTMTMLMrTP+YLSeAUyD\/0KlFtPE0vwwFCXwILzsVlF8Hrkegr6zVR+h\/fNZFiUKr8jA4htexop3\/TtMjF2PSObMi\/B\/O4yOQK7dMjsb7j6HNoUatgqnfa\/Ep22MPaFjhmHCE5j8WrQYwGpwTuF1k+FX+IBnWV4aUFnYpvfr221AiaeRWseWythbDWPKdPOoQEd\/nzlYGC5Oxk\/91qMZSP6Qi8tEzsAHdyiB9WngqFXo1pqCT6\/T6hHvEqNor+wZ910MK6fQ\/Z\/7idL3\/nnBnU9m8lqNNZM0XegQQnU8+PD\/XZhQjxUwoqqNWAXTx+KKl5uQmMcpN8TieU3aBwrb2x1xcZVNXnjwFxiEsI7kDQg0bAdgGrjrWKUk4cVimEMb0EC3L3V2ZK9Ef+8sswkJ6ekYpwvMTIYU4ZOYeN6c9agkkoqzbCCHeRQql9R0YriJFUFgYENUK5b9nwRNBW+A+lZE8ptuzw5xsFcuyBXpjCKYIgsmKcLlQPkBkV4L5QGZQzzBmN2GgfUAEzN8WWVN0hJqYa9YhcX7zxmRv9gsMitNksaFnr6AlihFLFZqlT9Y648AprztjF7njBZZ3u+CXpZkG7Px2yrrdTouwjAToPn\/AdVmPPTHV6xKp99fDbwaMyfL+yOcnJ2plbK+wkS1jsiP\/yDk9VzA04xL0657ViUEAuv3t4Pev7pI\/DIFdRVSmTSWKvywkuBVJ\/VJOp\/6cO+Cy5FlDhTQR7H8evMXUaEHp69QHfF8fPUAjUyJ7IMeXXtuK3UkzI7UvsOqWVYGkA2OumbWmFRfgS9XBGi3DmR5otgit5Y81MAvHsCQ0V0IB2P\/yq9sRuL6R8TwF63sAvaPwfsPjICjHyZ2krnIlWXUbArKvncQeHm1H6y9ztqgfn+NTwpQWRfi71aj5FP2C+U3RB9l5HqGgyZJ9tt\/Xiom3MonkmdTNfE9C0G+zTKbgAzuir0+laGJim+TV37+wtcreN2P4GKPPo2goOCnc140xbDBLn4BL2axie9RcUyuxXK9wAWvijAfXal3f1DydwVZ8LxwK8o06yHcTKFQ\/sXJaHnxv2HTtF\/v0IBQjQRHILVxnhCjAh73MlFUFSG3zJQ2aU164W5cGJFQS3\/OOJsBbuI1J+KjSFQ=="} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24717680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":24717680,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAgAAEAR9MEfDVYICgACDwG7ixEE7GUmy\/rOsAEACEhjA85S+SrVAETSuH7quCgS8Qh0D\/bDO3gFDyLADGIuWnyCygbJxoXjp96KXvspho+865YDAISOGlOK6zOTsHDQAebkiFhwjAE3CGShccg0NcaDyS5u33R8Osm0onTcQUcavm+SMZHNxND0mAg59a7z7rYhXIsBKLYSznCIFNmBhvnQ+54HWzq4kDWVLL0ptfvb3giThFXk1AIMtBbaQwMGxHg\/8x0s7Ppw1zOCvbNuFb2SaGK8woqt2broJB\/xJJE2S1FwZCmQqqrE1mHTwDi+8M\/OC1IyVNxKVB8saqcFSbFe3BJEULgEgbvBwmfmNN7Wau\/J6gJxg5w745\/ujGtOLBoEAnkzp3XoTJN0Y42xyNe7RF+e2AS8staHpKBMbgG4b2fukqv0W5QWMOb9XdlK5lappO8kEpmoLvACo9Sy1bI0dfdz52edGlrvLjFy2h3zOMrwDHWDRiYmPSAbJ9pyo+VCqFMWVDhQI4ZmsKudQZcU+vReqpUp36fwM5gOtsh2Hk\/S0k+EHqDAZZLNzSF4Yr5ZabIDN\/R6biJU+FbtoUG+RJBpWcvmHAUftMbmErNWLgTpRpllj3nUl2F8eMASJGjRK8oYFrTV1fl7xjdeBam93XysGVWS92VND4SDvDULI6TRr\/337rNSj3EREqThlcSaMocH0kz+\/upNhJQxDeelV1RY26qv9bW8VdFma6p7uhfRK2roH3G5uc\/+tiG6qdmRct7WQoGsbTeaFFwB7Ji7Wtb9Amekof3OVUrPd+6iV+W3mM4hQL9kRTkFzHEd\/WA\/+8ZmZ+0XzQrpy3WwRvRc4DmvV7nvOYs8y+909LdGLV6CpRLEK1604OVZbyXxVxq8+mD19ElUn1g8QnbzGBFa3Eif7B0cGdFF8WqgYvqe7ufF46ZJs8QD63+SQv8gGxmUo3SJWQ3Yfj1uYEYSEfqi43AQxOFbKmd5oqszRdikvUk0Zh8XMjntw3CR4tWh1lqTR3LIN8Lt7A9gIRX8+3G76YoaDY2JIMjxOuLYIRBVe\/VWBuKPMLqRCv4wvIDach8GKJmbI9PTQ01q1Z5kL\/zM7jTdFAlentpckr6+ua\/D6t6rLd0nkkL8d+15pg8\/FKhrDBHA4Ml4BRHizjz4SpRJ2QEiV\/niWkbX1e0hkpcbZ2xmOFDZW\/9O8RjAOdM08kiCSbKZTUpnl9P0qLKtjystpZa5q8OrBMgSHUgHM1S7geU06smT7+czbBGnnd5A+6PV0mPwqueT\/OUV15fL2NUOxgfqhC8iKqRfJcjzm8CssrkrLVEfaPmw7D7KOm7\/2J64iyqOubriFO6KrbjP+1qKiLmCaqNeEy3JTylMKWsH5UVovtnGGCKeolJjanKSFdzQ0naGenN7GlArcfV78Zclt+QC9mK2mtHkEiOwhoeprg\/zQujUyWH4lxZTrhtEFhlJUvQKpPst4HYEqZgxQPGS5nmr51v1f2cwzcaORxf3cXeVVh\/GKwiwMjI8VaKzhRxAoKZZ3g1TUl61dqF4liU6GnZkX+YBlPJ80vXLVfIDc4zwsjaBUxk1pJO\/LOLCp5buKJ87EbzIoejsqFXfFarTVLwKw\/2KUHEIwDL1x1rU0t6Q+Ap29yyER+brp4OyVHhD6T7u9LrfjXexdQfUgnSNX1Ib4LZ7OO\/KrQ=="} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24717704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":24717704,"pkt":"CAAnANMtUlQAEjUCCABFAADdAAkAAEAR+OMfDVYICgACDwG7ixEAyZUL7\/rOsAEACEhjA85S+SrVQLDZmqvdE4MW8rOoM9w1rs1Ve9xUoq2hsNz4FSoH+8IX1y4OMQxrypqkjJmRSoxWAG4K1BtToT05DqZDXPA37W+oiuzYsAIvdZTBfcaW6sfsKLCaOVSC5AxtXemXyvLz4KBgZJ2jBsRg2KsMK\/6hkk97+qIGO71thTOTR2Uxubh0E8pSeU\/BRpDPuhyvo23drRHiiQm7fVAfdcFggcOmmrpSxhmnVdz7bvCj8OeBJ0wnOg=="} @@ -9,7 +9,7 @@ 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":24710880,"flow_src_last_pkt_time":27201767,"flow_dst_last_pkt_time":27283563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":6836,"flow_dst_tot_l4_payload_len":11997,"midstream":0,"thread_ts_usec":27283563,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":163341.0,"max":2090987,"stddev":507077.5,"var":257127612416.0,"ent":2.1,"data": [6626,174,24,23,15783,192,68,25740,0,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11]},"pktlen": {"min":52,"avg":616.5,"max":1280,"stddev":577.0,"var":332915.8,"ent":4.3,"data": [1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280]},"bins": {"c_to_s": [1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0],"s_to_c": [6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1],"entropies": [7.865873814,7.840335846,7.856841087,6.935217857,5.841008663,7.844548225,5.975329399,6.068257332,5.408033371,7.120600224,5.413970470,5.168682098,7.824946880,5.206433296,5.433454037,7.633729935,7.839689255,7.820494652,5.385004520,5.200210571,5.379368782,5.130220413,7.847099781,7.835284233,7.857980728,7.824029922,5.854679585,5.473884106,5.168681622,7.866020203,7.849047184,7.840563774]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} 00999{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":301,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":74922862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195043,"midstream":0,"thread_ts_usec":74922862,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":302,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":139922848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195075,"midstream":0,"thread_ts_usec":139922848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":490,"packets-processed":490,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":139922848} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":490,"packets-processed":490,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":139922848} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 490/490 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931944 bytes -~~ total memory freed........: 6931944 bytes -~~ total allocations/frees...: 114648/114648 +~~ total memory allocated....: 7509540 bytes +~~ total memory freed........: 7509540 bytes +~~ total allocations/frees...: 126379/126379 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 2202 chars diff --git a/test/results/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/default/quic-mvfst-22_decryption_error.pcap.out index 0cc75a774..5d5fecc90 100644 --- a/test/results/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/default/quic-mvfst-22_decryption_error.pcap.out @@ -1,5 +1,5 @@ -00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593498296832000} +00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1593498296832000} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 02182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":1260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1260,"pkt_l4_len":1240,"thread_ts_usec":1593498296832000,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} 00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"MVFST-22"}}} @@ -8,7 +8,7 @@ 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_usec":1593498296833000,"pkt":"RTgAapbBAABAEXAICuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":698,"pkt_l4_len":678,"thread_ts_usec":1593498296833000,"pkt":"RQACurDPAABAEVPiCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296835000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":38,"flow_src_tot_l4_payload_len":3572,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1593498296835000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593498296835000} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1593498296835000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918012 bytes -~~ total memory freed........: 6918012 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7495608 bytes +~~ total memory freed........: 7495608 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 629 chars ~~ json message max len.......: 2187 chars diff --git a/test/results/default/quic-mvfst-27.pcapng.out b/test/results/default/quic-mvfst-27.pcapng.out index 0adfd189b..bdaf80f94 100644 --- a/test/results/default/quic-mvfst-27.pcapng.out +++ b/test/results/default/quic-mvfst-27.pcapng.out @@ -1,13 +1,13 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464206,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464217,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918304 bytes -~~ total memory freed........: 6918304 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7495900 bytes +~~ total memory freed........: 7495900 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars ~~ json message max len.......: 2275 chars diff --git a/test/results/default/quic-mvfst-exp.pcap.out b/test/results/default/quic-mvfst-exp.pcap.out index 8f2485805..bba4d4ef4 100644 --- a/test/results/default/quic-mvfst-exp.pcap.out +++ b/test/results/default/quic-mvfst-exp.pcap.out @@ -1,14 +1,14 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1600365863681233} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1600365863681233} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863681233,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","quic": {"quic_version":"MVFST-EXP","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} +01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","quic": {"quic_version":"MVFST-EXP","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701938,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYmwjO+s6wDgAIQAXJhFchLk8ARL4QIqQn9j8g7J8Bh4qCkeFtB5\/0FGTn+dKSN5WCFIbqlv7bVzxI20ou9DR4wZtJJ1tiJ+xKr0U8bw68OiZZpHUxdfAbQt5z9nLh6LwQjhupiCyRyGRG4tZtrrKw42zS4Ryis2IGVu85jtVJ5nO+V0iHkiCiLoE8hCZ0cGFWISDSv1dY3S14L6Uo3v29iGRvafufSczvMFlG6pV1Odn60vjKDyGOsjNfQ9JF1v3zXLwm1apIxIVcfBTY7dYxW+7A\/6rJf9YKYeoWeijbkQb34JP1dRaHcbT0etmi0uxefz\/YpbkDoFCI2oRZYlTE23H22X2\/8qTclFOyvh9\/vrwFZRygQGeuEH0eSUfPKF67ybi2A9VLUgtZeELBeNOyIaY60evevqb5J2vN5l8HhG0zOtje8P2BEWzkJo0Csm59hN04WUIa5ATdibyB79oIitMR\/RT8b5BC7j9v8ipjp7vZOZEdpCwIDJgn2+33CJSdL94AfQkLgk+uiUPVfgG6UfHrZnytLApyrmygXaAukdakyxq8klTjQRRDyfNa3VwsyyGBmq5gY8nskXcJNY50BpTnu2okLH4hDlVPoMhoCfYEzT7EHkcCPMiRCP1enF\/yeF8dCloVpkR+7DVld9MS6A1Lm8Vh1cgyHuQtCdgJL16zetK\/eyN+QHBXERWmIl3nQXc4BBMK5ejTHXiedJd7krVe8qEtgPgfs9wmex+wAK7s5a4apAlIsdt8wz8irGiTLVD13enE0LCSiK+iT4XC+unYkKdA\/Y+wC15ozprq5ssSs4BUO4\/LwAxujOwLjXa68Kc\/HILSJzhfUsfYNAz8ZOR1P4+bGu9drz2VDwRHLiESKyby173GizQy9QPlUMhgv8zZQ9s8\/V4XeqMJ2FBmnAhANLW8ozDP3m1tk1Eysb4\/m\/zhRgvMN6Md\/gGHDzGnf86ee9efaPJdzEGlKuMWsJB9rG8dFeoooOlhDVE0RcRoPulOkfUBVPkd5y1hJVChJAS8upfL7rieCvjioLCngyXZRWw5EtbWEua8f58+BR4BcVUt44qeVBM19jSN8fMZZCruGfLvFJ8LXrWCMFf8QO9ppSf6AUMeDx2xJm\/vFPFkKj8USDUUV3A4BGBehJmSMJTIQdNx+L65jyOdOELItpQ53YcWuejF0bJ6ksEA2i+ns6L\/A4TyViXUhBAVmjDLSCellA9lXrJ4FKFi2ddTtc7XO4WCnc0rXB48fPr0idZPP5kV7JjzsYEnZ8xNPrb2\/crCya5nVZMRH13HQUZZTbK+kcSm91aipEqc2RxTK15a3fE2lVuvJTMS7pY+WzcwkPFNhssmcyRE4TsroEk6noloCsxsQjvyZSEcSwSKx4KJegr4NeCh6RxPXe153PB1fX43\/bpL23QEtBIoibzoy6LAuxzsnv2SoFcWb+0UW2hrfng6tjiLOL78QaL2I0pt8Q8p5cHXe8AZixhNLMuBlkVaMkSQfTYE7a0q89JM+YV0fG49Y5VAbDOBtfzmYnlO9p9ri9AifV7FZEwCvdDlnQ+KvbXRJdIOtcMSTz6mCvUiZ2cGGkiUCLImG1NMuhrftxnzx3oMcBYdm8CBM4CS3ZhaADSEfSg2j+9P8DImBKXKQw=="} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYHDzk+s6wDgAIQAXJhFchLk9Ev6msTcUGYFaKjK1nnOGqPfgGmbd2yH7YezNJksz4ObKOyK4ooRfPYXnIwINVzU9kFmpDrySNcGo7oy085NMAXtrRBQxP\/BNGfiNh2k7HVEmtnbBrN9B4q0PdqBJlnR3nfvlqn4KMbB+v3pyflyp0t2eXjVN9BCvAEWt1323hMhRhYp7IjuM\/7LS+4JZqwAit2H9\/as8+O1Z3qJKcua5iRqQUGQX4hx+lXxOP6XwWXKQ9UBS95a7rhiJrqp9UhK13hVq2njbzA2RTKn+s6aobHuCe7WYl8MS0v+T1I2mq6xhFweTuG3hdPnqOkRm4ZoVgOJD0lCKOsJoqR\/flxx3xDBRfRXA8iUDaNTTEDU\/z02HAUlthQ7j4NctXjWeuXBBlOg7myIMc\/qdP9kFsh+WR6c3MixjpAvWeqwTgRfaK9+1rOtle4mwbhL9JoI7ra+3Gv2NscrKYby4y26dOybmnMTxwtUycCSAskoGy0VBL8N4JHmZ24PfumlXDiIGg2TKa89dG5C\/HkH2BkzPa1N4KDB4DWk6vrxpVEaDtN+T4HBAwv5vr27n4ZsI+e+KkpDTUVeRt50at0s6GoBT3dU0bS5u7btTCPh9Q1wT2QzGXBx7LpZUB7WKGCAuzDm\/R\/0DsgE98U+jp\/GQA0cAouUv\/ia5B4dArOX2Hrh68\/LWZUcgSOk4Mb6isI1HW4FG8qqFdvzMsYyg1nY6\/mwkjTgfzcUcT8HuT8b3VEAFl1iojo++o6URU0CqxVGRv\/\/1U12juUa9BOlngQwkpzTFGYZpnjBvHYYqGgaZguBUx+OsJazqFqHN19AyL0Cexa75QT9qZtk9tlxGc5gUfqCX+xv3PoF1DxwRReTjQ6GUHNrQvfC+a6lJLkY2Bl3ty6kTSniC0uwNMTlaRzlXCmLXOF\/spgpAb4J+XbuA0NFIBJPbBj0R9yb2qZMfcDSVc01ubKMDR7P8+q\/ujxavqxlOlRZ7sWwAht5G68KiSsHb\/3\/\/02Hn9LDN5RMC7i0XnG5j+4mV0HA\/xhs5p4cwjOIcpOhsDt89zfffoiq59dKLm9k8JMdheqZnJmgMgBN6WVdrtRW3QVuAWi5RMKLwkPwNbBlRiZ7vzcC0isWQeIhVQokyi3N3zirO2CgYfmItTVGQ2zRdOvhKQCqtBpADZshhP71+ve\/mG\/ZuBnSTjROHtGsF0IToyFyclFG850LYNt2AK7xXn6KoFoVxoXz2L1VgOHjSwdoUQ19OP2FjGJxXDbRibAbzK8ZTPhWbes9V2wQus09AwDRo1tAPoOt8iAFo0luKi1hunaWIbYQU7ulHqooKgCNKaw7Wpw5p7aBaAi2l+FM0QE0XvSek9UgM9xUI8mGJp9C08XT9sbpCwgHL3HCxNUV5PMTiLkvNmY4VY0RA6MyaCk5fo74e5RCmQDSSqS96ehyCpgP+n+wZ6UBRKek9YDjVH4RHvmZCvYco7SKBDJbbMddFHN3+HFbSO2rxv8iuy6DZaiePYnuW\/mxUn+OUffPWu97Jt4A0bz8W3eamvrlSSbu6c70YR1qFE42450VRE4NhhFL8v\/i0jKrz069uRv1GcqnqW1Vv22X49oie0v9YMThrSkmy8c0tELsKMRwtXMA=="} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTY3BDg+s6wDgAIQAXJhFchLk9Evyyob5bYFNRx94bIG8Pq3hC5er0qmaO\/vmymM8o\/cApqIrJy2g30SejxFFp4qLrHRBshhLdfXAgbewyxghqNYdqo4k4fpzcK0xKawv3CgvxOHcjXBqnCGSVcOt5upMpAgkw54ZxaWqJXqyhFuwUnmywtzo46yC6KvzQQc9tfL1B9K3oU+MT0vl22vWb+0Lf+ZPccL0Zt1Vo7c7S+L6sEFDGA+z74v400bOtFD5pPoySzO82f2RI+aD0cO71iR8QdY1NDbmd4X7Moe\/yOsMq005\/rpHUk2+xJ2FPzq8yHfLobQcqchii0EMfDk1rPsS89JSeCNY+vs0QJr7nQooTrHMjcFcBWoVkNz4ZMShcT+41geU9drLAJFokpeyDmOzN01RApZm2IhjjYCjQouWgT\/RoPALA70snIVGTxUaI8effEdV\/esvRgO0wPS3ufzmveSbRNR1KcV3V6t4SuvG2+qOGFSPTdVrzd7HwpgVkYmpC9kmjvG8DKo22x7ZojgSkioA0bYQ3x\/KLQBexVHIB4Fzaf4jo+Lvjudx7sa5tts2dktvsRG3D+O4zxLAMtTsnECcINoJkxhsYW9jjkGEoUHGbtEErWBfZfnh8zXYheEpRjjsN2JBNbpwEir2p3EFFNuMzs+J+nsSyty4dS\/NSH4115DAW4aZcQSwLfK4aN+vZKGwIXYj1E4VOhcmeni9823p5qJQhVsRpFzsv3nflFBO\/2jt2Ejyv0rmMMyF5E9UNOP58UMq+sLQ+NnFaJNiaL7FPFtdEziXyVmwzDrEseD3Xtqj5WXao2ssrb9ELRX3v2h0LqYPqr38ho12KiIjeOF89DmimQh\/R84lVnYxOM45NO1EI2fjHnuvSSpL++OZVJ3Pdv3A6wgrpI+DlboZ3MxMau3oF11F74N2YkE4kQ+yG51LL46zd8RHea7sUx7RrEcm2QsOvwgrrU\/Z3y\/quTgZ9MyMsxzAE5Z2ywzGQJ+tVm99R+d0LrBTiXATdH0bTOf+ppS6xyk\/7sY9nVoFyAXPE7MDiKYXlY2h1SMzUHpL8AmcR3wAnQ1a2QDFvWLtLKW\/btEjTf2b7ByngLAfA8CkwmSsL24kpXymT\/ZhRFFnqnXNK9CXSLgl53RVBDcmmqQgxqUnZfIldLBt46O0LHX2Q+Q92YDI4WDBqGsgXXpY\/4py77CpzvWsdICv+Cv6g0K52IxIthchxDT18F1aoGuaKPfIYvjZakAYa1kpKN8XUWEQ7w+enUpmmYfpZ0xOh9vG6o0hjQVu8X2GXtJb4GVQQKUT63WyKMfspY++Flxrxr5vkDm1GmVTyDQiHqlpI270U5lH9CYOYQz2cKc5fxJWES2\/\/WZtNqYINm4e4GZUsTXenMiwdd918MZCq4CFYETnbAUx0P0X1v+Rxh6KAau2EE4GKnCJgPdrvzKpOHtaC0U8wdRmYn9lK0BTXw3++M2TAKJ7kPt1R4W4mdVG9PQQGlwVWPyWPj5pWt2DnNBHNUXj0FX3zRrt\/7+DrzSqWNFKrYcEaRLurEvc9I9wibxxwcGNF\/IAT\/PHR810uEvT7csMZR4O5za7JiCcKZYtoTcWmUJTM+hP1+5SQaIyACBf1xadt+PZzeKqrxvwpLFA=="} 01300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":613,"pkt_l4_len":559,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAAAi8ROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wIvdFPn+s6wDgAIQAXJhFchLk9CFmcM73CUh95lmczPmpzf5ZNI8IeO1WAp+GYM7Ki28TOD3rDqZeVpJ4eVbE3sXqFxAv48SfZC4RA1WIY6\/RvKVhj17YMRO1B\/ABoaHyk5UDr7StQpOuCHwbL8GyJkK8V\/AfNgFOoeaf0RiSxe3Z189tM2PUGiQ6SWWFDQ\/HsxYbe0cn6JAXiZk5EN1Wm6zkCb+qzQabFz5TgK\/Qo7I\/hLmPt4Cnsy7Zv4BmmkYC8j5YaLcbyLo0WZBB6VGUUcEFHgI+MccFtfD7y\/Soyos3ZZf4ARZE32lJQwHciqD1QkvR6oVrSAqPEM9SngERqYruFpkL\/ha7bCEe3C68LXjWs2M0uOGQc8CM6fQ+pVCklz0cpuyl4QBvIZREZAHMzJrTfW1oGcQ\/tTjPoG4CffvnsGgn0uH3PabZriRqEQ9hOWyC11Ea8bdNWvNOuuSjB13uS2KuLfV5xAJx2sMMZRF35OBURgpm1oSsp6lG3J5oIWyJEk\/NN9pTMisKM1Lb+h132vTa4Zt9oBWjd\/a2\/995t8CfXGS+9lrd20XD75zGzc6S9RXwKzEP\/M1lvotW7ueHDsV4tqmu+8XxnGd4cCaTSnMpiogUMUXsYzcPFojS+oAI7YLxyoSj9ftVhfwyRA1t4Na6tBzC24NM9W\/hbT7AZlW0YX5gE+8LXmfFB9Gktd\/l2tIPsJspF\/u+DabDf\/9et1Fgqr0dP0uw=="} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":21,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863836720,"flow_dst_last_pkt_time":1600365863839043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":3496,"flow_dst_tot_l4_payload_len":20953,"midstream":0,"thread_ts_usec":1600365863839043,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1600365863839043} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1600365863839043} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918597 bytes -~~ total memory freed........: 6918597 bytes -~~ total allocations/frees...: 114188/114188 +~~ total memory allocated....: 7496193 bytes +~~ total memory freed........: 7496193 bytes +~~ total allocations/frees...: 125919/125919 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 624 chars ~~ json message max len.......: 2229 chars diff --git a/test/results/default/quic-v2.pcapng.out b/test/results/default/quic-v2.pcapng.out index 5e9d73fd3..82c53d624 100644 --- a/test/results/default/quic-v2.pcapng.out +++ b/test/results/default/quic-v2.pcapng.out @@ -1,14 +1,14 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671528048896780} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671528048896780} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":1296,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":1296,"pkt_l4_len":1240,"thread_ts_usec":1671528048896780,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusE2BFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbBNgE69ZrM0PPCAcmJyZC\/C6yCBH\/\/epFJCK4MqGWwvoV7EqZs5m5EW6yxe8jMGVCOjOsFtsb58R1QeHbyTN7wDJrFztAv8sR0ltkfQ6BQcif1dT+CuBqOkliOSyekcLhs5IK4\/EqcSiu1Vc2I2kZCMmWKpNsq+GH5az05AR+b+iINMh+SMq2M23PZZk03\/wTPgtGcudOgaDYAdQf1qvbbgTCfZyDF3HiyP4OAl\/iKBimU\/YJu\/f1ADkrg1eb2y71BQd5X3v3pjyTnpxrgpLZ+vv9Da\/xk1DMsxxHOYHdz\/NeLURGVCejzo9fkdp4w16Ueb9tNytawgEphEx3BSVBBA1PLxVn3d2G6+CxjvzeZtEJjuejMOx3HfXtyZuqqFPvcrCkm2hdl2+DYA5bvtEvscEj4Ym5CnWFvz47xC7wF9Bgy0Y4pOaTzJ4EkWvl6mv18LRqqhZmGdxGWg3bJbiSJiFrcNxJAUKE7lEso7o1TN0m\/cOjbl5BaTBp5\/qJ+0XYxoeALINiRA14qyxyfngnr1ZjvpOd1IiKziIUGV0OiGH337zAw8iGwD7iQk2WAZIBAVjAFnN7Wm7a8J8T9l2DDkdsQaB8fmut\/B\/y4qcLDxrVUe9Cng72sNhbCDTAj\/3vcK8XRa1huDOBM5aArjm5yS5c24R19e\/Xt2s\/eHcSZDGWC2Clphs6Eu4eXx7qeVixbQxIWZv09r7jazNDzwgHJicmQvwusggR\/\/3qRSQiuEKjbkbUQfjD91bGCNQXlD+3eo\/cE7mUA+W7lNaoCdZ837\/+ANaHhiU22Ny7mg2Uo6oIDI\/kA3nVLT+YKlIa+ZANgDT7CuUEsoBz3FmhicEmq5\/mNliNEDT53ADrsB6HKdZjQE4A8OOOkCr3LiuSOH3KuWvqK0Rbjz9sK6+z\/AGqFSv4dMjUs7Rr+\/W2FnoTnKTNpxqRd2KzATp7bnvLn+b8E7MhNjbdlziRdOVtYzAqH94vIJOOIMe8a9\/oiQUotTxy8fNG1ajZZKRvL0nqVU6zdUqHiMru1\/xuSazSUwLz+OU7EXMmSkQ+ZlvAnTpz8YPtPeuQl0psmTzQqm+uJOI\/7y5JNBbYWPmB3aRjLjBrdUTsn7ZcFEuutFbIlbr24xD2EVN76OB+Tr3ew4PEVf6IJTmwj6AHOn5mzF7oH4Nt\/sPvQ9d9wwsmDr4X8cE+tgmJfLo2SOvgp9rlCf3f3fKQ5p16JaxdsZIN1YBsYWX+SQX8zdljVWNog8l31o2YdnLB2Wxu+uGb+nSU+Jtm1h4JgIR0SEY4NEhbB1FYM+00rhga37Tsdpg2pibU76JAxvHwEKHxQsn5SO3eCghAtmyeJIaY9FY5ftTcbD4+xbrHGBKtQeNlMei6Yvryacu85Vrl4yAdRD81BOqXJ3h60g\/wuOc+2g18Ui\/UZ77sYC96U22hwkgmIwXSbv4h8X3bm1QJ\/hkUWqPfFinVo4HIMDUoT8lJQQp8HWbnJ80ulrDCZkdU36fHxGW+ZVXkYr+DuUBKTyZrDfADc\/jeI7kMKMkqnDPnplqmJYyx1bJuwfdMBUMNZ8ASLhnA9bBm4WcnFFwAR+d7gRPUHnNFZ5X1xttm1Mqqt9JcGKcqFj11uexFaRRssg3lrESzZbA0Ur5MBXNLKGA8"} -01358{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test","domainame":"test","quic": {"quic_version":"V-2","tls": {"version":"TLSv1.3","ja3":"5e685944fc983af5eabcc813add3dca1","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_0a3b52e28cea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test","domainame":"test","quic": {"quic_version":"V-2","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_0a3b52e28cea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 03319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048898552,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":2098,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":2098,"pkt_l4_len":2042,"thread_ts_usec":1671528048898552,"pkt":"AAADBAAGAAAAAAAAAACG3WAtsGwH+hFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAERW6RmB\/oIDZRrM0PPCBH\/\/epFJCK4CLhE1vcYdf0dAECeub3wiS33UZiAjFXSnrkz+xz20KQdqwYuXyhhaJMxwiXPvJDe6E\/P4ZccFj3UhjHR6peFb\/wBeNdsheCMQAuSU6N7zask\/nfxnVvQF+ugE5+N+\/D4tNO3IysKJHXkOSJsFM2VHrY9CPjjkYdrrtg7pJncWXh2d1JCiLY8j\/8upHL\/RKqugiJgGpEVW6lPop38Tqqgxzlsq5nWMdpxd7O3azNDzwgR\/\/3qRSQiuAi4RNb3GHX9HUP\/HsX3+iTvuIocwN9hYKy1\/GqB6tIfRTfHcVW3VwgRd6tlLNGMEWyBzuaNGaCTBzAsdjtPBGvQjSVqgrvWoTsBtHyBXMNVN6RBP6D8vy7LBgnvTaKE5G7XGzKEgfz+m6laExkwcj8HiepBf1f8Rb2bOkPdvj5VUqjLxnXzHYmb\/+NKnTBnpMdoDBf6q\/9RN7xGl2bKzu5zeZqO3RxWypEe1TOyWoLmuzSSIkYabqaAugYK4cKcwBgztoKubjb7nd++PGA5PD5O\/d76mRsoZQ77XeFI+PcfOpeX\/0FPwem5ci0zspUhK7XY+O3o0S32CIuM4Dp4zQxaXlpEwGPL0QVOoQPwAuPXVZaqQu2K5RiJKCm0T9Rut06MfWBP5+8II0uTk10X0xAcPK4mtMan5b3B\/cvtLDOHHCoBsnpt+0NG1wTNnOHE8dDTh8\/q6muVRmyy9xc+7Yp6tCVuJsVznK7IE4lZHQXR8\/Z8h4+ohIDjwrc4ubE3qt7gXqHU2KugdUook7ebvfCxyi8IS\/cQSDkPNISgQitdCnwVpMhkRx7gUHApdIbBngPieZ5uZFOK\/hNz3VANXvvpdVJcsHI+KvePtIDtmxBhU98b3KaKAHaNYh1tjDiGtTPos9hrUWwBMX29Jg85anlOCsY4PuFrZkb5GmLgZv7hmxjr4TEAqXaHuSfZ4B4fNqcJrD0o\/NSKu7q1mS\/wMeiNvy+jsVbDfHE\/UpAbVfTfUI68+O901PPENCJ5DFPh539kWW8Le3l6Ph3CbdxtFggYrG2LFySePOap5TdzeFxbs6z2ekiKNDolPoKQQDOP3982GfD9BJyv1EBNcDYXex4dvjnAwNBjupd3mi\/qALh\/zBQKSknAWCyvgCCLa1o0Qe\/PAN1OsVnN8A5gGvMeqI\/jsEQjJiXyh54irEtrhO6wRXuvR2wpkeu5tNZ3pK331dgNyM+2OIDhPq8Xf\/oBpXzqK3VrkuWrCKvGkladm\/vPr22+jZbfQ6dFokqaTDi8SuRc8Mjd9QVnAWMpBnkiCz3SmlNoy3Ff6Ky4rVnpDd9h0OU7OdqZC23h4YHgSkQ7cIhtDgF7RY\/I5I2t\/5K7ItkSzLxAjuLPnaQy8fXx8jYPI44CX8iqZxuDxK41SkqK45Xcw7NZ0UGExhclph6a8ACb3FoFPcBkYYEm9mTSj7GBbv8jAai2C5klgFxnBJT6M4gfIDEAhc6rMDQCJi+hSWxKrdhzQF9+x93uJQszidHWhK2H\/PhQz2P3iQAf+iaP6bhndfzMOGgcgS6FsQhZV7+DMzcblLXQcAbtUkBIAXdaXhvraw8hx4Qh2lYklEmdwQDvRM8o7J\/VipSykQDR8FMrp9ys9JQ9dZJmuWszQ88IEf\/96kUkIrgIuETW9xh1\/R1BUpnwhmjGT+ndWi5NHLsYUQsNMSvpA8TBwvjZkxliQMaC1RKHMPzLImp0atIQMF0chBIxQPR27dc5I1pbMbNTRJ2yTQEtCZfIjaakm+LPCMCLGSlLi9Wg5E0Kjv4qh5M1i\/EV1eHhEAOpbtgrN1iz02GCa9bl0JfJZbpZwfq\/cKV17+tyCVB8svNdL7X\/E6bJyTQBvuodVQwFlAP5VFYbmZJqrUcRfvbUcOXojzg+1oJxwiIp1KlBWjnOJ0X4ezjIFsxxHH4qKZ7d4cnoIcRAFYRbyr9JxLiJZ6ZUiu+YiiZVArJmT0JqXpBI1biE0f7fRRRfR2plqOX2Ge+CIP3xw3bRMZQU7tEqqSG+h64kEeSem3bFpm8e5lpaaY3SM6fP2Xh26H4dbRWmEgYY6s4UIn6HrMkC8\/WncIHQ38FZ1lUlelGDnJmXJ\/Ph3bo8o1fukKi4SRH\/\/epFJCK4RGwAvHqZ1naXbmZDKl0teDuH23V9arrMyJEDYodp5RJyucoM\/CAprfUeiRzcLNFzMZtx2EJ+OJXYtHTee+s4PZNb\/K3W7PIlDfDhu1bBapzJF1NDmkDDIqowAiLOT07\/d7jdOSRI62I6Hlk9+8euWAeBvLLW+e7g\/DpiYBWS0Migc72rvtWkiimcj3JZmRXId+Uw1e\/KVAxVEhYaUx9qYo+ZfJMVGEDvcABr0vTcp3WlHp1Hl\/d1feluOUfF3oXKRXzpaOf9wqatbL+CQVOUTnFQGMPi90F47Go\/oEGELQBSPk3CEmEcoZHDMrS\/KS90HsSucHQhzp\/c6q8vFGwYr6zzjm5EQ9l8Kr8QRK2Q\/CEFtksNs7PvrqBLCaOusNjF4KGW6xVrMcHRSA3KO6CYLK+AEtYhy16g8N2Bjkc3KXWnssibrqyYLDy2RtSUMMvSjFZ6jeANuCMDNB8lIshR5mVzKl4hR\/35nxkPjJGtgSJAUZzX9oKUcHr+fsa\/3KKVjlLooum7p92ii8RBuUW\/wSFoEo0joaBidUG8OxFLQlSYrk3+jpn5fNPJfoZy4w=="} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":1504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":1504,"pkt_l4_len":1448,"thread_ts_usec":1671528048898573,"pkt":"AAADBAAGAAAAAAAAAACG3WAtsGwFqBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAERW6RmBagFu1ER\/\/3qRSQiuCqRaCk+8UnU2hK2K9d9zPPVIGvbI0XgGM9XPiwx9z9NvjusGABXX4fKlodEz3\/id\/TtpZO42fEoM4he9lExQo2pZpaaZl6UK0elqYA4MzBfG2BDaYXCfb7XUS7s7eDGExf+n4wwi41TsQJz7OHaXYoWsgX8deJEEK381SEw24hQHtmEzjIparc6IZCDobm\/Cc5IKgh27ct\/BgSR0VNq3mrvZYC+WZ1grEV8qCk3HpKNzfiHjbnyR3mJVOijYoNAhHQkKmMj9+6awCcDioyFLKC2pecDX3NXmKd8Coil4SbyMwAbNvmt0IhANqGXXbzPcSOxxPEZ\/i3m4CoUrjM5YO2jgeWzqPhi7zRXM7gjta0zHnwc3t9vYwK1mIAdawBkyueeDc1Zh8KfD0GznAwX6p5kf7LRyDd6S8Z3ADEq\/afL7xCghZpbJDBnAO4qBmvmjFkUWIQoDWhuMVpAVGaIwQJmKUEcKEVOxWEiyDAIlA3KmYzbBjdAm+X05N3mfMmokgtQDtrkfPdgBFfpWmlU8VSbHkbd9iQKKCrQHuTgRBykHec3k86vdTshOy6X5tZmzQXjN7gj\/ERINmVbwls3BhoEypFl6ZyjNxSgYVXmv8CK1r+WSIt8flcGrODQ2ghJAT9vtSCF0NoiGjhh9x+cG\/CXbP72M8yvW6Ay+yhCny65VoajsAVmhb2LehUEnFTEAOEImMqmycKzzFXPFb6SnVfetULH7dWeWsn7jF9feGH4tBNTI12HDMH0o1M+lXjvwWZvOFtgJRB0r9RmLrseZlsmK9y\/4OqoxQQ9EOUAzkA+i+QcLDFe8az81h06K6Q+4pwLk7bxXRflHegFO+ueiuVMfWcJdO7N2R3J5IM9Fsl4L\/ynt\/L0OMKQL1Qm++KoIPqSodD\/NNWziLj2Zt9SHL9OOuCu6d5efFRlt+9QnJgyHe\/RwSdT+l4J+3e93UmqkkmLqSdXMlwq\/aPT6AJfA9hB5CD7LO5PUYb\/RjfwNhSlJ9arMAH5VggEfMB+oCmknp2rw1zTZUalVvcpGwUCU7fhCAWBBtAbTr2q6QJZtOyRYWgvQ8SsUqv3v1XC1HPWkBRhKUza49jLm6xLMBlj\/R6AHqa3PNJcJ3KpfQ1ye0qaS4NVKVEvx4z87U\/LSaBeEURB\/ZLDyMPJSnf5ffTN6pechCohN5KGVbQoEZ0awvlzo3rLPzejF++7sekRY3kmNiT9w6A0A4BgiHLI6ZEVzN7v9UYBJFj9hbK\/wp5oQVjM69j3tvn7Q61kLo9C64x3YquNX0sZFWLnb+UfSh+RkZaq9s3GkyddBSdcQqw8tlimWFM4hlz56B\/xZVFjmSn6Ubf8Gu7xnPFH2IBB5At74GWUWdH7kPezZB\/rs238PZAci6l\/6rD6NcsRJ4a3fuJUnHAClUgA89XIw\/MsDUmZp5bcNT5IiHuBrrdbPy0PiOGUQMDLT6eE6rI9RdxImjMb18LkSnuj4p74nBom6ygA5SrGvdLmdQ7ItNbq+XZPkNAYh2GRapzqiUHQRIerrIB5\/jAuOlCf3hXnHR0YsTaoXwjo7IyFxZBnD84RQMspgbvG78gMbIj6nC9JPMwf0cin+vefUaWFhj4vOZqsHX4b7XmWIt+5SvbLk6D6Yb\/P2ei+4QwTeo1cM1XlhCcNLV+fYQD3ibenx22NwKZOMf6AAIPcyRkn+5\/ksvf+CJnIPLmY018C2ynvWkuwa3XK2h3VFTsn5E42PeDWkZX2zvXkrituU+EFDZUGSiQigY3m2TfyOmwfNJC4EhezWKW5gf\/AFodFnr3IAzmFG03PCLbEVJElyF\/KvNzOF3jzjgANnmTRC6QAoqmd\/6DAW1xVnd9OLZLlEP8NhJj6adej4pJf+doWWHcRY+a24l809CkqDU2hwg7aJgyN6A=="} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1671528048898845,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":212,"pkt_l4_len":156,"thread_ts_usec":1671528048898845,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAnBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAJwAr7ZrM0PPCLhE1vcYdf0dCBH\/\/epFJCK4QEQjqN6ZuLL9MJJBLiNhJeBu1W1LK2Dw2EpAnvhN3X7\/Bjzg6IFOJXDuMbvIvafcgeSIFtrBbbfsrmqtp\/0BDJ4uUOkjFg64RNb3GHX9HW16DJaZYrP5pKZaca6ZmRU9khKs082+s7\/8kvB0maTbmbBpsZJQfB3KjOhCfyU="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1671528048898856,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":119,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":119,"pkt_l4_len":63,"thread_ts_usec":1671528048898856,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAPxFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAD8AUgi4RNb3GHX9HTahAC59jOEgM22nHO6jxIbeEiGpaXFX16v56wRTMhB+4p34Eoum6PVghpele\/s="} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":11,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528049435550,"flow_dst_last_pkt_time":1671528049400903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":2034,"flow_src_tot_l4_payload_len":2222,"flow_dst_tot_l4_payload_len":9532,"midstream":0,"thread_ts_usec":1671528049435550,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1671528049435550} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1671528049435550} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916795 bytes -~~ total memory freed........: 6916795 bytes -~~ total allocations/frees...: 114177/114177 +~~ total memory allocated....: 7494412 bytes +~~ total memory freed........: 7494412 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 3324 chars diff --git a/test/results/default/quic.pcap.out b/test/results/default/quic.pcap.out index fd86507aa..8c4b55cab 100644 --- a/test/results/default/quic.pcap.out +++ b/test/results/default/quic.pcap.out @@ -1,14 +1,14 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431155536815947} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431155536815947} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1431155536815947,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com","domainame":"mail.google.com","quic": {"user_agent":"beta Chrome\/43.0.2357.45","quic_version":"Q024"}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com","domainame":"mail.google.com","quic": {"quic_version":"Q024"}}} 01105{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1431155536861947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"thread_ts_usec":1431155536861947,"pkt":"ZHACjT05eJKcD6iOCABFAAHQHY9AAEARrNjAqAFt2DrUZeHpAbsBvNDyDbLeXfFPVUXrUTAyNAKdxuQD3gljSLhQUOfLRbUHNhGyhVA9b2u4w1RW9E4SCZCpycMJZccQCIwgTfygJ\/6u\/OxyXHQ8t9GsIUVpGN5BSEz\/EaopIjzG0oey+J14dhVaQT5clZ4hX2alMKUnKCpX2UHp8k4gIBE+BTaDbhx4sVltZ3YRbFd1slVBcwxCCDis9hGoXWyhcUU9TpSCvPXqyDIBYGsw8hGUNxjvWcC36dLiKPlQ1A++VHlkjzGxGsfgIrij15t0O6lgXxVbA\/HpW3G2ebAmsKraKCAnkkUtJl3AOI\/J2OljPOJ8ybsb8ihq0NT5yt7I6jw60az5CR6QV4lZS\/t+fQsKeKH0MrEQhH3b6f+BZUKI9uikSR4hfQxA8xYeMMFcn\/fjScjPTaUqPoQqgHKJPMZAaJaOIXR\/06t5\/mWN79wAQ5uIfj\/sSvnF2vA+Wg+Ct+7u2iMK\/1hOAY0\/EO0phnuWYuhnxN7rmjjYiKKpzjb+WYnzCHocgbS6q4u8VmchP8qd2Emms7CkStzYV\/CAUZKEnfSvajU\/RaVfjhz9giNrW3Dr5B1Mu7zIwMFBEg=="} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1431155536861947,"flow_dst_last_pkt_time":1431155536876004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1431155536876004,"pkt":"eJKcD6iOZHACjT05CABFAAVi+w8AADYRFcbYOtRlwKgBbQG74ekFTrySAAED7yXOnwe7pFDDfekcKJR3Jy2sqO+OrEMBkrmlA5460PLSsQWLxQP3oiY5d8U9vyThqGCVEM5n\/b30dAd2DjWMikTcCyMma2f07JhYHF3MMGVgNWOe6MGYINMPJ609w8TfRzFDXO2Hv3Rd+Io3\/xrzZn4oPs6zhHI1yq2C3Bu04kRZDHQePoRj30\/8HvjxNKB4JiKyE+zKdMREBQ3JOi\/Z6sOIMbX9akogkYpnl7ng6wuSDWdU0O6S17QqQ\/PZNbWcKj10ybS4iwVQA0f8amB7S9uZIaouXNiBUNnVoBkvwUNJHLfYTkO7Lcrh9\/y6VuU0sUqC5BwPmW+2ikCeMngUD1xHT1Lx5xcuKKpYgNXg5fiz8miFT9HCjdjO6B4AMX2tdmMxafKWE\/OE83wkxbiDjermaqDLFN43iZrsa77dngVKSa0JOoliFCpsBQc+8MPNJciywBt2F7RgKowH2h+9Qk9ORQtDAbuXMpSiJJWSUWGURbG9ZouMcFzy3aCPhH9WEaiDxSqv5bG1C+4++Ap3JmLZGydHT1SxVwfUUCxHryOH1SJLcVb8wYjogx1ZyV2hUKKGb\/LTkrzKQgQmaow0b30+zmXo8EqAqNi+pbkwMCjRuhbpSGWkDycL5nwxuP9Ml3fkw+Nua2MwUp0EfcBQbRU9wNgqxQ9uJseySfgLNd277XFk6kBsEbZHLkwoqVC16i6UXqO9Bq9Qa6OSE4HmTd0ZK\/TJwTkvyZH7HArDOO\/IcXlmUhCYygfBL2Q5ZpNExxrN9hs9fyUTlDAy\/fKVbi1DmTvb8UQ08IKIHR88Yq94i78i11E4Ck+d\/mt1HMNvsgPj2pD+djmLPe2eSTH37Jk2vmFRiqCOpbpsl49D\/VP3D6Iqy69k4ASDn2RRISJtJTG3B4eSG0UcIyl51iCsWhHCXqo+IYYFVP5DZZddk8U1w9uBnJXeOg1TXZTOMI0ol6bS146IgKA69vbLEVfalKBSuGdHvDKyOMSnLak5kQ2gF6fQS9y3naenu5fopH54EXjO3jjfmTVJmGvZC\/P1NiZtWEgaqDhB2DugL5t17Tc3VwmJfqg+3eAVYWabEKtkMdIl3iArLACUUBNCZz1HkomKYV+WYy79+d13Y8v1fzFaFyLLqqM4eyurBPDRG\/+y1oiSpL+pmxwnbgxI3utzVErOYH+5lhn82g\/+Ii+SkdpS0RH4VCbqV\/v0Y4Y5Od4xYJhouL7GcBe5gBVDLL2wvDGN\/2TxDwPjLE+A3+O2Fa4G5F\/+gjnrsB0wdiL\/ilvOHsRXVpnfbw+QbFdGjFQzBh00mHjlv+hyldAVX6DRrmAyZqfHl4R8DYS3AwjxssPWDwDtSUMlQQpikBERZ9MMlFb4xTKRR\/wBi8a8Irtzx\/kIza\/1v2NJPtS13JBH+AEVAHqIKkeVWhalz8eieG0tc75G2spbagtiyakNL\/rq+i0PePLukIW0MDDsvi7O7dn\/0fwGspoErTl6j3PKwj7+sTyyEqAVRQx1M7OB+kmMDRumZ6Ct9DotkVa72qOqLha\/8xxMPobKOFlHa3535yRdBIpdRmga9bEYopLGGzkYHAzAiGpiXAo7oYF9gbpS7a5ciOCtFbOspMqjc6us7YE1Fk9eZR8mOK3nE7WlV4miQCj5Ye\/jSzjCwJgC1JXYSzigmV7HoFUEa9032KRB3TfddhJ9qY+MTGbbTrJ2h+zE2tLE+GlMJ43i68EjkXl4FQgRWpuP1j6L9IzE9WrKG1pRl60aGD77YrqqhZeBKTB3VaLzjU5uW3RnvxwpEMU20qKXXlS1"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536876004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1431155536876734,"pkt":"ZHACjT05eJKcD6iOCABFAABBHZJAAEARrmTAqAFt2DrUZeHpAbsALSjiDLLeXfFPVUXrA67v5IKthu5daKgPQycb1I+P+X02zD7nMJ4gZg=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536941384,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431155536941384,"pkt":"eJKcD6iOZHACjT05CABFAAA8+xkAADYRGuLYOtRlwKgBbQG74ekAKOqdAAIPpl2KFMpJfDQ+pZaM0w+K\/5VnEsUISIlT4r5r+nE="} 02242{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155545866860,"flow_dst_last_pkt_time":1431155545859249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4333,"flow_dst_tot_l4_payload_len":4661,"midstream":0,"thread_ts_usec":1431155545866860,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":583684.4,"max":3197585,"stddev":963931.8,"var":929164558336.0,"ent":3.4,"data": [46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004]},"pktlen": {"min":47,"avg":309.1,"max":1378,"stddev":382.9,"var":146578.8,"ent":4.1,"data": [1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455]},"bins": {"c_to_s": [0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0],"entropies": [4.785362720,7.506221294,7.842458248,5.653138161,5.515064240,7.661302567,5.705106735,7.653655529,5.683907509,6.901843548,7.549375057,5.423249722,5.793341637,6.893099785,6.626470089,5.353907585,6.017427444,5.664593697,5.555222511,7.050589561,6.613369942,5.496887207,5.372109413,7.016873360,5.139485359,5.793843269,6.920541286,5.579985619,7.860387802,5.401647568,7.762588978,7.570559025]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1461850699450756} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1461850699450756} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850699450756,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q033"}}} @@ -17,30 +17,30 @@ 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1461850700501096,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850700501096,"pkt":"OGO7P47K7LHXhMJyCABFAAViI1JAAEAR\/jIKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwSJFGwp3LQh28QKtVwAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1461850701701181,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850701701181,"pkt":"OGO7P47K7LHXhMJyCABFAAViI7NAAEAR\/dEKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwVe6cdVWYyeyFNdPaUAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":252,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155574747686,"flow_dst_last_pkt_time":1431155574746268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":17168,"flow_dst_tot_l4_payload_len":220360,"midstream":0,"thread_ts_usec":1461850703450276,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1463060980301154} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1463060980301154} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980301154,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Q025"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980313862,"flow_dst_last_pkt_time":1463060980313862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980313862,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980313862,"flow_dst_last_pkt_time":1463060980313862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1463060980313862,"pkt":"8IQvSpdgeJKcD6iOCABFAACUtgVAAEARBWbAqAFprNkQA54NAbsAgHEsDKM2rKXAEd7wIt3qCq5m3TavpAsTDbAsFGxmQjrMNGgPLp5\/67eBvHP3BJ3FiMAS4anKHt6qD2LZa9lkPD+xi9VHkCY0QuwL2qSbKNzU+YmHNEsRyVDptUSV5HeCE\/peVLnXWfr\/zBYlTVvhdUjE1rsevsCPj6RN"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980336240,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980336240,"pkt":"8IQvSpdgeJKcD6iOCABFAAVieqhAAEARTajAqAFp2DrS7oaGAbsFThSMDaSWOQdzcSypUTAyNQHV5wqJLuvacsEa2ggBoAEABENITE8XAAAAUEFEAFEBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb205fPBATCqFxnBl7Xv68Z9fD9Nmah0fi4FMd4fkZ11E\/CzEloDogZdL\/nncpFiRZ2yDvER3hyJLRuKPu2yNKulWJLAj1kd1TL1O1ht+4DYSFzHaxW1I0SXh61LEyPn0ZJNHzIO4+v+uSwxJi411oZGLUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0IqnIQgaTDzQq3tVtNNLVAtwTevP964BOlEvwfGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSzHyexPo2T9WCZD4U6m8alAAAAAFg1MDkAABAAHgAAAGluEpDbken\/KU7Y\/ELsDAQ\/jJay9FDlf0UZ5YuPrPZyAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrcNABADyUl7\/h6mDtG4NsOVvVuJ1PZcqwDa87DQJ80CEFy8NfQNViwNoS56F6e843IHdgyXgGBymFoVuWTPeBJJ3oxBn7RKC7ZZ3lBjoLLbk9XTVRW+SbaYvzMJPMbCMtrqm0FX1EDkyftTNYRo2oN8jHq308RLDWGOdHHpxuN7oxivKsZVduus4FvpUAikTROVWqLCaDklpl4qgg4HMAiksVv2oDrqCwAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980336240,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980336240,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Q025"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980349794,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980349794,"pkt":"8IQvSpdgeJKcD6iOCABFAAViOWpAAEARi2bAqAFp2DrWbr09AbsFTixPDZgh\/ntZ+3x4UTAyNQEexu19QA91RUfxOasBoAEABENITE8XAAAAUEFEAD0BAABTTkkASAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb20wbVd\/xJG3uBvID0WAK+ohpx7cyOJ2dtebsPJwjywjfFuGDbC64HOW7daWVAssjrQthDJVGy+I6s+aKoR7mAYJDhdEEUKOBhWT8KdUZ+QsCFwZeIYkra13fPULR+kjxZwRpLY7sCam2MMIw19PW15Bf2xgAD\/plCBqG73f91yMrvU7pcyTjshGUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0h3jC79n8KmTTqLGBqNDsO\/+yFOWZXiuGsfLkAWQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjS7Vl7XCOzOLURPKzlhG40eAAAAAFg1MDkAABAAHgAAAFNDC7W8XmRlWw2IWugDdRStg\/GKmfFye59SXxQJoGstAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrbhIBAFhkMdLsvVn8dBclelTniFgmv7sivZhjmekneMr+6hkdFDGQb\/mkcgr5pmlxB2Adl4UO+Q5ZRPsivx7E2pdvMReaoISz1dlKFlGYuAatdBRMcJaEN+iNYNqPa0KmC4oIMq310RgCpJw2LDB3pVyVeASJBnCusnfTUVrGDsYCI0tVvwmaJscLHqtT1URTpBOCGDqnTS9VwZ\/TQa7YakZ29aLWPRkUAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980349794,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980349794,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"quic_version":"Q025"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980356958,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980356958,"pkt":"8IQvSpdgeJKcD6iOCABFAAViY+ZAAEARbXXAqAFp2DrJ45xeAbsFTrsoDSo6NO9En0amUTAyNQHxQPc0oXq52GqfzEUBoAEUBUNITE8PAAAAUEFEACcEAABTTkkAOAQAAFZFUgA8BAAAQ0NTAEwEAABNU1BDUAQAAFVBSURwBAAAVENJRHQEAABQRE1EeAQAAFNSQkZ8BAAASUNTTIAEAABTQ0xThAQAAENPUFSIBAAASVJUVIwEAABDRkNXkAQAAFNGQ1eUBAAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLWZvbnRzLmdzdGF0aWMuY29tUTAyNXsm6efkXHH\/AeiBYJKSGuhkAAAAQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQAAAAAWDUwOQAAEAAeAAAAAQAAAEZJWEQ2AwEAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980356958,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980356958,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Q025"}}} 01558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980358580,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"thread_ts_usec":1463060980358580,"pkt":"8IQvSpdgeJKcD6iOCABFAAMieqxAAEART+TAqAFp2DrS7oaGAbsDDnUSDaSWOQdzcSypUTAyNQKic+J8GjVsfJMsdsljddNYUoaFl0z7yC+b\/wr4VU+uLim9cSDoCfQ+BQHWf7axGI\/0otFRZnw6Kt8qBdaHMLIkdKcN8wdByZN\/oxJ5hHJiGBr5fiEEYQesGjd7ktKww8RLAeoDPzO5xHVx6UhHPdcfqLCO0OUirBVeLWv0B2O9yzbQVc1VH+bmliqhUEJvrnRG4cr78AW8g3wScWC4rwYpeJVk\/IAAQQ57Dki1DMwjrpTDHht\/5ZKfx0L6ARDMsMT4o5zF\/akZnbDa0ujEPexxAMZmDGeFTAQkCIMwA\/gA3J1r7aP1KpIssFW81KVjJ5iXRD5YwhMXjujhZlTD7FpkokyBosoiaYQ9OlBELgrsv\/9qDO2wxdYuRfMHHiN5v5dCIbRSeNjSHrD5k38mY1aUywqkMP+2CUbD2epWgY5pAU9yj7pwB44jlPLOPZlRDlPzYteeLN3w3AP\/lAuGaox0e\/nN6hJNNlHNcIQxZHPP2S1Nn2pwslhn\/VZ\/sLfiYbgNEJ7jii0Xgsq+CMf0fQRIuCSQdHqU2jrdN+ANDhT5dE3khD4eoPHs8vCv4BKfMl7gejkwwAW2mHRMOqa7T9bOfmL\/xQjsgJk39nF1RjCMAK12Xi+dtOGE9IgQxbz9zSmgmL2yfIbOnXdI+bTM22zfHQn6FUtzcayZDzqJ6V1SbCofsr53iOUBUvhiUNinYAVziLfoiiMvfHEE5p0lanDdKZb0YpgPqdNQd16jKwJjqhYbmKL4sSrdZfI7oqtHDzJwMafbASoNSGD3Uv4mKwYKsjq2Gt5i5gDh3DTXlk8HfNKd3wJG6rjWcXbXKzMhv54KIsq1aZ1I4i1ag8lQ0v10wAGcat1qElIOAsfiTGWepgC8HR8kDowOKSvfud74VVvyn31uOyJudA\/cCGuSQ\/d7qs9IBWEXiAAAuMK7hXoYMc\/2wJckDypsBIy3x5hskbJa1d0Ahy9jqEdMlnrF69g47VNiGR6icm7nProfol9M2gJRYOL9DgN\/"} 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980361060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980361060,"pkt":"eJKcD6iO8IQvSpdgCABFAAViEvYAADMR8Kas2RAEwKgBaQG7smUFTookAAGQybRh4NjU1uL582WDWYRD2dtjLe0ntuD1Rv2\/b2fKGeJD6xTTVAUMsP2lDwoVXXJwitAjM1Ss3TeNIyNiPaVEHvBHWgnmTCyfAFo80jSe0xJw6Ybz6w3BHKed9Mf4LC34oG\/VIDlHTxzV6KkXcvqfJ+U14RSVhKW3KAUcxQl5Qnl+FE6bIGsShbMSV6P+UWlpqynVxRJTYzRSpGWAchBBRlF7EhFWsrYnblyXrD3VTjEqg879fRXYm2D6G+l3V3l4hCc8odvANTzc501Sej7x6oDCtVRndJ56LpiERNpHUkSjmM00+Wy1dbMT\/Vm99GrTmWmQ58Bhd7+x\/sycdH8p6kPEaBRymR3LuujKz\/Gp3cYG3YCBKEJqKQbhAu5X3FQ9PXBc+M62o93W9PU8b6NIWgn7PPkt\/looi8HdoxE9N0Q1KeX\/DgvtM+nwxVmrskJK6Thzut4c\/pKoeIdgzgc3\/jHyNkNEOaEuYipEhpS0\/Q+tOI16w+YZPxlDlM2uXgEDMcZKpZ3i643hutLioOhndNrgTa+7hlc5d+9fBUPIG4kEo\/3qe\/1sIW96DdumLgeq7hN8q9ipK\/OYJXgatYkOUytQ0BidBbi0s1rXKIV0\/20SDyn2cTxo7WHBdcfDH2uOAi\/TCrRfDAaRNQYOzMWy\/oZuiEP4GWby88PrtsqP7zlBhlOROw4HDIjA48YJ3izoMulzCHWEfBSraR6GRvLlvTobSdvt\/z+UVvoGEaNUxGfD3NV\/ys6k8iURbaIUpy8FqGPXqO5y1+eef+JbMhHxVscn06dBggRMWGOOEqj0iilT1RKBH9sFsvyyAlIRcyu73\/dSHY+X7jFjSREVA2KvZo6yurWHJdfQmRknszSHCEHvhyALYDYo7SRCnZFDn5E9W3gfJx9JMvRGkKHXuxSF3xLvoY5nZEGBaR+XmmVlyrTJABRhDpbAmZ5n4r9hBYxhQHxcHxiGFFAZf8z0g25Mt1TpS14HKgYd19UYag4E9v9SK0NipYTC9fTFM1QGWJgR0BKWBdAxjVtOeAxGYzbRhH6dsuYtciI4zHHsc2k8CUrpT7INwMysA9v0qD2r5uYmQ8cWNQI093fnUkc1ZiLc0jIwKw1r5S6aXpzTXj770vHeucOObKGH\/cu1fclnWip+hpVKiVNyqyTuHufVLPShgYbyGVCuWpZPLDtm2Jgl78SGXcMPJqMT\/eMThOsXIuSLcIkh41PVNQKxF5sBj\/BOj5ESvnmDK6QkupJ4WgD36Qg55pRhbyhTXn3wlt2Wr\/yvzjY+U2Y7nfQG6dNeCf\/ZR4o941mW0nR93XyOa+USW4ElVSAKkaXcwrIvcK8SdED4dYTXRprenIgGMn8eEVkFhh5c+SVUq+XERE8IzY1QaFHpJZP8fwhzTmsejKR4iNGy5hDCfipCmLS34n3Ti+BCtXRamD+5SfxUJJlOaGuDx1ZxsJ+DRIsQP+0kLMojxKXXv8fxv+kjUQYTnOJebQGi1vj1CqRIxf5a70YpuiubpyNGMG3LRDDgT1bz3u8MXCO6UUeWAw7iQ0bpGgmPr47zuIVkRhe2cIWsbNBRCq+DfTxqyI5xdGH+ZdSvdGdcCnw7eeyZKURtoMVPU9ujTUcxOz5LcEN\/TxALvQe7jb0VWnhZrurBM\/tZX7uY\/NVzfAVeTgxdzrV78G5uYYEagOMAWzfqvOVOd0DJVYOhYStQVf878CnlBQP9yq8zVHiaudHd7jYBpAflemve6zr2sCq3IlfpR3vKBjLqbY7vKTWflGz9T6iOy4tB+9SN2sXj4A2cmfb4"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980364728,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980364728,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJrhAAEARqpjAqAFp2DrJ7tp+AbsFTrs0DdvEpLUMteNnUTAyNQF\/L3UOAoUxuEbp+7YBoAEABENITE8XAAAAUEFEAFcBAABTTkkAYgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnl0aW1nLmNvbbTKJy3aOx+44evN5g4\/bhdbtR7MQzwZCntatSQ+G8ewpnq2IX6bmQGJ6u0gPE\/alKxhVCh5gNqzZa48ANz\/fzn8t\/OZMVjaOBqhnSl8gs5MAKWKvx2rs4aeJgBO0M1ar5HmEtqD1e+f9L6rfh+tUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0S2TVLqHgVarrziXF9vRgZfRbyyeop0hCtvyBkGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSnz1A5VQjBXngqx54WDpGpAAAAAFg1MDkAABAAHgAAAAEtDDoRyfLDyY7FDWPOtGGCrqeP59Ev12tUbO63fzUkAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrhREBANWx00HuRXMG0vkL7viDDbkIpOBViFNO6g+NNdysNjd851pEDUZpbHOuJYtW0iX4hBg5fY5j3AROZ3LGqn4GtUunxLSKIjTGQCqElPyRHXp8aZanMkwEPAt6EM7grDPd5Xwii1XuJA6M67q0oAq4SWvvMG1sUGL2sjhrCJT2dHXvhq+Y03p2EXtsBsu4SwWblRpFN82TNjK4JK6xcJx5X0VS7I5kAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980364728,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.ytimg.com","domainame":"s.ytimg.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980364728,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.ytimg.com","domainame":"s.ytimg.com","quic": {"quic_version":"Q025"}}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980313862,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1463060980377579,"pkt":"eJKcD6iO8IQvSpdgCABFAABtTPkAADMRu5ms2RADwKgBaQG7ng0AWd\/uADd2O2oBZL+pVdP7tzva+fHvZhkEEtFfk705wPfWHPtzaQLZxSHnInASbTD2097V+S960VCK+SG68+SzP6VbXn8\/e\/F4Y7OlxWw39RE6om32"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980378719,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980378719,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJXJAAEARouvAqAFp2DrS4dI5AbsFTmmUDQ+yIGZd4AviUTAyNQGAeAVQdnPN3KBdghsAoAEABENITE8XAAAAUEFEAFMBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb23Qhl3t4O7jCNI4\/86cd6fedmETl+HX+i21qzSEiNb4OJfB1Z4x91CByMieITzxdi32+v4DBxDEfj4iCcg46VL\/PH8fxOKMEzAFEjMjm3TRFNLXbtT6qGv6iFQOxYDkzP0ABTP7FYiXHH9noNffRk12UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn02TPR2k9zoZDH1PYmCZf2Zt1J713FQWCpFni4GGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQlEdwQCcHdE7bz3Yek8lX\/AAAAAFg1MDkAABAAHgAAAHebYWUW7CksegbNUHmoS00JCUhXrcp5peVS86L6lokeAQAAAEMyNTVGSVhEYnkO9pznNwziYxqCfXGFX0ALe5CprnnrLQMBAMirDAfWX8CjXhckfelJ8XlBmAh34iT31gIDz8lnlm4Q\/bpdZ31E6\/Xb4Zw1dQ4d56j0Eolero2q9ipFB5AjgjU5le2N8ZGkm7r3g24DXoIf95dR23D5dPhHt4gzaLbSHu3jXT7dZ4nC9v+kOJu9q4K2bd+Xl47r9Vjbe0PzK8JTkSpeZDmRHU3bz95Toi6T6fqfvQJWfNqRdNdObQaDdl8+eoJfAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980378719,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} +01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980378719,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"quic_version":"Q025"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1463060980388256,"flow_dst_last_pkt_time":1463060980361060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980388256,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHBJAAEARn6vAqAFprNkQBLJlAbsALZ9GDEPl1BjSnP0KAohkBW4mjqf+lWrwMPohYA0CsIfpCV\/yUKbgEg=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980404996,"pkt":"8IQvSpdgeJKcD6iOCABFAABBthxAAEARBaLAqAFprNkQA54NAbsALeHSDKM2rKXAEd7wI3gnMNVg\/Bju+TzyuAKq97AJFlbG89vA9kIRtA=="} 02333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1463060980358580,"flow_dst_last_pkt_time":1463060980407046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980407046,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi+XIAADIRHN7YOtLuwKgBaQG7hoYFTgeIDKSWOQdzcSypAcCvMwGYTq6shxzW1ACAAVJFSgAGAAAAU1RLAHIAAABTTk8AqgAAAFBST0bxAAAAU0NGR4QBAABSUkVKiAEAAENSVP9UBQAA1qWbZaKGGMNu4n0IFd5qvoUTzfScMrQM62F5Klyoy\/gr13Knz1tigfd0ZqNrTwQKxsh0E3PeOsScdXLYKjs8qyiEuOy1a7C4zg63fuUtHJYgH7qkJ5NPVCX92UrREjVCY9dWARG+L7cbZT7AgaahFE1+Dc9xqUra0W3ZNGbmcka6SHMYwJHMeW3B7eVH3uELXrdKJ+QLpbj4b09tDQ\/XNJTmasaKcqcHQQkwRQIgPMYj0Pf7PCP2uxgZgQXPwKb2tHTcOJUmmbK8MQNIgfsCIQDeu6cth5DDb1874iP6IpBL709rtt3G3ayeVYw33VYBN1NDRkcHAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAUFVCUz8AAABLRVhTQwAAAE9CSVRLAAAARVhQWVMAAABBRVNHQ0MyMO4xNazIxw51CPh92NozyjFDSElEIAAArqfGpWlX\/ID+ijs5XuaY5l76DioG\/jdi0YAeXXF\/CmtDMjU1eOLS2hoopbZAEzdXAAAAAA0AAAABAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQpo6mgbqB6gLlBYqE\/JODrSszjftYydWvQWHrJl8LaGcoCDtX+zF57w+1k7kVtnVpynvVDocqpnI0GGrun+excBbbk\/WtwdM1pruv4DC9rbrjjuzUh5nbWX\/pvc8t5nyiovfjwmtmI4UJXPKZTu5BF9\/Zcy1\/ucu1+fj1my\/1QiLLjwa6eC40ny7X1+yaMeXv6+AnN8+Hscy0b3aWiM\/4f24pi0LZ9UUc95\/XzHjyptDwc\/Gl7CxFnY+ZRZOXZM9a4Our\/25u"} @@ -59,10 +59,10 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1463060980460380,"flow_dst_last_pkt_time":1463060980434758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980460380,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHB5AAEARn5\/AqAFprNkQBLJlAbsALTJ2DEPl1BjSnP0KAzjJULyfLco0lkyo8NxPEjOmoNDcdH7jUMYuMg=="} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980460459,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"} 01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850703450276,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980460459,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1463075953299562} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1463075953299562} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953299562,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"user_agent":"Chrome\/50.0.2661.102 Linux x86_64","quic_version":"Q030"}}} +01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Q030"}}} 00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1463075953300127,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_usec":1463075953300127,"pkt":"6HTmLPTkABlmWmaMCABFAAF1aTxAAEARYx3AqAFt2DrSzomkAbsBYbFkDby767UFbXetUTAzMAIyT2zFCwKRbjpW5pKGcwa\/zOYtI4ibM\/DXTo+3hM8QHjQop2VE57N\/4px1Dr2rh1Of6fuprsXKXOLDTQHDMOztLE0ibzNUs5cviwMINA8HUKs1w\/8wSCAJg+c5E0s64vzHKdQ5N4AY1I+whZj+YXv7QX9bQtyBCP0WJRsK41puLJyY\/5rYf1WXDzsnCxRRei33WDvMsb+MNKppe2kXK4Q1DqzsKviobjh+ZnTmMaJFKxfjljXwNv0dsW2Nhjh9NEpVNdRUHHe+L\/umz5nJPSc8m3xsZrs27PfAfYs3O4DQT7zrN+rUD1tvAlM6ojpuYBXQUKIqFg6jkPkLtz0lnT5ofUC3bxq1J8gFqtExK3aj\/kH0as9Y1tYZiRMdgBmqLNq1Ru6unJsdETbKAQha1+Pgo4qtxiVVhohC7TEjAQj3UwwRrwKowX6bUvpY"} 02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1463075953300127,"flow_dst_last_pkt_time":1463075953334920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953334920,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxkAADQR+VPYOtLOwKgBbQG7iaQFTgWwDLy767UFbXetARhGCjp5JYP2NRSCDQGAAVJFSgAHAAAAU1RLADwAAABTTk8AdAAAAFBST0a7AAAAU0NGR04BAABSUkVKUgEAAENTQ1RGAgAAQ1JU\/xIGAAAt19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hTBFAiBs6kS1HuLjC8x7gQEfBCOAowmjvDZU885lgtcWaGEy0QIhAPm+1mJq5QK6WHRPaEUwOfyND\/8ufeGnt66391Aj9lqnU0NGRwcAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABQVUJTPwAAAEtFWFNDAAAAT0JJVEsAAABFWFBZUwAAAEFFU0dDQzIwWGClOjtYNIHfmiHJ0bGFX0NISUQgAACup8alaVf8gP6KOzle5pjmXvoOKgb+N2LRgB5dcX8Ka0MyNTUSxc3dEjis6kATN1cAAAAADQAAAADyAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFUe1HMJwAABAMASDBGAiEAqHfzHEY9KN1QjXeaiZlcHt6ybhyDsnLIoo6e82Zg73ACIQCveMl0OwuTrVY5LqDcb5TIihLD6ZAJQlUDU68E5\/BK6AB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVHtRyfMAAAQDAEgwRgIhAMWc6riI2T4lmoQuPyvTrFTQuoCnh6VaWJBNwHgCZloKAiEAiHJhhSnJcrUXaDEZQLClSBLKToA3CEOVFu+IPvrOhh4BAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQ"} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1463075953300127,"flow_dst_last_pkt_time":1463075953334963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953334963,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxoAADQR+VLYOtLOwKgBbQG7iaQFTn+aDLy767UFbXetAjcEx0PBrMP0Mk6hSQCkAS0FJQGmjqaBuoHqAuUFioT8k4OtKzON+1jJ1a9BYesmXwtoZygIO1f7MXnvD7WTuRW2dWnKe9UOhyqmcjQYau6f57FwFtuT9a3B0zWmu6\/gML2tuuOO7NSHmdtZf+m9zy3mfKKi9+PCa2YjhQlc8plO7kEX39lzLX+5y7X5+PWbL\/VCIsuPBrp4LjSfLtfX7Jox5e\/r4Cc3z4exzLRvdpaIz\/h\/bimLQtn1RRz3n9fMePKm0PBz8aXsLEWdj5lFk5dkz1rg66v\/bm7SZ4uw2wqzBVIbeU\/6rO+YXbjq4OEa1TIXBpPNElHFLxc4XGYuW5q1X+7Ls7qnT43ZtD\/5mu3V+ll5brrjxuk3J31gMTd4kny\/\/2W8wqGSvKd39b5MWp26xxgAOnpZFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -77,7 +77,7 @@ 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980449696,"flow_dst_last_pkt_time":1463060980446842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":2700,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.ytimg.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980436239,"flow_dst_last_pkt_time":1463060980427767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":2737,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":44,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954280999,"flow_dst_last_pkt_time":1463075954300949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4226,"flow_dst_tot_l4_payload_len":51309,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":518,"packets-processed":518,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1463075954300949} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":518,"packets-processed":518,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":80,"global_ts_usec":1463075954300949} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 518/518 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6944382 bytes -~~ total memory freed........: 6944382 bytes -~~ total allocations/frees...: 114764/114764 +~~ total memory allocated....: 7521742 bytes +~~ total memory freed........: 7521742 bytes +~~ total allocations/frees...: 126488/126488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2348 chars diff --git a/test/results/default/quic046.pcap.out b/test/results/default/quic046.pcap.out index b417ccaf9..7b0fad84b 100644 --- a/test/results/default/quic046.pcap.out +++ b/test/results/default/quic046.pcap.out @@ -1,15 +1,15 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584456191933380} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584456191933380} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1584456191933380,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64","quic_version":"Q046"}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"quic_version":"Q046"}}} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1584456191934367,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_usec":1584456191934367,"pkt":"ILABHGh4AJqdnpsZCABFAAIwVxBAAIAROIfAqAHs2DrOVsWbAbsCHCGo01EwNDZQtKT59fQu3TkAAAAChrDGo43cDq7OAgdbv23GehH0jM01fB5SqCBHGsm4tNDoSAuylkVeyVU1nO51BVLZDdQpzNO9j8lf2o\/kFvxF1keBb1V8bWQbm4GDCTzD9DJbwk6JCzbiEHbQt2\/y4DufAauHa+qhpg6F7I1VBRA5chHzaHSfbKq18eEDQ2D7fby9uiPXDB6cfTGjCACXfFYXGo9zhyaFNtzZv4x3bPv04LGnwloRH845hLIF6d5Y+oKP0inx4RVaOxEjSkSubSvYLun8u1+DAfAvr3DdmGZRAp60H0VhNkgFDR0TK1bvdtwD\/6cndHRtyUINoQIRApDi1wb1MmCAOOvL7steTPHXY5nIkaq4iXTy+WyGwwX1EiuR+wqkWZoB8nUqj3ZqApzNfexl+c7aCawPzdHT3P5zDq7dSyz1wAkXCTveL49FopZWy\/uuB+P5RJbaGpw3CvzBYR4o98uBght36oYbWpopqUw9u0okr+r3kEm4Q75LZzqLS97VgZsNPml00CwyHuDEnhiPWf19O4H99TJdYurnXZ+SQi1Zt2RI1GgBrEOAj7V7V\/6W2VgqcYkPqL1UO6lW\/zp\/K8LZMma1gVsHh4jJ1oXnE7Qjtqi9Um0bkNgFqZBX1s4cYf2FTDL0Lgyu2DOK3ATmX6nv91Qh9\/msYcWCN59XOhhsFRlmXSuc2N2TzOTtWg=="} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1584456191934926,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1584456191934926,"pkt":"ILABHGh4AJqdnpsZCABFAAByVxFAAIAROkTAqAHs2DrOVsWbAbsAXuOl01EwNDZQtKT59fQu3TkAAAADQ7oFqOGvWa6mhIUAfFpbpAofPEreEA\/GGklYOasxEedYwPIHZE9zXMBgbnX+9bPuSN5MQzRW31QsSe2iJHxiKYqGbP8="} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1584456191935486,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1584456191935486,"pkt":"ILABHGh4AJqdnpsZCABFAAC7VxJAAIAROfrAqAHs2DrOVsWbAbsApysy01EwNDZQtKT59fQu3TkAAAAEGoZh\/DwxLtrSzyqJ854Roncx5Gs7D0zANVDYJDSq9ZjYOSmqwn64xE\/98TQx5UDzJnhlqKbtmmx9GdNWBnvHPQrhtlm4nc0GLmpl3475rXaAwmI8156+n7Ch4C0\/lA4\/34ra3CYyszqi2R+muQnBfwOAYH3\/4zLKmFK11tcYmY3Yy+jQ\/7Jp25HEdC4A"} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584456191936043,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1584456191936043,"pkt":"ILABHGh4AJqdnpsZCABFAAC5VxNAAIAROfvAqAHs2DrOVsWbAbsApRlJ01EwNDZQtKT59fQu3TkAAAAFpShUaKLmTN2T3Ey7BEBxhhlPz\/mI42X6i3+zIvnvGPOAlaAMy0sQAcxegKQRA1QQwNG9N\/8cy92QCI0CXWZ1odCXSax157XF7S\/xa+HfI8d71opbqWvA7umD5My\/CObMYgq6GFbFgtUgONNyTSlCdXpaygRYfMn++j4RkGiGTRdqEUPLH8obgjwk1Q=="} 02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191967570,"flow_dst_last_pkt_time":1584456191967633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4485,"flow_dst_tot_l4_payload_len":23197,"midstream":0,"thread_ts_usec":1584456191967633,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":176,"avg":2207.8,"max":29469,"stddev":6263.4,"var":39229868.0,"ent":2.6,"data": [987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228]},"pktlen": {"min":48,"avg":893.1,"max":1378,"stddev":591.6,"var":350034.9,"ent":4.6,"data": [1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378]},"bins": {"c_to_s": [2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1],"entropies": [4.104627609,7.586378098,6.310873032,6.874300003,6.880319118,6.833760738,6.876335144,6.910101891,6.969146729,6.870172024,4.098705292,7.858126640,7.073942184,7.867921352,7.889789104,7.868343830,7.839922428,7.858704567,7.859090805,7.875567436,7.864448547,7.848357201,7.879473686,7.877913952,7.860894203,7.857960701,7.861531734,5.436729908,5.095174789,7.816503525,5.401014805,7.861771584]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":63,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191984839,"flow_dst_last_pkt_time":1584456191986142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5170,"flow_dst_tot_l4_payload_len":81927,"midstream":0,"thread_ts_usec":1584456191986142,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584456191986142} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584456191986142} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910561 bytes -~~ total memory freed........: 6910561 bytes -~~ total allocations/frees...: 114238/114238 +~~ total memory allocated....: 7488109 bytes +~~ total memory freed........: 7488109 bytes +~~ total allocations/frees...: 125968/125968 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 2324 chars diff --git a/test/results/default/quic_0RTT.pcap.out b/test/results/default/quic_0RTT.pcap.out index e76098e29..fbc65c16d 100644 --- a/test/results/default/quic_0RTT.pcap.out +++ b/test/results/default/quic_0RTT.pcap.out @@ -1,20 +1,20 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603888789791229} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603888789791229} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789791229,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="} -01414{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","domainame":"abcd","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","ja3s":"","ja4":"q00d0310h3_55b375c5d22e_060ec1c6a056","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} +01373{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","domainame":"abcd","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0310h3_55b375c5d22e_060ec1c6a056","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789792113,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1642696459202000} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1642696459202000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAABpHCNAAH8R13bAqAJkjvq148sEAbsAVb1N3AAAAAEIZbnuI7NzRNYAQDw6ETJgJtnaW4Dzps3McwFi0x8VnVwO7RJLNCBVBqiWNmzfu9oL42X8gbNncXuRY2lvH2rb4p2qGfmxe2Y="} 01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":409,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":409,"pkt_l4_len":375,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGLHCRAAH8R1lPAqAJkjvq148sEAbsBd7Ag1AAAAAEIZbnuI7NzRNYAQV5mqkZpRs8e99gEnxpMKgcyM4ebNtzOcUmv1eRpS\/4Y\/mYyP1B30U9uS4NGHjyOGaFJnHQyUbtswyTwz+8uass48b1GPbmGmqQGpgZzohRjGIpGw5eZwAz\/Hue6+YW9hwAmx9m0UhFfKsxUneEQJWrND6vl7b4\/1fQnPQDJpSQzDhzIhJtH1Pbfr\/WxE+M9SYDl1quiMttOidtA3D1KovBObJj1YlosZRsCpK8jwfULuNPkMn0+JgLUu2\/2STd82m+o+3G92qTNfTHYeBX+Sz8bpdn3vD9Uzax\/wWQI6eIrKNESFD3RLvXcx4+iyLJ6EqD8eYRGEEvi4b4XufDdC9OsxQBFVDeX\/54chXjPWbYOB67nyOuSaNm7e\/7SQG5tg2Rrb8\/P35bz7qAI+r9SDAYGGzm0kMCD\/gcU\/eB9a0NUUKHN\/qxjP0dTa9I1hufPHnolkoo70d0iz7y+nNj5LA=="} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1642696459323000,"pkt":"eJS0JASgYDjgxTWgCABFAAT+HCVAAH8R0t\/AqAJkjvq148sEAbsE6tl4xAAAAAEIZbnuI7NzRNYANwDSMfgjq4OxpsfNKcHQ6KARDCyokxbtdp7Y\/Omp0cgQbiBRYO+svznVHOtWf7OlGIMtn2Cg\/L1EmSLhP0Fff3TR+PBjnn3xKD8J\/aXiVRElqimYQhalnslkwkFcz7HT5WSmmKu4VoyTjxT9a2r5CICxjv1e9gZGEz50cjhoD2ifxD11+2hodb962BAC\/69O1Xv7QK5dQ7pWtXXbReRv2043pozLoG5Sj2DRMO1jzwfGKVPeVvT6d3JlS+\/KFcQH3FOK7kbLNVQ3jTdxtjQcTDCM2ukPhL52VnU0pRYEcfjnjof+2lc5G708JE9V+N+aPQfwCKFa5jq2wn4OGgPZLtG2fCQr2cyH0ggy1NVhjg9Ppi7euoidj8RKLvTYQHeTxlktPUw62Wb4HvH8ZODv\/gnhARYvir4g3SQl0wed+fLy\/MMm2W9stuJOVK7y7NU6TiiV\/etQcKxr9mbJ6ZXswOYHzV7nrCnF01Wz8lBkk3myFnjIlcHxnhKms9mN9iiIbNFpeXJL0wUZdIEnFx+Ky6EgcDSAfEyoQnRRGM6QJDw0zN40CpMAyCRvB7Jyv+Bt3LirQNGyGd2dTTtojFQ1QV4fn6SGbPHH1GJ0j3V3A6qcv3\/D0XQUm9UlTMeIgfYR9WTA9lMzaoa8u854U\/EBloDQk2k\/cEdn3H4u5xBHgxiuL6pwtyLEHkPJy5lONubue6FY9Xu9UgQ506YI68R\/DDFzi0q2TNYnr4hnF6dG9Y5WaLfMuXizESHWoxemhD37Rfn6vCFR7J4ODkYWcp5CYaBU1VgcR6GmgIMd3qM\/Jfg2H\/q7qOyc9JW\/3r+LeNWzj2UHLsMUIYyaf5Ea6GNZqInTyU0bc8m0oo4A1iczFeKZySJkcrdZfH\/rfaR84LoUghhfE3e0AMP2sjdBbQCEqVv1BVJiI99xS8aoheyOzBIahfJyTcHIm7ktke0hlsEG9Is0vLG0l1ilTK4Rj2O\/lkGmeH2XTmlALT1pIzMj9geHB2pUsBIP5Y7SoqHlZjGQr92qQybpGhJHNLIv3JI1Z8mJUYsdrsS1xdH6JLFMgP3I824xWjGxx61Z1FZbLgGZSBMBdxlPVAKfvKpa6Vsc1eNW2RW6hOD99IyH+koOCha9y8yvDciPmiBC2Rr4g+XS2Eq8WTac+E98GisQXSiAXdS3+BAln09Oi4AVOx5zIXFd88Vlb0QZIGSelwYpnrLG8t58dTvE5lm61yDW1G793J6Ahb1Nhef18kf2zIcqjpCZFoWo+25ejWZ6N3PwmpBS32yQTUw137N3jXhogEcues\/cCZE2LhsPmlEp\/zblpfwU5rcVPvPYNjSYhEYNjzukfs5uhGYeYy4LI7jkGSEeOC3\/Gb+nU34gZq9xDhByquJ2L3F9DLphkTQeFxWzwwSmmjfJsutdeUVze0no0ko2PrUhTeLlKpYj8izHdG9s7aOmOtdfSXVqMsJ13XMA4+gCkfdXoMipLMY3myoeJcRzm20YUipIu6v2+vE5GcH3QL9tm+Eh1cMqanwMU3PBaaSfgg7GixdA871kdeO6y5bZU66uPVwCvSl\/hr0eU\/XX7I0CwmoKl0SRgDwU9cfA7UTJlJgscaWUggnIw56M08zUwx7UrXDpLSddDw64YEJX2dOGolI="} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459323000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"06b6b2a2cba0b7deeaaa6a3d8374d627","ja3s":"","ja4":"q13d0312h0_55b375c5d22e_73e2d9e6cde6","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459323000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h0_55b375c5d22e_73e2d9e6cde6","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02209{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAT+AABAADsRMwWO+rXjwKgCZAG7ywQE6jvAzwAAAAEACGW57iOzc0TWAEO2m4xezp8ws0tQPnqBuBcAojttkFh04+K\/D0raNfPH21\/7ougjUz4MIS05h2RLaXvn8cGgBek+PkNR+LsuV02sOigm8m9fvkQaUDrBSUHo\/RAmYFFj9ojgCwYHWpc\/YOgCISwnl2FS8VuECkUwwn+5IyLNVhaOMyvV+PuxSyjkklPAKDD752bd\/UT4FW16DEneoJUk1z4fKzjex9yf\/x9rUYjnNt57WbB3lyAPzjq818AeJg1x5dPNghSsy4Krqtbc+17P4GLMRqEzOsFHRo3Yz0CJ8yvts2N25zGiC4yTRPD5WxpAP5LKsqoCx8Sf3NdGliML6koQhKRuGULCooL5KZx2JXRAtOn7o432gddzY22shzzzExx1lTUZ2StIlGCEGLqUSHGaPUPvUr3gSjTWZpgLZdeuP7ebatkYth\/vYLN\/RugHV1KFnGnrwNVXft7PVEE+uA8oDt4RAFdxHxU+Ps11faAi4D1a3Oxr3SlIfFkCtZkXwPCMgWBtE+NpDc2liwzPaZrau4v4cUGT3la9K6S8cvpqGdeilTVGoHP4q7i9ZK00X1xVWn24IympqeXXb819yqhclCYHLVV6vWKfQja9c6rWFyOuXQuLtg18oeoJZUj4Pd9RB3YYbPnW7m6QNQ4BTtU6vvPNQMCWZT3rhvGXgh3y2JBLFC9EkEZK9ka7snhc6D6+LtAUXKluj9BaALlR7F7POfrvAMAaG+s1RSoj3utpkKJne9N7UMaUrc7jXpVtJJ46qBKdePNkw4mVwBAjKYsOrVZphNNom0qt+zTuewQPHtmp4phKHd\/vByh6RTtPL+CCNjmoeYFYh3+jlEtFsQ9Km8DgeX8uE3A3dE8oPkHX0\/OUK8xs+s+ZWNlaMcOOF3NDr\/0G4LztG+I8s\/3Tk5Egnnh3afdTDB39iV3m+GpSg7knwQZLwFDZ1EV5qf8wM1N59zJzLfF6M+G7kdoJsqze07I21wo5MatU8zcjRUgJyNwIXWRmuCZoSqojWo0TwVkttP86dcbg9osFtW5+\/VnjOs2x0hOJK41DomDHEwrgANjXOPa0oMps+KlVDOF27IU+3cLr7d00Lv2sMYFZHcEieykaLyoX6kpCUTcNIB7LPQzwACU5EcHDXRkPjq2ZDXxet6ASFUFEgD8pnKTKF3Rnhhh7YU8BDqjNJNULlMQsUgwBEuH+l7LlGhoOn29Jxkd8fDOZIpAO1QQIVY4SsJZjX3SH96gjQXIzIuFEboZdt\/Lm8fO\/qbJ1pc\/azHu+ohbrAAAAAQAIZbnuI7NzRNZA0DS\/CR4RVBhRhc\/EuYd6u5uR\/c8IjArXjNnib23WXM2S72ngjVoOgg3\/rihSHoUobagRlzQq5LCQUodqZJgCKHilkx\/Yg8NhlmZ+v64QpqppS8KHYZNGQAeutjG3e\/3dfbeaUc+DKSAeFGgSUu\/FlpFXKMG+G2MheEhcZNTaskGAyuryPKO53HPDO7DuQIKsn7G4sNiArnVgMIbRo7K9kDZf34JMCEKJRy4iZwL96fsm70eVgcI5fzJ\/3\/Ji7BqY4sYxRchVjH6A3lnlQo6j6KFToDnRTfRd+G2rdlNIcO39yF1Ujtebhk1YcpiS7Sk0IGLF5m2opxXtDuTv\/aEXI9haigMtp3sL0O0="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2AABAADsRN82O+rXjwKgCZAG7ywQAItXNXm+IJiWIMOQ7CKcNHT+QszcDtXkUT0taPAE="} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459408000,"flow_dst_last_pkt_time":1642696459432000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1874,"flow_dst_tot_l4_payload_len":2674,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1642696459432000} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1642696459432000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6933870 bytes -~~ total memory freed........: 6933870 bytes -~~ total allocations/frees...: 114210/114210 +~~ total memory allocated....: 7511487 bytes +~~ total memory freed........: 7511487 bytes +~~ total allocations/frees...: 125942/125942 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2215 chars diff --git a/test/results/default/quic_cc_ack.pcapng.out b/test/results/default/quic_cc_ack.pcapng.out index 9b0a896fa..b3f4d2f1e 100644 --- a/test/results/default/quic_cc_ack.pcapng.out +++ b/test/results/default/quic_cc_ack.pcapng.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513645438057,"pkt":"AAAAAAAAAAYAK2gQCABFAAViCAZAAD8RiyWYDt+RR2LkXd8ZAbsFTlqVyP8AAB0IP2F8CyEK1SUAAEU0pUADgai63r\/lItFGP+9hC24roELpliW3esH+N23zYsVnHaLlDALQ9HmbSfFZdOGFn1N0tiCxBoce6EnFP8qxgIGvtolBdqVO4KtI3I+xzDEP1dMbrxXh5kXHhT9281\/Su+nx2HNihx4eRSrnG7qGfBWROROddmS4TWWAqhaVPJstau6yELSzb0UA6xOcZDDOFIrtIfaHHJNL73QwlCCVC8\/X6+gOB63o+ixHncf1eOknkTc\/XYOWJLMHSLd4BZOA3LW5GmIXKYRfAuWR6FNCEsog27+JxH38wH4S8BIHq9f0AIY3YXQVkFE1PLeWua7Hc3MsiUcYvgoAhVb9+JBI5eXYfDCwdHERnY1IQQmUAu9SFx2J6nuGff5NC96rDFPIdNELe62FpMiG++tWyxBT1jrqduEE+GTJGana2VRZO0mNKPo4k96XXHnlrmLHJtxgqk0CAYVVoULGC7QmHW0IPw5+QC2mMFdQ2JXXCHchmXNwhcQoDjPepV0Tc7gNhPo5bycXS3v5HN4L35Ns7nhQwv47t4TyZK6yYxdFDGdbuycCS8L2dTXwUF7TstgFGUmpVkx39Ih0cfz4Ml21l4W5OxPMQLwymZcjFN4ZcsWF1RYDZqiwdizzKmJZ2dywSdNp0mvGKgOCMW\/zEpCDahdneaO5ePAihedJrHlLWjrIcNPtMFJvsCb8J2Zs2JveZH8M9ycGrJuRHIU6iNjJ1KE38VCB5Hf1tALUvZ0BBj\/qC+Ij8B4Ro+yZstJd7Ob6BhH2uaRdc5I68e0jjwGpe80iacH6GsFPIOjtZEEbNYvDZ7w16Rc+ITnjSC38untM8Or\/bUIMrMDMgaZ0v\/C5OEdfOGlvxCBCC4\/o\/90Kx02rZnFEL\/i8boI7ePY0ReSck8yGfszVfqzNgiwK2v5Xb9wSfJ6a8GDsAhSfZ9BXpA1BdfBS8hgew+G98kwh4cHwLJ7guN9fdx1HmkzmFzzo53D9m0lvXudsnc8ddqbXGk2HsS8RT8gqdE4Qp0HmVJpwPar68+ZRDzIVr1NO4grcPGts3UheNWWdX22kIGFFoWJQJ0Iud4hNuShy1HzqTQ1lyp0YYC2JKUrnWP1jn3LpGqTH2BpZ2wK9\/yL0GdwgOVZWGlPVBBI5DulktahfK8IcRAXIoSVEE\/2BFDm9HCokMUAXZ7NOPTsKGJDxCqTZin0sZ\/S2a+q9vrJzdzIYDluIS5EynegX+P5Joc4GPrIZc3YnPU+\/jEQ6WmwykKvJwcBvW4q9DF9\/8A9K6qBXWUAE\/f3ls7H3ipOg+w\/Kh\/WzO70xs2OJpZb6vVHkFmXehlT0Ib213P4CBiVWI3EwxwElbpSAUUK\/\/VARpnBPiA9J+ch71rajSMnje0HhIlInLryO9owSAQ7f93iROUK3RJldQmsCIOfxHUjT\/D9SQRsq4felL1nQ7DtW9jJkBIxJNEvuacIdV\/uo77CehnUSmwufgmQjj2L3ej6HOYKut+6KBPceNlpM9C1g\/\/lK0TvimOKIRh5lPHZnjbRXhK1\/2ricgkmNL6d4mPnYWLCcJhWSclF\/A8b\/ixrplLwQsuMc4NgUi8p4L1IcSZhnUxtTszMmKomu4BZaTzCIvV8croOgcxm97AvxlkZRjUy4Pb5rdJcTpPFvUeyaVjMB7toze81GUUg0VFp8lOemZ2cFjZ+uKOYqXrcEJFF9LwKAjMfV1JtVs7Svx3g0n+xvnlW+JM5HoeSe3uvLKwvv8MdjFD4tJpVfQSeZPJIaH6fKbzpbepdPhIKObLCQ"} 00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}} @@ -8,7 +8,7 @@ 00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6930685 bytes -~~ total memory freed........: 6930685 bytes -~~ total allocations/frees...: 114188/114188 +~~ total memory allocated....: 7508281 bytes +~~ total memory freed........: 7508281 bytes +~~ total allocations/frees...: 125919/125919 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 623 chars ~~ json message max len.......: 2352 chars diff --git a/test/results/default/quic_crypto_aes_auth_size.pcap.out b/test/results/default/quic_crypto_aes_auth_size.pcap.out index 28652a218..85c442369 100644 --- a/test/results/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/default/quic_crypto_aes_auth_size.pcap.out @@ -1,14 +1,14 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054047280433} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054047280433} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1639054047280433,"pkt":"AAAAAAAAAAMAKVHRCABFAAVifypAAD8RWHqGNSQrjmgmHohlAbsFTlBUwQAAAAEIajnnvXpZQGkAQKS1+N8fvEy\/IOkT4oydortAv2EA7pMR1b57qEUN\/CWLgwIsiaJrsQ4hFHO3l4u7VGBrkULKHI\/lxjDWdE1irA7d2B7h4jkYKWy0HD2ljAAwNUaCq2GQKYIMFYPPnjUgnc6NRkaRBhSzAe8fZndm3nU75Z7WMus4y4FiuskzWK7wPKBIM7bxQiBvpY62McQkd0tyvv46Jp9sqnschBDc67JbIa9bgESPp+gcP9R53I2XHVB+sKt85pW8jfCDOYD2MzyGLQ+T55Kb3elNggevRPNt5\/n5LSD1+BaMwPIWniyhyXqn9M7ZOvHxtplESf3\/ummwgMYCFjWE4x4CgV+8lqttLnKDT+33uPLxFmhUHvuyRgYs53v+N7Yn38UufUU6ZhOXmHE8+XWeHs3tu8WDodE6SWRhM5xseVzCZYLGTT3X6CjYNFcJl6kyqmquwogEu3CCHnXmS\/INjB4uSUiyMhRi4SumS20xZFVtqZZynkmMlWnK09e81BgkY\/iuisZWvJRuJHFdwM30B5LDjtpgqfazbpCu6Uwmv2u3GL8UYFg9JXJ6XKW7RjDXv2OXecpNpV7Ec+NZ7S+Eblk+2y7gdGGGOJ0YWQ\/UdbM9tjr75mYZlmZ2XmwaOWA7lupjotCEVtvNyVGjw1p0RQjwWwkUNuy\/TjEqMcudShKNa9WCDQ8bWEIgXHDXASO\/PVPq3gEIqJWQbO0nhO2rHJC9mtpB902MTnQB3oRhiTtUMf7fAmQ+6s5GNn6c3en3gGYGA+JPXusJvDjsRu3PwCbxmWJ5W42P6X61ctfR4ImfNUcG5Su4UNFa8ImA7GgSH608jeNlAEH+oOj8LjAiKc4rTEvo1LMxkcm0RbEgQ5zCg4gb3K695U7hnkuVkbZ2P0\/0RHqSidtcHdfWB8hEkFLyKuUlyFbgTj26IexnKPiu\/sik7Xf0GfC\/8RFWHPg46bSbOrQPg\/gjKdjoVYkal7TJgFaID+VHNzeQm+hSPwwtg2AWznQWRmFkp75yYX7gosdtClYrZYA6FFirHqDW+0GJykjlxQKOXDmUJPLnyG1hF2irp+YW2l8A4zScFSFMH7ORiz7jakW38s4r3LjbMiRb8Tx+m08\/My\/lJnC9xZh8q82LXT41dv64cfwg2eQtvH2Lqzs2I9rgcYmsyHnPyvR7699rVEk9J9YaLrjr+fk8N7MwS+A2tX9iODZWnJOUm+mTNwC\/T\/RWyAERM4hbUAEurepo8J\/aEcXnBHo7os5GSVLmj\/GiHweHArDF0myFhpn34cAp8f6Y0QM3kFU6FLExLGABdnyQk5FEBOr15qkQbVxZ3kiwHa5MCacTRiiIRbM6fJjJYMCKTLqYyerVtahDJjc9THoEHqkc263xcjlUk3B+44Z4xuqgt4XeHolWU+aZMt8oRurkAG4Tuf4UKqTmIxukJT2TMBWkasVQHP3Z8Wausgp7GWEQU567iGHAcPK670SSe9B9hqsJ8oOEYcON5apMj26RB8Zd26Q8fiq1vqWEGo1PCxuUi5unaVFgNv+c1hkvn7meyjHS\/L5Rc3CDUEpgtYy1aOHQJRbXUKAeBVqgmzVlTFgKNAdhCllApJowozwlhoVXS7RvypYWLyqEFM7Zu4iCwMajFBhTXBCFwHLDlfiSC1hs3iPlIAICRuCzOLoHacQfJq+YMBKP9Z\/B3dU8jrKoUx8rHfRizok1fJto91R9llaEwHYg05bSKiD9k+j1zXsQMK8reMddzvzIMatcM2wofN5hnpTHOrEb+bb8zNLy1vI98DbE"} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com","domainame":"app-analytics-v2.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"1b4b6c50fef204e06798d3fc7cb272fe","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com","domainame":"app-analytics-v2.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1639054232898553,"pkt":"AAAAAAAAAAUAQ0IQCABFAAViVFVAAD8RpeL1oYaxTfJyDmv0AbsFTuofyQAAAAEIVDeTZ9G0fVcAQJ7tD+1f\/+cIs8rTOAJmB9XT+G6akE0bRSYPWlYxlwYQgKRHpPG8lylyHgIaQZ8sJXtKvXdfLWTgSTNd5aRIZtuvjsWGM2q1ChFxTDrq0gh9Mn3XrTBNGLcE\/KOXhBozAtSeZE6MWbRy5IOveCHAiESH1gtNyBv5LBZlj0NMnb2mwSGz3VEF\/uR9XKBDieR+s2tHY1DI52IyGT49Jsx+HESVOfkRSHj1714zjgsyidrvJr51XV\/iMlIIyh8C9eJOXAxFYq+H92kbHkpiREhgpx9V1pLYn02OQvsP5v6Ve8k91xQWteYlQ01o5rSdr40zwXusZGqachnXgXv8vszMRWLA9PLhOI7kOFFDZXcImD8JH5oSxZp5OovqcpoP\/NL0u7PTs2VBLlaF4HoB8x3834lHBmqnFiaVaDFwllLdbz80hqVNmVXpLgB6zB7H02Zk8y1YEnDUvjjsryRUoD\/2uXxaZ0y6dKxzxEDLAdYZLpyefpJQtFMTgT8ocY8Ud+uXKAj9s6m86UDfYUAWlFBJTNv5aeSrzpbaJy8BSLNbxUX14bMcUVrlZa6wvN6KSurVgSJLDi6uRcgpmjWx2Czjz4Z6ygzz6o50UnO3ZNyRnpD0q\/ArniO1mAFuRD8EPWjOQUVIMCFPEjh53eHS6\/oL4FopXCeW3nB8wsfVNzPBv38jmCItrDwi+mGkv6DSWyV+hgXozgwQQ5ejej2maJyF5p5n8LHVV1dEozQcIkFg1jdl11dhdr2YO+cuV9Mzhj9o+bt2Q9zCCfUuQW6bWzMhtGBruaW+trc9bGpZaCKLWinH1VFyH+j0IW6ex1lwpPGickf7IwOfBrCcjRNe9iom9A4AcKomuJD\/3xy56gpwP2whItWhilZu6bnjDW5kcsO\/6LYffu\/gGdurBeVYPsCismGAquBr\/\/sZeURzPCdSTbXciLqrL5bPr0q1GQJFjSFyN79i4bYN0MZZM\/l+RRVat88Aix7e0FL2q\/ldGUkTNonfTMqXRowtJHWSE2F4Hx9sR4mj79bpdjkJ7aPSyTzbpJXvk5hfZhwAxh8b1nGa6UagwcKkChgrDRs+aJj6u5uFs8PDQg\/ZKToy5AjNrFDPEtRRnxuM1zqNb38rtVLTTVgJgQaL0vmq9NaYENXz1aWL+guidN40XBTJrsgxD3EhGUJ+DSi59\/dOKWe2Rl1sISbY6h6MeGh+g\/i+zVTF6y50uxcyWWl1Dmxs2rXt9fj2zARugrEJVmUSW4JJVCY7wL2NY2QeDAAHL20F5xC\/x77hQYZQNgtcjoJAyCSBciIQVQRxhiuZ5p+aFbDuGE6wYLZxwdYvXXM+zUgQ++nEFyfsakRNAZGOL\/2DUBiORi\/tb+bUY3Uks3Z6CiZKZwhEx+G25f\/DF3zus8LeXpgfhonGIiwLpOhSXMO7Sfb2vEzRxXsws0LikyNbDs7giA235fQ4KYtxHcQJYl6jv0pP6jHZr6rzP9zAaWGaPC\/04kDGUig8XFlj43r4bRqomRURoYx\/xcc+mR8kpRFblBJYEvDW2cG25EuhyCidLR\/MEaMJV1aEkmvYk23KqqVsDEwUJTlePtENboY9yvL36SluUuKTLjCv6BAqIcvYU8JUNe5kKy6Y0VoQy45HxGro9pv\/+agix0J+X\/8ZPIoarFDvNd9r9w04Tg40psUeLWizK+dT27jGcmuDPDDVQWmp6QqrzpFKExSzHYja8c4K2jY\/JiwtluOmCp+ttKuD\/hxw1myZNXg94Jx3Iiq7JwfwMXbH2UidKQX\/tu2J"} -01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com","domainame":"gcp.api.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"c570fdf41c8bf336ac9442888680bf3a","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com","domainame":"gcp.api.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1639054232898553} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1639054232898553} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6934991 bytes -~~ total memory freed........: 6934991 bytes -~~ total allocations/frees...: 114194/114194 +~~ total memory allocated....: 7512587 bytes +~~ total memory freed........: 7512587 bytes +~~ total allocations/frees...: 125925/125925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 635 chars ~~ json message max len.......: 2366 chars diff --git a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out index 1c0f40d0e..b36b31d43 100644 --- a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,14 +1,14 @@ -00640{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1616775370814360} +00640{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1616775370814360} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370814360,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370814361,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvIAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtnQ\/+pwGuyRXXtCPS4nq7SX6grDxLfue\/EWjBDnFsaHC\/vCyPJupYn95B94uIc35RQAXJzdsabL2pMXT5Sg\/JFun6HAUw7sNlvetq5pdG5oKE3vK\/9SDzJXTzgevEg9XCLK53vmKKNkAp8pIPL5uP852yCxWDuffTSDh3jvmocyuqPyR7wKy2amWQmRTLcjhYY1mtN\/AJ7QgugkmRPkVO\/SoOHb8vfwVTlN5QBI31Pgn0V++7rQ\/hjHjrgDqH59C7UvU4Nu\/9qoDxnTOmBoHcK94LPoI1\/y4+hexZ8e1eBwahcRgYxrP7dWTWrR+JwPD9iUpUFvxo8SIgmgVWi\/abM6MNwKmYTCNLXo60x4HtaN\/BCJP7I1SX\/LShf0cye1Of1imuBKSreuS8hR5\/tpYaSzuPld82ydSmvszAQ0GryqOJ\/ZU+jrxR3Tt\/AaRw5XB7LAQ5igi24rk0VHa8niUCDbHqUASsZJvejkDDbY6MmPqlfYaICmikKWML4UMFuk7sfDyY0i\/p8vLuvuadwwdvnNfiwmeiSJzrvtn4jKJUdczJeqQoEAINkoOw1bVBZDJVR+EUBqhm7abaUZnOPU0klsCmtzptRhvGdjGICwe3xiagqEEKgFQwB\/\/vebz12DECZEBQUukhbsCExHpl8HueAXvKSAyA62DZTnPjBbFDRoGUnmsN1w6rv\/EkKmT98KOnW\/ka23T8HpQyGW03QC+qJdzK2gggcKfOwsz6hd9z3KPjD06UASEHqfcZ0u3Yb5\/MLumpY8Low4YAuz4j1rPsR+y\/EQkWeHaYLF\/80wJp9yb7\/2p+rbsZa7D\/Pz9wdYYj0cnrXYhrg9HYHuPZ9wKDfGS5vYIihZYRGMbEMbGcFgLdOANlbTrqep7qeYaIu5bs42rtv9xGYAL49yzxTkJJj7obpk0WDg3hmOo0G0GKuMN5D3DLsd6CAekttgc\/RyQGGWPf1OdBrGOZ886sVlSYfVI53O8wLp1YwCY1QmFzdPpSevtizJ2XYvFJ+Yw3zir1qwBxD4bhntoDg+aEGwqIyiNyXgHCI13JOQpJXthbpRAj68Wk4NuVBdRmms6tJsRF69JML\/Y+B\/BUH3oVmSCNLicSWHjivNwSDG\/d7QepAS1wNYGwNmTzWQ\/PCj5j9Cdw66mm6RDZWarxDm\/oSk9NEMFrY7xKK7IeubvrPWd6WDDdJ9Bovp5NzhHiKuwVSSx\/d0e1A6bU1Fi5dfUEcrY4mCVrLQtrrzL\/UquhZSdn1pyiOy0MI0Y\/bnbB4K6J04rXZ6nEtp1EU\/NkSSyz++QGuwa8v++mBZgyRRdHXky\/yOSrTGxbmNikQP\/BXOaO3nlrxeU7SquOho6ofMGkAD9m9nnD04JBpXDbsymnBuGkTUgApPRp+NHNg+aAhwX0QXv21nT1GOJGkgZ\/kOk29raa5UerzxHP43\/ZNnwqcVGS2ek0xFdawyoi7pyvj0GVa4CngTmUuJHLHSgXXYFgoXLIzPy5xMdEYkZFlxKRT4P6vvGmfHBlL7ZZl80WmHAnvVLA4inP9N6NQ6gpEuafQMHiBC8RZ7r7p\/7NgSW8\/N+dUhCD7Bp0uOQmBUbYktydmi2FFhvERfbJQ=="} -01870{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814361,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} +01829{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814361,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)","blocks":0}}}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370815052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"thread_ts_usec":1616775370815052,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370828465,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgTYBOuNAAAAAQhbtLKZy53KxAjsAiiM0e27twBAm7orpw5qxd1lVUqgjQB0t6bjTCpm0HrYctLZlOW8RxeFqYLpUL6aQgJgsqWU2IeDMkSEWQxNoAD9isTk9Yu7pj0FCV0RExtP\/DdNmswmyNYMjGETYolLSYO5r9J9yPDA0Hm5r2Be7ZsaOFJuaPcG+Z8cemvuyam4YpqgIkUw2fRqAGCqYxFG+6KmJKwipCWmTGX93+bCnHXzHjo4pAAAAAEIW7SymcudysQI7AIojNHtu7dEArButeYco\/iBezGaaRrsPrjlQJaXfjGrGOtxyW+VEUk\/MjXR3nhkzs5hCQvCoSZucW\/0W+ecnkNmCHqs4SIt8zySyF5lpDfgp9EZivvNrzkJ4n+PQNK45RWScN6\/LidvcVOvPedmQJOG9nF6nKt5GINaBYIV4DAkyRKqDgwq9zUb7Yz7KbZ4\/U\/l5J7VJ1IcyGwyyxkiATxj0nXz5iL6S0i\/Qff8OBcicPH2P4+Ard1Ld6HdHHjevwx0KBLIR\/1gx8y3jBkMb7NrDl73ag0KfXqIo6e\/H4rDtDyvQi0MpOujutDnn7iduSAyMAttxebYk\/V9FvCkMKZXO\/f2aw6MwYM5XiQfiS0EGekYNUqu4tX0eDWRfSvzPoSK3zwRx4JPCDcvlmXgRKO5rgPMPeHxw\/4R8pwK77EgYt1YvugWPg\/rFjo0LRZvcA9G8G\/1gz6DPb5lDFEY+OBRlZ30ZE6tLUP1ZFYbG5jdeb5yhjd7f9M0RbEJ7ln\/y8vbPI2C0bUmD13Rt4Y0G7RfrbpAU3FY2suAugOO+boypmtiO4rL6zAODnI6MCvVUhjFhDUP1ZMy3DEbE\/xnUPX\/Up0RcMDRMmYO6PresXQ5RkVkt0ae6aInaNXOgytqGgSHQfz6uOr\/L0OHDt+bSpAApU\/GkfBM7SXUX1s7HyotBUmo6gVS8HUZuU7YrbYGRso8SY50+dw8BAi3q47Zp9QGbX1DzI5w9oYPtTUGDdLZpClat0gKKcURLG6oNQRR5\/a\/JtzIWMdkwQUx7OfFsqZADmUiIoX56wV2pU4xEtLCFSctyPKTea0f+AM857zRIxI5doKRMWBQCReS4eJtI+yNHDXx6msEsTTh2FP1cyyPpHQPXWO68SFhWiSGQJi6ng98NXq4DS5OGBxniP3A7SYa3ygAOZyBymKqUpag9lF6VLHr6ZcfFBz68AaXUvP+0PP+sUaVWbv5GAaFkJhjceA0c5G1AXQAxAjwYBgFXSEHCZ+nyt1bRzD34wOG9Ui9\/G1LO4TKEaGQ7LK+XoEPq5xZpNj\/iZUA+jo0DVw8QZXc4bgx8e0jAquDv2o3cBMoVWhbp5uoSPs5qAuuEJPvn95LwoGyVBuftbARv+sEm5zZ+no\/WCBkS2bMuYrjzmfTiTl3Zagm49VDzuUjI8TYTYcniFkZefA2AU8ighAo1jD2vIVqP6oCcqp0gGjHWGXQJpIi\/72JF8fqcMUaIrAYkZr327d7g0oopaslOaoi7acasbJkIDuiwILeD0eSjHNpdusKEqM8ru3UWJiUf+xvi88b2UB63AqrZi9cosVzKiZJNiYgJtznIFN5GeceVOKOMBQX4zvEc8NWY\/ph7nUhzt49aTuTiYeNXwsPqA=="} 01444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":1286,"midstream":0,"thread_ts_usec":1616775370828465,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1616775370828465} +00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1616775370828465} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6932706 bytes -~~ total memory freed........: 6932706 bytes -~~ total allocations/frees...: 114186/114186 +~~ total memory allocated....: 7510323 bytes +~~ total memory freed........: 7510323 bytes +~~ total allocations/frees...: 125918/125918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 643 chars ~~ json message max len.......: 2262 chars diff --git a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 535dbedcd..d3930d5d4 100644 --- a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,47 +1,47 @@ -00655{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00876{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621417111064920} +00655{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00876{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1621417111064920} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111064920,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"} -01416{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621417111365444,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111365444,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTpAAH4RUmaFzUvm0OWdUdzQAbsFTjvyyv8AAB0IRl3KXBW\/LTsAAEU0xBtknC+XTdZGN6290CAoRKHgbmKFJg3HBwc\/jHUJwoDaxdFeYCE0Uygz+VHs0HUnI94AbjhHMzRan2kJrzGOLsIFVrtNzL4OkTEDJq3UUrfyDciR9qccsfqQIGKe4+mov72jtae6dT46hkQ+QTnI3qa9w4Yrz4KUlPgfO9zVCT6mXSXTofwnKS6Qfdj9S7TH8yQuxrRDtFQWnhTNy0t1UKhz6qr7HZc7OXUxuEatCLs0GM7RQ5XDRBXA5afG92SX13U42sqpyR2Dqucjmfwt+AZJqZxKZ88XCAoPiBg1nhBBqlcLQi5b55SXRrj8J15Ch8Ci4CxPCOPzc3h\/5D7UZhbpjLoo2\/wZisT7R7KxaJ3ST2sZ3au5Hx19NvbHrwwXFyjsVWmpBliZAZ1eg8gxdq7r40u+8bSjNep5S5X4zhf+AkNuV8jevuxbg\/UwlzjTe8n2vKNO4Sn8ezT9DiH9wVxoqUgUC56J5Bw\/YU9h0I7kitWH4Ge0BODww29+Aa48fFyudGGRJr0yq65POy0\/nSLbvLGqwZp1zhAkIqUsP2zPPDhVLcbkKuUbzbLDncwcQqWbszMpdX6XQMob8NEqfarZfUbWlLQzVqNQ8t+rVuxO6E0Y5ROaqgvU6Iaw65vnffX4bnfiGXYqsNiOtVcC0AGzgdFbgZHuv2Nb7kc0byRUKspz09Wn9zWhuGfrICjWmqrB8Q4VPqUOIqhoqXlkGkHNbJf58PajF6nNTpLrSKS\/s7\/PAyhgL493GmYSfIy9P3KtC5vS4Ku0zGWvDo8SCxhl8hUKOnlaSGpXqSRi3sgHur0sAZSPpYHgQ9ljywBydFstLrd5zZwAxQ9+vV2dyvl5E10qbt3utWTyQBXOGM8+cRbZ3IceK6X8lmEcVSe\/lGIY3L8lM0BH4NVdxflARe5x27az2293PuYiWrepjLgL\/t8GJnVIEAfdEDDv6nlOl6fweFWTAviNX0n7H23ADHXDBJoQegMO44JmGpnPyeZ7peOilpkbWx9ATq+r0mZxbasRl34cc\/qUozcfhHeRKRw+hYpaT9CQZ8AwobPmbBbge1PnLbS9EJ6KIdeNM1xvj5qNQCPpdp21psJ3+wuxB5WdrC5cRGmW+pfRGXkJSm\/Hxm9DB2tYY3zfLjAKMpqTNWMC4tSeo7z0jU4yjg\/Y6fR198VAyclvSR0O5TVO1oliLvxo8sV\/3pO0ZQdkjztGQDklMECKRLmGHWeq07ToUjA7\/uq\/1q1ZaVKO9+hzMdiy8RW\/albPHuZmkMcv\/hdmGmUKrlNaBelZYm3JHfkOkgTs5ncd6giTGx3+gp+77n0Cl2X\/UMETVoN6eJC2aNdjH04XtPXdO1zEfHQdKIZ6vLfMBFcb6lyyBQHYpxqMpjOmWiEaBu7NBDgbODnVf+Tvq7iqc5vUfezJABJgNs+wQkFHvjcnsWbt8hd4lnshRnhfEICGBWv6UJsU9Ov4RS1eWGN6u+WJZ1KqUjcUa+wjrhijbGsQMvjESucpeFe9xpKA8HAlnPSJl2ONIdzQBHu\/3yzS9u2h1V7df8T\/i8Gdlu6HB93T89Yjw6chn7zm7z2FtGgcebdYl7BpQRSNjPJz84wtrOqzP5VkldxWGcJvvM9JiOiFsmosV0YXCCuN0S1I3GD34RZxvxyg8ZUjvsqRi2E\/iDILq6\/FEFNEDKUPx45Bzam\/QoSbKhlDZxaUjzLpRLnCd58YA3T6qMB7hBeBBV7m2MJBvTY86h+TNrfUyh9Qv4iQnqyGKkFDZSiO1ApSSgUS"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1621417111974951,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111974951,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTtAAH4RUmWFzUvm0OWdUdzQAbsFTm5izf8AAB0IRl3KXBW\/LTsAAEU0CaUDKN+7HQerWxWNaxYxCvRcfnKOO+ybfMRaHlMyLV5\/ifvLi6NsRKmbKUNcCUu\/u\/M1kQX89iC1g71EFL9hpQHjoogBRK6XO2cU5STf5N9JHAk+8BPn45mxnB29aiUjdM+EAfIXepdjDNQjKc09rze1a+uHtprZ5+Ycrj2s1oiuYYUb9FANNRaKrpCGh8Q1rnRYx770sBfzPHCd4rH7ygHAqZA9rzQXUKNYFjXghCcBZatYZ9Q8JwAA\/fKY3\/lIAOVtIUm1GWVWJWRArYGxBCEQZpeN5QPlw8cLblO\/3AfsaykEWbI69jFCOGB2jUptGYOGveg\/lWTYc3h8ky83fW8GcKmxAdv74r3jjdjUEQwR+OklxSw8nZmJJz7vOIvvqHsGajXpc6slDSCi8t109u4JP5JW8jD8wB8Wu2rMNkpmGllvnJajJlPlmNcv1t63eJQ7tGt9eGqHfIOgL9TpzURHNTm6hgSstuIpgK9L38bDpiposW3bHdNdiSGW8YfcnS01KCB9zAXNkqgfNlW+GnajZiezd1EJNTKChMtZV3oLfDVU9cARvR9xtldNProWOwXOZYPAYtfMb\/io\/Vu5CAxNRhauAQj5iV37FvKMgojNtwe3JiavKcD\/FRmXzVU\/VpRWC0bmuCqHRqGUFP1t+DceGKbtne8WNVu\/xmWJrd890soACDHC3pcknd\/nHK1UlwSNkQ8SpuBtv6Dp3ZFRJdsGRDvauS+NTENiJpqioBeQmjGdksZRA0\/zyeeZ2tToLKwCsABDpjD3wQPTSgs\/QdPv\/A5+SuOjcGiYVuktFgslT0Wy1tyms3TA36Wcl6ZEPkQlM\/omx0Cr54NreGjEi+Vm5kYjmT2fnBvf2AQ12Dg9A+pCWtWa4LMGgtYYMDVRRT6vqKnhbVtxxQSAh\/MWBMyqiQHkkkf\/vXhJ\/dOU8N1Fd1mO1KBRln61my9oJczDOwipHZPAlr14xAsdkdGB\/+HZ8ppEuJtqtkEtcOw9xjC5dCPbakUtfuaLzDo4DHXPrpt\/f+rpZlU81EBxJG0afG0vQOyE3ZuYMlkM4IVgPqMx+uzy+sK+2o1w+yZCywDlXOysJF2R8BE\/KVLZRpL6uxsfUOFnHV4VQFOd3VwykNOtm7wpKwJ8ySG1VrRqSLuw3SlZ8dJXFZ8gIUVHRRjp13ey\/kua7zLPrAEFz2vf1ZYTZ5m6U9KeweZA3wPOuih84JbuHHl9vlsWDb7s9qrasejaGIRTS0yaEkKOXG2aXkwOTKzHvuE0KuunSsQcA3e6JAQXrlvgeRH7cNh8q5Noilga8Iz99iaZ+tph0kvufCI2CHlp41du7sNXnyC2d8RZPQAJe7D4Oh1BQLIpaX6IjRHr6Znht5L0l2uxz2PQHcoUX6n4t3dcGi25AwHjP5I3uYq5MEBsM+ufza0eSWH\/9ZccO0cIAXaM\/ZK7yJ7h18lQa\/XrC6T0H+iG6YLcBs+Nn\/WpfxO0X+Fm0xBv3kc6fJmlJHPrTgM+FCizZiybSl6ku\/j60rHDQ06vpIkk9ZS53KSJzAVvHcMEw4RS9GGhlSYAJux\/nZp6xaRxVAmLGayjkrZg4JqrAaYLUFPZxCYnoaoOUed39DfjyYIGdVO+lFtX93fPnuewUpoX+KmbQlR7Ka10pukI4fioRBdFHiEB\/Gn89KrwhW6ASA0p9Q0Oc5cBfAuigzZZU2MmQFjJi2zpQVTe\/5PEXmeSFsWQCTH3gUt8UDEky7qzZgA+xFi531EMe\/QX6lWUAbOhV9FlVkAVMO+3"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417113176734,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTxAAH4RUmSFzUvm0OWdUdzQAbsFTp+DyP8AAB0IRl3KXBW\/LTsAAEU0o7FkSA\/0ikSyRqQvXGrrGoX5Ae3X0rpAL84q59M9qwkH9fCBJTzZxi6V4r0QKCxOQEdb\/FP0ffCcVJD3QVcDTLQKHyI4uAK86EETL2hvJCOjv4iyoBWGc5bZ+FonNl+uoMd4szLIqDd3NF8Lyul8XdWC5d1IPNGwCAYCt+Og\/iwPdOfHHEGI9gtMs7wGuSa7MKQzgxaH9KL0gJbN4N5z7kbS7wqrE5CGqR+jzwYMZISKY\/sOkuXOPNFcFX1DsUuNhKe8O5iIlFGshGWl93ko3Qd\/s8Im5+y8CKtW3GyyP\/aPkF5DjXEI155evNh9WIs6MOpalk16FUT+wSK9hU12seWzSutVyglPlt08PYq7MpuTYI0kBvQ8l42+eiwSgJZltMAkKWqSbGQB\/K\/WJrUr8daz77bvAE7Q+SFLL4PMA7RelUCpZmjdkUXePH0ru44wpgp1YmSEhCFG+hYRZHRDcDO6zD+q5H+Sqc6LDjGehdnR5m8I70PyyS2Vs5uRt6O\/UkoXQMTQ6151icubpXuDD4DvwGDE2v\/NBuxFTAVpYajm4s4E\/r8GUtWwVPPHY5JNr7XAPu+QoCpwU3g91bh4\/hWBTzenD6ShL7E5zHGy0j7CVPmbQxHJL0l35qdZWoRI847zrHHuytkJOIBR6dyp\/yN1At5ZMAu6qxrWM1DmDg13uB321ax9qJOag8gfC7HY5MXhg1DQ82Z\/\/n+AoftAxjjW2gUuN\/rkzpw7iARBNZrN+q3drE9K4m+nUJU4u0SLFWRDM9hRC6xS+3AtmH\/YN40H\/7qqsvIRj6xEUILOgdDWY7aOAypUzptiqmyZ6gd1fpjWq37xq58tUmw+Im6iVLxsgtxo3Bus+Jq9y4ZYdoSLEebp8WIbG09yXZPfHjwg3F0gkF2aSL+JOmTTYygRBB9\/uZqJme0+8ifTULhKwNp4AQYFE2KlhPFogQP1nSDiVnmjBOk0XCE4I9fzQc7rhwnGJsXOMSpgeUFHKKwbfUCqHscY8G\/TNkFgPWaSGVt+qfCyBSMtkSFDP8kFGj\/RY0YX38a2+fcG9Yv96cIbLDPWHxCPjGtEFONIACDhfytwgWHZ8REERLg+oIG3X892hTfWLIuUOSUtPxIvV\/lkUVLbbgQOEV\/OiK2YnbaZwpy2xHZBQHIBxflPDtePFQo4xBRiIfoz9W7FxVLQ7z4Ukv7fvpA+qilCAfVP\/Hit8WJsDlhMcr8s5HDdidYVz78p57n\/hZECl1HDNlMji5Beyfw9ynaHQLBb40TWsxuRE48jn6jha4820DqRPhaE2atATXnhCcJQfmk5DXkkKivQCgGB9ivDWhfJVfxxfV1zHjhZ93tt+wZniB4pEyA0TkA6zIPNYs2A+1KpBBDu58xIfcTlzsToOIcukgOdf37OdZL8yKMkQDkVinmTspwWDmhNan5AMaHf8OO59F\/Ju9u6kMc7rmDT2qXlW2VbUebeJYvuZ3Yrx0zIggOCkDt6cjAwUJvko4KPZS4DwAEiA74K+\/dQ2T2m1MdpOm3dtTyoIgm4HNY8CPNk8SupcPbDn4HN3i6NKcd6Aw1EyZzG5SKnUzyrpgAgiwy4iNXZVclN9U2hqUq\/QxoBczTMQO\/CQKyb3YJMr9dkcYUbfIHfs28\/LYkL6sYs5wskMWskQC1dXNo3b3m+JowwrRqwtlH\/NiX5twif+3YItLzXWegIzUA3Juh7oTi3Pa+DSgeBg0JCXubi47Tw7htyJ1Q7NmhTT6FdtNDLyxDRP42jWq2p\/CqVQ3C\/3byz"} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417628801012,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsBAAH4RzreTxFoqsVYuzvDPAbsFTkiRwv8AAB0I+raMAglwITcAAEU0GmovP+mvsihl\/92QhcJt6i9xOCuhIR8v+QVQPDfpj6BytKt4QkFnLk36FAbt80sJIp\/Y2c7pKVYoBF6gfeinYt9EQsJeq7ROnY3ivJapj2oaHwAzsZa4wHPnbSp5Fzk6+XETr+Q0x6NnHbM3zNCM2AaHMspi1VAViZWQsrRPrT26HUJgBdgrtSBr704DAlp8NIBOTaYQmRsLw0sO8kaVUQSTjBt91sODuXuJFBlvmd0rw7Lx9XhhtXOEq8peMATmMSiGkCnVtuHU9IHl7xPdTUKOwX+iqBEfcVUDuMTWTQ+xEjmygydvmbpLt++lwihva2qbwF6QkkfAhzI1WNSSRrlwUFqM+Zsvtnl9miygOu3MVINYanFJshDLLhtcYcppiQUtPQh8neggpYf3NcqHcOg9yFih0GlvYXJgOAi0eylABT+cl7jZZQ2\/9NICqkeHp5SgtJZ+rnT0jfRUKImzpisiXxL0gUjRhZOBaNVTw2DFuXCxQsKg\/KU7zvbCtbjOLcFIvgcvLg+YOzho2mATZS9Qfa20oAzRIDxCf0U\/g2Kp\/RjvwWjL8Qf3VcFus3W9PJibs38Cnb8fC1OmRScNRTKV7pwvzBngo0k14tTrnFD06xzFU4K0vUGZStljl\/FAwNVIMnRWjsQn89AVyrUyoiyAS9a+w+Ol\/IuzeZupo9JHvpafoLvt9p341rnuNTMpuiggzG1a\/AJiehCdHVju6FHVk25Y\/MvQwUZ0i\/jES6yQR38oUqlnXVrq+fKrSE\/9kcUPuinfPVwCAVdLSD\/ha7TenkHZGDajCF77P2QxcTnluKJdVrDlQTARcyFrPTPqYJkQ\/NBO4Q2LUqkPKdSNg8BTKf9ErnqfzfLyF5WoMGjiT+xKiXVVojRktrJCp1vh\/UQZ5GB7zhzqnM6KrzPyc3Lxp3Bb7qVApnsRGOqMr1ngaD2S5zZ2FCX87pAvyMSivW4aYtM\/FgZ5fi1KOfYRKUUTVabBR4V0TSKE6XBOLGcK6tn4xBlT4YzAm4R1HLGrMHJVUw1kbq8I1GPUl2Oe80wpsoTflQ\/7rxCHFRENvTpUYufeWaZVYdHvgsMahyyxgCBnT2nc01NamKM3ocOAfaIGcBY\/TLk5FbdJIlfNuzsvYmFgqC9vpu4ElbzDnAVfSEDcO9fSa+\/JxpgCfB9tsQNpFDTYAu1e0Ss3GB+O8aZWjtRVkhzocpK8euQFsHuPNYkc0XzFUPsLBkPlcmTbK4YVnrIapDZ744rfE93ooFZIUkO7Ch8oLzqK0OtBOsGmVGFTbaVf+NhQknLLOENbTcHT7F0rxbWFDU++4qTR\/XmfJ+wUTJsT+\/quj3VddN9kLF9L9a4EgHNqz15osfhMQWW+l0C3k2t5fh5I4ZCw28kLSE6kXpe3jSgb7PvPC1LSkSgWYuXB89Kj+qTD\/cFbalGxIJb\/WgzJZn6Gd7R+R9Uf44YjcRfaKor1OTqri0mpCgDnlcKZQFUkScXWdMFAepcOEwVDvTUtXG4T0tMPM\/db0x58pCBeZHjWa7wiz\/JWqOATbNaNGCr6YxqPK79sl3n3mgQubt+x0eKINEGpxaZgah4UluP1BWQh4YfISLcQeFbuVb8GjyINELyA1nqZY4Rm0zHf5sR3fkBxRXy8m7315bG8d2eGbZxchn62uWz60SggwIYaJ0ECuYBFMzQZtKNYAvyGaZftALbKhVzxh7mgcomFyIRc7XwzM56SXrPBzXgho48l4M8VVXrs3DqFKC1\/kSw7iV2kg2+Vlrpf6i2uga0t"} -01398{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com","domainame":"sb-ssl.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com","domainame":"sb-ssl.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1621417628930767,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417628930767,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsRAAH4RzrOTxFoqsVYuzvDPAbsFTm8Jwf8AAB0I+raMAglwITcAAEU0pjC69lxL17I2Vm\/2Q1yiyTryhXfWfRIufhNP5rg4c+FEuOp6GqQUQFPIcqWk6U0BDlkVmnmwl9dIFWmX\/bKzitGvZ8mfDi9hktZWexq37TSuAH96QNRoeDy4tvPiSgKIr6FZgR4Q\/HVISWRrxFL0ZKD38sgIoVYjPEx\/9Ic4WOpPiBg1t9\/qrhQHH9cTVMgWsLt0TDJTL0KZv3cMnUOIyDfZegNZ4jvz12dVBYTIdmKO7+1d6Z2\/OF7H8egyUhxpPD8g63YnzjMgsOVESGTopFXkRNnrC5YYuCPBc4+8zyPzWbaRA7ZY7Dj7GHebUIt0h3Gw1DMiRq+wjLGQycx78BHNpTa91SU5Z8OasixP0ARhcYJ7QKV8jqRLQIZ4IpBhgMNdrO8Ggn4V1al1n25AZ\/Lyk1mcCfIi5OinaMRv84l92mkzRek7AiZLH1nKN7U8\/la6FOtm5DE6vEcr9GZeZ4g8aHUkwBMbmP+13DolPMOI6DGfrXzZ7dBsZ4wbQKaGjaOhZc874uKqQ4j0o8xXhMGNRmGzqEw0XLrhUHdOwIt3sXfKa0kWZzBhThe9vA5yuf2IJle4m+JLUJDIrj8NkmAliM5a1Ztu0S1CjbeZwlZNEfqXXuBJ3XmYBU6x4TRQAywkhzhzUXIItcWXIsLEo24LH25n3fHel8z8SAJtU1rYW4MJ3cHGCieRuLa9m5WyLoD8MhHU7jK16MqrtWsEA8LCVJ4hJcCGC0d0cGJ9TmpzgM8fitFGSMldwBt1v31w+KigRFbv3PGq15QaFu3Bc5ghmXY2tvuPrAPwDQ1dcf4BaQoD2VAGVaIncU5tvynrQteTCLDkNbf+kZJa2SKp54q2Z9Fns9c9jt0T8RlL2p3YHikPu7llSazlfLXFGeGzoDJGGsNxHPldt9to6lNcm7BdP4mkNcgatPDawW4pXv1ns4BEQlIqeGnHJbtHqijRNTuEtZwIuRhW\/Knz7OtExuPugeU8Zt\/GlPfZScOWlEiLrc05jYYCgWUXmqy179xmcMucA9Wtytp06aBHf+WfQ1fURy3jSmQ3NJ3gv81uQ5roWC\/f151I1SnpAuoNl\/wshFDWrHEG7wosMoA69VM5ioRjUH6Vw6vtLsEkJmdXHbiLelXmCeiv5o5cjuB7D+CLbcHnxi6S1s4ouqpxdZyMBB3jywu2tIYU4QKiN+fjaYMDYwpAzD5Jb2Fn5An8ebr2twQ9IO7dHcApVPzom1G8qYIs37w2OByHgFyhjSn3envhKGKlaF+DnxPnqjkcDSypaV6Xw6EsGbkUEBsPWaFNAQl0rYQv4OIQSLLLDbtnqJSJtFqJvApbEkL5FOujphAtNX4TvOYetM3s\/ZH5TkEvzT+bgZWz2mB1oMOoQPy213DWxLIhN9Sus3pIVPH9KUpLVArxCusIojjl4y\/CVvWA5XX0iWrENm1HaA6F521QuNa+s5DzOv42QgWOr+s5uNKSTFxAahQlQrNplOZsHircGL1XR+n2uD2gTgWAAY3b2i21J5cYoe0Z\/jVWlplRHgm1fBm8iBceAe+i8eGjb4bPc5PfJZ8n+JrHrN8SDylfFnIiRNE8ID8KN8lkbNu3\/oS3Kih\/K85WFq55fup233gxsGiJl3pqoHcF8IRFeJ07vNzBh1QaRlhGdke5sCCm3DG3xbt+UWW7rCkqr05j2zGYZdejMwOKkfbRf6NbqQKPeIcLIlv2bkyG3CDxjjE97A5SRMMjRaI2D9gkNO0\/wn3W0x5srM6qZB5BFLM7YG15trX9AF3w"} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1621417629532013,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417629532013,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417630732572,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtVAAH4RzqKTxFoqsVYuzvDPAbsFTn5DzP8AAB0I+raMAglwITcAAEU0w4P9mb5\/3cAJaj4ppvPVfM1e79oi6647O9UrDvxHMvw6wV760XlpSjd61VmKKMxqPGYPlva3z+F06oB5C5oudSH4\/k\/HgNY8EZ+f1zMxLEV03HYvd3eyZ2Yigb2EaaYwKjEGJTIAPhnFqoauAh2+NlX58F7j0QXxOBZNFmYxTg0U2ixrG2zc81LXcer1hlphJjt2T0DJryb7+H37VnCGZV28ta5KuFpJCEHU3Fd+Au8hzAdacFpKvFNnEUxffVdh7LgBkgWaVuMdCe6yQz92ZCsCzBLddU1kYPj6RsuYCawbvUqb562kpiZjfFkIOttpasGIi39tj\/u4v+6d8j28V1orGO9PZqXvQy\/8lCwyfjm3k0DcU2W3\/tOXF3YDgVOA+NYuef5dsvh8sL6Y2zGiut+QW3tAqTRsL41MM+QyzTgsUP92XE2REPCVdMjU+ZIArKLV+PZhQEMEltTUCaVI8sN1kF3tnGaBAFdJ4MLfX8o+rvJwd0AlR1I0UPhxZm51ZaCJ70wXahMqe33eoOnF2efrrFTGLRJVQjJzGYGviNutDC3KeXcpbH4fXqHVXwA8L1ASWNywa4RobifRQWTIDiyeTm2aFLHckbvi5IJvvPvnpIXXzVtd7lNSRojof7DLLLHH5Sh9MJDu67gcXOomZlUg7yOcpexQNUN75dczjIc2sRYYZZrxl0OgwRBDav0XDGXFuU5WHO\/vOp5NjVJ2UuXp7FsurhXvGJAbAE4FOp7kuYa\/ApYFR2pqTRIboQp9DJdarbNibXR6+hzTMq7WOo6ePO5+ZILoF0GFYVO5hMThECA3Kc6QzOpREKQgESXdX5ctFgyHOQKvBPOVvSMrVyI7tKQV+CCeeLPyYTVggovh0hGzowFxkk\/NdLeFz6rPoKgRAyda1meb\/KkXjgYf08b4foJ3h\/6I0kE8xiLDjSKXk+TeI7hUzuuZbCPA9dRpZ2MBO03rP4oKITQG6AljreAq0TtXBhTVlUpi6WqLB65hUZQZmZ1FngmVJas9iH\/peYm8YAq40PQZFcepCCybIMxESKXO4wQPKParQ72ob5VHzzpFoLivQA7oY0yXAuRPhKkZa4cB\/ZEJyab5Og2\/1JA8HV9DelwdwjObFO8YWZySPL+5lShVsPkk6NyMIkgqnrPUZ9429DxwJZF9DRWha9nyGoqw+0N4OtE48TVTIojBpDvcI\/CTXNaRCq+NNQ\/f\/RHGp7OL5KL6+TDhKzMT+zzHQrhBJpIc0hWz5QeuCYul+OTpdvjea5r9+J9nkBp3Vj9JMEQ6M\/iXF91ma8TRXEdDqbKAg449PYPC8M66hwolveyS+2EObExXYBklmq6YlojZm6PjsD8eUEaG2RTQw6TQqIOLKW+jsLOLrD0Cax9gUMArAnhTzmw\/Xkn3mdkQzSWVu4aAF\/\/d9caBq5UL1UsyZF8wXlxfJlBBp37aJpG2nKuEvm6BF2LJ8drxqSr35iQyCsS96IaxNG1QT6mySn6yUJJsBFTQe022CdM31VNWaRoaHtpRLujQgB56qEnNkgULsTC795AnjwrRgWfonX0MDkzYh1F9HazGYLRzSGrlEb6ozqXsakFtOHCe4RE1o+khHM+ddPw7xhK7MIQerOF\/fL3TRBMI\/AmEtXrZOePHMjy8JY1G1\/MYpf\/tT4ORBCPsA7vaoI1Tokn1HofUnqqv2vleftYM6lBm0h5quun1SOOjRX5uNSKqoAw75uyHCkFAUwF+izoDgpIEEsrscpvjeKdQ92HbKA4t87cdwGTHX5Qo"} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417630732572,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -00881{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1621421253470357} +00881{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1621421253470357} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253470357,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253509654,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLpAAH4RAAiokEAFhcpMaf3EAbsFTviHzf8AAB0Izn33GI1xCTwAAEU0Q2KPp18EaD7CNRYkzOIN7dKmyWbS+N+cMemkf0psuzAGPfIWZySwPChV53Otv2dvXoDe3uezGPqpumIIkBf6E4Y8ZQDOb1kq7QnyaNj76pl0Rg6iP52gI2ik9D7s1o3thkJPMbsfxV+fuIPAKjePBjQmUP19frND2eTijGA2Jo0+u9aOzf5exzhhFq\/6nELW9tIN5cnw1mNp97ad1+XFptBiaaHUht\/AwUETMgLsBZ6XrHBGlpBY2lK8op1hzm0CnYVtS3Djsl5T\/wl54X2bN40BKcjIeQUAIe+9lSfAyX9VzGt1lyeq7sDtfGOULnyc3MRIbszfJgkdcma4KWIGUispqWzhbI1x5e\/RjTMlYyCVLmuxtCNhv9eaj9oPhvwV6QA3gM9QoCLiA0CWKH+SJGX2Rw5rZxYoMKeut8jwQsj+lIDaZR9I2\/AyKbpAZBbM0cPn5VbbglsRXZxJcp2ZEFpU9VJWoFGfCqiok1ySmzzALJ2o9fBW3oS1MBkHpHdYLwXsXSSHZum4zp4LAa6hwGEqhfT3QKMIosJCyQXQx90hg4FPeCfhcCzS0yMxKuIS7muPu13HLa3vp6BZSjDm+YGM2\/EP2rfLAV\/u73iBfyrpH4MVfT6XT9GH6DxrXWXPtmgj3dd4ZDJSS2EE1yZ7NzZKZHIzRIJhx+M60uskyfvEmdMlqpu42sPL14XVPHdNYMnoUS8X6WLni0o2VZmxQk3SYBjLMZKHNJZHUGBqZyOnDiDJEDUgCVpgpbyumDZBrRfKCG8xPvowcATyQ6821WIR6CIzs8Om8jqqi0JAvkN016aaA1p5ZCJQtyIP7RVszaos5bQYBNnQzPdcPSfCMMPRbEcbBLR\/8PEjZSJVMTynsuFnVR9jIDV8r\/dX3HTmyKXTIz0yNwtPT4H5hqTdaTXb7oaS8Zarj3bCmVeadB08cU+k5BSQkWcmvSsbxQK9L6WXdRC9SodhjDB9zefiVEPcSl7soHeKsNvYTyCkd\/XAIWMwe3bRjY+Kv\/KQy8Hwi5otEn\/W6Ht26F+Edg2+van4m7BF2EhqU16TwOM2sNd+iloXCcatqE\/C3MKqQU0Mkp2P+yV7oFIESvsIr0RB7rv76hjn+agd\/IgZmvvKb7bk9hq2XrH0HI1yi6DgeQgXvNKOZmzlAcpcvnqKhOiyX1pKXCxj5WdM8xyZrw7dWBYG9J+ZB2jRzA3N6g9gR5j+cHtRybtWCobPi0uMCp5Y\/TwozHIDGhNtykeb7ruqTg++bwL4cJPnLkfBMRka0gmne2r23CHGqUhUs182QVxVo33BcapLgO3qmkaZWUAfgES6E9cYn70KRY9mjRR5JB4LkRsmI2UaT20HAZw+DxdsM5YLqgbKe6dhNV2IOrhV\/TxAVxh6mwBPFC3umIWlZnFUvPCLyY8UM10QQ71eYC1SJ9eB13EtUmpWxQLGyueBG7P4\/oLKTc8PuLFHXfG9dQSOw1wE33A+f\/cnDT1FhhN1YqVpJQdPwJ4Wf5eVBxsn9JpIRrPWbarviWoroALVlD67VbRZJNKwOmE1HEEKRQZwrLkbev1NeFysxZPm4Y3TUawK2sEWayDygW6x6RN0NNG2Fay3n6wsNuNc5zitBxQaUj7zNSVElsX4h6XDvK98\/ECQwIKitJALgcMqiEiqaEc6pa+ihQlR1KKvzUudiOciEKxejDPhTjufOq\/UxVIzxEe1epyXEZvbVAZDgleZWCCPNPFEFpRRnINh23vNKajIxj\/Lj7QDAzP1y74FtJQ6jIyHxOrz"} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253804100,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMJAAH4RBymokEAF1Bb289hQAbsFTib0yf8AAB0IFOutyi98gDkAAEU0cgaq22OVD8Dk3cOFWT0xE9g+YCtQyxjYAZuBA+biQ0qlLk4G4l4FhrZTdWwEHJxix0i32WGF+VFP6SA62mk\/ahCh08zZkteiAklY2im5lzs3+hv5CXVaBoCsdKzK43351bgh7lFz2rLxgClTUrt+ggkqZgyH3xqh52dtUrDyoAHPTLnCu42bYt031EP3XjXnQN0tMqOu6lBcFDhjD4aNjqQ4gVCp9D2V7BmRO3otj4hId4G69dqomvKCMk352TcjhRI9Y\/b1HXLPEwZJR5SMYjM0bHHNJ8TU9yEz2sN8hXpEtMivH1XdJw0Eh8yYm64H83Y0HweIMWoyJiqpIlytTnrgkym64mLXXZYZW20KwPHeajlZF05XF3+pFt+uQ4GzrV5Dcx3AxUpXpEdoKl3n0ELxD0JH5ljs0a9w9Sbz1XKL5rFy7vCM8UkbGTH6qJsw9yuooY6A9x3BRJQldn\/cjpkxSonTfoT4ntKav5Abl2PQ2R\/XKxdCsedHmqW3DEd446DYQ3V85\/1reu7YDBrYnSyXTqTmbkWgxwxd8QGgoAa5urrS4Odki8E\/vxPzpvhWle2+YavjiuVnuPplOSMtA6eRixeu+Twyp\/mNZvJOkN9V44x6h72ppz248KXCbVBzRH+1a3Iw2Xt2l83WqoJ1ekOv8wHN6\/oiQJoJREH+g4zwPsZOsNyZDHhogPOptnRw+QNIjvRsgAplHaOx6D\/aGIthoZ3wqTLG+A+DTy0A7fbLu\/5uA2OrVkih8zEFgbKa96QzE7xsqMQsB29SUtTTgtaJ+x6DDlTxsS4y5GvKhs5RqCJuqJHJsUqQ+7qZO1IlfyqPjfQ4TdX3QR4WMaYivWpDgEtSZdNrgxDq2rS0MQKGr8L9tinW33cwo4ycFk5CyESoY2JbgbQLKBayMDiWClTvZot+D9gQ1USNgzNYyMBTHtywu3XkQJpOb6Cu+Cndw7HuOQ148pj8juCxBmSiBwgMqay2jsiMwE2rp2FJfE2pZCpCtkbGUbTD71AKVtAmD4PfgtOBCxaFvaclNBN01TZzkSP3ySV9xnlyk0aicuahfnr0uqssjLhU2lGOlia1+DO56SRT\/clcAVgh6RL3+lpZujJgQPm5EcCP+wloP7VOsnzWGwL9wZ7hJ40ht20W7jRVj3M6Els4r8Cq410yu5FloDOrNepfpbxjkZc6ldqZDdLri8F2g6JJ17oGz0uM4ZxyqgwoLWq7U+nURI2WoUDTSzDrhufyUwR4DJ9ZV1quggqjhetj0pzAZYuRLflR0X47yy14dCpQ\/vVyn1z2ua4Ul1zLKn5MiWFnBJIu6nyxsGQcno71kQag30voXKBH7HnrnnqUlbqOkjLEl5S\/FyD25Vd5cXtgniVi6A\/QPlDEt7HGYkYWr7\/lkpumd4\/NE+Jp8u8oDIJ2Pl+kBJ\/VZvw2TrQDNhyPOtdvHRPiEX8B8fs+MFSjeA8jQipbDbOQYT8shK9HjK1kt12l1A1WeA2E3iBlpveLOL5cYs7Ony3vhCFnJiyDYilQrHHcfZ4DT7xi8UHB2ER5kb0BMJsGRBThDiMxgHeTo+e7mFH8tDgNfGqLuRHyVlf8NgieuPUXEgyKmqYEc4LvmX4l2717+gqPnFHj\/U1TWUHnb92m5p6KStXy9LMrfKKfgW3hZcvDQuM0RslMbJ8u36V\/B9KSp7x2ODcgpxNNuc+y4vHSpU+\/5E4AvDNNuskmG4wvM2AAovGTD43c7ggngGXtjGnBtB4EnktPIpxqtYgo+FpqvKts45sp"} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253809118,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMNAAH4R\/\/6okEAFhcpMaf3EAbsFToEwzP8AAB0Izn33GI1xCTwAAEU0rIRdWSpQJq8RNm\/YHCWv+5lOAS3ExdrQfSyR3179\/1dRds5Ne7rTKilnr5qOATiPuwy9kvVwvXmlvh9A4pBwrdy5rwj\/oK+soxKE65UpWeIIcbWAdsENETDsJvZbt2iOx1FT02Zh0k4wZRYa9T1mqEIw9vucjUxsVJqzuUcDQocELhq992N4Y\/d7WHUCkfrvzFkWLhfQuDRyyFD+FKVASnwCfjWwtYzJWfj8xdfdTc5foWxQy8HwatcneUH3Xe7KQloP91UPff0ZYs++gTR2OGCqiGo9QElgV7ipEPa\/a2VVjCezu0CEeDpnKAtNRmt6Q4uTlIuuLMwbpsrTE0g\/MqtsqQu5OpuusA8+8yooJk3wiUUBIcxT0LyFbbJBiUpy1jybiKvHv7sxWdofXLuT2tOVm\/gYEKYpYhJ2fQxRlq05FJNYAJ3x+IPKgL4hZDLQvZau5wz24pWxuyqaqk\/7pdJCP6tcxGJEigvqrGszDAU6Vnuxr\/raz+JVrdGz71r261HwLy7jCLV4GVAGwqXYjimp+lVj7ZrdOYwdRbkgTFkqZGqGyKwNKcvkP\/vIHt\/aqsMYIwNldiK9WOSo4NjVWqS9IQGKVhUKZzlXrupygWzjxqeGR5dlZJFEihDxxcQCXNUgswqiXbBiU7jvlnjci\/Wa5nSBAjcoxUjUtEV\/Hmpt8r23oBWTbgRE9axl1IWGAHI2tDK8zoknUr82ajxFez+Gh0wDV\/MCeDcDUfVqAg5v+qUe56To\/xvqvZFgwQiXcqe7gIfrPgAP8QI6n6FSGGFXoDNKL9zay3oJBh5pSSHq1DCM9w1SKpHiwhq80tTvMNgKeuRDzvkzeQ9vDiuRQ1F0\/isFVcoHn1e2\/Qp6mJR8Lg6OjGTB5n9wJt0GQq6bX9nGsaRw4XAmHHPfPtRRrzAXpU5KuOSCBB0+ShvIxmEYlsFhYFhXfYMIaUqR+yhlwtPSDafAHcOechwW\/ra57z3xNbXAdhHXxU99F54Cb3HNcttIif3ThTZ5o7GOV8r62PLfOpQ7VeKZhnB9VXymajUkSEgKnVtYFRaDjiFok1vqKqx3wzDiPNSqp7GpEl\/yN2vdzXQrfZOp+0yTLLStC7aJ2V0VsJ8NuI036psv9S1AnkXkUUyeZqLHQXmxWBVEUWEJ4aw\/ZZNwpJ2tHF897PYgr1CTWWw4CttMzQLaBZ51eX4RHRn9kLCgvlyq1tMUT+4YjYbnn8RYbz9eqTM4rSN8tz92KR9Fcc0\/dMjAdKRSNurGmNpDEtITPjaUb1n5VBZmMevuy+YULm\/K0LRcgr3bjEgYFGgamvIUyTxG2IxIE6DmCy+rl9rr5F+rE4LgtHzkBPE4gC8ikWb\/UxYBUsyEZNAp4YWExPD5uevZdPSpVZ7j7K7PYss5uBH8TZFtKaqXjAaBFvo8+Iamk14Oh0pgrgxGqB5+UxZOAubhS2tMB7iGe14ZAIAuXL57InGtj0kim3J\/3bjlX1lKzHdAjJDSJtTIdaauSA4wIm+5djes7nIN5l8yHcP+jbpw79vdXui0DIhf0YIIf42Ya8fgEVunYI3yggTOU1wruhfAOOAN7F7YY31Q8MJfLj0qlihs1B3a0b\/W6jVRhMJ+QZ5ut1F8vzQhkHEbOYzm8VcH35XK0f1lM+HrHe56zOhDCcJ1Uiq\/nKgQwd8FV+HuWjkyGI8NRs6aas3Ro+mmhQzK2gIzxAmNbNSP65H2kIq72CE6rc1ZiknuHgwgzCMtoH6gzt2XSxfShl6CHvNrwhQToP6hE8gE"} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421257105861,"pkt":"AAAAAAAAAAEAS1QMCABFAAViPbFAAH4R97iokEAFcAFpitokAbsFTiafzP8AAB0IMK4bzt32gQ0AAEU0P1azBnSUVl3HX4NvBpNVZqFjb\/POClmZ90yDhIH3saXV4D8hIZuhFmh5K80mFHsQUDzJ5Fet2Vi6MVVm5vzpbtDzb3iZEgIWreSd3Ir9FMXdj0HVjyEDw6EuT6gRAjE\/21rarOXtm19YMu7r45cH8xqJwZu0MlI7uXzcE9RAeMgLEW6YsSaB9O66L2651H8GQJ90pVw7t2KzRklpg4gkXdUjv94LX0mxpP01vTf1Uur6iVP0hra2u3O5GqhBWtCeqqhiUxynXsEiIqqL7erxJ4C5Ceo+YBLOH7PyZpxjMcY0M8UKVHZb40RZzejcLgSUNrM70SQtZDilREUjdX4V1RitcpSnBwGOqBO33JSlA32uZ9lAm7tfb4HtFuyOK7Y6+s36I\/tJjlWkNcLN5vycOCCgMR\/iEDhDBTaJipsDN7UZescDsrCVRT5tibuo42Z352l3NEmt8qok03JQNTlENsa+Ywn9406L57nvC0pFdYqO6XoWy3oIaLpLL2+6gTc60MDWTKJ1UrBBU+uti2j2vV131OfFLy9NEug6HDeJt07pHoN0abz03ktCcugMdfCJCqkojUbtwT7bcr1xv+H+nfxzLGaBENVle48BJL9n\/fQwRUFpWqNRw5YGEoFUAxgSYLrjI3+8yOHpS2TW54iDb5TgzKjzNgy7VC2hqyxs\/JyaWpx4tfVLM7fnb3BOMLq3RoDDAtkcsoDjHUMbZOotwqG7NOHSskx0+10KvcYYmNrJIaQaFda2wEUxuliGNz92g6FqP4oZMZQBZxkpxPDgYdYLuH0duracuo87qqjlRGPQapq15Je3yha81nzNRXHTDeNDxWfcXJluZNq0kt+qGDFlSY8n8xUueL9DqKmN1IsXo0X0yoNp38aEiv4BJxrbHkZ8MuGE\/2IEPBTeie7PMbLFS2yJwVIy5h4KShSAWHX8g3+pMhTlu25endl0GCcr5li4yhDfLpQ3S0rInsXaqmpIA6OYG89d6KlcK52aGKa5+qjgFprLpAqwYT5Z65JHNpW+TG9KZbT2vFhcZengw3A92EI\/TcEXiRfmF2ssJ5ysj+mCfUOmyip94PexKb+mHdBLChKLXIrLeY1uTln0pTICSsA32Tt+soXhVUyCfGQOxc2GxwvPc6T20BN51nQPn600Q5UViN3viKdCuJEUlNLh+yWrsxCBLb17rH5uegaqgsAUwjH1c2UBlUjKpOyFZ+vURC9HPm3ZN\/AmFoBypd++hTChaH8TxLeog0xRzbwHCm0PbKFRbASn2bhiLaCoa2lU2VL20lJE+ax9ltZKxjkLaHbInU1egJzE5Ozq274xYL+oZA2MHpO\/SvXg5YcqmFZBb7QU7uJnGtoC6VyfqEMbfITMloZv6UlVclDscyjvESn6K4S5HE2T1Di30EscldcqKgvxZsNQVrOrtKLdcYnpHdO2rWcwupv3J3uhq2VmkdCL9eV1aP+\/omm+CRR4vmacmNO+0VUXWSYWY1o0ANvSXclIcPCmXoAeFks9hejblFemNUPDYGzI5F7uu7XOa7qRlrb4VRHYDm+IGHatsOChH\/ovC2i1ER0eU\/ZmnhnIkZU97Pyha243JnjMkAwY9QrCN0+FUsuH91rZG9m+lGHaPJ\/jVLdm2lAyDFa+zibx5uvSnW8CxhmkBIgZ+LcWtx9SaKCxT1Vc9Xf2EVqaZNITbzO2oIGdrJDJ4HVczVgPNlPqogSnBzFP5Ik8qoDJ7h6Q4BUKLPyjQd\/ev7WJ1EEQcjfoVc2KFDAa9tCVQaFSH39b"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421260215429,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPkBAAH4R0KWokEAFJS\/a4OmzAbsFTgQMzv8AAB0Ij53aBXaFj90AAEU0SLKO1gj8GM\/7BPKLNut3gQPWBzQn5YjeWsRqAQjUyhVmdT7iLh+mIwvgIVvzUOLJxhHjuQctv0LRX631bbBEMMF3pBOdFjFZQIZkKsJpfaTuV+rwxUnU2bHKeVloIebl9Hd03S1kOttznSJAQXPQYVQdCo2nGLaWCR4YNzOkZh4A+Iglp3ynlFiH1Kgq3ax2c8pTIXpNl9L3OjDkEQQYoqa4BnvX26mCDoVc1q85ueAmXRWZdEScZQq5AdybLm23nnSrRgIVtgrwmK88QIPr5bJG3kChUFNEb6Qj326VwodIu2nJl3TnhY2xrD54TcIiyK8M1mjcjF66nfwNKkEIT6E\/SESFufOVlvOb\/aB7WAdl9ft+Mim9U4BlJLbA1M2hEMXyNr\/s6u+cjHBsYueURjL6cyap74D70FwK4fSE9fk3xYY2MNPKF\/BAL97jnAn1k6A2tqzJHsZwSzyyXpoLuyctUW\/+nvBXA28d0MohSUQ+k04\/p827rPYEI2AWonQSMbQCAz0aXMWa9QgMEzO1kdWGqTKHT6GRgMR41luSMkba7gddevQoGSDn8n\/q9o1I96kD59QkNrWXvBgRpPjPEDuAZN3lTvhkhI1wkMsnQCh+3FDr1mc7ThSOHVDvrHj1Lm33pCihRhcviFSvDh9KDt2ldWi8CRH3IP27mXAgwEWN7MW58CZ7xIfXHX426siygUSb80QcGh0MbC2cqC6NdXb7jwDX+dBo9j\/62Zx0AC29OcRJNYu2PToqGFzb0MsLqQh6dq9QT4wGAMMKTUCoC77oTHhUvrLWjGCXOjuULsdJuEozP8mmiwHfyW6om2UpbFP3XUkziu\/vMyloESiBOvaG1xmOFxFd2n7o08eusUshscLGHeSq3kK1TNkYBgJH7lGzZYlF3A1w0YXAbAoRDewGZBRGgAycWnJxG9uq\/6QiUS5MkDVeUWNCVal9TwMX5\/i+60rZCuCCsNfpwFYF65Kddt1lyUiJ3yQQ3yrEC81\/+AlvSh0nVJu7TD4+IV4yfqhOezTjS\/jq7q0STXO9D1O5OiHCPhH1vWKx7PnZg2bufgr0umZWt9\/ulektccxj\/7G2bU+FhscpVONsqMMSe8nszXl1RfQbopA6Lr2XL+yzBEuqedNG\/oarLdzVzfbciDEAHhtO2umw8IL7MpmOpbUsppzeNfDP5NjrfxdP3ZZ6+53+pyzcLVc1IIupv0HiBGLs39L3xCnLaO9KJhlGu4\/NgXTntIMz6nwsIjU3XYs9p681vW714W+A\/9BGND8qAN+OH91XxSG84vJV\/6Q94Q6u6XMjJ1a8fRCqQvwG6Y6QlpageJG0MkaaEcPNuZR6lcsvvgXozmz12VWNDD7XlkC9RlIetaFOlO+wCjrAWaaad7F01KTsrONi0Minvqx6ZjHIYa4CdvnQmfIFPvRG2dbtVMue5p2IpRYRTQ00H124FWSAbpmFufFkxzz3roNFvZ8L48qlRvbqfoHbzlo+diCyOjTzCaiLy3wgom7EMWMSpa1wNanraUOP0Cgafhkkk58UkpZ84qvXH6P3NJfusjarmU4bkoENsKKZG84yQKYpg9lzqxivHXVnRw8D\/wblKD0B6HjUVdnwNG6dMjeNePdobGQc+ezoD\/iBkZC2nsQG9kk\/83\/KYDIo1frQ9PGAUp9fb1fO3JXbQdb7gxYJ59BL9yWuwgkXl0w63hIxIfYXlPi6Ly8hrunM3g6mrjaqyyX2Rcbv6s+jqMK\/tNm146acDlsVlCvaDwMeJ0jY3HGC1re9"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421260513424,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPk5AAH4R0JeokEAFJS\/a4OmzAbsFTtDzzv8AAB0Ij53aBXaFj90AAEU0pVcIObrUqLyarXAGM4rQnKh+52v7aXQUj4GvYb\/wSM3mSBNf9xPhl9FK4ipC+fhOPIGStb9x1zMsHAo+73hJqwqHkOJ6bvqIt\/sGsmK\/ofAbwetCqPp3T3jPrhZY2wETFAN+9XScTYEDqUnrkDVy0GQ9sV5jSug2PtRHEWT8gywc4K+57NH6Ash2BqW8UNx67owC0vArWq8CvngpIrDNQreXdzSYn4wwYJX2miwA\/wEl0gm+SuEtBprHj2uZlu8koRLbrv1VGIheOQE0Nsbta5SQsxKKjZN97iHSxerp4BcNtjqivy7Li78i5gH\/2pVLdrR0qv8negi\/kKSblvjfoEPy4ijg9\/u4RIwFeksyqF89on0NdQuL2+Gj5diZo+zdIi+Q5e5It+HBsRtpXguuRB6SEpGadVpkaDn0YwXpYgs1txuTawl7yQ4ZuSlTzVEDd7qtQzM6lSpvLx3uSWpFvM3GAUysnOzVg41krR4Ulkj+VTnN5KAol+nOz6IUyDJ\/IkiNKdoNBVXk9AvQ0S1r+og06pTejXAB5wfjkpZVXgsRY+N\/xjKDMGEVHELh5Epoie736CGpcBsBBIKZcR8DMnHyPpGJLzAlOtKDi7\/Gt1\/jx+MHSSEKCZ4TotHxg\/Xf1RgIKf3lQnbUe3aB\/BOL3vek35mgVs7wyrmKZQpuJFMrj\/LPS2T3Q6UihyVSZ+cz9VtJhU0kIVXZbg7MeMCnqgv\/yNMDFFdkvKL7oO\/uUcUXQlY5VoYeeWgNSKc3XjyJMIAV+31aTEM5FsgjpZRp0sNQm59Xb20piAIn8k+RicW\/PxKQpSBnnGgYgJK8jaPlnBgEXw4IIpTVsui1MIn1bGpT5SlOh5TYtcpeX7Eq2Gn++tj8GvDhyQ4KPUI1FbbJ0NbqPqngUTYVzF2pjPV2RsKl8tMqOs19XG5pvHEWTNic8cZYT8FgNSHC44qfM5PGUK0zq0\/PiawZaqUQYRh2PCe37WABPV97AV1GUOIJPd1hL9x+acIY52OdywDA\/3ZRhz5AH3VOtXi6eFcGzu2Z1on4V\/38mIWBpYZnh4O771WNLcVabHuK1h65ee736lPwAH1pmFpETlxU2aR14ZxWeG\/L1t\/uMh1SsDCguq7KQ7kO6W6v78BBvY3UFcMUOQm3Y79YpovoK3RKpLlQwqcGToRvTj9HWy45cQaegkrn6dkZvlPtVXm4u0bH0vMFgb+e9S\/Eo9e7MRlTrDXo2UnQkJhJrgWtcgvYsSe2mckaREDq5dc\/ejmdjc6w7425wByLtdYkeZKJsBJlRzzSwJcvg13az06KgVs\/MgeRqXRnkapWJu4JtcC0OoEfpVDvdMByMpq6F01Orvj99pih8TBfE5K9cwc7o7eRFGa\/vbR8mRB4vs\/zIS2xlYSXBpmrEq\/STtlWQ3MwDGTQBh6b1fNakGwhN+beHXCdenc2JEHwzcegc84ZFNYAaFHvYtEA5j\/sdHZ5R7zQpmw8s757IIPaEVgddHeol88L1qAA1ESXtRCjHYy+RZMYFJvwihgljin3jiK2udMMWEQO4P1W\/JF0TJv+oob679cUTxkmK0rhv5xSAjzbEBoPpZkQFmxUaC6gROBGQvRXx3h\/KdYcwayetIOWHEWFh0VV8+Wh3MzCdnjJMXP+plFSgGMbc+RC\/vLnsb2eKO8LMYQ0pI9YKYByfpqJs3guXOtrpg3uzEalWzsyVUl9MKGOQYcVvIVpCkpNZnvU\/i5cNJONYeYNbIy\/q5jUt2zwSPACITT+6UtXWpul6XNl"} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260513424,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421316093776,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQV5AAH4RSIeokEAF8YqThcdtAbsFTsw1yP8AAB0Id4dqLmNRgiwAAEU0wtYlbbuFGBXp2MCVE6We3QfitRrLbfHeFapauAVaYK5AL9PTMbG\/nZBDDFATIm20jlpnFDBXnrozoSQkKhZiwvFuA+YJAKUvqg2QPKM3oU8xpfKkT2AQR0J9DkN5tfQ0NXF6X7eJrYc4ofmRw8O4fWLwYHZ3YywSIJBBxpk3DxsC2udaDZJvqGhhrqx5lxHNdgWl7nWJub5bWqgA7RiFwSfPMI\/5kRug+dhYRp7DC3Ee8zC6gPghQE+QP0amaa1arTeTP0yuasl+WnsmI9atR02R+W1DzVE2\/wBMK8xOVHY9tqlEVzRvN\/FEe84ZW3K+FiAVxrMfFrQuHuvcnbcHTHBnMHQYqazejyT6z7dujWBncKjH6yckijpEXWZXNsAuDtLV5T3g2q3nsAzYqPmxjAwq2L9jEUkACO\/glUxPaUIbzRZMAWrn1JnfawlUtFWDoUkmp2jeSdN3M4DOV4Btcfl6JE0S5mBMR+cTfbMcWTfdpp7BQFYSHPJCCmfpgjfpU+1qBx\/swhbFbhxpxlnelvZfSKLGYtrKIMbdO3dvXbJ\/svUATGYLFdU0QPDusq4rUjjYNOu89YeAlu27MHBziCZnV7KQ\/7CZZ62vBer12fSYwgYC9kFuhA1vCwIWWEI0nqiCF8WEuILGWjP7tGrAuxfQQVo5hc9wDgMsePag6LNkwHcnSN4R4KOS1V6VWYmSISoheOtUuN0\/+N31BX\/BBdcE+K\/zMLfLAbEeSVyqVT8J149AtoSXuMJboIYDsPyuNx1sUrvqH1bQF\/7OvXtx\/cdwuq0y9FpLI4rLUI2maANSTyvT2wXdthl04Z\/YTlfhB2d0v18nfSnZ0lHIWro94Qz9tRk3pZNg\/6bOm24Nb0c7krS9oaKWYD\/nW26GWKUOS\/YmbucW\/B1591GDEr7Vz9Medns2YxuZHMa760vt8vLL\/edsarlqSTG7iC2dyVOn2D7FBqAY9O0XPf2C6QywOMobFqtrNOS8\/ww+Ef0n0CBYfsd8N\/A33enCbf65kj2J8cjGSNsKKNBj4tAphcU4pREZZB+O3\/Ly1nrLSiPKqvrwDlraB5bWLyenPZKnd0anwZjJixIGkNqzXa4ISQSJFmR1apCq9LxUfCQKJSnoHJi7zWpvIrTdh+1E4LBshyGiVHdr861ZeGlKojdwmnjQq4UIgYBm588gXH6fnrUcTY6x5R5SkG6ySP3+9FKCni2sN+s4jOB1WugJuAizD3hNzwNrPVPmY7ea2u9AgEEAbZ5tqDi\/qty5LhlhUJfgz0tpuOOG5sjNxDfBKwkmMXzbB0UWP\/ZOymvNdRvIO7mkPx8fUewze1kB2XBKTZu\/jjeqOfyykDMv2U5d4ECIcR1ME5SBUPF+cG4JDZip3X9Ncjk8ohwZ9STseLqJ9OTjbovHrwRkTp9ZFiBkXSVMJZ28qvMwt56L7k\/AJJHbrnWAxnK7I23CERceW6rAMx3gAvjR7jpii0Z6y9ut3843URcFEKSmPwW484nhFdNDcZj2opvoj2jz3w5PYglOwvrlo53izXLdla3jEPq0EWSsFCgjfCn1Hu\/0iFm0F9A\/NJaZOLHbBv95sOyVAyhhTp9ia8OHAoDyKO3fdAgduAMCr8e4e6A6OeMRMM9uZdO8nPHniB7\/fRhFarX8\/hBQLOvGYNTxmX4mUBEYAvdX9oiTEGFxFQYms4wxcWEcL4GBZVSteaongl\/UtzVPYTVaH6Ywp9r8fQxMP+pvN9mS74aDwI6voKY5QYc+FIAxKgJlDQtsiDCfBJp7"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1621421316389570,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421316389570,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQWNAAH4RSIKokEAF8YqThcdtAbsFToluw\/8AAB0Id4dqLmNRgiwAAEU0su8kgEC6CAiECyO1DkLdw6Gs9g5xqr46q4bXQKhwHnhSO1cvEZxiK8zZ0UUvMHGZI9iz4bjhoHMMbIOMlQjzD7lXKLskiaS9BH5d+nSpKWAlTk\/VzCyrJIDUEaoJEECyuW3tKvwl9spRker8xQmMYntXENQ02IwoiaKvWtw+SOjVwVA8eWlOm9NAMebNzUMZPYZs73GU1OPqu9byjmqUVZ3gNjVQQ\/nOwz51imkNuYu+w7\/8LyJUGaPm5Fwuk3Bsj2YKxipADsvK8J6MTwckTe0mCX\/jSQ76gOCjnkz8hrVtk4EjqvRSRrrQmlglk\/VPrf\/qKvU58cAcB2xVriX4o5h7C5eOAMRU3+HqrLXNHljg7aEauwVEO8m3ekwDO3icqHHRs7WM+ylBxpldD58pCtxwZ0ij9QfdRWH5ZxqEDPqJoHBdj95wIyZ4ORnYdmNnyGHi8MllAUcQIs8tjWMWB3yoe5EdClD6nZBCG59SvjdsYcNJAVVbBE80ehJfa\/upspBC4CISksJmbwdDStCmaDAP9wtOaXIqg9O5ZkIDmdoOOPEfmjm9K4dOQ6LB36bvZXw3SHE4hzY8DBpxFYHrnweWWjg3jzTy7z1UBgCcL5L8M3V1G4k+M8cjEG+qLyzWt+I0t9W8p+QppsTxLemIrKhRlTLQxRaQrn45B1vfZAeZl22mIthc1844odpSJYhOqC6tqIizeYmhjyC8Xc50S3AW5Mvlz9zSASlezjlHYB6l0h4HiECb78KTFOP0RzpXeC761f6XbR3TSUj2Kd6CiigfBxHImCUWBJeYhQ63K13s3Mm3\/yXQW+jtNDe40QrWm9YjjkoIVMSIWB0+IuXcOTK5iuV5r2NouN\/mq7KvUEJUIOslfnalmFaf7ZfIdPjgyQVz9FrKHnQkvaAtpM4SfwUn5akQL58gGN5ju0ezdhVBAUVoBrH7IQl1dE5m2gKH\/nc0+RTVVCbReUNeb\/d89W9jKsi0qHAjg830USO454jnFfGNPY396nJq\/esXpli7iKbr\/IAN7feLYAiWUNShRLTeLj0DM+fUbWyB7fiC2WAV\/4DdYTKVEz03e+e0crF+jhU0\/1fTcsMLkra8V1CBeXadKcji8HnzmIEixBMdXwKZYUWkoYB+sbVXni\/V+D++lf65eXUFF31BC5lP3qxi9ycB00LRdjtUjOItXt+m1hKug2VkfXSqpqc3\/GtG5atDCNyPml8KVYSebQNsNdtmEfNkMvyIkKWIyHjBBCaaBUw85r3hizTmBO4zshJ54arJGmqYVjcViNP8016YDZ66VoiHKaJw\/kSImQpkWf0lmgqvatzHhJ\/LfjV6hqNjydlZCW3sLZFOzRqsHvU5fI\/FmsYH8YkApnb+m45Kx2rJzSfYc+L2hlvF4a7+7fNL+7iaVFfd\/CRuXc9u272HHy40jLVNdRPqq4VV3rne\/q0H\/V1m8ntT3AELDOezhMgwVdok3Al1xhogWoqppG21ACx3PuonkAEFwkyjAL9ONzWF8DLDGXAOEdTah38TMQ2tg2FGelPV6Zo48hsuS172HDmBfJNthoNpqM6oYASTG\/RxdJdiw6zTrPbRM1ewux4TQduH6K6D3mWsV29BQOTHS0XXpDSszpB0pT5xkizyunUsTMnSmkyD6zVNXzQ5EMXzILn\/+7F\/G\/+5jctdI6\/dPPPLJpa6WPKzVPzwwzbjqGjx703Yxr\/kJULthDE\/zZhbousd0J3udWSBLz+4ztsXYH8xhH3IUM9oirjdGfttWqzyUvhSRYzH"} 01051{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 01072{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01056{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} -00884{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1621425498439786} +00884{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1621425498439786} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425498439786,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} @@ -49,29 +49,29 @@ 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425516873917,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"} -01397{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","domainame":"clients4.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} -00884{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1621431299729996} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","domainame":"clients4.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +00884{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":53,"global_ts_usec":1621431299729996} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431299729996,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"} -01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431301735068,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJlAAH4RYWOokEAFgPgYAdC3AbsFTjagy\/8AAB0I1Sc982lv31UAAEU0GEDsnXM1346f3LKi+0ayIgknr4Rq\/qs0KnGSjmOfgKkNQLp8xEER9Qne8K9Dj4EYthFazH8nwogOlBFgQV5y3Fel1wV8LOfanwEdPEJ1ZJp+4xJmJEH3ze6GZ4lwHZsbcqCDQrzxSxyr8toIULGu2G\/50l56HzZwoikffxbY+R49tRZw4KX0e9zURynZK56t+njmlBuQWU+smCZVyJ9ypPFqKVXN7S\/8ucoFZ1YyJMN\/N8kqlm3ji7IGbOPNlw7irQvJ6BBxEwQlUJMHY0WKWUxD0Eb1MsXzLo9XO22gWFU3joZpaiSrB\/RDWZ1rp1Hfn0Ci0a8\/o47LT17Bf3EWgNA6oe86KkT1J6TFj5TGCEop\/KtIZTLdJ31PosLBOaXCkGm7G3FNW0bcjpPN+DwH3F\/o5LJ+Jg6E3+JR3af\/NqmM5lUPNhBagosvNZLci5aDdihLZLOTUxbxzA1HCgT\/ERn0TtIo+cvYtDBmA42xHr7Zw91voifBIp9+1r9Wgz2+fhJw6YMkrw\/R0ppcnpZJDX0HcDeOv1QITYaPEMCvPZWtVD56xX\/nIyNhER8spzpXJhfyZ7CLt2MQTJZYrSynYdh2Qhg0W\/Nnv+YnvHUimL5v9ucOAhisPrHZU6G8ccZVN9RPBkZp7we5VOgt\/sHvnaKFG385oGUa113YRpL+yC9+apyL7k0Lf9A9mH6jbSNwop0gbOz\/dSwao004T49FUKY+MYQSd1ZqRfOYZDWWvt4Z1+VpWWL9e3bLpDjurtDY1UVq7\/zyqXdPda+dj4dfpiumFbn95kie6gTbq0Ka77SOEVLy4F0R2VJz0mF6y8BHF7y+\/LWrLPikezYLBu3wp4yKo5ZMD+1RhjR0eYSiFStCQDoyh1ZzHLZrZgvvFV+EGsEUegku5d6U\/1xaEg70OUXkUj8MuVqNGP\/DVAWz6hGuIclLJHMXkZa1w4sqgXxuwiLhqmwpSjmxq15zo0Z6Ez9\/3O8teBesxAzKjLPt8Sjolvyd5nkwqOheF9hPlho5\/02ZAOHIA3HyHiqD0gFnqO5U5vPI269ren0HJGp9Y0aGm+Qy9oejwYJQfgaxeUOqcA7NVscX+RDbbgM1ZMcwzqUnM9YjlXsn6y6NTYw1rNff1zxlhQ08vVArWM2OumIoI++kTKQEg4JkAXQ3sxDPGAMMWQm14xHh1lESh4xPo3UHq2rynANu5+mkgpLsBsJIGzZOygMCZkmyp2fh7iY52BUb4Nx03epPzl6T\/HG2GNWULvucC8GPWEvPtkSLn35wNxlzF8NXX5lfbR6AqMs5QTbFYMg5BCH46iFuJgeJdSeBSv2NIL6sAH5f5tl5FrSe6SEykjojnE+KA8Pu32tMRLNHQvsRLkoRsuGCZmn0vJNgxR0Qj2ZnmdeI9WNinCOb\/TQqf05ttvs0B8SkG2JbukXe8IPAXK8CE2z3vwPoWYB2uzq10A+1l82xFsU23TRP69q5AjAR5gcBo2onzoy0h+\/Fh3MjRkS2rWgW2gbyo49\/6o+6I9tCoTl8e+t8H5Hr7OKKf7UKw0\/fDzsw6vvWL7Z180IeAQRORtYOnhVfjSCcEhIA8M4QlGvZG+XDbkn0clOXH6LrYUiHVBMh0b7ARqcsGvnK0HqjBlCVzGLKSDZa9icKkesJuZEIs2gxlcPU4atpOweh\/JejTvw0JRDflvusFCZ8LggbOTt4dNGmwJ7Mbm0OCxLaIc0U9h9Ubab5kq6QWk6OCd0h\/j2UBY7LZFZszsTdUnL22e1bgg4XWpAYp7qn"} -01398{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431301808564,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJpAAH4RYWKokEAFgPgYAdC3AbsFTrrvzP8AAB0I1Sc982lv31UAAEU0zeT7R306i0MUyYVVPZIk\/KZWGL6jbpzbn0wPmz3fvD9vdn3cNYtKf4Qtet1U\/nGKiDokhhMmX3\/BVLzQQyqFmb\/M8TdFlsBDC0dAZ5ykvarKqbUTSTgiy95Q6LfVZMqkeHJMsDpJptTPVl7gjw06GKLx5TW5G91hLE1FqeLb\/dNBqxaEBgwW7oSUsitPRczOioi+LEcRagKP4t5qnZ8aDmpfz8FLrvCECdKPswENLWuAf9Vmj\/tnC4GhgFxsu0TzsfmUVaQeeSZw9PR7DmOen7ZDKqiRf3DrGbxH8xiO73GPBoBDQjgENrZosMzfCGZE\/MTUgNw05SO8IzaGjJfPHze+4QhEnPM020WOHSfwtq28RMPlwJJF02yo3wlT\/NJAKohp0A5KX75ENMuJSkJLQaSqe0zoJ0tVJo5191cibx8Sz62pctFEM4BebxdU+RpZo0LdowaXCq1sachUxpRRHMdssDm0qblyaHts6qPgulEBH7aEgucpskAryrCvygwocC7svHgVLBmM\/+xK0IluLWY+kqgiVSTrV8WnG+1L5QgeJxSFASdp6Ns0TgD8Il7BJ8o5ajit3BypcmDF3DPrrI+Qx7QiBRmTSSPFFvm0GF3n7i0EkY2Hm8DzbT3wnL2YHAkVv9zggjYvZo1n1LI739jXkeIRrfAzGVeEvRFZmvKb1OdgKztEkV0hoFvvBdOHeKuCUUz4hKnv2+\/lYocOo+kRXiezYBrj7PqFapYBg0p2eH\/igSHIYxfLy7ikKIGXi4rRNmWXUqjcq4WUp8XDBW4tb+Z90I\/+mhDOTUok1Nigx2G\/7KbfM22h\/apHLFvkn9EIt06RDs3B76xXAur0AM2Ip6AMuYDnxYolFxG2K3ctE2xC1DRz7n0lKt3HhiR\/P5zOKCm0DfhmASldwBhjifKegO2oN9vU7M0DdrAxP\/JNcYjpWs+ie2MFdu2lsdJOex3XTLsfX1fJC8LBGXc1sOTG8uWnisGATLFKyNfzBcvv5C\/U2hjtcTGAngc3itVAnAbl+4hQ9s3hUMWsUk8+RJ0zRwPQbX2nZmyIhql2s6FpohxHCq5UoWxXh22BLb0zwRAvo6A759ODMT15ISyiIq\/u6XtqcB6tFsY4SDCIUFZLCzn8LY8hNbxKnIvT+kZgjTz2dylh0rVAxuhuUhpxNkpru0GmszDQWJ+1v76Pi\/R7HWIGyiEs+YivcWX8jXFsjBB8QfSitgQCCwYnJt4tNaulx0t7\/KVoJPhMWx2cAxrfacv8GgasdSu65cuLmWAlMC9W3slT8e4g0\/tto\/lATo46xcKpYU+fjCGriKRqNQMloM3kkzYIDJ3SwWWEk\/P3rFXpQXMr\/b1crw62J6Glt4mO9QzYLHGzgKwu\/euJxbE+eJO1ae7IMc4NRHHR85ltAKeR8XgoQo5N68sqCn2+MBEpQtbXHWnBMQz2HW6tkMHrohxRM8\/o23cHXLk1EsRmSry6aPgKepAtHk5rhQZjUer1NzID\/c8S0mu1iEEhSc4CLtwDa95xWQxcI5HMEDAcxxwRU\/MIaLOsI\/5mt+17GR+up2thq6thFHPVXAw+joWJg2Ed0ILpT3Tut1YgVVqZwcLTcnwOfBYMiG85DaaijQFB0dttNIqmW221\/RwD0coicDTwZyNZ\/VM3mnoVjqC6Lpsnt0MQaGsPhgoIU69TDIf9rzi7vHvOjiyWK40BX3xDHBVCSUpf7QS+RYWcOrXrADOELfOVIriZ9QMjQ4fxzn65DpF0UVgcyVId7aKLIvC4Qfz3"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431305591580,"pkt":"AAAAAAAAAAEATej1CABFAAViY2BAAH4RsyKokEAFedF+ocUyAbsFTqiTwf8AAB0IW3iwt+y2cooAAEU0BEmji8W\/r6QQo738TO7y5dSuNAh8prkXOpfADst+Jc9Q9tTb4UI0vRbpsBAc\/wRyLzFYUecQ317zmJMLzTZl8Jd3ZiRr7yYjKX37LDNWlAoicKC4oliOH\/Fml25DnlNIMC5nvpDkdC5bMRw90FXK08RrmaBrmDz8JlipdUNPgq6+Ks9KDpvkjFtGyj5dpZ3gMuMYJ\/WogIBs3JzPpqngAdy\/QWH\/r\/vNVwYPPIH7tiEsC65BQyTkA7HqsyJkff7L\/WpxQokdQkBU8i8+seczGsyXRW\/ZJe3L2iHzkGEklOIcNZo10nU0am\/+mFv9bszZ1gDimSJ88GZcWsSJNfq+Q47ZVtA8nRSUIxcfLFnXeJPf6PU\/rb3+S0qU3oZcpaHV6agh8jvjdO0w\/VOq8qxpuNAX4LkLt40P2U151YrBr5x\/OeUgR+Z6s3QT73\/HzfP90bJE2S0skEBr+RDQY13GKYZklk5d8PV2Kpo38KXeuKakskZ5wi2woJvrGxrjC6dy\/btETblhn8osDCW539k50fXlOVrNB4tYZhdBrjJHSlXfbwhprDerXi32Hb5v8GxP+TWGbi0qBKv5xhEw3E7lsExoF4hu7AxtupA6MXdD\/\/f6nsoiLIb502HAdNTho568FOnbHatxotovMfok8tB77tKCpaP0enN8SDSqa1eXr3phlwvrsB1N8IyoHeHhPDB3mlqSTzZyp2hhDwIOLk5l9eNXb4xHGzjApfQLHaY0en\/gogDLaQeVjuQnQc70f+A2ywlWAXdLkP2C9LVdtL1r7vtwucagunaQbNYFe4w7n642v6LRQNiKSvAkNFxBJOicXbTdkburmROhEgL56f1Q93ZrU9KAY9ux7cXUbSz2tjxs8Qa6wJIeIr1x2JPW2pY3ylGZZDYZAu7yqS63SBDTa0WDJ2YdAWunIZm+DAVfhjaZtAj4eI4w6uPQAjhrCoPjKrLErXzuqx7sXAJFQxO2A4zcoit4huJuMpqzdY1UgUeAgie\/SSepMph5oCom4eMvOEKwkc5QonRZdyIpiAxa3aAdkn30E8RE6dtdPGch4nRH6Z6peyUQ\/xzAePd1pt+2lyuSFBwrXLkpjjk2T63ijkoMVykG1jIHqTL6VbWyhP4hLLhnznJc2v\/BPjkdBh0PPpuMO1BZZkopd7nuoNr7BIQeDS6PbzpyxT4WKDIasLmDyHw\/yGw\/r8T2HaOKcScYHVbxhlOhwg6vkVvTNtbDIUTpL+GcmTWQxz0+awTxBntBHWW2XF+QqtpquB3MGHkRjBzMGrwtChsrY5glPcwPNrPPPLFMguiPMSM5jSzWBWTIU1NciHn8dCkbmPwG75IN6zA3mioUEB3Ek98007I\/5so2LorUnz3QUpb09VXFeljvTD2\/ONwYANmDdDPP3pM62BtSycqNiX2CbGC5Vyjl2JuRWiIOpVgN4mTK6bkJK0Yc2Tt\/hfALU39E0hCz98Xsbk9g25C347kmDI+6o5J5KOTGciKIBmxTx0XS39uDAuhpOwuMMZXpcx4Vf04JfLuiNBot7rciv\/jQgEJAvfOFnFnTy\/cjvf8Z72bMe3Clm4eVyPKPxVWWCFWN4MZIPXhStwfxp7L9YCMfW5\/oi9I+Q5eaFQyvJaVOOHoLaBbG2DcrLP0Wl9HuaY\/B4CRtnuzBzHGKGio7n5DsFpRrH7tc6ky4QWHp5YEC+gVU3FroThHyBQkDCWRmOzPOImY6RD6ATpJNX1fGD3U1V12VcoYmjJM+eh+pvzZzfI2d57bkQ+g\/9Ch7"} -01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431307075029,"pkt":"AAAAAAAAAAEA00bUCABFAAVijzpAAH4RCgqokEAFnpLXHvS8AbsFTmfYwf8AAB0IMX0JnIww67UAAEU0WXLvZGE+Afr+idrQ20zR+TEoH4qe7FkehtVpAee47RFYupCIo0eg\/DcR8TUJutvknKHjy6Va8WSvM1EWCYimGhVvNrQ+Fp0wmM+yyFY35rO08kD00xrPXP1H4Fk1Ofd1UfnQJk89eBBrRrAgNIIZzsqrTA2YPMgSp4UwmAVHJRtVJBMno66qsQpB5MQvisi+MDZENkGh9aq9g0sgJGWK095wFoEHqSie1cZEJH0NF7S9OLvFWBFqkCvegn2Nbgv1X3v0U4FwZWypfbJWLFwEnbR3285EnVWxHk\/SMMkHZmF0On1dQwUg3Qj0eZgGpqJ+FXEKe4uYJaEDgW57O4nU+0rSjJ3XzXQlfhw\/N4zTyFc0pjNRVcZvLiMXSfY4zYW3s6AIQlPy9VOM0+Sd2IN1gmmyrlJylMJVvj5QnrEWhimJh+zZEQruzz2mkSk8RFBjfgmsnANxoo9pkoo1TS97QkqmEvwlZfg6yosepp9RK65\/6peOS8TJ315KsHvbCu5MVzH5I4uEAg3ATybL0\/q2fjNpY\/e5kXcbiGD0xrzms9EN4h9y46YS0qZtRxTb54e2+c\/tkGE9oXd6ejJH7up2JrHyebJzWgY7y1\/4vmipy3uHgTNouauHpshSLQuocj\/IVA+m8M+S\/vIZxEEN5HxEShVKdzz3MydKf3IeaXIEkOogNU0EAfQF+FNMB1pAv4kA3D\/lhiw4mNTz7Pn2czcGqAoVM9Tb+FIl0v4naUGL2XsyFHEd0pdrvK0kyagKybt4WV5sy5dTFsU8oIYAkaDi0C0uvM\/hkA5rmYfgUGBRK7JNxcGRlB1h0fO7BcK++y+yfMx3k+B1cK7ObenTJrzFdENU9FiKc1npqAEG6qvPQ0489f2iKZpGKUe0BeleNnG8VKEEH4oM7w1ZPNdb6xC7Ch9EIMjjHN\/cAXUVd2BiR8doMWSeLNhCQrg5YRmEpmom8\/\/QGV8iDszvv8hWt\/MyXIyygAe9+QVeN26ZFXxatsAZKhRgqeS9+v7iRbNhTv\/yp28d0NIRzYLEysp\/VKAJSY\/PxvxR6eYrq0gk8M6gyt\/4BK1ZsK1h+llwW9nD\/t+dSlwau5F0J9hNHyoTUxT3\/2rWXx1WBqmNf7tT6HVASdYqI51YLphC\/t4BsXjG1U2fCZdns7t3a7Bu9FrBapBq8ozxlEwnaYBf9iuXer9XDB+ZQgwar2qMLM45G4ilP6GA0RkrpFDMK\/tSM78ey1CFRzLoD7+UjYyTIDcNhz56WZW\/cCCxyuopmvh2HuMiOaBDLX0ZH5LorqUuKLVpyJEcSbWHqdDvEIC2OQcfgQk4oVo+j3e1KvcgwqJTHG1uKoIKEu0XzvPdTW0gMnxGMRrPwDFCo77mU+Wk7zWBWHmjHLet1\/dYxkU8+0PHq4hWTvyi2WvPZLluvohq\/uVh5PNNj2h1VQCyJSuGN4gUneosa8Kp16gjYZ9wlLexOQBxfrtdOZHNANUy9BWZE48pGmjMCVwkfj5AoR+lwxIH1PbYVdSg1W6n2FrEJeYRs9EjR5zk5Ib8sLvbIBr0bkcLFp09zWWWvyzA5kGStYwmIoFVfVK1M8DAb6EOkQ\/RECglK66h9GO4PSBtbey5+Whbs8ZQwqwshqhdGjb\/1OCebCFnJxT4b25yYHn79Vu70lJgCSdcmKtbvBQodyXcJt1eGqpdLpKIO+Eplu9mc1YnLPgFA\/NdEhN2SwFoPGLdsaCDBDsYWHvxDTBH03HR3HVl7PSSq9lVQAnF9xjB0hUGCVyMcbzWm4Fj"} -01422{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431309055814,"pkt":"AAAAAAAAAAEAS1QMCABFAAViW5hAAH4RACCokEAFCUGp\/PagAbsFTk75zP8AAB0IoJxBQBoX7TgAAEU0UJzG+bCyeSlhjmh9OGyP80hWwr1IV5nm+47YLijEK3KQr7gE9aToyGrLFbSZbr\/ot\/\/NhrLMkx5w9hUXpB6saN0FW9GivaLO3QW6nH3CEbSTx0vN4IWlz\/JYiJgSRdKp5yiIMpfFGjzOrzdapK0tDb+uDfZlGSI6b4fOTqadVuIZa7Vvz80YKtnFc+CKsIoEHyG+RVKlu8E7nUsvdaU1zjAfOXguC2O447Mq4l4iIuNZPa3X4qwTb1oBJViD2q6N5mxCHocUwd5IC1Czt\/KzM8ZvYZiaIu37vHuF4pEg0uyFIwWyEK0I3dICXfUy0FAthUUXOSQ\/qAjh83pIDqDmLm2oIH2HOI5yuYZbg4RhR2LcjLBI6jzxoT8wFqrBDURuZdJcnHFDl0KIt+h53s1VG0ioJi9EFRahccLL15Ih+xhJfJizq7Pj4ctwKdbyHsA9jLbn7BGdV2gCwR8YorYeGvatXhw3zhkfV39Cwpeuujb2aCauSV78zlMabBFL4I8dN4braPEQxADv6t882wA3cfqZmbZ60uGkg8o\/gGbldbBIsa\/FRs5yHZAy3QpgKNCZfgBmMgS7eLFSJs6rcXTEaMTPDLwpJJgNTV5uiX2tJSaIJYr3pSISnTR89Gx0X3HmUn\/Ja6T0TIlgJKfs7TsyV3\/O+pj\/KvUyMCLdWAd6hc3OeA+YtszQ9IkT0t3IpA1OTS8L7ZNGDMrpzcZ49\/um9SKUYcvskuDPhaNggUksgvTJNkykAOEaY25imLNje+fio\/CgCrOEzLgy9G+NM0WtOHSe3sLkVdRGEAlB8ruk5vv2PFS6ZLA25T0hhIjNffnQm3+PTFk9kp5zihC0fqEooPgerPJ+8+JYctFK\/gLWRbc6OMvqllIpSOsFv+DIs2hi7N22XRUDShPiuab421vCGIiM7eiQl2FqR1tqIihAoVLym23eHpBpBbJFceMhPtBiXoKcb55LGt9SppKd+KwhSDGVu3bTJZszb6XgDMccDIvwEjkETVY7jOTOHyZT0drrSCyhKYmxWWJw9iI7nyCGfm19D9sxHMXlftbXZVq2QywR0n8Tcly1vSGHvWdt6+A1Ohb0q9GI+TDf1MnPjKVMbc2Kjk4sa1bJ8BlYl2eeag5iJ6VyYM+GwJgezWvXmBp3qA2zBEXJQaqQ9yhweRmQybXzLdvwRU9OJ\/DC+vNSBAa8gMAK9mY5Yzv1YBeC909GfAlJvGCjI8JOls25+LbiBJQ85Ab9s9IytjWrn\/cyj3XQ4p1l6hp+Q080riZKDTXmNwz+ZUmSDeZjTgPQUatAzktduFtFx07hplZWmV+lNMIP2zDrs9dhGgepus2\/ERahVwFr5jRDchF2jCx5cqTiE9CwuAwI4ztSewXM+keDsmAAoGV8qicjKAmokyTujz8Pt0ubuL7Zo3\/+EwH0Fu0yqTI0PlfkDAxftdvubX0DwkPEL1Ys1JczkA5o2okvwzloGIRmG\/5p2ZLhuCcIfTMkB5hPFgkXmWE8bNKCsiCijKcxlJE58T\/Bs7KO99VWovYSh7XujacQIsrOWD4ngpsxQOnWzWHNI6Hz9zoCr3iAZfUtemo08nKkjt3hmmff6D2iPsNJUeEJV+R5NWzGfh4YokledF0c+qgfcyMCt23zpaXdET5Xlf0TYwS3j7a7j5hWdjf+2+Cp25Y643N5nVwFZXgmHCtXCbP\/TIPT+qvhoV6jTaL+\/rIu0EzVrFyk1QmNvT1Yr01Lyy4C0Uugxd3xMMGXt8WcXVXvtz\/2H0LnL9UTOZ0L"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431355629555,"pkt":"AAAAAAAAAAEAaACzCABFAAVipRBAAH4RM2+okEAFZsLPs8kAAbsFTgz5x\/8AAB0Ipr6cuikmNEMAAEU0i0hH+cAdz5ZZK\/xgszII4NJ+Cs\/TRSxsD\/59bGzAHONnn6j+X3amElYhYMo+go49s13dC+nlDHUdymxgbgfhGCJjdyT9TzcGgD1HhFldjuPuqaUqb2U+e5hIm7ZwKR4IiSdw5myr6wLeQGKnRWRznbKdv0\/S8qhtnacEzUWkRbgLNZB6UrIuIb3\/XF61ze+uu1oQFMqs\/98rtD2Gush\/bOd4PCp75DHjTM7vEePRlMktunxdIh3uhOzgWNKSQKJT0NAyTU7NxzeiF3GfRej2\/kZ85CVwTrCrF16rxPwjm9ETk7onwTP2SJN9jSLLXtE8HLoGNVYKwKhEtDy7juZS+ZzakAkwGM40iWULaV8JHp3tnl4HFGHlYIam6j9\/x\/pkFvR97oZ4wzOV8R3kk4Ra7CeuS8G446n4JShwKYpq8P1sEbgLA0Q+fIXUmPEN7zq\/oW\/SjwuvXJSpkHba6nxwXOq9T2kwGi2sisBu9OUPhX+jksGDs7ufRR3uLnbqZloU9ve7ujWkOVy8l0mz6YekjKqsAnkn1AHXrNbiuNq3lfNWMOdFJMSCZVvRNOSxLp0vTEGoqQhPMALOnaZWkaB\/IYt22cFqUAekqyAVUEGfqiGt6h9rCpzV8lGyjNf1CoZnWFNQvZHRcUd0E0mwSijEO\/8qx\/3uH7V1emFiAJLB37Dab2xZnuNuUQ5y+bJoqPPXPlpeEf9N2vgb4V1z5g\/MMBLG41lXjcqJeJWiZvymJ1H3KCTyAX75xQGo9dFLeD8l8p7GaWhBKf6VVbpWbM2nvE4+lRC2IaGF4F5M+5QC4RODSGaHlCcroOJfhkPdPiQrLTk\/7S0AiJhOEEoxKs5rmjMJWHbOhMEmV2Uqjkwlipc94JjyYJ2kxfN3X0UT\/S4dmpbMytDlXm2P3piCB\/MLrm+e9saulhmLDTxI5H7sCO9NK8mugUOQqCu4A60KTwRUiaJW97RDku8KM7tNRUwdkA7m4N6y8rHQhIH4ocpzig55LxPWT5XZqJmtqcBDZzFQl61yCq0MRPJez5meDXJITVqsdC8fAKML2\/9BBA6p2fme6P1rzQPoj+L2OOAcsG1lD15uPkM7J4XMlnbWRKz5t+5U5cCLF\/FyZV6ikFZeMEUbfhZVFVez5O0b7ArQykKFskvw5ow0nPTWFs3RhbSkruVVy+CP7T20ld2Zoo3waO1CAhdyywLs+WjgaBeB6BJYKM6gxS4fW8wzOgcaq4G2GqkD3m4pZqaaELLxGOxDCmCzO0QCG9M6jpfPOKsOfPc5ynpr4aPju6JGtl\/z+IPQNUX6dMyprmtEVvzlezA5hXv1FOS9Bu3pJnoRf0c1aYbjlC2uFltDff+w4\/xv44mcnP49XC51ZyX8YG\/WwlTNT+Q+PSx8mlKvW7CnX5u232hGz8LR+K7zeWVVpOleSv30hmVlH6Y4OuVkNecB2PlodVOjeqdjRSRxqRsLbcqLCC9cOmgjc\/ohryRRJQyMJtXeWbDrdqNKdq1pDxsuJ4wwMBMesHq4H0mEc4PlhC8w6AbhwgQpeeSZn5X2ZrFQy5Ipg3+vRKwYL\/Mi3kjrs2fSPNxarNRLlKyoY7f4hw2NjTzNWp0j2aXeNoKqTjDtXyit70tR4YqLzkn9C0xp0mUo9nxF4EWJdmjCX0ANdhrJMcQX5aRmmU+t3M1w1Bgicj3DEsU\/1FRB7DjmpdgCWCW4r5M6W6LkewBSsNiNSC3DnsTbf6eTU4wOue5\/0G7VJOcj6q0duKzEYYTXcoYAbuKiXnvE4OcU"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01072{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01048{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} @@ -79,16 +79,16 @@ 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431369135186,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+m5AAH4RGJmokEAFcfqJ8\/a7AbsFTuukwf8AAB0IwkoI2nuQHYUAAEU01K7fN93B4MUASGiXGUyARwSY+4aO68HNYjEt7GWPzfJckCAv1T4i5dLLPnKrxPNl7uR\/wsXzoosnnjNfCeM6JnFogGoD8Fd67g3pBz\/4xd9MrHK8spfp0sKR5PgUqqWOgvCutevbQ8qYXNVgijT5\/8AiGcOOHWAx5JOe9WKc+HYLYWnuE5L3HEZQo4nrWEMko3D15BJbkyW22cYvauBzrX7Zq2OYwnKGwfvfdTYQGFwBMKheaRrgDFFEbI95H6nND\/F7o65wah9YFCBHrCZCULES1ZD7GJY\/Bqf\/MjcEld0g3C+HvcIVjENbzsXizvCuDmTJV9YcPMpv9s382puliOWP4gOQWgoAG3Ao6cfEvPQFaiuvHkR1sXIVJDapx4gQAa8qedAjI4Qk9A2tznfUat8eb5YjNDd00djuz1xXJ1+7\/xnEryQeYx5B9q0Yh4cp1f8Mpm8PkVLPsaI5EJD7Bo2TjORoihUYfLnocxxlk+mWTWVOcQW\/cjslUg1\/uOKIPppK9Zo0xPvYv4LI237JcA2TOoJFeS2HbNf22y6wRXsJR7Z1jYbJCoLzvh8chtuZ6AA0Jcfp8DQO6eEIRfW\/h5uscIqr7vrdGBDh5\/zvBHXMvSXwUSNMs9ju24jzW8z9yJsqxVYmitvQJ7dOrLH\/K5mn71oTWSfLy9yPsyJGefj4rQHs6usmcTj3v05Oe+rdTxkAwaXEjfHjw7A18cRPFLq1e7XPVF15OaAIZGGJW+X9C6SnLNTHrGmlAeBe5bF1NxyJ8XbUSvQBp1NyQhLMJ6GHeTnqG2+oKcMtLlDqhrjxBcqwGzBORNaeIk37oEDvRj2ULgb1Cu19EZ8tiMvhQaCqwm6eg\/krsi8k4E\/id\/90KGowDX\/Pr\/s1sAND5Dh+Md7iwKz3tFkcVqiC9XKQGYvwvrNl3M\/DVbx88F8Mq1fhBPFp75j4duggfbVz4fePFTUYQyXEdkFrbprYYprY3G2nbXPGgbmp+\/keXeMNgYEi7eCqoK5MGIiI5kYO52LEu7uBHu6gfW0a\/oN3u8Hg87YiAKF6G4HUNDN7ak+kYj0Gg+8\/osNPKdMNnn3Ttq+e4FpeaVuPQtri+1\/ozlT88MEsTrI4ZjcLkQrdsDGrSk5pFNuuaNdnBxmLTD9+Y31TuPjZdF3y8aerRjGjcKA924zFY6F3+erxKilvfVdWBBMq\/sZv6Vksw\/+Fz1wttZxo9VEZshnZyBhQtfaWNbpCUMCLWSIOTygpzB56\/djZxzMToQ0OTov79H21iuzt9kW26NuI44K+W4r3zJK44FZlurMlKsoEREV+b\/FORcM8avXBcW20SB9dZBdfAIWoFzST8hpkmnW5KzJkqUXpqJQJHsur9uW7QvcJJs3nF\/XtsYVO7wfuWlEoUZSI7JS9k\/vtrqWVy2X+CigTWqjVYJhzagu87STW7dgMdyFPWLSjmBjeACNJOqSiLuLI6nqP7AToDkXf2o2wX1ea4tL+l2elnz8UUQ0mwPbx3D2flZoxja8QhG\/H0Dkv\/zqHUfQXS1ey7dOzI0gQWGL2bong5dY9vIH\/KH\/EE5WN9+MZTB5oOqSTzGQ0G10wtkmcpl7cceFjmLyC\/CPGRf1WcWpg0St7TVzKyiD9jSy7E7M+Mef3DDpD6ufY+IM3YsYXJiOqBLz9Mad7YJnU4xywy8xIlHMAZnyk840yn2AImi8yGcKAuOx8ekNKD\/3YSrti2Nd30LJbAbXW+9aUyCWGxhaYhZKKyYrgwwNNaQQ6T+r69Xv\/AhEpDvcH"} -01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431370645999,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMu9AAH4RJlaokEAFmWIcTtMAAbsFTkg1z\/8AAB0I+lN8UldDPwoANwCkKLl+3h3UHIQgS3vcwcXrZ6T5hiytz4Q4TWQ7pmsAJO5xTHpseYqRKlKHmxme9TRfa47qWTNE\/T2kS0vQRKN+NvKsLSu+R20pLtVijhGmejNVjxQkpOqlEUNcFIHcN2wzhOdXdZI9UF3VUhNkOijfbeykwXjQP1\/nKm9mO0G\/ypc7Y2OQX8KQjJvTKmxfJgoiRMmIZd66ehWzpVA7ADDpyDredKxOTaDSAYoR9nNN9ch6nx3ZMTTXTycMrWty+BPeuRbrkASH1HytOMULRsu12u6n42QgaeYSvJl7RKIje\/FCPE4VKoS2bBqDGJdyFYhy9WpCdBYHFXRsvzage9S\/AuIhACnspXakPoSAAKTsCYsy7O8Xfk5D9YcZNZIWuP2P5LmgHVsAyYCWuB0zDz\/P\/niv7vxRu76Gc2OqQjwDwC1yI28dLAM1\/qVCYRFk9YMbF\/iD7Nsy5jvI9F\/PUuc57iiKLeU\/x1YGOwxmbb1YAjhXgnTaAuvlp4rcuFTF\/jkRDZDwvS0ElQbZ1sDIOXoAhaFOvXD0EKhqtqXAu8QvhDZA4eNLtzEFYCKh+iIymyxHd3zWX+3NxjMpE9Ns6UHSd84eMRpZcGmgG02e\/nW7OJALJ0IxLfndoUAlJk4IvuZcxngA9k\/unBNCOAlRVhFhhDnD4zD9WKXcfMQ8zOFHhmGS13WBEjy7kK3uLOIS3qui39MawSxNS7Ml6mSKoaSyb4+SNDLXoJWz3B44z0+hVh4WwxeJPSZ7w0VPVgCLDMcbCK1ByAz8JXWCFN83+GTRF5hMdm4dISfNt7qLcE3DH5CsDA+yUGakDromNlDnPMXyFA3nBYHp4IXGe9Qb9ePX1Y\/SndfWnyp3BEETdFg9vGIGsMMkmqU+J5mYsWQmYX5\/h7SfM4llXroWubSp8gBiYn3ZEiVxAgaNGqIripZvwoMsqPR8pCBgu6y3F8BYlwrVh+ZxYeOX5ab1qs+HTR\/VqeeVG8Eay\/MH5IQteK\/x80AjKjDmsExVlZ9Yvq1ASQtfskSMH0GMY9POIkrjW7EvJxN5wK\/qGiieo8H6mYS7uXrxZHkGc68vVyNWX9p3QoffUgaN1rL++0wS2CIvPmNLRJCwPEEWdTb37V1X6bBSAYmxZUUOT8oUGnsozk6dfMeAsBVRYGBaFG9+Y1uHxPYwvKwCvo+pVvLyi9jA\/MUPqdH5HKAlVkIxZHfTN0TbmkKqYM1+\/dGw42Opggft9Ujn+E6Te2o7P21d6\/4ziedAj7hW\/ducyroIUruOxK6kZkZIfc1rfDtpstdc1OwhsM8efvN8mSqQCgneDcWSXy4bE3JNAWNwVmsvgrlZnik2Id38oh\/fD8oub9PI\/kmIUiP1uSKBBkJyEnZ\/+uDpCaSemLo73IkSmAKSVsNdykI61VqMLJEb+fNx3Qf\/\/ppmJTj9\/JSXpVaRHvFY4L8IDk53+jFdIKFjZmAbMyUI5v3Br8tILw49LDtUwMV8TUdpFD45PjvSQ+YyqLq+OuacdGaLpMcBrUOmuMqWWPYG89KlxtPyViKOZQDTS8sb2EBEHN8hGk3fUXt1bo+FE8NSXvIg7NRqP5Nv3yrdaqPCA7cxMCsT0Z4cAs4COX\/fJ4v3Qpyc7hbzFiy9BZYDLGPjdm9XGzS14zLvvjA8ujJQXVu8\/cqxKCkP5AWXvVW61iwAkR3yFCXIjI79f5ml9EjzFluSxM8yINcpyXkiGxaLUSehYQkeNBr1bVFEIJq2IJOjgn8tdoygPZ\/Ggtxsz4Ympsa29lLPp\/1R"} -01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431370796601,"pkt":"AAAAAAAAAAEAWIVLCABFAAVimjxAAH4Ri5mokEAFYyqF9cgwAbsFTgeRwv8AAB0Iy4aUElydjLEAAEU0cgy7g6waI4s\/Db31CXMNLtpBLCBMqbNNIERpncwoj\/mzw930r9KSGtTDq0Un\/reM90\/o2LMUXhAxGEjpV8kM2isFWzwDO4KLtdnvjoVU\/jW5X1cAIJGi224o+IBoqe\/q3MhszxPlHqwkUkoHgcWP8rFY11sIccKhMsLy4OlgMZHEtOM9cK6MhXXnbI4PIfeHbKw3eQF9bmAITBhN2hEUuCQ5tkEGA44Ny7kWGmEH8N+oonqrQFSRfhvaY3aPSuVRpbZIPtuPu5FfCgb9SlrhiL+YFIGOqSPYS1Fga7DZceldELqsQnht1L6sPyvDZGhFHGevrPqJKYsG5AJ1dz0CBKyRoEBiPDMdvlFISahZktRsu1zHBcqXO6dH\/i8qaCuLB3C0cU7Mf84KfPTeo\/gsTws0xYHHMgBbeLbnL3UFA5r6TMOj9bItn6l59owKGAThBrdETsc3kNqb2EaYZyfxOIPnMT50EN3E5+o1NkgWuOzUcI4wNbi\/tPHdtNay4zsdQpx+v0mHMwKaNOaS1cXTI5EglEP9nh0+7Pd14q0LRBQ3DeciSithO1E4K1W\/Z4sWicTGPnlHMSkhRPDqwcMrqZYI65EaAXb2hwQHTLQOC3yEOm8uj32O6iPw1kmWecebjTAhzoITApAhOJNqbhOhmL3LYzlMNpCxKIbZWwXYI7KE\/nyX+9ktlfBgqL7lMUB\/nzCvI8L8RT\/TyhNdGRodyYga3YaHfnznNluGiCWRkzVsHTXG5IbNbGj69KA73CTFlz3wgsOw1uHC\/q3RChP7l2qOfWKIMtxcvHriXoLF\/vYMzoqEm8pCiWCoZMnY39DH0b5dzrRQCWGNuyliasUzdNwfCWtlCp7bb4qxiMpsXc+uNU+g2bw+VTTlx1U6pmIskkdKx+mP5J+pvDAUA8T3JVvzUY7NyB8IEQ0IbbpFr4IAdnh2CDfm\/3LkeBAfOpK4ISFWDT\/Zq8xGBrTh4yq\/7VJSuZCIU6mdUPZvVTVYBmdKXePmLICT7JVQHsyS6MxIt1eR8vw5vXsNJo11Hj6NXO8R3qnkStwD3Hp1s8H3wRtuYv0txfoYvO+JQlg0ebqSA11uOBMpoISeySuHozQ8oCCsnJndgourEdZSSgF1xkc5zlxohntckX9YYRJuzAJGjDN4T1wfrPFQyenplFLZHMDpAhiV7Te3CCs6SKS28MBI6cwMwV1jZ4JX4bfrUb5Sbdar5XQqw9SbBJFJJmemfZlNvZabnR9m9F8aNRgxnvKtrT\/oN6gP7nsRQo4l8nySxze1hd0tyD8+tMuNQJRNnwq\/z6am\/OObDrBsZm3FIBJGoG3zuBmWjHfo9F91ajEKf3cpkFlxxZkkSD9hD9i3XpaytXko+K4WOBWAhjq6wftsLdQLBpeCv6ZMwSeTt2tPaiX6D3HlJiyhzzjMup+ygJV6xano1oW2u\/3nyWiYV0GHV+b5y0lkHYM1dgiTaT2KrSOD3IRFXFcs9y8cNjsa5kJDBFFwGRXnrEEfcCFRxk12riHmlcId3GMVfy4P0YANskdNyw2M+xiEcOkt6DL850Uen9ExlETBFpaBh9C+ABSY+1ty8tYaL3zfMeNRiFgkNZZN1r942JOKKotMtpCq+6AVsdDiJcE3TtG4YJZ2yTO5bCLeezzQEhXvpEnuAz6dq59BUrxZNWOqZ8HHhEXq3N82ukDRJgBUvK0NQJTyZjgLcV\/Y6DWk0EO9WY2nkKr38\/Agezi3TaatfB4TRt19446lztdcfJd7DYB6DWTlmwbRMquv"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431431363077,"pkt":"AAAAAAAAAAEA737VCABFAAViT5FAAH4R4cKokEAFLeSvve3gAbsFTo4zzv8AAB0IdJfsHA8rg\/UANwBZgvMHq3AV4dyxbh1M7qxYXz\/QqdNTBH1HN0CS98tw5ggQc1OjegApOEUGthGeOLQM+rNmjRhE\/clLK4HuBl1LUEre0au1gZTt1KqH6IUxZKrE2sGM+Fqy7i7mdjukue2Wu9obDV8t84mfBGQvFDIc4C1GtNO91WWUABZgT7OXtAGbDvKSc6M0BxmN8Ta9If00OJSKfKhlAsrhpMyMxJleFReMHQ4vg3EHhEg3\/NEef0p7Zb8BSIABFdcX93ZJbQwy+tHFaBeQPW5hn0M6xbNjf\/RY8iKGm7C2EQaLG\/adPJ1obLE57u5xg+UA+iXg0DYCJwxxRWfvhsQNGcUILv1KPQmWIddwcM+oBfVZ7KRAyWk+0AiZGEtw5sCcIbEGLLWCyvoCaVrzFwX4Kxz3c7epqJFIX\/G4r4+8H23LqwgKdJlZseYuGRd9WZ17cAlMwRxkcaXk6EXP9kebqJHJ3dsOkzIicKHPAuN+sTLUfuCH9AK8a\/4BqLh0qhEbE4oM2O7m0ZqtxPFpAd5AdDOcmU0hU21c5xII4eHDJKcgQfeUv8B8IfJzEDaXWMwoJj4d4vPmcte8bu\/qmXZ1s8mPqlbPtjg8e7kqLmBzoI9FINBrXqlwZ15IYu8U9PmD0+zaeALYJjz54xNHN5vMvsd1bG1xBVwnOw1yRR07LgIALUvx1jSrXJCtvK9x3n0e17\/4XbEbU23L0VEkeWuLpyKfzxELjZtRJEtpFPK65Oka98APYQk+cvApo4Lv78agQ4isgrdWL\/lPZZz4e1uzhC0FBRUgyvNQPK2FuPLSh6vnlitflvFrugGvGJPfCcZvXgSXYhz6PyAu6ucrDkSDkrlCeDqiNpAW9DPw533VK1F2HoCn3U9TSSojbSvKUhD5pkbtLeWikk9yO3bArlheE4cXpsDpxzpKyb+b625k3E3BKOMUug6yBthPhhd+KYT9k7QNv49jm145a6LOpftpBseU6YgEk3IkEn1kE0Ry+7JgvD+e7\/hPh4fTdkqT4\/TjJBDL\/5cc4C745utJS\/GXQLmxqClZo8OaKh+kXsNsf3UBWFfLD7KYYITUazzjm4HTDJx22SBXRiSymUZaCiqENZ+uQsLGTRXM6uMxohZt8R\/IQ8G0EqRIa+L34Shdk3NM4sny6iPaT2GH9XAJHyLYemSXNtIrflbXIk7DcAe9WoEKXLafhV1Jrt2VExW1lKiX3NE7AAcMr2YnXBca+0F0\/6iDygHo5jrguhUsl0G\/7cLdUv8CGCYL3MesNJjj71hJsM+4d2agB4IWoE5R19rtfLA1vtKIDOXTGa2fzqMjyQoe+YW5HTBVmgNVSkZf8TM5SDI0XzGDjmd5nIpY2o3rBWBv9s6WzH2rmNVqIh7TJUJMAcpiwJjtgJzrS5Df5gmwZJz6ADwyaSKk2RZlhl7rdxydk46DIs+UU5sl+oKmvzr\/a0f+puDT8Pqc5OFZU4lQ5MXrn49YDCk9QPkWSlDYRK1UI4nr4NWKo\/\/Pw\/UFfpF9RnncBRyUFvONCCgRjmgmTi97CEEwbbxu\/Ki8qbPdIDbhcLsKaHhiFtKjKD0dMVkAfS16egEUxcfuMtmT8\/+LcTgqwwjg\/mITmoaavzef\/yGP6uX9jutL\/g3miLPjpmyK5Acy3dJwCKXrUWYFg70tEZ670oPo3w3+vZPuxYO7UtMA2cZA7eta5PXcPaU8MOYnga\/iqCsWqSwZ05kCD8++07rRI1TOxvKxLmRo5hLgAqZ\/VaeBFZ3vrlfLivk6N9hE4WT2M2RUIs7n"} -01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 01072{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} @@ -100,10 +100,10 @@ 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431465588465,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFOJAAH4RYRqokEAFgPgYAeyHAbsFTuuvwP8AAB0IU7\/qR9hybwkANwBhzZIZzXuLO+ITUxwPQ154KDm4YAA5umLfVFm+RmcLUYDlEBA\/pAz6nvB8AVSCdTXI5TOYsV9E\/QWBFKCDCIBHTHvFyIcz+i9HnhzJx3oomex6fz89Wv0t4v5XCsZ2gtXaLihep1Q6RHSn816q6Kh40Jb6q21pIvxBT+cRUyfL9XQqtwbCmih\/1k+KHNhNh+kRFh6XJbGZqdVuNiBplHu6zJ0pkshr1pvC1LJhyvQU0Dm4mWPTqJuQqwLB7hjY60vKpAGHvyyOczQWN09erIQDzXbzqMhL4b0M2w1\/TlT7huuQTxEID3j5k9KaYjz6kf0ER1JcH8cEnZSpU6ZDcA0aKtSUCRbfGucvzpXAlU1P0gD13ZbHqKxSYrqnpXGcTVwS3I9+c5Q\/VkUgvsZc0wf\/9MEOjlcithT92XYA7xmlU0UfwPd4Ojf1wNxPgSU\/K0DnDk1womS0G\/ZSh9D9ZlZVB5yVA13pIiaR+k8r1X82fdroTGzdHugbU8o3fbaRyQm8b4yRtnFzF0LxEo7PtOJzdm0ZBLoje+ZNNqh9NFtJ9V1qQS1X9VNOsUZvWPNgQBaeyZndWXpgl15MvPmte+qN9awZ8E\/Y3bjdMYO04PR3TnIuFN08oA49CYA1VctJp7\/dE8aTfiUzEHQg2lRh\/vprMm4FsAuocyWHNetPgpGS\/nW\/ajz3nUWrWpr4p5iU3XvWC1ReAGuIIwesUqSmu427nLGiB1ay7OxzNWba7FJKEY4XyQMczhEntYCEKh4B2jDrKe9HHMi65qX0Oh6pF0JJHBGwEfsMrAVsySYaPZfJk7O3QMH6jwaf2H8zG51QPhsVfJebD1eM82cCAiKz3k4AxeP1Mp2XyoYtWJntK6nrkhq29ZSo8N9IF25Bx4cyZQ1gWgsf6YOucgt1DYomgaAz5sN1VRPs3lKuTuJk+9CmvbZws8Lrl5pNQluKA7HS6J5r6Sdko6sMJa32MLYdskh\/eWjyAO4PIU0DLNnI9urDc90Tl7DeKVFUDKd5Ccw06SjbQZXaBeFclUY6Rq7ktvqS4xNkU42wPXNNkc+Km0VcpWL5mTb8raM3lJS9QkTtvIQ+D3CxIQKxNN71qsRBMGUoIaCSVO44MLEyhaXL++UAl6veMNbMWNzpyGl2ZAQaiMg3gh88e\/KjyFDhVelq57ttuwxfYY4HdAvf1O7Wm2niYjEYy3EGd+XJh75LEv2J7OvkX\/TDKMoDPHZBKylGhceTFClV6SwJCqHbmFRPRljZRudE8DcvLMdi2ArGtC7wV6BJuPxvznknqIpsuPaaUACqFh132DMk+VymlGGrHAEvcCDBXHcv+s986i6aYzFj3+UG25eWMpILHj80J8I1qvmexhdgAH0\/xq6OcVC+CWTvOrw2ojyebhvuLWQwJTRfXumFCZVnkVXMY\/wBcky+Zey4VYpd2tteRlcYmo0gstMZmuJQkyXGMQDd6DmMt+xSCBKdq2pU3+cJZWcSDy+PS90fcIm9NFtg1W76+\/3yU3UvgIkGb2htcHHuLcboGe6WFdcvOvn66fYN1q99qa+mvjvMLlrlsqtu4oszePWHk3JUyZ0uzuBriY6ZOViLOu9+ngcuDNQPDEI8BMfCUASLWFyzVNOtTnOzlD21\/UqlSPBUT+FMnLB8yDq8q7wJuDMTSdqKQ5\/2g+\/gT1sPzVcQn8bdHpPg21YclHOSozdRTvS2OQZHZHwOsQ3Q8D0cWDoLqYrm7VvgO2SJgZmoD+0O+6Mg5gIxvYEyW63O7uwaFAXSn6cSWSij"} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431482942620,"pkt":"AAAAAAAAAAEATej1CABFAAVioMVAAH4RjguokEAFsVYuztyoAbsFTmeUz\/8AAB0IyBHAZ\/KzP6sANwD5gA3If0Iup4ZIgtnchwt9ocBVPoi0jazUzZX7baSHnp2+ZpfaMjYJtsimLMd7snuHAP5qKMdE\/QlWzMm9QjekYI5DKIp3Vs2bgEYSzsPRJHJKk+aezBC58a0+UE3a4VvidK0X7rVv7FFtJ\/MlZ0l7eyLpQagPrjcoOKGABkLRMC8f8c7JiV+3vMxbVMzswL0F0LHGpOF6tJmgxxG3+uIP4la3w9aqL9EIveC4NT3J3l\/d0v30cvaNQdKp9qrKAtUZ3b8p5FSbz95HiJcYx1aCRH8HEjdQWEZtyOX1SVZcoQkIfAis2hQqjHVzbGHJilsHstK+d\/yh1vND+cvzFLHGQ69Qa22CEae79RChQnTrK2ZCkxDnMfq1REzR81Vvo7\/ll3OtbcsHwGPv90oLgV5z+gQBcGSsn+txIgajW5\/OHfM0j4G0dOYCsFP1nOlqm4KZEyRojk5FD9gkh+QOWzUWMY5A1pCDVEbH98Ij7MdFXOII4eyOGrKjZzB3mOY4L3c23aLspNnA\/xDDGoLwBtxo8tuS0zMN0N7GirfEc+UfpigoL4GN63\/LWtTXGeRupY0hNf1HQSb5VrjXblNspzeSPkwLA3aJ5esrWE6xSGdL6JZ5WypP8xT64XLmr0Zb60RDfQA5rRVy5Slfvqsy9gpQwpIPi8FWy85za9+wqZmlViFlX2epvHU\/FjVYv3WNuP8SbX3Uhu84jX8xNIyRWWdBxFeFE\/86cZtOr\/Y3X4PqG7sr0JWY\/fMaNEX7\/wyGWZ4GThmJ5+cXL+EYkRu6GhEEZrNAi+9kCVttLBMUDHxs8XD83alhSam2NBHXrH3qgMFg4wem33ZjfiDKFbwU8lzTj0R5jphur9\/TMii0ZE4o\/tWuxXum9FphC9lsiHff\/LoE+tpkkEGSJvfUkY+42PUd+iyulKfdSSlb2w3ICSW982gZX8yqFnIWdMtFMt7VtGfDY6b2g\/VctCi7tH4bfPeCfOSltFtkJj87\/U\/kUi9e1b26oCdt5Xk6wLRo21LJgccFK7EgeSfdK8uEGdrc\/u9CQqoxHZNC0NFUmmKcp\/1jZCF0P3DcN0ewbtKhnRxAjSNjtkYP74ShEvo3ktBV+nVpNskRYreit0gbPCwlbV4PLZXs3NS2DwC1zjsxp6Hv+nM3Q3t+CbogIe1A48l1yD1WlnX7Siynac+mrBcCDB7xdiQozuRnqhIinTfzuyAJM7Da8bFtM4zKsUHWfXAlicU5hdqlIJ6QkyRLm3x+ut5L5m62Q2VfTWbqDNHIYAnHPUo+TuglzAH0cDKH4SYvskX8XBUvmGvLHZZLJKUBhOxd87nESRICfrgx6G3GmLH92u34bDky8P6str3vYXizffmDVn1fnpnNyetYdgDy1+qT4TCFCyOkA8eJxH04nS1cwuyXOClUl4xACm9FU4jJJg92Pyie1LF9nZIEvD+s8U296VtKerW0URPmgRjvHP723Xg+xd+1t2dLLFXB6dee9it85SO3nA37lV1L1ODC1xoDUthLzBuJjMX32C9IytuXhyyPcrHeaPjq4gDH3rx9QhfkdaaErk1SnrXw0GjVVxKPC1H0G8BIzVuCJzL6ifqHzHtQpmqGWkB1dkKDilpNyCRwBtJL1lOHBAp\/WGH4+IC4wpPGe9o5k38RrL8SgNobFDQ7d4KUVI\/R6UNBDzFLkmCpffORWC9LBKt3SKQtPDoJw4\/zzDEridhd8NKA22XDC0i6N8sevkZDtKuiWYpfGInjxye\/dACo5mlltAELaIWcGHUxsmgi"} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} @@ -116,14 +116,14 @@ 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431520499355,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMyFAAH4RJiSokEAFmWIcTsABAbsFToP3zf8AAB0I8UfMm0YCumkAAEU0qB108owToXTtuCRjc+70inAihifYHiWbQuXfJea7VaHoD1Z3r4\/vBhoSdhxMdibKvoSajiWd+GKpZIpSe6Mu3b02WuJTQZ7lIlxB6R8387TPpWvfdvZCcexYSs5w06Q1KSKSldCKb13732QiDhmceyuJ+G\/vOPKCn4lhROVQeWtYaKBdyapYqZHfhjZWjljHpjVo2vNz+VkBflOX+Ozm6T\/87Vc5UeUm3B37gfSZ4LeIx7NevaSMxGXLmBBGm53OH67qMQ24dCiLmx1nIEP2GSXUuuxzvdiYJ+C33xdZKaEr6jhIjm7VN1\/Zu8CjfkKQf7D8e9dFZtoH9YVFCLq08e8yFNdGIgBhWD1FTAmwmExuDbbN8chYJX2X\/1hfjPMXADpNHptZq24MTx4Ub2WVKMWLSPtjykME1uGVH48mFoWytx02J11gW\/ap3AsmyZ9NdEW7Cunzb7OdwAsLm5eBcsvVYsBASXkXW3J41zJ4fFwc7gDX94tPUT2MihCUm3spqjn8qePvRLkJUMDo\/SAAm5dZcaQtVMRqKRQyJK3obHEqKv8SvkNiEUp6IvmaXKJzaHAMKbNjzuPBN5APMlSrVhrdjOoWnxltOAScvKXxSntCksumIK1eZRzMyHmhY2Zkz\/cbLMG+nbi739ExhDy7kfNZcN1w7DL8T3NA2lau5y0gmwx2J+etKbkof1MTLgLIWQjaMgJ3Yg5iRbSia+X7UmijUvf0oRg1VUpzVMKvybapDiUxy7TKrPFHlmnAdWt7EbvCGo4ZOvDt9jNsJ3ry3qsfnRRTY0KCXoq9KBhKDVmNwRT0CfKMZF9UZyQR8waEK3M2khCNE8K0HtopUIBaei2pkSAkP0cWMAQzYQoAL9RPKGIb2zxA2FTLXUCeYjqOz5YFjo\/YUbPspSIkamI5Uqoz3HxLcyaZT1IlDi3snj703Pl1raa5uPYB9SbeFS3jz22i+jMB1jK64ocdk\/Ap04WGAZSylA0JvWsYxDreLK4icj5p\/lle+733epQE+WSvjvH3tpEFuFmbvfaXn1HUnxAw3Znts4em7rmRTGyYtwIh8Xo3qzYWxNp\/\/277cZjRt9QzcMt6pSHqe\/yM04MKoyEXtKFSOMDWukBJqjkH4ISeeqHmQ0D2O3e10r1RYA0qfHiQCpBrjUzeDJ5xQe6BIM9EKqojRuTs\/9mFZHxEdvsWM0nr40pxU4fyO6RlV7bvX6gjlu6xDeyImfTBJ1CrhxkM0NIOLgBByqIu1vkvl+ToqkPCKb8lpAmBCSOuL8LVtqnQvcqcllj+MkGi4em4vqlh9wF35mSy9bZRKUfyGp+cvVqboEHj5rnD\/784KqHiRDHIGgaFgNoSsGakObjU1Rp9zwOiAfj+k7Rb9uzcZoWDO5B2gL8j4OXSBSVhkAirs3N86IOumv\/3IoeWBTvvkpNELfLJuEh70vkySKCdBxM0hwVEaMSCru3BXwqtfPMH1QJ4jHNqxDAuEHki1cwAcJhlCh9Wp3ET7xqPW7AeUxwE9fN3Jod8qufi8Ujiy3wnc8\/qOYbxiPpALR0F1dCk1cwWv9kpGmhEZ6eBwn6kYxBWDq0P1zZ7tjZHsfRLSAnN8M937kF16B4WONO3kFuMiJaE8dalwqulOnHsnWLkMT4dr795Qeky6SKp5+YFHGV+5ALzCSXCENO4JxTGck3fzNG3n\/Cx2j6bb0QI1wP3YfxO0Zb0Z81wO59qyyo3YabxIs6ynT60zY7ne50FIpDZulJ5HZlhqxpkr0W\/k06atJOkV0Ej"} -01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net"}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431576853368,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFQlAAH4RYPOokEAFgPgYAchgAbsFTnq0wv8AAB0IQJ4IpSc1aNIANwCZc\/3f1l3vg6YZeTNl87IqhJ27nCcuea\/qvb41mLVKUuBIV5pQThWzegD9xWcQRyZSfI7h79NE\/YUm1oAXrFrCT3TkbHGJwP3KBfTu3orp0WCwk0l4MiqV0DClWwpW\/1NKhCfuNkry0QNEwg5pHZb\/vSK\/s\/a8cF3aIAtN637iUzqyfqlQEpk\/TZCqI5tarhaQzSJ4uSDtYWWFCyQdGrPQxx36Ty1apquBRh7LpqS3HzTGXWn1iXBjJTo2oNMvvW5LV8Ozlo+ykFGxJKjaz+YxvcqhT3PapUN200W+09yqn+UXzRAxphjhSHCFmnFGaD1Cmd2AoqB2RODbBdfTfnO0p+5IwFP+QXYCSCui22wiXW71huSyPhBNTXtdjBnB0aI7RQe9BP\/8cTXCHdvaiOWZbEqGPCEZpsonT5okRzLwKKitPO9lmE6w6XZFQF+AwHMppJIEs+V4\/+utYSZGmsenl8sXZa5i3PEJK+hPz90wGXsjo2vNoA9zBeskKRP31j+JnkVWm6+SeE\/XRpijNighimBNH4TAc1SkFEUDYnbj8\/dvi6K8\/bLnWnO5ZEd5IeQ8y49ijX2T\/6gXriwCkzq1N2nFeCTG9C25WLUIBOWbIgjk\/+rRxff3yEw3Cf0EsWpP57l3vuNRPUUM9k6QGTA+VA1VqhI5cq5zqw3USveM+coEGcG1czX5cJsPCLcDVcPmIyqMPFVLeTlqZ1e993EuXFPOAn7\/j9tmZpD0F7W3EcJhPNBgFb8I9AuIGuTFhDSHGIm1+udcX3QtCfqh23mMSbz03kWO\/8Pc52Aj8EV9FAJ++uk6cpcxlqReXfPX+orcIqI07HBHS4wZHhfWa4II0L8ZmZqChXEQh4SRM5QraEDhiDgHu2Wr\/XrZ+LTSmy6GJnpyoczRJsxWL+SqSeaD+rxyEDOOHfzLTMkqwLlJdA5\/bX9M6EkuaQ7fp6odWxiaULg9HlTuvy4eSg1Y+BunaS6DHxROL7RTUmCWNUYbZhsn7mUOPPTqltAXc+wYwHbtEmsu3lqjKjPQEUq39uJ2DkvHyNGNu15OR5jgmIUl9ra0cSZwJSuq26MGcArS+trbqUaRVMldH30c\/MqtoFc0+kTZkdf2zXVOuhlhIHDu5oivOacupqIMRXqQvnAj9e3Szh7HtmF\/ZTqRfgMooySSCala0vsE5E7aOt7QgfLg9p0zs80j5g\/fIFZXq6e3PRZGJlOduO5u\/FTED0nlkOStAfZ1cLQvrXot9UJE83tMH4DWSX6zM9DnOiDmars1HY1Qu1gozfortWRStAAQrzDmILzgi+tPIyMlRG1aiOK3rlgWXZwKS5kvAXGSQQPfQS9NlLwCrZHQT69B6mWCBPUBWh8QsOqv76k4Jv46eHsK0hoU92HUqhOqgk09EQBCnGI\/zWgYxU42nbsJkiMdKoLbVeUFxPtnCdHCWdIgtqELcoRLCnlfyj6fLmSJose7rxid75fKfwhgi9zbXUZHzUBVvrHaO1NpbexSUM4VztLAkHYegA4mZsAUTMXrwzehYvktbWieQfVgMvUC0tW6eNm9CeJQwCRuFen27D7bblWN395kZABQJz2J7igCkCcenO9hEEn4u3aBeGpUqZzmS+2bCxYqraA8Fpg0t+bmHW17tRBn26Wlj\/IBR5faBKZzUPN15J\/fmg\/PqeAeDRy7HA\/FEBoAg9iJEv3ZRqMQz+xrjOv+G3\/dDpiheVzILmxX+EOrazHQswKRcYoP3gCsVHHcszDooALZcZ+BQQzftaJeRTwIbx4z"} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} @@ -134,7 +134,7 @@ 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 00824{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431760040593,"pkt":"AAAAAAAAAAEAdQOrCABFAAVizP5AAH4RzUyokEAFTFMoV+GnAbsFTrfUwP8AAB0I5zcbzyTN1LMAAEU085Brpbyr+2jh\/NyWKUdWZh90hrqs\/JUnV06AWtlVkrCYYR00Pib5lXHukuswI4apeXXYya1wVBFr8DpPUkWiGoC3sbaSvRZYYp3tBYoEJo8YIhwPSxXaYFfD6\/RsiM+Yfb2H1k8FEvnnpg0sxOjmgBY+O4W2eynZXgCIIV38HEw+wEDjZA2kk7L82T1bQYySl7HgNdHSquKu8SR8yPJcn8V2uMxsDXUCsucyI4\/wZySpci4W3UjA6hpswJQYsYncOuLPMzriT9nvkw9UXOlgzjajXpXUd\/JGwl0HyONFBLUkUDKjyeQYXeGyQW3ma\/zK00kJSnfXLEQC\/601KkV16N6qrZ0v5OR1cTLHDvXTzpfU721p0tTNZjXqZrYlC5ApJ869tkJz0gvSI815yu\/1aSemEd+xL\/8oRmyBCIllJq+YA3vMuW0w4\/T5JBaRPvDu30haGDWrTxiRXXYta2\/CdqVvbjVJtiTfDkkC1bYeze+3Ah85\/uP8diiaa9AR8AKCUBgQdJ3mENPMmAvvqo\/B+ziY39N9FFetzWHMNvAzeRNXDdkoheBvxSnvCsDetHFzuAVJDYI\/bys388LAY+YcZ2PLXZ4i6IMVrySiDR3dBi9J6Xh51PGX4vbMQUcpCXv4G342VJ1caxMpMC0WKSvRN\/bqWlMQ+RF7oj6QAUiBi3SwgLkBBChaMRaz6hO+99tY2xzKs6MRliASieiMP732ghruPSLQ+wkW3s1+76mAlzozUQwzPbS1PGTHvC010AWavdSmg87MToOsLUXgD4HnFyn2h8N\/zN0Y9kv+731G9nuRhhLm0utvCdYH7hRWyLbk56OLgd+REvXXwQQQpBwKlWgfOj3W3\/5qVvPq3e+dNdLj6fyCzr2ipjs5XbBlzIlCeM\/X82w9I6lQbG2MB8pWKZKtLdibzQ7WTlOJqcJ2CMdQhgH9A1bdiqPv\/gr5wXKSRUUJATME8kPSQNByUdL7GTcCBNzP+8ZUAcsI0bM2tgOdWh0suQyngSZKgXVLvx6wGBu+1wF\/mC2T9fk50gp1zDgTxJjhtLxXk3ylwvBp311b2znJyXpnhAKEllhdOQr6Tr8CSn8jAdZm+gC\/EWrlnqxU3bjZ8FRmLt5X6O3NKJ6DoHTIz7S4IKZcp2EE\/qrF59y9ofjxJIdx0H9xpLiBAZaTSw63h0cJs0HrTSWerWgqOhr90\/R76Qs8o\/fRdj0KfsMdcJ0uNDyxtoSBePmAxqS4gAyc7hFHKfA41dW9prrj3pJtaB8l6RP06jKTbRRFyZuDe6A9VYcgFUSM2zXSaVtYhvAVkemhrcWVfhKpPRpQAijaZZT4By9Fc75mrUC8\/jXvh0rSqRaZF4w8CZTfLoxB2+fbxhXS\/y2T4EIEyiUFCUG8C69qtn9uZOcZ3P61zXWpjuvaUy96vWpLSu3t+0FalFdLvnA8VuSf2lAEClkALW3Dl4vLfiIlNB4emRks21g88RhpsKHyXLOxAkbKh50EqqlhB1mllDYGWbm\/4xaT9s3Zafiaab8TWadT6jVEwkNzekV\/0AbiRBOXrL6jktjB5jxq4zn7l3VgtdxFNAmFQYDibYgJ3De9KSyXejEY1rNESvwittZgupicY+Dm1OETIost\/wF\/G3hHSgdvFNBHmfdSw4NKdZwUuGXdqN5OH9Rvmel41BzbqTaqBCe1ri0\/9znww4gdI1VUL9A6rt9xHmn2T0Eu019PmuUftYMzGJ+Wp8LyQupxLYsYZE2Wjo3Ainf0KmDOU7NxfIE1yCKzpfBd"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r11---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r11---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} @@ -142,51 +142,51 @@ 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431857841314,"pkt":"AAAAAAAAAAEA00bUCABFAAViuPFAAH4RUFCokEAF1bwv9\/j4AbsFTi6fxv8AAB0I0bxRKTuUwgQAAEU0fyjgv48\/VCRtPz6ASN0OHxQrQLq7h+XvdqYpW0IdDgkyYs+qaZ2IuwKTrk6YqitoieAEJmESJxxd68I9xE+yxkJr90SUnR1M1QTaj6cNmtlgHivCEvYeIZrstWnYNHPWHxnYIDL\/faLN3v2l\/vAW9BxUhwUIIu2faUrN8uHdB\/1Wrbe6vX+0r97gH6rBkczoTPMVg2MQIvACvg7MEMvDmXReZiu8aHhYLNrKXQoHb3wlKFlaWklVhuGIkGp4WLeoDI28YQ3SoqEC3msnpaiKbJSu3i6gx3XYZSTNOZx2wTyUn5kAQEbqb5uoOB1osvVBX+OO4htJiDv1h\/1wp1YCP4Ga4XsP5b3LRFOWiCauo\/HDX\/dO+7Ks21ut5u7nrFp3vsYoOXsfxp3FeIFKCtW5kZD4EnHVyJ9Zv5ZsjCJnr6xOm5z7e1IdJiZc2UH557C9gO4HZL07YwIYBvxA4wecK4fxBR7uVNiQ0wrRJ7w0kX8LOcTGayOjs2lnNAGuPIUjzX6GdQ+Z6ezg2kVKIBy3g6BFqh5fYkn1MSCjFfmNy8pMek9wRbT5tx57QhbVEjzXKpfYCtfwBAPjvmTcyi\/pj1MMF5TdQU6Q9QzzZlwgK7SGoS2km9o4rEOuFsTnF65lollpj4WjyeQhLnNa47OLuo7V6lbQKKTXm54krAZoSaOjejVJLSvx4iwoHF4MJo0t4oNk8LuJjCQWC817H+Z91yZxFTv9SHWBSuEab71KDyg+CD9tUOH2iasAIoErfwlhLdyeLW8yCcg52npVgZ0HFkVfZqdV2LZOvMnR1Lg\/onBxIxjcTUBxhzgd3czjkrC9JJxXxAgQrtSuhn1dUlC22+vGs9MbLXg8o8BLwo7d1x8VTGQdGCnPHJxR6cm1HaHawimYIbxfZ0eKQ6Vt5aV+WhdjRqtUk3j3G5p0NglB1UWHexuNnoOmN+lBZl\/GapDd2m5Yk7FubUhQNbPoy6E8bME5Hyr\/o7sXuXXRcHrH4\/nWsGCvY2cX9njBk7l0Q3Yczt900ouVi1hKp\/UFjI5huUtSUtRnaMFTMB366CW+VDqVruM59b2jx9lTfzd8Z+TvHn6Syvm4tnFxFqmW3I+PMOiWhZlm7TO8sSkYpmYZPGgg63y9rYr6LeryRTudm5RUAR60p430i9LDtZIPD8L\/MTcq9RO1P7jlBqNqxA9zXscaw\/B56sjo6WGP1vLVdb4FB7besaQ5UMN\/nkGoKYOK0deEGrBwjmMxyU6xHUVyr830VfWqI8HAMQd9zqBnczWNEyIFokx9IwZdRoEl1iKfrT8hCud9tIKVpmH0bVMxmQxtxxxT8zSplUV07U4v7xPcnwepR7HmBCZlhrg1BGmEp4se9b9u4xoLK08+r1ejmIpu8VrM\/VOxNFOxYErJFfxlSs9U3X2QWpe9HZGajMBAk0q9\/clUh17xxU\/E6aLjJj3k35K86utGs2O220V0V06R4gxX2gbFkwOMY9INm5D1T523esnitGk9u1AfZJokW7t1XCTb71Id31C6\/p3ioxcXBd5BAbp\/OL9sejWk9TArIOZnUUDZmTsTOfiogn73e7vN5zFf8cIof0JYkZp9otum3UR4BRg87QtqURR6ehFMZE+c0BmbqnHZ89A\/2y4Apn9NnyDFZ0B9ih4m0az7qg2w2IhGEycq5dwSXGZZcya5GcjtVBe7BZ7TXCBQ0AlSjG\/PcOYH6vAazB1DcKOcGryDTW2ld4S\/DeIQ7lnUczZptB1DL94kJw3IET\/eU6zvDBmlBeRN"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com","domainame":"r4---sn-vh5ouxa-hjud.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com","domainame":"r4---sn-vh5ouxa-hjud.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858130379,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431858130379,"pkt":"AAAAAAAAAAEA4PSECABFAAViduhAAH4RAluokEAF9Nag28wxAbsFTqBqzv8AAB0IlCvC3zvNTXQAAEU0bBkQLI3bPsbsoEo+cMFgRuBfI0IwALzZrBviHAA+Z1QJp1oftAmcZe0+1BtbG4PtaoRq86omaKbtxZpajLb14FXlpTsMbQWq548iLQ39D2mbEO3zF7ysXTwD\/P9gtJYLXSC0VWqv8z6iYP7A9ndUj4J9CsimScdH7Ab2WJohqMY5cmDhFqDohhOiLpahlc\/4Ug2oP7U6uykk3o\/sBx1t9\/ooiZ2L9IlfdPdzo5JC+fFevV1mvuFRA6qYzmhcKWxznVBjFJHIj1tsalMyiYEP7klZqDWRsUJbEL6smhbtt9aDog+ge1\/kDqXPWI58aqJbP0clqgdwPz9S2Y6WlkC6+L8byOJjqS6tC8RKuT7szyzaD\/QpeLtuTIaugz0rhTbG3tHV2+eAGw0JlKNnYY4d8gLImSL3Z6Vbebp9MOrwwenGSYEjJEdyKLbl91wAN4oX8fjB0uE4+Z1nljjQ7\/Ma\/RgFHOnpp8JptJLgEJQUuj7kca\/3lobKXvXUHslLAXaGHu93+qu4aAMp7dXhfcVd5T0FWmHXp+hPsOVQgNwfcRktO7mmDqTPc4g+iqUrcYsMitif3WlIVEwBPbtDteCVHHkYIPZf0u+syu9A+I7FZ\/5duQI3QVq8hoSrN7bG5w\/zvEqP\/yYI0sjCFuVzyhXgLIEZJ1qJGRZQmSo00VbsElmeDT5TArRJNB7LuwPPihSe5f5Hs5CtfrGYHAZ3s44Ph6a\/IzKJlY9P8nsk1zJw85nZ+gBW1pbpf7Yx\/rmROIiRfURp5w+iM4nAMz0PpDktxSPJLH6r6IEms2fxM+L62MlUVBrYxZJJ4FKD6OSMvWHR+I0vhCE1kpYYhUmcB5sRAbPNVykSrT9KfoViisi1N4w19VqeUgl2Qcs9W6sML2oqVYyVtGBCD9qZnkUGpY2w200a7PtBxVt\/QBEH9v4MPebuiH5rjnSwmFgF\/YosV+2evpl6G8EYlQHIlAthqw3OzMzNUp2uIoUf6nBnYLeE0fFV+obzpD\/u3S83796oUZOibm+TF\/PrubnS+F6u3RS3ljwSqE7VUMHGjfQSaSRBeed0LreweZVA\/\/uCm2qDttjlLYqNjHyrnYThnZom5ECvmIWgSxX9O95W5BQeuuA7HMmr11Xq9vK9dt33jd5FN1yJ5eBzKVde4uSpSNgwENQ0sTbmXF8W0di2iH\/3Y3JARyiVNvb87pbQiF2C3fPJvBbyOmdUzYi4IKODjNa8529r\/2WPUbyL0gcgBBvdC+00m+RoZ8pSEkm873NVfGtcv7ZJNfBbSSmOtEGolsa1rgMIjqSl+gu3HY54LWS5r+MnsCESbFYroCnveYzrsVdGohrb\/zq3EMH7BAbPbeE2Sc7d\/Ko6vjgRH\/9L3cq8ORzLT3GdrtyRveeT83v+9cCjRxC9ljG22JeAq7TqGxX2jJfa25ONu5zfti\/Q\/UCDd+R5D9Q9slQkxPCeDJTSOXa4gnpgy0Q49vnBGzMzMNwOxtJPSIb2QOpg7IidPlZBf2aUO5XpP0KqgFdpm7BG7ULgBjR2GFmXUP1c\/zzdTDDutnR9ALbmfU8Kf5Krd1hNOuhGq5klqMBVXf6hyAA9S4QMp\/it8pHP4\/S66VpOu3bNUTeTIUh888Aqw1WB0NjCw6\/asqZTdZrh8cvMmW+2WW7xmsl6WAqYoU+tialu7WkDUU8OoT42banjTBlSGGvh8863vIZ2StyYDb8zwIU4zuhyMr7FDtlza6jHpIArriq6hYW\/CxoKThchF5eUWwDlQolmqcSSMgBX"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858130379,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r3---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858130379,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r3---sn-vh5ouxa-hju6.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431858501078,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"} -01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com"}} -00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":39,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1621431907429875} +00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":39,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1621431907429875} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431907429875,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com","domainame":"beacons4.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com","domainame":"beacons4.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01099{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hju6.googlevideo.com"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432429509568,"pkt":"AAAAAAAAAAEAS1QMCABFAAViiC5AAH4RLC2okEAF3FB+Sf3QAbsFThnNxv8AAB0I+DF9BCeanTIAAEU00hb7OpWAmpFx8qx0bByvtqmnAysWW16ZDvTiBt7+493PQtqd2pKjXT8n6LbaHZrBOy7lzR4IRozP76TQ9DxkFAYnbYCqRHqgPXL5pU+zxh+eB1qzeaw4PD9sxeGceY7QPFO2WPj99N6anJpqI5Hcerw4FTNYR8r1d+SWlStf7eJXbom+ocP1XACdlYH06H03DxDNPtLz\/XsvkXaRPpqyh9hAe4diK1f3iIM2QaXjqckDT+tjaYEhYR+BbL7vNxBY8wfGtlxPQZ7GgVmzdWF+sXyPQuPaTJPnp6PHwhYcy3PsXRrOmC13SC3mZvcQ4+IGjqfqhG+D9wugf7LmbKqsznjJfXzBwYIpCNL+MHcorYpGmUUn6+dyppyRtIzd5m8irD6UYlkt+9VgpoYwGSX69u5si0i0viLsrK8i\/m6Mf0iQ\/Spi96VDtOTfFfSGprx6ij\/O7kc7TXG8oZ0bctqwNFJYOvlWB4CxfK1rYG0mD7xeo2AAgOTRDH8+AYCxUdEzUhiS9ozc2lRPoJkzP2AUr79N7oMid\/+ZbqVhmrpW7XdI12cPRgMmLNFI2MCGTdtlIH5yj6rZtmN67GfACUVK3eHHT3gwe9Jqb0QlZnM70xYApitcdFflHseTh619fCFNKL2L1AUL6shWE6hYP4JwBlMizT032t\/G3ASg\/GZ6BQlaObPebtYEVaZCai90TwmlfCeA\/AIXdD8iJXn7qA5z4o9cudnvk3agR7adxxofVPe6U4OcOJSG1IX2\/mU9S3WYmdFWlpmlMVHWT3QNthK23pRqiZHtH51vPjMDpY3FqBdaqTN8m\/Dc4voSrhGa0IJlpuTviRXm7EgxB8GHN9HytCvDZuPXhu91noUZcgCIcGTZdSBm7cO\/YoHlfVoH\/mVp5MrHSi9cVczjkioTHtPkpy1ub78xuF91\/7S4rXYep6NGOoGjl23AjOJfTTGhu5OWPnU9zMLFkllrVtCulEqT+b5PFzw2wjUYTJTfyrFiv4F8XdsoNLNTmtUCFVtsmWcabX5L6p42ndagG\/+lMde5hAmST6j3vklTteqoWcqrEZNH4LzFgOyupl0Nl63YsGt1OzfxU+904VhWQPq2NIdlO+VtI2U06A2jgU4WwWPcULGssz3QtHxG+LwUiedg0QSFGFQKA+HA3HUYnUTTYIQEOfSJx3BxpSEIE+zqBA8OZ8JL2GHKmdK1yQ+QhbvZXA4BPgaafeG++Hlfj9oqrT+ZkIG2l0Yfi89xALYyMS\/gQtfGRo\/IadU5q3tpHQLFWpdkHZ9FwndqSUrS1W8KKMO\/Y8VATyOpS4PEVwTvTNX4MptJ5NujWqz1tWdiz33An49EYTOXVJvPTodQHJ6ScBKXD30TZbFd4JFzqTcxJu3nOEA6eQblNYy03SZE\/gq\/uktoCqfQIdHNw9SpoHHvaxzhTg4ZR09H6m1QeCHM3dx7ZS5pYsDTexlRcFXpzoNicNl8Q\/2OtYWMZ4zF6\/CjcDuQvPr2BUhrvbmwgeP6jRdw+XwQt+56ZJnLJ7rqhWgtjWk0w4rXPG9gc7C9mf1jPCpHdhiaiIHYCW1Wd3j1GtKfhCdyiCFOIWtzH0tcNMR8zIv9wbPxww9aLwCYz5XkiX9tknrGgSCPyQiiND9wb6jafpQD1hvkRwJxkCJOZU8vAuWEsMD6iwR4yDvCNedmLBMJI9iw\/9hqHHhyJIDnBp6H8oKWPSKifJafbNfTF1Fz7AvqO\/tFzsGlI2GW4QCJCL+P0gz9lGiqCDzlVP7LUu3jgRkwKna8"} -01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com","domainame":"r1---sn-hju7enel.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com"}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com","domainame":"r1---sn-hju7enel.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hju6.googlevideo.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com"}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432440134791,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432440134791,"pkt":"AAAAAAAAAAEA737VCABFAAViBAZAAH4RSf6okEAFI8KdL+8ZAbsFTr\/Xzf8AAB0IcdVU301Wze0AAEU0qL3NNLtf2+b\/2Q4JDmzOHuurx9ulrjBLe9GvWGRZXR74WuLmvtIcsJsXXu\/onEdRmT3qTKLOfB7QlcM+PdfoCZmAYmwmyLMzO1HiyG7sIAFes4PP7T6NAXfX4dDWOMvuIoqSmNkVfgauiC5HOyWMHbTwhfwIk9FH1THd9hg6M7nbFuqZXTlC9q\/HwWaVt0bqSTrO3Bj08fiQQfXQGebdpALH6GbV3Jk1dtdbibh6Q37TxrzVgVH5kTFgrwemEnm6q0JQ4Dhq3cX19c8TR3nc50xv+02sA747DQ\/Og4Dz3zoy3+9lfKFqG4wBWdi7z9Rtbn6YwB0LntW5ts12RB+1xYF3UXtpz2seNJelWMZlW1Yh2Fg7mxZYCV0mhQ+xkW1jz6uQcCXMvY5VUbBhvI7zPyZXMY225B2xtuayBXFLLNWzpbQeAEm4XEG4jck8JjKcdxDGQ+tGA6NImdCpMo5KmFlcOnxo4uqBnZ9OZkKuYmAiB3GuA2sRbfaBNzP8vQwIFvmHb\/Rj2f71WSeQKgdmQsaAhoH\/i\/3l5iENNXW6JY9oLoSzWpFhhMlhMjBZ3S1j79TiuS1cWWOOgbGTSXawjyS+IJUIEba2UWRmGIBGjXz7YQQM8xrQS3DbYPJpoisNf04U9mZ54mIM7d+qCQg6VvUNSPRVsV2ux9+PC4W+DFbNy7ALH9ybKA9vKWlQUpcbaW+jQsoJM\/SQ5b4QpyLutRi\/+03sArWhuCnGvdy7QAw+lqj4m6TazHFMsw8w9T2dXVSYXvMNZZ+lLEZlQPpZjmx9uVHste\/wK0vx2c2TjY1hHMzZ4AGwz0ms2kd6XzNS\/wvUOYDcKfIokyYtfAUWmCQI168\/+BuG8b18LWykPNLhWdChPdxlY1M+5SYzdwPjjveFCHw1L31UvQ6QTs8T38YN3DeGrsHTEy1s0ONT1u8feiEDnAPamO5WxHIjVwTMaqbM76RuQbnmjfhNHd0QoBM2fFReITNAsjH5kJa7i1TauIG0LaQZDpRVw3ICDfio58fJIl35v5PBMp8xp6YEUh6d3p9ScDuUo02IpwHd1HAlLwRGLR3NEtr5XuCivraDkSulNk3LUOQdi4J3hNX6NixF3PLCKpvKYYBlI5Sbhl1LhL8Zjl9RJmBTxo3afoYRddxBMufMU3TDfOy2JAEIIvU6KLGYmcpbsBtJwsXg0+562385q64u2sTt2RWiXKEd9XAbOSkl8zz\/mhucCFcCxP\/aDXgf0nhuQpFELBEZxhmx10a3fl8WGlup7xBSgxvAoyjKgZwDinUQRGlQ4Y2+tHaNOUbjWKe1wgznCkTVbj4wkKMm7RKCqDexOds6oHYJPSEl2ioqJqXv85s9\/qmLyp\/s1AI8M7Mm8FUs7EDf5f1L5asrjpQuWtQiUN0J6w4SwozYuqkLkch\/ICUylDPff4K1jxbiN1VWrycEsZdK5WpULn5nsb9oIRivBTIrKfF2Vfspz\/ToLSA8OMT+vsu\/+HK6nVkqTjzbRqT+pMnx2Bg8V55cqGRM016Z6gjflmJ1aHj+\/7PWGoGPR1OQLMY\/Bbvy6c2Rry2q\/F6g8U6A11H66ntA51Q1W18sSC19Oo78tRgloQAn3NhfHhRfesZlY7E7I6PWaLKJ9bgiKoE4IEvCn6psctBWJXQo2AFp11lONrIQS2Q5YaGNNVXxi5Dw01RN1HiS0lRdioVe9QcDCTMQZDSAB5lZNujG+Ir7VUx07m5euHIfgcaR55adpIzCIXUpqTuVCHNV24cdDCtFs\/WXmPsU"} -01446{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432440134791,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432440134791,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432489421015,"pkt":"AAAAAAAAAAEASF70CABFAAVi8YJAAH4RfUeokEAFYy08\/sVsAbsFTr7Cyf8AAB0IKamQAwU5OroANwARJweyyh8ASQgxaSFNO9MfXImTMnwyXomKh\/ZNPfedDyh5KvfO1MGG51HqkCogC6AtPwJhXTpE\/UKpou6VqZCesbSiBTNDA1JFBQs9B6lpbtkYSC+McmmSMojjEgtxhDYt8\/9dtYYlDOPFZ\/dpG+QdFbgpLb4LL6Kabs8KYDLn+VqI2E8m8ueQOkn1lBiQoAvc0rNjKOazmVq5mZXSMd1VKlKpsbLOchPYIZxqylhHTDiE7M3pNLaBVo\/olK9W8Zr8w5fFNyksOM0htXk+QusGKuzXzx2XRWu+\/Nk8r7wn26b5E2vnI6CqmRqlOx9Hbk9Oav798TUdoZ0ik2Pol9Xb+eCHQNw+XlJCy\/TQAtSNksS7kjeCCjcbIt41ZBla1c58qm1+q0++oj5c2fe6RrhPybaYLt8YUpSsMhpGJI\/Ql2\/NmxHBJxo5URbPjWXLfEGzOcpmsNmVJ2O9aDrYcnv7WnX5CqvzA823haQIF1GHG7\/MkUogQZRdTEAvJm6fBF5zdqrS2BtCxd2wUWnXyoJY3aKCgXRQrdDpBCgpGApMxKuJB5qoWXrZh8eHqiyYIyjBNfvtQacRj6kQMCYITp5tTIecrcXoKPocWiez2LDcj\/S\/19jMLvrNbAcBhQ6KfoiiIJJOb3DnfTdQP6\/4DMSpIjO+s3jvnlF0btkDi2\/ISfy4kfHVix828TssUSRGKO7KC0GwgS6FJsjlz0BU+vv1QZznASY0gmrqU3L3V5EQeJ0JuFK8HKRd4Fj+EOeYQx60REWybndyHIisn1HhzWoZcpBZwH8Nx3rK3uqBbQKlKJmY1TKEse7UpeUToZQDC4fP0SVbtXlKRmkq+uL6gS0GXdLk+VwSXcDDT+JTBTAhOp\/PT0efB56Sw+xnoUoFO+26Osuir43c64mxBrmnuAVQrEG026YUbEpAkKETMHo85xB4Z7xRvocdlOwY06zlP9\/rFbbBE+M+FpELJaF1wOHE282\/6ko8\/0bJJFV2afTCYTIRatNwPLUVY54dJGaDmplh02DhsFSye4H1RytUERPkjLbau4RtBnyf8NekTGeSkfPd29dQ+7m1VARylC5UF8rsK9PxqZ1IjkctsYgU+YvVSm5sX2FqZmQnWn7sx+TmogpnRijHnt3gAx8MpZ1\/6vPZ0mXemrF1srit9ZhT9S1OtARcQG2mrpiCj3+wcDBjy8OxZdjDuPm+7HYnGMUpqQkUp5WDI0HR2Th8J5PiquceXUIN4UYAUOeV6+xy586aR9Bisr9aBs9XUgGeWalZKu0RJLjU\/r6J6yoYwl+tg\/Zh3vVSM24611GhQaadM3op866bGdU4YLBybgRc3Gl0QGq2gCLhejcidoxs5tD3NjeK89xtwPQd7irCBamj04rGwldvYQzxbOjeA5oAoJSaadBElduSTxGYH3oVrfOgrS2xGZtBSStJG7d09ikIYBkxSUYLU27iwQJherSUvhZ85af0XhrTHEYu6GB2FjNOq+mksDa8mM8rpcJgx+hehI17xz+xkqLWilCXGjnoMZWTF4Tx8xav902wfX8qjTHhu5vIsQ\/UV+gR7AYOV0tnC8Ul0PnHl3PUWikjISrIX+vX8LECvnHa+4b7xSouGskcMlecPWND4hCVtRZvNm9FxXgWi2wjpcIcPfODR+Arhmv3RE8GE8lOzxw8rv2AGdqFNX5JwaFFXigZ3vX4WrSH2bNvsDcj\/5We1g3jrVPhkwMz5PcaJQDojUW2GfWTFK1W+lQcDVZR4jO2eOnoR1WqEqE7OlWlEJxz"} -01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com"}} -00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":177,"global_ts_usec":1621432545371354} +00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":177,"global_ts_usec":1621432545371354} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432545371354,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01043{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} 01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01065{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432561767007,"pkt":"AAAAAAAAAAEA737VCABFAAViWJxAAH4RaSaokEAFqVGj4dlVAbsFTh0rwv8AAB0IWitP07hFwPIAAEU0OQ8EdQTKeE\/y3KmcSMkX+qEOqn52RlGrldbICsY\/S34wZNRn+08waAiGjsEVTtahcIPi35YuHK8wq0g59jo9OBg4akM\/IBMGR7R84CJBN461mppY8jQVuZTPgmTRdB2IYpULPqPfoX1v+i9gHbqu5NK3OwzMLconK6EyplQxCPNt5Hf30K95kk3qNJtwkSisClc72nLsoaYauap5qms4Uf\/J91\/kVmZMeIlYa1jjcfZ3z0VI9gHepy0CkQxYfepscIvVGFIBRny+Rr6Mo5Wdi6EIb\/T5QSBed45QkLsJA9gUQEq7M7LKJgg+IKLvJoW43JTt7tWUALAA7xqNg8ZMlYbspeUjoDBFwmTYyCGMZ5bdPdJsCKJjP1zB6Ihkj9HzcCVcVpCt5y5VRUWbI3s+SuMDcnwmhOo2Cnlr0DZfIFBqUld4Y4RY5VqVdeJo7oFXW7AwYc+nzTUTjYB7sFAHoCxtg3W+GcMFoxOtPlRytxdZ5wbadwjKEwqJuIJpIaPT9Hl5ErVl3zaNl7AbKrrPwnZr1V\/c2RNnNxvqBfO2+OD+glALVErSZ8Wgf5WaLzvHB8WMIbmug\/NFM\/SLKtJ\/BaWEqzeoVef0rMzIe7N3WaGlp54AM2gUWArP3379QDPnly3sySsTiCLjmgz\/a\/YAV8iH0MWGhxoXL8uO+18tMZKic96P3qCeZ8y7LR8W+ULC4hM7PW26ZmpzKFTv+x+dXax\/FbNTBDPTQMmIlCH9iOw143\/ImSuF0s3s4JVp4Qr6CGbUM7wVRHYWtzpVhyLQMg81Qv2OEiCnOjzFFBbzp\/0bJKOqHRD4Q\/MvBarEfeFcKiSbAbTSNM8PQgQqkr0ZRwugcr2Ffp+Gn+l7xOOzT42OiObWh\/q5Vz8yxCjvr\/A3rCWwstbOOV346nm7SzYmCeDdLhhv6lnhMiAKqzz9Y+7ejwsae5M2M3swKabBXR4s56U0TQF+O7sfltB20eE597p4k5i6pwoHpILiBDttMLzjO7dc91E1IYlMz1tAgL+S9RvKr72GqDN6ZnJlEhDdKvlV5HT1Hkn9kqkuTTOQ0XHul3D3GFcWCqjADIqlVTcjrCO73smKB0a4uTZQbOIpVVIdV6+6r6fVzLgJO5GsuxJaHTgytCf3she4LLg13wNSfnN1MfvyZUdUQE3f3vPJyjzsirq8bCev5LQkUR9nijtvOuY+AYdDoq9V3BpiAPC\/5krfJFIpYwodSbeepb3MzG81QlFd2eB1ghaJpx0Lkod5SIZJSovz09xRaU2rOvyKR8WRRif52MUKIukeKGfbFHZtrKxCIiJ0BDLx\/i+Ol15n6ZZ7Ufce2YGrldvNoQcB39pF13M2xxh0ga17XgFyOLwQChgB\/CIi0XzrAp5k8ZwTJaYDryhvEy+QLvWWBRLc0grxIicpNZZajbTUE+i952VB6IrVqmtuYgLUVGpF7YVtpu59m6nPy+7bYq81ByFXlwxoThbET2t5Xwh4tKj2kEGlA4a\/A2nbUyPihPkju\/hgap4rdGkxuysnOZqlWiIRDL9NAexX29gx1xqsSqsDeI+D4cJhsXJ2P5ihR\/sHA3rpBQJRT+rRYmYWzUeoZmXY\/d+n2pZTXUwAQIcY2gZ61ZU3fymYydiwOlVXMdRNyaSlDGExGzYNiSdgFAynC4TF209BUTK\/I6hsurJHhtkEW4PNMZmrFy1b37DXFZ2+N3Li+vjPgOwB0NUwzN9CtFWQGGZdoOh+DGOlpM73XGxkM8fpT6xsMV7tcylekSF9KrwkYBnC"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com","domainame":"r3---sn-hju7enel.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com","domainame":"r3---sn-hju7enel.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432687153037,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xVAAH4RF\/KokEAFcfqJ88+HAbsFTkZ0zv8AAB0IUFF8ZbsplgcANwA8pfqGZZe+H8YbVevtEq0uW3yOyXta0h88u9QuYUdq8LE0sDqOmyGjxvU7MaDIbVqplgETW\/NE\/cvaMSDgL9CHXru0efaH26aRrBGKK\/el8kZH3UaZy\/b9fmgdZ9mmXS5myo5Uucklk32jY0nKiPx7OwGdOw\/13D\/yhjhsJPO9lxfnt\/xrx5w2VANECESU2NEWkJRxhIc\/dJshO3z01DVcn1fIfmiyloSgZUd+\/HKai9If5RANhfzeQXioPpPbOoecz6if3Z3FtQKFLotx+aOWuKKAGGc0cyrUXi77xeLDAxjE6tOM9yaGQcFFgEY\/SOBwtvWDdb9NoQWO7p11EUZ+wl\/rZ5GXlvPXsY8mh6Clgitpg7R24nHSXQN0B06887mB4HnoNDeAmXGTVqNUO5Hwpt4Nv5fOd\/uAYlaCVVGeZWnQSUt3FSt6UlJWCYhZFk40gfKSsTtWeOQIhnNtUP5+zwa3UUHni3XmISHlQzbBz\/bS0jB08K8r4MbQ1k++PfwYjBxXo33Ojv377xL3kEWdt7dqkANX+xOLqZ4hYjJtVeJE6KaWK5kxNrvgI4+Wbq72iTCPnuWu4Yc+04d7b\/zeICLVlQ4UJomN5dkhXIvTFKQ7NG0K7rxpiRWOcSPWgsWX4wFJhAUCcqoK9wfw0ZMIl8zrsdDk5l5X+x8MTT+SQICOrIXn0ZSpTbD3Xt68fdgFWkqOjWnFQHPy3Iy3RczgAeN7wIYFfuCnnC6ME+5Pu63Pk2iPfP7TzEvCq+iYnwhXaGT1sDWUzQDz9Ea\/yyYCqRPN\/gqIRL+pXgs9ex+9iKQaMTnc0vlqASRWWCZPNc2rf\/Q9eHHk4W3NPoX3ez56VofMyV9x8Kx7xSgFDFLRY80kBMgLWMJDfi6woBPhXKsM4wd2mLvh7\/wW+nGUcZMc5X3DVUUiDmGzvF7qBR8QzheMOnqAvFyKMGSpJJ5Ps0oPIRQEBEONuBTdMtasa9lBz6DGcqXqeY1rs9cdoTZaeh1CgiDqdZdsgdaBb3PTBxELCiZg3Mjn2Ot0f4S6rODt1khthCXa+j8H7di6Uu0LktCHPUKJullar39r7GXB33cmiLI1UYXrrTv25S4DhWZdTftmpBXDFOwlNLMeatZGrEKK7zLzeIx5rioedbNSfdLfUi9tYWh0gPPFQENtKlJVn1Gyol7zm\/QqNOvgomZt6RUw\/PI2OFl+9zsCQmj6uTnByKe6c\/tZrUT6N2R5lvUzAGZIClGGsFR4e4cmvkmiIdEOo+lEW9ZEBcUKvujsGgkc9cAkZMsNkFQc\/PgQpvfYqWlnRu5wnZk6Sv5jPr2LTnEt\/ndr7UGSNAG3nto3fdM2CWZImFEJlzxZcJ6Pjr\/DX1+sbuL0VJWf56xETi07cgoGnD9splJhqvifjBi5hE6IKs1smgIDugqMeU+hKZgmx0tlIBEDohI\/weDtB6ZoTNVzeCrtE9Ne5sHna3EbB6mrF1wOyF+v7JqhFt1AklERk8cvtUnrNY9KDllJiAIoy8SJ+lKPlC22sDEHqftvcIo8mS2cppG0wllO2Q1TclT9pjsn1nIhooutFD14OqIrVo62MaGWaUpxzW8sZy1SVksc06sGqCdoo8s5qQi7Gz1K7yZhZo6W82as73l\/bfhqszTmMajohCA0Y9MFT\/+c5ticaJcK8VZzHx\/4ndP6BdrrmvIMXm4MvPY0XbZvr4Jyhd\/FOn6vdTJUGitV6mUWBc8Qn4h5NGpTVY3jRUrKJ\/3UHMEn9NXaFjwDa+i\/lDWeXt3KF5YT"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com"}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com"}} 01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com"}} @@ -194,32 +194,32 @@ 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432793457804,"pkt":"AAAAAAAAAAEAgb5NCABFAAVi1J5AAH4RSeiokEAFmIBX7sOZAbsFTp9JxP8AAB0I7Hz6xe0rqSIANwDXZeiBOis1quzsT\/obGG0x+3XLqfDbWYiwJuWBqOtEfIn\/ZPOFbr4OpvKQaBk8YcaDhmjs8G9E\/bYLKxuZyad2DEvamcZFVtntEFziXhXn3+pQrDq\/AMQ6LmeqWyyt9eA3XDKtJ4xY1Bc6e9UD8t6D7Sgm5IQhV9SFnw3BxVaQkrl6hR\/dDVS5UMps0rHJiqJfxJX9XuDk7Hfp1cVZA24xlVPWJVRY2UAeIc2Zve2M7H6lmFiRWRA5qAccgPetxVIxOWgKJZ9rY8EXMEmXdS70H4KMbgsfK9Uk6fu\/osiRJWk7Bzz5wQrxWL6dXRJrXxAa2jPXQHVxa7bP8D1pdmGboyWwgZYxklQYJNVQxDA\/GDYY6fvGJ263gPtNp9NnfpJaf3BoWuUPhFP8HvGyQZuIQF1wb9fZXWZ3QHFoIdW68Pqhjnp6kLZ063TmjYYZ4slUYelhsLCLrNb\/dwHKwXnK6PjPM5zy5oxTVIu9HQIZmJtKxSSYJD+ceykV8\/K7hgP3LMhoq\/OjNgE2xqsoCuttGgVjAKWqToZ2SAfQBRXiQmcgW52dCG7Z5HhuDaq\/hB4oOHiiK4\/S0BBNT5M+Pb8ByPul+j0MGVAtYn6fTilvMPrguU47PCHZjjk0z9Wnk26G01zXhhAY0ar4RNDDEzDjmKfqXKVxSDUlPPUIWjq1afjceK2zb3JDwK58fh96mr6zd+glDvfAbQkGN5MH6eMa\/9wzaGAa3ufoLka8Lxli3yUdMj\/VZs9FXs\/jqxxOPuE\/dCtF2asx1eqF6Dv896U\/rfqEfRamU8Y4w+RgEO1CTD7sshtD1igsz3xv7fwlgvoMBlSMrIYm2kXO5Mm4rUbFhOvxSUXvhCAz80phe1BldOJ\/juAj8qGCoV+gQOWqnuDFHTVXEB73DtcArIBGJd9D++3m82t+emgLBdig+H7CGHczwalju210OQ3B+NgGpSSFA2TExawDMw2BskyWcMWOAJB+1YPrBoF06DgneuWy+G1EzSXWEKGoBP9Hvvi3iiO3IcHdBaysDd3G163RjNVGtjxLv3H2wGiF8W8BtUy8x\/4x0t8GKV8DeHoRZAPR1VW9jsM9BHk3UFKs6e+5DG41zNnmrJMvsQCLdE7Mc8w4ELvM4HhyshxInLs7aAqATi\/cJpkJVFPEVzRSH2iJPYmG8HdHW+MR+R4aifCxPvUJqcMbXFiSZcU+MJ70p7YnFW\/gfvm4Ux4DbVMAkNpUImzqnQsubAKj0w\/8ulR5Wetc3zilx2pLq7DZxLdXVFjLXuRQmY2yCeGisGB5PUkdsGOp1IyO0idKFB6vegqD53wg8CaYEO5x0Hmz4Pk70XwPcVkukm1ulZSYY\/nmgbz541r2QMShd26Vqrvyg\/J8rOTVuiAbPswYJnJk0xDz7XloJ2aoIPRONK5nlUihp2bOw9Nuxf36SB6k0LSj\/s4mNxG1QNaEf5XxQTpLl1PynNmmtwiukSv5w+u6Dh3MmLJERlHtMy3fg6A3dZn2rVplpcATmPl3e6JcqSXfEQHaMUL9vqZgy\/h073US6J03VMt+\/bO+qzfltNYykBXZikfo2Jeay4vIVade7edcMHLP0kMMz8YzuMkFj5mSEOozDdFrwgdubKvf0WUvGC9sG0GJQuA6K0zS0AdH6\/IDWTjjKCqm0CNfUV3pEg1fuSIaLXiC27HEebsSGbBEc86cnhXJ6xcni7lN18XwT\/wRTUuZ4kfbyFf\/WQSlRJNS7ifRduPwfHvUgAkTi6eqDziLvnVkJ6BbPbv+fYGh"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com","domainame":"r3---sn-vh5ouxa-hjud.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com","domainame":"r3---sn-vh5ouxa-hjud.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432876694398,"pkt":"AAAAAAAAAAcAraZQCABFAAViGmJAAEARTcLAqP4L++wSxuaoAbsFTqV5w\/8AAB0IbOm6o+b7s18AAEU0LLQC1yXAWiYnG0IzhK2VYtXys8mZ62JD8wkhsWvqnkzFbhvt3QJvfuPuR1sirwI+KShnUrbM1afN6aEucT9hrS0klXGQkP\/sjbWxbRSVpPd+f9X5MHJS9Hz6kemhKetvXTyJqGbN1G75GC+zwvky4Qoa+1\/EIdMd\/MIuXCU84yBXwj+twRLahCznv3yroalrF474u7NubFW0jMWcRH5J+A15Xme108pRGv37O29qvyKdzOm1\/NNznL9yP2RLUgbmtwygArdZz610E2wne9tt8WxltfSjaavCs3J3wGNB7kwvqcFpV4kuTtBj8cRhDJ8UsAFET3J5wrdiOHvAkcai8b4dgSQNPHDp3xVf8Xxr5a3lZo4oeM2pSFKI4zOy\/gL3IOWrKEH5BRE0tivVe3HggMJPpzZub39IlYLUFGhw1FqGAvGU\/L7xouN\/GGzHYbjg9KBXpegMLxXi3ppGr4R3ZbEegXJV66wPYugPfdTLxj3R2ZAxcu5MSpStr5MG9ltk8lzwLtmx5YcbJbKyEMRaCF1iW\/dcIpEdw9mhALjKcmSqJOsabUpsYKoKUTDLiRb0OEMir5UbZUiQVy4\/7Sfjg8ICBXUxYfj0TnKlaJ+wlyizyGCVB0WjDtYmQo50PxvLRALC1oTClrCfpu+K5RTPrOVf3+YHiGNjoiEYVT3Ysn6ef85QtfRP8nysquU2HQ88cdBu1x51\/5RyV\/+DRSGX7VUOAssxQ1MRma0bjRn3Dmy0rmBgLMBljm\/VFeCUpmDEQk1q52vMrgRR1lJE4AiR7egIJ\/6ghIxt2OWtcRN3jJsaTUSy\/zR3IMutW13i9Gw+AVIamx3Vj3f2LmCwuEcU4XeICojezZ7vi0NbDJmYGkjSwtTh7b4ESpxisA62XYIfsFsU6JrkPXTQT01HZP1jD5W\/7lmQ0Uzgb\/2mciiqV+PLt4y8IbSi9MMFIn7Fr1j3biSlXPu\/RKPCVeZazwP4GHO\/RBVQpMem9Q8N3P8d2DHSrWjG21BATI\/t4zX6uTupPdTce\/pRl3wh6arawXv4rYaa734DQGVOXKuJAL3VUiEX4k2WKQ6rMy\/2mgtg8f52j\/tm9h2LXlahvO4wQoJ2w0aBRN8mS\/cj\/Ra3JQN+4\/oZNfyurOlap8hdr9uhFzS6jiSKCSEudsefNrvctv9D2s60pV3\/7RkKVVy2YmGu\/fMPAer+QSxevYYR\/AKkpcNjdJbkDD7YmHSguK9rnJzqbP\/etQrDxN0GrlpCWIXAdhL7Wfi2tYHcbnj8KVMmATRN+0400Z6WxauakXJuNv0JQTaVaubj\/PKuuq5K2vb0tCYbHDPd+MadAPo+JJ8pU1ZDa4KyOjlkd5AJbK5Q0frPvukJDpBDNImKfhDpKSebp8mS0bQbYQY0FjVILDcWSeoYGnRDjH4XJcz4fxZCkv0YvY6T1xDnsZGbGC4zJU59YxE5WYODQH3mhJYDZb\/R1Z23tx++rEKCl2Q7KLWqJ5ApuDmaONgp5W6ybOYwz0urwNxYZ8lWWON9dZHSxM5jOoeTSovDCyex8ryrdpEr1yHyEEgBjx97a\/VbuMDI9wE+07AAsKn1v0pSUT2Y4vUwGIFdflJgbjasGl8KWyMuibJCGP7tF5SXVICBAc\/QHntpbpYtsuJHF0\/RWuZ5yeLaxKHv5t92AvGJsO1Kn9KikspdEaOGD07Y\/IrmImcu4IELab4LYJw6sE0eqBRwufR9cgXtZLQQbDqd2TajaJSlfs8qSumGCJZU9e7j4K131s1OqQIPtVUm"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432905483700,"pkt":"AAAAAAAAAAUAtOBOCABFAAViNntAAEARSxrAqP4LXWSX3ZW7AbsFTtZExP8AAB0IShhVJvVFj04AAEU0bXBdseJ245uG4fwHC8m+6tqS\/v6gWT6TRuENAP9tPhydGDsgF7KG9PiuBNd6U4OZoDZDYxdNvgEXRnGpqok1G3cCYyBnmB+42zbaUcW6U0WH8uxsOi5\/mEnkpv0Euyn4vltnRK3e5h6tt2GHGaZNsy6oaivFwmgBfGYXqlFzvmiPzvJp0LRexpgDjU1i\/7Vx3NLfmf7PCWakVkQTn3Mv0hIdyp8NbWby75nFm5vd9qbf7rSRebZCqrG\/gNT3SMKZ9PYXe6zl6Or9B3VtV0CUQVHLUT2ZljaOp+wo2wp+zymYt6qEwhJmfIj1MPdkgXuV3gJi0KHCUAcVSQRFxSkySlYbKd6ChL8GI5FOjZ8QvdYKnwQM7\/z8AgfduUObnEfl6hZZ2npNR6FcP0WFzqQBRqRGO9wwKzFt\/XTgmkAPd3\/wF\/a5iP3PPQDPTiggyH1xpv0ciMP9WN7wbydFhtrLUcfgELiYllzto5jkyT0K6\/M5XWw3Kv1G4BMmIruFxnBZKQUoqA9d1oSjSc9wdZfqCt34KDErlg5RxTvxzlCxbSR1YL1ln0Lc5ooN49Vt0Q6U67rR+tWR3ESuIWUzLCixA\/08yk6CIflG592BY6gPW8Cbm\/dEQnktmUnnaHerrmQJ+oSjAV3xiVvlBT9XkcfS4WGAQSxeXxfXway\/cpuKTExCubwigm9g36DqjHLDwHWdQ6CDBwzPwE7JMioE0h5qzz7kgFtRTn3Dx0fN21mdCirtg9qB4hRCIkLgp9PkotTkEDbsPz4aPrVoVedFUeJh0cg3JwF0sNVAEJ\/svLXWTrK8yCxq3qPCAIv+qhZfntTMCSTOlv+m4\/SG6pP4\/xXexllpq4vN11z\/230fqh41BREXT6ToSYKiLPgIta9MKijhMUrhqLp\/H+6H5q5lyTMHqWsEsQNb9gmgb5bTrnpRQ66GI3I\/Eu6QRe6JQXxj0tdcpH1LILG1JY5awETdC9Gy\/ssWffqANToHPZNHsKgLSZ1Nr4vYsqiHrBBykgGu6do9vSxz86\/Q7Nfe09TEYnNYd\/kOxWDgAjPgINa9ldEyBy\/c1LwwfuQYBqjVd6qzuIvK08UzshDfAry1FSjTNf4Xhzv+C+kRHXoa7jBGnB6icP7W4jD\/KUJLbHASUFpcjtDotzShDZHUYL2umLhCdB5TlPKE75C7x9wNG7TVI9tJsWFBgyfIZUHuK2V6Iv1Xy+i0DPqZ33eKf2\/0cktp3L9oQQztf0yom9iQlAFOrjb0BYxuxSQsDAuCBTfuHuiEnBMg+uie7JClpFd8oxRzgLF2UmGs+bcAjRKlbO8KUqBVWyus6KeC+GY7NYnQOkEB79W\/LSs6F\/y3yumt9XaOjhKZsA1BY2GPva6DJ9bGm5lZVeWW5MqGFMwmbmEdGj7B2lfP6DGaxySHgfivVSWM5AP9dRouhItZWUMTYuA42yBFxC7yYUU5K2dZxoCQBpBD8hiq\/kMUMEM3CXwPlOYnLiDJ4+OLlI1CXf6o16idWwlO57uhDJqlkgqP5iNglZKDiDaLUKSczncTiHuKNaqGxKe+jsT2MHO9nT+g41OMRLOnPZdlHoF\/GerD0RU3bVnuaPA\/7hWpOovJjEYu0nZDxzelWy4hmTrQXIfWloeao6NvLIo0\/Yq0zpGecbJvwB4o4kud6kzKSyDmvDz4lmDhp7J+b+a+a4OXVg9LI3gcKi3B+a6ggFfUWsH3jytuH49v9jql4XnS3YfR4DGtKs1U+A54fAEg+9sHrLj7+fD3uJet9knr5KO1"} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"litepages.googlezip.net","domainame":"litepages.googlezip.net","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"litepages.googlezip.net","domainame":"litepages.googlezip.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905490594,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432905490594,"pkt":"AAAAAAAAAAUAlUIhCABFAAViNn5AAEAROxbAqP4LqsRafrJUAbsFTm9IwP8AAB0IsTWhMbhJUaMAAEU0Gz3E4x\/7PJCbI+CzxViIeUiiyxN5gIybKCWDCC8MybuqrNIvL9Pc+KUdkIcv1Parf76zB\/TXo6yFx03Ggg9vnqr6bkGGsAil7g9byvv9gAZjNQMGSu2b\/WIj+O2UGwYR9Ze56oGlPtQ3fK8ScJ+YBFKT+cpojJQmaymD6Gl7O0M2IsyhuN\/z5MNvVeoQtlTGtwJwJF4t3CB3+LaplqunC8tjUfp86B9GZjRjxLI+vZiWX5JnbOLJMNt1qMf64QnBwt3u85Pa9y3sMgX4lS49\/gtIXTs4bG2nNuP5iZc9DQwpayCdOqbJxVUpt1Fl9lqfqkGDabD\/h21kbArS1JNUPCYt82JW2kdPr89gKelvwKxs4MSTRQcLucGHeSqa+vxitAXlW11buSsT2YEY4TaaN7WLCC6Y5OgIewLiKrBgAIDD1JgOLmJe0jh8CtrwC4u83uCHm2ZVbMl2zcjPFlgSm1Ay5QghKEobHUp9BoKLbGW0OMfnx\/vMYa29tA+ukDFJJVEkBFUnmO5PVGVBLdD\/qq5Vm3qeCHn7bH0JKdEAvXgh7drH4CTmvjpTCgzXInM88QbOwK\/8hBF9B0y\/tT2huASOzdsreHMYES8k0ynoTtTU\/Go7e+As+IjpMhtw+r\/xyPdBQWw34uc2UrITsPWB94yJD0ktCz9KUH5fj5j\/MTcB3+EW1+ja2Sj2nYyRiHaQ+PsYbGaz6wXCZf\/tEQta61UXPhInHqIOpnQp\/diA\/YXmtWKl13Ka\/nxH0\/283amVXk8g\/p5xQZLdYYbM1SRNChx+BZ5020iyk2PcohpEjNvyiSDmDjrsIgS+Zr+qK1KW+WNd8m7ZfukNh06oyt6uTkWtGfWfvcwkR3CbVTV9K1zZ3JVpadtBKHoVfeSxzUNB8QO3HY1xoBwUiGOqQMyedNultJ9KH4IhP5o5Kj0DYGUHyTaflltEhcSWiITyfwyOZfUVxdCe3WBfMRyjKG3hw9Ag1m0IdO+3+4Sai4t9HAV2dkZrH0YBb8TzQtijMzuOc\/UkBsPoIHkBGzeAvR\/LY9Vvx0FYUh5X9ZD3MIwp92rfZV5hsqNc3rsZmWPZbpmeAfYzTL3829e2Wo5suo7aDIt+YYCq602XYEuGWM+tC+iqjQVOxADDkiMVvc8A2HYsO3wOW+49aVFLGStxeuhQV5lyMKSoVc3s2H3N+yL2RhtSvdV+b0mpGnnhW\/vc7mC9x1sZNQDq1FvyWi6OgOdM6ikZBFhVxT+99VaccO1YRMkituNtiRsVhm75XQZqQj3SqqL7zi4YYwKWE27YtUcI5DX96iUTbNaIXKbJoRkVWEHi7xVpW0qoKbMqyaTsMaxe9oY9tVhw325iZUqJTscJGuYlireqNEe49UiKHrFD3pBUHCyEpSwijnx0RbAj6rwweNbjXSMbaikwVIiNvMIL5VCmZOW\/ZtxLPMa2yys2nECf\/Vuy3Ou\/9DnpSXaPhTvBFgWf28msqEADWXnHOxczzQxoYSRHSEzLrR2jTHxifPCTR9hSWy+JWnFXHJLcH7QJbBCrIdXrcgRQBgdnrkM4BVlslDUk6ZPisArQe+Rj5RV5jX3HYw7JzZSegmwQhkALBsMs6Mymiz0gK4lwsh2Az\/uP7GO8UcOQkp9ZEs6GaH9yS+2hlRtG0Haykp8Fzi0\/SkuRseswdA0H14gPSc\/5WFCyoI7Y18l0y18eYy1sFdl5G9h5zsIxr1Gxqhupt8DBAd46yPzEuBUgOukFiKNOskklsdcO5v54a8qPY1mJBX8XQWL5"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905490594,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905490594,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432907578635,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432907578635,"pkt":"AAAAAAAAAAUAUmvlCABFAAViOItAAEARD\/\/AqP4LYvvLUamjAbsFTviww\/8AAB0IdEz2yPqFNEUAAEU01lkubHvVAeXsQ5sXGwZERrAsLetkvRSa9r94YrnlT\/RFyWgWZjc\/+m3X4BabWgtMfG2MrRlDeu83ayw7f1Rv29gQ1Fwf3qL9\/y5QL3cILj9wzX79jhfIBW7rk2S021YCCn4cPYvBdSyZo8hiLdDRqY342daZqWhur\/YwUIhfZdJAQA0xgKFAGLgZkHQQNo8iY7pDwNfTWCrPxPcVH\/XyhdL7AM63JNrgEEzMf\/9jsRjfxGAePPUm1\/8wwIq77\/+PVwZ2j3YBRiYZ0seAv7CvRMkkYVrxpAOSkaAOCWqoN0s5yzHmFyDcbv+feS4uFL5UXCfavdd82ZgTmlsjFiR+hG9t7chDZL56DXhZ5TLxZf3UYmIHnX6JZkUrLIVJZ6\/OVCfo3DHRQ4PJOh\/CzeVr8LoegDT5B8ULST3gZnAqDfI276pUF8whh8aVckRyaBeY2ZCBjMcnwLeLg7OKLQvK5wC5BJkNIi5J8oyjbOTedU60kHu3fE+53ZlWBZRS7HAIJQGXa4GEDkaQ5k4XnO\/xxxjpThDLvE8dUHcTQ9ovWlb8\/JSF0up6I6NgBtYGIn5XhNqx0EdEUtgLAzzPtcFSMuYYjicAs9S+W8GgyoFH7nZiOgJcvL3AdZ\/GXk38PSB357IxdJooYxNvjvQ+gKfGJQ5jvUMuu0oyiEO2+gYr9SeGcmLMhDdauhnvk0udsh4awocJv+zrEMXX8l2xSzHndbPtEGFu0slTz0a9mozr6y79gh8In5Bn2s23hBM4ZGcGhqvwp1y4\/CIp1v8EZ3CF\/c\/nf\/AnBeGNBGm\/vfaxi2\/dM2Rilztfd9EUjx6Uz0Q4WrIB5aEwh0AOzRhbK3NHQKo0V2nfc5lpb0UDc9+BrNHOqAdA4BUxqc32WdBMwB8nu8So3Ug4rrM\/JVLFz6\/kRNXUJZRpvlvWmmPwbhgJJtJv\/M89mXfU1kK+Y5ZzDEOWJFwuGE5EwyEXLqfAhuVfYr\/IGf\/dVORQAeJN2Jps3sJhqhEj1IkKjkFBWkkAkONz+gchb05T6MlwCM8C28gRq7Mb7CFBEn\/vYYqlEKnhwzKBeeBye41Vq0gbKM0JV9qRHQ7XKOsVwyIutepBP8jrECNHdwLaIEu+1zVrAN6yVIQ8\/oQq+VsbKPG9+CxCgvT5uKndWjk\/3klEO2lVttmkusFyP5l9gzCYwVOHLBsZ3xnkE2+m\/prV\/JheISUApwdWrKMEd\/078e9MXRkuX+dpNqT7a5dhlSXsO74abB1mrlTL2UcA2ek91eefqFvbEgNjkLzRgECot8CV3+VilYqrujsR+JjJ9wVO2ZRWW2y3ztaE6g21zSYVB6vxMaqYRnz72pD5b35k\/u8uTGE1pcJQr7C2oDFyU6xrQ8fc2olGaloqsNSa9zjm3tw\/aIkxpxphv2ISYW1zYIojgj\/1VCqJN2qkuGsMNJgJdPcqF3OzluCuyf9tY53umRYC\/2FFOugDxVHFd6F4iSNEQ3C3zvrpOLrWtwhbX3hkwUWpwIKllXL2Nq\/iK0AdLu5a1u7VIasXJSlmcKgX7VPPNflgTztWI0n6bh20EyUV6JmwylfymR7pRszlj27nJphDjd5FGRwMS2WMwNFJTxb+RT\/9S6rDmaFhFtes\/+ACWdpqhAKM5grfBOdhgmSQbu4voAVj9LPSU108aYASzXKDjwCDNx50fbMcWjuukzLgNuVnkky2tdFq8pWWnhoc+x1nhhOmxTLo9PFGk31LiQUA895pzmo+l2fTL008oeWJdzMT6HnN4Sq93hT2"} -01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432907578635,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com","domainame":"optimizationguide-pa.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432907578635,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com","domainame":"optimizationguide-pa.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432925103422,"pkt":"AAAAAAAAAAcAGj1jCABFAAViSZ9AAEAR2GnAqP4Lq7apF9WkAbsFTr9ryP8AAB0ImNfkZtNfpzsAAEU0Oj9RSuVXGBshDZ9GPJVbTKah5lq0FbzrD\/4QiXWxZYgS+EbUjCGL\/0WPsAmbxAc5pHPcwM09LAtmsRF0tGX2IcJO0mU4AICaJurVtqH6l7QnkS2mp\/1x4GkbuWDqNzt1vSNWb0duDucAhmzcDliKJUl+FhynNOZYpa37\/x3qQ2gUckEGtff22WZgICjdslGI9otsFCSq641M3T\/cnDTUDnywq\/5JBllUmTz3xSy7uOqdk\/GvmAxiKHI2qstlN50jgygWTjcEwibzi9GX45hbp55CvW6Vq07\/s78mWZPUaJolO7wmVEZvMjkKJwShrqatA1+fXdYi3Cg6UroeArW9\/giXBCgKk96t0LWj0Ye3aYHEguEIQQk+U1hIhhohBG7CyRY7KinfzxhHKYp4nxR0AoE08flCIJk27BdQVKCtwgdl1KEE6InkS58vcYsqRwl5mGQOqcdrW5vFut3SDANgBea80xgfodgrDqKTbcyZffoEiF+kb9ynHc1ezv0bIAV1PkzOj2qgqWsC5p\/fh\/Zzo8P2XZ8aLnTStcZ6bcklAv5uVNf+UFbiWmjv2tlpO14A6WkHj4ErxqRWGBEYotaldzMPFZWFiW2ioPVB0TG8QGhc95U+YN9bqrlIpzSi25dwaSTySv9VHstq4bM\/QvcvcMc0fH6fkzreAswa30NHgKmTHo6vyNHpVpxUy9B4ic+Or+cxEht9\/+WUAlkGWn97Q8YWdYVqIOE5mCXUm8qnxVNMIjkIhZGSoo3YxRavD7wdS8Fw1e+q3qydgTwhWjN0NEBx48heIuNQeY\/cE2hG6X8ielA1D3F3K53XZj+sSIoJGcY1F7o1jjWVmH8mOKr2btDy1dXnct+R\/pl4MyRkLClPx\/3ATniC4oYp8uNJ3B+NZdFcYjik5Sgeyx0mQaYCG27z65uob1zsx3rLGilfcXu8rawpdMaheJzkzO8EfJ0bPQG7F16gqR72nPqhJazpLH1wJnmzKMRebRRXMjGts\/Ri1mopASMG\/jbemX2+HOVqkYrPOJB4f5ST2JWfYMS9SdThVwfLGD1AwfsTLiumDKXR4Tg9xxWgAm+qvsbkRhOZ+FGfeL1PYau3Gyz7MiuqmvjBLY1U2K2xhSPscA4eL02HE+xDEr9eGwsucUqbbX+fy7xw+w59I9WXHzL9SjWsk7akH4tDqV3vDDFTrKT11Jy1Do1G\/mkcndHjXnmmMLfPsi8aPVfXNZIsbgrEqHINxT2H5oY4DI9on9u1XyO+WEYlRBbCj0\/iK09jSPGirK8Q36Lbin8pAshKEXfyzFJHclT4mOY4c7REOe77o1hD3cLQLCZ3KJ7lzwhO1fZz\/+5qiqK9KNuq+3D1\/Fbs5GLW+FqzDspdA+DHD3HVyqhGJSXI53Ms9iSliE6F6FFbgCwH3eJT9Ox0wN1zEmBqIR7303kSG5qzr5TLI3S+HsomuNljUiJcLhPennjdx7lzykZLApkNqdXohn6cMLNWawEq2vbg6QuuGD5qyFkpNZTZlU8uAHtpVJ6PR8rOhIURj1C7nmD2CZtZldkk7jy284c\/v0cTFyeXTlazrNC5FguNM8mQtfcjJeoRBgpM91eZLLODlcjL1P9tpCLmn9Socs7Q01T2rkvjPV0716n64nRa49vunAqoY5G0f+iJstXQKjrKL1O19hveBusaLAMf3k7esjVnHjtEFlZNWENT0AHE9vZ45PqMxHl97AMxGE1Ey++DiK2nswhT1oOP5K+MSP8LTUT8gmGcQuDngWuHVMtTenYrRPM5"} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com","domainame":"www.freearabianporn.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com","domainame":"www.freearabianporn.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com"}} 01059{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433005013575,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6tAAEARnbXAqP4LqE6ZJ4k0AbsFThpVwP8AAB0IZRm3OuXdodgAAEU0ssTnI2C5JTpJ7y484Fn11oOKDy1JlfEyAX6Ahkv2Zo4OuAkEIohPGoaBHToYLM+P+WJUX+\/Cx7tkDHSXu6uphHZEOGBHmbdUhEa31U3TrNufu9mq6Qj3es8x44mT60\/f25coknN4f1asGblw6iEV1UtSpKMZaOs\/Xn05i9jEBkmhLNqDiktkJ4wwKu6eDxhG6VfLGYQN0Nd18mF97QnMWVWto+p42IfXZbxYSsRmanu+ilVlO+oFCT5a\/R9Dt+6n3rqrFuIxLqTN6rjt10GoO\/\/lvMLrXeyHTYVfDmtLHFSomxcrpQ3r6eIc\/i4bL2wJjBHSTqeCFHn34cWF\/KUdra327rirXnBA\/7qtlzjYwUqqXpMeU06gm6+dAJeS+a55i\/iSqTqtrz20+u7ZIKLbJOhNJP6eJyDr4dCdENdXp1Fo+RvNoazaCsibyYSNV21GcFTzdJdaAp+DcgmVuOqynNS+9YRbKxw\/5tALw7bDdUy189V3QJUm\/7eodDeLzAxTU0ecTeCtBoRV6Wg00hEmo77VajiQh+S9i4nbzRbAGk3ddKNqZC3nSakSP6Mm39WZ9XZ2DSCUBtbOz1EnZK6eDSyw3kFY8N3QSNiaiSeJfa33Sokfyq3JCk8UnjuMqQyCqe2oeMj9pjHd8z5tFKOU+7OZzkA\/yQ7JVv9cFs9+5eYZ4cKFz9UVTSQT0XDPHR4RXhdh+bwJsc9s3QG7laDs6sjDff1OOdIw+HQvW4J9j4BHeEjv5EX8iWWHhElmMuawXMu41RoYajwI8TvfiJwokixmW4yjJof50jF95ax2qGzCJFu+R9a+5BttXBh\/HgnlXdP0TqNiuxyOJzh2lYvo4XC+o1iVVoZbKKo29cl1g0ROFSenQ6plougEal5XbLsvgz1yDGwthS+cZxXIzwxF8Eg5YJQAhTRX61XoObnpc3wjyuzhjohKkihqglhF+YzQsZk375xH7l8SvAlGAlhbaqyzvg5BgzZRh6okkrQOneu5ObvEyajk7xJ1B4hskZiOxnZ0noPwZBTF2QPMuYYm+MCxH46tot+xZ66piECmxmki024ptldWuOatYmRe+vTjmyyX1YPL4JCVDC40p742+pLSe\/iwjJkZAnjQmTnvKGie\/1BU5Wr+49RbkkhlQj87GarVPAL2uWWkqFe2Xngd1FbJvcDFFkuK1dxqsHpPZkmRC96zjmBFDteeGuqwR2lMo3UjjF2OCNSmVipO+iUOCkltuf8TJWxs7tEHUrqAVXcOfh5I8BPOIikZ3dfkJLmZ2FbI0TTtjsGhNskYmpIQ0PlvPIV7kAS3z0gwBKaF1FnV\/xQ0OCEM7TJqhVOfiW\/+wkoA3mujBfVH\/wOmSvWqW48vFIffH3djYRV7X32psbHY61g0HRIXjeXvXr8Qqc6kOM7tKBgVpXPFeJ07yr5RtFibyMmbpJubKIOxOd2PNf\/UyTLqOCr\/EZQqRA34kT\/VbsSrwcgR6YhLifHRelRWGH\/E0Pa9ov+0yS6KH5C1eU4IuTLa8OWBrTOYGLQu8Tu0ZuJyhcfyGs1ESpNH7K8z9wJSLmfAfovUdPKdJaXA4eVpJ3b6rEyriccdcLge1eKHdQyp3T\/AsTnrrAUQoHmrYyzAM8GsuQbvKlbfByymbHOPuwfI9YUmrFGuBKrB3X9vWARNEbMs2uicMz1oh0SQfb2Ug93LkY\/XDhxl6y6ruCuCMjHk9YF6+XgKvBLgShKGnzgcDJqqw32S355No+iSbZZxAos\/DatV1Zsga3TJckyQKORE"} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk","domainame":"s-img.adskeeper.co.uk","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk","domainame":"s-img.adskeeper.co.uk","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433005304458,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6xAAEARnbTAqP4LqE6ZJ4k0AbsFTtY8xP8AAB0IZRm3OuXdodgAAEU0cISfGNFL6Nfe8IXrcMcB0WwE+45y84o5jFkQ+EdHDqq0hRKmpjiqPPzi8JXkbGCFDae5uvRs2ByaSWejf137f0JY1fl3AeVjkq6PaQWDhduni\/8xLvtEbqFj4AqrhXB9TLrxV5LvP+0mGlJValwLeXYCkQ1e94uqm\/qbFL9zYlqDWYM9BIIViTH9xhJud\/SLw5JuUvIFaOQAu8OmZpUxq1bUd8xSmpOSKiHypmGgb39a7H+T1KVpPR+aUixKS4GeMMK2PAyd+OEGJMuz6qZJGatj+7v0DncaR5EgoSYycOF\/vja\/rdaJ\/YdRvp+BmrQNiM9k5UwjpTPFz+b8892Qzvimnfslx7R8GKQ9PAsv\/Tg24GHiB5jPl\/cYxqB7qj\/Z4RDwUJUIkT1A6um69Kq3NVgu5rAWDw3wRgcQ30gaG3co1yGCHL7BlNpgYFxtc2sG95hPofeQcZ7RmqBI8vbZsdcgEG9pwZXnghf+i9JkdOOyHhmNzU7FhBVpm886Oc7ESE5xd3wpyFyKJ5wKdEwsRtMCPYdLRf0ABAJjDpcG31xcGIVXa+iXmHdKqZaaFXdkzl+G5GyXaENB\/bBYFVR+uzivE3jfVyYnP5o6mkMgHmF4stkzuFXNhTUCQtT+vOWJOY0OKBIRfSRrLMayp1BWBk48bLyItA0l5w22EpO2xW\/My4wjTeC8gEVd09+5dNMt6iJUTON1ZAqvZHzSmdehef4+4mQl\/8x7+EsRKAIMAJ0j+\/iccKVsAFRvylLUI9xTbdrbwMgSdNlLvjtGyuPM+WW8Sz0Fphz5qliTbHpDUhw2MYDjzqo8p1eq2A8b9Wtx0Fg9PeEdOHEHN6JR93qNQ8Qm\/Zs+yaxclMgzfrz0njPpBZWm5TuoqFpmRrNgNmlZsI4vJE5izzoxbqOc+XwyaqSy74943ljvUMQ\/ZeoktJ4guJVMIv881KZyYNXdWP8XlvelQTRxmIHmrk8WULu5C89ykKYnsXobDBaYsX50pAVggD11aUXtJrh1N\/dVOKdnYucGb7Q5ArZbw6g65fAovdJY61FZZYMTsGeir2LCxh1AxApj3NMBJNeCfN35DoXwcNt+D8w2\/aSTQe6Lgqdlrl17h5TVhrBdY2EwKzbkiScpw58VyUeZdOFiVtIYClAYFglMWlD3NA05mjWkzv1JdL5VrS3h3MfI2xs4zN3+TLmvqItkAlOxTuNKnFQ6PMzhbtiE9pIRBeo7GRWe\/s3sXYSAgTQMeTwcALlYXW1XrTrXea37yWgn6qd6pcye8lKgZfbrjRMCVrOgARQ5+uLTdXLZffiqEHvPYwWFKcJtCjG2DNK7rUYqQnnhv4Wl7a9aDSnxFpvuZBqMtbV6dwRwh3nVBQCEW8tbmselh+vdecmFi+9yIQLpr\/ttp2HjIMzaof+HymOhd7VNiP61ZWKFd35OLow7F6RAlIa\/iMODRCCPy5rCPJ8Och0DWA\/AImeyu3i34G1KgGADjIpQoQOwOKh1KxRKIqPxHA83lNc0T2MvGmebHLNWLrdwsMvVJ+OOdOddVjrpUtFqYOdTOSyKkfGy+z3ggq11AbCjGSCRIXFWOTVgFonh1\/ejWrgnzhzvTVkzsdfazaZm1Nq7y3TI1Ff7GWqkisOa2duQbw0SwQHSDsh9Bynr6GVmyLYxcmpSTtCvxHuQF4wCoYZxuD709QVdI5mDD3SUUMavLX5H44VXuJkLmJC1t\/WhlhpH2ChjFQT1wbqIPa1XxtXfyl+1hhcd+xzhaw9Y6FS3fdwXN19AFoGQ"} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com"}} 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} @@ -229,10 +229,10 @@ 01059{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433067725492,"pkt":"AAAAAAAAAAcA4umACABFAAVi1OtAAEARtzjAqP4LdZR1HseDAbsFTtZ3zP8AAB0IpPhj4m4ZUDEAAEU0Bbm2MdfcBkbBAPPSjVV7TSr2o29Fu0JZdgmdGfjVEVdDmbG+dqC+JAbzKNxQpRoBCsz4rRvvwiop1np5APZ9Ov1gMJcSIiHQncQkBtDWz+J2o6GAqwAVkZk1FxBkffl8czPnYy8dHsU5KXYYOyBtpfhC+IT7ePszMtE7GlrZvCnH23HBzZ7GxSIxR9YFrG6h4PldhiWirrW6fHFgo\/piSndGDtWSJ+EYJdFyOMLk8LdIhNJ\/bJX3nYw329gRY5r\/poWNl5g71rBp4iz\/aiTDNDMAfcg1ExHdPviw2IK9f4W8pMDMvDI9FexzuJfBX9eRklkzssGGPyOnF+xE6997bLBbI4Vi9+gpQBFCCwYHdZ8Yt0Gussz\/f9ErkfzoPii85d0vfFh+DB5q2D4txvr1h4E4SDVIPFbk3TFJy\/7UXDNbvXXIm5xIqlq3grZZAsNicHGKes2+rw5ypULifO33QhqTPaSFb\/jQn6NyP3WJTRP9i0U0VPYsdYu3f0K5pfJOPF\/8gAxIuhKlFGtGv9GRMlzIpV1F1p2d9+\/vUuadZOiX\/Db7H96lha\/Okr2QtWcz\/SSoJEkbKYVqBS3RDAbbB4X6mN4n9Ft6hAcQJheC2GFXuEAFotpEq4XY1B+2WcU1cIEKgkoBaRv5g1\/LOKnYzLT8SzL1UVFovVGYHn+X0THvNtuJ957AYrKYcqgN\/SUJSPHzmoZoWGO\/q5y19X4WfC481zRO79sZO31h6Dk1na9B\/hYqG\/CxAXd1s5xBzDA8OS5TnaqusIzCxer4zV82fnF7VoQtDopVZNTsoDAIpt6cW+fAinlqYRRovLmToeikcLMo8c8\/6+0XN4C\/sNxwObVZ\/O5C\/emTkAyuRrduScc9vJaxAO9Dl74qqMHIMLFex8KQIDCh6G1NTs3194S8k5vVSQvmLDPRNPbXzBD1\/e\/+7+rmJqGUOcdbTOlX0fkuR4DB14HEvju2C2b9RxC4VpxeWcvtcIqUvnsdf+10RtMvVEY1H8oIRhd\/40\/JOM1RwnJAya+YM9Lojxag2aYSWUlQyopt5V+r8YPszgD2PyRsBJhXDMRUFIuIv2\/u0jmGfN1IMWtAf4wKiwoSQdAMV17hTocy61LlAkDEtIzfOpKoBNjr1FJvgoLlUR3p6HPRjORhAJzdHC7IByfP3Hxhs3ctG3V\/7BQQoSKFTrGH3kjhrfgHIt0HEkl96gVcUPsmn4EtE2VI+GcXfV\/ANkKoUFr3NCaUGtMncqVP\/YjZZJ+QcMW41L0RZUgzIT928lTjcFEypXkCRrlGtP+rWWXE7mFYXiNfnrIK3QAi4gD88L8LjTWDuvcPu8biICw9pEbLTHY1O7PpcQj\/JJ82HVYLYO58O++NchQ\/rgmiClydF0i\/JID1L1diJjMl1iYMV77lfb9Nvv2HfL8j7cDz55Alfw6pwUDnb8QeDwc\/a6xAfyz4uojy4vrCkJfYZreW9P4NFSgKnEX7HwNb6i1ZjiVei7dVFeH9afC69DsshYJ7L0fYFE5rREPVfqmcWx57T\/mQmdAf1+07k2CuNu6sNtY+XS6xOdLTWbSkcX50J5GTkvJhnKHxtmGLG8CoEfmdvM4NCU9jEGSExH87\/iWlXlfjYuUfmvFjsKZOzqUkQ2sUkhZw7BFVNd3HF7fUsilfRlk2t8MaAx\/EEndDgdYNK0EgdXbFzOIIeK6IAbpmYeX7gNdesbdzVQ6uz6TCcVrRcKuxoreJi193vTD2D8+SLe1fOItmTtr9WoqXkb1GjhybS\/sPn+TL"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433067996393,"pkt":"AAAAAAAAAAcAWlu1CABFAAVi1TJAAEARrlvAqP4LV7OblcIZAbsFTjBdyP8AAB0IGttMWxhOAgQAAEU0E0iR2uQV7+gKMUMCJ94a1mUs9WxU6Tkmya1QT1ijZpDLW3h0qsyJnE7yi5XMKbMLZQG0VI0E4CnL4699UzuXHbmZG4j1bpQxuVn5yALot0dTMdquwfkg43GEM1wkpQgrsMTP0qTEcaLbJ4i4VFKwOqxnROj3ts8Q5YEHHDel6ycIKIRhevOZCj2WbWLu59h+nwbW8hRv73Od8cN4+kjzfuGe+B1zZiO+ZdX3XLy2RMy5S4kzUgTJnM6eihuCfOyH9C1kMvBrE6eF+uvUY6g2SL73pAnMQ8F3ZxMjAvnHhyJJDNucS6II1cpdPCb4Nk6lW166dZJrTlpxEptf9MOeoGPoI7T8kuqmrwllZaRI4XQ\/kKSxUPBWGaQQMJydqLl6\/T1lDk6eOI6jqnm\/GdP90hCcoCmDPrWgZe22++LHPGXmbsr3YOCDa1nIhq8ftKY33OkoptIbA8RVngOr1lQUcMQQ\/VYFKWd7j8gKOuzuJU4SGqvnkK6Wj6e+C85olkBIqr+FP9UVpBEPptprLjMH\/pqncDJZ5yEh7Grdurgenn8Oa1UCeREsY9XCcMK5LJG0GEGg5FgT1KKRue2Z3g1vuP3LjKlHlZ6ysoHZipHIwWeDZcFGaN8c7Ipp75Aj4UWNvtREE2z3pxKUeu\/3ZyZ1sgWETUpVlXcSVvotMQ5TZwvAGbXANNu\/rhz1tvjUpV2Gbr3iMVknJ312hfpRnkJ0phBBW7yPgZMi2pP2LGIwP70mvVJhdiKKMoWgQ2K6uSPzHShiYyWZ9wfqSuCt4GrPH2Dz+sYRk9GjWlWo38XlQSZByhfvHyMDGY\/VwkRy7DGiQWpLBPaI32qcs+0Wi5UhL0chKc9MuYtE2kBrFhu\/MmzxgILiKu9g1WiLecrRs+SiPafnawwXaxRH3UnKyKEbs9tf7cxaGwTFwQbItBr0May5hHbw7VijZr\/F9HknAkXN+WQzfw2IZkbx63CHzTxn0Lf0\/gAteNoZtUoQnGHEWYD7yIoAOl+XtxktZ2WH8ilBnJI532y+PhOHWg7vFNIZYy2XNI7Ro8rUoGLA7ZyBrhYAPGV\/NOjp8U6D1metWriDzDxh0ozJasZzk0JYSqpovUTh5xgdlDtecRDUNdlTAfjBnyMbf+cFYTPnowHg7\/FY4RR3Q6\/UygV+NcMVkjaTNaDNXvagiuVZXLNIb4Tk3A2V3EqgUkxJl3ru+va\/80OsxasM4dazYUBuVN1MBNdZhpkRBKIit9QjLPAJB6wcXxf+0p+d0gN55St3hQi8gb\/iL9k\/onbQhxFP89onbtuDFXRyUSTM8tQq5CBj7L4VyNmcLHxtw5p3RXU70Uk+0psZnI2HJXq3ccqQUlNOGe4V57sFTrkyJUpugmAdJl2lStMmlzn5NM6S8FjEz0Mv23EdQvL2Xv8xQtAJ82kaQeAQu+skCfiHwl2eE0HR0kpuVdYzC4577xLkjxLKoUO64A52BANzmrvYZyO1d0UbSchYHinUiE32BfXi+lFE2EkQL8c4oFSQkavwjhteXk5z9herUfnERT404lCm6CiO4Z5gG+k6w2kpWoipnHtRYOjO897tsBk6rLYOHvEuLqjnZuhXbn3m7joNX5Nd\/3Q65iq8R5w3zlVfzVIw6SZdhLY9l5ctDa9JFYiC9MK\/ietRcrprlPxUIwhQEDdSRUda3EJD\/9M9hmP+CaD+tbS38jpu\/LbnTrforILNg1cv1A+sXeT03E966mAsy1Ec1mrv8LqFR9Ep7nyOUg5\/wWMujj7+qgzOoMXZ"} -01389{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} 01049{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk"}} 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} @@ -241,18 +241,18 @@ 01082{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433096272294,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xxAAH4RF+uokEAFcfqJ8\/ViAbsFTmV5zf8AAB0InVNfXfhBloQANwAYYxPxefYKsSfYBnNv1ogsVtvxp+5D0ZV\/hOY9nIpSROAI1ZGm2\/N1AX52ghSODygwpwixzphE\/Zx4PU\/J05Jihihf0HSLIm8bvq1I4lsCPEN84oOzz93N2RNW4AsTQ126TJRbLg+\/OXaDSNcEv\/431bFF8tgqRZ\/fSgX8JysNc3KPA0qWL2Lk3BVQJPsXIJEu279PpzYHBZ9j8jr+MI6zCBxYsOIqbCcGrJg7V4pGpqZanmc\/ej\/n3DeFkX7FR0rIL4URy2ACi55eZKyE\/cY\/+hGES0KNpvEuqZP0W6JB1GsnUf4nno1645JeNNQ40sWdwbJM93i20DxzCA2IHAqqDjKl7kwPdqZgyd9wwmr9W5oFXYYoiVP9fx50w\/y3HwF4y+xHmrmGKykORvvBujXyroRnjwvJp9k2q78bX9Nyvlbb\/fcJY8pdAcKGU9z25xdLJSOP1tG+gXR\/jGu2H6rUhavGMF5LYRTLRLHp4SbpUUx8jxdCEFUjmqtpUIEIrwm4Z0Hm+uQms\/iJ5w+1UJ2sdLBPKH3CMuMfmQi9NKErYIIwBEWNGQPZhSqFzVRVxsUINfKxs3IjvTnnhraOla+6OE4l1QrgjctRAPGA7S62BByhCMQNGtxvd0byLHL3+HLvfrJ4IQWU+re9yL28JxErUWHasznlYJkI6xctz4\/QfwLD\/upI1HHH3su\/JN\/59+8xaxpgdcd1l2nQp0pyvwyv5U6Wf7RnFfTWkvsE+beNCGvmyezggTvYYVlP3svh2dMR5YCsXGGBkHXD5Al\/bACbEjho74CZPIoyoqlumxFrHIJzc\/NBVqNAjx6GAMbtTyTT9DzAEk0LjnqNCPGHCefcqhja9+\/J1dYX96nmT25GaBsEaG\/rC+3NobsSNBEJakiA8NJIkUAtNh+7e+Q1zXrNjmd8NmSHehchWFhaFYfxnUhrfl0EpT63dRGyufStUHX8IH1M1xkDQCR7MdusL0d8DxstPAiU60cVG6Pwo2zDUTo5ubMxGhOpDHV7R7afYETZMCRo7m4ZNNCrUpt7zoBwup1J4svPg6nbVaI\/m0yq18JHw6AXXYyRID8HHMYm7BT25H0nPZW9IjpdJr3qmbDzc+C1RUeG2FZX3vtkbX1cww+TdfceaPdnmlb8oqte+bT7ih1pGpJbAr5QrtlJ0fJxJALGxPwvaxQt9OZJtzlgIiab41SJVcAVCq2GsiZ42wdCT81IxlQVTSKbH4rfxWIpBOQ2K2fcx5t+Zp\/ZWzBzNSCJHZYT0Yrw\/F\/i5MpM8YmdTShwy7McxVy34xfaZsuGyshTN0NhE1oUwb89fh0YTKyYiGlurNDOZOnGgfEY3re1o6jZ1GhwQ9qS8pljPV8ic6OmyGN3uNl6cnbAJr6m2SeP9AyqqSk1xq6k+NfhHQoeQ0khsYt2zSVuVeE30pVDMVLVpm1OQ7GuqKpKfrgPTEqSQp7+KiYJBgE45ORKunQOL\/cPFO2l8yzljsHT\/3TEL5kTELmyqZtHoUk5kaVnTC2KnmjMSJdqOCe0YoI+ZYBNkv2Qc1l\/Ve5vnSTtpVXPgZSSESjNxCDjPN5u2\/Z4VbQPVJvn\/cvLnv37v4aofPgYXBuu4ppOjhOv+b1CVIy9SClF\/HoAy6eQYGuQjl4dTmHCm2hwqRIzd1UwyH0AmPA5vcXUv8JLzDIYLi6t8TV9fYAP5GDkBiAsP8JBZRXqxfCVEsg4I5l0rc9K50VAdnoSCYqi+WwH8w7xNF4Bf7\/E3sWph1xGreEe2sTWhSoHxGuzKZgP"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"litepages.googlezip.net"}} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433110371220,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r1---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r1---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com"}} -00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1621433283660100} +00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1621433283660100} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433283660100,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"} -01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk"}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} @@ -260,30 +260,30 @@ 01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433300632344,"pkt":"AAAAAAAAAAEASYHhCABFAAViwQFAAH4RVpKokEAFbKuKtsV4AbsFTpawy\/8AAB0IVc00l\/iOZRgANwACoQTdl\/GOABSj5yQ9HIigBgYJdQCUTNlANM6rqxfD5723bzbrUxaSqL+QgfFYDvSs2HF+3FZE\/TQjSbe4Km8KzftRRJ7WGWJLHVZGU6Pr8JJ9uxzBXyE3XW+2zfcSO0pInvNKKnyglyrBYAu3eLKCvMOF\/lcR22wWFyI78zQm\/U4997pUpU3IeDVTo+1apB0IH0pVnXk0s\/DcR6kAfTOaqckpKyJM+iypk884UqXCF7zKL7SZD4uGN8XS+r+vfGpyWarYF8YuRePoaTXkOZ60muMhm0jUocNqY\/U5XaGTP2BXnULnONu5tCViE2swJ5RpifKQhW0ajmcYyvMPByIkayNlHx+wVxBbD59Qy32KgOOXFf4bk8hLtiTkWyRCqp\/0xL9c3Vfn26VBZY5CoyUtdJBdTk8G94oF5RXnKlsW9RPQGN8PNrTlnxYqCMvKdLymzbrkSaVHd1s6hCDMlvKgPIqlyVPjyv7VwNwgypSmNGQjl2iP6PboGwtXnIpa5ka4IFOHhKblDAPYAGuoR3WhJLHbWPOhkpp2xAZBtIdfGz88WUhh\/fa+5OHfzxRvv\/+98pKocB5KIs+9XaMOM2b4ye775waBhKUHBxzU5chSbpQbjGNQ7UgHntGkQrLxRrgYK30BHeCwGqbB3O3zTGi28fjy0q+DQxv58s+isMuLf4rVml1bN6YCm+6tCQu1csCemJ3W1KsCnXf1iNt4C16k4KuAk4uDPh5S1ikxcI8fbKjrNcKeqP+jUu0A0AQxq4tHOgVeVJ99xXNa0rfYRr+KcbfwK2f3GdLGTda3yUnSVSryfyKJvL2Q+8aLblgUuM6hiD+LekvE\/LlAnbBjLmD8wu4FP2UzL6qUbY58f\/mCvQGgHeRTMEUd4CowlgXPUdhQWeaDlfMLg9lfb0LA68XuyJmqrdq5bG2Bep8ngxyxEBYvezuPAC2Iz5rBy\/4kms+yRvo6kVIbiyCCpXtTDJRUyNmBT3rPW48C4LpJYm\/ICdZMpWdD0UGNtBqPhJE7WKkKOsCkPGnUmiGgDd0pjw+lR7ks28tZEyD2kzjPP7ttelpXI8vPVVoY4UZaApsgyum\/R33EOq89AHxrj6xsKtkVzUTlVCJby5kmDowFpY3WvjB3YKxK7u66vXI2uvpgNuceSN\/6K8VLUZARSSeqan2EPUjPwc8NG39Volpuo\/q6ci4X3xaY\/VIhhzOX0GkrQnDUt567z9VlzQJpCGMRaukTO8AYWCEgkfoe6nxM2l6atxd1xrKaWQ5J1s4Fb+l3ui1owS2vTplZ4RPYsayHMQAz9JTj3HW7PvghKUdzoLY3MmV80zisuPXVZXwU2r9a1f+c1uKlxlSpPR66onFKZZdWkDXHMs5slBPZ3cct6OQSpk1E+HaV0eC8NipyKySEkKnwHTUZdNtCvNWU+DfIdSY+5S7vDR\/kAFS+UkA+axllbFzhbZjbE98MSmiyGeojTXpwHvAETcKEIKQ42DITA7olKjQ58qBoakQBY2QIe2\/X\/a+1Rz3Qpmpf5f\/LIHyY8CJTH6Pguykmu8PZ2YjeCHh9nc4aZI\/D5huo5lq5GzxgnUbuvAghp+1jKsnjdIBsSbRH5Ax5Q1NaysWgoo4eoeRiE97DOBD3dFTT0U9rGH\/b9BWCRjOHVrT0xAYjOVJ9vKjsh\/uQE3RymgcpL9m+XSdoP7juYR415Wg2Oqxg61mfx+maFmAF5FUVl8xb42RdcnTELYsROvNQ5WWEs8jmQMghLxKlLWKQvG8aWjfEzyaOE4xFNVsM"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433323690840,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+3xAAH4RF4uokEAFcfqJ894MAbsFTp8Fzf8AAB0IvzqNQD0lRtMANwAyYa5fSLdWImB4ZVjTL2NEPya1cUtwCyStcfOGkb+i0HvP10Xnx2V6173CCBLyTlS2lW3ItThE\/V6vYeQp5d8+\/LNRUHhhok6SCvxveMOhomdOJpo8G34ZKxbpZZeGXMm+kxymEvh9PGGn4vHBB6v4SwzcoQL4QdYO+oYbe4NJGodI+SmHvMckm12krbWK18PtHzoYrJftqnunvJo9ULpSRaYu2+s6djIY3q7wuNnjJvZDUe5LF2t9pFC+gvIh2yTEiqiPxPThsUMHIGShrjOrLAxZrFkrJHPByKb8fTvaZlj+Dkpvl20jckd+I0vvUZV\/2XJXbyUBPGy2tkcDameP4Y5wVjdpq6TVih2KnVLphaiRQHJibXu58TyDz0Vd9X6glZg4tYEC2iKCYEy5kUqjvrjHuGphHab1PzL06uyyN+x\/732GK6ik4JUpWyZBztoY9G7fyAAxwg6UPj487al0tVnMwp1c37Z3vKYougGLf+uVEsTYDF7Cpqu+Ea7zDIydQx7IO8f0CUfPQi\/u8\/gD4HXXAdB2qA1yUY\/VlHUe3+mmQbrEIgq8uIdDQWKYbjVC5pvQNUhxoD\/aL0ONFl\/jOVpgaM\/zL2\/ko1dyUaMhLjojLbYyekvliZ3qkxk605uj5nYxD\/OY0t4miGDxZQMnUULowLp7cbjsKiCD\/BjS+2cK+geBlIFH1XYvpAgJYFqu5\/05GxQPEqo2AZuX650wvMXpjzo7oLSb3VQ3LP6jN+3GtZQkbqO0Ml2eFlFThBeHZyyNfdgISKQXW66VXUuuUPhduLb3p5Yeuex9h\/2xxRpZf+QwTlcaySd6XeQxuyDRaiHCM6HiKDMj8VSuGyQ6y6G\/CQ2lQpqTq0JCG\/TihEgoblpCMhxGu52dI8\/M4cE6+j2XEdE4krEK2jiEaIZKGdebeUzB9JAU0IEQ368+526\/BhOh0rEXo9RUgNgTnXonlH1MQUqO1fcoXxn08UG5E6ZYKgu\/OZN1pWGWjVSWyMfCT4BqFy0DQnEk0oVfz682lYFVubZ2QMzip7UVNkMKKCepikphE4c7ppd3hkLM9bsNAktobkOkAgW2i++QQX\/bTNfJxawx6s88fmfdgIdLdYyVTIeI78VHXkUVfbHcjoQFDDnKH\/5gdBE+P5BLF4EpLHfAF4Wx974YrGRnZHnoMF43ssv3SEdPlN2iriNrn4spM4xowNSQZcUmJHTcSpU+Uat4MDUM6V4RHks5OewDlWO4kOK+6LIYgpiR+yBKe\/LrPhXG4P4O0gNUot5Mb1kSEjLXUEj\/1PtJIrIb4oS70D8+c1NIiu\/OQVFn5lEPax5\/uGndd3bG0u6aRIwsYEkaTKTgdt2ZQun3oPeubolQM1fI1tzSovLzWnNl+koBh7dhxXhgQ\/X9UAn1n9hyc5f5taxal62r3tci4Mbbx8KPZBkYFj8Mmrqc8KDSHzLCloQSWCQSCkBQZ9FMuVsXUYmlB3jRDOW7KZN2uY8kbzPbIbjPWcCvUdxdHVNDIlPdgQ\/XLcgXkYVqmy7m9JKpfEvarWH5dSTcvvBS\/j7hMNXbKyu2ZBJX6gfqjxLKsxKQggL6gi+eWunxMe\/1Z3CwjGLDysODiQjylrqRc\/i89KaJ4RMPmIB9Ni0qJzV1nr4XAGc8l7QrTQ6KvRGv+KgMs0SAAvvCG8jxH07B459x95jC8vicEuCu4Qa8+k5\/C+g6l70JY75v1dmSj7TKtkEeixX9hXhrRxZTs9Uf4IcI+X23icYMl1eKUVDfGr5SG09huGxWXyIx"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433390651222,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM7pAAH4RJYuokEAFmWIcTuQuAbsFTrRvzv8AAB0INosFT237+MMANwBb9TwbasdQ32A5cX94fXk3R40z4mY0PhE1HEAJQYO4V6\/3tF0P2M88fsUndGz9Fr7kJKq5dvhE\/XERoYXV5NHZLSYf4DTWVhp7q1z6KYJRQxo75jUpfdEwUa6ZG+5bNu\/A5u9XKnFMFC0KCN5TT4NsPs0VPSqpEv80Khbgf8\/cxxTXZWjqluHOImCUv2NFZIJpo9CgaD0e+8GRtcXDohjn+znKXGpEH1V8b\/3kSK48z6I+6n3KVBV2xHgdOGQwwEd1q1J+ECF5KYSp9RUL0zzTscSavIziA0pSN7JIWZUep\/Ok1sLxp9ATB3LHSyV9ajz0afQRqz8lPxBfGq9y5R3BFba3C9vH70pf4yBTyQd6jqWvZyTR21R\/xl6xRf4gAhvJcYjJkxW+3lmGOhS68JXB7SBW\/j\/51vJYllmwAccGUXQGTXS5\/VWIw5VScjbKe0pa3A8a9e8Av\/ljOB\/HEfVTnsj+Y+qchpc8HO4XTQoFrPwaU8vXQ1JM66P7sQb1sco0zqaDzmitGZlUT1QWpnQr7eKksiSn9NnvNYTUvdDSSPn3PKsb2RhC9OqgtoYPKkGHpW8FvVwHYqbSyvaU3MJxUBlxuA0FvYBKTVbWO0AgmyZocUfOLKTsk\/TZfqoCD3QW7FO7lNRUo+P1rP9gFOB463DdLyAUsjehCczhWZWdGU\/gT04HidAXsnw6jARYjLJBcLpd08Td0XXQY6albr3J8ZZ9LOvShd71AaKUK4b3zzE1WCv8qtmiARodSJhVf6dZMl+yNOLSPKMomawxSMzPdml\/FM\/zeE6Dlz+9BPCv+f08v5Fn9tMUAsDXRUKY+8WZNa7DgQzfNejuemuadnwoPLOzzh2w6xM0Rzp6OEuIpQFyQW5xNjLrzOOpMaJIzF2sqpzwfuKJCm3s1snEjO84ddDhgxqjSj4lavW+riy8zgmEWo47r2DqOd3WghFxjV8xyvlVX1uHWa05pzMGWfGeumcPVMyT0adU5+wJkEcRvHBRw+oHJsqaukZHSI5JJYAbZf1ESnjxhCqHtgklzs9ImmCW7GeF21uZglW+vjLUsQcwNpF8zy37gmZdX4j9TzC1fY1ZjbAZMCcZltyE4Ua\/HE9Gr4qIttYQRoSXvemLO35Ifzyp3YBJuix7D\/0G7UY96\/ygRaDjJYKdA8flhrjpLc01yADTlcnXVTVLb1A6zKUqy1IoG\/Tlk\/z3cQ9+IaG0ETvoH+URSO+Wy5\/31GgH86Fb91IlFWvBBgEg9o5mtJE4ZjuQeHoeCfnmV53e5D0s6e1mLoSTRslkgBkyPIHBkD+AfULG9yRcBDRHLVOUtHMauEJx5SFk6LDE48gvZ\/W14DPXuSshpkqThd+a9l965NCkiqLzobezcZyu8ONMCL4aWAP4JD6b0Xp08jXqOcZYqiJ7NZSbad15kseZHdYQvvA+PJhUbcE5YZWcn\/xOb806apm1GAxXDo9cx3POklhJ0tzP\/LMU\/8cl+t2ZxNjURhO8nGFdQRgkvW6BDfHMzQeR6PbeH3pEswauHhyM5fr7Wk49wwwktzukldwFbMPCg9p87hqBsGVxIND1WlwqOlV\/lxMTiW\/q4zZTP6jyb8htKoyq380p91mZyV0+Qdr+Qa7+\/NlUYv8PEee2yAJ5phlblYmFxIh\/JvKbTy5doeGxfVsMIJdICKa5u7\/SlsDHJCHaQdFlIVGoLAQ1H8FpK6Y\/P56TfHflnO\/ivZWYw6MQJh9riQHgPJbhr65Ah4Btxq8WeMahT6b7GzECoVCR8QqXUp3Q"} -01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01055{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433411827256,"pkt":"AAAAAAAAAAEASYHhCABFAAVixWVAAH4RXjKokEAFEOjade+dAbsFTkGKyP8AAB0ID6UbviYe1OcAAEU0lEpFVo61ttZD0\/Guo\/jnAnR9jv+k5pAvfeBeOWD6Cm8zeiN4ecxHXQbeJAslmDKkgnaApPPGNJshgoi7VzHr\/rv4f991MIah9Z0x3iwrLSqHm+jIfLQxfiAPFuB9rLMf4f5yjsUpTl7yYpryWfDoVmV2zU2awpg5MyVbMiWeuULv\/hrjEOVgd6zoPwwK5dF1RV\/wrIcyIIMUpE+r5n8s58GUzUdN3AhPEbNnKhRwC6RWrqA+i0cqa8ctZWlgocKvytYgiqCsqMVO3NdyZSTFiTuNzFYJLpfFCUzIPf63hLzpNqbjK63qqYHIxdtHDARFoPxNzOgrVier\/q2WjzxC+M6mQi+H2pqwgvmMAlvMEtDd1ZlAWkzOl4G\/oReq\/ToNk7RekeRqvxLV\/VeSMXbYuQGNbpu2wr1Wxl6BibYf\/79Z3rObQtiyM19RxMxp7mdvUcLeIhqREsWiAfd+i1zPeTFCw+TQxI+c7b8r8\/XfC6A0KPfbtIIopv4Md8ZWbT8evvkG1J7aQcX8LESarYbxGnYGbIKbRvieAyXupa9DNkt5ydiaOWNMWmnYatZS7q+vJrXn89FucDVT03eSB8\/l5O5rpocuX6dFZiCeqampgTCdr3kOlnlcPHHqJr+VaFY4vr5Xyh5EHsikjEWIGozPdc7jEZtWf3uYTyNQsjZBZgpnS7YJW7nOT2DjNWT0GWwr0Ic1PXuo8I2w5qSUux7ny0enp7B\/26GObK7DIsMjzFG8UHaQBBmT\/Gf6mdO5kccDPkmAWHe0oXsNPt7\/TmoB8HTzqmFM3q5jiptukUvnl6h3hrA4tDcWF6r6\/VaXFDgQChkQm\/m5WrQEKH+KSIIwCREIKBUb3xaKQEJM4DmC+PDjOpNX2TtmlEUfuimAq0RFbxofd+ZiNjHaNh9WW79+yMMNubGxcKaeiIUpxvvl+n8zGFM11cyoFugluYbAi8iHUHh3Cjjf9i8p\/JBp8Lwsqt8GOKWBoZr8Pv9Qwx\/yhIn9+hyt75NZceSkQPB2HilwbRmKH9ZWN1RLraLSCDjLFZUoXLSdJR3\/RNAs+0evfZVDyjhtDb9Eybgu7J\/eCdLlS3X6ZW+L84u+0SQDGVf6Ood3an8Co1tUKtWj0PhIkidMAwm1PT4EdcGZ0Og4+2sY64xmsHSK3dYm3M1QvEAwoRAl7F2yqmYCv7brxvtZjAJQRQ+SvKtUx9c5gyIckMAAQPNHHrAiKGz7YZtDQNhcaxQR3kHPlUSzEMcAKMY1RR7CN\/pSeooHbHeCdnLpRnly2OT\/HcsGFzOvorJJhV2IGzqc5eU85yleqWqGU4sEQpVrPVOXIbwh\/xWWQ3840ZM2zRH5KGNip5J0esfDT3r1uD4+AX0TrvlQvBmkVKYVu8\/Dc9JFMO8ks11koiARJyBa1p\/sYHKBx1429RrmPqPI1XGKrymUtfQLC1CjqDyMOcxMqXqHjOsV2W9Oe3aLqW0jqS4duUkIT45+NWUAEWQ5dcCvojudybcgB4i60UXLIJevToJ3JBxhaiZ0CBRlMiKqo7D27zgr1XJAjPS+feRSz+BJmxsqmY7bE7m7oRlxsN1qe0wj+Y+9szslqshgyS2A5FJDMEnvbShUgke31IlErYOEjA3M5ysDeUu5PO3ZaH7U9PkLACney3E6ldmC+Nm2iaW6IcjlkqsHCdTehMCOgQeKjiT8gNfoQUi0sDE1nb57Dfx6ucdbSEHW6ULrwjrSydeaPhk7\/b\/ZyzdR5QbL\/8bpPlib01D2Ts9qawYdi2FBumvw"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433443702807,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+6RAAH4RF2OokEAFcfqJ891rAbsFTomjw\/8AAB0IUmuY6nOze38ANwCN5aNI0Jhzv9NOMh\/1sz8Pq4SZBhXzrMMmdjZzrQgjx1zkkutKHQB1oDFT8L80Z4Aw8jSNx3hE\/Zw\/laqqIbhk2h4AYI8E2Ksg3Sfl+5RD5Qe9ekCyVbSOIn\/RQGKQ+Ysrz4swQWQlQaC+KtSVXMe3vllDuG\/jjZv8zSYZWp4V2dx8qPMZPOw3vPgkM\/WcagE5PucdMP+3itniSXOFzVDdgXKq5nmt+7yYD1XqERMNH7mUp+JRrWe4XHV7cKX02FgoGRmWOpxUJWFf7LJEmXiGcbi7Y0jE\/h\/OYXsowiB1squTTDTuQqDqWuYNEAOZV9SOZp2L7pqHnGTE9iJVdZW+JFE20DbZCic3DVlzGwLNvFMykQy2R19YE9TfCuZrbfxU0FPlLGpo5fIWWWvDAVoqbqVmZqEGwcTHzgV8Yz9EUd9TKsk+pq6On9FaEMp9uqGWWwnxo3eZj0TPa3FIym2Jcz1rAVeaoddUuSsIGRkpmLUnVQPtQlzkUneg+9hSBIQzKf0B4JD4gK60cQ+wEib\/Mlb2svj8AwuMbD42dbbUAldY8vdc2R6SBT7hjpHRBMRK\/23CtpazJepPZW9TaqY1KH0Tz\/rdqetAkIpplEYk8d\/g9AITDWSrF8e6zya2TMq79ase5qJDl1I7B2BaCwE6uBrcM3YNywAaodudS6yBo7OBmzBJLhjcpawpG1VBepprPrMyQKdKRaLIppfRPMpB1zNwIz1B\/b0n29UJhF6mBe0rd\/G89yqhkXZrgizvDrWltB8tOP9SBV2j6Lu0+wAsCdQXImvD3VUPci4NZs5GU7Vvk\/ru8p8qVRhy1G9PMoV9S29kH3cyerovTX6XCRqhXT7LjRT227GeRmtu3e6LKmxiCSV16aoE86qsn7s15ede43yipjlcC2hBClsbMTb2sd2VPU5sjNA7FNWxGPJemWAv1BZza5EgN49CYT43mq\/jV+DKvYykpvXjR7AtKXJDZ6Sjxau21\/2SoAW9fknYkCMN\/b6sBb\/fb2UpjRQ7vtJeLKXxg6xRmaSy02gAXGTje9zcd4wsNhHKa5efII9Ck1SaDqkDwzSlV1MgZYsboWuDhaRPboyD3HUhtACz7J+Y3TYKG8hOhjZ4ZCZgGjHzNSe75OGW465v+X67ja\/0mNh37VVVzJ8W2qxkDcAd6QHJT+qyXR64+O7B10B7DO9voZAqB4B7NmlTjFKRebbQu57q54zPuFHoi5ShAmQQ9UaPbGtA3CwzY355cHS0TvLRROOxD2CS17paHw+jZFFnHn5LXH6snBlWaDVhRzqR\/YYGoi4d\/7LIG+yhTFvXfp4vXRdxfwTSW\/47XWHABPYfJ6vXmF0ZlSVMGkkiLOES0NuVRKMFyi4Xev+x7I5SlwVCu+Rvq8DSRF1MfjOJeMPXW0T\/Ekz0FDO4mP35HA\/3PeK18zuOlO37CdOsUXKnqLocCevQv9jz5q7vVxas6jE8BkD4uQY8aeyRiiKzeZh2\/lVon6R7IS4sMXdz1t4wPZr1ILCy8wM7LjPHggzpJxmfuu9E7qlOH406tiQeyFo7FY1H2GOapGdOKVftFin6pO7IjV88AyDx+yPUwuSKzmoqNi6P6VAErvOi4bRjw\/kYQg9LGmC02XKMWGdyW3mVcI\/8x\/3TkI4csH2+tr+BfT74D5aoqvH+ZJSLn0rurteuEBkZW2fndLeNUkyWzU015vCQoZJqvTClWmVcG9CLZn2rbyhXrUHNKkVJ+wn4ARFcIHQUVc7egurai3mUfPedLQU\/iDA4\/fPb"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01055{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433521961363,"pkt":"AAAAAAAAAAEASYHhCABFAAViy8RAAH4RV9OokEAFEOjadfy8AbsFThT+z\/8AAB0IhJNYKtANuoMANwBQeqOywn67qncKSnTvuagILGVnNcalwuzGeiHpkW\/r3QudQ1Xg+atf32S0lvogd+2\/QThXrAhE\/UcbE6\/9d3ne8M3mBUbLc5y01PqU2r3V84i6i2XGKABZLB+Bshg3DGbuuyaaRbJCJtO6TLBrd9b6D0pWzrZ8i\/Gz8PAIyMOtI5BQl03yZpQuNeBtefp5qB7VZ9vAjNbT9Fi4jMJzpK4LOjIjHvho5UD9A1tQPssWUuiaB6ShmA41Ky2YyAUYb6Vh9rcHTQmUf36RXRjnMENcqSJ0txZ5HLa+JL\/wc7MLe4cFuMGhbo5QOrIDZl0OqxsRLbUuyHXXUj9iT0oZwwV9OPcMhzRgBCvFYPYmfISQRYW788jLzx1jI6Om66CAeI+GlZoG8XjCWvwTBZh4\/jd+ih5NAhEs\/yPoFHJAITJIoFzfVRs\/ZlaeaD21dhSdkLyQXvL6YrShajAQAL8QQuvvPxp1O9trw\/J1Y0yCHlbqft4HIR8bieoeKqFBtn8Vf4OzAvdIKL73M4BelKj2NgPZYdKz8+ZqUObz8td1TnEc2GZAidUp2ZVWI5XtiTBVv6\/1haOTwC\/f72jS66IjYphHkAjFY9qrDEJPRir2QNSQmatmWbaYhNe+qzzpKOsUSXAhbo1oQcAl+l2H9vJ\/DIQa\/AxSESBrwxGM4fWVLKqEAfMznZCtqu5fIZYleZVlEdE5C6lkvCY2W3xT+YJ1bOncdsHPT\/WGTsfc2kcqrsadebK7YP96vtKb5\/Kwjr0TCYEIvC8vfon2QAbzWY\/JCGhSEYUqb+8HgxwXZ9GWYITX\/BiqiLCdU8Aq6m\/J2oBNQp41WFXol9NeIYQ\/ENO\/iD4I\/DEE\/++\/78B3gyY1sn1rZXJOK0OaZecB3oIp5CHb8DPBBomL5i+kCg55mQYZXdBZu+\/tPycOr6KZl91KRXD7Z7TalELPSIUYpOBkmxHSZ2pvbUBnFHUY\/pw8Iwss0KbgupzZx7PD0GBpeEIyl45N0\/CmlN9QuyhgtpFSdG76LgGZLszlzyntz5P0kwUusECVbIv+39Djz82FK54YD4N+JgQBI2jcM5Zrwk2YhbYd9NpBrDQWUXA9bJsyou+uE1gnkTh+CuICnZY1UDepbEYOVkXeD6R6MgAu0d03kX9pBp4HBB2snNUvQ2Oyw65UsJhUcink0Bfa6N1+jzB8j4NevywJoM\/frbsYzOsqLw3giaa6WuLFmKpE+IZ10TEjlyFlcukcQlZ+NNObDfykNCzzBy0AcMVQaUSbjFM9ZqN+w532wfhRNhL\/F83rzAuxIgJ0n7kuWgx1Jmzauv+GuAQAe\/Uw+HEgG6V+kg9JoZLVZYLKoIXp7Z\/RGXpWG6+88\/QUBnYEjIVJi3NA4jv6spgUguU8hnlk0dwaGaTgDd+E3pAJh1qiy6G4I6\/yNiu8puzdQ2UZXW5DSLwiSIdluiR43lhltbHf\/kT4ogbkuhAZhjh\/hPFlOMFqyWyJNLdSoLKPFvtXO5THZjGcQf64KDQ+Abf7vsxCS6V\/yIHUSA+iidaY5kvUUh1iHjGk0QAUUnvwTyQXCrz5Lw8M0X\/+XryPxtPTET5dAXJHe7twTSv+4wTKnufI1RxQCzNHd\/d8PrkscC7FBMhp5+jPQuyuCQJrAnnf4c5Q9OIbgJM125\/9n8YnDbNwguEGB0mPAkvI3jKFLHb1CFQcgY8kEl\/0mjy6bPZdm5nVzmX0ouDvUmiEZcGPawl5Bk3IHTCTM4+6WoZMUTAFfn6ItnEi7vfqWVc34jJvA3AQ"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com"}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} @@ -292,18 +292,18 @@ 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433567521558,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYR1AAH4R+pqokEAFCUGp\/O4IAbsFTmqmwP8AAB0IrIdSuCmx8q8ANwCDdz03IhzUFn1L2Cnpzs\/TwSm2cofJpAX1JkTV3tCerbt47eBb\/tUYyv\/WG3oeaZXUGjSRmm5E\/S\/GHWDf3uofFcje7iOy\/NYB5qLognHXVD5g33k5Wi4OmgM+Ahmi4KhHeG3d2\/spKvCfjAjis75+5oGyetUb7SiO95JzfsedF3RaUE6Kj3rwNnMmnCLJJ1LfhDj1pFKjuI2YJh+71nHR\/BoSscicrqHnjNU+Kt5JysJR0+jE4LPT9l2mVbtuLkLis0xTseEMrQ66AbQ4UFQMzyqQWI6Ys9FFItz+0act2NE2Wbofw\/Lrumq\/k5f6prAdUO5v4cjZt\/R7aWcFen8a7KkWTJ\/7yg4CnjBGZeWmAF\/5X52U3x\/RCCkPoodlYLAoeE7zSZyzafp9Vs3xFNlJ9K08Ckfsw+JGyo11cIH+HtRX65c3vvT6RM+bJMwm4UScJkC6c7MPFESBou22UrxOHjl8NrD0kEu\/qLl4tdQbrTpkmURNF2JKrG1jx1\/Vfcu5uH+lsNbc4u2wpjBtpNr8b07\/1E6ftbBeGWLBOlfhvQxQUPiyD5FRgm3uDcodf1gX7fecwIzaijpGJiX6c2KBmWcNDAQ\/RbOf9+2e76hRJtul2\/BURpdz9zqqRcD4sx424KomOinx8opVJjXft4bXUEWmwuefm1\/MbxOXPv2RyHg9XMH3qoObK7PP8PiRDpbbi6LB0oS1AIUBop\/TsnEOwwab4fl60FNiCev7ICz8OTrnAs6or6No9QC4mHJiNDT\/A5vVLmzT+Z9Dqu6BSr\/JaA6a6DJxfKrQLEYyFN+mAQST11uNp+VnLp1My1clYT++rNpJ2L59DkZaHZMZObQn4ik6O5C5VTnjBEObmR92eddNMuyKx5Kcg3EUAmOCeW6r2JGIl\/IhqsZitb1a2D0s80k4oX7Mvtlc4SQUaT7Qoy9cxZgVr3MS2h5r3nBhDjmOzclfK29evsEafcbJ8vHLvuDQLmwUbuWeYZPoiyIhQ9vr3rKz\/vd4UPl9YGc+ZFcosYc4+tF2ZvXLoV44zl5Hn+JUXSAMG8rfoE5RFiZCNdNSnotUGTuB8Lo8zqSeIICZx9qwBhwg0RBlSWK21bfhv0V6bO9uXd+SDA46Wuo9rvFwnraBKcacSoVBqqZ6NGGOXQX3CZ0UnZskQ2Xh9lq7c+9mbhD+uHkgeQ59u9+pCOoymabTpJz40KiLhh8cpE9UupFG3Btt\/mF\/tKjiDmpak0XaH5p715g4CskmYYeD92tSYiV2pxtPeSRFzREp31JbFciPWTWGHAynBoYesEZ31n6hzAN8xZIjFGAvCt9mogpjeOLZJ7T6QB+DXmTonvgfoavnlxnuqRqgiv2cdSaHzS1VthMln+XrEc6vIeLHjdmGTvxC4AfsHPWXQIScQ1dgnB39QlH9QGb+UXoJzINdUC7cxDDD1xWXlxqErv9pLj\/8syL\/kpqf0cAEb9f64EjRsyus6nZBGadcNgi1Md7ZoW1HGHML8j\/VyYIyJ1h7a+uvD3tW2ObzdNNh76C4O7RQWUO8ZVim2RcdZDeVvKTfU9dvyIagWxbYngJIGWUFxc+bA6nkUtX80ozt8+iMKvMyzsIr5C1WAgFhm\/JX2pUDX72XRGljQ99hW8WgvHx1zqZrH1LJ+aVfz7ij\/XG14HFhuepiATRHhb90pWV4gDy4BiWtZbCYyogbxOy35IER+o2RQvYWxiFGjGpj26HCJi40rj7HUSLn3oSMIhCgp0XQZUgssWXFY06WovWc+\/OK\/KLsjtKK"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01052{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433588411274,"pkt":"AAAAAAAAAAEAz315CABFAAVi2sJAAH4Rh2SokEAFFgyWwuo9AbsFTrBryP8AAB0INSLhPL22UxQAAEU0dnb6uZhq1t6Zw3kr2pvHyfNWBxJD9W9s2zTRbPt+j3sYHVqGaibagTvObqxr8L7RMTtZH2xjRCWpCspX2XXuq+FXnTIfCwzq0R8bYQN7af9gvVLHPCvoe4LlWn1tEH6m0BTvrXq32km0YOpGp8mBDhiXp58UFczWic\/LDA0x6fF2n4YNtLE4Z2lMWFYhTTmuDLcKfFKATGaEQDjMewCgDLW4FqXB4m54SdcTcA\/dFOpbB1LCJ0YhH7hBJsrsRX7AF75ed76PrLag927ZRPEw3QiemYlDHW\/GgtF2bnMq6BMjp43+PZDDTs8Lw6sSJLk5j+j7binjYxfhzKvS9t5LIcp5cq8WQfdQfqbOCH+EpKFBTJXUATHM0GqFbPOFEWoTNdoLFZJCt0RlhQ2aFEhPRfofdgGmwmNcj6SQWX34PWjMe+xGvvQbWJbXfEiSpzsQw4qDOngUbAppNhq8yhTP7TLB+dKj0\/0j7CCnhGjf5VTlM4l8pSQLDnxJSczvPia0OmU+mYdzwvo0EOBr8AklCW7iLYW8dS2cmM0rlDa0ecqvTJ1VYOrB1S75Bz\/6V6+Hd7atab6h1vwSF2pFzXYcnqRiAinW\/VuSyg8KFFRr4Ybp5EzzwavSR2SInrndIzHlQgZhYkQhMHquBj5pApzCV3CuafdgWqruaCZexHIxHUdqmNN3yoqhpORch4AucgZXsQNNzu61Oune7H9O4MZHSTbLB19LCWWax1HzoFFeIyd+5XmDm8mqPBGBox1uxXAnJKM6+GXHpB2V+FVVww180yqLX4GanOJnfIFeIsn4XBJnYIAP18i9WhsbmRQWzl2XXYGFoRgkXkK1O+vGgPHV0EwDCUVaRhM2Rp+mvnnekeQws42lHMDRRxro+Eu9Ix0dsSJSRu5aFrroBpy3BPqsFCWb6M1EO0ZkiSuyMzMhMajOdUGCUna3gRiqvWtnMAbujUIPEq4PxN703lFKCAwIzIQNpwUh8mhLfFhAoyZhTjLup4KwhbKLFvYtKH0KHuLzpWQoBg9RYsqdtULI2+oQT2xHT99uhQc+dCK2nB0\/AJUbz91vXqq4Z+yTLK3qj+zNjQD0SHuOj18j+U37Pv7n6hwnuYzJKut5HNbT2mS5c\/00J82pn1UFjkHTJlZViBRbamRBCYCrX8FlJMJSeYHxtaGSD2LMbKIo8ecS2LrRVpGzwk0uo07Mlv9SeXRRtFhMhL8QJj7Ppv4crbwmWUJlFStoLO6iJRltLQK2Pl5JTkCISdw7ai8hmpPrQNR1gTuhnQ5\/GrIbz\/Hn59i+FyKiHMbjD3uzIGGIjeAdtBo03OGEL7XqBQA6NjJbG6W4THKFVaoUguo11P+g8z1hQF6OsY4EIS1M4hIImra0sUYy8Djc\/GGHsR0aEhjb1R4SiR+O9eiEtlxe1RT0g5rqIVSMhzdOU4wPWZDmrYaLl5hJ7phEqFGfgb6lrciOSZltZTNxTFq1zP4\/a6FEXS7CWMcJ7gX6XCBKUdUEBZvF6VAhczRd86bNCG2G0yjbnySI5sJBiFiizMdJaTuboXWehh73WfYET2wCS2TQ5Sg3Fpi\/2mK9dgxsZor0IxYLcaR+pvqa9krSP1h\/W+5Yc0W0Il09dN1RybZXko2cOc4Lfkq3Q0OvSfG5Ch6ZniiOz6DPWiFOkZUz2wi4NdBirItgeWcbhu2bR2McE74iWO9Bzd+fUd3fpaJcOg9NgCJg79T+rFXw2qinlYZGKvc14iIcpyM1OlOVLiWgsVNddHQTUfoocRRE+Quu"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r1---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r1---sn-vh5ouxa-hju6.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433648984652,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+9FAAH4RFzaokEAFcfqJ8\/y1AbsFTvvUzP8AAB0IOGOQBfKCbj0ANwA\/voO+XXx9UNRzF\/PVLqUQmnVcfbJaFy+44m9Th\/J0D8vGDxgnE0b3my68fY4VhoH7ylldwCdE\/cIKBj8Q8msGVTF\/lZRPFcYyu4rQA4dMkmJLGh8h4hcVJXYlyXw0HxsVsRXBSCaH9pcz5MYJT0N8d\/QHoWIhJXtTq2A4a7329H7ZCy\/2hiheF\/XWiSc4pxmO9Ynh+JN2vvZnWdzm0q82\/5WdIhtH6DKNLW7\/XztT2A8BgoGu1165fwnnJttnCnp7MC7ceEZdqQcpJJ9S5BIzGJvI47OWUy\/O+A7cuxtRd80Baj5eUgykqLnUlMco5qWUXbGJ3qeG56zhiw2ILgjT7Bcuxpku4m9iswOoWD9e++B9OG3l4Nl0B6il9OgM9B6djMPEZaQ\/7P0eLCfrf8N1EK8IU+jTARRnjz11uoVbKvy1X354Ysm\/cfeR1fvYJ8g2GiyorZy5vRdiDqVcxw9hR+rNVIThkd9jHbU6NaUET2Zmcrhn0oU\/AQNeqrzoZrD0wkusdBqHE7Oy7ZP3iS2driLZ2Ic4Alz7LOyyp85qJ87V9cHDrhWW0V\/LheIEH23t7AEDMI2gPEDikZlOkiojcHtGj6V3+8VwA1VBAVbh6C2nQb7oWJn4psrNAUumMXN\/5bdg6Au5NE9nJBs2GYp2MzdKptvsKDmxm6J8MjGuWMQCrFOGnhGPYmsufDERoYla\/wIXOqNo8R\/FJFxzNp3PwXo7ZdrQ73XzNwHSr9ffXKXimX21O1SWpQHDR\/RbdX1vZUr3Lh7pfNbx6rH7OmcLXV99oY2AQ6e8oc11SSL+ZdlBq0HLriiqfnA7CcVCdmD6jwEIQhCXdiNp2REzSEls5BEEPv8qRmwUQhOspQKayIHnIFw4XLXOua7WKV89\/vWuyJiksgmRtispubeUmTZoRJOF5\/jnh38nkBft2hu59mNNnWRGPvIy19bc0cxeWlZ4oo6nA9PJSZrQOdeW\/rD5ea8+DflUeQgYwFBI1S1PmVVqn6wiLMuaN3KohpzaQ3XgqrMrhPL05TT+tnokrX8jZ67X0mBu4DfS\/lggH6sBExWEAFyohWoqxhN0lUtYWZxgsnjiG+zXzgkP9ZtYeUvbNuzU6A5q3kVffXh28T+8yra1UAY4vmoeH\/QjLFtQVcEqveGRLBBG1l5o0fUNpUtnBrmmkZGfWY8JzXpI0KnKiHip4fBG0IQd+Q2bQOSO\/Udo4tFpVnmlDgeOeYmyrnrCqgC0cHv\/XR5E73gV1kjRoXxPvXxp\/pzGER9dhbxukOJbOd+VrD3OKeWSvoGbaNv3kYyanEP88AWW\/Bf2lDp7\/uZ7ngQLGve59K09TJ\/VxfxlMpRy29Y9kICc+sz8POsOp1zPo8X3lv4KDjtiGPrF4cogmdW+gz\/1Rx8RTv8nIGkGcj+GVFdIFzhqjZlaM+tlw+V5CFsnIZ58RzZR6PY1G0cLuEeCNRKseDLy2xunVcw0reIDCM\/BTmBGYOUScCRjBtpioVUlizTJN63ofb24jOlXZTsMyrT5MJJU6Slp9jrbFIgBY+6oR5a2h\/33BA9ep\/j6lsrwpd8UjkvRh76vxWRquNFGDZEA\/nnCBtRlZ9XDeCRoVW5+pY+5AmH2BOq5S+1kF52Jn+8edM7qfDOmmPZCwuDrVPEFHpbn96ryrPI4Qt9pbBcq2Z69uLwP\/ZTNn2joerZUg8Hl4cFuZ6ooBq6byB92bCiYOv3FnN\/Mx0lMa5Ean6QjpWh6xfjOoz2RFyP71l9S1BlUPEZhl3HfYvAeLR1G"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01069{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com"}} @@ -311,138 +311,138 @@ 01070{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433848159035,"pkt":"AAAAAAAAAAEAguyCCABFAAViV7ZAAH4RzIyokEAFdZR1HukgAbsFTrrGzv8AAB0IZrtHVazP7GUANwCdzwl\/Ag4dMP\/532YmgteM9y4rfgnxKHdwAMQTxGHIHdDGRBEdHlnPsFRQLnkLCUyj+ZiMcQtE\/ZbnAwVVwgmAbJeZzFu0xe9BjJU+0q0ZPjc4pl\/q1xAOsn94uZ6J3jN9QX92abvAtxhYz8VeBqrOA607zbwY9GWSP6ok9Pja\/Fq8w8NDCZGf3qIL3rk\/wAzA3jEYpRRQWDHceKbIR88KOcO1FL8LDN9LJGuLhgF5FQs6DJLnrpIczBSYq4OBwz\/\/sKd1SAUQJMcAmfR\/jZPeYBnpsWTjRALFzwpImgbStENOm\/0p3NLhVUB6WCiKCvKKk9gT6\/d\/x10ux08ULPTBXIv\/k4Ll8l6sgA2ueorwPBTauFi21MhZZCtPcV3eJ6EUWMMMFrZfATCNoB+EVA44T4fDxdcOZEzFwjnKteEZmVkDbqqZ9qjV5YV3p\/6BGB2jz47XkvU4EacBYHhxZ2ZBLwV2tLuqe7+aE8IdEygSC4TSRNL49Ttq\/RQwV8aObYvXamg93UAuYbgkXDq6Cz0FVo2RyS4gV5roXuZXS44vxfS1oZOfTTNFzIHJUGwN9JEwtlJyaLE+zlmDRVeeKLag0ryJrnplqRANQHZqgBEbDtwGPSRu34eTOgLm4WHJcagJTF4Fz7xu6\/\/DDYatKPQYRG7oY7IYZQm7mhylJ7uBUzlcqBwaflcUNmXybTxJ+2WD0zZz6gCJLVhgwyhutJAlQanGkuwf3EdmqBx8ceqxoNJ7tZKAGK6ZLIa3G6I1xZC\/TaQ+1KZfZAfI4pB3hAXWDjm2gcWEJXPdl2HpQhbj4SN3C\/MogkQ6jmjo2la2vWjIQ2+qzYSkHj832CLT58yzA0tGXZvR5lpaU6hPOvYp9D+DMoC0H2it5Bi\/rirv+bbZpE7LzsCnG1SyGV0J0MpJPpexlnfbb0tXuruzppFFVv8XX\/\/AGNTxslc2JJDce0W3BO9U2F7QbGNMDxkz\/wBWOEZH8+aF8yWPCo26iB0IWKm64gR8orVp9wCN\/S\/ux5zHmhkRNoUehIoFt23QRRYl4mEM8Kb+yNY6ExrRhuVVLVK07imb+PWqHfegN+A6yiJIol96tI\/qRwPHidTWuw+BPOds5nSGwNNMYCpCNYS7znyftMnQYiHdYUMEr1nkXG0p+BTVDr6yzplTCLHGEroPKNnH8e3DVvViJ3UCgrkqYMJFZa415l4iDMaX1IPVcIVbn0GJt+fxcZSe\/4EBL\/Lglqu4lLqW8vfP3Ryp18CcBI5AUvjnbHT3H9GKw1At8VX0EmM6FNbrzmSDDHpjxJAjZFsnjcKA4s8cGEzjtd04U5Ov1l\/uV+TrsjbEVaYIN3cAlR8CmLid56lf832bUt\/rJVHoQNMALy35MqNi3UTMRHx2sOalpm1X2yqB6Qcr8RiPpnVvJ0XaoyVa69ClIE\/D0J\/eeWPqDxqyOq2dFObeT\/Q3Ey6oum6f7LqZWXPfk\/Of0coJY79h0DaTGeZt8KNREQgsRBcylskDOu5tf2QjszGuOPnHGGIjoEkML3giU2HtWNdhUpR6kCeVzhBvo+CYlsFw0XUh5F8NiKLotZ\/peNJe9m5PV26VmA1CuJnJUZ+iTsXmSUkD0eRX0gnwfjJ6dq\/oMKsvWsVcGcwOkeW0MrEVdWGsBJjfzNjkVIa433oGL9UgwBMpD4PWzwUd+SNd+1vgvOeW4tFbxfn\/XBNWVoFAyPSzEwkXy++b+c1GHJidlATTQULFM1qwYz4DqrTvS\/tKosbIdtvCa5V\/Wk2K\/pjchLwN"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433861442402,"pkt":"AAAAAAAAAAEAO9I5CABFAAViZLJAAH4RY5aokEAF2f5sruDdAbsFTnSvyv8AAB0IrXE1PswUxeQAAEU0moW2I5LE8O2RChniUsRu3mGuowplCLtASVZHqsnxug4PsDrEW3Sj\/leTPqj5zsaBrtRlsbN9lOBqairoOcWnpMpgmaHQCpPptKrsTiKLv9DzkKDiiyP+Mqe+\/mlEdOWIT57m\/bm9VRc8tH+phNv28+B7nLrNXNbf+JIcCMe3B97c2i01lE5nP9lOGBndD+gNN+RzjizdPjT7CsIXwfii\/vPw0hQi3TTTCgYsoE3qaYNZIQa7y+ZulLHbauYPh7IRvVbsW6oMX5mqUpOCkwTG7qK3J0PWf+WY+NS17Sud\/qUl+vWLY3nRgL5hCL2d62+ht1MFTAd\/54SptMH7UTOp0SLwM2rzQ7K1vfHvBg0P1XtZu5\/ZPCWf9HzATlzy7lSiJk6IgXbAhRFG1G8fUp4\/ofu+HGCEF\/7UDhsGZrHHdSkUntprrQdJrtC9uwLQHDmvwvf+IflTbSL1rDFYxHI8L4wWpQGIUOrApnE\/9cNQvTN\/qDlFELbRPZMI+sgmXFe1wpxWQvJnUzbEgibgAlOEoK0YMMr00gbYRHnt\/XmwqnfPUMgFPhthy2NaZGYNKqtyo2LV+qQNOXTYs+yqM7Oe60KVRE8NtfRjTThOKaPHFROsWvuzwA+ukNXH9pokuvNAsPejuPAD\/pIIAFoeLo9EdQWTjq8bmJHRJLeQdgOixkkn6ZENEVhcApyT3Cjpyjy6XOyeAvH1rOAqQH1f5XGmtLPBx0PHlTgWwMQNd1EMcY81AvslHkFJ28FdohsGkQMrtF6QnW4yyffpqKjZGXR4Aft\/6zwVouPtFf+c842WgjqV9zAXzrH+Q4FG8Bkm133cuN6x\/UQjBUG9ulPeffB4LFwzJ6cgdlk8sALE9OsSEEFoZ7Kgq2RJG2B4QiAcvJ\/G23JlL4GPLCphHQL+uuXuBJ53c0dwm5IgyJmL+Fkv\/oWmjZHaja9h6d+MuXfjhw22jLCFl4NqE+v2ig\/Upn3KknaXhJpMXjSzUNFPLHancjwMFUrmgiHOiCGbChAN7KNYiHqvDaXEYjnuJfY1oM5mhTGv+oeOS3sb+HmH2iJecdF8bXE2rbafbwa6Uiv9ikM1BTBN7UiXD5IlCeKhBSPAXD2EauGLnJC8pFr5zgHjAQh4mgtnSEZQ0zN3cIdAyuQFOV8jS+\/nBwLOE8x1n4uqLxML18glCa2oWZgACniabrs7r2NaqfObdjspQwzjkU1TDyb5gdlLj\/eHIpfAuefXCBvRbCcBcf3j6IilvS6+AsNo2EQaT9604HtRnmqrZY9SdTX65A28Jmq3pM9OvQ\/TUFf5yYcqxQ9haiwBaX+NvsVDdtRqsd5\/7eI5m8Kz23+blc4m9ONL7svDOPbX8ss3fOhktK2bl8ThuCTTF503OHo06Lwdf8CjZvVZNlx9x5F\/PfM3mGcuSEt3i52BYpDCMhsRFqfjcUkuPmzCH58lXX47a19QYjODRwQE3Q0zKcLxx79OB9EdMQ85AedN\/Yq1ncVuwuxGbXOoZGRxYBpfpp+NMq0YojthjxX0BlTnVyrSw5lnJpqEdmlVw2bcD9yZZWHwXJvKr5qpx\/cr9xPEvlHadBYAjoEENWkL3gQJjVHBrOhAB1uTYhdNnltIi8vWgTzELMZlpUHeqiLODHWpAl4WXW8xnY8PcTaYP+SnKQgJmd43Zakfel6+p23x5PQixUcbkwGMl2kk7UtX\/gGRLqBBO2NRLJN5MePtLUrUVSVwbZY282tQGPil07XxyVmzfQkhzkp4eJ5a\/N1QTFtfiCHdNogD"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r2---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com","domainame":"r2---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433861875678,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} -00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":325,"global_ts_usec":1621433949433327} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":325,"global_ts_usec":1621433949433327} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433949433327,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","domainame":"b1.nel.goog","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621434024831376,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijfVAAH4RD4yokEAFubq3ue4VAbsFTpL9z\/8AAB0IwEpXITGNfFsANwCxWhQSYIUF\/WvpOS2d24m86qS7bcPY9ZqXL9ETLTiw416RPBiWWmatxUNDS4V+myDEXn29IuVE\/cSbBImAl6aiOQIEBTB\/SXbMixQXFNoJB8yYQYz6wms++ZMMx\/E4BhzwHBpTBXPh7b4mD3YSWE+XxUv9H9L2UZXkzlxf97xn0ny\/fPI\/0BBls5vpYFjJSYZYoIlr6vhdm\/ebeHlyzz6B8ygezIiK3UwVDadwbjMZG9Omuh7X1DhVgs3vz1W21fFGWXozYn3VF4XUTA2SbApAP2UYTQPidrIUUsyN9OEN+6zFcRKwBgiXUg0JDK+e1z3gz3W745d\/sI1uFMBbzhwnhKRBQCTyj6OoDAeCCoqL11AGEcZlyCkzwplqlHqv3BulzvKXdH9fy+hypwspz5JB3rBva7abdmpAfrNWtysCkoMbDEsi+BH9Sw\/WfI\/JW43OziRxWE0b\/6GaLLm0LPRqG0ta2a+8bSNrTX8mMiYpr81yyeAJGf+3SLq39ywLsaDDH+SnGlydZPTKaT5dEVTmOUfwB8TyliRH7r2g\/e8Jo89ZNHbaMlGDbYtZHnJ\/oXmkMMX0TtfMqSbUAI13SGw0x0yqJUBVeqWXi6nCYIEoougf\/rRSL7RNh\/DgbwKlBhtRbBjEQ\/fei4q7M4c5UJkO+skPmmiMvYCQhOGRb6M75LAcuzVGQ8XTpzS4Q49h3haLUT7LCYbVjfGyqoeek1PufbtNM7RA9oB6986rRvq1HME2Qh77x8xxPIkwZHbkxc\/bKYMzPnJ2UeHA+V+TItjasVAOkyFvBZpJobZJOx5lM+v4cwtiH2ykJPHJYMbL8uQhYq741WaUualB49TABJ2lncw6tGeQpg0Oc\/Ffn7jPYQNW8CiZh2MKru7wG5Af2I7ggRC0CDFHJi4CcaHMbjEL8xmaCoe7kEiBjZVMpQq8yq8HDVmX6xuiwGFbSpnmw7737hgdBgSQgsmzZ+eyRAnkDX7sSqv9hCS0Zcb3DoP4XMm+5jI\/u\/CnNPitv0yoNrGp5yiS0Bb3cyT9aVQMRpm5+oM6J8FgVTuiAzbLFQfG28vM2HH6RzkRHWgAdyYhr1dpw2Zy7iTAPNVWd1SULG1vIgBDQMenfFa7JoTVJsPivxw59Fc6nxyGVmp7UaHrhQVYqlLcKnPC62iMBiWrPAYZFn5ijxczxoNDc6ynoTmgTnNCK4rH5wD4cRLasJRPJwZqqD20+m0sIXMeyDt2b+cU4j\/UFP20j2zVAVzNgz5C8yIdFJDfygcCX1uMo4LGqi5N+2qh3+XEDAJQkfWgO2sWhpJa\/W6mNUejnWaDgkXgNbiL8BtuKDTdIalY78bJmkO8h2Cl7UuEPHZbPJY1CNBXdiCdtfcR\/\/69FKUtxyHLd44Txaub7ezT8XT\/2j1TO5ZpJK2c9CQslposHRZIXcQpmszsY7beFygv4KRpcCyDhjXHdoMk4Cx6Zf322ZH0visL\/1\/gL4MdUJwQBy3KCD2JhsiDqFkE3JPopsXvIIsTgN2itT8qn30ZnTFxpcPjawKM8R8YmcFcSfJXzy9S4n3fG5zVGgQhv+APAzodhVQyyG6paPspPsNKi3e6pZse6mfJbU+RHKTdtZrGwzhUbQsLxNpwTzdCArEwHBFERYdg28g2amHvk3VyhEJlMpWUR4CasyIc0tQUYMkJaCUUlS0aWSy5Tnhj9mf3ScVUNZtHYvoFQgMdxMVZR0ICCfvHTrO6AtY5\/AI2NI8kYvvIj5Qw+wIOEUvx1PjAGLWbH4JzLOrTxTHK"} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01077{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01053{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621434304066021,"pkt":"AAAAAAAAAAEA4PSECABFAAViGypAAH4RcNqokEAFie75AuGHAbsFTmxnxP8AAB0I6APGIi8XMbMANwAf+\/1CDYfNSqZV6JuY2eU0m84t1CHbeC6cE\/+erbLQOHtC\/LsGzIyDeeVGEgpwCWPVi+MQCnZE\/Ygc2mi4SLeix+8TnlYUcEJa7kzg6S+7lKmfSMXvMlPqpt8Jqhul99eiai\/CwIIhzgiuj7qKQafo1JRj2kBZbTRDU1+SZHOQN7e5Nj19ARXzRQ1f1x+ihAp61tvIBTDRPDLXc1ubHgvyinj5MfnF\/12s5SMxBHDDCXN3NmqXQxAS4MECv72MUs94PMpz9zGUL5LHUzGHAIbclxnzN7sHd1go4+lLCWey570KhMF8PzFiMw5ory1Vew4LX22LtMy2jvvM1vnDE1crnUnJCzQDcgJHDiRsasjBdtp7HdISribAOc8CB2obB0oyyA5X8m4qhy5s84s74KgzXgyxL59PIeQSEcVb59yBdZjMcyXXJ80CrHVTLXNi4PQyHnn48osYeAyUn8yU3VqEWwgftLAi39oJlXsQyCTXsKmuL7OB7gY7Vuai77q03lFhqfHaX9cLtEypQIWNB2r\/l2ALpr13EuKe2oyXGUuf78i9rQmSYgbO4A4y3MRD\/QqZXl\/77HpSb03kGClkTea21fqnpJT\/zJSYfPYFvCXBYWmiAW9wMzLsKUQeqeHCc1gL7imhRXQ4PrR2LeuOgoR5+fRtqAenht6XH9lUHNUo32hs\/wjLrrHX9gnX1hALWGhcNyMLvpFTjI5tPVKkRbNv5c3mJilmNWHxhjVHpnhQDdE3xh\/NfcCROvsyq5m28OWLWcPE2FvU5KBMY6t0tV0A4eoef29jjCAjLO\/M8mpZb7ujaK\/6H5Re8VFYbLmxdrQraYtMIxWND\/984VqRyFoxBrQh6ygpK33dCrOTNkgS2NHt4BbEN3kBlcM\/dJxkQlX\/WhjdaU\/jKdtFt12Kk5gsUCyahX7xPzli0x1FX\/Q6DmOvGVlWQmKwwBBrReFKQe+WYt51ygXzik317+tRLkmZwIN6Nf5C1O+PyUMA7NiOjHZECt9SxgRFTLngwK\/BOvB+tJVNrOjrc5ouhUeeMBFLaijzDUDK1PsEMcF3KYI4t\/ROzLfqLIxLRK+vFjZLKp8b\/lca3pPTeuTvHMH9GjJ0X9j4ISArXi3WDjwMH\/Ow1fIn6CTlfV8aDmzMvW0v9ZGuQXxYq3FVxoJ6jyGNfEJzY+Tal8doePa4R1YqwbnqHBlxYcCHiNxYcJir\/3tIthYf6C7p1vYTQ0q9zzsSi9ab+onOdI4XXVybeJLwUU0vgi23+ITCo5zV6ESOFAjb+YSOsYgwePhG2z0W6PMf7nvnuMEzAy1AOgdBeakrjggSIvTuM3izkIHo3vfWd9R+DyKdj7JlM\/HRJmVAHwQIB+FHDGPxLbMFK9o+C4TYA4LeNTQ2YMqk6y7D+GRumXbZ\/9OD7PDPvEuiASsqlgc7rtO5TmRCZno3ukk8JNtthovwosB91+YQlqUUew2kq+cJr8mtfNeNdB4fYgAJJqJbMWJd6QOv52uYyuvINUeitOOi64uHklHkyRistUgemwXXe7otvzQLzpEQlEHAtTBMiKoZve\/eJFLoSA8M6gHeOxwAnJqUrU74jdXSt1xL+HU2Hynt8\/YtqB6Ky+qMw0VdxI8dMW6f6iKuz3JMrpbMCfeILC76cPYJAI0R1JC+ZQwx6QeScq+kiLVZZk4THRZ2H5yZznb9iTrWTpZBeU0\/nsuUhcsqOtw38xuyp6cqnniKTRwy7qgYC9\/RKw732DLUQ1HhQkZ5LproX0hXWsSSQ8AXfC29DpYL"} -01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com","domainame":"ade.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com","domainame":"ade.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com"}} -00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":347,"global_ts_usec":1621486316206218} +00889{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":347,"global_ts_usec":1621486316206218} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316206218,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"} -01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1621486316485195,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316485195,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXhAAH4R2nE0uxSv0OWdUcWcAbsFTqeoxf8AAB0I+xTa7lKQafkAAEU02NqFlwI2X\/88ClDrDdUJKCRw\/slmHtAOwvb06+QlMjRjV0hs2aYrH3dl2vG36AHZbKvCCu+8tbZyidkId\/SwRLk\/aGUb9L+x4bKEhyji10luTyL48ncebSgio1Ylf2sP5y7qYToItoOHdM+sF4EspTkGPS58+WD5u+L5sXHLzRq6EFovw7tEFm4rXT1ncWUZsfHN3bUzi7UC\/xILKAQ258ulh3E12ZSv8bupoSOwAKHtGPJmU5UDctMjcbxM4bIIF8Y3B8utqsAN8n4iNen\/hK6bsT+7MeKDyJk8GvgeIX4qPhGkfCyzy2ZSx5In0Gj9mMFlrQlbRzQtMTQJLS9XHGrBJjKt7Kwt4iHS3C2\/ll+JnHv3jFSbkwPkaj4L9zsoUsRbA4HR60OvfubceMHwPcwpOKS\/YhEEpiSIRwK1XH4b0OZUCFWXt2vsvHXiJx7CWD5E6BOBg+ZYetFelTfuQxNgfXROtoGuJ+3wQxi2DRGnFXCHGYLoAO8i4AAIvpgGgoqzjNM1BmQvfSO\/X4dZ8fc7Fo7vdxAVJZrJXT4m2TBKFrsawVChuoJH67VOmFJS1xgFWukI7zRJtsXhN7Czc+i9T8YtKZjInSr9AVxgs0c5d\/WCQetSMLQd\/JT5oa0sx8n2J7Z2NcU99xovxV2uKz4qjrx\/Y2k6ZoB9x3f0Yg6sfXGEGo2MQD\/7z+LWRPw2gSm3FEw8jwVDd9S8o7TTxjGKX94D5vYTcchFQTfbn2HfhKqR8F1OQIlO\/wsmxlHMHBvFUjUhJiIPWRLZt9vP+JJ4qKw7nADsc3kkxPCiHPpOD07HQF+XsbdLrhdRPVrhK5WXHFkyBU\/dGYYuv1WiPzMaGJvkyCOgbXcAH3Gb5PcTDyew+MRzHK03TijcWQ+ZOoouVFzsL9ai7HJq8AhiXpNhyx1MICcuUOAIBkQWFqamjY7zI2GJ\/c8jdNXGDAcYVSSmicj+n+x1og23m\/OzzTHzOLv1hr3DJu3hQFGpKefyvQXTCQ\/t38x1oKMoJcBam+ydIiQL\/qBv8Cn9WIgDhZCWjY0H1Zu8jJgS\/pZVcJ7m1gqv0WsKI2s926YbdUCbQTSDQMHYPrbnBQU2zGsddtUkHA8smR00xItuhuXFpHntBzWrCuuKLbpV6LTA5KLTpwJmEru6UaR8hWJdlNusN0FzSumL2gnW0wHATZvtmTr71efZIP5glV9Q2+vjbPwcPmHOjEAqqO8a9LEnQ9t0G7b4NxL6vNhgV9vEOYuD\/QGqwrXjwJs\/ispzj8Z6ANFL8uKgoOlsRFn5hpE\/fEX3ckmgeLqbknqG+NWj2t9zKylkyKmSKmy\/cxU0t1SSA8TuG2Qovkwr8Q5atDfcwDzjbYNh4vnD4EwH9iR13QsPu2AvJQjfH4r8xwFeP4P+BosOwdv7qI095S245vAYmXdL+TcX5rXjtvIGCma5M3p3OuUhnY0Sw5uOMqNm7nKPE8gz+Qsbb3VghujUa0NFn\/z6mc8MCrFJWDwY0gtXgCMv3nHx0GNtveZAICqjHZI7xwD\/RqR1lUZAfrPmAYo2kQrmshXTSHK1+8ZYJQvHmShCz6JQySscdlE647wVjnlBAZLUNr\/JBi7VMTdmpytCi6WzCx9AClMAzaYwBrTYGAmEVrVYJn1CaBDE26M0v0gm+S3JJIUIKMgBJtWD32fztac9Z5cAdjD4Hplc8RLAKlcnsRn\/BbxbFD\/d6tMg\/0CsxSInqyE8gbUz3lWbKWZ4OyOgUZwqm1QvYwlCMJMB6wEc+xPqoVbA"} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1621486317090720,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486317090720,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXtAAH4R2m40uxSv0OWdUcWcAbsFTgb1xv8AAB0I+xTa7lKQafkAAEU0t4azdHP6WARXvgfhEqAKpp3NRuHRg86uDYx6EraWfkB\/keNDFP3812WLSUJscegRJDC6DlMfTKSYGWjNCpVN8MkKLUxcf64j8OSn7gJZrI\/Q\/gKqY6Z8WIW7yXuifcAcxkC+cmw4eAjlyzZBZvU8ggZVByRRED2WeesmX9AerV06QYER0EbcO9+qzWXQ6Y1556b95esXVXYKwgaT\/JKPANtVx8JfgN8Vh1WXykc2J\/44ZDFpxZFRkUgHxJ3usOwxmesQs2TSh30GqcsvOPy1uBZE3aVlHsrZmfwcenRdsFblzJPQcAyj4L\/6\/V7LtEzbpK98ZznFjKlQ\/CAc0XOreT7lRX11x9l8Nwo5wz1cQeBW03aSFui9mnb+3x1mHZOfYliDqBYAh9AjahgYUEMLGQiqpnnOD59nJV21MaJqJDM\/LJMSKyy9TxlVb0G\/G5WjXSDrmaBMSxIJiiiNThOK4NxEJznmEgpU9sC2Kzrji4qQ4sLSQ6G6Z0s\/K5gmRdAHVqFaA+OXNLXjAWZslcHRAYBCopAeso5rNrNCUMASsOo0cU4hy3GR22hGlLj3LBUy\/ywcQOfX7XYMmNZHdOfJKOwbfgqm7seEpATTHBOfsy1pkFj95HcOrlD13hBtaabu3RXQXmH3nvQQ0rAeKIQPng6Rz1ptjgs6q\/CsEIrQ831zGr9a68MXwQ51qstfBpiZJmHO5lQoTCcztT\/VSQm16LxdoNEA+tXVtDTHWzSIJ\/LsE7pROWa4ORaidOXgt5TuUpfp4UISCbasJi8sLhnJLPMM\/EMJ23P7ba+yNMO1yGyYgCP8y3iA4+Y0RCdbxKqNpblS1T9\/mwKgrVDaW0XfBdJ9ftVX8k4Asxj7aK\/grpVoo1x51mqqsIA\/eHwsOupYQnvyOKi6jHUZB2gug+9nv8P0lYzQYOI55nVygLmUPrt2mSQ2sxQZ3kNmobaJriv6tzeq4TnHl6oNqBTaUDSvgLoQFd9\/B93pzBto\/PWA85xxN7VZQOfd+DbFZ\/VBe73Qs+O+\/dsWYu8iQAMXiU4ipp9EIx\/uZoMUoWZj8rpSXDjEmLBbfMhJKI7th4AA0\/5pKTfK1Apef9X0Y5Kb2sWh24U\/M0c4i1SQdud1ypuHQGiudDhFPShSAhcPisWpjplWcdsEwxnBas4ojrBnnQjyHC2CNab1rcfTuqYLiJtZH+uFMNQqqo6\/rNfItXVpIQOkY7oH9NiquEBxGd5JMZV8xVdnW72qeBwOu707A4H9dx8aMxpNDFlsPT1CFtBo0+lBzmwd+U1J8RntLvUR++yoLGBfFoOFlBTxWd3EivQ+g4+hpsw6rhJx+o9KX12Wn+aCMzsyz2T+R275SnsosAVi6kZMH82nXvr3evy7oteFCprRiLgZZtTXZYQJnyvePz3+OCE1jJkDgtZz9lh5TRWEayVbmQ09oh0A2tO7l+b1MhJ9OOwh0tP+9C20L\/Rggyul58op2cZC7t0viwUloxNKFKHp6rLutsIgcRmAblAvmfE5evu8AKGMZAnbi\/qa50JLxEWg2ch014JrpjvQIgocJjdI4tVkdA1vAfzuTPMq6ZgpnlfebCtsmAjEOJvaC2jz2PpD3Da36F+9zqnKoYC4kArpMRPt1KxhhpnZuf4gUuyQNfw3N1IHRfKWJXJxGnUUH22LX3lkdvtG8ab43cqVRaBCEPVJUDvP1bY6E3TNNUkpsE2FLpbFaVjW8UTq4sTUXREoubs1+bmZBpV1b11ZgF\/sh+IuI5ZSadOQo47ZmlSoh\/ht"} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486318293980,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXxAAH4R2m00uxSv0OWdUcWcAbsFTrzuwv8AAB0I+xTa7lKQafkAAEU0b0etw9xtIwxmRUrUT+lJG\/HIA2h5o72YJGl+k1RRVouisA0tr\/Wftcb5AL\/kh3g1Y59GB0fzsG4hReQZN\/QERslfyf75Cu9XhfsmmJULaJXIrmgWYbEUP+kbnzpk9E1h6gl1aLlTQeU7IOi+jXi7JKbBf3E+ozV7d2ufqZF\/BHKoRIBoPguIrKry9CGUQocc1K57qR5dWgy9lkUOZz8gVIFyuTG6yc7uejOQPwWePvcig0r0Q1bshnNPaC1DwQUB+sIPmuerdt9pi\/7ju3bUm4GXfPxsPhGKRx+XUPsNnz+2jH+gIHeNQ8mFTTztrs8nSY7EQLCqzKxVtQ+9s9p7fTmG7oVh90YWrSJ5TNAUzNSotDIVA59y+eFNET8jRySHDwoicYROdm8pQd03zPRPp7mfSvDuS6oscfBdDKlei2BdjOBg2Yx7kt5e647x6pvdJ9CkBitraMHMVRsBwD\/mOfeSZv5sq3kLqQNiWGt6+hp2J6FmEtaz2gAIQjwoxnUOfe7LW53eswXrLkfHeoLvZQHwqeYJL5Vzm+I8lvHlNSqlU96WnF630F\/tY6wJIUYacQOgouRmvPq5k3w0s+tBOXe2AOev8h0DVNYTXcQA+ravs6pq8F+AbFbqyXzlH8vfnWlucj4PN8hI+6LtJAK1MEXbBg3jHAZx\/FRpvjz0rM5+LGQcT\/FjIkBhn4Ge5v5yx86G3TgRa\/RgfaAM\/ZtBSgBO+Jyl3wiJcxhSrma6iROZ5rPWarOafy1b6kIliMASN3Ti8sqAmAjcnDUx0YFQL1DTL8WzF8bEhLpNMW99cWIMD3fozY1xmKdleKBLKqnc4kzRgYM0yPltBptwwo9kIkFNEr08L326zsUmsNQ9psDCy7AsbWUu8JMMlVWErt5DMlj6H\/RCKqH7EGfpRImIRITwL4F28XYdOB\/Ju9gHCUUN1myZc4lKITaYVxZUfqvPkGi0D643ncymEyf7mpcRV8\/kihNJDMnBYkBSvGv6rQCOcngBNFuOnojRM5hCagf5jzcI5cFkpwoU94OdqwWpq3+AU9fS4Irh9uNRUNwplErI69e7ZvlZBs7vnQkNb51XV+DeaK8pS8aYQu7yaI2Nbsp6YHp2FBK8e\/RRL81r4JNA0J0WaRTpFBhpCQxm7qpThrp5qicqKApkn4S849EZlYa9JvP34SK3IUVnUu7+5aT5las6SlCVrccRzAUWNSS5cJ+7RNrGGjnsxWr+4HCwblbLW5+E3YBirqVmN1ZvEQ5Bs+WZQgjfNTK10S8cvvuKiIa7hk\/\/svOkRSgKrr69AJCquyYvBNwkq2f8wUIESzpeWSfulqHV+di+MTYBfPXjf3wnyO2peKbDI25j+eJXv1N4UlVBMVfAABfD2bMmTsOXdsSrAcnpUJOl\/3Eo+\/p3qd\/6GMxRFl16i\/+171svBEX9MOSRN92Brcl59BnjOtc4M9N+oo1fPmQoc4PAiUJNs6f\/QYHkzPh\/zirmfwh3Gy4xzT1glA1dYb+ckkWEFHrXKajMFkq5NGvFq2E9fDfI11YxP4TSZxWH5bXQbDS6lVdKpUVa4a2EnHv790H2zGdYc7siVASpFrosVFKJIlAgcEU4FFjFZ1OB28A3+1Y5IElEguS6SUapEc21YhXmESQfXZdpmjw8SAt8uSNPs1uAvdoveofXf6OH1nl5ApnmEDPTf05rElynWIlEjNbv40NknillHA2rOZquAn5X6jxx3vH99CalLzHHxGTxijfsBNuS\/rWZtrSEfq4LatK2Q4ySoyP2"} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486318293980,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486369476762,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaPxAAH4RXAU0uxSvYyqF9e6hAbsFTrhSxP8AAB0I+0NvIwjQu6UAAEU0azRBvw0HhuIl9\/xBjvifKak7sXpTLlmi+dbAR0gnHQ8yLpljofwXe+5I8+bjI6htbC0wktYLe9u1IbRrfn281Ygo9P+77SbfKFoWgOiNBP7DCcTYRMpm60boF\/tXFlu4RcDwIKHkE98LfcboNnZO6vgCOMNp2Oc0FW71MgnEMdGflqZG7oF457RNBS84xcpV6nGLNOdNKSMQqzQlO4jgRLIFlWEVMuZfPjKeCbFvi+9u443qZzhpp1RjViXLJQLM4O3xNtmwsrIybLL167f7g6DkkCHpv7D4g7Aegn0CUSGnhsDPpzH6vl+y+ZphsvLUKg8Up8DKE6OcuDZ2hrkBODY3w78BA6TwCijjXzbEkjwfOo6WXZ7anzvjy2rKeTxPqEDLbbU2mUP9vwNYzNXJKG2DUAsDLDw6z7pW\/sws6BGrQtkI4MswvtPP3tTOUG\/fE\/ztGz6sn0isa49Skrr5sdjTBckHoBSXiarAL+UhWVH3IgXrw7LDIqxiqdq7nRgSKmIzhN9fAbY6UXqQ932CN1pNDdZ9w\/GGn2o7t3bhxb5QVcZtml2RlYzXpD38XPIVBBQ47INhpeNulXlv8GPqMtdWTZebqe4kY7kqcVj0cQPvIwucmOBjpmJQg7KJ7oAQf9\/GJCRUlYyPpb8UxzZhEIeu3XefRjDZNtuoutnX0dz+oXCLYmdZjfP36HFbNYRByGa5fmywec37zgU\/qlyWBC2YCwex2EfvKOy9LWsTwa0ZT8kdxRFmJEv3ynISWQk6m6ALqZbKftEzLU53Sbc5IUV0op9T4rpP0U+RHeEC5OrRZtLDz7Eoi9XXjobuI3Vg8eC4MHSuUO6V5Xv0Nf3+ekeBTC4ZPF9uBseY\/M\/dl0+yfCT+XFaXx3GicyqgVnrvdtodSYLOXs8ya9nmPO\/qYXeXC3eiFr+iktgKCZgHHx3a+niakZlOQIdnQs8m+3FjMcPGf5iRRc1au20WBWADTpVoSMiHx7In8vZZ951ksDsiVML5vgKF3uCPIZiGrbd7epc75W0H66E6MYCh6UtGfeXcH48l\/e5dYlz+GnvNtX24qdsZ8ZjyXvychZ2KIR22+ZYaEiM\/DEMB6luZTBsCO\/v2zsreln6ASIp00NFiopmG5ECaS\/wzhc7cyOYeoLY+l9laxEBYEqW7mGrKnqBUW8CdAonXxsjkGQxEgjetP14OMrGziNFo3Hmm4YUyWifAkDAA0y29APcv6DiME4DgmAODMt0L6F2HG8ByP+NbokUTWDBX+4z7Vu5mleZba895fNmU9ORQiZpsGKf5KdpS60rinWsd7H7F5AaKkK9V8ehTTA2KJN4FeRKEoVzjZNBXQIIp68V\/vTf6MjitUwkEVupaAbIqjiysCSlLtNhGoB5fG+h4bOdXHXY5aevu6eMcfIv\/VbjnB55QeiEX\/EGcg3yTCoROSaMNCGVQt7zybtKYLEAyJsZQdEzgoFSBm\/aVwsdOJLWiaQNxXr18wB2gwcynUtmY2OVRwX9j017xp7wGxmkp6fMo89Q5EZUZHfrQPUTsdLVxwrCtX8+BW19j1yLDE1jHz\/+hGjjVhkwiSSrUAMm3RWzCmyQbEXOdJpYEBon5bDAOn9LIToMnCQE86GVIS0UXQomCSYbZ4epFa1Ztm0zGdSLCKIfptcYOK6+a0cWvPAl+LZLk6bVf4IQ3VrJ2Pyo8DyjbC59d75TDSUXKmy1\/\/IRu4PkQCaoDSf88oNbPYxcEpRCESbf7WtoG6B+DEymuEdUAjcUwmOAZpwYnrVev"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1621486369781501,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486369781501,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQVAAH4RW\/w0uxSvYyqF9e6hAbsFTrnVzP8AAB0I+0NvIwjQu6UAAEU03RUajo54f3xaeQcz5ShQCKZJx+hnzaoOL+d9TDb2UYj2DFEQFg8O+PU04LqxBWrWZC6Jw7FAOK24WCy0+Qq+3W2m1Yj3lW4LJIV888sWjcqqlWbULhyMA\/KD5b8qufe+TPSdlntyuZPV2pTPKi5B+SQiTyl5FD9POY3+v3rSnfowAVM2nytoVtVAXU7ajofA6WeK40X1jrJmHBb8E8rErNsDpXfZzug5wr1qdAlbwVJRdAAFYIZgoB2\/qSq5jmhYNWc\/gyOteYYnvauiknHb14gnDW9kJk2AXthTxKyTuNGMMxIe8\/+57XTEdXgzJjfVFWlgu2dHS8t\/0D3vzl8kg3nUD3Et77FL6IMLHaLSMukGOY1oBOkzjqX9K7VF4oQZRG9WjeL8sHkc22npUwO8iu8Bg0QKzz6y1u\/WTGBcWCD6mmt7brbnyRuuQgJ5OSl+aUzFnuzYJwIcGCDmEAvg+d8QzbJwb0\/ydw6dj0OMY83exGXykPAMPH7d7uEh5qtWi73l2znhazBL+P6xXiAwMP5388MuTY+jv7myTvH2QegjTUhQrSoffjxgsBE+ew2qlWyIZdlD9xSPSQjzdG892xvO+Daqm0xCPE1\/DcTBrgTsBx5zRHmldCADLkPEXpDHIwwb64NYIN\/OgJT2Txk9iwrogjaIoAbzHDjBsRD+zjRv6ke5JHSd+l5VjHM2dZF9PUtL0DvVyYUjBO9tnDbTkEoPXCgLrgUFMpYiHso39U9eNfLO5kGqcHN+eOpKAvyRZVxKbK9+4n4VOyQK+R8se+nV68oYONIx4HlUc503SyGOap\/\/LCYROiGY4eaPDh7vr94Iu30hTjCiyIlio3ENmo2Xtpgx0y4zki182URjhdi2lMGGt75JESZeZfkA34f7hLFevCumcj6ijOjzZ0u42eGs\/RX\/7\/yBrnMjY+2gfiJ4TxqZChQis\/GYKAbD2JIuzCsi6V2Ubm8Nw35KDS+sB53W6Do27E2GSA2DWv+MzAm6zveezQDVV+o4OsT5neD4AAwgLFy\/Qy2xi+GZjSkZy8RSo3iRdAs62eGy1gVfhyPrNudRwVNEuWk\/dY2itlVJ+HJ28fJnpvvX3tj8I7p1+1yZJSjalMpM5yQmgJkG9WVckV8DGAWXv3xO8cB5OugwG77mQoMStI3vQGUXlb1t4\/i+fDw\/GuS4IZc1qT+z2tWNFMto35TYb7NCelxMcXuuM+fYamAktrAw1KxhGvSXuYqr\/srgGiZhDyKLEbwtAm\/PUk8PsLr9uf3dxP9zKVSrZ3enmKDlUmAbwVi3hp78d\/5QtHvS4TMGUKLEXPCDhUSuwE7OOnJPgm+9br0i+fWDTX4tU91C\/jkplORo4Cj82ZnXtiWWPH0axQZfuh8nQGk2O3ZzNJTPqAtZI1gmIa6n7kNGEdgtaMX7Pg3vjDy68p5aVHfYpO\/dRKKWrMVDPCoBiAvp7eoWe9rRs4zHZdWniTJ3TJ\/1zSX8g\/p4+Y0B5FqL1OIXFwBjWTct4roreoqwYWuYvynwyepiVqQwZWkuHxiCkCJi1WnbBJ5iZfX\/8wWqdcHJRUcAJUNgCfoV7Ve\/zYSplpt9zSooIJyCI6uI9H8NvW80zzMgfGToxt4BHzDG95IPe8ajcFZ5KX0BoZRF14qIUNMRcwxWisnEuOIE\/Q+ayMiFBDXLhxu7NRovYXsWUIFNs5o2BFE\/MKTaf\/oZ0iEYees5KfoTm65JfoEaFJ9jS3QBRmZFIyZUE+OXP+Hcko2Pe\/+D7s3GVBk0cIMYErQi"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1621486370391009,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486370391009,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQZAAH4RW\/s0uxSvYyqF9e6hAbsFTimxxf8AAB0I+0NvIwjQu6UAAEU03bTMBGYCrS8cnv5vhFjbtc1bGvAvFQnZB6yJG8NkcrmiIIJPIXl2q4dOP10rWX5YFWQXsyHMoGvgrIcWDVzIX3NZ7o8SxUndmlIUJBVqXEfKC6th0dxYBXCRfJJYWNyYrXmuN+Y0PL58UHK7tpZpgBK7mIQyQqSMZcKAs7IPHVXv2Sv3DGgEdMifspeJLZrqAdK5aSG9OqL\/1HP9dlfRJZOn5z1AX6j5z63ULJV5lG7V5bETO20pw88dGKcT+ZGMwvA69Sd5k0J76yF4otVf+nWsZJtlYGjXtglJhDbIRllnDv+E+a46adZELPbL8K3oBj6\/CCVCE2naOyEf6mPlfsVkBDeGjKbsRBu21pYLux7J6CXacUP3TFJ44akagTX\/8xKYW3ZaCu4Q0+BcjGnTHcCQO7kjxo2v3xqEKiOBagnZztVu8xYJUV1uSp0p84BGJGssQKgY2BPdhtNjFgTRBcdgKWi1F7+kUVb\/YTbwJyuRTa+PDvQQMNFOZgaYCsfjqFJWHKG2zIwkFspCoaCF8XtQGkCq9jE6y4qf4zjPbZ7N1UwwnwdZxfWb1Fw4aktZsDsenXL8B8X0NngfTME6MDZxvWCxHmQc5ppnjDsJXBvxCfHQyc9M7d8D8CeVC+HWbU67PYxUuKsITW5a7mAaKH0WaTJ26olLUeQA3GDIUFw9xUdggvpZTPLePjQefZEEfRjRjT8iEYeb9CzGQi6t+9fTQ6pc+9Rp6a50KYQ1uCZSpODozp\/OQcBEbdR9GtmHpCDR0JSPJbtOYkVGGl9N0B1JEmNoUvWkQjGNjAZe3zsIkxaJ57mePus0qsRip0mYliPwjYjUPzsCHzNeDVwVXuWpUcUzM2mUJOgikCw6XKjTRqaWuAqeW1c9z4mZTbOSK\/TxHcCg\/WiNrzmz+WTnbB9BVLyyGE4vg7qJFN4PX2g3DqbfkifJRA9XPVuXHaYWBlDVz8FX3HNEQ6rLUkFa6eqyarqoeBLNt0e0nZn9mcxG4Qo9mD2OYNdYfux80GSAZIDpyIm8TDnnEmhS5z2HYyomgtO2Y4t\/N5FkVRx6yIfdqPtr7Ui3r9fpMCfazjmjrQ+LfRUxo6Q2p6YAAv1C6FuIqrLJVqHI\/kpJu7ZWHTe2PKlaiOnlj1A5JSK4vO\/0WUDs4dtC6LTCRT2cHR8t0Gej0FDzJ++VJbM\/YfPg8brEWZFYdpsvpeNzCryX37u4tW9MApgeHZ1fZQT7f+f0wNL3xb9nkBGv430\/o6aRXdV4rdsVK1Icwt6zKjtP4+M0EEPcPCQVgeyQEGAAiT3Uzle36U56GZffLsCMgG23H\/3Z1NKDWwffbKh1gfnfiwFVKdwun1Qt78gbk1vSqnomb\/J79AsHqjs4dj92ExlMBaeEeYS838CC1\/+GvM2TQqnNQGc0TBtsKDsLKmNN\/8BHFpN4K9oCP36JNjPgUtLnOiEpwlupSGWcDbtdi6ZFxy+Q7dsd+3esOK\/k1qXwrnT1z9erk299qqN\/tK39BUGopYzBcI7ZqtvWVyUcAQv4rkOvMHmT93EH9eAV\/HM1whxSr7kyLBcJNnJ8VG6vC+5b8Eiwd4KEvhX4SUFtdpJK\/juljSeDOnjRTvrONC\/wed2ymfPWrpUK94fPBsgVhs3zwEWHcezodeiB7xOvk8HZvWHvIdUWX23Dy5xvn5LYUigujlWn4Of6EawcMVeXgViQ66NNCX\/RKsSqrI\/0g0LQPkUhNuc1Z6LvT+izQ7m4p2uahClxy2m7stvMB02QAeTxR40TF5yA"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_src_last_pkt_time":1621486371605818,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486371605818,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQdAAH4RW\/o0uxSvYyqF9e6hAbsFTpway\/8AAB0I+0NvIwjQu6UAAEU0VIfjXpTQhL1NMida8WQFmgohKhkeACQv1G0lgn7XSGb82pEDjyQSns+ce5wfBARD57POCOFsCOT6gWzp+brfODTHCoiG0wmrxM1adCtyLnSGQ3hU2m4KYrTNyuBWOTT1MGAbai1bV2+cJ8TJpnw+LWhRN+J0f2T9\/5XrLf7L0eMFLdmEghIxKx35yP3gzkD5aO+qCHqf1rb8y3CjRFFvzhAWWb8SbVOclOotIYjMppDo6I89vBtyi8x7wTB\/TXxdaI5xv+fcDmVrHG+loFcq6Npe\/VftmaYxpKh4lwZ67ygnswuKfLqyjQlFBBYU2qY4T0qVC07Vpzw7fiXY9eEHzl0urNoFUK8VnRQRxqs14r4oHwW2Z0pNj4PK1bJ4LVD+d98Dh6e9n2QoNiTmZIytYmSVZY8fcr+dz1Jz28vKj2pvDiohof043KLkJNODPWzP0C5epdxeLalUUjCP1i4vsXTjOP272SS\/ISmc1Ps4b3xstVlDwB0i\/o5k9mvon+MSLzqiNFnHDQvl4qMFjVF34bsB\/EfmCeJj8NRyrVrhtoxRCus0\/UbRWGwy\/pNTmtdIj+NQI4w5REL+pAj3VLF6RlS9zuPni0mP7F+ZpByd0q3u9nDSnIHmfGdos5zeW2+zyh3A3pU\/FXnEuNCEzG40NsbuHBtp6EesjzIs4TJWjOtY+QqxPHbeiZQSIWbD\/KPxVEi\/KfWy3KJSHc4VNfZ20FOGeqsLRXY21HgvK8lNgSvaf+UuqqRSYyVlslcB0igGPrL1jvcGNYPoCGsaRMxEdPEjDDpq38bOYAqHQoIuH9R326ysvd9fDL0QWqFJU+hyWZRDVTvAJ010YMQhOgb4iPgW0LdVwgKhcgVN8Nte3ettIP8\/nPPdMlnYlYGBCWuqy+4l3PVPQZE5yz7Vv7n3BTS8tycmYNaSru4WpUQZCcm4uIhZ8yBuVZuYzo14eEUILoObgm1vURIHZY5gKcVXdReFL4J8QqVPe6GKRuNhuSLSGlcNL6z3KquKs+kJLhBsUUjyTOab6JtQYqIXwf3KhVwQWr4o9yDIX36xJmsEoCvjbyo\/FUtR5f4kh7UrfVOwtOZxwOLcl7Wgz0wL4sJ8ZHC8j63+tgPOBcahSRC\/vTkeus+TIJ8xBj62Arm6G8Z1g9WS7\/iY1gFzBL\/XBgsKG9IlAQ+pklOg1ZF4MS+90gVdT6jJT2nQR2ix5AnBq8tmG+zTcvdiKKD66ixBAzqjL8tDxFfosHgRzmyaegMCjvVug7QCSTyPVXzPGmK1q475A4p+moIan9eR3fs9SYV8MV9zo\/Q6bMCW\/i9ZCg8jCxU3v9VHFGL1oj+gkB4EkxR0Xm+ZaNjZu2VeEBZVlzKot67uA4tPAsZi58vQWvdo2VFfEPk5BjlfJ4wvLcEbtkA4we3WWXHwYPRk7oX673XeVEFv\/9Sz07iUKdiMXO1iu6yUCT1KmDgxpAizd9dGIJgd9I15i4byev8M9Aj9VmGfI1QSsSOs1dsosZQMCL5C2xy+GB6s9s3WKAy2Oz\/XTtsVGBo7LPZXfcFcTkGv8ilsJSH74Bq1qU\/\/pbeefJ5HnNMcvV5uiHwRh+xtb+lSLg7A+TYkdQpGaI9iskwXy4cDxjdwiAEsOx9dwHED2FJ5TAYSWegDfFJy+u4jDZzWz8gLyS6SFSRo6PR1N1pIfkcnBct3yHUqEYTXeR2D3IsPqtk4slz5MCEkORnzRPLgFOH0FRE6PFEkXTmDc0LEFdoqobjKz4GlTxo1s8h5CX0XEZA0PeyG"} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486371605818,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486385474238,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486385474238,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZFAAH4R2lg0uxSv0OWdUcLYAbsFTiq5xP8AAB0I+aKrjQG3wPMAAEU0wuD+7fY6Iyc8tUyNR8o8NpWyUYFI2ltF3LBlXWefiS8pWcL74QB2DRW9zaYKiQLkhdAYa9TytEiykfGGocLbybyMzfU84hTMBvmtN9X8ZFMfEisph4kQ3rvmzIKxImtWYbPuenHPvncTyghAlfBjyTAs4SBTn7zgSiTlWDdrfi34xfTstE2uvPZkKaWey9pXrjtdmfzoUf\/pnc+joM+ZvbIOQcTsRmXe5mjiVNaJ6HbPiHfKS10CyjUY01LajnspTwPslYnWYHNLgwAGsyRZ3BxR6GzhK0yi77NGNugWOahmIQ6nR7Ydevwzssc8uD6\/61qD61eTpCJutHPvmpIMYyBaYt3YTvj7rWTy4+Jwluo7NCbmBS6erQnQ0BioBgOLfZKwMDge8tR1RT7fB2y73uabWZmh+z9EXiZif9vDBEIzL8O7i8XDK+n4f62Ye3t+bnf3T\/kEu06cpWij61xvDaapGt5KkkpyGLnr1+FLnojx+RRHnFHIYRBgk0R2kEDER0hHA1VeiOanzTBCFFmvwFA4TMEyQweEYvKw3Kr5NUAc2xOwhVaAL3S6xL\/Wk\/SHYOYp5f0PvIEoO7\/8io\/mEJnGHY\/3kgfXj71k\/T3+r2XctxV8PD3XFXtFnV1FZeROEc3BUlMypjGko0Tbxn8TLjIbiqBt40oHwVFVvr3zGWD1h4RU4S4gf9uyP8Ze+YtGqGo434thBMwnGvfjKdLhQJtIVyNEqyYwuvEvQSBGG+kgp7fWxhCxs3+fbhPQTRYk\/v3WUK2SO9YuJEstt\/h2vF9QgTemr9AIjZTwspLB5lVyViciTmGq8Sv0ccZicPe8AazPdv40uBUNsLwlJBWnFFcDvymaaOS6K09cWBdy0mbrwp8\/Qf2j\/wwjY+o0OYJsGRCGGQ6ET57ektTFjrSGOVwqV9ScfzX5znZD+H6kwkBf1O5IzmA+\/GA1wqzC5J9sUPvKCTirqPecQIYYVquKinZKzhsDVhUADXpFT0udOlKR0uhkOCRqJsNTXL\/mafXS3+PSGh99iH51SwtUUJntU0BR8enFfk1SrdSRAr8wyz4qsVel4jzWEdUfHV\/P86FFH+QEw1abjB2h3SRqAAOHmAfcG\/uY9ox6u2GzMWSaZnsaTqOVBeLeWcQzhkrU9Z0XOCXuT8oREqaNA5FtJW8KWw4W7AgsJOgQ6KKmOhxh\/Sa9xvwEc+UXuYo4+9\/295WwLPUiqlmI80sZ5MoN\/M3QtOiUpRW6uU50HQdEXpljpfNX1Ul8JoBTMhvcJ5NW+FyRXYKNMfEEmEJ\/bvF3\/j1YI05JniGjM6mnl++dN8BP+GVMRR9DzF5J5ULbCVwM0AAMJLiLlwhwq9U40MTPoWJnoX9YFggLWwj9lQC065dWBen4MPGk26TfmuuXGV+X8k4iX8RotxUbiRr+NVmhdaVnI0o8YdFg4IeDNDlpwLL0St6sT5ZrmettHNngu+I1PPObx1u4\/0P0MqDPvazomUz93QZhJKVKT9C6LEyLYcSjxTGXp1+z4ZDBBfwlu0ys9uEElkGFm3wDpJMIW9I5cCW\/YYdHy79zUfD6w9hQ\/hirJGoMOzA0yz\/\/oESSV5DpdQtEEpQVf+pa4YsPzNg2XIlz8e+OjE7mj5zn0kQEz19jUtEba97CNXLU5+IwcQj89kSD6mwJqhhNAA9qbQHiUlU2rWwCsntFwUpKLMMcVCHYrVsOlaOMOyK7dkwME8jMVzZFIiv19xEqG38D3uh5T3lqXB4+cO87sUlV0VfbSVX2jiLZmUKp"} -01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486385474238,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486385474238,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","domainame":"update.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1621486385780013,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486385780013,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1621486386389522,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486386389522,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486387592524,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZtAAH4R2k40uxSv0OWdUcLYAbsFTgQXw\/8AAB0I+aKrjQG3wPMAAEU0xCd9oY\/N5GDZbDE4\/dOAMM8w9gJlBMdgsJyYzUVv\/0YsXpimfRnBwl29RRLJpKiN2vb9qt4MuD8jjaA8\/Ma4PVpfwUFq6LbJeRQBUGSZvMkZyGwkFinTbjgUyAkhfj1a3T+A\/pYdS+eiFki068+ZjjYzXXbovNfHhBW\/avWnLZp+g63\/0bEApzU3SRBSWovLccBt37mDz+\/X7ljq3jZ56mszVdUjpMySh8HlAUXPd44quqaILcmJ3XzO6+AP3v6NtRf+Ez4FakJ6ZHTyZ9cxn\/M2cpxjR+88FCSnW4BO6n04wyVghjBoPZKUE0x\/efmEPxlFiHyK+V\/S05omMsEg4KyTXtoH84NLY9j6s\/sYLuTGf+1niq35+5vNk7z8FQTqkx0uUQiJxEBBandMjRYJziJI0IUvx74FTlpyyrzRdLO7m85Wg3l6V6PR2J\/blE\/cCYxryipemZLCaQtm4Wt1XvwSrBDG9or2S\/o9aTdo5cLlztIANl8QlKqMe6BMy5b8l1JPu7CoRhJLfvOYoN8EPhRAEFr7S9cgoTIWicvaNVMYpqyDloZuk4HrvgDNT7BcW0+GudrrH\/SRagWbVb6HF\/t\/HVBpJ8wtp6qBqTQubvJiwnMW2kyOr9zCX4HIZlDeMk7wncNRysDJVtF98R2OBfM2hFkrBJOSqWlBpnPOAq8ld9BhIIF\/KOOrIQa5umfeiYL4pA9ewygJg8JTfKlN8AVbT1Fj0NqzKXvt2naKmjJNcvMDcv\/sA9XSuRhyBH+Ya6lzfH+ATMfha7m457kJ7SDdJC9RdTvl3MaNXuwBcPVxgMkDUAwanLgj4Ha5wyi90iwhgi1Fv7yhKuHS9dm0DR6v9w6reCyaarbb\/MuTQamIHgAU1JnxgXNVRb1+8JE\/p8JNxCNRubXAe\/LfeqOucvaqBptZocLopG3UGhD6FDdFEMPBSubwiPFIl8iSb7adiJkvTOl9R44Au33DEkQDKqma1vEZdngOkX2y3a6i2QlLYezmNetOVaSvgh6hWKH3wPjmZv+KbKBxgQHwgeE8LBFdhp8R9uXkyumqod8N\/2ZZoNsIzdT9hG9MMIRbROhqoU6YXimXMLMobsrBl20jmZZj81VfqHvhl8TR+vZyq78Bqp4u1jryKf2imnuEPBKdCC5fvNlBb7xs\/sRBPvf8csWmkLHH+Y+i2jvExRNzaNjpNbVcSgcynEzupt0GCBmnvQNrIguvrmnsw65Ynm83oGpWNnPwZnMaOrwRxwiAoIKWlQmm4KMGWUp+70IslYOfcgLdLJTLHeMC9ZrqLEXBcB9v5JEr6k48H4VT\/4nsaMcRUoMlCbvZVgXQrDWhAVWD064fuJmpaQD6sC33JaBDQC7SNYZA9v8xG04uqWAaBYhq0f4GXZgWCf\/pL0xDIQPr5LYmXNQ8oR7baWpT8SnrzmKtfZm+3Eq3mkta\/zSAinzJxR\/hv\/chAQRtJPuytYaLuIFjJqWGPK43+vg4u28ITj3Lo6sid5rW0ETnWXiD1HWPxLeqo9IaxINyUG3VTbEXGQAy9RaFypmaGa9wl16uKZH1LXbQGs9n+Mszgvdzu9j4OQ2ZoJWk3bI+FSt2JRKGdGIT2nmFeFyt4OvnEmemYlsSr34VtmNZxUKNLrI8H3TIjqGgBGqAPbNjgCzNSjbgcuAZzfm14qerHKESSs\/NgV8nbw4APrHMEEPlmmODnlRp9aAe3QL7ti+0V2LpiS20xNUK4EL2ygfdueMEB35Nif2zIIDr5vCmLLJvSvw4V0PxhUdk"} -00890{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":368,"global_ts_usec":1621488172593774} +00890{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":368,"global_ts_usec":1621488172593774} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488172593774,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1621488172891768,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488172891768,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb5AAH4R06OfdbB80OWdUePhAbsFTm8Pzf8AAB0IIYJbjKvcKZMAAEU0+s8UmerPzJNPf2vFFmMIxXzWOI8+nlMJBqPIX91\/fJ41T6FVJdyz55\/AUFcKq9ZZyk2YP1zAlqFolkkHkO3Xi8aifTMn51fKa2wn5Crg\/NezDOPCbLX1Xw15fkvxcQMtx4EhBp9vvHyapMkXhNDJRu9RXfR+jrCal+s6uozM4Bh\/jgsteWhVYvFutpLBcFpAsACOZOXcc76QRT29xwiI2HkTMraeke6E6Elw3fZ8\/x0cjiKmAdvj\/rbQ44niXNogWCExDiid2qXxV\/VGMqrcCQpdoi78teOlLV1cLZCyKK9Gz1YT8+74zc3fizqw3J2xo1b0u2CHknZb06C+uIl7e5NEZUm2WVVu0v4iXHKkXSNY51UoQsVSs9xffcs1c0GmB\/wh2f7GXXXrVNip8rLBByPg2DJfrk+PoxGJ3J1kwQ1qDmOjB+UdN6fAUDfkxumO+fJw5izefocSJigy5LmmrjyewC9W+CDD3xJ\/cFzJCoFgSyf95fZ38+c\/H2rJBuKCVW1pdiho\/NBYDfaWuy5vckCjxN4xZv2JHxLWOVrRbclHG\/W4SWRZQP56mfXat0F0uG7PtJ8CgwXQ7NSbWtihIdZ43Ml3L0hioaK94VzmiCutO2T6s1ZqHQABM0\/PLZwtIpO3lBVHxkmK8czxVU2bfhh8Bd2aiAShWCZbWF5jU8EnQsfhGgHyekqxaLTahPiDCOg0SBmkozlENpi+0yMs2D5IkWhpyqBstkxFFNgybyAV5r6Lhm7JHwq3ZfXZFrRSuhRUAeCOh+NaYs7welFWYGPQBos2AQTRUC3NlRnOAtgvnKyVKOW2QjRgtqEzb4WdTL0bbNQ2FQpc9GYYE\/flJ2uoIFGQuv3JETxQMq9QMyae75gPV\/Bj+xdFH57XdiAsHKWYX7zqDRuKxKMuekYDDstuaLV4VDQc6MVZaJFii0GEv\/SupV\/58ZZpNHFEEyZHJzfkH2tbuh5MUuS5PofLOSzfTRmu+vMjtYQ209SICOmLVwPZ8u2AGrlFW2EqkZfbKI9erViZ2Unn0RZM2Pn+Wgst22Sb5g8wjh4wiA9weFHLORi1vWiHZkYe2\/BL8j1rJOY+xONNiXjbzvs+yXxIs+kJcjMnf6gyaovRvL\/c6j4rDv+KS6KHyF5Hju3yVQObDWEk+4j7PY+PaxYyvjYZHI36l3YksknZbaOMlMvl6nVwtU\/k8ACWq1HuEpfSG1UyrshCoDlTkhmlMZlMD7qdLPEuFj6m4MSRbjzW3hQa\/qxU3T2Qgki9LeSxXGYHJB9FXzq8yIQ0vOgWUQBxW\/4B0BqwQlgEeI27byi7vI9kmpC7Qou2YWyfsYTI9GGARRW7m5xU+maz8hHKd9KDfpthCymON5jJnYSptI3eug5aoGebEfP5bAslTyRCDFlm2Q8uSYfqFoNXujhc5z8WRPjLGKq59LGiZiW\/yB6lByCmmdTIYea2rAoFVqdYtPOdeFLrrKWhD5CpJEWImL1e1iTCT+E807\/aKY4QGP2WsFpn7d+gLCr5xQK6CXuhhNH9slGRzedlepwRyZh\/3i53f2a3Gl9RXi3N64p6CoFGMqiF8smMYblBOriOhOrEkIll8SQrZsnx81mclM\/4eF2UVnsQIp5n07HaGrEdZCT8fSndvbKLHO\/t6xkch5Ixv6BouSjYWklnDUEpJZz+jrQFC2wuRvZqOy6nf4lhu\/4E2kmpv\/MgYvFMVgKwJlJICexzBQbnudDHL7qYGQXGmi1uMwd9ljoVOFUJTpmzZx2wQtELSWXl0AWl"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_src_last_pkt_time":1621488173506021,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488173506021,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb9AAH4R06KfdbB80OWdUePhAbsFToJhz\/8AAB0IIYJbjKvcKZMAAEU0qqZ2\/TuAubKLOjJ81oMaQxBMQ+\/6Vw7RaaKNzHvrM1NT+orB\/NmJSKxGxbSKEavrqUsSfkdDyIeYu3DeilK2GpCIubh8xfR7tcGDs399cvt3jBHRuuErN+rqniq2AF218asFOb+4ZGYSRPk5EdOKXsHpM4jOO5Xn\/0nKFyhG9EYHqVO8+pB7f6yczQlCMtDLF7lTT1tq0Xx5\/GJD9G0tCnOfX23fuY+en2OxpF0Q0PgXWtcsqYDtzTUWjmLH9BCjSI2kYYeo50ocz2WBWTGUXpoqJ9iYBz24Ky503DT5070a\/wp9cUFkXCNTV2eHv4keTxj9VvDD+Oi66PuHhOmSDrAohpZ0xItBmFaH47riNVmR0f7T0zfIhWCnOcjR4SomjPDBWcliBXMeSR14Qltlyc2kedQT7ZLDVfShl8+u3uS+zP8eyCq9nqBKQBMDF3cRxR6L9pGoibjSnh\/b6YBpwD7F5mcjWWjHHKVaxCEGQReuxjIGxxYeVTuCdqjXIwa0Izsll9LqeaEweLCNX8z\/\/CZA3pA9mivC5xkaqkyX9Ux4LPkC+WULQxMZBpEoE79XgttU5rCxCA8WEYInE4gplnnN12fNrAq7oK+ddinTvJs0+jBDZTCzpU5n0HC2WICnWxzQMAjhLIg\/BIVwHRaFAYw4Do1nKdRZ3+Sk32nhis1tvF4rOVrl8+QuSs+KqMidgjtjP4SWdcX\/X8u2OzpzpdBsJdPiiV1fZ6dss\/sv6xMaQ9B5Gojobr89aeGChzGbohXQd5y+iFUBt1VsbEb5dhDDvDWxob504mm+e8jfdDuh3GB0n6pHxwhoVSFVO0mUera+adQA3\/opY719kwV\/jWZYsfN5slbWhOML1HIQ5QADeewjbYw54FRDTOuqIEIQbZ9eM\/tKlt3HYJQncTGCiHf2mm1doGvuzgFM0BmQfN90m\/alC4XLQIUhU8uiZL5CekhxJSUTgbyaSPP5TKOnCqgDTVfMKVsJwC7ux18\/QNJq+Ao9ADSnhw1UkHTxFxUqNTpfucOEexD48oLEIifV\/GQ5Y7cYnaT6cfEnC0SeITsljquMY3Vr79yR+QT5dEIT2QkhSvvCGGW\/JaK9qcRkCLlnq0aJaQUiowTpWicqExI5X+zS+4f9cimXTb1tdSX+O2UlnWTkunOyyMLCdR06IG83Z2X7B68oZ5TXGb1vA2xmZqHXtvssbw5o3OZ\/M9ztrfZLxtw7s8Pk6oU7LSRvamoE2v0G9pXaI5VrazOyfxbUNSpQmwOmJe459lT4Qg\/CnThmMtCEXTzATibzMPGsrla5NWj1q5gr9q3cviQjSSPHCEIDuTp5wrZMCiLpv2tpEgI1rY246nmnSiDYby74PkSaGM0LCk4dDOKWAhuy+SIWuf9+uyIIqBmolfwWUmGX4ONSUzWAjAWNs2YzUhcxe+89BPXzlrVFcxvo28wdQF4wSVKN2VK78RJt0mrleR\/3P9HW80AETxSMIAaEoEcHDp\/lwJVPxAJL45U914u61nAp6JUN9jjimYNkNOeCLWI6j0GQS0Xi6UYYe2RkTF7sTCWShKI7ICgWwC12IaNxcPgDzh7ZJ5NhRgId1zLe42\/4\/EcfTgM0eAjGVTGUnREGIUVXj90QTn7l3oLmTduz\/OspCcyyktZYIOsHK+50LEMXLZUzKDQljXLHjWdmlr2k+azMseDn\/5zu4+kAWTW9dTENdlnZVBC1XVkmAgizBXmK\/6e5hjHzv+Y\/zyTl7BZXDbv8FjjkJrCJK9tXBh9Xzwcqbagr"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_src_last_pkt_time":1621488174706312,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488174706312,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZcBAAH4R06GfdbB80OWdUePhAbsFTte6x\/8AAB0IIYJbjKvcKZMAAEU0BUZYpO1a7sPJWtCXPVSdEyjfDITmaGj2IR3fvWZY6TBrYEdqa\/gLCaLicEvABAQTyXSMse0bLo2dhDj7vlwszaXrjwBN29oHVcMZdhPkmVz1vB+HTqkxNNgtE+FLAlWpuAPrNuAIwSlG5Oh8L+o+i3gzNWPlTp0+FDUv5Mln+esIvgv9\/eGPBIl\/fI76jnOgBccAGEP4Lqv40XKr9Y3ssxLL1xRzFyBJjuvgnx3zQJNS\/iVsWwjy88XYWCledhSkw5B+uZehVQRVp1mfGk9pVxYZLmKIOtPRgXsgboimgjxNCrXvepzB9fw24O7nda4gAzckAoXxCGqSSu9JSePDOaiTA72c1Adpmb8h2LGuePSAuQb5kD8eeTWxpw6322t9sLB8DWzx7NWIMv6K9G6khKJoEXfZGZoH+H7Qi+L3rYG+OfleJc5Y1J2fJ6ZrHsk2GfuxSwmBDR2QPWX69OjgxVOQAd2x0pcT7shEIsjMFxScqPPCQC04G+NqmRG9y\/p8k9r5hEkBjTqK0boMRN0NeLtyOWa6DV76t8thdg\/o8TrtJG+Hu2ZvsrRjJruij3pe09Ob31WTE+2zz\/s8aK9QvRhwhDiEC\/5i92NjkVXMXBUjPxXxBk0aA5gCemfIeYvsEyZh8tVTKTrasZRey5QpL47Zxet3JuR3YelXuRzho81EFmqNk\/Uq8elAIRGMo5soHZMNFeryQloHisskWKFmMjW5ZfCZQ4\/WrexhhT4orrUL1jmMsp85gJT4qMGGrGnV7tXL4p14QTtUCZVl1l3ju+YsNowac0vdJibIaSHITTricVLpgOB8Avd00p227qrZkuoL7yuSdSs4L5jIXUXEi0rwmylldmUwEb7IkdM\/8VkPj5LGA+md\/yi3e3vg7wGD\/uLpDb2buCNWGuUckQZUGNgZ225hhie9uIheVzT+wZQ+LZ140aiXLm1T3uLKR3KpqQPjrtWoZaSizUOn6jOZQmyvJn7VCq6IEW+4R\/IBrxAaqfXgwXYWxVxlA3h90XwFdzvxetlDhY\/RDlcUhn7JMgrGU5\/QTz4Qg0\/PUi30AxBWaxh\/E\/AvghqdUmsXwynkpEDxXRENaJbZs3rA9nOioiG5iJMheVgfyllMwIW6Y9Mwo\/NBJ8QEP65HDbEtBqQ5QsCvfxdiTayepUNkW+n8Mp0R8JoHTVNKuvn0vGtPBOEZ8maLKNeZ79CpPOZnresmWWnWUT2hKvSIeDpdDGnGHuz0xdrUTBqsLElUKvux+YeM9zGc19PaBaVh+1IgzMyAwgk2Wpy+bN4OmGC\/WtIgZ9cpBFMSSKa5kdxJ2d0XXG2XB\/0bIySkYDrNzTEeYEXZfP5u1h1xfVEo\/1xaeFI0EOcv5dIun5xopbzzYhg496CS0+lx\/\/iXBJkJM5D2s3hWBOC3aLjenYQlZHCg94b79mUaNVRdXB9fL9qbzTcvIHtrqLrckEXn+zTv6Hf6mreAX73CZf5QJ8kN0jPhqjyGByxk4r47xObDrOZ\/almSLhlQZwwlFJCXMJsPN8Cx6Tw55gMYm+VSOOJKl\/kj9Ft74Gwv6bTb0uww8+iQTXuq7ATPzzd+c9F53jpXtiuE30vtoQv+qYXDfFcydOeizVN6m70uSz\/tcTowKbAI3FE188L9TT4+Dxf+WiwM9d7fcgwfrWpf31QSbDJIDMExQd8QRbpd1ZzQ2LuKQdyGnPHfCefo2tSsyEp42B\/JWkfTFxK25JlpicBOM0I6U1ubKI37BIpCNvSwawK2sckvWkEcwt8rP1ol"} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486371605818,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com"}} -00890{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":378,"global_ts_usec":1621489064431574} +00890{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":378,"global_ts_usec":1621489064431574} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489064431574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","domainame":"content-autofill.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1621489064732072,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489064732072,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarFAAH4RWU6fdbB8xkodT8LLAbsFTjgfxP8AAB0IkZSau0whIqIAAEU0J8TFf9\/VN5o0lGBaCguQoO02OQJilvANZtDrj\/OMFT5vVNrKFd7OCVag8EJVYHP5drDglbbDTRTqEryYKQXDwAjbQHCb4hSrdiCPrBiKGUysqjHibjMf\/\/cJtlkKUYMzu1OQDuQUj+9BuGidWSQXbdrGH\/cTlKPd+fyN5rndTfsi2anhztAx+d2YTQRUUekRhlHuVJJ4p2Z3IZFTAhuPV73fTbf4SPuN0fx\/zwW0yXmcrqFwPIt2QCjrijow3wd+KpIs8aCUsVA3tkWMowGKkarLcQuMXYVO22n13\/qzcKOa3k5hzYmf35naphUVFnOiktJs5QiID0Mr11P7nKWISepE\/LKfN5G+AyBbHafEcuSLG+dEVP8yUlkvIWHaglmQ7qizy0zJczKmfUmQ4tB8PkdGBsyVJGxcLh46gJws33Dq2OBt0nxBR63wvgp7Iary4iOfw\/IHL3ToumCAV\/dXmL2kmNgOH8id2nU8Nu+pL\/mFyecOQcSlSIelxqEkydSXxEN6pMAyMNNzbwL5ZSVp2Z7kNaBMx8OxLxM3MyXiXBmtzik8FiHJRBWbOiVcg6x+N7mPue3jU\/huf1f0BbINQqN\/HNFCVwUhYAaElxDE6W\/blagPEW7I+SBFkQnuMpiIU5olOZc0CA8vEyBMs1tdVjOahUyHy8OFPfa4AFVAWJFtweZG3vHwtK+CpbCbe4cAXN1BRfmIH18rN1CiM\/ld5AcYMoezZxV7vyfKJwA1l7ujoHiWN9N\/jrpLAvyVeal7LCBIIi0GZ9vgIHand1Crz4BVQdwhxX\/b1KPjn6A0R2aF+8O+Jk4noYbodAKmJ20EQ4Io4xNA8Y2lH3XGlWsRmrg8HB\/uQwODFlv4Oe\/aBKhU93ernwhJ5dNzrCWsNwJ3ixca321IQXfRagDxTu5nq\/rHSlaGZ8XpC4aiF+vcEUNT+D7buWqgbnGXDaQOWeV3rk3WWi5Xd4DtoiE+O8dxPSi9YsxFNyD+D1Fehvnge1XsEICUGBX1oA1lskHJpGPRUbaLRmjcWs1Ytuy8V8zbWNuhpR2uEU5FpDzQ9GGTEimYVW60syM+GZGoskPJK6zwMlYqVKL\/UK2+O6rkjDClgzO14h8Z6S6YGxcY4LhXA72k3F5H8sKLJMFB83CXn2nMGIYAKuT65vFY41aaqklz9NsRxW1YBg0jNa3ymere9qj2lEhOIgrb7GB+XkUkMf0QieDkM8pJSkzEXOFBLZfPAV3fLw3lZfe4s\/jN60uQMrcR88C9EnpOiOrBFZez0skinInExnzYEDkAtavtIsdoE71PRyR\/dHDCqzg7kZ18pLX6NjwVvyB1mlpdkMAVY1EdaRaeNmWPl40RA41HKTHrY+z6mtyrQLn5TgQXvZRMN76xUYz7ayMs5reGKxJhMrZqb6\/bIMRHi82Y4BJdVJJZgwj+sPhMg05o\/ukkRyzckGw\/OsW0tpPkLGLflVUuMWwcW3Yl7XXY9H4D+Gmk\/VQnSB5ldiKMcQlD5Nr524IdDK7HSP8PT17bN\/G71L8W4XQgg51GSgKjOUAB9S83oxZySOQTS0wV5NhNyS88WD5F0B8ngP\/B8chV5QevsF0LoPzzLZXg0AbR9bUfORgjfQ6jPb0UprPbX1e+36tDhCQ10Uh7j1e0kar55VVOgvNSJPW81uGBYWlpARxFyZgAbqvJ88OllqvEawT8k4\/1yAtxNXmYu6a0+vmPKpdv2NvRgtdznnjM6OaQG9AT9KHeWFinQcr3EhoXjjHZtcq2EfJF249Ule5A"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1621489065332574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489065332574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489066532587,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarNAAH4RWUyfdbB8xkodT8LLAbsFTp+7yP8AAB0IkZSau0whIqIAAEU0BwsuzplommaW4cOaNFNfBbVlWj574kTJFs1IYQY7jVQ0fwx\/bk9uBa6dyqdV5eYUbwLM5ll3+0fTzjfJ5LiGnGqI5Dlx0wLhOhBEm8o23yMxuEE8j5CHpPQ+VGJUpeZ+mQmUJbCKaNGvU1hK220dqig2H0Q\/gbIDGyIA7e7tBju11nrn2OaVpWiUpR4kalTiyZLq83YWTQgWGefSb\/cUS7NgzFQJ2nQzhWnex03MLry4hcuLChwZCa8vjowX\/2FQvNLcvL3FdW5gWHFb77eW4U\/0LuZGiwPo\/IS0dGqQV+TXqFUfACRHequlz\/IKllpcJbNsgFQl3D9KYJvTmLTRoPImJKZVZLY3YHgMKuxjB1IlTbeN8kL5LtY8MHgga3G5yCRBGDhM96Gzl2CtyQKhLkdi3zZfBry9PliaOCJJaC2DNZSO4nz593tLRNIUgTrQg+iZm9ArqUx4MLMnQx+7HD31eaEVoger6BVTifDQfkSGk9WUl0iP2s3iYn55jW2oFPXFsYzByQl8Mc+UeDW6UIqF0upRcHTA\/b4bvHXC4\/8eNk5gdzrIwHcgb414kTxZls4asGzJ0W5bv0Duf7URx+ds3cxXnqyhFqMAJkzfu5PRPV8afX92PdSxbaaQY2c+HY6oi1t16lX25DMWCzR\/2i45LnRmmy\/cWGdhu4nTtIwudeGdTxOTSYYzbNNZ5UeQoH80GmJhXbtrKMR14NmQHGikeMaOKxh5khhzNxdFk8Yc5nc91u5\/Vn0EaUuRHH6V5v3jXwrmscId\/p\/+IcsxDgUkRGCvT2BnSNjz0LhtOXU22NQOaepyaOlxUeVhcEsgY3RMmFKEJeT0BeLoNyc1uWgPmVKLC0jsikqbO0jS4TCvNYEII1FUmgBKlYCbERGfw\/4AIs0eCSwNzBVTgxzxhM36lLetBO7hfljteKmINhilo8KEryoyuijyIwKrnRih8j655UyZ9wcDspBaTzhqw5pvDXws7coJTgt\/yfA4Qu5\/6c0RUk5E5MDuC8IKLTBoqYhExNGMuj+7\/yKKf4y9rr1s9fbSiCNeOKRHplYnbUT323nfZlCYXkp5VDnX\/YoU40LCTsj718e6+EG8ySkGbakcxA+ponr8Q+gjyl7ZvitJ8UGeSQQjl5bDlVs4eBxZnDhW3v8oumsrtBE5jyhdAaWjCeWgLmtqIP1pW+qbgKtmS+2uZmLdDd2h\/Lm8q8XsWb9ylDAL\/+Ay88YtGX42sfaeLNDbax9DlFOP9zW8h7xjs2PFM1\/Dpr5RhDGyVLS5o5SgWiA7LRO2oX2PiSV4tfxAJpOp58y+7FaPMKxiX5ycCt8WNxagUgUcvT+wAFrI+\/tdZ7PH0UjLnAfb9\/w\/CAkoNHRgRsrT9AdvAgvVTWLlxz7F6vl9xpY8k\/UjXnBEZZ\/k1WgFgWnJC7X0Hmxg4RC\/6WGy3HiFE3+9FEtKhPeDeZFXsxObk5bbl0j6vu3elRRXFJOmOGFLgLZiRONrt0igKi5FLGOTbJT7r39w2tcI6Mkf1jc0m8H8TZUL2nftaPg38iJFf7zLFUO4hmLd61GsBtg1NEWRRlp4QCU3ZGhPORMimertfRfyKcxuLWWMMuMnXXmT3oBV+TahXrCFmXld3Lvj6ObUUMGVVd33nkh\/+oRGZ+wkXFar6RgzzYjK2\/1qR6u0v2GHpYubicuiAcbx7ADlkkHgoIYyE86p+XR+iPd6dfk2GmLhHZOuetz02fYoDH7XGZ+HdJ9svlmmPULKbBTu9ITB0i9CLhX4LzBJn4Q6"} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488174706312,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489066532587,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} -00890{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":386,"global_ts_usec":1621490937698475} +00890{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":386,"global_ts_usec":1621490937698475} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490937698475,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"} -01406{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","domainame":"accounts.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490938810514,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDnRAAH4RTyU0uxSvdlnaLuMLAbsFThUFyP8AAB0Is32f4l9Pl3YAAEU0YOqdYTCCZZmk+g3+J22oWfx0doVS585v5dZuMcju6ceFUGjlxObU5iFwgva6ib0ak1Tmez5R8snBJP694+WPYbwvpl7HFaYBb32L02hySVgOT1FTMmvBo2Fo\/d5ANfZGxJNDQBrucO2wU26mhDDIiJWiWYLyLw+2wH9XtUY9hKwoMo3iFTjxOO1dnynX63OlfxLKWOPNDL\/CJlgdgaNXHQV7leuc3Xd6jzLAetIP1cBEVuqCfGK1Z\/PwWhV\/ilCFb3DMmIz+HaenysHXzEImv5aEb6mec8YzM\/GvxDGp1tCbktIjpAUlEhPRXGKZ8L0YQpyXKVC37At+Ncsh7AGMJvk0puDbiFW8meTwbKSAn\/sAaruKCEiN7ZpDtZ6AQjgTjJIChfbGSU8bd6+hfwBxOU5JZ5xFfQWmRvrx7dy8X8kvYMhYuvkFi3w9Ni2RFiXvTVu8VuiANv809cCo09xvlNkdw1DO\/WJmXRsdf1Y0IqaxV5KrebivhDDNQHtyrnyfrxQ5Y4ift5qmodWeoxdiidD7RJxvcyaRuheSGzXqxC4lIAiMQlrcqXvPnq3wegxcfrIRDEWEavybtNijaDhbp2eu65kvOP5wXZMNleDGBSxQdgktQpxL6TcHQlqLOjfCNHdixljqRof7DPO+5RBSaRguaP\/xe1GoZxspva5ZE9Xk+Xf3SmMHKKlPy59QkuWoIaGOiB7N7I1DAInixS\/jVOIySTOq4xF2KnvU1cEtEoyV42Mhr2KORjN9TpQKBy7JF6wcPKs2Pl3baeiEyYmSdleQIgMxFgrcHJCi21HOjSroXF4HIUsE2apsLaSuZKIs6JTyYJ6qUdjIGm424\/UHHh7fS4g4qA\/yUxx\/xBalncHIA4CjURBqXagq47c2XNGvnlFEquS6V7HZy9x27CFukTSbeIjgcRxXOAJzUlJ1yQ5t5JkOgB8oPDo7vO1NPT7iXgezGOshBG3qxRqw4FUz7pY+auLAGyFbA\/lsmtbgOLGTcFptcsDFuxveiIqXNb3fggSAG9Jq3G4TYmnIqNqka7HhL+stsx9khyR4A9gCtftmEfOrTTxMftEStlT5QLserQlCNp0N1XklnoOsNOcDxQty6hF3nIOhScEBVKysqeVEbi4UdZcUA64KdSVhoAaFJgUYzqosBYVtSdq6oVjC3rbAJ92pfW7W5fHOO\/Gzz4rjoa6QO0jRV4cCPZLQqvL7Whl8UxlUFbNLzMyEaywNzMDAb8u4rh5j\/o9WJorChNDzH+7aC1pGc2DBqQhx+NA2UfbkgudimG0uOmYNVjS1IS1bDSwBdSH7GNbNFSEkwovorAkgGXCiJsNN1cNIzzCohUj5lfbIM4g5Mr+pCB40oATdPIus6Jzb2ASLd\/9Q3sKnYlXjoEthW4ZxmNASLbj3i11YfRdbW\/XSJmbOzbWEbGkTfP\/k6k8tNozfErQYaqQcQWy1XNJfDiRBXvvfoE3+y9U2kVEyp3L6AC1g\/JNMxiXgENUxOjpl9VPREmrP\/Rjthtz9gSXutw7+EZR3faEchxgczJKIbKwYHcJXGoSYCA8W3Hk3Zf+L+BJmdrRVHbtPRFqDPup8RvGlcW5Xzoa4vRRZbXHIKNQitatbh6+9\/gMI9RgLPzmaVU\/Vp8RntOXhKOwTec+\/5p5Qci1058hGbPEcEz9RH7ho4Uxp4mI0kI9Cy+wNwmwipQYYPfi742YDYxomWF7pzIij4vCMpGVsjxYg5gSAF5wb8qbS5fVF7UlGZOWJLoEHBgMVPUjuR95n2f0L"} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490940042014,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEwhAAH4RoqY0uxSvedF+ofgTAbsFTmycyf8AAB0IX1A3NmSMbKUAAEU0Pg8s+OhkXllUqtMD1WTcO9yjUOzCG24snxvIngH7iX6ehFgoF1UYrfDy88XdHomQKlyLms0u9jlYkrqEodLauJRGapy4Hle2I8WKWHQL1rTKZH+tzK8ow8MeqFRrpbk8\/iokxoMoLXgVKCOwqLL7oRfGteGHJcbAGqvj5rPWn8lTHy\/nr7UNzD5DIeg4hTPlFVFboFc96\/ePrxRP6\/CWV2PQluHrHP+UDiuvF+\/WgxAU4Zaq\/s2euO20g4VMq4g6z0hkNtHxIuQ6G6ZlVXeT6uBX6ZPVEg0pfUhEvbGjqyM68S7s\/LuqkjtoK8zch\/4QBOjnMBjjSQwLMYWrIngHxIgbqBSyCkOJ+S+nMOeH0cA+0cnqBY4O49ufQhXDRjEGH5t5soDhhzS8sBGOiS03hbrWi+tm95qnkQ4EY7uhdczTXrlpbhNUdpcyH4wC71tfxfvQVS5y8IC1e8zT5BsHNYmBSU3cCiepaiVmZYJcGPmbBd0EWBl43HnBPIQ8CwCcoTjwgg26Yu4ozcj0BKQFUR0GMUF83l1lF8ot6wXFAA+oVj8seMzHzv2II23OXhbg44qPmITHSEYOmk8bA8y9XUBg7ALjZ36C005quDVZGN0J+Q44oR4tlRYPB94GZr5laHx3xI4zV2UfRy01CNaSkDMoeOEOMaeAi4kFgFipvCE1jwRUNvw9Vqe2+hR\/wsE+qJ\/zc31inDfEFutt+QNKxDy+c5v2szwudCf+3lADM5GAPJCWo+Nv3ArVcoU95DnZ8Qni4gFNPIas7CUUE3oqubppTtj9Kw2C\/6AvXyw4q7FUZBaXB5X4zjUqQWxcc20sJRmNfK46tma+3YZBWJZSVhtM4pRqEfs362IPwcZpvzz9KMT1frJPvZSyqCg5WxsuShHYKbtQca6juA82VMIw7n0mkTmMIQQq9Mj1AYJMVxWSFfEi9dTleToj9MJ1kk9djU0M9qoCSBeOLKZOaO7ZMQoI+LQb5AKLobDEPmCM\/+7vqosV0xxNb5\/8d22vjMPjhhUJQCLCU0zSX2v8r8IeoTWvGuTd36jZKvjkA9tWHYu73L8Z1+CH8Cei7yWoKXUBW3fDckkX+B50D9QGMtC\/RL4c6YIkI006jUdtSCby+AjkkzqsejzwjNaUTji4RgY8P93\/urJ7QidOPx7hxI6\/TCZFHC3NSWXM8bWJhPqBFEUJXD3S1Xr4e\/XJX4lmJ\/Ol5PgUeFwl29wp8pAoUmC4cRILuSnQY4l9xAdZlPqyDmbVu\/SSWy2Akqi5xJqxDVEON1HIuVfAYg1i119Yr7dWU5QplKsuqzsu4hfLJ6M8Yw5ZRJVC7RSE3r\/N0XrnFY73pQjDIXk9UmcxBojTmmq+gMcamIBeoL0S0ukwFhIcT6HHQfqlw0OzdXB1KL44BXZ9G2XIbRiRgnhcLeXH05qnfpT5pUwkVHt9m7ibHbmqRFCjXSOFgriLQZGqyYKgC+7F70lj6Mklvy+ynXaGzESE6icJU\/STfU04WOE\/XjvOrRE8MvWUxGzhOBNeg4DukKHrJE7SlhswBlqxEdAUp1sFZsl\/6UVWCheylk3qxVcmo08I0V6U82TPQllNBHQQvLwa1Hz1qkNj0H98MIqjYsZiUPrT9PHl\/EubC5Mxf+rACdfBZZVOf7ZrGTAkVMqdQkNJ4KAoV4KyVWs727STfm\/XXQbuh+KdV53N3ZDf84eN9hHsz6Xg77mwy7PCShrWSrFEAyXWlin+he1NMoCnvMEs3ErNthA178U9LrQNGhrOQxjMONlj"} -01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com","domainame":"clients2.googleusercontent.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com","domainame":"clients2.googleusercontent.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1621490940362534,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490940362534,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyFAAH4Roo00uxSvedF+ofgTAbsFTnxFzf8AAB0IX1A3NmSMbKUAAEU0xxudDjtwfHlFBOkIITOn8rvZxFm\/C93HCINJPVtiKR6bg4Mw7wQEXtiGHvHKsHQBCttPbgS\/hcDSxPOzux0V4CNQepSq2ytOhstQPNFgKqDi1D66h\/pG7BpGzCKPVnSY0j4mZfGHvp\/\/90uSi9bw7p+VzILVU3jM1Bfy+bJs20rNuK7sUwNxouBiolA43ulRiKtOrcMFSJUwryaJPuIF2AKADyLpYU6k7IhYp5pMSN\/FZrzaNP++MuPxUL0Gl5Navc20GBsGENjWTKPgIBn9sYhebGFEzStHKW0oRdWu4ecBWDSRteLnjvyRNfq+mu5PY+bv2BFXCrGw35UfLh\/YXxBUAy4mIdjLfzCt9VY3jAczlR6NzkXFtYCr4R8X++5lLCWyho9eGTf\/ZCpvdhXIm3YwXRQvz+kfxqnQsXH0ATnpdvEsAGru0CyioUbYBPhrlPL198KH2whWhbXpqJHFAyYFbpGDtS75d+ky3I7XtWANXuJ7DarmS3NZjP4Jf66vvGqKiJgy0KfGW+e7woGpFYzAoh4imK1VH8lIlaAurjJK0bKeBg9p5lFL0\/l+10ncgvPXDUuHlo46gy\/05jQ7pY9sWVusH8IwAbUs7+8XHTFa2n0Sk2BBs7cZpvTnwshZ+DP3ur5kokHk4A+vp7WHa4BbCLu22NtXJTp\/gQCajhA7U5McVzIVwwCkYzni+CTklGJudESK0dNwGzMjjvyh74BS8FP9wJoxjQxNp+QpBlr56o5vBkDintusd350CRIWzdRHfSgPIvr94nWDpXZFHV\/kTCtKuqDDbRIFJXgtJbMsMFk99XMXvWAVlDdMLwUFBCiheR0jEKmnOUGFAhtpeRaDYUitm6kQwBSlx494dMG4z7plhkyjgTRLdgMjGfgIdWdBxvKHIIvG3w\/V0evuN7rNPmv9HuOEitJrzJxpVhNZOoxAwLj9Luz46NCnQhKxi8RkJzyxHrjJop3lPAM0Y0bEhkOzTIRWf+t2hC8aA4KzaeLaWoCMRho1h3u3XPu3\/l6coc7iHJv\/2jzHV2f+8iGD+OQNMR9Kk99olUGh3yP6NJUA\/\/JOUUSZU3oe\/+nZqHPjXlf6UZ981hgrw2hFoCczDQltVQw8FOKd26NbN1UtWgiNS2G8T40NYIim1zBCFfKP9QB7fmPzHJDrqF9B2z8JCy2E76upD5NGPW077sVIvba7Ipr6QIRTGvvbV1\/tkhYCjTPxCUUENkB4qeC3g47G4DoEvoxNPUmX4lTntBxzxCUTgRTwb\/lKdC+a0EYxdtM5lRPHqXOg2W4+zkbzAvD981aa8cd3CUfbaiE3dmvVl8kAJBTvA7OBTRbFUiyh4hawpJaNoqqurTOZisggyEq8HET4+QxdAtFezeONkxyuzFSApfMDq9flcgmEnkCr0TO0tqKJC1OKWpkWpLnBiM8yAGqKTKylOg54gnFHgxTuPO66xLEKA8U9uUArvEv53MiMkmwlGJ\/R8DVYSi9lDGyVmqVbcb97csNgpSyaEAeipp\/xWQ9HZtumpN8oEgvCYnLsS2EfcfhO913KD0CEGNt5Eo4gSfP81+PQSvJvVrMAn8EG7DLqd7Bmv5BkyGG2JK8jhFljvgxwM6xjiPRsTShXGKbUG8XLhVXExbTQLftOfAo1ewb7oxiEPU8I+f46C5Ac4FzkNqV4H\/gd0P38BHG7LPoUUiE\/Ipgayi0qMMiXrV6TBl+UJmFlsYoY5\/mLRewMoSEzw4RRXooYehfNFw04DLhOfVWgmuS8w2oNaA6WV0z9"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490941568324,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyJAAH4Roow0uxSvedF+ofgTAbsFTkMYwP8AAB0IX1A3NmSMbKUAAEU0X3GLCKhQ\/kdXKlH1Uuvr7DsXc9kc2k0vey+LpKewCV3nDMgYTsbLcy\/hcOGbXOScP++l31aUJmaaSW7D3\/b1UKqaibOt1++jBKUGgHxvkHK7\/eIbPnk5lrlJGltbH1lVtjul90tjvoP2C0HGMu\/Q554\/zF5y3+m7JmZAmSjKD68m0IKoWfIlmy5OvxUjvqVj7fVNTGy8V9A8hysK+PthsdG2XbAGQ5r7jFZtgM2W0MUKS7M8fkDlpw6kLICW6or165\/Pu6sFJ\/29IWOcJLgCsF33hp\/eqp6x6\/ECLl+bLOD\/2ybV1zgfWcQJdeCTDlaBbs00YQsEWV3eNTSP1cAPrcHphduw9dFEMzdLujKMYP6qp9q4Kf9aga2dK4puh5Ip7GziQj98etOy\/ltXPqQDK0X0xvEFsMV40JSwj+BzoIGv4jugTdJl63HCP9wqVdO7OrAmKEFYkbeXK5P6pG8yzHXXppocSBsWVO97R55m5tJhwqTeKsPTGfmgkv+0mr+yMvQABbK3kL73O0HwPVgRMzkj11Hwldi1m3kxEtoBJnbHsAJyW4T4WEMuyY9xWOFILOzlsEWcW1DlkhujMuBrKf4HHbPFIfZA+vCGqVGuA9J49rsNTvkxJ3jjtUuvX02pDhaSBY2OTXYv5Dc54DTTkDjg2S7sEfptoW0pUxSNkWGCbPIP4xa+v0s6S\/mMMDwXP8kgPvEmHUDknP7JkED8bkUIL1Ho0AWHqdjSnc7aUc0tHV706qMXs0VyhEhojglXbeJLnekqAVF1dAyJGsOPr5QTKqiKuC+Sgj3UNOQ2AORLL3k0ntqV2x\/rHRdWLiJtPYEUBcvzUxECD7Dtnifc2AbiFM\/4baOlJluyckkIkfljDBVEu84m1Q2kmQPBLAgkcl7yWChrQ5E\/F60If6SMyqrUlc2HMVvUBPZOd0Nsx8em3OcZz\/rd4dy5sR9B9SAkyfXIjPZat\/3SaduQsvQmjAvUkWJFmJcvwpcq2CHg3vveXbVE0PWJwxm31KUkGpdZBf0LnhThU3dnOeKxoMeUP496G60PKVdq7+Ev8OZxM4csxN6N9XOao2AmHwp\/0PfV0b+M6mCVlON4ySjH0zfT5CuS19JLsB0PAKCSWv6u5RSSSFK4\/9Pykim8KK8CSmoO+ZYYUWS5WpEmMsvK64DpcO9Wo88i\/G337OpXfoBIGbBcKqVJnkKYXTEBvx\/pOckc6mKqj1Xx2NLH9flt3AVKGz33q9V7vvj+2mpU\/AF2AYOC5QHoVhyHo4\/LUMEXlMibQL7QWDMM7oSFG9qo4z3Ogx0Id6yuIs2TTa0ezZqML11NC1X5955fIUW\/FDJcjZV8HB175+M7QL6IEWOOx6PZp1K\/RJlnO3heZacJYqauQwksZQsk4arIv6tCsj5ldWRpoqj3CLHPSNLlUOifs4ET+tW4OnRsMipebDJLpPBCJQJ+ecUpHtHbH+75\/d\/mWMiDQ\/hwUplHzhAjVMYLJSbAhbvEaR1IT2meCVIPAWn6ZyjG6gExtCbx+iUePUXL2hlrgzvBZ3GRHAOacsg6dN+CWQxwhWJB23q+MgzegfFEv2iEzXU8DkMvw\/RCwWjBr20X1FCOk795+lTgR3zGd9CF5postNEBPhGGGNxdqFYsot1FrVpwc5OqokbxkxTF7Onnq2kbbsl8Ba3XWkoGN76uWqzAZmzJNMK92Tdqpu1zazult+08ooXIuTRa2BfjyhJzhXLCrMQgn4QLV75o\/ppwW4gZ0PFwpLXpwmShzQ7nN6WnZ1Py"} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490941568324,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490996100884,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490996100884,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEIJAAH4Rpj00uxSvbKuKtt7qAbsFTlULzP8AAB0I1Car3PgqXoAAAEU0JJ9ZSJFnukw1kpIlerEIR7j54itrs6xKCGRE3XXR1FUvYtWiluVKkauej0mCgbfT49PWNVhv+d4PorlbwaCUuVogcoTaWUYfSMeQ7fvaCU5aGPhJnEWG\/0UBi1+8bCzq+SnypfTFmorq2dCk0qu92Ra50orfefmV0vtWsPEJimLpBfooWqbaEDaehfit7mw9dCNYCi1aruacDnpniKy5C0xID610oz+9TzXqtP6hBX3weUiK8Pyj6SMCZYEMLlvyFqwJB6JhFabZjNVmEjxtmGfFjrlmd8rGHWmhPpNKZDxUqmt5inD\/KBSwcSZjjZ2qVnYKFg9ZmE7YiJQNgNHdWnN0hvXaAF9t6UZJG6j5RLXjrewkAvkQDQHDpjvn0e4OB74XmU0f2pIRunZhG7nOdLrUIM3KYu4dp2SuvtBfXKF0JXJe4B3ipp\/HIXGxiIvxOuBhCV+try+l4\/ghPvYz4guxmwVL2sb1KOMYvw3AS2A9R7ISPdwCMEfNl0w7rnx7vKocBLncvhtDj6UswuytUe86VosZs6KpSu0MAgLJQtzS5mHMtRoQC8nFUX3y9GJ3tQdZReoRs5tT1J5QMG4ZaagK3Fd\/7M9x+E3FYrzzeGcDRtrRq5MMA4gADKTgaYZ+dKZMGdYo\/zPs253wfmTLUONNUPE7nq2Vqk53VySGDE\/2DUFu7Ouj4RcxQsyWQ5nTu01SZpQVMCdEN9s3guPRJHE1wvBDlg3bcsULX6ndUJQtoKpB8S6SxF27c5F4vK6k7cDGBUHNhgFGBvHbDK3DfXDpjwj7gg2cqNGRjyAQuR9PRICL7cb0AtSLaZUVEEj9LOfinX22qJNw3UF45DmfYo0\/JhJsSVJETL+9+\/IioFEWfh7SIpMVOu2RmSgEttov5swxPhIzuPvG+jIN04ml6r6sKlbwvgpbTGRWXVEqHBIQKz6hKZClZuSzSFKbsX49qdGXDM4XoODhPHLuRT3yh5r1JVnj7WHxhj3H5nD905qtU6bFJNe7n8l+D+uTJC\/IJu+kVyPQUWTIszeHcVgbabOXCOhKEJ2WtzLg7w+iaHi5LKjOT0MhRn4SMjHqY8gT6IdQh2dB8UwKaPz4N4HHltvk\/z2Y4L7mxeZ\/JjfG7JTmXTK6vTdjv9\/CAxmGhA\/wluaZ8tsrr5D+RdZPcXbEgBxH\/1tm6Bm6MpwP4YTSV9nxhIj0pGZHkpR+b2F4vl+nfENUZ5pReO94D4F\/RK66IESDjrP6tunmsMOMwn4+7B6QDDyOPDemTPrdF7zgJ+tY8975Y574Jc\/8yLBjbsC2ChrCxey35qrU\/vbhI34DkY7t8RrGmb3mWvKTS3qkB7Crk6DhnsUeTkGhVfg7A64U7ZiG4gBUQe7bIdSST2ngB6BSxxi3zRFk57obYhZOPoc3fWCo75KIToMVPMEYkIJx9+0YQlJeC5tnUyTEdxLueb2t5tk60+o+zEAOczUzzmu+JgJmBDQC3kS7OhExq2w8nBzzBuSHPPKcrZD8XdVFyl6v9hzq+F47wNZ22K27SHatestnBzU2FJkFSWgVWESWEb2tfRRceR37vbK\/bpqkp0cvwGojwVUlRemGqfylFPMQ1s+cnHj5sWbpZptO22YP\/G+CKfzf8pXSX7kzLdflxLF9DxVV+b83+nl+nTbj31vNDvGjXGswE6k3b\/905Liv2TlF0IzK2ZLVImonTHT6GswLKKIQ31p0M617FD3z1I3\/Kv2TR3RJaw4Ynkj4A5OuDN07n7PbCwGTm8j44Q\/2rqIeqilV"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490996100884,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490996100884,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1621490996403153,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490996403153,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJlAAH4RpiY0uxSvbKuKtt7qAbsFTmC3xf8AAB0I1Car3PgqXoAAAEU0S6ZfGd14S8A0NR1EXdOvvljTofNOsuBTESXKp4Oj7auLmC8B\/qxGB6ytk1wgcKgb4d567f76YrqqUml1MYVDe1C\/JvoI59\/gIk5MbkrAeINiJJmd4QeAnkVSzV5lCfOcg4X92GhM4oNiOV2dGGG19wmPo1+VUjHzShTUdyDHnnuZMliAzOjvbmXBN2aOzeCn+8K5drqRExq0cBsCHzvVRFUNzNlUUX5Vo+D387IvPpUHb7zmraw5XeiFvxl2Ta\/q5W5pNrCUAugz0iVIVuWVUNPV2x3FJywavW9Mc5JIWO8xXdlge6Szt9ygE3gMdi8fwLQb8lGW8vEcTE+N\/RkpReCzQ5xMfv355m1dCwCDmEbVqFEy+tHwxDIPuNe27WWgF9XSiasGS+4dfQwcg4ORYoMDpbfXKW92OUlTCH6yDwc7C78NrMUmisC5VK1mGGLaQ9Qu2wMRUqjdmNuepip5K0XNHR5BBbH81tXrZgvI7+1m6Yw0b4kZRl80WJwqq1KSBW4yOioR69+m2UjFAyV\/DXvz\/cExixYmUmVoRdQkJvqPEwdqKmYp83pX9N6Hd9bp8FjZiscO\/ylBmHeN2rawxJLrCx1pzuNkPlwJSuJasPINYSbw1F6JY3wUwxIeNBUcmrCmJuSJtdG7ayJElCjqeWPX8iOrtpJRyvIeNvVeP4zvOG+0xtaofbgfCwz76b84GmN17Mieoa5Bg0V+IoGD7eigcx4YglpTvHcQafiVJ+PIKzt1Fb+zraYPSsDdrlZP1w+1Hf31E\/7kXH56u8ayLXgMPnrISXGFMyS\/xokT7eAZHt\/LAzOJxdLaTDPem\/QunlwKxGvr7bmetIM3A6DNVEQjlmxo+VRIkbPBHlH8femG9JcYcQo9D76bkS1ct6T\/NMC38EOKjtDrrbwB6KP891J44T0TieukIbMdjtFWBM7IOVr8jksgPE25Qg1RWYJaofEPkp4D3UDLFQ3i3dbANJ4XVY\/+L6s+MFkMJ5vBF3bZcm\/tDpVfLrqBJT4nJ7a1C2yAYs59uuvaHev2cKOStPDQDjZlKsuGChOYfuICTD4igM9\/JcrG2yRYeOUCgKTyd394CO7u7YTQ5SxBzyztPmR1KbXNMGGetSQjaw1hK5VOfjJgPn+mSvHfGKivShlE7PanYf+wRwpAG4+iHQtJsjM6WclCAcVrZNfSob\/SYkmMNb3abOPObEQM2ceixo+VTcnp7HeKPVYD1ybdnOMOXFC1AEz9wSofo6gTNdJjdRzlc\/9v7H9A4GsQFk2F7K54C2kPehQpa66BiqetQtr+UE\/dVFH6uNeScw+ulCv\/wbm+OBfrLZ2GXKql6eSDpcCVpn3MV2YEi5CgRFRyayz\/\/2woQgL8t+RxToNJ\/qQWCsxJMrThy97Ju4LAwWk5KeZaLwnxjsnunA1T99DyV8+UKz7+g5JIOC8ruYl8Cwc3nxBc+tvBSpA4ZcE9I+tZo34gvOtIq2Vp5LtGbyHij4LH40qk6nQ\/1gDcnTZVMAXlo9nJiRobqRR+5H3Sg6cc623xK2b9CkBfTTs2kJf1fvbYMbdZ+wEDmMqWAzs4QGCGgJ6e4avqUcQ0kS0cOgHx6IAe77IaK1bK2SrJc66FdwbVpj+\/3eUCOHhaAIGMeISGD7TNa3JfY6n0SkFubtUhSB0GUsv2j85xhlI1qeV+8UDynYcpwz8FIiKVdUIjfXcOGHLc9FJMKZ3XshDKwmNniXL0xT6RHfFQH3w8eQ\/YxCjcIE1MW2OGZs+3vB9wyULm8eiLTszw"} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1621490997006915,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490997006915,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ5AAH4RpiE0uxSvbKuKtt7qAbsFTpBcyf8AAB0I1Car3PgqXoAAAEU0uA5YSqiRZv5\/DZhOTssoA0DPn9Zo4RXJotK44fYCvFiyrLXWkACavb445uJAej9D6NW8Y41y6KLu3pIKWD5qGNryyrX7YHITgUXix8iJo5DiSxsH3mGC2JahEYGf\/vTyPVMCyJZWsgerAn4HVFWRUh1qe82mrvrOfq6CMJqoDiP8vlj8+LrUV\/YTZtmYn9QGfS5vgZWX2txmg7RWFMQ+Rz2t3\/jIoTk1tBYJ8e4ItX4pZIW\/53Hyo2dcr4a7USRmF1tn8rKRC5HhXyRfxIBsmcteyC06JLk45KaIFQsqsO01ArTRBrqtXELj7tUE98y6lWlRh8r4yikeZefWhfGlnFB8GF6ugo6zdES7YXjYS9WA652moLPIYC0HZ4SbnVpSbRSuHeIGE5Lu9G6Sue9cSsIYF+Q+QkYSmgthm63nN\/pLWKoU\/RnLDJHaaN+LMsKEUL21PxpA47xYiNZr99R5HeRxIrMGueLrYGdwS\/9Macb\/Jur9jEdINRcxOqvE\/Oky1YBxT9EEdmvl8xfSzGRV6EJ2dO8C3TxvmALVJdJg7\/+XmVlc7vdVkE++7sw3O91FGcYlrdAT8TCgEm4OjsLPi5Cp+NhDUd9lNsblGNPne2oWas4b8C2P\/tYyZf+gOvHLJV3qKtY1q\/qcAcDlCTflHkKqb\/f8vTpeSKwdug8\/WMPk7J7GuRqkfSiRUAHrQP9z8Ev0mxBjmR0hdyQhsJrq6NDbkZA40SjV4PLS6wDFjRKFILwhocOA59yklQQ9oYMwuJzmXLKwLrh5mOeO7SiIFPGV64mweKEGNBwsPL73yemcdr\/l7ci\/aRkjgroHfTOlRVNlwd2SMp6acpgJ3DUTPihyMBDSlBSCN3TpbTHi0mhLZV3VnRkGCjGLPs2dQwR+\/NHoWbG\/mkxOp1+Yw2+oGEApO7eTCrPIrMzOJPwIOKL240s+7ngQuSxGGK0TJiP\/b3U0+u65ktYKEIhmHd4NjqdknH73Qe9XAd2ZIJ7fI1HZmpgWCSTOYqlCtKfFnEWXjld7ZMR2bys1tpSPgypDIWux8kmWABvn28paMZ5649uFQ9tMCjlecEV\/1g+ERbp+wKDLmdogOcIzxg0M+JAJaffVX3DrOnA+A+uSiEkyKncq2c\/YTqK9cI\/JDh0JxfqNhsxmMlnwuAaJuPcBh1lD\/B3Q54dORDqCAw\/xIL5UovaES4PJSfmtHs56ItrSO911ZuIm9uOZr63ZoEcTfsynRQRr4UugAwprRYIoFK07lwdRcDiV67g2XdWXRwtNjWXsWfQGHKiNcbvetslRKrXfxyaa5qn6SEG2C2SnYaRGY3a99\/8awO5F2Qpe+vbycKzEN3ueNUgtD8y92W1XtG2C78GhMCEI1RPYj1pzZhzbrlJRrm5YT3D\/l8R+fQYCAtmrdD+CkceZwNpPKhEhVavI5Gp5XwNdJ56+RbVOrxDRVmjqTRPLg4zuWj2jEJ79chsV5GX2UrMGDWSjjSZAsWp9Mx4ndt6VUOFZip\/9r4MKmJiO7yGxG8d3B8CM0gf2O3UIBZEchmXjqS2T2\/ewwSSDqYn23knX\/nt\/rnNzky3YHLXA2PXQsFtsr2gSewQ8lu4K9Abfu98oJmGOqB6Zepl6y2WwgW1oaL73FaoUE77CPUfZc3ThUmYcus+PH3momVuo6wjeidlhQHQcAxWy2EczheDpK4PInZZTQH8B9cl87zWeaY26xiBO6\/KO4jcBhP55bEZTsGd\/GDBTnrzlfHI8ia0xyN1XOyklzBDoPTS\/1FjAcpdn"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490998210174,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ9AAH4RpiA0uxSvbKuKtt7qAbsFTpUkwP8AAB0I1Car3PgqXoAAAEU0MsalNWrpYLQ18ZAibnOvvkWZkLaIOwbFtZhqtVtu5TLZm0soV7JG76EmzAqx1qs\/svpEcqeI4pSwDtsl+NK2QalMMu5vgg1D2hPQHGIt1aS4eoayRIJ3VPcaOSNDV83C3AR0mv2KtvC6teWdJygUetGxKQ\/UYJ6QLBDaKvUCmZZj2vZVqrvBuwDyBKND1rK2QqZl6RiUTDCl4nSVZcyRuOfLolF7OYJOPKZBD4t6WG+TGHM79LiymXprKcILUBJ2K1YaiLCn1zs2+vDUCMAWHQZyIbgwM\/VjHVtWoKynWtpCDzCERMjIJ1zxQJ6tDBzSIdjb\/kb+1tQF8ay5gJWSCph5fhN3WlUXZQDaBOKBUJ2I9dopD5QsCZmrDh487J1TehodFvqwYeDWoFQ8srWDefQk8SoiM1XPeVmNODrg9QeE7FRqxEMYSAJTscHu2ysTRpS6u0nW7YzbouCZVKIBWVyFIouUM63vfE1LhTevhKNyImiHdcWgdhveodOPIQdru+yJ\/CMsThCPBXufZLrNRtOOOXBr1ZzyP+aBX0McbDQcpj+ciAJGTJjSHxWUmDDQspqx9narwsCPEI+v4ArKERTnUdu7\/6nOi7J5uar38mApB2HiANKRB\/OASqUgAc8ACIO6FDIFjW11hEEAai48sDt6vBB9ZO8VrPaXnCSEefYtr1CkWMMDU+8J6J1a3OUjle5I93NjA5n54f4ZpYHMAyPBvVedwbcLoV3w6OTQ4NB4vwrAnUm5p70JkUO+3taDma+0+invcrNJGM1FG7anF4zEieOhJtQ4mllfkwjpM2\/x5WCHhL3y7rITx2sMJSwM7QBFBt8JhAn\/+JK\/J1kmvUgqqAXL\/MeNdQiGOMogmyEMpcwawAYBv8KuiGxOfzlaQ9nyyxUodzR+YZRwElQHmn4\/cv17nYnXqt\/soP5mHB3jK7WInbJxbQtyjf\/2E2taACT6y4sbecs1ieQ7lPKAP8SRjyzKNzmrrWdXqI2Da+1Doo\/BmCV8A7sm2\/elK+9FIm4M\/IlEy+KLnlG86XzY2C42ChunILwweHBE9RNiC5L3JUHBdmZB8qhCJS3Gyv2i3tAgkYBYisv0ySZ8o\/0SvcyE2DQpP4forHbdy6TdkccNmXvbo6MS5QfnS4suI5biaLo7Bc\/MXSst\/E93BkvPQfEuie00Py4FeFONibIef+lonUgkkBPYpiKLNmUivROF\/dSQinZWmWEdroeZho3HiywTGBppaxcVTuH9qcsHGSx6LJBydHlbY04gLSBtjiXE9\/E0JsQcpK8dBe48AMIRl\/T0NiDAJ3DFspe45EgGog8S6cx3njyKHMlH0bDH8ynfVV0XI77o\/FZdB8rdeO654rA5kyXlMYZ\/2swLInXPTRDn2WT\/FyseIu5So131zAfhyOaP8+FA3IhKXJkyNVNc16adllGwYmnKZap8VsalJ+Z25vFfbFqb9gqxHIFSDP9ywoC9aWwCfT2DI\/I2yQM1zWc851SNzpkt05NV9qoXzAV8UPMCE786OxcMbPijrx6UR\/Ej2qgdhZo\/W1ueBLopVSUvaLmnCe6U2PPHmg06ma634pfxGhtn1YwmbXZ7aZ5N9IM7S7Rl2UQkH6MpHEKmSxufz1uLW5e+mbeiCjtHWlwuJPebWcZipkjfontJFtxY8JqWR28min3U923U6vzulHQmxO+b1E6vPO6sxgCl8kQJJugJj2mdMYA7iqdA5aBhULx5lZ8+Uw728RNXoKYWbNt6Dmw3bihemdgHf0rN7ObJT6Q0"} 01071{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com"}} 01060{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} -00893{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":405,"global_ts_usec":1621492846202030} +00893{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":405,"global_ts_usec":1621492846202030} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846202030,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"} -01429{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1621492846499549,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846499549,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNhAAH4RSxM0uxSvxPU9QM0gAbsFTsB+yP8AAB0IkN0D0fi2gP0AAEU0eNeT2iVrLMv4jKHl8TcBYgCovcfBUbyiMals1lo6OENtv3m3tzUH\/6BCYnVpY+CFN6iuhjAxK4TQo8fdrcWsTOaPpoFoY2L1biWlEbkp\/x6C0kavU\/xvEB03HgfSHvx9g2E9+0QVaZrnTGMDhzE\/LCMOi99ZyzUFTLa2whyStOHkacXjeP\/fXvaRIU8Xw0e1DmF+BBORNoKDNAzHaWe3Xdqk4sXMuKcYmcsPCiNzUfbIR5I4+VLDDbiRMHE4TjaiWP1s5tp2uFI3oH8oNBxSqcPF8N1QFN8Owg0bhCA\/IS6AAO+WjLvCXNFTIFRkUX2YOFCXkduhSQk\/oHwzaVML52Ssm10WvS1irnJ1a2h+SxJBrkoqZbSa3c8eawvV0lJSss8ZpdSbSRzoN2qRfRqNsLkutWp\/l\/cD\/9NStpmQaF3kKcyrILDL5C+ND+LRujNpqDaC7rufyYb4OxX88B0MzY74bKzBpjdNd\/NyrBm8\/onpNwjnCW96RXgIjm5ELYRH09jAdke\/LMSfgsn6fc0lbvgEQ3PiOAd21XyPj2OSsqeutdhHzHRboDg8Pn60e3mxTSQEysOZhCJu1aVdB2yGnhlHsTGM58d5JBHDE+jZDUbC06OdcJVkIv6bjuXRCqEL93W8VuYBHzKsU8Ii7A0JxSjAutjZgwMCd45KPWDsNutDQ87CFhmk5RA+fKc3pBM8cKLyE1\/D7NJxJr4GJrA53oLs7VGf6MKmlV4AsJZP6rx2xmCFhjFqHYFLBgJdnESGthy0GqSMdwYEYdqxlsQZidXrJUgJhUv\/viqRmaGGOIoeCbGdNL22EJ90SNuuCvVNhxjf+OCfozoA65mZFx5Us+WOLW813xAA7oS3jfz2r9ButsPWkueyotS4sGWbX+O7pcBxmbUlkuDeWzly\/JrdnbLf8o5IpZlL\/szeGX\/xaukbonKpw0kk35eQAFT22V0SvOQXn506i1bIeQVC6wqNBPKsgTo\/VPQcaj1aZ1Q17VqXoKPIuPlZ7SMkngAYC6FlUWvgpdcoeIcZ\/t2glrET\/TpZTHAx1vcYpwXGccxvCqJvFzp\/iEy\/P0\/s2VTVERM98qgpyC8vVMDiAXeT0c+8myMBJWMmEBB7+3YFzgV0RnhI5XMWiTiedHwgemVCeDU1kg8u8hqfknKqaVcO5tLH9t2FGmiCSrVi\/CAOeu\/vnWqt9L\/E7AUvgJ3nf\/XofTNim4vFwMW9qWfnflBAI4etDSLXlfhCF6hj05LkXpBYnhDX04dMfzMd0wbqUALjlqng3G22KPNXzcoLHgLHkSRTNkeGoexq9oBLHV6OhHb4pIzLS3SlHBQgMv0ujiz0C3WRmVVFITqTC4Ym0lFLd1XdXKIywfzJUvwG8AxVCpiWvvbn0MsvomTXCjNPteZVCsije7Ys2XOj4jFIoymLHdB7GeVOyHHeUAXfmy7fXXhR9EIO7It7pUitHoj7\/O+uPlKz4WGY1XtA5gadBlJ9hcfv1AISORgb2SzImOEaEIs1Oyben4xhUAxtnihkj2tOYt66nHUJoi6WDXV0pSiA1adbER0DGTh61m1GbsvAF6iehNm5R\/auq3cSwz\/oNuoEeWcajKe6C+bJZ0Pp4ODEB6xylysFi5Nsg\/X3yxwOUBMebO7HFdoJOx6\/anLHqvZoeJiNuEm3J93g5x\/1Nsu9QNYOSXc3CITQMMVtVZsPeOQpBypby+hqNIrDBvXDcv86XBheVQLni22zPRHvnPPVc9m1STaKuBI1rOewM0zxJ7Y1kebQ5fFy"} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1621492847100544,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492847100544,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNlAAH4RSxI0uxSvxPU9QM0gAbsFTuvFzP8AAB0IkN0D0fi2gP0AAEU06G6NT+VSCrmEO3BKTHqGvRDj7zHVCi94TyNRWxU1mXbjbTRFZ+CaZvg4gqUf9xMHAUYdMHn0JKiRgnSgkHznaTtiRgEk22fQwgIxVH+hvtVpbaIsb3bOri0\/NzM4wzGQk0hhFXdooXMc+tmV57mVI8vF9JmkYZ3AY2F8JLlv1BxIxapiJTD7gwuZ9nIypLmrrtiyGXxIl88PM6uDd1lRl3qoQ0oiA9c6pPTCRB8dAQJ4YYuVmuW5TbhruKDZ8PB0MJQOb013X2nAghH9Hwha3CvwiU2omtgMvjkZesxfUObKfDTbFEMzL\/jrRFh\/+J0F\/EGuyjhTpDu6+xG8itbCbnAQOy7WuW5TYEsc0xXOAoc6KlEwmQiQKfPKtF\/2CZ9SjafQf4Oy5m1SaS8su+ueaSjJsX7m0K38THdf5jQ\/Fl4bTD67mwBO+f0scmP6GL\/mbPaoaMUGAzlNUBiMCCExtPs8A0mmZK+0smBu+L2yDxhIAkqjH2OcdLR11dCH0QdOU\/qRLGN41DI\/\/cqIkx2ijbR9g+OiikFtGSy6n2LA3mBBdnd2T0hBdnX9fIo78omWMaICsidEwWQIYfSO+LyI2h4JvJoNJSJxTMpQux0CHDeflYgxqteaTQCHdOZSOAFozGJdqpUc4ukomNxsQCMV4GAyI75uC+kKJhbeM\/HEqnNyY0rfHOQrHusbMJJ7FCv6nM11\/2Oo1Hh2eJK88As7gRhqPVzeuz\/U\/xXz2EOtHRBBzR+oprpB0Uws8\/b54W5T+yFgV3JV567bJDHBaKHV4CypvviObj3VPZSDfbx8ZDE8cPozymxrQGwJnz\/SSVKg7yHHCcAhBIh9T7YzMsItriGNvgnX0urwJbHBIwvT0elkkqojq4KIx\/7Yh8uMFRpT07cYIl6MdN\/iCqwh1vqZbBwbGpfQR\/HAz4IypJz+zywRzPQmL4Zjd28OKKYaEI1VO6TnaZathnaIz0cGz41\/3ec6ubKFkmDYBvMaCkYbP938UlSyqwlkgR59+GTpwl2zVUb\/faKExO\/4NpJhLquIMi1hgHnj1b89iIzZEVRRmuruxSFJoxbfnenirV2KkIVM3rdYaAMxCt99+sRexO3VcGSAJA03hK\/5kyXvD1AEq19Fa4iw1nUrJXngE0gL+UwmRFL0ICfLh\/hdSEO2viit7tS9gNA4BJCujAoVC7fRr\/9\/osYAvWoTHo08WZH2WCiQAis7vlYiYCukAhDVyYp0qF36aPAJIVN4AZeZh\/UwxvSF7ScBTb4zd2qrmWQ\/QZp4LrWYepsYYrlR5PrdyOcgmPlz88MR+J+nuXlWXgCXcgNN1OrnHnxsLeZAZ66ipsvP1GZZJYJb3sLc9AcafS9torkCmsXvmQslIdm+okpX\/V\/b43ll6bHHGrpUQUv\/PNxOHHQOhXVrn7vat1ejZj90Ni6sGu+5HaMpi1OLD1mKP68o8RFXXDItYMsdIXHnUpqZjqKI3C+edj9oApTrZsLkp61Xxv6XiA96YE2VPsxN+ezAXexypGEJk04q7+rYgpGY24NJp4tAUHgsYUOjphIugzRYKjYfTmKFGPs84dxLcAVTKE13VQOFcTXkt62OXTrEtGBfQUWVDuQm\/p598jzYh96BGCH7WptCesorqdhDG\/2HxAPEOEo7SWItolevicv20QLakpWkPPm17h6hzM\/rWFNZM9vbByjMoWPhIUCyRXi\/CbuDLLXeA9rb9\/9+r7QoHKocX6ChoPNabp8O8SrguQ6Jwt8O7ZEnphGvVCAS+swijeKY"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492848301815,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNpAAH4RSxE0uxSvxPU9QM0gAbsFTvUqyf8AAB0IkN0D0fi2gP0AAEU0qqh+Fby3a1Z7p4sCANnB6COSx4SfBj4fWyF81t2sAxdk0a7MCvBODpWTurm4KJJe+3fjm5FY5ziq5GLl33Nve0OqvaLB+z3Jd1yr8m6tmz40B6WuTJ36U+FBGHL4iuYsvMC8lYR2Yk1V6jHmOJphwzJcfdduOddwCotEuKkog\/DUq2HjQyGgpSOyqGm7roFmypyS4JvspVFE58nFPRZumlvwX0okQGDF3ibTSx1B4bEHhYFOmnQ1\/aufX3MfWNBwkOe23bCHBYhFZqDZFsx79Aa4S+rcXnVBu1CcRSLi0zOIssWigjeZYQ\/JNILPVf0ZW3Ic1FgYooFhl7c+MoFGU82qeQ\/VWIPgAkgSUuLocqRX9ojF0IRfgMEniHQvHPRN3fsDkmO\/2EiDUMmNBDuwceskvrPItjIJRikId3nTS1TplmKWbUo2Qasiy041acwKCtAiWDOAIaKXZOFae+GFXg\/\/rCvuBdBHWHE\/1P3hYxC5kHPkXNlUAfD+0p8osiuZz\/Anv1QT5WITDX7wMlkbDWQpQidJMo1+s2bJuOJ+sjOky8icfdnI\/rP67rPyhFHEBPQJkEpfpFz8AsKJoA8CwlVxEzZf5evdnk7aJQ6V3YlQPXfKs1MUkCOuZv1OC\/nlckkkXupIUors4uIDWKVlaFRMYQVU2\/wMgB12MK4DVmaVjJhhTEj8Sb6JDsm6nYuI3U7pgWqFg5QHSCgNUN4OuvXJ+wb9k+5O1ZL7tcYhSyN1OdT60MZWcPZUlYWwN\/K+k9ORY+neeFZ5Wk\/xQGNIR9KIGvbHnMrNYvQVyxe0nbZ9VK7T4JBEbq3mYd4TbOTJSjig81MEU37SaNqg1rdXKSObLPZn\/Id0aq2agilEmpsLi+LPvF4Uh1KCs1tqlYIhnLtp6h9bQFHEsq55yNBprbQ3CHYRtquUeSIujphuSKfQgBvOFXLNxWCftyjyL+ta5aFfqrBTeZJoQGRJWH0Dp9JoAEU53CtSsMpJGe0DsLIZQwm2CS\/80PnkutVp+XqiaGCdeppVjKAXVZHik0vArRg\/f\/Ymrb2WM3aop9TB+msvKbXh7AYjKWAwdKeSplEjnSwhR8kEkKt\/j9QpzlRj9O5bJfRngQfTd0VqJa87+SN+rAaF5WC8N1Cpp3v1oa+JlJzZYGA48nOy0sgdM1aXDsuu2dfdR5TjAp4zNWmBJE\/XcCmGgh3c3ALPRLcokcR4Ow5Dpf8+pLu+DM1GAF9uR8XC+Zxh1jv2EauHHVZ0jU1pntqprblCs\/oaPd0BSRbEHMJ\/CIDqRwzjEi9vf9lcLL0k3sLhtS40o54aoTavgqEQQ6qkTw2hRkWi+hC6jKKHWy6\/jEx6siMAPYUI1ecuRR8BBjRC\/XatQhQi8AEi\/fDdOnX3VvDH9LuLWULmnNfuVc1Wlyd+LAQ+VF7FU+LET\/KrV0naNTMwOAkAlnfqpShJ3UIhxaee7+R00Iu\/NLdTX2h0I4hFbil9D+LOcAGiXTyBjIIQq8dOyEfDu006oWmBN0234TuhRxJaljNOjqK9FNX\/hgd3y52cOszoIK1oTWfaP5fCa7A5bDPovU5GDIY1GsMnnqf4DNDbmyfvpuVHg69M5bzOKfsJNhyTC3qYQki1VfC2mlgyrOTK8x8s6YT\/zunPDkT0dGEp99HHXLOgfxdPrNONBg3Wl5Bb\/Fj72\/qPD5E9jtqn6jnvIY1nMeGyIeObtZCj5oNT7Lps3D2YWxdJgwksIbEHNj3CB7W4IFvA7l9PZBp5zQaLB5uScVAYKPsH"} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01058{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com"}} -00893{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":415,"global_ts_usec":1621494599158885} +00893{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":415,"global_ts_usec":1621494599158885} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494599158885,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1621494599466741,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494599466741,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVm9AAH4R6Xo0uxSv0OWdUcmjAbsFTojgyf8AAB0IjEZZ7Twbo9wAAEU001Nedh8jl0mRxcN7+5ymyAhdk9NMUwxYze3lIyYWk2jP0t92iE+L\/yAM4MnpE0YCo8Yj\/sG9IYL5\/Jqz+v0\/7PZJlA72+xIp\/Zz2FHFmfCsrXJBq8qMZr4yMJUaTQ79L\/KyQSvCHFBgMRJUhRKX69bPpnAnksqJirAlkiGBvT0YEt9mMoiR55EP1zkREk8I1QRdfacOBiC1xn5oSmyEOrHRGNMlEIFFRJLgWr0XXotnRIEGBlAPOKZPZzQapDug6\/9gRem0rTXsSVsMhbztxGw\/vtcuhxHhCL\/sRMBYP\/by5OhP3fCsCPd3sspB94dh0sVKqpEvWHKRXI5qkQ8i0KiE6NKXE1Nhqr1NvADQnhHZesnr3pbbwRzdVtIdnVbg+KpCF5NoQHX8ZH8QDyNjWRE1jnBpB6l3OJ1sSKdAgaiw8Ptd9k6AGoDKbmF4ICOpOWeyjIS5UuYgKNS4W1hKboP4A0l98z1AMF1cWHOyoMcwHulLBVCbBON1h3OyJxCb+qSsMMjsumD6d4H94KHLyQlTJDPLNq5+27EH4JgoPrQnrhU70QkhyDGeMEA08Y3NMvkMXs9ScL+i2jzv5BFhQo\/tMXR8AuhJIM9staI9B52\/FDML\/NHMdUhCiYzlzdj1bMiHMjmHtScQaruiH9wV2aP0flj8aUj5pRTOyuCcs7Yj8tosR5Q7Bc4J09A\/d7uBuSzN6SiWaOfxKRsQjRiB+PoBFp3RyZI15eo0FBDGFV9z7YaWXpK\/QUxQVAHHMQr6q2XYdo34fAYM5WCCSw55MSvIPkgf5o0DYE25dUpBH2wSkVcAbptZSsQKNwzN7dqVdVmsRhsSqNIVkr94Mgea0XDKOPfcuA0DHWVB2NpAqq\/2KIzHInDQ6qFc5M4nF4o54hvOuiL+GByVbEQt\/\/entGulu7X2JEiyqmYk92gVvJPNI8Bwemp05+Q+twxKscsRsU5w0Xn4LJ0aYLhTJviBC5fXR8Pc1viFBHXYXbarbLaQ3PMRows7y8XdeOl\/bsuCdG0ch6eIFsRvMMwjmhUgHj6ZC2WxikfNArVb9\/GqEMsVsVGaSerfdOb8LTsT5SWnrIpnMmWN2uIjFPgyu8\/qOno2piahKRLskEqrRUpNfLzBpNxlY9abVFtVrTQFSn+Bv0pyQSJS4S8yhl2CkBgItTkREH46KOs97E\/bHK\/yGj3NexQldO92K00H85joQ7nGUScRMKfqIpqXecJxSM6OAroxCymb3vSJmrnHwKgY0lo+ETPgqaXNxSMmLS\/2JsUVg9IcXwjmP\/hdzYDT4SjdN\/NCNzQLqEDcD8ycSm8xG+d2Pvjum+8NDSNcasGk4ZrSjQeckzYfCVt3NCKRhy2IHBlWjMTzzyU6DPzhIcLNpxSDWwl1i2IaHmb1isu27465MaWunzERUUlOR+kzIqaRHPTGq7D8F9Wz\/Lo9VOIM5KywiZogg8pDlQ7rw5vQ2wQF5TAz7WtDmtXKPT6M2TZLh0RCInRTlcWnKpFX\/38oEnnKrzaye2ifSAUvdyfSNZNXjY2UYGYg6Xrow72NLPTC9O\/+G9i89rbi0HpJcLFfEQxFMQ1sztsPWaTAohU5yyk90ga7gEn9IGLftr8nTGe13R6POb\/td5pOruFoWbUnJjSDEOgXIJWatBnyyLDn9kNeLMGnrjo17scXrhmlTzgSFpT8tsc+6WK+4OwCSK7uN2VYU5zw7G2oqvb\/XH2izKQLOvApMhxYFBkNigiUw+ruYaH6KQmSISbShAPpmf6e3Ok4EN\/1H"} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1621494600068782,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494600068782,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494601272036,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq5AAH4R6Ts0uxSv0OWdUcmjAbsFTlPfxf8AAB0IjEZZ7Twbo9wAAEU0prv+U7F0wdX+izhf538Ajti0HKLGYuh9e5U6Y083jD\/QIudUgm1tYlkI2kM8cWbsQ+zC8GmWvIe9R2LBEf03sk43RvCMkoIhJHFcYa\/R7mV9IOlJWhxtrx+4DL\/Ff\/sTibLd\/qSnC24us3y1TFX8\/ZStD1RSAktAosgZ4wiTdFHkgawgHp8fWdI2t2s\/f38VKNnu9Pc9dIzDRZAEuKYsDhH436g0EMRXk002f1wAuTiTiXes1K42qwRvaem1MPpvNUcaqjarzwaBJMbmEZ3MZt+3q2iR6fg2WHuhVAnDc0y9+VtRAAhpESOqXSJpZsh2Mf8gCOlmP\/xMjfZg9cH88RFprtur9A\/DkRQnUe12QifWj4ykhp3naaUCqMqCGZRKXI79KqstmUWWEgsOd+ckZ83E2BHO8ghy8VDlrP3n5Z0cwuHqlqX+4A46VKC4s3MeThym\/zeNClA3QJGTQm99L9bYjtZe\/hfoCsIGS+0FyHBR+z4CuR6CIghEZzrqdZCehaPFn4uBPlvGIvKSr3TJa9FZHd0+TR5haVnADGPEze1B8Sd42XPi71apcKerlcTUenvLHJsLB3ugmAjsTMt1y8xKJvVEC6U3+MABAT8o8cyzzhcJL+QRVFNOwdFqpz10Gb0bNCM5tYLS\/+WuwnSBlxFppLfz9FUqxkHdM5y9iLf6QLIZWjiEJiQ+KV15o3keVzVoq9YS4jcfqwVvJMRWbqRuTNKWQ5apS4g+Q+a5K6q2uFoa7rUKblp7u8edlevenqLtIJ7idXc\/Ehqu5e9o+MJpdtgY1ODSnxbIq6tP7t7ZtSEsZAoa4PXSgZKmcc0GkDVq8kM9HhlPycMl\/GyGGBE\/Y8sAVcih7lnhYPhG6I+eBJZuY6wv5NAMIgo7fEzKAeWbh24aVTdrljsfq0+dlQ6dXSb1flS6eCU3h3h9wPMjNT2NWNxkKl\/NqEOG9GnxDV09u3yw8AA3OKWMHhnsfoAhJ917Vt3wyuwEH53E9vodhpmpLN4VGqXr9Y5istpTcHr9AXs75pucnLXRkHLhg3UmAgoKQ4pxH9AQcMlJKUUNzPA9qgvb3nU3j7MRRl46acIbwP4KTUWP7yYFdWqPnhJ3fvwOvH7ugqM9\/RGl9lJDXk\/nj8AqJSNeILT8U5vIgKhmf5nf3sxT9i8Ks7KXm0Yx1Nk+4sc1TFT8PdLe7lL4bzFLnxRapDpK2af7jy4lv6Pa\/BZDHzmVUGKCpKoAZPE+zlrO6pJXTTJlWqgcrKj2Tqm\/suo6dJqGGNe7s3eahMi9jpxuJ3YX4KAZoObAPyhuQ4H0a9MJQqNDc\/ZzuRszbZPKzxd4hivLrcn2tMi+wxGPij1ZcPLnzwwMvEr2BkH41pHllJK+uB3pS5STPRWdRbdIriBqiR2vLu0kzg8p9D\/rypfR6\/5sLwgYcovdb1RQ9aHb8y15hD9fpivmLWCmYaWLlP9\/nyztdJtf9F7UcZk67Z3WV95ccKRpIZqV7eDN9xlWf1lu6NwRTvPxPX+Rq7B9tpA0dJ1VsCvWBmwKcUKBnMJyvWt0BsYqviTt7c5\/dfn4FvkbhfBgQ8P6cuZwMFtSzRQamMxlZu4cb54asL8l03klv9yXFKpeYFgactkCG0i8jq4UIg6g5gpYTUpuMs8x0eO\/HFi4Hv9wkBepGucKMzD6F5qMf5hviTeSYggr\/tBofODo3FKxI0UzrQ7JDvfWKNRM9+0\/lD9RfQ4DCr9AUTzo\/4\/1pmzKIyChjDf3IPCKdJdReH3k0FK5ov9cVz\/P"} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494601272036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} -00893{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":111,"packets-processed":110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1621495208068843} +00893{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":111,"packets-processed":110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1621495208068843} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495208068843,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"} -01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495210744101,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFXpAAH4RYIKokEAFgPgYAdcaAbsFTt\/iyv8AAB0I2zeQoOz5WyUAAEU0jhtk7ZYO\/t++QG80XD8xnpwXGKbf+FVJ+ISOgwLVL45kqQP6tSuWth5HXdoJc8ZyI19g5++SRrnWaPSJCxPjE9g315E4TbKU9m\/we74ovYlIndf6LYLJ0WqrP6o8IkyXDszg8SzZSMt4M30t4SgDRR6Q5o2IbPGolAh7UamAr90QEylR\/uIS0sasMvvkSpysRp9ckggnCAbstJcHBvinhjkG2VSPzmjNJoDsOtvPqHPtJvNpojktPxYWHTjpWdYUAod79DMkXY1vRqntsgNNDYXeZhdoXwH2HWV\/exDKz+F9bcgQNX6hnXanzIbxcQxbT7yuzcXLZMUP0rJvP9NrvYnLotM2YIP1NkqQ4MUgi\/LE+5\/YOOGegvWSeBErSprROif2Slau6EpF9Rq4x9QyI9geY7GPFow13L3eizcByac8aehgQKHihAWI+Aqo4T9GXf2lmgEXe5yhso68TiNdxt41vH2DonLNC7Tc9M7Yorh3IwY5xUSGl\/cKy8\/pNoo+tpLVj71oehQFnGVEF+ybMdivZd+7KU8tyx6ITEtXyiw3M6HXXtpk3dR6MsHhhasZ7jAjpsXi+vLpD6vyr7XXniVlK3Lr9tM5wlg\/jvTaI4NkA218LBhKKGxwAGv8oCPrc25uEEjEejA5BPJgFu\/CiYBkhUaI\/kKl+nzfCcirOfwodGDc0COV09EassJlEJui5t3XnNV6EBm1lbnXwDWWeI0ApwOcHPJltBOadayMvcNnaSTKZUXlUZMHRVbucS36AeTVGz2gPUzmorPO2uaLQlFHbWbB1zjXeyc\/sJ9mtAMr9ZhShgV0cowmNG2pc9FJh6Zn2x0Xdbc0IwQyY\/6a4THfFzmMy8Jtca5vfwAC0913Z93ITxHg81JUp2VflW10aNBAK\/3ZclhXoSqIkiv185lAI98fihhaKIrmzK7Fy6nPKOaw7vIegqSSG6ZapEOg4SzV+xRYAgVte+oL1b6sJHDlbzRsP5zepWbsm85VJ63ZrUR3u8MAlt62wM0wL9097D97l3SQ+cYuK9W7nyjYx\/9BD+SJW0v+X4XA4vtGpyhFY1DOIH63kMLcMhe5aDv7B4XYQtlwZaWWnHrImv3mrYyGAL+lEluvRLRX9rEY5R\/mNiI2y6wWHzjt9pDJSkSYvJlR0qHzUue0vQ47hV0cK3JJqNngTXscTgX9aYnkYr8r4MNj9MakUpjEbwITu2IBh382EjALjSzLNo2XcWehzOYL27v3D7d7PDtp0rnG4OUFoW+IyHj1keIWK86WJtFdeBDMshTrkFdQohEGsthgjzPLWNJmhJL8ga45Ja1nwcOo2JogHVMcm8q8wtFTZXshq8+LkDrjmtHkC+WoUNWaOeSKZ7j\/oemgVwqEl2l7mvAzOxEJr1J3TfhfKU1NpXw7rDWKDBvJTfPruGKdPzB3Gxe\/my6eLPCswoooJpfxjAeoA1wH29XDgAt3X+b1xk+iODC\/DDY95uzF1zP+yDMe\/+Jl96QUOQQu+OtftKDxI85nxzLNHxoZjwWaFyJc1wCIfTz7dFAlvTf4s7vP5d2w81Q2oT0WBCvyq7u\/FZL7sO3QU\/WJNEl\/cHjLi9alY6m3pmUEjfwLy\/F1tNlRzfnY4\/lLHjdHuE173k72dusgFghWwAhzZ6MyVF4vHBG7y6pAA0Aeb2SJB\/LM7yndloeF5OJdKc8z0xx74TFrQsJXZitMjB7tfvygzYT0lT0+ydw\/XW3s+g3kR+JzDjS\/1mehf\/csJdmyGhkB5thAT1Mu4dteApqj"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495211515133,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGaxAAH4RgN6okEAFQSEzSvG+AbsFTsazy\/8AAB0Igb5NFJ6PF1oAAEU0xCAwnLtbjGUk+fejVmQozQOg0\/ESmN2FG+LOLPBns4theX05eIqUs4AHp7MrmdBMpaQWbc++dLtAQvCTs26HRJJN3DNALzirEZEWeKXTpfa8Ts+3tIY1yxvgw0lrCnC6WI4RVm+nJiWVtstu+BEaotx33QRtR1Kn9gDj9C+jgzsJvfbt+\/T4njpF9igVWsDeg57RA8NGboKJBBGDNLF0BQAAStKBXmKkpSZb\/Ai8RWN1Wct3KRq4r+qQ3P3+\/sCREOyEForD1qoAlfL9ibjQ5mOCpDDMysyN6vJIZBLAIDyvg4ilAKvWZ4QDSMJ9OgKY0ajtVjTL3fziHI53PUsTfoKz2LhwyKEfX8BmjBWA0jXT+sxB1lLAO4+3hy6jMxtGkeNNuhNuHvXbZMw7KZQweD2KxBTPSRJj9h4XOpS9jecr39\/eI6Ufn0VUWTti96mlVggW1ELQ9Gzv0mt6Sj\/iXWWlhaBrl\/5KcWrRXkoydLMLw9Vzz87jbLyNeVZLuWpfVSUh7CI0Rg1OwuBa6nYtOTUcERnuMjACBglx\/HzzMAhlNNo1t5mNQXmjiSnKPJhZCnk3p2LZGXu87vxRMlxSffV4SqrXO7wDQkUSYxXb7oZWdtThtgLUTVT2enl18CO7EnZE\/hMsDrKUng1wrmlJiEAKhVx84skul7zziN\/swLfTsLc4L\/Rh56+ksEb5ZOBD9pay5QOHbuHrJRo8m4CZVNnj3Dgx3xr+3JuKUvg+kOM3m7RI3Po4kt\/n8LAUml+mMQfl4NvAr6ubkDP1xqfcw0TJPkD7yMj6pyeGUDLzkvCt1A0lzBCbBAB7LgMBDnqF3+TKn8wjqWaCXD9\/MfwpZrUigX6+BgfBJhekq66OqMCnJ+VHQc6YXwl4WRujuUw5VdXOpzTw0OxPy9jF30qmvc6CFrRXOsheI7s1ZpaGAgRg4XoM2GPa0j8SFSUdAeiDxEG8GLGwk9cj7WlLuHBSvlmgsNsYJ\/GryTsJnP+UFmNZdhzB35TcvHB92LSpb98htP1t+0qfXuWWt\/XxIGWQ05O2i+qMOSQAGice3HQtfoGUecR1tnZtD3M+AG82g+yrfUCtloJRNeKF4i+NLICfC15RBLdQmyBHI4Jp0PrgoY29jnIk\/NXK\/K69zMHG9dwfAuGYGjV5+7S3O8LN0VKHpZX2MPzHvBSVAEeLIIrFvxPd5WAk\/NlP+VCgZeDw2WLWwSoBMKn3Hb45mqCzrz\/ewbbbIqKa5xT0fE07dK1+T6w4nEhZjWHuJ+RgLpytAUeLaUhAF16fa9AfEFIgjKGqBWJ9N5FXIQ5vG3\/jF6jSbeNlArJDPsDpC\/S4qXX3v6NM9AxXeUI+b6sLh2qGEkgH5rpD+sQDjPQTrbQ9qeHP9ScuuqxyVEFwBWkAsuBI47Z78qebLTD5Go0mPgMzirhwrkhtfLutVWtNkaHwAf+JYotY4qEhDzPGiadbe1HrDoGvbocggh3pxX51uqeJMe9WOH1FUYy5Gu\/xsfRfOCfcg2F\/V51slWJp5X\/9o4XM6Bw0YcrHBxfj9HNFN648ftB8pJP71vfUXO0grtae2iZgpV2t8zUeIX9GgkZlNUlWEMf9\/3BjG091t76vGyBugi9d89TV0NhohcgwJ+qcoqlNXcuHjhk\/fOqUS3wjE+1eYp5M6IexXwbRv3Nz+DIlCZvJzr4JVfLqNZ7hMWmHMe1dmGGZmJYxst5jAT7KaRnygYqCur4qVoS5QZ1HM+7v4L06XXJCVSvXpuEzfgoozex+hKNh2ucO"} -01416{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495211714873,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFYZAAH4RYHaokEAFgPgYAf9vAbsFTmBDy\/8AAB0IOJJ3hsacNv4AAEU0baY3xqzzCvPxyArXzKLDKouHC7RJHh3pTwE\/T+gSQ10GMfO+dVkOJKeQmaLmpDDYpWDl93SoFgzgGj9JyJNxMfBbB3KINp6o8wpksTBkLOXzlV1A9kaeJmvRuK9RfLEFAe9vWScl9hjEsPcf\/QHzr36kD0umOekJmoKT6EqNBn5HwV2qpv87uu9skIz297knDD7vXWjxtwVhWb2tUz96K+btC4+kYJ\/VTNFpLAAIcX3fAe2CLqMf5rdoAycaNQOrLtyNhjw8JnO7NaOOS2\/V7TAr3iqoiWd7r9g+yYn6wAauOjYdWUM3sLAzE8JEijyJO4SAWMXK5LL45C8m56doUnVsNdTCfisF3ey+SwnsCSNggQyi7Ouznig0OBO44rroi3XNqvU4LOwiK\/7gydyfJ7z8wQ\/CI7gjztoz6kc8GMvLgxoJrOq5QzKGL6SbpCNfU6v5q5B8KSG99Sw7MC0kFWTOVIriQx89bvz3x8+ENfpFjHGCeDGEJs26uPwMaNh7ZXQJu1bIpbynvx5JRciSvltkVonCWFzNIp85z5bLW0qXOR0D8EYnkuSjvrZjqrNGNBMZrsHxs1dhO9sGDPIJZPKKGbiC1LxvCMo8xLyF2KZ4PDuHQao+nhqvmJJ0FnbteaTR2scFeXrZiaEGdUThIbCZ7xFmpi7zJM6Ez+sDozO+l3U\/nDTzpPqb+YFL\/0gJU\/AUM69B7j2ezG\/ZIzXQnvmArJVY6m58fYrvGMWNWx5RPDKMXRovwphMGFpUrttX+ttkG+hnB\/imTmkNkUHlqG7g4Q9yRPtSmiXNoEcRe2m8G82yLhBdi9vCclLuBd3LIW1+jXuzc68F1rWZrdVl66iE3UrQLgYnE9WlbCx8vO9E1HF4UpTzPBsFkz\/gOnRuc5WFYHt8O1tUyjv+r05xeK\/ucSaip+2KvZ2Wn1vtwi1odfHkn928POP\/fatifY3iR8WW85F8j4l7UkwInAOtPIz4a6KaKlhTK7GHeMTHER7C1+udBnuKafcdz2PCgJtfWbNxuRucdkkL4mtNfG+hQ\/oCMcBz2poMGIWruxUUwjSwDC3\/Z\/7ipxJOYFn0N8zoMZoCBCBecBVZsLuTJPhNhGB8mSVMMgG2PIsT5NsIOJgovfJrMge08M6CwHrIrU9N5WoiLUvWzJR6vtyL7kEOB70wX6qeabNuf460VB6kIYBN0ZylEP6ZPp4E1RdeoL\/+gOoUe\/V+fKX2QyW1NVSMf+bPC79LkMK0mq2Yhwu5OOnXK1F5\/htvUXqZoAIfhzWAb6naxPrZnP3UqpUf+sMeFX1+B6L98E8Ga9Q1eAsSEPQKRPMDqtSqUKcxSBTRIdpIsSVldrFya70Ko0OKwa4MImURluJnCIMGigCLraP1uJSre+IlkkCQHx+ALZFgGUF0m6nJCLlzQIPva5PhNjC1BFxFj1qqzQq2jmua3tWhbeE7be6k6KK7E9msFfmbvGWCvXmtAa38RMRgtaAp43rM2bZelQ\/hndrt4tse1PjmE31ey8yFJauzvzqjCU95vawcS9zc0SFlOFUMyEq1YWPNDLhqRw2bLrw77gsmS60Do+kYYnbefAdllcPRD5EtBLZ\/rvvE255KhAfhLTFjkdJhuYORsFfaeyqgTFqFjOPcC5F7SZ6rgIV3ZOpPO1FLTknWKAEeYHjfgojr6Fd+FA3kLkSHqNanwaRwB5wf+KtFKdlHSWZ248KX1x+WbTZxOW144N1+mnwBxnyKg8oVlnpGY0NEGjU76RZdNILMXhsMVMGO5Nf2"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495213177650,"pkt":"AAAAAAAAAAEAguyCCABFAAViV9lAAH4RzGmokEAFdZR1HuXQAbsFTiWSzf8AAB0IA03G00cjw3oAAEU0zpEREYtHc7fujisRl6Znia+7gzai8j7ZczB+a4Fyh+TnPaUk2oSi6h8oKvmj8nm70si+eFwEDb3FGL0hKLe6Q+jl35hlotxy8iz2MJJ+5JCecVMwWZMxK7aUkr6CaJRjwV5CAn1HRTHFLENZoJSkm3TO9IVstjeamQNND1C4DAYpZCGs04m3llenDZ\/2nNSsBRAqLZzlWTAHq1v+l8D6eE3YZLIpE9IrHycGHzViWxzXMi5yEaLjXG7\/gQk6gthaWh+hPIwJXrVk91+SXWpGfGKCCJtYXQe\/YYWnkpx+6u0xCJrCQ8l49V7DgS4W5guuiYck\/qFFKjVY3epgO0wSz+88pQcwVBobJMMXob69lIlXUiGJFQRdauvWOZcO\/L\/bUlflHcZ78ul\/rMPxQOiK365X16shY0I9m9aYK0vHWaLkQuxh6V0ZNOx509fgaFleyoO82d6dXpdyjt1rJM5gsDy8odRbJsobykqUplaDy3hP2x38Y9FzMJXsgHrai1zY6jqfTltw56ae\/7dvGxvxIVqCGlfOb2WjNFBF9\/LB8quZqSRVstaohJPnGpH7kVyAxNV1GTpVzDBbsxBWsfLG+Y7\/HImytHwpfxKeW3R2CAwJZXalypABlNkFfbhaeKzeql7ba3QOrsZyGQN7oaq3Rq3MAidC50gUVpQUByaEzPovR+3MmbtY6D5hLfj4TN1QByItBrTV\/XlHoWnrq\/DHJ4ZfBK4zLh4CNky8ZPsi936i8oU3g2YuXcCw0bkg8r1WCGjKJv+rdzI5ilHttek2MA7UUHCX5ICi6MB8S0s0wZiaZIPzdp7MYwsb4SgwIeWyJ2Ljz5IdSO5DxWBGvbcD9yl+3B5kIRZEtQmYdVCNieJFQkO6Us4QcNQDENcnaYpjFm\/ja8QmX5kP93aPcbMzm7nfVngHcDxxMgMXHIvkRkcvMcFjZJTHJgMU5LFMiXkxk9yZXV+hQMvPDgQgvkvRiW99Zwppx6x\/J1jFTyAohgUibbubWRLh2AAzOHgCz2ig8L5dy9K7xCzr2Xth\/JmLkyadTNCAUj3zbID3KEBBrhe454xxmAcXntpqr8uF6By1xuvy3exW+x5KB9i1AkZNkw8L1Op43WXQvcjQxCD2resMdq+jtdzg47L\/nQ0rZyzurYJ5tT1FAT7vCsWTCaOAsiVbUmvYE1uDvAMF9dJOXuF07HLb5+xhG1XKtBDaOfchBz4SNo7+00DbN4f8EY+FxpAZKzDK9+wj+5BzVIV5iHrtH90bEmt7eAhSPZN2MjbGFeQuyxUnOzpi\/795U5CmJvNPvJeaGfSzxnjjNqBTlb+T9XJYP1XT7ItPX5ZrMBWdJ6WInKgcMnSb2gw\/ieLuFgYlaEbn3nw2Vps5tGD919b7P4tV2g20hLlqcbNlmZvviPXipf7UweSGsqmu4S0nRNTJ61wiXAEF9d+3Zvcx2Lmv6aESs4Y631voX+3P0avN1hltZJfMZHdpe6CRgj1Svw2JJxscjkxqwmbkwKldXEka+ot\/nIwrZRrkvverD8GcfNN7+gJOU8G7udQ0SKUSqI3DPyaSEb3IvIFaVDZ9Yz+HehsjvORG3zJlR2sfIgeQFPc8JjjX7ExTKf4uZOMgdLlrhCbrevhMCmiyKdBoPDkbnbi+c7aKMwm4qE+d0MtqO+rSQNHrDkMuYBESTLtHgl3RIqbnlrw9jNZIDyZG7lobW7PunDtEOt++PlNOlUQLnkW8gWBV5Vw3kQ50hMAtvSrX7RiOHr+5QxC\/dT+DEQPpku4M"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495215529415,"pkt":"AAAAAAAAAAEAz315CABFAAViMsdAAH4RrXyokEAFJjkIeeQ9AbsFTmZNxf8AAB0IjZ\/i0MvbChYAAEU0Kuw5tIMbBep8zuXyFh\/CQw4vOa+ci4Wju1UfAkTGptA3xc23uwjbUED35IsAoT1c1vWSSpo1qoNbbUHZHartpYEZfoDzKqE0vmMKIRKBVz8p9UZnDMRqEXsN0o34IBa1u+5euUoZbZycVQbYG92X8tEJZUuLJQNPn7c9r8wIv6AfrnNfGtmki3v2aiKtRgXC1xcP0t\/BRF8i60R1e0\/SZfsdw6zmYKvXlb6meRkpRjolbih4G9oDqWoYvNI3EweYqf18S8s\/Xw6XLAvhzqAm+tqeiz6MfzwYKpLZdbP+6NSV4r3QlXmUMLI\/jOvlrh2GzjooQOG5gNIFQswRTZAMHIhQW9aX0Uhtiro\/cjYViGWEjpDbnwQi\/f7j2jafAUU5cUdCbYu6b8KUGI8MRCPg03ccQcmTOrbzbnsYFqQdZj3Oaj8oPF89fzvyu7ZZXic6q3INwPefXtAfiCceDxI7\/qwuFETUy4AU9YE7NPDCQfhrqLkBFnC7toLh5HLAWW1g0atzU1bIesqMtiWQNHpw6ilYy0P0Mml\/aLO3UASH2I3JzMRigR+aiKHJTQR\/7qGDxupagWFJiIqCs23iBup7jh85U3Fb7lC6WFTUyRRb69IuyN+9pN0xgb27sCXsGTU5vt5Xt2fpbYpKxX\/1dPfIOhbYqrmreZW09kjCedA6npXTYF2Ddu\/RWOqA5Xghl9jTCdqu6G0lVaF+jiT3YIuLbZJBefXJGeKLb1x3aZIAvordZ1rRKFBzQeFxpLpCEcohnAooS5OSu2JU2sjJcG1hFM+uZdDDe2S8bf3T5QmynqA8xZRBQc6ToAej8kU8ilRATsLphK1qTG\/Xz7HAZyaItvAVUzN6AWfe\/ptcf2FpFG2vlv3Nc0Z1o2VG2XhPHikHnP5H9GmBG4UvIGGheJm3UYfUhbFAGglGvMuSmmtTawrqACMC8ZL7+eywRfyAHmj2YOXc7igcQwM2+guxC97qeBDa6jfdMcnO1bIdOInih7VYVwp0RjaCC+xN+4sckLy91v+s6XAPniEeoaqNyxLx+zsyaYE3UO5mABu4ikw2PcrohSn8TsfYSVSIfgAf3oLeJLdeG1bAZzEHT\/leWIkPiXuKIU0JDfdwOyXbw0eJ5gIW1YwjA2PUC5WJteN3WrLf8QiM9XX\/Vnzx4CmxYhWKkYf1Lms81UyEAeHrhnSqRF4\/AUoTnEquDJImovna0QvL+UOKkZSGEQcIAHeGIN6oPpH2oVBuiKI+RIvF5od7\/HWj+KFD8j2HzDyGRrNak8i094ic3pv2Aa6Cy\/pDa+ri9GH9xvhxAT3g2LM5lW2jscCz4hr8ebvRoA6CFelcv8lyZNiluZSp4IXd3iBFb1h8XxnRIE94i5gNvCAP8AmDTshrDks9RUCJHBBxk2BRF01pWvmRN8ElDWQ00dKuNP43VwqvSZ80un7FDHwLTAiTkBxVuJmvxpNZO3IULz3xvMrJ4LFPOw4b5QWDjTvT9WZlVzi9JB\/dTancAXzz2jBSEE6cYk2wWN6hnWoimeysgkr9X+fnYznZZgkwvcmh6\/9WvRiIEio6b47a+d\/jSjLA0myTcbP51ndIrUeSm6xKHw48elW5Y4cR28w74dfEdPAhCtbHXOrPtvEYai9yvuuXjnL730N97zJThOnxmNOFbUdMaXOxLxlVUjy3ij38AxXx3a1TBJPSG++6lWuMKq5\/ce+1tui+NbZpHfRwO9L08Y5JbOLjByhgfrTXucF8VzVamDTbs+YZB0jFlVnPIVEyy9+ALSpx"} -01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495262761779,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/CxAAH4RFtuokEAFcfqJ89i3AbsFTtpyxv8AAB0IHXYeW7GbkDwAAEU0cyqOvF0+zYFsDnDfj4qOegRwsK7IcQ46MH6ESOEovF69nrZGDb8lKJa9phduFdjj1k7I3mcSp4Fdox5WcOh+Uk0cZGV9fR8f0Ov6zlNHFynF0QcbyVzvpNKgfvb8FqOCsESZfnFqWIzSpjIdVFlIM3yGTD4xRjUDj1lkW0ZKllGp0aQyqCDwNkB2CqU7d1CD72aJJk6ATZ5lUmDmABhPxDZwNUEhhB0chtpF8CIMAjmAGtezZ9ouDWqW0JaiqP5zXHWUGVi+z7DqfOejMwTbhzyaKq6ngzgT0dc4966YOPgwrtJBmxim1uPIY6NQh1pHbxeKNPmo8hj2epIuOqIMeDvvwdBWt6aow69y0olkvm78WUKYVJpmQdNWK+CVp+C+UL6rmP4PjV2PigOvgJF4H38tUPzh65GKLY0ga\/03NYN\/hX0Wcjs3++ENhz4iZc9+ddaf4+4pRDlD6mkW65ATNBDIl52suxSlHN6HoynqSQY6oZvh++nCIkcG2JxZLMQ+T5nEGqj1gwsdkjle94+N9qANI7eVxlFdlntuY1+N6nk5tmMWoS\/R0WbGishHO3u6EhfykqYhHXVE59N0j+8mB5Q9+jh8ZGBt\/NKUSJCoOfZ7q1P7RZUejh0sTC65YebfomkMvboGteuZqOvQk5NXlMjaVzstVKAdT6JvVJwPuXaX88hdT72igJ3B2AlgfOI1RsIfOC7FpyGwZsX0av\/4fXJ6M0fmGATLs+LOo4iBiEQLKy0SWsPZJRQK5lZfzyxcJnxK7ZE2ACTGiwRfjEenycHidxzoFBMaR3paq4nM1XEwRUFSnVOIS589othRj472lPeD94UycNLpQ2JPV22UDBzaHVYUBpfKZcwtDascUlLDRFdo3SHiMcj7LOsEcBA5rulkUjsct5xpoNXx5B\/B2+m3KXZ00FyHamtLDjb7Po\/NZFWUfzZKuP1J\/hJm8Y99WXOElkvVgKn8xnPv5xhHavshHOttAR1+3H5+GmaPeuozfGPx1lOvgf97f4mVbgfunDuvEFxroS6I721gl6SvWtXHjyFJgJ0rIse8i6rRMQEoqSyvpxXclyfXHJ\/psvDdCdjhdvfvawUeb8D4u\/YZgul2vd1LWGMVgejI3sOxrePT+0ro1TsD+i0FH5MXZ8HvKJqB\/TAP3NBVUsk4YNndeX3dsYusAsf3qVTja16TeR5sSx\/+z+wRVz0lq7+OCWGxB8fNRGzmbAenuE9pS\/k2Ghc4RQd15aI2tGcDl7Yc7AtkS9GD1efiAgnbw\/ROL6uZMSwnSghBH++dvDhhHzVcSwVinWhVZeyH9xqIAn\/kFmpDD9BO5Dxi3TuuZgOY\/344mR5RfwsNXXiMndFoP9P9LnMgWMYN5fr9gxkoFqo96s9ZpovfzjCbESzAw1U1OTZa7Lw4eJBkreLeO8mAYYE+LTsjfFVvC6rsliMl92joXcb85RkQrnTc4eatNXHuuYwvm\/Dr6O+7Ki2lIM4KcPnOCaF82c+PeLXbukzNmSEE3xvbz8wD0oxVX6eIeHO46TvhNZLEqAkuH1Fk8o2uNjEO5NN\/4T6X9Vx\/U7um8EnKZhp\/2mSs8gyRdalK6y\/u3KgU\/B7rnXkAB8DpUU3+R\/57bheJygo7zgvAvl0Dq3GraOVbrzJOvE85qkvo2AcnP0BV6NyqQmSYY0qcb0HX5twA+m3yMctUDJ6LSc5yUQvOXJncRh308497vAxONTdvp9+L4KLUhVLOh0L+x+RbMxsPkaaIn6POFyWoSrw0UDO8jroi049O"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} @@ -451,16 +451,16 @@ 01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495274945905,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFcFAAH4RYDuokEAFgPgYAe4GAbsFToSxy\/8AAB0Ifg25e8dGmIEAAEU0NqVCEso1JyDnNa3XDGKdMJ5pTtV4nHofZAOnT1W+icJE5UY0TxDpCncREJLRH\/MPp7gaAubIBfy0WALhYVrmN\/h663kyTLy3uhofsu0TFEUnEWA+7HI+9JmK++aEmLEdeW6aDw9AD7oHPVlHJCcNoL6DRjUXNW6UwhifFO\/SGjrLRnHDVvcCbj383i203PYQCpsw1TTQLBNjWKjDQrTtIXrNx4V3oD1ei\/pnb3fnosV0RqaaT5EdA\/kbj3Qunb\/sj0TkZt219kbzZOuQOBwN97ZcgkkMco25yPaA5EE6pEJVtcYRhFHMV56RBuHnwBmJlpzat7EiWvBo17\/ZB4IV0XDC1EnRW7hVi1JGuDqv9wZh2naSmQwKBXisH1o8XxVgnKQThxyfXjf51QhQEpwyOBsPYA3sE80VUeUeF8YLmKJTmzCfKKen33pI74rSdatEVK\/riZ+k6Nx5Kv9ipxPveh\/OIKxrzg8fgwo6AtFiL7zpCKxJqETtW0Xa1iFaOYl7Z94ySPI0GrURbdOh17EWunCEGOaxFh5r1hyG20LK9uvCozSsHKRFAEEt8MTzWmZpHhUXoL4EBByiqvMPoD\/japbNeuqz+NZjcIAzLd5J7FIuRz17WAcrSLxduUWgAyBLIUVUSdw8wWeTbHOqa\/\/igt66GxhOxwnJA5q2ICcxEMzAYQknRdL5EwIR5G9hyMyaMEPKFuOhlR5K87PPV1OV5HTKBWuuQYcTSS2eMTcfL+LwS5zCy0DYr9XLJSQUeYXIgqrKv\/AHsPiF9PATspeWFZmZlm5GhZRglJ\/XKQG9XUxzfhDhP7y6m5R5\/xhVN6r91dLobOj3Hr6xnIg91wuWL0hkq29euOXZEAmYABS2BlN1JqxVxLeS1gYwKu8ZXJt94wPKz57Z6Ujs9YFRokZxZZDrRK8PX7BCPLDmcPiN5sNo15756ioaNcl4AX4v0EDRvDj3vYMKyFtQk58BOP\/uvTqrr6VjolIemKnqeJ\/sLePz3jY4p3NKgfKlmuliP81+pLj33EztpDUD3jYbL+MxSlNzeEnBCL7fOUVNAt\/9QxLRubiaTnxA0KR3eUjeh2rkb9KibkuXgAjUnvVEkK8aTr4Rjx98mH3whwCOTSwaDUKhnghn7bTjoDbh7vaeGMq9kSnvTDYXLIXgXgxvzNNlytJRA+bygeEgrquKFCSVVMG8J90v4BnHeAlvc4DYHIx2qJUsM8Lon6vK0e+65TgpTZKgASs0YbzDsVlALTwsNmrzZ9Z58wPBg9nT0ApUWY+Bvw20yzKGeOF5612Kox\/Kgw9M\/S4tLsnL4GEyFvrXltx2UtehZ+rnmLj2SsFbXxyq4ELJqWAjXNYab2bIqTsuwJ23bC\/hV\/lb65I48n7iyde1m67ozjQ5jCDaDVbnKLpriZVB6HPOjVFDe\/50gs0o2kVKPKEL+M24zTzWjn+gbaBdA9Y368TDtVgDjhk+0PWGeyRoCBcFbrGp3fBEtCJrqca3oiS4PMmd2dDVIxkr1nY+QSvCz7lxP9o7YB9OLPDxQmFWKlzHaowYyGDhQ4sUFdFiViXFRffQBO4GUEIqLifq0nd\/NakpsrzU0RqS5YG6uNuPjih1z5buPD7ehrJADajo5Dk+\/f+3lQNTFDfdZ3dd2xeZDkmq80JGAEpHPxGqurIijXd+lbTozqxxqwjhTNnVo2dxefRWbTd03ai6b\/hGokXWjfwn5SLA1W2FheoTwlBMf8\/nG5VrvvfTQYrAQiW0QQNyW1fjr5XCEJZ80G9Ts2SO"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335381922,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFetAAH4RYBGokEAFgPgYAemJAbsFTnpTy\/8AAB0IqORxJIJl5AcANwCt8wk1cWTApsLKg0qFIIeFQdL8SjnJ21Nj9C4ozIKEt\/+wUZf6f1dPuOm0h1m6yoEiECIbZZdE\/WQnpsKHgdsGaR5qXSnOzRKlmZEms2BJMUJ1gJU+1vqiiTqSMdYTSeQg70VBUuM+3x9Wsw2E03o+Z1GMG+25\/n6NwMjxWm+gXFY1NRlTMkV3W5wOYWyWtaUEJ1GuxnVEaMGpdzPW1AV77AHNHDn1TnbAucEKPzy2Z7cXCuzDt\/9H7U8VZWCbuaotZkdM07nzYkghQ2qDyvNpXGhSNUL7bHDAX3gyAQajMLIOzoUKNAKYaqvN115jAWJ17Leuno6gulXzhvDTc6h49GuoiUQ8KI+Xu59zdoInlbDcFVAjf1jbarKGcwBIepEYbQYRji12orl2Cd2J\/1+Bw0w1aY5+A4\/nXR8NpyrOqilQzMZ\/djaKFpDp2wQtkiivyepGkDCNsqJWpv3Mpp16MQWh3knQKrxErpfqX6AvVazEihxnMQ4\/lZQJF85G6i5\/hhqxRgpLlfxqf8yDAXnP41Vs+9APNn2BuhKubR4aoRulNYKJMq1HmrxFJkWYPmROIqVMuTJ5gGI14OGVc0hdb1JAS5T9H6PUnfDQ4xy0WRLpNbJg4pHooWK\/poGpYPpx9oWdXpFju2U2aLPXQHaalwlFujvwO+z5Kp3CS87EGXs0ZDZDKSALKh0LVBiIak00fb11rcVbdm+DMJDj4QQFBjyVXvYpD\/s3UWsVChEZkFE3nedCDj7vh+5c4gCp05wL1CyNlvX0yC9nZNrd9PEWwozxtSS7auEid+pYxl09QHK5t1svYOMpxEDTebjdq4hAcn\/6xmLg313Z5mnqQGjc1IbzLZAaSMXJYCkfIC83JKqjSEnj4IL1MdqJxOx6HDNp9YD7d6\/\/f8\/wL9ELZHhINgHddlPCKvb86VVYNVvmKys1qBiqdarfutbDcX5q7MbS59s0zBaWxPuzIpu\/\/y4WbjIRgu2TWCnWJSdPC7Qjc2fNbgvcjVvEkTgtAb+pWGsml8538kvECQrljr246X7pAeQ6Rl328xa0txA2awkdTR2Wk\/07SZvUhvNVrpZHNN\/uBdVi\/gqFbPaQtmNYr7ccvsLKKUtd3trzmLlGJjqZrAGduvrEEW9NJT5bIWNvWFv4br5yveMnNX4bpaDG1haMmzx7U6OlmM3KOomrvbRevEeZKz4OYXdrS0x7AiJn3cxU8ZV6t2UtyD2rRiXkxP0GH0SMLlUVrIeDAeXS61FKsQViw4KbhZuYC7JG35I7aDnBvJpT2cojLKnh8D22UVQUC7YIz+L+JkQfLKHmScUY4befIcVYhsE4zFKdj4FbcDDZssysQxUIzWPXjqO85RbZkVhwJZ6QcDMA\/InscSDocIji+mME\/SdF8AIFHFhYqcxF3XJEkr1XiAnrNSjsZrdhd8QomNgx9\/Jva6PaDsTSQtI7y2LQGeZPv7cqaxwKiK0J7JoDrx9arAHuWtQe5bt86Bh81MG6c3EsNnsRmoWdIC6JrwhXNPDY0QTlJMC8ody4xB5guQa259jQwXtYVl6cLF2RxeWEY2NqprP1yX7UldI23tFbTyJMb\/AcwD1vmzT28UF\/oSbC\/3S38SJgbg9+aEbmVFuD944Pv50FJTPzleYonVC5A2YOH0x1NO5XI3iKQM6C\/1v4Lh1wCMNgPJK1VF9Fhh0Ta+l9iAqD9rEm\/DoiFxRwcYyligkxTdm1h3T4\/oYT\/Z8Mgvo1yu23DDNKFJAsZXZlSE0AuNsh5V+\/sk2BjDwu"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335383189,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNPhAAH4RJE2okEAFmWIcTue\/AbsFTvGexv8AAB0IOo3jhsRNjQEANwBHxNQXfZgQnNGpal0okl9ccuiV6Xx1VVVSOoSDjFN\/WqaQd3bf4jLTMfe18yDQYl1ksGsIMjJE\/X+k1eq0cqPlOyX+nVZA3CKUBe+I06Q01b7sXmYYhr0WJT3kaR9mro469WK6gpT7T4TFYwMpIrtaDA6muvL250OHHrKx2t\/b3j+rVBhRdyz83flQDLS5iJyeiPX3ozrRQ8ufwzIu7VjaOgPDLFPf9CLW6Ex0JWr6LOuOaf71I4Deuwp47CbRSo1v1DJgKlHv23GjLnkhuFaey4\/n8OHVzpyX5hGwEHk01EXAy2I\/0t6k5RU07Rm\/9iC1+Anc0an6X\/5En\/QcUFXIDKQQ0Thy7dKi6TNSrUp6a1tBrt6NwQ27tW\/1KPud11aAq4HGehTpL4HrcEZJ6WRfhBzyOJR5FMA0B\/aet9V93fh5IdqLX+OC3ZB1nATGbkICNniKaUV89lf8n83peKZ0ObXe1ZxWdkVdcZU3LEFcVpo1RTuE1L7x8jQcdWDYcvdEn1Te8UHdP7yraROFUsioeAfpcF778rK+5okAR+2XHHnSdnOHlohFWI1nH1SREZrVHh7JRhDyl8Ucr\/BgNlTDtZwOhLvHQrKAKbHZNh+Yop6avCoxdZcyMauux9VIsx1V6ZcFLgXOdrsIQBCslYzV1nQT77qZUFP5pFFJi6yKZK6JqNzTNo4XAtE\/EmrXjIctL0spz7CUAko8ZCx\/QlZojgyY6l8\/mF\/t0GdVlTfXrBS8k9H2GgvfGIItBGDd7oEIXE8\/x7XEay01BVjgSd+i\/fFLDpHQ80ZkWzpHV3HT72SAoHktM64YPvjZEUI1hUeWmJuYJPomtO+bUx7kO\/d90sGY0xqsv2HBsIxKXVokT0NpQb4HQ\/\/6\/ISGzQgrUOpdVkOQ4Ov2jxibQpg6Vu4ywzr3gBFjvKwX+cgOdNrtcrtCO\/z+jSIIOWVj3BibuGPE9poYNEM8A3bcrqLJXyc3G89K4CYVPfqcyne8lrvC0IGJ1zrYdFUx3gECn4opv\/gdQJXtuOTrUVmH71S5XqG9H0DBG\/sLfb5rsQm+LQOFMiN+jrhKPRrA402Fu4L9OwLTll3iaAH2TP4qDHpL4lAHSm08OEvyaElT80VWlv2GLl35bqH2Y39bpMCq7CkCZv3UgOh3l\/9+mPbAjeGFb00aqhN2vkH0TkgWXcwcZksbOsM+yV8OhtptiXBR4EU\/g0BqPYUf\/i17kayR5JWkci2qp+nf5YWFnxyDprRblGELorjZFQUlksU2RdG4SN1MF4A1eeKjPZlM0HL1zDrMIwtALb02IzmQZ\/Bm\/WUiUYaKyLJwcs2ZwEM2kLSrZp8uJyNf5M3uLoVEDHlKNLba7DN1ef+MMOa7CGGrjpqpw0sZPT5ONzbaAHLUCfOebBzKE9NIEP7C8UHDBrcv6G5CW3oNLes3+0POLAa4kPIRIBua7JjztiSUYQh2RHd4OJOvzA71BVztSPvZl673nw7XzMsbdr5yRgpPAO5OfmfVTBLj873AmjrBo38xLoYPXshplGzi0ikFEynS07HFKA5UOZGq85zAFFcWI5HWixUpkCsAvcwId0fp1BUC9FDRIAhfc\/\/KaShDxhdYfYHSMEK9PXtdq234Pe7ioWnm11vuwdmo3GVpj2tG8uaQQ7pQ4Hvyo2VkgXgRXCH7WUw5XTIbb2ts1zddx2Lh9L2HgixwQtoUEyPMYDhKUevyM22X+x0NPUTz8twzls5Hg0qwDa4hANEFshc4a+3VtH8uy6bSdnlQBUo4quCx"} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335836969,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+mNAAH4RpI6okEAFJ+NIIPm1AbsFTnliw\/8AAB0I4pZJfic2KdUAAEU0G2\/JHhTaDCySWTsRyHcMkznWFPDz+s6YIbogX+v8zxx769L1qgtkV6CvE8r8hbHRMlJ4aqDQ8cnTd+qnT2W9TfmVMr\/V0QP+6QvVQ48j6rtyLfieLy9\/2EkamXQtFIYCWvvW56wuHj2xCT+50ITw+NRr+y9x0NbAGQWozGRk2nR4BKbEsfWPX5\/wqL6hTsunv94vRDKt7EutCZye28TD9oEZAHOg1MaC1b7h0oQC5kjkApzmv08jnPKI9H9f4j\/JQA77vXtBo3U2wrGwehzISa+gzg27eFe0Lz6CL6yGLEsunuBNCJshBMKrp+ijV2rgvg5UQp7dgHCW\/1wu0moHCOx1d9YiEenWAscqFZzCaENXUAI0EuPYxVrNWL604hKBfbSm6P27VV+gA1ELL9R5AQqvLOn6Gmh7AwXHx1PjRRS9ZZeTZzDOrOpcAi0CggBnKIRIsKE94hUybka\/wHV\/UX8z+55FNlySolQCpZKIkqpC+g\/oYQng3hV51VM7kvO5KqfG5HLUVXPscZuabo1fXFu0wfR+YOWFQmXwAeKLw4wbgsr8gSevv1IhYdTeWBQ3qCSH2Tppj2OqfrOoirytq5pj3XRErAqPiCY9F2o1yNDW1fTSxLigm4qy3VUHhT8BbSneM9jhuRSjXUwtUVQiTkh9fIe5kcjtRbujl3+qnTQpnqGD\/TlHOvndYb4rgexjVKSDC4knc0rUty5gi9WhVovaDbmyNsugebY2WME6BJA8Lu8NcnSunCdew311rjHn1f8ncvLm+i\/OY1PB6SImyOzhch6rbP\/IjlcVBQcR+URjxzQhNnom+dzvRHE5cIEiL+1dwZRuOOr7bNmFIX1287mpzg7yqBscxlRDWH0ocb2H4WsfiWBFpKFARkSseaSsa2eVQAIL2m1eD6Q5t6gvJ\/yS9s8El8JwzhGisbnzry5Xy1K6Eg04XDT1lI9sdOVzonqquNY+LbcWO481trrWSpCApp5pm2FmvuVNAEDcE\/leVs7Upo9W3dNaKtj2RQTYCO\/pqhTPVqYf0nCLrPcAqiD+9T41XijcawBR\/vbqo1tZ4KEM0cmR5k1AUaoIZ3+Bzv6PH6Hce0+kR7CW4Ep2f9lzdo1J22p1axhl4ULPWrGGIQfQXq+n5fOWuwREvJQKtwN0C6+WJUfpd91g1CybKUv8MFVhdUf8Z9tfVjfisE3C9rOjB0k0MjLYkNVv+k18kjbqvZJa1J5DuEtyRwEzwZz267jAgfJf\/XgiOr9BkO\/0aR6plCQdvxTD0K6L19vGxNUgCvzjD4L4h8+noYGT953s8stid+4KJgAdsiOqOYzNzPEmgyvvlweAy2zeSHFiyyWUyyy76HG\/MQrVwaXXVfHNGbKhxR9W0ukaLCsoX3onBUGpohxenfTJlZzKL8f6xYrqmYbQV\/2yxhBOtahomZm56JtJZH9kbZ6pFHt4JM3e21Q9rm\/tDp6i9hxJHFb0VyAuvq537RsbPY1kLQWWEsQCs2Tt3Wk40kzGVdrjq3\/r0EUSSt9U+OnMb23TZeuTw1MquX\/yStzFhFP9JcbwXaoADfNoJC+bQLJ8c6WKIjeXyYcAg7kfdAZVh\/F91xeHHcxgWSpMK9hXHHSBSPCeVl1GoIV7g3PihVhaG2LZCuQE7\/iMdk6e2iUIg8fQ54B2ysh5qBAxEKabZxJZaJfM0WbgXRn3GIisLwUCj8Xw6xgKVQ2XrDNV1619IuEcLLz0LdB+5Ys9lRCOKjjsDK7YhqYsH3VOXEGIEM1hAddYg5zeKKiO"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com","domainame":"beacons2.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com","domainame":"beacons2.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} @@ -471,13 +471,13 @@ 01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495372662391,"pkt":"AAAAAAAAAAEASYHhCABFAAViK7hAAH4RUtKokEAFZ7MouMMGAbsFTkcuwP8AAB0IxZqmm6+AGC8AAEU0bV1phXsNBAyduWQMMwC6OLQYyTAN1FxuQVMaii5rW8BXPGS0FRwk8HrnF9xMFnBPXfvvEo3QBMM3FudHvdk8cEb+Bo8BomOBxFWNxcTXQHnGOYwDJRX3D+VGcXzFwUoYmTqIRQkkUg\/RXDgv4zX29xNTFSJZ2g4nrk8eulw5HhkFc7yauYf\/ApGm95lgsQ1j+7m8PBWklTsQX6hwGdXDIAv02+sMBfhTQchd1a3DETCVvIEvB3zgW19rHL3EGi1JVlsZU4n\/sCu9BlSoqz1gNiX5dZptoecFN1AbSN0j+aDykV86bt8EAW+l7neIOdiEUtSDvZYs0HOSy8d81eka84F4E25AyCh5Jh4qKAUrTwyky1QcKLkyUsb52v0nNZPnkgfOerwlcB6TuTptQskR2whmUpX7JY7NpYzoP+bSiNZixNyHKsy66zeLu36e+mO9OULTXh1nTVJ5nWB3uSmA7NhWQQFE4WUtBQikelX5MZz8WH2ysNSrIGAoo\/2bMBVU0RtpogNGg7hQ5yCYCS9ewZ13uOeB7XptgaMPF1gNLsQtCfhFk6ef\/IGD3LoSbvbOc0HYo+mifMuhyLvoKbzbavtQTxjr\/BN8j3ypDUZBjhEh438y6mmn1f7adohk5c+uxUd8mwi+IBpv8HBmXQY5puUsZypJHNztPV6aJIh6Up0rlLSwWVKrIC8xNAsiNPMAwoGGx\/XVMBulOOZ6hs\/RBHhwegaA+qv64ubbFEADxru3Zq7D\/YYhDD4KHX9f7DbtYtgURUiA6xsJhOOXb3ciQi\/vZzxt6Mh24fTbT1zp6Pmg1q7vP4jIWXIVFXNJCE7CuU9s2seo56SppSuh\/r28+L9mCauWVe2519clc0WesPZGyQOFWVJGUBtGpU8MBYk2YAmeOz2CyqlNn3SdiKTur+zOdGO8ie8klvK7F8QEXDrzQjkWCs8ClQh4UCknNZJa8gpVH4lz8rVeTWyHJza3U1f938XY4whWDpXVkRb2tmvmX1IQF+lQXiMyPE4Unt5vxehyMhS6SLraGYucF6p4h8DCTwkmMnGAS9zwcIT6fW4iTimSLnell1BouaNm3iu0jMNHt2e7LduTiCHwMdWuN6hrjN3aybR6Fj8+ydHkiW93NhFq4rHV3Lc1p0x3e5C1G7Q1KN7isNa\/PRXQczMknABRwlF6fpe6AEEGLlIHjMRGWiSRuK055l\/W1Z5Stz3MgFh+r2imHY4KtoaqO3nmH\/uARGwbFDlT2KtdiBjpaphwsWP6UUNd7tej\/yMGpMNK9JtLMNN7QuwlAvbHLOiDSWu26o0hPm2y6s1kOsNgLW+xn4Vjz7Mz9pfDGHMKpfWIdOZkZ+CUIuGSOeGdxsohrmhXBJ3bEy8ojcL77VhzUqJFSXK3Sf3c1W\/sHBP6HAEV0vYyCWRBfB7RxHZMrq\/EctwoWwOWHOSW+AMSYdLUpbxBV6SLqMAz1UrzSOJ6gRrQidZGXlFTz1kRh+RMKPYHu3oX663ubZ0C3ijx6BnA7L4hpNSWGrcxv53ZUCUkQA7FCWH\/TtcdnTCACzr0u9NEpwAgUC2LlBqHsWix60mIR+jumXfV+1Q+xHwPIy7vySfL2wpvF5qrjTomfEAnUqayNm+QdT1vJhoJyiVlkGVLNP1q5tkX2MdpGs8WF5iStIN2keOB+bcodYn5zmDhSw278mjC+eLZaIRMC0i0\/X+TsinvcSe7w39bNxE5H8w556PjcUlXwNHYH8Zthv+GodkuVXIFYZUQVL\/D1GXp+I7OLMvHEr6e"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r5---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com","domainame":"r5---sn-vh5ouxa-hju6.googlevideo.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495373983147,"pkt":"AAAAAAAAAAEAguyCCABFAAViV+9AAH4RzFOokEAFdZR1HtxAAbsFTibcwv8AAB0I75EoiW8nS2MAAEU0WdJTtqNtt8MG+zLwh\/UU3FC0zniGr+PwIYUTXnhvS3bBdoRiWOeQ6UKjsBPDLjzDF8dFmOoLoxM9+m6lJwiTWxBqM9JUROj0mguvgkrLqNleDSC7iL4hCrMFjunTfX143sRFPit0bAYIzwvgUuwziEoLnaNvtvkGhiSGOZBzuMVKjTdQ3xkwHQprnY0xWrgmo5nbvHjVfWNFH\/cNC6CCbHqicnUmFRKcm3GMda\/4MP3KAIT+eLw69zCa9uvIEzvXVRl3WvkyZ33qNGuVD+ZvXm9w23J53\/4rlJ3V4StfZ\/Gc4auuB1eSwLog30QSMnyjUcNeP2ibhvLh5O9C35kjOeF\/aDhH1pEcJyXVmWp2G68qb90M\/uLiMTEotX538dX2dgaJ8rTyVlafTtMntoi6sOfMJJIEXEELAkMd2DlCsTy2VQD3iHqC0iVc1r1aw72L8yAQx1n5XURSMoIPLN2keObRP7lr6WcPJ6IMB39kTrMiBZ08mgOSU4GO1bvLA97jrgIr2nR\/Gj8wpcCcF3CPGlyDolBI9IH5a9k9R8RAIrgIzGkXnS9L6V8Nx0Bh6hPBxQnczqK5QuOqW\/vH9tfepppWUj5CKgAm1D02Fq0vKwjtMqpw6ZpAMihlJy9GCI2fNnxnQBbKEz6V\/so8\/ex8K+F2VV8Xlyk+BTFA4OPjxuQ6LZAw3MP6P3hxfm\/8ljkop5\/SI5xDRLcIAhlRNjSOdekQz1mIEo2EnDfSaSb7Gh75g3Y7WAgPEF6enaKqdFVGutsJVL+sNhw8qX0fBTToiOiB9CtWfJJRB1ff5ir4HCC5YgaG7Iny5R+T9zRuNyBNfZ4NPpiM+4EzimASiGJobUimGvk4GeUDE7fXrp72sRKhQCaH5\/nbha+9DmZgdr9mXrl2kbe9PV+IIrHpoitDn2tgzsP8r7ZFigp5npQffggv7haoAs8RFxW9SWR7ZNwh359zkE34\/kZ+CsTC3o+SFo1ZpZSYB7k5YMEXpbC5soIvzfLzo7VRt8wN+9a6G3Vxv65dYuC7WRoZGIss7sDsEtxaXd7D7HVuHBRBXtjzJYxAPsSQ91kS08TNtb53+I8qD12sc9NYwBxuGsxMraUNa\/Z\/\/E6cT8Coz5pCr9T27zIJBVcwrMWBRLfD+FD7WGlOX4REoNLW9dEFCROTtm6uBjditXnfFQ3MtyI4J3eKSt1aSAY6Hz5X1+DPOtei\/MOVBQGkMiqOrqu16dWphn6\/fshP4r6aWOrs7o67fomPJMNklnJkNanI86YjHvOE\/IjKudTLTEMkvMLUoZDWAtPQI+\/WYe66yUXkF7V0ZUo3ZIpLMlb5eVtuVMMe41GbHTf7qBkz676upo7ZFzgy0W42sY9gv7IriIXjYeDyZZDWo3TXCZ38h2Odbwls27Y01zUpB1YjLJf8LFOrRGSs7foRQrQDCkRPXFEc+6E+4fyYet1KpR47gVT419Ib+RJ9wJcl8ubiwrwMsSCENWlSShhkjiU9pREjVRHxJEn4uNAQz5HqwovfWEJcoieIC9oBUbwvwJMD31UWIE3vVHNJaV39UM1zitDAcHoAAw\/EaepuByZJ8czcyTY5trioI79lkjIUaQJwmyfwrWakn1mQxUudBvtAjxi8fCoWLp4XRoQiq88+b3SOVBDyWq6VLJeRBFDKqM\/C9BcOXa854dRZRXM61wBpYF32zaqLJBZ2zo0wYIk8viyYL\/mHrapgu+COKp2gV7Zvqdk13fOuL7gcwxx10cPHj+3nKWmr2kTbsXN3ZtBTVrm3"} -01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495383906591,"pkt":"AAAAAAAAAAEA4PSECABFAAViG3tAAH4RcImokEAFie75AuA2AbsFTlZLwf8AAB0IkppBKZS2LWkAAEU0nZo4YZNOB4fchGmOnQKbaxZNu5+Rr9SHX\/+7nFbe3XcSn7NN4aZ8B34cI7rnBTgQPp7tDwb8aXE40NyFem3MElRtWbSgMUM8aL9mxQMt+BCtQtjknkoexLmgGym9SA4WETS+zt+sAqDuGybHtZbawAHOviOxar3NbIVfoyoECjzoxetvFQVMgJnBjFTieWPpv9GYlKtfw8vM+ABHtzCBdkVQrEtjZ2Kym5ZKNXBHERbHk7EYzIr+2EtCXPa8Zb8ZMSGVK5HAEFoUzTKCNaNkRU63dDqeoGw0HO03e3yfnEfPvmCKjFUtfo9FOxIdx7SRmN9cfYd\/5oUQ5rYUoic5STd5ys9Wj6gQeoYou3SNjAUyctcoqcQEZnGD0JnDrFdxtPksDZ5mOj9TjcCRvxSpY2BRzN1XD7P28JBy8RqTnX8VU3MUTvfBajgOzODfKpBvMnq1DnDxAJmoeuFL5GlkBD4PjdD9dOXUm8xpPRrQyN93MDy9Lh0jdKnypCUIRX+bQzDgeadkOYIZQaX60ccQFMHav4EcM87LkFI2Kkt53wfsAbzwSkC\/sh5h+SKq5tWBr0A1+3COF2lmckeKRU37IJzgJRoclYfhyc5rysBbxh\/R8QZagVscGvoIOTayHYdJgNSs+ZQPUrY4MPNmoN6JKTjH9znGk8iQeNCxiuG4V\/iY6kK6x7AHF+\/rOforM7vc9c9xJuHH84tB0GmhBnyEob1rqD1zr4gpm2RteHorokh0IIRvCPptRZoPaSZ9NqseHmcV5YB9nzZXE4EDYo5f21RhnJLRnSslkj\/H219xwcR0XpMABos3On6qE9aY\/3dpratV\/uRejtrJjhSs43oZgIHypnRSOndd2zbpHR6gwc1xqIlwmu2mdOfB5bN2SKDS9FrSjqrzVx\/YW7gsqVvZYwKID5GJDPL1+LDs4fSPxdv6XMlw2dUT14Sq6cmPktyOFMZDEpK3HY4woBwm6vbhQpvAMOjG\/cyfvzapnRKKIOQSKnlGKbaihsN4mN1DABU\/AfcDRRjAdMEtVd098nAmg10LnfyE7f03sy2ezkhaOC8JAbJCJ+a9vBBI+EmcRWBsTfEX0tClNpXHrzX9DBQjMlBsSvVL3XnUgxicHNjPexCgWSnjBlIvFbkywpKcuzQkbhTg9p+EBuDI3LT2jEBiFGiWVAx1y3mNzzHbk9D3mTlp7QoNQHrpJbKVUKG3U0qdfkUT9BiOKjC4IBDsIt8+AuPFyVhrJ41NR8s0HejzpT6naGZbPieiVEnxW02zCwTQqyslurLWiPYuYizgWR26delkajTuI6BXQG5p3YGrqA+A+Zr7i661IjrsehT8FKL\/V2MDzuE\/fP6ylibvsyekoNKqSvsdEHi89orwhxyl8c5nq\/r8IFg7NvNFyGe\/nKumTxsqUu84Wo6HMgJtg262riyvhJrlldWx+jqgnOBAU4fls6MeuW9Cq4qfm6zU4VLXh5IjH1Py8vkruKnwZ8+Xm7\/tlv\/NhWcWkrOwYFZ6bck7+PZYh+NCodWvjJkVSe5MVzgI8PZy8sRLAK9bvUjxnANGxlVZm4cGfAi5tPOM9l2JM\/1yBZrGjk15cVdpdJnrXVfidMwtlWkoPIudRiKM1qGHsus7EcmploXydZ5\/mH\/0EBq9GCTOEjPkEjEYTQWlyjMdSzxKkqwTQu+I56FkdCZnSSthnsnb7XfGlpRYLkV5VeNoKc5d4pjMVNe\/52pvZLqjGj1nZ61WYiUzCCKq0\/Mnr55qnV\/nzBawGQP496cN5M\/m"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","domainame":"www.googleadservices.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01068{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} @@ -491,7 +491,7 @@ 01057{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495395690912,"pkt":"AAAAAAAAAAEAaACzCABFAAVipg1AAH4RMnKokEAFZsLPs\/vxAbsFTg6Cyf8AAB0IgUbFpekOVCYAAEU06GZplAywEKbDCry5EETbpzZHS\/+ctZDEn8Qt8L+3XSgP\/QRbpKkvR3yjoYtHtOItTMP\/J9UsAdqCBdh2rnjFpD\/S9p5j0gqi6\/Z5LmmjTugi+3+2A56Su6KOgULzmrxxoMX8gDCxL9pwT\/\/glMxGOhJ4KTE7\/blbunZ4lQxY\/EmNDFVvwHdoRWRACFfA2iR5CCdBd+3oRtGglHNhFr484NI+Z0RCCnj6E8AMli0JlpZ0hOoK0ivmNTzcFwyySmvpxcFwAg61RSntAgfdC0AGtzo4y3UyaZFQPiRvQeQ5nDJnAqsRbTErzj9AMcpCH6TNnGDJD0Ipet45Eucx3uf3XRPDZLSwoVaO2XwE2UBC8Ypp8ROduqM0LgVHk447061aycTCZaXsHqFtEtV17WT4QoFolsGo\/UuLmbdX4fBh9oVrJJ6pOpcDVi8TH4RI3BivD2J\/kdhdSoFhpuq9YHZnkvDprncZdKcWDI0Lxyf7dDBIXI6bz3C\/x45+PMZ5I1dYqWfeP+n9Y3LOO7s6QV1unXf+WTWJninotKr714Vq9AIzRTrefbOMjhaLqyDLlF5BdYSUM5gTgoPx49oQDRPdJ7a1MBm3APpLT35YHdyilv3tfmjks4fEBltqUPxcJZgUmaDN8Rf0f9lFyt1ioE71sp+8mTyxpZ5VwhjoUvmI6EVuUtNMadIk6x7X+Na\/ZARvdabmPF6toMqDEGLm725EBI3YzGTOL\/mUoC2LE6FomE3JALJPAVmbpR4S5wvkGnqIDrYguIT1mH03jUtbD1hZrfYwo021rdvbZLGkDSbpKanoX6hwE3Xrh1lMhepvhHUBD1PwvjeXOI7ihVhjK62JiMIu8Xu\/CJCx8fRyNbu2z3w2vupOcdoe8Me++EE6n4DCv72t6GfNDeRXyJbfYF6HEwhjRaciKZIHOh3RmNhiDn948Y74LD0+AM5oAbTJWX9LP04itY9ClWH5flhojTFFOwFZGPSRv1WJb9w1NiX\/N6BELu1vs9NZqPkryvurnhZqOqcfs0xRh5Yws7xmPi75Cfr0EjgDLZmPnSK9Y2aijxhpaUW3oVEcSvgOQCztfKmRdvEfJGGR1+Ab4qZqwOtaHuFs1m3m5ld2K1YbnXeki071UWEWPHiSDavs3THubRh\/o9H82GNqi43q6kiCPUzuXIYnPl+Cn6Bp0DOI3AsGU2\/KAkOoIEJE2LFhqvu46T1GcVIcHlsWEVdPTRo4jfFS7lOaoMoNQ7tWcO86aXKUliVbxXv5NVI829JeM\/\/o0yJSZEVnCcvF7FQUmQL68fe3HTGGXZLOWm6c8wVFxl\/6Picm\/V2seHAOz1GMyw3T+bveM5m3rTBwie2mjtgPR7Yxl\/toB3aVEEDYkXEjyef9LN5zZnFChQQhZbecsd8YeFC+QCwamJ2Z23sTUHkrJ+MQqoJhxOAy\/\/Mwszyy7rcrV8gwkK31aMi30M1V3LKqHqJwnB7ugO6A1F6C9gihRhNkgUIVGt68JTdFCaAxsePYd75UEwv5xBcMHiXC3mGwQ+y4AOXGpwXeDQ5\/80Oa9w9+Ml9Rg+Isc3Ld1fmePt84drp\/daoWi9ZMQIajY2lyuqw61Alyxt59OKE3k0CpOAZduHghg0VQSWOAoUcp6o4NHFl4k3rCWuqNQa\/VkHvrA5AVBpsEMxOi5Ga9XYSlw2wK3vwxguwIpXfyLWhpqq0F0AkEDoBDw95NZlTkcuA91L8OJ790NaIAtZ2\/VKU0Ox\/ZEHiQDtz8sykDoB5BoN8A0Dq4L8aU"} -01400{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","domainame":"beacons.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} @@ -500,13 +500,13 @@ 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495406541553,"pkt":"AAAAAAAAAAEAguyCCABFAAViWAZAAH4RzDyokEAFdZR1HtkUAbsFTjoPw\/8AAB0IpS3BjFDLjIQANwBT7u2pdIqujeX7dANOUZTfnxYRmwoEAlv2cGTwvVRQ05f2ZqQkJC4DQmQ8UNekM\/B\/b5bCsc1E\/TyztkqJFBdbO9qB5JeKWS4bDeTB1XZ2V0ErVv64RKGTuBvdjjgCfX06su07x0Z3asXbqdCmQWMHOI1qTINqU\/oJKTNqX7IQ8f85\/qgrCdnviYFuqVMz9SBqVmpNYNfu5FP0maF7snVSzjZqhhCpRZsxX21PAu9uVnhiEb\/LUX9+7+xtXcTtey2D4GkwD4RpLMRUga1FJ4rjTGwvE0+AsvJJDdiioVoqv7\/LjuVI5T7U\/lJ3SCSYuTsqGMVwkymjUknc45YgYS64+q3tWvD9MnWpueOOG1aytIWYz\/ZQgMDZNokTq3aqJGp\/FoTSi+dPRPc1z4wXa0iO2cF402cWDgjuPmatByfDq7YBu2C9+eZYtfPRDsT4VCBhIJO5WiI7+kwTM88vMDXogMlbA3\/6bmTdrTzLvTcHCw3Xr0WehWXYo+xQSWRhu\/uuhl128v5pUOiXsl0bDy5EmHbr20S6kbHO+0LqHDJVbRf8mZ3awQ4pwAWwQWnVx37XBa\/2EtrHyyojkS2zQTcHh1fe+CoFmAvaJovW\/StICtvQrvayaHiBV733DAwKy\/Y3526K9OrAU4jsURbnovvToOxvx8drWx9RSU6gdEHnV8zWJwVS1TDnXtsWGtomfdqnhZkNK5u7kj47rGJaFqQU1bObGeviiSoviHnYR18MNvE78MR8EUodW3McLRHAztvvQBcBcNtZ9NnBwkRaprMMq72CixCPd107Y7JgoGmIJbNdeGCCwkpwtckTVEVe619QplF0gBYNsFWF5Ai1oxBkmUGx9kWUDs80leQJlP0r7jJUvcdLFEZrISVVdyQaoJZQMMFPymMKeYyC4YzW1ORpCrB6TKj0+6uYFK1klVAzDEVUYF1Hhucybp0Qq\/MxedWLGVKQWT9257chXwP2PvqI7qxShbETVSxB44evGFNEZRr76ml\/LnDy58xg1d5gvwegl\/7+gkPhbIJMtvVZ+JkXETJtQnFRG1xeTTfchP0QvUjmmxpySWiNd6gaGLNTi33HeRHy8SHIM278nUZ9GMr0cdwZ08VWlOCTuhU3E2u1I\/6ZvxNK5D41TNPq02++dEJhlyjbw3keY6r\/soji\/n+9pmP7QmojV\/lfE3GxJ+ePOip0nlns4O8V5YSSKtilDr8GhCJyf\/pzZk3drO1EwJLp4rnbhLue2grZuQbO3+kxcT96eAE85Hb0noB3Ea+uU3gj5MXJ0wkPH06qnXVxrDVuFF03yGp55TKUZyKSkRVZizQRkR0CmmMb9p+7ighEtptb4miGyv2eDl9F+SDCwhUssSw7vl8IKL3NVUcKAYGcE7Ie2BdrDpWQqSHhL0i5ZWiHn2aNx9IPMwmexAO\/AP+DEpPg\/OqQFS9+cLRPrMs6a5TPZqg++wfD+EHXSSwEIbMZk7820Ent7o0O6fPU9oivUvzxIErtdOu9fjOuTeCbtNL0UGBzvnoRPMUaIQjfu\/iJG8Z9aOtg+9TrcjVPX5a6Z5OwLXmzLGRT86sNwHqCjRgn2p2rVLx+fb+Z3Te8nZPOzZZjVZ6Ycx5SyZ9mziyd8btUND9hahYJM6KENGcOZwT1hkXcbxXROTQMsrykz+appT+Yt7eTfiM5Bijfzp++ctCCHMYRqgsN0FBlmqroqwE0JLDBDcemxPFQhEjVYok4hZ20aOLFNcrukblRhA1kFXY6Llbu6x+OdQ5ITJjtfy6N7s1G"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495410048086,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFgVAAH4RX\/eokEAFgPgYAeZMAbsFTtl+yf8AAB0I\/leLTB44CRYANwAjTks9G8lrwt7+vZI0DaJowcQhxAH\/31dnEp\/wJDdcMs+96OC39JlFREj+x7uN8Y8I9xFEQ29E\/a6s8tYEG9mj1POKhRa4vw3FhUteagxK+Q3DYpMRbbQyi17yakV5fz21hd995vaP89QVSqNLp+aAiSc+XqrCI77QXUHLmsP3G+aV40nY4QYlAWTLcidClJxeZyPxcfdcTtSNYicTl2FhoQfgv\/izTkA8Ux332SxyJP9+2z+XN09eJbN3mFulwha40\/Pg2JJnk0Mm\/3T\/Ss1Ch6I\/57GVqncRgavCBlhRoSVFKd86cw4yV+Ach6\/lwZDc5hjr3\/nqPDyHyOk\/ic1VUkphYEW41unlD7wuiEsRixbz8q3byugh+YjmzBN4Tq47QChINSRWxj4L+BjNAoQ7Dai2X97Gz1ilrfn9+zsFqOwEj79WLqBpmtfOV849tRu3LnfZ5cuX\/MO2LG86yC\/6+pLC3ANUDv1RY2PC7sUP7d+2w6wZL9lz84eJ4EUxCxoGhaeWNioxpuXz6QtLrdpqY2rZZMA1WHZDaqTSa2btkRbvpzj3eovzOuknue\/RfsdTXXW3UMOpsc9ufpxUOiIdmQDlR9ngWJJOEe\/+zAdRs4VCI3jg3b+MFDhTwkUDRbn5RdNBFGIFGiXMmlzBNp8WabWafrmaKncF2rHZrecxeLVQ\/VSRUDmEKuHw40u+BNDILthR2FlUDDPJIVa+8K5xsZq0GxABXMcW8oZDwrq5xqDJZgYviq8SMcVntUHd4lVflGxbnfbnq3u\/Fk2Q\/Bs6qxzEdrCtn5KxNf5RTEOp58JUv2EOmrI1dyD87\/vOZYoRo4zjmc5dfyfUed+U6qOKm9QNfz5t+khBm6EE0js0KEb\/+Q6\/FDW5NzexjAFt74fp26YEUcjbbOPT98MLJKLLZsudFAxnHc8sILQ7K7ykQTsjx+T\/KOD3Enwwk1Vj7wEx2TRnVYzj9HBoyE1hYdqsP+4XG4c9\/T3CYr8iPwgA\/aTTnUnOQGVq12dFIPyHfSU0aW1473o2COwUVCD0ADVE218fKQZESyx3lIauVAb53dvU3\/wIawiFCz3acy7VEwSNGNM4p1UV+gN+HBUKUPzY8exwOAX4I27APon\/2ahebhkhpVTALzP5\/h7a9YZDH7+4j+sDYvJYLFK1kStX9AMMkrOXJtGqYpqgjUKCp2ykQVjHn\/RRRes+WwM6iqH92nVkHIv21SOZ8nVM86HIxmxEKln1LCCgKmw2iOSzvtfGSozM0d\/so3uqMQgMEaBugSKzaJiIYwVfVibAbpN0adGCr0odL4i5Z+yx0AuzsZ+EDcPN67poLOsf7GSYwLDiQkVusGkT9qI\/+26abOUxBiwO5qIu4c3OtO9Pl6FwYcO91fZh650fsDdAhxQSRml+yPU29m5YVwysjHTEwUlh7bDdMFpdQdpdmP+YBhsc0SG8HbyUGUWAXz9Q0pI6aQER6n+2b\/BjsFSwDoAdec89vuok0yzzVxihCQNqfDhwRMqvQlmf41fMjfoyQkvsYJMCbKU1y0ftuN2J8N7YcBgXEpkyZ73F9eUWeEUHAENs4C+x+znjGw\/xdKih19FGDi\/nhZNMlLhDpFyi82JaXj\/bLXeevjzdhjNvFrlWRduPD3Az3+Jt8O1Sm71ZcoDZgGY54gQ3OrsHryVHzWg9achFHZLn\/ZWA4PSjBQQH5WG6PFgfZhD+kj1oost9E1Z2g02u+oPqUAeEiw\/SGcRViFDskV2Cj6eFv\/nHh2vnTL8ODpgiQIs3IP3M"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","domainame":"beacons.gcp.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495455961662,"pkt":"AAAAAAAAAAEAaACzCABFAAVipjNAAH4RMkyokEAFZsLPs9SxAbsFTkz3yf8AAB0IW6VqPL9nKU0ANwBravUmWKq3yO8VZlOBqHgbki\/goI5n14Od4wyAZtlECAHCn0lzdaz8q7RFJaLaxg8bqaof4Y9E\/aCKkqi83SiSxj0wA9VaVnLuhoAUcP5pSIwdVZ226lDU\/fKJXCOWhj5U0vGsWctMBnACRJooqY\/EIe7zeS4gW9kRSye11BfEHBZvQCQ2Hw5tRRQO1ihfr3AH4BV+w18QXsSRjA3AgSLlWmVvNoGhvok75aqRHYiBSwdwNT9ZQk4cM6MThQObIM9OwmrZGYzdgcwWP\/FJvqDB39XhD+omQ8uC8mZ537oEh5AGXvor2yfynGKqmgp\/yT\/dH3topVKC+Ri4UD6+q6yMBizxV\/DHc+zcKb7bKMFFO1eiqXSiGPoIgEutHke5OqadU\/tLTj0WuUrML78PqgBRydLfJJ0hSojdqY\/HjdwJpZeFJwp7wKn8VRGG\/yvY2x6pil8wpOS6XvWHGvzNPxD6C+g5axKm9LfXWJkNn4V0vMRIJyOAoJsSgFe32K\/w60iIObURGr7LOTvgxY8kLZgGkxD8VmUWaxSsIipdY1zQzkND1VZO6t2zr\/a+Q8DohD1YPV6tlk6rn2prShAt77QE+pLlEwym1HnxiPCdcDtyW285Nk7kKruQ1mmAdcp7hpBdeQ73zBfPFm4kViXEkOmKqu2y8u2C\/dbP6WGDVgmEt50G\/TZ0SMJ\/1lXGfmrpbdAKoOxB7xEdy35+vcwsE1YFswDl5TGR+NBvTqNrjHDXACh8Cx53IWP59Ji2saD1Ye50T1Sx5LgA6SrpWbOlU9Rsgq\/TBSC1tQOH\/VmrKAut\/8nukuPoNtb1a5uUZ1c6bwAcpjf5TXN41pCYm69SI3nssNWo2dyLqOGKECefwPxQf15zCZ8qa6BPFMjjc5uFw2+UZJ6H9uVGcT6YOn9ATJjXV1rWnhxewQVVeqNiTOey+tQF+cjBBZLReI34HshIV8r1nlrST\/qXbWAKh7GeUQmJneZZhYb81MJMByTb73VBZXoZ6xGgTNyP\/dHOTR22ecj1LOs0qstF2wN9snIQZrrfX2JlF7dq2fFSKEshmXaVGCEL09hXFhHbq0QayKuLAWWI4aRof11r+CNpR\/NJ0Aqs+i4pRrJnNm6t4IC1bx4FGU7Nyx6ngu+TrgAfLdooE51VAlTUl0v7zV2KYm5RDSEpj7PgcRIvT7QAwBPfzFQ4j+lIz1HgE2KmRziUtymSXUNSNgt2udtGTPaV2DAgGZS6qazUIKNzkZIQp8q6s4lL6Pqeb5LG4kvEOeCmxo5wEofaOGvytEr8++Td9tOdy3u+6tQw8ZChKbNfJKWxhoOFUIA\/5YBmZFZSccanTHvVJto7VxFojeJZukeioQQjJDwBPHsywE3BtR7h6oz5boguk9Kou14u\/5g66uwMCuxQDPrXZcoTZsZa2HLwy2qe0ExuzZPw2HHvmOyZSAGQ+m\/BLcAwWVL927E2hs76eRGuJwqsY4GpvrOX1CbGRhwTxeliklR36iagwOV6ZLPHJGQ8sRMQ6E+CPifdBY0km0DQvehrT8ZiGdH6wl7zf3ONaN9EN6wUYANIeHCXhN9ihBg9GaQHoAfGloAC1v5PK1ylIeuftjWmCPhso3b9DRFisYli57JTJDMeFP014yikgmjmgpEmF7DxSG5Mv\/1+EFTtCib5OrXYmTEQm\/5mM09hj8zz\/HhlKsiMfbdKKTGX6XSTEBKV9L0IiOMNuHkh9x0VXilYm+QFUtpSkJC0TjJiw\/HyVRyGEOuTm4Ep5gOdRAcfPf\/R3xVB"} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com","domainame":"beacons3.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com","domainame":"beacons3.gvt2.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 01080{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} @@ -520,7 +520,7 @@ 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495692143849,"pkt":"AAAAAAAAAAEA4PSECABFAAViwhdAAH4RV5yokEAFXWSX3eu2AbsFTqlwy\/8AAB0IytRHE\/BcidkAAEU0GAJLgq5zWCEW\/\/vpneUqridEkoosXOYvPFM+EGFgFEn1\/pdK2U+fbOyyD9aMCeGUBOZnfvyIfNO5K6N10kJD2wSuJMaHeVG8mTehPz6Z7xoPc5LRNHFpJc9TdwBWwPbj8ekTbabDuVDHMstO8xpXRQySbhJHU6wlq+klfEbii+8EVostEJjHVEa1OZRyeAxcg1YEz+0PhQrslK4lhYtYjv4daqrQ9huOezEOwJKVIALQJLGoJ4f2F0eqzdy6jHFW4Shtit+AoF5iUPYyY6JmIGKfalz9t2vSbZumTgJ9SLPadk+rld6hE4IFunALh2k0HHlflWmsTcHH4jZndWLbu2r2iLUOBVoiQ18gEn8zCFncnoY4ExTQLd0WhsHz1w74Rs230gs\/qIzBbpiNnor68kH6+ahcqnABZBlXRVXYrQtqzWMVecwWgFBr8kmDHNSbEsffCTExI7CQu3mzEUOiFNDs51itYsXzdmE7wEGo\/bGYgZblzPEz8chYGofZflNVoia8KxZj\/VLWXLY06JYSw0TbdHU6OZKpIlgWKPSUU9yWUDPgULA8g0V45R6QNOWEv\/+Xd5aZdfeHnkBDVK8YnbuFxEkxeTLfnF0HSQd2toTv8gz1i8eq0knZewiX9Qyn6hzHgP2\/U+hh2ui9eIuBGqxzkvyg3DOjUT9WKjYnMvT3pNBH\/YoJtrPxSn7XrrXNYYWmNcxW4oxEIL7wiLLLL7liAYBvwS7FLIJepFUJ89bcXkCLsjkN63okoguLX+ND2ec7J9VukjZ+dXxDIqV16passDORQcQv+hP9S1RE1mHSFBJt3dWs3kSbeTxL0\/jUX9wUMKCAKJsmn1JHBtj3SRd+Cq7RST4KNBpNpp+OrN5GS8zmmRP02n0QZdRAA\/cP8cayAz44AqG8Nmgu6qpMXQlCEJbdSMX8zW66ZG3A\/wWBiO6fXKXtPqq0B+fcrDGzggFgJ7\/X1FeMde1oO1KvB7K5FnKUeH6z5iHps9E6+eItgN1w2M0OXrE++u9FVrWPH31W5YKQVZMpI0U7re5kVQMzV9bJRcBuHYng7XfhD8k8uOEA1mD8rAI2acFs1IU7+t6xL5xpLL17JhawgaF8\/SfwzgEFHaQcPkz8ipFK3FbfGt15dt4gZ2CzlxYp7RaoRsZiNmF1SVZhPHx7EKffzikgMDfyCfUTej4mHFjDSBXvSBw\/tLvSe9zKIGZzW4YW5Zx2kF14W03Knayi7As27e\/ETroLvHWX+zYXh8lsCjXblUbFLn4OvB4Vvl6g7osC7YpQr9UoDjSRAa6delKk\/ZUwvlsmVlVdxie6KoM9xa4Kzoe6ANfADEjk2L3bHvC3ibZLII1p03Itmuh1fVJvnQ4PqLPmYJ6J8fjwoTytcU64MeofEY0xuIazjFponK+zHprMee9E4a13UVbglxsx2ynEryvHU7P2C9n3y1sUu0MlUWwRaMb2msNlm84Pn7t+d7khBduwQHoE47sarcouiL95rGRzCh6s8NudLolgOYJuEw4uamdMOpSbqhTz6in40vyUrVIdNnXic83DBKdCA+7fAJyj\/qP2NwPP5wjaudyfPKQUIUm\/ZWQd3dL20quz7Lifs+ZxH7e5Z79ubipc8483Vd9Aq+ZDmCrdC8DTUvYkNu8HRlFIJ\/87x6kDCqBpz\/Y6oKJ9fnDWzu3vGVK4nDx4jhx0IvaEpB8u7iVohyPAjcPcqis5bb\/b2l141\/Mkd7YUfg1edYX7s7jeiJZNXtRq20b9JPjsbcD\/aEE7zAWRgf9W"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","domainame":"suggestqueries-clients6.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com"}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com"}} @@ -531,59 +531,59 @@ 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":534,"global_ts_usec":1621495911385504} +00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":534,"global_ts_usec":1621495911385504} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495911385504,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01068{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496172813570,"pkt":"AAAAAAAAAAEA4PSECABFAAViwpdAAH4RVxyokEAFXWSX3c7OAbsFTudOyP8AAB0IJfFU5PX57qcAAEU0c0zbXMVn6Pcd4e7ZmfGe\/qxoruMGwPYAlsdY4bBFIJBxlfIjvR+3r8n\/O3U+qJTKKUq8qa0QleuYrfTMsn8O\/y7hixYXl+TzY\/2tPZFmjgWjPy8Q3ousCTGpMjiPdDu1aKCA8puIhbArl8N6Da6NPpGg72zv38j3AEI+JJUvltWracNeEqzqLjSdIseAljbdck9dGPDQn0DHp\/nLF0OQLhgPW7is5GRoEeUyeCGTQitO7sJ+0GFP4Tawvy3HpIB8sQ\/mvWQBI36+Vr0IvUC92N81WsKioT12i3z0lrAFRKc2nrIsK9qzHEDcHRWO8IWXX8n7Ylt6igAVfNRjEBAM2NXSGElvaDPhl5W14nFw2qReuostjw9VWKaXa0YpEemQwzzCdWf\/l2eJ\/wYr+I8wfqvsxZTTgvvVqGvZbvCnJarMpvykClV78Fjr7zdoJH0h6e4wj\/zK66Jl9dPkQ7jrAIn8Djc77n3JalsxT45E5h\/vwJ6Hy1Yu62tVg0onyAEaJRgShAbt65WHHuuOjUbOO7SgM\/l1B3NkYxFQRjbPkOp7\/+btlneTdmAOHcL660GLIGJvYuSg3GxeNY\/RvOuUCpKgbpyQvoy56KwcUUR0q+ZfCEfPOk+4i3eO9doEvGZqOHv6OheClMqNVyw4H6sb5ovkDq\/C4Luz4OZtiQxZAB9o8Z+XJbrSEebIisx\/MMDHqbWhehe1Eg0mRwnSpSkDsUCYcCDmBZZpNGxtE8k+8ji5vCVnS5atqC1q22zlTPttfegwTwCR34A50P0f\/cSq+ZjRg8lUGBiJMY633IK0UkUJK3qD2M+BLuyIwMRCQaYB5FWwQptU0wzlZlcAZTHpnhVpthl5\/8JNWtmRYqhefl5vburajPxYg4gOqVoHDVonhwMZ\/I71i2OZh\/xUUB+2rkwL41c5gUjryBwPqx6xlbPDXfHRijhx6FEeECng0ZOpqAj4GzPzd+hfEZoL+A\/zpIFLSkxIkmdjto2cmeEjcK2ZmzuUECn2TbWRXdwA0raRmtbKwoHqebinUG4Zd73sgqZPzhb6S6fRcJFXth6D1WkWMX\/pmvTBFmwsZtj4vIKhZgtGCFvnCsFQjZwKMGDdk8IcMtc7fRP\/WFw138PAOKXN4\/cwBXBJiHWUsfHmH4IEa3yYTAmTO5bAv3vbyW7AGUPPSZsFuGjThPYUOEo4obqTwpRd+7G7Fj8PTDc9\/SuvOHeEFG8SNmZczyUVz7P\/pwxY9P0pFzlzfGNZ1Yf7NIqIcuZwIAu1QHM8TKxiNpKLXkwY5gWi5EHkWT7ieNOA\/PME3V7yn6j9jdSLAgF1RLKr0bwOhlmrTCeyjtBkecLPxW\/ZpUJSAVdMBzXR4O9Zh2\/3JmabiOVhFtw1hF3o2eH8fM2+XAKwoI8UVoKaXC5im6tL\/RAIV7zKy5boKMeRbQM9fQyx\/xdvgnYYAepCXa5LMPTBjm8XbDITPP1e5aEovXRZlii1OC0w0plqCde8kUQfkZW0LCgurP5FzP2Aui0bpTHOGUVN1ugsbXrtv40HL7weMrKI+pmagU+tsECSDoFrx7+qtDT0YFo235yejWP4S7BEg\/McKYbD5TUBYFtwlDeTjyPkNpblYnvhSMMuhXgVIEl+Jn3adbs96ij4KSAIxF\/p\/twgKC3\/qYYlDHvYQriXuCWK9963IJqD8REoU72BQdfNgjTgbXB0ZOu7ItHmtPuAN9cWJ\/uL2kM5RxQU\/UDcei+A\/uNYyRIl3aPttcTgFoW4dVR1MlFwi\/UvUZjaUxjT"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com","domainame":"clients2.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com","domainame":"clients2.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496437543298,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYKNAAH4RaeQ0uxSvxkodT\/KiAbsFTtIIyv8AAB0IvPCERtRr\/7QAAEU0VDep\/CZnpIQa8eVhNyJ3U1QCAukLnPnKtOrC\/7zKB1G+98eg7ftwXdiCu4mjtl1Q8mNJOaDHQdHo\/ZnotZk2q+6WYBr5DXX5QHa13JOYGLxoc9qyOjz+jbwetc54i8U7+0kSHAbALiGoIDK5WQRRZWetkNux+DZoWjHY5WfosmGRQsxtOixsR3jt9j7FOo4uqSxQGhtqIeA0i25755C0K1hzCtZHRQuy55gnoUo6zZiPhelVtIcqgCilkIu+IaiAgPdY8qusu3Q9ASMkRkk0UX5H8nUY5fVDgGL4DjsJROTA71uUmNZenr0sr5JOl\/aDX74AH3H77h7yG8JDcWCMqta2iHG5v7LfQn6HD8EvX8A9+X1BPgSNN1do76JMe5qE+cL6FAAbPHwnyEKr00VkR3NF0Wj71jZ14VH7imUBnL66mFh+udQFwSu20vdM9c8XD4z8cDkFHoqTsPkKjRGkjCQi8gB1gYo0m\/YFj+JeaePbkDvq0OSLPaTj\/\/uR93wYJiwS6oC\/aiMrt4Ai7n7\/FG5FTHmyLQWtwhpvmSeJKiasDEobo8lDxko0INCDfgQfJ3SBS6Viiln\/ASliXjKWu4SrneUfwv6qaK5CsTzFRpoqdrt\/s\/4hApSQqHe2ymAF3JbfHyoRulU2oXzj3PnMlAj4Z4Vj4oik802VNCwqS9rwhkgwLpg2ForHv0BBRPYvL6MVNDpoeE6Q+fkjAsxQcCry3Tg\/0ntsyB77pU9N+6ViiIk\/seArDaEwUpWw96CaP6HGoEH+ITzRBw4NaVx1WIIOT111vCFZOdJbhxCcjcGlkWUXH2Mfa710gWwLlFOy8LDSs50FqSN\/OPohmIvSl5JLifaSN0t8gyVjvGme43FCNf1IRmz\/msB0elm4bS6ud+82racQS6O6aZIJmDUDJkR4HH9e\/YL1z+2ASyQ94Fzatzpb4GFKnXYPSRR9ZXr+nLzhoRIUWJY27XaWKYbXR\/JgJvZqSpd9j1Y9iIYmFAj\/kzwA1TDOawG0jmZJvOHRbLPdttFMT9Z8ICzQz7sbYr50LzOCpscApRYi0yCxCW+7FvKkaUxLEeqVZNTb5bfzGXSqygFSO8Onu18Vfr2pGmZ97fTY05vmeNRaTdGB9GDxEB+of1UDIaNk5S6UGJN8C0OX2skQW9hdlLAoFJbl3R\/kaaNQomNrWf12eVjbEPUwYduxDkiFO\/Cu3xI8s\/1bhAxAoo1eoosHRSb+RfuzYRRHXHaCwK0syV2XsapF5fct1hE0QKESIuGMqkYTacUhiZ+am2170YsnbIH6mCpW2GWX2kdp\/NRfot7wqoww4YL4kQ0dV2zP8iVLBMwBcBBj7jRlAJPmU94cd1+2yA9MIjBhwW2o6kySfxuLx1CH1XTXYxyDRbLVbIkYJ9KjklyMjtPqIcfNaglBMiG4bD+cmIuV+JVF2yBdmwLpupy8GkZrPVtTuFpepOJxWGxrxdE4LNF44zdCZCWF5fsbh0tA\/4QNVZd3EvAFmb9igKxLlVrUdRexT5v0zY8qkBoP74MZTTSWxXbGUHSlroYRRVjE1ko2j801gomU8QxZIsnLdQPtAkZ1hEimDc88Y35XyX679476yZ\/aqcOmLMYDbu0Vw3kbH\/S1Pi\/Q6fIKsIvYN8tlqc6ZQKWv4iCbutDJNK0I1762s\/zDONmC7qcwhUo\/1eKb+bifa8jDvxqbQH5WTi1a8brNLoMOVpui\/c73ZoNVIkMLLnI\/xxYiZknhsfNiaQgxORr7sklMg7Kd\/f31pN0pVpaR"} -01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1621496437852831,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496437852831,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK5AAH4Radk0uxSvxkodT\/KiAbsFTi+oyv8AAB0IvPCERtRr\/7QAAEU0JaLtoHyofbRbg8jGkawveiyJ2UaoheXbSYuPTeMKCeIU77lABrfhjW\/KFsoqVpaP9JKJMlnvWCAfrhYhpHkJG+xvxdGDmZWYW6e1KGN5t8DibwD+sY7U6We2yL0NMOrSYyY67PZ33CEYMgrO+bU1ma8i3+NoKnZhxsjAkaglJ6uAUozF4XuimP6iU+KzggGtZ5AHeHRJJSrIijvm2uURkPI\/Zf52SGLY+vL4vQPTe7wS1EKJeXUmQgYmh2aup9vLeWlDTkRpMf1EwpwHNlukj5oBWVeoeBmaQD4sx+NuopJ+2QprYWTuKVJ508tJ6HgsW5Ot7jO5bBygYTExm8AhqCnq4UjBmnft2hLhbA7\/d3ydVpIp7qFrWPv9n07PW58yXrAf70XLdskX2QCxfb2EahbYmb3Vx+DoN9ZQfyauIGIQJ4G4xs7NSUBH1KpzLXiWyZKGC2bhtRyON+3HzPjWFxkL0Tfa80\/+SxEpgasrCwJQb+1o6V\/lNwqybT5vHn79PHBIvEpedoaDM+BEu+O79uo27iS8RNPO794dIBqh+wJSlgKlH5zeUshHAvvFJn1TFlqv8TRVbuRhgffiNiYg0o1CeqH6Zf28VhJJpbsJJD4AZ\/jSirQZxHEWJI7alxgK\/LiDdkgpKDEWpc3pue7siiUI86wkuQp3ziUbYYUwf+3S2XmN4C+TOxmkT5fxEIOXMUz4o9qBlMvVx+HeJXeP4+1XADUariBmhpvXNO6nl8VgSR05a2jc1zcSQm6hoH7Sjq19QDV7jFEfc7eLbvAvOLM23DWJ+wh4NpHj9pZdPlAmebA1IRONzVUDs+FLPzEH62RBEORoAtOT4e39cJai5gPk0i6dU0vofBLpifIxzMyKYaGd4qxHI1hU\/vumyHtthijttX3+DFdn3RYaqCp1LpOaUmoX\/6sMVu8m0LGWnwhQqFoSAeJsuv14Al7ULvCdbJM06GXHtuP8hOpztz8GERiD3IE4+pHtQzzeOFwW3gBxM8vb\/kgHuBEO3Ngo3tjKIHZU34x718MZS7qAptuEPHVkm+ESamOD7xBmeB3Lqe2ntH0yaZ0R1ojSk6QGp9l\/DQGTgYlqqmVVplJJS9Mq23y4sYJANTI+VTWYMkD6NqRCbwxSayYlRmpI0bsWTBa3Egd5P7LRpi+3cNo9ZuEhXIAF3ycXIYlhzeSYSYvtqmdmjkTzNQLLrulkQ5zCYRtkU4zvk\/g9mgS2CcfxLTkjgtei6kwqIx3Nk4h0E0OZscgKCSJf4cRmCCOmfcnN0SQlWhChNjlpr8NXwxRXP\/99Mm1hVM9\/1cJQ8UoVQJDRNojN3SkiUl26oijeQfH807azHA\/97ACgXT19Mdl1O3NlO9Iz\/csL8LLesYa1qB5z+IjimX42W8TXFqTRlbQ7oeAmIc8H5U32U0xeqTwvh76ZUT0WO\/Hpn0xBlv6aqBcKb1Cxl7JTIzz67aCTV66YXN8NeR593i1+u0PvZCPySYf5PqAIuY3yAjXufep0Fzzko0vw1dgNNd1cSLqgPBALOXp4QpvYDsh5OdOzrPtb9Bwn8\/YjM65iU1fQJwe0pFgWPBk3OLAC1ivEA1X2opEADJmIj\/+8LvIdF6nYgzKjVtmvtV9atGouRJomruCL8JxrFfNeHoRpx0yRl9yU\/q2BGWdEuqEHO6y7Tbfu0SWUkh49LajcNcpvqE+bJljstNdRH3yFDQnBncwCCqj4zSbXWQeeQR2mI+3rqRgA1HwOB+cQZChDPCGByW10tu7BtVyE7\/y\/Y+sF"} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_src_last_pkt_time":1621496438462569,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496438462569,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1621496439665849,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496439665849,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYLBAAH4Radc0uxSvxkodT\/KiAbsFTlw1wP8AAB0IvPCERtRr\/7QAAEU0RMZR\/c4tn3st8xG1jK6DhAREMBO4FycwIijipDGX33cbN0C3+bsgjYYoGHalVFDkYs2ftMTHhs11vLK1rQnsFtTiQEYhzkshZi\/uLzctRyolFhFHSDjCjKDJMcXIs9obpByeSIH8jZJZIPmWGPlHTZXamH8s4vrfSGPbq02Xdwwn8n0UxFCshOFU6UauULWw7dyYPe4SjTsZrJnc1QfbwWNXS7gqUJeBunmttTv22EfV5GoMfGTcChj7EHFGIA2VrznNmm\/lNfLcLPh5KbhgIfobxo\/NSOBjMfCwFJ0Xb\/2TlPSjM9auOpr8hl23J+M+H7oTDFmZdSrcloHyQQBAYKeZTkpVJYM3gmQjQ8vDmhCy1x+mafPHnT\/kNaeeAZ4M+0Nv9U+fu7oBt3x0CP4kElUhHi8jS4I98DK2HvIxnP7SfcqByAOV\/\/dkJ+A2ztPjwMInWIn3pYqTmXZFVgxMsomM88R\/D5EgZWj\/+homNPtc+Rvh19icRn+VwvNgqYfLaJtwKRnU0sTP4YJS1rsNoRXJAEHVr8+LUuKhYmlrB2e0Ks0Hx6kvvvcmfKs2YqvYxWSjijdvjkHgCIe4iGFGm373d706t3kTDyq2vnLcDALlHhUSspxS50sBp\/X4J\/Obmz4u2VcSFRbgIlrPD6tQCJXCbtvmr7B0G2HzkdAz+y+79j2ymK7kXEtdy5JlOEzaCJWHB61Pq1zrRTSwvPxBgMFBlf3V1aZJuMeQxbw9pWF8QfPyQOy9MIfoE87XI\/pUJ2aijtoFDa2IG5U0RKi+TQ6Yr7sUnomvmBLdRhiIEkDheKEiZP+gPuweIwNQ3SLKZY0BkDAovO99qNEwJseIWua7WgMj8w6rQI8udQA9XDchM7g4qyJT23H3WrLekWZVPWSnKMJz42FXxqLdOToodhQ\/R34KTgIV6SlQlBbzbZ2BlORkWUYrIJ1NonEAr9MOlDbKNr6Xt05SZJHOnpiWP1mRTm3SDjTOC7TSEWcT+nEdf1GEJYFDGeqTX2nnOK8CRVWSu\/V1zPKbWrFU4H8QVs9sOIbDwmkddGcgULHaUIxa9IykvIwcTJzYJhg5f8B5tlRNZ4RXFR0sW+LJD88lFs\/WaRnbfh9almJ6oF32c3OI62nc8ScewCpufhoxg\/n6WrY7XA6Q\/4+akxpmQ9Wc4ZSWGmFibHYuYkc3bktMuQR2KLovT+u7dojOv7zWuxm6EAZnxQ0QxXu4DVqn5UZThYJdmPj2kPgxEoLI7kDvftmTRWKbxxxJURuLYY53ey8LigeCIzMYssMyJ0lSy5VLajuN7pEbHnFeLat8RdeT2a8iEi5NpW0jrJCa64YkFRGNG\/1RLw53JyFAltEGL8I\/AZQNy+LaDxc5GwvozkDqNstNabKIuPZdAHaK9uAbww5+qb6qWkmwYyvMesNGpozi\/ecN7nsBrBBgGhw2l48N\/Q0mB+MC\/D\/SktFImY9lJZse\/D319zIlaeUtyW1Y2CM82sNULg5DKAcuvJSLDlrQiIksi89VDc8UQIRkt2bAmBr7xFXX\/6GnPlePZLhM2vB+b8\/Zd\/lPJCs8gMoXW2fwieUibwBhARfI90eepr+yjUom+bVIlsNLyM+cdw1lMDw149\/6W1iOlYUIPc312vlJ662rsUHM8lEXa\/CJP+MLob7exHeHrjTRJoPgE7vtKIdiZXgafWX0YCPitn2LTO9ApzYxMOdRF63lU1N7r2X77i\/36gRXKSjFwKiLjoYZox3We6H9HyMDKh58MhJtykTNxI0YA5lf"} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496439665849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com"}} -00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":550,"global_ts_usec":1621497523457937} +00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":136,"packets-processed":135,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":550,"global_ts_usec":1621497523457937} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621497523457937,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"} -01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496439665849,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498081522654,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498081522654,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYQ5AAH4RYvGfdbB8xkodT+8SAbsFTkZmwf8AAB0ItDBJ3NIuqUkAAEU0zVGaIK6UyDHeyNAcp56wwNTOdBKN2bGwgH3tSTiVxSqi5R4I7f3uL1yCaFlIdaYH9ahQKvndRKo\/ujk3\/jxfEcgto9i3futX9okj4XQ27PcefMGWgXqyEVg4FX77CSecDnTaNTLYfhgkDYQuCO970H4hixxovH+9p7Rv9dvjx2i\/DEJUGfnU896aVLuBnPuODO552k7IJaY3oWgEK0rlPQEiGu8iNHDYQvoHxEBatHMnsyOw8Zigvseo1jujk6RJI1A1aOg7YO9cAhzx\/u6chL22xzxaN0rZh\/N0XhIF0NwNbCTSv0YxaADYXS+ZMZCfG7i\/c1SF\/TLgIw2\/Cpu3F3+\/J3snQsx2Ypa323eXtmuMVPdZd7ZS0JAerklF6xQ2sS1MAkHYoaZwJeMEuKsLN21trT43ZhRptSf2u\/vwUGzprigY38cgmz2P0F11GVoj57z4wh7UcQjKtTWJ2849\/MydU8igJwJBLHMPRTXx3H\/BMY\/XLs5QxfEEe2tglHiHmbbq4PzWF3eT6ivMr1fu4KfSTFrTevi80ysJLj74VjHcpduKqVQEAr3Nrxo29\/LtT2\/2SjRuE1\/QZ3jNaoc+VKacJ1OxFmMjy6MGm5g4zuGOU4PfB50I\/VqTXCdTlUAmTY7aw9cTfWQym2+3JjrSCgWg2UbNSgsB3L2is4KZ\/0e1da4EhbjUCPTE2G4aoj83FMSovFWop7f5UAVm40K7Ty5x83R2EbPCd85UuGSIQ2TY5rEz31oaGw7pNUiRlzOkMPY\/3kFEfS4kT75iAaOiXzSFUXwVh+46V1ZvA3YWe8YCrMaHZgPxkOMYQixK5m4kE4DpD+kTtbvG+rGsitiIx92TiXWXi\/RueKekCBAIO6DDqnNSDioHQ1qgtwcpgfVl0ej2qxMeg3DrsiZDxeOV77mCA0L84J68iQzb1jxQzp5GdP+Apo6zOF9Td3oDYFxp1\/2YnjbYkDZQumseur2wImpbnrAdoRFORnbxALxWRA1dZjITPJHmekQRA4kxEp7\/Z97odl+ObDogC\/\/cAhnq4DfOJz00T4RdEcO081yUNcS\/FEvbg7B9sbjDCedDS\/stwrNGitySwmE3scR+aZKyKBtqHCMiWVQOhXlWVUJyKHlfU1lb6W5mDBMyxAaJZZTfI8GB+zZV2rexPCKIqBy5N0iq6rwIiMUn5CKijk2bKXIzCqSDbqrJxJnrHf0vns3v74qpefAZDni0SOFc+2DykFX6NEtdNgoW92KE\/mvxeaIXMyLuEr1rBY8P21x+u9Hj4lI28mV2TP+OvII1F78tH5muJnBp38Ls4t00WNUM5qvDRCPn\/qCJOJupXtqxmax1I5E+sxFqbI2+QyiNd1xNWeS7bPXPPjVGS6cu9MwsecO+R9Qv\/1VhgxscP2kZ797YzaYhjw8bmnZS2O1uUm9CvlrYQdUxSRwLgY\/jIY2w8pvuF\/hO7kVAMYVHGPH+IQO1SY77GbyF4u4k4xFwBDkhIKR\/nOX3lmm4FtHy0hlq\/6nXLfGvIypcoaMaaBFB9hx0m5XnnTxSnIC1vhW1FDclKSyzUy\/ddRX22aL8vOR30NpJH4RlJ6ueGVM641FEst\/rh1nK6cglWyn3\/dXRMIw7QDsXh1ijz9s95X0SsUD8hNmRuTzlhnVPs0rxOtkDr0ojHFIvCB+gp4SNVj0YldDojIlR0\/3Dn7VAGDCem9vEBUBT2YeMkbsNoFcGF9yx+tHZxAZUN6i3I67NHiOw\/T+jxUqj\/K95lSH+zdgQfLf1aBtau7gu"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498081522654,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498081522654,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_src_last_pkt_time":1621498081821896,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498081821896,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRtAAH4RYuSfdbB8xkodT+8SAbsFTm91w\/8AAB0ItDBJ3NIuqUkAAEU0OvufirbIDgp026bZbyRK+lP\/li5aeFJuMGsrKstuy5GNC2z4iOO\/abPbTq2u7PrmN1s1F6w0IR63u9BJRRqZsjR9rWd14KbZN92cuC6PwQZASSZ0PWLjMgW8lo8bo\/p4Ie0KGPVmarivxVc7f2b8bWK4ukJRx+v403t\/9CEnqZ+h1nQX3cV0q0wYsDcL4t89rZdkOD\/2h3Tynd0mKl+EfWaCiGCWZTFea00jKZkzOYtci+ntlHZ3vN\/5QVk+nvgSVijNAivrMJEWbvt\/Hgl\/NDn711tOaolOUN7VDWPKhmxO5E+Vj5qkX1JuMR3poM+ZzVmshiDYUYmCOo1\/EPh7BUBA8amQA2Pt5V1UAhZ6l6otPDcgPLAghQgMXkuAiTtWFzpRy1PsfSTGti0hwoBRmXcX4Osy85gPdkMPPjDRL9sxMWZ443WQaNmLu2NCZG76oV8Q9r6elrs8nfp6cokfwyjQiaj5lXdtmWez6Ub9zZ3hVLN4ZSFJ12MzBDXFLF17wXLFQVEwN3J0hUvUhKsfZyTSVGXukr50e1LIUe5Vk3iGcV5os3CuVaG91MxXzApOzbVLLESlpzPGauzkLFu+7wEmphQ8EOGPzSKcgPkIYTuk7\/p1\/qR+e\/LIKLwmFLece51gXCJDFQ9PjUsal8fhmjAQtOvr6WTWXLColGnpvdaMDuQKB8HjmmpR9dJ4DqjExdn9ISewALk8HydNfk8Uvr3B+OVq71nszG8nTFPdSYSBzEWhRglIanWym5rO+STC\/8vTv\/W6q2hhkLWj1q0jtPjwAN\/v2Y+D0A4JyNLo2FkyIJcbWfplQ39A3\/xuxD3YAD12Vn57SeHhSWxO1uApQ+t+zJkEVcrhY9SKtmNwQm+6eVRxYFVqew4rn9K7lyAryiVHDQMrxz5ZBAq541Ty6HHtPWBecGy6gvo\/iT+yBnUFd6REWeOOlZ0VTsR\/AFub95hlY44g8UyeLChHkWygL0G4vYgPCQgWNuZWs1f3PFB3C1r\/neQaHWsEqXfzcFPI1Ve77J+5BsBQx73by2L8lYfyixggOPo7sTcoKYKSodtv9pgExVr24O4\/8tkR+15ZqhYeGxR91PaYugbzj67u+4OLdjdufEwK1FjqMmXfKMkZZSRgMY25aCKP6w9RpGPzU6xtd6n8eBrjegOuQMY2i7GThrYUeYiCj24dBR+A\/nS9Z4ny1MZWcp0jfK4ALWIdHAvCMvFkaEoCrswCG3q2FGMP67Qn27U7Cgdy6Ae8bOKa0gpwD67XIbZ3VnJtIZI7zP+FEhfUi0Yu6AMqmlLsv6OXFjKd16nwj\/J9CUoCsvFZj7Ux\/GRuDCul1XmrxN7CCNOU9OX+ADt2L\/fQyWzOZSvKiBhqpBtkk2TfqvuCvxVhzPhUfxCU++aidWCrZQZzSrwuajKW3QvMvG5Ss7lOXFiKY6un0x+VvjFLGtGPVVsETZAhpkxfy9vVl7cTojfKYb9BYI3it8kRtXGrW\/xIOQ9niF4V1PDpiubAYqMeNRlI3NLhOOvjMSc4gQyVKtScIYXdhvVAZtuM9Yabsw9P+8B5XyWEuXXKfq2yxLzBNvM0uXuRSEoFhzdgUADAIq7QcGiDu8G3IbB0DnhTLfiqNJcrjj5j8Y4Xh8KAEXft93SE+XzT7U\/L3dHtIrBdUdCUjN1yTskCC97fkKUSEv2nRSFu33ULAhr8XAIBTeRzax6cVNbIQtbTQqO2neCBmpL85f0DISj7eIkl89oCYMp+ZXfxIpCUVAU0uyKjoKpFGrNC11tb"} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_src_last_pkt_time":1621498082422634,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498082422634,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":4,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498083623668,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYR5AAH4RYuGfdbB8xkodT+8SAbsFTmzBxv8AAB0ItDBJ3NIuqUkAAEU0nS+0w4blUhqvknb548XC\/yn1Gor3DKwxlbB7\/uu39QS2DSpEDxyStWc8WcyIZ8c5PgyX14TZwIUytEJlBS\/8n1TweCLcrbeP7MgpZ46rFSzOa8D467ZWE41EpukRayYejde\/G8ICnBqzjWfBvyq0jhK4mOUBCxRCcqSyUkDoreKeEnJLy8KsVPiDiYAH6DNe\/Q+lDFvSPyNZGxmCZOw8PnKQy4k\/Xv80GgnSkni9aNAYcvDCEoum391\/coWdVWE4L\/zhQJ7j9tpmJISaUR41VIJ1dglx\/39xJ9\/01vrSa3OkFc5Fy8BBj95oba7xwYHIRxreBnRxTlNd4vpEEdFCKprC2EHtxSZ4P7Fol\/19yabIzVGfrXk7pjZZBFfVDXyUCMzmvdsLWDs9LsNlyoQzMKBuF8VoRMmcfljrP3a0FiPAlZerqbbAf8Hu9eIZYsm\/yugGEdXwEKyhjhu1+YvDZmSjAXdaXqtRafwUvoKJvKOD58O\/gEeME2uLit3LhKB8oolU4Y2CeanLvQ0Bd9uGIdnp9FPSHwJRfgPRnBkYxuSiBlo9b2+yU1kPEnXno4jwWowGMmlPGobjvEwtGiJFuc3qBeTVGeRb+oZK3yznz4ooQSL7mIPohmeRd+Rx1zcoqIwZW1r3WTSFSh6GeCeImPe6iGHbBd0AtAFB9ICL8ih0D3yroNz2Lofe+8Yxr\/6Xw3g\/0nD2+ze94vt9qGWiHYwCJRDWe5C4FXOCx6xvwiSyBPHn+UWiFgdNlhpTeCRcxWm3OvZX\/3KpH7Z7if04QkBeuZ0Ux2FSXC48W6s91+35hS+WqQ8flQwk91inucMSRf8DrQXU6HLzij8d\/ufZ6cqIXgAbCC3+D\/5UKeQzzuTTA+cxHiC6MH8M+mCmeIocfg4VLht4EHV9xXYOfIHuXNskqxmXPAFbOph\/wnHE2YELf9Ug6M40kxzp5GfscSsJ4\/+F9+X88vGFNZAYZIQ0fXbJB9drC3AzgiOz\/dQoJBhH+NVAbbzi4o\/epLdDnU+pCCT3pvyBUiQfrYugPKfQ3C2nMgHk8YjjSoRW5j8rXdLqLftjCDZ\/JbG8rfCMd6cuFbBeb99wdGuxJIcMbwc9cvILpE19XIAUn4bvD2rqIm+SuWfcZWN\/9CNoNkQ2jrjPWR9LCDSA2u7MXFGhJoFiJrKEKwS8t\/w54Lyj1xy9zd3bgRKOto7BBzM4vobLG8+A75iWZIThG7vD8dUjCxUGvUG94fK1WBcP15ArBQ91O4Unb2X9Ov1f+Wycl1LV\/vwSLkZ7cTAKcJ7vKj2\/FUCYwORzVtE1I6aPqQWMr3eyzVJd8NVYj\/oBBdZHgOCokcrcnonn3Ps5fOiei8JlcX5P2LPy0fe1eyBW58+eq8FRuXxFch6vlwcR3K7lSz6kwNsDvqSz8BLQpPByYiuT5CXy8ELiCcWnqEWfDGSOlabrYQf+epIp9hTKNLbSF0V1NCtwIuAIDHhYy0je8v6cD8ExDV\/42DBww6ZJIEudDTA4IlMUEsUfuKZLsiCkicFbZ0\/4oUGu2YL5L8vXNUCUXk\/xLVLI+bjNLfRZlL0AbjxkdJM7VUIxCP+J0XO0kohpW3\/Ez4AzicqXaasofkO+aX2iLfksl8z1jppxUjL3We5lUmH7R6ILJpZ4yqty4WLx6UcN2I3UX8FIHoMXOeCijmRnkv+JLDGY\/cKbpQdcVjWO0QYhxTXVm\/89SuOJEwvL2\/qpMBK6MhPg2sAuL0mqP0\/yv8rnHP\/KAsfjDVUqlpfhSIqeHhMh"} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498083623668,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":562,"global_ts_usec":1621498212950392} +00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":562,"global_ts_usec":1621498212950392} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498212950392,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1621498213250242,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498213250242,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd1AAH4RAMOfdbB8gPgYAcFxAbsFTulVxv8AAB0I+oTf3zKXQjsAAEU0+eG2aeYr2ZwxMQeoNxrRVbNbZLWTAPBIHGmzPrHj\/mbYKL9ixyzcBxmQnCXQO1lDY0ds2+Uxd8ptUf0B8IEyK6HWt7XDMsSm0czLAJJ5gHVvFp4WvT2QOxWF9qk9uhVnOEbnpLXsHxpRz\/dz0mNah\/t9a+nz9avu0o52y0QKIy8LvNVm5rColse28vLMEqwFt8Yhb0a+e8F1WQ2Jog1lBFaxZ9C2nVaxdCT6fJgVQ6neO3NzPAYvQeMe31c7fRAOphOfBUEujT4YzhvNiFl\/wwufDbC02lbS32wQDoSwANLD4ijQelHtGYhgR48L98xirGA5IPv0nFtZ1GWdgn333AjOEIFGx3pnnuYgw2iuWo3m3sof14XdX\/TJRFaZuHV1ez9+gI2LSQdjuDaB+lcNc3pexpckY\/HKHazTzKBQe+fUELgAOI36zu7bwfiGs1DcCvWMT+vwQrQ74Yw8jk4Z4SiCS7DRZyln0DpQKDMsVHuAt0JxYrc8EmeYHpAa\/WU7imzzrVyCMqw87RX13BgCI3YyigtKRpDM25QuBSbMZz5ZYeiWXPyE1k+Y7t4UwBli+J1tJgOZYuGdHdpf4dfCgKgBpCB\/sV\/ZjdtG221HiWUjAFU\/RX+F4Sk2nlwgBk3Gu4HyZl\/faOlZ4A1OSdQ+fFuezBbnSGeaqbNo8VqozC+DV5QFVDR+iO+QWF73iaPEDFOX3fumQIGEeMxUCKQDbM3wtercBjGaPrgwSioQrTtGhXuk2URGocylTgSwqUuBqVOiZ6JtnYXVCLz0j3YmG54CGZRJwD6Hdzt9JYrpmq6dmeqLlnGt1boRR50qkJxmjqBOKv7Cl58UXZpi3hAhdW0L1aeY6VfIJ1ywx4a+S3Xag\/orC91PHKrMCiRMP7BHfcAHP3cmMHXdjD7rw9txJdTGOjn8lX\/mclH9lQGLRl1v1dxB91OITgYtiPUptU\/FstAfqQUeN7VbNzZ1K7myM4eKtKPa3VKJ41NTGXaN0jRG3AsJ1FJ1VXwFsxEXvqnYXdbQvqIAtWI7ORnGc4RUiKLZMaiOQ9ZpeJBxqsAYf5Ipe46sFpXilr18+FHg4XkhotA7suHK7WRKyC96nxR2DpEVf2iW1ectFaPFEKsQ\/H1YQbyGSNOyfsPh1j7faS+9snjbmdWCAfHpAxSqQjfbmAdHw\/pXpU8QfMr7cJSolfwHDFsekvEeA7haX+xyxiOvwU0xIpKlGttzlKe9Zs+aw2lgL1+sWhZVxiXxt\/gUA3TRh0SsDzH5g+XZJd\/neVfv5Focg0swaZtgQXQlDD7IMT0JIkbpudBNxUJaoKkGBhyJSXW3YfdpVjMxqZHSyytUW2OsHTqTDxRLDFBCvuJkYPJ\/TXIpK0\/4wD4L9l0omgm3px2fr7Tg0bZjKBZqYFsrt3HkLtSGTbe9Cy8+JivD7AEnEUiKufzcgmavYoKzlmopX0FuwXrvI3Tehohc9Un3CymwmJwzoJogxWbDMhpF+zwoGBGss9an05aUuur3iz7Wxk0lUMrHG4RhjccCzdOjsiU0cpH7WOa3JeWnb8oZZ7E1yUHJnEa8TUN7DI2nHm7hd5xvO0jYRqfo5cwZY5XIuQteKO6d5vyOsi3XP6L\/1\/B2Ut2V2caOd42VO5fK9qvI\/d65vyKDadxtG52mLCNi3gzdraK+EO18KknpwVwSg5Jv0pduYOIgWdKxcr+HnXkkz+KrYNl2w\/cO6BHjE8z+P6ziiwIfrr6GWrGLS2PfoqxdL2ey08WkeqrNpvHrYQU2a4rs"} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1621498213850512,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498213850512,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"} 02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_src_last_pkt_time":1621498215051045,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498215051045,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd9AAH4RAMGfdbB8gPgYAcFxAbsFTmjlzP8AAB0I+oTf3zKXQjsAAEU0LsN5lwBuBohPIk8WcNk8VFDhA7Vgriyi+GRtPBL9m72qnSXpKDRNyBr1vJSoNoPBA7JyhuAi7fT1PX1I2vjlaUVWsgc8kYgBIMx8qP2kNZwqjvx2TBVJwAj3N+yw8LwNKtzFKB6+TMsZLYLIMH9IrqYxqELZBIDxLZ\/QF1DfFyVw6THtglw50C\/0NZTEx8NCLc1o5VghXN9CxPQdDw+1ARCQcUgGUtcrl6apsDZmCIY4dlws7dq0+YRFNo4nwVv1\/NhuhhymGXU1KbTNUd3wu7IacRh5ZozQGCC4lpAyCYdi0M0tb1cwxp4eVAaxEwbV61pLGvzhHonyk27mhmmRKXHZp407b+3bdtylhWuru4BdzonBsrsOm5yoIB9EcZSCDuZWdNfxOPA49dQ8yeouXSBTteMFZKZgN3gy+CscZNgJ9VJ3XzPbaT3Sjwfp+Imm0XMiNLMPk7vk24DJeDvfTOWrGVyb+Owny8XN+kQs\/4jkzKd16hVcK3EuxZUJ3YL7kvuAMcyXATuy2aPzq\/qUCR+46oadiBFjQ+AqJGDa4DDn5pIlThfKhuL8W2WSBWM9NHdsijsX4AWK52hukic+q66F+b8J8SP6Iv68MuXawvVhzPS2VvFOVeSwGqbo5gNZY9kTkE7ENXEwKBBGjbiwiavOCMALOQbsE0Yk8jb3I1d2lf0ZMf7DUTOkyO\/ETHwkbJj6iFt1bYdjiO9VGkaT2DXBf7gPHAW9I7xVrnqcXaMDPwZcM9to2oq6Cvxi6ZFATdSTaILAoAlr+WJp4\/x4M5wyF\/vAP\/yTQzIb2bGKZ7pnfl5cywlo0fgpjvW5QOc\/RgHf18lMdRrf62sRFnaPGhpKXITH65wo+vXJhObyIozCXX3rt1PRJH+wShh+XckrU4wJJoKVBUHS0heJb0mgTITG0CMa6vcPljLF3dpoi+PDPoTKL4V+lpEkt+V7VHXk70t1Fy5Sfv58RmyfC5FEvWxQlVK6c5Oev2wm2PVpGtPYGHcT1Iaz18hBeOf47ddsPXqsB90cLN8jZHFvyg91ck4Sa+OiVIavMiGozag7DsBiYZ8cGD54lHrs8bPj\/V8liri7qpsDuJ1FEnHrY4lxVPCks3i8hNv9ZRv3X6jXf+I3VEaeHGDtUw9oLKnCBpvU6tAubBi41m759hiTFL4ykhxb8tn5m5aeqxR3f0Q728RgZWXTlctXVYSpB5l3jpLSWwBfpB5vATfB5gT7GU8Bfiwc8Z2Vr3zB26ThoifPDKQ7CgBF7D1qETS\/A7QkJLZ7MKggZ08HQ66IgwIzaMcpZFaNRoYH6V6hXlhmGbG+dUcLjbMwKPo0h2GVYGOukOa+q+uiIK4ndjQ+zbiA+B8c0Jn0cMGLFWosA6pKHn5QCpAq5EbGETn\/U08uM35Rr0A3wjYh7mFCvIdwkIPPE9qgAa7saF0ZL20lJZhQYvUfGCPd2lQAsjRu6la+JaXaBTMz6cwgxShegqVQwQvNyeg9pY8ZQuPw6hNhqs9vTZZXrpxrybFqtjAGrnLjnih7sBWF4yhTe87scov4hgwKG2eZyL3exAqujf8Reu9i6mCyS+S2bvDYnaOYKeHR2QKLBAPcuhLrodBina385kY6tjQo6GHkGYmif9zt\/zLi7pZ4bmsZ+2NjxgNI9SH\/j+LReSGJv6SOdxEDpBda8SSsYwXwzAG3vi3mJsrs0\/wxjaF3kkbWOJvHnm9goo8ySx8hG3LpiGXG9HMu1imyQOH2gj9nhFLFvWx77NWlPWL60HtwRZUPdmPs"} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498215051045,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} -00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":570,"global_ts_usec":1621499083794242} +00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":570,"global_ts_usec":1621499083794242} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499083794242,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498215051045,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499130835100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499130835100,"pkt":"AAAAAAAAAAQA+mr7CABFAAViautAAH4RX5w0uxSvxkodT+9mAbsFTpEZw\/8AAB0IgC3o3GMiP\/8AAEU0PdKy7uKG3ARNfT09pZj4weIAx8vl1AZI+zMCTSNcyqisuLogUxNuVvaYt3\/glQ+D6lndRNMSuyW6j5yustnSGakysxsalXmdT1UcNTCHKHLeg8MGYbFf1nX95GwKiEKdI50HtYAVtBQjTNOTIu4nPcMX+lDl5V6\/ytmtC7XiQnbKGjmWQm\/5MDqEu40hggsQtcdk2jnQjgDTlviz5K19+Tr1C9ZtBh0pIi4\/9HJR25mhrL6n0N1dPzZ\/Sqk4b9t3u89S9E30HZYdBGpKBZsCH9hWFAhEmi7j9zZtGj\/cxAMeBcWRYInSCSDQRHhlkWsdmuRhy3Q07JJw\/pEuGWxhUDuVEci8KtERueLkLLLpEexZVihN4fEprEovribmXQoru+8BTBV+JKFqpyK44xLUOIK69w2LDvW\/c9dPKklcJAIVdwv\/H0kgY4YqDOIxKOP84t7SjU2P\/ow0Hgn\/JAdJ6i\/lHci\/A9+cu9\/Xk16H553fgdhUwRGo3ALZoNMzPzZ1o3fb5FWDfOha3mWIsBgUxeNt4buHg+jzgWf7W+8y6hmDLWrPKxyW2XOx6tYTJz3Xjs+\/mCn0wh\/mAZ+1hWOefp3U2Y80XBDgcJQRXavyO05wNoq15SpWKscYO5J7keXA83swiPGep5RyjOBdKfiII0v1ao+0rcEj0azRi8HmEhA\/AjmGfVSAAHVwBUamRC5+huXrgR7MEVx67+etgSdyuW\/yAF8xKZdh7YH+6wKsN72y7zdLpHJKk0SbAUI46TifMcEIMeIjlEPcVZXIE5rZ5rAAIrKbutpPELqhKDRo+C3oR4n9djDZXmF+B4O61eZoj26V8iiMi3Ap\/CD+ILTxN1vpLCz34kzpWw+Nvi\/ei8CsOgprWtklqFizkd0rAcDGEQGgQUmScGmGMEFTP7Tg2c0rd2YIJhDkQOLfYLZbFQ53RWO0Pggj\/QDl2rb91M5mdkJT0X64J45SyH9PR\/Q3NGgNCplgG+Zi1JMbY22khGyCv03BTfHcT6hnjWVcK0KimWhXdtO40IIpbzn37UO9Luj5lbbwTxA+F15tWNy3XlcT29pBTkrxIoD1a7jgZwe2L1\/Ov4CPoXZLMCQMQHvebHhxwgktEDCOQHeufOAARA9+ttGIYLmddJgygIHV+Z0m9eIUy9kSZvBlaoiT+1q5FRgi4aM7OXeRlcCnvKKLkhgPWsdD0iPMWVSO46LUV89lhtNMGfdtBxkfsOg+W5oXMWMpj9KmR6kowFzf9zj2QyWQFYmhpTbluKm3xfoGLLarkejEApaHi42nZxpainN+yR4Xj1CvqK7729lw20TkDJxJys8CkR6zRpnmDL275nTf\/h6umI\/BjPRIRIgbx3bSDq20ohdXKRrSZXC\/Arr5YfL+XhMgAUJbz3r4XwrrmclpOMMJn2kr\/gs3To4em\/HdWYqxdT6aST7ERX9KK04xNC6\/hrkuQzcRruUkuY3mUT8iKJjTr46ie2j\/A1tng3m3VKM0t\/2rfAm08hZWqsveRgilR3Zm78b9fgxj9VY8tmIh3i6sK\/djJUOnInRG631tWG0Qe1eRXSJgMeHizDi47oScl6deUbLalH1IvbrClHklGE\/ZcbaAKgwr43r+5MEM4cfDxEWqZaPxzsAHgwOhwkmTZ30Jhi+c4as8kD0LDD4tAMnjZY1FLuGbtQbU3BlRBN9KIN1hHKMv01OPEqvqTE8yp4iGqB9BypJrEEtRX\/ZZWohZEKxDzLUAu7MMY9Va00pq66LfRVHtgBgFkrrN5Dlw320q"} -01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499130835100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499130835100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1621499131134117,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499131134117,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavhAAH4RX480uxSvxkodT+9mAbsFTiPZy\/8AAB0IgC3o3GMiP\/8AAEU0xNPHNjkzcBN6tG3CMXMgN1VQUQ5zORwwdJvxC+4U4Wo768p0CS6oitGkvJZyjwyc3OomATdmVH8dl4u8+5ZoRqU5nHzh8arBwEn1ailAEl2\/FeLrAKukjlpYd2Uk6yjAdkKgzRJUrt7\/axFA3LL6O7tdgC5hzo0E0\/vl4YnagMJM3wjFjjHYO2MS55fyThkTKtMGKHzAVPiKv2kKUgzu3g8FlFf4vERg7PBca9iFQwa1e6czfFLHU3jmlRamr1hxIWC8ey9XXVda7oP9kCT82UgKpNgsvn9ag0yB6QxqI6o91lGsTfzgwNOJcVvwV3aY2qjfabeDbzPU82GWmC8dcxg60wWM23VAAZlVYaqE14ppMMyorKrKFMn+86H5\/aNgSXh0MxcYpilmN6MgsD5Jpkp6OIphsmHoNdSCO0UVCwGJhSGovYG83XAmetDlCEUuBf6MaZFXBjrfL+9+VHX4irSmtkovc6L5vSe3Nf\/Ub6qgARu+YW6Wwl4tUjGEcM7JKUQxN2Ukg1PimEsh9oAZ12nyYh9FV1JccWxNJ2iNa0HzjjZKFHsI+Wpn2wjQu6fGLrQdYisl3dxVlFj4jvRBju6QBGPqW8L8vdchXv3SI7zqO+NhEBqeCwisAVMGs3\/e0eLRoiqrlCvpzdd6wmWwzublWtkESFBS+GKBzAzbuO4L4Jk3UFfDunCYtqzhO+2c92mAtqsWUkc7CKf7i5TjKJZM8unl261yU\/jXeb6zhnBK28FD6Pf7vze97LmpT5VanmKiGpb8ZFvlX5LvJwFqOst\/Op1D8Xr+i6cOe2zujddvgkGRpWHduSyvlJRv5eRBop0FHOugDZjHwRl1P5GOEDM7AA1rf2k\/IZ6eHOqZsGK6AJyenzNCgwn2VrrkC9JsT5B02qcBGp2ieI1StsetnNDeBxqD01kqrPTmpVvwJxCy2yxgJrEXUggkwFbWIS7thWSjjhXDU0J1GP9L68+5UUKxu0743nekpL+HTPJD4N3h3CVTgzlGthPYulkO8tpw\/xmwb4Z53Jqw0aGKoz+dhDGMih5n97yaHi969BtPXsVrXOzMwgYDcGdHV6VGFDrRp8MvBHKVCcSB29+r+o\/y7gXXTkYGvFUdNPQnjtOPuTA3g6ED4ZH8pHwnFuthO9KrwMMPO0Bmio3US2E5BtPsHcZEVYe8RumZt3y1QcMWOvon\/UMvBjIjvrv0jsdmxjixC9tBFNbGe7r97P3sSHcFQ62T6BzS\/+NgBh1Yy4NhP5OC50DrYOUUKT2FWmyPF3rEeN7cKlVvDoToDTZvmnHz0lXki3TSjmEpfEl8VTrO2dVRjEyX6UGi07VXGODj7O0oDpUYCDjmG1IY0i\/swPCy3NuNEJt8yL0p3nKFjn1FYCc72eaCLxOWLqdkUlTWvm8YpTERh\/\/2jrhdGM0qtsJ7FcXHR51v4J\/QVf7rdJwPLrxNThdnZTGK4C1SIOXmUd+I7RAsVphCtMqkYz2xSC9bj0qFHuk+dNgchK\/qNK7D\/3TQluL6drX87zcJEWbeEAz++Bs4gMrOfH1c41XMna9bpL8uXPg\/gpvGR2NJd9tPrZADqH\/l\/5rjIhOiUnkWVyo0TCuowGc1U+R+LzRsroJKH\/6INUIkFvJyqDDWDuiqbuF4a8ofyZWpGKXbY6tbrxR5vwaHY6nEBEtgpQDNpXreT8uG1VJNuS0qFW1sMAQeSlsJF2xsZqjv925b07nSHBK8aJ++l8pku10eV9oj5mc55it2ZlpB3G4BEsXbBXW0kaMazv8X"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_src_last_pkt_time":1621499131747389,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499131747389,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":4,"flow_src_last_pkt_time":1621499132950390,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499132950390,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavpAAH4RX400uxSvxkodT+9mAbsFTu3Vyf8AAB0IgC3o3GMiP\/8AAEU0CCLAunxqEvsNA66X1EEh+HbB3diR8XOH+Nd+j1EA4i11RuMwRg4MxupRcBE59Wr30pnjCvG7WwSJ+Kp3Pp36kOB7bwBm\/CUaK3NvIUefVeiKu8aB3CitnkZlHoeoNve423fK1rGAI76S5HRFw2q07mGxbnOjhM9z6xCXAfDBGYiZmMsHObjQtqpKD+hKkc9zgcNA5nnAz2gfra7JyAqYMe1ZUl7EL5EA36o3hG0JBLWzLWX8nuGkbVaoYaBg7t74Nq4rXY8dDvLpV8nmxcysLq4Jh5RmjmrbXKF2Gqj\/q0AATOUlwI7mcPikDdLVyWc1g0Xd7laqkEwx5KG+HewMfBJ\/fs238LI4MOjBH3XFRiuNJ\/1PLDSVDk3Xl0PC62nbYbDA0ukzghD9h7qydxVHb7ofbKx\/ss3NAcRz9V2REHASvioY+v23gDsi9mnd9vmwpZlpX0aQuW5jWCJz+S+SLjnOUxq0ePjaF+BsCsRhhGX8i6WG2b5bLSOXs23ZSR4DE9X65QwocgVyH9CZF7V0g9mD8Lei9Spa8\/tGhEc762\/3x\/1MkuQ08WXE1eb5W8FD7NrgYf6o0QymOpwaXeXqUpZu8j5oEpy7iwjhLsjquFYTlkgkrV5P7EeuLtxd9bB8K86LFk4PPHiiVjBA1ZXeZeddZ9IO5+XDyrp\/kWDHTHn125\/pCeok\/mbP1lysqSICU+SavcLclf9iczGDubjMy+HxKcYBHZUI180+Z5bQIezFSl936qYJamaCa8ycGTpRPgFEueKYfkAyAnZkTtq5DWZDfFdJrM3n+ClXxB3nxKxe46aHAdmhexAVCdEsAFZhkjBnpwyd3xB8wOgcTOS3YOczXzarKmRIaYTKhReCbGXIL1oX+CKifyp9K2P7wqZHv4GRunQQ3oRCPCRByLb\/J\/aYJExxgDqkp5u1fIotrX93+PYJgtNU+cj\/AbP5q4Ce+\/JsCepvzTCvwU4r7bNXCDbRqDxZklxSS7YxZ+4UU5WsxKBN2\/p190KJ1g2AWmz3B7MqmtEst0ASYrC\/yrtrXPNYy5yH9ArSVpHDkqpJUlmi4BU91eIZ0kox+SXJ6VvBkjf8ZEp+qR6pgJh\/uVekk\/u9xUsAwsqz57sKMqWdJ5\/nGXjyRlDq\/TRoxGCKPO\/873K6h+0HEh3g9j1rU3lTRcVdWrmf9kTdGWMxa3xA0DnwHoABYC1ea5FDCBgn7\/w7shEnRbLHvASNCKpNPisAiPQp3BojbJ\/pK\/MnTCmT3WADNrOZytcxn+S2gLTymok6rg6ZpsloRw2wTfQI\/OCoJoCeThhTtmIQ75lcKluNMBWyZH1zbt1HY9uB9nKZamEKE3DVrB13yt0D8U6wSKhAaZDUsXRfd9Gt7evuxhL4Hb8Z9WDG5xo5\/tD8LyG1bDFKIiO7hDbTQHIh3UEPxXajlTHhjXQu7xnGAM1vFyccMX6YrS9i6UCZLkMiJYmNzx\/ZltM6JUnD5gl\/TEnjyNIBP\/D22Fhijc8guhKm+73yXto0qQMlGkuxvrqhc+0bFYe2RRrd4hWPK06ywX38tLlMZiJdebI6FcNXes2NEGMU6jzVKztzylCcoSrevOVNOm2rtGAym89hwLgT9RMA4C8ctQlYlekEg8f08n6dv25\/MRBrtpe7HHK6r3bceeC6Mysecla\/Y4nnPZko5jKfeqRqbP+pdjqFGZXZTISD4Sao6OEfl9vauwPSKfsFkLUqIkOJ9X9gdm49hSkDfJ0GfseC3GLK7JAAq5DumcX0d2IHEvGxiYDd"} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499132950390,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} -00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1621500710201121} +00894{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1621500710201121} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500710201121,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","domainame":"clientservices.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":1621500710508892,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500710508892,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIBAAH4RAys0uxSvZsLPs9AMAbsFThGvwP8AAB0ItCn86+Se4YgAAEU01ef7l0UP4woUE5dsuDr8jBLUL6glp4Hay+1PVqJ1qjZhTrhZ\/HlCWneFdokdJJCHL9aLl4EI+zRfD\/McWX32i\/GREyeHr4lMy4TiI6zbvduEowF9eNA5Tp3OZ9GCbt+VMsYazwXNCMv7NFAV34d4tKKg3LHgAaEVn2Y+UbC2G+bYh+I3BU7O10HCLFpy7dljaBLe9qgbXIUuhMGDWNAnyQ+uYXiH2Jephgdag65enzMRnzpWg6tOxGmRHM\/sp7fpGYwk8PUnJ\/bg3wGtSnXhZccRwt0adDkhfdJ32tQWidjaGerN9H2lZ7O397QtbCs9\/8om91WjQ21YVaDo4Ipv8H0+f1V\/Cc42HBGsarDGnoyUmUg1jicgM5DPMJpvLG2UQQK5tiuC\/cbEV8WUL7QwOcxB3jbJTnxR1MHJT3pp81ODQhzEb3PhIJ\/5Cs0fOuGXlljtXRHGXKKK9NsXQ0izy4kIRIbdXUZKKUe4T4svk7KGeA3O23ttudesKDm99vJFGPLYZ34JAet2qmXSBcBuHQHN4aXeGdVG7MFzyQ92k+oQwlhlcIAhjHVS07UHZXN\/vQViV2LX6DSII6bHO8BhhtxKEj+5T+AEO+gFSPXVLnsAtt9jbTLOZtW1OuAXvN2H99cPQ6kiz\/OG9Z9DeWz\/n4jYXXfnHNa1A5r8RPBukPjk+DreRRGc9TBqR\/n8DDhNakfL0Fck3RKiTr8g2Av+YbMsrLWtvcnoT0rNWL7JWLcj4+4\/jtD3F4oDSeZdh9waOz7hGXnbyoVXNWXrcFpfx77eeqj51aL+3KRVwUbkgRwo5pHgL7hEnxN9VPb3Nbay587MleldGfNDOngB7dKByzM6zduwHhffnRWrDEBE3EQQI5wNwKLOIv9dQzppwC58eZxY0Cxh0nyCfck9L+upLS\/SSPRp0lZCWPVizK57z1DXIwneHbP\/8Hgysu7PPLkyCRSECVbbbitAvbtwLTHK33sAbO3oKAAAXnwbYjqk9lZmdLeO84o92phBblzzTWEVyzJf6XwtEie79iUzv0gOZKqtupDWJnjOgWOhhSra3KOxaFoHE05l7vFbVZMWFjqvSUOIj7aT8pRtZ3A8XiI4yAenMZbx8Noig2Tv\/4iZBtEhsXIEPJ\/GdI+cZsswHBmC4MoRRX8sfAcQcLKC0NsE8iTGSOI5BQZLzHhGSKkGn8XVlyAlmI52p44RHuokDQeePWi0IqXdipLo52vUi32A9W5ZySu8wjwH0+TmQOsjtyEt1WRsQ9wLF3apv\/TUW4+usvpV159wu9QNjO39MwP7rVLYpRTpK2fHgNOq47+RoVsFZDNOEQMG6JcZfYhdRpJCFZTxbCJLGBrNE8SO9hLhrTXR0B0IZGDIZ35DJlgU3Za+yK3uSCBc3IN0p97ksRGA5FKvCPtJcsM2\/csH6\/HU1qf1f0iRNI\/TtUb6I73fJb1bLdQeKNHntzmogBwn9oPuqo+gtLSwtXae5sl70N5g4LrZ8PFnTx2lQMUWHnNA7\/NfKlV24zKPWKBQFEp1Ll+GkIQ4+2VSqwKteIza9AEA0HQRFuVoFbCOySV1C2F5DI6b3bUAcZPOS4EK5sgcvgQXK\/kw5Lml\/5HXzi6wNd7ujorlYuy1rrbgADxiFT3G3+7eEQmrzleWwgR84fGJrsGXGWRRksb0D4sgTRBJoHHnzf+UHtoZlhKZ7MrrWCe+rgmAPKYrQl5HS2h0M4Sd0TsvG35w8Nfd7uE0Cm1gQkCkKH2QZcTaB17nO+93nufc4orBsf0H"} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_src_last_pkt_time":1621500711118106,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500711118106,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIFAAH4RAyo0uxSvZsLPs9AMAbsFTmIiwf8AAB0ItCn86+Se4YgAAEU0FvsScjgiXb43Z5OHmvEYwaOoC42xDpqJfRfqlKRpZwF5AnAxrqFV79ZpFnEvEhLmveXc5xDzsSroW6m86jG45I0fFyX3DYlFTlRWn6Sytea5JPO12EfJbfqSFvNzEqmQ4gFas2HXJ2FX2ZoFtOrT1Qp43etaUsidgduMrH94THaDB9pQcwHKupL0h5YJ21d4uDpduyjYmRI\/jSmxZ2o5487BjNxGIiLtUrbwVkNIPSfjyMP5aDNyEKH0uc0UKMUvLMNr7XpQ1A1u47hFs287N4mHIG56vvgNzeLUDt0k1MPT\/kGpWCx8pGpFNrvk1nrkx7VkZAvjp\/9BdDBzSjx\/eUYtrNhzQ0IQe0hI2dyVNc8oZJZ9LtwNkx13TL3XaejmmuaYZ5B1EgN210MMBgN2q4MKppTuAvCQdN0rYg1Eetfey1Czpq8DvYrtRob0CYoPxRNQb4hQY+mAtVm5In1K8uiwgIb9fwBZ4878UCDelVNFoIUw+l3DO2r3eQiyJ1qJ2FQD5njNdWfokooKrW7pkJaWp1Su7UEKIwCrHqPQdqZjdBG1V1fXoUW3f50uoUtNBqxzmzG\/nc6r9vmn7Hupo64j5xAOGxtoJ7+CXMmYHHWY26B1SVO8GEqfiJKdUBeSOJP+\/MJ8MxDfNBGk\/ZN++nWubo5tvAD59mguiYbs2TJn97d75ZXwCSvntISAbbWVTp8AcyBv7hFM4CenTfEcDoR0h+9UMmt410Igj8DfCq0uBJ9bfdd9vaavpedqeSBrcaCWj6Vm8lPgRR9m+idu+v42W\/Y7dhhPvUrZYy43dKrTyr1UA6FrlC0+cMVKwBuas+sYqkr29klDCbiXmBJwbwFjeK4tVoMcVU5tgERpJO29uTaQwM9TtLKYYpaiU3bEFvVtP\/Qtn3qhFg87\/I\/RWjoT+rBbR4QDQUW9VPOaC\/zE01OtUPc5D50Oe30bx8WsZ3NjQ\/Rz1culaGAqFUjPGD3UTvfe+YzvsST9oPhqowv7hv2g7D78AygZJDWj3Xy+kWEnj\/pB3Jx0\/OvXiqzf2tizghsbgz\/7TQfvenyU\/YjzQzisVkudIMBHZfHpFf1xszofNNVEViopslpwwFJvvLgUhw0aVf5anl4AFVfHf7Fbiq+ByHxdPrQzfWnqt4ebVjeIYwLQRD+Sc5q5KKw9n351IQvh3iLjQfOMlC29Lv8K\/f64xF454eAM+T3ej9aTbN2lpyk4d44ROP1Oa47QDp0riFycvY47pAgeZtogdK11E5+iMGpqTnOxn9+LXFyNRlhHrvu67ztK3yT1Q38o1K6t76Qdc2LLNxNb42ZTHdtkEvDq4+GjOdvvGXlynEQvbTtvdG6fACdyaH0xeuILHqQCt+BvoL\/9SLWq+5Q6qid0Ax80+f42fP1VeV80Df+srNlHtlx1gxx0eFSN\/ZxupB3yFoybkQHafOdB3DjIHqI2gODRQBgLO27D\/lTmmK6tKkQ951QvnyKrHxord7vZSW3Oq7RRLWR+SVjkGHmv3l\/Ze5hnE5cZJuxcuPAk2mAKwF+6k5B3F+cbJWDnxNeoh4C1jTw62drlxgT1oJkzh1x0IBq5I1mmRgifHxa24oQE8RAkrXlt\/l6PygI3tBmwEN7W9ztIBr0mGHgoMXHSI2+\/eoOzMY2+qscRsVIWNEx6WLxrztwLs9nHe+LJi\/8hqm0+hjADeZHms9rDOsWgE7WwhNZcW0TgSYYOby+hR7hjZUUjIMuY3PvHUBu9nOxFOj6gdeVPSzcIl5MJbJVDUDw2yOc8"} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":4,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500712321144,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIJAAH4RAyk0uxSvZsLPs9AMAbsFTtBjy\/8AAB0ItCn86+Se4YgAAEU0fCD16vIaAkl9+JpXI6MmKI\/iQBqAFS6On6Gr2A7936qjJ\/8YBN8eClWO+8XEhNDawnKlL8j\/F4sisIBQbav2ZbH2pZO+DW+urOA7wGrdRgUj6aXJhpDtpYWrLw4eXsZ3Ox12MVazg+r9HsDPjbotGjYF6ebKF0MweUf6eelQtQZA4Sr5dB6RSKKQtXJfnt\/cRp5dPmvL0YB\/UB6mazCZreM\/mxZv80fSdTUc\/jXKSjiXHRzVVO8mfcctzu11prBHPXwjGjM2GHfFQ0mQ9IZiJNrD8Dfims0xHP\/JdX0knU0iC+hSJ65+0TAlEKvD3b0Shfp\/l0aBlowbjPpwJMohhJTdBRgNB5pYBObq8LPWOXnW3OjNunhElfYXgD7hPfLqYyu+qaM9KQp2fgNCfrUlIPlEjMvJIai2hUAj3KDffi1wVp5cVR0ZSmFibesGR6T52NkSbKlWPVu8IMp2fp0MMafsL2whYwen\/pghq6Ot9jJ6Dh1QuHO+JhAZ3rx\/lVcjFic\/Kmbq4EdojwM8pjaBMZuV4Jc2RZal8PSKdsdSiVpBMm5WZwULkMA2qUASfIZ0hq5vBaEx6HKXoPbsZ8ZD8ROsDB4vWz2KOsLNHlvQ11KsZvIv9gYceNtVHwq8ZBHhw4dT1M2d8dzqgo461NLrHdS6KiFGV3wFNN+f3Oe+2OcUBgI0wDXBi2k\/AeaAaUrQTipNe74Tl98S+ibE5fk9U8PEuTneugtu7ELI8z1rgKPJ4r5HtKBf6nsH6ovMGv5H7zNudPvHzYopMV4FH4SYY0MS9gejKJw\/lmV2YWgf7Zuc8jspuqRSsCnzGS8Kw00i1Tueo2IT7lGCLnMPgdOBgleUyylbkL4RcbHtu3ElLVoifFlauKMNnav8anFi2LTTfvw7rFj24RwowkIS4s5LYvXQChMdHHRswv6k9a0NSOaI45tVuAMIFxztKNU9H5qpKA9HVnBLiwb0IQ1FL\/3kjC9r7gZdhRoL1gOBxfQHWbozcGw6laa2kpH71+KGNA\/Gj2XmUIoCbOhBEEgno2iziaJIY8hiJ9zpQNjHr+SS6fWMVUbZIc+rkM3pY+PN7XTLZ\/2fdgfD47rGS5mFhWHD3kBM9sPn8jnWd3AHZZLgYBlhRdGGZoPBeeHyfxtfVXTUW55Q\/e3eNutTM+Ady\/cRkRS83njsJ2+nDqO3tlkzSF+kRsxT35hBUvjfTUFNhjvkeuEkFq5ZhdQZCcKAPPtu8iEbXJiWFq2yxsBqy3EAGv9jyrfJCBkm0W+Mte3h\/A1OV7DtxkQ43bTCH1OdvddQy8yyULq0BWl2dkmdDjwcYEe7IoKfgyfTsDyjp+zcuLVZDNMS6oBt5GgwvGF5k6ow0F44e71\/wxSu4Wxw+hSODbh1LPpKChqdBXSnLEeCsRyRZxdP5wjTGOo7vLKOfBzyyprN\/TehyOKmz9qyvgJaoNTdbRti2N2cDac48hw6JcaoVu4OIxUTvm9x\/drt8LHRL20qe3fm0K6na+uwHudgjhPhB0PQrH8077WSGudNaBe1t8bshuQ41eDuSfd37wn+lK1En2EIdr\/RrSA8yROmwAss+SNWM2IiXQWq0YtJmCLZ\/cYNjcSkE0ctVMQG9wEJ7I4roUjYHxPw+S2d71eGVbaDKDjRBb+j8ATEsvZNilt37WPj+MjZAA1XFtaDdFLxgfN7NIvIWdxM6ZuDqBDgEeblZUVsF4JCy7KbRO3C91TVX6qX7WlCdeGIKDWS9KJaBaRIlF5Dn5VEkaAhT1TpmD4Ujjn2"} @@ -591,20 +591,20 @@ 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499132950390,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500712321144,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500832402417,"pkt":"AAAAAAAAAAEAS1QMCABFAAVihQ5AAH4R1KOokEAFTOdoXMNnAbsFTmnVw\/8AAB0I\/OwNUvQ+5iAANwD\/vPgHoWBY9NVx91aESVG1GnIYeTvUSJob\/THkhDsxHgK0tQMlP\/y+OlG6T8LyKR+iBLXMyoZE\/aVKFhxdLISFi4uHtAlWOTu3Tp\/rNeF0Ycpw9lNtrGZKHgK52aGmw1F+Vm7gts63ZzZWpjO2b2dfnUcihRfdcWSl8WQQqp9Bex37Efxn8GSZ9yV9+YweKHZuoktgPz6lo1Hx0py7NH2sEOpCsHuOmQV3pkdWkgyH5Yy8e+mDo3M8Lf4uvHc+eXJBa3EaCkPMxen5GcdhzCr3mrXeME5XHL2nTes6kErkbatKTZJBia8PejzLFSjdIh878tNRvmWaKnFQUTDgcDftx6OhWfT9aTAtihrhh80i+NJdXObI+LP5jfp6VUNFk\/iSFBb\/TLXGEWIDnGVL6jXCYr\/jF550paaG2\/05LqVb0lAO2DQezwhWmWBhSJGamJQyHgYTP2G2z579ukMU+m1MIBlp6G0fCF77SkWYSpcZa37JwyO+oGTmTTrQw4DDsfnNJ6qtURb6c1EZgljs+2MQvOyBlUgLiqJfL9Sy7+bVNh6BSZmu2SnB0XsrJz8ExvgL2JeLgA1jPTRz3PGX2IfOOJmvZ\/Iw5bWBcHVXAq+IcoiBl9hHt2AkJHGz\/byaPbJJ66HJfgB14EIB\/lUwQo1A1SSUXMKv\/TK9koxXTwle8Lkn54qEQdqJWRvVbwg0JseXWs8OMsGkFLele\/q07epiVACDd\/g1Jm+ZePpL983W2YeTK+eU7VLHC3JA09oJxkbg1B+bTVBsiq0+mlaeyZ4QsRiZnP+9H4807KaDybRKTE8tQUtEr37hHuYCyw5PxJ8FFjKWt2QiUzVAiu0MjkYwdO09pwoMaH1i59EPGPGNhR57sTKB2wVEV6JE6NQ8yLMvSBUd9dyDB21nWx2ARNrcsc1WlrbGEhGKx8y96up+FRZHCjeNJbO6GPNGdyZS+RcIKDc\/sxkx7RupbqAi+d8Bt+oXDSg0tZAmjCf8VvVg\/k80bbgPZjm5To457D0tTkTf8V6Zx8om4HCzWH0sHPFBmf27ADSR6DlozQlivcbzfZaKUML+CfQN\/AOYuLtlr\/H4lqxR8dtAwKahvwW7\/NRmgYEFXDJN3bJS9GjmGOOgKZxwI0uH7FodIm88enl9xRV0Jvgh8Kgk1aL11oukFFBgq9kowqa4t5sHXxG027eiPUY3I+LvD3YOs01STBZNgyX4zoY1udrG790mdQfHt0JsUey8gKDDV6Mrii7E31WSascM\/TXrq7IBo+QDu6smYU6IFRAByq+cHfvGh9cGLPvAzc\/PaSrCQ8lQZlhadWowHm9HfqjTWwtDDxzY1ZzEFn\/ykUcQ5T517Ga\/PzlrVjwpdzkZabhpXnKYalHNVtkvXskX+fuRlw1O9pywR139ESVKUEegskOPrIBR11Ur8xk0\/nC3Mw1zJ98R1AFW1bQwe+QwJvSpwFpYhm\/2wNkJHrE5fUKBl09Wmtfin\/0fDKjZAnq1XzsVpqje2zDaCTh7VEpkWk5S3q86sRcojMPfzDFUdFBNEIT3dLWmuLxfFG2Ho6lWkZAgHIKSSvHA84mOYVnYLexouIlL+EhwoOmEipiiUiVJXGZkSCwjtyupj0BjO2QULdNBtK\/XGoJduknKIbcYWebyEnEpxO1Cicl7fEXS9+YbM\/rMPWEr+mcAUdeFx32z2bF0zY4DxjEv26u3i5TRnvLzaQCmin\/duWBzxsVC3pO\/wjp9iIlGSS+Qcatkp0jS9\/HNB9\/ya8my0blefl49VH7\/"} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501125036291,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGchAAH4RgMKokEAFQSEzSv9QAbsFTrOQxv8AAB0IBDctHg05eGMANwA63caAA9thM8CnmtvPCsUhrbHTSUm+PmUcMNSKbWxGe5n0KlMPA\/Ab1TeVXrcKT\/s6bNMGiVVE\/Y\/69wmX+dmpzOGyJXfQtZPXNvgdAety5H0aaOEE7kffH7GYopi+TnU7X81j2zr5T1AcyXW4xwfPQqNjCkl7q4Y3aeDwCNcBIXJjS0cRABpWd4CFVxJeR67TsCsSv5FbpkqXMrDYhjzjrve\/sy87Yz7Z9ci1SSWv37yRACmKZulUZgb2lUkKSfenjONGW3S2wzKcrlj+TJQRg8\/bM9SNvt\/mCcgtVbTKLWbc+6PK5acKkQo3AdoGk5LEPb3l\/lQbLDG7JPRHJbZN8WUgPhRMqvGmH9CVBsbUQhTCVDm79glJnIm864PHxQ+t0sJHyebmg6XpGa2XYkUH2udqnf5+TTklcbBY\/R+qQP9YENJHrWSqS3ukUykQ0LjwlbuFhVHFAQ\/dxjDnWRSWKbRXG1NBvSlBffj33m41y\/BGqblG4oqUMrPzg1AdNzGWkFx3dfG4qE6jX4vypIKbmC7ww11\/bnqazyGvXVb\/qGv65\/bNEhR2F5JiCl4VlKXNgd2pkEqH425n6llnIOarnIlAFSHuFowuohSpsD5QcFX5UcWdhvyCoeuvwf5QxCPPKwuVKkeBE9JZdqIAdgwk6k2JahHoe9xE0fV1WdUs9GEH0pmQ8XxwJfQNNe9pfm7SAvyvW6AGvman3pEUJ3JJN3sVwyOiSI46dmLN\/gLYOaXzUMscfs3uNK42vabWH2f0fHSfBVduUsdDgwj2A9X9vZeZHeEU0AOwu1JroY\/X9M5vYPFxgUn4ui0etmumSVF1NfkFMIHTL2APYRacjCGMcVMTtDDglynqnLKHYUUQtNWqewrNtG9PHzcXuPhHzdOY0tg9FgaoraKpz6q5UqcKBzr2JjkXTep9JNqk5XEbwydGTgI5uoUzDCEAd9SVY58G6YNgOXJM72nV8QMCKvZ3XaSIH5w8qvkn4y+DE1msPs+0jjDIyDXNocrSDJ1AHCTzzWkP+w6H60iAOu9cn+Mnv8SiYPPciI\/PJWXhwM3wLkeNtUoiSczzgq7\/Z0NlAzOcUuSPUr404jqpSbsJLrUCNh2Hh0dkAD64yuGEGkYaLp8R5cHVIH1ItyvLeUglmfKQ9Uy1in+NSc9s9rgslR0ZYvwGV43IdrN1a8sbpRZRn\/6y6xJSP6VRA3qbgEM1014Xzxzg1C1k2pXKaZ3dRIS7DAmfP9AU\/jP7\/XH1KfbRfliwERe1f0hLOCnRYQayZGEdVA7U4EwP4GWIPM1mQJfc4x1wWHWPhcFpf7\/3kzOtmlx8FRonLLppe8qkuqfrTbLOUjx4ZI4BETBbxLbvlIKHEhoiCBd+yDUZCFKScdNpwrxVWVSz0cwfPkFvXivV0Btog7bQP8r0ps03inXLu3iY42JhuwOQtgnq9gOUYo5mWHDsf\/dFNji6zcIuareN16h5QMAId9cs9d8XeEtgmsP3EkHv62qC0lObg7DYq50UhiG+dr7cGC8xrqlQYyQ2eUFldqUAvW5Yq3oPDufxJfRMe4FoawMPGgol1Fx4lcF3O9ljlCrqKWUD5XziIcnMUjDT5ommu1A4ChUADEhFdaXkO3z0ajdsvt+2FU+8jk8sCeHs0aoS8LD9tqGOK\/tBhpgsLDtXqVg4vWFfDpOmZ6anyereIg5y9YTigYUAnRYoUArd1znOjveswaiQB3BfOR1AQE\/Wu+8zomZDAHW7r3Or47VOVnEd3KueolaHuDAxCBxZQsZy"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com"}} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501260783099,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVLhAAH4RRAufdbB8z3k\/XPqGAbsFTtJqyv8AAB0IqwzBH+7SJ6oAAEU0OmGuRD6o6zt6nf9tmhZ4egDU3ziCGGMLigzQd\/qcgJuXuFXJaHBdLU0MBpsdPKMeIvS9Od3J6aS7A4aqWHEzIUcAYpLZNGiwuH3wRo\/ZCRSY8hB6LE3YzLe42CdSzc5lCzItOsVUkYEC0ElANHXZEVA1CYAydF9uHTTyCq2uXRt3pMNkc6SD2TRzdAjxNMy4aC+pKc8u60PxO0LJCtV5c4GHi\/apOFYyznJrd5zwDibl6ADYf0eOlYG7Dmb+62KXGzs+UZINoqFEItj8sokCUApXkVgH3JMM1tQ7\/i+CPMar5u5VhzM0xoMe4DQC0z+Yuf3p0TEn1Yqj0xXSzHscv\/FAGmONfCIQGf4DqCpAxJhcdINRN9hpMwFEfhYgZXMbdUkpqQbEUlH6Jh8L0xXSG8BNDbJ+HqsCUU8yfHEs9031W1jXujoXsokpBHj6NRhfYT40cfJ0owXrRfPAsakJrEfIbY678aDECo1jdyeAUnmWY+XbG8o1nY\/4ODgRYgmuoc3IOboNUvx8dTlRVrTI1abSpt63k1mZBwz2PcIo80+jYFQUD8COKs9GGRBzV5HYfMiKnpB8E0fvddrtWuczrHTEHaj+A8EU23AUAoyRQeuZRJ2ND3muZ5PofS2Dkb\/RLqYEnLx53b3gsbjBEhQD9jTXMS\/CkNOxA2dXLmL1VCbZDM001ClSjf0VqrWyNkHZ020vH5Z87sRnfqRjhEFyC6btyFOJe50iTVCZPNiJgpQQjGKjO4rNKkdOhqVKJYV3tZ30pOlvkz82jkWMMrXlfnLtb9s5pzTLv9t0tUOoQ4QgbRKhgDzve\/xApJG8bUCntJD7lpCAx9F9HoZMq40CxcFnF2sEh63lTmmld2YtjKFNOpA3UantQuZCNL\/CmftmHYYLrD7QkKm4TvXgbIR8RxVZ+EtiDOPLtHOx6d9B7dMcTY3Mfmi0JILNHIfrPCWog+RxVMh6d8lhNxI62zpKHPU0Tg6vqeO8SzyLB\/n8diVDpb66xI152GpmYVi2GA2rWPfxVjszVl5jtF3gWEj8sOvNX3xomkTvDqEIOlWFIFjdzSMYAaE\/94dpPwrnlUXOlwVZbLyG8zBkrVJIJEL0VFlCRP3cPWR9GCwyqZp3TvaFXw65QoKcuAiLNfsKEEBT7thsxAP5ShRNnKnAVngImJT7\/QyRjMLgNdZQiVPKJgKxlHmR4CKW3EdPdCekSxLH3DqHQePQJoWyWmK2uMuElqVzImkMVeqUtVe1Z7XAmQ74ZmJX77RfTpYOUgTJWLw8yAw1CjfU5hA0NqXKDuF\/siEDZ0glp7FNdcWvBjbo\/ABe7QhVen4FOuDzJ7O3om6ZklR7mLYelWmYJHFfypdJF0Xj+hmRP2HWSSx4\/j6XqYC2eVviMKbyBDVQQPI0EM6QnNDTPPWP8a+XfmtmdlLc9QgUY0RmRpsrtKa+1IyPqG93eGTD+ZSsMgyIEQWA5Fm5wsK4NEmZ+pC9UWL57aEkWkIPEN4XlJ\/9JPPb3uZ2vDE\/Va0Bb1Y7vNFgBYQGZaZLzo9Gdz7yiHwLVKre1BC0kz+KfDM03+0yKx5CFVmJ\/kBO0+wIW17IRrXQXE0U0ProK9hPHRKvARb03bAuREr6TJR10+JsF1ImGW+lnDDK1\/FtTCgnzrxyWlFZM3Cg6kZN\/6ZrM2A49rBarb0aVirmITUvU59YafXCiT9ymjQXREvUsDHNYJ68Utiz2AdjCI7phJ86HXYCIFDLKUZ7rKmhC6fjynuAGp9kfCbPkPfnqyMDrXIJ"} -01398{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_src_last_pkt_time":1621501261082896,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261082896,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVMVAAH4RQ\/6fdbB8z3k\/XPqGAbsFTnp7xf8AAB0IqwzBH+7SJ6oAAEU0QCGjYmqsUMXHqnSGAa+SGBqQKewpsFPBcHbIO1VQVQmdi3mM6XPwhlgoWrccirvAt2h4VgoFMSMBKUnjc\/s7c31zMKNVAjGwqSS9UcMQe+beIWng48oRC5FQxFxp76d9NvJFZQrnobOu9\/OI9vLd\/kjxzUXkKaoMqPw3HA3NrHDmVaI1U1G916dAe3tpfhldRg8TG66kkZbvUPojfmBk6b2Z19o0wD3eL3ArF1ggKa7dtmOX3vPsGSHppdsAwy05mrGdBMogG2GNPoz1f6Mrx1CryOOeu7sX8P0doH1Sq0iFILD1hylRmMMZ5Opz0H2bi9KA7w\/Ag2fPK0T9oDIw0fFaoOFIf0DJ+lEFoJl+bUaUeYjpiNWRiJKG6uA\/8tslFXAk5id\/lQWKSBH2JicuyYgt3WXJe70ZAzp2iJ\/c\/DtJGyES\/AMV8JsInY9TNZ4RXPUu+I\/eX7SJpitBsTdhCEwJGiE0dT1TYgPIAD7IuBR125WX32fSO6pJg\/SC52+hata3geWR8gYaq0AXNqoDGePDOkIXu0L29JvXGLb3VjgkzsU7GDWMMiBS57s7K1nDWVaICtgb8tHvX+qm2yAEqxNTZylYIiRmNXEmMd4aEPfVCDRnoLnzwSUCqP2hNYKZWNP\/L4ttvwS03mes81iB3GFItzHUXUjDko+av7CA0J3KO8YO\/MegXhauhWaOMhTq9siY897rXz2nMEjgxielkq2WyMK6PT7GQGMUlCvVs2Lh0wr5fTdVSGH3n8y5kmB+Cpz3AWzqb0PCrL7nfp1ZQdKXBaV+\/8ls7T8As7zUGDLh1cEJLF5+OvQcPuWBETyYL6v6P0nP5uBkBK24BlVWM\/6sea6ivZVTU1ytJuTc4EW8eV7cOfQv3Z0ZvtO\/E+dtnWbRbm1+xnHQSTJejv0j+x\/5AGS7d9EBuJMkNcE8AQ4pldxgHz7Ptlg1BHWeyw3V53MEbQaaKLxV0WAfr2iBsH3t5M6hAvRICNnnoroLK7ICwfeGHvOCdHXa+iqtGu6TGnIJmUNgGQqP1S8MgI4WSJKg4gkxYOG8Yq8I6m3HzLsup78oZ6bqytrclhVLejrz8Tk1wQFWeJGz1cSVmJ7dlJY4MD8VT3IFiybLNnMNNe7YmlJus\/1uc9POON3uOlN0OXN57myRfkJk6aARYP\/VFYz2zQVzhOYWEpCg54BznwVNZxFF0LMNmGI2PVN06DbNXX9IxLaS+ptZnDWUEZKgww7Rh55OBQLkyONb3AXu68OQa9KfW6wKnH\/vmE8HYT6n+SXcK7GycIHau5AFjik2iCmv0VvdznzcaYCCq0Mfet4dNtH\/YoT\/I\/YrfjkCWn9TD2GpQpUNvMSERx6JmQCcnn6FUkuIqIOwQZ7TJ4fAgdop2a8RuxfgczRZ1qfymdRGBK2o+W0zafNFhHNk2SYmyvsZ1V8VBf\/oEixGqVnlZ\/Jq+d3sW39fHCM7TJKwcTtcBclxaa8fGLAAlW9lwT0AQAwjaArlz\/6Lw8tnHTm015jYFYAA5vZt1SyvuCzOL1voALV\/+nsbl3\/ONSPNJsDGJadYCDcjqbyAwc3rD2eTlnRMOCdPOfDkt6aPuNtwIQdnKz2fd4z8axtKYuzjc5dW0Vg4zcREoGQwXF3Mlfi7nUkcrBa7blnobGRnU3R82Mb1vEB9HojGcsN+QDpwTPjHZhspz1V5NyHgQ7hab2FBtan1NhmTF8w7rDqqAwRtjT1cqxDw9C9TkgJvOeDw\/J5ejOyPpxUe1E98wc8RMhxL8HbUxhU6"} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261282132,"pkt":"AAAAAAAAAAQA2OESCABFAAVibSVAAH4R2uk0uxSvypibefAsAbsFTt60w\/8AAB0IZEtuMTNmxFAAAEU0LH9lIIuMdZ7Kq5MCzCZAEE+168Yufakbt9pK0ksbFQo5gOkiaZtZmGL7ajorb6dlvPftlMSSvVuPm3GtlmjJiRJfcfSv6WCOpmfO2v6Vi8Gqe2z+CCwK+2m\/JLswIRcEtxYUQTR+mGEhGLqGsRBSch\/o0S7SruCC1QzCSC8G53\/qUYvkz+bnlIyDwadCcS+Bc5KcjL4tNroERGF7KikT1T9sF4XsS6GZZ5vImGfO3EkmUp8XE7jlVo8hS1am9\/dWmCCc\/5UVFDsBeuTG7wkgrb8swjB0805Wj9GAKKohjHey69GAIKPU3++2Imdagnr4acCwOFCrohzIIheL6xgOuccLlkxDVLjv32FfUde9yJXpLDBHMt76\/rduX6hlX68l11YNKGEr\/zkJxTj9ypa0blphHmap9\/VBxt4j+qGvE8cstJqh+0IpvOAVwU9lYmLuMLrq1nyWotlAq9mRnhXu+BQIbhgiYOfa+NaU9CqMuW+zTjv\/orQq5ERGPyXLWWaqpnLvACGfb9O5GE65tq9zbrPCgxRqZkEBql7CjsnZhZlmCr3gHvgCBq68gfxQu+39WkMzkvkbP8IALmggIQ7VQf8BFdayRba+Un3cP7f07rfoszy+m8D\/z0DW0SQgPeYsF\/KmQko4DJ59g8KzGl0re9gjZRv5RqIECyhlYHWJ7GyL1p6bli3WeNOhxQJ2LLSs7R5C1m3Adc0j0XFC1pB+sAW\/WEd5oLl9Hwjd6M0MklHMK0LYJJtSeHujnXWGQ8zBsv7diOFCmysv3C+aiX6B0P9ogHiAroIepHRii2maNhtRux1yyqTbuXMBGnRPqFAWbVaJQnNR1GwNd+qPfEmyFuIfG3xnj0aeWVINv8LvYzmYdOSTc7SL9gqYuvzHxRf1+Upzh4eF5QSLoWFnXPXL3449L3q0i+u80g9dZ3zpdrqQOpENcencZZGYbAgeK541RYNNro8eF8HwnYPBOIy\/Zl55vIK\/DEhSHnDpLGsakuI5sKTjtOeDx8DcJWgQ1BpawPb8oHOX7RqPhuxoKHRxFskxCDjHJh3ZT2U7YKpwgythqKBDauWw6V0hLNf6LNYtE9ypEHgKJ6trOXxgEDjS1iVFjdsX8YQ6+uIw\/VczFtSfg\/SPICVvTLXIAkfbMpSXSpbuwtaktICU2t9lJxcQPW3\/l2RVQlQ6A9orYmKqPcVckVDM+iHEIyMf9H4+vCZVgRIIICMwjlkLV5tcwaX0n7fRUHrmKaF8bEP9rGW60wBvfzerDhS2zUGBYaNPcvoOZQT2ZC\/EK4cXTZIBKvBIyWC72OiMtkS12h5aaPAtwZ6n2dXPCOk3d5CPWaaLjKOIMoQxRhJPD+tcF5lq+ivLDIhTHUNk3nCiT2ptn8sF5bPoqGsz0vo61bRIdmWMMojjGxrRSN7\/n7VJ7xjrskWBNwwKUBcjdFlM0H0heCJNg1grIB9Hn\/3GIWzCFZQ4MK0h3E8LnbseAq9C+ciIX45aTl8kFGqoSHjTiIRX1LhP\/Ej8fNDVJL8xCvYIK5uvMb5wfu4aPiMKEV+qyT2Ru5KgH3hlAbiLVCIDHX3NwF+qehB6sfUut4lougpqanWJ25xwUyKgjA21oplysL84+Pde6u0fQ1tsE4nXneYYoZdfcbHNS2+TcLpNnevmrlv8oGUF+IHSvQ2pys4po2Ft+zwvHiZVRUCkyaXat54kiLBaAYSl8PWx5iWyAEXxmiBRpM1GFaKzxBpGVsS6lfPmZGj\/E0GSH9ahQaWLKvJL1xv+z\/y5zk8w"} -01398{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_src_last_pkt_time":1621501261581889,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261581889,"pkt":"AAAAAAAAAAQA2OESCABFAAVibS5AAH4R2uA0uxSvypibefAsAbsFTsIcwP8AAB0IZEtuMTNmxFAAAEU0JZ1KfLVI+JBmlx1gc1nZ06mlDQJxsWyoA2bzQbVVMhPumzwO3ZAR98o8ZPo9xLCUDTzGpsR1VmkqScVjzEZA\/RjIqIioWENrjUeZOvFpfzQMTLEtfK1H5gSkSzr1d9deTBzCPCECHyoWo01URci3jW51V0HbjDnEJD1I8iSzapavqXvkm7q\/CkPAOKz+EFk9ddN9tvBAUK+D6ra\/NoAZo9xXayAuRyx3iyJFB5EvlFUz1Sj7dTVlS5+TdfHDF6BCtxu\/3b6UGPME6BE0mv1zrD1kdQyNtPuDIptySY43Kas3SgvX\/I4v3DNRjU9o8CMW8YMBriuPdWaursmVudUTJYnB0q37mK+lxWkIltSWsQNuLr5cp6c4Vru0wwO0Ame+VygNGHbkKKCLw\/51hBpKkkTptkPAlMSaQQtKQI0OPuk7ItN4VrB+m9Vkwuz17+rymkBrFyMhsKcJIjj3luZReWaMMeNdN7r\/9xHAgrWKyyA3NzqfpYemGPDltByS1phr383eIdP8f5Ze0Ac0+tdcIJ2dWvbXqHhn3dZjhSk0HZZGEHnio7bqsyCfy\/wl3pykgp8G87hcfpY4upvLLmQRm6zklE2ZcD8mFhu4pD4VtgI4q1NkSPN4ENjVSltM1\/G\/SJCaisjk7\/TaytPYDocBazw8BpeLBGuMrWBrDpERso7obnHeO8wf+Lzqup7YnGDMt9vWazQbf5KRZY344vRrcxm8Cgm6xrf7EN0vEZrGdmbVtBvFwjU01hxeAVD8m7tC88nDxYD\/Vcms+kgEHQFUG5VPiMI1EaEjp4uM84vZhZhC6CDRHypPGw9HGqiPK3b\/Pd6yKRggtZr\/oWcBajQm0w+tBJKdOv7x6ZSHD5PhdRlgANNg\/jeNfdV0X5QnhkLi02ZeZq8yEDPFn9a3Lnz57TXoXYYfH6skWRGwGSQ2xHufw0DtBDB91pQTHPRFqigTQMOkcbUHvQ9FLSynEnElkdYIwyDeYl1wlkOI3z6haMDXB1V3RpZHuXa5GdOGVPCXKGY8TvCCd23w7RNdvgI0SAkP50qXRP4Kk2X1AVVlqpYf8FwiZi9W0HEiDmKaHfCa6sFt1\/rgrqUUw5ELhzKrL6pJ+lTg3H5NM0cd0C4hTHBtzSm3C5D7f92zskegG0WyFRw1Ba8N8vzkk3+Qhp\/je68IXQzCUe2u\/EtUX6CQYfCYIoWtYM8z5STiqZadSz8Hcj8gkMjUYbOqoFONvZacfYEHB0SARvuLReB4iTtWuIXgjYJcb5Qkm+SBb46jf\/04rZRrUrWfuW4MRTyzVXxCithuxVhs4F8PHfdPTq\/LCBBTHWDTyCQfTKVPq8P8t30ZnQWxsuPjLcSqLk2yTFwMtN32Tpl6KkT++kfElEUN8g20QBH4D3nsWOQyXh1qp6BLTCOt0IKBckhyNskXvMkS9f6xJSD6uYDR8gpfSiiduxVMENXsD+aZg0sKhc1tnhY564nzvmzaK5pK\/mG4HpcEZaoQlPnN9CVVFsxc\/AdJrQTcfRaJiP8\/\/Yg3DwS0RE3P4jvs8+29fssz2Vycvc4CcLnL6CYBjQV+ee549uL3GVp1M5HV3WkcafyAbynhL22G3n+0pOA92LLDWaPxdPw5GuPkVaJx0v0qoyE9b4AZ\/f7JyiBWPsZeIMB4ss18qfbar1+hhPvrhcG72WrRn1MOHBG\/UEQi0IsO4yKvwqiblXD9HjT\/0dhqt\/RFTAwug67Fa0M1R4Gf6vwbZT92OzvcYVJR3zAK+LRbdOlVy90zr3DQGbvb"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_src_last_pkt_time":1621501261682885,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261682885,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVOJAAH4RQ+GfdbB8z3k\/XPqGAbsFTv9fx\/8AAB0IqwzBH+7SJ6oAAEU0U9sthnA8M57fkNsMeJ2EE1SHED6gJhbQN4BfQJOO1PjffFq3gtFk4IyP8Wth3mraFF35AS\/mCSP5GPdO\/bY3uB7Y7VeiLUEY9IS2dFIrYZfbf9ZQsemW2z0+VCxvN2Db9C7578kBNAZHcZiUcQFU7QlwuGC4nwNjsiuK0SteLVHFM0d8O27xz2JpZUPDhtvrtHPERZTudFi1Sej11OjXXeMujoumIvT2OYdCj+X0NfUPlwu9sFCLpzinhlfbOthWMWB8q\/9N\/OyqjEr4qbDQGFnM\/Hr8eJUBkqVZluSAYj1Ywh29XdTMOcq5AUfmyV1X0sTrgeDtnbqi3godsTwx1QbwhKBj2dWTyYyHTDajH+2UBid1GebdhLGSjjnKxxAaaw6EFgQmpu7koEqoPObHp5kFU7wjAY8mggUyFBVjUIfNBYhWssGwyT5Z\/r5OGZuX1rx6tRJJm6gIeL60FE9LVHmgWUsYaHuVYpkqJgZrs8PzckQh0niaraVIhLPsP0c2zyZ8p6k39xAgrRwfx\/Zh9nPNn3qSfxXEzLRxlRYWUsplPXqYbIcReCdkDC\/N5gL1eP\/jiLz6QU52SRtg8taUEPRtc88DYo2jurpisQQ15KiRpuliwmtrhW0HqBvzdAZZarXSjJIjkWxLUUFMahlxZEceLNdSqe7MdK1UkaKw83287xEiaSEO7eTUM+\/wBRhGZf\/1DB70GE\/ULxXMbdJn9jltiavDAQNSyczf2+nbYlnG1N6O1TcuG42rxaHRd6KknCvWSCrAhQM\/VqLCDk0bY2mxWybhrjoGc0JuiCMFsYr+5pV5QRoX4Lq+e9gqBFnp3Uaem1xfnlWZMvZVrfurPDH1T3I4Dx8IroHaQ2Bo5DvKOdsiFkfzx2DBIq6SjpXaCsVzWBgmVAE9DRo2pY+eROHEOdfo8\/FBuCZXhbIlRq1heZJwhsmlY+7e2qNgtpC5DaW7zKw1HKVB0RPYT7VRcRTNl2g+fmbYvt3YQzNlorcN9OrbGF4EZ32C93f4\/HUQOVFV2yInR8hfRvuHsywq5N9zdnMDFx4UtoGC5\/JPOmqIglqIM9o0AUrBq4GdLXhfYvcFRKKHwZ7TRsYLwmoMgHWy8jwfHZhK1htPPyCu\/l8XN40QZGFptNt7D40U7OSwWUN1+psHOjRZWv6ST7CMmleHqyEPl1KLs2mifOpHcy+gSFbFBD6LLuLlmcGxRtETjrnZ7+bSuE+Zt8ruZaaGcSfNYzrqd1zOq56HYPd6nlE\/mmgkW8AFD4HgObgvdcHAI+BQl2HO3lTApnJPdlU4\/6LGlTjc\/Xy6ZatrCgtI9vY0+cPbiLZUSCI0nkM8mmbA2A5MknAZe\/w1hAi0GLW9UoOUSrCzacIaeo9N2SakmRlQF7OxrccNFQQ\/UxrBENXiSn8dd3pbynfOPUKA8bLUE0Fha7t882zmf3D2IV8UDrWHqT2rFiv6k3POzwJo9CVhSImVzpyIro243Q09zk2kOJxu0gB1BHDvYJrVOYEpZLmGM4H5HwzOJAsaUidoe7\/oRQyD8W5INMmeQBEWvyryJW11xgcq+r4ORSm2VIuTghtDpCYCC2hC9f+Dlxwu8h6CMW3kWH65itA1vwPXB6v+afYS01KWtxgI6eW\/NRjdMoX0SXGogIM7OSPQVVfkk4D2+dJAm44\/U0Vl4ZMoY08TeAfdXHgiERB0dXg4yr7L237fx9MyFJtNMScYo+op6Jjwo90fx4MlC9rlwatwxaF9nbgK0o\/x2ee6fFva6TLmGaGSkDA5"} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_src_last_pkt_time":1621501262182401,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501262182401,"pkt":"AAAAAAAAAAQA2OESCABFAAVibTZAAH4R2tg0uxSvypibefAsAbsFThjAy\/8AAB0IZEtuMTNmxFAAAEU0P4kZL2JzcQJCkWJO7BYAvn7jOS\/oPDLLELaAGZjPfdWe+CTrIzdiC9WRX3rH+cQNjCKbZa53WspbrWQ3y9Iddgk3mFf\/\/P8OYcu5S5eZdMR9fbh3X6m7e1P0w349oYB4hiM9IJyVYjIofcoBFkKxh\/5ebxmzh+XjVHAni37hnczZyCzMbpvTaS5Mo2\/ZngECyPdTH4R55wpjirrbqawWK5BXgasVyeycq3PgcjRIEDZMmdGuCfn6Or6mlQ5Oi0gPVZivFAfQTbBQpALI5TF4c0OEuWkV5PvIlcn\/R7+MoVcxfy0r0Gxfy5DTUZSVKcVUqd7yhkU9aooVQ64ePPS85n0Ao6nJaHk4CEcKYTxXKFGTV\/JRmN1fStNbk6PuLzUzSKy7W3AsorHxQi\/LmRhIln15AQZY9aFzjxmdp89pwdjIhQaDCc86JMYVdSIXjTQq8957N1jOVphrIDogsXbfM+ETcmeLbNKqN4fwVd+mT\/89Wjg3KjoISCw7cizx3pwneM1IZWZxw32ejl27XFc+DeXbCTyms0wwx5d4mug4d1+BMTCaWAoTeBSMDXB0j0tkDNHX2xtWAXf8\/UuzEfOvYCbb04iQFTA+2Hyu4GRbvJwOTWHAb6Y\/V0BD9+rx2H6RD7LGvrHh+f8uY0EPosNsFiCs+3i7J7uh6lA7HBXpprFebhJ4nBFU5ogCjUR6v4cQw9N50B8pFKaCLLkzxxoYWvp6aFiNZxcUELv9ZUwZSWCw5u9TxfZdk+lnaGdGEYWUKBNrO4TMaapbDNq4j7Vu95JXokG49C08JF5JMM4\/z45it8ndhYZEyZbzHD2yExEQ\/VN\/mKUwF8ibUn2C67S\/5tn76v1S1e7HnOhXa9tt7ko7BC5wl0mN\/vl7Boa7BeFOH9ChJqMRyakFr8qtdw7Yu8g3vIiwJEWJpLTwekZqiekCkjohBvin+U4rI8Z4iedGc5HpW5HGFoexz0CrVl5wTxzNhI8j0IRw+jVswS8qYTpoGTz3OrlpPStmJil9HnykMux+BL5xXOZ617kkr3QdqqRshG\/RQrR8s6QAYGI71oEFLMM4TOShFAvx7OQRDnnJcVkbGzqXs2GA+ynEHK77vOrqNEjJpn4aKnbZnLLPOZDQS24eO\/QA+vv4uiLfH2hoxa65Oz8gK+JnY4IVu3sZb9w57SJTYpFHSRkiWRXzCJ\/sWWaohJYMR8PWJxuCKDHkDpOYFa4Gqs5Z2wJN\/RR3okXqWJS7yxFbWwGA\/Ux6HYdQ3Ct6YGwLA0DbmZnkDdT8uknz2+RUM8H5unZqgX4DQ6X6XF3z+e9cZs+qvkrBFmI7iTg\/AWeOO4DzvapIASiBIUwtJXKqd88VrnmgGNuzFGO317nsPM\/31UoR27Yt3dsU0KGRIpm65J\/+Rpqv+FCFt3c\/28P38sc1iZpuj4G1ByY3uO9KITABAM93OOoXZVsw4nYNriGxowgXJm4ZpYPg6mQ2LTkJ1L1uH0ng6enuR+XlH1t3Mdwkm8\/\/s+srKemwScHPxez2jonymTIlyHWEj43rE3SOOstfJJIdIbioCt5eaO4rJ\/ZtzFVP3GREeo2yr+vwPjDBvXv+9IKyIRXu1pKvuEupgzLBzLb+08gepp2KupXz5AcDO7p5JSUs7lVhZLWrwC\/4LgHlJK00\/IeVej+hl6DABvNdRucAzmPdswdQTBDGuRv2XQeZ5xK3vAhBPzvMWU8ulKLrK4WenJ6YSemx045mCE+N3D0BzGu5PxpiypXC1Fu+3yqrqa1cp13uQg0a"} @@ -613,58 +613,58 @@ 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501263382659,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501305362623,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"} -01443{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net","domainame":"media.fmct2-1.fna.whatsapp.net","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01335{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net","domainame":"media.fmct2-1.fna.whatsapp.net","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} -00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1621503088279869} +00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":618,"global_ts_usec":1621503088279869} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621503088279869,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net"}} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501263382659,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com"}} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501262883655,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":625,"global_ts_usec":1621507440293528} +00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":625,"global_ts_usec":1621507440293528} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621507440293528,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"} -01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} -00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":630,"global_ts_usec":1621516392616564} +00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":630,"global_ts_usec":1621516392616564} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392616564,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com","domainame":"www.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com","domainame":"www.googleapis.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1621516392665290,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392665290,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJJAAH4R+waokEAFfgNdWcQwAbsFTnBMwP8AAB0IERdUk7u04\/YAAEU0zZjp5d5N6z\/WFA1lBa7twBKX0QRDGLtlGmrXu8OpTBord0+OkbPX1c+PKlW1HAveX2hl7a2SKNkWfqYq58RzhqPWQX8bJuDEK8QKFY4N+fXvuJQuur2+wvIp6htGMnZMaAbzhBA68UXq8yqU4hc2a+yvi8q4Gw7qqb2E+jQUTHk\/UukIin5b3rNaLV29NbBtWWNxlePTd93OZVj7QCJVLus2fJCorUUrEQ+2qk5TnhfU9vsdmwx6IB0A2V9iCFudvKs3BZw6vMH3IleWL4m28gaDZFP\/Ll1+v0Cc0\/AhFgLuXnl4qKwc\/obxKbmZlIGLki5S8VSZsLsbZ0SY1dkVvRGgIQxLaExGsBGDsaP+GndXysNiZEoeGRVchLs2DAR9qG5bMjgc7F5c5b\/ooLBc6LekgqqXf0tYcNX1Ifb+9wWk9X7iYP2Nohxdjnln1PhhyFwwH33ccWEqs7INdIHG0pL4nnPScbjfx7yu4Bl0u5Gtz4zNTt9QkKj5iXyOT5Src6TBHalY8bYLvFDVN278pDT5QBdyLWL7oEpNfadXlpZ10SwBin7ywrf65HMlq5bMAPMBrYBhN2FpXmFM7cNtjWb2z2poAa89ojyAupp57XE\/vGPoBwccHb\/t4KO0u9+7ez5lsvxmpIWlCrsPHpI1g4mfO0K2EWFNk3Anr5nH0wYDaUe5wOdCxEbFvRUdCRA01RtABZ5xVMjlvM8apoN8Kn4WqEVHqc5yj0PWs63tUuuePQgwXAECstJsxODvlCazmTdvKFbpo4qJajXrsQCBK6CwTnJEHkWh2mXvAGZwTHKUoMREShbDu\/ALsa3MRdWCNgGf\/BKvqu3kEuPwv1flG9yIxqvtgt\/nUgVhX3\/Ca1qAiaNjv7PRG81n2utVIxCfJg2zDgTLIG+9kYRojM88Z50VdViswbxeaODbKLE4IZe70itf5BYmC5dKaOzsc1ubxfFZvyC5VvBiBKSYWr5eTrbV\/NAAOEFnJYlB25Y\/wg5kPi5dO6dlYjozGtNWPP69zhjoPqpEPKFrsuOmeoUe4bZiVs6v7uB2yz2vl80ozUBKDNkWC2YHCMAf9HVBqE\/Mrt2IBeml6QzS3foYzW8wnBHIkRYVazQQAL0CkiDaOIBs23kvmXeGNY5QiT\/Km9NqiagmZpg1i\/Uv\/usaNSyltg40pMPgJzU+fBzo6AsEexyAOsD0pOIzojnBHkDyfX8A0JBzcIDRpV9jCxmP7HsW1JHDjEKth33XOpXP4gDE6MpCcWx3aAQ25e\/Bbpo8NtEeXF+yfPpvkKflVU+1JItk4qF2JL18pe6Z67OwXqMeVLCHeCYdcqAj4sDp\/bAaRMI1tux95ugztq9AD9OCfXb7G9t26ZLM8YTPeASjTdA5CYfpVHz2sX+woEDbxgjEJDs3sZI2EbLnMd+FueWt5JCuzhqp3U5HyfeCPvU2mr2VjkVlXSb3047h4hytv8T4GBpas5I7NhJQapwTo5LfsKX7Mofqiz53K16cNDqT3ZnIMna\/K4y7sDYs2X9mNTMDSYNIa\/4FeLiBH8A9L+U+oFbNXmIyIVYmhmeDNmPteEfmJfyF4FJIw6CUlzL16NlD5ssHr4ol3Z79gMSJGLQS1wH+8WFBeMD0+KjhLFq\/QPvILGL9RPCnU5yLgqiEMFdnCJHT+ZurivJX+hoHYujvsctlp\/8PU5VIpt04NJgCfEENhOzbQEZU18nrANoFpuXZVXdkrNZsLZUOPV8zsYwed0ZzXePATCJOX6zTH2LfV9PIzmKH7BHP"} 02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1621516392762017,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392762017,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJRAAH4R+wSokEAFfgNdWcQwAbsFTl1Yzf8AAB0IERdUk7u04\/YAAEU0eDSMkBqrJmW6EJydxfwYF72L5nA6GrUPS3rH7Z4vAyXuRcxweddOKkASX50YBAhvaLVxmGJ6U6qmlUaUw7wG8uSjq3TUIdXhWTeA+Z8ZzjqDFIfVneiA0t5M3mNujQZuBubvDwsegbm5eznV7L66suC6BXbOSCIHvH7evlKO6ATwg5tFxeLwg2dQBmNXzcLpzP1hzfGeMKtiH0JWitHqVA2mzm27Mqt1iHbI076Nsu\/4wMO\/W3XkBTDzfNpPgFnftIbYHoXizWVyohtZerA2ZvknSHAJeoqUBq7N0ufeG0vQIdU8hj48c7MRPCJCF9m695quzN39M4n681LXz0x+pX82b6l6TYZlG14513IC7J2U8oNEfwDSayIe8G0CHV1B3ACOgwK9t5t4KOGH7tv4L\/cA\/218vC9QHWHbroomZJmAC62kahwkvbYEjTzFd9QROuCb6woHQy+U88o9PpFuhfBgntQxEdQlqOWULrlZ6tbg2bSyiDxgnq2RrpAHjTxjl94pfsNUVIs9mK0OO8D5idshzlgmF6d17h7PFU6G9dorGkzm4NR6WUaKBOX+5gSFRrfk9rmnT3D53pwkp+KwVxARzjieguJXcogE0fhlCx+gKMRLvNXNYJlLzUoWsx6Y99ImuInElR30vXJvdA2zs2nyF4Izn+Sk2DvY+QdXvwE9gHT6M7D4sY5EHqjt6KAbClo9EWMzbzYhRdVBmotRbwUHzdWJoeafqSv6L3CKvUgJLKdu0YTajaVfkj41xch2Lohpe1p0RenuUsL7ERmQDgXPtrDNmvKz4XuAVEatNNYtceCXUr5rdb5Lay71T9qiuyJKgim3ApBGMzP2iOye5lAvL866w2TLUpfUcidNdjXakFFn9n65PMZ6mDXwIyth\/ETgBN7SyydimVKIk\/PkZC9Fg87f0vvO3grQHqUwDXSy5C0ztCgLy4Kaj+w39\/+zMgQLtjVs+9MRI+QyX4wHcxEAAKsDRVUal8I1t8UL25IJOIq86\/r0xJiOkSj0kF7WH9JqnNGH8+vmx6wgfCGnSI8zF1hr5NX3GOJjLqQ1U62XnJ90MIMkAhzBGer\/LGGVrS6W8xwobLnDBjP+gY09SHeFhdhAl\/eHpQg0s5R6ajAOqzjxGrHwtQziogeGwNpLFYXeX26h2mya6EHocWd4AXToiALDaPovQ7BUR40eP1NntQAWvSeuXAg4pR4Cun5d7LBjxkusmb3mE9H1Q+SLPzSC3KFAluSJZPze6abbazoXFzylXQTpl4YShg+w\/ZLee65FD7UbMvlCi2YOhpxl2oSVCkcd6UcWVItAiI91tALf89089cLcaf13TmGVO37bo8M60FjQZbY7IUQWTfBByLdIUrlG2l85aPi6R0Gv7Zgs9S7k6DvvsM2+Y8RZPzNE2yDKa3XOIxMuhHqpwcS1UiV9F8HZiDY7KAlK19HCyzGhwULC70LPMz+Lwyapr7kCcK6\/8uWl5EcgoBoQiGvXwUqKPqHplF5+pV\/+G96yrYK2729Ao1kcgwcblSXl7srLyRzMa1+N8EdtZ9w4xIIwWcmnoBW6k1pdwgIl3c9AZMQGynRVyFRdZE1ZgfE8pfV4nasitaR0M3gCMYKiLDWmRQiwD21k3IMkRH9lJ2iOuPUh9+SgcoHk8JKhhw+kVCfqGf7CsS8YItVTzzB+AlHzKfn5wPUKuhNr\/8ITyM1jWriraMh4v+v0GwqJXfRoEInWjIVWUPSsW3pM3ZIVbZ1\/BRcboa3+lLOz2oGo30HhPaksnLSu"} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1621516392956083,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392956083,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJZAAH4R+wKokEAFfgNdWcQwAbsFTjV0x\/8AAB0IERdUk7u04\/YAAEU0QsRAIhste6Qmerv6\/2gDbfRDwAaPuph8PFBnVMVSxqTHXblLi7PVgSezrcak45QcT7cr7f2Kk41jfB4rdxTekfgsJdW9cSEOP26vRrPQ+xtYvK8IevBKin9k+CbE9ICrG5XZ\/\/XXaKo6ZDcc4DobFg7Eg5oalPAKpnOl0ppoBCKEGya8BRo1hqVkxDCAsTREMfD8RYDFxBT+6RFQBpExZJ3IGUFzgiPDx5sem8NmhrbO788vko7VGTccBVNLrkcQP2jsrXZ70pfnG1Lk0tvSt4m3\/Jg+Ih9JIw\/X9v4BKd7c4jmaNos7\/5ok\/DTbD5jEn\/wBj64A027lyR7B+AMUGSTCopjOiLs+4+pkBmv4tJrlhu4mptWO9ZntEZXD5oefDNzis5o9MDy08FK9gicv\/\/3ZyJDnzN6bzDKA8SCvZc\/QFtjLrh04c30cSTIUA9BcG5pqmWUjZTYQSoF\/agxqIaQnyq49XumRZT24ofqD44VCkpjoDB4mdv0JGgSKvyY0mh2k5n\/tA1LiK5+T+vBrXtb7\/e3g4M9MtoPlRFCwop0DamO9yahfgwpfaiGumxO9PZSXin\/pxFgYz0L\/KDMgZarPAL\/snmKD2zc1FwY2ohJOmydOye0Xt0RgCJniVlZd4LJU155N36AMgdA0aU7GsBzzyGl1iMxjEAFfHFvAUSo08eo6iCcQgb96IEtARP2Jk8nw2WTHAqJJpyUKHbfbbWyMoyvjW11IFL0drrKF3ue667vcANFMSplf9EUQ9JUNGCKxmmML8j5x08tNU6H9e7xelOp\/8XtgGJrgTsDXKoi5qGkqLcgovvaVcGP\/ZoYAiDj9+94YEzAjNGahH+Lc9pJSbMDiyUqp14\/PpxapFE49fJ949kx4L3malt\/I8bndYAjZxO2KXxhEnyQboYrtu7bYGSVa+OhFP9KFPlTMP0ho+xAzjhYhUtJv3HnvzXg4NDphQWz8VBWeBR4KmmicGIpa9lM1MUJeLpS92Xg\/84i4LX6p0T3wD8XUw64tA17pvkXCROzL0nq5OImQUKEt4g8dBj\/KDurXwHYPvg0HaCk8i0hfYTj9SMBccNBOYYKfGaa70RcexX5XTCdb8+irxeobF\/dAy9fX\/HcUHFCa8z6gZ5Lvoq\/kEIv7eeaD3\/2aPWl7ZV3EJRARCTdy7zud\/K1eR0wYZn2E7cjNSVOWv\/AyAAf1yEuKuSrBsH+33nn8pv+pfJ+xYplcfytBaI1IKBHNknJVn7ZZI7II6fYfylqlr8gaRMyXA52Tmvzv8MYhfYz3Edm25O+wtP9JGRkrgfIK4NkW\/lOJJ1zRdUyav+aSZXzJfVjhtqnWyG9EgoUSiQP406fdqZoqfObsGdWMdrLLnq12PG+nmYKynpB\/Sa5uEjBx1WIx1bNm7FdC4ucJmaj52sna9hGgyBc42eB7XhAZuSZ0ii6oA2IOwDDHTXkcR2if8HMGvz6CiudXcQQBl4LmFri47lQ5oZ188bPdSG41I45lnDqhlcZm5XX3I5\/Vuxs\/GGXMDbKG8gf+0JhZiDDmeBLFuMCFRFpjfVRZsREfskjBcOQv4m8lgJrjs826lH6hMeEquQ5k8jdqr1xQ+\/OSffp5tTikY8XObu8AI\/Pm0jgroxkQ0zKhLfvU+4naM38qCrwkzZ75j4EXbZretHLo04zzIeOtawPS5YYntrGGOuoJbLQmu8AOnMVhFhKQ2tn83eO\/TQ1F0HDl5Z2kl0LdOSIj+jEPk1phzCYTYHo6DzAQfndQ9XDsMS9tQ+y\/UOq9"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516401935898,"pkt":"AAAAAAAAAAEAsa95CABFAAViOQpAAH4R46+okEAFH9vSYPT\/AbsFTrroxP8AAB0IsiNjxAytUVgAAEU0Rqh1oTS7oO8cafTa28fAea2TrPFqW\/nlAJ184K2vdoORXSVeVMo9P99lJizlhuQtwjqOuZDX79HEkhTLfn6mYDJm73BPHv24qL5kCOPeP9TVOodlyLNO8CXYBxsAfImX9sw\/xiXEYv4nPCZx7phxoORVmsG2TXdTVZpBuZ8d7NkT8sYUuZrYsCN0\/vodaBZ64dqsKu\/0ntZ5Z7umvCbm7mnmp1P5JPIv8e5JTwTetx99GUoYM3Lss9UBBF+N+ZQAlvbgchHFwLlztR3qBr4DSeiBRa\/QCa9pwK0wrcW1wd7wQAaeeQE+HUQqzk21mGA3Ni9eqhg0A8mBSXeo4q6Zbc1Qge7LZjkMnbzwWQRN86QRzXhr6ZqznhJsrs2gf+6K0tcETEYFPcH1LtJTTUs0yfQDuzNUGO8Ljn5FQDD1zpRSvh8s7V0XLbAMDnVaIpCgJ\/Wzfpib6V2K6uy3y\/tnIOG\/KewueYVtxjddYzCJF8gOJKnl9hkHLvDnXYvahVHmmsSXkZEDuqEbBU3dhSvWdcTWMI6EGZ1la\/dvApDNmcb5oVn\/GyXnv8p4\/EaQDcSPgEq7tqrMT4zz16ib8ts2HPUFH18kMT2Lkh0kzLngKGYmQr4ud1DxA0Xh2OTA094JKybionwnwYmG0hB+bs0+W3t+x24Ktmr3UI23QaXnYhGjWDsFVhEwqC9edY1GzRBOF4JKsc9W3v+2U\/SN1VrKcc+Bevpa1\/hwmOmIR9UqFFRGYZ8XqCMSHhBSXZ98GHc6Tp8dIXH3GFzyONX70YreOQv70uYLLo5G7B3vB2RKjJ7e8jXDVU+JXnIlEp+p7OvLVmWZJ6HiKz1yl5dXohIS933mpnocVqWJKEIp+M6mIafetUbr7l3ub98qfRhhtDelAeHRUPJsEnbTDiebfukKletmLj2M9uqS88Nv+AYjq94MlKBVGJG0hWh9iwuuwJZCZQrbtQK7QrfvlcDDCr5e3q0MYyc3hLW0S3LNDLCzhZJHuh94K3qh3XmLNI48az6btORNC5VVHVviSCJzpyJi4AAhwk+vZEFTRHuM1FcBw3q6LFjAesbh3fvCHe8qk7EVnRd8k1OJ5pwTXlX6oar7LdQggPhSRol48jQ1hU6ZrFWWYfQPGtgNuW+QSDJwzQMXWphfVZa\/bjTSTMzzJaPxFEO8blcgWgJvyIWIDvvNVBD98ZAL8CsMvDFroJxvSZYdKcm6nvRcebluRLF9YOtvGfZtjUr\/cgCzoc03HDo0sme\/lIVgz3C75OcoWQzVAwwXgD9xeikHRVTVmRinnMrGdKATgKfjaUaxEe\/4wD1DfVumT5F9SapTR39kz6hwpsA7x0UFBknturrO+L+akqX6pIKp3yDxwqp2YSrQtxrQM2HIA0adAIfRYKkhcslIAE1vsvC5gIwRdKcF99Ry4D6WcmQtmyNTEyfKPVZfHdkM52cWvBas+\/FFczuVKVquG0n\/ExS78d7fjZpi2el681jYg7VOPeTHklXJ3AcX9vJRJlgZZPB6ZD\/pRbnoYkfAMjAtcvtRNTJbEv29pz2OQpvG9FDqKNggB4bJ4OOi9Yw0GTejnWMyT8AcCgKIWe5b\/j4tdp6cu+NFWIXuGtcykvaSvXLjzYQp51JSgMBZ\/5jwYYoRMQZPWnJD0NMzZbO\/PZqzoW54JcJfedD6PsbQwfEVZ9qO0uZe4XJyGo7xXMW9qheN5A485AGg930nGI0W4y9g06HYqEC6FZbTUGCQFaccVVPlPrwvI0zP0AD0MaiXvO5tGDdy"} -01416{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com","domainame":"lh4.googleusercontent.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com","domainame":"lh4.googleusercontent.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516402235332,"pkt":"AAAAAAAAAAEAsa95CABFAAViORdAAH8R4qKokEAFH9vSYPT\/AbsFThF\/xP8AAB0IsiNjxAytUVgAAEU0VlWdZoCCvojlDyfa5Yeon08C9NEt7N1hxHGcl7FpDE5Z3Q9X5dOjGppxQuVZ+atKIAVvgbCcQVIhusNpashx33gtd6EhS7ZbKLvO4fc3PTuNql6Czjwc6b46RvYtjQHiYIFYBl31X9KsUf7sMEKMhQUWKvfytWSeM45U5GBkmLvf17D8qsLlZCvoAeY6VEYDPspoPXzAUYzFOsd5enOX3RMYkXxLlblB5gix22C\/+sUNmj+ugdjQw4gu\/fkb\/+jonN8oHz6zQAE\/PJV90A06PszzVUFctBVjZ+j5Pwz9BjozUZUg\/GO5kFR0Af1qvNMmXh\/0QoCYJzAEaSM5LZn5V9IadKyhWiAGb8bAhV2XnJfQfmszIOGoMMvaWthG2XAg6x\/4\/kCr95Ae0+tDiO2FzVaWI0nLPloEgW0+kB\/0TGNzL\/+Vy4YFY4PXcSh85eAiYwO2DkbrwC03nysw9v0D2V7rEHgNEO6ioGGuKv6mypXkj4bSQLPMzAkTM2MsPkC+fXW3f0l+0+za4NKOaY89pjaqW7bgVrOTpwQh35a6XwDDTLsphXxpOh7dlW0BzLzs03vnjLkokDqzkTmNyVYHQO8+a6C3JeLEnZTxFmQiaQ\/1gRzZm7cpY8RY0zhtz+q3FIkzaFIF\/AjKzGOOu8+5nsDUVUSfBS+fHZOKMM2eOjApm\/tZzcNNW1fwyIXL8V76UchSVNHrOV\/Piqka9R1tk0T+z1Vj7bcbIKNxTymIgfuZHLa2ehhiJRTVxdu4QeBCbNLbQ4jG7byE2A+bFbGS9ipIAYjoC9DnqCMgvL8Cm1jbkt2kO1+bEwS4X5aZJPdFzz2GBsHA6OGk5nmPDDOrC2sdqH58ShIcD+ZsAFb5MukWegKexiZGTPy5BYnViMh9Y9GI1jxJu5njnFXaIQ8qVdUruJxMtud99K9OjWpL94NFcooWggckaFlC21iuud67L15UsBMt83hjPDeakhUa4qZ0kj0gWALzdK205K5Wfz4DWhthyqf9fEU0GZOnTCjN7AnpkGQn2Hlp4OnoxtlX5VmufNf\/lVgf2ZeVPKUxlrBcNx2HEOHT4sZ7wIF\/3lwFsTvQKcix65Wug2ejeP3G\/83G9Qzq7h9g+PnVu8KncBYgcDGbeJP1jGd5F\/P6eUEylVpUxF4tuws0zlFKw2bJb8x6Y+cBLwGKHVC0PIzIUIpEH69fnkOGqSdaY0lRMXb\/EEra3O5ioR+LwgLTB92diG8Q5e0s\/v92K3HdzYSQ8TlwUeQ+x9woWExu3b9kGovPv3+jFRaFsbNxKvTVSEfjQDcafUTKOb\/3tA7k+tucr5my+7aGjn+bHbFFsjfBLkQLeS3GRbQpzQHhNjNEkEbiyp731MXybRhTCm+Y1qLET9TlYhBtjM8a05Qog2XwlqEM8wi+y\/CzGxubwbN4IWOhgTc1yngE04OAmEFZfH\/4awrr4YU9tLSzhbY9S3EHvvjjZpSTP0GsdZ92WziUPVAuGPfXB9clRlvNZdmbyGKYmxwvtpU\/5Dl\/GHlToInQQEgn2cmkuIp5zl\/9SUAMeYZhTS4JmDwPt30EK+TXkoGbxB4QQxockp24t2DasNgEbms8\/JVTW0JUJN2vNzbFOqVhPBBqAfcGjPeup16sTpvDGGHGSO4mJvUva77\/RTW+jGu67NC3sq2HErt3plviATd1Ww\/aNLcM+QsfCyX3a3A\/690D7ucSmy3lf\/i05xvjR7bo\/jVQ7KGbD6vK9Qm2U\/cQbTyFQzcqzPZgkKzr+l1adiNiIM8S"} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516402235332,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405234690,"pkt":"AAAAAAAAAAEATej1CABFAAViOZ5AAH4Raq6okEAFwUSpZOPvAbsFTiT5x\/8AAB0IzUnHeeUSQdQAAEU03jPmRxAy9OYylQgB73DOlVrCptv7ErpnY22OTRmr4wpzgeK3KwkGuqc0xjcaspxGnr6AdaN2xcChMtA2Y7IUI6FXy98k3lvliYUdwlbegMDaM0s2kOCEH3Q5e1wd\/wXjWcr6N0oOzawFyp9hVXwI7Q0kOSYeJlKwoxbwIoGt7YBZmAiPcan7Bi5oQyWPAWydB90gyIdx0d8HsFpltVW32pTZeG6z2CP9KXzoqL1WsfRBKPQpLg6kv3oYavjTBDOfvbG3i544r1+YdmIOCTSwSyCmI9DGVk8MczSIbJC0RPe4X9d\/gCsVsymdal9TdwxBqTtK7tvHTjEjpE2Tf9zS8Q8Gc5XsubCb6PKWxtWdDuV+ITz8lHNBp53kMGc9znlCSGBJ+oNWkpzQI4G8VgjVItmF+Zywys9D14q0rl8JP2cQboFSCzBrnPL2a2zEjzaiN8\/C2LlW8weYHLtePs7UcOLWgLnvnVwptNummGBctwDMgBNNvBf2oQ2BT3akVv85DLHFo7Mik5zFKo8Hm+zpDV42cxV43jlo01t6MR7pOAu2JhmZ1+Gmh9i4DhIdmnuAVFChlq0EBq1oKQrR4fmUxA2rjS0OXNZUgpLHLlJHctUJX60aeAJebb5ddjnK1JqXBjlvfbOAxFBhwR585AVOc\/N64kRyneM8sM9R6sU9iPp3yIrQOhQ0fDG2w0PRRpVMOhUEH7zw11a2+aNeZLGXC\/6Y0wE1yXsUVHJVJWZCYd86aXC4954s3IHZMqezQRrL1APK0Uj3+9FDgBevGUuM+k\/7d0zQnJ4rTTwqaISHNag4vkTDqKoEyOQwoaqyXKoPHPHUetc\/U1Vqj5HbYafoEp++uRVCALzeb9EokrzQzuCDkwwF8fL5EJSue04WpPsmcpNQzG8CgHMNpnU5AEbkeVy\/Tm60yzyRqb5aB2QQGaHn7nU734znkp6LBO+x8dI+\/uS4XkpdHKVM+kYZtiYdPByeui07cdpE8sH7XxtZdaodU1va3LT6DdZOGuWd3tIpMbwiom5ZO+c\/sxrsYNosVZXax\/HOCVpOj9VoxFKdAe7TnQA3BtohBLmAQi8Ky9PiOLlrtiEWSg9vuNLm8rQjNzi0+N0HK+xINajobf3jP8DLsPNa3nLBja1BI0rYBIU3yqIKQ8Dl32xsc063rGPnZ+4xKu9Myfb2s3u3GI3oGkrhwU\/1sQwXPwuGtN7SwiZALjqLgHgfC\/8El\/VnwzeViayYEnclukedsZZq1ZR3YWbmiKeCCwlk9jmv2WHZEh8jZQ02nH\/6uAirsc4PzXtVqbEdP3Uf\/51U+sQ2p6kyPgxPJ0dJiulfpzegAk1g9URlFtj1Prm9nXN52Avs85Ku6PnWn2K5Oit6t5szIh7CpXNXZ\/r7lQTCzx1x4hjw2bMC4\/V4zZV4WAYezFgThubuHBYUA88rT2uj7dCArSt2N45qbwc4Mgwud71EluROJDlek42tV+tCsyiaMJdhkWkSEEHDQPlPnH1ij3N1iW3QwoTcs+h7cVopFBb+GUTNIJl1Qk9qCEm5UYTfWF6aVd987Lzl3tTyv5D0h+cV+Wv94Y6Bu\/GmojJU611wdu67nR\/gcxGb0oSe62fODz9zWZV7kmDKM8ibcM\/HbDPHzMlg3XQsDk+2kA7o3GGvnoL0ABy\/WVJWStRZAa5xIrmxaZRdp8pG0k8n7D0+KdVj++U2WeulgSlFklaHDSc62eMMQsSdHdlV62KC3i0iGJUMvejrPxkl+j6oLKhMF1+skGbQ5aFITVGA"} -01397{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","domainame":"www.gstatic.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_src_last_pkt_time":1621516405310392,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405310392,"pkt":"AAAAAAAAAAEATej1CABFAAViOaNAAH4RaqmokEAFwUSpZOPvAbsFTs7oyv8AAB0IzUnHeeUSQdQAAEU0YnBQC8L89wEgTmmr7BjHFODkqhpFJVx7yJAYrFg6afkiF3jCqd3RVPDW00NRXnMgjonKH81Ileorn5KxvS5+yQJRAfjCUHJ24j9a3WWl0AFqEbkF0TWWqMTP\/2idN+3yLS6puV95VhaYgqHrCvwkD4lAh7BWrsu31e\/HDOBztqIAj1XIxQN5nk4xsMisv2NZkICaS+1Cze8naUXXyoJiwMgIqBi5y8cABXF6JlVU6OWprkzVRIYKgbzPUVlJaith2PL9DAVy2TL8feQIj3EkaywH0gUPZYTZigDwJE1mDupdge9S6g+LSrQwDNdm8DmnC39N8zuv8VkX39gnJjPPIqLqt8YcZBaksYIxo+UVtdEoMWKD2dTTAbqL3muQp2Ja7H8Ae7XPH8EhKuwd7Kj3JTpB13ljCjHYeyiv5t8QcUXs+\/fTX+iNUrbYp27UUsB5CR6dNjgUgwn+qI9Kd2TVTpJFA+nvmNxH9t5xpLsEajZKGz0zBOH+ePQwjH4k6LiuIOgTcn56cc2K1OQr8g6DG6GL3qoUWI2dlMl0vWT7aDPYShopw41gzuRGjFELxdiX0M0b7As\/7rFy3G1wt+nR8GFD6BSLRMcYNH8HNXRu0MQO53XF18R+1YeIMH6X3b3CZuFq3Xfa2QILxODzwdrxgCNv+FS4NubkKVmTPXQe+uIgvq1qlryrWj\/xlUbBxH9IDjnd7Q4EC0wXt9aAeFTNi4El0ZGUFtEehFfXIXvGMKzGNTezfNJc+vD4F1uOWnnlAxd\/WNW79xPmd8oVDAkAoVRbYCE9wA05lkg9NHNsSNZQ4ZrHcfUP3vf64MKK+pkwlt\/1KIFbaqjllgaHwuNOpxQyFKZGOQ4mRm7MxKALa4\/fjze0Xdw0la4zY+K2Z6UBx0Bbe33vd2rVATAwh3fRljk25dM6tgVCsvKusLkEvU9VmPywN52CzB84wZBRt5xcE29SdbS99xZjGg98qXqdNlTjjAt8yu4XiAjezSVKKaQD3XaLeqSlZUs2O+44zB3zNNhhO5e5eFJ7vU6rWJlnEoMb5o7Dpqgg5GZm09GTgXY6uCnh4ZTxl96ofiZvX7ChhymeUh74eA1f1x3k5LEP7B+VvfkqNzqwQdVy+JB7y82M7PRA6h\/ZiXREpEY5E7rUhHhHzsCHTcFbeJCcw1KDmA\/8lN\/ad5x9wDVKuns1EoyFDZ39IMuXsGoV5K49EtAXhlRXfF2+Q4uYSZtKRw+dUt75YzrYSQ29ZHDGQClAhl8wOBfpzHpggjQ+gFIEYw0xq4417mXTvRAsHPlxM8bRQ8PcXIpBD1+\/T32bKmOrmzAVOK\/uM2XxkngmepayHjfPWCQlEhv1MTTUXO5FOHEIKK7YeWXB+45P5Jdn5DUTLIpWlu36Orwifl8JevozrwmxoIG1Zmf2m08oeXHqRUDXmNzjkDF8iRRGAJYOtcDtsPuCEzBA8dRTgS0HKprk4UBlCXOdnUl0o\/GH1EJbFeV6skk5xrmue7uPiLAyEVcPX3pmiAAOX53KWWhMQls04leVWEcDeyAFwvaITqnSDWVveqnmXMRxLOFZt1iaMGSJOlk+UqoJqz6OkW7fNx\/lAaehebe7Eqav3QkkugEaA1AnUOpe9DMxV3jHzO0ZsRV9G3EYn8EZ\/3pjUJ7Wdzgs2pUQKiy\/\/eGQsIQ+E9g46xeFn8UPrN8eiX3DgHzFdvQqN7n6GdAWkhJ2Tw7Bq6m8tC3wcytkE68x8FsP0lQnhvRc9Pi1wMCcL9Y5E9amIXbruhOYiuKw"} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405464431,"pkt":"AAAAAAAAAAEATej1CABFAAViOaxAAH4RaqCokEAFwUSpZOPvAbsFThhFwP8AAB0IzUnHeeUSQdQAAEU0f14nS2wsq94otcbsx9Ja6N4Gglxg3u9DN5aawqtRKVNC4Pc2eIsI1t2bGSVlKf0XWigbLFgVoquYysOzgfEuJL\/MeSu45JN0vCO\/piH8bKThjLOmClUk1DH3WZNkFkEuaa0+lysZpqiBVvoWBmVXL7ELlhz6YnN18zze0\/2yDF90B6el4fx\/mt0wpW0qVA1R3rpNHACrqE8RyK6pVoPq3imcpEoLb3yO7yzrRrQA3ViWb4CcRSIQKKKvWiiBsQX5n0+0thXLMnu8ftL8SuxBDfepRmuDXajiiY60A0Ci0Vc1tK667yMn9eaC6rHTNh8nYovYhgNBYmIAwvsQCVPuw3uv7zcZj7QuzsQ+GoW7Ofo+0HVPqQPw3Fcv1w6\/sFDHM8ZQdgy\/TI9Xw4zrv10NHy01l+JQvzxLdL\/Mei6EzaqwXfOyDTaHClmTcUbiuXBRX2Vf7Bmroal1PmgVVCAi8AUTkagzmJDy6vDj2SKbbL\/ReTgBtoJf9YG9\/p5Hob\/OMMIyWWppTPBk2+0f1VYPZWnbqV9qBkb6EhNQ+49gd87e+9YYhhx1IWTlW9NLOLBaYwQFgXd9bbWWfmi29OGPyG3EG8nQHPU1eOA30M0hAL1iFzuLQ3C1KXPfegclGVZOp1CvUfjShhvg8c1OTN5s7Ps6ZLZZlgyBt9X6JmRDmehOI4NTymHV5ZtQR2lVl2TcptleL6k53AnKbBYD6fZ1m7Qm7wPSMZDBJsGDW2W75tps0sDwHgF2FlcJxcVSumnK5OY0dgyq\/v+QuVFHSKHpcM0iQXjJ9BYDELQJZka6TvX0wkBv\/HQW+INffppmt4qy4pX8Jnbh3Ni1t3tDnQ\/7fweO\/+RdKUkMiQ2HCjJPyE0ETTcZK654vByA7SxI0bxGOyrV39JtcFOkThujeZSYhhZM23Dz4XEH9y6JuKs63RrvY0IkUQVSK6GA0tRTMG3mwmAob\/hfPnlVRnA2pVbvTMeZUlWCHFzts0AL9+PXmCSER\/XfzrXwjfrJuvzm+7T\/lFRR+d\/i0xl2X0IkHFkuV9wydT+v0RqXfar5ItGT\/sh5mrWNveBVdVlQJkyY8DBePhN4ArItPiFG+htl6KN6q7WQdvLajCgHRaRtH4GQxWZtZmB1Fg3DZcxEek8e2BMmaOPY8gBgng9q608TDXo9Pt5mxnWStws0YA06UTqWaNh1x2Une7VSFk8tH41qCiAI\/n2bLjiAoqnpJB\/cQvnfvFuY74Da9t\/5SFaJC4LXt0ZQIRJhn8fMIsa+pDVIU+8qnOzaJqQU5AktC9HbX1ISQRPrusR+iRsZxLKNNS5lj2e3YvJYsOdA4xy3eH3PevVRBgLucZfc8W1Sg+7crP5FPF+V1oksLUAomnQAM+uLnpl7jWA5eWJfsqJT8r5wB\/HXm64IPwfS6kzQmr04rkzCSj4t9jKRGjOo1Cs0M2KVTyz5diNk8DfzKuTIVdn5aJBg\/JHs6Tfr60kgcyC4b4P7qkvjih7e9lIaD1s7QzKhQlA9RuZPuSNUkJNf9zFhAHrlKpelaHjuvOMD7bCvtJ13MWT53xGxxb3Tn2yae9wN5yrxBUdBvqKCc9sg8zRym9VCJUCAOFTs3LmsHQjtM74VOXrdEbkzWhp3f7mXZ2mms9zJ9eH6fhPzVnmEuOhWdc4vKs4t+Uni9Rz2QUxiNfcPb0AlKfZGRFS5DchrAfVT1vo9USbhMF3YNpBh\/huOyVHNzkm1++SOaPkTBO1wZlmVb\/GUDFQCUtbTRtKz5EY5n6osCa5b"} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516418037037,"pkt":"AAAAAAAAAAEAYl3ZCABFAAViOjNAAH4RV2CokEAFB0d2G9\/nAbsFTh7BwP8AAB0IqOC6BJZvV6IAAEU0Dvi2qrd23QDxGu2B7vaN4MOlDBtGvpoN5pHp26m14lzRY20peRtUuQ9ptItsXATUG7EiTr9GCdRPLOQETwFtC6RhGNIdLTwnsdX1wtpxLn88sqordHPzeZRfgg7Si\/hIcgk2r6jQqYTKPyb2EXPMZun\/DZnzAKBT4U0s6IkU9DCx\/nVZgKb8ZQ0clSgRRcfwhUHErM8eTU8YJIOg18cKJLd06pcQOIJG7NWuFWxlP8hu\/nN0AYaI66fR8yko7HlWLvum1JaYm6FYnzxA32PBj5oh\/7LgHk9DvkAOButBFcUmyPrB4mG5I1fazNr3nwyskcAAwio84ahFtiK2AWGqstVtlbFkBz5vU1GgAY\/jFxeFFhQU9bkVT2J83JetFccigg0SDPuD5n+d+pF1ktpVFhfg9Pf7M1yVpEd2pTwggR6\/RMwbUXsIy6V\/3Zdy235MvBR99y9lqd30EtEWQFDwQx1rFv7OgXmz1sC52olWXTPJJtqeru5YJ4y1QXdwzngLTKdWwkivONoSni7YFaQywfkoSfUUq9yPIHkBPfRgLZjtRnJvNRzSUdIVLK+82oMRpqWSDyuehe79xRqTV3emacrIoUpKNe4ES0rwwIIxuczcriuAc\/oh36BCnJTnMLsUHOv35tL0tIW69QW2mqLxjVxs\/sB2ZTY81BvXCGKlb2GWWEZboz4kvNje42VnawDq2ARmXLjmZvqx5KpuiDDLCrFuudk1KPohXg8MYwloe1Z5ljen+Kflp\/0GhTarwpApPLhqD4dC0YGPGUPWy0M3SdsjYAYnO0ufi0JY1lS9wKfFr3M11xtfXz4eInUnYb5wKqBRyjzjYcDgMIhrig+xpGm3NO62u1F2ixUHh\/2sre7Dp47yLp70MwKIP+adl\/aS+nE3ZwouBFKcqjSAsPBSGZchE52M44ofrHvjCdZygdjpUAxYA3pbEVs8jkZwgMgJXo11MS4xaeJGvyTRcdWxgO7Z6GiCANH9t3fYZEhYzw2EjE5ykKJRHZRafzyzvQldpdzPPsPIEmtpkI3mtt2v+1cYj4DnaZTXJEzplScTixfIquKqwVCom+EBWD3psfkqjfjfGGAzGt5GoJ\/n556S51FLopQS5Sp3W5C+2M5ojItue3RQCrCTIS76Pfo66q4GsAOSUZ7\/hMt\/XWeMLHxlw2ixjPGWceCE+ADtTZrMdCOe\/3\/KfNqayz9c7lfFveFHD4SoBgMlybRWMCo89EVr9\/e9bgIvQH\/2HIKL\/1AnrBTYWGwjYvXcCZMo2XZ48Bf4TAHJOLQ27twcS66XbobssW7dEGTHzsxM2cbXA7Mt66nR8kV7FnqvM3Uw37ERNKYGRDJpbb0E5DL0AIoUX6jOOuHNgnhFdj03d8npRdhJrYtWfh1KUyehyWQPyGItDjRZyrH\/YzmHmQlGRGfRB2IOJPpW0Awf8t3u7i7GhjjxzZWH9y\/5\/UIGZyFN5xYeSW1RjHpBsgozg4u5tX+KFm7iqwM265C9T5IiUFRDJ7Y7z+ArBTMIKqef2Q0Utflwho4O5OPtNfbJpYHIlEDdM\/bpqXNeLkZvsI55ncrNB0jXRjS9R\/pqCZ1F8bfNDlgCa23mWVU\/e5BsYcM6YG+DEAJXDSOtIC6Sp\/ZcQNS4oqLP9h8MI0zXLT58ZIPXRXVMDFrxMhBGx\/6yOIu\/74H\/Y3fHvm7xBKcdhdXm+aB2FiySmLOWsjvBXvSzYQ3UF0qKHH+MtZqFhGOCJk+EykBVABGv1Auw7saDcOGWE1z6rr+udwYUhMrL"} -01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","domainame":"android.clients.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516418245609,"pkt":"AAAAAAAAAAEAVM4PCABFAAViOjhAAH4Ruo+okEAFNWXkyO33AbsFTsjCy\/8AAB0ICh\/nnOWyISUAAEU0\/XSWRRoxvD58Z\/\/ltqn4D7VEFtfFH+jUGx0Einkv99\/DSfc2oPJY4DDN6JlHAc\/qXovlR01o81cgEAuTHi81V\/Ai4h2uKfJC8zpGb4iU8J9MQX3bFzSnnvrH0McYkR8dXhY+LkUeHEK56Er3NWFCyGj5bFUc6ULxpQIONyO3XCblXJAYYR1+HHMJV5rzq2a0tPhEQxMvfL9U2zDwAk9Znp3W+SBmkWdokjyAXwhbri5sLFI+o1IwVydXvtiLNEKZ6k23ZHvOevpJuly8FUhJlRZFzpQcsb8oqZg2pRE9C8POq2T6l9g2U9I6GvHiVjRZ98FT9qIvvDP6AD69Cajx3mGJWavv6aTsctL4VNEVQVix5W4yMVeC9v64prq2LuRUPHyNnEo9AoCfcOTMnnedkniclIIocpUSham+VwWsPb7ZVt6yBxcH8dnhbZwZX\/awC1yWaJ9PMxllHy6dWdwFXphZE0mlFrVD+Y2ViRFeWYhgXMd36a67EAh4KMOW1UUy9WRijdPxYzI\/3NPUKYw67EbvuD9TnJBZV9swUxHRb5oKjIJs\/zVJKEr4HgEriVT\/uHrCBUdG8YtziQ0VN1Hy\/c\/HszvPKD1I+6T3S74uGqEDJvz22fQycnxExC\/v2s2Io82JRN0DQ9+5+lgxD6yIJqUZ6xtHI\/7Qf+h1fMLSx4y8AKIJtJIOrgnAYrglEsKTnvJuZ\/7orf+yJX+h9BvEb+CqTGkkDjnK33BqpeiRlD+D5DuP3K4T+NB+diP9DR5dBkwLMLSdQF7qGWEWn7GBAMAcRho5edT66etmLlAdwVt2TRqnGXiBMNQSBXoW+toMKpTp1vnHlBgZmKFlg\/JJPZqOdbJdAyv3zJJRFPTBKEQoIS3zCUzYSTKEr7ud8E+tffKkIrAJ7EUAESGEhVWCM1DXL8i9M+Q9XJE3DJQpsWg6gUa9Fw98FeLlP+7TL0IhvOxx5LUeAalBQ0TKxj\/VCVN3UvSZDTeC9WpGfDhna9DGtD1xTnAi7jRi4CrseNR2IgaLm5JlbfkFLKccFrhInfwGJgkHj29LRsGRm1Es1jqRY3Ouk6bpGmMNWzcEEimo3csuOG58WiAdQz6WHsuiuYVG0DLgVi9H6doI1wsGghSdqDtHqoEwoIgb3tx5I7T\/h1Xq5LT9kt\/Uk5CeAEtSXIu4d9PJQM7OynI4I4wJApaL+JsbkbYJmUckRDj5+DcoOsYJRi+S3AzB\/jReXlCiXkDNx221LihD5QvdlILM9b41NYS1jREAGiqCaAAzmvoR5TwO\/4AEr0UdVZbLG6KYh5QUiJ4oy\/WVulKKHF6+TFf4tv4Um+NQ3oK95TXCRvmKZ3qS4aLtCdIbdrNCgVhBzlGHMjvmy6t7Qw421ogxqBJtm793TVCYZwBcnNLdGCCZCEtVQnfQzr8G1JOR1oO2iM8csHv28RhmsRXcaa4e0qdrR5f3akye3zgahdcjiXHhM7C+O7G\/1kLFug8TwlbhRgFQM9CkofyNV0s9NwP\/y3Hufd\/UIKneZE+EIy8AHj+5ijv0WoRhBnRJXYX5ycxl46tMEue8ARKo9MQUXx8V0we4qyXSx8gTP4pifQiQH82C4d\/Ia+gl\/7V0nVldVjo2XHTYnNKRl\/2r20w59XqRfVr2MyuvliKCJuXMORzGbGFmNF4tyPP98C4DrzmbvG593DjxQEJxLOd9WIDUQLYmSmdG68jG3Dj38xlZdbebj80NJ8y84A3+pm6EmRMXvK3LUyTKkRh1+p8LOow4Hx0dv+gfwFZd"} -01419{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516733869355,"pkt":"AAAAAAAAAAEAU0VlCABFAAViPaJAAH4RzyuokEAFkO1xOsT3AbsFTgHhyP8AAB0IbGyalH0+wYYANwDvfHyuzX0WyfJVw0PoKIyEKIwqfBNF14sFAvA9Fx6LB3xU9vL3ynu5LnbexvzNtyumb4fpTS5E\/XHfpwPYpXecyozflPK20TknHSDUVHAJTY9iUBdGsc+gRxEKw\/EnD4N0ApvBGoTWqmVkqyn2sk121zbYGDW6ErU1q+8hsbyKMoI4NfxjBnTspog\/m+eaL88Tqahvr6VuGmJOgsgyl\/gwce2fwd+d9PpunMJSkAS7yf2o1eZhJh9pY3klOtwZCFNQuDUJCJjazTJU7eVP\/0CtOYR0UdFKjm+WWzcoEB4VQS03kspRhaM2QP\/ptwjbxo6FO3oCmYBuOzT9NnCTurb66djTzhBQ7nPe1yBZiq6US4GpZG6aMK89NuAY5\/nz1pP2DYT5YcgrfYdhQ4YARsc04zYfLezdFb87pJyoch2m94u7HYMn24Xcbst7wof0dZvjDWkyw5cSFT4dsIwT2M8hyrtH3HjdLtgpphSCdYSyGuy9OvG7sn+MF0Jh5\/oJdnlWn\/USneemL\/aWfg+AXzhA\/IStwKORkQ6adbv0MxxQxhdhVlhABYhBf0naSCmQM2+cEelsB22JQdGyxVRZOb7H2e61nRmdya7eNqT+fobtyVJrZCrcoLN2LiU5dsnsqDNucCyYvDEkyd7kQp9qzPoYerFAw+PP\/vmmBvfd8Jm5zV8ExYYVZcEdRnY4EYoOzAPXdClrK9VuYF8c\/Y6ePAmXEmR1uClCx1ITHFshaCJhAhfyTByXjbfw\/nXGIZwveSnxeIYy1iabwqW2LFKaTx+JSk2nPQUZJdp\/gZHAXMi8UAeayRLCWh88FjEs+voztNRueCatb6uKPMygUEMEU+6M57k2I2+uTJVrFNtw0naiFrNM5aQWh\/8BtW73kEKOXlb2OOpWG33SsbDbt8f07KgzTSjaTcH+ym5fia5Rw7fV\/ORX4hRDVw6rpMBK8vHEzILGzqKPp\/Fzgy8Yu3yhNuwLA8BgUfSc1ByPGepdUQ33vZYRwkYXJIqjHVWQAfskEje0Wqn+YSnYlWZx7JpLG6MxX086GP6N+oCsmXNLxDtBJtSXiGmOVBp+cXeY5yNiplAtTeIdcdjOB66FqojPXZ4qFgzu67AqMMGZObJDMv\/Z4GW5X4Cgb4uXU+hjHX87oTa1YVxX0+H5LL9RQod7rJgo0j7m61cBp5xGUl\/xYmnsu3DdfPulCdT\/Xqvq9mDtvBpKPSZ89x120bFELyq+h\/m4PzITFcG5b0xOCTSTGB34QH9z4hfUNaP+WHZEXy5YNzh9YM1YXqvIrO+\/iwEMLfq33bR4jnXtPX1cFX+a4qrWOvuTa+bfX7Di\/IJNdHWVlIftUcO6+NFoLKQszqgdSRApeMWkwSgeT6R7yYowqnttX1EOkto0U21n9qsOOcZHS58\/p7UHB8lQVB8xDJnHjAwe2Yv8frMkPRsbdRaenhBn\/LLWS\/wyADvhqIIoQldbThikVaSXVwKU6ENOBP1gszcRFozOxr8R01PtBlDQ5QyH2EVc978OM4JjBCTbqtEjexBUwzGSaTGclsLHYMS3BuvKzOU5hVb9zTw+6jJKF0aIvgkbJVna7j07Xp335dcN+9bFri7aa2E4BpLCzZy+JNpokrgVDpYRk1pV3jGV9trdQsOs8CADI3foMn58d7Q949RGX2Zl7pv\/I5Gf1FwKxygyeU0D5cHoY5DXRYbGRoDOtCFxU18L0wLOrSKS8JC+eITcsIp6lD+\/42Vg3uHHr1yzTR3Tr7duzZ5RxafR49orBGtHZqde"} -01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"37b57e2a60f871d6f459268f91669a78","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com"}} 01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com"}} 01061{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392956083,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com"}} 01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com"}} -00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1621521142479654} +00897{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":661,"global_ts_usec":1621521142479654} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621521142479654,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"} -01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 6.1","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","domainame":"ogs.google.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com"}} -00899{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":179,"packets-processed":179,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":667,"global_ts_usec":1621521142479654} +00899{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":179,"packets-processed":179,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":667,"global_ts_usec":1621521142479654} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 179/179 ~~ skipped flows.............: 0 @@ -673,9 +673,9 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8871046 bytes -~~ total memory freed........: 8871046 bytes -~~ total allocations/frees...: 118256/118256 +~~ total memory allocated....: 9442975 bytes +~~ total memory freed........: 9442975 bytes +~~ total allocations/frees...: 129874/129874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 660 chars ~~ json message max len.......: 2404 chars diff --git a/test/results/default/quic_frags_different_dcid.pcapng.out b/test/results/default/quic_frags_different_dcid.pcapng.out index c24e7d1fe..062ea4469 100644 --- a/test/results/default/quic_frags_different_dcid.pcapng.out +++ b/test/results/default/quic_frags_different_dcid.pcapng.out @@ -1,14 +1,14 @@ -00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784462738953} +00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784462738953} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705784462738953,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1705784462738953,"pkt":"AAAAAAAAAAEACN7HCABFAAT+2fZAAD8RG12BFVQhSbkirJFtAbsE6q4WwgAAAAEIrEmJjdxFkOgAAETQ6cs6Ccq1pNEEMNJuNBb9lu79dBj1BHV7\/Hab9lo47p5QEhqAOkEybAWlnO\/UUjb4NU+PkZiX1pRszXdD6sBVUmeCUh2CpMA4YeE4QJuwcEjDjsc96Q8Lag2Ur2dgQut9eX+pvVWhem00MwzP+JnurbkOYrjv0bXG8UAjB9WdDJfutZ13Epk1gyOyIUoacw\/jKI7O33QkruZyO9W1GQCCTlL9F3R74VCm71ki+WOVD4MOU8pv0LyNGVqyEo8ejhTBmGCoFws200ZL6kkfWYg66z+siAVNmqb6vKP5E1HEJZ2z5CNYFFqT+0WVXoYVxnD34ZyzysFJBYGyoQk6ojEJZK9zDdPlgUI8MZF0qE\/ShwrgJOvAG2phbHl5f6Lskubt5J4J9c4QkMzee2Jd8x9HrCW313q5z0GGsChL+8HjMoxcIWigrz4YK5GwyyQaG1vkwh1F4gE8+IeaCkwkOSpQvvaJbKecN\/ENmgOUAGUxlyQ256RNVaWe\/8+Ydq26EGV7MfrrDdWkZYHM9PQicYW9i\/DAvXTXEfFHwTmjAuUxHPvPT3czKYOb+XlCne2qxgpAUG1\/bLSV9cya09QfvwHn8IIOynI109JqChvGflrmeVBcgKm49sFn3BCfmtcOEINDCwOMbSdIi6gDMYHA2e9QsOGDqMNY4OrtoKaqY0zY8BJPYwiibm2+OaxYLfSl5yY5nV3DDV+\/OmaUZaeOLTxkqgzNbcGGy+EKMUwuBMGiZm1s+IMqKbdwf47B+0uQ3L9xrzTyNd\/UBimDwyzzCC5DVTWpSkoaGPdYUL5ULPDMZFQdg3gyN0JAeWQE5sCtpyJPxM6n5cn6eSYQXuz5RLHnQSEIjGYPrfGCctAn927NxnBuUhq0zt+GFxY2Hu1WCZyRfqdtfaCbjbYtVeI\/qATDFE9k1Vvc2z7tMY2N5u4EP7cIlezEHd2oIOpjohnDq7x8jRSaBrjTaOGdH+xIQ+9CjorXTjXDDrtLtDDoDeIYnywamm+bbeVsURyZaR\/DEMJpkyMs0mDXwEDTGvA2qVTMY4\/TPerwkQGBmA6kGIsaVdjS1LRZLcehUz\/ibWt06viAClYVTm4338E28+FD0deA37qN0uW8XQIR8NiJzEKzWN3FoExkCkWiHqsg4lfvJasS8fKy0r0IvdItAdKsfn0WMLBnCmkT\/wiqJQVgl8SWYiNqx8R9MpgcViBuNY\/HSEDA70tGw89Ak5z8hfd4fKS0YoJxpKtNnv8ac2mA5r2HbskOYwde2nXbZQdUSUsyb30dZYaWdFbfD1Lhu5tlRhHjobN9008UGsR85mCVJ83Gi1r11vJgUYEvGQzSEy9A51SVShxDEJ51rTtjb9+V9wKCQgLJ9uYskg6GcAGNoxN8cmCy0yfsbGisD8+IUVGlMdIf2B1Ci\/Fjpu6I9YcUePaM6AlpyFxoNSDwiLnbHeo6ml+Mn2dcoES5nYkcxcrPwZ3sF\/G7zj4A2xU9en7t7VfJykqzHbAdqh8dRJk+OXboX7iMaxM8C2fnbiDU0\/S7jGzKBldf5wTAWUXK0xU4IenizCO1sVDerbRTamQb0ppLT6q712gvkAX9bRK8IkDAkj3WbKoeg2QF7tIXvJoPCKP+fC1YK8iyVjLMRjVpK9Z1dVU="} 00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705784462738953,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} 02133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1705784462858027,"pkt":"AAAAAAAAAAEADp9WCABFAATMAABAADkR+4VJuSKsgRVUIQG7kW0EuJg7xwAAAAEAFAFkvMsLzrLej2SvyanOpqNkN6tEAEAW5pb3IlT9bycGSYk4LjO+tYNvR2GLMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00991{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462858027,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1705784462994397,"pkt":"AAAAAAAAAAEACN7HCABFAAT+2fhAAD8RG1uBFVQhSbkirJFtAbsE6tr7wQAAAAEUAWS8ywvOst6PZK\/Jqc6mo2Q3q0QAAETEZamOiLKnxk6+6clU+bXTzOstOZ8c5cXT9sNOoQFkiOVgDYRmMaFa3hMp07rCZDDbcZvWrgsFfU7hsDimjCDfCaxFpg7y9+WrTrMLHJ7+NnxnYBPWEYV6sprlAwLLTy1Atu0eT6PBpwrvBAiTtgOMIZzsREaxVgyOIiBvaE8pOc4qQg3j\/AHw8SfhZxa\/W99cgeTknlH8I5uVQR0gF7KYPHFhcqo4nZ9ZfnaE8C8zNB7ahhNTwi8l51ZkvuGDit4ilAlXQ3XsxCE1u67CE+Sl2u5hueBQ57LDuKRVYjGLpdo94jmj6vdukbrbJnYDLRz+CHBk7mx7cRMU\/ZW1EiSIqi7mtCFhWqnCjjNhl1xUWxuxAKGqBVUFIy0zxvvpj88WGMEG9jBQ4XmcNY3QAI990P57yQb\/JJ4FEaFSDXHWJt1h01m295zYlMsqEqpRN1ffuCP9oZF2MyLRHvXabXdeWmv5T0SMNkfoH0MLOJM2AfK\/lJaos5N+LVjR2zdrXtFZKZkcwmqXHIt0N0JD8FKOZt9BE1kDqVhw6P5CraB336YFQ30lhjgXUULq9Nr3PBQoyyhNchxfP3wwwJHfQmzP+zVC0OK4ZGeJdjizTgY2Xf2wkxnY8nbH0lzTDpArqu6S1b6XdyM+AmqyA7vz7boj7HsFRaFPDofQdmLhTaSybatWiHetudJRfkxG24fxZia2dm+NpM5leGwzwfhm37ytnj7antROgzieqoB2O6HIKkfUQZlmT+Cz+JtLWY3pa2foc7aWLPy8WaL0H\/j0I4KyoETvZYAXAvtW9NFuRvoasjFy8yYWYCtnvfFEjBU\/YpF8qrVaXC9\/ZuD+6n6mE8KWADaTh7I1lKp7lwIu2043Yy20yVUwe+DiGSXR4\/LGvG9Nrt+5TXrAsdDHiWwkynckC7cV4gPkPDCxkLbijsiiuHOQZUYSZTYNLDdyBLRiI2wIINNmQ5aGePmYY5ueAZkxnW9V6VhExz4UVNTDJei2zVkoMefUnP\/PKiIBEIRiR3DNITlKPAROShC0sR3WvT6PsKXO5M+RWZeCn5JGZ4LLQrdxN5yY99rJfgYTeFlrvCH8X10m0t3M68bFKnzWnRLPe2CE2sDeJlukMcGoe9eyTr1ElLyv0b71qAejHjymuXnZ\/z1Zqm9TcOUUZRyJPr0cHv7pQCUpLrQWHWv1C7RuvTderrTjDPPd07JHa+mQ8UBbAL5dPwVcvrTLgBCaShAT715kwmey9jJl98mHlhil08+pqYpXZF2cOvS9RPEDodpaRNki6YjJR8mBbI0uBvRfiUq\/s5eqlA+jbP5ntOL1+7ElPWXr1ze0QsPPTFkbovZBUOKR259g6Mj3KlEydseFQAK4YZ1ekB7GhwhnYYyYobnCmcCjO4xSGs+BclHJaJ\/eF3ANbka7X3XlnIV4DyEP9HWCnWofqN94AoY+kzZ7DKH9Owxw+ZyZgmI0trVpc+4qtMRr58xNS8CrOgwS8uRRkWBW0oFrtMh84N0xnlMRicLmT7hSyh5NjVTrTALswGmcTGgKzuzY6pLPaXdwnPjsDB1t0ChuTFDNrdCdEPbTsh4Pal5HadTbwKY3DJAfF75GTCyhKaX7NAZZxQmn3frXii6FZ6g="} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"cdnjs.cloudflare.com","domainame":"cdnjs.cloudflare.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"77f2e7e7117b061992c6529845aa351c","ja3s":"","ja4":"q13d0311h0_55b375c5d22e_5a1f323ef56d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"cdnjs.cloudflare.com","domainame":"cdnjs.cloudflare.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0311h0_55b375c5d22e_5a1f323ef56d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"cdnjs.cloudflare.com"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1705784462994397} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1705784462994397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6932541 bytes -~~ total memory freed........: 6932541 bytes -~~ total allocations/frees...: 114182/114182 +~~ total memory allocated....: 7510137 bytes +~~ total memory freed........: 7510137 bytes +~~ total allocations/frees...: 125913/125913 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 637 chars ~~ json message max len.......: 2225 chars diff --git a/test/results/default/quic_interop_V.pcapng.out b/test/results/default/quic_interop_V.pcapng.out index 254938f3a..fff8ecb9d 100644 --- a/test/results/default/quic_interop_V.pcapng.out +++ b/test/results/default/quic_interop_V.pcapng.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603816434507204} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1603816434507204} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434507204,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="} 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -103,7 +103,7 @@ 01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628763,"flow_src_last_pkt_time":1603816434628763,"flow_dst_last_pkt_time":1603816434628763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628763,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628781,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434628781,"pkt":"pJGxgjQ5PKn0qB\/sht1gBiRvBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTABx2ARUQTYzffDCgoKCggnNhDgZJaMQwAARL5IzeYAwPvJhqXqSzYyuvoAe\/H9DvMh4rH9IopmFLLCj+PhBdGZ40ll7ADayrGRVomiqXfQeeqE4lI0JVucWTRV10wN\/2X8338TTB6+1v0VW\/8KTorpg06AYkrrASXu2b1BsrKpwLL271kd\/dx+mnQSA2BQKuHrVBCwcaBHI0r8YyjQ1srYGqRDA+zKcgWvk4OEb2anzxkS+TxZp3BCgoJSxTVTaR5r447ESHGMmgukiZT5KEHWyWxF9d02oG1WB5o1fyWZF5XPYIfDooBiT1AvbGvAvfKT01RDHMenDf9O5UT9ob9+XRCiw125P6PnFWGEuoX7atzAW9zVIg++DcOuD6bQBa6hwrgrZiQuNBd8kuQqMdvHefesXx4K8g4hi0yN8Q2JiBx10ybm+sDchOmA+ZGI3KJA9MxZ0Sp73D0+bCJe480Wpk3E7r2Z4INozKeBGUIjWkyo7qFkmuan\/71DIvrB9t\/xagwgNTTJ3tPFFcZxULz8+MN\/EAmmnIbFUMJkGpaxaZkxUwzdBzzVfWgWxOxaXp6E\/Sp0HvH7wVBpKbhjbMf7v+XMfDLFzWRXSgKS3UI3Pb2wyqIDyMku47b+QW5Q8ogC6pRm7vw2ChoPyXCwYbBnsPUrSwZulaXZ21SytHaEU9+EZo8BWLIhbxHDWCqgcwiQOrN2ld6qsp3S\/Vk9wosbHKzGjZ8Fq0IulMECZI2u3F39UfOXkQRBydLXb8SJP0YbtSDYwJVwphKDdTuYShkSh02mqvLr++kOOrUBElEDb2FTjuj4gpf7X+VxQEKj1eV44pEqEnAkpTwMxZvrlvupezB2DaPuSdgJ2oTp\/O7zZVUZF0m\/4ldGEeQhWTjIV6CkEIKpRvwcA+UXJ\/KFZ8RG5C3FjLxgW6qDeZaa51INZ1jnCY0wbHYbjsu1o4BqZImbBcIYiSFGPgjyz05R3AU2gPyjMwQtepARpLhB2m2nPYRAMfmllWHd3xwrKK3Glp060Yi1hFmvIsxBYN\/HFmXph\/R7xAQ\/NCCsyb233XTR61h+5mjyr3kBdhvRp4FWAfrGEcdmYH09lxw8fsoI2fyGmlrIiLbF3Ib+dz+bKp06GWcTagDImEuKvHXDoqew6XT8CRp81NMwgYp2C0sRRT0X375VlYNNoST080OfYYTMWSZLZIXQh8aObm1WMLPdvWnM+yeTd\/mCvRRGkSoRfYLC7RPv4Px+NqngI+PBo1onxLjP+L4PKyIXY5M1Wb\/ntYVcCVD6Mu2L9o7pVgw2OSUjjv0o88lqeZ+5ZeeRR6GyrHda3BrAmnkZ+qpQgDgKYZH0YS\/dr3\/dP2b05Ar17LfJufSjGiJu4ojISm\/iPkcpJzhCB0Ulyrv0Qi0cZ\/5EJ37Gp3EGx9wtbixPCiSDCeFvjur1Q9TswIkIMcYKjzlTF8c4ari4VRXM+F7\/DFMpQowUPXMsTOknhf+QiC8PtIgajvJPz0z4ts8GtDrZNFWP1dmxLaXIf8adUNIotOd08gg+Fo+EaXwzTPqlyv8pnBs9YKcfmrjrW8mdx7psWvRm4G1XHb9iD7+F8FJK6uKYd40yFQLCG28wXMkr8rTqhU71QNHZ421qXPLwoECcRhsDGlUiQgzViqn2CQ=="} -01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628781,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628781,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434629806,"flow_src_last_pkt_time":1603816434629806,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434629806,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434629806,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434629806,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgVoAADQBpNWDnxjGwKgBgAMDhTkAAAAARQAFAE67QAA0EZSkwKgBgIOfGMaicxFRBOyPwMEKCgoKCAqQphKlf+flAABE0q1MzAF7B\/pTV0kG5xawMpe3HkhLaz5LmMUUyw3WhYoi5nbpPV7NpV4GM27AXpOgHO\/SzLtIdktFTC4TCKMp7m9qMnCbweSvMGChHkpC5U7w60\/uPzwGl47ucIe9rYiZgKyYjN+8oftGbKB4AlEqhdFs2MoFYovXtoKkQBN7VSB0IxvuY2TC3GidshXx3wTMXfzuo1\/6i1KLTmmNbxSq1CGPdP1PQ24uDLBbi+meANNn06rbl+K9tUdkmsxH+USREu4XCkprwqJDGZjipci4pVwimHHp5mYTfFDWt8XxRCHJmOScE5wt7DLDqP6wUv\/R9RjuGRN\/nD4BOc5F4KnrlgXBSjWA8uw\/1hUs9cHVpYBS0ltoa5wxXIx++EBaRxTWEi36GVZ65l2iVnWKkd\/xq7p88n0OTSzw9MX6zL1vpn8Q3b5hVpTOfk0XSi5xbalOfjBvaK425FOHISkLRT4hHBTrZPDUxwxwBg08G2H36nvO3sZ2DqZCH92UgDfl3OrnJTQ5kZer0RXiGe8JxWv76LxDqR1kJ0SXR282tjRVBUWk2yeunxwz3vNCj4omHVmk44mRi251cY+XJzT44HEva4iNMf74w7Rm7ot9s3dpNfVwJPF0r16L56vzdWhG5cGOJ1D+VSlbkJMR4r0BQwF2\/eCtSeTN+rk="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434629806,"flow_src_last_pkt_time":1603816434629806,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434629806,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.619289}} @@ -175,7 +175,7 @@ 01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816434685476,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685476,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685491,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434685491,"pkt":"pJGxgjQ5PKn0qB\/sht1gCmkdBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB0gARUgTYZd\/PCgoKCgjoF2NeZfCaVwAARL7J5XVlyOrShWgSY1170HREhMEudzqX7b4Uhkojh\/MAMJlRFRdXrnf0lcWEClMJfDhoWlt0RFozrof+Pnw6B4\/ZyoD0RVgGp53poT7G9iC\/absqyVIsEHLsIVC5iZKsIfFtdWkKkdpnRNCGnT3VGY+lFXxBZPJt0vOu0Y2zKMRZ1lC610Klnd+ZJcx\/qSoPqRUIsoETASUmzbWQ7TdG1oxWQGH3wcVc\/v0ICxVUtoMYgJeXx8betPxfyREuBm4E4FoTyJhXcui3XIN3o0Due9ptbZ7SBfuGpb8TN46lwteVUqUUJ5Xe9lf39a3FP9dO2Xqnjw\/WZZomS7Iw1nD9mfjLCEsYGSPz8KBf1FK8U9BWWKadaREsfFGSsUnk3AD67edvUllQXvSDtlbzAUvFF3HIenC2Cy9ysj2h2ptZLfbFln02ZGCulECgFzFtpNDys561LCsH00nvAhS+\/pbJhKpkIQwt944Www\/ODMtfhA6WoAEpgpG06f42PQF9unibmel+Q1UkCV\/Sju8NlC7DCa5v5QN61TvjaWLK+67RDNsHdrusmUnxS0Qw6MgCr1XJXgSd8aQkDA+Nthb+EBlxmaEXwuybb2XuVgqC4V6G6xFD3Gim1RJcrCQKLBGVfueSLYvhKVwT8SeP4SR+OZfWoWq9fjTaViFhYYCsic+3myY3YSADfawnGFA+SyhJdTjrJj9L1vETLMfU6LQ4fjJs\/8YN6WcxBXdSBCin3bSBe2urzqaduq+kb17UjxDbg4QJxXnAa7r5qUQIYXTqC81D8LDrVnVZEVBGUFKebfrcgAxOMID2c3r9c9lUOsj+C6sMlckNXJelOsGIB83E1w9dml1EmevOJyz+MzHSmFAJVMeyfthe7Acpa\/6iTFxUC2VqHJlZjwCn4\/6wRzHC9TG9Zo5VPWRd+g6TJGNweOX8P\/9ZlB9RFiPwzvHlNFT6b3Mb3QxWLg6Ttmg0E+ML1rtxKM7\/yRgs5vxr\/diUa1PzRXjEZ+f5zpp2kE91jKJH4+73tgEQMYk7Eyd89yRmygltVrH\/fU3Ue7GrFhffvVmLvE35MSx0aH6IGdc\/U1oMjWOy0EoTkWjTh0p859\/pRscc2n0uSgJ0X+9D\/EbzkVIZ39Oi5k4wHfsZGD8WTv3IQhB4KGqrNsOYfHpEFOYsQdn9gLcQXwn4iTTbKaZ9rDik21mQSKdUJWkKqJOll6AYoarRO+2QwNgtxGGc9KoDCliYHauCpZ+lGYjtpy5eB2tibMJTLE0Gnrzi6TXFgGqp4wUvIqEqIQ7kO3WFekwujCNCYafCZWYtZ66P1CWPtvc+cRSrUO6Bx299H6EewArx3M8oD1TU7RZVYNta1PmN9bWQg7109Ib8Pk3crjfxcU0dAj+led14LXpRrlgp\/QeJZZuc3wsMwiTDPy3TJcx5+ZXKykG0+Rze8up6KNJ0TOkliR5SFYCrvJk8ixSq\/yqeCqIEYozf9Q0bKCLl8\/Buyu+IUOQ+uNeuzWzi4apJbhNBlCaMuCrdvdjkQpiOWPf9EVqBWcYwBbWS1gM7Y0WFCSCyXc2PxB78fF4bL4IfjxhdAkZdz0MrFIiD9A7sCWzJyDkoQoFSPdTAM2SY\/PtnrUK9nA=="} -01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685491,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685491,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434686051,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434686051,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9+cAAC0BNK0znmliwKgBgAMKTnsAAAAARQAFAF2XQAAwEYktwKgBgDOeaWKwwhFRBOz8KMwKCgoKCP1n32NN8EnlAABE0jB6HybCFUbabkBlXXQVvewn7zDYehbLSZDjKVLf8snzKJdjR\/3JsPdO+vxlafCYsOkUTueZwJWg10Sg8fn0URQdzFi5gf\/QXZQO6ykhfm8a5Zr2+yBt68dnry5zhANveVge4e8snv2G\/EjNXJKG6Jyq2Wd1UiHDsng78dU6PMilPEvqoDuVAeleo92UeM\/LYmvYaEQWibrlo50VzyM0Qv2OE8uBtE0321S2ppuHo\/ubVRja900u6Tdl87fZa+TqILwJoqVX3KxUJszQP\/m4sTr7SSAg4d30fbCCPgGuhd5vecogxfB3YV8fE8VleuNDGZEznGuTG3MEvmD8\/iDQCIxdLNqMLq4OHJR5K0P4db2PcHy\/HGrvnaBUxSsUFpFbt7dov\/pgLFhL9QjjASYLcFmP9aDGJ4WvT1nHm+247V70NABa4wQtolKRPLihtpaTI978PvhAx7OA\/FDrMALGCkkd0Ckzcuf5\/RdiusGznuJWz6dbRFAvYuAY6z+uTeSY3eMIQi5VhMcXXLlIqpnkVl9ay3z8cpya5MO76mkRAtNLAnc4uy4dq4IdWYKxFDEs514DLZLoll455nZesjVL6SKL9qMReSCKhO\/op5kVDv+GxSpbs9KycUr8HjhlDhtOqnPPf31XxGL0FX0honv9o2mTwKGu95c="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434688708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434688708,"pkt":"PKn0qB\/spJGxgjQ5ht1gAY5iACMRNCABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVGLOwAj7QnAAAAAAAAINUX0m0oVmLXKOtq6\/wAAHf8AABs="} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434693386,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434693386,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApABAAEAR2hTAqAGAA3nyNu1wEVEE7JhqzAoKCgoI7mu7hqnhXwQAAETShPHzPPAkQK2NEhJGnleHaiN0ie5qTdnm464jrXCgs4dpEiXNx\/PGBx7TOLjXnxLSumidbRKwVj0cRR128B6iHNMflXwQht2t8Y44LmwMqcGdFgLa+9ZMaGseDnBaSdSq\/BTPBASRNPP5ViOFASdiCzWBBZ9WWzIm4Zq1cmr1m+3KYiXPZ4DYcjOiBC+RnrFuinz0kYMk86K9x6ewtyvVVkz06rH\/0pP52NDoXW\/b\/MQkNjC8KUi9qGQJPKOuv\/DmccHaQsbHCmJiyo\/0QNZTrabAtHI7akrTZimPvxnGDDh3iKeWTI0Rt9dVSQExok8KND6xq3GcpnEKSLoNMV4xJO\/u8Hd3ib0ZTAW90kp9rc7u7p5ChlZkz1hOn6CQxtLF+4Q0C+LoqzxjzQ7yi2OlbBMZIKyzLtWw7xW299MwVnAiFEtj5S1RjtdQdmj6SAPB0h4vvOCMTAjBLrzNUIzUQQ4418YwmRANW+EzePT6mR1Ale6pegThd1LeXLddvoztOKGJo5TEa5MgYMehxhTg2TXP6YXaavnooLGg557tbafcTn3wzp5jbVUwxY9sKGj16QzN8+Fynpug9j5\/9WGOFqWFzcYqmUsX0\/xG2xH8WvkKARD0l\/sk42N9NbTB7Ss95x\/zpvrC7DRs8wzKYSZy+NZzyMWwe4xcTPC8pdC3jzhcEXdF2RnCaPHIghUD9RT4W1CfQ1kNWOulxGvcIr6FHiUeq9MpQR4aV5XkRR5Ltsm0vYQyB2x6O6vPlGQo9UKOc2XAIsuJ\/UbYOmk2NYvlK5HnPtbkhJY\/IiZ7z23icAn3thnf9kKY5ERwFbNb\/un4e9T0EmsPw2t0OaIH16APDL4fOPl6+1VOOMCOqaajX6JJ\/\/VzPWdr3Gs+W1hKm0IJjwEBhbsb4P0Y6VCEvVHsNI7mTVZMkEAua9fwXy2V4utejHZLSRSgMPQJSvLG25D\/bKthcwd1lVPwIPmwpCJB1fyQWm6AhqFghO9Zupebv0zgTmzy1tLUnzVFLEzE4ypNxUpFeb7gzSfiS6a7+MCybpQYls379X4F53iU+GTINzG20LYm+XcA+4YEJemBM6vBH5vOwhicXfh\/S4xBSLLLmN+mSkM6sSSr11u3IsDj4PDyBLrk0cKt+Xez\/nYA53eqNQH8wobiK\/1UcQl+9e0C3Q5AQcsBs2MRhY6nnaLEFqMO55ANIVeq58cAWZ8Kve4BjvDSY3uaBdKWaqONn49IjBfiSMz4x\/Xbh8S6vECtoIhrWF90MTfHWh3iWZB5qXTSIFhe9owOmMU\/Usk6Uy8KzZy7KTlRZYfDqKbq7rcX5VnkanJDx7H6mBhnkfHnaTIQA9b0kFHyqiee8gwXA7SB4zEGStKbfX+Xbd7g69KwswEs89ObtiGhZFpjbWTpwnRcI37GAOjv5pgd2XQz9GL44DG\/Ek00OMz6SwbWFlAmxoWux+qNRG3HPl83lY7zEH0gjFnGpuAsctOGn\/CIgy+CcWiM9zeH26eSXIULjy6o2ia6cosWL5oxm4nSmaOz1jSNsNYx\/IuznZBNLujicdVabLMIwM5jHV5RNtJl7ORe2vMsPayIVVzDvXWDnuN4jRMZKSKWRDE7oTL2N532z74L8ugCqSdHwRCSsBvtnIezk0Djtg=="} @@ -203,7 +203,7 @@ 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816434729337,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729337,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729343,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434729343,"pkt":"pJGxgjQ5PKn0qB\/sht1gCGnqBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0dDpGwpl3Ci5EerREPl9RIKJcKdoNqRq0LiqreYf6EOoxrVqsnRGXi8dK3qw4eUScQ=="} -01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729343,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729343,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434736042,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434736042,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434736042,"pkt":"pJGxgjQ5PKn0qB\/sht1gDJNoBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMOCvG195MdsDa2WfPCN+fs1Twy5bRnpAdq\/aOqOWkb9sVtpRcByoK+nPaUgcYcmBQw=="} 01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434736042,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434736042,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -285,7 +285,7 @@ 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434822056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_usec":1603816434822056,"pkt":"PKn0qB\/spJGxgjQ5ht1gAGSQADsRMCYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVGV+gA7uJfFAAAAAAAIQysxrQYDr8z\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMDpa+to="} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434822065,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434822065,"pkt":"PKn0qB\/spJGxgjQ5ht1gAFucBNg6MyYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9AQQ1AwAAAABgCGnqBNgRMiABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0Q=="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434822065,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434822065,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434831237,"flow_dst_last_pkt_time":1603816434772881,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434831237,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQRVHgAAAABgDJNoBNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMA=="} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434836177,"flow_dst_last_pkt_time":1603816434684954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434836177,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNlAAEARQ6DAqAGAyu7cXIm\/EVIE7N5MyAoKCgoIV4qr8UTBK3QAAETSZYQqq5\/hhyGtCz3Zmoi9jrKsnf3wjCZq1mxPTTEfXwdslpFlNBBYDqBuOo+QKDkWn4ZFD\/5qQ8sD8A+lBYGJV+nw5hbll6er2441gO5dAvGVUTjoFTcs61bhJdzOUrux599yFBfTAFDZKYhyBebkHPNDrNvPvVpxfBpxhEGHEq59jbH7Kx56FJtjtSZa9HQG\/OGEFc4JVYBfZDPBXIhzLUdX2JND3qWMQuwP2Xy5LdfjKHYwwsqNQgrtYOT1t6v+Zvqju\/oAictN1dRCuNXP91Pwy5MQysbtofZHqB7e2yb+jFxm4ZMqy+00qpKT7ne5IWIOVRZxjqMikenSsN73RG+rLd\/uLSPXcSlufRT\/qpMuPbNQ6s7DEcokvc85KmowVE9PiWIPrZuSb0oRHuoTyejJTscJK3si7Et7GQNCLhwsIS2k6fsRMPFVceoIZZfXs2PzKq3\/O9EH2D79eeGzP8A5iwmMT7Aab8l3\/6R8LVM6+3PQfPi4jLK+XHWMQbg41\/J9uEQZI5HuTWWQzwcn9UAcG0g4gwcOPmZDzviupQ5tg+\/9eADTReJpa4xS3oYZdywwA3VZsNHvhQf4dL7aplXzKSWQO9B68xf5V1q4gM+CvIJUrE82UCwH8VaOoe1AoHNWtyDW0Ap5d2vSy04x+4EyhLNBj26v3fhqsQcn6Z6a4KwdLKikQaoiVxarNgN+CFr1yDWsPRCqJMe40bhwuS4sWkiGWh8Cv9gLXeNDdRPqaqgBh82GLE7iFA\/U5vdRjLNfTPPFimOZbexduSJLGwwVJejCCwbDdk7Vba1zDnWr6vIMpidFE15bqu1CaUX4wOlMw+UlJ\/Rck\/7v\/g8MgCArdyT52lbEFkxfiUbz9r7dzxe9yAYfnvExfNJocGmNo8cp9UGEZb+Z+fpXkVwNrnTpe82QFjYekWIeghnThVtpzRW6HVEFowML2gXzrgBYWnXVabb+z8NJa9KhgDfRxGY6Qmo7vTY41l2P1aqPcxNOTuIr8rCBIdn5egFmlP6+j3I3zePWc7fsh+HpzbSu2qNxOPfDHrqGgaMf65DyMBQwQD\/2tXTWsn7Vrz+vyWwxpeVt4t+pbwKmIHhkkdrbIJF9mTZzSgQFhOrxmOkT\/t3tmzM4BHRcRs6UQmLnryAbmkEWPDFwWiKG5ro9OVh\/yjexJN4pRIEK9lXHUYCFUgWFM5ofQyZB+jTZyWZLMauwYFWJOs0N1nGD9gUKucMB7p6NqaNEaiwlEG2gf0v2FH9hCslV4oko7fHx3ROpToSYQVimVoCtR9PaGonSHaeqACfo9ua\/Zgtv4cLK6ZiV6DBCf0hDnXZRBh+AaUTWPTe3zcHlDnUHvaFFceiOwKcHKvhC9KWiF3Ddru0uKWSUsFip88BcKpuEabKb0ahOEuMl5XsFJ1\/uDvSVIy33izzMs6n7C\/k4CysougNKX7DiugyzF6BQFi\/VUl9waPfDhomR8hH1euFy1YjY4M2JXUuQh5HV1TzlO4okmnDSo4ios5+eDuKBV4YUuJtBgKFC+X0w\/PUhCXpFy4X3vOqtG4h5S8jL30h+8K84dZjAHTEkJGOvPZIghuHCBB\/bpEvq6Mbt2MCtL\/lIRUUPwjkSauaRIiWSBq1YTOD6X9dULjF3V\/Ewiw=="} 01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434684954,"flow_src_last_pkt_time":1603816434836177,"flow_dst_last_pkt_time":1603816434684954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434836177,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} @@ -424,14 +424,14 @@ 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434764038,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434897001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434569071,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434601225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":23,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434628754,"flow_src_last_pkt_time":1603816434779850,"flow_dst_last_pkt_time":1603816435041611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434722567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":47,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":47,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434722567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":47,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":47,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01162{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434622862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434684954,"flow_src_last_pkt_time":1603816434836177,"flow_dst_last_pkt_time":1603816435089353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":54,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434602877,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434650048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434725950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743654,"flow_src_last_pkt_time":1603816444721505,"flow_dst_last_pkt_time":1603816434743654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434779296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":47,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":47,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434779296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":47,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":47,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434679393,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434641678,"flow_src_last_pkt_time":1603816434792692,"flow_dst_last_pkt_time":1603816435089405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434519345,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434551349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":23,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -448,7 +448,7 @@ 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434772881,"flow_src_last_pkt_time":1603816434831237,"flow_dst_last_pkt_time":1603816434772881,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434680209,"flow_src_last_pkt_time":1603816434845425,"flow_dst_last_pkt_time":1603816434680209,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434822065,"flow_src_last_pkt_time":1603816434822065,"flow_dst_last_pkt_time":1603816434822065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721167,"flow_src_last_pkt_time":1603816444586338,"flow_dst_last_pkt_time":1603816434721167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434656025,"flow_src_last_pkt_time":1603816434806673,"flow_dst_last_pkt_time":1603816435111830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -468,7 +468,7 @@ 01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434745946,"flow_dst_last_pkt_time":1603816435011222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434822056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434915890,"flow_dst_last_pkt_time":1603816435194117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":246,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":30,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1603816444721572} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":246,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":30,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1603816444721572} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 246/246 ~~ skipped flows.............: 0 @@ -477,9 +477,9 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7096695 bytes -~~ total memory freed........: 7096695 bytes -~~ total allocations/frees...: 115255/115255 +~~ total memory allocated....: 7675173 bytes +~~ total memory freed........: 7675173 bytes +~~ total allocations/frees...: 127028/127028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2241 chars diff --git a/test/results/default/quic_q39.pcap.out b/test/results/default/quic_q39.pcap.out index b433d3bfc..a2891b4e6 100644 --- a/test/results/default/quic_q39.pcap.out +++ b/test/results/default/quic_q39.pcap.out @@ -1,15 +1,15 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1509098995610775} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1509098995610775} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1509098995610775,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com","domainame":"s.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/63.0.3223.7","quic_version":"Q039"}}} +01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com","domainame":"s.youtube.com","quic": {"quic_version":"Q039"}}} 02055{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1174,"pkt_l4_len":1140,"thread_ts_usec":1509098995619706,"pkt":"AAAAPJ7rSEb7OSWDCABFAASIpypAAD8RBxGq2BDRFZ2345bcAbsEdFQcDeca1dd1bE1NUTAzOQJfXHZ4r4NHY5hNEdjLP+5ayCAfN4aRrJwcGbvr9Ig30\/shURCI87o6EE5x2r0qaxNPy9ijcArYvwm83T\/uUNOwvPrQL1kQ63P7NcdMjvNaDrlFf0DGfuOc7NBPTTXBkaePu98lEtAf3wsOApXg5IhtfmWdfKrgEpCXWFWsxttw6C4\/lCwJqkUGaOjHW5OhnY9r8qCDBdkX4XN\/4WmFW6nWq\/XYAKSy+w3zKPd0+LJKlxsYwrzgGV2rjQwmb93iv1FFvCzNy4lqNoUoMblenytDJV5TJvGYH4s+\/7AX7HDhbJj+lIeaRA3g7dV3H3kgoU\/SpbsdOzy0YVY6Bp9yZermraiyHURn7bAotygD2Vp7YwNcdNEG9BU3funEay5GDjyBK1j66ZDJgNXirLZjzse1+VcJnT0WzMubicwvU30jDw+McSt9Bti6\/gP9FAz9\/lD31IeL8vackSc4lx75mviO5HS6BA\/NqsjQ9B8m4Ji2diYR80xUpIbgdFQiU+oifhm6+LGlaffXf5zfdWBFidIfld\/b7JT3SCK0xn1oi2TKxI8Oroqc4ijms7JGelhl0fef2CpmP0WCIT2YgyU6YwvWa1W7lII+N1ZbTeUAByGqF1QhTf5cSKd79GJRi+dbNY7B3Wj4KJv9v8GAF7TKwPiEZdDEpbOPHL\/FjvVpM04y5hU8HR+06oyFgTK1\/6hdbKNXNH9cJjr2nmUmezntPWc2AFfXM+e\/7E1fv7zcT4Kq1YOLXr9\/RjJvDNQoj81czTWLgfREm6KUrj\/r6fSbFJFnhuScfBlR9k2Pc7b3lIEZb0KXGhxHCyB1J7D8gUoqDhJYFGV+VkGVNhJpozvYPJ8ykH\/Y41HD8nsSDL9iDj9URAxCKHefDlX7Pwz6OhBfkcIZAyY3zG\/w9rr4x0Pl7U6qcsdZ1MBpDJ9qjugA+Tt8C4JpvLxNAR0kx92LyFnt3BYr58WDPwTbktI01oxzKDO5QfY46azjmnqJ+Or2LI93bDxwCMYKsLGAmehhGKZad4Iy8CQig4MBQDG0NMhHKAI6+BaplljmUnDnEalyg57\/03tWWLR4CQIYoKQ9N\/\/fDmFtkFJjraB0A767qxG7Cy8Linc3qzCa86538v6kM371bSCg\/XlL+EWzVEgq8MNOp+Kf2xPBIqWXFiVMGJ1GcpQwm6iQItRpY+85J5+RUK5X+3OW5ex3EYIjJUr+g2x3sFkDiuAsaRHgrjj6WnNpOZnghw1uaYp+E3H8VPrRSwSKqch7lieJx+ojtBtD\/W9etVSxGJeGD7lz+4wIhuht4d\/jcmgefkRDKcrraaR9azCKs\/kbJ\/PpVxbRsVvTZyAXgG+ABf\/0Dt+UshFkLro\/tuKww4FrErwElInQ+88Azyk3w8tcu1AYrDqSPj2BvjSRVwl0PO7TtbVWqgcuYET3exljbs22Rr5eyEoiPXhNZMDC79zLn441b43FrUKvwSHTJR\/j33VYKbaP4oVCvb26Vw=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995647453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1509098995647453,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA\/AABAADgRuYQVnbfjqtgQ0QG7ltwAKyQ\/COca1dd1bE1NATKbKH1UbNEn\/TIU5EABJEsBAQAAAAANBgA="} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995737234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1509098995737234,"pkt":"AAAAPJ7rSEb7OSWDCABFAAViAABAADgRtGEVnbfjqtgQ0QG7ltwFTuA6BB7VA3w2dE7ZqQu\/HA9+aSHkQAacyJMtou\/Ld+GIcjTwAhOnbZl1DccdsXKM9X+aGBaaEp2k+gMriAxw7XUSiNYtQZBUSBNLFOTdb1hYpN8c7IZOsaDblarfxUPQxJ0gnkUeqkr4fuRbUc3rNSCo1QMBgMypO2NvSL5l22mGXYSmNX3toGT7ULzZsB61Qo3VdWUFY0IjS2GhkCgN+m+wvx9GGU9V5L0IHzmROUCwSwmxHH1ErMsKb5C0SPh8Moiuuma+1VPhe\/4G2icjKqB05ASgsiwkrwe4SR8d3GFtuFbHeuQE6CX\/fbhRn85iCZ81UU0O0DtLEzTpnpEMp\/HcwAW3wA0AsKtudDGHnSOUULPkFVRBhVhpeLqS2Li0YMUrWjkhCHDN9UoHpPxrqdDBOs6cnSVYtFl87oKhCwSDMwSNx1tbGBLcoib6tTeCM4ikOzQpKXL\/lxnGVpm2twrSoh9tDYCOMzC8iEwjRh8w8znhREm8bviBNUYoIfHaNCNbITO03cVWyavFVXmYqlGo+ZASq8dcX96Cx1fYD2dNrv4jvEfzhZHi9j3aqseDNoE+cm3+PWctSwnMNfg\/cAZ6+izl22P83dYaovKhaYXtYVtRaEh1uryXKQuvrbxgzqoMuHHkrg7QEJUZ5gmgRTEecPSWIb8SUwZxdqcpLdU2L\/gN+0XORpCHTJoVoXg6Lvf7E\/f\/bT1pGfsk0tHNVABNBD6SIl1dnyG5O14yJfWoVmTI2+G7UprA72A7KqcWm\/Y9PRilKUqk0W23OKWXwmQihG5TnwqOI1ASAfZdL\/efwkHmsUuwXwuaJv3FGekCSnevBUaUlKAb3RLPfFDu91ImNXm9aoyBuraDr8zBZ9bqaHnt+JcnWMwjFSOpYRdAjWYbEr13AgYr52pgu\/XfErhcDNHbPXjSUwKIzgcTnM8QTMujWWFjUns5aLY\/Mv0qOvbYcFGwXDlw8OQM5Q9vAraMzp0pOrSxRQJyeSoZ66v\/2PjjGS0ghqZ5wQB3xtFoLAlr2HDEgPgkAvO2RItTesAv\/vsh7iK4WvlZWfptfy9Gni9zKT+BCJpVckSsMJNJa9QOIqDZGcD7WdvqPZ\/+gs8I2oZlbXo5frTZi1mSER\/Qjm4utM3efHWXJNIk2goUh46mzxek43peBjGUnwswHlZbLnqUTKXJel3ddyov8qXphMbEnQYip6mhFYg367RZ8YRU4EKrwLm6Xcw9FNoa6Z5lJKJijsH5vSnEkZ0v8YX0MjTBReOeuoFmSr+AJVjpSlg\/7643dClWP4cXx3jdn+gn82y3LOeYLD2p8lV3aWTEv0GVmHGW+Hm9xJDl2bHgxIBcRhyDRGQFOC\/Z7+ehu0MP0\/0K5CKWxMw6rUTxM3JDgsEv2bV8wJzw544w3P4lqj\/UGLv3pSXxIfWP\/1WvqksJ+oY1kY5SVPXHla+pr7Q4eBAjdUPT41ziSFsQn5NBuGGWEuFCF\/QbEKcOu1F8TZ\/1M4MdpRIdqR8tFYEo+Vg9m6TwjRMK66fE6Mb60JRytY107EKpRJxBagZcwKIXCY2mZAsGOuehm5fQ1M5eVsO+apeXG3c9KMIURyf9ctvuQNWeWR2FIFfoH98C+ht+\/SSxjmFeV\/+d0QtrQ1HpAJKWfFcOZ2e+SesZS6k9AGyJLmN0367Nn6pJG6hN5CQDPLk+C3kOYs46LBkhHg0plOlFrwwdKcByjY68Z2VuRM7vrTmQWs6\/Tsdq8ti5cqSfOmHnALup6x5Ipr3zDykeMyuckk03bWXQ7Vwm7LKwDjsFd1vGiyvmKkwy"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995737241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1509098995737241,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA7AABAADgRuYgVnbfjqtgQ0QG7ltwAJ9O+AAM4OmALOTw1M50FdwtLmPXhOu9ZZKxYgqiuY5AjrA=="} 02249{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099004752497,"flow_dst_last_pkt_time":1509099004382425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":14377,"flow_dst_tot_l4_payload_len":2074,"midstream":0,"thread_ts_usec":1509099004752497,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":577850.7,"max":6514643,"stddev":1531988.4,"var":2346988339200.0,"ent":2.7,"data": [8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948]},"pktlen": {"min":46,"avg":542.2,"max":1378,"stddev":603.7,"var":364512.4,"ent":4.1,"data": [1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84]},"bins": {"c_to_s": [0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0],"s_to_c": [4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0],"entropies": [4.179285526,7.832315445,4.966748714,7.846248627,5.380072594,5.640916824,5.720768929,5.299251080,7.336034775,4.816403389,5.818665504,7.074090958,7.867320538,5.431150436,7.827050686,7.874505997,5.477433681,7.859999657,5.412702084,7.863677979,5.373553276,7.855113029,5.379174232,7.856376648,5.502585888,7.846080780,7.718618870,5.508206844,5.470327377,6.029057026,4.816403389,5.969577789]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":33,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099044522763,"flow_dst_last_pkt_time":1509099044559423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":18965,"flow_dst_tot_l4_payload_len":2686,"midstream":0,"thread_ts_usec":1509099044559423,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1509099044559423} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1509099044559423} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909399 bytes -~~ total memory freed........: 6909399 bytes -~~ total allocations/frees...: 114198/114198 +~~ total memory allocated....: 7486949 bytes +~~ total memory freed........: 7486949 bytes +~~ total allocations/frees...: 125928/125928 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 557 chars ~~ json message max len.......: 2347 chars diff --git a/test/results/default/quic_q43.pcap.out b/test/results/default/quic_q43.pcap.out index 9c948622c..4b52157bf 100644 --- a/test/results/default/quic_q43.pcap.out +++ b/test/results/default/quic_q43.pcap.out @@ -1,11 +1,11 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388060203207} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388060203207} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388060203207,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com","domainame":"dns.google.com","quic": {"quic_version":"Q043"}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1592388060251652,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1592388060251652,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1592388060251652} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1592388060251652} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907671 bytes -~~ total memory freed........: 6907671 bytes -~~ total allocations/frees...: 114139/114139 +~~ total memory allocated....: 7485267 bytes +~~ total memory freed........: 7485267 bytes +~~ total allocations/frees...: 125870/125870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2323 chars diff --git a/test/results/default/quic_q46.pcap.out b/test/results/default/quic_q46.pcap.out index c10ce43c4..8eb50f4b0 100644 --- a/test/results/default/quic_q46.pcap.out +++ b/test/results/default/quic_q46.pcap.out @@ -1,14 +1,14 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559632338055044} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559632338055044} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338055044,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","quic": {"user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21","quic_version":"Q046"}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","quic": {"quic_version":"Q046"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338083803,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1559632338083803,"pkt":"AAAAAAAAAAAA4JDHCABFAABAAABAADQRHsSZFLfLrB0q7AG7lZQALNrDw1EwNDYF6s\/m5wbfJy0AAAAFbGsm7eq1vsQbMX0cQAQkIAMA"} 02333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338308554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338308554,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTiJnQAtQvT4L41LYkTDHbWnvY3Q7xNlk7lPAOJoU7qSEDNxr\/eXA5HdvGouKSa5JA+EfJXVcrF5I8JeTQOik+2bWgM1nMhrT0SQGJgoDC3vmiFQsGJJjkMZScnfQIf1wQxM8bMy1rX9IG5gNouAF2UDgTxNWxp8Z+kpanynzPm9Aewt1Q8YQSGSHVmFR2wS\/qJorTHWD8seoBDxiXr\/Jrzhp+T4G7aWy+PK4peW1lunM5ZwayH+2G6AF72mr+9NShIq31T+R\/i7G00e0d8lC08arFgrP7xbHltzNsevJw7TO7heoxYjLOdwd79cQPJBHGN6cAkZED6B76kDGTUdX1AYSpun6LhwRHlxgVuFQtfE7y\/DnLBUYzAcWntPYNYvGghUNITCLh8lnobrCJOOpgpG31oH5+kuwGIUSXbKA+01pRlfgd5gXolZKhK3pWOerj\/frjDS+2g8vClgYRT1+lV7rb2y\/Iik5yjyOhRlKWs5VLZ7VCWYVKqICcZsTvon\/NMVVMYb6HJJ32Yz2ORvo8ebpxTje4yqrxC+qapfY5RwYmEaDmI1L2w04UoqZ0dJ1NSSxDm6HXMu+ZshF6SujBNEG42mGdRf6IaSoNlxzMkSyrtk+YmufaVAWXNamgtbe+ZtSIpyI7W+63DDWITJezj4w9w00cUFEntoLNlOB+zElDxYScTOE3CpSs44g2fcVw+4rvMHfwuxPeTdHzp4MAsePKq+zngj\/90JBFE\/tDfTVYbaRpu5lmM3pDSvtX0fT5TvOH843VTAPlB2fm8MHtEMU7PIrg8lvLI5kYBqaI59yOALOtxEFcXeKMhTylktz05RjIrZg6ifgDckMo48nJYsJtSpscdyoK9zfGzj4NaovMFvwwWNIopaYds\/P+xBZkC90KYsz06jFDLqNdcZXDkHaPFJXZAxXx9set1Fg3lj6r\/AobA8N7sLKydAgxC\/rtEWCBX5wbSuX8kpFOJgGKfLdk0JYmC7zbnJyfyy+C6ukhZHN0cU81AFqszDmIIshOZAY4iWz5aWIzL1ctZtibQ5iLAcoUfb250TuivT+FGWq8x3DLfXpYTdXUgbMkK8lTQJuOYtFhD4fHRbg8qZIkwDODXwLSUcnqUn+Q2uzh8PtHzNYdam5Obh2M8GgLW8ukG2P6sOp8CokFzXYzFsiExtyxRsQxvskOlQmLevtIDnsShgWKCRO7UN+uhRGaYGLmSq2\/5t1JyMiF0cem8I\/nOK0mRwXY7N+ECcoaRDXyTKJR\/4pe4u8s4tPdTtCzoa7o8ItJAgr6FkTuYLEo2hwMyPm4hV38utdskBYyUhI6Vz27vbgYAi5nzlUMaKyr3bk72PVb2h6cE+5pbWp8t27oXh4ceZgCJ1CqxGsEI5zHMEsBX6U\/74OCgAAVZMzKh0lFrwDdkIuV+i7biu6I3DoZxr1X50m6VKkaA+qvAjpG+BPOMuRH3\/5\/vE6iwiiUVaV8HIEZpVud+gx9Rzu573VwQ87CJfVs7RmgLI88d6qzIEQAYp5JQrr2lJf1+r4xl60u3ZAa+E+ox2R3gSbE67e9uWolVz8QS9Ep2IK7cfXKJOfNxu70MQcIVFRson71WUtcVpILsaqgb9rATvfzoNmtskVITRoIpqD+mi2ZJvPx6FmM5uP7YQiAppyWykt6puGjRFKGSfbt2gGFGLSdxE20Jo0zgDKZvUFlb4u07xu5j8JVjk7HreBYMQixh6ugURELWsT7GFnQi1VQvh64jRAmDcuARkYMw2228CWbF39WsM9a4SaEoLaEPaqo3lcdKo0+Sgn7WsqvH1w"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338308554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338308554,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTrzqQArMTUQF+qfZl\/j6GDEC\/I+tHha\/dgY9YrBnIQRh7ycTzuKlQRveBbgIPaLRsi0ExNkrNV7kEMqhWFB8DVw3+iXp7Q0SPR4wk2prQv0Z9EAI0pujRDgT83qm1mSoLM4iQy0bz0Gm96wSsATMKmUKyFyFBnpTsLUf9Xvid5CkSvVYq5IyCOuKfH87rCz5QTkBH6YTC+QDCSrAGsbffYz9bMQO0R4i01YSA9\/I4aHEs98s23RNpdZor+Q4Oguj04Ui1Bg8f3CMHs0B1wKZWu7IF605ju+my8Ex28FSM3yemKCvdolaLftpnKyeHoId\/QpIb8iwutFlbt0BwhTCDewVFpV7BQBJRHSzzcqF3KHmxfGeJEz8HgPupbuU58vn9Kst3qPAnRfWPM9Y\/xuqQrVroUhIzD2KcGL44idNWqzV9MuP5s0aD\/0n00A8OknoaT1Z0nD6uS7MwoMEp3hjaZrYh1FVS6ZqzuhHdMfQUCymEejFbSmXbd58wxV444MjFUEdTCH9C5nplkg2PrEbadm\/t1\/rEMeg\/JOLjOqZeL3RVNZnVu+64GiTXTooYqjnh40z9xHOOmQOZyfle2iCVO8R\/ivXtUThQIVkJxvD+lByIAMuKs19fjh7OTQuW6brcmUpLLxNTED3sSOJ1MHHkPoWBfdRuMlOs0Ryz0ZCwxjKB2QykP3nGHn+U9cQJjEEK5qvkEMPYypV1+HtjqlPnl6iu5Sd3xNKaZ9FcaL83oG6RIF4zjJ6ihumZijejW+\/cRyoX2\/M6YpKMTtn1WRn9rhtQry3eVZPeQNVSd7XZL0VdvQ5vu1ggAQn5TQ5togK+G+4pXqF5jfiQ6DBFgLpBhWv\/UFK7aVWxuJrDA5S4u1lGTu45kd+19qZi53LcaXhMl0qJBJJF3oCyKeyoTTUDuHU27jmLWrpsAktKlqGf+4TuB3lSO\/EPFyrp8KLENcsfa5\/l+B8TZFRRUwAQv7YeB+SquPT+XySpsyvSWPmJ1OkgDGN40H8aBclc9K0qdDBg5M2dE8QYwGrrNKoCeKgtW9TnOyhkw6iCeSMxUnEz7I72YmaU3B4Qdh4i1suSJJS\/Is5YBD0LYW9RGca2psLfKVVQ3pVzCNm+8iuLUD\/+N5dsKBm97UDJJu9QZbvh\/17ADMdqmqjGV7a\/KL1diOzof+kNEM6D63PNaEqTcdTJU679aUQuDA36PwnjOfPQ326RaECpj7agr5AR7cT1hl7xR6U2rhzkl0Kz5J\/fIaAVikO2T1YDzpEa6ViQoL96Re5TbD3QjIjfR4Gp0AjyScTnvjlkaS0KPbZ3dZO0yuuI8K2w5rv+O9wTz\/j3JIVxILrgv+nrmo9uCpzcwBNXvDg5SBwN8NZxMqNH+W5G7d95IPrVS2zW\/4pG\/B+zxKwHjBFjH1xLbTp7hfN1GljHGDpVEQpGi4OAY8li971mNtDTBydQJmQ7gQlhjFgMlfgoeRtSHU+o01scTey2+WUdu3zYtDsTDdxFIAdmHZbOrHyzRES5q\/KmutL7eczEoW1LzE4ioLwIH\/g4j5+nlj4cThgEcmecZB7Bt1chmjIYfJVOi0zwKH0\/NJvwsPzAtyn1PIZKiwEc\/CbD40rT48BToIWSWBLXxWuohMPnE3FrkoivOd4Gpa\/0yzU1wMDSMH+mbgsZhX5zYEoGglp3CbY5FVv9cUPm5sCy1UpjiUb\/pbUisccf6scx\/oiXxAimL5KCP061NTFY85qjPvir2+lXCW2MH9mnIP3P3l0xfA0+tgQ+tN730D7+w1UgNyI6x8+Gr2OtccMTyA1EwS8"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338309852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338309852,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTqtnQA9VWeqlnKi1He4wQWN\/f+ykkZ7EUoh++i5eD6CZN\/2OK1LLvIohuBQ6+oAOvGiKMTrPyoMy+bwMieLisXdiafKDJvZCKRyShiIE\/VsZZA592sxRa9Vg2pXH9j8435JRlNe5zXJlpHaHeTbO9GlYTmUN5Wk8dNnRtW2hdo25fc+9lOQWYGT0CaE9IiOnSr9tN9PQJxGm59j3+FpjB7JoRFF6QQtD4qRdkxQH1ljvfZOy\/NU3nHfLfeZPZJ75hGZb662tqPtx7u6RVD6+HRQ9t50R+x\/XDILWM07srC2XJdOD+9vMXyQZnHhaNfwt9CRyUEeHYvvI4s5LjOc7Mbgwm5E+3uTUaD0FMzn7S4eDN2dyeOzJGAHwGJcE6SUAzonQ4OeQrZPgaBZWVNmyKGxjKy3RWR618ul+UgR1pwa4+LeuwPByRnCcul0lBFI2RjWbPy7B4tvwCuJTWDNvttFv+HTU8o\/OMC0jVE6E40A6vQJGKHkOZ\/eHxWUXlsEKRm\/GXeQyO2JrKq91+JEuAU0WTmWUvpcxBbRgUThFcVxvkjStKjqJe0MlTP\/cYQFieJP8LkoVTkSd03u3SwfS+3XPGs5NZVFfRewRdYH0d\/EQA+OQ4qOBcwSzVxJTvoR9+aJTgns05wAao6IGVc00ppeEKy8o9B2PPCf2Yn13wVW2uR78+\/Sd8uRXih\/0hbDCAxr1YMdwv+eWb6z6r2HUEfmZfbZ2vZFFXy1XdNELipxBnZhyKw5gtJlK\/prcdMl689I0X4UmwUKvuaZSDK2qVQjQZ+WfWe7Y3+IIr6FePlmnyWxuwGx2NAcUjClYlSywa3SNafQ\/QnCxF9jWX851VWrmEKNrzufxVm9BLlnyE7TOg37UYKSnU7MFav\/5Y7S9+nCiGS0pI2h6bn9B89LgkNcy2P7evWjIvP\/b3J9WMvri5HVWcmKN3UKigYQLEtEZLWZFHS8dH+em70WrNuoTlSgtkGX3l78KdOLj\/JZ3BCtl8IlL8uhYijP1M\/3r1gWclDoY\/N++VS2piiStR0CBqTIjR1lVS9uLqnX7ydFKTP\/QLVmlxN2DahOn1ecixBGSgvwTN0wTqnzQ99268818kw4dNrfToAOz5UDyCmvlGbewpbh\/O7rwGiMjYWFa1wJFnhRK+U3vWbsPAKjCIVK5nitFyipl+JsLSS8NuBlvP1GXpicNGf68c\/aKS\/iTLOLXEYWxAXBoVkP8VTohEv+v+JkOUIqzU9aUAeXRmxabFQdwgmz6HZ5Sh6Wz588d0Il5MNXCmccVrr9R16l+BtvO\/6JwNOBkS2faZ+uXBgIOKPPEK\/VmJ2tHOGRGhP66mnMcsK6ppNBWsqw\/4teJOjdZ6zNkHNjYpMl1HHg9179N7hNpmxK3JQeEhM3Nd\/bwFjudZZ3xeZKb+RO5+HTvf6lOws9qjq9GRVdht6E7qZyfdu66KCGUZ236sgXx8\/tXdOG1GjNaZBSWQdyO3j8e3Szniom7EbDIbswnp+K0bpq6I03LBzwL5bcxiJ9cX6D22d2UJSBciDgro3a5rhSqnCgE5jx3RU7FGktThztnkynC0jB81m1fhkQfPfxfNUt1a9Okezhxk0bMu0BS4AVkvJ3ROO7KASlsLkd0UTIs2KqAJtOyK9weTtncnzcRNQfszERX2cx3V06dKgFWnFbRhfkN0NHXkYDEtKOXl1Mg2fVxyB0vQzYU6LSlvw6Dagv6NwzYn1c6Ac7E1lV9ZzFBiTOFF0umqRJzygwakMmhdAHqB0FbthGufvfPpr\/4MvkTCdu10K0kPvF7x6j+"} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":15,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338367037,"flow_dst_last_pkt_time":1559632338349062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":18936,"midstream":0,"thread_ts_usec":1559632338367037,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559632338367037} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559632338367037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908237 bytes -~~ total memory freed........: 6908237 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7485789 bytes +~~ total memory freed........: 7485789 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/quic_q46_b.pcap.out b/test/results/default/quic_q46_b.pcap.out index c1277aa4a..01e72f19a 100644 --- a/test/results/default/quic_q46_b.pcap.out +++ b/test/results/default/quic_q46_b.pcap.out @@ -1,14 +1,14 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561708873328442} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561708873328442} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_usec":1561708873328442,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/76.0.3809.0","quic_version":"Q046"}}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"quic_version":"Q046"}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873357490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":44,"thread_ts_usec":1561708873357490,"pkt":"AAAAAAAAAAIAGNwmCABFAABAAABAADgRW69u54YjrBtF2AG7sdoALCZ3w1EwNDYF0aOrrPYcbNEAAAABKUO4TMFStZdbdRt4QAEkVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_usec":1561708873447906,"pkt":"AAAAAAAAAAIAGNwmCABFAAViAABAADgRVo1u54YjrBtF2AG7sdoFTr6M01EwNDYF0aOrrPYcbNEAAAAC\/8YjGS48qVhChWSun\/F\/0tw83QKJDLWjBYJA09IzRzwLQnCpg9NyEHpzaflUNehkOBavOBhu3YQm9xnHynBS8TFlxf6b7SbJ212GvxrQorob1FGVAX8oQ4qlKdNcH9KmGH8FQqiWXAUdP4wIv8bxJlPu0eWjvrQVEV4+WIaZItIH+aOUaSN9\/ilrA9RvBf\/Eg0uWYctKOmpFEGA9LEKr3HlpKp21MHHYkSpIqfP4A7ajmPfUk0qEmleXgrgJc3ZuVwkOUh+lp\/0eDnUOVGnw0Bef\/nRJzAy9BZYUOHKfKJigrc1SrncXcXGesF5G8MJfo5lQQeKDSwoFevbeXZPRaK1FV8AI13mn1U7+k+RqYwMfqTzjcryU\/s5BA04mts+Ch050+b0vPi6EOfeOA1CLxv\/tk6KsNDiigEk01rPLNm\/hEnaVJMANIzUHvUP4jg3PU04wvG3u8GEaxXwy79Kn6368OsQ8hdAqoLyQpQyhi1ABBqvxZWZGsUTcum\/BfVuIRpmo5YvcWIiYFY\/Q6OXLR9R2vVMjhnQvgbZY+rzI0fcZRdscepkhRGzz77vGIKYhgUxMxPqTprvkoXFsDJnTqnp4n2GwWBLIb0OyfRf\/7VRBKuLzhYfdO+kGKah6INzDv1vEkf39Q6kBHznQt9lH735l+OscDivp0nZu4MdQyN7vfOJNp9+jgtg8n2ANvCzvvW+7oAPTELH+3+cxxBeh66ejadW2+\/yfNqGNsYWunD\/XCKd4D2V+lhoYnV56+qwSLgUXXWB2mY\/jm0ycFhQ\/Q6nqSn\/I2aBJISRolyEFPYh65rNrttlVuSy4cI8laG8Su6VBG5Uuo4K9zFSe74fhMvn\/3xxSa9X04Mry4juPeEmANXZBAppqqM0xlJabIn2HLD847OZiYuNRgulowJTRYa0BeXeFFYwg5asYjFOcmIPelC6rywwM4C200+37pJCuqYhl7VRwKcsiCZz5pFD6vxpCnxBkjn70ZSRCzczW97N+mAXR4TjhOAdfEQuhrY7Y+WOOlG0I5lw5fpu2\/+2zMe3NZEICyLuE+yMXBwxKksv83s\/2DTmSfmADa1Lt+OXCdJZp8e\/fI5MOWyzXREHAWA0p1Xxf0JQBAFaDVmD71NXRa\/e3YP6nmQf+KzlbGl8euL1ZMv9cv4hs6puTZquoiq4UkwuYeq+A+wUrbkmifgCFGTsiIuVdxZoBfG7mmTcuzlAoj7eSy93FWGxAPnzH+xvdqwSDn+7M9vnHHpWIC+VzveE\/CCes4f3ceohr7y5Dn4lOtoe0vJsPwQpFPf9WtVwM8s2MSRZtgUxdYy5XHczX5uN1c9SlpRqooXhpp0yi4N2DxMNkDHytOhz\/qgou3wcDLhbNb1ToJSHgg+yYI1HFM5GCUBgIcEFdWUnHIoDy\/X\/\/efj02fBjznW3x\/I9rMer6Tvkfo0yrJwxvKS3Vqlk4oY2riLgvgmR0l5D63Voz6cwqCDFk4DSzDUTn584mcKd5zBHU9ozz0R3Cik1cL2iA9pnd7oEAwphcmb3YbMTagxytlPSkDBIcz0Kd4BlZBLPTo1k6ef5SlDhP6oHZInjU+ubb+1fUF0evxg8wgtXW0cZjOTqIqNyOZPsUhY\/78wYZIpgpZZEa60kxvwRBUQ6WZuEEAWO4u8bU4NqJQII0XYAAfp5H0\/BDB\/p+vVgnc1k2DvUWm66+G5dwcauNbi4ru1irvoLehKJx5aMF+fJOZNqPIwy+\/4iFLOkcGGA36sQMRqTOLRYNzYbHYC8YZ\/SOqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":39,"thread_ts_usec":1561708873447906,"pkt":"AAAAAAAAAAIAGNwmCABFAAA7AABAADgRW7Ru54YjrBtF2AG7sdoAJ2svQANZ0BQdTteTPGKYB0T\/Suu7ddNWywm\/bYiMAK8NlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1561708873542922,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":55,"thread_ts_usec":1561708873542922,"pkt":"AAAAAAAAAAIAGNwmCABFAABLWn1AAD0R\/CasG0XYbueGI7HaAbsAN3hoQNGjq6z2HGzRAkZgauR6jC2QY2hinAIQJlFz8Em5XwagPo8YW85xltrq2ilzWOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708874187856,"flow_dst_last_pkt_time":1561708876422246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2376,"flow_dst_tot_l4_payload_len":2844,"midstream":0,"thread_ts_usec":1561708876422246,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1561708876422246} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1561708876422246} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908239 bytes -~~ total memory freed........: 6908239 bytes -~~ total allocations/frees...: 114158/114158 +~~ total memory allocated....: 7485789 bytes +~~ total memory freed........: 7485789 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 620 chars ~~ json message max len.......: 2419 chars diff --git a/test/results/default/quic_q50.pcap.out b/test/results/default/quic_q50.pcap.out index c330bdd0a..1532e6e3a 100644 --- a/test/results/default/quic_q50.pcap.out +++ b/test/results/default/quic_q50.pcap.out @@ -1,14 +1,14 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388088469619} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592388088469619} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088469619,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","quic": {"user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21","quic_version":"Q050"}}} +01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","quic": {"quic_version":"Q050"}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088511729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1592388088511729,"pkt":"AAAAAAAAABAAH2tiCABFAABGAABAADgRTf64l8Ht+JCBkwG7mSMAMgZJwVEwNTAACN9KCJ5O\/156AEAYUqG2lTe2LeIe+Cm8S2sDMjR\/1C7uy5\/p"} 02341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088591640,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088591640,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuaIwlEwNTAACN9KCJ5O\/156AEU0EsFIWbfyiDTriLZoVpXe8mBihbaaK+GuQgLUM2k18a9drw\/KbHYn2D+KnhueaQuI4b5RnobWiDslIfKd8Mirh6o2aIs9a9qw7cUa8PBv7bzqEIAEQzk13O3\/Bmcqazsp\/+kXQrRut7wvxnShl1xW4sNpOBXqxvlB\/nqN8wg\/PWpL9O\/FPVIgCehFv30qEPc3PeeKKCKLfVTqnxPixlqgAYeET9TKamxZDJ72\/UQ6NmlBJ28\/YXsjTDsXud+7gYqA\/RkmlBMjxYZbTaJJhQMqHb0o8hdYWan65TAd6PfEjGBDGWn2GDNSSzDYoVEizxOqWERff9oCjTo1xFO9yhHRjaWZgSFmltr5w5\/Hr6eKjmrddpc4Z+wxKpPufinLcs1Intywm6Clf6ukiL4ZIaBU1Zh4teRYOLqycNHKR892rQ3DuuxVXnpFwyl0zeIkME4yZSYiRCwgQLAMZ5FSfPbweT6hIb84RvwHrX1jO2SDi8RMi1Aevd6oV+JrNOluFTTAKRyLOen4BBBYTSn14h5EAGO0Yjv6iLbKRjvUAlFcrcWVM6\/JgP5X8XCg0n0XzSdc4uh5LhvkR\/h7IvFVZq89RpXeIhO2gstbOOib2aW\/JqKDzWo1j1Ph5gagHkB6L9a5Hjd8OSrqenRM\/Y9mJweUVKkHNmEigtNsMArIaCyxyspF5no9KUYo2Kbty26OhRt50wzulToOyP4NcHmZfEkQflkdukX3pqNAt7MXd3wyob825\/JiVxf+3hjyosU4MNO3H0eUpL9ozj7HdUKWylpVr+NEYpL6oqxrmoewXJqd9\/7HqfpRoNonB9ea0mdvP5YegQRlI+fyAKUMnIwTWXpzfIN2RNvsJqvBECokakuvOOGofWVmnplR5MVVywVaMLE82YUsCGwIntd0a+EJxQgL7mKQ6dtgeQsn1wbHWS02ZvPuWP8OYrCE67jL2v1bL6\/2h+1XCxsQAztrS+QayoAW0KvlpCNW9ac0DTJNHWRO2pghx+tJZNveH28v6DEDiBrmIsxaWJtQIYwcHaS\/T1k9TL2LCukku0Taxl6+Feh7bikCsuVDfdGwZ2pRT01H4nEVENqSGeosdtxGfJ5JRhSV8U5ag1spdFlq0h3UcT8UYP6G3yr+GnTpv73QkQAN+x4OlLFujbI1BhryJRxg9c7xx4qXcEgWlOzLD1VUeIdTUw\/9wkqyS1DOLPWvJnyAWGAWLaLCSlJLekJUN7pBX8rjCfjU7xo6oWXvXMJVSzQZFernDGNc1++8ggV6oievhZKX7xQRNWnCNZClyhkVOAkRHz4B3Pu3La7QFMMFFm3BSS2brzbRyt2jJlkAxNS9aG4l00\/e6zrsSU1aVXhBuBimpONptOjBqK0HbHQLakoucHQiK+bYxbUBefBnGFTfqhmwHZxdyKtPzhH3xEm3CA5vgkPLpEOwlHEjoUbCvszlSBn0Wji8fHC4RVgQwIFqC5GXdKL2QfiRV\/OvVRBkGEKL67PAQH2qyWcGdC4moBOq1ncmuB4DIPvYwpdxlKDGChU2pNuD6lgg74F4ueOWbMcxGtj9TFP7rZPwDq2LKcVUPI30oOBmdOZPG\/tCzNe3afxNrp9eBk\/djyjs8g0B3CLoc0Rdn7ZnCf84F4GyVSI33v4zkOEKnbfwYmbCwm+M0HtlcdG9KI8P8CfdRpGL7i2rguXb1EIkg\/EYpYXxNoWqt46R76SStqYAB32M+Hm2ZBhlK23TOEoqV6bZc6sFLkDbytR7T7rgeeKXoBeF+Tvf8o\/ifp\/T"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088591706,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuYYx1EwNTAACN9KCJ5O\/156AEU0Os6NcND6sMIhR6wlQxJqDPKTFInXtiCVq7Oak\/Y82V0XywIxz2Whx8Wb2xUiZNk47rWK6oUgAo94MwN6KceEvFuaQASNHR6dakuMekdgMvKyWSoy7n6Kx6gcRhAvSIyiyivq7Xt5HstbWGNobzw5kW16it7xCvkjNeguznt0iKfYhVjHujng\/mIn7KT3rF0NdWtPKuRStas2FlOjD1KkMS9uq7qrUmpT72kEMNvQdgQQWc1+qu\/V9YVOZimYCxvO7Wt6gPNNMXe28X0qUb\/R88QoC9tLiwD8VmQcCZWnnwHftQT6t9mj6SOPLTxi3J6Qy\/azKCA+3g0XWUroXTAyqyxvYOnCkadn3eydA79hvFfw7hRWoftcfjYhFjSSDB+LG0NyE\/I5iYus6u9DedOhynlL8vB6tzr\/+1AR1X132TBRWmEZsyQ8fcEc631CffhAaA5uGUHlkoJHYaU3kWEHVpwR760NENnHg1MfTZ7ZUhVfph1lE1r5XNITcJrjlJRyZJBxNU\/IEEI8MujV265G21AcaVMc6szhK1Wx874zM+OeIwciAaHgXMYrNj7WthHd5PBtM8MF8SaNdoGYpcgsddH0GoZ\/3tq+2Q8GGxuJpOzfa7XVC9vJio2Lw3JZIvYv\/iXFhHxbjvAG6XePfv91jtV\/kZc0hXFCusoaLXfFJihI7q2H2FISpAQQjo5VEWT5vu3FajoiER6SQe23SIsEmgwipJFln\/ukd3HPHxZ1ul5RU9Is\/C1aceCEldcNKaN4VeYKoTWyjCpZFVZ64+HAtBk3D0GgUGD7T+h8BXpTq2yhqs7mM8jmOatp0xZo74R30wT0FPlVt2\/yhC68rDIjWIKyB36XIie2e3N1Xg+Rh14NvxElS3hevnImODZ6pAtqV3lpijp9PYtcTNZZa3GHwCxtjyxLKyjBt2PmeukOn3Z+1TzG6lAu72OuSA8F7Ipdp5l6SSFMGx5IdZ\/MoWGwImeADjm\/clLuj9hTf5G\/5R\/ywjTXtJUbbj9aynNQOMVZaJZ910woNruWRoBiqi0nI12HJIY2+WrYcjbAxySUwBouZ1gItm05egY4c98BytQ8TgT4l751mRafsIpIXzjdSoVg+yujlBxrLT0Pf3rdxZkIsfCnfW9j5TP3lqyw5u++O+cs7pDfPEEZ+ic1O+bSI\/Hy9wEZWf8jFhxDN7sOlIyYbXUleuvu8g4bpmRks4Jeg6SP67NjLTg\/Y8HwIsuf7EmrJVcQwMp6TCzthaROgfcAF5zF0F82CE71TICU5u9o1CBjiGKKuZtbbkV9Yue1RZbgp6ebsRkTBGsOnDf4SAZ3Ky6SdFm2TnUzcSdQ27ckpzIRvE6KaAPHZ\/Yf7varSH7\/v0fO8TvowM7\/1UwrIVHhejk0hlCXN1oRocyWJ1els7XFynG53RKgHQgTt0jEpWtqMOF1vfKXQy9Ta+FJvvGTrPQNW+\/28FJOSPCxZCqAvZM+8lJkqCZdh6lCet5KlK5IGz\/iR9WRBe\/96dCxsyck4A4u7INRs4Pr19tq0wHFmvgwhgJwYWr+DSNR573UiQZLAabtKJydHVcpmdxUE4aA4j2mtuMf3nWgmVwYD8Rc1oJthfCKlIBu0GXZYIyFxH63RL2xGpT1ye8Y32QC\/SymMtquCU6WSC58R+5BrLSghz9Iilf0uRYrSAy4nfJy8rwI10f9qZGmFH89aOtamU8Q+MnheA2OG\/dOcdAp9q81plhWrkT1601cQ7LPkz37vAFF6jkUbyboxo\/Fktak\/07yc8Vi"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388088618604,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1592388088618604,"pkt":"AAAAAAAAAAUAeJuECABFAABG6fdAAD8RXQb4kIGTuJfB7ZkjAbsAMoiixFEwNTAI30oInk7\/XnoAAEAYRBPMrp71zr2EFj5wmqAqmjc3agH4W02K"} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088898970,"flow_dst_last_pkt_time":1592388088935970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3327,"flow_dst_tot_l4_payload_len":16267,"midstream":0,"thread_ts_usec":1592388088935970,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388088935970} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1592388088935970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918554 bytes -~~ total memory freed........: 6918554 bytes -~~ total allocations/frees...: 114177/114177 +~~ total memory allocated....: 7496106 bytes +~~ total memory freed........: 7496106 bytes +~~ total allocations/frees...: 125907/125907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/quic_sh.pcap.out b/test/results/default/quic_sh.pcap.out index 36bae6c74..641ea66f5 100644 --- a/test/results/default/quic_sh.pcap.out +++ b/test/results/default/quic_sh.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723407275497185} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723407275497185} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275497185,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407275497185,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1723407275497185,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":105,"pkt_l4_len":51,"thread_ts_usec":1723407275497185,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADMRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwAz6z5TAd\/A\/mLGQHc83s7+AcZFeK6BRmC2KEO3r5UQVK7k8OWoUS6c\/hTxJk4v"} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1723407275497268,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_usec":1723407275497268,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADcRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwA360JPAd\/A\/mLGQHc83s7+AcZFeK6BRmBEshJIK73Nlb3xL\/55Wvb3pDve6sYe6dpI9A=="} @@ -24,7 +24,7 @@ 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282507442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1723407281575531,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281601021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":3690,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip6","src_ip":"2a00:1450:4002:411::200e","dst_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","src_port":443,"dst_port":33144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":15,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275605171,"flow_dst_last_pkt_time":1723407275604060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":12143,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1723407282507442} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1723407282507442} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6913600 bytes -~~ total memory freed........: 6913600 bytes -~~ total allocations/frees...: 114201/114201 +~~ total memory allocated....: 7491196 bytes +~~ total memory freed........: 7491196 bytes +~~ total allocations/frees...: 125932/125932 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 574 chars ~~ json message max len.......: 2490 chars diff --git a/test/results/default/quic_t50.pcap.out b/test/results/default/quic_t50.pcap.out index 29129adbe..2cc71f18f 100644 --- a/test/results/default/quic_t50.pcap.out +++ b/test/results/default/quic_t50.pcap.out @@ -1,14 +1,14 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598618820564956} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598618820564956} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820564956,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"} -01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","quic": {"user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","quic_version":"T050","tls": {"version":"TLSv1.3","ja3":"a2fc589336b7c13b674c1bab24655ce7","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T050","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","quic": {"quic_version":"T050","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T050","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820569890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820569890,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTn46zVQwNTAACFVfMtNfKdhjAEU02pBfi6Ak9u575XrmlbdyG1ag5OIwl7285v3Nxnsw8Lwoy4F9DNlx3pltRvpYv7yRLUAj2EQdI1b8uEmcdP9Lk6QJsvFQO42M\/PbvgSv5aSBR7ADIvkagSIwjp53htGhz\/zYlUUs1e4BKFzWrzHxpBrn3tRk9tC4MHf9tUO5P3B2MeVI3O66nSXCHk1RyPj9cinn3ZjxKtRBXyqmW3s3M2KBsk8zV1XjY13hb0PYC7j36RkDDGj0hoPOlaMR3xRkchF5ijLsbftoS8ZgSl8iT+6IMAemfyOo2vM1AInYx5h0uJCKtYT1HD9yjV1obFkm9JNNq\/Q3d32M9ltbArc4UQulBjQL30PaOFeS6\/NH6OpYAFWIaQylZhMpolrLLQtDKkYaJQK7fW\/adRXsSKcvSfS7LMOOa1iFP74PK9pOe2d+Kge3D10pHw5xvRBL5wIChQyBfmTPUKrK4rHXy82eTRRhTBKuJrbMv9T7XFHN5+H3chAvLWlrpV658DsehpWG\/heFld+bt39EMFPxrvugSLVNfbLvCnkIUyoImjdqvVj6Rx4k6hbJcFfYuU3ax\/j1wXJ1Aar7aVQydz+BiB9Fxk+eH\/qMFSF3ir3mKdIaHP3IUZOdgUkuG2UC5wWlc3438o4bvtGZ3nwifkZhkqJ0KdMIpJExGa\/AQl+d8cNAdSXLXM+DYjJis3nf2FGSiavtkGQ5gse3JeXrzKJFFtk6jcssK9h2Puqhq4IBMocJAfXnRMW\/OZ1jK+viEJjEu86fhopk0fDPB9DnWqNLuhKZbRPvi0CVdVKcq0vHFC\/pj2+NAI0Ops+2nN5yMrR4A6l\/8BcNYUJAtdstA\/Mmp+wdC\/G0p788zz8X\/NLPDa5WBeMhDBZktdXbl9oAq8mg52ggTdaTmm2jXqGKfzHqW5MClayMT0zXTwUHpjyayemAociOoR3pCM\/XoR3ULfnBs5UXukbBcD\/hcJKZpQZl3FeAMsaWvdZIbB62LlhdQiQ9E00tTktJnwHVhmpIGEmHx79qHujB4QnvSRf7rGMoi+J2+2yEf+pyZjFhJ7Vn0wek\/6YlXTjpXTJrPxdQiAfgtbMdrh0tGyM1aWelixaAL3fMRVQAbarGMmZNeVHObrG\/XRHUKe9QBmB0f2ucnxL\/Q5nZRz7iz\/WLt+LDVk7cJtCKxbiwTn6eNjrz\/eeO\/RDUWtAmn\/N2MrSP3BX63IBecgggeajGeDQeu0h0gzpQwmmr1W\/rYunSoqFFX5ouz8a\/O56eupxDBH4dlgKCLpB\/uNcGBsZbZn7D0MSdEq9sU+3rGh6ZCpDREqoFoM\/ePe6ZBwYyN5DfQ5S5xtM5Kx9nzgR0ma7na5nF+l+ByRUVDDcg+R6gDDtX7u7VAfvqTRqMCFrcyF0SqjD73Dx+5jJbDcuF3krsh5cUsmC3ty8BDoVGSf11axnldbf8\/lHSYOw4ulZJKq\/sTz5UxTVW5laCNJjqlY7Z8a7ZX\/gPYZni6DK3sKH\/pwfLD+eJvhi5gUZcI6y+TKOWHX3m7F7jI+o6kmuivTUhAHO0tp8eeKahEg274V6OXbr5gKp+A0ojgsX7ZyT\/qEOZyQW+ZVLpcoLdNi4viDD0P3Ti\/0+eMAJFCD83SXHZE7s3ktIEr1gJA+f8pz2foQ3UUo5VMFxosbOpW130fJlD\/iAqO7lnIbBAljSuAijWA4Tsc5zdOymoeY9QwWVkg13iiuc7J90lC+Sy8otpTVHsB262zMGncSESaXB5zznflxo7CBcJpN5BfwnB6hHSOc+uG"} 02346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678251,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820678251,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTgvc71QwNTAACFVfMtNfKdhjRTVAGOq\/R1tSJ490cCgCIJtMuLgnF7hKWcwUWGCG1yeUQra8M2IbabEbv3t9rDs1mKoSxG0o1SwNZg+TYNjx60XPnxlQjdaPemBfWHhyIShS\/FwerrScOvQMg46Oklvwr2FyLIMnAlNL\/mWc7+8747IMQbAPr5vlwnAdmo2qfZtYMtdIW1xhXCBxR7JJFwiBMgxW++zHicn7moaT8\/+bDZ+HzEepJeBYrSVteiS0BK0n6cCyVowGk\/PbfkfkASgXD5BG61Cd+nr8Af7qfQdcKurj0yyrH5h1viElvy4SUonTnuNRTXgRmkWFI5Dx655anVNEDyyIA+LInCwiGE39JR+co6yzHCype7nL72Nq+jikfQUPfI883b5MrQ9rngGiZ8\/Xj8lYP\/QZ3\/ogby7k8+EqRcwwLdrKtF5JCPQHA47uMBlHe04rS8i00HZ6nSli4gEiz6jamp06cf0n39bZgvUQjAKf0ERdv971hRGdG0miD7H3QBKDkYd3jMMaCW0xLn2JbaBK1oc8XsPcVUeGlwQmCRwBHHJ8Zi5U2cVPlHrY4uUezGQwo3VZ3r5q95rt435Cj51jZ28FqxsNIE11PMXbcj4IXggGlyQVSDdlQV8ySpernoTOLJ7ESEF3t54ex\/kmX4c4cMPX9ddsiAY5den0AJP0\/NiKWL3LrUSrEOm8wr\/TSwK8v7YyoUXFr0q9WzgNo3XQrwUtAlQBmFb24DGYwbS+3XNGulanTnYpBrsb5c1rh0p91mAhQ\/rpURoxrNHqQru2XnDOVB85T41pLYZBM1fI2jpefgEQe9S28IEB\/1eLwrRuiU\/FIh6zJnowpUGRMkPEcli\/a9qk4i1KUhncByKhdd\/9ipm3FA0L0wwJh9k7FyhUMixNB17ijKhZ9gdil7oXiNMdx124Nmzbbk5lrjKivTcJ9RPINOAPRUQFR1RdL0N6Kq0CLXSzCDdZdLrY9En+mVKeYQj0xo\/jR18exhwt\/eRGfcgKxU3vj0n7pPV2efcnGnYI\/qnwevG1XcNdzUDvV4mVcXNvYEPxKSNdhD7Gpk6sGnaPSQTI2HNf0HmdlyCkLZSrpVeHOY4fveiP4Adr8M05Zxd0p3+8DcvQwP4QYKb2558+ox1mWrMBcDoH8rfM8Obyh3XuvPIl+jImNEF6BP6N3059LnOdatU9xWrsdLNJEgvG9u60Lk7nUNGZtXy46J65s6wF0c50NT+RmqoC2LZher4uoex39pj1K8V7kaJv3pcV1GjZn7eaJfrytSHHD08EAQGGAMIFMRg6nHfi8XeYIO3oF5hSYGXvUcdNd7WIgnidI\/Dzin6YMvkS0sgovzeBscolAktAP7weC3mq1LIaKYgNt2UsL8d9KL8\/n8B6R\/Yt81QFXYZf8g3+P4tPy\/kkSsNIfvswl3y0LDlhheLGqrpmqC8lIBGwv8YQXlaspfmVjHdirPP2SwJhDXPOI7i0j92jF26bcCvOi\/MymU9+Eb7WBD7jBktqD9MQhYDPOR1XZV0o4Os8ysZy\/WuU9JD6fru3jsr\/kKCqPguqlfF+W\/br9kviTd3\/eB4VY8p+7Zw2IhUhbAAnr8CvfrB2S\/TOapOVIXCtl3VT4kPt7qxNllSaLAB7HZ0kifbilO2MEKf7JHrUnpsA6AJyeHwuLS7wsXBPwyB\/OuLAVAq7ZLX3Aej45laD+jKQmWnX35iCvC2Lk0iNpz0KaPylARDD4R6xtjFuUiuuiD+\/VDor8Z42laVln8rezBVKWbgIJ0+RzyJkUTKFz9D8WmujYRQ1"} 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820678307,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTsI14VQwNTAACFVfMtNfKdhjRTV+TZdrbCv33x6iH690PyehJilsagoNTR5bonnLL0dBgoMc3YX6O7TqPoYEmBQhBo9qpBXyGoeAWGhcJFKsYDc7\/u4ZX2hLTAloQ+a\/pdH22A8suHezIhbLeb5134q2RA5HFoZzTMTZSBCIhgTstv9PXQCwumfychHJYHs0Ft6yq7RAocqUEq1\/LWFpsGhK1ImBcJ8BnDM5dxDKgRMGlmxspqHoB9\/LPeslqcwLzWl9OQB\/VcpU8C8sGBntQaRgPwf94pa0UqHMz\/2obpKwKjbwwgbEskSQbqBuFooA5L9rz6S2jrVdw6PE85FWIxp4KWk1jQusgYQi5jN8GLyCPIvXHA53qb7OcsTkg4Ww7b64NWwW9ifQuXd+Gqe+UisPjifLIntlpGXlYNIY7BnAWTPSpwUdXy6Qtqrk8X\/ruvgOsv6aDjOLl4Ge8zEim8Amf5sqpEA8LJyB8Sv5O66dtJK+I50u7YFLUA7h\/tgVP1iPhpJTEnCH16DKyMXZFkbh9DilxI7c0pOAZLYJr48QuJox4RoLFZ9lMTvsKjVku\/fWAMDXEQvaFNwvlBvlnQb9JbaVASSjOzlsBofk50BdO9mypm2dSeER4kNd6Y3YDYqrbu2dewaFT5S3EXYNt0lT5NZS8OaF9O08WAiSZmR5vmuAfuLO1zLgGQ1Euwq86NKKfd7X3h+4ViguppZQrMcNF2YojGrt5MMBgpSYR9Hb3pj7xTb0uSkVCu72ZrfL98amuFAUy7Fx+treVOyYo3k4jCPb2dH2G7olLbbzBoDbI3iNF6Ekqomn+sjkEDznbOBqf5f+SFEITZLVshGDkaECMNIlb08WSbhHUCFxGcOQ3UPyKpjOEVlwdNr04Te9hF0D8k4p+KIgi1A+waaYVHLFETZeT8YPT8ZDHf6kMrYR4r7+vw1sGIhuXD7dlP3xV7QBWhPLWn09Zzf+Fjtn\/rGO7M7jIytdlLNCA7WWcqkE38zytO4rGXwn4Db\/WD3qNvU2vCguVZQJh7TYQjHrvQ1m\/kei6U2kUJxRU9pZY4RgTao34mbxevGfXtL4ZcIwdhIqpGsExlSBqASylYBW8VtVsRikCdpzuCR29+fKrJ5GQKsbKq67MSom7g1SPuKRUVpcCxxtEonsShqkNxNzZ\/KxLmT8v5MWSqqjE373M3Qtz+UlarcxgwlqXMcKkepFzis88I4xRmO9NUhDQaOshdj35UPLk\/InvvlEsTluejP7p5FAbc8LG6s0arB0tweHuxaedQ3ZSCoivRmpoiifHNeSVAt5G5yOhX3uHflkqbYAvXXJvJz\/9ghC6SZTst4VCRHHiBQrVKQogZkzh\/ykPsgutAYqQ0MMye7j5zhBayUaElfmpZhnfHZOgPfYCxTTc\/RtMexJr3LPcYh5ge32zWBwHlWorfSgmJcAhbebG7\/n9y6h\/ty\/9E6FoWOluyMMDQ7gv2jL3WXLU+cqEBJmMDsz\/0XHB8yjYAMFXAREmTS0tJ32G3QTeLJYyzJ7BvLKslWQtK1WmiJD+z\/wfOk5auh4iSdzg1KQ669g2tPVS4uwbx16g0jlqJL3MH78oeMHfTePuvb550Dwg8s3yCO8hnNoYt3ZDALl0JQkpBdmXoMEdlyv12lpf7U0iRGf\/4pr0CE0SG8rDso+ecL+ggGjpdwPWgfQ8nk+lOeLsTXddVYv03OgnFqwhUvd21zzUyTUY4mKGWFoQ1WIUFHdZw7rjCzG6mB\/mAXdXyriXrRQk3wIAGulMvV8xiE03NCdGQQ5kPv7nYJRK7sO"} 00959{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_usec":1598618820678362,"pkt":"AAAAAAAAAAEA4e3RCABFAAFmAABAADUROGOm8LzRKJp\/yAG7wqwBUiB24FQwNTAACFVfMtNfKdhjQTkel0q94ZItOeKbj6OxbcFJoQQVaZZak0Bh1BLF\/\/NZ4vK9O0\/Iy6KVVmpDncSZrSRwHvcZHSWbwZiCstsEDdWrPtcbInQbWLg22euJTVfuU5XsciFULUWeQPLAOQqZdm4TGL1RYGogRCrzgy1YIhzTA\/sljiH\/YgFkGkv55prkYaQZ0L3X+SHIw3ScFYOOfEaTKZ9UZsO3Pvc\/FFafyEjWlGZWGLfwpFNh2DMcKPiZNzTcUxqJpYEehuKjdd3uPDmJPzfrMlq9RlSvd1c7GpiMmPJM7M1+8CxZcfUFGSEw4zxFM4YKu39AIJ8LU\/VWvgMbS5kedIXCxCBRacLcGxpZA9djAjOLWYiPP6gwUSpIvz7Pr2cVDzE29sJajeCR2+5l7nzkQtdzjYwH+dxZXr47q1lihmuSWcEW"} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820984161,"flow_dst_last_pkt_time":1598618820815062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2894,"flow_dst_tot_l4_payload_len":5022,"midstream":0,"thread_ts_usec":1598618820984161,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598618820984161} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598618820984161} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918341 bytes -~~ total memory freed........: 6918341 bytes -~~ total allocations/frees...: 114171/114171 +~~ total memory allocated....: 7495890 bytes +~~ total memory freed........: 7495890 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 618 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/quic_t51.pcap.out b/test/results/default/quic_t51.pcap.out index 911530197..a7e1d564a 100644 --- a/test/results/default/quic_t51.pcap.out +++ b/test/results/default/quic_t51.pcap.out @@ -1,14 +1,14 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598620434413428} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1598620434413428} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434413428,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","quic_version":"T051","tls": {"version":"TLSv1.3","ja3":"92e76078d514999cd950474995dab2b5","ja3s":"","ja4":"q13d0308h3_55b375c5d22e_e7bc1e4f333e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"T051","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0308h3_55b375c5d22e_e7bc1e4f333e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434419300,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434482713,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530068,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTube4VQwNTEACP+UFbWwBYYNRTU7ePJ1K+FSjOzh8I+88Xo3glhGN\/ISVgfZLjon36o\/Ic8wElvtdYWOln5kitImSZYvUwk1fG0vvw0gN4Ua6Bk3jF4z2+DlEmg31OHq+boraULEIZuAwjhjODmyz5ftYwgYtTSwoERmJiUKmhlyGLqx3S+tX8EjcRIqYjSOyHMu2jndr\/C7BAPP7JVT9ieYljjMWtEQ72Flay2RpFT4RImtEH0\/RK6iWf3t7LgbxjhC97n0j1DDD4P\/sZZ0bVIicKPYmXAEngVSoh3oIH6poziu1qlEA556yxALTbdx8jtmJX0Z9ooraLIBrb+pueGEs6xQAtF7up+LVAjymIfJeMB5q1EfGiD2ya\/Jh+zUG10j5iOvBK28sWnXxVEamKBupu9qXaXG0OjhurIE3b2Aod2vtsJ1NalOos0dYc\/g5+XXDK8tcQHad8aZpGNSUiRyAtmWcaYe8vO\/\/qYA5pPey63z\/sGlL7Ey0S9M9ZT2ZRHnqlxrqhQIy7XXexnza+a3DNLwUI04v3Ks1B1peq0gsFraKmD\/6yO0vbt0fXLwVt2hr3SDHm0oGrN74iZrIwUWQiIQl22WxQHTTjtYOTcvqWfO7uam1Ph5DVbFaDddigRvWdhF73OvmxThMwCc9l6X3P\/tUIdb8CggvQWiMRN5Vhy4Rljya+ZIOcdjbzMw68oRgdgPhct14QVofXpMjJfC3oqi\/nNbGLQ5rYKneQ7CWh9RSv34L3R5RDGC\/pHwyv6PGgI8KRf9+QUC+7gYPb+kZQquYvru8Z0knElk\/9u3Xyd8knK1jpgFTg1HNdqhCD3oyFIuAFRWqcgNxU6wz1LaRi24VFE+eJ0o+rsi\/pnfI0su+wrGhXYRbyyiy4ZzbqahkZoPZ2zQGAKW1nnvD6p\/zaLVXZsU4jxLWam2WqckX1QTbgPxB0wawYNhyf2CAAhEQ29\/cwWUpxFyoXDPB+hK4kW7liS10zysc5bs+sslvGCpqRb0Lis637gfgiMEACVosS5TN56wDxHV6753I9W1zSBCNXxUKOAdDNb1MGhBZT\/uUW49hJ6JXcGEhfw+P+5AzMdiqKpUSFKgaiqJSf3iiv2\/RtnFbJ1FaRBOTOgw3ARkcPvJN0sfzLk7RKlSqTCXk8peiPFwt5uzAbWqrhfe\/Yen8D2DWvWSruKHIC7o+GazJ+\/eyppnocCPGQQZ2lonOQT2qyNSZ9COW8HeAaqf7QCJhvb8S9SVVml5KBhnwRNbnuZICaxg9vyFjeBwKI7SstbJ3b7slReERnG3DvEqM+ouROXRlpGgUREXlGwb7N2UJ1jjo460vUe38pW2vZ1XnXYGDBL3642Nhsv8\/xSPSuRmLvvooBVMWLWW5v+LMlMcoNIIM6xibupcxuyIqKDqNmsScanfhq83xCw4xKptGbS9bu\/A0yrmv3Atgn3WXnx2khAoVngZCR0MbqmA7T5k\/rUKhB49pS3ip3KT03PKvjuwDr50ynUXfZOYJ3+OmI37LBmqEhKgv5YHHEjRB8VHHXAh8Aok+ht+KljGfYLx0rx0y2IXVcxRnvPFVtHn6kBareUX1Lz56co6YIb9788QnPlkfq1D0P\/\/4uwz67uvdUChfS0JSNQ18zYOyJ360r3AVfKXmyQ19aUMj\/EcNueVwU0nbl2KSsYn1Gfl7zj0ewbm+BiPQNHMgAkoRMw02Osi\/TmhB+pfcq61IRV5796uYYuP\/e1+49LMsN6JtJapar+\/bfHd+ip7c\/\/L52jGcE3Fey3bVNYI8YmxgiEd0S1usipgR\/OJ"} 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530087,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvWw7lQwNTEACP+UFbWwBYYNRTWFFap3NZueejSHTEbypHeKREWRxqFhCyZ5IFZ0eMPI1H48IlicfZNkXoAWlnYiFV7bh\/SgyFOQ1pzqpY4Gn+dZg1igPWwPXjEkbDJ6Uie4ErETtBEXPCHdh0EPbcG66CEGsqP3FcGhBvmBZ6nLZXtHGFm8TZPZLCjcEWUg3j+yh1uJpfKvfgdjQXh\/BKjL946XeM8A3dQwTCj7w0RU4XQ+LgKO5R5jUOWwNACvmRA4ChETSCDHR4\/BAzDovDeZBIcfCGhDNPuYCn0YgSbiKK\/zKtEbn2g8SAWOGtzORXbtbz7cr3FZq9+52D1ciyRqZMVAhZJn6boHkLy8FiSsJcgUNmFlpFnM5CbmVt+Z3TalUOLmIad0ZBJ\/frS25nxzdMvyMkHuNowggmF5lhEeoHaWyFEIcqz0HqYgX9hRGG6fJHHJDeuqY2DZzkMFK5lXdq830OGjj5x2saXsr3OlkQRqhBSGhxG8UUKpcbzUIRCc14PBKwtK58SIzfKg9C2dH1Ndip\/iMgaZp1dLSjMgGMxpFjTnm18D2DnhMbRC3SF0n9NQv1yxds\/5\/VLS7vlRw085hWdBDcF5JsrSqCb7FrIGqCAJ6aEeEk2C5NCIEHLGpE\/8Mrk0r3V+oyUCi5EUJoj7yFrgbAI\/RLP2DX5PzYPxVTVcCPNWxwAsonFHo2UzqB9GByR9XsVOyiNMiXSmCP1h7RNHRBTW+W+GEKnZsHlit\/daPgCMDsn+uRJkfq08o0Wc8dtlQdBvGaiOyAz5kxn9XlLa2XMJVdY5fa0fvmKEA8kLRIsUWffWkNMWjlbFbe4\/4K6v5\/2vl6j4PIKwrTE3NX480XOutB0tHFeaBywMhTUrJM8\/2LEUuohxcw8ZJUMhyz8KLelYrkfR4ZEmPHlrlks1U+ptnZRctCqp6xS15oIDC2K9IvH6W4XVPXW5E6wTMgi2mDpZEkWMsRcntggQXrcuBYU6Zv2UWEKNUfFTBgz1KVhJpmpS4Xtc7F4NEQ2NoEIYQl+RaDfoFKprDp3shiANgPwfFEVHOLO72rKzBM1JtbcQAk2OwIiNamkunnJ\/nJitxlIW52Xeo0s2OwSYNPFF5zyhBUq5ylZcmxfa6MxT8JqgkvJT6UrrMDYFURtuX0ryQCk\/XPnIFL82IABneSi4Hs5V82gBRFJuY536RKXy0Y+Fmmlg3ORBkeur7nF4WNLwf4uKdeZDa4zi4F5ERbAlPepeCgnqktYXzIIcX+zttEmBzBP8oQgxfobusz6BiWXRPhFCorFz9af2XffpBUFzon7jFEaUHMZEWx2T\/G0b6rOVrMUsciysio8OUm3qepoHWfs017iLVwdUjBzLV8bfsI876uYCB7FOOWmpFjtlfEcfFvovuxYQo3c2P2+FTRFibJG3fxpLnuZL+xZ9WuB0sUCqoGe0Nj8mWgJjvIMlZr4UBHPVa9FuCSvw43Jx3Z4zkFEFLwlnXF7XomFdjjzfNyGEva90KOeWy3V0Xm36xhL9ZfJd7024bmBrSU07\/OIwQL4RM2pylqUn8vtXHdDenj0RW6L9cUJF5+gefDnLwPN\/LkqvDQ9XoQLkYPyIOrW3yOipSRZ6qssVteVhp7yz6wIlf+om4vamOC+pjDHdk54a1\/tUFkk6iLfsqzmXEDMc9twzy8aI6ruHx9Y75G06eKdfUoetoe+oo6I+bKN+bF3ODBFJJL3VoG2yoSGLlcmnzauulsMAmGP4trS\/oNUS7VcK8uv8Q4iCrkL2Z7LQ3A3kywkt3RVfSW0P5p96Zzps"} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434650828,"flow_dst_last_pkt_time":1598620434610128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2888,"flow_dst_tot_l4_payload_len":5904,"midstream":0,"thread_ts_usec":1598620434650828,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598620434650828} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1598620434650828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918344 bytes -~~ total memory freed........: 6918344 bytes -~~ total allocations/frees...: 114171/114171 +~~ total memory allocated....: 7495890 bytes +~~ total memory freed........: 7495890 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 618 chars ~~ json message max len.......: 2354 chars diff --git a/test/results/default/quickplay.pcap.out b/test/results/default/quickplay.pcap.out index 4901d1098..f7fa34da5 100644 --- a/test/results/default/quickplay.pcap.out +++ b/test/results/default/quickplay.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_usec":1429000030398627,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"api-singtelhawk.quickplay.com","domainame":"api-singtelhawk.quickplay.com","http": {"url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} @@ -85,7 +85,7 @@ 01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000110528479,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com","domainame":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_usec":1429000117728278,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","domainame":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}} +01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","domainame":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}} 01583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"thread_ts_usec":1429000118045538,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000153937720,"flow_src_last_pkt_time":1429000153937720,"flow_dst_last_pkt_time":1429000153937720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000153937720,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1429000153937720,"flow_dst_last_pkt_time":1429000153937720,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000153937720,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} @@ -134,7 +134,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1429000375190710,"flow_src_last_pkt_time":1429000385363074,"flow_dst_last_pkt_time":1429000385174414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":2108,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01286{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com"}} 01286{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com"}} -01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com"}} +01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031075232,"flow_src_last_pkt_time":1429000031075232,"flow_dst_last_pkt_time":1429000031382971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":53,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"clients3.google.com"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000050062079,"flow_src_last_pkt_time":1429000051366980,"flow_dst_last_pkt_time":1429000052145575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":540,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":89,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat"}} @@ -142,7 +142,7 @@ 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031698279,"flow_src_last_pkt_time":1429000031698279,"flow_dst_last_pkt_time":1429000032158423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000048159796,"flow_src_last_pkt_time":1429000048647467,"flow_dst_last_pkt_time":1429000048795905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":487,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":487,"flow_dst_max_l4_payload_len":1169,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":1169,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":155,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1429000385363074} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":155,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":145,"global_ts_usec":1429000385363074} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 ~~ skipped flows.............: 0 @@ -151,9 +151,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6977366 bytes -~~ total memory freed........: 6977366 bytes -~~ total allocations/frees...: 114744/114744 +~~ total memory allocated....: 7555485 bytes +~~ total memory freed........: 7555485 bytes +~~ total allocations/frees...: 126495/126495 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 2445 chars diff --git a/test/results/default/radius_false_positive.pcapng.out b/test/results/default/radius_false_positive.pcapng.out index f1ecebefb..049fc6611 100644 --- a/test/results/default/radius_false_positive.pcapng.out +++ b/test/results/default/radius_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638897892722857} +00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638897892722857} 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1638897892722857,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTW\/+II9QTO5\/6moMoBfKc4frxprVfBsxdaQAED2QEABgCgAQJbUkVKAAcAAABTVEsAOAAAAFNOTwBsAAAAUFJPRmwBAABTQ0ZH8wEAAFJSRUr3AQAAU1RUTP8BAABDUlT\/GwIAADVoRFFcZEfiQgn1oXI2ORzyXhwGYKf\/Flu1\/kK\/l4UH4q9DCId2Xb2zn9efGujSc\/F0aNOeHZb6KAjEeRC9dXjLQIA3XVxkxqhCJrs95QV3gGPSLgjsQQ873Rxpmhq\/VDe1SdA9fAVAXfMUX1s0Z5mAWpV6sSbDkPHYULs7X0KVe+fR2Ai5noT8neP+HJa14zskJKzRF7WTWAfIPB94k7XcyneleZDZy\/LsPNPpKzumkgJT693IGvFFGpwQ7o47hVb2V37u8BaJMyzZuDr4CIc8F1YA1joFN7OPyOLc3a+gm+fEb18FG1gS\/ZrcntqavJ3HLz5Vi8zFgzSja7rxlz5ZT0Fgr\/\/hUJDycGNBHRHMai1MLz1CKo55ez2Vq+oMFJFtHL8m7Yk0AZ6oTphvz\/47C32mJ\/BonrdxqQzXuP2SrkxlJp8ughvQJBkM+kPiZ+nnveyN+ypLny4LxyWPno4oScYJJSbW2FdJTZlTQ0ZHBgAAAEFFQUQIAAAAU0NJRBgAAABQVUJTOwAAAEtFWFM\/AAAAT0JJVEcAAABFWFBZTwAAAEFFU0dDQzIwYXTY6XlRVYYUrxtElpX4jCAAAK5TCWYobSWz756zKFc0+OhHde7JrmIR8db7Z6FsadZoQzI1NVZwm2DcDowaV9aKYgAAAAANAAAAcj3bAAAAAAAC1l9bpELMSn4CHk1io2ZOe6cCwpjjNUiKNMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} @@ -8,7 +8,7 @@ 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638897892752869,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892752869,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDlccwABGVF2QcnpzsvNwXHhnVYuvotOEZAFZyRstLhm5Vh8Y\/qjK+eAOivL9FfakfqselPfzU8unBIuLM1Gkl3hUCkDyi+vg32wZhmWtIpghdDZrkT8mPeJhzpBInbvmZgkVuAprrK41CoxKKjDlIkF+W84hfikpn3qkgLCEYuKToKkyTwbJLdd0NDQonRVcTPtbDVskjblaU5087vFl1B3+DiXjvx4mrrxoJ1o2m4QK+5Itx4XXf\/cDDYpVAKVU4JUhg7EBvC5CSSa69pj7lgUC+G\/vuoC9GDJzbBnxQBog=="} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638897892775793,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892775793,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDluwgABfL8+5jX9fJKzrGkYq50E3Kkrx2byhv\/1lxrsSEANv3rwV8oSZP1Kf9LnwvyulYNqHc0eA8kixsVINh0AEVVU7DdtZDWH0NB+uRHdIIMWflJVbH+jmh9USiXpEGMxWJMIsMKuWOo1oHx\/4WcMYLRLNqhlbRCt1SlzydohkUP0dPUhy0JEmQ2dcM9ySIjkPYCfM2x3oISOX1bfEnNb7p3pKZ5PyZPkuqec+dbYP0kRWjDfMgN9cmqV8B57rWtYeFeQ7inL7drCI8NtuFQhaY3EFIVsYr2d9Va2PyzOQ=="} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1638897893066501} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1638897893066501} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907903 bytes -~~ total memory freed........: 6907903 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7485499 bytes +~~ total memory freed........: 7485499 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars ~~ json message max len.......: 2231 chars diff --git a/test/results/default/radmin3.pcapng.out b/test/results/default/radmin3.pcapng.out index 6e6e615df..41ddc743f 100644 --- a/test/results/default/radmin3.pcapng.out +++ b/test/results/default/radmin3.pcapng.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706118225579475} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1706118225579475} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706118225579475,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706118225579475,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49736,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1706118225579475,"pkt":"CAAnXtCJCAAniDE8CABFAAA01stAAIAGAADAqFjQwKhYxcJIEyOILII4AAAAAIAC+vAzDQAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1706118225579656,"pkt":"CAAniDE8CAAnXtCJCABFAAA0z0hAAIAG+JTAqFjFwKhY0BMjwkhWkmpFiCyCOYAS\/\/+bcAAAAgQFtAEDAwgBAQQC"} @@ -16,7 +16,7 @@ 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1706118232219766,"flow_src_last_pkt_time":1706118232220056,"flow_dst_last_pkt_time":1706118232622772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":14,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":14,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49739,"dst_port":4899,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1706118225579475,"flow_src_last_pkt_time":1706118226345962,"flow_dst_last_pkt_time":1706118226346137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49736,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1706118232219766,"flow_src_last_pkt_time":1706118232220056,"flow_dst_last_pkt_time":1706118232622772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":14,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":14,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49739,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":84,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1706118232622772} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":84,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1706118232622772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914658 bytes -~~ total memory freed........: 6914658 bytes -~~ total allocations/frees...: 114171/114171 +~~ total memory allocated....: 7492254 bytes +~~ total memory freed........: 7492254 bytes +~~ total allocations/frees...: 125902/125902 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 1110 chars diff --git a/test/results/default/raft.pcap.out b/test/results/default/raft.pcap.out index 9ab9aa96a..978c38270 100644 --- a/test/results/default/raft.pcap.out +++ b/test/results/default/raft.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705997809280892} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705997809280892} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705997809280892,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997809280892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46286,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705997809280892,"pkt":"AAAAAAAAAAAAAAAACABFAAA0zl5AAGYGSGN\/AAABfwAAAbTOIypHoKR3AAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280904,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705997809280904,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAGYGFsJ\/AAABfwAAASMqtM6Kl47pR6CkeIAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} @@ -18,7 +18,7 @@ 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809281323,"flow_src_last_pkt_time":1705997810410479,"flow_dst_last_pkt_time":1705997810388511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":38488,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":72140.1,"max":137171,"stddev":57048.4,"var":3254516224.0,"ent":4.3,"data": [20,29,20,35,15,13,6003,6005,206,208,119086,119085,125076,125088,137171,137161,116381,116396,102323,102307,21955,21953,125134,125135,125120,125120,125280,125280,103357,103382,22000]},"pktlen": {"min":40,"avg":62.5,"max":88,"stddev":22.7,"var":516.8,"ent":4.9,"data": [52,52,40,80,40,80,40,80,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88]},"bins": {"c_to_s": [2,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.268320084,4.514606476,4.391446590,3.897243023,4.391446590,3.032760382,4.391446590,2.986443520,4.341446877,2.850570679,4.341446400,2.873297930,4.391446590,2.850570679,4.391446590,2.791660070,4.341446400,2.768932819,4.391446590,2.791660070,4.322574615,2.791660070,4.391446590,2.791660070,4.391446590,2.768932819,4.391446590,2.791660070,4.341446877,2.791660070,4.341446877,2.760354519]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809281323,"flow_src_last_pkt_time":1705997810410479,"flow_dst_last_pkt_time":1705997810388511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":38488,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809280892,"flow_src_last_pkt_time":1705997810407653,"flow_dst_last_pkt_time":1705997810388430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46286,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":64,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1705997810410479} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":64,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1705997810410479} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 64/64 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915995 bytes -~~ total memory freed........: 6915995 bytes -~~ total allocations/frees...: 114216/114216 +~~ total memory allocated....: 7493591 bytes +~~ total memory freed........: 7493591 bytes +~~ total allocations/frees...: 125947/125947 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2174 chars diff --git a/test/results/default/raknet.pcap.out b/test/results/default/raknet.pcap.out index 203028975..ff3236154 100644 --- a/test/results/default/raknet.pcap.out +++ b/test/results/default/raknet.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946711624286000} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946711624286000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946711624286000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946711624286000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUl7RAAD8RIvLAqAJklJkjza3V6n4FwDU+BQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711624328000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4I79AADcRpIOUmSPNwKgCZOp+rdUAJGm+BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUiIAAF1A=="} @@ -15,7 +15,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":946711673464000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":946711673481000,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/cD5AADcRV\/2UmSPNwKgCZOp87REAK0g4CAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUd9gSlRXt67RECQAA="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946711673484000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711673484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sVJAAD8RDvDAqAJklJkjze0R6nwAJOBohAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAAO7jAA=="} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624422000,"flow_dst_last_pkt_time":946711624425000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":1703,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":946711673573000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946713048252000} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946713048252000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713048252000,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713048252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946713048252000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUUWdAAD8RaT\/AqAJklJkjzYC36nUFwGJlBQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048272000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946713048272000,"pkt":"YDjgxTWgeJS0JASgCABFAAA45d9AADgR4WKUmSPNwKgCZOp1gLcAJA72BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqAAF1A=="} @@ -92,7 +92,7 @@ 00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":946713124625000,"flow_src_last_pkt_time":946713244627000,"flow_dst_last_pkt_time":946713124625000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":66,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":946713304628000} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":66,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":946713304628000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/66 ~~ skipped flows.............: 0 @@ -101,9 +101,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6935707 bytes -~~ total memory freed........: 6935707 bytes -~~ total allocations/frees...: 114324/114324 +~~ total memory allocated....: 7513303 bytes +~~ total memory freed........: 7513303 bytes +~~ total allocations/frees...: 126055/126055 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2473 chars diff --git a/test/results/default/rdp.pcap.out b/test/results/default/rdp.pcap.out index f2135ea48..ccb0ec4cd 100644 --- a/test/results/default/rdp.pcap.out +++ b/test/results/default/rdp.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559207465138576} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559207465138576} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465138576,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1559207465138576,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1559207465180991,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} @@ -8,7 +8,7 @@ 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465181421,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465227138,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"thread_ts_usec":1559207465227138,"pkt":"AgAAAEUAADtflUAAfwYqKMCoAo6sEAK5DT3NDkeav735vOJsUBj57ULVAAADAAATDtAAABI0AAIfCAAIAAAA"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":7,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465466244,"flow_dst_last_pkt_time":1559207465509666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":1179,"flow_src_tot_l4_payload_len":1081,"flow_dst_tot_l4_payload_len":1661,"midstream":0,"thread_ts_usec":1559207465509666,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908229 bytes -~~ total memory freed........: 6908229 bytes -~~ total allocations/frees...: 114159/114159 +~~ total memory allocated....: 7485825 bytes +~~ total memory freed........: 7485825 bytes +~~ total allocations/frees...: 125890/125890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 512 chars ~~ json message max len.......: 1105 chars diff --git a/test/results/default/rdp2.pcap.out b/test/results/default/rdp2.pcap.out index c0f38973a..5400c7f90 100644 --- a/test/results/default/rdp2.pcap.out +++ b/test/results/default/rdp2.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622724948504706,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948504706,"pkt":"UlQATzIvUlQAsDb7CABFAATsljsAAIARKb3AqHq1wKh6AtXnDT0E2Hry\/\/\/\/\/wBAGAG7\/1aHBNAE0KaQQMHfeUi3j6CMTWNjAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948618376,"pkt":"UlQAsDb7UlQATzIvCABFAATsY5IAAIARXGbAqHoCwKh6tQ091ecE2Hryu\/9WhwBAEAVNZ3lmBNAE0AABAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -7,7 +7,7 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1622724949145111,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"thread_ts_usec":1622724949145111,"pkt":"UlQATzIvUlQAsDb7CABFAACtljwAAIARLfvAqHq1wKh6AtXnDT0AmXazABTBAfQBZOBkAAEAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} 01854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1622724949145292,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1622724949145292,"pkt":"UlQATzIvUlQAsDb7CABFAAQLlj0AAIARKpzAqHq1wKh6AtXnDT0D93oRABTAZABlAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1622724950156874,"pkt":"UlQATzIvUlQAsDb7CABFAACqlj4AAIARLfzAqHq1wKh6AtXnDT0AlnawARTAZgBmAOAAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00981{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"} @@ -16,7 +16,7 @@ 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1308,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724950268127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":142,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2526,"flow_dst_tot_l4_payload_len":2250,"midstream":0,"thread_ts_usec":1643703419813768,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02178{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02176{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -26,7 +26,7 @@ 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","vlan_id":1108,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"vlan_id":1108,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6913603 bytes -~~ total memory freed........: 6913603 bytes -~~ total allocations/frees...: 114203/114203 +~~ total memory allocated....: 7491199 bytes +~~ total memory freed........: 7491199 bytes +~~ total allocations/frees...: 125934/125934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 614 chars ~~ json message max len.......: 2183 chars diff --git a/test/results/default/rdp3.pcap.out b/test/results/default/rdp3.pcap.out index e6944097f..b3bb62272 100644 --- a/test/results/default/rdp3.pcap.out +++ b/test/results/default/rdp3.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1138119414226584} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1138119414226584} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414226584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1138119414226584,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414226584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1138119414226584,"pkt":"AABeAAEPABI\/YyDTCABFAAAwYyVAAIAGdLoKlgkVCp0EoQaVDT0VSOJYAAAAAHAC\/\/9UxAAAAgQFtAEBBAI="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414283512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1138119414283512,"pkt":"ABI\/YyDTAAWFpSfwCABFAAAwEwgAAHsGCdgKnQShCpYJFQ09BpVuMr5rFUjiWXASQADoKAAAAgQFoAEBBAI="} @@ -8,7 +8,7 @@ 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414284882,"flow_dst_last_pkt_time":1138119414283512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1138119414284882,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1138119414284882,"flow_dst_last_pkt_time":1138119414319556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1138119414319556,"pkt":"ABI\/YyDTAAWFpSfwCABFAAAzEwlAAHsGydMKnQShCpYJFQ09BpVuMr5sFUjigFAY\/9g4twAAAwAACwbQAAASNAA="} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414897306,"flow_dst_last_pkt_time":1138119414854817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":519,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":1629,"flow_dst_tot_l4_payload_len":862,"midstream":0,"thread_ts_usec":1138119414897306,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2491,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1138119414897306} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2491,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1138119414897306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908518 bytes -~~ total memory freed........: 6908518 bytes -~~ total allocations/frees...: 114169/114169 +~~ total memory allocated....: 7486114 bytes +~~ total memory freed........: 7486114 bytes +~~ total allocations/frees...: 125900/125900 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1102 chars diff --git a/test/results/default/rdp_over_tls.pcap.out b/test/results/default/rdp_over_tls.pcap.out index fe8b2925e..50e470f24 100644 --- a/test/results/default/rdp_over_tls.pcap.out +++ b/test/results/default/rdp_over_tls.pcap.out @@ -1,5 +1,5 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729281221506087} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1729281221506087} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221506087,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506087,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506087,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAANBgFQABwBjmQW+61FVkfTwyMMA099+lCngAAAACAwiAAwSsAAAIEBbQBAwMIAQEEAg=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1729281221506087,"flow_dst_last_pkt_time":1729281221506377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1729281221506377,"pkt":"ICAAAACqLOp\/QeD9gQAgTQgARQIANARRQACABj1CWR9PDFvutRUNPYwwOv6XXPfpQp+AUvoAFUcAAAIEBbQBAwMAAQEEAg=="} @@ -7,10 +7,10 @@ 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221506377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":105,"pkt_l4_len":67,"thread_ts_usec":1729281221540163,"pkt":"LOp\/QeD9NO0bVMeBgQAATQgARQAAVxgIQABwBjlqW+61FVkfTwyMMA099+lCnzr+l11QGAEA\/zwAAAMAAC8q4AAAAAAAQ29va2llOiBtc3RzaGFzaD1XRGVwbG95QWQNCgEACAADAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221506377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1729281221540163,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1729281221540163,"flow_dst_last_pkt_time":1729281221544114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":77,"pkt_l4_len":39,"thread_ts_usec":1729281221544114,"pkt":"ICAAAACqLOp\/QeD9gQAgTQgARQIAOwRSQACABj06WR9PDFvutRUNPYwwOv6XXffpQs5QGPnRExQAAAMAABMO0AAAEjQAAh8IAAIAAAA="} -01540{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221577979,"flow_dst_last_pkt_time":1729281221544114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":19,"midstream":0,"thread_ts_usec":1729281221577979,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"043c543b63b895881d9abfbc320cb863","ja3s":"","ja4":"t12d280600_bbd4f008d9b2_f28add8e7af0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -01821{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221577979,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"043c543b63b895881d9abfbc320cb863","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d280600_bbd4f008d9b2_f28add8e7af0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=topsalon","subjectDN":"CN=topsalon","fingerprint":"A2:FF:78:9D:71:42:7A:00:97:9C:96:C2:E7:D1:C1:AD:A1:82:CC:2C","blocks":0}}} +01499{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221577979,"flow_dst_last_pkt_time":1729281221544114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":19,"midstream":0,"thread_ts_usec":1729281221577979,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_bbd4f008d9b2_f28add8e7af0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281221577979,"flow_dst_last_pkt_time":1729281221579370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1216,"midstream":0,"thread_ts_usec":1729281221579370,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d280600_bbd4f008d9b2_f28add8e7af0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=topsalon","subjectDN":"CN=topsalon","fingerprint":"A2:FF:78:9D:71:42:7A:00:97:9C:96:C2:E7:D1:C1:AD:A1:82:CC:2C","blocks":0}}} 01463{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1729281221506087,"flow_src_last_pkt_time":1729281222755934,"flow_dst_last_pkt_time":1729281222722150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":638,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":1194,"flow_dst_tot_l4_payload_len":1518,"midstream":0,"thread_ts_usec":1729281222755934,"vlan_id":77,"l3_proto":"ip4","src_ip":"91.238.181.21","dst_ip":"89.31.79.12","src_port":35888,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.RDP","proto_id":"91.88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1729281222755934} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rdp_over_tls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1729281222755934} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912369 bytes -~~ total memory freed........: 6912369 bytes -~~ total allocations/frees...: 114165/114165 +~~ total memory allocated....: 7489965 bytes +~~ total memory freed........: 7489965 bytes +~~ total allocations/frees...: 125896/125896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 564 chars -~~ json message max len.......: 1826 chars -~~ json message avg len.......: 1160 chars +~~ json message max len.......: 1785 chars +~~ json message avg len.......: 1141 chars diff --git a/test/results/default/reasm_crash_anon.pcapng.out b/test/results/default/reasm_crash_anon.pcapng.out index 41dd5b1aa..90fa9ad76 100644 --- a/test/results/default/reasm_crash_anon.pcapng.out +++ b/test/results/default/reasm_crash_anon.pcapng.out @@ -1,5 +1,5 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1410865705717955} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1410865705717955} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1410865705717955,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717955,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1410865705717964,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717964,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} @@ -8,10 +8,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1410865705719495,"flow_dst_last_pkt_time":1410865705719465,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1410865705719495,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EYAAABAQgKPplWLTphWHY="} 02013{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865856222147,"flow_dst_last_pkt_time":1410865856222116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":3158,"midstream":1,"thread_ts_usec":1410865856222147,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":9709947.0,"max":30165638,"stddev":14064983.0,"var":197823744180224.0,"ent":3.3,"data": [9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670]},"pktlen": {"min":52,"avg":155.0,"max":777,"stddev":234.8,"var":55144.5,"ent":4.0,"data": [65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52]},"bins": {"c_to_s": [23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0],"entropies": [5.512839317,5.512839317,3.005599976,5.193430901,5.193430901,5.327538013,5.193430901,5.156889915,5.391298771,5.590394974,5.079966545,5.101990700,0.545940340,5.140451908,5.395370483,5.389761925,5.628829002,5.193430901,5.193430901,5.482069969,5.118428230,5.193430901,5.310135365,5.116507530,5.433681488,5.596330643,5.286610126,5.010550022,5.397304058,5.397304058,5.612702370,5.193430901]}} 01001{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865856222147,"flow_dst_last_pkt_time":1410865856222116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":3158,"midstream":1,"thread_ts_usec":1410865856222147,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1410866307727956} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1410866909737971} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1410866307727956} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1410866909737971} 01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":195,"flow_dst_packets_processed":14,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410867180785359,"flow_dst_last_pkt_time":1410866307731044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":5441,"midstream":1,"thread_ts_usec":1410867180785359,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1410867180785359} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":209,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1410867180785359} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/209 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915751 bytes -~~ total memory freed........: 6915751 bytes -~~ total allocations/frees...: 114348/114348 +~~ total memory allocated....: 7493347 bytes +~~ total memory freed........: 7493347 bytes +~~ total allocations/frees...: 126079/126079 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2018 chars diff --git a/test/results/default/reasm_segv_anon.pcapng.out b/test/results/default/reasm_segv_anon.pcapng.out index c9f2fc07b..61aaa1a7e 100644 --- a/test/results/default/reasm_segv_anon.pcapng.out +++ b/test/results/default/reasm_segv_anon.pcapng.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} 00351{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -41,7 +41,7 @@ 00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909991 bytes -~~ total memory freed........: 6909991 bytes -~~ total allocations/frees...: 114219/114219 +~~ total memory allocated....: 7487587 bytes +~~ total memory freed........: 7487587 bytes +~~ total allocations/frees...: 125950/125950 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 356 chars ~~ json message max len.......: 2505 chars diff --git a/test/results/default/reddit.pcap.out b/test/results/default/reddit.pcap.out index 1ade5260e..7b6907552 100644 --- a/test/results/default/reddit.pcap.out +++ b/test/results/default/reddit.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605291684451133} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605291684451133} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684451133,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684451247,"flow_dst_last_pkt_time":1605291684451247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451247,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -9,7 +9,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684476073,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684476117,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684476117,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="} 01261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684476610,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBgB+\/TpAAABAQgK1N1gIMLXMmwWAwECAAEAAfwDA4uuqSGlaYkrooqTrn+tpuwEFqHXve+KWS5sY0YZYzAtIB8Dy2r0TMEQAKyWvv37U3EEFg7M1cxOcqNinyfcEA7jACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAIAAeAAAbc2FmZWJyb3dzaW5nLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACDpJ8gfLr7uFkPlmEjT3rwuxn7WZmrRa2l21mCLRvatFwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAJqagABAAAVAMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684476610,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684476610,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684481568,"flow_dst_last_pkt_time":1605291684481568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684481568,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1605291684481568,"flow_dst_last_pkt_time":1605291684481568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684481568,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1605291684451247,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684485305,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="} @@ -17,23 +17,23 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684485349,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684485349,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684485374,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684485374,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684485819,"pkt":"qtsDr8lk5EKm5WPyht1gDERGAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBgB+3VxAAABAQgK1N1gKcLXMnUWAwECAAEAAfwDA+FyaTy3gljlCrKoC8pkvabZPAdbXS\/HjqlTeopJ7igJIFs4TU2zCegfACNAAt1BZk2uYfR4cn7k081CAzn0Xsa\/ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAIAAeAAAbc2FmZWJyb3dzaW5nLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACABIk96yyznUcaf6vVUimDnbh1HbGdPIENeRJowyIpZTAAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684485819,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684485819,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684486237,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBgB+0SGAAABAQgKqXTf2sLXMnUWAwECAAEAAfwDA8+KHdxMQ3baGhOy0m36F3JqRDzX4jcR6LxsIf9LR8+BIMkeD4Y9wR0SFsOkbLBc6vr02gpR5VUEznO\/yKsj0dCaACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEwARAAAOd3d3LnJlZGRpdC5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIBic8D9Jh7IHJYeU9O\/BIKhKDWJdCz1fe1mvtpZ3RbQCAC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAAqqqAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684486237,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684486237,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1605291684481568,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684551717,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684551719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551719,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwiCEoHnLgBALMBF6AAABAQgKwtcyidTdYCA="} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684551719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551719,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684551719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551719,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684551721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9HimtuLgBALMF88AAABAQgKwtcyodTdYCk="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684551793,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551793,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBAB+1zSAAABAQgKqXTgG8LXMoo="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551898,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mOYojA7gBALMB0aAAABAQgKwtcyo6l039o="} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291684551899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01662{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291684551901,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81","blocks":0}}} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684551902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291684551899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01621{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291684551901,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684551902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","domainame":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684552325,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBgB+0E5AAABAQgKqXTgHMLXMooWAwECAAEAAfwDAw2h35lTVBAJkyl1sZ6N6s5zh+HfO9Ai8hcQ4PFn0odDIC9Ixzbj0OvUbX513zU9YxMQBwvxWo3A0lte+Tbf\/2RZACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAEwARAAAOd3d3LnJlZGRpdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIGqjGCo4hhSEqfk8mIsYygfLmwI2pMth38dwgmqFwWMRAC0AAgEBACsACwqamgMEAwMDAgMBABsAAwIAAqqqAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684552325,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684552325,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684589289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684589289,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0ucRew0agBALMFFEAAABAQgKwtcy3al04Bw="} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684592780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291684592780,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01662{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684592921,"flow_dst_last_pkt_time":1605291684593083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291684593083,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684592780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291684592780,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01621{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684592921,"flow_dst_last_pkt_time":1605291684593083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291684593083,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","domainame":"www.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81","blocks":0}}} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684654464,"flow_dst_last_pkt_time":1605291684654375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2166,"flow_dst_tot_l4_payload_len":4508,"midstream":0,"thread_ts_usec":1605291684654464,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13115.3,"max":75646,"stddev":23104.5,"var":533820192.0,"ent":3.2,"data": [24940,24984,493,75646,0,1,1,75219,11,11,8777,4975,582,741,37567,3490,25948,1187,485,1611,1121,59921,1,0,1,1,0,1,58810,38,10]},"pktlen": {"min":72,"avg":281.1,"max":1280,"stddev":342.1,"var":117045.1,"ent":4.2,"data": [80,80,72,589,72,1280,1280,572,72,72,72,136,164,896,710,72,652,72,72,103,72,103,72,72,384,422,285,111,139,72,72,72]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0],"entropies": [4.711516857,5.217300892,5.071401596,4.609335899,4.946592331,7.806063652,7.848966122,7.544353485,5.166606426,5.045011044,5.138829231,6.070029259,6.486535549,7.761092186,7.700193405,5.014019012,7.592603683,5.138829231,5.097352028,5.692110538,5.138829231,5.768221378,5.097352028,5.041796684,7.336868286,7.405985832,7.111319542,5.950567245,6.190017700,5.111051083,5.111051559,5.081305504]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686035717,"flow_dst_last_pkt_time":1605291686035717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686035717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686035717,"flow_dst_last_pkt_time":1605291686035717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686035717,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="} @@ -68,9 +68,9 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686065686,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686065686,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBAB+\/RNAAABAQgKqXTmBcLXOKI="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686065695,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686065695,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBAB+1CNAAABAQgKqXTmBcLXOKI="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686065815,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686065815,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBgB+3OgAAABAQgKqXTmBcLXOKIWAwECAAEAAfwDAwyYN5j\/xCCsFbpKYtVHaXLKE\/uA+b8YhQZ6Wm2LZTmgIPoHYB\/uf+OrSqApvu9853Fa+\/5VUFSQ+FaXEGdGe73hACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AIJ5MVY1Z5Rq\/dBprPM2ILEA\/hIQM9DFSL5dx91jq4B4yAC0AAgEBACsACwqamgMEAwMDAgMBABsAAwIAApqaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686065815,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686065815,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686065815,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686065815,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686065926,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686065926,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBgB+2RhAAABAQgKqXTmBcLXOKIWAwECAAEAAfwDAyTHZx4qb3bBrOacHhZtS+1GUX5Pd7PUT1gIoicQvfi1IPzlLoIP7lMDiOGt7of6RT3QLPZeDP+s3ApsOtToHZNxACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIBifHQCYA46ivQXso3MK0LYgDzXz15M9qgqtnACz0NtiAC0AAgEBACsACwo6OgMEAwMDAgMBABsAAwIAAqqqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686065926,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686065926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686065926,"flow_dst_last_pkt_time":1605291686065673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686065926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686035833,"flow_dst_last_pkt_time":1605291686071075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686071075,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHT6uGMsoBJXgOg4AAACBAV4AQMDAwQCCArC1zipqXTl5w=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686035808,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686071076,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhBwR01MoBJXgDmIAAACBAV4AQMDAwQCCArC1zipqXTl5w=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686035788,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686071076,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX7sl7kLoBJXgNeBAAACBAV4AQMDAwQCCArC1zioqXTl5w=="} @@ -78,15 +78,15 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686071097,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686071097,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBAB+711AAABAQgKqXTmC8LXOKk="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686071101,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686071101,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBAB+1tvAAABAQgKqXTmC8LXOKg="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686071202,"flow_dst_last_pkt_time":1605291686071075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686071202,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YyyemEx1gBgB+7O0AAABAQgKqXTmC8LXOKkWAwECAAEAAfwDA5rJlA5wvxlyOOzY1QWQs9Y+MbP6uFJB6UOK+IyAcMcIIJKnHsVYD7m0a+U9PO+XZpcJeMZFPX7U2Eztmo3CPcbbACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgqKgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKSoqAAEAAB0AILIzZXuFCF2kUhuJMuKGx3A2g6Ss5IpeuXXloYIbe\/ZEAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686071202,"flow_dst_last_pkt_time":1605291686071075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686071202,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686071202,"flow_dst_last_pkt_time":1605291686071075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686071202,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686071324,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686071324,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBgB+wWrAAABAQgKqXTmC8LXOKkWAwECAAEAAfwDA6nlTOwnjqrnVl5yuI1Ks79C74XWx+O2oOTAbeO2aN9OICg1U8dRUVXILSwRLrRyGqyt0yhPDVWC9XfpxF3PvsB6ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIB8c9P8A8qz0IF+PTdkCJlCO3fTtMZ9aL3pAQTd4K\/8UAC0AAgEBACsACwqqqgMEAwMDAgMBABsAAwIAAqqqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686071324,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686071324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686071324,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686071324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686071421,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686071421,"pkt":"qtsDr8lk5EKm5WPyht1gAChDAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBgB+wgeAAABAQgKqXTmC8LXOKgWAwECAAEAAfwDA7XecZSyIi1V1EshjdefUR6Jur4mAK6n2qRyNLgxIyayIElAt3tGSzVAaM4UMvIvnmVZMDtcC3g\/fPa8ngjS2vVAACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIOYGrt0vj7XR6tD8KT6zhU9cFgDxLIaPkqiBK4j7VzFAAC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686071421,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686071421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686071421,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686071421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686035852,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686072675,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/LFklWsoBJXgCIUAAACBAV4AQMDAwQCCArC1ziqqXTl5w=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686072685,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686072685,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBAB+6YAAAABAQgKqXTmDMLXOKo="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686072857,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686072857,"pkt":"qtsDr8lk5EKm5WPyht1gAreKAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBgB+0RHAAABAQgKqXTmDMLXOKoWAwECAAEAAfwDA1o9ioyYN6mmAmxKnXHh593sz3K9KCITZ6Fn+lYGqaRBIGFgq3bkszM7iVgGCyOZdKniRwtNXhNBGl\/550R+hhXrACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAiamgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKZqaAAEAAB0AIFrTKhIHrZdOy+j7+NARCA+xQZ+BmI+K5IoXoFjQledEAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAioqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686072857,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686072857,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686072857,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686072857,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686084924,"flow_dst_last_pkt_time":1605291686084924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686084924,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686084924,"flow_dst_last_pkt_time":1605291686084924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686084924,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHMAAAAAoAL9IHHJAAACBAWgBAIICql05hgAAAAAAQMDBw=="} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686084954,"flow_dst_last_pkt_time":1605291686084954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686084954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -98,11 +98,11 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686099405,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686099405,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBAB+1mYAAABAQgKqXTmJ8LXOMU="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686099409,"flow_dst_last_pkt_time":1605291686099353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686099409,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBAB+4AOAAABAQgKqXTmJ8LXOMU="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686099570,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx9iS9BNgBgB+2+iAAABAQgKqXTmJ8LXOMUWAwECAAEAAfwDA8uUta0uBx4Fxq7jwol0GcBOBDpnX4U9m55TrPceI0IhIFEtV76qL2jHwvf4X\/jOVntcfpZQsMeLDB6NEKcAWMfNACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgANjZNFFf1+t\/rj1DUoPqjjHILkO3yWwudfC9Y9G11hAALQACAQEAKwALChoaAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686099570,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686099570,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686099717,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBgB++qsAAABAQgKqXTmJ8LXOMUWAwECAAEAAfwDA+xBE5HWK3vXD3rQB76Je12jBHDOAvJ1OsDdCdf7250MIK2rFy9r6akksLAlYpDl9Umc9HulF24sDo6Oaq\/unKMqACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgwSO5D18N3UJlGFo2ngAMFZnAZF8yiV+4DoIzUIX6JGkALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgAC6uoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686099717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686099352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686099717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686099353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686099811,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBgB+3R1AAABAQgKqXTmJ8LXOMUWAwECAAEAAfwDAyz3FJWIGb+4j0TH4HbH5fysl2zEg7l3CNO6pgT+aRLDIJFY0aSgsZzUYIlmL6tHUwGBKm0vldxr3gkmVsdcJYKLACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAm9uRJ+FA0NAboWl4pN7nfbQJC5lBDzsCBcMRgVbPlIALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACKioAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686099353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686099811,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686099353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686099811,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686064532,"flow_dst_last_pkt_time":1605291686100609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686100609,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IeJd6tioBJXgCN0AAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686060669,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686100610,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6UAYN+NoBJXgFfrAAACBAV4AQMDAwQCCArC1zjGqXTmAA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686064563,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686100610,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcUBxWYioBJXgB9GAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} @@ -112,83 +112,83 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686064586,"flow_dst_last_pkt_time":1605291686100692,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686100692,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8YZci18oBJXgKFLAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686100697,"flow_dst_last_pkt_time":1605291686100692,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686100697,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBAB+yU5AAABAQgKqXTmKMLXOMY="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686100609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686100785,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2LoDvCIgBgB+xTvAAABAQgKqXTmKMLXOMYWAwECAAEAAfwDA+4rEWoD2S7prdk0mAkbCbz9OAUfkZBI4IF9dVBNcGrjII4pXVZ09KrfaYtjFSFfkXaLG3KyMXbQwptYN7z2pKjvACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACBezRVw29zCPI1rNVsRPhgUYKPeoX8z4m7fd2omUSmBZAAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686100609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686100785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686100609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686100785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686100889,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg341lbJOmgBgB+8IAAAABAQgKqXTmKMLXOMYWAwECAAEAAfwDAz44wxNKK\/NmCENy19IstQwUOYfLIsCmy1HTB+ZnxXBWIOpRUF6jXLeEhErlOcKJeYoVVkgrMryC\/u3A+OY8YDqrACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgthdDCBUKTQpaJJwGm6HndDmBR9mA0N\/zcVcubLV2InoALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACSkoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686100889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686100889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686100989,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiJj8EXGgBgB+w\/dAAABAQgKqXTmKMLXOMYWAwECAAEAAfwDA\/xnn\/TajPOsIWf7ZuWna3vaZajQKdMOe\/1ScZVbv3E0ICjbo+VqdfAny10cV6Naq5nwKIICz3wRpv5Bq28N+oa9ACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACDVsGI25kl8JkmazH9JA6mvPzRMtadK+W7sW\/fRvpFrTAAtAAIBAQArAAsKSkoDBAMDAwIDAQAbAAMCAAJ6egABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686100989,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686100610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686100989,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686101082,"flow_dst_last_pkt_time":1605291686100692,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686101082,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBgB+x\/BAAABAQgKqXTmKcLXOMYWAwECAAEAAfwDAz6SDTaBPPoxlu\/6nyTmclibqATJEMVKR2GfYD\/wXr0NIAENzqDXq8Wo2Bu1hnYnue89pYme7\/8\/HVUKT7+0fWNUACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACCGO8UoFeFs5DFn8Mr4+C1HHCBuj\/ATUm2KisMDLC1sOgAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAJKSgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686101082,"flow_dst_last_pkt_time":1605291686100692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686101082,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686101082,"flow_dst_last_pkt_time":1605291686100692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686101082,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686064604,"flow_dst_last_pkt_time":1605291686102919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686102919,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/hs46MGoBJXgG5nAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686102932,"flow_dst_last_pkt_time":1605291686102919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686102932,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBAB+\/JSAAABAQgKqXTmKsLXOMY="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686103163,"flow_dst_last_pkt_time":1605291686102919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686103163,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBgB+6pXAAABAQgKqXTmK8LXOMYWAwECAAEAAfwDAzpoH5eGEGzTFt5HMarkQS85RnurgVO\/aBYt9fo57YL+IKTuih3DEW77d6v3Ju+D+D5ks\/z7dDlOpig4k7rr1nYZACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACBQT3pU4XvIA\/VlN6TB5fHnSiCNPOTwhb7yYNoEZjwQNQAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAJqagABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686103163,"flow_dst_last_pkt_time":1605291686102919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686103163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686103163,"flow_dst_last_pkt_time":1605291686102919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686103163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686065815,"flow_dst_last_pkt_time":1605291686103676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686103676,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtCtHxMDE0gBALMOjtAAABAQgKwtc4yKl05gU="} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686065815,"flow_dst_last_pkt_time":1605291686105978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686105978,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686065815,"flow_dst_last_pkt_time":1605291686105978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686105978,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686065926,"flow_dst_last_pkt_time":1605291686105978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686105978,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqLg8c6FgBALMEUrAAABAQgKwtc4yql05gU="} -01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686106037,"flow_dst_last_pkt_time":1605291686106051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686106051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} +01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686106037,"flow_dst_last_pkt_time":1605291686106051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686106051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686108978,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686108978,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuxCOjCV\/gBEB+1lEAAABAQgKqXTmMMLXOKg="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686109012,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686109012,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHT1EUASYRgBEB+7tKAAABAQgKqXTmMMLXOKk="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686109028,"flow_dst_last_pkt_time":1605291686071075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686109028,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4ZTGemEx1gBEB+2n7AAABAQgKqXTmMMLXOKk="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686109044,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686109044,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7Gn4kvzgBEB+6PWAAABAQgKqXTmMMLXOKo="} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686110087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686110088,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686109012,"flow_dst_last_pkt_time":1605291686127575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686127575,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686109028,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686127595,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} -01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686128460,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686108978,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686128585,"flow_dst_last_pkt_time":1605291686129580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686129580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686110087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686110088,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686109012,"flow_dst_last_pkt_time":1605291686127575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686127575,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686109028,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686127595,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} +01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686128460,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} +01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686108978,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686128585,"flow_dst_last_pkt_time":1605291686129580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686129580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686084954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686129581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686084924,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686129581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="} -01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686109044,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686129581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686109044,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686129581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686129607,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686129607,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686129611,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686129611,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686129954,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBgB+3f+AAABAQgKqXTmRcLXONwWAwECAAEAAfwDA9erSYCt3PYYZEktL7MJcpGlYIX2xYNgs1\/AtKvB7xt0IOR+LE0dhUbDAJPbNSHJ7ZIObTOEyDbEgQFzR3Tqo8K3ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA5IMr2gd92bNdZoVSKNUS0n14cDWaYPOFRO\/ISsXyZWAAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAI6OgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686129954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686129954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686130302,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBgB+\/3uAAABAQgKqXTmRsLXONsWAwECAAEAAfwDA4GdOggSfHPw+AY29Rg\/SPpX1EvYgag3sKMDz0p3DP7TIO0fmepycQbGXW2mLDxW3tcA\/yME9vaj7LwCLtdTp4PsACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACDCTo9dia+yCi8f0GaLNc2V6H3a5\/JGRsJBcmD\/97c\/aQAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686130302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686130302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686137679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686137679,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4Z8rX95gBALME5BAAABAQgKwtc44ql05ic="} -01681{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686137695,"flow_dst_last_pkt_time":1605291686137882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686137882,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} +01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686137695,"flow_dst_last_pkt_time":1605291686137882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686137882,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","domainame":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686137883,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0E0Gjp0kgBALMNU7AAABAQgKwtc44ql05ic="} -01411{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686137884,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686137929,"flow_dst_last_pkt_time":1605291686138254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138254,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} -01411{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686137884,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686137929,"flow_dst_last_pkt_time":1605291686138254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138254,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686138302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686138302,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49TvcdbcgBALMHS1AAABAQgKwtc45Kl05ic="} -01411{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686141552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6YAYOGSgBALMNB1AAABAQgKwtc466l05ig="} -01411{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686141570,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686141570,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686141909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IiJd61ngBALMJwEAAABAQgKwtc46al05ig="} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141910,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01657{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686141956,"flow_dst_last_pkt_time":1605291686142640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686142640,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141910,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686141956,"flow_dst_last_pkt_time":1605291686142640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686142640,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144251,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686144251,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcYBxWgngBALMJfQAAABAQgKwtc476l05ig="} -01695{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686143310,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686144252,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} +01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686143310,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686144252,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","domainame":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686101082,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686144252,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8cZci+BgBALMBnUAAABAQgKwtc48Kl05ik="} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686144351,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01657{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686144359,"flow_dst_last_pkt_time":1605291686145060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686145060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686144351,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686144359,"flow_dst_last_pkt_time":1605291686145060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686145060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686103163,"flow_dst_last_pkt_time":1605291686145061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686145061,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/ls46ULgBALMObsAAABAQgKwtc48al05is="} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686146916,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01657{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686146919,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01657{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686146916,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686146919,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","domainame":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686180561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686180561,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzETbiYO3gBALMMaaAAABAQgKwtc5Dal05kU="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686180589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686180589,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0qUbYJ5gBALMGWmAAABAQgKwtc5DKl05kY="} -01409{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182404,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686182405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} -01409{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686182406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182406,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686182436,"flow_dst_last_pkt_time":1605291686183890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686183890,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} +01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182404,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01652{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686182405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} +01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686182406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182406,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01652{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686182436,"flow_dst_last_pkt_time":1605291686183890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686183890,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","domainame":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85","blocks":0}}} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686233012,"flow_dst_last_pkt_time":1605291686233017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1107,"flow_dst_tot_l4_payload_len":8188,"midstream":0,"thread_ts_usec":1605291686233017,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9552.3,"max":52464,"stddev":18854.0,"var":355471904.0,"ent":2.8,"data": [44627,44653,347,50980,1843,1,0,0,52464,10,3,2,2413,668,102,121,49031,1,45760,75,169,1186,0,1,1,1443,16,7,133,49,15]},"pktlen": {"min":72,"avg":363.0,"max":1120,"stddev":422.8,"var":178733.3,"ent":4.1,"data": [80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120]},"bins": {"c_to_s": [11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1],"entropies": [4.907011986,5.354953289,5.301460266,4.552157402,5.139187336,6.938700199,7.322981834,7.354511738,7.534717083,5.245904922,5.218127251,5.245904922,5.273682594,6.089848042,6.412801743,7.335155964,6.124976635,5.139187336,7.085140228,5.273682594,5.111409664,5.028076649,6.191080093,5.111409664,7.845114708,7.817538738,5.273682594,5.245904922,5.263197899,7.819205284,5.245904922,7.795106411]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686301196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686301196,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686301196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686301196,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686327034,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686327076,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686327076,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686327471,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBgB+6IBAAABAQgKqXTnC8LXOagWAwECAAEAAfwDA3fQE2bFMSg9V0ArEx1DsWJIv73oxXvB9GJfjd2ybJfQIFrXxaRDJ9lBszDg6UwzwOQonUBDW8zTTtfnwcTvyt2MACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHQAbAAAYYi50aHVtYnMucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBQ4ydRyS\/5f7HpSvaHkgvC0msLXL39ObHQFVtCoyAcOQAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAKamgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01332{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686327471,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","domainame":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686327471,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","domainame":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686393401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686393401,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWYkNzLDgBALMPtvAAABAQgKwtc55Kl05ws="} -01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686419456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686419456,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","domainame":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686419467,"flow_dst_last_pkt_time":1605291686420291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686420291,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","domainame":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686419456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686419456,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","domainame":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01679{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686419467,"flow_dst_last_pkt_time":1605291686420291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686420291,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","domainame":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75","blocks":0}}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686469619,"flow_dst_last_pkt_time":1605291686468646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":8227,"midstream":0,"thread_ts_usec":1605291686469619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10834.6,"max":91996,"stddev":22155.6,"var":490868928.0,"ent":2.8,"data": [25838,25880,395,66367,26055,91996,835,0,0,829,7,4,1579,121,254,42141,1,1,6209,0,2,0,0,1,46395,10,6,2,1,4,940]},"pktlen": {"min":72,"avg":363.3,"max":1120,"stddev":424.0,"var":179781.3,"ent":4.1,"data": [80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0],"entropies": [4.907011986,5.304953098,5.301460266,4.568593025,5.139187336,6.968538761,5.258596897,7.334045410,7.344312668,7.577483654,5.301460266,5.329237938,5.301460266,6.086132526,6.472829342,7.337939262,5.128702641,5.166965008,5.166965008,7.241396427,6.241778851,7.834823132,7.795830250,7.800470352,7.816886902,5.273682594,5.301460266,5.273682594,5.329237938,5.301460266,5.329237938,5.684057236]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291686985114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686985114,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291686985114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686985114,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="} @@ -199,21 +199,21 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687016591,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687016621,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687016621,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687016854,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBgB+0cnAAABAQgKVF\/gK8LXPFkWAwECAAEAAfwDA2TZVj7uQEkCD0qaduyi4bmVPP7zAKvO9+7Wlc8AMGeTIIS\/CXAHw3XUf20VSt6oh4Hf\/WTHeXksbYFJmbfF89a\/ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHgAcAAAZd3d3Lmdvb2dsZXRhZ3NlcnZpY2VzLmNvbQAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgYKiZy5yb0i6Knp9i3yjCivd+Ief6i7v0\/AghN6n2uzkALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687016854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687016854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024247,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024307,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024307,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024329,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024329,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024606,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBgB+\/A6AAABAQgKc6MlYsLXPGEWAwECAAEAAfwDA+eYPrfbBZwgBAyXsXNv1wHXo8qtfbtTLhb8K0WcNKMYICPAGuufUOrjlYhZGNPMkbG+4utdfOiWk6+0nf\/wCDAKACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAEQAPAAAMYy5hYXhhZHMuY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDX5C\/1o+HW81YAOCcijSyF5B3qZmeI0oMefLtlAIvWHQAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","domainame":"c.aaxads.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","domainame":"c.aaxads.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024727,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBgB+4vHAAABAQgKS\/picMLXPGEWAwECAAEAAfwDA5a9I0DX\/RoLLAwCTlolT1w7O+Tvbm6bAwmHB\/Gzvv4KIKCfkVZBs7YxSZgdkLoG0zKZeHzoKc6I+SIaE11zlfvtACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGgAYAAAVYy5hbWF6b24tYWRzeXN0ZW0uY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACC3JhULSj7xGhtoU9gOb9OIs2MhB9H2Fq8bhGiDmIiZGgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024727,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","domainame":"c.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024727,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","domainame":"c.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687053426,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687053426,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q+3bhHVgBALMPumAAABAQgKwtc8f1Rf4Cs="} -01391{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687060476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687060476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687060476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687060476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VNtBZw3gBALMMpCAAABAQgKwtc8iHOjJWI="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4V5AeQXgBALMHo2AAABAQgKwtc8iEv6YnA="} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687075726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687075726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","domainame":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687096859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687096859,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","domainame":"c.aaxads.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687075726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687075726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","domainame":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687096859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687096859,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","domainame":"c.aaxads.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687110047,"flow_dst_last_pkt_time":1605291687110135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10234,"midstream":0,"thread_ts_usec":1605291687110135,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8063.0,"max":43636,"stddev":14163.2,"var":200595904.0,"ent":3.1,"data": [31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0]},"pktlen": {"min":72,"avg":422.5,"max":1280,"stddev":490.0,"var":240053.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8148.7,"max":51019,"stddev":15066.4,"var":226995168.0,"ent":3.0,"data": [38538,38619,398,37312,14166,1,0,0,1,51019,20,3,2,2,2408,107,140,31274,2,1645,1,30239,111,3355,1,0,0,3233,8,2,2]},"pktlen": {"min":72,"avg":461.6,"max":1460,"stddev":586.5,"var":343946.1,"ent":4.0,"data": [80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0],"entropies": [4.836891651,5.211080551,5.205674171,4.514605999,5.057240963,7.814661026,7.847680092,7.865528107,7.842185020,7.380033970,5.243936539,5.243936539,5.155763149,5.188381195,5.132825851,6.139283180,6.518441677,7.254546165,5.029463291,5.029463291,5.057240963,6.252353668,5.243936539,5.873327255,7.877524853,7.827719688,7.871821880,7.839930534,5.243936539,5.243936539,5.271714211,5.271714211]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687485783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687485783,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -221,41 +221,41 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687512994,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687513017,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687513017,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687513279,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBgB+yruAAABAQgKu47G08LXPkUWAwECAAEAAfwDA8gKXcgEK+eLAD0eAVBdxP494QtA9Q6J19dpsrnIF6s\/IJFjz4OkKAOopoyn1vDuvI+kyb3ehZCReTI9qtpTfphWACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAIwAhAAAec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACCM+kww4XBsO9uZgHbtPEkxRf\/Li4AsKAzJSNegqbyUJAAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJqagABAAAVAL4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687513279,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","domainame":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687513279,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","domainame":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687514756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687514756,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687514756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687514756,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687545133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRno2fz1+kgBALMIFtAAABAQgKwtc+abuOxtM="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687545133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687545171,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687545171,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687545503,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBgB+1xOAAABAQgKJEDuscLXPmkWAwECAAEAAfwDA6sAiYRVVUdNeU6qgV+6RMsMCIZAzjq+68NrjIRzdTDzIH6Nje53IGXhSc03yuiyvZsWos5mhh1w53jt4PUlCtOeACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUcGxhdGZvcm0udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIAjq9VoWgWPxpcjAD3ywxiF\/9WPMGppuo1idcmIeMRgoAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAgoKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687545503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","domainame":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01398{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687552593,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687552593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","domainame":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687545503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","domainame":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687552593,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687552593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","domainame":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687592583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687592583,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx4ItjmZgBALMGodAAABAQgKwtc+mSRA7rE="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687606576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291687606576,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","domainame":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687606628,"flow_dst_last_pkt_time":1605291687606672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291687606672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","domainame":"platform.twitter.com","tls": {"version":"TLSv1.2","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92","blocks":0}}} +01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687606576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291687606576,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","domainame":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01693{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687606628,"flow_dst_last_pkt_time":1605291687606672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291687606672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","domainame":"platform.twitter.com","tls": {"version":"TLSv1.2","server_names":"platform.twitter.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92","blocks":0}}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687642048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687642048,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687642048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687642048,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687676357,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687676396,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687676396,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687678071,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBgB+7zOAAABAQgKwvhc4MLXPuoWAwECAAEAAfwDA2DQ5OxREVO95xl1cBrII9zoe+SeXEyLTL2RY3d38wEfIDXqjNmx1LhM5R6ahoCjZqYoEOLjS9cTu1r8mF5O4+z+ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAHQAbAAAYd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACC7Hzx8NSeckRnAno888LeBaZNAd1ZxsSahddbprKYQMwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687678071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687678071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687714410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687714410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuKDx70egBALMN9QAAABAQgKwtc\/EsL4XOA="} -01389{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687721930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687721930,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687721930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687721930,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687761761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687761761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687769797,"flow_dst_last_pkt_time":1605291687770512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":967,"flow_dst_tot_l4_payload_len":10018,"midstream":0,"thread_ts_usec":1605291687770512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8264.9,"max":43870,"stddev":14337.0,"var":205550432.0,"ent":3.2,"data": [34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0]},"pktlen": {"min":72,"avg":415.8,"max":1280,"stddev":486.5,"var":236643.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687790624,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687790646,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687790646,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687790793,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBgB+28mAAABAQgKW8SpBsLXP2AWAwECAAEAAfwDA36LmdTGhSoOn80oilyfPNGRp5C4BlBBz5Xd3jcwfMKTIAaF+rCsUiCOU8bqK7O8i4N8LINKpStTbOqmpKKpf9E2ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAFgAUAAARd3d3LmFheGRldGVjdC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIH6hi26DByeZiCnUzyO1ln0CmgKVhjsp0romzaxtOzIVAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAApqaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687790793,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","domainame":"www.aaxdetect.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687790793,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","domainame":"www.aaxdetect.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687800179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687800179,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687800179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687800179,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687820314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687820314,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUk0Stu9gBALMMj9AAABAQgKwtc\/flvEqQY="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687829410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687829478,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687829478,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687829706,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBgB+6QUAAABAQgKTX6NcsLXP4cWAwECAAEAAfwDAzHyJHiw4CvySm\/wmMZSj93xjRQIb\/7lSao6BEVVselnIDSsTTPKNSgpPqgoZjsi0To1XtuBv2kZEOLdyhUMYBkRACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAHAAaAAAXc3luZGljYXRpb24udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AINkx20sEA6mpd6uYYzNH4dLwnJuropRMU+claKQ8nqNoAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687829706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","domainame":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687852902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687852902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","domainame":"www.aaxdetect.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687829706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","domainame":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687852902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687852902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","domainame":"www.aaxdetect.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687858949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687858949,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkX\/jDnJgBALMKDhAAABAQgKwtc\/pE1+jXI="} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687896532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687896532,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687896532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687896532,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="} @@ -264,7 +264,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687932773,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687932816,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687932816,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687933001,"pkt":"qtsDr8lk5EKm5WPyht1gD27HAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBgB+23VAAABAQgKU50GIsLXP+0WAwECAAEAAfwDAxJYusyWMNRYvoQ+T4tcugZ+135RcPMs1\/0JBeRbWLApILhMdGMSectfNYNoyEPWiVIYjZ7g96RKtpDC\/RD8oUA2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAEQAPAAAMaWQucmxjZG4uY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC0arZ4rxNjn4Xd+ejLnNmuK7Q67NTZpqnUAPkLrcpuSgAtAAIBAQArAAsKWloDBAMDAwIDAQAbAAMCAALa2gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933001,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","domainame":"id.rlcdn.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933001,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","domainame":"id.rlcdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687933355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933355,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687933355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687933355,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687934638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687934638,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -272,26 +272,26 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687966627,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687966647,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687966647,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687966872,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBgB+zFNAAABAQgKcJK4icLXQBAWAwECAAEAAfwDA3WeIBLYdziEEn7QNz0OGHsUEusI6KY9\/RKF89EV1ileIBMHWJUBm+OFCD0sy0ylrulb4WElhpq\/dz7TuTzNb3wqACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFAASAAAPd3d3LnlvdXR1YmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBnIwLwO9uU6L4jUM5auBmPbrs7aOwSFobkFewcQ7OAAwAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687966872,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687966872,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPR32HzbgBALMG3oAAABAQgKwtdAFVOdBiI="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687974730,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974730,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687974969,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsAiUGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBgB+zY3AAABAQgK14pipMLXQBAWAwECAAEAAfwDA3sf7LZhCKu3FcQtfQQXpjU\/yJNKxK1Wu7mS7O\/nW0esIK9NcmR4uxEXTx0wl0DqrASosxQJ8d8M7I15cNDqZSjgACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGgAYAAAVc2VjdXJlLnF1YW50c2VydmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBi6uz3bgjuw2Flzm3cT5QZ5PbRQ8kZgg4sjV4aUfzKPgAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687974969,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","domainame":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687974969,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","domainame":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687975138,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687975186,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687975186,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687975399,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBgB+6HOAAABAQgKUckwIcLXQBUWAwECAAEAAfwDAyyfGNXrQuJaooVOSAZWYwrICVdKySe7AfwbUmNJLrj6IPGtMcg+xk+\/4O6dPXPeOmaj7v3Le548CiQfbZu3tkOqACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACCtpKM+O77uTAjQEIT6uCXqvuLVOHqvZMFLfC1DKm+WSgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687975399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":776,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687976086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687976086,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","domainame":"id.rlcdn.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687975399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":776,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687976086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687976086,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","domainame":"id.rlcdn.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688019659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688019659,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoXRRdT8gBALMNnKAAABAQgKwtdAO3CSuIk="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688020339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688020339,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5bSRupQgBALMKljAAABAQgKwtdAPNeKYqQ="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":789,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688024605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688024605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":789,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688024605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688024605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688025071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5dhGO8qWgBALMDrJAAABAQgKwtdAQVHJMCE="} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688025072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688036417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","domainame":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01785{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":1605291688036418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","domainame":"secure.quantserve.com","tls": {"version":"TLSv1.2","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90","blocks":0}}} -01414{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291688046248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688046248,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","domainame":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01860{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688046258,"flow_dst_last_pkt_time":1605291688046580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3439,"midstream":0,"thread_ts_usec":1605291688046580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","domainame":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688025072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688036417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","domainame":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01744{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":1605291688036418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","domainame":"secure.quantserve.com","tls": {"version":"TLSv1.2","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291688046248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688046248,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","domainame":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01819{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688046258,"flow_dst_last_pkt_time":1605291688046580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3439,"midstream":0,"thread_ts_usec":1605291688046580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","domainame":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F","blocks":0}}} 02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688258109,"flow_dst_last_pkt_time":1605291688258300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":10685,"midstream":0,"thread_ts_usec":1605291688258300,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20958.0,"max":180245,"stddev":38814.9,"var":1506599424.0,"ent":3.3,"data": [41345,41375,239,45639,16078,1,0,61463,16,3,3880,365,125,94049,180245,10480,2,92307,53,428,5467,8019,1891,14882,15513,1,15533,36,263,0,1]},"pktlen": {"min":72,"avg":446.9,"max":1460,"stddev":554.6,"var":307585.9,"ent":4.0,"data": [80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460]},"bins": {"c_to_s": [10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1],"entropies": [5.270193100,5.621731281,5.459350586,4.656135082,5.421088219,6.918155670,7.356199741,7.583865643,5.431572914,5.431572914,5.348239899,6.523558617,6.440567493,7.245548248,7.233427525,5.403794765,7.155272961,6.347721100,5.459350586,5.459350586,5.820535183,5.393310547,5.355048180,6.026633739,5.409216881,7.855928898,7.870290756,5.487128258,5.459350586,7.867146015,7.870689869,7.867941856]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688324076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688324076,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688324076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688324076,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="} @@ -302,21 +302,21 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688365155,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688365176,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688365176,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688365341,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBgB+7buAAABAQgKfyZLNcLXQZgWAwECAAEAAfwDA4SpSUX6niItAQ8Maifw8WwrZv9VwJth3ahSGxyzgKqiIJ+TN+GJohJ\/sCFH1vMdRLlZ2ieR3T3a5tv50MEc6iCkACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACD\/3R8L0Iz+Y65v46jR4P68ZYP7Yr6kSULFXg4YFIANVgAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688365341,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688365341,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688370931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688370943,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688370943,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688371089,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBgB+970AAABAQgKfyZLO8LXQaMWAwECAAEAAfwDAwgp1anJVpvxZgRnK\/Ii+gtEvGbJCYcqFRsrqueQf6vRIJCDNh4n+qlo6kd0ODvy\/AwDjBO0nZ+gYy2KZgyiYgg0ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACCaFYCIYTRmnTxfH8RhAM0mES96Hrj9vGr3nYL6Ox9VMwAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688371089,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688371089,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688371819,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688371834,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688371834,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688372055,"pkt":"qtsDr8lk5EKm5WPyht1gATUNAiUGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBgB+yzJAAABAQgKCLeWs8LXQaUWAwECAAEAAfwDA9hatQx\/QktbULCFc2FQNgXPGrp+qPvBQrE5NDlBZlE\/IMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3ACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUcnVsZXMucXVhbnRjb3VudC5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIOhk20ZK7Hqhb4\/e3Kx4aK6U4Kcjb5InvqFomt\/cTww3AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688397011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688397011,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBALMC9uAAABAQgKwtdBun8mSzU="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408044,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBALMCKeAAABAQgKwtdBvn8mSzs="} -01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":915,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":915,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","domainame":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688408515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408515,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBALMNufAAABAQgKwtdByQi3lrM="} -01371{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":925,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":925,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","domainame":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688488430,"flow_dst_last_pkt_time":1605291688495517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":4278,"midstream":0,"thread_ts_usec":1605291688495517,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10832.1,"max":42730,"stddev":14959.8,"var":223794400.0,"ent":3.6,"data": [41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540]},"pktlen": {"min":72,"avg":250.0,"max":1460,"stddev":362.6,"var":131502.0,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72]},"bins": {"c_to_s": [11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1],"entropies": [4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46567.4,"max":216552,"stddev":67587.7,"var":4568099328.0,"ent":3.6,"data": [29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106]},"pktlen": {"min":72,"avg":258.4,"max":1460,"stddev":353.4,"var":124913.6,"ent":4.1,"data": [80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338]},"bins": {"c_to_s": [9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1],"entropies": [4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688611238,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -324,9 +324,9 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688654248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688654303,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688654303,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688654612,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBgB+9l4AAABAQgK9jYFScLXQr4WAwECAAEAAfwDA46RLPCXby2v1fhhEaIIot6g8XiGmSWLgLgejrMgyw66ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZY2RuLnN5bmRpY2F0aW9uLnR3aW1nLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAgkrvLnn5W3A5xznxU8nIj0ij8otKT8iVeuL\/XwL97plwALQACAQEAKwALClpaAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688654612,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","domainame":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688654612,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","domainame":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688695528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688695528,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cXxd2mUgBALMDnoAAABAQgKwtdC5\/Y2BUk="} -01395{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688705717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605291688705717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","domainame":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688705717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605291688705717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","domainame":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688712501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688712501,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688749044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688749044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -334,14 +334,14 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688754068,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688754101,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688754101,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688754330,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBgB+7qNAAABAQgKhYsnu8LXQxcWAwECAAEAAfwDAyXaTUGeswmyVM8\/Dl2Qf5fitrGFmVKyru8OELloUAwbIMUqQj\/L7tNTcV3UD9UpA2mjeLajzAaCv8lzw2\/F86fvACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGwAZAAAWc3RhdGljLmRvdWJsZWNsaWNrLm5ldAAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkJbXOIyvxcmniIJLU3Qom4gz6w8\/FjW9fJVELvdvcGIALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACWloAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688754330,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688754330,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688786435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688786460,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688786460,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688786633,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBgB+9LpAAABAQgKbf\/JGMLXQz8WAwECAAEAAfwDAxslW\/nV6n4TSU+WU427vUmpkTBTAfJMCiXCjsW6jsM1IDI9pBtUEgNPXXn3m6DfkXTykQkxvHtW6AlECtSxtZwqACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AIOcwVI1IhWdfqyJF52U0JaQN9BKpJPL3krZ3EsrflGwKAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAvr6AAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688786633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688786633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688794873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688794873,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqlUIR8KgBALME23AAABAQgKwtdDSoWLJ7s="} 02200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1040,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688786771,"flow_dst_last_pkt_time":1605291688811895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5905,"midstream":0,"thread_ts_usec":1605291688811895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12135.2,"max":51136,"stddev":17866.3,"var":319203328.0,"ent":3.5,"data": [43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249]},"pktlen": {"min":72,"avg":307.8,"max":1280,"stddev":396.4,"var":157103.1,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1],"entropies": [5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01390{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688813598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688813598,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688813598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688813598,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","domainame":"static.doubleclick.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688830061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688830061,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1055,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688831210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688831210,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -351,42 +351,42 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688843899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843899,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688843948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843948,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} -01362{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1062,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688848925,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688848925,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1062,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688848925,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688848925,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889231,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889272,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889272,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889299,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889299,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="} 01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889651,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBgB+wBCAAABAQgKN\/P3psLXQ6cWAwECAAEAAfwDAznRqrI3BjpH0fMAjhWc3pmJOvHC\/\/j965\/A5lDlxh6gIDLxR7\/ypcsELHSllGpRYQ5lC32jGxm0ISoXtgzdDW32ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AILgo0nok9EKnwiVyB76v1YPllAYprQfO501YUPqbQH86AC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889651,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889651,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889830,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBgB+\/TaAAABAQgKN\/P3psLXQ6YWAwECAAEAAfwDAy7heESofJEzNLpKC6m4EcWF3nwglvjLt2LPUv7yUvYtICOazh2ftjIMIz\/UcLVP0+BLLLQerkGXc0LbFnQmwjmQACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AINLvbr+LEAbtuJUEM5hwiBTekJnwVlsSGnoYC4BLgTo4AC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAhoaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1105,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1105,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688893806,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688893841,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688893841,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688894065,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBgB+5EWAAABAQgK7uBN0cLXQ5kWAwECAAEAAfwDAw\/cwYtpk8EY2nFSet6HfhMTIva07YBjsHCyF\/EXCY4lIET\/tOg8vSE9lW4MNj+8zcNcKH9YOh6jVhMXDVw4Nj\/KACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEgAQAAANeXQzLmdncGh0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgNH1NsmWXDLZE3tZCuT77ObLFazHLQDqNeh9VcGafUUsALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgACWloAAQAAFQDPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688894065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688894065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688894545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688894570,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688894570,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1125,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688895635,"flow_dst_last_pkt_time":1605291688895679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":990,"flow_dst_tot_l4_payload_len":9898,"midstream":0,"thread_ts_usec":1605291688895679,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9458.9,"max":62320,"stddev":17558.3,"var":308293920.0,"ent":3.0,"data": [37391,37416,173,47446,15044,0,62320,24,361,320,2535,232,269,39947,114,0,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1]},"pktlen": {"min":72,"avg":412.8,"max":1280,"stddev":483.3,"var":233579.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1],"entropies": [4.742643356,5.251736641,5.156122208,4.431118965,5.052281380,7.795456409,7.833138943,5.183899879,5.183899879,7.222666740,5.183899879,6.136840343,6.526112080,7.291018963,5.080059052,5.080059052,5.107836723,7.666177273,5.098598480,5.762085438,7.464744568,5.183899879,7.830111027,5.156122208,7.819734097,7.865944386,7.829904556,5.128344536,5.156122208,5.100566864,7.822502613,7.162058353]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688895701,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBgB+10nAAABAQgKRJp1B8LXQ5oWAwECAAEAAfwDA7oV79R4wHgRAL7AbVXE9v058PsBigjvSIOLh78hsprPIH89NlzV0TnECw3jtHrFgKXeJLtftYSCOzC0pH+h068qACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEAAOAAALaS55dGltZy5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIDrwMaG6jpMb0YufYlUyECjXCvQ2CIEExX7BF92xG1MCAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAvr6AAEAABUA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688895701,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688895701,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688954910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688954910,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E6f1aoAgBALMF7QAAABAQgKwtdDyDfz96Y="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688962330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962330,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfioiqsGWgBALMK\/YAAABAQgKwtdDzO7gTdE="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688962332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962332,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvadMy73ygBALMP2JAAABAQgKwtdDzUSadQc="} -01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688963049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688963049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","domainame":"i.ytimg.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688963102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZEVbpSPcgBALMGx9AAABAQgKwtdDyDfz96Y="} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688963103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688963103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","domainame":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291689005944,"flow_dst_last_pkt_time":1605291689006046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":8982,"midstream":0,"thread_ts_usec":1605291689006046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11350.6,"max":68993,"stddev":22767.9,"var":518376128.0,"ent":2.8,"data": [63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0]},"pktlen": {"min":72,"avg":385.7,"max":1280,"stddev":459.2,"var":210886.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1],"entropies": [4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689408040,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689408040,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689433785,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605291689433808,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291689433808,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291689434011,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBgB++8gAAABAQgKqXTzLcLXRcsWAwECAAEAAfwDA6RBXFL39VgIijsWwJFOltTc3vBqkkKxNvmogVMM7+5TILt5Vv+iuY3iWQRNNnRaBO\/M2VarJ+AOmhROa9hHR21oACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASZ2F0ZXdheS5yZWRkaXQuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACALvUrkozxMntRnju+5MswRTyImrHAw8nJkdOYI+WcPaQAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1223,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689434011,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","domainame":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1223,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689434011,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","domainame":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291689577974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cITj6OMgBALMHnhAAABAQgKwtdF6al08y0="} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1225,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291689577976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","domainame":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01673{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1229,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689578012,"flow_dst_last_pkt_time":1605291689578047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291689578047,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","domainame":"gateway.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1225,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291689577976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","domainame":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01632{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1229,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689578012,"flow_dst_last_pkt_time":1605291689578047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291689578047,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","domainame":"gateway.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81","blocks":0}}} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689629927,"flow_dst_last_pkt_time":1605291689672104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":4392,"midstream":0,"thread_ts_usec":1605291689672104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15675.8,"max":144189,"stddev":36484.9,"var":1331146624.0,"ent":2.7,"data": [25745,25768,203,144189,2,0,143997,4,71,1,41,7,2508,597,1253,49737,1,0,1,45397,18,103,1,65,704,437,888,38392,2516,1067,2238]},"pktlen": {"min":72,"avg":263.2,"max":1120,"stddev":320.8,"var":102914.8,"ent":4.2,"data": [80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114]},"bins": {"c_to_s": [9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1],"entropies": [4.857011795,5.259831905,5.179864883,4.529115200,5.055853844,6.908260822,7.364731312,5.245904922,5.218127251,7.327914715,7.541935444,5.162571907,5.218127251,6.139030457,6.351455688,7.439690113,5.166965008,5.139187336,7.125073433,6.245332241,5.235420227,5.273682594,5.139187336,7.450459003,5.273682594,5.556783676,7.574505329,6.164192200,5.085018635,5.139187336,5.139187336,5.963419437]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690373466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690373466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690373466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690373466,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="} @@ -395,11 +395,11 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690396189,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690396234,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690396234,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690396643,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBgB+zbbAAABAQgKVF\/tX8LXSY0WAwECAAEAAfwDA64SJmrzxm107yvjOKaI1Pu1cjYSBc\/95exz0rjqcLhjILOfYHr0cqvSKZIJSl3WjM8QRUOiyuVNGA\/I6TMdHCRqACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGAAWAAATYWRzZXJ2aWNlLmdvb2dsZS5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAg3\/\/2kWIRuw+qhxFZZt2KiDOELUjK40mC0jcHETc2SkcALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgAC2toAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690396643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","domainame":"adservice.google.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690396643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","domainame":"adservice.google.fr","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690402898,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690402927,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690402927,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690403285,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBgB+\/ThAAABAQgKDGYnPsLXSZQWAwECAAEAAfwDA4n27fFOQ6rPQPzYRqsTa+ksdP+rX8jQfVLwbnF3RpAXIBwq2w1JrwHlb\/2ndJG1eusXeLh3OPImRURXIKxQ06mYACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUYWRzZXJ2aWNlLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIA4zyVNHsOh16GCQNKxzMVItdEoHGWpyv6xL6OCprXNaAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690403285,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690403285,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1279,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690405354,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690405354,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690421002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690421002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -409,18 +409,18 @@ 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690440084,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690440123,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690440123,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690440589,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBgB+yZ+AAABAQgKApQ\/JMLXSbcWAwECAAEAAfwDAzHDxH8OuokaXnmRWM2CrbjAfCHYM2BC4ANSO6awxT1HIBoNB1TgmMo5CTve1OPkdOp8A4hHU4yRFabWOk7A1qHlACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAHwAdAAAaYWF4LWV1LmFtYXpvbi1hZHN5c3RlbS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIEwwmHcuEXQApsPC5EO8tn5U4uHYbi4IBrp\/HgLH72EYAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAgoKAAEAABUAwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690440589,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01372{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1286,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690448852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690448852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","domainame":"adservice.google.fr","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690440589,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1286,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690448852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690448852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","domainame":"adservice.google.fr","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690449108,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="} -01386{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1289,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1289,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"adservice.google.com","domainame":"adservice.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690449141,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690449141,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690449801,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBgB+08XAAABAQgKXwTqpcLXSbcWAwECAAEAAfwDAxCE81jPge8Q+eqa2\/VX8jLyZJaHeUn1XbD4+8ZfZCrNIP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAARQBDAABAOGE3NTVhM2ZlZjBiMTg5ZDhhYjViMGQxMDc1OGY2OGEuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACOrqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp6uoAAQAAHQAg8Yk1cLvPAYaln8LnFtEe1h9mnh8DzZmOv04zXf8MiXgALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACGhoAAQAAFQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01429{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01388{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690482348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482348,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBALMDKbAAABAQgKwtdJ3AKUPyQ="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690482349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482349,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBALMOG0AAABAQgKwtdJ318E6qU="} -01474{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01424{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690501383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1605291690501383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690502241,"flow_dst_last_pkt_time":1605291690502750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5440,"midstream":0,"thread_ts_usec":1605291690502750,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B","blocks":0}}} +01433{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","domainame":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690501383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1605291690501383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690502241,"flow_dst_last_pkt_time":1605291690502750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5440,"midstream":0,"thread_ts_usec":1605291690502750,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","domainame":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B","blocks":0}}} 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1364,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690511816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291690511816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7680.9,"max":45875,"stddev":12464.9,"var":155373568.0,"ent":3.4,"data": [18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526]},"pktlen": {"min":72,"avg":280.1,"max":1280,"stddev":371.7,"var":138197.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1],"entropies": [4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1383,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1397,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926655,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -446,7 +446,7 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690952219,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690952238,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690952238,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690953297,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBgB+1vDAAABAQgKGsMWusLXS7YWAwECAAEAAfwDA96WEVYjbITPXvxDhOji6nCQdC0KhgTdN6+o+9OqeXt9IDI6n9jVTXE+7b4jG8xDV1LuLRTUARgCyh8fXh42V1VjACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACC0+5SyJ2jt8tT3w+Is8x7czlNEdFH4IL1ppCYO49RWZwAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAKKigABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690953297,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690953297,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954541,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954562,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954562,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954643,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} @@ -454,57 +454,57 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954649,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954649,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954655,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954655,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954747,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBgB+8dGAAABAQgKGsMWu8LXS70WAwECAAEAAfwDA3+7YXN8uULghjn9Yx4k2QYB36376hmbrRggZ0eXr\/9+IP2iD+DA1k36xX9GOoNszd6eNYaj3dekN9x\/XE8bE1dIACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIOjoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACk6OgABAAAdACBER8lo38zcpkmaCPLiXoa6+JDbprOR\/VESBxZzwiOrBgAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954937,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBgB+yg+AAABAQgKGsMWu8LXS70WAwECAAEAAfwDAwV9PSLZiieFTsrwb5ePEiAq+zIrQhR0EBkPYuTZcw2xIK9+Ya8AvxlseoGAhp8z2wcy4GRd\/2tgmLnTQoGAr7lmACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACCDMYORaya1YaUyb39J38cNu+oTtZdlNYXEhdiyzjyDBAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAALKygABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954937,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954937,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955129,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBgB+8QTAAABAQgKGsMWvMLXS70WAwECAAEAAfwDA9NQXnr9EPQV5HU7sHg21zD\/k9mVMQCLGTscCRIJvvLdIGZv95UrdgGMWa\/TkNOulH2VrZ4BEKc4CasnxiGwlqMaACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACBaC+dtrwuc9yhJo5wqXEwHFEsHVbwYnP6Z3gN8xzV+DwAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAJqagABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955375,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955404,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955404,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955522,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955530,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955530,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955637,"pkt":"qtsDr8lk5EKm5WPyht1gClWEAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBgB+4TBAAABAQgKGsMWvMLXS70WAwECAAEAAfwDAyJmBycAvyCH8SnNB2CBC3yfxoIM+Ymce0POg8ZwpXtBIH9PfR9yCxA5tGPPT4cExrc3Qkmd4YTExNykGp6bEZH3ACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACA6eb9HkRnUV512a5EvGRTLrw7IdAlKbphWjXQpKHePSAAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955751,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBgB+7ghAAABAQgKqlQMysLXS70WAwECAAEAAfwDA0MhDCfgcZQW\/qt2QzKimm0T\/Isca8JmVqeJQDbrvBrqINQ4uQD4cMulecpeDh4RGq5zfSr3G28+STtUMIilUyfGACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUZm9udHMuZ29vZ2xlYXBpcy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIKLIRrB\/9d\/081INPFyx1jcz47jhpMuBOz2amAM9LokCAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAAsrKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955751,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955751,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956458,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956458,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956464,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956464,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956563,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBgB+weLAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA\/KqVcb+jqsuy+pc9KilYVgZAEzQ86cjwq67GKq7nQtaIOrgXduV1ht3HJ4NSaQ01nhk1SGFsiLuJ4S0a7eBU0YJACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApCgoAAQAAHQAgQy2WiyCHDU6V4a0QbWLV7\/15JREGysw3jo2qrGJjK34ALQACAQEAKwALCqqqAwQDAwMCAwEAGwADAgACCgoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956563,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956563,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956668,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBgB+7CTAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA4K6LYgb9peQAaC+yGKSfQ44ncZ84XdNSq8PqNFo+UyoIJHCilmb8BVAxV8SeOqltgKl5o0ytImnEj4UpvBg7WThACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgMcGXgSTPtAvtHwaBrppAs1ogUhPlYdie8\/zN2rMve0cALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgACiooAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956668,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956668,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957477,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957477,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957484,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957484,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957577,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBgB+\/1RAAABAQgKuJU7U8LXS78WAwECAAEAAfwDA65NQ9z+8vgCXkINXWcIT6WxgXSerIkD30OtzZ9Uf8RRIDWtk7CyEcZiHB5uWIXfY5Croj84Q3kSS9jhYTHY4t\/XACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAZPl\/EpHfkyE8GocRMfQRm6hqCG5SYQknfR1D0l4PTwALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACKioAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957682,"pkt":"qtsDr8lk5EKm5WPyht1gB5miAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBgB+673AAABAQgKuJU7U8LXS74WAwECAAEAAfwDA+YyRlzceVtjHpKgho8tByOApAEJPG4M0zvRjAEsHgJBIF8\/qPM2GhQmlTMTYTjE9hyVNZH92oU6Aa5vM+YWAZkYACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACKqqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApqqoAAQAAHQAgklNVX2zbnVcJGiMo7ZekGZnIRwL3wUnQ0+pmG+dpG2cALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACmpoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1437,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957682,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1437,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957682,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690983708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690983708,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefWD3l9PagBALMKz6AAABAQgKwtdL2hrDFro="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690987243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690987243,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltTCUkfqgBALMEDkAAABAQgKwtdL3RrDFrs="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690989609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690989609,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9dMt7V0gBALMKHqAAABAQgKwtdL3hrDFrs="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690990862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690990862,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690990862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690990862,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690991527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690991527,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6zQxs7vgBALMI8TAAABAQgKwtdL4RrDFrw="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690992341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690992341,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6egzuyZagBALMOuCAAABAQgKwtdL4RrDFrw="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1467,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690992851,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690992851,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690993446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690993446,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2lpkCswMgBALMBc4AAABAQgKwtdL4qpUDMo="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690994995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690994995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690996121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690996121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690994995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690994995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690996121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690996121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690996246,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996246,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8sr4sDhgBALMKYUAAABAQgKwtdL5LiVO1I="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690996826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996826,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkNjbNmkgBALMFZsAAABAQgKwtdL5biVO1I="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690998160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998160,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3qeEC9HgBALMF5GAAABAQgKwtdL5riVO1M="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1501,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690998161,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690998161,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1501,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690998161,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690998161,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690998162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998162,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi8YaA0rgBALMIaIAAABAQgKwtdL5riVO1M="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690999060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01382{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1527,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690999503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291691002443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691002443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291691003085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003085,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1546,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291691003087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1556,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291691004686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691004686,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690999060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","domainame":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01341{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1527,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690999503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","domainame":"fonts.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291691002443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691002443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291691003085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003085,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1546,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291691003087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1556,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291691004686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691004686,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","domainame":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291691029572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":1605291691029601,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="} 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1666,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691067608,"flow_dst_last_pkt_time":1605291691069122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":6622,"midstream":0,"thread_ts_usec":1605291691069122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9126.0,"max":45897,"stddev":14144.4,"var":200064000.0,"ent":3.4,"data": [29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1]},"pktlen": {"min":72,"avg":320.9,"max":1280,"stddev":398.4,"var":158685.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1],"entropies": [4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} @@ -514,10 +514,10 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1831,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696965238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1605291696965302,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291696965302,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291696965939,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBgB+wO1AAABAQgKUiG5tMLXYzcWAwECAAEAAfwDAwHqoerYjfOaFlsdXktRRD3igdgx3qxQ0CcSKew4vtFlIIbnh\/g\/aalJEnrSSRBrTzEV6+fgBkXEzuoX27iz\/grEACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGAAWAAATZDkuZmxhc2h0YWxraW5nLmNvbQAXAAD\/AQABAAAKAAoACMrKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApysoAAQAAHQAgPbO2qWewDD8TkBGwdmJPtUCWKvxNvYBt\/Ur80maJ31sALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1833,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696965939,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1833,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696965939,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697012854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291697012854,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxZ4xyoagBALMGwaAAABAQgKwtdjZlIhubQ="} -01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1835,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697033621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291697033621,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01776{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1841,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697033689,"flow_dst_last_pkt_time":1605291697034463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5484,"midstream":0,"thread_ts_usec":1605291697034463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3","blocks":0}}} +01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1835,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697033621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291697033621,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1841,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697033689,"flow_dst_last_pkt_time":1605291697034463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5484,"midstream":0,"thread_ts_usec":1605291697034463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","domainame":"d9.flashtalking.com","tls": {"version":"TLSv1.2","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3","blocks":0}}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688896703,"flow_dst_last_pkt_time":1605291688963146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1029,"flow_dst_tot_l4_payload_len":9937,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688470730,"flow_dst_last_pkt_time":1605291688502649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":6261,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":37,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291698436193,"flow_dst_last_pkt_time":1605291698440198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1474,"flow_dst_tot_l4_payload_len":17331,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} @@ -532,7 +532,7 @@ 01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291691053408,"flow_dst_last_pkt_time":1605291691053353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3236,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291691064462,"flow_dst_last_pkt_time":1605291691064427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3234,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01026{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291691062791,"flow_dst_last_pkt_time":1605291691062731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3235,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -01089{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01196{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291688340797,"flow_dst_last_pkt_time":1605291688340782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":534,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2175,"flow_dst_tot_l4_payload_len":4448,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691088193,"flow_dst_last_pkt_time":1605291691119107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1026,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com"}} @@ -579,7 +579,7 @@ 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688976798,"flow_dst_last_pkt_time":1605291689005094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":976,"flow_dst_tot_l4_payload_len":3675,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688883590,"flow_dst_last_pkt_time":1605291688927912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291688031097,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":3824,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1942,"packets-processed":1942,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1605291698602574} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1942,"packets-processed":1942,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1605291698602574} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1942/1942 ~~ skipped flows.............: 0 @@ -588,9 +588,9 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8412372 bytes -~~ total memory freed........: 8412372 bytes -~~ total allocations/frees...: 117405/117405 +~~ total memory allocated....: 8989988 bytes +~~ total memory freed........: 8989988 bytes +~~ total allocations/frees...: 129137/129137 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars ~~ json message max len.......: 2209 chars diff --git a/test/results/default/resp.pcap.out b/test/results/default/resp.pcap.out index 6a3bd737c..9f48da6e7 100644 --- a/test/results/default/resp.pcap.out +++ b/test/results/default/resp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702898943330035} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702898943330035} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943330035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702898943330035,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943330035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702898943330035,"pkt":"8C90rUP1aFRakVvWCABFAAA82P1AAEAGLqnAqFjdwKhY58qqGOuGnszoAAAAAKAC+vAzRAAAAgQFtAQCCAoubDTVAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943333135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702898943333135,"pkt":"aFRakVvW8C90rUP1CABFAAA8AABAAEAGB6fAqFjnwKhY3RjryqrbKb5Ohp7M6aASfHA16gAAAgQFtAQCCAr2ajg9Lmw01QEDAwc="} @@ -9,7 +9,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1702898943333759,"flow_dst_last_pkt_time":1702898943335142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1702898943335142,"pkt":"aFRakVvW8C90rUP1CABFAAA0AAVAAEAGB6rAqFjnwKhY3RjryqrbKb5Php7M+oAQAPngFgAAAQEICvZqOD8ubDTZ"} 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898964665655,"flow_dst_last_pkt_time":1702898964668744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":20272,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":90193,"midstream":0,"thread_ts_usec":1702898964668744,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":1376591.2,"max":15069914,"stddev":3743897.5,"var":14016768376832.0,"ent":2.2,"data": [3100,3194,530,2007,1366,2825,76,62,1842,1818,38,30,46,26,1566,1613,57,43,730,714,27,27,56,44,3178194,3181407,3266,15066911,15069914,3076323,3076477]},"pktlen": {"min":52,"avg":2873.3,"max":20324,"stddev":5036.0,"var":25361708.0,"ent":3.2,"data": [60,60,52,69,52,7292,52,7292,52,10188,52,14532,52,4396,52,2948,52,20324,52,5844,52,5844,52,12041,52,66,59,52,52,52,94,57]},"bins": {"c_to_s": [16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1],"entropies": [4.792549133,5.312701702,5.078045845,5.327735424,5.053296566,4.681052208,5.026988029,4.653189182,4.962661266,4.634037495,5.154969215,4.594288826,5.154969215,4.638483524,5.169486046,4.692945957,5.207947731,4.656515121,5.116507530,4.706604004,5.169486046,4.658525944,5.078045845,4.651947498,5.169486046,5.347818375,5.210581779,5.207947731,5.246409416,5.053297043,5.398960114,5.159096241]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RESP","proto_id":"182","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":17,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898971841005,"flow_dst_last_pkt_time":1702898971840965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":20272,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":90212,"midstream":0,"thread_ts_usec":1702898971841005,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RESP","proto_id":"182","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1702898971841005} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":39,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1702898971841005} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908768 bytes -~~ total memory freed........: 6908768 bytes -~~ total allocations/frees...: 114177/114177 +~~ total memory allocated....: 7486364 bytes +~~ total memory freed........: 7486364 bytes +~~ total allocations/frees...: 125908/125908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2189 chars diff --git a/test/results/default/riot.pcapng.out b/test/results/default/riot.pcapng.out index be5606396..6ae314d52 100644 --- a/test/results/default/riot.pcapng.out +++ b/test/results/default/riot.pcapng.out @@ -1,21 +1,21 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679740451287612} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1679740451287612} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1400,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740451287612,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaetAANwGmP00KYeHwKgaFgG7ymlvVZVZdql7b1AQAG415gAAFgMDD+sLAA\/nAA\/kAAdYMIIHVDCCBjygAwIBAgIQD6KljRei+mqTVyEujADhITANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIyMDMyNDAwMDAwMFoXDTIzMDQyNDIzNTk1OVowgdAxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc0MTU1ODQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxGTAXBgNVBAoTEFJpb3QgR2FtZXMsIEluYy4xGjAYBgNVBAMTEWVrZy5yaW90Z2FtZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus13vndQVpCZQ\/6PU8G+iDtU3rn+bD7d3d5AQ0WHga2RFZSUS4+6wZSACw1hvY9jxBAMKhZCGI2lsyH3XsGZcqmDGaQNAesHLuc6DvGlXCziBRbNOFBP05C\/on20exh8HLy3EJ\/LZMxR89Y3ZwTAOu691hgcmW6+p0X71KlNaQIO7fGLFtbN4DanvTd4uh5guifZZf9uVE7Y\/bar80NdArcGHl+U6zztdb3TJScjZRMR153rnT1qzYEjEUWDpFzWAVWCPkDLeueyPLhUoG8Wi4cDjpqnNqH4oHo2cbTeuoG+8\/gGed9TZeQgA9QE3N7f5bmLcS7A7+s47IsJ1RrFgQIDAQABo4IDgjCCA34wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFFeL4L3PsxfrUVsE8HMc96hHy9G1MDQGA1UdEQQtMCuCEWVrZy5yaW90Z2FtZXMuY29tghZ0ZXN0LmVrZy5yaW90Z2FtZXMuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG\/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf70O7bsAAAQDAEYwRAIgZcAfjxYIGLSb7O8oj5RjpQ8KzltiTGJYuU6CKygHjkICIGg7XyVQ50yZJpsXatTr+CnOqs1Ofw9NfwN15OxsGC1WAHUANc8ZG7+xbFe\/D61MbULLu7Y="} 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaexAANwGmPw0KYeHwKgaFgG7ymlvVZrRdql7b1AQAG4YEQAAJyAmUeo\/4SrvqAPDO9ZMAAABf70O7ewAAAQDAEYwRAIgbExkqx\/44d4BgvWQpdxRieBSelu86su7x8R8AGdR3CsCIDADQRj1HF0cGtcNaC1YS22cWe09BnL84k7bSvuslPfPAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF\/vQ7uDgAABAMARzBFAiEAsAO\/XUJkEUyCF1g0U+MQyf6ugkG6ZlpEvNTq+J8MobECIG4mIF3E1GfYS4up\/O+nPD3Fc6JMxp0dsgeIANHAro39MA0GCSqGSIb3DQEBCwUAA4IBAQBArYmu+AQtIEuKrCGgjIojRxWSY2o6aMd1q3E29BWJDeZO56UpuaUbOuK97nyjGup3Lr6fQa5e3qpL\/uejTwGkV4SeqDKMuM5D3q0MuOU0ekxfpXSxhGONh14TIDMQ1w0Z2\/HKDfIECyfBEfg5XhF7XcI3eKoTogXveVOzeFDgPja2UbS6HAh\/z7JYI+q3ymzgJIgWN15ksiiDFZVmRjD0VfmxNorVeBx6P86FPbnEVCiBXKe6fvuPwRCgTcjwUE377F7XetwlfTxcK\/rgSX8BPdMUonImi5ilfgK+EHj9++mKQrwbgVoka3afJB6Z6A3\/2l4WB5hZvkSD0v9l0LZHAAPJMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE\/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH\/BAQDAgGGMA8GA1UdEwEB\/wQFMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe\/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR\/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CA="} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1334,"pkt_l4_len":1300,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUoae1AANwGmXM0KYeHwKgaFgG7ymlvVaBJdql7b1AYAG6l\/wAAMdv0unAmXZBgnrxLFwkvtMseQ2jJByfB0lz36iG5aBKcPJy\/nvyAXJtjzexHqiUnZ6A38wCCfVTXqfjpLhOjd+gfSgAEujCCBLYwggOeoAMCAQICEAx5qUSwjBGVIJJhX+JrHYMwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIxMjAwMDBaFw0yODEwMjIxMjAwMDBaMHUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNDAyBgNVBAMTK0RpZ2lDZXJ0IFNIQTIgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXU6QEUfiZphZIS2cnqpNJ0DntDLCwAIfxZyiGhYyOY9q8sUA44tP17KUFGLg9PsWZFzLsGIz68QymZCGFywcQNLBSiCsfaJvSsY8SsLPS54gfH+84d1RTX4B5Py4aqqgeSysNq7djuTW3fRS8WUvfUUrSoeIM4pCCh2qu6tdk1phV6P2vGlBsVLwR8v1K8p27fw701b6OFokSVdjAcTTu9twt7MSHJYaN2CHksE0Midw5Jhfd9teUhdgEIXCdb2\/\/XLoZ4UXLVlcofhwNQVeqt7gnu7Hk+irvISN1Gq0tm4Y1jJx3tXOt2JQt5PMMne7BTmJ+F8Bxnize8fkQKBkzAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUPdNQpdagre7zSmAKZdMh1Pj41g8wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBAJ220JCG4YYC7cWg8DQcdMGNdsyGCqjwSopC1j\/IqU2tfAit5rZQuKIaTYgHsSkh3Ofaxjwh4OMRSXCseh0BpMoROlerfVcqQHT90x2FGFDfV0d1oX1VIC5HN1ByjH+CG9Jijy0DWtrDyKHOLFKiAGPrc7pxyEknI5dkhZ44Dq1jaDy6UoFYeaMsDN\/ebesx8rqgfGzxLNThvXeENwPOMrXImoEaSpJOO0aahf6DovmejKPMDV6zPc8EeI8UFHsynMcAplzEtaFVjVpWaKQicKo8gXHZnahFO\/Tl9qJR3cd7YuhvDHTruNr4v4cNeVCRkJsYO5FZJ\/E1KBOrJn7V93o="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491797221,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491797221,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz69AADUGHMYj6lXawKgaFgG7yu2QLAUB3sfhBFAQAH5vcAAAFgMDAEQCAABAAwOxF7gbpj70K78wMBPdC8r2W9WGuIgW2nJET1dOR1JEAQDALwAAGAAjAAD\/AQABAAAQAAUAAwJoMgALAAIBABYDAw6SCwAOjgAOiwAHqzCCB6cwggaPoAMCAQICEEABhPNLr6Y00jNU7h7YPQkwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEuMCwGA1UECxMlSHlkcmFudElEIFRydXN0ZWQgQ2VydGlmaWNhdGUgU2VydmljZTEfMB0GA1UEAxMWSHlkcmFudElEIFNlcnZlciBDQSBPMTAeFw0yMjEyMDgxOTUyMTRaFw0yNDAxMDcxOTUxMTRaMGoxFzAVBgNVBAMTDmVtYmVkLnJncHViLmlvMRcwFQYDVQQKEw5SaW90IEdhbWVzIEluYzEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynLnAfQTxBcv07rWjI+H6zBqVi8jSj6x+A5p4Oq3vvYKMNsvo6sUgOeXFrMfQJIG9Xs7gqO8hSBOoXahKctRlhl+7gVv7Z98jUaB6+G0ntryoU+AcSB0oeYTwCYxEcEcFz4NaiZQpPnEQHlIMWzhv6vmq5Yr7A73co7N\/Tx1Xm\/\/F89sBLkLVAAnNp0A41JDBZNlQ0FgNZ9bfIFKgBIoqFS86xIvDH\/cCgfcYGOLmnJ451BIX6mv0\/UzE9hmuR2kZRaj8VL9FWFfDbkgrStkFx7iF0oJe41BDa2fIR+H5M2w3pI1KREu4YcumW6Qf15XsohNPoF4XkpRDUVFR3lC5wIDAQABo4IEPzCCBDswDgYDVR0PAQH\/BAQDAgWgMIGFBggrBgEFBQcBAQR5MHcwMAYIKwYBBQUHMAGGJGh0dHA6Ly9jb21tZXJjaWFsLm9jc3AuaWRlbnRydXN0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9jZXJ0cy9oeWRyYW50aWRjYU8xLnA3YzAfBgNVHSMEGDAWgBSJuJu2nu37sMa9DexnTjyjkp0t+TCCASYGA1UdIASCAR0wggEZMAwGCmCGSAGG+S8ABgMwggEHBgZngQwBAgIwgfwwQAYIKwYBBQUHAgEWNGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8wgbcGCCsGAQUFBwICMIGqDIGnVGhpcyBUcnVzdElEIFNlcnZlciBDZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIElkZW5UcnVzdCdzIFRydXN0SUQgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9jcmwvaHlkcmFudGlkYw=="} -01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491797221,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491797221,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1679740491798367,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491798367,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz7BAADUGHMUj6lXawKgaFgG7yu2QLAnZ3sfhBFAYAH4+KQAAYW8xLmNybDBNBgNVHREERjBEgg5lbWJlZC5yZ3B1Yi5pb4IOc2l0ZXMucmdwdWIuaW+CECouZW1iZWQucmdwdWIuaW+CECouc2l0ZXMucmdwdWIuaW8wHQYDVR0OBBYEFNi\/Zo25RrqdYAn7F3LOdzuAH985MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp\/mZ0xaOnQAAAGE80uzXQAABAMASDBGAiEA\/KWALWJaBKfJfTs2hCTl69GRywkBUiWWO9poPmeOEz4CIQDbPrGG\/X6EUzdWXtZU25gwm6nScqYFBO9aCY0DWX6pHQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABhPNLsLUAAAQDAEcwRQIhAKyYfeMd42iteKuKlyYsiyFPhscnScBDBDTC+uxP+oQtAiBdK\/uE3\/bWDEK41+xRTXMFj+tKH63iUt9eQaSFKgW1gwB2AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABhPNLsOwAAAQDAEcwRQIgJcx4gLT+qs6j0\/JU2XppE4e0W\/pyFMXqlbdfJ0KTs8UCIQCh3Es1iAdT4eeouWKmfINjzzbJUgZ8Xxt45by1OtqOszANBgkqhkiG9w0BAQsFAAOCAQEApt6YyF0RDD3LCk4lXrYvjGjcrofeF0QRAH4oinPJ4NmjpUGeAMRapGJtNFYjF9J5dpzFky85cljVbDXsmZpyxnNARuqhsGvBSBiq2uwVg8vO3b8nOsG3j\/e445bikJGwmFM83Wmsxw33I03GmTxmmYPWb7DtVfty6SOcEKtw14hyqZ4ps7U1z03J4Ps9oJqrbyyvatoqx7Y97Cz6zPZrrB8nAUPZVpxqA85Kv7iXGQDztrQT0kpqcRFSnXP1QtQV+OaNWzRa1Mup9ldQfxvpcgGoeKiT7rG2S5aYKJ1d7CR2hegWi9NlhfELASIllZcu9doynliwJ9tWQyIKVcwsIAAG2jCCBtYwggS+oAMCAQICEEABbvsKIFz66+GPcdc6u3gwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEnMCUGA1UEAxMeSWRlblRydXN0IENvbW1lcmNpYWwgUm9vdCBDQSAxMB4XDTE5MTIxMjE2NTYxNVoXDTI5MTIxMjE2NTYxNVowcjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEuMCwGA1UECxMlSHlkcmFudElEIFRydXN0ZWQgQ2VydGlmaWNhdGUgU2VydmljZTEfMB0GA1UEAxMWSHlkcmFudElEIFNlcnZlciBDQSBPMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOobmWw1VjBo+12xWUFpfroYdEiHloTvK5e\/TFePu2Uo9i8aLOXvM2tB9SVVc0zT2rqdhqON\/Auc3mqmhrclLIVfA9McFIlsmprKU2qOz447gofNfrafc++q6dYq4zTIeaP83idIdymoOc0BvbHyOye4oS50xWwK4zWSEQ=="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491798367,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491798367,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491798367,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491798367,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz7FAADUGHMQj6lXawKgaFgG7yu2QLA6x3sfhBFAQAH6dXQAAaZnszOnuGa18jh\/9epnGmEYL5BV119LNVo5luWshvG\/kifk9mHjtkA8LzVdsOkvCrmHBpzpDo4qyPk2lDypq04IU48JUqhFrG4kvlPz+VO7sse0uxYXj81FdNb2qoJnvAjqV+Zj4Nii8PIcuNGqghDjzrs2PW\/gEhkaWDikhhSY7DjOLiQIDAQABo4ICjjCCAoowEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwgYkGCCsGAQUFBwEBBH0wezAwBggrBgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2NvbW1lcmNpYWxyb290Y2ExLnA3YzAfBgNVHSMEGDAWgBTtRBnA0\/AGi+6ke75C5yZUyI42djCCASsGA1UdIASCASIwggEeMIIBGgYEVR0gADCCARAwSgYIKwYBBQUHAgEWPmh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMIHBBggrBgEFBQcCAjCBtAyBsVRoaXMgVHJ1c3RJRCBTZXJ2ZXIgQ2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9jb21tZXJjaWFscm9vdGNhMS5jcmwwHQYDVR0OBBYEFIm4m7ae7fuwxr0N7GdOPKOSnS35MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAdMrY9RYwNyVgzeOqqcbdIxy5gHRQFbh3RTuIi0fsnbEh3v7BN+I3zmXJq71gyLOzG9wvqCulXtLQNAZnrlSacXichYDV5zdcnbBrFH\/CXt47oW4L+9yD5LPMKaSU5DP9DEu88ws+QAjzL6\/q+hP+CLQh0\/vr62HoEGS1+NyLfnJIN0RVcVDxBAwVqNF8MU5An98ZmHj4XaSPA6s2s+3794ULe6r2TzVXiLtun0JJ0kBZL3Mx0plhONvhq7jCsa6bYCF71DNs7VhrNUh+BZNdQvLqAdfQJtFY5EiWpExhiPC\/ZdtVYN5RfrOMCWgBbjnl5e2n5WYa7LM4HR+z7U+6JCBqaRjlbaNNLed\/qg+OMdpBJe16qJJT9E5Uzdc4PsUbL2a+9IUbuxx8nmrbQswe8p4yvcy9RLje07a4Y09otZ\/Aai3Gijup67jTCez1hd7VYIAuznqPos6SLponh2vVcHu9vQoT18OCL9janJ2Ilh3lJHUxv1kHD9IxZNpn0j\/QPzGFv2EzUXZVAECEQLS80qWh6zCXhXl6dVAeM84sSysIiY4Kv8oaXA=="} 01073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAG6z7JAADUGIAkj6lXawKgaFgG7yu2QLBOJ3sfhBFAYAH4d+AAAQXkC3KDQtxS4HojCCDcr9BRjdC6yeOsNyAZHKhafRm3neZ4wKLcLSGhD4WtDfMXj\/vC3EqcYYEfmEoFTbczZesoRkvlGYZmJ2lY\/pkFu8SzYypIPvNwW9hYDAwEsDAABKAMAHSC0MXhZC1eR2qDSDBY8B01l+mdFSJcUUl10IHfhF\/8kEAgEAQAQUdC8\/U4nys3JUQGs8TxvFSJbStpIbrbU939RaECvS5n4IOPPX8nXRI2EMqABJ0IvFCQCxap8M31MXwU+ZJcb\/1IT9BJWzj1\/lQ5QWXimUiht6Gz8LdTtX4wAZ6M+YO3i+BWuK\/wTi7nhnL51Nxe8wCQWUPSDZ5VF0L5CiEmhjQ0AX\/4WG73GQQiE6MxIIMYVG7QvLpEsbtZo7DxUCLHKxpyaoG0A+2IZBv3huGFCw\/2bzTlQN3xJ7H82KHHVTiHI9+OC\/xlUCBLzaufql4+bUEJXgTP9rJIztltFGS3VRf7ioZwc+TNQHLqT9s8yvEK5qapHXkXGRLkY+O\/ULLmeFgMDAAQOAAAA"} -01637{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"TLSv1.2","server_names":"embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io","notafter":"2024-01-07 19:51:14","ja3":"","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1","subjectDN":"CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US","negotiated_alpn":"h2","fingerprint":"CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44","blocks":0}}} -01157{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"TLSv1.2","server_names":"embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1","subjectDN":"CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US","negotiated_alpn":"h2","fingerprint":"CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44","blocks":0}}} +01157{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1679740491800062} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1679740491800062} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931666 bytes -~~ total memory freed........: 6931666 bytes -~~ total allocations/frees...: 114171/114171 +~~ total memory allocated....: 7509262 bytes +~~ total memory freed........: 7509262 bytes +~~ total allocations/frees...: 125902/125902 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 616 chars ~~ json message max len.......: 2417 chars diff --git a/test/results/default/riotgames.pcap.out b/test/results/default/riotgames.pcap.out index 43a1770e1..5fc813265 100644 --- a/test/results/default/riotgames.pcap.out +++ b/test/results/default/riotgames.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644446178115000} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1644446178115000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446178115000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOUAAH8RfLDAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,49 +7,49 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1644446180176000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446180176000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOcAAH8RfK7AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644446181179000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446181179000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOgAAH8RfK3AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644446182183000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446182183000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOkAAH8RfKzAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648063928092000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648063928092000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1648063928092000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkz4FAAD8R+pTAqAJk1bPY8r2Ow1QAECUCEzfK\/goAAAA="} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1648063928151000,"pkt":"YDjgxTWgeJS0JASgCABFAAAk5k1AADcR68jVs9jywKgCZMNUvY4AECUCEzfK\/goAAAAAAAAAAAAAAAAA"} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446183618000,"flow_dst_last_pkt_time":1644446183613000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":177,"midstream":0,"thread_ts_usec":1648063928151000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1654781451507000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1654781451507000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451507000,"pkt":"eJS0JASgYDjgxTWgCABFAABAaVkAAH8RJE3AqAJkovlIAfWGH\/UALPN\/c3T2DHIyQgSrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451526000,"pkt":"YDjgxTWgeJS0JASgCABFAABAcP9AADgRI6ei+UgBwKgCZB\/19YYALF0BcjJCBAAAAACrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1654781451526000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1654783623503000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1654783623503000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623503000,"pkt":"eJS0JASgYDjgxTWgCABFAABAtqAAAH8RVRrAqAJkK+VBAdPXHz4ALLwuE5sFlpUyRyCrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623769000,"pkt":"YDjgxTWgeJS0JASgCABFAABA3N9AADARPdsr5UEBwKgCZB8+09cALNVflTJHIAAAAACrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654783623769000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1654785423332000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1654785423332000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423332000,"pkt":"eJS0JASgYDjgxTWgCABFAABA04EAAH8RuiTAqAJkovlIAeL6H\/UALG1KXY5aogEy\/RarWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423380000,"pkt":"YDjgxTWgeJS0JASgCABFAABASwdAADYRS5+i+UgBwKgCZB\/14voALCV7ATL9FgAAAACrWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654785423380000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1654790643639000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1654790643639000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643639000,"pkt":"eJS0JASgYDjgxTWgCABFAABAp6MAAH8R5gLAqAJkovlIAcNUH\/UALPlTK70DER4y\/RWrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643680000,"pkt":"YDjgxTWgeJS0JASgCABFAABAVJVAADURQxGi+UgBwKgCZB\/1w1QALCgiHjL9FQAAAACrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654790643680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1655323563669000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1655323563669000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563669000,"pkt":"eJS0JASgYDjgxTWgCABFAABAIVQAAH8R6mbAqAJkK+VBAfY+Hz4ALJnHE5sFlpUyRyCrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563941000,"pkt":"YDjgxTWgeJS0JASgCABFAABAW6NAAC8RwBcr5UEBwKgCZB8+9j4ALLL4lTJHIAAAAACrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655323563941000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655757069043000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1655757069043000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1655757069043000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkrucAAH8RlrbAqAJkQhbxCO6rw1QAEGNsEzfK\/hYAAAA="} 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1655757069107000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkQStAADYRDXNCFvEIwKgCZMNU7qsAEGNsEzfK\/hYAAAAAAAAAAAAAAAAA"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655757069107000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657052125163000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1657052125163000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1657052125163000,"pkt":"eJS0JASgYDjgxTWgCABFAABRqHYAAH8R5R7AqAJkovlIAcCSHBoAPQSXzcb7QPwy+QMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -59,7 +59,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657052126476000,"flow_dst_last_pkt_time":1657052126497000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1657052126497000,"pkt":"YDjgxTWgeJS0JASgCABFAAA9pxNAAPYRL5Wi+UgBwKgCZBwawJIAKbEE\/DL5AwUAAAAAAID\/PQwqd\/zywtfCXzxlgMLEt38OVBEK"} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052126580000,"flow_dst_last_pkt_time":1657052127590000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657052127590000} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":62,"global_ts_usec":1657052127590000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -68,9 +68,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927929 bytes -~~ total memory freed........: 6927929 bytes -~~ total allocations/frees...: 114269/114269 +~~ total memory allocated....: 7505525 bytes +~~ total memory freed........: 7505525 bytes +~~ total allocations/frees...: 126000/126000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/ripe_atlas.pcap.out b/test/results/default/ripe_atlas.pcap.out index 3ba4c1c87..c21c1b377 100644 --- a/test/results/default/ripe_atlas.pcap.out +++ b/test/results/default/ripe_atlas.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685618151731153} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685618151731153} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618151731153,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618151731153,"l3_proto":"ip4","src_ip":"207.246.88.254","dst_ip":"96.78.208.202","src_port":56857,"dst_port":29195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685618151731153,"pkt":"AIT+\/Ph8PJTVQTiBCABFAAA11DEAAPIRmnjP9lj+YE7Qyt4ZcgsAIS\/qTUdMTkREXzExLjExMS4xMS4xMTFfMTExNA=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618151731153,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618151731153,"l3_proto":"ip4","src_ip":"207.246.88.254","dst_ip":"96.78.208.202","src_port":56857,"dst_port":29195,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,12 +7,12 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685618337121693,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPIRw3AXOZ08mPbjqY0pEmgAIQp2TUdMTkREXzExLjExMS4xMS4xMTFfMTExMw=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618337121693,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618151731153,"flow_src_last_pkt_time":1685618151731153,"flow_dst_last_pkt_time":1685618151731153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618337121693,"l3_proto":"ip4","src_ip":"207.246.88.254","dst_ip":"96.78.208.202","src_port":56857,"dst_port":29195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1685618794391712} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1685618794391712} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618794391712,"flow_src_last_pkt_time":1685618794391712,"flow_dst_last_pkt_time":1685618794391712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"168.139.124.224","dst_ip":"19.132.223.32","src_port":11476,"dst_port":36467,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685618794391712,"flow_dst_last_pkt_time":1685618794391712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685618794391712,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPIR3HWoi3zgE4TfICzUjnMAIQjFTUdMTkREXzExLjExMS4xMS4xMTFfMTExMg=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618794391712,"flow_src_last_pkt_time":1685618794391712,"flow_dst_last_pkt_time":1685618794391712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"168.139.124.224","dst_ip":"19.132.223.32","src_port":11476,"dst_port":36467,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685618337121693,"flow_src_last_pkt_time":1685618337121693,"flow_dst_last_pkt_time":1685618337121693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685618794391712,"l3_proto":"ip4","src_ip":"23.57.157.60","dst_ip":"152.246.227.169","src_port":36137,"dst_port":4712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685622915920658} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685622915920658} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685622915920658,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685622915920658,"l3_proto":"ip4","src_ip":"9.160.203.32","dst_ip":"68.90.0.255","src_port":41059,"dst_port":38409,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685622915920658,"pkt":"3gwp30Y4PJTVQTiBCABFAAA11DEAAPIR2mwJoMsgRFoA\/6BjlgkAIYqWTUdMTkREXzExLjExMS4xMS4xMTFfMTExMw=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685622915920658,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685622915920658,"l3_proto":"ip4","src_ip":"9.160.203.32","dst_ip":"68.90.0.255","src_port":41059,"dst_port":38409,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -21,18 +21,18 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685623440012672,"flow_dst_last_pkt_time":1685623440012672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685623440012672,"pkt":"bgwp30Y4PJTVQTiBCABFAAA11DEAAPIRrKL6r80Sf\/sAJlDraAEAIdZMTUdMTkREXzExLjExMS4xMS4xMTFfMTExNw=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685623440012672,"flow_src_last_pkt_time":1685623440012672,"flow_dst_last_pkt_time":1685623440012672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685623440012672,"l3_proto":"ip4","src_ip":"250.175.205.18","dst_ip":"127.251.0.38","src_port":20715,"dst_port":26625,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685622915920658,"flow_src_last_pkt_time":1685622915920658,"flow_dst_last_pkt_time":1685622915920658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685623440012672,"l3_proto":"ip4","src_ip":"9.160.203.32","dst_ip":"68.90.0.255","src_port":41059,"dst_port":38409,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1685625149426545} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1685625149426545} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685625149426545,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685625149426545,"l3_proto":"ip4","src_ip":"147.63.105.185","dst_ip":"128.53.92.31","src_port":48224,"dst_port":2164,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685625149426545,"pkt":"ADHC4dyOPJTVQTiBCABFAAA11DEAAPIRGzmTP2m5gDVcH7xgCHQAIT77TUdMTkREXzExLjExMS4xMS4xMTFfMTExMQ=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685625149426545,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685625149426545,"l3_proto":"ip4","src_ip":"147.63.105.185","dst_ip":"128.53.92.31","src_port":48224,"dst_port":2164,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685623440012672,"flow_src_last_pkt_time":1685623440012672,"flow_dst_last_pkt_time":1685623440012672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685625149426545,"l3_proto":"ip4","src_ip":"250.175.205.18","dst_ip":"127.251.0.38","src_port":20715,"dst_port":26625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685626243085697} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685626243085697} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685626243085697,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"252.216.99.208","dst_ip":"255.103.25.63","src_port":15422,"dst_port":5081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685626243085697,"pkt":"AM1PogZtPJTVQTiBCABFAAA11DEAAPIRezb82GPQ\/2cZPzw+E9kAIRO2TUdMTkREXzExLjExMS4xMS4xMTFfMTExMQ=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685626243085697,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"252.216.99.208","dst_ip":"255.103.25.63","src_port":15422,"dst_port":5081,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685626243085697,"flow_src_last_pkt_time":1685626243085697,"flow_dst_last_pkt_time":1685626243085697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"252.216.99.208","dst_ip":"255.103.25.63","src_port":15422,"dst_port":5081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685625149426545,"flow_src_last_pkt_time":1685625149426545,"flow_dst_last_pkt_time":1685625149426545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685626243085697,"l3_proto":"ip4","src_ip":"147.63.105.185","dst_ip":"128.53.92.31","src_port":48224,"dst_port":2164,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RipeAtlas","proto_id":"417","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1685626243085697} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ripe_atlas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1685626243085697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6922040 bytes -~~ total memory freed........: 6922040 bytes -~~ total allocations/frees...: 114208/114208 +~~ total memory allocated....: 7499636 bytes +~~ total memory freed........: 7499636 bytes +~~ total allocations/frees...: 125939/125939 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 982 chars diff --git a/test/results/default/rmcp.pcap.out b/test/results/default/rmcp.pcap.out index 52e3c0b12..3a7f8fed1 100644 --- a/test/results/default/rmcp.pcap.out +++ b/test/results/default/rmcp.pcap.out @@ -1,9 +1,9 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685886497916092} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685886497916092} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685886497916092,"pkt":"xpffLU2SPJTVQTiBCABFAAAzHmlAACIRH0x71Bnlqy+tF8F7Am8AH+\/XBgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685905522978060} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685905522978060} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978060,"pkt":"xgwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrQ25ZqYDlVPrOohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} @@ -11,7 +11,7 @@ 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978073,"pkt":"AAwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrSJjT0SUoQEsuohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1685929216370306} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1685929216370306} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929216370306,"pkt":"AAwp30Y4PJTVQTiBCABFAAAz1DEAAPQRz8SB3pkevtuOlOLRAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} @@ -26,7 +26,7 @@ 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929316901739,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"127.36.88.103","dst_ip":"164.114.97.252","src_port":34698,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685929316901739} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1685929316901739} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919687 bytes -~~ total memory freed........: 6919687 bytes -~~ total allocations/frees...: 114198/114198 +~~ total memory allocated....: 7497283 bytes +~~ total memory freed........: 7497283 bytes +~~ total allocations/frees...: 125929/125929 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 964 chars diff --git a/test/results/default/roblox.pcapng.out b/test/results/default/roblox.pcapng.out index a529505d2..16e986cd0 100644 --- a/test/results/default/roblox.pcapng.out +++ b/test/results/default/roblox.pcapng.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686316283692571,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARjlvAqAycgHRZcafV+XYFVItnewD\/\/wD+\/v7+\/f39\/RI0VngFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -12,11 +12,11 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1686316283901532,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1686316283929999,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADUGff+AdHoEwKgMnAG7mHqQakPr+bxyyKASi9BrpgAAAgQFeAQCCApBME\/b1ZNHQwEDAww="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1686316284095650,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1686316284095650,"pkt":"CL6sCxduJjb1W8R1CABFAAA0W25AAEAGF5nAqAycgHR6BJh6Abv5vHLIkGpD7IAQAKwkngAAAQEICtWTSAVBME\/b"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1686316284117183,"pkt":"CL6sCxduJjb1W8R1CABFAAI5W29AAEAGFZPAqAycgHR6BJh6Abv5vHLIkGpD7IAYAKwjXQAAAQEICtWTSBtBME\/bFgMBAgABAAH8AwOVPM2Zk\/f0h6JkqYyQC+LevaI4i2aXEDSq4N+531mozCCEEkqPT4hvfG5BhIptV74wk3A2PYO6qS2cp+AMu2mVSAA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAF1AAAAGQAXAAAUYXNzZXRnYW1lLnJvYmxveC5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgzdAAAABAACwAJCGh0dHAvMS4xABYAAAAXAAAAMQAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAUEAwQDAwAtAAIBAQAzACYAJAAdACBCB0qmS1yZNyxufy0GRILWwNzGjT67ZA4XDafP7wV4AgAVALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316284117183,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","domainame":"assetgame.roblox.com","tls": {"version":"TLSv1.2","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316284117183,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","domainame":"assetgame.roblox.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1686316284145726,"pkt":"Jjb1W8R1CL6sCxduCABFAAXcEjxAADUGZiOAdHoEwKgMnAG7mHqQakPs+bx0zYAQAAnwhAAAAQEICkEwULPVk0gbFgMDAHoCAAB2AwP4BXPwGT00VIKjwhz\/iAjBX5hcQlAkH8qUL2GYRZ2JDyCEEkqPT4hvfG5BhIptV74wk3A2PYO6qS2cp+AMu2mVSBMBAAAuACsAAgMEADMAJAAdACDv+sSz2sc9nAJ2xwbZNggYo\/XMPVfMs1rZ+FhiOG7sbhQDAwABARcDAwAqj+ObT3wmRQmspaK+qrIa0FIN2nKpicKwZLltd1NMgyZxPs+Q5NFbKMq1FwMDFt7NiDihBiTew2A1WYHeDFdb5XjnvadO4mz9ZVoyi1Ud7AuqmJ+YhFC\/tSnrhA\/L9YMIX2NDYlSfhkKS61LUR3CsO5LWxV6DUNKqWrFqcTDF8xzIxNty2lMXpegl17yEWyWtR4qECJaNI0mFsBGmeiHmJCTnM1GmMWo91RdX4cVtapki45ZCFFhYF7chaucSShcOZFWE63CfZodB8A40WMSp9k7zkyemrxe5n0d6xWkWN8TPelzxLckRFGlo8kHq+PtReTKHOKWX5Zy\/6g4PcgoBi\/6rBmWM45HnQ+\/LknwOl9OivcqylNqUEfZO6tK2muefZQVPfbuuj+VXsN60KrKQRolxaOXUyCjHdGsiOv21Hn31cZeqEh5fNBDNGGOGaHas494sghqnDFo4qeI3vRmyL5KQVb3s9rt+Ci8FuYv10vMhHS1aLhUHGod3kY8qnWue1aHYZnxHYkk5YwGoz\/bf4MMd5ArSh27vxxzyYrYCFzNRDox47Dy1phgxx4k5IiPGwqGraYagHEj4rzEJuaJSgbhvXVx8ur8RBTFWlbn9V9o7zCyhFyjpdF8Vr1GNh\/5cfLE84m6h1kHKyQxl1YRe+0iZ6LpbSYEG3alX+6vxuOKfc8y9tVeg4A0MXdj3bf5SY8tForlzUVmEyfWkEvXuIG5TbGI3BbQTi\/x9B63QNDd8HujYxb4IKgGUYPxObk8szG+W3pZljxqX7uKnvHk7gF6WS1N+\/SdVK8FeBQZRRtnUXBSYfMNUQVr4PZnIRzwdZpS9BpXNqLj+w7eQcFCVWDU00\/cMybr2LM0khbNMHA0G9NB3RsWxJz2d8kJcY3XuEG3eiJnPzBo0AxV8u8rXuzBF56HtPyrdp6CsITbT2CK9OdxNnHlB6yXkXulNvClvweEwpJtm\/IxMsqEEOYhNsr4whK3WPvN7X6bOC\/dQfyaxmfyYAWB3dFl\/JGabl8sJoB6fxJaBAAcKLtRAXYmLBv6ZmmZj5WyC7bzZwBnoCmJmyMK1sMXQv1Pk5WMVJEPtEvxX0nxspeMnd+A+UZPGnb9Rmh6bp43bceptOmDswoXcUs2K31dd8Ly4f63mJHzOOcNTe6BlkHJf12AyJ2ke3vR2afu1m5ra3u79zEP\/SK5u5S0TNxJWBMK9F+WNbvSgx9WgrGqGuUWHiLuX9ckai13\/ulSH0DmgGDWc+V+Z6DLKD0HiOd+WQNkMLFV1jVvCZf3HDSS0yv\/SQ54Y9YBBBTdI+Y5i+Pv\/kQo5sBDRkyHDG33HajhsGNrGOZCybwHs5a1kpsDabpgf0VU8GZJBD5Hgd+lIZxqt1YblX3jwEpkKjCar+TbJ6HyKIVWdhHeOEhwwLFfki93bsT0beK8KJMz63nEv0YIOtQHWsiAuAwpzSnHJtznf2Z0+uCEPwMJgLEO5V7OAd5wxrDhI8ONbOPL3DL3HH6ggibiIQLcFi6HiI29Y+9b6G6RmmPAlyA4rw6PIK9cU9BFkJujokIKPu2o0\/4jJkMpL316i4xHdbWh4\/7\/2JB\/A9H9JyIhKoSZPq0IKNmOZejI9rUJowqzW+B9m3zB1DZjf8MdO6LjPPDYFYzeu1pKFrZH0c0aWZ8cwagPf5nE6xiuAQ8ZdqDMiYsu\/R992FEud16tqrGdqp0G6kY2eJinf4uLYYyuxMS4THTGHQDSMdrIGDdz+Ri0="} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1686316284145726,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","domainame":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1686316284145726,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","domainame":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":746596.0,"max":10785585,"stddev":2538101.5,"var":6441959161856.0,"ent":1.7,"data": [28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593]},"pktlen": {"min":40,"avg":357.7,"max":1500,"stddev":487.7,"var":237869.3,"ent":3.9,"data": [60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1],"entropies": [4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1686326648493170} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1686326648493170} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686326648493170,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbJ90IkFVNfxAQAAHwERAaMCLkuAjaPJ6FqVJdO4\/a0CBgoJAJDQiXsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -26,7 +26,7 @@ 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1686326648735662,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686326648735662,"pkt":"CL6sCxduJjb1W8R1CABFAABfhZcAAEARex3AqAycgHQsIbJ90IkAS7YiAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiQPawcSA\/bOuR7gJ5LgpDk+soFdu7AZnfJ12rVYjGKUI3M\/gLA=="} 01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316296142505,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283794515,"flow_dst_last_pkt_time":1686316283806465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":2977,"flow_dst_tot_l4_payload_len":498,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1686333469750635} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1686333469750635} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686333469750635,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbWryO4FVEvhAQAAHwERAYlJ+hMYU2DqGCGy2n4VfpgCBgoJBgPI7nsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -36,7 +36,7 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1686333470028956,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686333470028956,"pkt":"CL6sCxduJjb1W8R1CABFAABfb+QAAEARkNDAqAycgHQsIbWryO4AS++iAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7ncnCfOsPT8PcVse23VWPpNtYldufworZLI4u9rBGniKI+a64A=="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":1,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333470172917,"flow_dst_last_pkt_time":1686333470150567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6225,"flow_dst_tot_l4_payload_len":1332,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":2,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648875787,"flow_dst_last_pkt_time":1686326648846178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6363,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1686333470172917} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":78,"packets-processed":78,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1686333470172917} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 78/78 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6974949 bytes -~~ total memory freed........: 6974949 bytes -~~ total allocations/frees...: 114262/114262 +~~ total memory allocated....: 7552545 bytes +~~ total memory freed........: 7552545 bytes +~~ total allocations/frees...: 125993/125993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2509 chars diff --git a/test/results/default/roughtime.pcap.out b/test/results/default/roughtime.pcap.out index b3d8d8dea..f127ec825 100644 --- a/test/results/default/roughtime.pcap.out +++ b/test/results/default/roughtime.pcap.out @@ -1,12 +1,12 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688459063439932} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688459063439932} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459063439932,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459063439932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"64.233.164.158","src_port":36225,"dst_port":2002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"thread_ts_usec":1688459063439932,"pkt":"eJS0JASgYDjgxTWgCABFAAQc8whAAD8RnDTAqAJkQOmkno2BB9IECLEkAgAAAEAAAABOT05DUEFE\/0Wcq29INM2pt7PJg+O1BI4WJW5l7JY+YL+Mo2mtPLST1ZCeaNj4vUmemQfE0Nou3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459063439932,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459063439932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"64.233.164.158","src_port":36225,"dst_port":2002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459068453261,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459068453261,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"35.192.98.51","src_port":39393,"dst_port":2002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"thread_ts_usec":1688459068453261,"pkt":"eJS0JASgYDjgxTWgCABFAAQcyDpAAD8RJpfAqAJkI8BiM5nhB9IECARZAgAAAEAAAABOT05DUEFE\/0Wcq29INM2pt7PJg+O1BI4WJW5l7JY+YL+Mo2mtPLST1ZCeaNj4vUmemQfE0Nou3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459068453261,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459068453261,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"35.192.98.51","src_port":39393,"dst_port":2002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1688459897600597} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1688459897600597} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459897600597,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_usec":1688459897600597,"pkt":"YDjgxTWgeJS0JASgCABFAAGElUFAADsRe3qin8gBwKgCZAfSv30BcDv4BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWF72woTE4E5m4pnuoj1g82Q3it+Rx1lIQrBa+8w7HA20l6CzRcDEXkryqN2wT\/P+b3mIy6HIl\/aMzUOaDSVLEQsDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AwNhpNKX\/BQB7jicHExuCXvBNcLG4RqixZQOag9vqNLYumLuF3317E6Q8mr4tG+MrZI87Z9D66Ly9BFCOUmG8HUC4CmDEBDMsAgAAAEAAAABTSUcAREVMRc341JCd\/F7MyqhvbaGn9fBbN3l6OufgeMTVuHUjpgnyQAAyTDjLnT2vaGE5ZvT5lzQ\/oq3rcNcoCDZlulpBsQADAAAAIAAAACgAAABQVUJLTUlOVE1BWFRCqhilXUVGMeeZqqSgs6sgq6EAXuQ\/ffyzcVoUrgDAppCLOyef\/wUAkOsSRbP\/BQAAAAAA"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459897600597,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -17,7 +17,7 @@ 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688460392257946,"flow_src_last_pkt_time":1688460392257946,"flow_dst_last_pkt_time":1688460392257946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"35.192.98.51","dst_ip":"192.168.2.100","src_port":2002,"dst_port":57626,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688460392257946,"flow_src_last_pkt_time":1688460392257946,"flow_dst_last_pkt_time":1688460392257946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"35.192.98.51","dst_ip":"192.168.2.100","src_port":2002,"dst_port":57626,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1688460392257946} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1688460392257946} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914869 bytes -~~ total memory freed........: 6914869 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7492465 bytes +~~ total memory freed........: 7492465 bytes +~~ total allocations/frees...: 125905/125905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 1889 chars diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out index e1bea322c..c22113c99 100644 --- a/test/results/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/default/rsh-syslog-false-positive.pcap.out @@ -1,5 +1,5 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464076252936094} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1464076252936094} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":292,"pkt_l4_len":272,"thread_ts_usec":1464076252936094,"pkt":"RQABJL4eQAA8Bq0urB9OgawdK8kjTwICdUbR1TedTUKAGABzPQsAAAEBCAoozL9YkELf7TwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NTErMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCg=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -12,7 +12,7 @@ 00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101} 01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1400,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907845 bytes -~~ total memory freed........: 6907845 bytes -~~ total allocations/frees...: 114145/114145 +~~ total memory allocated....: 7485441 bytes +~~ total memory freed........: 7485441 bytes +~~ total allocations/frees...: 125876/125876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 366 chars ~~ json message max len.......: 1663 chars diff --git a/test/results/default/rsh.pcap.out b/test/results/default/rsh.pcap.out index b4091ea18..1191ba663 100644 --- a/test/results/default/rsh.pcap.out +++ b/test/results/default/rsh.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654277359673876} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1654277359673876} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277359673876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8BJ9AAEAGOBt\/AAABfwAAAQP\/AgJQUgi+AAAAAKAC\/9f+MAAAAgT\/1wQCCAp\/2NwKAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673899,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQICA\/+d65A3UFIIv6AS\/8v+MAAAAgT\/1wQCCAp\/2NwKf9jcCgEDAwc="} @@ -16,7 +16,7 @@ 01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277362309472,"flow_dst_last_pkt_time":1654277362292703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277362309472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","rsh": {"client_username":"lns","server_username":"someuser","command":"some random command"}}} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277363725020,"flow_dst_last_pkt_time":1654277363725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277360987203,"flow_dst_last_pkt_time":1654277360987169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1654277363725020} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1654277363725020} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914919 bytes -~~ total memory freed........: 6914919 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7492515 bytes +~~ total memory freed........: 7492515 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1243 chars diff --git a/test/results/default/rsync.pcap.out b/test/results/default/rsync.pcap.out index 10fbe36a4..a9eb45e27 100644 --- a/test/results/default/rsync.pcap.out +++ b/test/results/default/rsync.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387144174826849} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1387144174826849} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174826849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826849,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="} @@ -8,7 +8,7 @@ 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174827057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174827090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387144174827090,"pkt":"AAAAAAAAAAAAAAAACABFAAA0Z4JAAEAG1T9\/AAABfwAAAQNp1NlRGhcXs11wxIAQACv+KAAAAQEICgA8cJUAPHCV"} 00966{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174967121,"flow_dst_last_pkt_time":1387144174967173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":346,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":411,"midstream":0,"thread_ts_usec":1387144174967173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387144174967173} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1387144174967173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908507 bytes -~~ total memory freed........: 6908507 bytes -~~ total allocations/frees...: 114168/114168 +~~ total memory allocated....: 7486103 bytes +~~ total memory freed........: 7486103 bytes +~~ total allocations/frees...: 125899/125899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 971 chars diff --git a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index 625b32b02..2ca418ea4 100644 --- a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -1,5 +1,5 @@ -00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} +00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626544321377,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIxyZUAAQBEqXdkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXBNYU34AAB9AAAAAMgAAH0AAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544329483,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_usec":1502626544329483,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAHhMIEAAQBFQttkM92LZDPQie3FlawBknhSByQAHAZMttAAAAAABAAABAAC+wgAAAAEAAAAAAAAAAIHKAA4Bky20AQcxOTMyZGI0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAAAA=="} @@ -8,7 +8,7 @@ 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626548341364,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626548349503,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626552361361,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIyDdEAAQBEZTtkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXhXnSv1AAF4QAAAAloAAXhAAZMttAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626552361361,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} +00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907758 bytes -~~ total memory freed........: 6907758 bytes -~~ total allocations/frees...: 114142/114142 +~~ total memory allocated....: 7485354 bytes +~~ total memory freed........: 7485354 bytes +~~ total allocations/frees...: 125873/125873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 649 chars ~~ json message max len.......: 1009 chars diff --git a/test/results/default/rtmp.pcap.out b/test/results/default/rtmp.pcap.out index 9b2c5bd5a..ac2e0dc0a 100644 --- a/test/results/default/rtmp.pcap.out +++ b/test/results/default/rtmp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1196541506793783} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1196541506793783} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1196541506793783,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506793783,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506794048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506794048,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="} @@ -7,7 +7,7 @@ 02519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1196541506797289,"flow_dst_last_pkt_time":1196541506794048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1196541506797289,"pkt":"AAwpfMZqAFBWwAAICABFAAXcAzVAAIAGGhXAqCsBwKgrgASZB49J0s7QJXEllVAQ\/\/8QugAAAwAHqlcAAAAAxP+V\/xr\/4\/\/AAMEANgCvAPwALQCS\/7v\/eAfZfC4GB3w0BsV8Cl+TADAA8QAmAF8AbP9d\/4L5awLoAAkAHvi3AqT59QL6MENvoAAhABb5DwLcJY1vcuwbb1hPOQAOEGd8FDolAOok828QAFEABv+\/\/0wAvQBiXcsAyARpAP5ZF0aEAFUA2gCjAIAAgQD2AG8AvADtAFIAewA4AJkA7v\/H\/\/QAhQDKAFMA8AGxAOYBHwAsAR0AQgErAKgByQDeAncAZAK1ALoCAwBgAuEA1gTPAJwETQAyAdsBGPv5As77JwLU7uV8quyzb9BPEQDGB398DAZ9fCL5iwKIASl8vgDXAEQAFQCaAGMAQABBALb6LwJ8Aq18EgA7APgAWQCuA4d8tABFAIr6EwKwAHEApgLffOwA3QAC\/+v\/aACJAJ4ANwAkoHV\/evrDACAAoQCWAI8AXAANAPIDm3zYALkAjgDnAJQApQBq+XMCkOPRfIYyP3zMAD0A4v1LAkj96QJ+AJcABP\/V\/1oAIwAA\/gECdgXvfDzkbXzSBft8uAIZAG4GR3x0AAUASnHTAnAAMQBm+p8CrPSdAML8qwIo7kl8Xgf3fOT\/Nf86AYMA4JBhf1YCTwAcDc0AsgBbAJgAeQBOAKcAVAVlfCpfMwBQAJEARgD\/AIwA\/QCiAAsCCPCpAj4AVwLEcZUCGnHjAsACwQA2Da8A\/P8t\/5IAuwB4ANkALgIHADQAxQAKAJMAMIXxACb7XwJsAF0AgmVrAOj\/CQAeFrdxpPv1AvqkQwCgoyEAFvoPAtyjjQBy\/BsCWCE5cQ7YZ3wUTSVx6gLzABACUQAGAL8ATAC9AGL7ywLIIGkA\/vsXAoQAVQDaAKMAgACBAPYAbwC8o+0AUk17cTj7mQLuAMcA9ACFAMoAUwDwL7EA5gAfACwAHQBCACsAqADJAN4AdwBkALUAugADAGBx4QLWAM8AnABNADI+2zAYIPkAzgYnfNQA5QCqMLMA0P8RAsYAfwAMAH0AIgCLAIgAKQC+ANcARAAVAJoAYwBAAEEAtgAvAHz7rQISADsA+AVZfK5nhwC0\/EUCigUTfLAHcQCmBd987BbdcQL86wJopIkAnqM3ACT7dQJ6o8MAIP2hApYhj3Fc2A188k2bcdgCuQCOAucAlAClAGoAcwCQ\/NEChiA\/AMz8PQLiAEsASADpAH4AlwAEANUAWqMjAABNAXF2\/O8CPABtANIA+wC4ABkAbi9HAHQABQBK\/NMCcAAxAGYAnwCsAJ0AwgCrACgASQBeAPcA5AA1ADoAgwDgAGEAViBPABwgzQCyAFsAmAB5AE4DpwBUAGUAKgAzAFAAkQBGAP8AjAD9AKIACwAIAKkAPgBXAMQAlQAaAOMAwADBADb8rwL8AC0AkgW7fHik2QAu\/QcCNAXFfAoHkwAwBfF8JqRfAGykXQCCMGsA6AAJAB4AtwCkAPUA+iBDAKAAIQAWAA8A3ACNAHIAGwBY\/TkCDgBnABQFJXzqYvMAEP1RAgYFv3xMCb0AYgXLfMhiaQD+LxcAhDBVANr9owKAAIEA9gVvfLwv7QBS\/XsCOAWZfO4LxwD0BYV8yi9TAPAAsQDmAB8ALAAdAEJTK3GoX8kA3md3AGQAtQC67QMAYKPhANYAzwCc\/E0CMgDbABj9+QLO7id81AXlfKr\/s\/\/QBRF8xhl\/fAwAfQAiAIsAiAIpAL4K1wBEWBUAmgBjAEAAQQC2AC8AfACtABIFO3z4AlkArgKHALQNRQCKBxMAsAVxfKai3wLsBd0CAgDrAGgAiQCe1TcCJAF1AHoAwwAg1aEClgCPAFz+DQLy7pt82AG5AI7\/5\/+UO6UCakJzcZAA0QCGAD8AzC89AOIASwBIL+kAfi+XAAQ71QJaBCMAAAABAHZB73E8B20A0lL7ALj\/GQJujEcwdEQFAkoH0wBwADE="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1196541506797289,"flow_dst_last_pkt_time":1196541506797539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1196541506797539,"pkt":"AFBWwAAIAAwpfMZqCABFAAAoK39AAEAGN3\/AqCuAwKgrAQePBJklcSWVSdLUhFAQIjhARQAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506798015,"flow_dst_last_pkt_time":1196541507028289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1196541507028289,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666211805308016} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1666211805308016} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211805308016,"packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211805308016} 00457{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1196541507836444,"pkt":"AAAAAAAAAAEAAAAEgQBNQoEAQHEIAEUwAGSCXAAAQBG59wqGGUwKhA+wCGgIaABQxGkw\/wBAAUzBDEUAAEAAAEAAPgY1YgqMUMzLzeAwwl0Hj2gaLJgAAAAAsAL\/\/7r5AAACBAW0AQMDBQEBCAoWh\/+GAAAAAAQCAAA="} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211805431039,"packet_id":28,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211805431039} @@ -73,7 +73,7 @@ 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211820897272,"packet_id":59,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211820897272} 00527{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":176,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":176,"pkt_l4_len":0,"thread_ts_usec":1196541507836444,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJp1ngAAQBHGogqGGSkKhA+wCGgIaACGR2gw\/wB2BmB3WUUAAHYAAEAAQAb0gwqMSs7Bdi8u6HUXcn6HvCgEmTKtgBgIAGxEAAABAQgKAHbpEA\/nUVIAJiWgQwAAAAAAGRQCAAxjcmVhdGVTdHJlYW0AQAAAAAAAAAAFQwAAAAAAFRQCAAhfY2hlY2tidwBACAAAAAAAAAU="} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541507836444,"flow_dst_last_pkt_time":1196541507670099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3452,"flow_dst_tot_l4_payload_len":3496,"midstream":0,"thread_ts_usec":1196541507836444,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1666211821073153} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1666211821073153} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/26 ~~ skipped flows.............: 0 @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910498 bytes -~~ total memory freed........: 6910498 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7488094 bytes +~~ total memory freed........: 7488094 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 298 chars ~~ json message max len.......: 2524 chars diff --git a/test/results/default/rtp.pcapng.out b/test/results/default/rtp.pcapng.out index 0a7b3bc5b..045961152 100644 --- a/test/results/default/rtp.pcapng.out +++ b/test/results/default/rtp.pcapng.out @@ -1,13 +1,13 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131936370,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131936370,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU5xAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEAAJ6IYAABZGAHAAAAAAg2oOAz\/8BcyOIdPfi8B4Xzz4VNYRGWcSjryldGYkqct6gbLBqCyFX7tOlxeIIyF41H7ve+11iRZEGoqbwZ8BxR\/mM7KSRJ8a7UYJLYgDupNskRvB7P\/F2+LyfF7a574\/f+Lxn4vAVwvkkYGQXzbheLgvjV4X8Aa7F5KLyf\/8U5YkvSlSWuDTEZb0+E4729QFtoqKTwvcF8OiLQsC+Lnxe+F+GXC9kYu\/90rt4WPWgJo2qDsfwPr\/s8F+F8Vv62za3pYs8Xhd7p\/i98XhSLxkLxBGcXsDIXnBeHYVhZ82dGyFsrGurb0PKNMBNPBU+DvepwY8CtUDJEhapZpZIfKDCenAv0sFZOFvEPq6SZq7ZGC0WNCD2rohpuFfeNnaOtWBov88A8KFlaIPuQZiCvwFUkMwNWSIPTwx46XBXMxdc42ukZKZVwxk2MwtjIOP\/GAoW2HqFRtGE73km73jLbNuNdOi46FTnGw\/R5AsQRD5jTGCdKjCRjiBlaZGSWLULBeGIXxhT0LGyulampWjYCxcF88NBf0Xi8LBeCcLwVpIx1vm4Wko\/FoveFXaTlRQDmASsdIAYgD0sFgelgVHlPWhCKjTYfCoK3tToCnTxwjU0U6tJ1AoURKc6uoVavqBuwaBU2OKB7UZZ3wVNNMoQYsCoZEGnR6rMgMCr1Frc0MVxHgMuBS\/GaQWA0H+4KeVNJ0oilvFwCGUrXanZuJMO1Ru9kW\/gGO8HW6BUMgZL++I9LM4DjgWRFoKwZlpAL3BfQAkhSFv51ulgMX\/AxwG+BgmOjn0tWELaDFAZG2y2GgOYBJdic8FLrZ1FZqzejckZ7ZxPnt4tN0qT8Owt4mbIBiOCYV7Wa0gbYzISFJsL7Z2HAqbO5veAZ+i9hlrl0GL\/luyqfe6BQ+WJQWpAFTDhlLguaUNNM9wsbX44KudOi8B4\/4RhX7EoFSstNLAXG0wJsF\/QrC+2C0xGKwtf+ZKIqQc6DFgSMykGg1F4NCAhWJteh8JkAM+AvF5WzpUeC+OQvBpQF4XzwtCtlK0STpXxwL8Kxfe6Lgq+bWQVZ7CxlrRWkFjIrCzh54VIwIaOLAtXTLlQJABIXeslIsZFAW+75LwHUAugsGkLJ4LbzreoPAx39Z0iDgXhM1zo46V8cFvAnqacHCmk+JEg5CoGb\/yMKTT9bClvYCKGC05V1BUOz4oBfCvje6uiZ7QMpjwfCwXrkIVutoFmhDDEHw\/we\/\/C+uZIRXre6tVwnDALeO5wFeLBusNLwWi+jfogBMF+BSaCxqbjX+ItQBiV60CR0F0JuLVopDELwvg0ACLtDYYhfLRqfC17qexbedTNNMnkQIwX2jclCk2IH6KMoYiM+S1ZNErU1PWiYcgqcKkhlkH0\/wVhGJNbvGupmesn9wrzn7QVSnoy3G1wacBeFj6ixeUt5riJwvBngE+L0iHSML5khhU2UjVGxKVUCQhkwSiYV+sJ14mSIDsJmv9RWtEIvCodYctsFJgKAsZY0zIsFIuTBiLwXYX+muPF4pFtBWFL4UJqKt1jGmTwgiPKhUFNPpiwoCYO3jPkT4Go6lAgL\/Zg46ysiOCNKUqM2M9lsBVwi4O20CYOHgsxRtsIBBjL3Bd+AvT4\/C4KXbgGE1mX9S772dBUjRhpD31BFfvayiUFKdZwCiYKT7Nb2p+\/qOjh4jVgqsQcRn7erJ2yk8UkJCFnlXLKVLO9F7sQ4UDMF8fCrgyf9ugQ6+o0e4A9ockoTBZ2gZH+KhP1Gi\/BkD5\/4sCzwsAq0VH22MxdSUYjN8B9\/8NwjCplKTaC63nKp1ZRBzrw6pDwViHpBF1IW6lIWYwVojIEKUDkZA+QCFT2MrCI2pTZmg5YFSypr\/qP9owB8f+g+H+FTvA4LaLWly3SoJwXoLEK3vUSA=="} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1332741131938296,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"thread_ts_usec":1332741131938296,"pkt":"ABNyjb9k0GflFGvTCABFAAOcU51AAIARAAAKzNxHCszcqxdwF3ADiNIkgKIBEQAJ6IYAABZGAHAAALUmHytcLGiML59YxC+2D4f7x\/dGA9s6LUsIgqL6t9mJKOwYsCwYxfFCTd\/EbKc1WTIyCk1LCi4WlIZNs3QVRZ0YtLzVrXAvQvC31Kk4U7gfk4NF\/6FcZEMXBZ+e81yFiMRHcxvlqbCkj2pxXGHDnS9oMQB1fON6nOtI0AKpgCYZlYdheFJ9ggX8QzYebHG7kCflEEcesByv1MlHJrqEBIUL1CBL8iFQoGOLjcsBzv4F4E6+kKFCBSq0ae0CiQ+zsCH75ZvxcB2VgFVgRCnBlAIpUC+zUwKqITTdXCYZNHuI9BVbULusaiwozjYOKBYIN4gEcYpGToyY6jExkpTIBl3yzfIHyVnzcBwv5Dfr8yFmjAaijTAxYENxAOBHF58LeyIiEejkXlh4KRN5mANBoAEiF4ZC9kUC8Bg9xSFbqryv9z3tqY6RthYJNOCuk6hDKLDcGN\/hwQ0mC3p8aYImFyIJ2fmFPWqsI18NKg6zc0EbSUfjIfkIvCmFCwZ8BSYnov4kQSh4cBof8MKF4018YTasVIjgcMrbTgz\/Rc3eDkGbATXu3kEIFpCorIxXzGmgMsLLtBKGAtp13CovkAInT5YWpm9VTurR4cjAGgAToU8CbURFZOrBD3yhVMgi9nahRiOif38aqXo2gwi\/eVjoMb\/YDlgVOoD7pC8Z+LzsVYNEA4Lw\/PM6YGcAYMcb60BScBi\/6ioc+Y3+gj0XdlEbEV0q880OV7rHE+CEDlf2h1AYv+6NBo6i8VhZ4y3NArvwJe40z10illdj+2pAODMwFgW\/uUPBkSAtR\/rJOF8XBaF7bI3hV+Z3mCANUkkaT7xOJgbABPrJycc9upGBDvu6ip7nStgFVZqOnTgyaNljAYz+4FjA2Ht1OBsXB+I45wZBsMXS3TH7t28fvc1E3AYv+6mzgsDgPSYcfWuamjTaUBsRip1u4vkC4L4JUF4\/JheFu7YunR6b+PxmtpNBnAFHkepsN4l6K+sMJShkaBY+6mBiwJNwWU0DYf5CFnDxsCNvpGgcUCbXRMFQ7RnBYD3\/4W\/AIohZSkMAWgXwsCyPyUXmBf1K2MheZ\/H7rp4VdhLRzwI4mAxJUd4LhcKh\/0lH5GP0AJIW9A0lLRufBcnB37e9RZ742whXTGAvrkJofgsgvmCYL5lcHrAReKQv8XLSajU="} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131999309,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU55AAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEgAJ\/qwAABZGAHAAAAAAg3IOAz+DZu8L\/AvpUA3H4r4vAcLxXU7idM2ymlkV2IuLvuaIBELzH\/hfBjAIQcCUai94\/fj9\/4WdocB\/5BIBM9eYIHAIlJabMuFeVJcLctTmRctqW0yxZujupRHTHcXu8L7Scmfi87j92P2gw8L5GMvE23nc0OmRiD1f4vIheEcfvH7xeNBfoJY\/GH\/xe7hfDoB50LeUsoJgDwVgLUmF4LwfnovJRe4fhZF5wXti10\/3bulF7x+YF4xF5oL+C52LwtCtlSW5UQ3jmQe\/\/CjF4x3b\/wt6LrUQqSmOB\/AEI8XjUXikXoTIvAymEwr0lUFo44BiJj7B9T7xorKCmPBVtLDoEVonhb21m0vEpuiYOg8GIqywFmD5AIgsqKywmqNNzg5ZNgvBtsjhijIsGoU\/\/vKfK\/j2Qeen+r38VY03dWxPDAliUPvD8v8qvxH9+yp1XtxPWkyds9dbmbubVONfnxHxtOoFokhC\/IXlysvuKh9LJ6b\/\/VCQRFSibgt+tQK6g4WhcueCj8qxWWDXN5xeMpEyekqzKKWoJNHBKCsMCADPALwofgEQmqGY1svakpCTmx\/WE6wnC7vePwoxRh4vg7BjAI6nB7f8X6Mxfw4LwtF52KPB1WlIfDKDYE+F9xkbZbUMQKZ1KdSC4L+AsDQk2a2pRdLQc3+4H4DCEKmBhlK0Cr3qF6zNTzpUGQwBLGmm6hjaCOSgrFGi4Lwu9CcFyFXXZBWDNpPQ424NSnBwsFpMFPReqLhZJcSdW0zECjoFUSUChoFWsoArze8mEelVQJLboxK+YRphCBMF9COF8FmgcFvLRxxsHD\/gXQ0a5xLVm2QJYl7TAUL1M0zMWpSlGl7G4gulCJCdaK4hcFwX1zhCFbvJrNTZiWXaCrAIcWR4k7vwMeBi\/4sHvoW12VTWh3QMJGlA7sR0YArQWgvKlhhE\/xI1\/EFcW4sjFAPeAjbqjlAwydBWGAtd1NqMWcEAbBGgLXi8nCtpigQGSIP2QxYxdEMAvg1v+KyEL6IJAWIX+tgzgCjGacYBV5EURE6yNu4HtGYggJoDxVycEW9JYfCi2Orpu4VoBauvWWByMWl6mZQbkQPZa1oLiYLWiBiwKCwmwwFj7ONti8mpoLemuRAul+GYanhiF95A3rZwCG0HL\/mdlrOAygFjqhT9BiwLhX\/7wre1ifrQjtNgYZrQoBr\/8kGgV9sRlV5\/n\/+rYFpWMEVAZyLNLLFopYWHIu7gDgvjQhC\/TAYi+hqbEF0bgxf9+lRr9+oFROF3pI4L8Kwe3\/PD8KRxo\/XQJ4hzNRnApCtjZdcigJ45BaC+Azf+KgvwjPBa0rPWOoTA4DFpCNAov+xZftXWWiZvXcT+iX\/kZlqd5Uk6WplnBY0aCjxGbURBBwc522Aq50Cd0oF\/KmAiqGYJqMpGUL4bjJw\/cF8weF8CoKvYgR4kIp2LWNpitgdpSAoLEAeHxSFv821qhpTzq2daT4LQ8WBoP\/h9kgC+eDEXqQ9TjELWmEJYsHRQ6h+RtCwLHE7bfCkBYPp\/srpyQL5STpINQvpwpQisfwXi7eFHxtvyERGU\/SXAJIAY7+4QdHDKZprgqbBPQAKCvo4VNCGbEelYFCkFUy24EY0GqDBWFjutpWzv0QYBcF9rRiuJwvpMIQvCnpCzc8u3LoMUBjXA2Q8FeNXsBVjh7DegqxweJsZB+P8QW2t5MsLxsxBzr8DYFyFnsAgBdVZ5DTNxGV0rGWJRBRBgO04ThTxHjCEon5jkra\/\/NJAMRIeiLxWLWxxiicQCxOD5\/6EHs\/wr4ESqlXQy3rNKxy8EQBTPSkGe\/z4UfR3WgVRSbzEpKWVM2ZRHUAyCi2q2p5OTKUtIhfhTlzmFvUCI9iJPW6BCitDQTRgMfKqV6BZvoj8YDY21vA=="} -00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":896,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3784,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131999309,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":896,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3784,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131999309,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Video"}} 01890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1332741132001295,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1054,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1054,"pkt_l4_len":1020,"thread_ts_usec":1332741132001295,"pkt":"ABNyjb9k0GflFGvTCABFAAQQU59AAIARAAAKzNxHCszcqxdwF3AD\/NKYgKIBEwAJ\/qwAABZGAHAAAC2RhlqOQwsQc9BiVkAVPG8xsRapg8Ld2AUDMONR8vsLCLSsJ+BOFbxcQUHIhegZGQxF6zMeF8OegtgcMCC+nEIiFAXwer\/nDQXsBosdEF8L6aCp9\/ODpHt0CNlg1Ecb5xOCaH4VjUKTwC+gRngYwC+VENHS1iYRyh2z6Jfp1lboMyBFoubDoXhX+4V9KDWXiNmS0cxE9hKHAfEzQeHQp\/bWx3Ud+ibGha3xZHePpYlZhDB74DMbBxf7Ae8BCUc9xuXEqnxSWDFJlmM33\/wGJ\/cmgSGTCYOgwEP4z3YBdQgVc+CrehgEYLQZQCBjf5WqKSEPiosIRE2V4kshWdRcRz4RWsgx4EC+ShqnCwb6GlYMWBH7jfONboMcBcE9NDruM9Q8KAcr+CoU6QpvymhkDJ\/ykGLAv7RlozCz8ZmdW\/4q05dq9R2iohBPET+ptT4WDJnW+daK6oUIp0kzvaiwdod+GUSoQSQr\/iqpUXY5drnMpXxAycB9P8kt+ZGiutgRONZaBH4oCi5v0kAwIG4jhD6ltvQTJGOJkqek4flozuiofg4\/8F9gLNeL2ApC7QD3j9w\/JgsbDWZixT0atAsiwHwAWdlvZWGqpT6PSxkkRsMZSraWXCQfjML4sNi83C34vSiRKIBMHQJvHBY+43usJdXsupunwxGXH74tp6L4sn36YZetYl6Eg6gegtxP5g7a6OtEXNHK2nFXDgNF\/ioX0+F0nuC9ic4F9AC\/BV5Ae\/\/CnjrrPtXh0v4wByNAopbal+O\/lsVLRwi6pxNwcHlujuoIgBwv5YQj61GzYU8fk\/teanBXIU5OFn523gEGAVdIquIRVkGYenmGhW36plk96J9t1B4spMKnvFODkHb\/qFzfcqZD1GDhAQr2u9LRsMwGiL0rba9iOqeIHjYPB02BUgjU6HBON2xwJwvlhlkyP0pOF8iFg\/CUXkwWfmML2AyH9hXg17wqTo5VAzRogm6CyCzxu8rO8pQbBi\/6gQyJPeBy\/4QoCYu2OiGL33T7p3bu3V5lUph2OioXz+Wda4HZoLH7ESdPnUNMtAsqCKhGI\/NwvhXTgvrwuoPX\/vC+mJHhbx9Jq7z9IPx+7dqpwQFMwcAxf7HcZ5o5BVlrwq5QBko7fUZNCIOSkZgl6bCzpNareQs1SFsD\/mgxgF4ZMhyRrgKC2ugxIHE2dAqpj+6JicL+NDmmQTx\/Bni8J4vZPf+FXKAOgxgHQHa20OmkrYhkJOKx+cF50L4XJQev\/C1zog0cZEVeKQsCz5ZghFHaidFLcXmAmbiUZXgyCxtyzfxGOejCmAWcL4RALH7CwpF7ZgL6bBkhNA=="} 02467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1332741132066361,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741132066361,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU6BAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBFAAKFpQAABZGAHAAAAAAg3oOAz+DZvj92FjUNSxqhkDRgJ62JgTcfirF74vFUKmEAD5fGx9VAFvKeJy+aq2BgEAGB+fJ42SxT5eAmqx5VhoOMuHpcBbgdpSZ62XIiEWoLP+tl7gvhoEiB4vBaxeC0x+96xV+zRvN6ke4LOJQKAuoiAQ3xVgek4BwMCDgplavzegpYCqHgxiiJCw38e\/SoKVnws4QMEmZiufXHrZShU1IaAOHol8Uj7QKXQYsCivRl7KxaVixWpgGIUlmQZBSYB0CCXbZR6jPF3i8uoiqmGQ94LBKBgQcu\/oHJ0FMOmiwZe6mB2f5WCiAvEHwc0CCj4hK1zIIAMCEqNHheX+oErEEnhiAZIJIKcuVgV4nY9EhvyKpRCOqx4srlQ+GIVMAwEMv9ikSP8ZVbYg6MQgQA8fW5qigXghldTu8p8TqwPK51QUjMLqL3i1e6i9+F9lZcKjovIovOR+bH7x+4fu\/H9JQsuEKhAEqiIooFv2Fm4lOAHAwIQrgMGCBD\/6d5YPQV7vKIkSB8NVcL\/gVS9GIWXAOBgvX28EovSb79LcGYBwMD8f8DB\/glF8SRT5DBNMsZQiYvU+ZVQCXByMAo8IHggiV8FKh2UZ+qpV8R1XqQCQDAhCpOqRgxv8ATB2sCsLD6sDi98lFQUWXYlLaKwhAeH\/oBwSdW8r9papKnAHVWEHwMIC+VwC38KxNNSxkXKwPLWfRi0KihAgB4+EVSqrWfVU2qA+XXgH\/IRydGv6pjceLwiH7hecH7heNcXkEX0Bn+L3i84LzgqS3sHc98Cvp8t+fCsLLiQDAhRcxR\/4GHA1eQGLAtGYkDwIfqBwf+qYv9ShToy4CyVj34FUuUVhb4q1QOx1eiN1q1owA3W95jeCcX0F2LwHxfmHh+KQvi54vCyL2kgPT\/uk7TpC93hfe903ttVZwLewkaK6EpoyLwTYvJIvNwrbCdJOI61UR8H5\/zUXhfF2Fl07pumL3i+jMW08e7o76mS0GLAsF5aLAvsLtkrovIIv6D4\/4WtkcB0GDeGDwWfQLRP3ofXrWn+CK030EoybCtt60y1zSgBoNcAjEHy\/4W9HxpvsSTOHURCNRE0SIQ6eYi45q4DdT7UZY3hPAiChYIidu1cZYVNFLZYeFwXBQubSpEgWRtEWo0uaWCsFiFgU9TcwdN3MKW2oGMtxVftMDNZeYy3wCOCAfTz4jWdTo4sTYCJApKBkFE14eQDCOWxMDiAVXAkHlv1uDrCesro2aE4dDkaA0QCJxl1Q8Bh\/1F\/5hUDEfv0ec4kha+Ft52oA8w4FDf4Dq\/gIXaDlfwX3G8XnWOUGbAgYz+NijT6BdtC0LRcLwZ\/\/BNF5kL4vIheCWFvqRPtSzDgNWAoSQnhfCswFbqOdSUGLArcwmRgv9BbCbSiOCKGbCUlEmgbbYhSMOJFx0DHgXheDPf7BKJNhIBfCq\/HoyRDvC0qFwDhRtjutI5ZC39LXtioKnS1Hg4g1\/o3EM6GIShRba\/BAW2mu+XBiwIHN\/hHW+DFAcBjv5ASgmHgp9QcEKXdIkbaNa83VwujQiAQ4iuq4DlAVZ3cApPltUVIDiAYIpYLSYX1l4W+s9bAr8WhGCvCtvWYDTgOX\/BZ7kZaQ2gqsByv5pEjidgWm1zYWf+M7GeqNbBNVs8RpkBVJFzxCC1EFyZre61GkaHGBiHcxMuGIuC+TEwVtvGBwlUJGLeEoPf\/h4JwqbSao\/ypBGKhrWWIlaQ3A\/NbIIYL0FkF+FuDApIY42EiPUDWEYSBfAaZFT+7dgIoneF\/dwmIAvrHU5ML06A2F8QRiVAkhb+r\/wJwXlGgULu3MU8dwqKhxIdQhW4UdDvrBhqpUAzC3gYYwDDA0DwPDAWBZ0YMWBtgmiDMKmzGNg04Cf0FuL1+BKKvmc5AlSig=="} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1452082723926279} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1452082723926279} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082723926279,"flow_dst_last_pkt_time":1452082723926279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082723926279,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1452082723926279,"flow_dst_last_pkt_time":1452082723926279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1452082723926279,"pkt":"ZFEGDr6xAJC4HVbBCABFAAA8RJtAAEAGTaesEKgYrBCoQJ08E4h51uZ7AAAAAKACFtDUwwAAAgQFtAQCCAr\/\/6LgAAAAAAEDAwI="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1452082723926279,"flow_dst_last_pkt_time":1452082723926389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1452082723926389,"pkt":"AJC4HVbBZFEGDr6xCABFAAA8AABAAEAGkkKsEKhArBCoGBOInTxtGE\/GedbmfKASOJAO\/QAAAgQFtAQCCAoC2uQ3\/\/+i4AEDAwc="} @@ -15,9 +15,9 @@ 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741132275341,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17808,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082723927046,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 02170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1452082806850157,"flow_dst_last_pkt_time":1452082723926389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1280,"pkt_l4_len":1246,"thread_ts_usec":1452082806850157,"pkt":"ZFEGDr6xAJC4HVbBCABFAATyRJ1AAEAGSO+sEKgYrBCoQJ08E4h51uZ8bRhPx4AYBbTKCgAAAQEICv\/\/w0QC2uQ3BLyAiMYjZEjsqQAAAADV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXVUHJhFRQUaXtG+u+SnoWEhISYnu5vDHCEBBRhNOHuHO8XE5qGEcQbNVgS6vp653dMEXRl\/eCUn52FnZqRk+Lk3n9\/FmkTFhAWF2pnY01A9cL45uHt5+zn4f39ztJWSEl9dXtyfHx2dFhD1lbf3NnOw\/XAz8fG2sfFVFRfXFtbRVlYXlHV0V1WU1bX1dPW0tPQ0dLT1tVW0NbX11dUV1FRU1BTU1ZX1dfQ09DW19bU1dVV1VRXVFRU1VdRUNTXV9bW19RU1FRU1VTV19TVVVXU1NXV1FVV1VdX1VTV1tXU1VbV1NXVVFdX1dXU1dfVVNXV1dTX1NTV1NTX1ldWVlFQUFRXVNXV1NTX1tbQ19TXVdXXVFRWVldRV1RVVFXU1NTU1NTW1tfVVFRX1VVV1dTUVlFXVdVVVdXU1dTU1dXUVFdX1dTV1NTW19fXVFRXV1ZRUVRXVNfV19TW0dfV1VVU1tRUV1ZUV1RU1NXV1NXV1NTV1dTV1NRU1VVU1dVU1VVXVdTVVFdUVVTV1NXU19RUV1XW19TX1dbV1dFVVlFRUFE="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1452082806850157,"flow_dst_last_pkt_time":1452082806850239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1452082806850239,"pkt":"AJC4HVbBZFEGDr6xCABFAAA0q\/BAAEAG5lmsEKhArBCoGBOInTxtGE\/HedbrOoAQAIj\/tAAAAQEICgLbNTH\/\/8NE"} -00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082807092242,"flow_dst_last_pkt_time":1452082806943418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082807092242,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082807092242,"flow_dst_last_pkt_time":1452082806943418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082807092242,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 02243{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1452082723926279,"flow_src_last_pkt_time":1452082808893215,"flow_dst_last_pkt_time":1452082808744238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1452082808893215,"l3_proto":"ip4","src_ip":"172.16.168.24","dst_ip":"172.16.168.64","src_port":40252,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":110,"avg":5476932.0,"max":82923850,"stddev":20338496.0,"var":413654440738816.0,"ent":1.2,"data": [110,767,82923111,82923850,93229,93179,148856,148867,149150,149232,150979,151006,151543,151418,148416,148540,149040,148926,151726,151812,150927,150869,149665,149628,148360,148373,151331,151326,150797,150823,149039]},"pktlen": {"min":52,"avg":621.6,"max":1266,"stddev":605.3,"var":366444.4,"ent":4.2,"data": [60,60,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266]},"bins": {"c_to_s": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.659215927,5.154205799,5.101990700,2.844452143,4.935547352,4.443674088,5.026988029,5.479323864,4.988526344,5.514104366,5.026988029,5.763203144,5.026988029,5.730160236,4.950064659,7.345358372,4.986605644,6.633060932,5.010550499,6.320373535,4.972088337,7.249912262,5.049011707,7.189931393,5.010550022,7.249042511,5.049011707,6.371730804,5.010550499,6.932887077,4.986605644,7.123292446]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1643703745877296} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1643703745877296} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703745877296,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745877296,"pkt":"AAAAAAAAAA0A6CjdCABFAABmXqIAAH8RTaGW23YTwHHB49Paw1MAUs7pAAEARgAafnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAixk="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745893698,"pkt":"AAAAAAAAAAkAifetCABFAABm7FVAADgRxu3AccHjltt2E8NT09oAUln0AAIARgAafnM4NS4xNTQuMi4xNDUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA09o="} @@ -35,7 +35,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","vlan_id":1508,"flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"vlan_id":1508,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":19,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703746016700,"flow_dst_last_pkt_time":1643703746015681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1104,"flow_src_tot_l4_payload_len":993,"flow_dst_tot_l4_payload_len":13839,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1643703821596170} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":54079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1643703821596170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920110 bytes -~~ total memory freed........: 6920110 bytes -~~ total allocations/frees...: 114285/114285 +~~ total memory allocated....: 7497706 bytes +~~ total memory freed........: 7497706 bytes +~~ total allocations/frees...: 126016/126016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2487 chars diff --git a/test/results/default/rtps.pcap.out b/test/results/default/rtps.pcap.out index 4731b6dab..1fa09a825 100644 --- a/test/results/default/rtps.pcap.out +++ b/test/results/default/rtps.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498024847652004} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1498024847652004} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498024847652004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1498024847652004,"pkt":"AAAAAAAAAAAAAAAACABFAAAsAABAAEARPL9\/AAABfwAAAW3MHPIAGP4rUlRQUwIBAQFORERTUElORw=="} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498024847652004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -16,7 +16,7 @@ 01091{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025267652809,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025267652809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01091{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025327652932,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21076,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025327652932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025337682781,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025337682781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1498025337682781} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1498025337682781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908454 bytes -~~ total memory freed........: 6908454 bytes -~~ total allocations/frees...: 114166/114166 +~~ total memory allocated....: 7486072 bytes +~~ total memory freed........: 7486072 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 534 chars ~~ json message max len.......: 1555 chars diff --git a/test/results/default/rtsp.pcap.out b/test/results/default/rtsp.pcap.out index a3665977f..0948025da 100644 --- a/test/results/default/rtsp.pcap.out +++ b/test/results/default/rtsp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1627567277506127} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1627567277506127} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_usec":1627567277506127,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} @@ -62,7 +62,7 @@ 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":60,"flow_first_seen":1627567406342871,"flow_src_last_pkt_time":1627567465366594,"flow_dst_last_pkt_time":1627567465366846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":7540,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":52,"flow_first_seen":1627567466882987,"flow_src_last_pkt_time":1627567526623393,"flow_dst_last_pkt_time":1627567526623799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3772,"flow_dst_tot_l4_payload_len":7560,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":48,"flow_first_seen":1627567528106056,"flow_src_last_pkt_time":1627567528308580,"flow_dst_last_pkt_time":1627567528265801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3176,"flow_dst_tot_l4_payload_len":7568,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":568,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1627567528308580} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":568,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1627567528308580} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6953215 bytes -~~ total memory freed........: 6953215 bytes -~~ total allocations/frees...: 114791/114791 +~~ total memory allocated....: 7530958 bytes +~~ total memory freed........: 7530958 bytes +~~ total allocations/frees...: 126529/126529 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2224 chars diff --git a/test/results/default/rtsp_setup_http.pcapng.out b/test/results/default/rtsp_setup_http.pcapng.out index 189701f11..77417afff 100644 --- a/test/results/default/rtsp_setup_http.pcapng.out +++ b/test/results/default/rtsp_setup_http.pcapng.out @@ -1,10 +1,10 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625568705778896} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1625568705778896} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1625568705778896,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625568705778896} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1625568705778896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909742 bytes -~~ total memory freed........: 6909742 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7487359 bytes +~~ total memory freed........: 7487359 bytes +~~ total allocations/frees...: 125872/125872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 627 chars ~~ json message max len.......: 1103 chars diff --git a/test/results/default/rx.pcap.out b/test/results/default/rx.pcap.out index f8ddcf3b8..9c39ad98e 100644 --- a/test/results/default/rx.pcap.out +++ b/test/results/default/rx.pcap.out @@ -1,5 +1,5 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647264018403,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1460647264018403,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1460647264026287,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} @@ -37,7 +37,7 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":31,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647320158014,"flow_dst_last_pkt_time":1460647300329629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4792,"flow_dst_tot_l4_payload_len":4266,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":9,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647300326863,"flow_dst_last_pkt_time":1460647300326798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":7708,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264026325,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":132,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1460647320158051} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":132,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1460647320158051} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 132/132 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920961 bytes -~~ total memory freed........: 6920961 bytes -~~ total allocations/frees...: 114313/114313 +~~ total memory allocated....: 7498557 bytes +~~ total memory freed........: 7498557 bytes +~~ total allocations/frees...: 126044/126044 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2164 chars diff --git a/test/results/default/s7comm-plus.pcap.out b/test/results/default/s7comm-plus.pcap.out index e3ae01da4..5d1fd3e73 100644 --- a/test/results/default/s7comm-plus.pcap.out +++ b/test/results/default/s7comm-plus.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1412165336989258} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1412165336989258} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1412165336989258,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989258,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1412165336989265,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989265,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"} @@ -9,7 +9,7 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336993088,"flow_dst_last_pkt_time":1412165336991654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1412165336993088,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165338064240,"flow_dst_last_pkt_time":1412165337104285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":545,"midstream":0,"thread_ts_usec":1412165338064240,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":38387.4,"max":995818,"stddev":175089.4,"var":30656290816.0,"ent":1.2,"data": [7,650,924,9,417,4,1746,2469,6,13767,4267,17657,4,12269,6,17776,4831,6,1514,9,7246,5693,10,28619,8,33319,4688,5,36256,995818,9]},"pktlen": {"min":40,"avg":100.3,"max":337,"stddev":73.0,"var":5323.4,"ent":4.7,"data": [52,52,46,40,40,76,76,76,257,257,46,177,47,47,162,162,71,47,47,123,123,84,47,47,133,133,337,47,47,46,133,133]},"bins": {"c_to_s": [12,2,6,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0],"entropies": [4.554988384,4.554988384,4.522394180,4.680641174,4.680641174,5.319911003,5.319911003,5.158287048,5.535624981,5.535624981,4.075662136,5.208230019,4.635028362,4.635028362,4.666445732,4.666445732,4.204725266,4.592475414,4.592475414,4.629901409,4.629901409,4.268610001,4.549922466,4.549922466,4.866230011,4.866230011,1.580462456,4.549922466,4.549922466,4.075662613,4.866230011,4.866230011]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":25,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165344069312,"flow_dst_last_pkt_time":1412165344104127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":3254,"flow_dst_tot_l4_payload_len":2655,"midstream":0,"thread_ts_usec":1412165344104127,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":79,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1412165344104127} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":79,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1412165344104127} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 79/79 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911976 bytes -~~ total memory freed........: 6911976 bytes -~~ total allocations/frees...: 114218/114218 +~~ total memory allocated....: 7489572 bytes +~~ total memory freed........: 7489572 bytes +~~ total allocations/frees...: 125949/125949 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2147 chars diff --git a/test/results/default/s7comm.pcap.out b/test/results/default/s7comm.pcap.out index e6b6b83e8..dcabe542d 100644 --- a/test/results/default/s7comm.pcap.out +++ b/test/results/default/s7comm.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1408528803880679} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1408528803880679} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1408528803880679,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803880679,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803884414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803884414,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="} @@ -9,7 +9,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1408528803887617,"flow_dst_last_pkt_time":1408528803887528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1408528803887617,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLU1AAIAGAADAqAEKwKgBKBBZAGaQRN3RAAL7QVAY+r+DpAAAAwAABwLwAA=="} 02135{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803957564,"flow_dst_last_pkt_time":1408528803957480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":794,"midstream":1,"thread_ts_usec":1408528803957564,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":66,"avg":4957.6,"max":9013,"stddev":3321.6,"var":11033309.0,"ent":4.5,"data": [3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713]},"pktlen": {"min":47,"avg":77.2,"max":261,"stddev":40.3,"var":1625.5,"ent":4.9,"data": [62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47]},"bins": {"c_to_s": [17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.432188988,4.290980816,4.257703304,3.892863989,4.469065666,4.562385082,3.916244507,4.469065666,4.445193291,3.499234200,4.469065666,4.517119408,2.438902855,4.367897987,4.497249603,3.901077271,4.469065666,4.394919872,4.398461342,4.469065666,4.423905373,4.398461342,4.426512718,4.412964821,4.410789013,4.469065666,4.412964821,4.372174263,4.410450935,4.692483425,4.443362713,4.469065666]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7Comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":19,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528804003972,"flow_dst_last_pkt_time":1408528804016478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":1202,"flow_dst_tot_l4_payload_len":1088,"midstream":1,"thread_ts_usec":1408528804016478,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7Comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":55,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1408528804016478} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":55,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1408528804016478} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911256 bytes -~~ total memory freed........: 6911256 bytes -~~ total allocations/frees...: 114193/114193 +~~ total memory allocated....: 7488852 bytes +~~ total memory freed........: 7488852 bytes +~~ total allocations/frees...: 125924/125924 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars ~~ json message max len.......: 2140 chars diff --git a/test/results/default/safari.pcap.out b/test/results/default/safari.pcap.out index 825145e36..ac0096e73 100644 --- a/test/results/default/safari.pcap.out +++ b/test/results/default/safari.pcap.out @@ -1,14 +1,14 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620898024056646} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620898024056646} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898024056646,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620898024056646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898024084984,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1620898024085084,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898024085084,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aT+9DGPz3YAQECxliAAAAQEICjMwxXQ6Vqpv"} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1620898024085660,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEfAABAAEAGqzzAqAGykjA6EtfeAbt7aT+9DGPz3YAYECzi2QAAAQEICjMwxXQ6VqpvFgMBAOYBAADiAwP7e0LMuchcA2pz2N1av9UFuo\/JaGJbVW+oYg1yPADkCgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACR\/wEAAQAAAAATABEAAA53d3cuaWl0LmNuci5pdAAXAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898024085660,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898024085660,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024113654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898024113654,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03eJAADQG2kSSMDoSwKgBsgG7194MY\/Pde2lAqIAQAfxysAAAAQEICjpWqowzMMV0"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024120639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620898024120639,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024120722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":3455,"midstream":0,"thread_ts_usec":1620898024120722,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024120639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620898024120639,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01567{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024085660,"flow_dst_last_pkt_time":1620898024120722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":3455,"midstream":0,"thread_ts_usec":1620898024120722,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","server_names":"www.iit.cnr.it","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898025216193,"flow_src_last_pkt_time":1620898025216193,"flow_dst_last_pkt_time":1620898025216193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025216193,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1620898025216193,"flow_dst_last_pkt_time":1620898025216193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620898025216193,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfhAbvK+gqhAAAAALAC\/\/\/8IwAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898025216511,"flow_src_last_pkt_time":1620898025216511,"flow_dst_last_pkt_time":1620898025216511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025216511,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -28,37 +28,37 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1620898025216511,"flow_dst_last_pkt_time":1620898025247854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898025247854,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+LVp22MQK\/Js6AS\/oitTAAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1620898025247891,"flow_dst_last_pkt_time":1620898025247854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025247891,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8mz1adtjYAQECzKUwAAAQEICjMwye06Vq72"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1620898025248893,"flow_dst_last_pkt_time":1620898025246476,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1620898025248893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfjAbsjVMkLMNstB4AYECyAIQAAAQEICjMwye46Vq73FgMBAM4BAADKAwNUREp3oPgfdwoKuIfn8T9IL3Q0lPOwn0i2RpA9kzJQCSBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025216866,"flow_src_last_pkt_time":1620898025248893,"flow_dst_last_pkt_time":1620898025246476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025248893,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025216866,"flow_src_last_pkt_time":1620898025248893,"flow_dst_last_pkt_time":1620898025246476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025248893,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1620898025249060,"flow_dst_last_pkt_time":1620898025246600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1620898025249060,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfhAbvK+gqi\/kpDRoAYECziaAAAAQEICjMwye46Vq72FgMBAM4BAADKAwN38WmzCQkn0KMr+Wzhl2Z5FrdZ11JNHPlkCTeGcw9T7iBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025216193,"flow_src_last_pkt_time":1620898025249060,"flow_dst_last_pkt_time":1620898025246600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025249060,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025216193,"flow_src_last_pkt_time":1620898025249060,"flow_dst_last_pkt_time":1620898025246600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025249060,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1620898025249194,"flow_dst_last_pkt_time":1620898025247725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1620898025249194,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfkAbuNFQafWZkBLYAYECyqrQAAAQEICjMwye86Vq75FgMBAM4BAADKAwO+AguydpOZseLQauZrJ0wQG6s9IakcGprgwqjW9VQmkCBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025249194,"flow_dst_last_pkt_time":1620898025247725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025249194,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025249194,"flow_dst_last_pkt_time":1620898025247725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025249194,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1620898025249268,"flow_dst_last_pkt_time":1620898025247854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1620898025249268,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfiAbtAr8mz1adtjYAYECzT3QAAAQEICjMwye86Vq72FgMBAM4BAADKAwOpBynag4bHvb6E4B1bggTJAjWsrCTwDwH9f+CYMFFKESBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025216511,"flow_src_last_pkt_time":1620898025249268,"flow_dst_last_pkt_time":1620898025247854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025249268,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025216511,"flow_src_last_pkt_time":1620898025249268,"flow_dst_last_pkt_time":1620898025247854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025249268,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1620898025217638,"flow_dst_last_pkt_time":1620898025251232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898025251232,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Xyf4O0ZsTOPKAS\/ohPpwAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1620898025251282,"flow_dst_last_pkt_time":1620898025251232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025251282,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM488n+DtYAQECxsqwAAAQEICjMwyfE6Vq75"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1620898025252477,"flow_dst_last_pkt_time":1620898025251232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1620898025252477,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtflAbtmxM488n+DtYAYECwZ2QAAAQEICjMwyfI6Vq75FgMBAM4BAADKAwMSRGkwxSrWh1AXeLtRv1F1xX\/qrFSNWIQgoRNChvQaeiBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025252477,"flow_dst_last_pkt_time":1620898025251232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025252477,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025252477,"flow_dst_last_pkt_time":1620898025251232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898025252477,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1620898025248893,"flow_dst_last_pkt_time":1620898025277000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025277000,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bLhAADQGS2+SMDoSwKgBsgG71+Mw2y0HI1TJ3oAQAfza5QAAAQEICjpWrxUzMMnu"} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025216866,"flow_src_last_pkt_time":1620898025248893,"flow_dst_last_pkt_time":1620898025277002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025277002,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025216866,"flow_src_last_pkt_time":1620898025248893,"flow_dst_last_pkt_time":1620898025277002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025277002,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1620898025249060,"flow_dst_last_pkt_time":1620898025277349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025277349,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0IZdAADQGlpCSMDoSwKgBsgG71+H+SkNGyvoLdYAQAfwN\/AAAAQEICjpWrxUzMMnu"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1620898025249194,"flow_dst_last_pkt_time":1620898025279016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025279016,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0711AADQGyMmSMDoSwKgBsgG71+RZmQEtjRUHcoAQAfw2qAAAAQEICjpWrxgzMMnv"} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025216193,"flow_src_last_pkt_time":1620898025249060,"flow_dst_last_pkt_time":1620898025279039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025279039,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025249194,"flow_dst_last_pkt_time":1620898025279148,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025279148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025216193,"flow_src_last_pkt_time":1620898025249060,"flow_dst_last_pkt_time":1620898025279039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025279039,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025249194,"flow_dst_last_pkt_time":1620898025279148,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025279148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1620898025249268,"flow_dst_last_pkt_time":1620898025280229,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025280229,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z4hAADQGUJ+SMDoSwKgBsgG71+LVp22NQK\/KhoAQAfzXjgAAAQEICjpWrxYzMMnv"} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025216511,"flow_src_last_pkt_time":1620898025249268,"flow_dst_last_pkt_time":1620898025281225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025281225,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025216511,"flow_src_last_pkt_time":1620898025249268,"flow_dst_last_pkt_time":1620898025281225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025281225,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1620898025252477,"flow_dst_last_pkt_time":1620898025284805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898025284805,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UEBAADQGZ+eSMDoSwKgBsgG71+Xyf4O1ZsTPD4AQAfx55QAAAQEICjpWrxszMMny"} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025252477,"flow_dst_last_pkt_time":1620898025284814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025284814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025252477,"flow_dst_last_pkt_time":1620898025284814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1620898025284814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d200800_2a284e3b0c56_6e2cce1a33e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1620898025216866,"flow_src_last_pkt_time":1620898025482937,"flow_dst_last_pkt_time":1620898025510399,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1135,"flow_dst_tot_l4_payload_len":16958,"midstream":0,"thread_ts_usec":1620898025510399,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18051.7,"max":118862,"stddev":28694.5,"var":823374080.0,"ent":3.5,"data": [29610,29665,2362,30524,2,28159,51917,8877,77853,8496,625,1248,27408,129,120,247,131,125,259,123,123,248,503,122,637,24023,24010,84464,7818,118862,914]},"pktlen": {"min":52,"avg":618.0,"max":1492,"stddev":660.5,"var":436248.1,"ent":4.1,"data": [64,60,52,263,52,193,52,103,494,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1029,52,52,483,52,1492]},"bins": {"c_to_s": [10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1],"entropies": [4.365527153,5.154205322,4.884933472,5.833237171,5.047091484,6.387271881,4.923395157,5.485030651,7.478204250,4.994112968,4.772770882,7.875178814,7.866140842,4.961856842,7.872851372,7.874671459,4.961856842,7.876760006,7.864192009,4.884933472,7.871975422,7.883419514,4.961856842,7.874213696,7.878833771,4.923395157,7.820206165,4.961856842,4.839769840,7.462142944,5.085553646,7.865268230]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027036438,"flow_dst_last_pkt_time":1620898027036438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898027036438,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1620898027036438,"flow_dst_last_pkt_time":1620898027036438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620898027036438,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Etf1AbvGGXtuAAAAALAC\/\/+JoQAAAgQFtAEDAwUBAQgKMzDQVQAAAAAEAgAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1620898027036438,"flow_dst_last_pkt_time":1620898027065042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898027065042,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71\/XZbafoxhl7b6AS\/ogqVAAAAgQFrAQCCAo6VrYRMzDQVQEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1620898027065158,"flow_dst_last_pkt_time":1620898027065042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898027065158,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXtv2W2n6YAQECxHWQAAAQEICjMw0HE6VrYR"} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027065042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1620898027065849,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEfAABAAEAGqzzAqAGykjA6Etf1AbvGGXtv2W2n6YAYECyxoQAAAQEICjMw0HE6VrYRFgMBAOYBAADiAwMa4UcAStjcr1T8QU4\/RokhU4ObPfNgIZ\/sGmPR9DSx4gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACR\/wEAAQAAAAATABEAAA53d3cuaWl0LmNuci5pdAAXAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027065042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898027065849,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027065042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898027065849,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027093791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620898027093791,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AotAADQGtZySMDoSwKgBsgG71\/XZbafpxhl8WoAQAfxUgQAAAQEICjpWti4zMNBx"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027099664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620898027099664,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01610{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027099759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":3455,"midstream":0,"thread_ts_usec":1620898027099759,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027099664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620898027099664,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027065849,"flow_dst_last_pkt_time":1620898027099759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":3455,"midstream":0,"thread_ts_usec":1620898027099759,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","domainame":"www.iit.cnr.it","tls": {"version":"TLSv1.2","server_names":"www.iit.cnr.it","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69","blocks":0}}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024782770,"flow_dst_last_pkt_time":1620898024782960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":7826,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1620898025216193,"flow_src_last_pkt_time":1620898025483460,"flow_dst_last_pkt_time":1620898025513234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1102,"flow_dst_tot_l4_payload_len":9280,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1620898025216511,"flow_src_last_pkt_time":1620898025483199,"flow_dst_last_pkt_time":1620898025369234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":437,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":6626,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -66,7 +66,7 @@ 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025483096,"flow_dst_last_pkt_time":1620898025512858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":1347,"flow_src_tot_l4_payload_len":1121,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025483303,"flow_dst_last_pkt_time":1620898025371358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1125,"flow_dst_tot_l4_payload_len":4576,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027166473,"flow_dst_last_pkt_time":1620898027166397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":378,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":706,"flow_dst_tot_l4_payload_len":4696,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":168,"packets-processed":168,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1620898027166473} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":168,"packets-processed":168,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1620898027166473} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 168/168 ~~ skipped flows.............: 0 @@ -75,9 +75,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7136023 bytes -~~ total memory freed........: 7136023 bytes -~~ total allocations/frees...: 114435/114435 +~~ total memory allocated....: 7713619 bytes +~~ total memory freed........: 7713619 bytes +~~ total allocations/frees...: 126166/126166 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2298 chars diff --git a/test/results/default/salesforce.pcap.out b/test/results/default/salesforce.pcap.out index 77b645fd9..aa7863e35 100644 --- a/test/results/default/salesforce.pcap.out +++ b/test/results/default/salesforce.pcap.out @@ -1,16 +1,16 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1637949675032008} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1637949675032008} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637949675032008,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1637949675032008,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637949675060899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1637949675061003,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1637949675061003,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlIXAqAGyVd6OBtR\/AbsUUf9PqWl8FoAQECja8QAAAQEICga2Ztwk00Oj"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1637949675061692,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGkoDAqAGyVd6OBtR\/AbsUUf9PqWl8FoAYECgazAAAAQEICga2Ztwk00OjFgMBAgABAAH8AwMsB7bEIQS+R0ekjKMs9RxR7uJ4jS+TafRCfDRTeT0jvyB2D\/7QJuZpYRXx8ewIP\/elf9pi11iuujnrjTBQzSXjCgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAYv\/AQABAAAAABgAFgAAE2hlbHAuc2FsZXNmb3JjZS5jb20AFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABkAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637949675061692,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637949675061692,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675086483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1637949675086483,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0P6lAADEGY9xV3o4GwKgBsgG71H+paXwWFFIBVIAQAOvoDAAAAQEICiTTQ8AGtmbc"} -01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1637949675088486,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01653{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3465,"midstream":0,"thread_ts_usec":1637949675088575,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F","blocks":0}}} +01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1637949675088486,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3465,"midstream":0,"thread_ts_usec":1637949675088575,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","domainame":"help.salesforce.com","tls": {"version":"TLSv1.2","server_names":"support.salesforce.com,help.salesforce.com","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F","blocks":0}}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675181063,"flow_dst_last_pkt_time":1637949675180938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3585,"midstream":0,"thread_ts_usec":1637949675181063,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1637949675181063} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1637949675181063} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918554 bytes -~~ total memory freed........: 6918554 bytes -~~ total allocations/frees...: 114163/114163 +~~ total memory allocated....: 7496150 bytes +~~ total memory freed........: 7496150 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars -~~ json message max len.......: 1658 chars -~~ json message avg len.......: 1079 chars +~~ json message max len.......: 1617 chars +~~ json message avg len.......: 1059 chars diff --git a/test/results/default/sccp_hw_conf_register.pcapng.out b/test/results/default/sccp_hw_conf_register.pcapng.out index 8813c9b56..b0b5b3e4f 100644 --- a/test/results/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/default/sccp_hw_conf_register.pcapng.out @@ -1,5 +1,5 @@ -00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557178511664958} +00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1557178511664958} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="} @@ -8,7 +8,7 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511665950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1557178511665950,"pkt":"uDhhiHXEAFBW6tqSCABFAAAo4mtAAEAGZpIKtG4wCrRuOgfQtX0KPck6YFN\/ilAQdUDYHgAA"} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511908949,"flow_dst_last_pkt_time":1557178511907942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":496,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1557178511908949,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1557178511908949} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1557178511908949} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908130 bytes -~~ total memory freed........: 6908130 bytes -~~ total allocations/frees...: 114155/114155 +~~ total memory allocated....: 7485726 bytes +~~ total memory freed........: 7485726 bytes +~~ total allocations/frees...: 125886/125886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 997 chars diff --git a/test/results/default/sctp.cap.out b/test/results/default/sctp.cap.out index b613a20a7..aad6e4ad4 100644 --- a/test/results/default/sctp.cap.out +++ b/test/results/default/sctp.cap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1088696689784578,"pkt":"AKCAAF5GCAADSgA1CABFAAB8FBwAADuESlQKHAYrChwGLEAAC4AAAW8KbbAYggADAFsoAkNFAACgvQAAAAdNRUdBQ08vMiA8bWctdHI+OjE2Mzg0ClJlcGx5ID0gMTc0MDkxewpDb250ZXh0ID0gMjU1ewpNb2RpZnkgPSBNVVgvMjU1Cn0KfQpn"} 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -10,7 +10,7 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1088696689872631,"pkt":"AAGvDAaWAKCAAF5GCABFAAA4u4FAAP+EnzIKHAYsChwGKgtZC1kNU+b+jI4HRgUAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="} 00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689872282,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784927,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} +00834{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910109 bytes -~~ total memory freed........: 6910109 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7487705 bytes +~~ total memory freed........: 7487705 bytes +~~ total allocations/frees...: 125883/125883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 930 chars diff --git a/test/results/default/selfsigned.pcap.out b/test/results/default/selfsigned.pcap.out index 9e8bf5f7b..b035e43fe 100644 --- a/test/results/default/selfsigned.pcap.out +++ b/test/results/default/selfsigned.pcap.out @@ -1,15 +1,15 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588921646472768} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588921646472768} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646472768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472768,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472882,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472882,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1588921646472896,"flow_dst_last_pkt_time":1588921646472882,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1588921646472896,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBAx1\/4oAAABAQgKE3\/M+BN\/zPg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1588921646472896,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1588921646472909,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVHN7m4ngBAx1\/4oAAABAQgKE3\/M+BN\/zPg="} 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":573,"pkt_l4_len":549,"thread_ts_usec":1588921646479120,"pkt":"AgAAAEUAAjkAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBgx1wAuAAABAQgKE3\/M\/hN\/zPgWAwECAAEAAfwDA0YEObVTH0KfsY7LcbNSMg4LYrFe3YRazUmr+hH\/EGuJAACGzBTME8wVwDDALMAowCTAFMAKAKMAnwBrAGoAOQA4\/4UAxADDAIgAhwCBwDLALsAqwCbAD8AFAJ0APQA1AMAAhMAvwCvAJ8AjwBPACQCiAJ4AZwBAADMAMgC+AL0ARQBEwDHALcApwCXADsAEAJwAPAAvALoAQcASwAgAFgATwA3AAwAKAP8BAAFNAAAADgAMAAAJbG9jYWxob3N0AAsABAMAAQIACgA6ADgADgANABkAHAALAAwAGwAYAAkACgAaABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQANACYAJAYBBgIGA+\/vBQEFAgUDBAEEAgQD7u7t7QMBAwIDAwIBAgICAzN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFQCxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646479120,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646482756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1588921646482756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","domainame":"localhost","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","advertised_alpns":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B","blocks":0}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646479120,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost","domainame":"localhost","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646482756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1588921646482756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","domainame":"localhost","tls": {"version":"TLSv1.2","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12d6707h2_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","advertised_alpns":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B","blocks":0}}} 01307{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646517296,"flow_dst_last_pkt_time":1588921646517337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":849,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":1588921646517337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1588921646517337} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1588921646517337} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912465 bytes -~~ total memory freed........: 6912465 bytes -~~ total allocations/frees...: 114165/114165 +~~ total memory allocated....: 7490082 bytes +~~ total memory freed........: 7490082 bytes +~~ total allocations/frees...: 125897/125897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars -~~ json message max len.......: 1766 chars -~~ json message avg len.......: 1115 chars +~~ json message max len.......: 1725 chars +~~ json message avg len.......: 1096 chars diff --git a/test/results/default/sflow.pcap.out b/test/results/default/sflow.pcap.out index 0736f3574..f05d054ad 100644 --- a/test/results/default/sflow.pcap.out +++ b/test/results/default/sflow.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1378125488790492} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1378125488790492} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125488790492,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125488790492,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfoAAEARuUSsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAZ9nPdcQAAAAAQAAAAIAAABsAAAhJQAABAwAAAABAAAAAQAAAFgAAAQMAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAYwszAAAm4MAApAWAAH2cwAAAAAAAAAAAAAAAAAAAAAAUz3BAACgtwAAIYcAAAjXAAAAAAAAAAAAAAAA"} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1378125507793302,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125507793302,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfsAAEARuUOsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaBnPiFIAAAAAQAAAAIAAABsAAAAaAAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmHZAAAPY8ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHWdKAABT9wAJE0IACVxYAAAAAAAAAAAAAAAA"} @@ -9,7 +9,7 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125537795814,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIf4AAEARuUCsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaNnPpZ4AAAAAQAAAAIAAABsAAAAaQAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmQegAAPa0ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHXouAABUFQAJE1IACVxrAAAAAAAAAAAAAAAA"} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":748,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125537795814,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125597799203,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125597799203,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1378125597799203} +00837{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1378125597799203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907874 bytes -~~ total memory freed........: 6907874 bytes -~~ total allocations/frees...: 114146/114146 +~~ total memory allocated....: 7485470 bytes +~~ total memory freed........: 7485470 bytes +~~ total allocations/frees...: 125877/125877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 973 chars diff --git a/test/results/default/shadowsocks.pcap.out b/test/results/default/shadowsocks.pcap.out index f676e6a07..7839f1420 100644 --- a/test/results/default/shadowsocks.pcap.out +++ b/test/results/default/shadowsocks.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690018458225809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225809,"pkt":"AAAAAAAAAAAAAAAACABFAAA8OlVAAEAGAmV\/AAABfwAAAZQQBDjOLDYWAAAAAKAC\/9f+MAAAAgT\/1wQCCApvLCb4AAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225829,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQQ4lBAtEiM8ziw2F6AS\/8v+MAAAAgT\/1wQCCApvLCb4bywm+AEDAwc="} @@ -16,7 +16,7 @@ 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018459714485,"flow_dst_last_pkt_time":1690018459714444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":16384,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":67329,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915413 bytes -~~ total memory freed........: 6915413 bytes -~~ total allocations/frees...: 114196/114196 +~~ total memory allocated....: 7493009 bytes +~~ total memory freed........: 7493009 bytes +~~ total allocations/frees...: 125927/125927 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 1004 chars diff --git a/test/results/default/shell.pcap.out b/test/results/default/shell.pcap.out index c59eddd9f..9b754d758 100644 --- a/test/results/default/shell.pcap.out +++ b/test/results/default/shell.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712518786333703} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712518786333703} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518786333703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333703,"pkt":"AAAAAAAAAAAAAAAACABFAAA8UINAAEAG7DZ\/AAABfwAAAboWgjVOSff2AAAAAKAC\/9f+MAAAAgT\/1wQCCAqKFvhnAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333714,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI1uhZ8EbgHTkn396AS\/8v+MAAAAgT\/1wQCCAqKFvhnihb4ZwEDAwc="} @@ -24,7 +24,7 @@ 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518853691948,"flow_dst_last_pkt_time":1712518853691932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12250,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1712518853691948} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12250,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1712518853691948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924796 bytes -~~ total memory freed........: 6924796 bytes -~~ total allocations/frees...: 114201/114201 +~~ total memory allocated....: 7502392 bytes +~~ total memory freed........: 7502392 bytes +~~ total allocations/frees...: 125932/125932 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 7473 chars diff --git a/test/results/default/signal.pcap.out b/test/results/default/signal.pcap.out index f3ce4a6c7..4e36924dd 100644 --- a/test/results/default/signal.pcap.out +++ b/test/results/default/signal.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569051245838268} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569051245838268} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051245838268,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","domainame":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}} @@ -21,38 +21,38 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247599529,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247643687,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247645554,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247645554,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247645675,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN66AbtonqfW4PlKjIAYBAt1eQAAAQEICihVUhuWTinBFgMBAgABAAH8AwORcncPsZ5qIVMCFuWgfAh6It7r+HS2ZZg+ldmkQzu5TCBZnL8ZiCuWJmLRaxcsIL0Nu9GPkgNG7xXFvEs6oR8pMAA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgWo6on7tfmVX9S3E+N7mNvysCblDKK8M25vsu0sA3gR4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247645675,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247645675,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247689292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247689292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0iWYAADQGC1wXORgQwKgCEQG73rrg+UqMaJ6p24AQAOsqrAAAAQEICpZOKe8oVVIb"} -01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247690070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247690070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247690070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247690070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247594090,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247704415,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247706588,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247706588,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1569051247706645,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGY7fAqAIRIuHwrcBKAbtArcPV+38n64AYCBZZNQAAAQEICihVTfNkFVboFgMBAMABAAC8AwNdhdJvuXs\/d642PJRF7UI\/AdVwXtSGkzdnBwsA+gkrIgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247706645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247706645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247600467,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247709413,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247711067,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247711067,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247711181,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd67AbuyrbdySxC+24AYBAsbUQAAAQEICihVUlpkFVbqFgMBAgABAAH8AwNvt088oc+wJ\/keps9Nd59wAmt0exXgkmLypgOxJ3yQxCADkYPnm5qJAc81bPMGd68mU3RC86F4komLht8jFwvJuwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgDvSu5WvgGSyqdaiHWcjph88Rx8PSoGix+VWVEEqv9GkALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247711181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247711181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247603797,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247714648,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247601573,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247714775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247716291,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247716291,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247716407,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd69Abtt2McQZ\/eo7IAYBAtWzgAAAQEICihVUl9kFVbrFgMBAgABAAH8AwNt7hXbpLjXMRR\/bxdtzkjvB4xS1PwDQ6PxbRaUrO0qwSDVSMeS43dgzqJuDX9Nz7D77w9PJu+JEAZF32iZkikHGQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAggkVxJnNxvx7yRJ3IWr6\/bePVPj3hLoE6hEcrUhAYuEMALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716407,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716407,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247716684,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247716684,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247716836,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd68AbvGwW2ECR79gIAYBAtCawAAAQEICihVUl9kFVbrFgMBAgABAAH8AwMC\/iq\/29\/bfQmL3NywRdaHPxawxpN\/gjq67bcZmEul+iC0YvLniq6GFUwRgLKNIv\/K1BW3lLi2Y9hIO9HhpF3gJwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg4ti0IjmHHcY34Qh7EHKKwWM8SOIvozUrzGlVTZfDoB4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716836,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716836,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247791544,"flow_dst_last_pkt_time":1569051247792234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":10648,"midstream":0,"thread_ts_usec":1569051247792234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":12410.3,"max":52274,"stddev":19984.8,"var":399390400.0,"ent":3.2,"data": [44158,46025,121,45605,778,217,319,168,47796,18,50,46011,44670,7772,1684,58,381,118,52274,18,1127,18,42555,122,704,525,120,879,64,358,7]},"pktlen": {"min":52,"avg":413.3,"max":1492,"stddev":522.5,"var":272968.6,"ent":4.0,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413]},"bins": {"c_to_s": [10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1],"entropies": [4.496222496,5.260978699,5.115703106,4.449790955,5.154164791,7.842132568,7.877580166,7.812294483,7.873640060,5.077241421,5.115703106,5.032077789,7.623220921,5.154164791,6.284255981,5.843806267,5.875387192,5.767893314,6.860127449,7.271677971,7.350573063,5.115703106,6.393777370,5.115703106,5.062724113,5.024262428,5.038779736,5.628359795,7.828307152,7.836736202,7.865890980,7.503857136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247816804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247816804,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cO8AAO0Ghowi4fCtwKgCEQG7wEr7fyfrQK3EmoAQAG6D7AAAAQEICmQVVwQoVU3z"} -01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247818667,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01806{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051247818679,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01376{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247818667,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01765{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051247818679,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247820470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247820470,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06d0AAO0GDZ4i4fCtwKgCEQG73rtLEL7bsq25d4AQAG4TtAAAAQEICmQVVwYoVVJa"} -01381{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247822394,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01770{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247822421,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247822394,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247822421,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247827539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247827539,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/+sAAO0G948i4fCtwKgCEQG73r1n96jsbdjJFYAQAG5B6wAAAQEICmQVVwcoVVJf"} -01381{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247830388,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01770{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247830426,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247830388,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247830426,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247830427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247830427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qogAAO4GS\/Mi4fCtwKgCEQG73rwJHv2AxsFviYAQAG5M0wAAAQEICmQVVwgoVVJf"} -01381{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247832906,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01770{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247832918,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247832906,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247832918,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569051248547165,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051248547165,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569051253252519,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051253252519,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255515841,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051255515841,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -92,47 +92,47 @@ 00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264115004,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264115004,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":3.664498}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264116081,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264116081,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264116204,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN6+AbvH3a+K4DuqGYAYBAtznQAAAQEICihVknKWTmoXFgMBAgABAAH8AwPawK\/+wN1+Tx0CNiEAg+cUW3czvaCh\/qY5WXGzJz9xKSBQ\/3brog7H4kKz+Cr0Y+KAPc0Wuh7pzTw9CcTlpz8EzgA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgQjLeK9mUdDm2SPbON0\/yv\/211C08osOnnwisGWfkQjYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264116204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264116204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264150664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264150664,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0riEAADQG5qAXORgQwKgCEQG73r7gO6oZx92xj4AQAOvkPwAAAQEICpZOaj0oVZJy"} -01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264151436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264151436,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264151436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264151436,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264073974,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264185629,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264186713,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264186713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264090815,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264198395,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264091926,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264203333,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264093006,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264203483,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1569051264229464,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGUHXAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAYCBbVbwAAAQEICihVjm1kFUBJFgMBAMABAAC8AwNdhdKAFZvPd8KN3PrIuLJ+p3RN76tFaWi69JIAQQd9fgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264229464,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264229464,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259275,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259325,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN6\/Abvpz5RKqNYh2YAYBAufSQAAAQEICihVkvtkFUBMFgMBAgABAAH8AwN+5Ttf6YokHynLX4ecaPrHKATOoW12Tu+wzd9uDQspWSA1hUwuwgYjwI2sT5j3KinfN4lvjC3KseF9UMaW83tPxQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgepTejFE5doby0DivzOsCuvXU1Qv8gn4J5BRpbhy8vDQALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259325,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259325,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259363,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259363,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259470,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7AAbuO10ReRcpLjoAYBAsKeAAAAQEICihVkvxkFUBNFgMBAgABAAH8AwNYXsKfONHmzDFwOYBHmMHWccv+TKZTGPJmOKuaWv\/yOCDtD78sld\/x8V+rzxyBuU3uWmdAA4D7yp8sPLtMpD+m1QAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg1yEhEumbjcw84EpI\/aJKwlqb4nNO3GXKiR9CVTP9slYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259470,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259470,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259507,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259507,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259677,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7BAbuYIIuNFdnORoAYBAvQ5wAAAQEICihVkvxkFUBNFgMBAgABAAH8AwMBrKJ6lAeYyvz4VxhLDcDvBph9JELZn65LIOXEqYKG0yBO77oSw5+zVdfbslJwrAju9uKTARXrNL8JS7VTuLS\/cAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgH0+fBZOWslk8wxPYbGM9RiS44cUzBW0Uf6uB5Vg5FGAALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259677,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259677,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264310199,"flow_dst_last_pkt_time":1569051264310869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":862,"flow_dst_tot_l4_payload_len":11255,"midstream":0,"thread_ts_usec":1569051264310869,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":14977.4,"max":100663,"stddev":25001.2,"var":625062336.0,"ent":3.3,"data": [34916,37696,123,37363,772,231,309,173,37044,153,34846,100663,83343,17640,1078,2531,59,427,91,36023,34,31611,467,2412,13,489,2231,1076,233,244,7]},"pktlen": {"min":52,"avg":431.7,"max":1492,"stddev":520.4,"var":270842.4,"ent":4.1,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413]},"bins": {"c_to_s": [9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1],"entropies": [4.496222496,5.227644920,5.115703106,4.414837837,5.154164791,7.853477478,7.870889187,7.817573071,7.876551151,5.115703106,5.062724590,7.664700031,5.077241421,7.657122135,4.978374004,6.355051041,5.966256618,5.935075283,5.821801186,6.831858158,7.289732933,7.287264824,5.154164791,5.115703106,5.154164791,6.311809540,5.115703106,5.115703106,7.817995071,7.817259789,7.852911472,7.453959465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264341086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264341086,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0lEcAAO4GTvIjqQMowKgCEQG7wEvNn9QiBdFmjoAQAG5hVAAAAQEICmQVQHAoVY5t"} -01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264342899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264342899,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264343005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051264343005,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264342899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264342899,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264343005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051264343005,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264367627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264367627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Ya4AAO4GgYsjqQMowKgCEQG73r+o1iHZ6c+WT4AQAG4BngAAAQEICmQVQHcoVZL7"} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264369936,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264369938,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264369936,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264369938,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264371125,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264371125,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0jjEAAO4GVQgjqQMowKgCEQG73sEV2c5GmCCNkoAQAG5ClwAAAQEICmQVQHcoVZL8"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264371989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264371989,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0C\/kAAO4G10AjqQMowKgCEQG73sBFykuOjtdGY4AQAG7l1wAAAQEICmQVQHcoVZL8"} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373131,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264373258,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264373882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373882,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264374011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264374011,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373131,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264373258,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264373882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373882,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264374011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264374011,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264666082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264666082,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264666082,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264666082,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264775024,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264776703,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264776703,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264776825,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7CAbvJrSrw+WYneYAYBAsKOgAAAQEICihVlPVkFUDdFgMBAgABAAH8AwPqnmHY+ky08QaEFpsYq0FGVLaxG+964Hq2icanaO7xlCBmz3takGKujlgk83\/DuHgM2oWMrAxFhkG7HMIkIEBMvgAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg5cIrTlOOMEP5oixl5QwpN10lLFAYbdhRGOo98Zyw2T4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264776825,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264776825,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264885425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264885425,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Z4EAAO4Ge7gjqQMowKgCEQG73sL5Zid5ya0s9YAQAG4ybAAAAQEICmQVQPgoVZT1"} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264887563,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264887591,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264887563,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264887591,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}} 02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265118031,"flow_dst_last_pkt_time":1569051265227415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":2636,"midstream":0,"thread_ts_usec":1569051265227415,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32686.5,"max":114919,"stddev":49905.0,"var":2490513152.0,"ent":3.3,"data": [108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485]},"pktlen": {"min":52,"avg":519.2,"max":1492,"stddev":606.2,"var":367455.8,"ent":4.1,"data": [64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52]},"bins": {"c_to_s": [4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1],"entropies": [4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396342,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1569051266396342,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} @@ -148,10 +148,10 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569051267121677,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051267154562,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569051267161440,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051267161440,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051267161538,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGa7jAqAIRDSP9Kt7DAbsjR8rtv8CPNIAYBAvKhwAAAQEICihVnj6vNN\/RFgMBAgABAAH8AwOed0BRRXhHmhS2o0Rd7s+quzaOqPDOekK9aAMPsTMIOSC1IZE3ylyuwin+a6TID60OpC6k\/IyX7sen4PPIFu25JAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAABMAEQAADmNkbi5zaWduYWwub3JnABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIKiOhVxjy4KSaZXVIZPgxwuPZSXAvfjlA0iNSRIg7yBrAC0AAgEBACsABQQDBAMDAAoACgAIAB0AFwAYABkAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267161538,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267161538,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267194585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051267194585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0UOEAAPEGq9sNI\/0qwKgCEQG73sO\/wI80I0fM8oAQAHYz9AAAAQEICq8039UoVZ4+"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051267197332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01659{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2383,"midstream":0,"thread_ts_usec":1569051267197345,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051267197332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01618{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2383,"midstream":0,"thread_ts_usec":1569051267197345,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","server_names":"cdn.signal.org","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12","blocks":0}}} 02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267296344,"flow_dst_last_pkt_time":1569051267317465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":11716,"flow_dst_tot_l4_payload_len":2541,"midstream":0,"thread_ts_usec":1569051267317465,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11950.2,"max":43365,"stddev":16041.8,"var":257340416.0,"ent":3.7,"data": [32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119]},"pktlen": {"min":52,"avg":498.2,"max":1492,"stddev":608.0,"var":369644.2,"ent":4.0,"data": [64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52]},"bins": {"c_to_s": [5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1],"entropies": [4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051261595218,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255541412,"flow_dst_last_pkt_time":1569051255539776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -172,7 +172,7 @@ 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051261087134,"flow_dst_last_pkt_time":1569051248058195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051261087155,"flow_dst_last_pkt_time":1569051248073795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051261087166,"flow_dst_last_pkt_time":1569051248067523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":637,"packets-processed":637,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":27,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1569051267601717} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":637,"packets-processed":637,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":27,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1569051267601717} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 ~~ skipped flows.............: 0 @@ -181,9 +181,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7293536 bytes -~~ total memory freed........: 7293536 bytes -~~ total allocations/frees...: 115127/115127 +~~ total memory allocated....: 7871132 bytes +~~ total memory freed........: 7871132 bytes +~~ total allocations/frees...: 126858/126858 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 2178 chars diff --git a/test/results/default/signal_audiocall.pcapng.out b/test/results/default/signal_audiocall.pcapng.out new file mode 100644 index 000000000..03ef45597 --- /dev/null +++ b/test/results/default/signal_audiocall.pcapng.out @@ -0,0 +1,59 @@ +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024252560352} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024252560352,"pkt":"dNo47VMyYhO2esBpCABFAAAwRWRAAEARGavAqAxDI9jq6rFrDZYAHHVvAAEAACESpEJXWklqc1dDeWlGaWU="} +01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252560499,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560499,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1732024252560499,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024252560499,"pkt":"dNo47VMyYhO2esBpCABFAAAwgmpAAEARyvnAqAxDI9v8krFrDZYAHMWVAAEAACESpEI1cThLK29Vb2Zyc2I="} +01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252560499,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560499,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024252562178,"pkt":"dNo47VMyYhO2esBpCABFAAA4gmtAAEARyvDAqAxDI9v8krFrDZYAJFMAAAMACCESpEJESWJQSTJoSnlpWE4AGQAEEQAAAA=="} +01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252562178,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252564159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024252564159,"pkt":"YhO2esBpdNo47VMyCABFAABQYexAADkR8lcj2\/ySwKgMQw2WsWsAPPYdAQEAICESpEI1cThLK29Vb2Zyc2IAIAAIAAGR0HwxDFwAAQAIAAGwwl0jqB6AKAAEaYMT0g=="} +01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252564159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024252564159,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252565403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024252565403,"pkt":"YhO2esBpdNo47VMyCABFAABwYe1AADkR8jYj2\/ySwKgMQw2WsWsAXAy5ARMAQCESpEJESWJQSTJoSnlpWE4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxNjM3ZDNmZDRkOWM5YjYxABQACnNpZ25hbC5vcmcAAIAoAATPjK59"} +01098{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252565403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024252565403,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252568619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024252568619,"pkt":"YhO2esBpdNo47VMyCABFYABQjT9AADkR2E8j2OrqwKgMQw2WsWsAPDZGAQEAICESpEJXWklqc1dDeWlGaWUAIAAIAAGR0HwxDFwAAQAIAAGwwl0jqB6AKAAEuwkx\/Q=="} +01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252568619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024252568619,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1732024252569169,"flow_dst_last_pkt_time":1732024252568619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024252569169,"pkt":"dNo47VMyYhO2esBpCABFAAA4RWVAAEARGaLAqAxDI9jq6rFrDZYAJFh\/AAMACCESpEJGS3FkT09uNFJVbnEAGQAEEQAAAA=="} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1732024252572448,"flow_dst_last_pkt_time":1732024252565403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024252572448,"pkt":"dNo47VMyYhO2esBpCABFAACQgmxAAEARypfAqAxDI9v8krFrDZYAfJOdAAMAYCESpEJuUEl0Z1MxUnVQKzcAGQAEEQAAAAAGABcxNzMyMTEwNjUzOjE1NTA1NTA4NiMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDE2MzdkM2ZkNGQ5YzliNjEACAAU3JGQo9CczDHRimYdZNnsDs1bURk="} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1732024252569169,"flow_dst_last_pkt_time":1732024252576656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024252576656,"pkt":"YhO2esBpdNo47VMyCABFYABwjUdAADkR2Ccj2OrqwKgMQw2WsWsAXCnWARMAQCESpEJGS3FkT09uNFJVbnEACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxYTZhN2ZjMjE4MzU3YTg0ABQACnNpZ25hbC5vcmcAAIAoAATMhc\/o"} +01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252569169,"flow_dst_last_pkt_time":1732024252576656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024252576656,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1732024252581941,"flow_dst_last_pkt_time":1732024252576656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024252581941,"pkt":"dNo47VMyYhO2esBpCABFAACQRWZAAEARGUnAqAxDI9jq6rFrDZYAfNTyAAMAYCESpEJPQ2R3Q1gyR0YxNG4AGQAEEQAAAAAGABcxNzMyMTEwNjUzOjE1NTA1NTA4NiMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDFhNmE3ZmMyMTgzNTdhODQACAAUdnj5ozIQ14RJfPGflgWJ9TOV+\/s="} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255310800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255310800,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255310800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255310800,"pkt":"dNo47VMyYhO2esBpCABFAAB8Fd9AAEARUcDAqAxDI9viC7FrL+UAaMFUAAEATCESpEJOeGYzd003aEM0NlMABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBUAJAAEbn8e\/wAIABT68YL7vmQRS9HQZGiIeRD1SGtWiYAoAASjdTd6"} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255310800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255310800,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255375430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024255375430,"pkt":"YhO2esBpdNo47VMyCABFAABceXNAADER\/Usj2+ILwKgMQy\/lsWsASMN1AQEALCESpEJOeGYzd003aEM0NlMAIAAIAAGR0XwxDFwACAAUnZDi6xiY73CNxpkvkJm\/4v\/vMgCAKAAEI0j0WQ=="} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1732024255408164,"flow_dst_last_pkt_time":1732024255375430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024255408164,"pkt":"dNo47VMyYhO2esBpCABFAACEFeVAAEARUbLAqAxDI9viC7FrL+UAcJtXAAEAVCESpEJpQUE2cDZ4ODNaWU8ABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBXAAQAEAAAAAQAkAARufx7\/AAgAFI5RI5U78Kp13DMCmA7Leck\/6NW6gCgABO24t1c="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1732024255408164,"flow_dst_last_pkt_time":1732024255478382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024255478382,"pkt":"YhO2esBpdNo47VMyCABFAABceaxAADER\/RIj2+ILwKgMQy\/lsWsASLnsAQEALCESpEJpQUE2cDZ4ODNaWU8AIAAIAAGR0XwxDFwACAAUb93PFiaRbp51W72Lo4W8+vqpJJCAKAAEhXIENA=="} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1732024255408164,"flow_dst_last_pkt_time":1732024255504818,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255504818,"pkt":"YhO2esBpdNo47VMyCABFAAB8ea9AADER\/O8j2+ILwKgMQy\/lsWsAaKWbAAEATCESpEIwUGVvRDJtRTdqaXQABgAJNFQzcTprOGtBAAAAwFcABAADA4SAKQAIDLe2oNQ22wcAJAAEbn8r\/wAIABTMgM4WmvIXuVnGMvf\/8DTFYb2Fd4AoAARIK8xL"} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255554100,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255554100,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1732024255554100,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255554100,"pkt":"dNo47VMyYhO2esBpCABFAAB8Fe9AAEARUbDAqAxDI9viC7Fr02QAaCf8AAEATCESpEIrN09mWUNLWHJaaVQABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBUAJAAEbn8e\/wAIABSFh95GlbVTlHrpRlUg3UgrYXJ00oAoAASZD4hP"} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255554100,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255554100,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02257{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024255506282,"flow_dst_last_pkt_time":1732024255591142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1348,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1732024255591142,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":192787.9,"max":1009305,"stddev":328853.4,"var":108144574464.0,"ent":3.4,"data": [1679,3660,1244,10270,10180,26749,26618,250237,250253,501155,501113,1004003,1009305,956070,950707,3808,8981,1122,5251,38927,115928,34,84920,11595,28824,12973,35886,1216,42468,17725,63525]},"pktlen": {"min":48,"avg":115.1,"max":168,"stddev":39.1,"var":1531.7,"ent":4.9,"data": [48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136]},"bins": {"c_to_s": [6,0,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,6,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,0,0,1,1,1],"entropies": [5.092222691,4.896289825,5.489066124,5.744682789,5.768844128,5.706256866,4.913536072,5.656898022,4.877822399,5.693010330,4.913536072,5.644444466,4.877821922,5.674491882,5.815627575,5.871930599,6.136301041,5.839058876,5.921264172,5.746930122,5.986515999,6.205406189,5.953484058,5.819549084,5.906489849,6.141389370,5.824335575,5.926788807,5.885375023,5.921932697,5.977344990,5.910892010]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255603277,"pkt":"dNo47VMyYhO2esBpCABFAAB8FfFAAEARUa7AqAxDI9viC7Fr02QAaGVCAAEATCESpEIvV3hJemdRQ2V4OFQABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBUAJAAEbn8e\/wAIABQYYyyDTy\/jE1\/Nd7a1vmyLdnoNJYAoAAQy+vP7"} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255603277,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255617924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024255617924,"pkt":"YhO2esBpdNo47VMyCABFYABcedJAADoR84wj2+ILwKgMQ9NksWsASGZUAQEALCESpEIrN09mWUNLWHJaaVQAIAAIAAGR0XwxDFwACAAUV6fjCSR3JzdWauCIks3ZoPOQt6yAKAAE1l85zg=="} +01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255617924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1732024255617924,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45251","multimedia_flow_types":"Unknown"}}} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1732024255651938,"flow_dst_last_pkt_time":1732024255617924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024255651938,"pkt":"dNo47VMyYhO2esBpCABFAACEFfRAAEARUaPAqAxDI9viC7Fr02QAcC1KAAEAVCESpEJsNGpWVkczUWZNMFgABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBXAAQAEAAAAAwAkAARufx7\/AAgAFLx4XCVdI\/2uyx6lx8OrrNXNQyE\/gCgABDOgNrg="} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1732024255651938,"flow_dst_last_pkt_time":1732024255657241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255657241,"pkt":"YhO2esBpdNo47VMyCABFYAB8eeVAADoR81kj2+ILwKgMQ9NksWsAaHX9AAEATCESpEJqV2p5emF6aUd3Z0kABgAJNFQzcTprOGtBAAAAwFcABAADA4SAKQAIDLe2oNQ22wcAJAAEbn8q\/wAIABSES8PnIh8Hi99anNPE0CgU3ijLmoAoAASQYvIj"} +02383{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024262728582,"flow_dst_last_pkt_time":1732024262809079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":1108,"midstream":0,"thread_ts_usec":1732024262809079,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7975,"avg":465466.5,"max":2229214,"stddev":655102.9,"var":429159809024.0,"ent":3.8,"data": [49177,63824,48661,39317,8988,7975,43088,49998,8002,41078,51322,943432,1038291,262155,354976,260389,75745,606181,10918,31204,394466,279938,364276,2145789,28790,2221167,290330,345130,931089,1204551,2229214]},"pktlen": {"min":56,"avg":101.4,"max":132,"stddev":22.2,"var":491.6,"ent":5.0,"data": [124,124,92,132,124,92,92,124,92,92,124,92,132,92,124,92,56,84,84,56,124,92,124,92,124,56,92,124,92,84,124,92]},"bins": {"c_to_s": [2,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,7,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1],"entropies": [5.954615116,5.890099049,5.936881542,5.799671173,5.975784302,5.832649708,5.819981575,5.872922421,5.789170742,5.862594128,5.872116566,5.802706242,5.723914146,5.759228230,5.937438488,5.737487316,5.186729908,5.916122437,5.723992348,5.190757751,5.819494724,5.923347950,5.943526745,5.780966759,5.877923489,5.155044079,5.841721058,5.969696999,5.737488747,5.781786919,5.896186829,5.789172649]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":91,"flow_dst_packets_processed":87,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024271658206,"flow_dst_last_pkt_time":1732024271623847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":295,"flow_src_tot_l4_payload_len":16436,"flow_dst_tot_l4_payload_len":15122,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024262578771,"flow_dst_last_pkt_time":1732024262586393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":29,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024271632164,"flow_dst_last_pkt_time":1732024271627708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":2352,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024270121601,"flow_dst_last_pkt_time":1732024270117593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":268,"packets-processed":268,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1732024271658206} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 268/268 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 39302 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7500221 bytes +~~ total memory freed........: 7500221 bytes +~~ total allocations/frees...: 126173/126173 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 551 chars +~~ json message max len.......: 2388 chars +~~ json message avg len.......: 1467 chars diff --git a/test/results/default/signal_multiparty.pcapng.out b/test/results/default/signal_multiparty.pcapng.out new file mode 100644 index 000000000..f1af80bb2 --- /dev/null +++ b/test/results/default/signal_multiparty.pcapng.out @@ -0,0 +1,28 @@ +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733239341173023} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341173023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733239341173023,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341173023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733239341173023,"pkt":"dNo47VMyYhO2esBpCABFAACAzjRAAEAR8PbAqAxDI8+Kh5WfJxAAbGD5AAEAUCESpEJwZ3QzcmROMU00NUMABgAJaDMrWjpFZVhBAAAAwFcABAADAAqAKgAI8t7zQbISIGgAJQAAACQABG5\/Hv8ACAAU6J251WfQ5z114UuxJd3wiXnphpSAKAAEllidBQ=="} +01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341173023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733239341173023,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733239341173023,"flow_dst_last_pkt_time":1733239341195604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733239341195604,"pkt":"YhO2esBpdNo47VMyCABFYACAtuBAADkRDusjz4qHwKgMQycQlZ8AbMWKAQEAUCESpEJwZ3QzcmROMU00NUMABgAJRWVYQTpoMytaAAAAwFcABAADAAqAKgAI8t7zQbISIGgAJQAAACQABG5\/Hv8ACAAUgivsIYTUn7H2pfklI0G7CbxUJ0KAKAAEVH4NuA=="} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341195604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733239341221458,"pkt":"dNo47VMyYhO2esBpCABFAACAzjVAAEAR8PXAqAxDI8+Kh5WfJxAAbNM1AAEAUCESpEJDaXByL0xFWlhoZ0wABgAJaDMrWjpFZVhBAAAAwFcABAADAAqAKgAI8t7zQbISIGgAJQAAACQABG5\/Hv8ACAAUwYoJjzYrP9NGPwZTb2nvHPCTJoSAKAAEptEgcg=="} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341240495,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1733239341240495,"pkt":"YhO2esBpdNo47VMyCABFYABTtuFAADkRDxcjz4qHwKgMQycQlZ8APwl5gGUAGwAAABsPnODN8l5yijSlqu7ZaH6lFc7Firllrm5CGV4UiXvScTjo\/7PnN\/PQVnck3hUxzQ=="} +01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341240495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":155,"midstream":0,"thread_ts_usec":1733239341240495,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341242183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733239341242183,"pkt":"YhO2esBpdNo47VMyCABFYACAtuJAADkRDukjz4qHwKgMQycQlZ8AbFyyAQEAUCESpEJDaXByL0xFWlhoZ0wABgAJRWVYQTpoMytaAAAAwFcABAADAAqAKgAI8t7zQbISIGgAJQAAACQABG5\/Hv8ACAAU90Nkc7I3jWePLnbox4hjB+wj3w+AKAAEhx4wsQ=="} +01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341221458,"flow_dst_last_pkt_time":1733239341242183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":255,"midstream":0,"thread_ts_usec":1733239341242183,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1733239341173023,"flow_src_last_pkt_time":1733239341632534,"flow_dst_last_pkt_time":1733239341575898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":8051,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1733239341632534,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.207.138.135","src_port":38303,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.SignalVoip","proto_id":"338.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8493,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733239341632534} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 30/30 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 8493 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7486101 bytes +~~ total memory freed........: 7486101 bytes +~~ total allocations/frees...: 125899/125899 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 602 chars +~~ json message max len.......: 1183 chars +~~ json message avg len.......: 891 chars diff --git a/test/results/default/signal_videocall.pcapng.out b/test/results/default/signal_videocall.pcapng.out new file mode 100644 index 000000000..a614fb8c4 --- /dev/null +++ b/test/results/default/signal_videocall.pcapng.out @@ -0,0 +1,49 @@ +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} +01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431955912,"pkt":"dNo47VMyYhO2esBpCABFAAAwtSNAAEARmEDAqAxDI9v8krs2DZYAHF30AAEAACESpEJKdmo2eHhiZEdrT1E="} +01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431956045,"pkt":"dNo47VMyYhO2esBpCABFAAA4tSRAAEARmDfAqAxDI9v8krs2DZYAJHj9AAMACCESpEJGT0RzSVBnV3VDSVgAGQAEEQAAAA=="} +01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431956045,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431959193,"pkt":"YhO2esBpdNo47VMyCABFAABQi8xAADkRyHcj2\/ySwKgMQw2WuzYAPLQBAQEAICESpEJKdmo2eHhiZEdrT1EAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAE\/+dX5g=="} +01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431959193,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431959746,"pkt":"YhO2esBpdNo47VMyCABFAABwi81AADkRyFYj2\/ySwKgMQw2WuzYAXM1WARMAQCESpEJGT0RzSVBnV3VDSVgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3MWRlZDFjNTBiN2Q0NGFmABQACnNpZ25hbC5vcmcAAIAoAAR7NBQ3"} +01098{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431959746,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431959841,"pkt":"dNo47VMyYhO2esBpCABFAAA4ZxdAAEAR9+\/AqAxDI9jq6rs2DZYAJF1+AAMACCESpEJoc3FkNDJvUEJsZ2kAGQAEEQAAAA=="} +01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431959841,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431962384,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431962384,"pkt":"dNo47VMyYhO2esBpCABFAACQtSVAAEARl97AqAxDI9v8krs2DZYAfNU1AAMAYCESpEJLZGY0aGpCR2VDNmwAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDcxZGVkMWM1MGI3ZDQ0YWYACAAUgVqrAzIcqrmsvPu1c7hMsgoikGk="} +00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431962820,"pkt":"YhO2esBpdNo47VMyCABFYABQmTNAADkRzFsj2OrqwKgMQw2WuzYAPPTfAQEAICESpEJQQm9QWFIrVWRPcnYAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAELCkIuA=="} +01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431962820,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431967507,"pkt":"YhO2esBpdNo47VMyCABFYABwmTdAADkRzDcj2OrqwKgMQw2WuzYAXIRlARMAQCESpEJoc3FkNDJvUEJsZ2kACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyMzlmNWI0MDIzNmE0ZmIyABQACnNpZ25hbC5vcmcAAIAoAAR3etFo"} +01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431967507,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431970453,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431970453,"pkt":"dNo47VMyYhO2esBpCABFAACQZxlAAEAR95XAqAxDI9jq6rs2DZYAfJ\/eAAMAYCESpEJtY0MxU2RsRTVSTFIAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDIzOWY1YjQwMjM2YTRmYjIACAAUWuhe5DwiuoVslYdnHO9VLKb1KDk="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024434112285,"pkt":"dNo47VMyYhO2esBpCABFAAB8tZtAAEARl3zAqAxDI9v8krs23DkAaDzbAAEATCESpEJvVmpOd0IwS3IzMTcABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYsAJAAEbn8e\/wAIABQsPdFbp2Mty9aiJruZ\/Hgd1SZ9SYAoAAQ0snQG"} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434178241,"pkt":"YhO2esBpdNo47VMyCABFYABcj7BAADIRyycj2\/ySwKgMQ9w5uzYASCrcAQEALCESpEJvVmpOd0IwS3IzMTcAIAAIAAGRwHwxDFwACAAUzCtdmPFLOE2hrfqThQbG\/WfenmGAKAAE+56MVw=="} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1732024434208184,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434208184,"pkt":"dNo47VMyYhO2esBpCABFAACEtaBAAEARl2\/AqAxDI9v8krs23DkAcJ01AAEAVCESpEJ5YkVGeHg2Vm54cEwABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFBR40kD7fQkz6Qg731KFxeC3zkjNgCgABDObOGE="} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434257371,"pkt":"dNo47VMyYhO2esBpCABFAACEtaNAAEARl2zAqAxDI9v8krs23DkAcLCLAAEAVCESpEIvVzZEb0YxN3VBZ04ABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFB0q7oEahdIgYLDgT\/FjacmxOl1HgCgABEHzBpk="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434268071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434268071,"pkt":"YhO2esBpdNo47VMyCABFYABcj9ZAADIRywEj2\/ySwKgMQ9w5uzYASIPeAQEALCESpEJ5YkVGeHg2Vm54cEwAIAAIAAGRwHwxDFwACAAULNk0SsQGD73EexLHOWxlLf1+DQiAKAAEShdJ1g=="} +02382{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024441333397,"flow_dst_last_pkt_time":1732024441541595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1732024441541595,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7924,"avg":472594.2,"max":2449226,"stddev":710703.9,"var":505100075008.0,"ent":3.7,"data": [65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869]},"pktlen": {"min":56,"avg":102.6,"max":132,"stddev":22.3,"var":496.6,"ent":5.0,"data": [124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124]},"bins": {"c_to_s": [1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1],"entropies": [5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1732024444862357} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 334/334 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 109231 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7499733 bytes +~~ total memory freed........: 7499733 bytes +~~ total allocations/frees...: 126227/126227 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 551 chars +~~ json message max len.......: 2387 chars +~~ json message avg len.......: 1450 chars diff --git a/test/results/default/signal_videocall_multiparty.pcapng.out b/test/results/default/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..5d93d1093 --- /dev/null +++ b/test/results/default/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,29 @@ +00634{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247515941563} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515941563,"pkt":"ILAB4IZiSKRyNpegCABFAACAiykAAIARhhPAqAF1I89DROg2JxAAbAzQAAEAUCESpEI1NEg2QU95UTMyRVAABgAJMWFMNTpRTVhDAAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUcpt5C\/\/iaNePSUPaFGAUyh6\/HmKAKAAEM0IRaA=="} +01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515974447,"pkt":"SKRyNpegILAB4IZiCABFAACARupAADYR1FIjz0NEwKgBdScQ6DYAbFcqAQEAUCESpEI1NEg2QU95UTMyRVAABgAJUU1YQzoxYUw1AAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUEutlNl3kd0Dorqs\/VUiSQQTSjTmAKAAEAsj3vw=="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1733247515990390,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1733247515990390,"pkt":"ILAB4IZiSKRyNpegCABFAABAiy8AAIARhk3AqAF1I89DROg2JxAALMvlgGUAAQAAAAEAAAABdLrycx3kw9wWNnvZW6iDkwxnchqicp+h"} +01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515990390,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1733247515990390,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515990690,"pkt":"ILAB4IZiSKRyNpegCABFAACAizAAAIARhgzAqAF1I89DROg2JxAAbHFfAAEAUCESpEJQOWY2V2ZIcjVJMUgABgAJMWFMNTpRTVhDAAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUbiAQ2EbSUNLBr92MPhsCUZvHJgiAKAAEYmFHKA=="} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247516018904,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247516018904,"pkt":"SKRyNpegILAB4IZiCABFAACARutAADYR1FEjz0NEwKgBdScQ6DYAbH1\/AQEAUCESpEJQOWY2V2ZIcjVJMUgABgAJUU1YQzoxYUw1AAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAURXtV3qkD7dZOCPsPy8U8foLxJ\/uAKAAEXGaXzQ=="} +01185{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247516018904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1733247516018904,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02372{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247521000514,"flow_dst_last_pkt_time":1733247521314176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":1239,"flow_dst_tot_l4_payload_len":830,"midstream":0,"thread_ts_usec":1733247521314176,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":300,"avg":336502.1,"max":1071142,"stddev":395522.0,"var":156437676032.0,"ent":3.9,"data": [32884,48827,300,44457,50533,44084,223767,385,25289,800734,1030880,20622,201493,673,800784,981685,21273,210614,756,118515,13444,1043663,879515,925,1071142,1007160,651,274470,390884,400116,691039]},"pktlen": {"min":56,"avg":92.7,"max":128,"stddev":28.2,"var":793.4,"ent":4.9,"data": [128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74]},"bins": {"c_to_s": [1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1],"entropies": [5.630286694,5.730687141,5.077819824,5.651809216,5.741195202,5.841376781,5.766547680,5.757154465,5.171569824,5.046569824,5.753524780,5.387711525,5.789052010,5.652456284,5.077819824,5.626456738,5.428714275,5.731467724,5.790346146,5.060848236,5.754378796,5.151015759,5.367309570,5.684864521,5.159774780,5.404538155,5.853539467,5.171569824,5.637804031,5.766547680,5.049053192,5.377511024]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":68,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247533917504,"flow_dst_last_pkt_time":1733247533913543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1184,"flow_src_tot_l4_payload_len":67701,"flow_dst_tot_l4_payload_len":18298,"midstream":0,"thread_ts_usec":1733247533917504,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1733247533917504} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 260/260 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 85999 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7492771 bytes +~~ total memory freed........: 7492771 bytes +~~ total allocations/frees...: 126129/126129 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 582 chars +~~ json message max len.......: 2377 chars +~~ json message avg len.......: 1404 chars diff --git a/test/results/default/simple-dnscrypt.pcap.out b/test/results/default/simple-dnscrypt.pcap.out index 5d13710c5..7e37410dc 100644 --- a/test/results/default/simple-dnscrypt.pcap.out +++ b/test/results/default/simple-dnscrypt.pcap.out @@ -1,14 +1,14 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1491813284555591} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1491813284555591} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813284555591,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284555591,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284666208,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1491813284666742,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813284666742,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRZAAIAGMNvAqCunhncaGMQ5Abvf\/XrkwVvO7FAQAEBxlgAA"} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1491813284694670,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"thread_ts_usec":1491813284694670,"pkt":"uFpz9d6dpDTZFrEGCABFAAD2PRdAAIAGMAzAqCunhncaGMQ5Abvf\/XrkwVvO7FAYAEAlbQAAFgMBAMkBAADFAwPMizo6irh7WreX73XN9DV4060ZvWSF1+Ey0R2L6KnrlgAAIMrKwCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAfDo6AAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAYKioAAQA="} -01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284694670,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813284694670,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284694670,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813284694670,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1491813284694670,"flow_dst_last_pkt_time":1491813284785768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813284785768,"pkt":"pDTZFrEGuFpz9d6dCABFAAAoQ1NAADMGd56GdxoYwKgrpwG7xDnBW87s3\/17slAQAO1wGwAA"} -01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284694670,"flow_dst_last_pkt_time":1491813284804255,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813284804255,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01659{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":7,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284809547,"flow_dst_last_pkt_time":1491813284819906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813284819906,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} +01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284694670,"flow_dst_last_pkt_time":1491813284804255,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813284804255,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01618{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":7,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284809547,"flow_dst_last_pkt_time":1491813284819906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813284819906,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813285148253,"flow_dst_last_pkt_time":1491813285258007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":804,"flow_dst_tot_l4_payload_len":10162,"midstream":0,"thread_ts_usec":1491813285258007,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":41776.7,"max":221977,"stddev":52354.6,"var":2741003520.0,"ent":3.9,"data": [110617,111151,27928,119560,18487,5167,114877,3012,7467,5,1,10608,4894,14894,118,54,378,91813,2,71462,3132,28841,0,26832,76361,36004,32630,95192,61613,221977,1]},"pktlen": {"min":40,"avg":383.4,"max":1350,"stddev":516.9,"var":267229.7,"ent":3.9,"data": [52,52,40,246,40,1350,1350,40,1350,1350,1350,346,40,166,93,96,82,258,298,109,40,78,40,78,40,40,40,401,40,105,1350,1310]},"bins": {"c_to_s": [7,4,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1],"entropies": [4.700937748,5.053297043,4.884183884,5.597340584,4.884183884,7.257542610,7.247560978,4.734184265,7.594522476,7.479546547,7.614046097,7.344598770,4.780641079,6.391661167,5.721328735,5.834361076,5.503191471,7.138485432,7.091854095,6.122251511,4.934183598,5.396905422,4.884183884,5.818656921,4.884183884,4.884183884,4.884183884,7.331987381,4.934183598,5.989890099,7.848228931,7.847333908]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286275625,"flow_dst_last_pkt_time":1491813286275625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286275625,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1491813286275625,"flow_dst_last_pkt_time":1491813286275625,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813286275625,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSdAAIAGML7AqCunhncaGMRNAbtYb9jbAAAAAIACIADK3QAAAgQFtAEDAwgBAQQC"} @@ -19,30 +19,30 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1491813286275625,"flow_dst_last_pkt_time":1491813286463777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813286463777,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xE3jDV\/XWG\/Y3IASchA2bgAAAgQFHgEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1491813286463900,"flow_dst_last_pkt_time":1491813286463777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813286463900,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSpAAIAGMMfAqCunhncaGMRNAbtYb9jc4w1f2FAQAEDoegAA"} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1491813286464103,"flow_dst_last_pkt_time":1491813286463777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1491813286464103,"pkt":"uFpz9d6dpDTZFrEGCABFAAD6PStAAIAGL\/TAqCunhncaGMRNAbtYb9jc4w1f2FAYAEDIdQAAFgMBAM0BAADJAwNv0uKa8YPP5S3C1fDc6AAVy\/lKelnnMptROJU3jjxHAgAAIGpqwCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAgOrqAAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAja2gAdABcAGJqaAAEA"} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286464103,"flow_dst_last_pkt_time":1491813286463777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286464103,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286464103,"flow_dst_last_pkt_time":1491813286463777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286464103,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1491813286393273,"flow_dst_last_pkt_time":1491813286470177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813286470177,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADUGuOWGdxoYwKgrpwG7xFOF+CiKXqXACIASchDdaAAAAgQFHgEBBAIBAwMH"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1491813286470265,"flow_dst_last_pkt_time":1491813286470177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813286470265,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSxAAIAGMMXAqCunhncaGMRTAbtepcAIhfgoi1AQAECPdQAA"} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1491813286470494,"flow_dst_last_pkt_time":1491813286470177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1491813286470494,"pkt":"uFpz9d6dpDTZFrEGCABFAAD6PS1AAIAGL\/LAqCunhncaGMRTAbtepcAIhfgoi1AYAEAxMwAAFgMBAM0BAADJAwPabWMx4TPEe003EmcOaVVkGB4BJdiLaMIosjjzc6WatQAAINrawCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAgGpqAAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAhqagAdABcAGDo6AAEA"} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286470494,"flow_dst_last_pkt_time":1491813286470177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286470494,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286470494,"flow_dst_last_pkt_time":1491813286470177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286470494,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491813286392272,"flow_dst_last_pkt_time":1491813286489522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813286489522,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xFKVdKj9XuwOhIASchD+twAAAgQFHgEBBAIBAwMH"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1491813286489644,"flow_dst_last_pkt_time":1491813286489522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813286489644,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPS5AAIAGMMPAqCunhncaGMRSAbte7A6ElXSo\/lAQAECwxAAA"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1491813286491438,"flow_dst_last_pkt_time":1491813286489522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1491813286491438,"pkt":"uFpz9d6dpDTZFrEGCABFAAD6PS9AAIAGL\/DAqCunhncaGMRSAbte7A6ElXSo\/lAYAEA4UAAAFgMBAM0BAADJAwMEITmqCCDYKHQAOZXDppXwBZfCK5UgUTxqQznpvaY\/AwAAIAoKwCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAgDo6AAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAgqKgAdABcAGKqqAAEA"} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286491438,"flow_dst_last_pkt_time":1491813286489522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286491438,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286491438,"flow_dst_last_pkt_time":1491813286489522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813286491438,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1491813286470494,"flow_dst_last_pkt_time":1491813286545726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813286545726,"pkt":"pDTZFrEGuFpz9d6dCABFAAAovEhAADUG\/KiGdxoYwKgrpwG7xFOF+CiLXqXA2lAQAO2N9gAA"} -01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286470494,"flow_dst_last_pkt_time":1491813286573464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813286573464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01667{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286576695,"flow_dst_last_pkt_time":1491813286577890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813286577890,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286470494,"flow_dst_last_pkt_time":1491813286573464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813286573464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286576695,"flow_dst_last_pkt_time":1491813286577890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813286577890,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1491813286464103,"flow_dst_last_pkt_time":1491813286577894,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813286577894,"pkt":"pDTZFrEGuFpz9d6dCABFAAAoyxFAADMG79+GdxoYwKgrpwG7xE3jDV\/YWG\/ZrlAQAO3m+wAA"} -01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286464103,"flow_dst_last_pkt_time":1491813286586517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813286586517,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01667{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286592939,"flow_dst_last_pkt_time":1491813286594033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813286594033,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286464103,"flow_dst_last_pkt_time":1491813286586517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813286586517,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286592939,"flow_dst_last_pkt_time":1491813286594033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813286594033,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1491813286491438,"flow_dst_last_pkt_time":1491813286594497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1491813286594497,"pkt":"pDTZFrEGuFpz9d6dCABFAAAoPCFAADMGftCGdxoYwKgrpwG7xFKVdKj+XuwPVlAQAO2vRQAA"} -01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286491438,"flow_dst_last_pkt_time":1491813286609961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813286609961,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01667{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286612199,"flow_dst_last_pkt_time":1491813286612925,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813286612925,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286491438,"flow_dst_last_pkt_time":1491813286609961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":1310,"midstream":0,"thread_ts_usec":1491813286609961,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286612199,"flow_dst_last_pkt_time":1491813286612925,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6550,"midstream":0,"thread_ts_usec":1491813286612925,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org","domainame":"simplednscrypt.org","tls": {"version":"TLSv1.2","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41","blocks":0}}} 02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286786121,"flow_dst_last_pkt_time":1491813286786057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":280,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":7944,"midstream":0,"thread_ts_usec":1491813286786121,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":25343.0,"max":105611,"stddev":35915.9,"var":1289953152.0,"ent":3.6,"data": [76904,76992,229,75549,27738,2534,105611,594,1,590,1297,3,1553,3254,3682,128,52,3057,79,49,84732,1,74133,4254,0,9610,25085,23405,82024,4138,98354]},"pktlen": {"min":40,"avg":319.1,"max":1350,"stddev":456.8,"var":208637.0,"ent":3.9,"data": [52,52,40,250,40,1350,1350,40,1350,1350,40,1350,346,40,166,93,96,82,320,119,118,298,109,40,40,78,40,78,40,402,401,40]},"bins": {"c_to_s": [7,4,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,0,1,1,1,0],"entropies": [4.662476063,5.014835358,4.784183979,5.463803768,4.784183979,7.264608860,7.254951954,4.784183979,7.596163750,7.476695061,4.665311813,7.616894245,7.412656784,4.784183979,6.267624378,5.635307789,5.800558090,5.503190994,7.286572456,6.049404621,6.063973427,7.156964302,6.273537159,4.934183598,4.884183884,5.802693844,4.834183693,5.438509464,4.884183884,7.476879120,7.394095898,4.934183598]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":21,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813285262104,"flow_dst_last_pkt_time":1491813285262021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":804,"flow_dst_tot_l4_payload_len":13434,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286718876,"flow_dst_last_pkt_time":1491813286718848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286753444,"flow_dst_last_pkt_time":1491813286753424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286845298,"flow_dst_last_pkt_time":1491813286913648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":280,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":8306,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"simplednscrypt.org"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":111,"packets-processed":111,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1491813286913648} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":111,"packets-processed":111,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1491813286913648} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 111/111 ~~ skipped flows.............: 0 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7007512 bytes -~~ total memory freed........: 7007512 bytes -~~ total allocations/frees...: 114333/114333 +~~ total memory allocated....: 7585108 bytes +~~ total memory freed........: 7585108 bytes +~~ total allocations/frees...: 126064/126064 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2196 chars diff --git a/test/results/default/sip.pcap.out b/test/results/default/sip.pcap.out index cf40351a7..2699003a0 100644 --- a/test/results/default/sip.pcap.out +++ b/test/results/default/sip.pcap.out @@ -1,8 +1,8 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} -00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=903df0a","to":""}}} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_usec":1120469572981006,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYWY1NjZiZTE4MjA3MDA4NGM2Zjc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 01414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_usec":1120469590259876,"pkt":"ADBUADRWAODtAW69CABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MyIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWFmNTY2YmUxODIwNzAwODRjNmY3NDA3MDZiYiIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9ImJkNzlmZWNhZTYwMGEyZWI3OWQzN2VjNzMyMTQ4MzBiIg0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469590405967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_usec":1120469590405967,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/U8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzgtNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"} @@ -13,7 +13,7 @@ 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470002992221,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4598,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470002992221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049188993,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARyuzAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":"\"arik\" ;tag=6433ef9","to":""}}} 01603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1120470049696866,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049696866,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} 01603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470050699023,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} 01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1120470051405231,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQLzIuMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIElOVklURQ0KU2VydmVyOiBTaXAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xMiAoaTM4Ni9saW51eCkpDQpDb250ZW50LUxlbmd0aDogMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ9MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYV9jbnQ9PTEiDQoNCg=="} @@ -23,7 +23,7 @@ 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470100322200,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4613,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 02291{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -34,7 +34,7 @@ 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -43,7 +43,7 @@ 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985418358,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985421891,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} -00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1120470985427557,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985427557,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+sB4emFkcGBneMvv7+rslZHu5OLqkpKdkpCUlZGcnpuHh4GAgoODgYGGhoGBgIGDg4GAhoSFhZ6ZhYSFhYeHhoWFhICCgIOBmJyQnZ+Yn5CW6u7s6e7ol+ji7vrcWtzJ8\/Lz9ujq7u6XkZaWkZ2Ym5iFh4aGhZyemZ6fmZ+fk5OfhYeEk5STk5eU6fj3T1hDVM9BQg=="} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1120470985429664,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985429664,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAAB1g3lstxRH1wVt719vLg7uHxw3h4ZGRhfE9UWV\/Rz+Dt5\/PklJOUlJXt4uzx+Pjm5PPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX6u7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470986363611,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -56,7 +56,7 @@ 01090{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918220 bytes -~~ total memory freed........: 6918220 bytes -~~ total allocations/frees...: 114288/114288 +~~ total memory allocated....: 7495816 bytes +~~ total memory freed........: 7495816 bytes +~~ total allocations/frees...: 126019/126019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 2296 chars diff --git a/test/results/default/sip_hello.pcapng.out b/test/results/default/sip_hello.pcapng.out index d8fa31346..b22289461 100644 --- a/test/results/default/sip_hello.pcapng.out +++ b/test/results/default/sip_hello.pcapng.out @@ -1,8 +1,8 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515834707950} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645515834707950} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834707950,"pkt":"AAAAAAAAAAIAsZqMCABFAAAh925AAP0RDAoK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="} -00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834709790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834709790,"pkt":"AAAAAAAAAAUAlkboCABFAAAhAABAAEARwHmsHSZbCu+c6xPEE8QADRonaGVsbG8AAAAAAAAAAAA="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1645515883863682,"flow_dst_last_pkt_time":1645515834709790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515883863682,"pkt":"AAAAAAAAAAIAsZqMCABFAAAhIqxAAP0R4MwK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645515883863682,"flow_dst_last_pkt_time":1645515883865767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515883865767,"pkt":"AAAAAAAAAAUAlkboCABFAAAhAABAAEARwHmsHSZbCu+c6xPEE8QADRonaGVsbG8AAAAAAAAAAAA="} @@ -17,7 +17,7 @@ 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516227953912,"flow_dst_last_pkt_time":1645516227955969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":999,"flow_dst_tot_l4_payload_len":1104,"midstream":0,"thread_ts_usec":1645516227955969,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516277109636,"flow_dst_last_pkt_time":1645516277111440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":1109,"midstream":0,"thread_ts_usec":1645516277111440,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516326265358,"flow_dst_last_pkt_time":1645516326267438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1962,"flow_dst_tot_l4_payload_len":2172,"midstream":0,"thread_ts_usec":1645516326267438,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1645516326267438} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1645516326267438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908483 bytes -~~ total memory freed........: 6908483 bytes -~~ total allocations/frees...: 114167/114167 +~~ total memory allocated....: 7486079 bytes +~~ total memory freed........: 7486079 bytes +~~ total allocations/frees...: 125898/125898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 982 chars diff --git a/test/results/default/sites.pcapng.out b/test/results/default/sites.pcapng.out index eb561082e..9a3fe9434 100644 --- a/test/results/default/sites.pcapng.out +++ b/test/results/default/sites.pcapng.out @@ -1,45 +1,45 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595957694169758} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595957694169758} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694169758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694169758,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694175849,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_usec":1595957694181636,"pkt":"CL6sCxdumt9Y+uvcCABFAAGx6wtAAEAGQSrAqAypRav6FLRQAbvxSUO5zAVCI4AYAKzC2gAAAQEICncIYAWwcikLFgMBAXgBAAF0AwMbz\/EVbbBeXTFd91pcxBNP5UcnCfq3Wnx+FKK431A8vCCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unAAGEwETAhMDAQABJQArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgzM0Khe3cuLbHFAoUoUQ75VluiC+bl0wBHYa7GiFLSWoADQAGAAQEAwgEAAAAGwAZAAAWZWRnZS1tcXR0LmZhY2Vib29rLmNvbQAQAAsACQJoMgVoMi1mYgAtAAMCAQAAKgAAACkAoQB8AHb7PHlIDGTq5r6EmcaA47DeHw9k60TmJpJ4kMbWc07CmAAAAACvwY+4+cqVZO3LiyMH\/OBKqYTgxknPoune8SSx08gYUQ5v8dX54IHzjPiACk0t5hhgO+DjiFkUqTNKryO5SnHrNvAKz6QqOMdma4t912EvXAHgfFvQwwAhIFgFM36LO5BemV+W466ubu2dweNDP\/fyvoT9kq0FWNy9"} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694181636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","domainame":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694181636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","domainame":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1595957694188758,"pkt":"mt9Y+uvcCL6sCxduCABFAAEMv+hAAFUGV\/JFq\/oUwKgMqQG7tFDMBUIj8UlFNoAYAHHhaAAAAQEICrByKRd3CGAFFgMDAIACAAB8AwPUEITn7mCrvulT\/NdcXKN5KijcI4g9k3CK2XQ772s3WyCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unBMBAAA0ACsAAvsaADMAJAAdACAO0nP6nc6Qo9rpWYhM5FN2IQ7onG5IGH\/bMnw97GrsYgApAAIAABQDAwABARcDAwBIGZYMK775StJv8IeA6uX06XwsLuMhuuiwj099ayB3wMQVpJF0HhA8WjwU9NAQeMRhHSdrrGCE3zuMW3mj8V6sAMmDjxeKSHVB"} -01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1595957694188758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","domainame":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1623221441867993} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1595957694188758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","domainame":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1623221441867993} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441867993,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441867993,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441879742,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1623221441880963,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623221441880963,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA0opVAAEAGGa\/AqAH6XHpfY6OWAbs7TQBbgC6IS4AQAKwLVQAAAQEICqp14Xweqlgs"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1623221441893147,"pkt":"pJGxgjQ5AoEfHBPlCABFAAI5opZAAEAGF6nAqAH6XHpfY6OWAbs7TQBbgC6IS4AYAKwUcgAAAQEICqp14YkeqlgsFgMBAgABAAH8AwM\/3MJgstGRUtF6IdQy8M+MWTtJ6vnewHlZ2NQfnRVozSAkvaOHjaKYwT6xTKEA19qtioq1YZm7fTnqMkZGpaur+gAiiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZEqKgAAAAAAFwAVAAASdmNzLXZhLnRpa3Rva3YuY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKfr6AAEAAB0AIHWJ5XleYC+4v5XxNTlfMpiOcRthD\/EJBjx\/JG87h9EPAC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441893147,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441893147,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441907431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623221441907431,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA09P1AADgGz0Zcel9jwKgB+gG7o5aALohLO00CYIAQAfoH2wAAAQEICh6qWEaqdeGJ"} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441911029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623221441911029,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441911029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623221441911029,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","domainame":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1623221442073719,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623222051753416} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623222051753416} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051753416,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051753416,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051852336,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623222051853870,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623222051853870,"pkt":"pJGxgjQ56CrqthSFCABFAAAoYDhAAIAGW+HAqAHjNElH4sOXAbv6yL59M8\/su1AQAgHP+AAAAAAAAAAA"} 01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1623222051854478,"pkt":"pJGxgjQ56CrqthSFCABFAAItYDlAAIAGWdvAqAHjNElH4sOXAbv6yL59M8\/su1AYAgGKagAAFgMBAgABAAH8AwP2Khmv4999vpwUP1EoOnS31ke3fIberBET9vuKKMlNryBAWeuhiJlCTX0W\/4n0WweRVOsTuqKwvLZX4E9fXeRQ6QAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAAABYAFAAAEXByZXNlbmNlLmZ1emUuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwDALvzziNiqB4Ze5MFSHnlzb8hWYrj0cRDYaZNHMomiUFqCxXUzlrycHOkMSmF+mAs4FoNodV+GmtF4XtMEjgO5kwhNORzSobD6od0D3\/aYbaar\/\/DYonxXBprMXmBcJ9b4RCnDhU+XdW+BpxOSa4HjtNqWMxADm+Su+UBHYSh9IVxix9h+ArygY6V1EBkwmyTVuhfQkTb9cH78Ij40gm1v\/C5e1V15IVRYMTYsvrr++ynGCrB3Tx5v+KGj9UxhY+8yABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACBbsP\/9QyQIQO4OIyzz4ZB5pqvnxU3VMizp3PdADRuUTAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAKamgABAAAVAAsAAAAAAAAAAAAAAA=="} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051854478,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051854478,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051956164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623222051956164,"pkt":"6CrqthSFpJGxgjQ5CABFAAAojDhAAOkGxuA0SUfiwKgB4wG7w5czz+y7+sjAglAQAG7PhgAAAAAAAAAA"} -01369{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01593{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5281,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79","blocks":0}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5281,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","domainame":"presence.fuze.com","tls": {"version":"TLSv1.2","server_names":"*.presence.fuze.com,presence.fuze.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79","blocks":0}}} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221458497766,"flow_dst_last_pkt_time":1623221458494846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2486,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1623222052202072,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1623223595952198} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1623223595952198} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223595952198,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595952198,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595999034,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1623223596002274,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623223596002274,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0ZBlAAEAGCezAqAGAW8au0MW8AbvaIBcIazbbIYAQAfbJTQAAAQEICrzqTwcXn7ww"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1623223596004515,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZBpAAEAGB+bAqAGAW8au0MW8AbvaIBcIazbbIYAYAfaOlwAAAQEICrzqTwkXn7wwFgMBAgABAAH8AwNHqKg5ff9pN4z6mF4kWpqqMqKaHx+XuMeqs42tNbV7LSChSfEqp6YPRtLMZMLmQNqEtljyETDHf0bwozDdEsdCbwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAABkAFwAAFHVwbG9hZC53aWtpbWVkaWEub3JnABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIL957qot82y+yMnAjPtVxSeyEIxYxxvDMjwt+qAX5TQ8ABcAQQRXfj8gYEYqC\/WqA1BZSvBzncMiNp5ulY2D3wPu6SAlNp2V5vRT24WMB5CBogqVckk9Kzbp+jkn88E9RQEX7g49ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223596004515,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","domainame":"upload.wikimedia.org","tls": {"version":"TLSv1.2","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"","ja4":"t13d1815h2_e8a523a41297_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223596004515,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","domainame":"upload.wikimedia.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1815h2_e8a523a41297_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223596051971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623223596051971,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0PfVAADEGPxBbxq7QwKgBgAG7xbxrNtsh2iAZDYAQAFTIswAAAQEIChefvGW86k8J"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223596052201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623223596052201,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","domainame":"upload.wikimedia.org","tls": {"version":"TLSv1.3","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1815h2_e8a523a41297_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223596052201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623223596052201,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","domainame":"upload.wikimedia.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1815h2_e8a523a41297_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02132{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596109406,"flow_dst_last_pkt_time":1623223596108936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":16479,"midstream":0,"thread_ts_usec":1623223596109406,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10127.3,"max":52937,"stddev":19772.5,"var":390950848.0,"ent":2.8,"data": [46836,50076,2241,52937,230,0,0,0,52220,0,0,0,1478,638,2420,52443,0,779,3077,0,237,0,0,0,0,0,199,47900,0,0,235]},"pktlen": {"min":52,"avg":599.8,"max":1500,"stddev":646.4,"var":417856.7,"ent":4.1,"data": [60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0],"entropies": [4.713301182,5.220872402,5.008629799,5.408417225,5.079967022,7.845353127,7.893048763,7.841969490,6.480354786,5.047091007,5.047091484,5.085552692,5.085553169,6.254513264,6.947219372,7.136369228,7.362440109,5.997154236,5.666953564,7.893563271,7.867501259,7.878776073,7.865104198,7.874600887,7.869311810,7.861063480,7.860395432,7.425109863,5.085552692,5.047091007,5.085552692,5.564384460]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222112086485,"flow_dst_last_pkt_time":1623222112185361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":6554,"midstream":0,"thread_ts_usec":1623223596203292,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1623226283573712} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1623226283573712} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226283573712,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623226283573712,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283601626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623226283601626,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"} @@ -49,74 +49,74 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623226283612303,"flow_dst_last_pkt_time":1623226283640806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623226283640806,"pkt":"AoEfHBPlpJGxgjQ5CABFAAAox9pAADMGns0tUvEzwKgB+gBQm9LNImc+F4AsfVAQAB66DQAAAAAAAAAA"} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226284678348,"flow_dst_last_pkt_time":1623226284677149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":18862,"midstream":0,"thread_ts_usec":1623226284678348,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":71228.2,"max":1031142,"stddev":245139.1,"var":60093177856.0,"ent":1.6,"data": [27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0]},"pktlen": {"min":46,"avg":645.1,"max":1500,"stddev":701.2,"var":491744.0,"ent":4.0,"data": [60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46]},"bins": {"c_to_s": [15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0],"entropies": [4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"videosnap.like.video"}} 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223766553269,"flow_dst_last_pkt_time":1623223766548680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1177,"flow_dst_tot_l4_payload_len":16557,"midstream":0,"thread_ts_usec":1623226286427901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":231,"packets-processed":230,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1631088115362469} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":231,"packets-processed":230,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1631088115362469} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631088115362469,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115362469,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115376274,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1631088115376313,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631088115376313,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0aypAAEAG8xvAqAGAx+hSbbaEAbsR7WheP63b+4AQAfbzyQAAAQEICrMt1zdg6mr7"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1631088115376494,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5aytAAEAG8RXAqAGAx+hSbbaEAbsR7WheP63b+4AYAfZUwgAAAQEICrMt1zdg6mr7FgMBAgABAAH8AwNsvYMKPiGdDBmc8gxcHlZ6McaxC830ZDhWKJrI4f16WCC\/ugJFj1aqxm57Qz\/TUJEu9YsXXgA6\/cB\/YVkIRk0o5QAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABMAEQAADmYudmltZW9jZG4uY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACB\/O5928KTG7yDdHjHfaYOKBpLROSX5g6XsudWwdbYUdQAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDIaGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631088115376494,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631088115376494,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115392626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631088115392626,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0crFAADQG95TH6FJtwKgBgAG7toQ\/rdv7Ee1qY4AQAQnyogAAAQEICmDqawqzLdc3"} -01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115392643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1344,"midstream":0,"thread_ts_usec":1631088115392643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01578{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115392667,"flow_dst_last_pkt_time":1631088115392674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4032,"midstream":0,"thread_ts_usec":1631088115392674,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37","blocks":0}}} +01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115392643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1344,"midstream":0,"thread_ts_usec":1631088115392643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01537{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115392667,"flow_dst_last_pkt_time":1631088115392674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4032,"midstream":0,"thread_ts_usec":1631088115392674,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","domainame":"f.vimeocdn.com","tls": {"version":"TLSv1.2","server_names":"*.vimeocdn.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37","blocks":0}}} 01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":54,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226466507324,"flow_dst_last_pkt_time":1623226466414542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":71491,"midstream":0,"thread_ts_usec":1631088115406479,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"videosnap.like.video"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1637349011376367} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1637349011376367} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011376367,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011376367,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011393884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011393884,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1637349011393902,"flow_dst_last_pkt_time":1637349011393884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1637349011393902,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0TGNAAEAGkyvAqAGAj8wJQb8WAbs5hVBWtnYCioAQABDE0gAAAQEICgd+YL3IQyJ4"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1637349011393902,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011393908,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5EAAPMGHPWPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQsgAAAgQFoAQCCArIQyJsB35gqwEDAwk="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1637349011393914,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1637349011393914,"pkt":"pJGxgjQ5PKn0qB\/sCABFAABATGRAAEAGkx7AqAGAj8wJQb8WAbs5hVBWtnYCirAQABAcuwAAAQEICgd+YL3IQyJ4AQEFCrZ2Aom2dgKK"} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011396134,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011405023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1637349011405023,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011396134,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011405023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1637349011405023,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","domainame":"prod-static.disney-plus.net","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088168165179,"flow_dst_last_pkt_time":1631088168165177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1637349011425927,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642584017659993} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1642584017659993} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017659993,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017659993,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017680129,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1642584017681498,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642584017681498,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0EtJAAEAG20HAqAypFwxoU5lQAbvzO0RGdZ0\/G4AQAKwfuAAAAQEIClhVhhew3vMW"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1642584017683650,"pkt":"CL6sCxdumt9Y+uvcCABFAAI5EtNAAEAG2TvAqAypFwxoU5lQAbvzO0RGdZ0\/G4AYAKxdJQAAAQEIClhVhhmw3vMWFgMBAgABAAH8AwP1FYw2XqcZXmePN\/Nf+9e1LzHXZeCulXOtpIacdAs37yCRvlsjJ1cDJi3yxp9rVrpjjUJgWxk34YBmx2q1d+sadQAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAYABYAABNhcGkuYWNjdXdlYXRoZXIuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAQAAsACQhodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACDlaTawkMdxT+YGJN2RtDSPZPswvY9sO\/h42xN4XNh9ZQAtAAIBAQArAAkIAwQDAwMCAwEAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017683650,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.2","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017683650,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642584017706128,"pkt":"mt9Y+uvcCL6sCxduCABFAAA0SOBAADcGrjMXDGhTwKgMqQG7mVB1nT8b8ztGS4AQAfocSAAAAQEICrDe8zFYVYYZ"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1642584017706175,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.3","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1642584017706175,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","domainame":"api.accuweather.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011425914,"flow_dst_last_pkt_time":1637349011425927,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":6975,"midstream":0,"thread_ts_usec":1642584019409362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1643355518166568} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1643355518166568} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1643355518166568,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="} -01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"classroom.google.com","domainame":"classroom.google.com","quic": {"user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"a27a03a8478393fe7f8958648bb71ff4","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"classroom.google.com","domainame":"classroom.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0310h0_55b375c5d22e_cd85d2d88918","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584019409362,"flow_dst_last_pkt_time":1642584019407774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":924,"flow_dst_tot_l4_payload_len":5666,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1646482623895784} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1646482623895784} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623895784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482623895784,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482623937401,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"} 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646482623941304,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItU5lAAEAGv7vAqAGAH95DcIjuAbuZU7+6Uh0W31AYAfZFAQAAFgMBAgABAAH8AwM7S+zQhzGHYgeM16HLoV5Lvv0qFp3\/Q9lLhcf6NGzgACCV4MycI1TbPUTQp0gTtBJdGxhCWPX0NxBb4Keh1UEhIQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuYmFkb28uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDy\/wV7uHvn89KVxoNawBj6O\/1N7J\/Rv6ROuT\/L2i752ABcAQQR8rtiFUa3yYRs4u6Ro\/84M9BXHGtIJp6HdzCSQRE\/jjRMPOqb5+WU5M\/Rwa3rXtSAPp6MS0Mul28MptoKZ2BK0ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623941304,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","proto_id":"91.279","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.badoo.com","domainame":"www.badoo.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623941304,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","proto_id":"91.279","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.badoo.com","domainame":"www.badoo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623982001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_usec":1646482623982001,"pkt":"PKn0qB\/spJGxgjQ5CABFAAWMHvFAADIG\/wQf3kNwwKgBgAG7iO5SHRbfmVPBv1AQAOB4awAAFgMDAHoCAAB2AwMBOlQdLRqpUsqWU1clCZ7klKi96n1oTnu+vT02oJgW2iCV4MycI1TbPUTQp0gTtBJdGxhCWPX0NxBb4Keh1UEhIRMCAAAuACsAAgMEADMAJAAdACBdREM9zW8tCKNRQYxRhrzDDVGCe7mvlF55d9cEQ8fnJxQDAwABARcDAwAqwOlula4VkCoyA\/2RUbihod6JBKUVuHfwrD\/86IOS7iXKFEgjxzZ0LFDwFwMDD+gwKM1D+u7+jAjgLQq7sEHWpMgMLT2RYAkEV1ruOCjp4mwSNCGV6l5SHU0ggKPS+FiJkgk4YokIHIgul2aYNTj7iMtdUmICYgsRxENplMLGWm0yd4J3HY2+3\/MPyGPG3TpaJGn9ben+O3u6Gv1uKJ9dWKYQT8fDN2xTplCzVHQwlFbLQ0t+UOcYy\/iDz5q14Lu1OIyx+IGDuCaCbYc9sZrZ\/bSSGiKqXlz6Quw\/lmC6qdmjhYd45sm176c7cQD5W5fzCeFF5Q7erksXssZLQT1ZVHeET2SezH\/E79KPI3nM+JspYN7Pjo978Z2jM9fCHVH8WDV9diIfSPQBJdPzj9FYNCKHTfBdBJZcXw3lyTiYcWpDKP88b4MSLQoMnLvd2no7XIRFuB2O5RaSqozV4MvmqdHAtsPRvza7Hkvb\/qv9nY3z2wOtBgVb7mxYFTi4q29DgN7WuUXt2FSCqHsEZGgH2nbaDAMot\/MvUnPbJQOTBA2cgol5u7Aty+ZKK7jjp9UZa3kDOeKZKtbaYsLpnwY2bzKq7vG5BVO+wFeLg7+qsNFJmyGiMkeLevcIcfTYXYerSo7b2\/pS6iYfkLkG1wcdU2JJGBCnja7OwZGm846Odo0KvSgzCP\/NfYSvuGd6YoniKlv74qpDUSZ557fG4QxTwsIDrpNhJHcnODUqRjMPgHhAH8rui41sZUZyGlPzrQI+lMZRuxEUuVc+e70gSCxQ8f+CivuEaBkXJg23p84Xc0IuNYUBZDEk3uYT9HewerAq3nZlOH5988TRP43yweIXGvlNQnkLy9bCgWN8B7K0QBAfIEU+lUxajQjYFbDST+r1lzzDTLIt9WFj3bFElU4dVBwQinUgsKdqWAi+lzORar3qX6EaJlK4AyDSAoASn1ur8CWvb66CAA+nwl7QV20vZdrqGDLQWNGMHWEkOariSfRJJ1Hp9fBjcrdm3X2lzrdsKVr3pGGnAmrDe+Rvl8obhtVagbtX3EsWozTF7XGQcJUZjyf2IoDgiLDakFBORcEACPBg2kD424rMRb1RSBgioRGPr7S1kzHT7WjqRrom+ongImeQW5us5GtXNLgnEsaopUm9AbnDE0MQHqeJErjIGkT7uOTUJ1zjJamD5Dw\/YLVf5QZFdbVf0I5OOZ\/ihvU13dxQGjMcAzJmhtFqq59Rs1rYHoTb2ox8WgJZVOx8tQ9TkKfYYD2HoYD\/\/VNOHgBJ7VLWyCGzW6fwVS\/4FRqNm4cYcQ5qga346v7D3LdFSNrgQcahnu8biDWCDM3ib1n2vOlgCVI4GZR5OMfFHaksSdepATDGNn4TMrS6WS+u+mNHNoJAamXHKBK9giqetScdyvIS1ZeXg84IyEEj8yXklW6NQS2XQ8bojNQdEdihX4jh6v+XIanUt1UxNS5VkYI\/I7MwNFipJ\/6nozLSWYNQnABypmyuqm\/cqzLAeAXDOMjxteW7DsZ1gbXGKoEGwirLRm9CALjp+eM9PArnMcvN8Waw6qVfMQqPAAkJA1ycJ4INV1FHw0V+xtHDxRS3+i3LpzjURn0qmiqGNvisApw11Q1EDt\/EXvNoHilJO41eOP\/81\/+2YHa8aMIb"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623982001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1646482623982001,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","proto_id":"91.279","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.badoo.com","domainame":"www.badoo.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623941304,"flow_dst_last_pkt_time":1646482623982001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1646482623982001,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","proto_id":"91.279","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.badoo.com","domainame":"www.badoo.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623982001,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"classroom.google.com"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482634412021,"flow_src_last_pkt_time":1646482634412021,"flow_dst_last_pkt_time":1646482634412021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482634412021,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1646482634412021,"flow_dst_last_pkt_time":1646482634412021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482634412021,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ehBAAEAGVvPAqAGArEH7TtLuAburPYAuAAAAAKAC+vCVcQAAAgQFtAQCCAoaoTMuAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1646482634412021,"flow_dst_last_pkt_time":1646482634431503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482634431503,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkG2AusQftOwKgBgAG70u5kgyMxqz2AL4AS\/\/99tgAAAgQFeAEBBAIBAwMK"} 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634431503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646482634434348,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItehJAAEAGVQDAqAGArEH7TtLuAburPYAvZIMjMlAYAfajwgAAFgMBAgABAAH8AwNOB4Gzi6+YArAvzkfwrorK9DEddM7BFl3e3mWx5EKfGSCorzDjbh21t2eWZKubSdOdkcLfUyHi+FUzEXYnC03sBQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA53d3cuZ2l0bGFiLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA5FC8LVJQpX7CGnPMJyGCVSqmP\/UlOQqTKt4aSCzonPAAXAEEEf41WX9lKjs6LoM+3mxjeublwFG7G1\/kkw4gmsHPLzdToe\/hXlsiK3SyaMLeOC3M5q1ZNvI72xevTMYH\/wlBkVwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482634412021,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634431503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482634434348,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","proto_id":"91.262","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"www.gitlab.com","domainame":"www.gitlab.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482634412021,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634431503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482634434348,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","proto_id":"91.262","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"www.gitlab.com","domainame":"www.gitlab.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634459323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482634459323,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXceV9AADkGWQSsQftOwKgBgAG70u5kgyMyqz2CNFAQAEKNSQAAFgMDAHoCAAB2AwOin8T6dzGlyyK0DvppPiISvrk7dqZI+leD9FteRWHG8iCorzDjbh21t2eWZKubSdOdkcLfUyHi+FUzEXYnC03sBRMBAAAuADMAJAAdACBBtXjy4Yur6Cx+FZ6ahqTyRQP1am+KynPVHHuTrFmEKwArAAIDBBQDAwABARcDAxTt0X4oP78zRG686EzR\/MTdyQH+1EJ7KsvP\/L\/7p5w+\/5BeqGct+awNdywgHk6IS\/zlJX2HvtVwEk8EQeUUtOmhPaGQiMMTLxoj49Ce9vOLqMFrm2k7E8LvufczYtE4HK2ojlioAdHxpbVnNdRIyDlVohFevMeFo9Gq5CKrF1tkVi4+sHrINmZB9NnMECur5PVRQ0fpsQC+D77HtmQPd\/H0hYZPDWaMZmIELhuD0qv+JlitRgvnPWG2NBe20hM39T0mtXgkcC5JgSpxtRvVXuT4kHcXT9bO8LnbcgZfQ26BMEH04oNytwS8LNl5VETPbc88EBihWRBA6rYRHn1bu6AH9ke2DrQMnPMI7ztVR4hNQhnE0Nf890u5YRBJVsZjC3I7EHFT+a3gRllUoe\/8N3TpGtH0utX0vfv9I68d28tY\/5Bk8OskuDlaLwKmWk9B7sIRy7bKAawAvHwhZHpL3LvsosNQXyegyzG6YSIqiTeqHcpibbqwP6DVFSJpVOwLF5JPsOowS+IJNRLoVZNHb0xa\/EbtBA8unsZbJDwJtzi9ylxFhDgiqm6HOi\/9sIKNvZM2WCGrcbZnr0JWAPNpheFKkT0692FZrBHIGKtze2gcSipGyeR\/3kRqLffDteSkfoC+Qw+IHwt9tGLRbJCoNw0yqiorPEcfE2I1D8kduBKoZGzSezAFAi8IJNGJRARS2H6UYTeTtPYKUbHLZN\/TnSrg2K3XuksuULh8mNjfGzdyM32jpxZq3GKhlQOuo5TRYPV6H7GXu20wVALBIvAqwIL8z4J1mfkt5xGsdxRUX2z8LO7oBQ7VujDni\/sZD1YrXPPHCMxCrlXNhGAlb3Kgbofz\/xQZpXZLr4aiIhZNRq56K\/i4bJp6xQSp6ZUWbHJnlpoc2K25adxRMjxAoexMzHPyw5igFaC5ae5uhb4pNIgc9nZfwvBaw\/PPKQyCe6RF2+x4WAZbYDmVQsEvcIP+Vyhmeath1qCJgd6p5qWsvZ2qQdLp0tnd3tqKipwYPJCg+\/zPcq+hpvBpsHWSauYiPbEYLvy4nlVJS\/TGqcNgSSuiEYh0n2JS34n94J2SdaH6xrUwN09S0sCLnrHbcrNDbpiYWNhCnupix3tACdV8LzlWKqnBKE\/9lOipYb3aveGfNO6MH6RIALNFn9PieYl6N+bnjqY18bCioqF218s9ScyZcG+wnGKX4iiG6LY98miFoM417176W2i90t2vCfMXGZwgiLxI7IBRbEMXwsmiZDm2n5s99R0hXmsuZ\/Nu1X74EHLqDyqldyjA7\/5DnZ08bCDOar\/lDiExUbPr03vFdXGahFeAp6+vN54hrwvCOYfF64WBpfFMzuOX7zSMxNxtbAZo+38nQ5IvF9LYK4tdZBlIJ8KVcyfojXSPbP3xU1hw9Gcew0VuRuuPtGyHonBp\/JokloLky15Jxmy1gzj757RoCZDBBsAm9bo3QAixwnv6q0auA3cmtyLnHhH7GbfkElIcH+djw42furCP6AROJKwnkNImVsbovt\/Mam99C1YGXu894Qga70am0lnwdsDOiiODNqlZRGvZH7zgu\/sXPJyocfr5T07EK6mfCgHH6dN\/J+bb1reKCPgsSX6I+LC5QjXWdiJFz5fpF73ukhXTiTv3AhqPf7AefF9D3x9f9JDZSes2LpJGhXqB3bZ2PVr78R\/me8IFk0VV\/+0x0GKaVnGj3eB8LbI7UFKJvJ+sr+fHhxJ8uGB1tEFpreSm96prGxop9+v+Y3JoVDh+OKM="} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482634412021,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634459323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1646482634459323,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","proto_id":"91.262","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"www.gitlab.com","domainame":"www.gitlab.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482634412021,"flow_src_last_pkt_time":1646482634434348,"flow_dst_last_pkt_time":1646482634459323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1646482634459323,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","proto_id":"91.262","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"www.gitlab.com","domainame":"www.gitlab.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646628933,"flow_dst_last_pkt_time":1646482646628933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482646628933,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1646482646628933,"flow_dst_last_pkt_time":1646482646628933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482646628933,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8eQxAAEAGb\/bAqAGAAhGNgKZUAbv+Ru5OAAAAAKAC+vDfwAAAAgQFtAQCCAp7uQs2AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1646482646628933,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482646646506,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8QICEY2AwKgBgAG7plR0ThXR\/kbuT6AS\/oh2XAAAAgQFtAQCCAqpkTIKe7kLNgEDAwc="} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482646648976,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5eQ5AAEAGbffAqAGAAhGNgKZUAbv+Ru5PdE4V0oAYAfbaKAAAAQEICnu5C0qpkTIKFgMBAgABAAH8AwMSh5Kk8yD8gdWVB2YFzzg9KRBCWJ\/pzlApBrokxgf2OCBs84UpHDw4uY4jKpCVZJzZAhJUrEs0AlJ7gTtfJSwiWgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cuYWN0aXZpc2lvbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg40qefHDImQJEkibGm9hnpGwl44lKo4KOQS8qsLRSATsAFwBBBPNBVrG5A+ZLqrow1aQOaEgsW+53RcPAplpAt8ULtljoAJH8CjL7YTSZ+PIOiRhMhirRlex47cXc5PiOAFYE9T0AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482646648976,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646646506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482646648976,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482646665639,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcd01AADgGdBUCEY2AwKgBgAG7plR0ThXS\/kbwVIAQAfqb3wAAAQEICqmRMh57uQtKFgMDAFQCAABQAwMSqtJ8eER6O\/1kuWPcyWxOQ3XrBneIapjEO2SmC4s8\/gDAMAAAKP8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMPswsAD68AD6wACw4wggsKMIIJ8qADAgECAhACiweA2Zr6e84+z+bwzVw\/MA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMTEyMDcwMDAwMDBaFw0yMjEyMDcyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQHEwxTYW50YSBNb25pY2ExJDAiBgNVBAoTG0FjdGl2aXNpb24gUHVibGlzaGluZywgSW5jLjEXMBUGA1UEAxMOYWN0aXZpc2lvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbg3ttx5\/jVn3uPSHg51dYJw2C\/HhUcEFRJBoUDUAbszH3JZsuunxK+CF6DGOrwYtoJBSsn3e3zPloka7WL7rfO5NOUsiIW13pmwHYBrB8mRBUkJzKuafLjEpAhxznpqT\/p5Jwr6+DRppjEDksDurlkpE3Lyoujc8M4svRdMT\/420+SWk3BQORySViujkcxVQgcEXu34yoeXcYjdJRxnstpdHrE27wbJjY4aoP03Oq4lQ3yF5\/+D13l6ma5esTSvpzcS0JG7l\/CuglBWAxTbVyv9gyY5lwshqOO77v0uogozAqGXPxe31m4DrDzrNZbyboDssOIJkbtMv1LALTMjgPAgMBAAGjgge5MIIHtTAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQURe0k84cbYUEzu80ezxpPzHYumaYwggSEBgNVHREEggR7MIIEd4Idd3d3LmJlbmVmaXRzZm9yZXZlcnl3b3JsZC5jb22CGHdvcmxkc2VyaWVzb2Z3YXJ6b25lLmNvbYIMdHJleWFyY2guY29tgg50b3lzZm9yYm9iLmNvbYISc3B5cm90aGVkcmFnb24uY29tghVzbGVkZ2VoYW1tZXJnYW1lcy5jb22CDnNreWxhbmRlcnMuY29tgg9zaWVycmFnYW1lcy5jb22CEXNla2lyb3RoZWdhbWUuY29tghFyYXZlbnNvZnR3YXJlLmNvbYIVcHJldmlldy5kZW1vbndhcmUubmV0ghBpbmZpbml0eXdhcmQuY29tghNoaWdobW9vbnN0dWRpb3MuY29tggxoaWdobW9vbi5jb22CDmd1aXRhcmhlcm8uY29tghlldXJvcGVhbndhcnpvbmVzZXJpZXMuY29tgg1kZW1vbndhcmUubmV0ghJjcmFzaGJhbmRpY29vdC5jb22CGmNkbi5naDUucHMzLmd1aXRhcmhlcm8uY29tghRjYWxsb2ZkdXR5bGVhZ3VlLmNvbYIXY2FsbG9mZHV0eWVuZG93bWVudC5vcmeCF2NhbGxvZmR1dHllbmRvd21lbnQuY29tgg5jYWxsb2ZkdXR5LmNvbYIZYmVuZWZpdHNmb3JldmVyeXdvcmxkLmNvbYIUYWN0aXZpc2lvbnJldGFpbC5jb22CG2FjdGl2aXNpb25ibGl6emFyZG1lZGlhLmNvbYIWYWN0aXZpc2lvbmJsaXp6YXJkLmNvbYIOYWN0aXZpc2lvbi5jb22CGioud29ybGRzZXJpZXNvZndhcnpvbmUuY29tgg4qLnRyZXlhcmNoLmNvbYIQKi50b3lzZm9yYm9iLmNvbYIYKi5zdXBwb3J0LmFjdGl2aXNpb24uY29tghQqLnM="} -01353{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482646665639,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482646665639,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646665667,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482646665667,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcd05AADgGdBQCEY2AwKgBgAG7plR0Tht6\/kbwVIAYAfrWBAAAAQEICqmRMh57uQtKcHlyb3RoZWRyYWdvbi5jb22CFyouc2xlZGdlaGFtbWVyZ2FtZXMuY29tghAqLnNreWxhbmRlcnMuY29tghEqLnNpZXJyYWdhbWVzLmNvbYITKi5zZWtpcm90aGVnYW1lLmNvbYITKi5yYXZlbnNvZnR3YXJlLmNvbYISKi5pbmZpbml0eXdhcmQuY29tghUqLmhpZ2htb29uc3R1ZGlvcy5jb22CDiouaGlnaG1vb24uY29tghAqLmd1aXRhcmhlcm8uY29tghsqLmV1cm9wZWFud2Fyem9uZXNlcmllcy5jb22CDyouZGVtb253YXJlLm5ldIIUKi5jcmFzaGJhbmRpY29vdC5jb22CFiouY2FsbG9mZHV0eWxlYWd1ZS5jb22CGSouY2FsbG9mZHV0eWVuZG93bWVudC5vcmeCGSouY2FsbG9mZHV0eWVuZG93bWVudC5jb22CECouY2FsbG9mZHV0eS5jb22CFiouYWN0aXZpc2lvbnJldGFpbC5jb22CHSouYWN0aXZpc2lvbmJsaXp6YXJkbWVkaWEuY29tghgqLmFjdGl2aXNpb25ibGl6emFyZC5jb22CECouYWN0aXZpc2lvbi5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBgNVHR8EaDBmMDGgL6AthitodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LTEuY3JsMDGgL6AthitodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LTEuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX2WfxDUAAAEAwBHMEUCIBISkBbQZNriCyoIdBCE\/cgggWQAekqH8O2AfL7+bc+CAiEAjAqn46A2h+20pFviedEv72vQn6dfOoDX9ceIQC9v8DgAdgBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX2WfxCkAAAEAwBHMEUCIEpBa7X3XgVNqCYCeFO4DHrNiW0+E5rl1UiIPDa9tBV3AiEAqF6N89fxuCAoWiK0aqAOrsK+6J4P3aWqD0TmvXVpE9AAdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAX2WfxBgAAAEAwBGMEQCID+AS2nmynkq\/suUOBEHLyiPBCM03jkRsvq1sDTrFOiTAiBibUucsS9dw9YHXtwyX5ApJxYx0wrkEBM66ZDooAD6ljANBgkqhkiG9w0BAQsFAAOCAQEAEmJviAcPdhvZSOkS8uzYwoToN9CGL8904Fe1tHX\/OkxfkOsGfAgfksDPXrGEIeL4wi\/NWvX2inx9zgDmTmgG\/30mAEChidRPK3c6m5FVjAbmN79Dv7Odh8U1YWyw9zhCVK2QjnLwIZQeDHThq8pDL8OhwQJeUNQT301kOqynS5mkt84TxWiKjbe6yCFr3WvNcAtpShMYfQdzpEtPHG4PlPB+42mYmB+o\/\/giMLiKGuBMd4Tli1Gw04jubi5gIUY+c92ndpjaviizKQHT9TeTV6B4g\/R8L5uJwWk="} -02705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646669027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4944,"midstream":0,"thread_ts_usec":1646482646669027,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41","blocks":0}}} +02664{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646482646628933,"flow_src_last_pkt_time":1646482646648976,"flow_dst_last_pkt_time":1646482646669027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4944,"midstream":0,"thread_ts_usec":1646482646669027,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","proto_id":"91.258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.activision.com","domainame":"www.activision.com","tls": {"version":"TLSv1.2","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659915877,"flow_dst_last_pkt_time":1646482659915877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482659915877,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1646482659915877,"flow_dst_last_pkt_time":1646482659915877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482659915877,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NwhAAEAGcJnAqAGAkks+p7QEAbuPD+ThAAAAAKAC+vAn\/AAAAgQFtAQCCAp9leqxAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1646482659915877,"flow_dst_last_pkt_time":1646482659944153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482659944153,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrqGSSz6nwKgBgAG7tAQzgGmMjw\/k4qAS\/\/\/dhgAAAgQFTAQCCAr4JbCIfZXqsQEDAwk="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659944153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482659945895,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5NwpAAEAGbprAqAGAkks+p7QEAbuPD+TiM4BpjYAYAfarGwAAAQEICn2V6s\/4JbCIFgMBAgABAAH8AwPVHsjDDxZ0MEuPnh4mVZQrYKtXYBQ9pfekL0WuWf4AwyAvTRXY5\/1xoex7GTddskZx0XzTM0eEKSDE8zjmPz09AAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1ncWwudHdpdGNoLnR2ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AICTuPjjZ\/cozh9y3b4u57OZ+NqRixmrA1oX4LnqMFUIxABcAQQTtWijAm0UTGHfpz\/ha9z62jseAV4wQoU798kRZvjxGrgocjEiYQtFtFEOacmIDo8c6dP4orndC+2JQqffkv\/gjACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659944153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482659945895,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","proto_id":"91.195","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"gql.twitch.tv","domainame":"gql.twitch.tv","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659944153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482659945895,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","proto_id":"91.195","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"gql.twitch.tv","domainame":"gql.twitch.tv","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659961974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1646482659961974,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwplJAADkGAxuSSz6nwKgBgAG7tAQzgGmNjw\/m54AQAQmBCgAAAQEICvglsJt9lerPFgMDAHoCAAB2AwMXhU+5j8fj8+LmIWs1aEw5lqQ0ApW13JUWPxOTm94dDyAvTRXY5\/1xoex7GTddskZx0XzTM0eEKSDE8zjmPz09ABMBAAAuACsAAgMEADMAJAAdACBXK4b61ua7lKS\/1ZpbuOtg24kawskem73sfkgTpyJuaRQDAwABARcDAwAqrExco606bIAhPKmYs\/tTBvQ9iMN5wjJx0HY\/2RV3v6D\/pKxGGoGSWC8MFwMDERECIvZVI1cCeVYJRXHZiI\/EoXEwyeH\/4TXx6jiHxkbFZRh35SxjRknCgLM5o2KjZ0CKRNNvdxxnMCc4Ir\/RxqXl5pY7VEPq\/gLY78oUC+Pcl\/ZJpw2NXQYaQJ6IQzx5nQt5EUw65Wx+hj6nAA7lRU62BIxIfS05MiU9kojgNpqOMsyWXnKFRe\/Y3V4+DKCq\/vXB75nW9NNtO0JOhXiHmmv+P5TGudaVfAXYC3pSXTlodPwLFgHhIpaedzr4z7TBazUze7PrXDsJlf+JyU1MbNow2RqG0bMIfhwznwXPZX+gh25FGtjr3HoYsy4b+AdgvgimW8dKD\/NfWuadulxEfl4jsctPlIfpnBBqo4K2RcXZY58YlPR\/blOUKJJpTht3IEI5To0yPJM1Cy4jcSKpzTmov5jZLXGGF8jCocs0rjxCO3ZcBgnyYs6yxoYLc1ZTgJjbL3xpJt5Un6PIeKcWWWt9Cpfk1EYhzQR5Txyy40WcfUPrENIC63LYhbfcXcWlkKMts2BR15fXdHNvXlFP0RR9uWfY78baC1Hpg12go\/p4vKhkbxqClJXnlej\/YpfZi7MeXtS4G+I7hL3RIz9a7FuG4SFn4mCoExjw6yYU0LfucPkIfusN46omRq3P+v\/anNc\/mbq7d7wdt3TE3VfNDtdtpR6GFdPgheJ45rPRltEItKiP9DiuEux\/rFvp2EMoll8ABBMN+tdlXiTOPWeal\/sb\/k8BaIUNk582YO0Yd\/SduU+DKJ8LwtSnRel+t+vL+7matG0KvI2ZBRlc9ZYY2SWFT\/cWJgHMeUQ16vQIdN4cKBlmIf7QBAszEH\/83CQ1WW1YjPwo745rRoQwGDFg0rlzjtAn2UTHS6ZQU7giDRrQdZG5sDzTpaw3KBkf\/vwyepzLA\/Du5mH1Ipf05DC6JyhJ94ngmpu+jz7uzHPvfU2Gr6\/yCxL0NSrqfpUzmeK7NfdIahSZerwKpoG9Z3mo6xSn5NRMQZkQwh\/m\/0I07Zv+MQq8deQuzcRbrYVyMZPmcZiB3QNEwAP5E6fLK0Z5qMr6JkcJ+LK23rQkhrOqDAs9UhC2iJbHX8ZWQ\/NCLGfseAA1E9D5kP0Gxq47pDgWq+J2mM8YKAu\/4hUfYInEfXXe3n\/rBW80KDYi5cpu9VjD9AOAZaa6+6ERk\/mdAYXmuqNUC5iZk0VMQyXwWSs1W7HBvNgTSkGmiz+1yeIVQ4IganXS8mA8z\/Otj7WlaEmtwrkSaLU5n9hREECFDt4BQgxF2NkDruHYuvrwuHYJUqjslf1MAcZRLKKAE5Ot4J4VRfo2iEgCe8pzhM\/Rt\/vwye5RKqK9rAtgwIE1nTzoM68y+KGGQMczcIcPH6StCu50NctvOJfKDdhaABqmxT5yDvtysEaFE\/KNdcmvNOtAzMa9minm87kWIa3rXZ8jbE7afFDwkZvsXSQWxMoPoqTT1rFENuxB64YAJkfXEa5NnKjwQR7vcJLftu3mO\/479g9Z8G7zw7\/tgSupnEIS4kOZNQj3HdHXaXjqdH6RtF2Plj3XHQnBcDU="} -01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659961974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1646482659961974,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","proto_id":"91.195","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"gql.twitch.tv","domainame":"gql.twitch.tv","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482659915877,"flow_src_last_pkt_time":1646482659945895,"flow_dst_last_pkt_time":1646482659961974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1646482659961974,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","proto_id":"91.195","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"gql.twitch.tv","domainame":"gql.twitch.tv","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482686914106,"flow_src_last_pkt_time":1646482686914106,"flow_dst_last_pkt_time":1646482686914106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482686914106,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1646482686914106,"flow_dst_last_pkt_time":1646482686914106,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482686914106,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8RWlAAEAGOjfAqAGA0FUonrNwAFCsdkxQAAAAAKAC+vAqmQAAAgQFtAQCCArNau1nAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1646482686914106,"flow_dst_last_pkt_time":1646482687080565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482687080565,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8\/\/dAAPAGz6fQVSiewKgBgABQs3Db1RKprHZMUaASOQif4AAAAgQFtAEDAwAEAggKWgQEFM1q7Wc="} @@ -124,37 +124,37 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1646482724450800,"flow_dst_last_pkt_time":1646482724450800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482724450800,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sa9AAEAG8DvAqAGAEkLEZspeAbv+oP0DAAAAAKAC+vBIlQAAAgQFtAQCCAqQpxNDAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1646482724450800,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482724458587,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8e2QAAPYGsIYSQsRmwKgBgAG7yl4LcBoC\/qD9BKAS\/\/+NCwAAAgQFoAQCCAqOOgLQkKcTQwEDAwg="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482724464401,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5sbFAAEAG7jzAqAGAEkLEZspeAbv+oP0EC3AaA4AYAfbA9QAAAQEICpCnE1COOgLQFgMBAgABAAH8AwM6K+sImNx3dIej3yQBfsHlSQyH5l4F8hLKFYurrt+jPCCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5zb3VuZGNsb3VkLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDq1odYnjLE9YoHd\/igeLWhv14ukLQSyf98ZPyHkQn7OgAXAEEEKYWpJR9uHJSJZBwzi1pAC8cLX9iNXc5VMFPlSgV8HHXqYbwegIwyfo36+y7oUVZIFeBilQuBs9gLF4NzHajtKwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482724464401,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724458587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482724464401,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646482724472137,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIe2cAAPYGqvcSQsRmwKgBgAG7yl4LcBoD\/qD\/CYAQAQV0hQAAAQEICo46At+QpxNQFgMDAHoCAAB2AwMpKPyVs6e3zfQcSbCgU1oPNtNqgbyYwl2hcCOgAM4oyiCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDRMBAAAuACsAAgMEADMAJAAdACDgxP9iQxCvSLWFu0jblz700ELRHbAHNOJQi+PLEW3dGRQDAwABARcDAwAk0YxZcrDzBMJ9T2jLmHAfvkG2kRiZYyygT682dQ8Ku5OnFj73FwMDEL3W+YwhZbSQ9wTfTQZ4OCn0G7d5Dhn6ETJZMcynItKgXUq5jk0t0YnhBkjCUMoNcwqRY2n4C9\/Zh0ZhumDIzb8iV93r7Pc\/+NaIk+JCXg65aqj5sCWEPrtNQ+6L6mJfEkSLO6k4NErBgfl+zCtqNddFbvHn0fxnMUOVFlWdyJ3z83tKw\/R6491FMgIDcrQDV04NXo6+2SjxlGNtv05X92MIxsZef\/R\/qF4FbjcoswNUFg3uLoWvEjPRMdrGtQf5AAjeSTNVkJrq3JNYZaWVsDP0BE05JUqGZuZMyrwe6cjW3zmOn14ov6Z9x1WdKWS19m12LMwwpsWS+lauTY1gRP4Z+DKOKnTw0ZZBQyceCWdkbpxL6nqpVDkTDnYqLlRuSuH0RsS08f2lNu15EReKchkG6ZuC2QgvHfSDVQmMZr3A6SVJGVDE960IsX+R6c0NFyxx4CEKWEk\/O5lgjDV3ftPpOAO9bRTz5K07yU4RUMuAEJJId8qAwOufaI8X7xlT8sBANgCtgZlZ7bSCOn0zXEkIMumBiqi1VUqG5d11srYcFasAFUp9713SxD6Uke0\/NtYfUjIvICxpQaZ07Y3DS4A\/oG8QYsprreB8t87bh8bpdNDPR35Kbnu7JoGcXSgerY+rtK54lN+S8yUJSD3brf5OyDEt\/3dcKXQjCd+M\/xgLxSoA6TJo65stJfAhPvRzmIRxmIV+SRvsA0sRRQ0APq2Aeg0p5VV7in\/vZrqq+sz15yQNZMI\/ZumLE\/1f7dmTpFa8vfWmfkSTAi6i6OWrhhVOU5p8rJAT6gBS9bnwD7SkxsJzyAsBj5Z0gB3nNdaq+CToyOPCp85FZVBSdhYv\/gnYl60VMEk+HYRa\/ifHXQ9SKfBs1EpSKifKi9fbcrkuVBnXJisGPc0Fz7GCqQxxqe6GduiBhj9oSLleMiP8XMszRqQSUtB0n0VkegIQE66s+kAwyepnuqlNcHfAY84dunqTDqVwlG4kEQGufymR1QZQcm5AIMtLAm8PtjoeqMJk2YLmHjJ0Sf+ZkuTtMi3dRuYO1O2nAfvMV\/+eQ1PW6Unvaulw8ru5YqECp4xrUtLiEUhW5TrjlQwVIUg+EIVcu5hTqsrvXvMcpT1nqIEJfty\/qzmMOkHCn1zCF0FMwlkPr9Y1GaSMQOgRHniGlc68VOBaNck8OWyEEUCmQ1wa9Z93zZBImm+lVha03tbKDdR79iY382829E\/dXsPEcaunx03Bf6mOOk4\/9yery+deGWbiUfgkvdKuAt\/ysHjV7yBS3C6QGIaojAXktb02KcrjTBNx\/JUPP+\/\/uLaXQJ7W\/eDtc1aU\/ofSQQ1a0pFKdCkUSqNfHC4c+vTgn97gYXEoIDcMcxmcmqGYxEMohO9S+nT47sDmQd1K5W3ARKhiA3sij469\/xwPKMYQmHMAKWj1CP2xtxvRLp85oZUZ9ph4DQOYkaq6r2pPe1UDsrURTzVsaiJmB5k5tGd5Pe4LEk4KCeuifgNqZzKSr+0aSKKiA2l7\/Sp0mhYb9d372IKAMHq5jM6O5Zm8l\/6pr7dOzYLN+s8ZSzHGdcMM4VxxBzUQzf9dSf2S5mBdA1JIC06vjaWrFuEz6tHmuJMKPCjYy7Z\/jPgNptonNJ477pjlo6tTKTA8RTrRvEWLuh0fazS+Rvo7MlYD"} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482724472137,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482724450800,"flow_src_last_pkt_time":1646482724464401,"flow_dst_last_pkt_time":1646482724472137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482724472137,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","proto_id":"91.234","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"soundcloud.com","domainame":"soundcloud.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753482315,"flow_dst_last_pkt_time":1646482753482315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482753482315,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1646482753482315,"flow_dst_last_pkt_time":1646482753482315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482753482315,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SaBAAEAG1aPAqAGAFwFCT7wMAbtaGHg4AAAAAKAC+vA\/9AAAAgQFtAQCCAr10Gu5AAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1646482753482315,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482753504024,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJkQXAUJPwKgBgAG7vAwZG5KKWhh4OaAS\/ogYMwAAAgQFtAQCCApuzQml9dBruQEDAwc="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482753507544,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SaJAAEAG06TAqAGAFwFCT7wMAbtaGHg5GRuSi4AYAfZqJAAAAQEICvXQa9NuzQmlFgMBAgABAAH8AwOUyHhinsfe9G2IXNgY9L7xAzZ+DjB199btap4Cw89cViDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtjZG4uY25uLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCyATmKdF69bnRwMVBRd98tu612XdMkfb0+p4HzFN6fBwAXAEEE+SEvSVfUiTeIP8IKKsjphsMZuVwTWztloapho\/r89Lhgv68xO7BDbwW8nmN\/dVf8z\/v3pQVdFakWyi7cuNIpiwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482753507544,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753504024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482753507544,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482753526341,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqy5AADkGdXUXAUJPwKgBgAG7vAwZG5KLWhh6PoAQAfrUUQAAAQEICm7NCb710GvTFgMDAHoCAAB2AwMtELqVoM\/mfusUlOC2G51WdvJI4PR9JQSsEne1FzCFpiDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHRMCAAAuACsAAgMEADMAJAAdACAMQOAmSslfiCXikKsKApYMmSSlt7yCWobEIBvUlOejNRQDAwABARcDAwAu4DLCDDP1zoo32vpNDY+QgLMOEQU9zY8LcQaPU15zF6hqlC\/LNjIbfPJYzN6t7BcDAxSlnjhb6n+pLks2VVtJP460ZAyw8Bl1OmTdwGu2wo2uxEHkwqe33ZCoWCu4Sm5+AA\/lWfvt+ZWkOcPbUc5uYE8vL\/zDbBPNHU4+Eg+zakC7YT2ofcCUrQRfPlbPGUzXmVNXrXNdVkZrgFC4IX7zu1bWuhmJ9AH7dBAkmF8X3gAu4MQGdTId4SXc+MPgiyr88Ot7\/WhiDydQqj9XpVgP+F4quMRR9\/BKkk3DpI9W00QRT2INOIE1S49K0quPIhuvHfTgXlbkbwlfeH+ZZctXZ7DNsi9+fkWIGCfVVB6nOy18S\/NuHFMKyrn1L6KpSgIbEUkZ+mi\/ErFsTYuayoj7+xh05N3B8O6TBmgZp42iAwDy3K5njcJ+h9R\/O+4bj1AsPSym9NJn\/cGAMCpE6UPPv8Ro7nmrZNvk0hvRb8fshN92eohk42AUoj9oQpnVhKev1982wP8K2mqq4OqsFgVlK7XFf1EyzdgdByRTERMljTHIQ1HsrRQbbMMDt53P17+v2IzwtZJRyS+Uzj9fkK3LCn8Nf8Q5WR\/\/vbKZhKG2zqs+0noJv3XfAf75WbabtCUSk\/PRJbIPO8FmtvyDACnC700eTLcqT\/sg+xPlItYB6m0JVx+OCs1w9ZK\/2\/WoeWmC25Imfzk0EpfPuYQ3rmh1BHyzpmDqcvpY72VBAX2aL4yJL4cA7d62M5gOOqCwQbjDPiFJetMBiYsZ8j4ymjHbVfMYWddyE1TVDscvY638bBaw4Y2jl+Rz6R2X4h1cvLBxQVyApPyzrvKNvsuEu1NmZRRHTXr15WVlcQOovVo5xZ4hnFz2ch\/sk\/NZ\/zlkMVGGwiYZOOUc4i7DfKJu08HqO27LWlQOeRwGlvjxok8vlKvbTK9ZLzjZYOTq947V\/5oEKonyeFr\/1ElMdE+Oj7uOAV6fWp3XD6YiEEE+\/TAiuakwEz6LLb05h2XgWDItlPLhPiix7JYw2J9gWxXo8hYQYODQGvnV3MWaEtRT4n14XwM5+zB+ttvQJq3GL3b0sIQrR+12JFWnEwUjK26PlJhpSORXka\/WnbO7Tz0s71A\/5xRrUlY+GXRfZJR37RLwixU3eBBXrzm8u+0jzUXDt0j7aqVn3wV\/6rDnMzjqQAocgK3ImA7E4UCN7yCnWKy39PuNrJ0pLEjccqMCQwRX3NLBL810NlxSFsld\/kohp932kseEFr5nPNHDHifHxylHl5Nej9C4JYXu95YXh+owYS6MsZsMVuQbzfaIIDO53H50voFRaE\/3gTWW0+CbPc6hrpszkVtqutsyOEEMScqapd03Y4p\/WRuIxUc2D89aKgf3d+28LqgFHLYvN7zML2ageMxxeGpKPfS4nwEtZkNLp0wftvcYt1cBBlYywgMOnroNUDXz8QPiNKaoquh8u8y5v+5JMtV0BK+GGHWB33XGRg2TPMle27g5avLv2xS0jTnSeQMETrnxwnPYJG5kWLb14u6EIMrXd6B7VdbWaa\/KQXBoOqwjM1CIuyrWKrqQtrWxb0vxkynNtXqQNCr32FptQg1BHeyaaC5sAg+Gn5TeaOoTGUbV3PI2To7vxtif80pzEH96vXhipAp23s1hzJgr+OzTn0pDz\/I2SmvZCU05CykAvgsHuHx2qUsEaXEmsSxz\/9XE+Ekhqi+IsF3MxbuDX0d+qgFcT60QupWGlkllU58="} -01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482753526341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01244{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482753482315,"flow_src_last_pkt_time":1646482753507544,"flow_dst_last_pkt_time":1646482753526341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482753526341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","proto_id":"91.180","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cdn.cnn.com","domainame":"cdn.cnn.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759960442,"flow_dst_last_pkt_time":1646482759960442,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482759960442,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1646482759960442,"flow_dst_last_pkt_time":1646482759960442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482759960442,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N8NAAEAGsY7AqAGAAhGNMZ+AAbsz0CpkAAAAAKAC+vAbqAAAAgQFtAQCCApTrIzgAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1646482759960442,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482759979922,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8VECEY0xwKgBgAG7n4Axx0rTM9AqZaAS\/ogIXwAAAgQFtAQCCAq1xN1AU6yM4AEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482759982731,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5N8VAAEAGr4\/AqAGAAhGNMZ+AAbsz0CplMcdK1IAYAfb4fgAAAQEIClOsjPe1xN1AFgMBAgABAAH8AwO90p\/YrOJd\/Z4tss7jqktThIJxJIB3e+qrLLFobtKKlyAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZWJheS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgf8Mv24G6SSqxNEfrqm7W\/bejLWA6OGSZmHTWefPpxiwAFwBBBD+GtRBdEP9fCUeld\/IGhJTQe0q9+sY1uU3D5mNCoqM6EROqE0XBEIsVt1XPe0XwL5d6JRvhBZsY2OXTwlPA9KoAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482759982731,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482759979922,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482759982731,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482760002525,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuS5AADgGMoMCEY0xwKgBgAG7n4Axx0rUM9AsaoAQAfqTWgAAAQEICrXE3VdTrIz3FgMDAHoCAAB2AwP4eNz\/n8cCZry+ixJO83AQZCZ84GkG5fx8Y\/DYNS0zqiAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBhMCAAAuACsAAgMEADMAJAAdACDCgAbnVEyzVgGI2GLj7QnsAr4k6GrO4d+u+gLgppnKRhQDAwABARcDAwAuXcRaS7EMPvvI8Bi5+1VRQVP+aN2IhSF01R\/ufbCE63OvJFtaIdcRQNe8GKgNsxcDAxJxBUDzHPBV2nbiXj67AyxJcSX3xvCRTrizxUacFAONLacwPCgC8q9QY44SMCOLoVEjkWNszY7wh22xgHoAJYtP3drvZWZNUpU\/lluQ5cANfo+wjGMVPslEonnAicb+MLlTfhSNxpRw+RKqvH25UyKyiM5ryerZDsxFOUUjmhitTw6geEy+etATAIDd0VQBJqh2aCKYum8vModwo\/TVetVoTXM7duql5dl52xVFkDW0SmQZQ9VQNxTi67IujgWSciMudmaJeWMJyvZoEtCxmC8ThEnOSmk0Nf2tGE4wog8jjrJ3IXAOKq\/moyfPl+8lXvGiGY44WmDwnzFaVXNjN6RiE0P5rXfwgPUk3X6yQSwXRpZ+LKNcgJI8VNVqF7Dal1vIB\/xP6\/Xullv686yEuHetqgJyMFzbt+AVvJSbSShYAva\/s+oaWzS2gJAL98i47g\/HIRQP9RCvJja7q\/7M8X+Gh2sXg3EJlz6QRBwSaMDZyP5WqCMXyehhSTE3NwOIPs1m7i5bsf+hKoKyVWcNYQjFAWJE9O7oVlv1lFN8sjxPJyUuTexnbTe4d9X+xywL0nbC9qwueKbKlDbyZazcPgZAmnYeDaNlLUVdT4M3qten86Q9eVAaa9n7d\/wmJnrcu+ZJFpo+k3kaj6iZ7JFoZgHUFAtMr6FPWryt0BfK0gvkusNFNKEOuqB5qE2Cdr0GQ7vpuQMdfPQhRe6KQBUywepPiU\/lcM4erSEGzwffxoKlx6g3W9ygHzQAB+eeUDuAxrJvbCOaBi8lwlWVC\/EEZtQvSwV0z7\/nadsG8T7nhaZ0fVUELum7N\/BWmVrUlJx3imZ2yHVlkflCMtYSgpkn8vA+H+j9RtqwwCw+RIk3CwTDLYTX2tplK3MLQ1KLT1V6C7Az9JEp9RfaC3NL0nHh1P753EDdbzB12hqy3quab3lhN96fKHXk\/HrRdxAhNhZN+gv7dDnyKpxjufS1fcfZgOUM4cpIYTf7BQFjNz0w+rQxXB0v2d55jpGK6GLSO\/kqezJgcBKlv8XJyAhu23kpXOjWcO+ekergwhg\/6jD47XEgGbClpFjmjhgAHJb1O8KjpxAhRXG86qwVWktU3MZZOugVOFEvhENZ4Z0dQcFpPE\/1Q5Wc62yaiGT\/cDQuLi7KefvBq8wpJGVIFUObuKrhVTRGORmQ\/hwX8m2Map1UwjyjzTRDADoQ5qCZ8NV0G7giKbdx9\/4MSk9g3ewBcXEZQWvDKnlxg4Mgwe44noAq4mm2HhmBXPR3PKJYp+ltK2a3a9CbU7FIEopfzAQG1gAMp\/hr5jlS9w68POJO1iSr0R68olhW3BuZXX\/3Art3DPdsVVPrk1U6mYOPVIr6XEZ2ccsx+4C7proBN1nhXjgZDUkxMgKEFYF7SIoyxc91JhF+dXfbyIlRUVIQGLddEMgFsUq8qlzovVUjcYk7NgtCuaATKnD44qeTEzDmrr6Jzwho1JfhlESpB8J0v+e5xqEzCZAs0gX179nqGncTZjZuFMdBtJydpot2DaeAYjLywd4OgtvnWwG7CiXyGr6hB2Ylq\/NDz\/ua4On5isYreE8iCOlfMR3tZ6h4FiXAve+mmjqyJKFdyjFSRCVlAIsrPt27xSy1LnHVjYdN0qqLLPeIV\/GkG35byV5GVMvnsBK8dgiuiBzX46N1mRwcQYAG\/ek="} -01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482760002525,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482759960442,"flow_src_last_pkt_time":1646482759982731,"flow_dst_last_pkt_time":1646482760002525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482760002525,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","proto_id":"91.179","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"www.ebay.com","domainame":"www.ebay.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772264409,"flow_dst_last_pkt_time":1646482772264409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482772264409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1646482772264409,"flow_dst_last_pkt_time":1646482772264409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482772264409,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SfdAAEAGtwnAqAGAuX2+FaeEAbviQ3M+AAAAAKAC+vAD2AAAAgQFtAQCCAo3btlLAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1646482772264409,"flow_dst_last_pkt_time":1646482772292707,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482772292707,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADcGCgG5fb4VwKgBgAG7p4RVAzgX4kNzP6AS\/ogvJwAAAgQFtAQCCAoh0SIcN27ZSwEDAwc="} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772292707,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482772294676,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SflAAEAGtQrAqAGAuX2+FaeEAbviQ3M\/VQM4GIAYAfaY1QAAAQEICjdu2Woh0SIcFgMBAgABAAH8AwMB8bRCQdqcx9fui+mF7VjuHN5SBb79arjGU4qYGthMOSBbTABCg135wJeFEPl+a8Oxzav9AsC9J9+l+IIaNAxYkQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFhc3NldHMudWJ1bnR1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCezVQBlUDf2SIx8m1xehLWY9pQKyvfH068Wwzre\/JcNwAXAEEEo09VNt2RkHEqlhHBw1nk6JbOlFIOJqgyxElu\/vwC+3XCJEwr43v+9rwXwcTyZXa+qtiIur9f6O0kVe2u0AJzEQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772292707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482772294676,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","proto_id":"91.169","proto_by_ip":"UbuntuONE","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"assets.ubuntu.com","domainame":"assets.ubuntu.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772292707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482772294676,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","proto_id":"91.169","proto_by_ip":"UbuntuONE","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"assets.ubuntu.com","domainame":"assets.ubuntu.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772325972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482772325972,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcl1VAADcGbQu5fb4VwKgBgAG7p4RVAzgY4kN1RIAQAfqM8gAAAQEICiHRIjw3btlqFgMDAHoCAAB2AwMwCvUuCIWBUL4Egb6PucjL+mo\/4er\/DaMyEZnp0AgJzSBbTABCg135wJeFEPl+a8Oxzav9AsC9J9+l+IIaNAxYkRMCAAAuACsAAgMEADMAJAAdACBNFZtVLV8hmIJAgqmU+hARl8WcMPaYtPUJ82FSikZePxQDAwABARcDAwAkxNO8ZCwzrzrU2+7GS4O1EgbIWG9LHL0BgNdkYFZf7JCXbXGZFwMDD9FBBEQR74PWlWHEW1KizWo6l\/YnIqeJ2jVNTbuoelR6GJFjP7gqcqQcORDapuRmRoyB36S8EbRMVGEpdm8R8CYIB+obALrFyuko\/\/at7BUhlI5m7yzz9Vx4z6gqsuLktUpXLnJg4h2CF7tMUhWy2UO15j1L0b0i\/3R2k5TCYNGDDMO1dmaSiQx\/nrSxORtYKGnsSS4TsMIOBqhPTSnPbrJ6FTpKJBuNWc5MVTkrW6eJeQL7kcJYez610\/ZUGqgqKMl0z4UfYiUgMyfOZN1TdTHLG6\/i0eDVorBN3MafS+GZMLjiAn6dON1hJEbR\/pyAZfpNfS\/9q1ITPosOZBIsyDA+yL390cjMqareBDkpJL2aiyJcaIGpzdrD+O\/f+Dd3Bamvaf2r6kKNjOfeqHisnTdmm2tFHqMk3rdkUTYTo8VUTZRtI9tTXQ8frRWB4W7xyhrO1\/lr7OY\/A4o4qOQLiuIF6XLD56BKlcWfraA1vO5ceoTmp6BBK0\/lyDL2vlnxRFbjGuEQTU9froetQsnMwlDuZqDt80crFS0sjpgVOMCAg9bg77mK9djub32OAZvlNUc3EOzQ3Ne4p6rDGST8W9iBbmFvnSvd\/hU9nMxe3w2pgVLTsJlBk4lFg22URiF07nX0KJqXqRqK3GbzFM52wjdqHb2FHpL6\/yyMkkk2j5stR85+utSElobChqB7eJApB4zv5VEplZlkBBG\/L\/ZxS6cR5sLmb7AHSOLkrv\/W0jZWBk2Ax1cjJdXUbwfsMwmKZ6dW4TLQ9mXcIVD5Im0HNuTJFSVPrdo\/2zjVEhzFBCYbCQKsJmBf\/VSeC\/y0DIsogFXWihwFmyQSsG0DIaDd+71YXtghhddvaYS6xQsa13BDgbxsec6+uEy7zfIVbRP7KYcDoco0YAtuAbUhp9A0+sX0d0tAtOsh7DE99muxuBAraVpqWxDvUPk9OpiA7reiTl6KadrBwjebBWftJxPM\/meRmF\/D46RJoF0cEyBNSzCvj4+nKGUnBgLisGnJVqZHUWp7WcBQG+BMWZthjPNdx6ihJ+AuOL\/+exqMTVUuwW33WM0KCCv39vS4flPq83p2510Bid8TJslCq\/3odrkvdVXxT8Ev5BI2yHAOUgWQZtP\/jgcwDcvxohb4mrZog\/g+nqfzpdGyDwhiVjG8mbCtzuTK3sm\/SnEpQf55wQh3fQ1jWB\/pp1DgdFw2xe2x2FAdfJPezo4bA4yRorZwMsSHL3A6z+TbvltVAn84w10vpqRrCuAbqT3M98SQD+m9H2y+Uj+D9CMnPU+v1QBwj+bMoDPDZO+\/PPjv9lMR3obgEn\/2Z0koNLEQb7hbCSF0QB0hYtzV9HEVDSQ4+9wYxVQoDcAlBlS\/KptgS9Q8eciUtl5lR1E6QV99r0fkCbTo8+ij8mRlPXwCobuvfURbSAfEQAddHpllLwaYUCrZGANAme7laVgdtIqdvL70\/+qZptoHQ9Jg5lbUSqfyxoAEH6Hv7XAYJ3Ut0XVjYKt0kbeVKmTqSh0CybEuPnC6DNY1dwJdwseEtYluQ1oeOCcNkBPNgrNZDwpZDKnDPQ9BbqGmv0NsD81iwSH6HUXLXoegJPD+\/N98byN5p27MAyymPZEUWB0CqcwILuZw83fPNGbWmM1GaLRtSLAPSiRhw4f7Nc+PdQeMGutkR3CpgFYfPSX+uRsU0bPOIGw="} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772325972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482772325972,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","proto_id":"91.169","proto_by_ip":"UbuntuONE","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"assets.ubuntu.com","domainame":"assets.ubuntu.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482772264409,"flow_src_last_pkt_time":1646482772294676,"flow_dst_last_pkt_time":1646482772325972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482772325972,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","proto_id":"91.169","proto_by_ip":"UbuntuONE","proto_by_ip_id":169,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"assets.ubuntu.com","domainame":"assets.ubuntu.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791144413,"flow_dst_last_pkt_time":1646482791144413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482791144413,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646482791144413,"flow_dst_last_pkt_time":1646482791144413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482791144413,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8FF5AAEAGQPrAqAGAX2XD1sjoAbs9AWSXAAAAAKAC+vBfJgAAAgQFtAQCCAoz72hZAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1646482791144413,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482791167258,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADMGYlhfZcPWwKgBgAG7yOhRyYQJPQFkmKAS\/ohadwAAAgQFtAQCCAoA0SpiM+9oWQEDAwc="} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482791170130,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5FGBAAEAGPvvAqAGAX2XD1sjoAbs9AWSYUcmECoAYAfYkYQAAAQEICjPvaHMA0SpiFgMBAgABAAH8AwPkjLny33P+mExr32cMRl62\/8RJSZlKid1V05U+ySIWLCA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAhodWx1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACATY1QXYS0qh7KvKliQF74PNyaFCqlZEZicpu9ccKADKQAXAEEEtcC0kqJMuUk4fNE8PcFvshva3wSMZbKQk5Gr6YxJX1t14RCVX0X4nJLqvHYB8ofAk7LBbtBWK6qUGB5XQIzcOQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482791170130,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791167258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482791170130,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482791191818,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuNtAADMGo9xfZcPWwKgBgAG7yOhRyYQKPQFmnYAQAfouIwAAAQEICgDRKnwz72hzFgMDAHoCAAB2AwNKvD71o6ldv\/wfhnoctkUMQVOvBdL\/E538pqaDgOfuVSA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahhMCAAAuACsAAgMEADMAJAAdACCyyuRTekSEiWRB0kCryf7fkyMQ7C8wFQctevnYnU\/wFBQDAwABARcDAwA0UU4SzG5kAazJz6oJmOMa4\/3cbc8An8Ax3vFpz+lLrfOsJSYY+jNTJOIlB+TSvMbFk1QBbxcDAxFVQsq3i22go95F2TH4hzyRL\/GaBx\/EhdzAbHQbZt7NNGyPWdpcv1kI9anvi2FlI9qqqPP7uC86f\/gdLFqNlPe3nJPqKsz7bxpgVS5pbAnShoqlKaEruVFI3neCFibkmTVDlEf8vM246WMlsX5ixYFtLwZ\/mvMPxtDHh2WzrJ+n7DQksnM47MMRCREyWN7ZrMRSGXd9QypHlUAZjMYu6WZvFU2YeUwMAR6clqPZLbwkI5hy88NeHQy6aYhbnjQlUiCH6kmJ59m9qkJVXniwyXopOb\/J7SXMeJJ2UAUQQP3u6S6S3GkBc4xDPE6Mc1bH6U66CnJG76FAz4bS2cZAXCKH5FtLjT2c5rWowhh1l3bHXhVeWKAk2cFc+p+Xz3e8gF3rv4gHpzbg4Msi5e6TrUOFaTe0PmZN+xS8quBwTwc49uGPA7g876JdQRHv1\/gZ7T9gwvAvELqdtRRXpAlNBta8\/oLpSEgivmQyOQwNcFoq75YZ55NYBhlApaxIoQbouDSirEWPaWx2TgVm+qv8XwyhPqX9zkbnxg0PCwSA3\/EKf7Ec09fXZsFXkLxaiRAz55M\/GMUtLGXQa31PFigZ7EN\/fCA00QCwwEF4FE1Kwh0Amlvdy6U7750rffzLKHom43504oZFsmRmykVUHpb+O7CnlMhNlzg7wgpuDV1ALe\/dmyr3GfnOD2VOoi7fjQyxeRqnirIh6d2HpDwh3uJPd+zBajHfKXdywY5uko1IWzsK7VwB\/0J\/ngGPk8gR2Xfx3Bd9GVKf3\/z8QjNLORZh53kW4G4Zs3w\/DrrxXKO37G3NuCNzrDVfsLpImAZDsvQjjtfrr\/yOi3x2G\/lTubHV5DvGgwgHi2B067UOiFZIkFOieH5sgvdLNCbfHzty3XKZDZ2\/nU8W0WEXjdVGiYmtUZg4xTpNqTbEm4swqVFqctFcf97+etpyAJRDWxl05HNb3RY2G3Dbxn+cRhLkhYU8QfSCkthkTZKAaGbPdSaNNa+elToVNPdFyujMnbJycAjnH0TKtTRgy7kcZBst3U6hmj1I\/HO90yvJhm4a4SnGKi12fc1bRwTY9nNMp\/ZcGcEmzutKggsy9TQp7sAxq1EUXnEtPtmCC1rOnrGhH\/SxH5nDnGn2Nnlowwh0GbCGlxfll94w39K1HeT9db+fJf6\/BfnnjyiGPRxVgV693fvsyTv5LviTo8wQ9+a4i1UVpJ1ZfZuST7cDFAE2eBOW7ollq\/xTu\/Xsv39Q098zVKvq4hDyqBBs9erd8GSXhLxDZasOqhH0C\/0lkKUQE+ezHN+HmLiBWneTeawsXlkYLDNbhRysBSEoJT1loyBx0vhFTdEdKhrz24mRcGOGOkCYP2eeHD\/GMbbEojKflwP+w5ED0RtHdBMHLu0ERNOadvL8Kk69t2ozzMFigio\/ImdE9zi4uRvOeGkishcSqiVSvdAywhejwcoSKSkjxzEmgLyzkYYHhJMLG+bO4JaDM+U7V13ZeVQIHosTp7vUTgscdOaR4yNXS4JqjNtcKv7DhfNp0F4Jw9bUk\/wbpu4qHHoMyJ0CLubJmIWRVMyKQH8PR5AJlupMCB7t4kcSWwTNVbbP52WPjFBgHVafIJldhk\/qlUudJwbjTHC00rd6aEJC8MFTEDha17tFm+o0bE3giKIR3X51xzpF2zJlGKw="} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482791191818,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482791144413,"flow_src_last_pkt_time":1646482791170130,"flow_dst_last_pkt_time":1646482791191818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482791191818,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","proto_id":"91.137","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hulu.com","domainame":"hulu.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482801387341,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801387341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482801387341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801387341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482801387341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8u7RAAEAGHxDAqAGAImB7b6+aAFDTrORQAAAAAKAC+vAeUwAAAgQFtAQCCAqmtsAlAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1646482801387341,"flow_dst_last_pkt_time":1646482801394699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482801394699,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8tJQAAHkGLLAiYHtvwKgBgABQr5rfpgWE06zkUaAS\/\/9QBgAAAgQFlgQCCArcngeAprbAJQEDAwg="} @@ -162,9 +162,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1646482802720593,"flow_dst_last_pkt_time":1646482802720593,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482802720593,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8g6pAAEAGYJjAqAGAI8lwiLgSAbvaEoGzAAAAAKAC+vAuRQAAAgQFtAQCCArAZPJXAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1646482802720593,"flow_dst_last_pkt_time":1646482802726853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482802726853,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8b+kAAHkGetkjyXCIwKgBgAG7uBJNy0p52hKBtKAS\/\/9IWQAAAgQFlgQCCArHroD1wGTyVwEDAwg="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802726853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482802732248,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5g6xAAEAGXpnAqAGAI8lwiLgSAbvaEoG0TctKeoAYAfa\/ZwAAAQEICsBk8mLHroD1FgMBAgABAAH8AwM6s1cKgDvTG3LALyk7fAmvRJX9DNZN37XWMNl1\/SdHaCCUR56oKGM2UcODstsWkptKjiMgLAJPLuO56cI3NFuiCgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1rZXJ2ZS5sYXN0LmZtABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIEXwFTh8NFdQPbVwjRz3qZyMML4Z+FJITLECgKzAH2YhABcAQQROHWQ9TZ\/FNyVoueylOLPpt31B2wF8YuKZg+41\/WG\/Ucaum9xuzZgJXugnVJqsHgtbN0plSfDPGhyRi1GNW\/CAACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482802720593,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802726853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482802732248,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","proto_id":"91.134","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"kerve.last.fm","domainame":"kerve.last.fm","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482802720593,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802726853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482802732248,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","proto_id":"91.134","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"kerve.last.fm","domainame":"kerve.last.fm","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802742412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1646482802742412,"pkt":"PKn0qB\/spJGxgjQ5CABFgAW+b\/AAAHkGdVAjyXCIwKgBgAG7uBJNy0p62hKDuYAQAQVJ4QAAAQEICseugQLAZPJiFgMDAHoCAAB2AwNf9wuxJk+v6LfOvwBJ+oeO0H2gHZreeYhWw\/9jNBLYfCCUR56oKGM2UcODstsWkptKjiMgLAJPLuO56cI3NFuiChMBAAAuADMAJAAdACBejmzKK8afi8yU2Y3RKJL+Iy9bmr2k74LeuNRrKKxDLQArAAIDBBQDAwABARcDAwzM1IxyACJzTueCgjmbZFqTLOOTUlt6z2vCHLZdfPBBb97w\/sLBBXnBuqxOqa+W6E19FJm\/BiX2Y1b1VBxS736oxTJ556POal9O3Hn6PN64Bvl06tZ2ra2\/X+u\/RV+uPcbq1P4Y+\/37W1GYJztBW3+48LkDdH+MgIkwFWVSQuPJ\/sVyadcmOZsomPZ+MxtxXa+Heaeajy0ZtLmQ2T021zPHoEJ4NlljumKTv2uu7UvQMnLb070RDaeDabJAmqAzNHGp8suHHVZ2zK3aDY9luXu3poEhboUqmyhihaHbPd0Kpw5I5I771iT7Tyk9CnXSicM07IxktYK1jbY3eQ0+kTJAzo0LixhWVIud58nKo0s1rk5yr8K5zQMsFAgJTvyjTcN3wQCzMIgcEh2LE3KDT6IwlI\/aAXb0vbiJAcAUOpmLP8N9MVcoifLNMtVbIYdlPFFxMI07RDdIsOxt\/m2v12PtASj6ntTVXon+dW7K1xVr6aRHo117Mo+POfZCuV8faSZBLQzSyCSH\/ld4eolVEDDzunt6re3bbPS\/XgE9JaewVK\/pmYOpdug9kjWtS1ON190ku3DKPPG1uzKeYvEvAORe0XM8pyNBBp3MhxymXowwGTRZTv9alCkrj5mBv1H\/EZ8uOvGRwjcBR72\/Rrih8tM15XFUQME6A4R0NjZE7g74SkC5Q+yXEbvBNJNDc+NqAX849LTNSdA+uiaeBeXwulOdkOlzOq5ehf2H1ls0fK4BiMpBR2gwZMfDzeD5VteQS\/34nEHXy2fOlN+nmo4Bw6LNNvQd7qfXpdIioFhcb4uRLHBs0craR81qHYiXjad\/Ydx2WRlShRNaIHajDQ5L2g1BR1nzm6WxJ9zzhODOhKRV0c2fiJYBPg4iCOVZBBf0\/tz3fDX7UAulWJjoMhaDZCnhqrQ7MHQvKldUxDTsebnomBcV7H4dW3\/uFLI2xycINZ+80+E4w4cu\/Z7eZgW4s+LaQc4k5svbXHiFD0sRnaSnp1rAyUQi8oHk0vZ2xgXDzQG6KsTOn2FGI3ZN4tJx37S7IQYYPc873f8Q7\/WijN896lDBwTVOTq95P8Wnp1kFZNQGODUzeK6duAhOA2VBC+PlSafANNxGZMgDzhwswfAssMPudYrIOG\/rmOX5X4W5UmISswpd7ymgMabgyEFOrxOwRtGlXtEExzesNoFgbjGAHmf8lChEWk7WJwVerrENnRRvWgG6yVaODQU7Tur\/QfhOkS0bjeMtfYy5xdJKf4t1VYHjxAitP5Ap\/5XerdSEkQCgSxnCxsHrZMD1KY6QIOaySQ3PZ7YAwIlfXq\/Gy2rWsxryjV50o5\/WNiCF6gGB\/a44127a+DygsDtu4E7g29wFkZapWK41Vi5Li3AX+2mjKCsDnu7ziQFw5czyo9SLxBCL2WbQmSEQVoN6Vrt3Ybz7vtZ4zTR9Qdg+LWCEyiAglMBy\/22sqIeImDyVY25sjoitHmrF0Mo2NSNci5sXVAl2z0iPq40WjMrqqA3McmwELb2ZP3Dq51uUhDtm+LpcXQgblJzA\/\/x0lTQS9GVa\/mj7yOJd1BYm0Zmkq6kguwvUCGKbpAg0LNTQteLZ2bL2ggtJDyE6OjjVy1J2vyGoGbDNH4ykLZbifKCWggCfwiPcKq2l8Jp98R8wmL9BypDs3xUCR\/URgvHARQuzU\/jWe6CpSQ\/P6WOUE28ynoPh6JwQb74="} -01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482802720593,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802742412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646482802742412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","proto_id":"91.134","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"kerve.last.fm","domainame":"kerve.last.fm","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482802720593,"flow_src_last_pkt_time":1646482802732248,"flow_dst_last_pkt_time":1646482802742412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646482802742412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","proto_id":"91.134","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"kerve.last.fm","domainame":"kerve.last.fm","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482825245035,"flow_src_last_pkt_time":1646482825245035,"flow_dst_last_pkt_time":1646482825245035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482825245035,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1646482825245035,"flow_dst_last_pkt_time":1646482825245035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482825245035,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBNAAEAGurHAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vDCpAAAAgQFtAQCCArIaWrDAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1646482826257148,"flow_dst_last_pkt_time":1646482825245035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482826257148,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBRAAEAGurDAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC+sAAAAgQFtAQCCArIaW63AAAAAAEDAwc="} @@ -175,56 +175,56 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1646482844787933,"flow_dst_last_pkt_time":1646482844787933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482844787933,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8DedAAEAGEf7AqAGAl2XBSamUAbtMTKsLAAAAAKAC+vDPdgAAAgQFtAQCCApUsmtnAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1646482844787933,"flow_dst_last_pkt_time":1646482844795697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482844795697,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJuWXZcFJwKgBgAG7qZRSHsTXTEyrDKAS\/\/9OHAAAAgQFTAQCCAoo5zzDVLJrZwEDAwk="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844795697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482844798597,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5DelAAEAGD\/\/AqAGAl2XBSamUAbtMTKsMUh7E2IAYAfYA+gAAAQEIClSya3Io5zzDFgMBAgABAAH8AwORBDzSmJ5ztCo20SFZ11gW0AoQQ4sgaFZaA3Y+KP\/wXyDr7yv9lTOmWoS6i6wF3DRKGiQ0dwIiiuA6PbPxGRgIZwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuYmxvb21iZXJnLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDquIWld0x6v\/7S4zdZ49LOkRXJqmmpTXYEodSal6cCHwAXAEEEAIPYMeBzwG1ajydlfuoJM30LuOrUqddbx+YHyLZsEMUExIIuEeju0UTUsS5CFNGsqSGbD968lENk0xLpNURtmQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844795697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482844798597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"www.bloomberg.com","domainame":"www.bloomberg.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844795697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482844798597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"www.bloomberg.com","domainame":"www.bloomberg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844815877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1646482844815877,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwr+JAADkGcc6XZcFJwKgBgAG7qZRSHsTYTEytEYAQAQmRsQAAAQEICijnPNRUsmtyFgMDAFICAABOAwPdD7r0LgF4QnGJJ5JA5UFs5upfQpyNKNA9WqsCruvOowDALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDDgQLAA4AAA39AAk1MIIJMTCCCBmgAwIBAgIQAh\/cRrcoMqWz4nNNUEJxTTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjAyMjIwMDAwMDBaFw0yMzAzMjQyMzU5NTlaMGYxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFTATBgNVBAoTDEJsb29tYmVyZyBMUDEaMBgGA1UEAxMRd3d3LmJsb29tYmVyZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmjg0JVDIEeEoDDjaXnXioD5El4v3owW07OpwAds+tDSDb79GUUVBS56G7fgegsC1DKYLLXqRvkypZitNiyX4KCg3EPQynKDWqp3FGkZ5+9iqNe\/r592zQRpq1P0wkUGmIJ0u7FwDu7qGbbuTVTvgkCYOrz0NwbZM2ku5\/76\/POH6vtHBJ49vvuLml9jGFbC2UcT8te2uBUiQ6liiYi5N76cp4anOyK\/OA9KVKlUs5ODB9UI2rTqcF9Am3fS\/2HyEa0QIzccwYg8GKgJGqie0XI5lqLiHj0J5FAn49BwJ6KHjx49+iqlHed4qMQQ4+dQCudtCQab17hcdpkVEkSxQfAgMBAAGjggXwMIIF7DAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUVOW6ug3oUCXy1dsN3T4FCAXOTeAwggKXBgNVHREEggKOMIICioIRd3d3LmJsb29tYmVyZy5jb22CFGFwaS5idXNpbmVzc3dlZWsuY29tggthcGkuYndieC5pb4IOYXNzZXRzLmJ3YnguaW+CF2J5emFudGl1bS5ibG9vbWJlcmcuY29tghhjZG4tbW9iYXBpLmJsb29tYmVyZy5jb22CGGNkbi12aWRlb3MuYmxvb21iZXJnLmNvbYIRY2RuLmdvdHJhZmZpYy5uZXSCFGNoYXJ0cy5ibG9vbWJlcmcuY29tghRlbWJlZHMuYmxvb21iZXJnLmNvbYITZmFzdGx5LmJsb29tYmVyZy50doITZmVlZHMuYmxvb21iZXJnLmNvbYITZm9udHMuZ290cmFmZmljLm5ldIIWc3RhZ2luZy1hc3NldHMuYndieC5pb4IRbmF2LmJsb29tYmVyZy5jb22CF3Nwb25zb3JlZC5ibG9vbWJlcmcuY29tghdzcG90bGlnaHQuYmxvb21iZXJnLmNvbYIMdGljdG9jLnZpZGVvgg53d3cuYmJ0aGF0LmNvbYITd3d3LmJsb29tYmVyZy5jby5qcIIpd3d3LmJsb29tYmVyZy5jby5qcC5zaGFyZWQuYmxvb21iZXJnYS5jb22CJ3d3dy5ibG9vbWJlcmcuY29tLnNoYXJlZC5ibG9vbWJlcmdhLmNvbYIVd3d3LmJsb29tYmVyZ3ZpZXcuY29tgg93d3cuY2l0eWxhYi5jb22CJXd3dy5jaXR5bGFiLmNvbS5zaGFyZWQuYmxvb21iZXJnYS5jb22CE3d3dy5xdWlja3Q="} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844815877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1646482844815877,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"www.bloomberg.com","domainame":"www.bloomberg.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844815877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1646482844815877,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"www.bloomberg.com","domainame":"www.bloomberg.com","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844815927,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1646482844815927,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwr+NAADkGcc2XZcFJwKgBgAG7qZRSHsoUTEytEYAQAQkU1wAAAQEICijnPNRUsmtyYWtlLnZpZGVvghB3d3cudGljdG9jLnZpZGVvgh1jZG4tYXBpLmNtb2JpbGUuYmxvb21iZXJnLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABfyOoLawAAAQDAEcwRQIhAKS04h8Xa0C\/xl8o9fcEchgZ7LgujNxsiTfC3v3h8HzLAiAZ2OTGizV66JQtvC2uNRoeBZMyEFHZMGojtbKvLrMatgB3ADXPGRu\/sWxXvw+tTG1Cy7u2JyAmUeo\/4SrvqAPDO9ZMAAABfyOoLXwAAAQDAEgwRgIhAJzoJV3AXHa5A\/737Yh1cLnLasO2WklqOBN3irXRgF+CAiEA4aFZ4KcuFwRLyP+7OctTUMCwUGqdDnVtR7LZ6G3j7W0AdwCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAX8jqC2XAAAEAwBIMEYCIQCfpqhHkrQ23+\/QZHF3J2MQKIlFsIp\/jwK6mAUijDMMQQIhANN3Ti5QiyMbDBtWfZHNmvvqR79hQXk45KTYcI9ILHuOMA0GCSqGSIb3DQEBCwUAA4IBAQAaIrz0UG4uoXKa9ZVPxKmAdnUzCV0F9btVTcH3GQow0EH+Y2D2c4G89VcH\/sbltQE6qlRl\/47QirJiw1wStqk7EK1ZHm6fMWk647FjW\/X51gqduNVG6Sy8YuCwhIOHcXf0qp\/cUx8EdOhobHnYUkxs352KiX4hLJA8SZfPR57FvWXmOEnkV65k8mtQev\/ZigRUGFBQZEVCDzFCBq+n9g56Lm8\/EuvqctNf7Lu0nynPnpb6aA+VAZAoIJhVXjwxC4izLFeNZV0aI22ujFT+uxkQGO5j3l3Hcwu0w72i3zh7xVBMMiJDhaeyhEgR9gtoQ9AwrbqZa6ahgIZH0myDxBZbAATCMIIEvjCCA6agAwIBAgIQBtjZBNVYQ0b2ii+nVCJ+xDANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTA="} -02222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844815943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1646482844815943,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"www.bloomberg.com","domainame":"www.bloomberg.com","tls": {"version":"TLSv1.2","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82","blocks":0}}} +02181{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646482844787933,"flow_src_last_pkt_time":1646482844798597,"flow_dst_last_pkt_time":1646482844815943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1646482844815943,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"www.bloomberg.com","domainame":"www.bloomberg.com","tls": {"version":"TLSv1.2","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845216543,"flow_dst_last_pkt_time":1646482845216543,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482845216543,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1646482845216543,"flow_dst_last_pkt_time":1646482845216543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482845216543,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZOJAAEAG1L\/AqAGAbIvSZt62AbvYtDuvAAAAAKAC+vDuhAAAAgQFtAQCCAq3z7DKAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1646482845216543,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482845236185,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8MSYAAPgGkHtsi9JmwKgBgAG73rYdOl\/82LQ7sKAS\/\/9A+gAAAgQFoAQCCAoefQzKt8+wygEDAwg="} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482845241664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZORAAEAG0sDAqAGAbIvSZt62AbvYtDuwHTpf\/YAYAfbCEAAAAQEICrfPsOMefQzKFgMBAgABAAH8AwNDaq9+o2\/m1P9XaJsuL18rMu\/cbIc9LrPA5zUbsuvbziCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9iwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAhAB8AABxzb3VyY2Vwb2ludGNtcC5ibG9vbWJlcmcuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFWzj0ex9WIWXeCl2qveVdo+cRB1gHroBn+mOFydyRUDABcAQQTZ7Kd3Dh15jhsRvRpWp2w5A6ZrOrpRgthYeTOHm9lBNbC7SyMy7sz4nAvG5eX8+75Yb0V9pFtY29+UzxdUbzEpACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482845241664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845236185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482845241664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646482845260491,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIMSkAAPgGiuxsi9JmwKgBgAG73rYdOl\/92LQ9tYAQAQVWSwAAAQEICh59DOO3z7DjFgMDAHoCAAB2AwMl00JNBhjoDTpue8OJUtDI7gWrENRehivML0uiJZw+aCCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9ixMBAAAuACsAAgMEADMAJAAdACA6ANhx1SULZ5qicHmcZpgOcKzyDJFZ4gyvotfcMC7xUxQDAwABARcDAwAkmehBQSsokWn1+0xD1Ekz\/emWUgmYCHXTpXumKfkkeAhEZPb1FwMDDdQsVccoMVo+96JdzPbhNPdALkbarmAR5a29lK0\/NdmKqcwPR+V1gffSxJKNaqhaiikQk1bK7YYDLKeNYrQ2fYtgQhJ1kLS7Q\/BwFAtLwkQZm3pSfglioGxnCtPRUl8OedqJS1IHYsXjUVUnZNbiUW4XiIPcFw8z9jgypB9ajSZRPFvDsCesm5Mok8748tu2PljORa+fVT0PBZVIIVOIZssACXOZHB9ialf6dAx\/dx3mnn9ZvFrrUV936EU2e7njSQ74xl6JgM7UfntfwrniAxgxW+NSqSBWGRf0Vje6YkWYW2G5Yc\/WNwhE1sfvVaBo4S8lFZTACgG+cvXDc\/c4SuK9ClLp\/bgTLtQ\/84s6saAL6CIyRtNJOfQapfqQ52tBEw9WWRQRx+GVxe\/qFZ7Q6\/RY\/jAOIX9Vu77gloPqU5l9m9GtURRXaaIgOWf6CnARAJ\/lrIz9A7+X+BK1JT5vxW+o262KGPCK\/e51NeZPqvd6+ZAb2KB94B3Lw6vfzGlWJjXf93hk6CFqaYqDSJ9wdq8l3DiC83OgRXvtu6v8hs7Nyhp0\/Dhsz0M4sjiH64sLXf7NUSvFzBsPr8Zwmc3l84oRo5Oz8ZykhchBCEXuGm0NUSniu5qly88yhPgXv3DH5BIbUJ5YY1LY86QRRmreSSxLMMYCdQDwtA25NnbEgqBn6eugtUhVOhe35f8mL9+IH7HeIHovRyF+FAhrnRf2x3vAI6IV2N5D+TngPrbltBGlfU74buGa2\/UTdnAwm3kXNkF75teSUXRR3W0Ae+7Vde7scMX1UXXs7Myuv8g9WsMdHhRzgWukNecHwfZKuZRSQjzLYV4S50tDsvrdwBaFlfgJoVXRTlkYGJauaMaseVVSmMrFLnDvY5Q3qlTOmiyt4PXiVhbVzIR5\/yjVRJEuxMqMIvKMCASwC9ejgMzwYWEVJ9COaaqFwo73yLZzoRXG7bb4Jvx+yLz2TiUdEJkDx7Tz4JrMuTX\/iYeBcMePikQhsOo3ecgAAEtWhklIiWyV5IZsWx+pDVKLvyIkaHh4surWWPL0\/gDbsafXtWKQGo5yUc4VU7rABE8\/RZ\/EyilMuaY+GUtcEI09RyqJj8utYvyIOaOl+qwkJf1uQ\/HlzJGrHLYJYbm52c5E4W8sphVASbEoo5wBc80ipoOk5oRHUKatThn2v0kGZRwO9d0edN0LHVskXzDOAg9cshMRuy0wXIAEyNTlWnDY8+qbUyKyJbnST1OcV4jVO342qF5Qt31fM0ZWlp2TKesvoZNeH+6muAu4P+Pvu+y1yPdzbolbedSPSORYPSOvByajv5MZPAxsDis4mNRcaJiQ0zQG7+37qZ5Y4SYLWRGGN6nfvoEBfHcwjtLTwludHgGykbRE8Os78V1m7rs6OTc0zfR+BVxlbiThNAg6I0wNJdLl7ZerAQlHURWSgkIR0ZS2jDVHkBye0buCzGJ28kUKq3ocUk1VGT813+Lxn3OXqK5v34Y6GJVShc3Pc+CWnBbtICjaYSvoklRiXx+o+PtsG1\/DuoitHuvHYrXBhlc9SM0VoERTyCuuR8v7kZkS+V3H34LXnYnPeR56LoSgM6ItoHUrI67gt8eWgArjEaLeDSA65qb9ZZTPHVGM1FsXERms\/AxnooVxQJxS+QN5jS1zbPGaInFY1oaU"} -01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482845260491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482845216543,"flow_src_last_pkt_time":1646482845241664,"flow_dst_last_pkt_time":1646482845260491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482845260491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","proto_id":"91.246","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"sourcepointcmp.bloomberg.com","domainame":"sourcepointcmp.bloomberg.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860064890,"flow_dst_last_pkt_time":1646482860064890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482860064890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1646482860064890,"flow_dst_last_pkt_time":1646482860064890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482860064890,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8zthAAEAGckLAqAGADWsqDr4OAbv2xGogAAAAAKAC+vA6VgAAAgQFtAQCCArF2TKPAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1646482860064890,"flow_dst_last_pkt_time":1646482860089011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482860089011,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0KdNAAHUG4k8NayoOwKgBgAG7vg7o0cSg9sRqIYAS\/\/+nUAAAAgQFoAEDAwgBAQQC"} 01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860089011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646482860092199,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItztpAAEAGcE\/AqAGADWsqDr4OAbv2xGoh6NHEoVAYAfY2twAAFgMBAgABAAH8AwN91wMalwKbnp34VhS8QvEFPozBOcSHhaFoSNBfPba3AiDXrrHLYmT\/nToyiJxYmouQzlobVBifJMUtdUWk4ZdOUAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABB3d3cubGlua2VkaW4uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOvcUoPBHSJ9xxKLt05ZOdwqxB4X188WUTuTKbETRNVIABcAQQSw33BhIovc8GgXm9sGLVvnRexF7f826PClnfuvUvruR3Sq4irZ9toHOp2agzdKIN0AwGPF8iqx1fv+O3\/0IjBNACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860089011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482860092199,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","proto_id":"91.233","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.linkedin.com","domainame":"www.linkedin.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860089011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482860092199,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","proto_id":"91.233","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.linkedin.com","domainame":"www.linkedin.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860115739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482860115739,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcKdVAAHYG26UNayoOwKgBgAG7vg7o0cSh9sRsJlAQCAOTsQAAFgMDEXYCAABiAwNiI1WsTmofcs6rZ4ZlM+z1u2dhEj0OTh7AHYb4D6lYUyBlLwAAM\/J2abAgSFkNJvT\/lV9leUYHgs9icNHB3u34vMAwAAAaAAUAAAAjAAAAEAAFAAMCaDIAFwAA\/wEAAQALAA28AA25AAjHMIIIwzCCB6ugAwIBAgIQC+Uto1c8pocuRBbJmCjD9TANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjIwMzAxMDAwMDAwWhcNMjIwOTAxMjM1OTU5WjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQKExRMaW5rZWRJbiBDb3Jwb3JhdGlvbjEZMBcGA1UEAxMQd3d3LmxpbmtlZGluLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9Z00hEjLEoN2ZIvx7gbEWJCUwcxKxtSBmhjubbOLDX\/wWTVZgPdi5x4kWjwmankMEb8mjtK91Y7VBg8zYmU\/AYA26XNoudlHmDk\/8jwvgsHurqgJV7ltkjddOqUy0IKTCvFaSfS0fCsuw1hkA4YzTbor9ayAQGv0uYEjoddNjAVKl6PEF6lEHLrEiB5BXZd8HmWKFCHPtW5ZKkOFTvYrBP+1f7visBFj48gMVw52WSpIAEcJqyLK25uWMNepgz1Gqr2G+PQH8D7eqU5pmiIckmQb5Ti9ttF6ASPtM6KgXMUXV3BJQHDBPWHt\/RhFpwTLCCe9rhRtNNdmPCiYRl8F0CAwEAAaOCBXowggV2MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBTS+JTUOJ2cy8vTZ1B2ndG6vhLyGTCCAiUGA1UdEQSCAhwwggIYghB3d3cubGlua2VkaW4uY29tggxsaW5rZWRpbi5jb22CFnJ1bTUucGVyZi5saW5rZWRpbi5jb22CFWV4cDQud3d3LmxpbmtlZGluLmNvbYIVZXhwMy53d3cubGlua2VkaW4uY29tghVleHAyLnd3dy5saW5rZWRpbi5jb22CFWV4cDEud3d3LmxpbmtlZGluLmNvbYIWcnVtMi5wZXJmLmxpbmtlZGluLmNvbYIWcnVtNC5wZXJmLmxpbmtlZGluLmNvbYIWcnVtNi5wZXJmLmxpbmtlZGluLmNvbYIXcnVtMTcucGVyZi5saW5rZWRpbi5jb22CFnJ1bTgucGVyZi5saW5rZWRpbi5jb22CFnJ1bTkucGVyZi5saW5rZWRpbi5jb22CFWFmZC5wZXJmLmxpbmtlZGluLmNvbYIXcnVtMTQucGVyZi5saW5rZWRpbi5jb22CF3J1bTE4LnBlcmYubGlua2VkaW4uY29tghdydW0xOS5wZXJmLmxpbmtlZGluLmNvbYIVZXhwNS53d3cubGlua2VkaW4uY29tghlyZWFsdGltZS53d3cubGlua2VkaW4uY29tghNweC5hZHMubGlua2VkaW4uY29tghRweDQuYWRzLmxpbmtlZGluLmNvbYITZGMuYWRzLmxpbmtlZGluLmNvbYIHbG5rZC5pboIUcHguam9icy5saW5rZWRpbi5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaWNlcnRTSEEyU2VjdXJlU2VydmVyQ0EtMS5jcmwwP6A9oDuGOWh0dHA6Ly9jcmw0LmRpZ2ljZXI="} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860115780,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482860115780,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcKdZAAHYG26QNayoOwKgBgAG7vg7o0cpV9sRsJlAQCANyfgAAdC5jb20vRGlnaWNlcnRTSEEyU2VjdXJlU2VydmVyQ0EtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH4GCCsGAQUFBwEBBHIwcDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EtMi5jcnQwCQYDVR0TBAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF\/RrUkkQAABAMASDBGAiEA+FtG2xqOeknb5qzzR\/2o\/CMHUoHXpbB1F1QDWyi0Xd8CIQCjJnlF37XWsl4u91K3f0Rnf1VYnCAovaJgsk9Qa+M7LwB1AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABf0a1JMIAAAQDAEYwRAIgRG\/7ZB++axDAT5iB0bRQY0hd1mU2pRFSDCwIH3fY1LgCIDKIYU8v7DdnD4IRMHofw+krh1hw5ap6xw2wpYERIS5dAHcA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMAAAF\/RrUk1wAABAMASDBGAiEAj8oQdnEteoNcAfzVyoIT4dQ6QxpZDmTGrUmY88GmgsACIQDYIkjaVgr7+tK\/mz5U79LBLgDLezP58MMbT6WOjvqhKTANBgkqhkiG9w0BAQsFAAOCAQEAqAhlEkLFRsSjnBvf41roZI6E9zIWCA1frIw\/OjQB42j+5wk\/P87qOpF2ld6R3\/QLm8z2ntkMRaDoQwpmL2LDkNMku+fN\/h1+0RX3svEesC67fPqY0TvIbea5SQ8cDqt3r7G2vlOEZD1V7JWAn+FtyyPDZgt5wfEg\/V4kz\/91SKyA\/WJLIkSChoTKxe3xRAKGifslHkZUFWVam\/ArpwFOSHQEmOhieKeYNhnjiS0r3JJSl\/\/zQXrk5f9NhyHQnjTltaMBqM0VkMH4xmlR0PAJPsD2DX+InL9R8ppWnzUUeQJKtCT55kJoVrE8\/QXtq1TBdvLA51syBf\/sCoM5ABnZ2AAE7DCCBOgwggPQoAMCAQICEAJ0LqoXyo4hxxe7H\/z9DKAwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjAwOTIzMDAwMDAwWhcNMzAwOTIyMjM1OTU5WjBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcrliQTcHEMBWQNVtuPIIV9SxcvePb\/3FD+mQlgNTuGKJN8GbQCnNuEZg2F2SvN539+kGEr8evjP4ac03PM5eQopaHU4MruaZ1SC0dVjd72jEyGtesqwb0ql1Lt0dG3SqTw5AueYCA7xMEahQ7tZuSvsIHZU782vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggE="} -02115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860115809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4475,"midstream":0,"thread_ts_usec":1646482860115809,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","proto_id":"91.233","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.linkedin.com","domainame":"www.linkedin.com","tls": {"version":"TLSv1.2","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53","blocks":0}}} +02074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646482860064890,"flow_src_last_pkt_time":1646482860092199,"flow_dst_last_pkt_time":1646482860115809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4475,"midstream":0,"thread_ts_usec":1646482860115809,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","proto_id":"91.233","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.linkedin.com","domainame":"www.linkedin.com","tls": {"version":"TLSv1.2","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482866432813,"flow_src_last_pkt_time":1646482866432813,"flow_dst_last_pkt_time":1646482866432813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482866432813,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1646482866432813,"flow_dst_last_pkt_time":1646482866432813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482866432813,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sBtAAEAG\/aLAqAGAaBdivpv+AbuQtJSoAAAAAKAC+vAG0QAAAgQFtAQCCAoY1d1UAAAAAAEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1646482866432813,"flow_dst_last_pkt_time":1646482866449895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482866449895,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGtMZoF2K+wKgBgAG7m\/4hqZihkLSUqYAS\/\/9k2gAAAgQFeAEBBAIBAwMK"} 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866449895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646482866451722,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItsB1AAEAG+6\/AqAGAaBdivpv+AbuQtJSpIamYolAYAfYUJQAAFgMBAgABAAH8AwOkCw2THMGhALk0\/S0UPYY9Fiy1MMas0dLFjf2ObmEV3iD+CRapxYYnJ+AUET5SjxVSaJRJeT\/rvI5T4N1r2TpPLQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxwYXN0ZWJpbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg+1dFx2JbQxGMLbjHxdWGfdupB63kQdiHTmuNhsrVgTQAFwBBBKdDPqMFSChZhRpkv1Y2JjoX2aNL5O59XM1C0oY6ZFf1Ifckam\/eVu5cuFoipFrAsWBrxGiWt6uHvmWbTHpfZoYAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482866432813,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866449895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482866451722,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","proto_id":"91.232","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"pastebin.com","domainame":"pastebin.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482866432813,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866449895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482866451722,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","proto_id":"91.232","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"pastebin.com","domainame":"pastebin.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866473555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482866473555,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXc5p5AADkGyH9oF2K+wKgBgAG7m\/4hqZiikLSWrlAQAEOqmgAAFgMDAHoCAAB2AwP3Tq5B8YNEMfsXlrFMX+cJAFyFVvc0vfL0PA2JGf+P9yD+CRapxYYnJ+AUET5SjxVSaJRJeT\/rvI5T4N1r2TpPLRMBAAAuADMAJAAdACC8SQ+nuWrZ7m3OjQeSS1gBey1dX5dviwGQo25iSW1\/NwArAAIDBBQDAwABARcDAwrUWcozSi8H7mX6VFJzUeu67AZTvXqUqieEsv\/SCDJRG04D+K\/85tjRqQc8IaCdG\/Ma1aXupXOao7EKs5dxBr3PHgCnoZWlYvp\/vFnFY01UAzahy\/2Ln9B1zUwtz3uzYWpPoGwuBDYDyCpp5YCc+VRCAnimPndtFHu3f4cf34kw2R5ghDuHJM7XgI73uA+QhtA7Lm4qDNd8IQfVR8ibSoojBbJrGjlrMQnTX7bHfa69gUL02NPLTCS33EoTLoykHGbhIz2\/YuL\/j1ygs48g5VI0e5UDSy44uHoYuG8a3Pxy\/Jsd6q0AsLyEhl4DDnMqq1vIVyMY7ikBvPWLXXY3uSTsmsc4VjT\/ZmG6OPEqE0L2tN3PEBzr2VhcEtTrd+9r\/eF7EZBgkbAQV2wfYSuhYdYJ1oEdnnGOhWfgLD2yuADzfTagVwZlvJlNYpeHylpdEoKNNmjalqi4UfF2uWlffHXAfu4Hg+LiYV7z7T4NsVUwbLjKuix8i4aqtmFBzlkkxa0BSHy2wbR+5xuovlePUkmo3dHB7v4hPHoULqISNEaXo8kyfzpdupdn5Lv0ECyEWOBvSP+FrJnILjG2c7ZdDIbZrnZzaIcQnuZsXq2XAY9V16zDi0O967QfiocL4\/N2fl3JfJoW3Kl1GkdRvgzmcIfydx+6gdTa0LgIFCL6FL+bNJ18LHt0BrvqQgh4o8hN68WCW85ancsvwsi3SQaj73TgMDWzBHPKxab2gJ3ISuOMtj1AwlI0ph6HRkfMUBrkAbKTBjJx+Yn3AxV7ED\/zIalxlIZjJn0hkfwv05YT5n3a0Qv28ydooU720u9U2G9I6wCY67M7ARbDxKZytUKyQ8LT\/WaUL8TiCQh9lnFD2DHfdAt266xCi1GOOhbGF5vPruMEhnAAM0Uq1x0ZdnLJqIvynwlgt6RyiGkmPYiTKgDaH05xZRnfZiamnJAn7KXYk7br6cRTUFbAPztRA3ZggnVdtIdpBqWOyqMf3A1crx4HkTR\/UI9sFZ09yKQ\/QZF2LtfHl23BzZPfneVeYdREYFnXmizM+4DmNZ7KIYB5x3V9jmRVL6n7f7jLIDawk4AJ0ANKucfylh3+WFoT9Kj7u3KHHuOuudNj0GUHHpNdQbO8FVrLWrkCjI1bL5AD6p8qSealSyklawCJLA9TSqkLN1bwtaqBj4giDwqlsZmyirSvKRJI\/TYL1x\/PFoac3isoZTlC+gcPS2BJWh2Q2kmrNblWxEd2q9+VbpXYIZhojih27WiiQEUaEEDpIuCI3CAKoZVfm2eUhht+WesN2uXf6AmFYNY6qz5BsEegkUjA0nAMd2LkVqZT5EL5TeGnQebZPTMbJppUlgKujUUbvTp7+J5b9Vm9YIGm92F7jLbl\/gt7N7c\/bF9qY7foS7+KmHx+SdvDqqa2Iv0eyriBMb7Rc++W8dLN1uJEhewsCqzdBVNLul2FJ1KTTGwvB6myPxhZYKncYHrgsla0DBbWlOKIJRBF+QERnyOWzD6TLU+1NfJEvuAb6tRw6VRK8QQ9JwM3+4V6xP0\/gCSbij1Fwj32gHkrzZBB7wEtaF7ErRpPrRaGDkQnvOjDASk8a9uZMAIGEoCEJq8bQMDOn9AMdwa9iiLTTMio6zoUV6UM8Z6G5rErYguciEZ0nXJU8DVNLjvmWetbvJ4du9iFbxoCn0hdFwRGwad\/Gw7TZ2+6BIoboa8w2wHxGhHuPNLY7f6lh7KOTtdTzgXYyQuzLhAhKS+bFK46mJx9AGX\/7fRY2OA="} -01441{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482866432813,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866473555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1646482866473555,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","proto_id":"91.232","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"pastebin.com","domainame":"pastebin.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482866432813,"flow_src_last_pkt_time":1646482866451722,"flow_dst_last_pkt_time":1646482866473555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1646482866473555,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","proto_id":"91.232","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Potentially Dangerous","category_id":7,"category":"Download","hostname":"pastebin.com","domainame":"pastebin.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879566800,"flow_dst_last_pkt_time":1646482879566800,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879566800,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1646482879566800,"flow_dst_last_pkt_time":1646482879566800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879566800,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZJ5AAEAGuDfAqAGAFwFEvd\/4Abu+RY+DAAAAAKAC+vCgEQAAAgQFtAQCCAqibL0tAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1646482879566800,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879585905,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGI9YXAUS9wKgBgAG73\/iES9VYvkWPhKAS\/ojG\/QAAAgQFtAQCCApEcjdUomy9LQEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482879590126,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZKBAAEAGtjjAqAGAFwFEvd\/4Abu+RY+EhEvVWYAYAfb4UwAAAQEICqJsvUREcjdUFgMBAgABAAH8AwPTmj1yotJrCU5Axy8WSqX4RbWM\/SINHTcC+qIJwwqdWyAtxwR2GOpVXqzss+L4QuffJNllYoSRruXn4YOMT1n2UQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABN3d3cucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIO+m+y4kE\/Ul0wRfLnWkNqXDSHnFmA3tI1g\/5Tv\/EZwCABcAQQQh+3EFl7VEJWAHnTsK42aVbCexqYTb9DwqjdAN6Pu9IMJwjvRFdXg\/Y6aZYu3btbo89OdSMmSsifn4YkrISGSJACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879590126,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879585905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879590126,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482879608912,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuGRAADkGZdEXAUS9wKgBgAG73\/iES9VZvkWRiYAQAfqCIgAAAQEICkRyN2yibL1EFgMDAE4CAABKAwOBBacTcxLQcpf\/xOGxRR2CePwULm5vU9EXzObSIHQCawDALwAAIv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMLgAsAC3wAC3kABtswggbXMIIFv6ADAgECAhAPQ7qsH8llHaxnrRr1FzWXMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMTExMTkwMDAwMDBaFw0yMjExMTgyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMSswKQYDVQQKEyJTT05ZIElOVEVSQUNUSVZFIEVOVEVSVEFJTk1FTlQgTExDMRwwGgYDVQQDExN3d3cucGxheXN0YXRpb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3Qgt4P9Y224g0zoPtHTQ62jOmkBDHAJt9oe2ENfUBlMYZiYOdvuj2oWA0hWM\/1u2BCu36V67lS4b99HLRCikrHVgUNxkudO8rkdL4tH3t3WAQRMskVgepd2HaZYil3INmaLa6f1JMFYIa68G4gbbt8fKYh1+Di2herOlebADQ7GSx2oRUf8lmfZDdNvX8NLVcQNNtiGFDQx9PawZErjW11tozNDi9Hu43AfqEjTn5Cy7jcNbRSV\/vWHhX677Er6den3rznV6K6msbmWNeoygSfN+QtGW4zaFzWy6AymB9ZWyjAZKxZIPykYuNIT8iMwCrVJVtekRIgiSWVoBxqHSQIDAQABo4IDfDCCA3gwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFABNUfVgXrmPa\/rV+1oGI\/9o5f0PMEkGA1UdEQRCMECCD3BsYXlzdGF0aW9uLmNvbYIYd2ViZm9ybXMucGxheXN0YXRpb24uY29tghN3d3cucGxheXN0YXRpb24uY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbwYDVR0fBGgwZjAxoC+gLYYraHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi0xLmNybDAxoC+gLYYraHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi0xLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH\/BAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF9NYkWGAAABAMARjBEAiBw4adKSoTaEg1DG55p72lSiGR59iIJtfIV11QzYcKSNQIgYgMdbbAZDTRsdEJJx3wKfM4qIJgNRlkkzStk2fCy0fQAdgBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX01iRZPAAAEAwBHMEUCIGH9aujoguOS89DfmthBnuGimJ20LoIiOLkOixddzmM+AiEA8SGoDfP+SexGTJcaM5VPyxRoJmO+qb0="} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879608912,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879608912,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482879608943,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcuGVAADkGZdAXAUS9wKgBgAG73\/iES9sBvkWRiYAYAfpUtgAAAQEICkRyN2yibL1EFHEbMrNgcVqrAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF9NYkVygAABAMARzBFAiAdEk5JcTg8\/7GZwox4xrDJHor+3\/hk3iSBi12D9ueQhgIhANG8suAsXaZSFftsGvqVxcd1ECVM96JTmkQn+zmro7bDMA0GCSqGSIb3DQEBCwUAA4IBAQBh8+lX4cGkwrI0xajnGJa5hjhshafy1dyi\/OK4pBstrak8J6018kBebB7pfBJGDtjbyBZX8BLbBKhJz\/Nx0vUlLATCADCv66zTYDxI2g4AQQxmfIxPzWJn17x61253yb1u9bwdDmdYnm20ReQGI1Jp7iuMIm8SAwduBJdQX5t2CQTHqZPFZE2yYFlqsLZxrGlahLhssMIqGyXODC0TdYPmmK0vAagsTIFv\/2puBbc\/Ev+ZY94tP4yxJB8wirxNYgWiTpS7RaLXNUqd5rbSxdA+6k4w\/QGU5huraHGEt9GCs9MGoO2Sko2KouqwpMrBl9+pRLpf3jl7H+LH01LaIGV5AASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza\/P96rtxcflUxDOg5B6TXvi\/TC2rSsd9f\/ld0Uzs1gN2ujkSYs58O09rg1\/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME\/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\/RR3w6RbKFfCs\/mC\/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq\/sELfeNqzqPlt\/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEA="} -01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3863,"midstream":0,"thread_ts_usec":1646482879608957,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A","blocks":0}}} +01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879590126,"flow_dst_last_pkt_time":1646482879608957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3863,"midstream":0,"thread_ts_usec":1646482879608957,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.playstation.com","domainame":"www.playstation.com","tls": {"version":"TLSv1.2","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879964649,"flow_dst_last_pkt_time":1646482879964649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879964649,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1646482879964649,"flow_dst_last_pkt_time":1646482879964649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879964649,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nmNAAEAGzLvAqAGAFzP2QbS4AbvcfW4jAAAAAKAC+vARXQAAAgQFtAQCCAo1KzXVAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1646482879964649,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482879981627,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGcx8XM\/ZBwKgBgAG7tLg0LEpK3H1uJKAS\/oiOFAAAAgQFtAQCCAqG0XpXNSs11QEDAwc="} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482879983523,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nmVAAEAGyrzAqAGAFzP2QbS4AbvcfW4kNCxKS4AYAfZhPwAAAQEICjUrNeiG0XpXFgMBAgABAAH8AwOVj3yfLLIdpS7ph9cCyv5vCYAGlSzvdrVr1N5tbcI94SDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAbABkAABZzdGF0aWMucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AID7op1onM6THMaho0vMOrhWIG6UTS6n8xwsrP6D1biscABcAQQR0Q9Knvll2eKORbkRyexBvYc7r+Q69FpqwjjnvO3KMU7d3ZPOw9jaGO1B0c9lo8UIHFSOSayE0o5gPreutfPv3ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879983523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879981627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482879983523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482879998959,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcGehAADgGU5cXM\/ZBwKgBgAG7tLg0LEpL3H1wKYAQAfooOgAAAQEICobRemo1KzXoFgMDAHoCAAB2AwMdNiKdQS66TG1dyCOwptjBRt9POx14VVunuYZo7ql18yDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKBMCAAAuACsAAgMEADMAJAAdACAXC3BnxXibQvXlPvXackVE6qVSM0uTzNS9wtehVYweARQDAwABARcDAwAuL9AYW1FJVOW2DFct7yJrAUSOFYcyR53maDik3s6L0ac\/+QVeexvew\/fM3kcU2hcDAwyBPzkyEyhEOs2cpsRzb56Q\/t1RuVr7dNNfhe6Pbsx6BmeRf00Xwmly1L6c4+FMLrgVmDa33uzJWX8VpfADSu4RnVvSm5Kpl0DoLZbTDVZ419fjRRioYU0kLoXsZqo9oXCLh35NJTARKEJfxuooDVVxrcOLS6QfUNhPFhqBi3rgPlELjpHdcwOv6kI5zWblIn0FKOaRx+edul5eSLPJrRbkKlQ4jFt0Ck0AEVaZYiX38MX+xcaA1n8XHTW3iOKt+1vCPn227UZ6XtwYdwRcJbXGNokr1rRrdNRo5uYAm+dXDAIpF3yIuPQXdhN5ojiwFprQOTsAsI5ez92QKqchMb1S15IPNdrUpw81cD4\/apouU520O9HsWFKAV+PRNLC2n2HZO9oMipSQ68TSDBnEJnUQlaAww6dAp0mphDPNloNW6elzTX6RTCJF0jmxs290U+JHrVByif4mDGvgWI+rWYoaprsCluFl4BJvai47IMcYMluMnEC\/F++q1CYOP3eCqlZLRcEDd4b3UsruiEehsAOSUAfM5Q\/5wQvUfevnbH3NaVqtcGcXsd9s5l\/mKBzlcEwtCcswGDLaQEHMzQfLnCay5caDVfVlVmtZHGa7X321aC88WROxZKXmDX\/vQ9F36+LH5dnKKpajdKJbWIhCb96hTTZFeSWIB6qVvukD4Mmn\/ql7qRBBqiaz92nT+gAdbAzWCmC5ZdbsE9TPNAOstQZm1gTyw4vtNHQhzRfQ+5CzWePQjJeH55NKulgYi93t+WmO\/Xw+nqLHaNTLVjvuFiPTN\/XDyI9enaPq5vi9cnU+92Esp9jVmsK87CoeAU\/hnqM4xtrq3\/s9F\/o0Ej0oLOXrvQJGJjvBX8s+Bwloch8k+G9qMCXqaOVmCA799Qf+MAnXUP7rHQH8ELm5p7p+GsHItR\/GY0iI7Qsk2oo3hxxPs0pfRHz5Wuhta5hUSg5TPSn+0JbFK4u6xfuBF5RFSPCdCVORHRUTa4ZYFnVIuheBC4PiSUp2O\/unoO6RGdIXqHTvPXrruCiYHkDcCPwpzJOrveYQRDcJDrcRik4nFoltpseMp7BD\/xZsgYY6V91gTJ\/6D+G\/91QVUv2Vfsat8xMhXcZs2XmJGMGnIoaAEU1unOdnbZ3gJA1rrsSqLVxT6c2hYt45Hh5VUuv32GdC2suPUROPPEa8vMa4SMnMtdYw+PQuEO4jkicw3rS4Ey8slQisoznZT7vA1Ic0iky+7DOalhCN++7Cco3WhKh35HQsI4DmMCYJCph8O6uU24eZFuH3bkCIlyuzY3+VHZFZIkeL7BCC4dYIkKe3ZOg1YWefN5f02xNOtgNYMMlFLU71s3SUIyDfKuLdTwhQddscQvWAga5bWF0yyq+Vqs4+IKLNTHwC\/Mr+y8YmShr+3eKA3WgxKI6\/wUUK\/yoxaTe54\/RKfMiVNrFleXpdBS7R95axKVhuyZSVrpd\/y0DqWdQDmtiuPN3GyyKs+zmnhamFXHyn\/PBnbm7zbuX1wRJDYRsJ\/0qCNS2YtdRPQAWEW0vkhpa+O\/TU4UaeZg3gE70cq1mLgxqurTLoy3ZMcyVcT3GAirx7NuzqPTCDZBmHGgl86eVUA8kiczF5TGrEsBM7bn+ewxFeluJyf0CEZfnjRgMVfuDjKxY80X+tNZ68XOcc5Y0dNf2\/P5Q9g1LzUBk="} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879998959,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482879964649,"flow_src_last_pkt_time":1646482879983523,"flow_dst_last_pkt_time":1646482879998959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482879998959,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"static.playstation.com","domainame":"static.playstation.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896911097,"flow_dst_last_pkt_time":1646482896911097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482896911097,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1646482896911097,"flow_dst_last_pkt_time":1646482896911097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482896911097,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPpAAEAGn8vAqAGAbIrHQ6iOAbuXn2EUAAAAAKAC+vCb0AAAAgQFtAQCCApW0sF4AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1646482896911097,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482896918912,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8E58AAPcGuiZsisdDwKgBgAG7qI5txRYul59hFaAS\/\/+2KgAAAgQFoAQCCAqPYc1DVtLBeAEDAwg="} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482896921314,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pPxAAEAGnczAqAGAbIrHQ6iOAbuXn2EVbcUWL4AYAfaXogAAAQEIClbSwYKPYc1DFgMBAgABAAH8AwNMrbkme+2pG6WKGaUcTfCs10ic95it0jPiimTr5KWaaiCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAApkZWV6ZXIuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIAS3iFI+Lml2aqbJ99HMOh2pxKpjuORM+VA6AJN2jS5cABcAQQS2OgHZ7hQeCCurKRe6Z6o4CXtv3DRVG4xO7HV8XVI+fMr+wQD4VFXUBMvHu9XDFEguxQ+LZymMWbInoPBoAAbBACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482896921314,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896918912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482896921314,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646482896928135,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIE6EAAPcGtJhsisdDwKgBgAG7qI5txRYvl59jGoAQAQXBQwAAAQEICo9hzU5W0sGCFgMDAHoCAAB2AwOS1XRiQhtHbsWk7IKMotNVJhoQERPfN6Zn9M8Pa\/9DzyCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlBMBAAAuACsAAgMEADMAJAAdACC5e9xEfCV5fqDbMwqybkRNE38lDRLma9iWS1wPjNaVVBQDAwABARcDAwAk0F2uVi6cSugSVE5OnZzVG+pqX6vJqyLz11UQdWeMUASCS55bFwMDGeAaTkAQDlR2oi1a4CX3A43w\/i8sDBJV1bvBwohVahX\/jSqWGg3EbXZ6QP8zOTm+7UOdvBjp\/L\/Q06PJudYZ5nElqSGGv7wsN99O0PVbuoC6cMYGjAUaR2N6zjlkla6lYoZOaqqRopkEuw9+jdD69Q+LfVB6JRDMXGav9lD46FNEyIJiVeqB6ZzDvQsF0hDvsVRLgJL7+9brRJ02cWQjc790lJ5\/IV6KYzt9j\/RSvFj6tOV2tIGd37EOisJ+YPY1IBH+PgWTwA3DRjV16UoEmGah9+FadbHorXKCxyXACRs43RPkzvqTtNUWmE8AwOgUe7EC\/9J8tF4f+VwcjMcXUOYGHI\/\/TbgrRbD0olswt2g7FOU08CXcT4q9P5EhZJqdbRLAClKDhcpaHpnIALhs9\/spCNwC+fiiZV7Tw53HfD87aMzVul00joHapiXu0xAHWrzYnvyxan3XTUK4brp9Rd+ypqosrQYXg8tXxXhN2gCrvAxSSqhOi0AEpca8xK6G0v9v0CUzNQz6kqvZlDH6p\/ve+I\/UJjJzO2r+nwP\/kkYPLKURLPOlU2LlQVqmdEO\/WVisJkEHuHJPR23A7KQeH2thBVN+Thg5ujNqOKhOViVqbNg8pufR9snMUVLyyRwm0dnmj2+FzEkPaQh989nT0XCkEi0rSXY86hPcWR9iFN2lZhArJyPVa294V25rWpEW\/OHvdM4ADDANCrM1WZ5WMowmqzunXEtoleaiigLpTCxd3LlJjaFXYrDX1BHEVq1WV3plT4j+nixhYNZq8ZE3\/hyW94eyv6KpvG4EtBSeFQsErwEBuzBi7drPC7om+\/FvzbX0weIxfmZ7jj8ny7KpxaZJELgimpU8u8e83uxIN4BoeSkjfj5VjWx+D7jYgHNq8OgG9twFoxZ3H9zw6VXSCdI1NOfnM2KMD\/3NndebVP7Bw4g1OFMOUMQaJE+p\/hutYxtSNinlqyIasmpEe17RoinamTFr\/UB3iWE5cRk3un3Y\/INeyqfATd6MvewBZd6w2CNW6Ut+QR3OHXzfAPR7\/6gZw80h+dkNvvv2YZhLNR7fFCytlqLfKwcE3ac55lwOG3aYgFqk7QMi8RtpRnejscum+EPD+yhSiEYWEnZF+QhwLomph17hHIbFo6Hy3fB67GLdiSZRhhq4JWcd\/G4Lan+GLmjZ\/bpffZhDJ6tGdL0VJ+cIf2HIzZIXgD8ThWXTKhtlCSiluKhML1guk4QbgZ7Kfg+yYtWCWYNXSV0Bgr7iKsXTsyOQrPSbiA2XbgpfWQnVMOWf6HZk4b4nBF2flUOzID6kjCWzDJN1ov0HY\/u8vkWdZpNVcjbEPhSJYGQuZZjMMwm2AXSr\/FZ512IZZWu0x\/bqScS1nrcHl4mMWzmktdpY8gnlQqutW2y7D1vLp9D4gwkK4UCyoyGVWxcRj+DKF\/FqWRPZFc5lycA7umQmzsHVnR8GTgFUoQIgh5uawTFmxhQqbijSqxg3OVo3sGtJN1EoU6aKaaG1yE6y77re34HM8f3YDYAEa4+f0AjOre1v6n1Cck4EY35qQF3adiya7gTfgi4es9Tl7wB4xkY4G0CO0rR4BPOB4HF7LSimiolDJQ5noah3uv33nk2NTgYmKd0pWY4Rh8M4Jbl3fwk+0Ih3zbPXNJaElCiPyaFOc4r5"} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482896928135,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482896911097,"flow_src_last_pkt_time":1646482896921314,"flow_dst_last_pkt_time":1646482896928135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646482896928135,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","proto_id":"91.210","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"deezer.com","domainame":"deezer.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482916232520,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916232520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482916232520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916232520,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482916232520,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ooZAAEAGcYnAqAGAEkFSQ8tmAFAueWmfAAAAAKAC+vBogwAAAgQFtAQCCApZaACoAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1646482916232520,"flow_dst_last_pkt_time":1646482916249193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482916249193,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Lu8AAPcGbiASQVJDwKgBgABQy2YtbN9PLnlpoKAS\/\/+hEQAAAgQFoAQCCAqviQYeWWgAqAEDAwk="} @@ -232,32 +232,32 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1646482940480794,"flow_dst_last_pkt_time":1646482940480794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482940480794,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA806FAAEAGYWnAqAGAjvq0jpfKAbsw63pbAAAAAKAC+vDytAAAAgQFtAQCCAoU3PsAAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1646482940480794,"flow_dst_last_pkt_time":1646482940487405,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482940487405,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8FycAAHkGJGSO+rSOwKgBgAG7l8rhydulMOt6XKAS\/\/9c9AAAAgQFlgQCCAqRbEHhFNz7AAEDAwg="} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1646482940491250,"flow_dst_last_pkt_time":1646482940487405,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482940491250,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI506NAAEAGX2rAqAGAjvq0jpfKAbsw63pc4cnbpoAYAfb+6AAAAQEIChTc+wqRbEHhFgMBAgABAAH8AwO7ribOnVQsY1sOMkcbEYXbLY3qPQQ51Elay7+WtVSrNSAVw+m3VKjUN5Kg0hk0Rcql0l9JhorDl+A6BcRaD2MOQwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAUABIAAA9tYXBzLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgZi1V3KN\/7YwDfK8H3VIJ+hl8oG\/pcyHsJbGlMXjOc2MAFwBBBJu4yUB5A9M8e+22tNqv37PZXfAJovqkKxk\/cRDsm65QH7HDIBoXPUoAJy1c6x2wwBosAz8dzXVrLnN4Hqic9PsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482940480794,"flow_src_last_pkt_time":1646482940491250,"flow_dst_last_pkt_time":1646482940487405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482940491250,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","proto_id":"91.123","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"maps.google.com","domainame":"maps.google.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482940480794,"flow_src_last_pkt_time":1646482940491250,"flow_dst_last_pkt_time":1646482940487405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482940491250,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","proto_id":"91.123","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"maps.google.com","domainame":"maps.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1646482940491250,"flow_dst_last_pkt_time":1646482940513505,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1646482940513505,"pkt":"PKn0qB\/spJGxgjQ5CABFgAW+FzcAAHkGHtKO+rSOwKgBgAG7l8rhydumMOt8YYAQAQVfDAAAAQEICpFsQfsU3PsKFgMDAHoCAAB2AwO+cAbEDWPsOG9Aoyc3T1vqzf\/RucIV2caKYJl\/xX8AJyAVw+m3VKjUN5Kg0hk0Rcql0l9JhorDl+A6BcRaD2MOQxMBAAAuADMAJAAdACDqxFvXuojNNOLUDGJVQD6\/pS4ex48pI\/MhfGnDNiVxagArAAIDBBQDAwABARcDAxmGO3ct6tGPkn2oKW18wCCNVoFB2dDX9BlLCTUZ9VjYMae\/mbNPHUAuiZ9vRuIoefCiQ8kFb4O+HJZQcgfVhqMGbN7RglfdXgWWQavSSlRQyT\/GYSI8\/UIf+AfOkN8TrQxy6iJzrHWNSRydzyEscBtysPYoPRqJCev2t4kd3t9DkQklD70AkCGpFpOjC8AthuU5wwo0VspGupmz9R6axp4s2+J0yco8fk1tNt0XcXtIDkmn9lZUjzsENsY19t4llp5MUY2nMD6oldtnDULVMzNK\/JWLs\/ogHoLjy8Qfme7ab+3fa2zsjnLuS0gipDEcwXuhRJC0j3x7vyQDElOw\/WHXUSYwDH7bp2straTrNDhUsjbXphgKERlrRnOrG9fct7fkGv4HfiFJUtHgL5Bb0atuCe+XDsWVV7YVrL8oMmAFW1TVbbnhBWL5CrGy1KxvPwdtbAkCtKQmkKvlbSW1LDPkV9wM6KfFhwV3yjdMaV0EQda8KyCzO7VdYlnBJitr915VuwhardzQ7PH6+QokzqN2O3LS\/qrkowDvxB6X07jz64gdH8RbmTp7gCE4B3CxFK\/wAkq\/d+BlJvmgG0VZzPykRwk3Z+SYar7ro594ZCb9SWP0c30zUDsx2NQw89aEEs1ReC\/kY+kNhmqgqHCkV\/aPFztbg\/BQZu81YwvFe3zxnNiGAB48ZG5XvLgDJdBnVGxmvXjaJBL\/enErWLgyki7DbD2ed7Ubh6Geue7fK8XVUmpojMqSlHd9N83MBex97rmal\/KhHqRXQzdVkD8lMppo2zxDcJ6vyZ1zISqC0+u0Eec1tSyEV9JuFVKH\/0nOqfpU7X6G0XhWswComBCKDUOqnsSZ2VYmK\/\/NYBNhXubiyqNRkP4NQ54ZWsvHMfVKROJousHF6mxQOO15QPfd8jSe2xkxl5h55j1CoG53oVMlQOESwBAtsMMri4JwZLqS808PiR3YTTzip7k4tGkzsmh0HiNb6+J7Jj8UvtNdCL0nxVpyiZFBp5UGTiPaAfc3GSm+\/qN98Z5ewd0zpkHM9dQk0xSXLVbEmOdphGU70TaUkNP3dEniPwG2bCnpwwKQ6YZULDsWWcEAbGIZP0MHJIfUp09ZTWD+3i4IE6JBMjJqOVCjK0nSoe6k+zGZOocK38CXurxwlIi53W2GsNpS0OTlRvP3uo5KOYGrFYx8jXpmX\/qnY+O6YrnstCj36gBZkzRG4FwWWZ8aX3w9xxyfRqNqaKJ33KXn4x5XQ2LauOV6zsci7LmxPp1SPWguxctM75z9kOtLoPMXjGeJgHjDvVzrZthwByajyjX6P+68T92c688hIA8NFj1q6kxKYu9PyJ\/ExoL9U1KECJ1SJVvhIu5h9QyObfrGNBPjvrSU561D9\/6vcJuynop3dCJJrjuX3FYNV1M8qzg3LiD6rIjahiGTSC+PWTX+1gFiprtsOc61GSaz3JnD+kheoYMnhkYR5soDX4QEbz1IEDT87VOd4cAgMks6tSv7MSxQiKLkUeSEhpneq3rV1+oNXsvqOUzdg17JXxMFJaFkAl8Oab09MIYwsehOPnvo7uPNYVGk\/QW5HrljbeYnmn3xZK6q5NXLQyAoP1PXvYwYJam45lTxfuWj\/J5CtnsXaoy0tM1FyOooW6ZTSwuUcB9nus\/kiArgU1xDb\/3hVgJ7VoT4sVKz34ObKoApxfc\/AnyLjcmaraKOlwc="} -01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482940480794,"flow_src_last_pkt_time":1646482940491250,"flow_dst_last_pkt_time":1646482940513505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646482940513505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","proto_id":"91.123","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"maps.google.com","domainame":"maps.google.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482940480794,"flow_src_last_pkt_time":1646482940491250,"flow_dst_last_pkt_time":1646482940513505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646482940513505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","proto_id":"91.123","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"maps.google.com","domainame":"maps.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995689179,"flow_dst_last_pkt_time":1646482995689179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482995689179,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1646482995689179,"flow_dst_last_pkt_time":1646482995689179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482995689179,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8enxAAEAGb8fAqAGAAhGMP78GAburV\/8MAAAAAKAC+vDqEgAAAgQFtAQCCArEqeKzAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1646482995689179,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482995709387,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8kMCEYw\/wKgBgAG7vwYhgnsXq1f\/DaAS\/ohOCgAAAgQFtAQCCAocht8\/xKniswEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646482995711939,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5en5AAEAGbcjAqAGAAhGMP78GAburV\/8NIYJ7GIAYAfY3gAAAAQEICsSp4socht8\/FgMBAgABAAH8AwNFE1YF0dNQQhTDT2LTts3l72ip1ON6WYuBYFjp45zAOSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBhY2NvdW50Lnhib3guY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKOdg7M8WplrJ1dHmYhafGTWEV65\/XHCmgpJRZB9OyhxABcAQQSUMlyZp7X5PylQs43MbEemG5LZD4aMK86EfSyduzhW1kr6wtZBIJI7MJb\/MCOqF0\/ebXOaYXIP5autWsClQmu8ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482995711939,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995709387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482995711939,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646482995732146,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXc7bJAADgG\/vACEYw\/wKgBgAG7vwYhgnsYq1gBEoAQAfrt7gAAAQEIChyG31fEqeLKFgMDAHoCAAB2AwMgX4ftb3H0svKlo38gLKwNa0xpkKciGui3rSBOzeSziSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tRMCAAAuACsAAgMEADMAJAAdACA\/mq72l\/X5wYV7xiehWSBoqC1e8kd0tL5DyVUibFxDIhQDAwABARcDAwA0H3JUn0f6qbdT3p32P454HXDP5IYRoxi3lMRFsJHODkz7xJR5rgRz4MUUYr3T2Jjw+aFRMxcDAw3vtHQjBW4T4HPZPzNcevH+ta4BZOrEGpO7JPPFGNMR+SZNYvq8Khg4xVIZT+TJqq4y1UdQbC0SHZwa\/cWCWVOHJ4ToIVpO8se5z1kQiKjO7tsa2hkllD1P0sE5LzYwhtMXNA34pNAfv+zFj8O8gPl5LrwDPa1lbD2QeNv0JAamm+bK1Ft6MAnnldnEPrq4Dkccu8V4aAK0s4ks79eKH0mEL0W9UbhZ\/5MCDtImAaVNE61E4X\/V8nN1yO04U\/M+zGq+QDSb6KI96yZb7pWQdSDUi8WnroCvk2JjcCQc8V2UmPAo9fJoyWPbso1Qcx9oZRbVGmpDVZpZJrOWGgi+06OP2BFabKp31yRGr4hDuEmV4NyDCCZTO+xQcDQhQmKL+4kf+QXUjoQxs4kZ88In0LC8TmMi9IijejQwkzlmz\/SzXuijmdP4d53ubD8lHcJlgRL3kBKwJzVPYcrYAX1CRyAMdo\/IbRMxxljQ3DomuICtMsuRYbp6mcwPqcIrAT7lmeHwMLiMyHvHZD1A84phaqUY6HK1zep6jPPCQZmcFMe30aF1x5yH+SkMcCyghsMHgbI1R7ukgiBmTOqo7jWbcmiVhQ3L3yDdmanbC\/X\/QWSu9qcxgRX7ZRVxVFJmzrTymCMDxFbbv2s3CZ0yeoVuu+IcPZLPrhl+Zu5URwP4SVK7vlh+4+GvIza4+GqkN\/iTotsJRUh9xU4kieK2ilr07rartoyURS14Wp5ysWUErig4i+Z+g9iCLb2Kl9qn2bQtpePtcXWE0zNCULJ7JKcijniRn2yuzvIbkXJJ+SK7X6gnb3S8RqXxvVa++ZzrhsMsIU1nRIA07F4N5mhI7fT2QOEr1bIB0sF0uUym9USQa2dyAvnC0TjciJMoOroLp+vr9nabRkfhC2rBP+CXRdy7SmA28jGR8iqEYPclnhbN6dpxNxc1ehduJDl3kVBB2ILxwRQaC2afQVb3RTsRefzNwhGX0O98j0\/UpFxsecWW6hkIRJ8PK33ReXB8k1u812Eir3c9+LWrCTMeng5jKJ8kaYlG+UUY7TZF6IJ8qxeaVvJtLvA2a95yHiFCLFCUfViAueCzeu1GIcNv8C1gMmzRalbCLIwqt\/eKesslRNFwLRiOzBi84gBDhUvvVhNjB1RHyyCCpB8MFBTrE5ciQu9PoVtt+eRfCvPulNoFZQ\/+XXXf5uN7WstK2SMAt8kd6Dm8rW5vjIat7oHHJOEVyrEXtFNLBmnsyp\/+A8uu9jhioaZcZu9PbsqgX947cUyzg8DzCw0VYjIzyvV3G+a2\/Dp989Tky7diemEbBta01GDvPjz84jn\/J2yStVEHLiyEi+TIicgi4S5FjZZFIQm3iLCFQn0EI\/LUligLugcu8t3StyiOntIzSbpLiYRvBOQnIAKh0Lq4Ldubzwflx6DfySliFcQtqXOW8YQd6ZIpT21SsUY\/aWaBZy\/s+VcZ73YYOW3ozEwB6pj1aTRZW4iEGdlMBjwMQsIDjKZwJh1m8Kc1S54TnIcrb+2bm66cbtdj1oRkqUnYQnBYu8GAY8z\/8pmY559B3eyC1WTmKaZPMDfFxDzfAZjcjEGDHNdHsDaJiqGd5E4e3X89yPf1bRwd3zq2Ak8YKKRjVBmHmZaDPd3TnmaIa3TKzkLGemc\/Rb\/maLvxxnCwh6Mshn4="} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482995732146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646482995689179,"flow_src_last_pkt_time":1646482995711939,"flow_dst_last_pkt_time":1646482995732146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646482995732146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","proto_id":"91.47","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"account.xbox.com","domainame":"account.xbox.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012464918,"flow_dst_last_pkt_time":1646483012464918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646483012464918,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1646483012464918,"flow_dst_last_pkt_time":1646483012464918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646483012464918,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NmFAAEAGec\/AqAGAKGGgApuUAbvrsR4tAAAAAKAC+vCXKwAAAgQFtAQCCAqLefivAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1646483012464918,"flow_dst_last_pkt_time":1646483012642016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646483012642016,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0h61AAOYGgoooYaACwKgBgAG7m5Tksd5d67EeLoAS\/\/96NQAAAgQFtAEDAwgBAQQC"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012642016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646483012643710,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItNmNAAEAGd9zAqAGAKGGgApuUAbvrsR4u5LHeXlAYAfZhOgAAFgMBAgABAAH8AwO1u+oefRTEOwSLQjLjHhVV0xmNEBLIePou\/aAHVOd2CCAPyrTST2MnYmbxM2VIZnvQo7xJWWszq6XT0HB3y7IoMAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtvdXRsb29rLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBWvkXIQj27ydSlWNcrtPVAAtDjckdSwzserfJQbjqaWAAXAEEEmLcB97hFECojXeQm9a5elnWgKYRExdFmjiW10ZfBGP+icRnFpjaWBz97zhMeOCLZ79LJYWeVZvs9jOUTVoTTCAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012642016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646483012643710,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","domainame":"outlook.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012642016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646483012643710,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","domainame":"outlook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821762,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch65AAOYGfOEoYaACwKgBgAG7m5Tksd5e67EgM1AQCAPV9wAAFgMDEU4CAABZAwNiI1ZE1H27b6T6JRvCm\/MD0luKFyMTDe3jrQbpiHy4ICC5MgAADb+Tw4RbiKuNvdQaqUF3iqCf4+0IdypYCofcN8AwAAARAAUAAAAjAAAAFwAA\/wEAAQALAA2dAA2aAAiqMIIIpjCCB46gAwIBAgIQBlZfm2qDLxvIgJ9OV3KS5zANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxEaWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIxMTIyMjAwMDAwMFoXDTIyMTIyMjIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9wlkgtAgWRPrtQjN+hjPY9n1E5BhRmtLNo5GgPTzKcmU9tJGqc3zsJF3xgbCIc1AB8dt7DonJfZNasePo6d0IRrMqsbrNLn0GUGS9qjY3dLxV51XQ61Sd9T5EQIE\/XwKZh3BtIehwUH0rE3omOA9+auyHPSNQb+BS4A5N6ZgG9TmdvEIgWfY9f1Id2M+DUxfatVW0Jp89Wvw8GBDfyzllLm0\/EDzmv3rk1vx4MWpb91yl2TwrYu1EMiyNNtVWRMGhTp1gkz5aMgVZO6TpdbLjcEUMxNrBEfUptVSqyzS++eERCA14Kg2rdfoONwwYHx3GIbJwcFbAJhsLXa\/I7dxAgMBAAGjggVlMIIFYTAfBgNVHSMEGDAWgBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAdBgNVHQ4EFgQU3Odtv0FtIj23r9K5dpo4sXI2NS8wggIQBgNVHREEggIHMIICA4IWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYINKi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CDW9mZmljZTM2NS5jb22CDyoub2ZmaWNlMzY1LmNvbYIXKi5vdXRsb29rLm9mZmljZTM2NS5jb22CDCoub2ZmaWNlLmNvbYISb3V0bG9vay5vZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIbYXR0YWNobWVudC5vdXRsb29rLmxpdmUubmV0gh1hdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlLm5ldIIgYXR0YWNobWVudC5vdXRsb29rLm9mZmljZXBwZS5uZXSCFmF0dGFjaG1lbnRzLm9mZmljZS5uZXSCFiouY2xvLmZvb3RwcmludGRucy5jb22CFioubnJiLmZvb3RwcmludGRucy5jb22CHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CGHN1YnN0cmF0ZS1zZGYub2ZmaWNlLmNvbYIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5uZXSCCioubGl2ZS5jb22CFm1haWwuc2VydmljZXMubGl2ZS5jb22CC2hvdG1haWwuY29tgg0qLmhvdG1haWwuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA\/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0EtMS1nMS5jcmw="} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch69AAOYGfOAoYaACwKgBgAG7m5TkseQS67EgM1AQCAPVywAAMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX3fdqGRAAAEAwBHMEUCIG19vZQ3ztPNq5S85GBThQ4+TBDHFxFC0nXZ4LXpUu3rAiEA8+M15TzZmOUopQftFbHUpCuDhU09pI7ZIoZ4rqlvzwYAdwBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX3fdqIKAAAEAwBIMEYCIQCCt\/CWyrB3z5L9JJQqtKhuKwSHXVPO\/nIzLQIRvE8QSAIhALAUu2+684sYBmTAWbK9qLsoHMJRLVDtf7PKkkuPEhCsAHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF933aiIAAABAMARjBEAiAmY6DHSC0PRZfjQURv9gfH7XNEvLtjnimdIZ9DL1pP\/wIgEm240\/6jgHbB2vouW4klCYLhx1mBUl2EGyo40QGnLN8wDQYJKoZIhvcNAQELBQADggEBAKs0Do0f0D7XJa8EwMbjj8gm+KWD\/Y615EL0mYouOSdmvSw1h3kWcf3Z3gP9p7LPMTiWc9WgaATbbQQyCdIiD4lE+y\/Hgw+bok2WmRbY6mYbpvHNrk5MrGqzAuJQP6PKt3aBz7PPYPmXPTacuSVPid0KRE9WekJR9Qbk7uWzQ9sUrU4qL0vpapgXTftedAVBzNTW+x6T9ZQXCGPbPWrvcN8p2WRUpvQPorVZ+8K6hKQ74Unfe858rN6lgFCEo0o1k\/W4HSPYM\/GX2BRkg5zPfLO7nMgTuWoOm6j0aPk8QFiDRXKTGIlkTm3CU1U8PU5zGVtJrxLepFiwH8haosDkiUMABOowggTmMIIDzqADAgECAhAPFxpIxvIjgJIYzS7W3cDoMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTIwMDkyNTAwMDAwMFoXDTMwMDkyNDIzNTk1OVowSzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzElMCMGA1UEAxMcRGlnaUNlcnQgQ2xvdWQgU2VydmljZXMgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGt9ocUeVQnV8cvBWg8mzzNZ+xFECyE8qRHxNlTQkUJu+T+M8HXvEYv0Yvmt7VneHxqcL79uOW2VM9MXqy4InRzVSkIc8hk99CVCQ55g1C\/X\/XUzJtCYY6ABLlBqs5OEpmbrNbFvlsCc7UWpKtxYtSY6kA5hab2uy\/o54fCi\/acMs3s+D6\/ied0I4JL2uq\/c6YlPP2\/qeVo\/\/gwomDHOy6j88V\/Ozv9DzGhfHQP0L8UxL1o8aXna6ffmwB+RiVO5ugT8\/YGx9RvCycgQl1hvD9g0nyWcsl8sIv\/+UgFUwT6Iq+3zVFdbd2QdAPwM0\/0x8A+VkZHr3Mgi9x6PqPyXf8CAwEAAaOCAa4wggGqMB0GA1UdDgQWBBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAfBgM="} -02051{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4435,"midstream":0,"thread_ts_usec":1646483012821897,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","domainame":"outlook.com","tls": {"version":"TLSv1.2","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58","blocks":0}}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185341,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":24,"total-active-flows":33,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":253,"global_ts_usec":1646495488872237} +02010{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4435,"midstream":0,"thread_ts_usec":1646483012821897,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","domainame":"outlook.com","tls": {"version":"TLSv1.2","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3s":"71d9ce75f347e6cf54268d7114ae6925","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58","blocks":0}}} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":185341,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":24,"total-active-flows":33,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":253,"global_ts_usec":1646495488872237} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488872237,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488872237,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488880478,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646495488882948,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5\/MpAAEAGQnHAqAGAD6Anu7NKAbvmP22RKbUG6YAYAfaZtgAAAQEICgT+3HEEQEeaFgMBAgABAAH8AwO25geT89HZVQIHdAvPqVcdroWBp1YfQbaMJ\/IT9jA01iAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFndXp6b25pLmFwcGxlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAfoSMbRE149N9PW6YpT\/B1gLVQ\/izORnimYk5vzkOPIwAXAEEEYgA3US97mm0LBVaj+yl1ih4nt3Ma4wqV+qwTQtcgUnIu95ynuvYl8aODuWCNRrQ8KDDItT25yW1YelOufG9kvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488882948,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488882948,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495488890513,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXc3OJAADIGbLYPoCe7wKgBgAG7s0optQbp5j9vloAQAebPtQAAAQEICgRAR6UE\/txxFgMDAHoCAAB2AwNJ2HRqoT52PRFw7cmJJgArKEzeqz+jlvbkw\/WJIh9cmyAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpRMBAAAuADMAJAAdACCiqYYCZfqcpaqWbOn8XpMx60m948SzpJySebBBQcJXcgArAAIDBBQDAwABARcDAw6p3GJeV40OLlIOgvs6jLGbPMEcdT4zKG\/rVsUsq9ymTcYjT7RyyNUzyEMQE+S2Zd7yCWPh\/OyiGHU6g8os2NCfseJGLoK7lbSLwXQa3FDIkf6yhpXHPGTc10MmnkAoDaVFX0aAZ5PLjqC+tXrOLCMEeUq3rQWeQwWvDvlbnzHvNaPAbd1NBT\/UAJ6Na5yRPrnesEFTl+9q5rCZ1fXvAoCX0glY4wCzt6l5vOP1A1nO4vnps2cZ9ThTckti2FChzBRLR6ClfR2SG3kjGN+1W4ipMLw0+QtWjvnS+WxrGHUNL2fovCY5M1fRkd3bP+yHpRWMS2p4dpxb9dVTLye9c1ap7SaIdd7\/HgBrivEF08UI7YeMs2IEerr4OOaHf1N0kxHNhtQ3bVXniVdYbR6zkSPli9+nnPjaNL4O8hez4C8MJXhsSukIcNDZm4PF4L\/rHSVZxTJQHDGlsiw4wwr19KcNmuoGHexlFvakHZ6PDkrqR7ujT9Ep6Dj\/CzQ592O+w6F9IsocfqVB56rY+bg6lajMzzOiakFaiBadRsPq2ENUszExC0jisja0iw4snp0\/+POhBKKhbdM\/sVfmeDfBzpi\/3wjEFn60tvJMYOaRpCne2S60gpFJ9qyepqTGMIHVY0ww\/9dEhDz+P46yv52XhYyewm6W74Tp59tfHLtqBHQFmO82lFAY7+2MbuGSPzAQAazKDYijfVnptZ48m+HWM5RxnMbYHQLaOPJGR8a+4bZ2n89Z6rSEfpkMFcu0YAqB1SuQq43+W4jGbpojxeEPrSpL2e05DJ5Td7zSaatqEKZLLoJLxArCEuhiO5xyQQ12BF7KYp+ykEyGGRaw8lRoNzFrZbolwcLJHNbiCqHsPQLLrqsWIBZMvXRQWNLk3zOCwr4gvtRVNRsxDTCJWoZiuZ3gXYo6ZT57kYkOtQAgWHUTz15wcxgIY6ZvzFFlzrOSETElJDMmreyYinxqBFgF9g5gsWbFrEjNBnDevi7joYbVislYKg6YD7zEweiWl+cBs5enDDuQNmgYBE\/YHqsFBdedvFjNr0qEgDpTRxGOWja9YpG6SAOOLYIX88admQUKSk1Rzi0esjjBPnt5tBRTJ0wWdv5EHqKTbfYUJDML44YwiAK3CNKWaiMowrqoyT7eKq1gJn2qr2kK7aHPu\/UkGFaycKY4\/z9cWbTM8GkZX4QuNkD6mWq4Yo25McmerRc2mv0HQBveUQo4zdL62txvtqlZE\/qf\/GuYRk9dEVG4D7o7nnLBCBg3Ln5JwT+0KIxZvsaLFe07yrHvILrhgOyqVYe86QwZYd3ARcSONBjCfwGzWlKPMT6pJZqd0QD1Fx+PEavK4aQ23zI5AcDyKlMOmhWqPhNXqPyZZRpKIyWKid\/\/TmsDguDOykvIDl7nSF8NSG871hK5WzkITmp\/zBszG3faHyeVPl8T8JMA2yvXwSCkNmrFzOPuzojqw1l4ab1OMPUqVLntrRXRFIwAcdhzF+19UWU0j9YQvmoU3xjbhvLNgkOtM8QMdNstONtHAHSSo4bZjVCFFZdC6Q\/CUmE7rdGltQcSlcqdkxPjZmqhxTzIrDNCtin1EVB6wuhVjWfwWHIN60C2CD8ay0MB3Gi+SHpOX6MeAvrP30pcgOuLqkKAB7VFhq4MbYWubAogOnNNhDcMknhXoa6bpJcD0O1KZR3urXANhx4EsWg30jyw6DXL3kOb8fH6pXnItSNnRB96FDbfluT58nmg91VBbygcbA4="} -01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"guzzoni.apple.com","domainame":"guzzoni.apple.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":1,"flow_first_seen":1646482825245035,"flow_src_last_pkt_time":1646482890229130,"flow_dst_last_pkt_time":1646482890325852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Bloomberg","proto_by_ip_id":246,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":1,"flow_first_seen":1646482825245035,"flow_src_last_pkt_time":1646482890229130,"flow_dst_last_pkt_time":1646482890325852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646482879566800,"flow_src_last_pkt_time":1646482879614533,"flow_dst_last_pkt_time":1646482879632889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4121,"midstream":0,"thread_ts_usec":1646495488890513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","proto_id":"91.231","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -290,75 +290,75 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1646495650748124,"flow_dst_last_pkt_time":1646495650748124,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495650748124,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GIFAAEAGaR3AqAGANHHChOIWAbvSHIRRAAAAAKAC+vCUIQAAAgQFtAQCCApnoF3vAAAAAAEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1646495650748124,"flow_dst_last_pkt_time":1646495650768253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646495650768253,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0H0NAAHQGLmM0ccKEwKgBgAG74hatJvO00hyEUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650768253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646495650768482,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItGINAAEAGZyrAqAGANHHChOIWAbvSHIRSrSbztVAYAfbGZQAAFgMBAgABAAH8AwO6eoC9IxGTkdV9vVeJGWk4znzi7kZuVq2WW+Nl\/2Sg0SCU+jy21h8ySE7r\/PfMeW\/+6AejiqSkX1JQLDj\/qy1dewAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAAABUAEwAAEHRlYW1zLm9mZmljZS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIP361tTnT+5yNMG5uzlpGoadVy4F1\/ksgWxYfkq0hvgPAC0AAgEBACsABwYaGgMEAwMAGwADAgACRGkABQADAmgyWloAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650768253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495650768482,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.office.com","domainame":"teams.office.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650768253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495650768482,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.office.com","domainame":"teams.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650804279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495650804279,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcH0VAAHUGJ7k0ccKEwKgBgAG74hatJvO10hyGV1AQBACfWAAAFgMDD1ECAABiAwNiI4ei5YRNuy2OmywGACayueg1qbPXmXIcqQLyEbh0kSDMNgAAahCvQqRJprL3QEMn2EkfKvJsk5Uz6nFmODR83sAwAAAaACMAAAAQAAUAAwJoMgAXAAD\/AQABAAAAAAALAA12AA1zAAgPMIIICzCCBfOgAwIBAgITEgAX5vHA305TdHMSCwAAABfm8TANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMTAeFw0yMTA5MDYyMjAyMDZaFw0yMjA5MDYyMjAyMDZaMBsxGTAXBgNVBAMTEHRlYW1zLm9mZmljZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZHV5h+NwsEBtaHtLKXJoP1ZQRHJt1aJ7UJXi0Nyg42Oq7rqdS9q50qaMOj8mjtDcBLe9a5nJdUTe5\/A83BRTsm+E936LxK\/HNHW8w1Nr62DgoG4pekVGA9CDOo3AGRtgan\/rbV8hCm2Uw+h19AxObusrWRf3oUegIrqXRr58ZAnq5sK69oKyLr5HvLtWPaArXeCmDrEzy7j1Y6RcgYdFlyC9jL8l8neIhu\/KaUiLODUqdwAxaNeINhwK8SfIQfziFO0BosI7RBicovG7geMHuhyNMMr0LDo\/Xq5kQ5h\/NdK\/+WWh4Ht4XsXJYns0PTxExCdY3QHLFxuZJw3SO47NBAgMBAAGjggQSMIIEDjCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF7vSs+5QAABAMASDBGAiEAonjfpBbSm3nHRZAbEfpncC3C5RzBbegUTYwBhoou1EsCIQCelUHtsbLdVgFYlsDftjojF\/hac9xApX58m5SH8+g5WQB2AFGjsPX9AXmcVm24N3iPDKR6zBsny\/eeiEKaDf7UiwXlAAABe70rProAAAQDAEcwRQIhANjQ3Fm5YD7ZKfIAkpLsGDcsq6sa8kYYvJc3USn3qMIlAiBT+tQvO5yR88ii\/dtdnt69nKOpLD2xAANcDUfS0t9WcwB2ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABe70rPp4AAAQDAEcwRQIhAJxP7ULGZ4kEuWGuTDMFNy1qboWh6IxtqNIco0Xn78syAiBxYJ4OPQkUcuezv1Ad1XdydanXi4j+lfe+ayssk92anzAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2Fho5Bh8KYUAIBZAIBJzCBhwYIKwYBBQUHAQEEezB5MFMGCCsGAQUFBzAChkdodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBSU0ElMjBUTFMlMjBDQSUyMDAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUh855pDsSg4T3Ruw4gLdcAilfT\/swDgYDVR0PAQH\/BAQDAgSwMBsGA1UdEQQUMBKCEHRlYW1zLm9mZmljZS5jb20wgbAGA1UdHwSBqDCBpTCBoqCBn6CBnIZNaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwQ0ElMjAwMS5jcmyGS2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC8="} 02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650804323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495650804323,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcH0ZAAHUGJ7g0ccKEwKgBgAG74hatJvlp0hyGV1AQBAB1BAAATWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwQ0ElMjAwMS5jcmwwVwYDVR0gBFAwTjBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMAgGBmeBDAECATAfBgNVHSMEGDAWgBS1dgwwEc7HkkJNTMdcLMipDOgLZDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBABuhwOU31koi5iKg9Q\/epQv9qBrE4Ltx8oVqrgYBKx4NnBjFi1xsPcTSZqNm0Nc+Gw5+PBUVzqYxMT8680kRWaFOS06XLASEY\/amlybn4b\/hxyklpXHbiJoQQhERkyT9vZjwRnFbiHS0DVMifhsugt0\/9di59YclEiclB3NQ7Wan13Bf9rqNkCsETRZCv9atvi0Ek9O3vxaDAOPToOs5FEQ93fgmyUe5q9H26VKbI2Iet8RyIgeEENOW9gtEMLTVmeFAZWKrwzh7Ullh0joA6eTTZOBllDVv8VivhxSZ3k781FuCYxMcZQvaXJo1RuiMCto7iZsF0zihXdnQIrEPFLUQAjzUJhyKtdv7zYw0tpfrlJeNkPIHsqcUqL8kezdGuCGyjXSgiB0H3fvHzOfg6gyZlYneoXdGGNnH4vNOvWAA1PdFPX1AR6a0hVY8T4t5Qlpwh3XY6IsCqvNFnkrZJ4MXuNhuYjrCPYvZ\/vbYQgEs7J\/rBmgiWcHaav7NICHOj8OW+m9O97A2NbUX\/BDbDkSh\/z8ZUv\/eD0QxNWhIjizJYm\/wpgcOBI+U4SMREYmxiJC6q5kOPzdBENNvGECbAkLE97X+k+RqZBSLBzioT3VFYeJMqvTRtHQpJGMVYHIq2hCf4oV8hBgPu3\/Joywosj1FMvOsl\/tDInVTb31fpWhxAAVeMIIFWjCCBEKgAwIBAgIQDxSWXyAgaZlP1ceseIlB4jANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDcyMTIzMDAwMFoXDTI0MTAwODA3MDAwMFowTzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEgMB4GA1UEAxMXTWljcm9zb2Z0IFJTQSBUTFMgQ0EgMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqYnfPmmOyBoTzkDb0mfMUUavqlQo7Rgb9EUEf\/lsGWMk4bgj8T0RIzTqk970eouKVuL5RIMW\/snBjXXgMQ8ApzWRJCZbar879BV8rKpHoAW4uGJssnNABf2n17j9TiFy6BWy+IhVnFILyLNK+W2M3zK9gheiWa2uACKhuvgCca5Vw\/OQYErEdG7LBEzFnMzTmJcliW1iCdXby\/vI\/OxbfqkKD4zJtm45DJvC9Dh+hpzqvLMiK5uo\/+aXSJY+SqhoIEpz+rErHw+uAlKuHFtEjSeeku8eR3+Z5ND9BSqc6JtLqb0bjOHPm5dSRrgt4nnil75bjc9j3lWXpBb9PXP9Sp\/nPCK+nTQmZwHGjUnqlO9ebAVQD47ZisFonnDAmjrZNVqEXF3p7laEHrFMxttYuD81BdOzxAbL9Rb\/8MeFGQjE2Qx65qgVfhH+RsYuuD9dUw\/3wZAhq05yO6nk07AM9c+AbNtRoEcdZcLCHfMDcbkXKNs5DJncCqXAN6LhXVERCw\/usG2MmCMLSIx9\/kwt8bwhUmitOXc6fpT7SmFvRAtvxg84wUkg4Y\/Gx++0j0z6StSeN0EJz150jaHG6WV4HUqaWTb8="} -01578{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650804336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3926,"midstream":0,"thread_ts_usec":1646495650804336,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.office.com","domainame":"teams.office.com","tls": {"version":"TLSv1.2","server_names":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"104071bf77c5f0d7bae5f17542ba9428","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80","blocks":0}}} +01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650768482,"flow_dst_last_pkt_time":1646495650804336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3926,"midstream":0,"thread_ts_usec":1646495650804336,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.office.com","domainame":"teams.office.com","tls": {"version":"TLSv1.2","server_names":"teams.office.com","ja3s":"104071bf77c5f0d7bae5f17542ba9428","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669804673,"flow_dst_last_pkt_time":1646495669804673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495669804673,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1646495669804673,"flow_dst_last_pkt_time":1646495669804673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495669804673,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GxZAAEAGN4nAqAGAbIq5aoOAAbvmWe+jAAAAAKAC+vCvxQAAAgQFtAQCCAqEU9WfAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1646495669804673,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495669812499,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8yYIAAPcGEhxsirlqwKgBgAG7g4CERzW35lnvpKAS\/\/\/nPAAAAgQFoAQCCArIqUDThFPVnwEDAwg="} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646495669817020,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5GxhAAEAGNYrAqAGAbIq5aoOAAbvmWe+khEc1uIAYAfZdLwAAAQEICoRT1avIqUDTFgMBAgABAAH8AwN96ffJWUDTazcjPKRqPmlOCDA7EP6e0q+5Knlqzgn4siDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cucHJpbWV2aWRlby5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgGExhTuOW51jqeKeMnZIkirN5TNVDUu2atdTJKyWyDBgAFwBBBNa6zHPDKyGGZ8TLrmG8xe75hAb+vBq5zYOy2EFwzMFPukEZchYJ5onOljVZmDEEihxmPvbweI2eyfjNpyF4jCAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495669817020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669812499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495669817020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1646495669824646,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXIyYUAAPcGDI1sirlqwKgBgAG7g4CERzW45lnxqYAQAQXOcgAAAQEICsipQOCEU9WrFgMDAHoCAAB2AwPjGPqRWOOZxoE8Is66m3RbsRkzGxkAVyndH8vLKDSFwiDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1xMBAAAuACsAAgMEADMAJAAdACDISjE6jXcvj9RkZAQbID3cTd8KiX3I6r8KlMDUfzpPOBQDAwABARcDAwAkpXCZp7P2SmWlib1QnzplpoJ0swWQp1U5VYR06dN6UDtp8KXMFwMDFUWkGP2MGe3FAwGKBhFw\/Jol1Cslq4CaNEUF4psGqChmXnyKIxZ9bGet7KJMQSMSmVps\/wJ78uDP0zpsjLU+9DI0yiZeroYWeNtF4WO6IC6m6KH2ZqyZGg6mBln66ppe8Q2K7bAz3F3AA0XuUIubsbaI6Ob5xMmHyRR3u+t8nkVOk+CjcvdxoDy\/sANcJlvygrPr74Oeo5vNVLlWCTGqYVU6QlfZqQJ3QnY\/xE+ojgaWujmoQqETzZevsrLUPdnqUxHUs9e9cpjzkB6+5Q2VLYqW1wxAUEKvTKDhKq1YG4fKYU2iyvJxlHYWk\/uPHeEgmu98EKFLLBYv6ZqAisqpbnEbRU06WqOVb2Mx0jHGuZJaJsUhl9BBdifJPOyt4jzzvvflym+nG\/f5RsoekLx4I3eqlIfqYzVKnwepYJmTYDVWJJzV6kf6xt0WtCxQRgyClopmVxjByYUgRrzZhpkr4haP\/bisqUAXy0DS10EmVGcuT\/\/BlEnHqtm9b70DinljQu4e7LsuvkmJDqIj+eqlL9K8TLQN3XWrNefrwxAUM67y7WmtUYR1HskcrIsb9cLZNbZa11tXGjPtIx47b1SrhPyFPwQYKhpLs4B6ZOjI26Mb52wtP7MByGLSreL9dCImwZXH1g8dMYIgAzodAkCs0y+UfpADrwvK5Na3F86\/LC3Yxx8TqI7tDwYP\/noxruaJ3Z0e4d5osqflvLnkjykiJYvAp0iwD6RXLDcg5QbBZC0omKLL2eeCegLL3z3xcxzLXLCElnvdWSTEdX2KM\/6xU\/fcSCXjw1UW60R\/+PcNGh6JnpG6L9fHdTOpY0ZCYTMjtwuGtdJxyamzcgfBlX3hwkJNjJSOR5Sz1W6nUFSbNl\/Nvt1GCViAIBmX0aHSd4QX3NFyYH8nRt4QW7y66WRNjQvXholMEcwljQRtRINDG+tTs+X\/N+\/4MaSm9avp3D2q5M72pWibbtr1p4kJvt\/49cGAOSxbbSR9VtW3JAk3uEFtpton9E9dVfF3XswDIfWyBMpQGIyRU2I7ikBzEeqptwmaI3LVSw\/tsaTNEmWypf846ELIWpxhVRxr4N5NcdDBI7pck\/uB3RYMLbAVRZRY13iUzKkqXqCqGrUmV9d9MrkFXI\/WaIrItdGX0TpRiVcSbmMlgipUjXB5Wpendqsxsm37vdc3Yaq+4CAP+vO8mZ+UUwAjRe4DvJzB5rUaUUGDIQlPLn7p7aS3odLZbgqmos7VNwyBEJTuqtC800r1GZq6B\/tnBme0\/v2BpkbWSRuM5m6WQKlPAG\/zOtbk\/ZVj\/Z7JNeDlzl29F3gOXMq0dp1Ik5040UJDvF6XCIN3i+22Q83JDnLeKVV+bUwHCj+33x\/hGx2vBPyng1TfhKUB9ypvsJnPEZOebIumH3VFPlRvc63pYo\/j2e\/xOlyXd4apuGMcj7LHNuU37mTvGgT2RMTztUOVJC0MEFgzWfSfGaR\/AOOtS\/5Rh5Tfa1v4ADdqzkpGWw1fTB8N5+nCcqq8lX6x7ZVw1lpibzaWDePIBIen5U+z5Ta5n70bzX14q4OTZS9LhwJinWbq1uUJC3Qxax+Tgs4QTr1SpjCOf1htCHr0iEf5yrvqfXrbCg5+Qtiny27tDzWoYEp4+vN8D2fPj52oz9fDwK6Id2cOhs9frfcJuQjW"} -01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495669824646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646495669824646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.primevideo.com","domainame":"www.primevideo.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697787579,"flow_dst_last_pkt_time":1646495697787579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495697787579,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1646495697787579,"flow_dst_last_pkt_time":1646495697787579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495697787579,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TvVAAEAG4RXAqAGAjvq5jtyKAbuisGnHAAAAAKAC+vDU+wAAAgQFtAQCCAq56si5AAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1646495697787579,"flow_dst_last_pkt_time":1646495697803322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495697803322,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8kPwAAHIGrI6O+rmOwKgBgAG73IpV9E4KorBpyKAS\/\/903wAAAgQFlgQCCAoX\/J8euerIuQEDAwg="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697803322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646495697805649,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5TvdAAEAG3xbAqAGAjvq5jtyKAbuisGnIVfROC4AYAfb\/+QAAAQEICrnqyMsX\/J8eFgMBAgABAAH8AwMm2R5Ju93q7BO1hUBCbI67+PD2u7\/isSvjCgLKpqok\/yCAWXfAe1hCLkH2e7v9afeyqpqQSwrsncirtbeBJ9H19AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBkcml2ZS5nb29nbGUuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIN3ozE7d4X5ID5WvLeFvcVfA+y6MygI54w6MzPaYwOcyABcAQQTFpbayzL1z3QPN8cTTIDg5o4CXfe8\/xuT5UCf9QOlCuSljPogKq5ahl7f7neEgUhdrgF5Z8PWW8a+71cG5NS4HACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697803322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495697805649,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","proto_id":"91.217","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"drive.google.com","domainame":"drive.google.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697803322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495697805649,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","proto_id":"91.217","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"drive.google.com","domainame":"drive.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697827917,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1646495697827917,"pkt":"PKn0qB\/spJGxgjQ5CABFgAW+kQcAAHIGpwGO+rmOwKgBgAG73IpV9E4LorBrzYAQAQWmwAAAAQEIChf8nze56sjLFgMDAHoCAAB2AwMjBkMjuNSjuFf3T5UB4VQShW2RMJb6nEg6tFPsfNt4uSCAWXfAe1hCLkH2e7v9afeyqpqQSwrsncirtbeBJ9H19BMBAAAuADMAJAAdACBW7hcDghrrfOVqTYuuWsn+BUfEe81z8jRNsz6xFFKMRAArAAIDBBQDAwABARcDAxmG\/7x64IjG8oCepCcFONQfGHK7iGU+HQXLn33iJXlMlTVn0vqqiiz5vBS9ksLT4+EgsUpCjVec8m69tQXQb3Ymxs3kx7EpvP5amsscWBKZ+hAM+Vh9sCac13DkAH1CeGITrgIL2hAxobwm8ZMuzGkvSZgs3oFQxZ35\/jMeFpmZhK9Zd2FIvlVKkVNJt\/y\/ztdvUdS6zLlMqS+Xhpt\/P5PPVJGfAL5qA+hP6Rpyon52yHeceX32Qj1Vjzsqep\/IohLCYcTFolUanyUQ4S0KIY9+Urws43ojewBs1EpDLPj5ZCjh7jHRYaviyTUzBQEX2RoBovRPdCeD54V1P8811Trd6DAWBj\/ba48R0nfal0t2k787IJrKPCQHAXpu85a8jROv7CrVcgbPySrgeuXku80G3YIJTVRkk0+NMtMoyKC2jszgv74QXr3LT\/WSrx0y6+V9hHR3EYzG53YVhNqSE6VuO8A5llGKWNGuSL53Tb0tH2\/K5mvnUr0EQCKaKNYtQ+SDLDCoGNWaNNcLmfVyF4knjKLuab4CxjML8qWpKEnt3K\/KEQigYRsL0GO7bFq4IbuP33F98NgygV0puYYQy7TgHs8fLvCn5yg2WUb\/+LWtGNLGIYQdhszTiyotBbKSuRttV4DpI6lMToRKQnATVw8CbmDk\/jowdZW0W1or64L9L3ZxCicGKZV++AxOtXEVOetaHMClQLhvQhTxxIXd8r4BZfGaog\/\/rLT63URpSxtxctPI+sttfSkc4jvfKYgQMDkQ7PBY9vrGRWFNfnRcn\/Q0x7IMAPIQzFoRuLPAsQlmWp\/L90HztCWVRCByGxYHWokBVfWyKVVzMbHLtb1bfuWymzxEIqUqpFNaWfjhhnLYXiWjGAaD1L7jwQ\/IzvEECGZ6phyR2oJPMN7U0UGSWiTGxGT4MlJLNXhyLh25dviSl5FS+OqZWw4vxBCCI1xR3hW1mNXYYvMcTC1sTGmYCDOPxaV8I5jCb6APNAOtXVdRQxkr+fiFa8IhfmoDLv51qYlbR\/\/AVItwte0HAf57K2Jp30u3e22SNpmFbIHlqcQvCTePEZdlwfwk6BSymdFNzDJbc51ukjo8wA\/2Mm8c03+5QV4SzOhcq1x6aVzdpIAsSzRVL2ho0KlQFP29TcOaCgoazFw2QiR8Z530XVtBwmGM1P3+OZ6+PMJbpTB4DqeEIOHSyB8KDfY6n5Sw\/HP32c3eYMwhE5NOgCK\/aMzPWExBPsI3rHroWyi3T1\/ZhDzfglJ+3BaRXbFuwCSB3LvNE0MXL02sof+8eO1JwOvDFoauJOSiK7G8ri+3FnVavKXkFqm5jMt1+JJZ63z+R8vfBgpWHI5v6ksxs44ocJ2+TVsu3LXX3brnkLCB++P4jdI8izaiOBcCo2XpT4SUxWWs1OlbvNzZvsnRBb4OwMnw8Kmt+amOOo9KZ4dx8X5eqc6ishhDFKcJNMOkWgC5lCad\/YJnjmLO0ceD6lzKIiAkYgDtlZvU2KGjfLQ0zKuFZftqH05cBvAGBnyHvlNFqK5khZiB3RVSUB84J\/8gevzR+bNmGoHhxEQTLpdSBgHGIl8vGg+MQbc6duds71bbqci58\/krKTk6Dsblu1\/\/l0EEiwYqw+8pAZ\/aOpB5cbyd1rJ1Hu6PT7okAWEnT8A6aGOBJ7t33KjpYPBzXrzfhGiAieFwEidjAZTzrXcJGyq58d0aDBM="} -01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697827917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646495697827917,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","proto_id":"91.217","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"drive.google.com","domainame":"drive.google.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697827917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646495697827917,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","proto_id":"91.217","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"drive.google.com","domainame":"drive.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710343950,"flow_dst_last_pkt_time":1646495710343950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495710343950,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1646495710343950,"flow_dst_last_pkt_time":1646495710343950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495710343950,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tchAAEAGPx\/AqAGADVF2W4FOAbtTwyfkAAAAAKAC+vBryAAAAgQFtAQCCAom4HXhAAAAAAEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1646495710343950,"flow_dst_last_pkt_time":1646495710376199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646495710376199,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0mxFAAG4GK94NUXZbwKgBgAG7gU7a1m2vU8Mn5YAS\/\/\/iBwAAAgQFoAEDAwgBAQQC"} 01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710376199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646495710381269,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAIttcpAAEAGPSzAqAGADVF2W4FOAbtTwyfl2tZtsFAYAfZlCgAAFgMBAgABAAH8AwMcPgJU1zrnl+hPKuEgTOmCA8DSxG0x4ZP+nrnS1ukwmSB2tLYK4RsCmYHQ+tv7RzCytXVHC3ipih0buXJEGgMzzAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxvbmVkcml2ZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgkhEItWzjEiug\/WBaiPCJVLwOMCFSobcq6gZ3ZM5d7hUAFwBBBKUDUTjCPdZ8Ll1S+z857hqnZsJZ3Vatea3adXIfU3XxBdTrso0nY7PLm8teDMagz\/bdRE3yXoqXxIphrdW4ROsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710376199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495710381269,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"onedrive.com","domainame":"onedrive.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710376199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495710381269,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"onedrive.com","domainame":"onedrive.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710415097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495710415097,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcmxJAAG4GJjUNUXZbwKgBgAG7gU7a1m2wU8Mp6lAQCANgpgAAFgMDFsoCAABeAwNiI4feoEoKP3I3CdJ4sDFO3BuDpC7rFmqWm4QRfpSjJiBNIgAAst+U8DPkQWm2nccVUJ2TFGizMiUJjRRWvVyIpsAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADh0ADhoACLYwggiyMIIGmqADAgECAhMSABY7tDvBQMLQD1gyAAAAFju0MA0GCSqGSIb3DQEBCwUAME8xCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIDAeBgNVBAMTF01pY3Jvc29mdCBSU0EgVExTIENBIDAxMB4XDTIxMDgxMzA3MzgyNFoXDTIyMDgxMzA3MzgyNFowFzEVMBMGA1UEAxMMb25lZHJpdmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6M4TKEOtsydwK0gk2Qpndywdv7K655kZl9DpvHQTqbG8+JTigP54mQxQhhYqGvUSIhxm7+arTn3RClb23KP0YST09bIy5PgvMoRXvCmydw9wkIqYfHMW\/kHNZNOBME7WKwNFun5jY\/cMdmRjsCLJxAO7QOiEpDcM5646BmpHG6jxjLCWSEcWvnO5AZAkMyyQBLnDYdzNSQMzdA2ym4ljwMrig2l8bjVVOJYJjrbeTefNEzUuAf0k3mEAw82zuJaFt\/6pnqhQQe\/lR81NVZ4bRNNgT33UOYPc+ekWUhxn6hIx0BkPkk8WlxF9MiPq\/qpQ74qgOKxDcu22TwCeK4vKwQIDAQABo4IEvTCCBLkwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB2ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABez571FgAAAQDAEcwRQIgFyHEiUTiORwDnx+eNf+yDJ0BuJSaT36p1neAXJK61O4CIQDQWABqwY8NAOIICxniHASKuKeYdAQ8QfySGjqwBnE9FQB1AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABez571GEAAAQDAEYwRAIgfNnYzNPNG4iOz0lGcHtb6Nv3g0g8lXttIxegSBOM4AwCIDsR6e9UV1Wij7UZAv4lBJFc9vjkAobhEO1zJUB1cWXPAHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAF7PnvVFwAABAMARjBEAiBw84G3c+x82YV7tJ21NlE3onfX6p2I0OMcLwYCWLVbgwIgNwWmsGEsKlUIH3+g5ZaBfhSgtJ0lIqkQyJe3Mg1gkEYwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDATAKBggrBgEFBQcDAjA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhYaOQYfCmFACAWQCAScwgYcGCCsGAQUFBwEBBHsweTBTBggrBgEFBQcwAoZHaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwQ0ElMjAwMS5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFOsHNlp\/A4ATvAS2MVxy2vuUB2DTMA4GA1UdDwEB\/wQEAwIEsDCByAYDVR0RBIHAMIG9ggxvbmVkcml2ZS5jb22CCHAuc2Z4Lm1zggoqLmxpdmUuY29tggoqLmxpdmUubmV0ghMqLnNreWRyaXZlLmxpdmUuY29tghMqLm9uZWRyaXZlLmxpdmUuY29tgg4qLm9uZWRyaXZlLmNvbYILZC5zZngtZGYubXOCDyoub2R3ZWJiLnN2Yy5tc4IPKi5vZHdlYnAuc3ZjLm1zghAqLm9kd2ViZGYuc3ZjLm0="} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710415142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495710415142,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcmxNAAG4GJjQNUXZbwKgBgAG7gU7a1nNkU8Mp6lAQCAMrkwAAc4IQKi5vZHdlYnBsLnN2Yy5tczCBsAYDVR0fBIGoMIGlMIGioIGfoIGchk1odHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBSU0ElMjBUTFMlMjBDQSUyMDAxLmNybIZLaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFJTQSUyMFRMUyUyMENBJTIwMDEuY3JsMFcGA1UdIARQME4wQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAIBgZngQwBAgEwHwYDVR0jBBgwFoAUtXYMMBHOx5JCTUzHXCzIqQzoC2QwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4ICAQCGkp\/5A4unIobaSLCqv0EROk6dP9NJO2qAhEzd3EaZ88LNPL0rrRdDFh837d9padYUl6afpISt\/vf8r5JfY7p2NAIXyfpXmMabjzoy2ShFI5Nz1W\/TL775BwVv9dU5mKxhAryZjwNrTWKkzGlf5cjC9Q+1S\/J6fIgJP1mZlNwFKK1hEx4QE\/GOIPBIQfmVgo8KU7aLaAQpHYmm+TVt5cUKiL+1yq5simdJUvrf6tmOM8GyRBNKutRns7sTD+IBkZLy08a\/u7Pb2+hDQEyRhUkjF4ZpweAtZbPw+NGbjrX3ar3mpjZyQcniQirFXXRuTwF8jmJGfE76WSCwyTm1g3pPgTWqQ2vG4QUKCyvCOvV6NN4rdSg1Mj\/Jng3IaMRvvkbFLNeCKnhY43lVqccHmqmFzwMKHJhxN7+mP2oEUbffAxfbyCe3\/6w2ZvTOOKdM5yQ2ydLMm4msRs6iiRXAX46nbCQiSxn3fZ2uWIclcKejfYQSROa3\/9hwWlJnwdIbT2klSXuHr6xJBd3dygrgUH3ap5fPgNrbKkigSTpL8QyxHfvr+uHMk8pKEK9IP5KzHI9WWuFZlVjk7VE83V508LXHk75wGT0p+c5whz2r17pahA+6qY7VVCMkSURcm6RCgI2hL6qL51F2fXfWSUkxuM0jrCVWAsDhqqjUGXESEUpbpQAFXjCCBVowggRCoAMCAQICEA8Ull8gIGmZT9XHrHiJQeIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0yMDA3MjEyMzAwMDBaFw0yNDEwMDgwNzAwMDBaME8xCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIDAeBgNVBAMTF01pY3Jvc29mdCBSU0EgVExTIENBIDAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqmJ3z5pjsgaE85A29JnzFFGr6pUKO0YG\/RFBH\/5bBljJOG4I\/E9ESM06pPe9HqLilbi+USDFv7JwY114DEPAKc1kSQmW2q\/O\/QVfKyqR6AFuLhibLJzQAX9p9e4\/U4hcugVsviIVZxSC8izSvltjN8yvYIXolmtrgAiobr4AnGuVcPzkGBKxHRuywRMxZzM05iXJYltYgnV28v7yPzsW36pCg+MybZuOQybwvQ4foac6ryzIiubqP\/ml0iWPkqoaCBKc\/qxKx8PrgJSrhxbRI0nnpLvHkd\/meTQ\/QUqnOibS6m9G4zhz5uXUka4LeJ54pe+W43PY95Vl6QW\/T1z\/Uqf5zwivp00JmcBxo1J6pTvXmwFUA+O2YrBaJ5wwJo62TVY="} -01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710415159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5839,"midstream":0,"thread_ts_usec":1646495710415159,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"onedrive.com","domainame":"onedrive.com","tls": {"version":"TLSv1.2","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB","blocks":0}}} +01666{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710381269,"flow_dst_last_pkt_time":1646495710415159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5839,"midstream":0,"thread_ts_usec":1646495710415159,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"onedrive.com","domainame":"onedrive.com","tls": {"version":"TLSv1.2","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710534404,"flow_dst_last_pkt_time":1646495710534404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495710534404,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1646495710534404,"flow_dst_last_pkt_time":1646495710534404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495710534404,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CqVAAEAGNnfAqAGADWsqDd4EAbvOscftAAAAAKAC+vD21AAAAgQFtAQCCArXIg8YAAAAAAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1646495710534404,"flow_dst_last_pkt_time":1646495710555642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646495710555642,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0VKNAAHUGt4ANayoNwKgBgAG73gT+RZAmzrHH7oAS\/\/9wpwAAAgQFoAEDAwgBAQQC"} 01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710555642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646495710557378,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItCqdAAEAGNITAqAGADWsqDd4EAbvOscfu\/kWQJ1AYAfaM8QAAFgMBAgABAAH8AwNoOd\/HU8dseMv53a0gjDg57feHmv3ZKYt3PSUCEOAz7yDC+9qh9Lsnn2pjQO0NmdEK9+51DwzlDpkQTXJ0hGSXhgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFvbmVkcml2ZS5saXZlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAI7FYCMeLngdMxbkPLy3IoQelSFCsyCvetq1oFf6z+UQAXAEEEWlI8xcTn+Mao6N7i2Le6X1KJI9pYZKIE\/2dqJMzsIrHC0C7HZlpYDP5BCM3Qrb983QL8azL17uscE+MtJARpvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710555642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495710557378,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"onedrive.live.com","domainame":"onedrive.live.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710555642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495710557378,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"onedrive.live.com","domainame":"onedrive.live.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710577506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495710577506,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcVKVAAHYGsNYNayoNwKgBgAG73gT+RZAnzrHJ81AQCAMfFwAAFgMDFs8CAABiAwNiI4felTmEG8xpkapnJZuLa\/s2HG1u+44zHSW4IrV27yB5PAAAf3fmivAcjmvMkcxXn29cxFgr9j4j+aMPxItMfMAwAAAaAAUAAAAjAAAAEAAFAAMCaDIAFwAA\/wEAAQALAA4eAA4bAAi3MIIIszCCBpugAwIBAgITfwAihO16gpMe82GhXwAAACKE7TANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMjAeFw0yMjAyMDEwMDEzMTVaFw0yMzAyMDEwMDEzMTVaMBcxFTATBgNVBAMTDG9uZWRyaXZlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoAmzA76zsofw7+fOUR6E1VJOItV6B42OhVLaXLBUkB\/DhNSK9Xwb8QSOHAEGpQdy0kvP28+zPgkBPPhQTf+93f+EYRB7Xu5P+bRtuYUIL+cpzvSLYELShoz3SJ+CQy3BOKLsqEraQ4EfPsNYX3QjrARzFGSDp9fY2bJbj3\/0e\/W0WvqafYuWX33WHzTqGCDleTqGmDPGLDkX\/IuBmF+BEGK17CvW3rMbqk8TH4lF1T\/ooVMPgBmiwvXSWzM7FXCvDPQOCIOyyrChq41ftB6fq5jbjIM69sKIAiVR+0H3ZYE+\/HYGvl70aEmz+KFIBgM2a79yTdwFZQoK\/uBiFmt30CAwEAAaOCBL4wggS6MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX6yqhjBAAAEAwBHMEUCIQCNLiElLMspsZARKBgFdiLnLjTr7bIsBQKjx\/HdJ5i\/AQIgCHv321Kesd0Xv1WzojtEsrdJtvb17s1Ive\/jZojLpNMAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAX6yqhcvAAAEAwBGMEQCIHNSg7SIpma30Bup8euV94y5w51P3\/EPEyajGtKwJfy\/AiBJpNTb1WgAwA86eqbtihKaMYdiPOrEJVXPoDQHoY9mYAB2AK33vvp8\/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABfrKqGksAAAQDAEcwRQIhAMk79ZnrtAY16juHuToTQfhZwbbD6N+4gUHjJAmOqdOMAiBIvxRBhwrUcc+rkCTZBLoC6PCJzJb3PHlr8AqGFrsG2TAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2Fho5Bh8KYUAIBZAIBJzCBhwYIKwYBBQUHAQEEezB5MFMGCCsGAQUFBzAChkdodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBSU0ElMjBUTFMlMjBDQSUyMDAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUa\/En5jNYVPlWNaZtHxS1i+inhGMwDgYDVR0PAQH\/BAQDAgSwMIHIBgNVHREEgcAwgb2CDG9uZWRyaXZlLmNvbYIIcC5zZngubXOCCioubGl2ZS5jb22CCioubGl2ZS5uZXSCEyouc2t5ZHJpdmUubGl2ZS5jb22CEyoub25lZHJpdmUubGl2ZS5jb22CDioub25lZHJpdmUuY29tggtkLnNmeC1kZi5tc4IPKi5vZHdlYmIuc3ZjLm1zgg8qLm9kd2VicC5zdmMubXOCECoub2R3ZWJkZi4="} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710577547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646495710577547,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcVKZAAHYGsNUNayoNwKgBgAG73gT+RZXbzrHJ81AQCAPC1wAAc3ZjLm1zghAqLm9kd2VicGwuc3ZjLm1zMIGwBgNVHR8EgagwgaUwgaKggZ+ggZyGTWh0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFJTQSUyMFRMUyUyMENBJTIwMDIuY3JshktodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwUlNBJTIwVExTJTIwQ0ElMjAwMi5jcmwwVwYDVR0gBFAwTjBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMAgGBmeBDAECATAfBgNVHSMEGDAWgBT\/L3\/hBvQ48y3tJY2Ywv4O9mz8+jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBAMPsJfwqCr1vkmJ6xmjJ4J\/CR0ZN3Mxkos0A3EOeiRumGDDStRW\/V7tBzbpdr01AuMj7xssX78Pp\/J7WpMC+7YxKBWsZz7yFoQ79Gb+N79O\/wp6Ybr\/zyPix402UQF8PueYMQL8Lrs9tQCGUljs+pyBTcshtZeb4zivWV9fju99elwrQIohl3EiWNgRG3Dd3w+nRp0mtGkvJO624DK2U5yBVYFJKEZlB8mAygLF3A5SNVep3MDnfWFE9hZBrnSWdQVwFEFOPI+CbdRZi1+Enep8vd5HjCMu+hjiNZyROz459g3yXGgyaeg\/tl6FxDpwgyeVRV2nDXbXpfxaFDaMkaA4qFR+ar6Zos9Sm7wYAcc2pEihbm04YGGkQwnPo5KTKxcpSaRcik5Q6kzEjJlERhWKLihgYQwblXixQTiDtWoTQvfniIdWPlio5qYxjB3B26k5MZhmdn10RNh2KU0JLiJFZAazSqs26VEXIowPKd1AAYri+U2AwW0jm3zHHaD+\/sScG9chnnQ6qoI+R2qQ2eePaXtQbX7M9VNw\/vimognxXI\/6uLTpOzvnzakE5En2+kVCOMx9RpMpDBtpj\/yt71K2XVcd0jLWilv40K21K+vi6ADQw\/Xj2AhzWQo\/AcF5u8Q5vDyqUKbuKiVPcS++qvLlLILpCOgN2uxcO3HOnNjjdAAVeMIIFWjCCBEKgAwIBAgIQD6dHIsU9iMgPWJ77H51KOjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDcyMTIzMDAwMFoXDTI0MTAwODA3MDAwMFowTzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEgMB4GA1UEAxMXTWljcm9zb2Z0IFJTQSBUTFMgQ0EgMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD0wBlZqiokfAYhMdHuEvWBapTj9tFKL+NdsS4pFDi8zJVdKQfR+F039CDXtD9YOnqS7o88+isKcgOeQNTri472mPnn8N3vPCX0bDOEVk+nkZNIBA3zApvGGg\/40Thv78kAlxibMipsKahdbuoHByOB4ZlYotcBhf\/ObUf65kCRfXMRQqOKWkZLkilPPn3zkYM5GHxeI4MNZ1SoKBEoHa2E\/uDwBQVxadY4SRZWFxMd7ARyI4Cz1ik4N2Z6ALD3MfjAgEEDwoknyw9TGvr4PubAZdqU511zNLBoavar2OAVTl0Tddj+RAhbnX1\/zypqk+ifv+d3CgiDa8Mbvo1u2Q8nuUBrKVUmR6EjkV\/dDrIsUaU643v\/Wp\/uE7xLDdg="} -01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":6,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710577591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5844,"midstream":0,"thread_ts_usec":1646495710577591,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"onedrive.live.com","domainame":"onedrive.live.com","tls": {"version":"TLSv1.2","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D","blocks":0}}} +01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":6,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710557378,"flow_dst_last_pkt_time":1646495710577591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5844,"midstream":0,"thread_ts_usec":1646495710577591,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"onedrive.live.com","domainame":"onedrive.live.com","tls": {"version":"TLSv1.2","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495749875318,"flow_dst_last_pkt_time":1646495749875318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495749875318,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1646495749875318,"flow_dst_last_pkt_time":1646495749875318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495749875318,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8bgJAAEAGHN3AqAGAgeJr0q\/WAbvpKcA1AAAAAKAC+vDq5gAAAgQFtAQCCAoyACVaAAAAAAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1646495749875318,"flow_dst_last_pkt_time":1646495750196617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646495750196617,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAAC8Gm+eB4mvSwKgBgAG7r9bNFCqu6SnANoASOQgzewAAAgQFoAEBBAIBAwMH"} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750196617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1646495750202078,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItbgRAAEAGGurAqAGAgeJr0q\/WAbvpKcA2zRQqr1AYAfYZ+QAAFgMBAgABAAH8AwMSMXO4WcNq177CYxST5Cayi57AGXeQdEMNPed0f\/vO+CBsnRDIIeROJeOlCByvk7lr9pRUbeR06Cs4dVzQT0oYEAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuaWZsaXguY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOmUL4m7jSQuaHGCv6++\/yOU0VJCaPyexIMcIsguXG5nABcAQQTHBHql0\/iCD7AqH7jE0qyA2MF\/+\/iD9HNmfv2msqiXNFGoZilNx52dlYpSngcjMahYCZatuJxecuXUWxhAYPfzACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750196617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495750202078,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","domainame":"www.iflix.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750196617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495750202078,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","domainame":"www.iflix.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1646495750523473,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXArXpAAC8G6OCB4mvSwKgBgAG7r9bNFCqv6SnCO1AQAHs54wAAFgMDAFQCAABQAwP2T7ylc5TG1Cll2NWDwb2NLqh2ErveSDpZqwGfyrswPADALwAAKP8BAAEAAAAAAAALAAQDAAECACMAAAAQAAsACQhodHRwLzEuMQAXAAAWAwMMwAsADLwADLkAB6cwggejMIIGi6ADAgECAhAEeWT4FvNiG5vHGkF64P6tMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJjAkBgNVBAMTHURpZ2lDZXJ0IFNlY3VyZSBTaXRlIENOIENBIEczMB4XDTIyMDExODAwMDAwMFoXDTIzMDExNzIzNTk1OVowgZ4xCzAJBgNVBAYTAkNOMRswGQYDVQQIExJHdWFuZ2RvbmcgUHJvdmluY2UxETAPBgNVBAcTCFNoZW56aGVuMTowOAYDVQQKEzFTaGVuemhlbiBUZW5jZW50IENvbXB1dGVyIFN5c3RlbXMgQ29tcGFueSBMaW1pdGVkMSMwIQYDVQQDExpqYW4xOC0yMDIyLTEuaWFzLmlmbGl4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAONDo+fCiHHW2gUXMs8YFYNzqvvrSDtEMt5WAC8d02vLqqqHqyV3xKCaOvC+E8M5Gaus3nKGfiYBIWwTf2hKawNqQNOi2cIu0VuNHq9bDO9fyPWNqa\/CM62BlhvviLZXb6MqezX\/t6MAShMwxD91+YJNOzp5ZkF0pQ2JL3DQmwWKCkN4BK9brQk4N3JoQ8qxSHo8Ndqw7G+DqACRETIsVhhlWdRLXYjBuGLDQZCs6MUlN4qydE4+Z+AztAf6iqCt1IAR\/wx\/tfWjQ96p4fRU9527\/a1TzeFI6+LIB1l8d5vLEOuSF1NeJ9mHVluG23V5qQKFlZzJ4O7P4RSsUKwFT98CAwEAAaOCBCwwggQoMB8GA1UdIwQYMBaAFETZyEozjtNSjaeSlGEfmsilt+zLMB0GA1UdDgQWBBQjG+rpEHiaxdYmAmEQBuly8SSjSzCCASUGA1UdEQSCARwwggEYghpqYW4xOC0yMDIyLTEuaWFzLmlmbGl4LmNvbYIQYWNjZXNzLmlmbGl4LmNvbYISYWNjb3VudHMuaWZsaXguY29tghVkZWJ1Z2FjY2Vzcy5pZmxpeC5jb22CD2h3dmlwLmlmbGl4LmNvbYIJaWZsaXguY29tgg5saXZlLmlmbGl4LmNvbYIScGJhY2Nlc3MuaWZsaXguY29tghdwYmRlYnVnYWNjZXNzLmlmbGl4LmNvbYIOdGVzdC5pZmxpeC5jb22CFHRlc3R1cGxvYWQuaWZsaXguY29tggx0di5pZmxpeC5jb22CEHVwbG9hZC5pZmxpeC5jb22CD3ZwbGF5LmlmbGl4LmNvbYINd3d3LmlmbGl4LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuZGlnaWNlcnQuY24vRGlnaUNlcnRTZWN1cmVTaXRlQ05DQUczLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMweAYIKwYBBQUHAQEEbDBqMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5kaWdpY2VydC5jbjBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY24vRGlnaUNlcnRTZWN1cmVTaXRlQ05DQUczLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwDoPg=="} -01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1432,"midstream":0,"thread_ts_usec":1646495750523473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","domainame":"www.iflix.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1432,"midstream":0,"thread_ts_usec":1646495750523473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","domainame":"www.iflix.com","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1646495750523531,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXArXtAAC8G6N+B4mvSwKgBgAG7r9bNFDBH6SnCO1AQAHs1DAAA0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABfms3jGwAAAQDAEgwRgIhAKLX21ipyY1svglvvO5AM7mYKcgR49pkYsGyAPh\/1vm1AiEAquTKtEZAAkk1tlNBHXFhDTvmhglU3gDrwoVcdb5hVJAAdgA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gDwzvWTAAAAX5rN4yHAAAEAwBHMEUCIQCeKg7uyJNLfl0yYAqUyuOb17OrAYVhxKLY\/xNcl7x4IAIgFLq9wZVNj0hGkut95sSniy2MoEb+d+xzXLiu+S6kKh0AdQCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAX5rN4yqAAAEAwBGMEQCICpQ\/IXWNNwI9MzQtOvIjKWdv7flSEY764Bai5HB7cb9AiB0Jfo904GAh6C\/R+WXtNG5zNBT8Dt6\/csSLQTZxbtaETANBgkqhkiG9w0BAQsFAAOCAQEA6pwIZ4HmpkwyMmovsoK+mBu9BlOw\/QRO7jwr1Y8RrMePjEWqLh3pbGSElp4kdICW7Lj39N98vmyPhXPeXnKBtLYLAwi5zvPqTwt5EU225yAOMs2JQN12fxyalx\/TPuDT6WryoYhvNszDYS3lRaO+H0KrXSAGEATP2UbGlalWi0Pln22OHcxYdTgEtlEWgUjv2yZ\/GE1F3nCFmpNbCZJ874Asv2hapXYdl+nrpMkoydH3YzyEzXEwnrr6MdbKk7xiVCw4FjJE2FMcSAoHoZskwb5rFjAIu9SHfYyXB2SgoLjcNRJ35Se\/n2rImtRGCEgPE\/PlfLIPrajYkhbC05ySbAAFDDCCBQgwggPwoAMCAQICEAbJNRrm8KxusAb7DCqnMkEwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjAwMzEzMTIwMDAwWhcNMzAwMzEzMTIwMDAwWjBMMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSYwJAYDVQQDEx1EaWdpQ2VydCBTZWN1cmUgU2l0ZSBDTiBDQSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPBbyx\/M1zj8DKweWRHWlLX7qV1Y9wAyCLfbmm8WZ5pziVXhEeIAQwZrmf+c72rYii6sxNOZcNN670l44lowMBkmUFm8c+KlCMRsTqb8qbFubW73JypDxvb7NrY\/rvikiggjAO\/dnOK66FzgR45UB5fhE\/sZ1nN58aG8O8i9b04RHAZArC4ruAROXhEzMxKZbmeYVU99RCEk5FPi9qqFT6r5drwiypm+IiiWB6RiJtalRkYH+eJMX4UZfaxLuJNq0HlGiYeK+XSs9ctExQcCyADOJ8BlXOtR+UvO+DLdWcOYtpMZ0cpjDYORRbgpEBSK41JRb5Q6ITKATUb27cx0AB0CAwEAAaOCAc8wggHLMB0GA1UdDgQWBBRE2chKM47TUo2nkpRhH5rIpbfsyzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUg=="} -01909{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3672,"midstream":0,"thread_ts_usec":1646495750523550,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","domainame":"www.iflix.com","tls": {"version":"TLSv1.2","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0","blocks":0}}} +01868{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3672,"midstream":0,"thread_ts_usec":1646495750523550,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","domainame":"www.iflix.com","tls": {"version":"TLSv1.2","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0","blocks":0}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495785326719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495785326719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARxpLAqAGA2DrUjpbyAbsFVWFvygAAAAEIEaJhA\/pmmGIDGZVnAEJ9k4MXlQzkENByBWBPG6JdLnJ97tZTge\/8kX\/RhzOqc4jakqIni2HiqmCs6hTSmZEhkbOUs3lvKsO9F9+XIhOeXqIykOCxzeDPOvDHVnxP2ftNUD1lroHjevW4+JYs\/R0VPIgtCayG\/meCf7Lef9QhWL6YQmXx48ui2W6tYfyIEiaXDMtExoqL+hacVg2HpNlIwJe4PE0\/HEg3ezCS0HD8j4RVM2gk+MitT95qpQmfRz8ntx5WznfpVZvMxU23bid9\/dO3KP4LRTXApe0VNoqcMS8eAgkUyCgd5nSQ87LPgFqnkCEFratISm41sDhhr7ve32C1I\/TlAIhgBRfW87C3WFDVCBagaYOeonExydEo\/D28evz\/tjH6aV7xu0wNblTQywt3lynmNkuwCW7cnmeQuau6oQOA9GiSOfN51L3rFmCObunfGa2ezZE4y2FjFlEEKO\/QIf2CassSbDJm49YK5w7PoSq58kn\/6qIb0Tn5xVj\/LonVQw1HAkNmcP8ql0C7shrF43UdoYXvT\/hOCOA\/VAd6JiIod3M38vXNHkTBOnLJf9TfjJE64UfVXvq5UqVG0r6WldLJGu2xtNgpeDi11dyXdfvaPJX4DN1wutu28hbCiIktfSp6wZpMBmAyygGuO73TqglRovt2xSE4EHwrJMCD4O2TYEurb9uUa0gMyyJFr9\/L+BwLQIYk52z2VLzFmq3EMYlrlu4r\/zm7z83+qa7ryx2Qegl3wdMjyEciWgqgcac28uJhD3lOGWLmvmFxM9fEY1jJKzrVnaWs\/i+ophLeLFpkmeSef74TmyzGpEZIsuPNpoyrlLRH7YPjpxJQS81Wg3bRzpRPypt93N8AAAABCBGiYQP6ZphiAxmVZ0A7KMwiGjnAKddrCOyv2PDiBRWs1qpECiw2xTVInm4f3DIdG9S3r6Co1Q+QqgROt51vL3O9dOvlXAZmpcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495785326719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com","domainame":"hangouts.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","ja3s":"","ja4":"q13d0315h0_55b375c5d22e_9974e4f6be5b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495785326719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com","domainame":"hangouts.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0315h0_55b375c5d22e_9974e4f6be5b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495785351813,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMR0xLYOtSOwKgBgAG7lvIFVdbOwgAAAAEDGZVnCBGiYQP6ZphiAEPst9JjIfZ6zFXkACoVjtJE04mEvUBO80J9CXDI1AzGWloBOqzPXI+URdYvHEecgUeYllSRgTGQ\/pdzmzfdkga4V0DlNh9sMthgcZTrWfMiNpOkeHh+8VGEpoSOyr5bTtr6qKEGYg7ZZM+3g8CNri4\/Y4rmU\/u2ucvFt3wUyTEBNlGlntUryhGUoERRNT55NmFJqVuhU\/GueMTfSHsKfOOCMhdksMgHmrVyRumUWVrccMpyqwcE3vpmgCs+uFNthYNXlEj8FMdYAA6FIKpTcrXTgZ3Nm3DRRlDCt76rYa9Ed5zm8JxO+MhvWTGGpqVfgXpQEWyeWMNxG693XFsxTB07PJ3\/YeWP9LrYnM2HgdinrEmJ9dHI16vwi5FQ0cWQJ92cHEvIGKGiq8SA5HEgTnQVmdK2xOmx7dj0KaicL3ol58t8ltkbIXgfkxYhp5yyTHcH3z0UKdCT7GAS6tTRIUS1R7xH75rixlq6B8ZSkGHfajnn6P2ZcdZ\/x0f91Ed0FleO4gdbHHIHetNxBiPPjmSYid1gKObR53SjxAV83g\/W5uVBPG0cabwLojDjBF4yItmMF8ard0uchzKjL7+VPzEBpyA8VAKvlvVbjeonWQ9zdLjCu+3DI5DnZF04lHG772bPMCDbbp1L2TwHKUlogQBjbGpHA7cGqXQ+7rgXzsp8A1LJ4M7UOfhwAhpEZinbjHrtptlKXt3FIxug5QT3rZRFmRCTzNoEN+lueCUbvABz5ahUadsFXVwk+QV6y6OfittlgN9FPzvu2wbXQsdpR7HuGw5be5n5hrjM\/gt9Cn1qYtj8W7tpYyeOF6J2KVyL\/JC\/QJoDFTRmNJOaSu8I9GPipG+PZyHfbkz460Q5SYy9J6Yty8H0OpgvMOxAZyJfdY6HpBJ73a3hMG\/oeLH2XJGbp7tfnJSbIrw7OjnmUjZjC3QFC5ZT\/D9lfLZQtLioZhFU2dvfGzIgp3e6A6JbEE0vFluuvChl2C+0rBUUI4BDQaLDC36yd\/nqeU9YkBNuGMLNwmS1nu9FZU8mcDANqVoY5yVLg2kamNS5X1hNq7e0ZttiC++uqF2vAilhDlKm4Sn9UjPckZuiZBomYpyg0Mx2VTEwtpKds6MA+UAswT6IhWCQVBWewjai+fOWFc9I1PVuJXv6wszew3Hcqcb00f6u5LLpYQLzSeihJuZrVlM1j6lGBHe0EhJ6DL1teURdZuXWHdzyDqDjp983xiqcs411z8ivoxsAQrnJoCWJxd7jZsORlrj+qRu70MzdRwWows6Ir5D2WLnk\/xr5xZXlxc0qq35KzQxuScxBBYPpS5ZzPphWbiD4nd3CHT+adzTjAAAAAQMZlWcIEaJhA\/pmmGJA9VVpI4dKlmrgeF\/YggQi8sjf99E3nv5OtPvRrtZcyuW01yoBM35YdPwOsg50xXr\/BiQRHRmpg5AI\/Gxv40hVq1L2PZoVADVhqqGncF1oScVHTbM9W4m3oXbHay1EHfQ5lAWTWpN49l9Tiv7IrVgj7Dp+73Bh+\/I4be++4+GN0yWQOqn0T+ijD3iAvjW07u4KFggANU2wFU17wsvlJuMqKoty0iSiIcZD1Fpv8YeBupA3Jd5TcFAQxL\/\/amaXv8CyobSjSega7I6w3iSVpXXusfvcoL9IwMGqCbpjl4yujE+\/2nPBKVvs4iEZolT1zqdJU8Q5tR5vWxmVZ56Vkqmz6hVG35AqABKCyEo\/gk\/PneTs58wsy3Z+6AWG31mbKVGDVWKfuUivH9e1GriPy0Y1T2Vi68\/VxrxY\/w=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836963393,"flow_dst_last_pkt_time":1646495836963393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495836963393,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1646495836963393,"flow_dst_last_pkt_time":1646495836963393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495836963393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8O4hAAEAG9ELAqAGAjvq5zsWwAbtVp40sAAAAAKAC+vA0nQAAAgQFtAQCCApsJfcbAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1646495836963393,"flow_dst_last_pkt_time":1646495836979425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495836979425,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8r34AAHIGjcyO+rnOwKgBgAG7xbDcn6Z3VaeNLaAS\/\/\/zpwAAAgQFlgQCCApyIEa6bCX3GwEDAwg="} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495836979425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646495836983510,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5O4pAAEAG8kPAqAGAjvq5zsWwAbtVp40t3J+meIAYAfYRowAAAQEICmwl9zByIEa6FgMBAgABAAH8AwOIf7nJ5breQpxi5aty74p4A0tH8s+YhJ7uQwoAchgbeyDiYRrjyIJgoj6ghTCikRuTluEoGumBBaOR1N7eUGiD\/gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5nb29nbGVwbHVzLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBQQOMOQqFJCXmUicpi9d2kYaSiqPqeBjWpdYiUO92OBgAXAEEEwEm0an4CaV7UYrRD1yMS8F4iZzs0QylP5VOKPX+Fji27U1gjEJPJGZS7PVMPfJS0GsqWWRpHV\/lDyKacoCtA0wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495836979425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495836983510,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"googleplus.com","domainame":"googleplus.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495836979425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495836983510,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"googleplus.com","domainame":"googleplus.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495837006974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1646495837006974,"pkt":"PKn0qB\/spJGxgjQ5CABFgAW+r5EAAHIGiDeO+rnOwKgBgAG7xbDcn6Z4VaePMoAQAQXH7AAAAQEICnIgRtdsJfcwFgMDAHoCAAB2AwNlkkH7N5+Ir9t7Opyb1+MestDFqBupGE5Oka0ZxgLPvCDiYRrjyIJgoj6ghTCikRuTluEoGumBBaOR1N7eUGiD\/hMBAAAuADMAJAAdACCbCqXpM0cs9oMHrMo5IBrho8zYaMQu6+VqaTNl+pUiYAArAAIDBBQDAwABARcDAyq0pgoJ\/TFbvECPRikyUqjisy36xEvjPj+06+j8sVI6nq4hlS4tugyWAZAUYNagFfLAmdFzAkBQshygFW0wobzbVDRwv\/EcgdzgLpTGF5Xtr\/SsZD3xrhnAytds29m99JCGwebd9N\/dHGADsfWNCwf4Ou0wp1RkHjrzrB3WYRLS61pDTSQY0gPgEnZ3tIsQYnD3oeI2EXW0dMx2w9lUj\/J6NDYFcXqxosddbzbFZvoEnj7UfcLdjh1PKZTbtzpfZ7DcoLtj6JbnxG53e1BB3s8G1reKAW\/VmYXdX\/cyMmEby9IuXS9yBNHbfs779LPWnOOxXDmDDqs+aLpwZMYCUO5eCBsp7a\/NqRf0deOc621LaWwXAAQ4FxhgVGyUfQjzkNn3Nv1+mDN7MnoHN7aY3em2LGZM2SmvSwNKQGQP3SldtU9XldlH+St4DLYARiiVh9\/6HGc2\/Kxb8Bjdq8OTwB5AVRqBmDFoosixwxCyNl8WscQFjHktWUQPaP1TkMOqL+48JKBYlm5Ojsn3Ke9vY1013ScO4CSc9vumWfg7kmUxkqmUoTfLS+KfNxh+9WwFMDiWDzsizeAGV8\/Jt1H\/ysDcmIkXa9u7BRSRFpjWf+ZA3p6cjDBT+GT+cZhK\/bTGYuhYTeImMvUGbeINkcaXguvJi+XRB7m6ecBQW9Lu4Yt98nejotepfbs8PzH\/ONFwVMg+dzYviggrvkhGYdRAJdm9D2LihlyOhCwfCytphrVjIMOWXGYuI0UnpYBI83SLUwC\/lBVyCt9HQCu42vmEeMryiSqQrvFWIwMrX0c1tzBHdb8ZSNTuNOuEKOKFq+ECBQsjZZrlQP335v+0agpSIJUHRu9GJDMrD+nh4F2z1vlXMYRHqhnuoSFNLLzhJnZxTveh86f4BVB7DxExbuOxGKVmDrAavno4vzY7kgfdd2e72n4JbSDOwEIe+KVB7Fnh5hoHzwoJFQQ1hv75zjodbmsiFYqW5kbucUYcwcrpTgfHTsv5xRzgONrI4tfaqhcc6nQap+p3x\/cfYxC\/79tL6Xxyqy8Yo\/72hZ1agd3wZJgunA9QyqNsmQ8sxzJKxG9OX1vTIu1ePZ4e\/YEUxASKPtbNblj\/Q1kPNuV\/+Fyzwh3JWUzpZNag2bedFdA05PM2MNi+qPggjPX3knSagRsNFQDWcljc5a53eCOIMpkegepf+eeHAq\/lpxG+lKcsmx67BZikkDgHmm0EnERKkIpATBwPqBz2NbMcsfPkvE+zao3e1+zO\/4YJvusEPP1E\/xAyzZ2LRyfTtr0yaqCMeGPcmjyzWDjeGbQz+jAeunZoaVs6td\/eJ\/Wq8dXAhoggPtq\/HfBcyDqHP0VAnIolyBxXvycQpgITXohrB7H7Ke0cVXUyDgDyR2Ml8yl0BNRfEwjJe2cz\/DJpyikxD1uHWbRUCiwa1Wokbe8WYwZrtjccrQbloAS3dSe2s565hhcELcKzNsNNGeE\/YQI8E8rVpi1drUwp1bZFATb5QfpnCqptQtTq8YfvXsE97z1gp3A7Nvvy4X5l3CxumQd6ANYCZBsjA9DZnja3MU97agB+VtGqcsj6toWfRmEa14ji1Ure9D1Ms5HEoV0yYkRZjJQZTsZrwkYfSl1upUl6NNyU2i4wcpeMoHs7a66sHDjaJxXDnCHDf05jK8ysGf4WJVOrNqwrIRbSlFOuDJrltrn0K8e9GQFC3K0="} -01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495837006974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646495837006974,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"googleplus.com","domainame":"googleplus.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495837006974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646495837006974,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"googleplus.com","domainame":"googleplus.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495837086190,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARLnPAqAGAjvq17o\/gAbsFVdqKwQAAAAEIGskra7CKZYEDuYLxAEIVFxxqmZ08lCd3LEamnRnTwqMewjQTOXHJ+bQBCnc75qyddTeYHQ3SnzAULSCTOvy9BuronZfx+Rok2NEb\/1BsWpwM7HvouqIbg\/UM9rh+Oz94fTVRKCbJSe1Rt9Wi3IS3cTWhF88qqkbPlVNVfTP6qf147kmXwAclEb200UQEzcAZIv3o++EPu3L79R8FmBpBYJnCKkgaxbqODau1mi\/955te0zmkf2846gwZzwMXzDwbr6\/3HnP3h8OfoVM0MIFN9x7Ds+vGpVKDRpQM0NlvNQfFfblQvgPKr6\/wJHgowwd40oBCNI3FTXFgafKbw2f8iXs1MuIi6dbw5qDMfDg7neN7v6\/vcX4HSf8y6PVeyxCvA4+7q957ap\/3PII07iu47YhDzCD0lwTDjfi\/a1raoLz70\/SPK9NEbeWnxibfZXFeg8+E6Qmd9DFP4zQ2QPKahjqlPM4ZePdB1N+sWTrGnHY+e5VOY4qYOyABuFGeuadAN35ZvnTav7s\/+rzxtiAo1AWyqO5W85hkYntoGdWyMOzcrhaGvKoJNlyQWa3gWJkpY39Z1uzVJ9G3lDdAsC9\/zRJfbRKvAouMAfcWbKNWIPlVEx425CNhqzWnjNjSzKi5ec4e5C4us09IcxcJ6YiARP3HINF5Ycp8CM+O3SAPpWjAj1wgjVCtDNLk+H+lVLgNqHb0nSuRRFGscCZoJV0VpfhM0MYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"plus.google.com","domainame":"plus.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"b719940c5ab9a3373cb4475d8143ff88","ja3s":"","ja4":"q13d0314h0_55b375c5d22e_2d2a40a25571","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"plus.google.com","domainame":"plus.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0314h0_55b375c5d22e_2d2a40a25571","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495837102627,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="} 01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646495837102627,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221442,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":39,"total-detection-updates":41,"total-updates":1,"current-active-flows":10,"total-active-flows":43,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":352,"global_ts_usec":1646568788171099} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":221442,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":39,"total-detection-updates":41,"total-updates":1,"current-active-flows":10,"total-active-flows":43,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":352,"global_ts_usec":1646568788171099} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646568788171099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788171099,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788337647,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1646568788341620,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5AQZAAEAGfJ3AqAGA0FUontLaAbs4n4KLTdgrT4AYAfYOtAAAAQEICtKMuxtfJdEeFgMBAgABAAH8AwNyi5pZnYizmESRNRsWFzLDUgF4AIT\/tX3zYbufDRkzzyDMV\/FK528iuv6PxN\/1DD4BU1TMzFBPBIF01ZAvPFWIVwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtwYW5kb3JhLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBUk5TxRwMmI7m3PUpmyv2jiTq1G62x80KdY2tfOvxfVgAXAEEEr8O4oznU2jNZk5ZC+\/pUpJeqcDtGn2NikTZa2J69CfKpIdzohOHLj9fffI5zTez3ppU6JIFTO2\/VBVQmSVbRwwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646568788341620,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646568788341620,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788508204,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646568788508204,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcKypAAPAGntXQVSiewKgBgAG70tpN2CtPOJ+EkIAQOw3R2QAAAQEICl8l0cnSjLsbFgMDAEgCAABEAwNo6qWT6e\/1EOE1D+AZR8Vs4naBdefqWDyaUGG0R1lPWgDAMAAAHP8BAAEAACMAAAAQAAUAAwJoMgALAAIBAAAXAAAWAwMLGwsACxcACxQABn0wggZ5MIIFYaADAgECAhAP7MxUZLGex6lXawjwhxfCMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBSU0EgQ0EgRzEwHhcNMjEwNTEyMDAwMDAwWhcNMjIwNjEyMjM1OTU5WjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHT2FrbGFuZDEbMBkGA1UEChMSUGFuZG9yYSBNZWRpYSwgTExDMRYwFAYDVQQDDA0qLnBhbmRvcmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LoGaR3iIPqvEeXTbv05uJTB6Leo7xcRxfUuYy1hbg2PXcm2qJrYRPAerIm+xHMeic893B6yHQzbgOWdShnm1akkhpOgsq9F0QetXzUNkTjcbZlCLmdq5jlf3vfthREyg4QbN+AdB01c\/smmbT+z0E9hLUzaSvsRaHFgmFcXMyWvjM9vnlfjWL\/lTx9AfE9NHxQ7h3OIt8gprHw8Q49X26tuJ7UpA6\/jq3dI6iBTPZJq5DWfJfZV59Jm7SWNrH1eerOYNkWAUWMU4bwUzA72WpyBgp2uYtQbDk02KOyqNnEiOVJq9x1CdFR3CblCx62GMIgyODICGnmGP66y7clKIwIDAQABo4IDJDCCAyAwHwYDVR0jBBgwFoAUlE\/UXYvkpOKmgP792PkA76O+AlcwHQYDVR0OBBYEFL8kxVHfMj6x5J3YVWISY19sDk53MCUGA1UdEQQeMByCDSoucGFuZG9yYS5jb22CC3BhbmRvcmEuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0VExTUlNBQ0FHMS5jcnQwDAYDVR0TAQH\/BAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF5YkfnKAAABAMARzBFAiEA6AXk1yoGsLTmV+RdMtiPRhFD\/ZZjaHTAF2ECUnMz404CIDfzE2qsS4zhC6HEku87CFrLGCQGGhsEjgun23axlz6tAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF5YkfnPgAABAMARzBFAiAGvppRMysv1MHzLRQqCNvPV8o\/\/mMCuVtmtThdFQ+EdwIhAJYSZLUsxXWG38tNG6sA\/bMO4+EurcdOzIuEZdCJcjqkAHcAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF5YkfnYwAABAMASDBGAiEAjfjiXtb0LCscUWZzFlb4uFD6T\/7cCeZjWyCBFE6ObpECIQCTYZ4="} -01336{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788508204,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788508204,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788508204,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788508204,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","ja3s":"7047b9d842ee4b3fba6a86353828c915","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788508263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646568788508263,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcKytAAPAGntTQVSiewKgBgAG70tpN2DD3OJ+EkIAQOw24TAAAAQEICl8l0cnSjLsbSSJx0yKFmdm3nPU\/\/pu6hn8OzlTt+yhov2sCuPQwDQYJKoZIhvcNAQELBQADggEBADl3kzgunOIeP0qkEGXmIgTdpYGHBWhRYHbS86j+XbiOP6RJDZXd2FFunffazFQ+7BM1MXfE31bp8Xbogw97cXWwuSt06L86aJoq4tCjL11h3Ga8kGwpsVmsbNbSz2AEBaH9vD5rgFbvlNlXyI32rJo1nsNrX9ZxCZ2\/3tKDFbjpX5HrPHMa0lAmZTP\/+773ue5xtqRLbrTR7uvR4RLbzXWhyfQ3A9GhvfJEISN2TIE8HRkFMoKkigvvQr1Sv2IKfcBWfpL+RiqPGawOjauilWOsfWmrQ8xijqA+oY6JeB0STaCW6qphr3ym4pabjabpru3FdSyCmCzvyolyaZ2PYxkABJEwggSNMIIDdaADAgECAhANB3gqEz\/G+aVyluEx\/9F5MA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMB4XDTE3MTEwMjEyMjMzN1oXDTI3MTEwMjEyMjMzN1owYDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEfMB0GA1UEAxMWR2VvVHJ1c3QgVExTIFJTQSBDQSBHMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4X6Oy+KQrL\/rktYTH9MyQIMi5Z6CHU2DC+bhDIhKA\/uhTl3v16jJIbe86ELfD\/eMQy6KmgfV8G2nubS1OmxhsCFyHhcDut+4PrCFSBqN4SstXGiJYw+QL8OdS9uCLvgEmZ0GK4YdBJ3svCy5elMQYb19hdxtNU3lIBNioN9t7FtjFMzBUlahVvqWsESAzeAEGqKICLLzTTG7U2rTsl0IhCQGw2kW1lshmGwNJ\/OUZY\/jASYFDc7rtz5leQWvYNytcES0dqbzQanZI2Gi7ZTlTtR6wMv\/GAsrr\/R3vpOcRUxJRUmRnxV5mv4hQiW+guu2Mtuq6BvRPc5hdb4JBTSQECAwEAAaOCAUAwggE8MB0GA1UdDgQWBBSUT9Rdi+Sk4qaA\/v3Y+QDvo74CVzAfBgNVHSMEGDAWgBROIlQgGJXm427mD\/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzANBgkqhkiG9w0BAQsFAAOCAQEAghwEOoLpxanIZRJcCOMBxjCwriKIYXsrB4b3uLVEnPWTBmFGijqitTUm0FiePMFzj7+xeaccmTeaU\/IvXG4gC32wx4Lv6+t5EgXnAUELQwI3mxsfCE03UnMpuJ814\/mjOll1AWaQKj6d4GIpHoeogD4sxMwIwy6\/aSEYa48ea0PN7gaYQZm1gvIXwRClrliM+5XqTYKv83dfEWlPeFGm3\/e6xT9lv3B8o+1amjOdnj\/jhzWn2vMVxlitaSPcD7tM0EkTQaY\/Z+FeE\/UP9dV8hb+HTIIkYSJX0aWb+4Y5rcNceWY="} -01622{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788673958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3272,"midstream":0,"thread_ts_usec":1646568788673958,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","server_names":"*.pandora.com,pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF","blocks":0}}} +01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788341620,"flow_dst_last_pkt_time":1646568788673958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3272,"midstream":0,"thread_ts_usec":1646568788673958,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pandora.com","domainame":"pandora.com","tls": {"version":"TLSv1.2","server_names":"*.pandora.com,pandora.com","ja3s":"7047b9d842ee4b3fba6a86353828c915","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF","blocks":0}}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495697787579,"flow_src_last_pkt_time":1646495697805649,"flow_dst_last_pkt_time":1646495697827917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","proto_id":"91.217","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"plus.google.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495669804673,"flow_src_last_pkt_time":1646495669817020,"flow_dst_last_pkt_time":1646495669824646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","proto_id":"91.240","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} @@ -367,62 +367,62 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1646495710534404,"flow_src_last_pkt_time":1646495710590410,"flow_dst_last_pkt_time":1646495710610809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":6170,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","proto_id":"91.221","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1646495710343950,"flow_src_last_pkt_time":1646495710423757,"flow_dst_last_pkt_time":1646495710456993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":5890,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650812560,"flow_dst_last_pkt_time":1646495650832457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4252,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650812560,"flow_dst_last_pkt_time":1646495650832457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4252,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":225679,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":40,"total-detection-updates":43,"total-updates":1,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":372,"global_ts_usec":1705785496290955} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":225679,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":40,"total-detection-updates":43,"total-updates":1,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":372,"global_ts_usec":1705785496290955} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496290955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496290955,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496290955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496290955,"pkt":"SKmKCiNt8C90rUP1CABFAAA8WxFAAEAGa0rAqFjnuQWhy4SAAbsqMmHbAAAAAKACfXh0jwAAAgQFtAQCCAqBTLs4AAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496317442,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADgGzlu5BaHLwKhY5wG7hIDVhr3LKjJh3KAS\/oimXQAAAgQFoAQCCAoinSn+gUy7OAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1705785496317485,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705785496317485,"pkt":"SKmKCiNt8C90rUP1CABFAAA0WxJAAEAGa1HAqFjnuQWhy4SAAbsqMmHc1Ya9zIAQAPt0hwAAAQEICoFMu1IinSn+"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1705785496323878,"pkt":"SKmKCiNt8C90rUP1CABFAAI5WxNAAEAGaUvAqFjnuQWhy4SAAbsqMmHc1Ya9zIAYAPt2jAAAAQEICoFMu1kinSn+FgMBAgABAAH8AwO8d+9v3qIRU9wNz54SjddzXu549KyXO6thu2T8PZfnnyDU1fbPV6kWU2dLlSXqCNFMvpC8h+xK9gr84Xnho5S\/PgByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABoAGAAAFW9yaWdpbi1hLmFrYW1haWhkLm5ldAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AICqrtcK7eBo4FlY6YstREUHv6ElDqtKRJZuEqbYT5qVEABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496323878,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"origin-a.akamaihd.net","domainame":"origin-a.akamaihd.net","tls": {"version":"TLSv1.2","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496323878,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"origin-a.akamaihd.net","domainame":"origin-a.akamaihd.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496346014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705785496346014,"pkt":"8C90rUP1SKmKCiNtCABFAAA0nSdAADgGMTy5BaHLwKhY5wG7hIDVhr3MKjJj4YAQAfrPYQAAAQEICiKdKhuBTLtZ"} -01436{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"origin-a.akamaihd.net","domainame":"origin-a.akamaihd.net","tls": {"version":"TLSv1.3","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01395{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"origin-a.akamaihd.net","domainame":"origin-a.akamaihd.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496365954,"pkt":"SKmKCiNt8C90rUP1CABFAAA8C2VAAEAGtj3AqFjnn5m\/8MMeAbvHfxkbAAAAAKACfXh5SAAAAgQFtAQCCApBET5ZAAAAAAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705785496365954,"pkt":"8C90rUP1SKmKCiNtCABFAAA0TbdAAOYGzfKfmb\/wwKhY5wG7wx6oa+tEx38ZHIASH\/6dRAAAAgQFMgEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705785496365954,"pkt":"SKmKCiNt8C90rUP1CABFAAAoC2ZAAEAGtlDAqFjnn5m\/8MMeAbvHfxkcqGvrRVAQAPt5NAAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1705785496365954,"pkt":"SKmKCiNt8C90rUP1CABFAAItC2dAAEAGtErAqFjnn5m\/8MMeAbvHfxkcqGvrRVAYAPt7OQAAFgMBAgABAAH8AwNMpATgFVI5KZh8V5AOpwq2cPOAlxRAGR3Qk\/nReW436SB9hiCbPSFZhTuwMt6nkt0BVQSWPJDJ5Hd3nIWDT0riJQByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABQAEgAAD2FjY291bnRzLmVhLmNvbQALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIHUTQ9FOOjOIgeM025r85p4K1kaE63JOhZZCbcPXOTRoABUAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"accounts.ea.com","domainame":"accounts.ea.com","tls": {"version":"TLSv1.2","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"accounts.ea.com","domainame":"accounts.ea.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1705785496365954,"pkt":"8C90rUP1SKmKCiNtCABFAAAoTbhAAOYGzf2fmb\/wwKhY5wG7wx6oa+tFx38bIVAQAf75kAAAAADOeU3u"} -01808{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"accounts.ea.com","domainame":"accounts.ea.com","tls": {"version":"TLSv1.2","server_names":"accounts.ea.com","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"7b6819ed58e8d8415604b7dfcef92d55","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D","blocks":0}}} +01767{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"accounts.ea.com","domainame":"accounts.ea.com","tls": {"version":"TLSv1.2","server_names":"accounts.ea.com","ja3s":"7b6819ed58e8d8415604b7dfcef92d55","ja4":"t13d571100_131602cb7446_24695f2957a7","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D","blocks":0}}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788681368,"flow_dst_last_pkt_time":1646568788847834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3594,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231228,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":45,"total-updates":1,"current-active-flows":2,"total-active-flows":46,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":390,"global_ts_usec":1708371748027374} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":231228,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":45,"total-updates":1,"current-active-flows":2,"total-active-flows":46,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":390,"global_ts_usec":1708371748027374} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748027374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748027374,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748027374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708371748027374,"pkt":"ILAB4IZiNObXAhsnCABFAAA8gTRAAEAGkffAqAH1oCzExtWiAbvECMZsAAAAAKAC+vAnvwAAAgQFtAQCCArUZE7pAAAAAAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1708371748055776,"pkt":"NObXAhsnILAB4IZiCABFAAA0AABAAC8GJDSgLMTGwKgB9QG71aITcGZwxAjGbYASchD5sQAAAgQFrAEBBAIBAwMJ"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1708371748055802,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1708371748055802,"pkt":"ILAB4IZiNObXAhsnCABFAAAogTVAAEAGkgrAqAH1oCzExtWiAbvECMZtE3BmcVAQAfYnqwAA"} 01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1708371748057866,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":718,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":718,"pkt_l4_len":684,"thread_ts_usec":1708371748057866,"pkt":"ILAB4IZiNObXAhsnCABFAALAgTZAAEAGj3HAqAH1oCzExtWiAbvECMZtE3BmcVAYAfYqQwAAFgMBApMBAAKPAwMyDn0RdUfb1BBxG+VQ3qEGilruqcYWoUbWmN+V1odAVCCMmhconeS\/k6MULxRkQuPpc827ZCpA4Sf9lXQJ32am+gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAiQAAAAVABMAABBjbG91ZC5odWF3ZWkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIBvEsm8mS8WIEWgrOp\/CsirysAe3ja7UrOoAMEOAVwQdABcAQQT07LrfQo+pQxdchdz+ppbvXUsLE446MEbg2Wo67iGOEm9eWdPKVoGjCj3e0E5Nbr9mSF\/jYwadj0GL4sX+9HALACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAf4NARkAAAEAAaMAIEiNzfRsrwLLxVRL\/dHhdVyqJqOMWkmaYvssrEv3bOfyAO\/UyLsyJZ6GwIIUvXoFnvsyCFeV4mhKonI+BR01UuNjJ3K76XL6N5mBSkq1o0F\/HMwbbVYYYVapgXptmvDWsMW21PFWU3gmSwbGgVPWl6Huk7tuX1VZt5nFtoPr9f0Pa8MoU+4q1mNUBbvDG08GYhIn1HXbbZ9fwnSjfJAbucPsQ91jxVfq8X0ycu9RQm110CVGQeL0RgQDF3Qapx3p\/gThGcNWizm66A92noOcqlEOg+jg+fVMKCY7cp33evTrFfHeYcwCF0eLK55hypdNa9zJBZ5S\/HophuZVA2h0sNYDLHK+BeIgCUgDLXFQAlbQRg=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748057866,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748057866,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cloud.huawei.com","domainame":"cloud.huawei.com","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748057866,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748057866,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cloud.huawei.com","domainame":"cloud.huawei.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1708371748057866,"flow_dst_last_pkt_time":1708371748086119,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1708371748086119,"pkt":"NObXAhsnILAB4IZiCABFAAAo6y5AAC8GORGgLMTGwKgB9QG71aITcGZxxAjJBVAQADypugAAAAAAAAAA"} -02055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748057866,"flow_dst_last_pkt_time":1708371748089469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1708371748089469,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cloud.huawei.com","domainame":"cloud.huawei.com","tls": {"version":"TLSv1.2","server_names":"cloud.huawei.asia,cloud.huawei.com.cn,cloud.huawei.com,cloud.huawei.com.au,cloud.huawei.eu,cloud.huawei.lat,cloud.huawei.ru,*.dbank.com,*.hicloud.com,*.cloud.dbankcloud.cn,*.cloud.dbankcloud.com,*.cloud.dbankcloud.ru,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.lat,*.cloud.huawei.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"eb7ce657b6814e1bc6402d66a2309dc6","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=cloud.huawei.asia","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"94:8E:17:DA:5F:C7:62:E4:1E:F0:A5:AB:A0:B9:7B:DE:A5:F4:75:33","blocks":0}}} +02014{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748057866,"flow_dst_last_pkt_time":1708371748089469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1708371748089469,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"cloud.huawei.com","domainame":"cloud.huawei.com","tls": {"version":"TLSv1.2","server_names":"cloud.huawei.asia,cloud.huawei.com.cn,cloud.huawei.com,cloud.huawei.com.au,cloud.huawei.eu,cloud.huawei.lat,cloud.huawei.ru,*.dbank.com,*.hicloud.com,*.cloud.dbankcloud.cn,*.cloud.dbankcloud.com,*.cloud.dbankcloud.ru,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.lat,*.cloud.huawei.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com","ja3s":"eb7ce657b6814e1bc6402d66a2309dc6","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=cloud.huawei.asia","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"94:8E:17:DA:5F:C7:62:E4:1E:F0:A5:AB:A0:B9:7B:DE:A5:F4:75:33","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371748597659,"flow_dst_last_pkt_time":1708371748597659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748597659,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1708371748597659,"flow_dst_last_pkt_time":1708371748597659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708371748597659,"pkt":"ILAB4IZiNObXAhsnCABFAAA8GuNAAEAG4cbAqAH1UJ4q18GWAbtGeurrAAAAAKAC+vA+QQAAAgQFtAQCCAqOfznVAAAAAAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1708371748597659,"flow_dst_last_pkt_time":1708371748617222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1708371748617222,"pkt":"NObXAhsnILAB4IZiCABFAAA0AABAAC0GD7JQnirXwKgB9QG7wZZ+3254Rnrq7IASchDc0wAAAgQFrAEBBAIBAwMJ"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1708371748617258,"flow_dst_last_pkt_time":1708371748617222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1708371748617258,"pkt":"ILAB4IZiNObXAhsnCABFAAAoGuRAAEAG4dnAqAH1UJ4q18GWAbtGeursft9ueVAQAfY+LQAA"} 01432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1708371748618338,"flow_dst_last_pkt_time":1708371748617222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_usec":1708371748618338,"pkt":"ILAB4IZiNObXAhsnCABFAALEGuVAAEAG3zzAqAH1UJ4q18GWAbtGeursft9ueVAYAfZAyQAAFgMBApcBAAKTAwM+Sw6TSmrEDcklIO727bdgHwapXSvDrs9ApwPBvEEt2yCY4\/GEzjj8CdL3FwX76J\/\/HiTNKlUYxpXVfH9A\/D1qRQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAigAAAAZABcAABRpZDcuY2xvdWQuaHVhd2VpLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAjf7m9gPIDVzVgl9m8rCY5J0CMB1l81x8pMWMCnhkcUQAXAEEEvLcb08cl3zNeiikrmhgF\/SZ3eaJvSdBuED8YwUkIJ1S2Uroo68H8bX0gAdnVXo5eiQAsfsLfXs9NqrWHpZu4BQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAH2ACA9nsjBc9n\/izbP1oZIaGAv3\/bhQPHdYou6oFLpdR3TswDv+qt9PK+wcddmzsZ6kBtk7fa6JGsm5rvvdc3BVXvr+x75Qzdz1W6AHkvektawD6u0IDMAI73imAxGc5P4AuAOQ3C7kFNGiB0O5rgMuVV7M21GNizTW8NsPsVip6k1mE7dhwjS\/SqjMGod8yta32qgDKxfv6C5DCSGfIM5KcCQerjJIhrTcklLWvHQliGc0PUYp2kRaZcX+3VRwCrNokXeTAmvo1bmpn+us6SSNrDjg6Z7JqekRRffssThB1TQSSSrYcgXjmKRRpcUMjH5OmgecHIC30JWR6DdIWpTdLj0FATw5URrc0F9h75R3aCx2\/s="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371748618338,"flow_dst_last_pkt_time":1708371748617222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":668,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":668,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748618338,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"id7.cloud.huawei.com","domainame":"id7.cloud.huawei.com","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371748618338,"flow_dst_last_pkt_time":1708371748617222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":668,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":668,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748618338,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"id7.cloud.huawei.com","domainame":"id7.cloud.huawei.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1708371748618338,"flow_dst_last_pkt_time":1708371748637757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1708371748637757,"pkt":"NObXAhsnILAB4IZiCABFAAAo2UpAAC0GNnNQnirXwKgB9QG7wZZ+3255RnrtiFAQADyM2AAAAAAAAAAA"} -02052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371748618338,"flow_dst_last_pkt_time":1708371748641934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":668,"flow_dst_max_l4_payload_len":3900,"flow_src_tot_l4_payload_len":668,"flow_dst_tot_l4_payload_len":3900,"midstream":0,"thread_ts_usec":1708371748641934,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"id7.cloud.huawei.com","domainame":"id7.cloud.huawei.com","tls": {"version":"TLSv1.2","server_names":"avatar.id.huawei.com,hts.huawei.com.cn,*.cdn.hicloud.com,*.cloud.dbankcloud.com,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.ru,*.dbankcloud.cn,*.dbankcloud.com,*.hicloud.com,*.hms.dbankcloud.cn,*.huawei.com,*.platform.dbankcloud.cn,*.platform.dbankcloud.com,*.platform.dbankcloud.ru,*.platform.hicloud.com,*.vmall.com","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"eb7ce657b6814e1bc6402d66a2309dc6","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=avatar.id.huawei.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4F:6B:EE:C1:86:C1:2D:DB:AB:BF:DB:90:42:2D:06:A9:63:FF:76:52","blocks":0}}} +02011{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371748618338,"flow_dst_last_pkt_time":1708371748641934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":668,"flow_dst_max_l4_payload_len":3900,"flow_src_tot_l4_payload_len":668,"flow_dst_tot_l4_payload_len":3900,"midstream":0,"thread_ts_usec":1708371748641934,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"id7.cloud.huawei.com","domainame":"id7.cloud.huawei.com","tls": {"version":"TLSv1.2","server_names":"avatar.id.huawei.com,hts.huawei.com.cn,*.cdn.hicloud.com,*.cloud.dbankcloud.com,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.ru,*.dbankcloud.cn,*.dbankcloud.com,*.hicloud.com,*.hms.dbankcloud.cn,*.huawei.com,*.platform.dbankcloud.cn,*.platform.dbankcloud.com,*.platform.dbankcloud.ru,*.platform.hicloud.com,*.vmall.com","ja3s":"eb7ce657b6814e1bc6402d66a2309dc6","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=avatar.id.huawei.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4F:6B:EE:C1:86:C1:2D:DB:AB:BF:DB:90:42:2D:06:A9:63:FF:76:52","blocks":0}}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750154536,"flow_dst_last_pkt_time":1708371750154536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371750154536,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1708371750154536,"flow_dst_last_pkt_time":1708371750154536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708371750154536,"pkt":"ILAB4IZiNObXAhsnht1gDsawACgGQCABCwcKPcESwESm1AgNXVUmAJAAJeoSAAABEthaAJOhnCIBu2mzL7QAAAAAoAL\/KLFnAAACBAWMBAIICp1EfeQAAAAAAQMDBw=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1708371750154536,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708371750157379,"pkt":"NObXAhsnILAB4IZiht1gDeAtACgGOyYAkAAl6hIAAAES2FoAk6EgAQsHCj3BEsBEptQIDV1VAbucIrjctzlpsy+1oBL\/\/9X0AAACBATEBAIICspyNLidRH3kAQMDCQ=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1708371750157414,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708371750157414,"pkt":"ILAB4IZiNObXAhsnht1gDsawACAGQCABCwcKPcESwESm1AgNXVUmAJAAJeoSAAABEthaAJOhnCIBu2mzL7W43Lc6gBAB\/7FfAAABAQgKnUR958pyNLg="} 01489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":764,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":764,"pkt_l4_len":710,"thread_ts_usec":1708371750158421,"pkt":"ILAB4IZiNObXAhsnht1gDsawAsYGQCABCwcKPcESwESm1AgNXVUmAJAAJeoSAAABEthaAJOhnCIBu2mzL7W43Lc6gBgB\/7QFAAABAQgKnUR96MpyNLgWAwECoQEAAp0DA0lhCxZfHJxOLvTjSJDu4bOLSSpK6Z0wtJUVWTwBPDKXIKMEDyWEoDyKuKyP12dVNul0vecxGrfnmzBFntrbF0ngACITARMDEwLAK8AvzKnMqMAswDDACsAJwBPAFACcAJ0ALwA1AQACMgAAACMAIQAAHmNvbnRlbnRjZW50ZXItZHJlLmRiYW5rY2RuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDpj5aM9rjS5Xw7ViF9USpkgtp+vbu8zyEsqmNqymilMwAXAEEEli8s8GLgAzgsLcfOsYxrSM+Tk9g28iWs8Z5YgoFqkYV7skglWG1mcGiEgbsUL27l37sTaiUhj9JyeTz7\/Rxk\/AArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAGyACBGjkJG8A4FFXcLd8bQRtu3GnJJmfPPiwZFPoNYJ8k\/6ADviwxEIHbFL7CsRproYUXtYU3Cky4HFbbeuWk3q+3hO0hYI9kjRpwD5igAo\/Yii3uLz+g2+QN2Bbo\/4q7pdqXpJD21KTfS1DV8xzRHmkZq+RA4G9\/8KCA4hvD+aBZiLZ9mA\/0riNGEMOz1Gu+0DeGOr1twDTvw04HJ25rs14KZTlTRMSD0c1RcMuocWQqt3We6rFme5rDloX+sLLUhGLEP2+YEWLmOS5XPhc7ZpPWgrEghaUk\/BO56RYvMqb1E3wtiXexuged5IdBtQZZieoRz+DZlCYqE0HuLjWHRcwPSKnSz9nwBSRxSQqR9qEBAvhQ="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371750158421,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750157379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371750158421,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708371750161538,"pkt":"NObXAhsnILAB4IZiht1gDeAtACAGOyYAkAAl6hIAAAES2FoAk6EgAQsHCj3BEsBEptQIDV1VAbucIrjctzppszJbgBAAgwCiAAABAQgKynI0vJ1Efeg="} -01393{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708371750161724,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708371750161724,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","domainame":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1708371750169001,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1708371750169001,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":563,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":263723,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":45,"total-detection-updates":48,"total-updates":1,"current-active-flows":3,"total-active-flows":49,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":417,"global_ts_usec":1708719352773616} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":563,"packets-processed":562,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":263723,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":45,"total-detection-updates":48,"total-updates":1,"current-active-flows":3,"total-active-flows":49,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":417,"global_ts_usec":1708719352773616} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352773616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719352773616,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352773616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719352773616,"pkt":"ILAB4IZiNObXAhsnht1gDW8BACgGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvdIBu4y3QWIAAAAAoAL\/KM6bAAACBAWMBAIICh++fS8AAAAAAQMDBw=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719352791118,"pkt":"NObXAhsnILAB4IZiht1gDcpXACgGNiABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu90sxyPm+Mt0FjoBJvkDRGAAACBATEBAIICmIWPwsfvn0vAQMDCg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1708719352791156,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708719352791156,"pkt":"ILAB4IZiNObXAhsnht1gDW8BACAGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvdIBu4y3QWPMcj5wgBAB\/86TAAABAQgKH759QGIWPws="} 01469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":750,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":750,"pkt_l4_len":696,"thread_ts_usec":1708719352792127,"pkt":"ILAB4IZiNObXAhsnht1gDW8BArgGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvdIBu4y3QWPMcj5wgBgB\/9ErAAABAQgKH759QWIWPwsWAwECkwEAAo8DA6ujqAy\/6y3hUY70Osz6gKW2l2GwQsMvIoyB04aRYxlaIAWoUFwbBjMUZfPnIe3nZwzCWbpqrG+ewEzNoCa3GjONACITARMDEwLAK8AvzKnMqMAswDDACsAJwBPAFACcAJ0ALwA1AQACJAAAABUAEwAAEHdlYi50ZWxlZ3JhbS5vcmcAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgTtfH2HLD0eOJLtDNK\/YFMix9Y6l3jtWh5mj7+g1A8zEAFwBBBDVe5Lt6byF5Yopf750h5AQ022KO6sP+Wh7UALN6epLZS3F2llHNAJU4ZDCLOst5ePt3SYMfR37wQOnZLAkXC5wAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkAB\/g0BGQAAAQAB3AAgdEV+iggpTFLyI5A2+9V2xCM4gfr+OlV0ae+vpemj6l8A7zQux0C785JF7TH9SKydB1bZZkyzIzbZ6iHI0CzjOnZGy0mp68IjijulKqtLV\/IE\/V6WjAn4oMM1J3jwNGQjxlzZHoTqyuvCXBLQBjF2YPkAdTTArUmIVlDeG\/dTUt0v5Z0hqbnLQUmFBztOLmgN7iU\/XVAYQYn8T1G4YUedn3nPJFrY2pGQlP32CY6Tg5NqAxZqDljGWLFxZ\/GJLHdX82KvMwj9YsLDRnDXRP2ucO1UoxRJNvfwSgeHRF0uANMC+GtdjcwyAxlCaFlU2kbT7YBeExbEbNCfi2osndlyTDGUvFpugMJGswDzP7cQC+0S"} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719352792127,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"web.telegram.org","domainame":"web.telegram.org","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719352792127,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"web.telegram.org","domainame":"web.telegram.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352809518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708719352809518,"pkt":"NObXAhsnILAB4IZiht1gDcpXACAGNiABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu90sxyPnCMt0P7gBAAHs7pAAABAQgKYhY\/Dx++fUE="} -01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352810168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708719352810168,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"web.telegram.org","domainame":"web.telegram.org","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352810168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708719352810168,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"web.telegram.org","domainame":"web.telegram.org","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353812053,"flow_dst_last_pkt_time":1708719353812053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719353812053,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1708719353812053,"flow_dst_last_pkt_time":1708719353812053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719353812053,"pkt":"ILAB4IZiNObXAhsnht1gDLThACgGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvegBuzdAki0AAAAAoAL\/KM6bAAACBAWMBAIICh++gT0AAAAAAQMDBw=="} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353825157,"flow_dst_last_pkt_time":1708719353825157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719353825157,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -430,132 +430,132 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1708719353812053,"flow_dst_last_pkt_time":1708719353829289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719353829289,"pkt":"NObXAhsnILAB4IZiht1gAnpiACgGNiABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu96NXQNs43QJIuoBJvkMo8AAACBATEBAIICqLYZx0fvoE9AQMDCg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1708719353829393,"flow_dst_last_pkt_time":1708719353829289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708719353829393,"pkt":"ILAB4IZiNObXAhsnht1gDLThACAGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvegBuzdAki7V0DbPgBAB\/86TAAABAQgKH76BTqLYZx0="} 01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1708719353834468,"flow_dst_last_pkt_time":1708719353829289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":738,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":738,"pkt_l4_len":684,"thread_ts_usec":1708719353834468,"pkt":"ILAB4IZiNObXAhsnht1gDLThAqwGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvegBuzdAki7V0DbPgBgB\/9EfAAABAQgKH76BVKLYZx0WAwEChwEAAoMDA2PO50s5hnkiooLZ5ROFKx4Yl9kBwNJlLY8mJUkXV4AkIL2Lcr32fPUXuTsU+QyRvNryiWJjI\/VahxY8YarBGJi8ACITARMDEwLAK8AvzKnMqMAswDDACsAJwBPAFACcAJ0ALwA1AQACGAAAAAkABwAABHQubWUAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgxl4Mvli07L0tmNC3XBPjNd1arxEPUQLGrms9CcfUtQ0AFwBBBOIKF7uup3AK2oFiAa7\/zHT2G1PiNNhovqqVDHjJq5xAaST\/7XQ7\/hBaHNH9P1ijIZfxKWKLNNg05I7Ca9rlHGkAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkAB\/g0BGQAAAQABMAAgj22+NZ+5P15qItp3GhivG3t4IXOSGcLQOzXbKd3xWmcA73NDOJC9bQZMPtrJ4QkirbbAj5Rpk7\/5PIOqYG\/mE5j1XrsdZ2DDd0HKncTFPLgxVCiVPulsaI\/G\/KnE+MnDPra2F1L9LTX38OUjn\/GptivtBOJb+Ju6BpVBGZ2wBu+3nsTryoZYxTtGJD6fjmP2xMEvLjFgDrC\/CL6BhEzGKyzo9NL+MM9Yb8S3tG1tYVuFdvnRw8DLMD2Q3D5UAuY64wU0IsRRMNSTDlhoYvbwRRDIAAGbzqjUIKhYCPxtzs627qevGeCwqpTMJrPrXkHM4s9I2sTsOMHMt79HbOfyPyHPFIOBpJhpl1kLVhqNXyyR"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353834468,"flow_dst_last_pkt_time":1708719353829289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719353834468,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"t.me","domainame":"t.me","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353834468,"flow_dst_last_pkt_time":1708719353829289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719353834468,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"t.me","domainame":"t.me","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1708719353825157,"flow_dst_last_pkt_time":1708719353842290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719353842290,"pkt":"NObXAhsnILAB4IZiht1gCqZzACgGNSABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu98LVQWThUg3rKoBJvkBBGAAACBATEBAIICtgl4+gfvoFKAQMDCg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1708719353842359,"flow_dst_last_pkt_time":1708719353842290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708719353842359,"pkt":"ILAB4IZiNObXAhsnht1gCuiPACAGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvfABu1SDesq1UFk5gBAB\/86TAAABAQgKH76BW9gl4+g="} 01460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353842290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":745,"pkt_l4_len":691,"thread_ts_usec":1708719353843817,"pkt":"ILAB4IZiNObXAhsnht1gCuiPArMGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvfABu1SDesq1UFk5gBgB\/9EmAAABAQgKH76BXdgl4+gWAwECjgEAAooDA+ePucITQAbSyU02ILMN0dZyDaMcG3ljpGgdlWT9nXTFIEHQiUtenqR2P4zC4pWic0m7yGuHoht+IoqnPKCdOq5zACITARMDEwLAK8AvzKnMqMAswDDACsAJwBPAFACcAJ0ALwA1AQACHwAAABAADgAAC3RlbGVncmFtLm1lABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AILPPrkLskNrLqhnwv3aresxhWs+gA7UCJkYCiyB+xe8vABcAQQRVr37LvExw9rvWVGjoyYMaewpE0vFpVcxZXxIjyj+y2PK3iQIRVouerZ6GxILh13GoO9xIoae6UwjN64jZppRTACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAf4NARkAAAEAAdoAICZJ9l3pcXxTS\/6oamFumLFWo+C+TUYT9v0cd+ysuaBZAO93yIqn7HgEMVf8AMRLwRsvzCG8NACEzk9FSknefWuA1kB9PAn0K2kVYflMrilZpiQBicp1O5VRhl3WTUEWwUO6F4zCWXyPPodoD70db0aq\/b+6nbA+sNpz6XVyFQwlM9jTVHbsSpgYbAuYXdGZ+5a0Zstzll88NCYHKkc+fndzraqnmllDBiUeGWzr4tQtlOwzsDpZ79rqrIXLdbrKBTAKz54rWCPLMrkOR2ZYm3WhysOa2kB8DLT2UDMnxpdLr+m3glRKTTq2nCclAFX4lkouOuhwAWO\/4g\/oJZ5K1rv309+102hH4w95DWvujrzBFg=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353842290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719353843817,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"telegram.me","domainame":"telegram.me","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353842290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719353843817,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"telegram.me","domainame":"telegram.me","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1708719353834468,"flow_dst_last_pkt_time":1708719353852072,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708719353852072,"pkt":"NObXAhsnILAB4IZiht1gAnpiACAGNiABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu96NXQNs83QJS6gBAAHmTlAAABAQgKothnIx++gVQ="} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353834468,"flow_dst_last_pkt_time":1708719353853009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1708719353853009,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"t.me","domainame":"t.me","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353834468,"flow_dst_last_pkt_time":1708719353853009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1708719353853009,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"t.me","domainame":"t.me","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353862647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1708719353862647,"pkt":"NObXAhsnILAB4IZiht1gCqZzACAGNSABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu98LVQWTlUg31dgBAAHqrsAAABAQgK2CXj7R++gV0="} -01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353862648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1708719353862648,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"telegram.me","domainame":"telegram.me","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353843817,"flow_dst_last_pkt_time":1708719353862648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1708719353862648,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"telegram.me","domainame":"telegram.me","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371749213915,"flow_dst_last_pkt_time":1708371749213883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1027,"flow_dst_max_l4_payload_len":3900,"flow_src_tot_l4_payload_len":3616,"flow_dst_tot_l4_payload_len":12100,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748206605,"flow_dst_last_pkt_time":1708371748165737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":4380,"flow_src_tot_l4_payload_len":1281,"flow_dst_tot_l4_payload_len":9124,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750169001,"flow_dst_last_pkt_time":1708371750165742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":1269,"flow_dst_tot_l4_payload_len":5105,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":277398,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":48,"total-detection-updates":51,"total-updates":1,"current-active-flows":3,"total-active-flows":52,"total-idle-flows":49,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":445,"global_ts_usec":1708962497309716} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":277398,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":48,"total-detection-updates":51,"total-updates":1,"current-active-flows":3,"total-active-flows":52,"total-idle-flows":49,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":445,"global_ts_usec":1708962497309716} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497309716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708962497309716,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497309716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708962497309716,"pkt":"ILAB4IZiNObXAhsnCABFAAA8tohAAEAGpTvAqAH1BT0XHrReAbvuMckPAAAAAKAC+vDfJgAAAgQFtAQCCAoHPO3YAAAAAAEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708962497355167,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADYGZcQFPRcewKgB9QG7tF7fzYik7jHJEKASqbCmNAAAAgQFoAQCCApaSfP3Bzzt2AEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1708962497355205,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1708962497355205,"pkt":"ILAB4IZiNObXAhsnCABFAAA0tolAAEAGpULAqAH1BT0XHrReAbvuMckQ382IpYAQABDfHgAAAQEICgc87gZaSfP3"} 01675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1708962497356463,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":905,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":905,"pkt_l4_len":871,"thread_ts_usec":1708962497356463,"pkt":"ILAB4IZiNObXAhsnCABFAAN7topAAEAGofrAqAH1BT0XHrReAbvuMckQ382IpYAYABDiZQAAAQEICgc87gdaSfP3FgMBA0IBAAM+AwOCmeBofRmP1t6rRdvpe4xoh+90dDlovNxAn5bQrK0+QiCsGbOE2l+NlYKwiO5+BjoOwzr6Wc42warKOij2rNdX9gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAtMAAAAUABIAAA83MzIyMzEubXMub2sucnUAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwCw2T\/akXahdF0A3JSQ9zjbKCF+fKEI+biEEcSUvRViqUmIyF7Qpbjy75MC5xgjmLSg5CPth0Nw+KqLlp7bdYVFXjMHxeH6oR67o+gmXHDsXrDXi249Wr7qiiMqiIQ6J5ysPCQseP+7QaS631uHn5xg1lr8c+Ymx+UyXBu0rTrUresvchV11ExFXMeeI33tP\/q8eJCI9PpIvLKamLRM5Qplz4WTzHdE6UMZbGyNEcJ8wfUAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACC1Sp7pRm17+6NBI1Hn663oYslRtVnRXqsEJrJy9XlBSQAXAEEEut5Ig3IwNeItQQ1b\/R1S+Z6elJ1davm3i\/NksNQmvz5WnQMNJW8by7K4vCKJW0A4spWRlmiozkyy0OZSDhLzUAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAEiACBmojkgSmyCE1\/Q+T\/qcxwep2VZCkYGYtZIX6nmi5oNxADvXzksQY\/ZxqHdsVYpTuZBmvetHvN4ZrPomyNqf2oE9Cj6Q0nwpVkV655egDOW4ATcaGznopehBQ8ZMO7d8W7ukGVKp+T+XIhbN2NbLG4dZd6TYTHYZFGjUGvbFI2Seei\/bkR2MdBvwDl7IeHhUgCVb4mwTKtkN0XDepWw7lxuhWNcKCCijBdZcUYgbjwRD2DWiHYpJOWtSMUQq4MS+ooKeNTNFmWdawh9nBvOiNxShLPIMhXrvTAStTCp+4HwuBXkgOi5uf7UXSsuGupCUCCd1KkXJ3uon1dBuY9DnC5N8CM4ziF5E3+cvfLMzYBZr6M="} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497356463,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708962497356463,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"732231.ms.ok.ru","domainame":"732231.ms.ok.ru","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497356463,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708962497356463,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"732231.ms.ok.ru","domainame":"732231.ms.ok.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1708962497356463,"flow_dst_last_pkt_time":1708962497401552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1708962497401552,"pkt":"NObXAhsnILAB4IZiCABFAAA0QFBAADYGJXwFPRcewKgB9QG7tF7fzYil7jHMV4AQAFR6pwAAAQEIClpJ9CUHPO4H"} -01721{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497356463,"flow_dst_last_pkt_time":1708962497402582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":2170,"flow_src_tot_l4_payload_len":839,"flow_dst_tot_l4_payload_len":2170,"midstream":0,"thread_ts_usec":1708962497402582,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"732231.ms.ok.ru","domainame":"732231.ms.ok.ru","tls": {"version":"TLSv1.2","server_names":"*.ok.ru,odnoklassniki.ru,ok.me,okl.lt,oklive.app,tamtam.chat,tt.me,*.odnoklassniki.ru,*.ok.me,*.okl.lt,*.oklive.app,*.tamtam.chat,*.tt.me,*.ms.ok.ru,ms.ok.ru,ok.ru","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.ok.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3","blocks":0}}} +01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497356463,"flow_dst_last_pkt_time":1708962497402582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":2170,"flow_src_tot_l4_payload_len":839,"flow_dst_tot_l4_payload_len":2170,"midstream":0,"thread_ts_usec":1708962497402582,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"732231.ms.ok.ru","domainame":"732231.ms.ok.ru","tls": {"version":"TLSv1.2","server_names":"*.ok.ru,odnoklassniki.ru,ok.me,okl.lt,oklive.app,tamtam.chat,tt.me,*.odnoklassniki.ru,*.ok.me,*.okl.lt,*.oklive.app,*.tamtam.chat,*.tt.me,*.ms.ok.ru,ms.ok.ru,ok.ru","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.ok.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3","blocks":0}}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352792127,"flow_dst_last_pkt_time":1708719352810168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353853281,"flow_dst_last_pkt_time":1708719353853244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":5660,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353862698,"flow_dst_last_pkt_time":1708719353862648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":281689,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":49,"total-detection-updates":52,"total-updates":1,"current-active-flows":1,"total-active-flows":53,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1713874727209515} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":281689,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":49,"total-detection-updates":52,"total-updates":1,"current-active-flows":1,"total-active-flows":53,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":457,"global_ts_usec":1713874727209515} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727209515,"flow_dst_last_pkt_time":1713874727209515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874727209515,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1713874727209515,"flow_dst_last_pkt_time":1713874727209515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874727209515,"pkt":"SKmKCiNtCAAnZaFTCABFAAA0IZVAAIAGAADAqFirdNPKgdfoAbu+XAjuAAAAAIAC+vBYzwAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1713874727209515,"flow_dst_last_pkt_time":1713874727497923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874727497923,"pkt":"CAAnZaFTSKmKCiNtCABFAAA0IZVAACgG2IZ008qBwKhYqwG71+hkrGzzvlwI74AS+vCq9AAAAgQFoAEBAQEBAQQC"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1713874727497962,"flow_dst_last_pkt_time":1713874727497923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713874727497962,"pkt":"SKmKCiNtCAAnZaFTCABFAAAoIZZAAIAGAADAqFirdNPKgdfoAbu+XAjvZKxs9FAQ+vBYwwAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727497923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1713874727498785,"pkt":"SKmKCiNtCAAnZaFTCABFAAItIZdAAIAGAADAqFirdNPKgdfoAbu+XAjvZKxs9FAY+vBayAAAFgMBAgABAAH8AwOJ1RJlc++jCOpouTROoQ+xXjq7WtwwcCpqGK2JTxfUbyDiCYNUH\/QzGS8W\/bTLPdawn3LZytuLPYd7RkLWJWWFHwA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAF1AAAAGwAZAAAWb3Bwb3J0dW5hcmNoLmlxaXlpLmNvbQALAAQDAAECAAoADAAKAB0AFwAeABkAGDN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFgAAABcAAAAxAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACA\/9LIesqIgGU9lzs7u5QOxfcj7Yq13zNQclTChSgAoEAAVAKcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727497923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874727498785,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"opportunarch.iqiyi.com","domainame":"opportunarch.iqiyi.com","tls": {"version":"TLSv1.2","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727497923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874727498785,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"opportunarch.iqiyi.com","domainame":"opportunarch.iqiyi.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727797088,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1713874727797088,"pkt":"CAAnZaFTSKmKCiNtCABFAAAoK09AACUG0dh008qBwKhYqwG71+hkrGz0vlwK9FAQdUBtVgAAAADrPO+R"} -01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727797620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874727797620,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"opportunarch.iqiyi.com","domainame":"opportunarch.iqiyi.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727797620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874727797620,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"opportunarch.iqiyi.com","domainame":"opportunarch.iqiyi.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733252417,"flow_dst_last_pkt_time":1713874733252417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733252417,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1713874733252417,"flow_dst_last_pkt_time":1713874733252417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733252417,"pkt":"SKmKCiNtCAAnZaFTCABFAAA0YRJAAIAGAADAqFiruFYCwtisAbsu+PXbAAAAAIAC+vDUkgAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1713874733252417,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733275989,"pkt":"CAAnZaFTSKmKCiNtCABFIAA0AABAADkGbTi4VgLCwKhYqwG72KwwiLhDLvj13IAS+vC3rwAAAgQFoAEBBAIBAwMH"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1713874733276046,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713874733276046,"pkt":"SKmKCiNtCAAnZaFTCABFAAAoYRRAAIAGAADAqFiruFYCwtisAbsu+PXcMIi4RFAQBAXUhgAA"} 01294{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_usec":1713874733276281,"pkt":"SKmKCiNtCAAnZaFTCABFAAJgYRZAAIAGAADAqFiruFYCwtisAbsu+PXcMIi4RFAYBAXWvgAAFgMBAjMBAAIvAwM36gHQ8WJD1nEl8wiu1LqX\/jct7N70ybcAycpHJyRGviBLiHRDq3aFqg2CodnqrsXXF4RTmJo4z6On72ECHUJjZAAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAHGGhoAAP8BAAEAAC0AAgEBABcAAAALAAIBAERpAAUAAwJoMgAbAAMCAAIAIwAAAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAoACgAIiooAHQAXABgAEgAA\/g0A+gAAAQAB6QAgikkjaMLn4qFX6CZIoAyBKDeRkwH+M+tclUeqJopmZVwA0K+2kHwBNMF5+kzhOcY51BnKsRXfeeuNDdCjKwUVDvzTCV\/N76H7KDb3T19A4Q+nWMkej3ifilmJbQUMqQPokmxQdqUZ1YJqFq8TqENfz7iVn1Rz737Q7DaaB0FfQm7dSico1zdg105P115swwMhHZP+\/Otlvs5MKFpcae8iFD0mNA2lZQW6FJN7mjesIpN0tGMtcqJJ3miAWpfYrB+WzIHnj5U7eLuONZMWUdXjaoMnWals0AfPokLuu0nxuEcHra2da11HxywfjHXqpMsTDtgADQASABAEAwgEBAEFAwgFBQEIBgYBAAAAFQATAAAQc3RjLmlxaXlpcGljLmNvbQAzACsAKYqKAAEAAB0AIA6JmKmQY52DGDMLSrlUQAPjRLERtj0oC6x1Giau13lMACsABwbKygMEAwOqqgABAA=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733276281,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.2","ja3":"2aafde70b049185ef1cca0d7f821a8d7","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733275989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733276281,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733299535,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1713874733299535,"pkt":"CAAnZaFTSKmKCiNtCABFIAAonKFAADkG0KK4VgLCwKhYqwG72KwwiLhELvj4FFAQAfXvMQAAAAC7f6Mm"} -01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.3","ja3":"2aafde70b049185ef1cca0d7f821a8d7","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stc.iqiyipic.com","domainame":"stc.iqiyipic.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733301391,"pkt":"SKmKCiNtCAAnZaFTCABFAAA082pAAIAGAADAqFirfO3hFdfwAbtZPhTDAAAAAIAC+vB3fQAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713874733301391,"pkt":"CAAnZaFTSKmKCiNtCABFAAA082pAACMG7QJ87eEVwKhYqwG71\/DaowzrWT4UxIASAADKiQAAAgQFoAEBAQEBAQQC"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713874733301391,"pkt":"SKmKCiNtCAAnZaFTCABFAAAo821AAIAGAADAqFirfO3hFdfwAbtZPhTE2qMM7FAQ+vB3cQAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1713874733301391,"pkt":"CAAnZaFTSKmKCiNtCABFAAAoAABAAB8G5Hl87eEVwKhYqwG71\/DaowzsWT4UxFAQchCXLwAAAAC4rSnN"} 01223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1713874733301391,"pkt":"SKmKCiNtCAAnZaFTCABFAAIt83BAAIAGAADAqFirfO3hFdfwAbtZPhTE2qMM7FAY+vB5dgAAFgMBAgABAAH8AwOIpKghAoSOaTaFoeBYjD3rLLK+NCTh\/t3u4RBRMm9E9SAP56TXe27tMCuYsX+aAFTPfEDmkjRD2z326rjYGLLWOgA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAF1AAAADwANAAAKbXNnLnF5Lm5ldAALAAQDAAECAAoADAAKAB0AFwAeABkAGDN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFgAAABcAAAAxAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACDUrccmEudYZZ43Reuocc+i9aZ760vNpyG3eiujXzrJYQAVALMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.qy.net","domainame":"msg.qy.net","tls": {"version":"TLSv1.2","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.qy.net","domainame":"msg.qy.net","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.qy.net","domainame":"msg.qy.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"msg.qy.net","domainame":"msg.qy.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3113h2_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497495798,"flow_dst_last_pkt_time":1708962497540736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":2170,"flow_src_tot_l4_payload_len":1416,"flow_dst_tot_l4_payload_len":2875,"midstream":0,"thread_ts_usec":1713874733301391,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":287611,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":52,"total-detection-updates":55,"total-updates":1,"current-active-flows":3,"total-active-flows":56,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":483,"global_ts_usec":1713890981649495} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":287611,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":52,"total-detection-updates":55,"total-updates":1,"current-active-flows":3,"total-active-flows":56,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":483,"global_ts_usec":1713890981649495} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981649495,"flow_dst_last_pkt_time":1713890981649495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713890981649495,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1713890981649495,"flow_dst_last_pkt_time":1713890981649495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713890981649495,"pkt":"SKmKCiNtCAAnZaFTCABFAAA0W3JAAIAGAADAqFirNtBq2sBBAbtizhVCAAAAAIAC+vC7JAAAAgQFtAEDAwgBAQQC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1713890981649495,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1713890981788412,"pkt":"CAAnZaFTSKmKCiNtCABFAAA0AABAAO0G0sU20GrawKhYqwG7wEEwlJewYs4VQ4ASaQNIwAAAAgQFoAEBBAIBAwMI"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1713890981788451,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1713890981788451,"pkt":"SKmKCiNtCAAnZaFTCABFAAAoW3NAAIAGAADAqFirNtBq2sBBAbtizhVDMJSXsVAQBAW7GAAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1713890981788767,"pkt":"SKmKCiNtCAAnZaFTCABFAAItW3RAAIAGAADAqFirNtBq2sBBAbtizhVDMJSXsVAYBAW9HQAAFgMBAgABAAH8AwNYJQnyv+kG3\/zovTj7qX9XJh4oLXDFJswU162ES1iswCCPdRwOOCh8\/xhvx4nk4BJ16rOyYghIu+Q8WQ1leY6BQQAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAACIAIAAAHW1lZXQyNzA4Mzc0Mi5hZG9iZWNvbm5lY3QuY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACBN42mECH\/OsFhIIzl2ttCUwK0fnCzxZkD4ZqYsf84lAgAtAAIBAQArAAcGCgoDBAMDABsAAwIAAkRpAAUAAwJoMoqKAAEAABUAugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713890981788767,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981788412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1713890981788767,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981927880,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1713890981927880,"pkt":"CAAnZaFTSKmKCiNtCABFAAAouuxAAO0GF+U20GrawKhYqwG7wEEwlJexYs4XSFAQAG7wDwAAAABCWvWq"} -01354{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"meet27083742.adobeconnect.com","domainame":"meet27083742.adobeconnect.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874727209515,"flow_src_last_pkt_time":1713874727498785,"flow_dst_last_pkt_time":1713874727797620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"116.211.202.129","src_port":55272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713874733252417,"flow_src_last_pkt_time":1713874733276281,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":568,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":568,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"184.86.2.194","src_port":55468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1713874733301391,"flow_src_last_pkt_time":1713874733301391,"flow_dst_last_pkt_time":1713874733301391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1713890981928323,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"124.237.225.21","src_port":55280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.iQIYI","proto_id":"91.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":630,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289568,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":56,"total-updates":1,"current-active-flows":1,"total-active-flows":57,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1714854984089683} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":630,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":289568,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":56,"total-updates":1,"current-active-flows":1,"total-active-flows":57,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1714854984089683} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984089683,"flow_dst_last_pkt_time":1714854984089683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854984089683,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1714854984089683,"flow_dst_last_pkt_time":1714854984089683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854984089683,"pkt":"ILAB4IZiNObXAhsnCABFAAA8\/VBAAEAGRUjAqAH1A4gx\/sPeAbv5QqzqAAAAAKAC+vD4UQAAAgQFtAQCCApwdY9LAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1714854984089683,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854984207475,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAOkGmZgDiDH+wKgB9QG7w95OABkI+UKs66ASaN8GPQAAAgQFtAQCCAoKEgQMcHWPSwEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1714854984207530,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854984207530,"pkt":"ILAB4IZiNObXAhsnCABFAAA0\/VFAAEAGRU\/AqAH1A4gx\/sPeAbv5QqzrTgAZCYAQAfb4SQAAAQEICnB1j8AKEgQM"} 01436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_usec":1714854984209200,"pkt":"ILAB4IZiNObXAhsnCABFAALE\/VJAAEAGQr7AqAH1A4gx\/sPeAbv5QqzrTgAZCYAYAfb62QAAAQEICnB1j8IKEgQMFgMBAosBAAKHAwOM4CjTVIpAuGe4FgpI+FPD5Ii2bAsYD+blLuEs+tvBdSDmxu7BFZ\/fl\/62zNYeFmksEJhOusXd7NK35cby7MeI\/QAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAhwAAAANAAsAAAhic2t5LmFwcAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACD5wYr3ry\/P654CBZq1HHZFv8s1qSOxxy7aLmDeYtMAIgAXAEEEwFsY7qYe2EwUlltWbosudjwkqxcNudHhv\/Tb\/I4mlocfHIg8UFXYELwZSvzYAL0fTe8++olbJFLmjcTOy1llXQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAHCACBkHcYxtOIsDzO7bYvJGF70ZbDQiPTwVGuUSds8OGq4LwDvX\/vd7gY+Xar+eLDa1olYv5NluNvkSlBuXh4Dt8d9b3fiHZ2FNM98equEbvxX7qiFrfpfrwXVhExMwU+4l9H0WuBXiLJ4bsYEAeizIpkPe2ofZXWaoT2Oe3HL6zRlwYynegy\/4fu\/CbLzb09ZHYqRR2upZcCK5eLn7H416+qyqGeg85bFY4KCiqCMM1W42YGI\/m2Qu7KhfZ+fa4r3KBYYCejrXk1mZDAgK1oWSz8vLRnmHXLHCQFTz9Qurqa9YXtQgiIreihXpSx7v+QENwhshE000whgaQIN1YH0wH7l7UK\/8GzTAgOKkPfZ+Ne0ZrQ="} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854984209200,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984207475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854984209200,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854984327006,"pkt":"NObXAhsnILAB4IZiCABFAAA0GW5AAOkGgDIDiDH+wKgB9QG7w95OABkJ+UKve4AQAG6Z\/QAAAQEICgoSBINwdY\/C"} -01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854984327006,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984209200,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854984327006,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.app","domainame":"bsky.app","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854988939343,"flow_dst_last_pkt_time":1714854988939343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854988939343,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1714854988939343,"flow_dst_last_pkt_time":1714854988939343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854988939343,"pkt":"ILAB4IZiNObXAhsnCABFAAA8RWNAAEAGApHAqAH1LNoDUdhCAbtRjP2\/AAAAAKAC+vDy9gAAAgQFtAQCCArFdlPyAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1714854988939343,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854989035518,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAO4GmfMs2gNRwKgB9QG72ELQOtrOUYz9wKASaN90GAAAAgQFtAQCCApcyi2nxXZT8gEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1714854989035570,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854989035570,"pkt":"ILAB4IZiNObXAhsnCABFAAA0RWRAAEAGApjAqAH1LNoDUdhCAbtRjP3A0Draz4AQAfby7gAAAQEICsV2VFJcyi2n"} 01433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1714854989037367,"pkt":"ILAB4IZiNObXAhsnCABFAALHRWVAAEAGAATAqAH1LNoDUdhCAbtRjP3A0Draz4AYAfb1gQAAAQEICsV2VFRcyi2nFgMBAo4BAAKKAwNz+rqLmPTZUTcjeGZOtZjQKymonWlon\/tFKwPwnrJzgiDNx4EMpJhxwvkclPpI\/ZVlkLlh\/mfPbmmu2dzMahyPEQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAh8AAAAQAA4AAAtic2t5LnNvY2lhbAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCpIZxHQL33HscVPtnfOLqUoN46my5B\/Bx0i4y+5moEEgAXAEEEn58IKqfTLT54L9SlCrrNAOVBv2ReCc5sOzwkClTXGHHN52Yha1qLi6ue8SpwziBeDtx3FjVho8jfWXELtLxsZQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAPKACDAArcTJ1rrBj0C14tyOasFGCAOUYY9VEv9prMz\/gWtmwDvMa0lwavgH0cPPTd0cKH1K4i5tntaeFDoVlLNYmA+oOHE5MrK9jxcJSAFF1d09GqGqHspqUHK9k2qIGuX3j8iKlYE1BpfOO22FqbkQdGzCQtB0RguiARx+VjynKvYjM9STwoHDvG6n2LYbLCTTA76iwkNoaZdKvUl5oVN2\/ccVwcnVUpSJyuwTmiKosMZ2fQs+HZJPG7wFdE3SU4UxXZ+pjZk2xrlMuHMTzFvm6jIbWUt8pVQxmIzM7aPKaf16xlwTaycCAQr4hc1HPYYvGC4k3tIZs8qplIfPIkRVe7qGhfN4Jx0kM5mG3FUNAT5vP0="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854989037367,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989035518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854989037367,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989133216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854989133216,"pkt":"NObXAhsnILAB4IZiCABFAAA0Et1AAO4Ghx4s2gNRwKgB9QG72ELQOtrPUY0AU4AQAG8H\/wAAAQEIClzKLgnFdlRU"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854989133315,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989037367,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1714854989133315,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"bsky.social","domainame":"bsky.social","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993342168,"flow_dst_last_pkt_time":1714854993342168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854993342168,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1714854993342168,"flow_dst_last_pkt_time":1714854993342168,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854993342168,"pkt":"ILAB4IZiNObXAhsnCABFAAA8cT1AAEAGMfXAqAH1D8zFIIG8AbuPxXDPAAAAAKAC+vCXuAAAAgQFtAQCCAoWM3riAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1714854993342168,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1714854993436846,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADAGszIPzMUgwKgB9QG7gbykxf7Ij8Vw0KAS\/ojL5gAAAgQFtAQCCApeZc7fFjN64gEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1714854993436891,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1714854993436891,"pkt":"ILAB4IZiNObXAhsnCABFAAA0cT5AAEAGMfzAqAH1D8zFIIG8AbuPxXDQpMX+yYAQAfaXsAAAAQEIChYze0FeZc7f"} 01462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1714854993438910,"pkt":"ILAB4IZiNObXAhsnCABFAALbcT9AAEAGL1TAqAH1D8zFIIG8AbuPxXDQpMX+yYAYAfaaVwAAAQEIChYze0NeZc7fFgMBAqIBAAKeAwMzierlUq4Ky1l25rnee2MgF9aZiWvQtqPJJJx1PmqPySCNFgDlN+XvuhOJbygGgeQEG\/GKE35OBKdwlDCl403cpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAjMAAAAkACIAAB9lbm9raS51cy1lYXN0Lmhvc3QuYnNreS5uZXR3b3JrABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIK46EBJGpI7YS8+47xPV6PJ7B98xD6ICj2uBq56HkGhYABcAQQRjUGR2lF49eB8SPV4dro6ZFFKPAH5UTPyTpbKDqBRXs481IvKmk667rFNg5A1BCXb3W+YZh\/oFtu5wy2Cg5NQaACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAf4NARkAAAEAA7sAIOskgdCii5OEFv0mYAVV\/MADdwIYc456KbuTpmi6VbFmAO8g6CCARdMkCpUZ\/LTzjcXudivgs5yKTPtd9wixQa25Xdnz2aKPnrVXC2EQjOnteBiwUiv4y5j\/4EZewVmS7WtrCIE24IJdOt9FV\/Vow460zdtaTA5xoGkeY5PaJgINnXMbnJylUWadJcq40ifHaQnLNhO+TXDQqnVAy5VTZmBAMJNg7x2NM6HJ82ck3Kup9qREYFZvzZyKYJBOGhnmVvPig9CifEYjj1Iz54ai40CgJ+77cB3sQ5QssBYTr+dqkRIo1E+lFxvPylhHJlJ\/IrP\/KDkU2xW8Xj+Z2uQbKgGT8IjKfS7U4P2i1v5x1mEaQw=="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854993438910,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"enoki.us-east.host.bsky.network","domainame":"enoki.us-east.host.bsky.network","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993436846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714854993438910,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"enoki.us-east.host.bsky.network","domainame":"enoki.us-east.host.bsky.network","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 04471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2962,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2962,"pkt_l4_len":2928,"thread_ts_usec":1714854993534151,"pkt":"NObXAhsnILAB4IZiCABFAAuEfQNAADAGKucPzMUgwKgB9QG7gbykxf7Jj8Vzd4AYAfijAAAAAQEICl5lz0AWM3tDFgMDAHoCAAB2AwMqmi5Whmv7FO5Y61Gs0lXMBhlY2PXWaAg4XJD3BdhCzCCNFgDlN+XvuhOJbygGgeQEG\/GKE35OBKdwlDCl403cpRMCAAAuACsAAgMEADMAJAAdACCpZ1Nq3tX06CICpn5aopjml6DP\/qYehZGJhxDC9IxWaRQDAwABARcDAwAkwKf4iMzrBmAPR5sm4UlS+c4Zzu4otSIvX9a2C+2teRyjmTMgFwMDCkrQ5jGpeJkHlhPuVfnIV2oPNbs\/ymV9rUL8gY1qyM5FcblARFI+h6RkfCvSEjjskg\/kMQcSmecXIdVuVsfcXfaNLkKRTcoMd90erzxmdwirz5awGutCA3ZZHTD3+6IJwCwBYLrv1UnSM67YEuwj2g+oBlC9CyYRTHjdvcc4tAHn3c9JNjkXUMJYOHPOK9cXOUl8iSolkBKyaeMebQhMcqGtRFQ3zo8BdB2HCTV2DWaO\/mEPMHUBad8Tf6LcEKTrCz6iVgL1Q9NmFHU0LkIA2Pv308InOrafkIZ56wkb6sNUG0IK4X6vIH35RwGvZBmwVjHFiF4F9D+oVy+4hROzKL8mQKw+et2KkZkflySXY+uEYtPMGfXacKRRR+8a\/yU1lMSlx+ngGRgZPujGDuYPK2H2AvkJ21sVe8LzGPjOUBAvJbm0GbTMLBZ5jtxzfGQxGZiZ\/M\/bOYIPWmDg+ATQ89i69qWqmHiWBG1SnTw22s3Ne8EbxfVWHO2wzJaYtdKQYh8ti\/weL+MfD6YfxxEBnX92eP0TJg8Sq5ktUfAY0RP\/Q1ZP\/MuDETSijfqkHEJMziY\/5EnWvv9GDiAsUbRaza1VuXUety0Aa\/YL9fMKxjPlpi5fgJwCDkENRjl+63TcuV6aBXnaqamEmXv2\/ZoBleDOVpV3F1OgsCb4TBCxUgGBCSK43vHiigN46heF8oX4cDFETdqX28xjlZwMt9IFgf1TNCIWS+o9GcX+zVWWi5Uh7oZH4m+rSDNdx+Jma9JiNN\/+bWn\/cjczKe94YgMYCtKjqOp6WqS8xl8Dda6x3iWiAxr6QdlazZPj3OWYRydSOMFH2qoGezEbTv2vTRrx68z6iUerfKTI4lS2+4bnEKiRrwKZUMV0guazsWlDa7QOmC1UBFBb2XxZFilifSMg5dzLZ5IJ\/C9kBOVVPKPIE0Rg+wYvqMYyuf\/4eSQlUF4THR4SHPza4TVFXBmkeqTiX8oolUv5jfOFZsUq74yOymwf9tXrIyA\/I+njJYDbCh6VZkRTWEDd4Yg708GnbM57dWPLEpb7YJcgp33iGYfZp+sqNczdyb94r58S9c+idRHcqEJfux6HiGD3tWKL7pa+gWPs92RCA3fmPeAWhUlTJ4kKl9qvuPwPBYd+9KVqJgYf5ydZwIh\/u3sqsSQJRyrwoeskF9Fa81tFnqfJiDF7gXhfQroCT2oauGluvYqeVQKyL6f53LZLK3As5aRfFq\/KL6\/IF4EvW3wL49e2Uy5FeRk+1DZzfkW7+NEKRQRio3VHB4HS1PzDbQ\/EiHrASUBmt6\/DVCSkuhJWFgnSg6zv7dqsBSfY6gRhscxkFP0VWOBEULa\/GGhOd28LvPvRg9GFR3HGj6oyDFfN7vqlXoH9RKgFSc\/AndL9hgJFBy6GjN2\/dVtE5a\/djjn+IlXVTccTI7JX6xJdYQvxu8Xv\/aCTsrafhG+MTYUNNvwNrllCt1XE9oaWMpwP1SoDbkkt2GAlwlonpyBihp7pkS6bm75aJnL7TE0ZEcYfeGZ\/8GJAP+zMPOEr8eIJ3epXKryJHykJhmgv7db0UHwfc4oX2fUb9ixV3RIXKvuwG6CVEwluIkXgmicd1Pw6kPPNL8+4y45EDReT5IBHQQu5rfGfOGggMlViuupYgi3ss05I5DpJULXl1EKZKhaWHh6Hgti+mggbai55CZTFJtz6xG\/mapCOcS7tawnIv7OORZ\/KGPhSoeSzrfJ2jU62gU9qSijoj55nWQseFCMicOezUdb69+wTS\/dlYi9yHFpijnYusdhwevdkeO6YmnjVJrcQhpe6PPRnz5Jf+Y3ebVpLhIsJ35IWjCeWxVGzNT4qI9DY73VVPwGMWsN5snXbKiOchDZ1I7cUQDymWf9\/AcG6PKDC1qFhPGFkIwAZXG4MZz0G4C9Rj+ManSrHAE5fZBJ5z6NxhW3DR89m6VlddXn\/5H+gt9H\/mtUin3oV0VdBPJfjVkZBxy+ns02mOBneI\/Xpvl3UW4uTKzrwAR6D7IrzMlRgURRiCSZEgDbEEn1txQvqjiR0W4jAd4WtSM3IGZ9\/5mNbO37LXc\/CWvTkKvmSd2Af07ih4Er3RizWRsm8u4O3dmm7rpr2KE0kXJNcjJJ817QeqpOXgqLX7hbiOorXRG\/+ZgwF6AFgRTf2mKwdmTNM2tv7PM93WmEfSm9j9F+fgUwHxmJjAtMxPwN04SQL50mHPm\/FcFhqCYwfAneDV4trNHOcbuEpgwXBspHXnARsdcbA0HWUTjUTF2hf1DghnyftsBbA3L5xfpD0bmv\/O60AXrhqm8qVK2ZEvZFhUjmcVecpdXl3OhWnTbWylUhNpoXthEVrO+rcsQCevw0OLVKCYHg6bd\/ginVaOaVncDbOOHCDPpKIAhpUBPtzl5FU4Upadrtr6W5sIlyiVA40bafrzd2WfLnoZL1MDN7fH6ZOqOod1bmc1E0JrR5ZjP4m4tHePJfdfQG\/F7MLBzVjSQ0\/Z5o4X2a5BbvHZvaHDvyYB1A7nLac+VRrwNEs9GAi+LtbzUVwWI2EvvWw8En4+9SVDlMjz4vWw5ZHWbVVYi3RNtnEc2EOYouUQxsDy9X7t\/R1UT3VjozdeH0M8AEKGMt3FABEIFGXAN+LpcoArPdhpHnoAOL000yS5uplPBRgIV2soye1edc0rO4ihLwIi3GmbAk4r2yGYOLS1jtmSBMCweA1py7TCbNULwqGG91vTpALMVtkb0f\/X\/\/x5zm1Uc6e3u9\/9I25akIjPHZVVPdk7CiYfvHhipAnpBdP0yfRB3RpD09gxTI86ti6r9NSPTXqpCa7Hkk2XobCHF7HjYPi71\/gfAbST3TtYOOZA8NQwaVGh1AySfXOTkbFw5zJ0+s4G3o3\/saMiRTY4nVwxfWOt+aODouCSHFEVqSgTF5tNg+LgBX0zTJPqL9C4RtXfYCUyeXjha9r4ELWf8CMHfFaG0mp7eOtzfNFl9MoCykSeanOaoK4gY8cLbfKT5xdje27ZSDRxveE6US1zF9DV+Yqf9pdJW\/leRyayCqXPdTtHhoz\/BvMsFoE3qArEBoXhdGg8IhbHq0W5N0Ajk8hWC7B2HQXJGEMFDYSz+q3nak2ecQxQ3Lp3uoeyABXlMk7oww0oiqYJF7jV2+TZKcslT+jRz6SL+xW3d7XIe\/oeiNnrwo+mFzQVqal4PxhfIth+6plxuMGo3h7BfWV7WMbG0qLN2HyDDiEP7Y5QXm8dQa8TUy5TIrqPoc7zM9YUrSnBcEkdp3d78biqBNhVnng98+ZHvq6TPo\/SUykIvgVYwctyjKt5EOFfcxSmpG1ikmjMoYAKYH\/op1mn54u3Vntx4XoQmJ0DD1mU1D8Wuf3f0tqAQZBYDGb7O050PUC52FfZQNC+m2BSFuQ+7ys3mm+9mtFkNbyBxQwddr5yAAqc+k7sANJRYrpDIbkCZgdVH5BsNt385bpVingDBzdeGjhixGyn7Pn+GxmckdvAMhsERRc0TtbJipiOWNybJ1Cy8ukLvEdTzEXAwMBGXycNlQy1\/4fjmDO4jX3JNk0IeWUne+NHRFH3bARsnozEpAwGgukgRYknvO4E5iGOk6SpqQ2KAWFYqNOU8ByXCGT4CXkqD2Ixn0v1Sm8Jw=="} -01341{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1714854993534151,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"enoki.us-east.host.bsky.network","domainame":"enoki.us-east.host.bsky.network","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993438910,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1714854993534151,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"enoki.us-east.host.bsky.network","domainame":"enoki.us-east.host.bsky.network","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1713890981649495,"flow_src_last_pkt_time":1713890981788767,"flow_dst_last_pkt_time":1713890981928323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1714854993534195,"l3_proto":"ip4","src_ip":"192.168.88.171","dst_ip":"54.208.106.218","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AdobeConnect","proto_id":"91.59","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508634175,"flow_dst_last_pkt_time":1714855508634175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855508634175,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1714855508634175,"flow_dst_last_pkt_time":1714855508634175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1714855508634175,"pkt":"ILAB4IZiNObXAhsnht1gAza5ACgGQCABCwcKPcESbqWrUpIwC6UqBE5CDAAAAAAAAAAAAANHjIABu8lYr1sAAAAAoAL\/KDXhAAACBAWMBAIICkOABtUAAAAAAQMDBw=="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1714855508634175,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1714855508637050,"pkt":"NObXAhsnILAB4IZiht1gA1LzACgGOyoETkIMAAAAAAAAAAAAA0cgAQsHCj3BEm6lq1KSMAulAbuMgH1JAY\/JWK9coBL\/\/wG3AAACBATEBAIICiSfHLdDgAbVAQMDCQ=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1714855508637095,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1714855508637095,"pkt":"ILAB4IZiNObXAhsnht1gAza5ACAGQCABCwcKPcESbqWrUpIwC6UqBE5CDAAAAAAAAAAAAANHjIABu8lYr1x9SQGQgBAB\/zXZAAABAQgKQ4AG2CSfHLc="} 01465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":749,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":749,"pkt_l4_len":695,"thread_ts_usec":1714855508638270,"pkt":"ILAB4IZiNObXAhsnht1gAza5ArcGQCABCwcKPcESbqWrUpIwC6UqBE5CDAAAAAAAAAAAAANHjIABu8lYr1x9SQGQgBgB\/zhwAAABAQgKQ4AG2SSfHLcWAwECkgEAAo4DA5K+4poTIGZbFxQbxtz3GB3ORtUS0TDo2BSx\/f62oS8PIOyqjCY5Wb8aMUVgJgL5ES78Qhcp+ioS6v6vrKpgATA\/ACITARMDEwLAK8AvzKnMqMAswDDACsAJwBPAFACcAJ0ALwA1AQACIwAAABQAEgAAD21hc3RvZG9uLnNvY2lhbAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAU7+9zuWKunu65iWFoQz3SZkQxmvLy8oMB2YLyW+zTJQAXAEEEwWRpKiKf5k6F597IWbPdlt2kKlwez6WKSSO5Dl7AuEu6DfRxB3CuETML0nfG00VNmhkPxeAuWH+sH3Rsbgoy3QArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAH+DQEZAAABAAH5ACDYq1Ww1dhCdNF+ryPD3LhZNxHFsFDJaw6Ga9JCX0yhLwDvOJdvhalIL2Ld1sgFWmnOp1HGPzMQk5MhKDiJyn5Vv09eNeUpJHkRNINxjFM6rq2HtiFLW0IZuhLQjekI+4blc+D2HhDE2At0bloIDQzgM06vedLYR9xsO94SZclqV+L5zGBbKf3pzk2jXxmU1tJuQSnUNNKIZ5Djk0SkA+LZEgwWvFcVt6ZLbhxxg5Vq0\/RPx5vzBFY44Pni1idn\/c37TxGXpC9wVnFH8hrR3g5uysaC7eV2kJziFH19q4jEBajL4AswFYTu44mDds0kR1IxGqWXxDZg2uoqzqB5QondkJt8xo49n7+FIFak8gLd4YI="} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855508638270,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"mastodon.social","domainame":"mastodon.social","tls": {"version":"TLSv1.2","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508637050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855508638270,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"mastodon.social","domainame":"mastodon.social","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508641708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1714855508641708,"pkt":"NObXAhsnILAB4IZiht1gA1LzACAGOyoETkIMAAAAAAAAAAAAA0cgAQsHCj3BEm6lq1KSMAulAbuMgH1JAZDJWLHzgBABBivwAAABAQgKJJ8cu0OABtk="} -01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508643170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1714855508643170,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"mastodon.social","domainame":"mastodon.social","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307433,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":57,"total-detection-updates":60,"total-updates":1,"current-active-flows":4,"total-active-flows":61,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":529,"global_ts_usec":1714855626875150} +01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508643170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1714855508643170,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"mastodon.social","domainame":"mastodon.social","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":307433,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":57,"total-detection-updates":60,"total-updates":1,"current-active-flows":4,"total-active-flows":61,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":529,"global_ts_usec":1714855626875150} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855626875150,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1399,"pkt_l4_len":1345,"thread_ts_usec":1714855626875150,"pkt":"ILAB4IZiNObXAhsnht1gAqQwBUERQCABCwcKPcESbqWrUpIwC6UqAyiA8ggAxPrOsAwAAEP+onYBuwVB56HPAAAAAQntgqIw4+DzXG8DDjV4AEKHhuUnnf7aCsqjJ6n9uzsKazMDl36U3lgejMwMjFcChCo2U\/4egl84ETgP50PyNnQWj7l2NNX\/opJ2P6uWw+PhENIBM8sJ\/NgHq0VgbJtgDw3uez8\/MAaZE\/cl1TB\/c8CQyzdHNaaSDYGOAQWweSfIzAvWDP9hbdYh07ywhlGFuog+32Prts5MQG1WwihrPli5ULgVB865Pxdl4W\/uWX4tIEsaOq9yIUZikgtiIN\/lJ2MxWV87IMALL\/0xAnAY+oVEWruI8jd5eyEWek8DNQV53lL5nQuMu3yl1yA6PxDnzcfqiin+FXddHI3Mc15ugeOrDFLl92\/b0O83dAMS4WrgPl6nBxxv\/os70fJ9pN09aByi3MJajU7WYJifrAL5gbjNCl6HGQPh3w5kIYjMAE+4ea\/yJs9k52ITu9vwsi79PJSiXFX618uK+2jw5tOOXQVOK\/udu505vNAfkQffevVF6JBDr5h3rBgRTW6GUmAIrbPzYR6AeXyxXeTosExy8waiPa+\/8j8wNeFh42rj8mEVgdp+mvgDsoP3vBpzghC3upVNf1PnkwrL\/8puXPkr4Bs+DlC8FdJKSu5haPhdqgqXK6sKSAQTtauSV\/p4szNlL6\/UPMWULqzYXXFmG\/yqneMUt6G0Z0JzxovHx85dvQR8drgQOvo8Mp\/SUgwTb2wa0eNMwq+SynOrpUTF+jxGyaNjewWA0nnY5XakI9XBaWhGxqOjRxflsIsIxNN98VUMvRFu3Yl23bEq70Q5NVqtiOoM\/g3mm6bnNnKcPqiZlCAeS3sItwr1C6TXBPxOkaO3AMYujWFGytVr8mplzr07A9ONMULDElcuPUhzBm0DoR5ecEkv0t3rHXoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855626875150,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Threads","proto_id":"188.413","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.threads.net","domainame":"www.threads.net","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"7a8e625dea44f20fe8d8d657583506d1","ja3s":"","ja4":"q13d0314h0_55b375c5d22e_61e396c58b1f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":657,"packets-processed":656,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":308770,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":58,"total-detection-updates":60,"total-updates":1,"current-active-flows":5,"total-active-flows":62,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1722431353907697} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1714855626875150,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Threads","proto_id":"188.413","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.threads.net","domainame":"www.threads.net","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0314h0_55b375c5d22e_61e396c58b1f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":657,"packets-processed":656,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":308770,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":58,"total-detection-updates":60,"total-updates":1,"current-active-flows":5,"total-active-flows":62,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1722431353907697} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353907697,"flow_dst_last_pkt_time":1722431353907697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722431353907697,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1722431353907697,"flow_dst_last_pkt_time":1722431353907697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722431353907697,"pkt":"ILAB4IZiNObXAhsnCABFAAA8zQxAAEAGppLAqAH1aBCcb+UAAbvi6sc0AAAAAKAC+vDHSwAAAgQFtAQCCAoCIa4cAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1722431353907697,"flow_dst_last_pkt_time":1722431353928918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722431353928918,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADkGep9oEJxvwKgB9QG75QChV1Qc4urHNaAS\/\/\/CaQAAAgQFeAQCCArZVK68AiGuHAEDAw0="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1722431353928951,"flow_dst_last_pkt_time":1722431353928918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722431353928951,"pkt":"ILAB4IZiNObXAhsnCABFAAA0zQ1AAEAGppnAqAH1aBCcb+UAAbvi6sc1oVdUHYAQAfbHQwAAAQEICgIhrjHZVK68"} 02104{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353928918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1219,"pkt_l4_len":1185,"thread_ts_usec":1722431353929964,"pkt":"ILAB4IZiNObXAhsnCABFAAS1zQ5AAEAGohfAqAH1aBCcb+UAAbvi6sc1oVdUHYAYAfbLxAAAAQEICgIhrjLZVK68FgMBBHwBAAR4AwO0Vd+Hjqs6YLDUky4dttDTr7X6Ho8JWhuwTTI8oXBtmyAOY0LJVwI8nEwgs+H+tIRXBru102JrxeCQ3Q9L7FzJZAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEABA0AAAATABEAAA5zMS5ub3JkY2RuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIC14LwJvMp4sIaUVuH5Os6Rb\/VsxaIfFJv6bDS4\/qK42ABcAQQRUald3japIeUZqz4zFvZovMYuE+qdvgqaFFvAp+\/LNhYtWtBo6b1Dw1HsWe+26pYa7XfluvSHmCsGv44lAqHtEACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAf4NAhkAAAEAAU8AIPE3IdPdc+dypWyWA\/Lpql\/nw\/ySSqfhgLjxaaaoUpoCAe9M5T\/BeomAUf+Gnu5qjEcJwbW1SCBsnJdmqquZH5t7KrRqyHIlVII5ajydOx76bFPG7gzi5P+6tVrOiYYXyQazMzOI55pGxKDmdsNQ0K+XajOSQHCzOWK0snmQ8MgZEV7RFcJoolH09ISB9SuoAplh9ZEwEpclSzF07fa+UY2xRbIdASoVm0Jp4slrwo\/yCjRXaymhW6bBhpUbwvHy6+Qk23yNfiNP4IzmV417+pOsW3blQgFlRpjUvd69MH2WAbbO8cPZEX0MJ9H1JikxVPVXnkEpXAx+OoJ8TWYmGIcyG8+1qi4mxmRYmkgeE2E03ReyURMo6R12dfNb\/P4x8++S3M0bJqNkAO4BoRxTrYRXeybS4ngL66uokonF8jGFhO4fzK5vsFlfy0OQ4vlXTTLU+rjuzeKVZqYYn85kc96g3ywRTepinr0gSIEG4e3jwtxij6Sjj+xyHc00QR8d1Lbe20pp994QREUQEC5nLzLLdFl8he79aSXVCeVdKC8d4ytvdRitnaQ2eHuARdeYEdMeS29xpox2FzgOoyDmyv+N5FXHQCZ9a4eaRiw8LK3Rbwm16my8L7sPuE82mM9Ejsivh\/jUSe0cRGogey3X7E0KkuTKKmB7foSxOpY9wXqL8V+nccjEi7ThdHfCe4StGFMAKQDrAMYAwCYZbRMJdtvQeIzAnwhO+SrQLD5v0nL0D46s1oouM33AmwRF52FK\/tJznmo88TLCmzefNFiitUGNjD1O7v1iXh5EFHo0JIVSrxp1ry9DILsARKFkED5IAjGJ1MUB2JIcQyxxX\/GBW+od2qteYUHuvbMK4Z5NiVUGxqjcx5zP1bdMpKocWIxp0KSC0V3z\/\/nPFzLL5yQbe1SDa+CCUpm+4jol0AW29fh1VBkK0P+vJ+gRzCanACU2hwzSznKAprodMg6GMIoAISCifLc1oTd7kgvu0IhNuHd6Y6bfVcioqUv6XUJbI0NYow=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353928918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722431353929964,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"s1.nordcdn.com","domainame":"s1.nordcdn.com","tls": {"version":"TLSv1.2","ja3":"a195b9c006fcb23ab9a2343b0871e362","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_7121afd63204","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353928918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722431353929964,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"s1.nordcdn.com","domainame":"s1.nordcdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_7121afd63204","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353950981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722431353950981,"pkt":"NObXAhsnILAB4IZiCABFAAA0oRBAADkG2ZZoEJxvwKgB9QG75QChV1Qd4urLtoAQAAbsTAAAAQEICtlUrtICIa4y"} -01310{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353952901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":1153,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1722431353952901,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"s1.nordcdn.com","domainame":"s1.nordcdn.com","tls": {"version":"TLSv1.3","ja3":"a195b9c006fcb23ab9a2343b0871e362","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1715h2_5b57614c22b0_7121afd63204","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353929964,"flow_dst_last_pkt_time":1722431353952901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":1153,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1722431353952901,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"s1.nordcdn.com","domainame":"s1.nordcdn.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1715h2_5b57614c22b0_7121afd63204","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1714855626875150,"flow_src_last_pkt_time":1714855626875150,"flow_dst_last_pkt_time":1714855626875150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1337,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1337,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1337,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a03:2880:f208:c4:face:b00c::43fe","src_port":41590,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Threads","proto_id":"188.413","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.threads.net"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1714855508634175,"flow_src_last_pkt_time":1714855508638270,"flow_dst_last_pkt_time":1714855508643170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:6ea5:ab52:9230:ba5","dst_ip":"2a04:4e42:c00::347","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Mastodon","proto_id":"91.412","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714854988939343,"flow_src_last_pkt_time":1714854989133340,"flow_dst_last_pkt_time":1714854989133315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"44.218.3.81","src_port":55362,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1714854984089683,"flow_src_last_pkt_time":1714854984327058,"flow_dst_last_pkt_time":1714854984327006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.136.49.254","src_port":50142,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1714854993342168,"flow_src_last_pkt_time":1714854993534195,"flow_dst_last_pkt_time":1714854993534151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":679,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":679,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1722431354035876,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"15.204.197.32","src_port":33212,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bluesky","proto_id":"91.411","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":679,"packets-processed":678,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":317899,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":59,"total-detection-updates":61,"total-updates":1,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1722540110191305} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":679,"packets-processed":678,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":317899,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":59,"total-detection-updates":61,"total-updates":1,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1722540110191305} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110191305,"flow_dst_last_pkt_time":1722540110191305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722540110191305,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1722540110191305,"flow_dst_last_pkt_time":1722540110191305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722540110191305,"pkt":"ILAB4IZiCAAn\/ADWCABFAAA8BCdAAEAGK7zAqAG3kka2M6xGAbuT6uEmAAAAAKAC+vALCAAAAgQFtAQCCAq7v5eGAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1722540110191305,"flow_dst_last_pkt_time":1722540110194850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722540110194850,"pkt":"CAAn\/ADWILAB4IZiCABFAAA8AABAADgGN+OSRrYzwKgBtwG7rEboU0P1k+rhJ6AS\/ogVTwAAAgQFtAQCCAoNiXkPu7+XhgEDAwo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1722540110194916,"flow_dst_last_pkt_time":1722540110194850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722540110194916,"pkt":"ILAB4IZiCAAn\/ADWCABFAAA0BChAAEAGK8PAqAG3kka2M6xGAbuT6uEn6FND9oAQAfYLAAAAAQEICru\/l4oNiXkP"} 03193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110194850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2022,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2022,"pkt_l4_len":1988,"thread_ts_usec":1722540110195491,"pkt":"ILAB4IZiCAAn\/ADWCABFAAfYBClAAEAGJB7AqAG3kka2M6xGAbuT6uEn6FND9oAYAfYSpAAAAQEICru\/l4sNiXkPFgMBB58BAAebAwOMyJKUrIxCPHqn2VISH\/tZfuZk1kdZoye2yoV7yWY\/wSBWT4QBxYoqp27ugRxpLd9QogW7lw6Q1GxheChWriBodQAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAcyuroAAAAAACMAIQAAHml0LW1pbC12MDg2LnByb2Quc3VyZnNoYXJrLmNvbURpAAUAAwJoMgAKAAwACvr6Y5kAHQAXABgALQACAQH+DQD6AAABAAEhACAyZ8WfdTOepDHDcv8u7AZsA3ufD9Tv4o3teKWxxv\/EMADQafpU5EHwlqUmTBY7YYYXjignCOwjDanc8afJW0Vfz9TvS9Y6le9sOuXAD8soda2n7n\/v48URL9ooTFA38XzUnGbWWxIbIyiK6zPkwGlHWW2oEAI5UIi39SJ1WgdycX7xaH0kfR+AwnQwCXj0uaAYcZMpsrUf+Tlki1O9SDLm\/MQY2jwh8V\/GlM8uC6xDVgd9d8SzKuPP\/sSnRyGBbfbvCjS4JsL+hSJXlM7GksS+OkwYiGeVI3k5bdkvaiBkBZKA2DFkNscu8X8ECxMyks+zaQAXAAAAMwTvBO36+gABAGOZBMBepLOv0L1A+CYI4wqfhKxmeOnU6\/43T\/93jZmmID12ait1B5GBdodZIxoYvR1Bt1ZiFHv5qBkoJKDseiRwzqhJWjeCZg46Z\/+aHFoxjmP3ix+rsJGSBsaAj97JrP+Kx3jFLv2ZqDa0Q4LzneSJW\/rIOnQTwePHouWzILhTTXf7iTRMT8HyC6BqG4wBGYz7Pi4RKeOVGB52aJeJUxMzODmKJfWUZcKVuC0mE1vxcjTFc91WvS1KQFshPHBRFSIzXii1BlQcrFnbJy1SgetIOB01cWxRfOc3bNKTeFAqeWpkiTFWMrZVCOZ6X\/G7y\/t3DKdUbDXSrps5z\/JKK3N0c8uKYTqZxXNryAKJAf1CczhniESLIy8ArLprLrxwOaCSsWgIqQDmA3ZUY\/Nqq4dbAEPDLJm8iNVYrZ2VKWmUrrWjH2z6narhOnSQuNKHDbShLkaSvsIUv8oMHBicec2kYoEqnyDlp8erz6bcAR4VECFnWUGESIsLVsz7AKDnBowjR0PRA3e0JIZVsXicubX2OO5VJ1RGikXch6EBqshVc2koT\/Z8YUY1kl8LM2sVx7NXTPC7V8gVV4MTmPJamhuSaz7Bik+zk4rGBF6EF5xBbZi1qg6sKfOmYsuGgjnCZigFV5DqBSIKCV7cJHAIuyistjbKkUzwUq6GlqgjIxGMdntoW7qJt2CBXVZzxl0UQvrFPcKQi\/NhCzLxur\/mA8UoyYUxPOVjG4hTR2P8CcmsERIlM3VTfVyVM\/iZORh5dGGwaS0iEEQBoyH3c\/bCGK0oKsZllcr6uHQms5j8LjihTWkrk9AYuftiYpNWFCtjTV5nsDAGH2EslT20XOolySEAWOYwG9f5UjFMQDAblwpwxo1yuV7KlqjUwD7wyn2oMV+WvjERXXUEWnODz3wUm90SM\/j4DYPoP6wzqT41Be3pZEYwfaomL\/6zhb28md6gyo8ojj3YtPA2OpG0WfTUqoH3KTn2EVOIs4usJSYEPKB1EKGbF7CrnswrMOb8LfJAmPdlih9FzV3KgcVDG6nyfOk2H9qIaY85Ahd5ZZVWu2Dcifjxv4ZmxolDKm33XsEos26xVgFKVxMRFR7gxmfMXGGLYyP0A5+IiAWYPu73bCKsEvhWxCC4OoNReUr6C2SHqzXDixPbiFgTWS\/6O7s3ukpCB7\/SJauajcIjbvGyNqyhLxH5fe2xu4+qcjvCfoaboerbkRTxk6aJY3JlkyjUi7ozR0nMN7qCSBhGHd3RzwzxnR4RP6inl7bZAkVCCwOqS\/8BJUmkhdYLE2Tcu9ECVVQ8qtvFqZZVoeOSO3d6gIwDzfMbAi18OPA8o4EXm\/YZUVUAznvFxIbyxKGUdbJAU3Y1DDorWK1pESxQb8dsjubGvpSjSDJxXByUGK8AZZgKzYncMGNQAH4DWqLAjlV6AlZJedLZA8GZyy5zcT3LcM92d8L6aosZfUo3I17Vph5GJiFkxgZBYvKsYj58diybkaTqthUqzNtQpZJswkUpqCrBeeSqdpypY8vqKOXYfU9LxIayK7AWR\/OzWzOFDW1AYVTwtVRllBBnUL4WwzUaG1bpD27UcVIBjOKeFQDfNPBw9\/uosPBokaIzi\/4tYdPscMbtk8PCAB0AIOjNm82SsJEAb0nPpft6TrlEfiya99V9IL4Bv0DJ3fo6ABsAAwIAAgALAAIBAP8BAAEAACMAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEAKwAHBioqAwQDAwASAAAABQAFAQAAAAD6+gABAAApAJQAbwBpS\/B8sRFReSJY3evikIXJLVWB2N5FI2eZCBOn28Z6vmWfcY7sQ\/2Wm8uwJxQXYOH35dhi8EU8OaPsjvT6DqZYnfKVwyYaZD4fU\/BF3uPC\/iTRdePBuKHWfBHkTXMz4KEbhZyqdLQj5HyVhPpMrwAhIH2rYZdG7aGyecIA1ap3pdjqpDcW3Q2iccgaP\/djtQ8L"} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110194850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1956,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722540110195491,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"it-mil-v086.prod.surfshark.com","domainame":"it-mil-v086.prod.surfshark.com","tls": {"version":"TLSv1.2","ja3":"d6998527a1dc65a802adeb979a78e1d5","ja3s":"","ja4":"t13d1517h2_8daaf6152771_b0da82dd1658","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110194850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1956,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722540110195491,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"it-mil-v086.prod.surfshark.com","domainame":"it-mil-v086.prod.surfshark.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1517h2_8daaf6152771_b0da82dd1658","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110198684,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722540110198684,"pkt":"CAAn\/ADWILAB4IZiCABFAAA0mz9AADgGnKuSRrYzwKgBtwG7rEboU0P2k+rmz4AQAD88twAAAQEICg2JeRO7v5eL"} -01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110198757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":1956,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1722540110198757,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"it-mil-v086.prod.surfshark.com","domainame":"it-mil-v086.prod.surfshark.com","tls": {"version":"TLSv1.3","ja3":"d6998527a1dc65a802adeb979a78e1d5","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1517h2_8daaf6152771_b0da82dd1658","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":685,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110195491,"flow_dst_last_pkt_time":1722540110198757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":1956,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1722540110198757,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"it-mil-v086.prod.surfshark.com","domainame":"it-mil-v086.prod.surfshark.com","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1517h2_8daaf6152771_b0da82dd1658","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":699,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1722540110191305,"flow_src_last_pkt_time":1722540110397706,"flow_dst_last_pkt_time":1722540110391236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1956,"flow_dst_max_l4_payload_len":3460,"flow_src_tot_l4_payload_len":5083,"flow_dst_tot_l4_payload_len":6344,"midstream":0,"thread_ts_usec":1722540110397706,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"146.70.182.51","src_port":44102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SurfShark","proto_id":"91.427","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":699,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1722431353907697,"flow_src_last_pkt_time":1722431353994238,"flow_dst_last_pkt_time":1722431354035876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1153,"flow_dst_max_l4_payload_len":2782,"flow_src_tot_l4_payload_len":1671,"flow_dst_tot_l4_payload_len":7458,"midstream":0,"thread_ts_usec":1722540110397706,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"104.16.156.111","src_port":58624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NordVPN","proto_id":"91.426","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":699,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":699,"packets-processed":699,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329326,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":60,"total-detection-updates":62,"total-updates":1,"current-active-flows":0,"total-active-flows":64,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":558,"global_ts_usec":1722540110397706} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":699,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":699,"packets-processed":699,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329326,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":60,"total-detection-updates":62,"total-updates":1,"current-active-flows":0,"total-active-flows":64,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":558,"global_ts_usec":1722540110397706} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 699/699 ~~ skipped flows.............: 0 @@ -564,9 +564,9 @@ ~~ total active/idle flows...: 64/64 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7883426 bytes -~~ total memory freed........: 7883426 bytes -~~ total allocations/frees...: 116283/116283 +~~ total memory allocated....: 8460995 bytes +~~ total memory freed........: 8460995 bytes +~~ total allocations/frees...: 128014/128014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 4476 chars diff --git a/test/results/default/sites2.pcapng.out b/test/results/default/sites2.pcapng.out index 2566b91a7..b48dbf7cc 100644 --- a/test/results/default/sites2.pcapng.out +++ b/test/results/default/sites2.pcapng.out @@ -1,47 +1,64 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731420396936795} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731420396936795} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396936795,"flow_dst_last_pkt_time":1731420396936795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731420396936795,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731420396936795,"flow_dst_last_pkt_time":1731420396936795,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731420396936795,"pkt":"dNo47VMyYhO2esBpCABFAAA8cxdAAEAGXTjAqAxDAhebarcsAbva3WCRAAAAAKAC\/\/8PbAAAAgQFtAQCCAowkKk+AAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1731420396936795,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731420396938623,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAADYG2k8CF5tqwKgMQwG7tyw6TIb02t1gkqAS\/oh6cgAAAgQFaAQCCArMawkBMJCpPgEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1731420396940464,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731420396940464,"pkt":"dNo47VMyYhO2esBpCABFAAA0cxhAAEAGXT\/AqAxDAhebarcsAbva3WCSOkyG9YAQAKymygAAAQEICjCQqUPMawkB"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1731420396955865,"pkt":"dNo47VMyYhO2esBpCABFAAI5cxlAAEAGWznAqAxDAhebarcsAbva3WCSOkyG9YAYAKymUQAAAQEICjCQqVHMawkBFgMBAgABAAH8AwNCffeD+K2cUK4j5RgMvcl79ueCaJQ7pg9OgWHZMC5IYiDxnoKw55RCtQbS+vq+GdnMBrQWNTa5DPMGZny4XrhSeQAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABIAEAAADWltZy5zaGVpbi5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIK4zAy8E8JUwWPGSr1OkypoqibRb+3gAeRNNeIeRFp44AC0AAgEBACsABQQDBAMDABUA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731420396955865,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.2","ja3":"f79b6bad2ad0641e1921aef10262856b","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396938623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731420396955865,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396958564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731420396958564,"pkt":"YhO2esBpdNo47VMyCABFAAA0y81AADYGDooCF5tqwKgMQwG7tyw6TIb12t1il4AQAfqjVgAAAQEICsxrCRQwkKlR"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396959572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1731420396959572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.3","ja3":"f79b6bad2ad0641e1921aef10262856b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1731423286975849} +01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420396955865,"flow_dst_last_pkt_time":1731420396959572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1731420396959572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"img.shein.com","domainame":"img.shein.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1731423286975849} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423286975849,"flow_dst_last_pkt_time":1731423286975849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423286975849,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731423286975849,"flow_dst_last_pkt_time":1731423286975849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731423286975849,"pkt":"dNo47VMyYhO2esBpCABFAAA8ewVAAEAG3rPAqAxDFA8ACbpOAbsf3889AAAAAKAC\/\/9A2gAAAgQFtAQCCAoqw1A3AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1731423286975849,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731423287023947,"pkt":"YhO2esBpdNo47VMyCABFAAA0AABAACoGb8EUDwAJwKgMQwG7uk5XA\/aIH9\/PPoASfXgX0AAAAgQFtAEBBAIBAwMJ"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1731423287027055,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1731423287027055,"pkt":"dNo47VMyYhO2esBpCABFAAAoewZAAEAG3sbAqAxDFA8ACbpOAbsf388+VwP2iVAQAKzVcAAA"} 01224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1731423287035927,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1731423287035927,"pkt":"dNo47VMyYhO2esBpCABFAAItewdAAEAG3MDAqAxDFA8ACbpOAbsf388+VwP2iVAYAKy6BwAAFgMBAgABAAH8AwNVTcYuphR7nVMZrFFOtjb5WGTkfyNm5qfgQFVSDYKoJyBUxOeRDHijR+7t6G+Py3wpF+fbEGTlwB4myA8Zo3BezAAiEwETAhMDwCvAL8AswDDMqcyowAnAE8AKwBQAnACdAC8ANQEAAZEAAAARAA8AAAxndG0udGVtdS5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAgQOQLGZ\/lDN\/pNE+wvKk5GPImFEUpXxL+6hEL3I7cEzoALQACAQEAKwAJCAMEAwMDAgMBABUA7QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287035927,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423287035927,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"gtm.temu.com","domainame":"gtm.temu.com","tls": {"version":"TLSv1.2","ja3":"92768199641a57091d8ad9085387a16f","ja3s":"","ja4":"t13d1712h2_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287035927,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423287035927,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"gtm.temu.com","domainame":"gtm.temu.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1712h2_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1731423287318655,"flow_dst_last_pkt_time":1731423287023947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1731423287318655,"pkt":"dNo47VMyYhO2esBpCABFAAItewhAAEAG3L\/AqAxDFA8ACbpOAbsf388+VwP2iVAYAKy6BwAAFgMBAgABAAH8AwNVTcYuphR7nVMZrFFOtjb5WGTkfyNm5qfgQFVSDYKoJyBUxOeRDHijR+7t6G+Py3wpF+fbEGTlwB4myA8Zo3BezAAiEwETAhMDwCvAL8AswDDMqcyowAnAE8AKwBQAnACdAC8ANQEAAZEAAAARAA8AAAxndG0udGVtdS5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAgQOQLGZ\/lDN\/pNE+wvKk5GPImFEUpXxL+6hEL3I7cEzoALQACAQEAKwAJCAMEAwMDAgMBABUA7QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287318655,"flow_dst_last_pkt_time":1731423287367502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1731423287367502,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"gtm.temu.com","domainame":"gtm.temu.com","tls": {"version":"TLSv1.3","ja3":"92768199641a57091d8ad9085387a16f","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1712h2_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287318655,"flow_dst_last_pkt_time":1731423287367502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1731423287367502,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"gtm.temu.com","domainame":"gtm.temu.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1712h2_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358197032,"flow_dst_last_pkt_time":1731423358197032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423358197032,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731423358197032,"flow_dst_last_pkt_time":1731423358197032,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1731423358197032,"pkt":"dNo47VMyYhO2esBpCABFAAA81l1AAEAG4UDAqAxDO1J64Km2AbsJp6rRAAAAAKAC\/\/+JpQAAAgQFtAQCCArBDhpCAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731423358197032,"flow_dst_last_pkt_time":1731423358446960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1731423358446960,"pkt":"YhO2esBpdNo47VMyCABFAAA0fUEAACsGj2U7UnrgwKgMQwG7qbZPQaeACaeq0oASchAjOAAAAgQFoAEBBAIBAwMJ"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1731423358450187,"flow_dst_last_pkt_time":1731423358446960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1731423358450187,"pkt":"dNo47VMyYhO2esBpCABFAAAo1l5AAEAG4VPAqAxDO1J64Km2AbsJp6rST0GngVAQAKzVXAAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358446960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1731423358450971,"pkt":"dNo47VMyYhO2esBpCABFAAIt1l9AAEAG303AqAxDO1J64Km2AbsJp6rST0GngVAYAKxWjQAAFgMBAgABAAH8AwOw4jMveuI37\/WjiDyHnQ2hsVjHV479o+4ZVl+phMB3UiD14qfyyqtTcIeH+ZFkKDc4ONPDr49jhmk6Epq\/t9xE7wAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAUABIAAA91bWRjLnRhb2Jhby5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIOsnlJesNI2mFGjT+vmekRyUoTa0OrykWZ32SO1oh8JjAC0AAgEBACsACQgDBAMDAwIDAQAVAOkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358446960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423358450971,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358446960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731423358450971,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358700774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1731423358700774,"pkt":"YhO2esBpdNo47VMyCABFAAAofdUAACsGjt07UnrgwKgMQwG7qbZPQaeBCaes11AQADzTxwAA"} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358702659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1731423358702659,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02005{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358702664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3683,"midstream":0,"thread_ts_usec":1731423358702664,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","server_names":"*.alibabachengdun.com,*.alibabachengdun.net,umdc.aliapp.org,*.ynuf.aliapp.org,sgynuf.alibaba.com,pum.m.alibaba.com,ynuf.aliapp.org,mum.hzchengdun.com,mum.m.alibaba.com,umdc.alibaba-inc.com,umidiot.aliapp.org,us-mum.alibabachengdun.com,sg-pum.alibabachengdun.com,sg-pum.alibabachengdun.net,umdc.taobao.com,umdc.tmall.com,alibabachengdun.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabachengdun.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"A4:84:85:BF:7A:3D:54:C0:EE:F2:8B:39:E7:ED:56:FB:74:6B:5E:61","blocks":0}}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358973813,"flow_dst_last_pkt_time":1731423358968432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2286,"flow_dst_tot_l4_payload_len":3957,"midstream":0,"thread_ts_usec":1731423358973813,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287471416,"flow_dst_last_pkt_time":1731423287519256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1403,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1731423358973813,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420397022641,"flow_dst_last_pkt_time":1731420397024867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":3609,"midstream":0,"thread_ts_usec":1731423358973813,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1731423358973813} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358702659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1731423358702659,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01964{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358450971,"flow_dst_last_pkt_time":1731423358702664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3683,"midstream":0,"thread_ts_usec":1731423358702664,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping","hostname":"umdc.taobao.com","domainame":"umdc.taobao.com","tls": {"version":"TLSv1.2","server_names":"*.alibabachengdun.com,*.alibabachengdun.net,umdc.aliapp.org,*.ynuf.aliapp.org,sgynuf.alibaba.com,pum.m.alibaba.com,ynuf.aliapp.org,mum.hzchengdun.com,mum.m.alibaba.com,umdc.alibaba-inc.com,umidiot.aliapp.org,us-mum.alibabachengdun.com,sg-pum.alibabachengdun.com,sg-pum.alibabachengdun.net,umdc.taobao.com,umdc.tmall.com,alibabachengdun.com","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabachengdun.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"A4:84:85:BF:7A:3D:54:C0:EE:F2:8B:39:E7:ED:56:FB:74:6B:5E:61","blocks":0}}} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1732445063203009} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732445063203009,"flow_src_last_pkt_time":1732445063203009,"flow_dst_last_pkt_time":1732445063203009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732445063203009,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"151.101.1.233","src_port":39974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1732445063203009,"flow_dst_last_pkt_time":1732445063203009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732445063203009,"pkt":"dNo47VMyYhO2esBpCABFAAA8ui9AAEAGGlPAqAxDl2UB6ZwmAbtWoYiZAAAAAKAC\/\/9YtAAAAgQFtAQCCApeiK1rAAAAAAEDAwk="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1732445063203009,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732445063205466,"pkt":"YhO2esBpdNo47VMyCABFAAA8AABAADkG24KXZQHpwKgMQwG7nCZHn3ZAVqGImqAS\/\/+8LQAAAgQFTAQCCArTpwtWXoitawEDAwk="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1732445063207751,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1732445063207751,"pkt":"dNo47VMyYhO2esBpCABFAAA0ujBAAEAGGlrAqAxDl2UB6ZwmAbtWoYiaR592QYAQAKzp4QAAAQEICl6IrXHTpwtW"} +01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1732445063210226,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1732445063210226,"pkt":"dNo47VMyYhO2esBpCABFAAI5ujFAAEAGGFTAqAxDl2UB6ZwmAbtWoYiaR592QYAYAKz5iAAAAQEICl6IrXTTpwtWFgMBAgABAAH8AwPJ+pgQDO5FSugmybJZNHpfqmkJmXRCVlhfpwHW+MOROSDXTRYB4l\/38fslHHN4b7gkjvkJQQYx0Z0UI5T\/zKD1IwAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAACMAIQAAHnZvZC1nY3MtY2VkZXhpcy5jYnNhYXZpZGVvLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAgexK72snog3mdEJ+0hILDEgmeMQjW9XK5IvNYYemsoX4ALQACAQEAKwAFBAMEAwMAFQDiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732445063203009,"flow_src_last_pkt_time":1732445063210226,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"151.101.1.233","src_port":39974,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ParamountPlus","proto_id":"91.439","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"vod-gcs-cedexis.cbsaavideo.com","domainame":"vod-gcs-cedexis.cbsaavideo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513ht_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1731423358197032,"flow_src_last_pkt_time":1731423358973813,"flow_dst_last_pkt_time":1731423358968432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2286,"flow_dst_tot_l4_payload_len":3957,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"59.82.122.224","src_port":43446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Taobao","proto_id":"91.436","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1731423286975849,"flow_src_last_pkt_time":1731423287471416,"flow_dst_last_pkt_time":1731423287519256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1403,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"20.15.0.9","src_port":47694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Temu","proto_id":"91.435","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1731420396936795,"flow_src_last_pkt_time":1731420397022641,"flow_dst_last_pkt_time":1731420397024867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":3609,"midstream":0,"thread_ts_usec":1732445063210226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"2.23.155.106","src_port":46892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Shein","proto_id":"91.434","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":27,"category":"Shopping"}} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17177,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1732825707164882} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707164882,"flow_dst_last_pkt_time":1732825707164882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707164882,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1732825707164882,"flow_dst_last_pkt_time":1732825707164882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732825707164882,"pkt":"UP8gvIqNuIdu9d+0CABFAAA8dKxAAEAGbkXAqABk1bTBCcucAFAg9TdYAAAAAKACchAL3QAAAgQFtAQCCAoKHEP0AAAAAAEDAwU="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1732825707164882,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1732825707169484,"pkt":"uIdu9d+0UP8gvIqNCABFAAA8AABAADsG5\/HVtMEJwKgAZABQy5wPoJr0IPU3WaASqUrGHgAAAgQFggQCCApMeBeVChxD9AEDAwg="} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1732825707171476,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1732825707171476,"pkt":"UP8gvIqNuIdu9d+0CABFAAA0dK1AAEAGbkzAqABk1bTBCcucAFAg9TdZD6Ca9YAQA5GacQAAAQEICgocQ\/ZMeBeV"} +00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1732825707173272,"pkt":"UP8gvIqNuIdu9d+0CABFAAC0dK5AAEAGbcvAqABk1bTBCcucAFAg9TdZD6Ca9YAYA5EqTQAAAQEICgocQ\/ZMeBeVSEVBRCAvZ2VuZXJhdGVfMjA0IEhUVFAvMS4xDQpIb3N0OiBzY2JoLnlhbmRleC5uZXQNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiB5YW5kZXhtaW5pXzIvMC4yNzAuMS40OC4yNjgzNjk0NTAyLjIwMjQxMTE1LjE5OQ0KDQo="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707169484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707173272,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.YandexAlice","proto_id":"7.440","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"scbh.yandex.net","domainame":"scbh.yandex.net","http": {"url":"scbh.yandex.net\/generate_204","code":0,"content_type":"","user_agent":"yandexmini_2\/0.270.1.48.2683694502.20241115.199"}}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1732825707173272,"flow_dst_last_pkt_time":1732825707177726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1732825707177726,"pkt":"uIdu9d+0UP8gvIqNCABFAAA0KQpAADsGvu\/VtMEJwKgAZABQy5wPoJr1IPU32YAQAKmc0QAAAQEICkx4F50KHEP2"} +01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1732825707164882,"flow_src_last_pkt_time":1732825707187512,"flow_dst_last_pkt_time":1732825707184702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1732825707187512,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"213.180.193.9","src_port":52124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.YandexAlice","proto_id":"7.440","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"scbh.yandex.net"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1732445063203009,"flow_src_last_pkt_time":1732445063210226,"flow_dst_last_pkt_time":1732445063205466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732825707187512,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"151.101.1.233","src_port":39974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ParamountPlus","proto_id":"91.439","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/sites2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":62,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17383,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1732825707187512} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 48/48 +~~ packets captured/processed: 62/62 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 16660 bytes -~~ total detected protocols..: 3 -~~ total active/idle flows...: 3/3 +~~ total layer4 data length..: 17383 bytes +~~ total detected protocols..: 5 +~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6968751 bytes -~~ total memory freed........: 6968751 bytes -~~ total allocations/frees...: 114253/114253 +~~ total memory allocated....: 7553727 bytes +~~ total memory freed........: 7553727 bytes +~~ total allocations/frees...: 126028/126028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars -~~ json message max len.......: 2010 chars -~~ json message avg len.......: 1259 chars +~~ json message max len.......: 1969 chars +~~ json message avg len.......: 1249 chars diff --git a/test/results/default/skinny.pcap.out b/test/results/default/skinny.pcap.out index cb536cce9..41b02a12a 100644 --- a/test/results/default/skinny.pcap.out +++ b/test/results/default/skinny.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317801130501299} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1317801130501299} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1317801130501299,"pkt":"ABTy5fxCAB56JnR1CABFYABAE3YAAEAGYUrAqMM6wKjBDMD3B9A1u8s7p8yxgFAYIAAcEAAAEAAAABQAAAAmAAAAAQAAAAAAAAAAAAAA"} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -22,7 +22,7 @@ 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134323001,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134323001,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4QAAEARXivAqMM6wKjDMn2QRTYAtIyXgIAFnAAC4MD2v1fc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134342549,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134342549,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4UAAEARYETAqMM6wKjBGH2WJLMAtJrugAAFnAAC4WD2v1fifX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134342950,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134342950,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4YAAEARXinAqMM6wKjDMn2QRTYAtHhcgAAFnQAC4WD2v1fcfX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} -00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801134342950,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134342950,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801134342950,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134342950,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134342960,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134342960,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4YAAEARXinAqMM6wKjDMn2QRTYAtHhcgAAFnQAC4WD2v1fcfX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134348136,"flow_src_last_pkt_time":1317801134348136,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134348136,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134348136,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134348136,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+YAAEARX+vAqMMywKjBGEU+JLcAtEN5gIAGQwAFh3h8EHHo\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} @@ -30,22 +30,22 @@ 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134349579,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134349579,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134349579,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134349579,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4cAAEARYELAqMM6wKjBGH2YJLQAtKCZgIAFlAAFh3geBjsi\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134362584,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134362584,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4gAAEARYEHAqMM6wKjBGH2WJLMAtPMngAAFnQAC4gD2v1fi\/H3+end3dHZ1dHp8ffz6\/f9+eXv8\/vr4+\/v8\/fz7\/Pv5fnx5d3x2dv\/++\/n7+fr7+\/9+fnt3dHVzdHZ5fnt8\/f\/+\/Pz6\/n\/7\/f35\/vz3\/n\/9f3\/\/fXp7e3t8fH16d3l8fX\/+fX\/+fH58e359\/vr6+Px8fnz++P39\/H59fXx8e3h5d3V7fn78\/f319\/r6+\/n9f\/19f3x1eHhydXd6\/v\/8\/A=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134362584,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134362584,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134362584,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134362584,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134368098,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134368098,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+gAAEARX+nAqMMywKjBGEU+JLcAtNjtgAAGRAAFiBh8EHHof\/79+v56fX1+fHl7en3\/fHx+\/f7+\/n58f\/9\/fnp7fvz6\/\/\/+\/Pt+\/nx5e3x9fP9+fH18fnp7fHx+eX3+\/f1+fv37\/Hx7\/n7+\/nz9fXt9fv59eHp\/e39+eX17fn3+\/337\/\/v+f\/p9\/v18\/\/9+fXx7e317ff5+fHt9fn5+f37\/\/H99ff77+v5+fn76\/X5+e39\/fv59fXz\/\/H58enr+fH17dg=="} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134369410,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134369410,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4oAAEARYD\/AqMM6wKjBGH2YJLQAtDYOgAAFlQAFiBgeBjsif\/79+v56fX1+fHl7en3\/fHx+\/f7+\/n58f\/9\/fnp7fvz6\/\/\/+\/Pt+\/nx5e3x9fP9+fH18fnp7fHx+eX3+\/f1+fv37\/Hx7\/n7+\/nz9fXt9fv59eHp\/e39+eX17fn3+\/337\/\/v+f\/p9\/v18\/\/9+fXx7e317ff5+fHt9fn5+f37\/\/H99ff77+v5+fn76\/X5+e39\/fv59fXz\/\/H58enr+fH17dg=="} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134382485,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134382485,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4sAAEARYD7AqMM6wKjBGH2WJLMAtLJZgAAFngAC4qD2v1fi\/Pn+\/Pr9\/Xt+fnd9enn9e338\/fp+f\/n8\/f79\/n5+enh5eHl8fX5\/\/v95fv5\/\/P36\/n1\/fvr6\/P1\/\/f7\/\/315d3l3eXp7\/3x6fX5+fnl7\/H5\/\/n7+fXx+fv7+f37+\/v75+Pr09fn2+359eHd3c3Z5dXh9fP78fvz5\/vv8ff7+fX9\/fv3+\/nx5e3h1d3Z4eXh6\/\/z6+\/79\/X17fv5+\/\/\/9+g=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134383882,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134383882,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134383882,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134383882,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+sAAEARX+bAqMMywKjBGEVEJLgAtEqsgAAGPwAC4qB8EHHz\/Pn+\/Pr9\/Xt+fnd9enn9e338\/fp+f\/n8\/f79\/n5+enh5eHl8fX5\/\/v95fv5\/\/P36\/n1\/fvr6\/P1\/\/f7\/\/315d3l3eXp7\/3x6fX5+fnl7\/H5\/\/n7+fXx+fv7+f37+\/v75+Pr09fn2+359eHd3c3Z5dXh9fP78fvz5\/vv8ff7+fX9\/fv3+\/nx5e3h1d3Z4eXh6\/\/z6+\/79\/X17fv5+\/\/\/9+g=="} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134388067,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134388067,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+wAAEARX+XAqMMywKjBGEU+JLcAtDLhgAAGRQAFiLh8EHHofHt9f319fPv+\/v54f\/7\/e3l9e\/79f3p7fn18e316ff5+\/X58fv1\/\/v9+f3p+f31\/fv3+f31+\/np6fnx8fnz9\/P\/8fv37ff3\/fH7+\/3v\/f318f\/t8fP19fH19\/fl\/ev39+fx9d3Fw+NlhW8pMTLpRPsLeSefcWnbk8lz61FL72VV96Wtf6+1j6G777m\/scn\/3eX7+cXDubGz2fnF77nN2\/A=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134348136,"flow_src_last_pkt_time":1317801134388067,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134388067,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134348136,"flow_src_last_pkt_time":1317801134388067,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134388067,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134389369,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134389369,"pkt":"ABTy5fxCAB56JnR1CABFuADIE40AAEARYDzAqMM6wKjBGH2YJLQAtJABgAAFlgAFiLgeBjsifHt9f319fPv+\/v54f\/7\/e3l9e\/79f3p7fn18e316ff5+\/X58fv1\/\/v9+f3p+f31\/fv3+f31+\/np6fnx8fnz9\/P\/8fv37ff3\/fH7+\/3v\/f318f\/t8fP19fH19\/fl\/ev39+fx9d3Fw+NlhW8pMTLpRPsLeSefcWnbk8lz61FL72VV96Wtf6+1j6G777m\/scn\/3eX7+cXDubGz2fnF77nN2\/A=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134389369,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134389369,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134389369,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134389369,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134402500,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134402500,"pkt":"ABTy5fxCAB56JnR1CABFuADIE44AAEARYDvAqMM6wKjBGH2WJLMAtIh3gAAFnwAC40D2v1fi+vv9\/f7+\/nx6eXh7ff\/9\/fb4+vj5+f5+fHh8eHd5en5++\/39\/Xt\/enl7eH54efr+\/Pp9f3p5fHV4enp\/\/Pj59vn+9vb8fHl6d3t5ev5\/\/P768\/n5+f7+fHV1dnR6fXd8\/31\/eHr+eX39d3n4\/f73+Pz8\/3t7e3p2dn59fPv5+\/v4\/X\/8fH18e39+fv78\/fv59\/b7\/nx7fXh3d3p\/fHt9fg=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134403859,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134403859,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+4AAEARX+PAqMMywKjBGEVEJLgAtCDKgAAGQAAC40B8EHHz+vv9\/f7+\/nx6eXh7ff\/9\/fb4+vj5+f5+fHh8eHd5en5++\/39\/Xt\/enl7eH54efr+\/Pp9f3p5fHV4enp\/\/Pj59vn+9vb8fHl6d3t5ev5\/\/P768\/n5+f7+fHV1dnR6fXd8\/31\/eHr+eX39d3n4\/f73+Pz8\/3t7e3p2dn59fPv5+\/v4\/X\/8fH18e39+fv78\/fv59\/b7\/nx7fXh3d3p\/fHt9fg=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134408162,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134408162,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+8AAEARX+LAqMMywKjBGEU+JLcAtJtogAAGRgAFiVh8EHHoe\/z7+HV8+f34eXz09Xt7+nJ1\/H56dn7+fvl\/d\/v6dXp9evl3cPn9d3z6+\/18en11fvx1ev7\/e3l8\/v98eXb3+f\/+b3z5eHl+\/P\/8\/X18\/f5ye\/57d3b9\/fp8dPT2fXpvfvN\/dHf39316ffz9\/X13fPf\/b3T9+f1\/fX39eXt+f\/p4ev19\/3d6\/fz7eXh7\/P15fHz+\/n39+397+fx+enZ\/dw=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134409515,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134409515,"pkt":"ABTy5fxCAB56JnR1CABFuADIE5AAAEARYDnAqMM6wKjBGH2YJLQAtPiIgAAFlwAFiVgeBjsie\/z7+HV8+f34eXz09Xt7+nJ1\/H56dn7+fvl\/d\/v6dXp9evl3cPn9d3z6+\/18en11fvx1ev7\/e3l8\/v98eXb3+f\/+b3z5eHl+\/P\/8\/X18\/f5ye\/57d3b9\/fp8dPT2fXpvfvN\/dHf39316ffz9\/X13fPf\/b3T9+f1\/fX39eXt+f\/p4ev19\/3d6\/fz7eXh7\/P15fHz+\/n39+397+fx+enZ\/dw=="} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134423839,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134423839,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/EAAEARX+DAqMMywKjBGEVEJLgAtBwlgAAGQQAC4+B8EHHzfn78fXn\/eXV9d3b9\/338+\/f7fH59e3p2eX3++\/309fz6e3l6c3h3dnt3fff49\/Pz9vf2+Pv9fX19fX1+\/f1\/e3l5d3d1dHh6fHp6fv7++\/r3+H59fHx9e3l9+\/99\/P37+X57e3l8e3p\/f379\/fv7+\/r8\/v\/8\/n7\/\/\/39fXx6dnd5ev9+eXx6eH16fPx\/\/Pj5+fv7\/H15d3l7fH7\/\/f39\/A=="} -00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134423839,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134423839,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134423839,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134423839,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134428128,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134428128,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/IAAEARX9\/AqMMywKjBGEU+JLcAtO6VgAAGRwAFifh8EHHoeXd2+\/75+fr1+3hx\/vh4dHl7\/fd+fPv4+v9+f\/58enh6fnd5\/nt7fHZ8fXr9eHn99vJ\/fHh8+n9+fX7\/fnt9f\/57d\/7++vv8+nz7+3v++Xxwe\/b+enp2eH19fn78fnl8fv56en5+f339\/P59ffp6\/PxzfH\/7\/n17d\/p9en55enR9fXdza3B0dnZuffr78\/Ly7+vs7O7z8\/n4fW9wb3BvbQ=="} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134429422,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134429422,"pkt":"ABTy5fxCAB56JnR1CABFuADIE5MAAEARYDbAqMM6wKjBGH2YJLQAtEu2gAAFmAAFifgeBjsieXd2+\/75+fr1+3hx\/vh4dHl7\/fd+fPv4+v9+f\/58enh6fnd5\/nt7fHZ8fXr9eHn99vJ\/fHh8+n9+fX7\/fnt9f\/57d\/7++vv8+nz7+3v++Xxwe\/b+enp2eH19fn78fnl8fv56en5+f339\/P59ffp6\/PxzfH\/7\/n17d\/p9en55enR9fXdza3B0dnZuffr78\/Ly7+vs7O7z8\/n4fW9wb3BvbQ=="} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134443939,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134443939,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/QAAEARX93AqMMywKjBGEVEJLgAtJYRgAAGQgAC5IB8EHHz\/v76\/3t\/fHh4d3l9\/Pn49vX1+\/\/6f3x\/en3+\/v1+\/P19dnh7dnh0dXd1fX3++v34+vr7+vp4eX9\/\/nt6fX\/\/fP76+v19fH97dXZxd\/5\/+PPz8vb7\/v18fHt5+\/379\/z3\/Hh6cm5zcHB1d3r+\/P37+fn5\/n79\/v78fn76\/Px+fP1+fn16fnp4fv37\/v3+e\/79ffx+evz9fv9\/\/f3+\/nx8+g=="} @@ -58,7 +58,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134663930,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134662589,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134649425,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2752,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":200,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1317801134668514} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":200,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1317801134668514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/196 ~~ skipped flows.............: 0 @@ -67,9 +67,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927577 bytes -~~ total memory freed........: 6927577 bytes -~~ total allocations/frees...: 114399/114399 +~~ total memory allocated....: 7505173 bytes +~~ total memory freed........: 7505173 bytes +~~ total allocations/frees...: 126130/126130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 2175 chars diff --git a/test/results/default/skype-conference-call.pcap.out b/test/results/default/skype-conference-call.pcap.out index db750fcd9..140ab3ff9 100644 --- a/test/results/default/skype-conference-call.pcap.out +++ b/test/results/default/skype-conference-call.pcap.out @@ -1,15 +1,15 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1501061916646303} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1501061916646303} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916646303,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916653642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916653642,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTYAAG4RtBdoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916653642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1501061916690803,"pkt":"XEl5dU5qxCwDBkn+CABFAABkjWYAAEARmgfAqAIUaC4oMcCC7OIAUFnEAQEANCESpEI8yF2moGJ4zvU2wuEAIAAIAAHN8Ek8jHOAcAAEAAAAAwAIABSgsacIkgIOfzKEQbuerkeFTLj204AoAASK\/70B"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916708119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1501061916708119,"pkt":"xCwDBkn+XEl5dU5qCABFAABkRTcAAG4RtDZoLigxwKgCFOziwIIAUMppAQEANCESpELFWk\/f3gwyXjBMYMcAIAAIAAHhkH7lJQGAcAAEAAAAAwAIABQrKEEJgBBMTTHUJMwo4kS9VvHVU4AoAARKHr2N"} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916708296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916708296,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTgAAG4RtBVoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} -02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916821040,"flow_dst_last_pkt_time":1501061916812989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":6417,"flow_dst_tot_l4_payload_len":1824,"midstream":0,"thread_ts_usec":1501061916821040,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":11013.6,"max":100094,"stddev":22446.4,"var":503839616.0,"ent":3.0,"data": [7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718]},"pktlen": {"min":63,"avg":285.5,"max":943,"stddev":317.0,"var":100457.8,"ent":4.3,"data": [132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121]},"bins": {"c_to_s": [0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0],"entropies": [5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":133,"flow_dst_packets_processed":67,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061918126158,"flow_dst_last_pkt_time":1501061918151791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":915,"flow_src_tot_l4_payload_len":19259,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1501061918151791,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":200,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1501061918151791} +02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916821040,"flow_dst_last_pkt_time":1501061916812989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":6417,"flow_dst_tot_l4_payload_len":1824,"midstream":0,"thread_ts_usec":1501061916821040,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":11013.6,"max":100094,"stddev":22446.4,"var":503839616.0,"ent":3.0,"data": [7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718]},"pktlen": {"min":63,"avg":285.5,"max":943,"stddev":317.0,"var":100457.8,"ent":4.3,"data": [132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121]},"bins": {"c_to_s": [0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0],"entropies": [5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":133,"flow_dst_packets_processed":67,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061918126158,"flow_dst_last_pkt_time":1501061918151791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":915,"flow_src_tot_l4_payload_len":19259,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1501061918151791,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":200,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1501061918151791} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/200 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6913413 bytes -~~ total memory freed........: 6913413 bytes -~~ total allocations/frees...: 114337/114337 +~~ total memory allocated....: 7491031 bytes +~~ total memory freed........: 7491031 bytes +~~ total allocations/frees...: 126069/126069 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars -~~ json message max len.......: 2329 chars -~~ json message avg len.......: 1401 chars +~~ json message max len.......: 2323 chars +~~ json message avg len.......: 1400 chars diff --git a/test/results/default/smb_deletefile.pcap.out b/test/results/default/smb_deletefile.pcap.out index a3874c25c..a67547123 100644 --- a/test/results/default/smb_deletefile.pcap.out +++ b/test/results/default/smb_deletefile.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584368315417275} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1584368315417275} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_usec":1584368315417275,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} 00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":""}} @@ -9,7 +9,7 @@ 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584368317575781,"flow_dst_last_pkt_time":1584368317576871,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1584368317576871,"pkt":"KDc3AG3I2MuK4S0uCABFAAH8OLFAAIAGO8nAqAG7wKgBdgG93hDyQzQX6KAIKlAYEAdr9gAAAAAB0P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJ8PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAHF8fnEN3tQBwjwds5371QFsgQlGF1nVAZpBFPwbWdUBABAAAAAAAAAAEAAAAAAAABEAAAAAAAAAEwQAAAoAAADNAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAAC4AAAAoA8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASABwAAAAAAAAAAAAAABsgQlGF1nVAaWmw1ic+9UBpabDWJz71QGlpsNYnPvVAQAAAAAAAAAAAAAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5UGAAAABQBMAHUAYwBhAP5TTUJAAAEAAAAAAAYAAwAFAAAAAAAAAKEPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317627960,"flow_dst_last_pkt_time":1584368317628867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":412,"flow_dst_max_l4_payload_len":500,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":3826,"midstream":1,"thread_ts_usec":1584368317628867,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":20,"avg":142654.1,"max":2158424,"stddev":529256.2,"var":280112168960.0,"ent":1.2,"data": [1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895]},"pktlen": {"min":40,"avg":252.6,"max":540,"stddev":190.9,"var":36432.9,"ent":4.5,"data": [420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452]},"bins": {"c_to_s": [10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [3.069277287,3.365245581,4.461769104,2.731584549,2.957580328,4.511769295,2.886561632,3.152696133,4.511769295,2.994292021,3.490118504,4.511769295,2.920198441,4.511769295,3.495491743,3.175110340,4.402616024,3.673908472,4.461769104,3.397419930,4.511769295,2.886561632,3.164842129,4.511769295,3.078800917,2.788191795,4.461769104,2.814971924,2.968542337,4.511769295,2.599048853,2.976962328]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":39,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317802053,"flow_dst_last_pkt_time":1584368317801987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":476,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11034,"flow_dst_tot_l4_payload_len":14218,"midstream":1,"thread_ts_usec":1584368317802053,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584368317802053} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":101,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1584368317802053} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910542 bytes -~~ total memory freed........: 6910542 bytes -~~ total allocations/frees...: 114238/114238 +~~ total memory allocated....: 7488138 bytes +~~ total memory freed........: 7488138 bytes +~~ total allocations/frees...: 125969/125969 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 2190 chars diff --git a/test/results/default/smb_frags.pcap.out b/test/results/default/smb_frags.pcap.out index f0c7ff65f..e343d6000 100644 --- a/test/results/default/smb_frags.pcap.out +++ b/test/results/default/smb_frags.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623514369772545,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369772545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369868191,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"} @@ -8,7 +8,7 @@ 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","vlan_id":1608,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1438,"pkt_l4_len":1400,"thread_ts_usec":1623514370258205,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAFjJdYQAA+Bq\/6CsrTfQrKBwjTaAG9gKLxRmeK5leAEAgZ6PkAAAEBCArORw4xjCiopgAABjz\/U01CcwAAAAAYBdgAAAAAAAAAAAAAAAAAAAEAAAABAAz\/AAAABEEyAAEAAAAAAK8FAAAAAP\/SAIABBmCCBasGggAGKwYBBQUCoIIFnTCCBZmgggARMIIADQaCAAkqhkiG9xIBAgKiggWABIIFfGCCBXgGCSqGSIb3EgECAgEAboIFZzCCBWOgAwIBBaEDAgEOogcDBQAgAAAAo4IEcmGCBG4wggRqoAMCAQWhFBsSQ0lWSUxQRU5TSU9OLkxPQ0FMoi0wK6ADAgEDoSQwIhsEY2lmcxsaaHFkYy0wMi5jaXZpbHBlbnNpb24ubG9jYWyjggQcMIIEGKADAgESoQMCASCiggQKBIIEBmtnVxcxBmkz4ZUsh+F3XvsymQ5mvu2LX+7W56rZEvZ1qmgF5eVUK11Yc3PdU24ZptZsf6GIgZZft7fDTc9iDA3FbzTWHDPjEHl6G+GfrKQ\/U66sLyoe01eLCDNDlzdYPbQNI5B+D7epgO3OqLoFCxgQnXg89dHq7kxLRlfyZ75yHYmd3cly0qeBA8TtEpLELIy5RDwh88Bbqx9lJkPNQiMt24H0yao67pgfp9aEdZ4Emm7xmyPRkPeqZWtM0bkNvn+WavQvx80wJ6ZQyFIXkOPKpVcd2AB5qVKkumKBLzfPVIv+5LsBnADCgXZoEckKZht4ry7NolrE+0HKHhPwkaoxc8bqcUuiYOluxmO4DjfSfFQueOoelGhXJ6pEhCQozBPoeArsog\/CMnvfwyGHeu2So9navfrEV7TGs9oPppW3oNCUuXo36cbimBLvIiY+Pgl\/ynJhxwXsO0RkVS9r\/PsoEMTLWDn3S3vAe\/TBqkOtoyPQJWg1FVpj7frmvNArPBFi14wVJfxtnd\/+3wtnQozSQyeZaiwe0Uki1A7mEEoQtV7AOgPYFp8ri4dHhClZYELTbpijGa0Jwtj6x6ZJsOiFg2SsOWyGploNv1wUt9FpkKTtjSnMILP9mkkt0GsDX19lwQbnfeVgl0kxeaZBDtMtasDDJW8MObctlpQH6UeIoFh4zd\/+AvklrnI66FLbyQfjFSQzmIzIW3ydE4bjVtwWmU1a9nvT5VzFxoGr9N75Jd1QR+seVejR1FQ5L+uOs9WAbzPwvooNtGJ9P10oltq2AAtLxvL22QGd7qWFsKNlILCcAk48pdh4wUcKf+EMjG6Xonr4DPvLkEyb43oHO1NuXf6G+7ier+62p0AeSbzutesdffNAKWx8nx125SeKQpNnBXnpDRdJnIJIcuLAdAebbsP88MDOzOSgr6S6eirG1TuF29PveiUZjxoiDLHdsyainMdtGrd0\/Ydkl2AhTK3O7gYsi1PPi2xvUVmDCWCipGeZ\/HFXUKBq15ucDAkq0dcppKqtynTA4t8XrmdpQTW\/R3zKQXp4YteUcutVoA63U60MWJlP325IMdQpih2Uk59JH5Dnux3Rd568y7AglM4Wn\/qV3HT6TOIU2RCepqW+t\/HKqI4PXOnM+5Qj2R2MJ25pMdBIvMiBfAjqOHwQwwec\/8syUlp9kgV4g09X0ubW+5o5iaoEB4ngqDTvZXkAfrGm9\/PFvCCGKK5LcZsH76QYjCwvtb7o+MxSnlo+MKjMgwdfysFP0RY4mM0xlHSbO4qyXFBgLhHZiagn1nbfnXKd28YECfDeWdHC\/Ig4+JxagNp\/3VNKyRkP6A4EbfQ3batKWXNlXzxKQjFl\/HI4d1Rq1dIh9CGkgdcwgdSgAwIBEqKBzASByVkzbk+ekX38PCwMB3OZSxR7r8vyZItGdtHn7\/EFdfCld4D4NfFt4ny5\/YJLf0FZrLolqw=="} 01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":1419,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1623514370258205,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"","domainame":""}} 01338{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370351676,"flow_dst_last_pkt_time":1623514370345783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1623514370351676,"vlan_id":1608,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909979 bytes -~~ total memory freed........: 6909979 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487575 bytes +~~ total memory freed........: 7487575 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2423 chars diff --git a/test/results/default/smbv1.pcap.out b/test/results/default/smbv1.pcap.out index dd3b8c356..37c5c85c9 100644 --- a/test/results/default/smbv1.pcap.out +++ b/test/results/default/smbv1.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492191036092974} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492191036092974} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492191036092974,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1492191036092974,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036120420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1492191036120420,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} @@ -8,7 +8,7 @@ 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1492191036120691,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1492191036154924,"pkt":"AAwpAu9qAFBW6AqxCABFAADlcSMAAIAGdOoKgADzrBCcggG9xu+bfBqQ0ttpeFAY+vD0\/QAAAAAAuf9TTUJzAAAAAJgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAAA\/8AuQAAAJAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANwA2ADAAMQAgAFMAZQByAHYAaQBjAGUAIABQAGEAYwBrACAAMQAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANgAuADEAAABXAE8AUgBLAEcAUgBPAFUAUAAA"} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492191036157874,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1492191036157874,"pkt":"AFBW6AqxAAwpAu9qCABFAACGF9QAAIAGzpisEJyCCoAA88bvAb3S22l4m3wbTVAY+b51+wAAAAAAWv9TTUJ1AAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAABP8AWgAIAAEALwAAXABcADEAMAAuADEAMgA4AC4AMAAuADIANAAzAFwASQBQAEMAJAAAAD8\/Pz8\/AA=="} 01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036191677,"flow_dst_last_pkt_time":1492191036191436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1492191036191677,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492191036191677} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1492191036191677} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909897 bytes -~~ total memory freed........: 6909897 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7487493 bytes +~~ total memory freed........: 7487493 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 1326 chars diff --git a/test/results/default/smpp_in_general.pcap.out b/test/results/default/smpp_in_general.pcap.out index 38ce18648..c18b34475 100644 --- a/test/results/default/smpp_in_general.pcap.out +++ b/test/results/default/smpp_in_general.pcap.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1217149853878966} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1217149853878966} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853878966,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1217149853878966,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1217149853879393,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853879690,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853886293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1217149853886293,"pkt":"ABbU5r3hAAKlxo7UCABFAAA9My4AADwGoR0K4so1CuLKdiMoBuqoDP5B5r37o1AY8AA72wAAAAAAFYAAAAIAAAAAAAAAAVNNU0MA"} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149884833956,"flow_dst_last_pkt_time":1217149884833947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1217149884833956,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1217149884833956} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1217149884833956} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910179 bytes -~~ total memory freed........: 6910179 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7487775 bytes +~~ total memory freed........: 7487775 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/smtp-starttls.pcap.out b/test/results/default/smtp-starttls.pcap.out index 4989d6caa..fe6bde3eb 100644 --- a/test/results/default/smtp-starttls.pcap.out +++ b/test/results/default/smtp-starttls.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1388017124762850} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1388017124762850} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388017124762850,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124762850,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124774018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124774018,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} @@ -9,10 +9,10 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1388017124785892,"flow_dst_last_pkt_time":1388017124785875,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1388017124785892,"pkt":"AAAMB6wBABNyxPHhCABFAAA0Jq1AAEAGeo0KAAABrcJEGuA+ABlXuT73nb8YHoAQAHMNlAAAAQEICtpZGHQS8ZyH"} 00948{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124853043,"flow_dst_last_pkt_time":1388017124864365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":235,"midstream":0,"thread_ts_usec":1388017124864365,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124864532,"flow_dst_last_pkt_time":1388017124864365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":235,"midstream":0,"thread_ts_usec":1388017124864532,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124864532,"flow_dst_last_pkt_time":1388017124876575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":1653,"midstream":0,"thread_ts_usec":1388017124876575,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124876854,"flow_dst_last_pkt_time":1388017124876863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":3924,"midstream":0,"thread_ts_usec":1388017124876863,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -02330{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125217215,"flow_dst_last_pkt_time":1388017125228642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1388017125228642,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":29682.5,"max":156957,"stddev":34710.8,"var":1204840832.0,"ent":4.2,"data": [11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080]},"pktlen": {"min":52,"avg":240.3,"max":1470,"stddev":368.1,"var":135468.5,"ent":4.0,"data": [60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133]},"bins": {"c_to_s": [9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1],"entropies": [4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} +01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124864532,"flow_dst_last_pkt_time":1388017124876575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":1653,"midstream":0,"thread_ts_usec":1388017124876575,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} +01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124876854,"flow_dst_last_pkt_time":1388017124876863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":3924,"midstream":0,"thread_ts_usec":1388017124876863,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} +02433{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125217215,"flow_dst_last_pkt_time":1388017125228642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1388017125228642,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":29682.5,"max":156957,"stddev":34710.8,"var":1204840832.0,"ent":4.2,"data": [11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080]},"pktlen": {"min":52,"avg":240.3,"max":1470,"stddev":368.1,"var":135468.5,"ent":4.0,"data": [60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133]},"bins": {"c_to_s": [9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1],"entropies": [4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":37,"packets-processed":36,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1524746968365832,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968365832,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAgBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS8AAAAAIACIAC67wAAAgQFoAEDAwIBAQQC"} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","vlan_id":125,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968366576,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwAgBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8kWgX0vYAScIBuawAAAgQFoAEBBAIBAwMH"} @@ -23,9 +23,9 @@ 01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968398581,"flow_dst_last_pkt_time":1524746968397832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1524746968398581,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968398581,"flow_dst_last_pkt_time":1524746968403958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1524746968403958,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02545{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968661622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968662121,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19099.3,"max":202908,"stddev":48707.1,"var":2372380928.0,"ent":2.8,"data": [744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736]},"pktlen": {"min":60,"avg":180.5,"max":1200,"stddev":257.1,"var":66086.8,"ent":4.2,"data": [72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60]},"bins": {"c_to_s": [7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0],"entropies": [4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -01143{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":19,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125228821,"flow_dst_last_pkt_time":1388017125239930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mx.google.com"}} +01246{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":19,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125228821,"flow_dst_last_pkt_time":1388017125239930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mx.google.com"}} 01393{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968663137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968663137,"vlan_id":125,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"dovecot.weberlab.de"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":69,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":69,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 69/69 ~~ skipped flows.............: 0 @@ -34,10 +34,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6934403 bytes -~~ total memory freed........: 6934403 bytes -~~ total allocations/frees...: 114254/114254 +~~ total memory allocated....: 7512031 bytes +~~ total memory freed........: 7512031 bytes +~~ total allocations/frees...: 125986/125986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2550 chars -~~ json message avg len.......: 1543 chars +~~ json message avg len.......: 1546 chars diff --git a/test/results/default/smtp.pcap.out b/test/results/default/smtp.pcap.out index 880af92d2..58333ade4 100644 --- a/test/results/default/smtp.pcap.out +++ b/test/results/default/smtp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":934028408568957} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":934028408568957} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":934028408568957,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408568957,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408569273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408569273,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} @@ -9,7 +9,7 @@ 01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408647164,"flow_dst_last_pkt_time":934028408647434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":934028408647434,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil","domainame":"pigeon.eyrie.af.mil","smtp": {"user":"","password":"","auth_failed":0}}} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408659170,"flow_dst_last_pkt_time":934028408659389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":576,"midstream":0,"thread_ts_usec":934028408659389,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":316,"avg":5827.3,"max":55118,"stddev":11962.2,"var":143094448.0,"ent":3.2,"data": [316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054]},"pktlen": {"min":46,"avg":73.6,"max":124,"stddev":15.2,"var":230.1,"ent":5.0,"data": [46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77]},"bins": {"c_to_s": [5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.217956066,4.965921402,4.414441109,5.606353760,4.414441109,5.401541233,4.398030758,5.373719692,5.366997719,5.482748032,5.540370464,5.525596142,5.518477440,5.566954136,5.471196175,5.560668945,5.565314293,5.578667164,5.537589550,5.586310863,5.547144890,5.611951351,5.485757828,5.482342720,5.493423939,5.506668091,5.516471386,5.546820641,5.505877972,5.562905312,5.524069786,5.501934052]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil"}} 00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":44,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408801393,"flow_dst_last_pkt_time":934028408801610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":16527,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":934028408801610,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":95,"packets-processed":95,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":934028408801610} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":95,"packets-processed":95,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":934028408801610} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912438 bytes -~~ total memory freed........: 6912438 bytes -~~ total allocations/frees...: 114234/114234 +~~ total memory allocated....: 7490034 bytes +~~ total memory freed........: 7490034 bytes +~~ total allocations/frees...: 125965/125965 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 531 chars ~~ json message max len.......: 2169 chars diff --git a/test/results/default/smtps.pcapng.out b/test/results/default/smtps.pcapng.out index 72f7b36e8..dd9a82fcf 100644 --- a/test/results/default/smtps.pcapng.out +++ b/test/results/default/smtps.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938504972279} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614938504972279} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938504972279,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938504972279,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938505205257,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938505205257,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"} @@ -7,7 +7,7 @@ 01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505205257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938505342085,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1614938505439757,"pkt":"AAAAAAAAAAEA\/khbCABFAADb8dpAAC4Ggu8VQV+EPiskYwHRkzJiRoejdHJWrVAYAOXjtAAAMjIwLWdhdG9yNDIyMy5ob3N0Z2F0b3IuY29tIEVTTVRQIEV4aW0gNC45MyAjMiBGcmksIDA1IE1hciAyMDIxIDA0OjAxOjQ1IC0wNjAwDQoyMjAtV2UgZG8gbm90IGF1dGhvcml6ZSB0aGUgdXNlIG9mIHRoaXMgc3lzdGVtIHRvIHRyYW5zcG9ydCB1bnNvbGljaXRlZCwNCjIyMCBhbmQvb3IgYnVsayBlLW1haWwuDQo="} 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1614938505439757,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614938505439757} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1614938505439757} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911885 bytes -~~ total memory freed........: 6911885 bytes -~~ total allocations/frees...: 114146/114146 +~~ total memory allocated....: 7489481 bytes +~~ total memory freed........: 7489481 bytes +~~ total allocations/frees...: 125877/125877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 1227 chars diff --git a/test/results/default/snapchat.pcap.out b/test/results/default/snapchat.pcap.out index 9e33640fd..75472517d 100644 --- a/test/results/default/snapchat.pcap.out +++ b/test/results/default/snapchat.pcap.out @@ -1,13 +1,13 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431417993318652} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1431417993318652} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431417993318652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431417993318652,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431417993319843,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1431417993322345,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431417993322345,"pkt":"ABoRAAACABoRAAABCABFAAAof1xAAEAG3mAKCAABSn2IjYHRAbtgYhiUn53nbVAQ\/\/9PMwAA"} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1431417993373192,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1431417993373192,"pkt":"ABoRAAACABoRAAABCABFAAEKf11AAEAG3X0KCAABSn2IjYHRAbtgYhiUn53nbVAY\/\/9LawAAFgMBAN0BAADZAwNQUkrj\/NwhWGN+74t6DO1OzXkqPZ7NjCRqFpHWgKKF7SB5P2Jy9UHDO3+nUN7rdggpnyyuKLgakXSnjHmueU\/o1AAswCvALMAvwDAAngCfwAnACsATwBQAMwA5ADIAOMAHwBEAnACdAC8ANQAFAP8BAABkAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} -01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993373192,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431417993373192,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993373192,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431417993373192,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1431417993373192,"flow_dst_last_pkt_time":1431417993375603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431417993375603,"pkt":"ABoRAAACABoRAAABCABFAAAoAa5AABAGjA9KfYiNCggAAQG7gdGfnedtYGIZdlAQ\/\/9OUQAA"} -01436{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993373192,"flow_dst_last_pkt_time":1431417993476626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1431417993476626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01395{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993373192,"flow_dst_last_pkt_time":1431417993476626,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1431417993476626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"fbe78c619e7ea20046131294ad087f05","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008131807,"flow_dst_last_pkt_time":1431418008131807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431418008131807,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1431418008131807,"flow_dst_last_pkt_time":1431418008131807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431418008131807,"pkt":"ABoRAAACABoRAAABCABFAAA8OQ1AAEAGJJwKCAABSn2Ija34AbvuolTmAAAAAKAC\/\/8JnAAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1431418008131807,"flow_dst_last_pkt_time":1431418008132967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431418008132967,"pkt":"ABoRAAACABoRAAABCABFAAAoAeJAABAGi9tKfYiNCggAAQG7rfgRXasZ7qJU51AS\/\/8jCwAA"} @@ -17,17 +17,17 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1431418008135378,"flow_dst_last_pkt_time":1431418008132967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431418008135378,"pkt":"ABoRAAACABoRAAABCABFAAAoOQ5AAEAGJK8KCAABSn2Ija34AbvuolTnEV2rGlAQ\/\/8jDAAA"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1431418008136568,"flow_dst_last_pkt_time":1431418008135133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431418008136568,"pkt":"ABoRAAACABoRAAABCABFAAAowNJAAEAGnOoKCAABSn2IjduBAbsrgq071H1SxlAQ\/\/\/1ggAA"} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1431418008138643,"flow_dst_last_pkt_time":1431418008132967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1431418008138643,"pkt":"ABoRAAACABoRAAABCABFAAItOQ9AAEAGIqkKCAABSn2Ija34AbvuolTnEV2rGlAY\/\/+krQAAFgMBAgABAAH8AwOhEVtKJFbmMdITP5FzjInwHIS\/R2esElHqAErlmxUy8CACAgRWcgR9w4k0fccFDBFgltGnL9Eev8AwahrxGVyDbwAcwCvALwCewArACcATwBQAMwAyADkAnAAvADUA\/wEAAZcAAAAhAB8AABxmZWVsaW5zb25pY2UtaHJkLmFwcHNwb3QuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAMS7WjP546+2lF\/TKyZI1bqIDoSMpbWj033whzxbUsavA0etyrZ4bKy5YSQsnhoz8RnY+\/yWt\/LQE9Z6ryY2tS2fDeIY9FtoXb0PXCAhPOZ9PZLgbr5sz9tAG9IyywPJZ6z79yL6zaCwJFb69s170JD9vfS74pAn3H8WYSxk9sXMidEjgizByb1wRsJYo7f11VDDw7z51tPC3nJwPfffTWJrmhbc9Lbb832t4bcLlJFcU\/yNM14PJqZdRRsDPXFzlk5o6fcwAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDABAACwAJCGh0dHAvMS4xABUAMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008138643,"flow_dst_last_pkt_time":1431418008132967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431418008138643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008138643,"flow_dst_last_pkt_time":1431418008132967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431418008138643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1431418008138643,"flow_dst_last_pkt_time":1431418008141329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431418008141329,"pkt":"ABoRAAACABoRAAABCABFAAAoAedAABAGi9ZKfYiNCggAAQG7rfgRXasa7qJW7FAQ\/\/8hBwAA"} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1431418008141878,"flow_dst_last_pkt_time":1431418008135133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1431418008141878,"pkt":"ABoRAAACABoRAAABCABFAAItwNNAAEAGmuQKCAABSn2IjduBAbsrgq071H1SxlAY\/\/8b8QAAFgMBAgABAAH8AwNZW7OoopxmUl9aAmMbvJ5KlPrEhizm1d1wyfHascr\/qiACAgRWcgR9w4k0fccFDBFgltGnL9Eev8AwahrxGVyDbwAcwCvALwCewArACcATwBQAMwAyADkAnAAvADUA\/wEAAZcAAAAhAB8AABxmZWVsaW5zb25pY2UtaHJkLmFwcHNwb3QuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAMS7WjP546+2lF\/TKyZI1bqIDoSMpbWj033whzxbUsavA0etyrZ4bKy5YSQsnhoz8RnY+\/yWt\/LQE9Z6ryY2tS2fDeIY9FtoXb0PXCAhPOZ9PZLgbr5sz9tAG9IyywPJZ6z79yL6zaCwJFb69s170JD9vfS74pAn3H8WYSxk9sXMidEjgizByb1wRsJYo7f11VDDw7z51tPC3nJwPfffTWJrmhbc9Lbb832t4bcLlJFcU\/yNM14PJqZdRRsDPXFzlk5o6fcwAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDABAACwAJCGh0dHAvMS4xABUAMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008141878,"flow_dst_last_pkt_time":1431418008135133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431418008141878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008141878,"flow_dst_last_pkt_time":1431418008135133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431418008141878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1431418008141878,"flow_dst_last_pkt_time":1431418008142062,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431418008142062,"pkt":"ABoRAAACABoRAAABCABFAAAoAehAABAGi9VKfYiNCggAAQG724HUfVLGK4KvQFAQ\/\/\/zfQAA"} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008138643,"flow_dst_last_pkt_time":1431418008294053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1431418008294053,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008141878,"flow_dst_last_pkt_time":1431418008294450,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1431418008294450,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008138643,"flow_dst_last_pkt_time":1431418008294053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1431418008294053,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008141878,"flow_dst_last_pkt_time":1431418008294450,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1431418008294450,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"feelinsonice-hrd.appspot.com","domainame":"feelinsonice-hrd.appspot.com","tls": {"version":"TLSv1.2","ja3s":"7bee5c1d424b7e5f943b06983bb11422","ja4":"t12d1407ht_efec8f3cafed_1b2d6ce873a4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 01202{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417995589216,"flow_dst_last_pkt_time":1431417995588971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":238,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":375,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008701836,"flow_dst_last_pkt_time":1431418008651172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008853156,"flow_dst_last_pkt_time":1431418008802736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1069,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":1221,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":56,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1431418008853156} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":56,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1431418008853156} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 56/56 ~~ skipped flows.............: 0 @@ -36,10 +36,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6926430 bytes -~~ total memory freed........: 6926430 bytes -~~ total allocations/frees...: 114230/114230 +~~ total memory allocated....: 7504026 bytes +~~ total memory freed........: 7504026 bytes +~~ total allocations/frees...: 125961/125961 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars -~~ json message max len.......: 1441 chars -~~ json message avg len.......: 985 chars +~~ json message max len.......: 1400 chars +~~ json message avg len.......: 965 chars diff --git a/test/results/default/snapchat_call.pcapng.out b/test/results/default/snapchat_call.pcapng.out index 52caa4c37..08ed0f311 100644 --- a/test/results/default/snapchat_call.pcapng.out +++ b/test/results/default/snapchat_call.pcapng.out @@ -1,5 +1,5 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595865799020160} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595865799020160} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799020160,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q046"}}} @@ -10,7 +10,7 @@ 01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799615597,"flow_dst_last_pkt_time":1595865799120864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3730,"flow_dst_tot_l4_payload_len":4552,"midstream":0,"thread_ts_usec":1595865799615597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","quic": {"quic_version":"Q046"}}} 02337{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865802042641,"flow_dst_last_pkt_time":1595865802853531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3902,"flow_dst_tot_l4_payload_len":5824,"midstream":0,"thread_ts_usec":1595865802853531,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":221156.5,"max":1447282,"stddev":397282.2,"var":157833134080.0,"ent":3.2,"data": [16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800]},"pktlen": {"min":48,"avg":331.9,"max":1378,"stddev":468.5,"var":219532.9,"ent":3.9,"data": [1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72]},"bins": {"c_to_s": [4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1],"entropies": [2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865807298358,"flow_dst_last_pkt_time":1595865807311868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4245,"flow_dst_tot_l4_payload_len":6427,"midstream":0,"thread_ts_usec":1595865807311868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1595865807311868} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1595865807311868} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909104 bytes -~~ total memory freed........: 6909104 bytes -~~ total allocations/frees...: 114188/114188 +~~ total memory allocated....: 7486700 bytes +~~ total memory freed........: 7486700 bytes +~~ total allocations/frees...: 125919/125919 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars ~~ json message max len.......: 2362 chars diff --git a/test/results/default/snapchat_call_v1.pcapng.out b/test/results/default/snapchat_call_v1.pcapng.out index 0787b61ee..d062c5935 100644 --- a/test/results/default/snapchat_call_v1.pcapng.out +++ b/test/results/default/snapchat_call_v1.pcapng.out @@ -1,16 +1,16 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642584090467068} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642584090467068} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090467068,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GNAAEARienAqAypIvbnjLmgAbsEuOe0xgAAAAEIhBCu4jQ62egAAESetqOQdYkJpUmUbLd7dCny\/mAX1uVpyJthsRXpRU8VWePV6W9beCrSrw4bfN95OOqcQUuDSKA2fVL0D5kDJ\/asNmiUDm2dTxwoLy5LKegbuvpOEgXdXJGz6Gk+MnVuMvTucZRlP+kU8Z0hZYkJrEueNZLXvMiZw+w\/3JMAscB+SXgxqObQ7yqheFwPcswCbW4HViy9+ZaTJc+BYhkJ055qYehc\/zFI0KCoMBJhsKt2St7\/X\/sFqgI4XAc07X8JocrJhc\/vYXREaOwS1grTxRlgBfafpoYoos9uZIUmAfZUhVF+lLWk3CqNkdJgUXPdulhipVVYaytwLHOIKcNR+3k5D+\/5ip9PadVan\/IjuHWRUPMyGV6b3kpvu4ZcMqB6rJq4vpE73h2pGF0y4EfGtr2FNVuu\/KuZJ3dp3JvEjR\/jeOHRA42IPdKCIbXpvaPGXS28mVqFTiEIIj88lm4BOyrmXPIPMtTECpPWXYf1XbpuuCUtRrtjD6xtUwvOdF9\/49wZuztXpaWoqNcQwFnDBkZcK4JaXOC2goCGnfAWoYp5AJBHldfKbfHbk4OnTcNEk1Fc\/jmV0Dwf0S3IJ8\/MjTctjPx\/KD5qo0FuvyoLHkOQ909\/s0dlEKb3vF9qIuNXDktsuA8b\/CMA\/PICfvKu+us2XV4zg9UBqIz\/wYrRHey95hrlR2Gz9syR8cUSxAjGBEfwfSBTo+DQ4ZP4AipF\/o\/3HAEIDbIYHCtLdSkqDEGjYxeZ2YRMTfV9dex7lm1iCVcGCqNklEhG2Mmj0J3t83ZH4j+nee6OiFL89sraDjJa3wwZ8+3ZqrljAmdHSfpk4LOQDpcbbltBW5wDrl76HafLd6injkxl9HTuPqNi4WWIeQ02C4UykD3hQffn63eGYR\/x9OLvJ+YUn8A32KaYS9sQwjTZBg0J9pe+BK1hOaXgA2xiCU1YHz8WM5n0aNeT9iBNNuHuzHlzpHLfqgYDp9JcuPKHRPRujBhigh48qLYtBSwjrSf2d0jQlkgTDYM\/o8BMBgAnLPxb3W0\/3RRiGRSDSgbzQdMEpQxmRiPSdiwP+EH8+IyeRPWFFfm4uiJoQUwnY5uFAZvnFcuw+f1iwJTbp3HCxFFmpBTc\/xIvkWFx3AeN63YiZu66yn2nCpER2XafvDOLi1ZIBu6TajSC28+WMrnkUqKFx1b3gCNvogeYcsVVy7HrZv3I4oy46NRbHrQPi\/GptSdY\/S22zjlh4dpGHbjNttrFqXg645yNyJLRKndem5QJ1LpM4OCevsgIJIjTdrinLDDbDze8ywEiM5GtX3Hhdo6Ac0xvMkmw9sPMaE3r1UeGIp5+NEQ0sWutpw9ro\/rlPmKqQLBnXWwkeDL1D1SG9R39++9bQ\/PgYXx5eDDg3XSqp1bmEfBjCvyTuN97k\/U7r2ALo84ZR2EmlZemvZ3C+jFclmBJEJgBqLhouZp5kCgMVAEd5F5py9kLD1XMjkSEOrXxTq8EZ17YEC3TbzqAvAERJ52Q\/z+r7cjUfqDXPbUa8sDfuVcAF5mcmS7HgRUgcPp\/HmAfl74+cll\/xMfoNZDYD1gRHGC8lt7l"} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","ja4":"q13d0309h0_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h0_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510899,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACtAACsRcyIi9ueMwKgMqQG7uaAEuIDvzgAAAAEACIQQruI0OtnoAEB0QD824LrLAyxFBv1fqC0vaUKEAPqXWhnEZkjfTAB\/njOtOw2ulcbmFIEugSJafyUehXXTD3itxf7ksLUq9y\/k3UQN6H0MWJJfU39bTLcLNZtRgCmzLh\/pdC+zrpjsjqE+DlwKWQj6ZxmWOATbtX5yapzh\/zLvAAAAAQAIhBCu4jQ62ehEGRgqb0lDHv2OzRv9SYMh++M74n\/5C6L81Y+NbqIA9wYxgdpUtSrpq30E8MtuyEa1BH4peOzFirFPBl3rWJrGSHKnrfhVIC+f74RkClApg0X6KrTmEQthpSukiFMtP+gmZ3vezghCdkGYaRbeff1ArdW\/idTFFtL6+Ybod4h9ZLheGlfqXbzlFncRv2O4JSFT4xwVInmvI+2OdCXpJ7mOCzyaHFWPEVM4O9G0qQ\/PCSTEGb+ie9L9Y3j4npfXpYlb\/iKV\/+TVa0bXxNltC72TO8M\/fXMHxLxD5BAtV7iS9wp+L5ktQDVhS5fTXmD2Bb6L6tmUlhdicMfEmv5cz43FS0Qeqb7Rj+y3qhWxhS3VX82JHgiD6fZ2h9mlpL731QifUS3g0SdRRwg1JqnrDFxd5zm9GKu\/W+k\/pkAX4dlueS87EYy1O6YGhluke4E3O7WB6qTdh8E1RzCSHtVmA5Tim1tmajYL+sgbjJ\/QlPS8DA23hij9dRCuyOsuNgd8u0XlhrsM\/drrobHl+YJpdSfvZPaJHatKlWeqR1i8gWtCGC2f4NeZvc6\/PIiENQezJRk0X0NcvTjGkol0THr49kxRjrte+rh63Pzl7oh2Yr3YSX6O+jWhOOUanPMASyAapnuTcMkc5Fnoeu9iaLOA70rejlFy\/be9kaaK9Bu3BhXclBx+bar9CtBzeHCgHBZuHAjXO\/0OBQavnaC3mVdtMZziyna79W8Gvr\/htuENoGE0LgBeUx+pgQFztajZzvugufZ4p0vnjbld5enolbbLNXWUx63+TZ63MnV\/dMGR8qEnzRIr1PfiFE\/6cjG6tjPbO2VdyOWae2YWMINhT+N9qcf4H1hp4pDFszQ3lWXDto70MVIjkxju0PeGj92dMPx7MNqJilcDShlGJwsLGmmQSGn+HSl\/mgwJpzWHQpNOo\/LlaLTyqBSY7pxdmX9kN3h8UN4Hd2Hr3Fk0rar\/KvXJ3mVHBaDaCVmcHltt6SahAtc\/ocPI+afleJ+CTQhyn2dj+rcBHfFgNBc73fIN+mOHAAEWC9riYo3FUcM6dZUITQhOeK4Uuqw1LA4YUs1EL7ddtpf7l1\/fuZIVcN3Lc6l59Vm5Th6IPGL\/LPZbppV\/hJBl4pDYlu2qvZ33CJfgCRxwbmj5SOWDeMzZguVTLty80nucVTJUpD3z7ix2quIVwIYifZZYIF+VzC6\/drr8N\/br1f5DsfYeJPRGr\/P49nJiWl39BNFrK0OYQv44JIlRlAt9CGCdR4g0dN3FgfiL4\/lUi8YPSU3cDIZxCdnQkdCIGcAhjfN4gggt7zg9kOnJIzAY8njDa5SRxm8rijaozS5CsNDVLCBZ40nww0LginRe2hYCVIwXbJ1vICjAFnUQldXnI1vBYa\/\/GLFN5BSD"} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510947,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACxAACsRcyEi9ueMwKgMqQG7uaAEuL937gAAAAEACIQQruI0OtnoRJ8S2CbWB5Aa0NIEXBtQqqcNr3LJSM6luXrG5NB5jmw8BTTb7hBzxN9NXN6dQKMU6M\/xqCcyR4cjD6lSS3pMKiulwTRvlYIwVKrYm+LhqRSNNN9rSSBVey45DhDraPxQlvFusIccmf5pTLSUteoQRBy1cLSEm6nBu4RC7azyB5EL8qSVtz4J4crJKZsjs2lCJk75A3KNytR6nhnlSjUnkVZtt5RLi5uyOfP2DILzBp51r4LGtW0yXDAIdHwvsWXI2hJjcdIIrmWloDxkCwAKZC5EYqgdbkZgTSRifx9y1B1lCrjW28p0er\/SsLQRO63igT0BRcTPDDeO9SrSeefcILOCfEmPAzXPV0myN+1F3OMJ9M7bwSMdmh3Te5QLMWdOoH41yu2FlDOIypWVO9Pv96cTS5Ilj+GV7aLGyHyXi3IZYZEoKKqyhwIna2a6e4MNNKf3EAzpThQGbjqo7698qgbQUq2HL3qjCWS+CRtbfNkK9wg8uCu82wlsfmGGlRR1nmIOZXfFcAZR4x8GrXvDXKntFSIQOZB0U+tJ5PrbDi01e\/aYdqhfMwxXZtyx7KiW+TmbWbPelbmOCIHI0e08tuHB1CLCzz+4upnoCogpOKVLLALGcUjxCAu+pUv61bCHRM7tptNufqfA2xkBjhsI+cJGtnHDBDBMFoijVrmS\/zSO1u4SFIytu33p6ATJUJwcyOqZJTlezz7IqzsJSkrCe1jMss6AdqR9bqpEA0iW9qSanlGm+y0KhhX9IH9mvDfS2wHTL9vXoVLM30efMTCC2eMOc0hF2hJ\/SKhnX9kZ8nM4pLNdOggzvdJ78QbLL3XonQffjLfTUj8pdg\/k07T\/wHaWvnMTATaV8twc5oalBK1G57uIuWEU0BWTbqqh\/d8vW7HoP43MPPQqP8uleQpJ6QzGgNQchwb8GlPL+54hnzRkSAfTWDJ9fJwDnOrjl8eAuB7PaUyjnVOLK1gwmeLc4NDXtW6mSM5Y01gq5urH3wxuN7NP7cNwE1CKjtQFsHdkC0yi+1PWjuoxQQ+goJ7LxkZ0DMB6xsrceuDyQ53d9lKQ5UOtQ4OeGnOdu6vbi1BlMTpaUfbUQDIXwlgsT+DKpO9MEkG\/jS3hCwDx0\/yc0glnOfiK9kAZmEz+hgjHHRBHjnkmdeXNU4+OBDMgHXhepHBoO95qvrx9a7GP\/A2J7r7tse+Y56SOhiM8jHzI9H1U+puIjp83iWJK5CpnEU3nbD80GSM1Sup9eAXtXiCr\/B75wJKor2wn4UOj4Ux2FIHok41GsJFHB5HnorW20r\/l52IrOjHVjIhClksdjbVScYXPR5YirFs2nXT5Dva19DDqRCOwzsDyQEXH1U9vYygdFoXKcAu6wd2fHrGin9eaCK77QGr0XthC1gxPqYnqN3RTsiiUjThCv2IUTFyxqSK1IIKKHi5ZU9T1jkHGZi8dSiiLSTJD3c8mUAUTgUhTJlqsUhDQFp+o\/bCVmR9kyAbQNGBaFAYpXivaz9UsJiT0gzypPGjc+PWwg+YLHNYCZO\/PXld5eNlHXPcL3D8XCr4Hs7EURSi9cIytLJ4GUjbFU5Es"} 01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_usec":1642584090510965,"pkt":"mt9Y+uvcCL6sCxduCABFAAGxAC1AACsRdjsi9ueMwKgMqQG7uaABnQGY6QAAAAEACIQQruI0OtnoQYQYnnnY\/TwH7sisj44tuL3+S79sTC6Ii7C544FpS6RA5K1Gjsz5ONuvxXkzNOLK1cYjM1BZc5en4+alF+S80t4B6oLjeiQw6GIRzLlWrhpcCm1NOSkaA\/Dko4qIqQCni16yxQTaptE0AGFcNNAX0GOfi3XN6s6XzCG8je1LlpGI4thEqvIt2xXW\/SZWNt2Vx\/5\/xFRoRuRR+KCPJu4DsSu6O6ErV0wG+KCg2iwG4IOhINae17UeS3ykPewIVzmk3whB7bdUPJFLAycMOsw8SbTyqEDisfw54GfpPiOpKX+W6oKkLysbm3C16rjWGPHZVKbLFMTvswpdijcDfHnbZYf4Ep1ysQYvni7qm7sEvSLMA24s5MIVcSslKhAapH9jij90YjMTlIz8R5xVW5MggGl0JNueETv24ewnHSBvxe0Pai6GjyV4wsLWk95rG87iLl7hrkng4a+Va8b3OX4VTa5JNyAQz82r6PxxBKFbXxWWmpq85DihpLMv42c22LkBA1V336p6"} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642584090514239,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090514239,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GdAAEARieXAqAypIvbnjLmgAbsEuNIaxwAAAAEIhBCu4jQ62egAAER1VsqkkGCUXUoSghfrHSEv2MjVBQn+ZioJyigAeY0ikBzmb7200Tcvi1hSBAOmhV480\/Q3Cig\/aTvbP+dCfpgUSwwzyRAaWrI+yr7LtA7hieNtNBGEuSSMGWfoH\/jhIeviO+ZkLZpBdKOHigiHov1PtOx7eqf+x1fkl5S0Ta+8YrqYQTOrQ5gbixM44N8cBqxem6ogn6PSloYENciwutVZ8uGPqP5kD87+jC0216PUNN+CNV0Iw85UiWsZNfReg3piVDPNxpLS\/Lq5So0r1ainNJZ30tyNKCH7gkA9CuIBHCA2D2ylb0wjO9HjJvee\/1k+bKFtIBjPAdWCtc\/97hbww9XmC7u84pjPn5UtwvpvXaf29PG3\/k15\/ymEzAoTbb68fA5ffoMapeBbeXpvquTAHlTNIC8pEaoC8+jnjuxKkbkK1CImwgrjpHaCJ7QogmpbGVbWj\/LoXlKNTgt2BkVjRqg5kjNM9rIcTg4E\/YZHHd4V3KvVXKGoTXM9IwoyFPfzesrHOYi1Hjt4f2AwbK4nFM06lFtiAbK+Ncrds5MU3hu+fOjlvapu2nBl2hlTpUwEwNu2OTjTlHXqodNGtfSJqqiYhKK7gghfP3NiPkmpSjYHviqpD66d6Mk7f+deYdAKb+6f\/XsxiTz2thmntL44NWQsEAKWHvWQbuVYItT9gS3oDGRAg\/xsDBVjGmSwH3hzXuNQIBVIKmEM3M7kJBgsBDwVQ+2a5KSUmaPV50LFyFxcxzfRKrreKzRGpNVe4GCu1D4gCeS71HDlqQ+Guu66i2IvHUe26\/3eef1zP+xEjiZ37QsjbcmARgOBFA03gEmFTiW8I73ezpo7Ae6zLyUrtB5D2b6UVkQTmof1nEWlxPtkQqw7rzKidHVgBiXIyA6cg2A9oIJLl6K4+N8fZ+cA\/K2C9XoaOq7axDszYDbWpbzadrIZO0XCIDio+8UlywF3Eh6ohyNKRFGWqt4ZEggeRtd0+dqXiEsZ471e5S5uB\/IzkjqcnucZa3X2fiBogCeL2N\/DBj9QLgNz3zsylLwCj08CFgQSU3mCULZED+eJzRynvoEJ1kGRR3VtKzXfrtRrmq7+djaxxg8AuFxERvP\/mW9VdBiLkd\/BIjuIYXKa+m2vheE2+KRSRWL1QKg+99GKR9b6JY7oucgWkBXG\/3wnLSMKV6p6ZfGuMDrlW0dZtMCirEdHJNgczeVIMRB5nVmfHyH83HYOIZbVxER9EnpsuxOmjRc+\/TqVm8I5ZGJj6Ay0JEsjykwHpfroi6F6Dz1DuLzXkMkl+IrYgQSnma2yYchVZd1jJylMWrw8tlBnca5vCx6PPA\/pYkCH1qBXkKvwn1TFAKFSBGzeDrxDTSrDdjOQc03vBTwF9WxXstbO8dcPEVplg3\/IV1GPORubDjghygFqmDO\/FNUWN34+k2k6vbfiDMK63+w+xqAUDJvonoFixikWEN290hSxoc+3AKJx2tRNT7+iLBUQw5rELbGYoLqE+DHx8VKNtgeaxuD3UDIMOZR3c+UAAAABCIQQruI0OtnoAEAYjLgYZ1DeuJwCT8AWduwfbAEyRKkz6dYI"} -01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","ja4":"q13d0309h0_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} +01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","domainame":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q13d0309h0_55b375c5d22e_08189d42dc81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":0}}}} 02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091097462,"flow_dst_last_pkt_time":1642584091088958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":10528,"flow_dst_tot_l4_payload_len":3826,"midstream":0,"thread_ts_usec":1642584091097462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":18,"avg":40396.3,"max":284273,"stddev":69954.6,"var":4893651456.0,"ent":3.5,"data": [43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138]},"pktlen": {"min":53,"avg":476.6,"max":1228,"stddev":428.3,"var":183471.5,"ent":4.4,"data": [1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525]},"bins": {"c_to_s": [0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0],"entropies": [7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":386,"flow_dst_packets_processed":91,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584099996389,"flow_dst_last_pkt_time":1642584099885088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1259,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":337357,"flow_dst_tot_l4_payload_len":7923,"midstream":0,"thread_ts_usec":1642584099996389,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":477,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1642584099996389} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":477,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1642584099996389} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 477/477 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931474 bytes -~~ total memory freed........: 6931474 bytes -~~ total allocations/frees...: 114635/114635 +~~ total memory allocated....: 7509070 bytes +~~ total memory freed........: 7509070 bytes +~~ total allocations/frees...: 126366/126366 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 628 chars ~~ json message max len.......: 2277 chars diff --git a/test/results/default/snmp.pcap.out b/test/results/default/snmp.pcap.out index d3ec2c395..dbd63a07c 100644 --- a/test/results/default/snmp.pcap.out +++ b/test/results/default/snmp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597326815572660} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1597326815572660} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326815572660,"pkt":"AAAAmdpxAAwpCIFqCABFAABHM75AAEARRUaw0zwrYQBzo6gHAKEAM+IpMCkCAQAEBnB1YmxpY6EcAgRLeBpuAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":0,"primitive":1,"error_status":0}}} @@ -47,7 +47,7 @@ 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326838035473,"flow_src_last_pkt_time":1597326838143720,"flow_dst_last_pkt_time":1597326838291092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326858008780,"flow_src_last_pkt_time":1597326858140036,"flow_dst_last_pkt_time":1597326858289894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815679824,"flow_dst_last_pkt_time":1597326815833131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1597327640387630} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":29,"packets-processed":28,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1597327640387630} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597327640387630,"pkt":"AAAA82AcAAwpEAFdCABFAABcnENAAEAR56EjX57ZHk\/WJOwYAKEASB50MD4CAQMwEQIEPsyxCwIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBGdAU6sCAQACAQAwAA=="} 00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}} @@ -84,7 +84,7 @@ 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1597327805759196,"flow_dst_last_pkt_time":1597327805757822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1597327805759196,"pkt":"AAAAV4hpAAwpsVpsCABFAACkmVJAAEAR61aDszGl\/p4BqYyCAKEAkKIiMIGFAgEDMBECBEyy1iMCAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgoEClNIQTFBRVMxMjgEDFMbh\/Dk3SvVz95WoQQIgB4HBiglqmMEMJE113Q0NWMVB7TdQewvRiEzAB5zFAsRqz8So0sJQUsIHeUhtQOMlyZFVbEp0CGVvA=="} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1597328385284231} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1597328385284231} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1597328385284231,"pkt":"AAwpOSzhAAAASwKNCABFAADJAAAAAP8RVsFchw\/wiTFuutQuAKIAtdeqMIGqAgEBBAhwdWJsaWMyY6eBmgIBFwIBAAIBADCBjjAPBggrBgECAQEDAEMDAz\/FMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFAzAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} 00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":7,"error_status":0}}} @@ -115,7 +115,7 @@ 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1597328765050571,"flow_dst_last_pkt_time":1597328757701238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1597328765050571,"pkt":"AAwpbM85AAAAgfGMCABFAAD4AAkAAP8R+958NcSwZ\/gWL9QuAKIA5B3\/MIHZAgEDMA0CASkCAgXcBAEAAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIJyQQMTk9BVVRITk9QUklWBAAEADCBmQQMgAAACQMAqrvMAAEABACngYYCATACAQACAQAwezAPBggrBgECAQEDAEMDA9QeMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFBDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwEgYMKwYBBAEJAgIBARQCBAJ1cA=="} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328660640336,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328704045369,"flow_src_last_pkt_time":1597328710051817,"flow_dst_last_pkt_time":1597328704045369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1643702947966305} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1643702947966305} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702947966305,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":19}}} @@ -136,7 +136,7 @@ 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","vlan_id":908,"flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643703001963541,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1WA+AABAEQphCucChgpI9wQAoe6gAMEJTzCCALUCAQEEBGFkc2yiggCoAgJkngIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703001963541,"vlan_id":908,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987801396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":565,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":671,"flow_src_tot_l4_payload_len":2229,"flow_dst_tot_l4_payload_len":1364,"midstream":0,"thread_ts_usec":1643703001963541,"vlan_id":1308,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":72,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":7,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":139,"global_ts_usec":1643703001963541} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":72,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":7,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":139,"global_ts_usec":1643703001963541} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 72/72 ~~ skipped flows.............: 0 @@ -145,9 +145,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6947752 bytes -~~ total memory freed........: 6947752 bytes -~~ total allocations/frees...: 114385/114385 +~~ total memory allocated....: 7525348 bytes +~~ total memory freed........: 7525348 bytes +~~ total allocations/frees...: 126116/126116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 2002 chars diff --git a/test/results/default/soap.pcap.out b/test/results/default/soap.pcap.out index 874e88993..8bd7def3a 100644 --- a/test/results/default/soap.pcap.out +++ b/test/results/default/soap.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} @@ -10,7 +10,7 @@ 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","domainame":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} @@ -21,7 +21,7 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917245 bytes -~~ total memory freed........: 6917245 bytes -~~ total allocations/frees...: 114189/114189 +~~ total memory allocated....: 7494878 bytes +~~ total memory freed........: 7494878 bytes +~~ total allocations/frees...: 125922/125922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 539 chars ~~ json message max len.......: 2469 chars diff --git a/test/results/default/socks.pcap.out b/test/results/default/socks.pcap.out index 7417d3316..7b606e879 100644 --- a/test/results/default/socks.pcap.out +++ b/test/results/default/socks.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1385474294492448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294492448,"pkt":"AABeAAEBAAtFtxbACABFAAAwisFAAH4GgV8KAAABCgAAAgZlU+Uyuw5yAAAAAHACQAC3ZAAAAgQFUAEBBAI="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294649364,"pkt":"AAtFtxbAACaI3xfHCABFAAAwbUxAAGcGtdQKAAACCgAAAVPlBmV6GpzgMrsOc3ASIADAvAAAAgQE7AEBBAI="} @@ -7,7 +7,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1385474294849170,"pkt":"AABeAAEBAAtFtxbACABFAAAritBAAH4GgVUKAAABCgAAAgZlU+Uyuw5zehqc4VAYROjCxAAABQEAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1385474295006242,"pkt":"AAtFtxbAACaI3xfHCABFAAAqbU9AAGcGtdcKAAACCgAAAVPlBmV6GpzhMrsOdlAY\/\/AHuwAABQAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1385474295006242,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004309468752,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004309468752,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004309469255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} @@ -33,7 +33,7 @@ 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312384665,"flow_dst_last_pkt_time":1386004312384637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474412431090,"flow_dst_last_pkt_time":1385474412219725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":930,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":942,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924782 bytes -~~ total memory freed........: 6924782 bytes -~~ total allocations/frees...: 114238/114238 +~~ total memory allocated....: 7502400 bytes +~~ total memory freed........: 7502400 bytes +~~ total allocations/frees...: 125970/125970 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 1093 chars diff --git a/test/results/default/softether.pcap.out b/test/results/default/softether.pcap.out index a8ac836a1..dac1c76cb 100644 --- a/test/results/default/softether.pcap.out +++ b/test/results/default/softether.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642694863816000} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642694863816000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642694863816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1642694863816000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdZ4ZAAD8RiC7AqAJkgp4Gcci1E4wACUw2QQ=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694864079000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642694864079000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4FVwAAG8R6j2CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="} @@ -11,7 +11,7 @@ 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694925531000,"flow_dst_last_pkt_time":1642694925794000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":412,"midstream":0,"thread_ts_usec":1642694925794000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694971183000,"flow_dst_last_pkt_time":1642694971445000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1642694971445000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642695022957000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1642993710968000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1642993710968000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993710968000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993710968000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GPRAAD8GkfDAqAJkgp5LLZKAAFAJq5FAAAAAAKAC+vCRBgAAAgQFtAQCCApgbIO7AAAAAAEDAwY="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993711225000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8XxtAAHAGGsmCnkstwKgCZABQkoDyj0KZCauRQaASIAAzDwAAAgQFrAEDAwgEAggKBdAXMmBsg7s="} @@ -19,7 +19,7 @@ 02034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1642993711226000,"pkt":"eJS0JASgYDjgxTWgCABFAASMGPZAAD8GjZ7AqAJkgp5LLZKAAFAJq5FB8o9CmoAYA+yVVgAAAQEICmBshL4F0BcyUE9TVCAvZGRucy9kZG5zLmFzcHg\/dj05MjkxMjU3Njg0ODI1Mzg5MDMwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IGphDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDcyNA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IHgwLngwLmRldi5vcGVuLnNlcnZlcnMuZGRucy5zb2Z0ZXRoZXItbmV0d29yay5uZXQNCktlZXAtQWxpdmU6IHRpbWVvdXQ9MTU7IG1heD0xOQ0KUHJhZ21hOiBuby1jYWNoZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4zOyBXT1c2NDsgcnY6MjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8yOS4wDQoNClBBQ0swMDAwMDAwNjY4QUFBQUR3QUFBQVppZFdsc1pBQUFBQUFBQUFBQkFBQWx5Z0FBQUFsa1pHNXpYMjl6Y3dBQUFBQUFBQUFCQUFBQUFRQUFBQlprWkc1elgzQnliM1J2WTI5c1gzWmxjbk5wYjI0QUFBQUFBQUFBQVFBQUFBRUFBQUFKYVhOZk5qUmlhWFFBQUFBQUFBQUFBUUFBQUFBQUFBQU1hWE5mY0dGamEyVjBhWGdBQUFBQUFBQUFBUUFBQUFBQUFBQU5hWE5mYzI5bWRHVjBhR1Z5QUFBQUFBQUFBQUVBQUFBQkFBQUFCR3RsZVFBQUFBSUFBQUFCQUFBQUtEUTFRemcwUlRjelJqTTVNMEl3TVVZeFFVSTROamc1UVVWQ1F6YzRRa1ZHTmpoRE1EWTRNRGtBQUFBUGJHRnpkR1Z5Y205eVgybHdkalFBQUFBQUFBQUFBUUFBQUFBQUFBQVBiR0Z6ZEdWeWNtOXlYMmx3ZGpZQUFBQUFBQUFBQVFBQUFBRUFBQUFNYldGamFHbHVaVjlyWlhrQUFBQUNBQUFBQVFBQUFDaENOVUZDUWpjMk1qazRNalZET0RJMU5UY3pOakZHTUVVM01UUTFRamcwTlVWQ1FqWTJOVVUwQUFBQURXMWhZMmhwYm1WZmJtRnRaUUFBQUFJQUFBQUJBQUFBQTNad2JnQUFBQWR2YzJsdVptOEFBQUFBQUFBQUFRQUFEQndBQUFBTWNISnZaSFZqZEY5emRISUFBQUFDQUFBQUFRQUFBQTFUYjJaMFJYUm9aWElnVDFOVEFBQUFDblZ6WlY5aGVuVnlaUUFBQUFBQUFBQUJBQUFBQUFBQUFBbG1kVzVqZEdsdmJnQUFBQUlBQUFBQkFBQUFDSEpsWjJsemRHVnlIQVNIMDAwMDAwMDAyOFpLVk82OGhlWUNPS2tuTSljaFlzVGxsa0daNCg="} 01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Softether","proto_id":"7.290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"x0.x0.dev.open.servers.ddns.softether-network.net","domainame":"x0.x0.dev.open.servers.ddns.softether-network.net","http": {"url":"x0.x0.dev.open.servers.ddns.softether-network.net\/ddns\/ddns.aspx?v=9291257684825389030","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko\/20100101 Firefox\/29.0","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 8.1"}}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1646316453326000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1646316453326000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646316453326000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1646316453326000,"pkt":"eJS0JASgYDjgxTWgCABFAAAd9VFAAD8R+mLAqAJkgp4Gcci1E4wACUw2QQ=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453591000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1646316453591000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4EGoAAG4R8C+CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="} @@ -32,7 +32,7 @@ 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316555615000,"flow_dst_last_pkt_time":1646316555881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1646316555881000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316604619000,"flow_dst_last_pkt_time":1646316581404000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1646316604619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.132.133","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316608076000,"flow_dst_last_pkt_time":1646316604885000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1646316608076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1656980485529000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":35,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1656980485529000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1656980486196000,"pkt":"eJS0JASgYDjgxTWgCABFAAB\/butAAD8RgG\/AqAJkgp4Gaci1E4wAa0yQAAAAAwAAAAdvcGNvZGUAAAACAAAAAQAAAAlnZXRfdG9rZW4AAAAIdHJhbl9pZAAAAAQAAAABVcoU5Uu9F3oAAAAWbmF0X3RyYXZlcnNhbF92ZXJzaW9uAAAAAAAAAAEAAAAB"} 01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"","client_port":"","hostname":"","fqdn":""}}} @@ -47,13 +47,13 @@ 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980539784000,"flow_dst_last_pkt_time":1656980540028000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":986,"midstream":0,"thread_ts_usec":1656980540028000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980590502000,"flow_dst_last_pkt_time":1656980590747000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1657218777631000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1657218777631000} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218777631000,"flow_dst_last_pkt_time":1657218777876000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":1067,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218830229000,"flow_dst_last_pkt_time":1657218830474000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1657218830474000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218883169000,"flow_dst_last_pkt_time":1657218883415000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1527,"flow_dst_tot_l4_payload_len":1501,"midstream":0,"thread_ts_usec":1657218883415000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218934824000,"flow_dst_last_pkt_time":1657218910555000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1529,"flow_dst_tot_l4_payload_len":1528,"midstream":0,"thread_ts_usec":1657218934824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1657249529677000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1657249529677000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657249529677000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657249529677000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdcmhAAD8RfU3AqAJkgp4GcMi1E4wACUw1QQ=="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529923000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1657249529923000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2VBgAAHMRp4SCngZwwKgCZBOMyLUAIuZdSVA9Mi4yMDcuNjAuMTYzLFBPUlQ9NTEzODE="} @@ -65,12 +65,12 @@ 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249582560000,"flow_dst_last_pkt_time":1657249582732000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1657249582732000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249631671000,"flow_dst_last_pkt_time":1657249631942000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1657249631942000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249681609000,"flow_dst_last_pkt_time":1657249681857000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1657249681857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":1657366460559000} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":86,"packets-processed":85,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":68,"global_ts_usec":1657366460559000} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366460559000,"flow_dst_last_pkt_time":1657366460805000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1657366460805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366513451000,"flow_dst_last_pkt_time":1657366513703000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":584,"midstream":0,"thread_ts_usec":1657366513703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366565530000,"flow_dst_last_pkt_time":1657366565776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1657366565776000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366617375000,"flow_dst_last_pkt_time":1657366591817000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1657366617375000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1657762868392000} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1657762868392000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657762868392000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657762868392000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdnKhAAD8RUwzAqAJkgp4Gcci1E4wACUw2QQ=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1657762868649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4BUMAAHMR9laCngZxwKgCZBOMyLUAJKUsSVA9OTAuMTg2LjE2MC4yMDcsUE9SVD01MTM4MQ=="} @@ -83,28 +83,28 @@ 01058{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762958721000,"flow_dst_last_pkt_time":1657762948678000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657762958721000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.160.207","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762973579000,"flow_dst_last_pkt_time":1657762973832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1657762973832000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657763027181000,"flow_dst_last_pkt_time":1657763001647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1657763027181000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1657906301393000} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1657906301393000} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906301393000,"flow_dst_last_pkt_time":1657906301648000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":488,"flow_dst_tot_l4_payload_len":524,"midstream":0,"thread_ts_usec":1657906301648000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906353365000,"flow_dst_last_pkt_time":1657906353619000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":970,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1657906353619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906405961000,"flow_dst_last_pkt_time":1657906406215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":972,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1657906406215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906456047000,"flow_dst_last_pkt_time":1657906431208000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1657906456047000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657907318692000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1657907318692000} 02282{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":257000,"avg":9319382016.0,"max":143300001000,"stddev":0.0,"var":0.0,"ent":1.1,"data": [257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000]},"pktlen": {"min":29,"avg":90.3,"max":508,"stddev":132.5,"var":17556.2,"ent":4.1,"data": [29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1],"entropies": [4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,4.988168716,4.582120895,5.059597492,5.016859055,4.526149750,4.582120895,5.059597492,4.513154984,5.010403156,4.582120895,4.582120895,5.001649380,5.023393631,4.521674156,4.582120895,5.001649380,4.582120895,5.059597492,4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,5.059597492,4.582120895,4.582120895,4.988168716]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907371998000,"flow_dst_last_pkt_time":1657907372252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":1076,"midstream":0,"thread_ts_usec":1657907372252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":19,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907422129000,"flow_dst_last_pkt_time":1657907422383000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":1132,"midstream":0,"thread_ts_usec":1657907422383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907472044000,"flow_dst_last_pkt_time":1657907465166000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1461,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1657907472044000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":97,"global_ts_usec":1657959489569000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":97,"global_ts_usec":1657959489569000} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":22,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959489569000,"flow_dst_last_pkt_time":1657959489824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1462,"flow_dst_tot_l4_payload_len":1516,"midstream":0,"thread_ts_usec":1657959489824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959673241000,"flow_dst_last_pkt_time":1657959673495000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1463,"flow_dst_tot_l4_payload_len":1544,"midstream":0,"thread_ts_usec":1657959673495000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":25,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959725835000,"flow_dst_last_pkt_time":1657959726090000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":1600,"midstream":0,"thread_ts_usec":1657959726090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959784163000,"flow_dst_last_pkt_time":1657959784418000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1947,"flow_dst_tot_l4_payload_len":1984,"midstream":0,"thread_ts_usec":1657959784418000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1657979228094000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1657979228094000} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":30,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979228094000,"flow_dst_last_pkt_time":1657979228348000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1950,"flow_dst_tot_l4_payload_len":2040,"midstream":0,"thread_ts_usec":1657979228348000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":33,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979280591000,"flow_dst_last_pkt_time":1657979280846000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2051,"flow_dst_tot_l4_payload_len":2377,"midstream":0,"thread_ts_usec":1657979280846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979331035000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979331290000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979356494000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2534,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979356494000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1657979356494000} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1657979356494000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924918 bytes -~~ total memory freed........: 6924918 bytes -~~ total allocations/frees...: 114376/114376 +~~ total memory allocated....: 7502564 bytes +~~ total memory freed........: 7502564 bytes +~~ total allocations/frees...: 126108/126108 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 2287 chars diff --git a/test/results/default/someip-tp.pcap.out b/test/results/default/someip-tp.pcap.out index 442bab1f0..a3f35b33c 100644 --- a/test/results/default/someip-tp.pcap.out +++ b/test/results/default/someip-tp.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1433332443506391} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1433332443506391} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443506391,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUcAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAAAEAADAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpams="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -8,7 +8,7 @@ 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1433332443538482,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443538482,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUoAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAEFFMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5urs="} 02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1433332443551109,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443551109,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUsAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAFcG8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKis="} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443605150,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1176,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443605150,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1433332443605150} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1433332443605150} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907874 bytes -~~ total memory freed........: 6907874 bytes -~~ total allocations/frees...: 114146/114146 +~~ total memory allocated....: 7485505 bytes +~~ total memory freed........: 7485505 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 2436 chars diff --git a/test/results/default/someip-udp-method-call.pcapng.out b/test/results/default/someip-udp-method-call.pcapng.out index f9bf0edf7..da2928871 100644 --- a/test/results/default/someip-udp-method-call.pcapng.out +++ b/test/results/default/someip-udp-method-call.pcapng.out @@ -1,5 +1,5 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502789275686772} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1502789275686772} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00969{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_usec":1502789275686772,"pkt":"AQBeAAABdAAAAAC5CABFAAFkAHhAAAER12bAqAAB4AAAAcAmwCYBULPJ\/\/+BAAAAAUAAAAfdAQECAMAAAAAAAADAAQAAIBI0APwBAAADAAAAAAECABAAAAABAQAAAwAAAAIBAwAQAAAAAQEAAAMAAAAAAQQAIAAAAAEBAAADAAAAAAEGABAAAAABAQAAAwAAAAEBAQAQAAAAAQEAAAMAAAAAAQAAIAAAAAEBAAADAAAAAAEBABAAAAABAgAAAwAAAAABAQAQAAAAAQEAAAMAAAAAAQEAEAAAAAEBAAADAAAAAAEHABAAAAABAQAAAwAAAAEBCAAQAAAAAQEAAAMAAAAAAAAAbAAJBADAqAABAAbAMQAJBADAqAABABHAMQAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABABHAPwAJBADAqAABABHAPwAJBADAqAABAAbAPwAJBADAqAABABHAPw=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -9,7 +9,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1502789275713141,"pkt":"gAAAAAB1dAAAAAC5CABFAAA1do9AAAERgVrAqAABwKgAfcAxwCcAIWfYEjQACAAAABEAAAABAQGAAAAAAAWrq6urqw=="} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1502789275711113,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1502789275713141} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1502789275713141} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910052 bytes -~~ total memory freed........: 6910052 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487718 bytes +~~ total memory freed........: 7487718 bytes +~~ total allocations/frees...: 125883/125883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 565 chars ~~ json message max len.......: 1119 chars diff --git a/test/results/default/someip_sd_sample.pcap.out b/test/results/default/someip_sd_sample.pcap.out index 4e97fb4d5..cc8e6d764 100644 --- a/test/results/default/someip_sd_sample.pcap.out +++ b/test/results/default/someip_sd_sample.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559741544964106} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1559741544964106} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741544964106,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741544964106} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAAEAXgIDBQBUr+cDQAgARQAAVAAAQAD\/EXSfwKhYSesCAwV3GncaAEDieP\/\/gQAAAAAwAAAAAwEBAgDAAAAAAAAAEAEAABAA6wAAAQAAHgAAAAAAAAAMAAkEAMCoWEkAEcNQ"} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545065160,"packet_id":2,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065160} @@ -12,7 +12,7 @@ 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDQABUr+cDAAgARQAAVAAAQAD\/EUmxwKhYTcCoWEl3GncaAECLdP\/\/gQAAAAAwAAAABAEBAgDAAAAAAAAAEAYAABAA6wAAAQAAHgAAAAEAAAAMAAkEAMCoWE0AEepg"} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545865698,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865698} 00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":102,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":102,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDAABUr+cDQAgARQAASAAAQAD\/EUm9wKhYScCoWE13GncaADSSJv\/\/gQAAAAAkAAAAAwEBAgDAAAAAAAAAEAcAAAAA6wAAAQAAHgAAAAEAAAAA"} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1559741545865698} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1559741545865698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/0 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 318 chars ~~ json message max len.......: 850 chars diff --git a/test/results/default/sonos.pcapng.out b/test/results/default/sonos.pcapng.out index c26f8cbff..d9645eac7 100644 --- a/test/results/default/sonos.pcapng.out +++ b/test/results/default/sonos.pcapng.out @@ -1,16 +1,16 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727166164053038} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1727166164053038} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053038,"flow_dst_last_pkt_time":1727166164053038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727166164053038,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1727166164053038,"flow_dst_last_pkt_time":1727166164053038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1727166164053038,"pkt":"NH5c\/6JunFg8p+7MCABFAABAAABAAEAGAADAqAEdwKgBRszJBaN82gZ6AAAAALAC\/\/+D5gAAAgQFtAEDAwYBAQgKwfr6SgAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1727166164053038,"flow_dst_last_pkt_time":1727166164053310,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1727166164053310,"pkt":"nFg8p+7MNH5c\/6JuCABFAAA8AABAAEAGtwjAqAFGwKgBHQWjzMn2ZQ7bfNoGe6AScSCSWAAAAgQFtAQCCAoAAql6wfr6SgEDAwU="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1727166164053376,"flow_dst_last_pkt_time":1727166164053310,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1727166164053376,"pkt":"NH5c\/6JunFg8p+7MCABFAAA0AABAAEAGAADAqAEdwKgBRszJBaN82gZ79mUO3IAQCAqD2gAAAQEICsH6+koAAql6"} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164053310,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1727166164053500,"pkt":"NH5c\/6JunFg8p+7MCABFAADHAABAAEAGAADAqAEdwKgBRszJBaN82gZ79mUO3IAYCAqEbQAAAQEICsH6+koAAql6FgMDAI4BAACKAwNm8nbUfNIqmygdq+8Mt16FgPAONc3b4CCB\/\/VdoGnafgAAGsyowDDALwCdAJwAPQA1ADwAL8ypwCzAKwD\/AQAARwAAABEADwAADDE5Mi4xNjguMS43MAANABIAEAYDBgEFAwUBBAMEAQMDAwEACgAGAAQAFwAYAAsAAgEAABYAAAAXAAAAIwAA"} -01534{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164053310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727166164053500,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","ja3":"ae25e09391d7275844ccf16316569582","ja3s":"","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01493{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164053310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1727166164053500,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164053666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1727166164053666,"pkt":"nFg8p+7MNH5c\/6JuCABFAAA0p6ZAAEAGD2rAqAFGwKgBHQWjzMn2ZQ7cfNoHDoAQA6suBQAAAQEICgACqXrB+vpK"} -01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164054256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1727166164054256,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","ja3":"ae25e09391d7275844ccf16316569582","ja3s":"2fbcb4e196d5bcba6896e593c6016e09","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -02025{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164054938,"flow_dst_last_pkt_time":1727166164054943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":1880,"midstream":0,"thread_ts_usec":1727166164054943,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","server_names":"sonos-347e5cffa26e.local","ja3":"ae25e09391d7275844ccf16316569582","ja3s":"2fbcb4e196d5bcba6896e593c6016e09","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=Santa Barbara, O=Sonos, Inc, OU=Sonos Devices, CN=Sonos Device Authentication Root CA","subjectDN":"CN=347E5CFFA26E, OU=Sonos Devices, O=Sonos, Inc, L=Santa Barbara, ST=California, C=US","fingerprint":"48:71:C5:C1:80:17:50:20:E2:25:2E:E3:C3:F9:AE:76:62:1C:26:7E","blocks":0}}} +01646{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164053500,"flow_dst_last_pkt_time":1727166164054256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1727166164054256,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","ja3s":"2fbcb4e196d5bcba6896e593c6016e09","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01984{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164054938,"flow_dst_last_pkt_time":1727166164054943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":1880,"midstream":0,"thread_ts_usec":1727166164054943,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"192.168.1.70","domainame":"192.168.1.70","tls": {"version":"TLSv1.2","server_names":"sonos-347e5cffa26e.local","ja3s":"2fbcb4e196d5bcba6896e593c6016e09","ja4":"t12i130700_88f5d26691c7_cdbdbcd6f742","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=Santa Barbara, O=Sonos, Inc, OU=Sonos Devices, CN=Sonos Device Authentication Root CA","subjectDN":"CN=347E5CFFA26E, OU=Sonos Devices, O=Sonos, Inc, L=Santa Barbara, ST=California, C=US","fingerprint":"48:71:C5:C1:80:17:50:20:E2:25:2E:E3:C3:F9:AE:76:62:1C:26:7E","blocks":0}}} 02590{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164138595,"flow_dst_last_pkt_time":1727166164138684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":697,"flow_dst_tot_l4_payload_len":10055,"midstream":0,"thread_ts_usec":1727166164138684,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":5522.7,"max":76697,"stddev":16070.0,"var":258244336.0,"ent":2.1,"data": [272,338,124,356,590,799,645,639,42,126,572,127,1,41072,36346,87,76697,101,123,120,417,5214,5537,110,53,129,4,219,221,72,50]},"pktlen": {"min":52,"avg":388.6,"max":1500,"stddev":553.2,"var":306044.5,"ent":3.8,"data": [64,60,52,199,52,114,52,1500,52,422,52,319,58,97,52,214,58,52,97,52,284,52,1500,52,1500,1500,52,52,1500,52,1500,774]},"bins": {"c_to_s": [12,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.115860939,5.002481937,4.600069523,5.375968933,5.017560482,5.533653736,4.676992416,6.990198135,4.676992416,7.453630447,4.585552692,7.180738926,4.594459534,5.301477909,4.940637112,6.869658470,4.928392887,4.676992893,5.552255630,4.676992416,7.104205132,5.017560482,7.839426041,4.638530731,7.870905399,7.893046856,4.638530731,4.569114685,7.863118172,4.600069046,7.854409218,7.733862877]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1728503007672608} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1728503007672608} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1728503007672608,"flow_src_last_pkt_time":1728503007672608,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728503007672608,"l3_proto":"ip4","src_ip":"192.168.15.37","dst_ip":"192.168.15.36","src_port":44467,"dst_port":7080,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1728503007672608,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":51,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":51,"pkt_l4_len":17,"thread_ts_usec":1728503007672608,"pkt":"SKa47zYmXKr9ApIaCABFAAAlKNVAAAERsVnAqA8lwKgPJK2zG6gAEUE+ABNZhAAAAAD8"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1728503007672608,"flow_src_last_pkt_time":1728503007672608,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728503007672608,"l3_proto":"ip4","src_ip":"192.168.15.37","dst_ip":"192.168.15.36","src_port":44467,"dst_port":7080,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Sonos","proto_id":"430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -20,7 +20,7 @@ 01893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1728503008950594,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1074,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1074,"pkt_l4_len":1040,"thread_ts_usec":1728503008950594,"pkt":"SKa47zYmXKr9ApIaCABFAAQkKSpAAAERrQXAqA8lwKgPJK2zG6gEEB9JABNZjAAA\/\/\/HsSzPE0VRNE3LcSzL80RRFE2TZWma54miaaoqy9I0zxNF01RVpul5omiaquq6VNXzRNE0VdV1AQAAAAAAAAAAAAEA4AkOAEAFNqyOcFI0FlhoyEoAIAMAgDEGIWQMQsgYhBBCCCGEEBIAADDgAAAQYEIZKDRkJQCQCgBAGKMUY85JSakyRinnIJTSWmWQUs5BKKW1ZimlnIOSUmvNUko5JyWl1popGYNQSkqtNZUyBqGUlFprzokQQkqtxdicEyGElFqLsTknYykptRhjc07GUlJqMcbmnFOutRZjzUkppVxrLcZaCwBAaHAAADuwYXWEk6KxwEJDVgIAeQAAkFJKMcYYY0wppRhjjDGmlFKMMcaYU0opxhhjzDmnFGOMMeacY4wxxhhzzjHGGGOMOecYY4wxxpxzzjHGGGPOOecYY4wx55xzjDHGmAAAoAIHAIAAG0U2JxgJKjRkJQAQDgAAGMOUc85BKCWVCiHGIHRQSkqtVQgxBiGEUlJqLWrOOQghlJJSa9FzzkEIoZSUWouqhVBKKSWl1lp0LXRSSkmptRijlCKEkFJKrbUYnRMhhJJSai3G5pyMpaTUWowxNudkLCWl1mKMsTnnnGuttRZjrc0551xrKbYYa23OOad7bDHWWGtzzjmfW4utxloLADB5cACASrBxhpWks8LR4EJDVgIAuQEAjFKMMeacc84555xzzkmlGHPOOQghhBBCCCGUSjHmnHMQQgghhBBCKBlzzjkHIYQQQgghhFBK6ZxzEEIIIYQQQgihlNI55yCEEEIIIYQQQimlc85BCCGEEEIIIYRSSgghhBBCCCGEEEIIpZRSQgghhBBCCCGEEEoppYQQQgghhBBCCCGUUkoJIYQQQgghhBBCKKWUEkIIIYQQQgglhFBKKaWUEEIIoYQQQgihlFJKKSGEUkopIYQQQimllFJCKKGEEEIIIZRSSimllBJCKSGEEEIIpZRSSimllFJCCCGEEEoppZRSSimlhFBCCCGUUkoppZRSQiglhBJCKKWUUkoppYRQQgghhFBKKaWUUkoJIYQSQgihAACgAwcAgAAjKi3ETjOuPAJHFDJMQIWGrAQA0gIAAEOstdZaa6211lprDVLWWmuttdZaa621RilrrbXWWmuttdZaa6m11lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWmuttdZaa6211lprrbXWWksppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRS"} 01462{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":21,"flow_first_seen":1727166164053038,"flow_src_last_pkt_time":1727166164139982,"flow_dst_last_pkt_time":1727166164140787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":267,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":728,"flow_dst_tot_l4_payload_len":12413,"midstream":0,"thread_ts_usec":1728503014752819,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"192.168.1.70","src_port":52425,"dst_port":1443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Sonos","proto_id":"91.430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"192.168.1.70"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1728503007672608,"flow_src_last_pkt_time":1728503020063220,"flow_dst_last_pkt_time":1728503007672608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1032,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12559,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1728503020063220,"l3_proto":"ip4","src_ip":"192.168.15.37","dst_ip":"192.168.15.36","src_port":44467,"dst_port":7080,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Sonos","proto_id":"430","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":61,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1728503020063220} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sonos.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":61,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1728503020063220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 61/61 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936683 bytes -~~ total memory freed........: 6936683 bytes -~~ total allocations/frees...: 114223/114223 +~~ total memory allocated....: 7514300 bytes +~~ total memory freed........: 7514300 bytes +~~ total allocations/frees...: 125955/125955 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 525 chars ~~ json message max len.......: 2595 chars diff --git a/test/results/default/source_engine.pcap.out b/test/results/default/source_engine.pcap.out index 7b144738b..7eb8e910f 100644 --- a/test/results/default/source_engine.pcap.out +++ b/test/results/default/source_engine.pcap.out @@ -1,24 +1,24 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268032673008} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1680268032673008} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268032673008,"pkt":"suZ52dfuXu41QY3PCABFAAA1wr0AACoRioXezJ9Xzn3201BzaYcAIUOC\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1680268854178455} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1680268854178455} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268854178455,"pkt":"lt5b\/81mXu41QY3PCABFAAA1amMAACcRFySuhp5Tzn322bloaYcAIQvR\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1680269897199187} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1680269897199187} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680269897199187,"pkt":"umfZn5dXAQBeQY3PCABFAAA12CcAACoRS8rtdbn3zn3226EjaYcAIcmA\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1680270565741530} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1680270565741530} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680270565741530,"pkt":"suZ52dfuXu41QY3PCABFAAA1dSgAACkRrWj8u60azn3206SraYcAIcOX\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1680271779776446} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1680271779776446} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680271779776446,"pkt":"tus5LcPaXu41QY3PCABFCAA1hEMAACQR7tunpraYzn321NBJaYcAIeOP\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -37,7 +37,7 @@ 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271990901001,"flow_src_last_pkt_time":1680271990901001,"flow_dst_last_pkt_time":1680271990901001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.213","src_port":64888,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271905048618,"flow_src_last_pkt_time":1680271905048618,"flow_dst_last_pkt_time":1680271905048618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.217","src_port":52464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1680272423587299} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1680272423587299} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680272423587299,"pkt":"0i7fu7XLAQBeQY3PCABFAAA1GmkAACsRKNLtdZmyzn3212BHaYcAISqm\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -53,7 +53,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272493156815,"flow_src_last_pkt_time":1680272493156815,"flow_dst_last_pkt_time":1680272493156815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"252.141.177.26","dst_ip":"206.125.246.216","src_port":21572,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1680275154446193} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":56,"global_ts_usec":1680275154446193} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275154446193,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YXkAAC4RB\/+Ml9FUzn321iCPaYcAIZOb\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -62,7 +62,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275513818590,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YOgAACoR6hHFcrr3zn321qDqaYcAIfDB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275513818590,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.214","src_port":41194,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1680276988600126} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1680276988600126} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680276988600126,"pkt":"suZ52dfuXu41QY3PCABFAAA1JwIAACkREMnenrXyzn323uN7aYcAIZoB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -71,18 +71,18 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680277233172685,"pkt":"umfZn5dXAQBeQY3PCABFAAA12s0AACoRaZXti5lwzn322w6KaYcAIXyL\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1680278871503388} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1680278871503388} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680278871503388,"pkt":"8i53bZ3HXu41QY3PCABFAAA1stIAACkR6Gh2lbqTzn321lMlaYcAIY3I\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1680279669681327} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1680279669681327} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680279669681327,"pkt":"suZ52dfuXu41QY3PCABFAAA11kkAACkRaEuXtvYRzn323UXiaYcAIT5l\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1680279669681327} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1680279669681327} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -91,9 +91,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6946186 bytes -~~ total memory freed........: 6946186 bytes -~~ total allocations/frees...: 114330/114330 +~~ total memory allocated....: 7523782 bytes +~~ total memory freed........: 7523782 bytes +~~ total allocations/frees...: 126061/126061 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/spotify_tcp.pcap.out b/test/results/default/spotify_tcp.pcap.out index 94a1541b7..91411d003 100644 --- a/test/results/default/spotify_tcp.pcap.out +++ b/test/results/default/spotify_tcp.pcap.out @@ -1,4 +1,4 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":53789009,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53789009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":53789009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53789009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":53789009,"pkt":"UlQAEjUCCAAns+YuCABFAAA8YO9AAEAGtrcKAAIPI77zSL30D+Yfkn2LAAAAAKAC+vBeZAAAAgQFtAQCCAqdUcNLAAAAAAEDAwc="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53811806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":53811806,"pkt":"CAAns+YuUlQAEjUCCABFAAAsAhEAAEAGVaYjvvNICgACDw\/mvfQANrABH5J9jGAS\/\/9Z0AAAAgQFtA=="} @@ -7,7 +7,7 @@ 00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":53789009,"flow_src_last_pkt_time":53812035,"flow_dst_last_pkt_time":53811806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":53812035,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":53812035,"flow_dst_last_pkt_time":53812035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":53812035,"pkt":"CAAns+YuUlQAEjUCCABFAAAoAhIAAEAGVakjvvNICgACDw\/mvfQANrACH5J+1VAQ\/\/9wRAAA"} 00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":53789009,"flow_src_last_pkt_time":53908975,"flow_dst_last_pkt_time":53980552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":2002,"midstream":0,"thread_ts_usec":53980552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":53980552} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":53980552} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909975 bytes -~~ total memory freed........: 6909975 bytes -~~ total allocations/frees...: 114149/114149 +~~ total memory allocated....: 7487571 bytes +~~ total memory freed........: 7487571 bytes +~~ total allocations/frees...: 125880/125880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 512 chars ~~ json message max len.......: 960 chars diff --git a/test/results/default/sql_injection.pcap.out b/test/results/default/sql_injection.pcap.out index 18726b22d..9dbcb6c15 100644 --- a/test/results/default/sql_injection.pcap.out +++ b/test/results/default/sql_injection.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243907401514} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243907401514} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":757,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":757,"pkt_l4_len":723,"thread_ts_usec":1655243907401514,"pkt":"FE+Kc3lP4CvpcxhCCABFAALnBMxAAEAGqxzAqANtwKgDa9EYAFBtgZhQ14snP4AYAfYjSgAAAQEICpBN+1KzuubyR0VUIC9EVldBLW1hc3Rlci92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9JTNGaWQlM0RhJTI3K1VOSU9OK1NFTEVDVCslMjJ0ZXh0MSUyMiUyQyUyMnRleHQyJTIyJTNCLS0rLSUyNlN1Ym1pdCUzRFN1Ym1pdCZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAxOTIuMTY4LjMuMTA3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC4wLjAgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClJlZmVyZXI6IGh0dHA6Ly8xOTIuMTY4LjMuMTA3L0RWV0EtbWFzdGVyL3Z1bG5lcmFiaWxpdGllcy9zcWxpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LUlULGl0O3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43DQpDb29raWU6IFBIUFNFU1NJRD11YTdvdW1xY2g0aDJxZWx1YnB2bzIxZGVjNjsgc2VjdXJpdHk9bG93DQoNCg=="} 01464{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107","domainame":"192.168.3.107","http": {"url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36","detected_os":"Linux x86_64"}}} @@ -8,7 +8,7 @@ 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655243907402945,"pkt":"4CvpcxhCFE+Kc3lPCABFAAFLVvxAAEAGWojAqANrwKgDbQBQ0RjXiyznbYGbA4AYAfhCywAAAQEICrO7eEeQTftS8nesfXSXKCDm16lh4L3R\/3eEe5NHG9q5YFT5OLsvveilNqwc26R5XzBmjTFWaW34feZsgc6YkLiDl7Vs5LhjA8TdGSy3hF1UUEMDSwkaJeLd+8vJHFDHlsmmShu3tld43vlGLOrFc8i2VLCYAeRLnKCNMqZ1A\/3nD6TUjuG2nJ62UVLP9qCsrYRWwVTwKWRNwSaQsiJWJjZDuhQSEZghWpS8aq0J867UoXP7aGx5AHHNce7U0K6w3lYodaNh2i4UXFtfKnrIH885NP3terkEoVtneMAtJnVtem8wmTzl1Stbx2ofmfYx1+p39ZyEAjaGPZUZCw4OCadoeFnu3npZ9iVdjSJiK6D9lcA97ZP\/AQkVDNI+EAAA"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655243907406272,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0BM1AAEAGrc7AqANtwKgDa9EYAFBtgZsD14st\/oAQAelVLQAAAQEICpBN+7Wzu3hH"} 01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":1727,"midstream":1,"thread_ts_usec":1655243907406272,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655243907406272} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655243907406272} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908244 bytes -~~ total memory freed........: 6908244 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7485909 bytes +~~ total memory freed........: 7485909 bytes +~~ total allocations/frees...: 125883/125883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2508 chars diff --git a/test/results/default/srvloc-v1.pcapng.out b/test/results/default/srvloc-v1.pcapng.out index 6398e7f2a..58abf28eb 100644 --- a/test/results/default/srvloc-v1.pcapng.out +++ b/test/results/default/srvloc-v1.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1610477174501058} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1610477174501058} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"thread_ts_usec":1610477174501058,"pkt":"AAAAAAAAAAYApNApCABFAAGG4R4AAD8RhM0X3HSvwKjHRwGr4bYBclCtAQcBagAAZW4AAx15AAABWih4LWhwLXZlcj0wMSkoeC1ocC1wcm9kX2lkPVN0ZWxsYTROV18wMSkoeC1ocC1tYWM9M0M1MjgyMjZGRDI4KSh4LWhwLWd1aWQ9M0M1MjgyMjZGRDI4KSh4LWhwLW51bV9wb3J0PTAxKSh4LWhwLWlwPTE5Mi4xNjguMTAwLjAyOSkoeC1ocC1obj1ERVYyNkZEMjgpKHgtaHAtcDE9TUZHOkhld2xldHQtUGFja2FyZDtNREw6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7Q01EOkFDTCxDTUQsWkpTLFVSRixQQ0xtLFBKTDtDTFM6UFJJTlRFUjtERVM6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7RldWRVI6MjAxNjA5MjY7TEVETURJUzpVU0IjZmYjMDQjMDE7Q0lEOkhQTEpQQ0xNU1YxOyk="} 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -8,7 +8,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1610477179484120} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1610477179484120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910051 bytes -~~ total memory freed........: 6910051 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487647 bytes +~~ total memory freed........: 7487647 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 1003 chars diff --git a/test/results/default/srvloc.pcap.out b/test/results/default/srvloc.pcap.out index cbc4c7857..c45ae2f64 100644 --- a/test/results/default/srvloc.pcap.out +++ b/test/results/default/srvloc.pcap.out @@ -1,9 +1,9 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685617825174445} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1685617825174445} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685617825174445,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbbAlKGXEVW80Oc9yAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685630200886590} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1685630200886590} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685630200886590,"pkt":"3jHC4dyOPJTVQTiBCABFCABL5ywAACQR3TcbhqncWo0lOLBrAasAN20TAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -12,7 +12,7 @@ 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1685630282860970,"pkt":"xmjqc4OdPJTVQTiBCABFCACH1DEAAOsRrCYsY3GWunDKNZ6vAasAcwAAAgIAAGtAAAAAAIgRAAJlbgAAAAMAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAAAEREAGHNjaGVtZTovL2RvbWFpbi50bGQvcGF0aAAAEREAD3NscDovL2hvc3QvcGF0aAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630282860970,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"186.112.202.53","src_port":40623,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685630932313616} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1685630932313616} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_usec":1685630932313616,"pkt":"bs1PogZtPJTVQTiBCABFCACL1DEAAOsRrCEsY3GWWpG0OoeJAasAdwAAAgIAAG9AAAAAAIgRAAJlbgAAAAIAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAIAAAANAAAAAAADQUFBAAAAEQAAAAAAB0JCQkJCQkIAIiIAE3NscDovL3Rlc3Qub3JnL3Rlc3QA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -22,13 +22,13 @@ 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685631007788963,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpSXQZLGIWo0lOIHeAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1685632512691057} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1685632512691057} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685632512691057,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80OYLmAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1685634172336790} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1685634172336790} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685634172336790,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpS0tfJOcpXLKPcXnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -42,22 +42,22 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":41268,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1685636053299196} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1685636053299196} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685636053299196,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTctfJOcSm\/LN981AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1685637797751103} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1685637797751103} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685637797751103,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMi4tKjwpZBUPpStAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1685638455443887} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1685638455443887} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685638455443887,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTXsg6KdRW27NpdkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1685644247091385} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1685644247091385} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644247091385,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OZvkAasAJU6QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -70,13 +70,13 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644782769825,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNZLgAasAJVeXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1685646379667471} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1685646379667471} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685646379667471,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbNVGHGX8WpOrM9GTAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1685647342398373} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1685647342398373} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647342398373,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN5gBAasAJVJ4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -85,7 +85,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647407833070,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMoKtAasAJWfNAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647407833070,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":33453,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1685647960810732} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":88,"global_ts_usec":1685647960810732} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647960810732,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOO4jAasAJfxRAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -95,13 +95,13 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648124700322,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM6ErAasAJUlQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1685648698148233} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1685648698148233} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648698148233,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbM4+5gT4pZBUPtrHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1685650322996075} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":104,"global_ts_usec":1685650322996075} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650322996075,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPc4FAasAJRxqAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -114,18 +114,18 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650669220572,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPqhCAasAJUIuAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1685650926504967} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":117,"global_ts_usec":1685650926504967} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650926504967,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRbJPG5eBuWpG0OtxLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":123,"global_ts_usec":1685653377845672} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":26,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":123,"global_ts_usec":1685653377845672} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685653377845672,"pkt":"AAwp30Y4PJTVQTiBCABFAABSlBMAAG4Rf4VDnxCWpZBUPmnXAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":128,"global_ts_usec":1685656813046229} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":28,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":128,"global_ts_usec":1685656813046229} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685656813046229,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWnZ2bonunDKNc23AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -134,7 +134,7 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685657160451708,"pkt":"bpHurUgdPJTVQTiBCABFCABLsZ4AACIRGQ0j\/EVxRW27NmYwAasAN7uVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685657160451708,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":26160,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1685719505759316} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":137,"global_ts_usec":1685719505759316} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719505759316,"pkt":"3jHC4dyOPJTVQTiBCABFAABL9UAAACcR3eciZn14Wo0lOLGBAasAN325AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -143,12 +143,12 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719700086818,"pkt":"AAwp30Y4PJTVQTiBCABFCABLINwAACQRo44bhqncWpOrM+VDAasANzhBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1685722352249009} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1685722352249009} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685722352249009,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNYJqAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":151,"global_ts_usec":1685724063085340} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":151,"global_ts_usec":1685724063085340} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685724063085340,"pkt":"bs1PogZtPJTVQTiBCABFCABLVAkAACQRcFsk523ZWpG0Osb7AasAN1aDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -161,7 +161,7 @@ 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685724460743313,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAOsREgK2tHiLVW80OeZaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724460743313,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"85.111.52.57","src_port":58970,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724385340729,"flow_src_last_pkt_time":1685724385340729,"flow_dst_last_pkt_time":1685724385340729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":41334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1685725477275419} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":36,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1685725477275419} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685725477275419,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMtjBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -180,7 +180,7 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725970240675,"flow_src_last_pkt_time":1685725970240675,"flow_dst_last_pkt_time":1685725970240675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"47.123.189.155","dst_ip":"90.147.171.51","src_port":56038,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725705626703,"flow_src_last_pkt_time":1685725705626703,"flow_dst_last_pkt_time":1685725705626703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":60983,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725834402274,"flow_src_last_pkt_time":1685725834402274,"flow_dst_last_pkt_time":1685725834402274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.141.37.56","src_port":38679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":183,"global_ts_usec":1685726470530729} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":183,"global_ts_usec":1685726470530729} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726470530729,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPARDNBGtG\/xSm\/LN7vgAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -190,43 +190,43 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726834568415,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgC2tHiLWpG0OrXjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1685731799713540} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1685731799713540} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685731799713540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbPbaEx26Wm\/UMtv7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":198,"global_ts_usec":1685734492958804} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":198,"global_ts_usec":1685734492958804} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685734492958804,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOC61Z7hRW27NsiVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1685736988753451} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1685736988753451} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685736988753451,"pkt":"3jHC4dyOPJTVQTiBCABFCABLe9YAACQRSJTn33nVWo0lOBuuAasANwHXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1685741033951129} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":45,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1685741033951129} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951129,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951143,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951143,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":47,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1685749458942275} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":47,"packets-processed":46,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":214,"global_ts_usec":1685749458942275} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685749458942275,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRYABTMNjrunDKNcohAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1685750473996900} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":48,"packets-processed":47,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1685750473996900} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685750473996900,"pkt":"AAwp30Y4PJTVQTiBCABFAABLscgAACcRIVOaYYR3pZBUPvsyAasANzP7AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":224,"global_ts_usec":1685754984415729} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":224,"global_ts_usec":1685754984415729} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685754984415729,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXvtTMNjrWpG0OtwmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1685757305453914} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1685757305453914} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757305453914,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GZhAADQR3IJIHggnWm\/UMqqqAasAKnQsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -235,7 +235,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757594807526,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4kRAADQRE8lHJggvWo0lOKbBAasAKngIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757594807526,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"71.38.8.47","dst_ip":"90.141.37.56","src_port":42689,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1685758217856293} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":238,"global_ts_usec":1685758217856293} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758217856293,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f25AADQRdoJ5avcUpZBUPjB5AasAKu4zAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -249,7 +249,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758497495915,"flow_src_last_pkt_time":1685758497495915,"flow_dst_last_pkt_time":1685758497495915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"185.225.247.8","dst_ip":"165.114.202.61","src_port":48375,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758396547203,"flow_src_last_pkt_time":1685758396547203,"flow_dst_last_pkt_time":1685758396547203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"55.94.8.63","dst_ip":"90.145.180.58","src_port":43995,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":55,"packets-processed":54,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1685758883587256} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":55,"packets-processed":54,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1685758883587256} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758883587256,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3xBAADQRFtB5UggHVW80OesKAasAKjOSAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -259,7 +259,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759315778010,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+7TlAADQRCL55avcUunDKNdiyAasAKkYBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759315778010,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"186.112.202.53","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":262,"global_ts_usec":1685759582800435} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":57,"packets-processed":56,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":262,"global_ts_usec":1685759582800435} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759582800435,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+PaVAADQRuFZ5avcUWpOrM9iyAasAKkYFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -268,7 +268,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759668286856,"pkt":"ipffLU2SPJTVQTiBCABFAAA+WVBAADQRnKXIYfcYSm\/LN1ZsAasAKshFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759668286856,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"200.97.247.24","dst_ip":"74.111.203.55","src_port":22124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":271,"global_ts_usec":1685761109424998} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":59,"packets-processed":58,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":271,"global_ts_usec":1685761109424998} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685761109424998,"pkt":"bs1PogZtPJTVQTiBCABFBABS6itAACERQQR5I\/Q4WpG0Ond0AasAPtvSAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -283,74 +283,74 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":286,"global_ts_usec":1685764555721287} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":286,"global_ts_usec":1685764555721287} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685764555721287,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbXpF5qROWo0lONfrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":292,"global_ts_usec":1685765514548491} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":63,"packets-processed":62,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":292,"global_ts_usec":1685765514548491} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548491,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548505,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548505,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":298,"global_ts_usec":1685768356139839} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":65,"packets-processed":64,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":298,"global_ts_usec":1685768356139839} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685768356139839,"pkt":"xmjqc4OdPJTVQTiBCABFCABLLsoAACQRlZ5YH27bunDKNcXkAasAN1eeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":303,"global_ts_usec":1685771545738452} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":303,"global_ts_usec":1685771545738452} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685771545738452,"pkt":"AAwp30Y4PJTVQTiBCABFCABL4vwAACIR56cjAGRzpXLKPfWsAasANywSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":308,"global_ts_usec":1685783660893661} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":308,"global_ts_usec":1685783660893661} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685783660893661,"pkt":"AAwp30Y4PJTVQTiBCABFAABLeWAAACcRWcMiZn14pZBUPkQPAasAN+smAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":313,"global_ts_usec":1685786055859235} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":313,"global_ts_usec":1685786055859235} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786055859235,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbd9G6OblVW80Ocf9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":318,"global_ts_usec":1685786672936242} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":318,"global_ts_usec":1685786672936242} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786672936242,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX96s7ZjRpZBUPsn8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":323,"global_ts_usec":1685787446315396} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":323,"global_ts_usec":1685787446315396} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685787446315396,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbFE6JJ09Sm\/LN8\/2AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":328,"global_ts_usec":1685789104454151} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":328,"global_ts_usec":1685789104454151} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685789104454151,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLkZcAACQRMtHjhlHUVW80OZFXAasAN4wrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":333,"global_ts_usec":1685798769239701} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":72,"packets-processed":71,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":333,"global_ts_usec":1685798769239701} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685798769239701,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6mEAACIR4FInO4t5VW80OcfVAasAN1n5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":338,"global_ts_usec":1685802654160689} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":338,"global_ts_usec":1685802654160689} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685802654160689,"pkt":"AAwp30Y4PJTVQTiBCABFCABLGncAACQRqffjhlHUWm\/UMrB5AasAN20PAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":343,"global_ts_usec":1685803636118223} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":343,"global_ts_usec":1685803636118223} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685803636118223,"pkt":"AAwp30Y4PJTVQTiBCABFCABL\/N4AACQRx31nR5LepXLKPbqcAasAN2LaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":348,"global_ts_usec":1685804974645010} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":348,"global_ts_usec":1685804974645010} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685804974645010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTLuhHCWWpOrM6zYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":353,"global_ts_usec":1685805765811289} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":353,"global_ts_usec":1685805765811289} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685805765811289,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRCw+GtJCVWpG0Ore9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -359,7 +359,7 @@ 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685806301914300,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSvsm2CTWm\/UMq27AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685806301914300,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.111.212.50","src_port":44475,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":78,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":362,"global_ts_usec":1685809385375373} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":78,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":362,"global_ts_usec":1685809385375373} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809385375373,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsREge2tHiLSm\/LN4GEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -368,7 +368,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809633823277,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAPARqCMTY5OUWo0lOL+cAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":80,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":371,"global_ts_usec":1685810288436552} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":80,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":371,"global_ts_usec":1685810288436552} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSkve7GapXLKPavyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -376,7 +376,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBkuZGGTpZBUPpILAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.144.84.62","src_port":37387,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":379,"global_ts_usec":1685812438394439} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":379,"global_ts_usec":1685812438394439} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685812438394439,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNb5hAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -391,7 +391,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812825868185,"flow_src_last_pkt_time":1685812825868185,"flow_dst_last_pkt_time":1685812825868185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"85.111.52.57","src_port":35950,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812605076027,"flow_src_last_pkt_time":1685812605076027,"flow_dst_last_pkt_time":1685812605076027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":57533,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":394,"global_ts_usec":1685823608659744} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":85,"packets-processed":84,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":394,"global_ts_usec":1685823608659744} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685823608659744,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXkwsMR8CWpOrM8f9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -400,7 +400,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685824045529363,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpTATY5KcWpG0OtRrAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685824045529363,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":54379,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":403,"global_ts_usec":1685833753925206} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":87,"packets-processed":86,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":403,"global_ts_usec":1685833753925206} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833753925206,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXlSuMgcLRW27NtiaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -409,28 +409,28 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833820099618,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfk62rixWm\/UMtMrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1685837260196335} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":89,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1685837260196335} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685837260196335,"pkt":"bs1PogZtPJTVQTiBCABFCABLWQ0AACIRcZkfAJpyWpG0Op2\/AasAN4QBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":418,"global_ts_usec":1685838786050204} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":418,"global_ts_usec":1685838786050204} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685838786050204,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbcNC5MLbunDKNc9xAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1685845591689038} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":423,"global_ts_usec":1685845591689038} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685845591689038,"pkt":"ipffLU2SPJTVQTiBCABFAABSAK0AAG0RE\/VDnxCWSm\/LN6rvAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":92,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":428,"global_ts_usec":1685846371302206} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":92,"packets-processed":91,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":428,"global_ts_usec":1685846371302206} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685846371302206,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMtFcAasAJRkeAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":93,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":433,"global_ts_usec":1685847518566522} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":93,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":433,"global_ts_usec":1685847518566522} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685847518566522,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NrsHAasAJS9xAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -439,7 +439,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685848000557988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685848000557988,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":95,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":442,"global_ts_usec":1685849540053899} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":95,"packets-processed":94,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":442,"global_ts_usec":1685849540053899} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685849540053899,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPsikAasAJSHMAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -453,7 +453,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849733217189,"flow_src_last_pkt_time":1685849733217189,"flow_dst_last_pkt_time":1685849733217189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":51228,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849664860009,"flow_src_last_pkt_time":1685849664860009,"flow_dst_last_pkt_time":1685849664860009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":456,"global_ts_usec":1685851175046998} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":456,"global_ts_usec":1685851175046998} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685851175046998,"pkt":"3jHC4dyOPJTVQTiBCABFCABL904AACIR01kj\/EVxWo0lOOkiAasANzigAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -468,28 +468,28 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1685852052162325} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":101,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":471,"global_ts_usec":1685852052162325} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685852052162325,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OoEYAasAJWlaAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1685860258822121} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1685860258822121} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685860258822121,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNbtcAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":482,"global_ts_usec":1685863658998957} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":482,"global_ts_usec":1685863658998957} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685863658998957,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtTNAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":104,"packets-processed":103,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":487,"global_ts_usec":1685866496459415} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":104,"packets-processed":103,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":487,"global_ts_usec":1685866496459415} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685866496459415,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM9GHGX8Wo0lOM7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":105,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":492,"global_ts_usec":1685868922612761} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":105,"packets-processed":104,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":492,"global_ts_usec":1685868922612761} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685868922612761,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wDFAADQRPtU5AzHVSm\/LN2TcAasAKsLmAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -498,7 +498,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869117973932,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ZfVAADQRmRxGwcb6RW27NnFTAasAKrZ6AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869117973932,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"70.193.198.250","dst_ip":"69.109.187.54","src_port":29011,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":501,"global_ts_usec":1685869695331980} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":107,"packets-processed":106,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":501,"global_ts_usec":1685869695331980} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869695331980,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+88RAADQRC1FXANnyVW80OdPMAasAKlQFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -507,7 +507,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870241871015,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+NXBAADQRyYU2+8bepZBUPqAmAasAKoeLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":510,"global_ts_usec":1685870479493725} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":510,"global_ts_usec":1685870479493725} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870479493725,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4zlAADQRG81XJznTWo0lOKX2AasAKoHMAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -530,7 +530,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870800640514,"flow_src_last_pkt_time":1685870800640514,"flow_dst_last_pkt_time":1685870800640514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"74.111.203.55","src_port":56717,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1685871093262888} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":533,"global_ts_usec":1685871093262888} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685871093262888,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXosuzP9LpZBUPtc6AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -540,7 +540,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":543,"global_ts_usec":1685872555023942} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":116,"packets-processed":115,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":543,"global_ts_usec":1685872555023942} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685872555023942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+aWdAADQRlZGnOTHbpXLKPfQPAasAKjOlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -551,27 +551,27 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685872858284372,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXklTDuAOpXLKPdm1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":118,"packets-processed":117,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":554,"global_ts_usec":1685882198118291} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":118,"packets-processed":117,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":554,"global_ts_usec":1685882198118291} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685882198118291,"pkt":"bpHurUgdPJTVQTiBCABFCABLT4kAACIReyefPLR2RW27NqqoAasAN3ciAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":559,"global_ts_usec":1685890136540249} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":119,"packets-processed":118,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":559,"global_ts_usec":1685890136540249} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685890136540249,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREhCGtJCVWpOrM5XnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":120,"packets-processed":119,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":564,"global_ts_usec":1685893050953648} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":120,"packets-processed":119,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":564,"global_ts_usec":1685893050953648} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685893050953648,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsREgqGtJCVWo0lOM51AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":569,"global_ts_usec":1685894881323596} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":569,"global_ts_usec":1685894881323596} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685894881323596,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrvZI2ZpXLKPc\/mAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1685895935303589} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1685895935303589} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685895935303589,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtY5KSWm\/UMoW+AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -580,13 +580,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685896082620616,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RD\/62tHiLpZBUPuqLAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1685898155508793} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":124,"packets-processed":123,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":583,"global_ts_usec":1685898155508793} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685898155508793,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiIuZGGTSm\/LN9oIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":125,"packets-processed":124,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":589,"global_ts_usec":1685900239002858} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":125,"packets-processed":124,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":589,"global_ts_usec":1685900239002858} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685900239002858,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTIve7GaRW27Nrq9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -599,7 +599,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900456106642,"flow_src_last_pkt_time":1685900456106642,"flow_dst_last_pkt_time":1685900456106642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"186.112.202.53","src_port":39226,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900274127763,"flow_src_last_pkt_time":1685900274127763,"flow_dst_last_pkt_time":1685900274127763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":51113,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":602,"global_ts_usec":1685915408138503} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":128,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":602,"global_ts_usec":1685915408138503} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915408138503,"pkt":"AAwp30Y4PJTVQTiBCABFCABLkhwAACIROIkjAGRzpZBUPiXRAasAN\/vuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -608,32 +608,32 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915597923295,"pkt":"ipffLU2SPJTVQTiBCABFAABLM0cAACcRn97invx\/Sm\/LN2ATAasAN88kAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":611,"global_ts_usec":1685918860009356} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":611,"global_ts_usec":1685918860009356} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685918860009356,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbX1CGOFNSm\/LN9sWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":616,"global_ts_usec":1685919707980290} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":131,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":616,"global_ts_usec":1685919707980290} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685919707980290,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX0xTDuAOWpG0OsCbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":132,"packets-processed":131,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":621,"global_ts_usec":1685923909350319} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":132,"packets-processed":131,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":621,"global_ts_usec":1685923909350319} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685923909350319,"pkt":"3jHC4dyOPJTVQTiBCABFAABLfvwAACcRVCBiZ\/1zWo0lOKxDAasAN4LrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":626,"global_ts_usec":1685927801125774} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":626,"global_ts_usec":1685927801125774} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685927801125774,"pkt":"AAwp30Y4PJTVQTiBCABFAABLN1kAACcRm8DigHp2pXLKPXT6AasAN7oxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":631,"global_ts_usec":1685929607649688} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":631,"global_ts_usec":1685929607649688} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685929607649688,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+dqxAADQRKhJAP9viWpOrM98EAasAKup1AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":135,"packets-processed":134,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":636,"global_ts_usec":1685930408325419} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":135,"packets-processed":134,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":636,"global_ts_usec":1685930408325419} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930408325419,"pkt":"ipffLU2SPJTVQTiBCABFAAA+RodAADQRWiiguMv6Sm\/LN6NhAasAKiYKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -642,7 +642,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930521950503,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+FB1AADQRjJVAP9vipXLKPd8EAasAKuppAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930521950503,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"165.114.202.61","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":137,"packets-processed":136,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":645,"global_ts_usec":1685931213042208} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":137,"packets-processed":136,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":645,"global_ts_usec":1685931213042208} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685931213042208,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+edhAADQRJt1AR9rgVW80OU+OAasAKnnjAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -661,17 +661,17 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931339492549,"flow_src_last_pkt_time":1685931339492549,"flow_dst_last_pkt_time":1685931339492549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.141.37.56","src_port":10207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931328327343,"flow_src_last_pkt_time":1685931328327343,"flow_dst_last_pkt_time":1685931328327343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.65.52.246","dst_ip":"165.144.84.62","src_port":10179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":664,"global_ts_usec":1685932001528402} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":141,"packets-processed":140,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":664,"global_ts_usec":1685932001528402} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685932001528402,"pkt":"bpHurUgdPJTVQTiBCABFAAA++0RAADQRpWtBPsX4RW27NrJrAasAKhcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":669,"global_ts_usec":1685932876135808} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":669,"global_ts_usec":1685932876135808} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685932876135808,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqBoQY5OSpZBUPr5YAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":143,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":674,"global_ts_usec":1685933841851094} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":143,"packets-processed":142,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":674,"global_ts_usec":1685933841851094} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685933841851094,"pkt":"bpHurUgdPJTVQTiBCABFAABU0ltAADQRvvtLmX7zRW27NtRqAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -680,7 +680,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685934156732428,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbI5G2LpnpZBUPtpIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685934156732428,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"165.144.84.62","src_port":55880,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":683,"global_ts_usec":1685949298361033} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":145,"packets-processed":144,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":683,"global_ts_usec":1685949298361033} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685949298361033,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXw9SDr+xunDKNcn4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -694,48 +694,48 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":148,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1685950065516616} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":148,"packets-processed":147,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1685950065516616} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950065516616,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUAm7qYJWpOrM9zRAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":149,"packets-processed":148,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":703,"global_ts_usec":1685950716132805} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":149,"packets-processed":148,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":703,"global_ts_usec":1685950716132805} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950716132805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRX57OzBhaWo0lOMknAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":708,"global_ts_usec":1685952673673917} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":708,"global_ts_usec":1685952673673917} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685952673673917,"pkt":"AAwp30Y4PJTVQTiBCABFAABLLRsAACcRpgilgP10WpOrMxPRAasANxtlAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":713,"global_ts_usec":1685953474074395} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":151,"packets-processed":150,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":713,"global_ts_usec":1685953474074395} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685953474074395,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdLZH+f\/Wm\/UMtsGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":152,"packets-processed":151,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":718,"global_ts_usec":1685956234214319} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":152,"packets-processed":151,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":718,"global_ts_usec":1685956234214319} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685956234214319,"pkt":"bpHurUgdPJTVQTiBCABFCABLd1MAACQRTR0cZobSRW27NrFGAasAN2xEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":153,"packets-processed":152,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":723,"global_ts_usec":1685959206891430} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":153,"packets-processed":152,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":723,"global_ts_usec":1685959206891430} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685959206891430,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX32t8T8kVW80OccoAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":728,"global_ts_usec":1685960845026064} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":728,"global_ts_usec":1685960845026064} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685960845026064,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yNRGCtqWm\/UMurxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":155,"packets-processed":154,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":733,"global_ts_usec":1685964244002056} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":155,"packets-processed":154,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":733,"global_ts_usec":1685964244002056} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685964244002056,"pkt":"ipffLU2SPJTVQTiBCABFAAA11DEAAPER0yJRGCtqSm\/LN98IAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":156,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":738,"global_ts_usec":1685969568367700} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":156,"packets-processed":155,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":738,"global_ts_usec":1685969568367700} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969568367700,"pkt":"bpHurUgdPJTVQTiBCABFAAA11DEAAPER0yFRGCtqRW27NuQzAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -744,13 +744,13 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969623534341,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA11DEAAPER0x1RGCtqVW80OcwTAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":747,"global_ts_usec":1685976878692319} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":747,"global_ts_usec":1685976878692319} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685976878692319,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMdGtG\/xpZBUPppUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":159,"packets-processed":158,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":753,"global_ts_usec":1685980039598832} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":159,"packets-processed":158,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":753,"global_ts_usec":1685980039598832} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980039598832,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrQZLGIWm\/UMrKIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -759,7 +759,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685980256079266,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xlRGCtqpZBUPrejAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980256079266,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.144.84.62","src_port":47011,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":762,"global_ts_usec":1685980966068969} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":762,"global_ts_usec":1685980966068969} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980966068969,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRCw62tHiLRW27NoIkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -768,7 +768,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685981433727126,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRCwu2tHiLWo0lOJWZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685981433727126,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38297,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":771,"global_ts_usec":1685983024598099} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":163,"packets-processed":162,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":771,"global_ts_usec":1685983024598099} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983024598099,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OsBBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -776,7 +776,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983044584108,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcYJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":779,"global_ts_usec":1685983887017305} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":165,"packets-processed":164,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":779,"global_ts_usec":1685983887017305} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983887017305,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80Od8FAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -786,7 +786,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685984091734191,"pkt":"3jHC4dyOPJTVQTiBCABFAAA11DEAAPER0x5RGCtqWo0lOO2PAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685984091734191,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.141.37.56","src_port":60815,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":789,"global_ts_usec":1685986621173581} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":167,"packets-processed":166,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":789,"global_ts_usec":1685986621173581} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986621173581,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZX2S2hzSm\/LN4iuAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -798,54 +798,54 @@ 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986755864865,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMe4tKjwpXLKPZqWAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":801,"global_ts_usec":1685988729872897} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":801,"global_ts_usec":1685988729872897} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685988729872897,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yRRGCtqWpOrM+XUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986711741123,"flow_src_last_pkt_time":1685986711741123,"flow_dst_last_pkt_time":1685986711741123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"90.147.171.51","src_port":41989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":808,"global_ts_usec":1685993522728404} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":808,"global_ts_usec":1685993522728404} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685993522728404,"pkt":"AAwp30Y4PJTVQTiBCABFCABLWP8AACIRca5kOJtwWpOrMwa8AasANxsMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":172,"packets-processed":171,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":813,"global_ts_usec":1685998634406588} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":172,"packets-processed":171,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":813,"global_ts_usec":1685998634406588} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685998634406588,"pkt":"ipffLU2SPJTVQTiBCABFCABLN5cAACQRjNbjhlHUSm\/LNyjZAasAN\/SuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":173,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":818,"global_ts_usec":1685999686351420} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":173,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":818,"global_ts_usec":1685999686351420} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685999686351420,"pkt":"ipffLU2SPJTVQTiBCABFAABUtPJAADQR3GZLiYbySm\/LNxkwAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":823,"global_ts_usec":1686000601569343} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":823,"global_ts_usec":1686000601569343} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686000601569343,"pkt":"AAwp30Y4PJTVQTiBCABFCABLI3sAACQRoOVbIWrapZBUPgnmAasANxOVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":175,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":828,"global_ts_usec":1686003718804460} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":175,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":828,"global_ts_usec":1686003718804460} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686003718804460,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLfOYAACcRVjsid3p+VW80ORhfAasANxbVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":176,"packets-processed":175,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":833,"global_ts_usec":1686005514515876} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":176,"packets-processed":175,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":833,"global_ts_usec":1686005514515876} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686005514515876,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPc24AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":177,"packets-processed":176,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":838,"global_ts_usec":1686006182252244} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":177,"packets-processed":176,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":838,"global_ts_usec":1686006182252244} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006182252244,"pkt":"bs1PogZtPJTVQTiBCABFAAA11DEAAPER0xtRGCtqWpG0OrviAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":178,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":843,"global_ts_usec":1686006861718393} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":178,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":843,"global_ts_usec":1686006861718393} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006861718393,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xhRGCtqpXLKPaoFAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":848,"global_ts_usec":1686010416557191} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":179,"packets-processed":178,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":848,"global_ts_usec":1686010416557191} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010416557191,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFkh2Fo4WpOrM9BeAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -854,12 +854,12 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010882769715,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWahL8clunDKNcNaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":857,"global_ts_usec":1686014238036586} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":181,"packets-processed":180,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":857,"global_ts_usec":1686014238036586} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686014238036586,"pkt":"AAwp30Y4PJTVQTiBCABFAABLra8AACcRJW9dZnxwWm\/UMqJ8AasAN4y0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":862,"global_ts_usec":1686016759751712} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":862,"global_ts_usec":1686016759751712} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686016759751712,"pkt":"bs1PogZtPJTVQTiBCABFAAA+I89AADQRPpp3IpPeWpG0Ot4uAasAKqz2AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -881,7 +881,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017305054145,"flow_src_last_pkt_time":1686017305054145,"flow_dst_last_pkt_time":1686017305054145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"185.97.76.211","dst_ip":"69.109.187.54","src_port":42268,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016985898059,"flow_src_last_pkt_time":1686016985898059,"flow_dst_last_pkt_time":1686016985898059,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"118.158.148.196","dst_ip":"165.114.202.61","src_port":44102,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017148856498,"flow_src_last_pkt_time":1686017148856498,"flow_dst_last_pkt_time":1686017148856498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"85.111.52.57","src_port":23876,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":884,"global_ts_usec":1686018209196915} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":187,"packets-processed":186,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":884,"global_ts_usec":1686018209196915} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018209196915,"pkt":"ipffLU2SPJTVQTiBCABFAAA+j29AADQR0xhHqnP1Sm\/LN6xcAasAKt7nAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -898,58 +898,58 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018707030417,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+oClAADQRwmSG2bjyWpOrM6D\/AasAKupKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":191,"packets-processed":190,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":901,"global_ts_usec":1686019249802467} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":191,"packets-processed":190,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":901,"global_ts_usec":1686019249802467} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686019249802467,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+q7VAADQRtsw4UoD6unDKNdHJAasAKrl0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018689761553,"flow_src_last_pkt_time":1686018689761553,"flow_dst_last_pkt_time":1686018689761553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"90.111.212.50","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":192,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":907,"global_ts_usec":1686021648125792} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":192,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":907,"global_ts_usec":1686021648125792} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686021648125792,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbU\/a08Q6VW80Ocu+AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":193,"packets-processed":192,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":912,"global_ts_usec":1686031186113585} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":193,"packets-processed":192,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":912,"global_ts_usec":1686031186113585} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686031186113585,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTjsg6KdWpOrM4UvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":194,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":917,"global_ts_usec":1686032769267683} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":194,"packets-processed":193,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":917,"global_ts_usec":1686032769267683} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686032769267683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXuqxMLj3pXLKPd1AAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":922,"global_ts_usec":1686040872007912} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":922,"global_ts_usec":1686040872007912} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686040872007912,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbedFJOfmWm\/UMtDxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":927,"global_ts_usec":1686043388705512} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":196,"packets-processed":195,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":927,"global_ts_usec":1686043388705512} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686043388705512,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXlks718eSm\/LN9spAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":197,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":932,"global_ts_usec":1686044168857770} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":197,"packets-processed":196,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":932,"global_ts_usec":1686044168857770} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686044168857770,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX+RQEAD7pZBUPsDtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":937,"global_ts_usec":1686046546512327} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":937,"global_ts_usec":1686046546512327} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686046546512327,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbY2lJSdeRW27NsAHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":942,"global_ts_usec":1686047674470156} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":942,"global_ts_usec":1686047674470156} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686047674470156,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXv+yDkDpWo0lONkiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":200,"packets-processed":199,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":947,"global_ts_usec":1686052550759741} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":200,"packets-processed":199,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":947,"global_ts_usec":1686052550759741} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686052550759741,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPblNAasAJTEiAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":952,"global_ts_usec":1686054840592952} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":952,"global_ts_usec":1686054840592952} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686054840592952,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Nq9dAasAJTsbAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -958,12 +958,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686055302350311,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80ObceAasAJTNWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":203,"packets-processed":202,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":961,"global_ts_usec":1686056089625694} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":203,"packets-processed":202,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":961,"global_ts_usec":1686056089625694} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686056089625694,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMpsLAasAJU9vAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":204,"packets-processed":203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":966,"global_ts_usec":1686057077798333} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":204,"packets-processed":203,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":966,"global_ts_usec":1686057077798333} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057077798333,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN+a9AasAJQO8AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -972,7 +972,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057628692531,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM8jOAasAJSGtAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":975,"global_ts_usec":1686057720083465} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":975,"global_ts_usec":1686057720083465} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057720083465,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOIngAasAJWCVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -982,13 +982,13 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":985,"global_ts_usec":1686059089399919} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":208,"packets-processed":207,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":985,"global_ts_usec":1686059089399919} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686059089399919,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPtABAasAJRpvAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":991,"global_ts_usec":1686063230217187} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":991,"global_ts_usec":1686063230217187} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686063230217187,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiYQZFORWpOrM+tIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1002,17 +1002,17 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063367901199,"flow_src_last_pkt_time":1686063367901199,"flow_dst_last_pkt_time":1686063367901199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"186.112.202.53","src_port":36840,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":212,"packets-processed":211,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":212,"packets-processed":211,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686065747925784,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0REAC2tHiLWpG0Os\/uAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":213,"packets-processed":212,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":213,"packets-processed":212,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686066398914580,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOJbRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067317662813,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPY+9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1021,17 +1021,17 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067699688902,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtg6GYpZBUPo+PAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":216,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":216,"packets-processed":215,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686071042176869,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiwtZIyZSm\/LN9UKAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686075500413977,"pkt":"3jHC4dyOPJTVQTiBCABFCABLp64AACQRHLRnR5LeWo0lOGbzAasAN7aJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":218,"packets-processed":217,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":218,"packets-processed":217,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686081952749133,"pkt":"AAwp30Y4PJTVQTiBCABFCABLEn4AACQRsepnR5LeWpOrM\/uDAasANyH\/AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1040,7 +1040,7 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082067713083,"pkt":"AAwp30Y4PJTVQTiBCABFCABLYc8AACIRaN1kOJtwWm\/UMs+KAasAN1I8AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":220,"packets-processed":219,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":220,"packets-processed":219,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686082597517294,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbe66GwXtWpOrM8hzAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1050,43 +1050,43 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082771466382,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6nUAACIR4DqnB5p9VW80OSAcAasANwGvAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686085137783742,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRpSUuZGGTVW80OeZ7AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":223,"packets-processed":222,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":223,"packets-processed":222,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686086498336760,"pkt":"3jHC4dyOPJTVQTiBCABFAABSWVwAAG0Ru0FDnxCWWo0lOIqlAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":224,"packets-processed":223,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":224,"packets-processed":223,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686087364946144,"pkt":"bpHurUgdPJTVQTiBCABFAABS0PQAAG4RQqxDnxCWRW27NowQAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686088327419270,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbDEi3CYAunDKNdXAAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":226,"packets-processed":225,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686095963626743,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXnWtMZ8ySm\/LN9YyAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":227,"packets-processed":226,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":227,"packets-processed":226,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686100690494262,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRYB3OEdirRW27NtF5AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":228,"packets-processed":227,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":228,"packets-processed":227,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102050692991,"pkt":"ipffLU2SPJTVQTiBCABFAAA+KfdAADQRdt1AOMuySm\/LN6VlAasAKiQrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":229,"packets-processed":228,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":229,"packets-processed":228,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102672425183,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+Lo9AADQRckmmRju1Wm\/UMrQNAasAKhWHAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1110,12 +1110,12 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103038730179,"flow_src_last_pkt_time":1686103038730179,"flow_dst_last_pkt_time":1686103038730179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":63574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102873592315,"flow_src_last_pkt_time":1686102873592315,"flow_dst_last_pkt_time":1686102873592315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"33.26.187.87","dst_ip":"90.141.37.56","src_port":52761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686103373634504,"pkt":"bpHurUgdPJTVQTiBCABFAAA+HIVAADQRhFKmx9u2RW27NnDRAasAKljCAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":235,"packets-processed":234,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":235,"packets-processed":234,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104038936046,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+0DtAADQR0JFfQMS6unDKNUmZAasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1125,22 +1125,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104544084969,"pkt":"bs1PogZtPJTVQTiBCABFAAA+LfFAADQRctlYP9q4WpG0OsdTAasAKgIzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":237,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":237,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104819369835,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+9FFAADQRrIJHQCS3VW80OeAlAasAKulqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686109686670972,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbeWl07zvpXLKPcauAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":239,"packets-processed":238,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":239,"packets-processed":238,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686115314323562,"pkt":"3jHC4dyOPJTVQTiBCABFCABLy\/0AACIR\/qsfAJpyWo0lOHnuAasAN6fVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":240,"packets-processed":239,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":240,"packets-processed":239,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686120842599135,"pkt":"AAwp30Y4PJTVQTiBCABFAABLInYAACcRsKcid3p+pZBUPkpvAasAN+TAAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1149,38 +1149,38 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686121348877532,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbQ1Z1jiBVW80OcXLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":242,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":242,"packets-processed":241,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686122375311586,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJLB0SZgWm\/UMt3PAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":243,"packets-processed":242,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":243,"packets-processed":242,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686127609854442,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJQiEN9rpZBUPsFKAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":244,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":244,"packets-processed":243,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405705,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405720,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405720,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686148169982093,"pkt":"ipffLU2SPJTVQTiBCABFAABL+PEAACcR2jmaYAV5Sm\/LN3ifAasAN7aeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":247,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":247,"packets-processed":246,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686150111716704,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRpS\/Qe7CaWo0lONIPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":248,"packets-processed":247,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":248,"packets-processed":247,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686151018568427,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpSvsg1KRRW27Np7UAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":249,"packets-processed":248,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":249,"packets-processed":248,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152692161183,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpTITnLybSm\/LN7qFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1189,48 +1189,48 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152794742928,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpSDthLCIpZBUPoZyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":251,"packets-processed":250,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":251,"packets-processed":250,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686157605088607,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCUtfJOcpXLKPdeVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":252,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":252,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686158302309017,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAO8RDclGtG\/xWpG0OpPxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":253,"packets-processed":252,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":253,"packets-processed":252,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686159210157364,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCwve7GaWm\/UMsVfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686164441587309,"pkt":"ipffLU2SPJTVQTiBCABFCABLFfMAACIRtMTjx1p6Sm\/LN1hEAasAN8mNAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":255,"packets-processed":254,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":255,"packets-processed":254,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686172962599222,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgWhLQWsWpOrM9x7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":256,"packets-processed":255,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686178920053120,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbXhCGOFNVW80OdgXAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":257,"packets-processed":256,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":257,"packets-processed":256,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686182909163488,"pkt":"xmjqc4OdPJTVQTiBCABFCABLnDYAACIRLnxYOJt+unDKNTkvAasAN+idAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":258,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":258,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686186373659453,"pkt":"bpHurUgdPJTVQTiBCABFCABLbu4AACIRW70j\/EVxRW27NjrPAasAN+b2AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686188598232342,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdZdFhnwpZBUPtE1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1244,33 +1244,33 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188644341439,"flow_src_last_pkt_time":1686188644341439,"flow_dst_last_pkt_time":1686188644341439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"94.46.221.227","dst_ip":"90.141.37.56","src_port":49978,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686189923950356,"pkt":"xmjqc4OdPJTVQTiBCABFCABS0+QAAGsRQrNDnxCWunDKNd+LAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":263,"packets-processed":262,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":263,"packets-processed":262,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686195826361567,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWRG0oIpunDKNcTLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":264,"packets-processed":263,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":264,"packets-processed":263,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686197444990656,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbbfZF5\/HSm\/LN9WmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":265,"packets-processed":264,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":265,"packets-processed":264,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686200474358772,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtfQ8\/jUpXLKPdayAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944069,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_src_last_pkt_time":1686201624944084,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944084,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944084,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":268,"packets-processed":267,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204308831707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+UJNAADQREf\/H3YvpWpG0OrNSAasAKtf7AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1279,7 +1279,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204816985223,"pkt":"bpHurUgdPJTVQTiBCABFAAA++fVAADQRaIr27WP9RW27NjGRAasAKlmrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204816985223,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"69.109.187.54","src_port":12689,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205296905334,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+r0hAADQRsyX3LXDOWm\/UMk49AasAKjztAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1292,7 +1292,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205768491443,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3TBAADQRhVdGJmvxVW80OQ75AasAKnxLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205768491443,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"70.38.107.241","dst_ip":"85.111.52.57","src_port":3833,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205683745012,"flow_src_last_pkt_time":1686205683745012,"flow_dst_last_pkt_time":1686205683745012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"56.174.92.201","dst_ip":"165.114.202.61","src_port":12782,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":273,"packets-processed":272,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":273,"packets-processed":272,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206099528813,"pkt":"ipffLU2SPJTVQTiBCABFAAA+0FpAADQRkh5GamPWSm\/LNymJAasAKmGsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1302,22 +1302,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206507820187,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f0tAADQR4yz27WP9pZBUPm5IAasAKhzsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":275,"packets-processed":274,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206929031157,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+TBRAADQRFl3IHWzZWo0lONeRAasAKrObAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":276,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":276,"packets-processed":275,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686207705291823,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSu9QAAG0RWMhDnxCWVW80ObxuAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":277,"packets-processed":276,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":277,"packets-processed":276,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686209332165512,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNKwAACIRlfkjAGRzpZBUPl3mAasAN8PZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218743990736,"pkt":"AAwp30Y4PJTVQTiBCABFCABLunsAACIRECpb\/2t0pXLKPXMFAasAN666AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1326,32 +1326,32 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218930278883,"pkt":"AAwp30Y4PJTVQTiBCABFAABLV70AACcRe1hiiQNypXLKPRTWAasANxpSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":280,"packets-processed":279,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":280,"packets-processed":279,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686227357942748,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNlUAACQRjhzgf2LWWpOrM0rjAasAN9KoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":281,"packets-processed":280,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":281,"packets-processed":280,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686234455283740,"pkt":"bs1PogZtPJTVQTiBCABFAABLt7IAACcRG3GdePx7WpG0OpHzAasAN51CAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686236482989100,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OpKPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":283,"packets-processed":282,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":283,"packets-processed":282,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686238266508865,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpSrsm2CTSm\/LN7n2AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":284,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":284,"packets-processed":283,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241261208452,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrCQtY5KSWm\/UMoCOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":285,"packets-processed":284,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241917944669,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZLItJByunDKNc42AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1365,7 +1365,7 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242407915366,"flow_src_last_pkt_time":1686242407915366,"flow_dst_last_pkt_time":1686242407915366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":60621,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242007697569,"flow_src_last_pkt_time":1686242007697569,"flow_dst_last_pkt_time":1686242007697569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":36409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":288,"packets-processed":287,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":288,"packets-processed":287,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686243579374691,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBotY5KSpZBUPuunAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1374,17 +1374,17 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244097863995,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZDItJByWo0lONuvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244966838652,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpSXsm2CTVW80OaHAAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":291,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":291,"packets-processed":290,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686256443473506,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbP6i2\/i0WpOrM8fUAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":292,"packets-processed":291,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":292,"packets-processed":291,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257607667798,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OdifAasAJRHVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1393,13 +1393,13 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257765544403,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPcZcAasAJSQTAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686258512561586,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNdyeAasAJQ3ZAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":295,"packets-processed":294,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":295,"packets-processed":294,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686261546684605,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPr7\/AasAJStxAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1414,7 +1414,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_src_last_pkt_time":1686261885374256,"flow_dst_last_pkt_time":1686261885374242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686261885374256,"pkt":"3jHC4dyOPJTVQTiBCABFBABS1h8AADQRotfUmt9nWo0lONofAasAPpnuAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261656437832,"flow_src_last_pkt_time":1686261656437832,"flow_dst_last_pkt_time":1686261656437832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":37856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":299,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":299,"packets-processed":298,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686262180549880,"pkt":"AAwp30Y4PJTVQTiBCABFAABUwx1AADQRzjFLiYbypXLKPeerAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1423,7 +1423,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262531882256,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONHuAasAJRiHAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262531882256,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":53742,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":301,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":301,"packets-processed":300,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262998390221,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM4RkAasAJWYXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1449,22 +1449,22 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263142896966,"flow_src_last_pkt_time":1686263142896966,"flow_dst_last_pkt_time":1686263142896966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":50776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263094542703,"flow_src_last_pkt_time":1686263094542703,"flow_dst_last_pkt_time":1686263094542703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"197.23.155.213","dst_ip":"90.145.180.58","src_port":51534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263272401090,"flow_src_last_pkt_time":1686263272401090,"flow_dst_last_pkt_time":1686263272401090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":49681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":306,"packets-processed":305,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":306,"packets-processed":305,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686264627972582,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfZC4OK3pZBUPsz8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263490143641,"flow_src_last_pkt_time":1686263490143641,"flow_dst_last_pkt_time":1686263490143641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":36077,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":307,"packets-processed":306,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":307,"packets-processed":306,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686265884829767,"pkt":"bpHurUgdPJTVQTiBCABFCABLZJsAACQRX81bIWraRW27Nun+AasANzOEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":308,"packets-processed":307,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":308,"packets-processed":307,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686266868932026,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX53OzBhaVW80OcS0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":309,"packets-processed":308,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":309,"packets-processed":308,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686268741318193,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX\/9MLWfkWm\/UMtbfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1473,17 +1473,17 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686269328666858,"pkt":"xmjqc4OdPJTVQTiBCABFAABLWZ4AACcReX7adoNxunDKNSGuAasANw2BAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":311,"packets-processed":310,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":311,"packets-processed":310,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686271029434310,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbHG95fpLpXLKPcO\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":312,"packets-processed":311,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686272210557633,"pkt":"bpHurUgdPJTVQTiBCABFAABLiBsAACcRSwWlgP10RW27NlMIAasAN9wqAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686276490401508,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbH9e5p5PSm\/LN9nGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1492,32 +1492,32 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686277031596938,"pkt":"bs1PogZtPJTVQTiBCABFCABLQa4AACIRiPcj\/EVxWpG0OpLiAasAN47dAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":314,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686279640620137,"pkt":"AAwp30Y4PJTVQTiBCABFCABL5wQAACIR47OY\/6p8WpOrM7YOAasAN2vEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":316,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686282116013463,"pkt":"AAwp30Y4PJTVQTiBCABFCABSCtkAAGsRC7dDnxCWpXLKPdYiAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":317,"packets-processed":316,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":317,"packets-processed":316,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686283230398748,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUxdGp8RunDKNd7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686284127841221,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM3ZH+f\/Wo0lOMLjAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":319,"packets-processed":318,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":319,"packets-processed":318,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686290568082392,"pkt":"AAwp30Y4PJTVQTiBCABFAABScHIAAG0RpCZDnxCWpZBUPjFMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":320,"packets-processed":319,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":320,"packets-processed":319,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686292143831347,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL62sAACIR3z5b\/2t0VW80OTDAAasAN\/EEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1526,17 +1526,17 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686292431165594,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXt6v7\/\/ZRW27NtI8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686295204381615,"pkt":"bs1PogZtPJTVQTiBCABFCABSvkIAAGsRWFBDnxCWWpG0OtGMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":323,"packets-processed":322,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":323,"packets-processed":322,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686301765843785,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+ZMJAADQR\/Z8HbrPNpZBUPuPNAasAKqdQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":324,"packets-processed":323,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":324,"packets-processed":323,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303104961112,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+LXZAADQRNPvJ7YfSpXLKPZRXAasAKvbVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1545,13 +1545,13 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303160580622,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+Py1AADQRI2U5ooDqVW80OflAAasAKpINAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303829470774,"pkt":"ipffLU2SPJTVQTiBCABFAAA+mKZAADQRydB4LlDUSm\/LN+psAasAKqDGAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":327,"packets-processed":326,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":327,"packets-processed":326,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304502775958,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ef9AADQR6JY5ooDqRW27Nrw8AasAKs8VAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1560,7 +1560,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304868179785,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+RtxAADQRG7c5ooDqWo0lOEzRAasAKj5+AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304868179785,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"90.141.37.56","src_port":19665,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305286126745,"pkt":"bs1PogZtPJTVQTiBCABFAAA+FfdAADQRTH3J7YfSWpG0OhmRAasAKnGfAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1572,23 +1572,23 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305544554511,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+PF5AADQRJgP3XbfFunDKNSAVAasAKmsIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":332,"packets-processed":331,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":332,"packets-processed":331,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686312624909971,"pkt":"3jHC4dyOPJTVQTiBCABFAABLr5UAACcRI44lYQR9Wo0lOD7IAasAN\/BtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305534685025,"flow_src_last_pkt_time":1686305534685025,"flow_dst_last_pkt_time":1686305534685025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"90.147.171.51","src_port":10997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":333,"packets-processed":332,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":333,"packets-processed":332,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686321706660675,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRCZD2S2hzVW80OYfJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324009293668,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOMmkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":335,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":335,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324751894084,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0RqigTY5KcWpG0OqNzAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1596,28 +1596,28 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686324780665773,"pkt":"AAwp30Y4PJTVQTiBCABFAABL\/uwAACcR1DRiZ\/1zWm\/UMnJSAasAN7zhAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686325702442238,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMoi1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686326962813579,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM4BxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":339,"packets-processed":338,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":339,"packets-processed":338,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686329069716669,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYvItJBypZBUPo9HAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":340,"packets-processed":339,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":340,"packets-processed":339,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686330200907102,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNcY1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":341,"packets-processed":340,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":341,"packets-processed":340,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331103032820,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAO0REA2GtJCVRW27NsxFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1626,12 +1626,12 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331598448412,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZTItJBySm\/LN99gAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":343,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":343,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686332169029831,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPdXfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":344,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":344,"packets-processed":343,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686334800212088,"pkt":"AAwp30Y4PJTVQTiBCABFAABSPDMAAOoRJurHERCvWpOrM+YiAasAPi4OAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1650,7 +1650,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334859871850,"flow_src_last_pkt_time":1686334859871850,"flow_dst_last_pkt_time":1686334859871850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.111.212.50","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334813478068,"flow_src_last_pkt_time":1686334813478068,"flow_dst_last_pkt_time":1686334813478068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"165.114.202.61","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":349,"packets-processed":348,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":349,"packets-processed":348,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686335939300740,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZXG1wJopXLKPdimAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1663,37 +1663,37 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686336218624230,"pkt":"AAwp30Y4PJTVQTiBCABFCABLMOwAACQRk3IbhqncpXLKPdPLAasAN0mtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":351,"packets-processed":350,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":351,"packets-processed":350,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686337417264371,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX4BQEDgoSm\/LN8LIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":352,"packets-processed":351,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686348943265542,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX\/PO8JjhWpG0Os7bAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686352403512683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXnuszr8npZBUPtmEAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686355642711445,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX5yvzh9URW27Ns1JAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":355,"packets-processed":354,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":355,"packets-processed":354,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686356686492578,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXo5QM39KVW80OdPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":356,"packets-processed":355,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":356,"packets-processed":355,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686361225400035,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUHGF1kcunDKNcgfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":357,"packets-processed":356,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":357,"packets-processed":356,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686376742132232,"pkt":"ipffLU2SPJTVQTiBCABFAABL5L0AACcR7mFiiQNySm\/LN2TdAasAN8pUAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1702,12 +1702,12 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686377192208651,"pkt":"xmjqc4OdPJTVQTiBCABFCABLA5EAACQRwODboGXRunDKNShSAasAN\/U5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":359,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":359,"packets-processed":358,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686378731428268,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbdWh54D1Wo0lOMaVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":360,"packets-processed":359,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":360,"packets-processed":359,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+0ZZAADQRzpamvyUzpXLKPWv1AasAKlz0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1715,7 +1715,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+SnBAADQRVctGP9UwWpOrM\/uJAasAKs1tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"70.63.213.48","dst_ip":"90.147.171.51","src_port":64393,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686385671822712,"pkt":"bpHurUgdPJTVQTiBCABFAAA+U4xAADQRTLRZxtsoRW27NjMfAasAKpXdAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1732,7 +1732,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386117996493,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+tYhAADQR6qymvyUzunDKNWv1AasAKlz8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":366,"packets-processed":365,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":366,"packets-processed":365,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386455119430,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wzhAADQR3P9eRssxSm\/LNyNpAasAKqWLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1751,39 +1751,39 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686401776042881,"pkt":"3jHC4dyOPJTVQTiBCABFCABLnL8AACIRLehkOJtwWo0lODHPAasAN+\/yAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":371,"packets-processed":370,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":371,"packets-processed":370,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686404500406996,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxOMAACIRBdXjx1p6Wm\/UMqwOAasAN3XEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":372,"packets-processed":371,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":372,"packets-processed":371,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686408138334214,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM7r3AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":373,"packets-processed":372,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":373,"packets-processed":372,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686409062599010,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsRrC8TY5KcSm\/LN4C4AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686410047846257,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrC3RfKOdRW27NtkvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":375,"packets-processed":374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":375,"packets-processed":374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686412803511471,"pkt":"bs1PogZtPJTVQTiBCABFCABLZYcAACQRXt\/jhlHUWpG0OtZLAasAN0c1AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":376,"packets-processed":375,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":376,"packets-processed":375,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686413757609123,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsRrCstg6GYunDKNcK0AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1792,7 +1792,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414114295045,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgeGtJCVWpG0OsMfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414114295045,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":49951,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414638495400,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAO8RDcy4tKjwVW80OaZBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1801,7 +1801,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686415196829472,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrB3SfJyVpZBUPqOnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686415196829472,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"165.144.84.62","src_port":41895,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":380,"packets-processed":379,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":380,"packets-processed":379,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418497785828,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREf22tHiLpXLKPbEBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1810,7 +1810,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418806265572,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsRrCfQe7CaWo0lOORZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418806265572,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":58457,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686419691124244,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLEswAACQRsZcbhqncVW80OZYtAasAN4dQAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1819,17 +1819,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686420033978573,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTTvZI2ZSm\/LN7ntAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":384,"packets-processed":383,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":384,"packets-processed":383,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686427429600756,"pkt":"AAwp30Y4PJTVQTiBCABFAABLrRoAACYRJv+deYJ1pZBUPh0uAasANxH+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":385,"packets-processed":384,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":385,"packets-processed":384,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686431866256173,"pkt":"AAwp30Y4PJTVQTiBCABFCABLx8kAACQR\/KIk523ZWm\/UMsCnAasAN1zfAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686435052414223,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX1HRLKcHWm\/UMs9oAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1838,7 +1838,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686435200937981,"pkt":"AAwp30Y4PJTVQTiBCABFCABLhnIAACQRPfdjx03TpZBUPrMFAasAN2p+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435200937981,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.144.84.62","src_port":45829,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":388,"packets-processed":387,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":388,"packets-processed":387,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686438148010499,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSAABAAOsRy+HXMP3JVW80Oa69AasAPg9AAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1887,7 +1887,7 @@ 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438260748204,"flow_src_last_pkt_time":1686438260748204,"flow_dst_last_pkt_time":1686438260748204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"165.144.84.62","src_port":44352,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438308618262,"flow_src_last_pkt_time":1686438308618262,"flow_dst_last_pkt_time":1686438308618262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"165.114.202.61","src_port":53506,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438242172290,"flow_src_last_pkt_time":1686438242172290,"flow_dst_last_pkt_time":1686438242172290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.145.180.58","src_port":46653,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":397,"packets-processed":396,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":397,"packets-processed":396,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686442660761538,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXpQs8udNunDKNcRVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1902,17 +1902,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686443032934623,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbWgl6mQgWpG0Ot3tAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":399,"packets-processed":398,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":399,"packets-processed":398,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686443411193185,"pkt":"3jHC4dyOPJTVQTiBCABFCABLjXwAACQRNugbhqncWo0lOKwWAasAN3FoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":400,"packets-processed":399,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":400,"packets-processed":399,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686448122797857,"pkt":"ipffLU2SPJTVQTiBCABFCABSQJAAAGsR1glDnxCWSm\/LN7SpAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":401,"packets-processed":400,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686453545484404,"pkt":"ipffLU2SPJTVQTiBCABFCABLA5wAACQRwMwbhqncSm\/LN\/r7AasANyKHAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1921,7 +1921,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454040614924,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+VZxAADMRS4lYRyo6pZBUPjxoAasAKox5AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454040614924,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"88.71.42.58","dst_ip":"165.144.84.62","src_port":15464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":403,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":403,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454835524989,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+jJRAADMRFJq\/Pts5unDKNXIrAasAKla\/AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1930,7 +1930,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455045546385,"pkt":"bpHurUgdPJTVQTiBCABFAAA+lIxAADMRDKe+Ryo2RW27NrkEAasAKg\/rAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455045546385,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"190.71.42.54","dst_ip":"69.109.187.54","src_port":47364,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":405,"packets-processed":404,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":405,"packets-processed":404,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455864946730,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+EMNAADMRkF2mPsU8pXLKPYsWAasAKj3GAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1939,7 +1939,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456361937981,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GgRAADMRhy2\/Pts5Wm\/UMkj9AasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456361937981,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"90.111.212.50","src_port":18685,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":407,"packets-processed":406,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":407,"packets-processed":406,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456730972924,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+jhRAADMRExhYRtQ4VW80Of31AasAKsryAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1953,27 +1953,27 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456819293547,"flow_src_last_pkt_time":1686456819293547,"flow_dst_last_pkt_time":1686456819293547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"184.199.42.59","dst_ip":"90.141.37.56","src_port":42047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686457611262806,"pkt":"ipffLU2SPJTVQTiBCABFAAA+elpAADMRJtihPto0Sm\/LN5DlAasAKjgJAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":411,"packets-processed":410,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":411,"packets-processed":410,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686459303680190,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZLCK99qpXLKPddmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":412,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":412,"packets-processed":411,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686460297406877,"pkt":"moT+\/Ph8PJTVQTiBCABFAABL8BcAACYR5Ajinvx\/VW80OYHnAasAN61LAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":413,"packets-processed":412,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":413,"packets-processed":412,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686461245285022,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNY01AasAJV1CAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686462756222356,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPbDuAasAJTmBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1986,7 +1986,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686463232786177,"pkt":"AAwp30Y4PJTVQTiBCABFAABLPb8AACYRlmBdZnxwWpOrMyrYAasANwRaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463232786177,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.147.171.51","src_port":10968,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463066276572,"flow_src_last_pkt_time":1686463066276572,"flow_dst_last_pkt_time":1686463066276572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":45056,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":417,"packets-processed":416,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":417,"packets-processed":416,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686463744473624,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSfAasAJRXWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2000,7 +2000,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686464114985492,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NsnbAasAJSCdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686464114985492,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":51675,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463955005585,"flow_src_last_pkt_time":1686463955005585,"flow_dst_last_pkt_time":1686463955005585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":59262,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":420,"packets-processed":419,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465127922786,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRYA6u7UCwWo0lOMBCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2013,23 +2013,23 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465448467764,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80Od+dAasAJQrXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":423,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":423,"packets-processed":422,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686466394503634,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcTB2\/zdWpOrM8nCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465406790123,"flow_src_last_pkt_time":1686465406790123,"flow_dst_last_pkt_time":1686465406790123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":57345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":424,"packets-processed":423,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":424,"packets-processed":423,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686467393700733,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN6DcAasAJUmdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":425,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":425,"packets-processed":424,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686469130125468,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMp9RAasAJUspAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686473127013443,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX\/muEiDgSm\/LN9AYAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2038,22 +2038,22 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686473724125289,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrCDthLCIRW27NubXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":428,"packets-processed":427,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":428,"packets-processed":427,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686474011529942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbMMlJB\/SpZBUPtIfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":429,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":429,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686475183417032,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLWusAACIRb79b\/2t0VW80OYigAasAN5kkAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686475826792753,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXtkvMwDeRW27Ns\/GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":431,"packets-processed":430,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":431,"packets-processed":430,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686495926985957,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqinunGGXSm\/LN4u5AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2062,17 +2062,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686496447196573,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAO0REAmGtJCVVW80OYPRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":433,"packets-processed":432,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":433,"packets-processed":432,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686497167515992,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZf2S2hzWpOrM5CUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":434,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686499664191010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAO8RDcZGtG\/xpXLKPdQvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":435,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":435,"packets-processed":434,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686501344601870,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqjATY5KcWm\/UMuhXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2085,72 +2085,72 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501359797956,"flow_src_last_pkt_time":1686501359797956,"flow_dst_last_pkt_time":1686501359797956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":46227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503041221893,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOJLDAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":439,"packets-processed":438,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":439,"packets-processed":438,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503642111524,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAO8RDc9GtG\/xRW27NsvYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":440,"packets-processed":439,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":440,"packets-processed":439,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686504303052084,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYz2S2hzpZBUPp26AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":441,"packets-processed":440,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":441,"packets-processed":440,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686509878709062,"pkt":"AAwp30Y4PJTVQTiBCABFBABSCXBAACIRPHOKEvx4pXLKPS0pAasAPkHRAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686512676583485,"pkt":"3jHC4dyOPJTVQTiBCABFCABLlmEAACQRLg7boGXRWo0lONbuAasAN0abAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":443,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":443,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686513474297518,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbVpC5KY3RW27NskPAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":444,"packets-processed":443,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":444,"packets-processed":443,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686525113247519,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXums7ZjRWpOrM89lAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":445,"packets-processed":444,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686526077263977,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX9pSE1jcunDKNcNGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686529340012662,"pkt":"3jHC4dyOPJTVQTiBCABFCABLCXUAACIRwTynB5p9Wo0lOAnqAasANxfiAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":447,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":447,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686547842864988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXqPOzBhaWm\/UMtMpAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":448,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":448,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686548676434879,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbM+5IUHQSm\/LN85CAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":449,"packets-processed":448,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":449,"packets-processed":448,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686549393930759,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQj4AACQRhmwj\/EVxunDKNW7WAasAN7LuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686554987062980,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXvwv7PjnWo0lOM75AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":451,"packets-processed":450,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686556816084247,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4GtoQqtWm\/UMquUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2164,7 +2164,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557322938004,"flow_src_last_pkt_time":1686557322938004,"flow_dst_last_pkt_time":1686557322938004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"191.184.52.78","dst_ip":"90.111.212.50","src_port":64609,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556919146434,"flow_src_last_pkt_time":1686556919146434,"flow_dst_last_pkt_time":1686556919146434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"185.213.154.138","dst_ip":"165.114.202.61","src_port":52528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686557572392407,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+j2xAADMREeWnQdRQpZBUPg4NAasAKrsAAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2173,7 +2173,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558124354447,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+H7dAADMRgZO5PsRKpXLKPcU1AasAKgPRAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558124354447,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"185.62.196.74","dst_ip":"165.114.202.61","src_port":50485,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":456,"packets-processed":455,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":456,"packets-processed":455,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558422116551,"pkt":"bs1PogZtPJTVQTiBCABFAAA+YlBAADMRPwOnQdRQWpG0OiKYAasAKqZ3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2186,7 +2186,7 @@ 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558852064997,"flow_src_last_pkt_time":1686558852064997,"flow_dst_last_pkt_time":1686558852064997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"64.64.43.81","dst_ip":"90.141.37.56","src_port":58560,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558440675193,"flow_src_last_pkt_time":1686558440675193,"flow_dst_last_pkt_time":1686558440675193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"74.111.203.55","src_port":46615,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":459,"packets-processed":458,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":459,"packets-processed":458,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559367388486,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+tTJAADMR7B1BRitLVW80OWEkAasAKmfoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2195,7 +2195,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559497105642,"pkt":"bpHurUgdPJTVQTiBCABFAAA+H+JAADMRgXenQdRQRW27Nj+eAasAKol3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559497105642,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"69.109.187.54","src_port":16286,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":461,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":461,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686559998830359,"pkt":"ipffLU2SPJTVQTiBCABFAABLXmYAACYRdcAid3p+Sm\/LNwpHAasANyTyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2205,7 +2205,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686560166108940,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXo\/TMphPpZBUPtg8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560166108940,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"211.50.152.79","dst_ip":"165.144.84.62","src_port":55356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":463,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":463,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686560793652859,"pkt":"xmjqc4OdPJTVQTiBCABFCAA11DEAAPERM36toQqtunDKNbHjAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2224,14 +2224,14 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":467,"packets-processed":466,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":467,"packets-processed":466,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686562035943293,"pkt":"bs1PogZtPJTVQTiBCABFAABLyDkAACcRCuPigHp2WpG0OuRgAasAN0rOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":468,"packets-processed":467,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":468,"packets-processed":467,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686565369552713,"pkt":"AAwp30Y4PJTVQTiBCABFAABL95AAACcR25EiZn14pXLKPch8AasAN2a4AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2240,13 +2240,13 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686565439403208,"pkt":"AAwp30Y4PJTVQTiBCABFBAA11DEAAOURP3utoQqtpZBUPqVAAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686572533804714,"pkt":"bs1PogZtPJTVQTiBCABFCAA11DEAAPERM3mtoQqtWpG0Os9oAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":471,"packets-processed":470,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":471,"packets-processed":470,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686582591141391,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRCxGGtJCVVW80OcpwAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2259,17 +2259,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686583068043463,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpTYtg6GYWm\/UMuIEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582817928624,"flow_src_last_pkt_time":1686582817928624,"flow_dst_last_pkt_time":1686582817928624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":35531,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686583896993524,"pkt":"3jHC4dyOPJTVQTiBCABFBAA11DEAAOURP4CtoQqtWo0lOOu5AasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":475,"packets-processed":474,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":475,"packets-processed":474,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686585375283341,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpScQY5OSWo0lOOzQAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":476,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":476,"packets-processed":475,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586012577392,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRCwa2tHiLpZBUPsWjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2278,22 +2278,22 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586604126248,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPeRUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686588963792964,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRpS3SfJyVRW27Ns7DAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":479,"packets-processed":478,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":479,"packets-processed":478,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686590370864320,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPIRCxSGtJCVunDKNeIfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":480,"packets-processed":479,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":480,"packets-processed":479,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591026824273,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAO0RD9G4tKjwSm\/LN96IAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":481,"packets-processed":480,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":481,"packets-processed":480,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591654230904,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpSYQg7+QWpG0OuDbAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2302,27 +2302,27 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592164666841,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM3atoQqtpXLKPYGrAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":483,"packets-processed":482,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":483,"packets-processed":482,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592363602889,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4KtoQqtWpOrM74wAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":484,"packets-processed":483,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":484,"packets-processed":483,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686596322335333,"pkt":"AAwp30Y4PJTVQTiBCABFCABLns0AACQRJZHnJlLdpZBUPqE1AasAN3xDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":485,"packets-processed":484,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":485,"packets-processed":484,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686602955779893,"pkt":"bpHurUgdPJTVQTiBCABFCABLVG4AACIRdj0j\/EVxRW27NjddAasAN+poAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686608660321945,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXtitE9\/aVW80OdT\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":487,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":487,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686612659801075,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXtrQ8\/jUWpG0OsuIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2331,12 +2331,12 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686613204876638,"pkt":"AAwp30Y4PJTVQTiBCABFCABL8UEAACIR2W0nO4t5pXLKPUanAasAN9siAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686615481954219,"pkt":"bpHurUgdPJTVQTiBCABFCAA11DEAAPERM3+toQqtRW27NoFHAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":490,"packets-processed":489,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":490,"packets-processed":489,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686616634395567,"pkt":"moT+\/Ph8PJTVQTiBCABFBAA11DEAAOURP3+toQqtVW80OaXxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2345,12 +2345,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686617105964842,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgVG0kSqWm\/UMsPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":492,"packets-processed":491,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":492,"packets-processed":491,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686621073847677,"pkt":"bs1PogZtPJTVQTiBCABFCABLfhMAACIRTJ3jx1p6WpG0OsoRAasAN1e5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":493,"packets-processed":492,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":493,"packets-processed":492,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686621999752750,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdmh54D1Sm\/LN930AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2359,22 +2359,22 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686622450094352,"pkt":"ipffLU2SPJTVQTiBCABFBAA11DEAAOURP4StoQqtSm\/LN9dbAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":495,"packets-processed":494,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":495,"packets-processed":494,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686623052095688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLa\/IAACQRWHZjx03TpXLKPTeOAasAN+X0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":496,"packets-processed":495,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":496,"packets-processed":495,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686623787230359,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcPeKQfeWpOrM9qiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686625900350760,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbc1ZHF\/5pZBUPt2GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":498,"packets-processed":497,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":498,"packets-processed":497,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686628530442979,"pkt":"ipffLU2SPJTVQTiBCABFAAA+QgFAADQR6spVL+CrSm\/LNz+4AasAKhXQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2387,12 +2387,12 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629067407805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+joxAADQRnjdKjiiuWo0lOCkgAasAKixgAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628814387687,"flow_src_last_pkt_time":1686628814387687,"flow_dst_last_pkt_time":1686628814387687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"165.144.84.62","src_port":46040,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":501,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":501,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629318462692,"pkt":"bpHurUgdPJTVQTiBCABFAAA+O+VAADQR8QlVrliaRW27NlAYAasAKgWTAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629919351142,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+qEdAADQRhJOq7qiPVW80OfQMAasAKmGKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2408,29 +2408,29 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630458164673,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+D4ZAADQRHSyq8yi6pXLKPYrIAasAKsqlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":506,"packets-processed":505,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":506,"packets-processed":505,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630725136169,"pkt":"bs1PogZtPJTVQTiBCABFAAA+gpBAADQRqlxK7xCcWpG0OrWAAasAKqAoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630430100534,"flow_src_last_pkt_time":1686630430100534,"flow_dst_last_pkt_time":1686630430100534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"90.111.212.50","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":507,"packets-processed":506,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":507,"packets-processed":506,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686633699223089,"pkt":"AAwp30Y4PJTVQTiBCABFCABL7LwAACIR3egjAGRzpZBUPrX8AasAN2vDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":508,"packets-processed":507,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":508,"packets-processed":507,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686635615867515,"pkt":"AAwp30Y4PJTVQTiBCABFCABLHKcAACQRp8jjhlHUWpOrM0SGAasAN9kDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":509,"packets-processed":508,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":509,"packets-processed":508,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686645708313834,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbhVdJCOIpXLKPd0YAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648509180305,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXu5MMof1Wo0lOMp8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2439,17 +2439,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648822385793,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOVFJOfmRW27NthOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":512,"packets-processed":511,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":512,"packets-processed":511,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686659729108378,"pkt":"3jHC4dyOPJTVQTiBCABFCABSFQsAAO0Rd7F6eqcJWo0lOKp+AasAPpZZAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686665626336271,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPb1yAasAJSz9AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":514,"packets-processed":513,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666893687687,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OowIAasAJV5qAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2458,7 +2458,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666997632966,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NpV4AasAJVUAAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666997632966,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":38264,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":516,"packets-processed":515,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":516,"packets-processed":515,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686668729813725,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OcD8AasAJSl4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2468,7 +2468,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686668903038990,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTfvg6CYWpOrM57NAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668903038990,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"239.131.160.152","dst_ip":"90.147.171.51","src_port":40653,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686669522645622,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPoHAAasAJWiwAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2481,7 +2481,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686669802055928,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpSnthLCISm\/LN8hOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686670236730839,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcTJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2495,7 +2495,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686670830957645,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNbxnAasAJS4QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670830957645,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":48231,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670733471596,"flow_src_last_pkt_time":1686670733471596,"flow_dst_last_pkt_time":1686670733471596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":51457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":524,"packets-processed":523,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":524,"packets-processed":523,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686671088394461,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN9lqAasAJREPAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2505,12 +2505,12 @@ 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686671667122633,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDNFGtG\/xWm\/UMuPMAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":526,"packets-processed":525,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":526,"packets-processed":525,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686672644862134,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMrDWAasAJTmkAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":527,"packets-processed":526,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":527,"packets-processed":526,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686675995117787,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRCZPItJByRW27NtUaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2523,43 +2523,43 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686676562888350,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOOAVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686680332589205,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdzCF\/nzSm\/LN9XVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":531,"packets-processed":530,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":531,"packets-processed":530,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686682695732816,"pkt":"AAwp30Y4PJTVQTiBCABFAABL3fsAACcR9RylgP10pZBUPtBuAasAN168AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":532,"packets-processed":531,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":532,"packets-processed":531,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686684959984610,"pkt":"xmjqc4OdPJTVQTiBCABFAABLbxIAACcRZBadePx7unDKNS7OAasANwBtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":533,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":533,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686700828543151,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRYDBP0l+SpXLKPdXIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686703749016048,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbFq5H5kyunDKNcajAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":535,"packets-processed":534,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":535,"packets-processed":534,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686704612212174,"pkt":"3jHC4dyOPJTVQTiBCABFAABLT2YAACcRg7wid3p+Wo0lOIfrAasAN6dJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":536,"packets-processed":535,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":536,"packets-processed":535,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686705292730193,"pkt":"bpHurUgdPJTVQTiBCABFAABSlN0AAPMR8Cz9cOhbRW27NpxzAasAPqKqAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709262177735,"pkt":"AAwp30Y4PJTVQTiBCABFAABLpjwAACcRLOViZ\/1zWm\/UMrpnAasAN3TMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2568,7 +2568,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709804807056,"pkt":"ipffLU2SPJTVQTiBCABFCABL1UgAACER9mnk\/1R3Sm\/LN\/BTAasANzF5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709804807056,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"228.255.84.119","dst_ip":"74.111.203.55","src_port":61523,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":539,"packets-processed":538,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":539,"packets-processed":538,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713625992470,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXoSy8P8iRW27Nta0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2577,12 +2577,12 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713856291158,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbY1Z7HpkWpG0OsrWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":541,"packets-processed":540,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":541,"packets-processed":540,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686714599962630,"pkt":"bpHurUgdPJTVQTiBCABFAABLYvQAACcRcDOagXt8RW27NojxAasAN6ZIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":542,"packets-processed":541,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":542,"packets-processed":541,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686715614560571,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxe4AACIRBL8j\/EVxWm\/UMu5VAasANzNyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2591,7 +2591,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686716172395855,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbTxe0sIfVW80OdC4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686716172395855,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"94.210.194.31","dst_ip":"85.111.52.57","src_port":53432,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":544,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":544,"packets-processed":543,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717273049688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLtG0AACQRD\/vnJlLdWm\/UMkI5AasAN9tJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2600,12 +2600,12 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717773171081,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLaxoAACQRWUtYH27bVW80OZqoAasAN4LXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686720855584550,"pkt":"bpHurUgdPJTVQTiBCABFCABLQSYAACQRg0fn33nVRW27Ng\/CAasANw3GAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":547,"packets-processed":546,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":547,"packets-processed":546,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722365950548,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+bGJAADQRNItAPySLpXLKPcKxAasAKgb4AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2623,7 +2623,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722933062511,"pkt":"bpHurUgdPJTVQTiBCABFAAA+udZAADQR5x9APySLRW27NsKxAasAKgcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722933062511,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"69.109.187.54","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722723892485,"flow_src_last_pkt_time":1686722723892485,"flow_dst_last_pkt_time":1686722723892485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"90.147.171.51","src_port":14637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":551,"packets-processed":550,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":551,"packets-processed":550,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722979135224,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+JuRAADQRegS\/OSSHpZBUPnioAasAKlD8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2643,99 +2643,99 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723156732545,"flow_src_last_pkt_time":1686723156732545,"flow_dst_last_pkt_time":1686723156732545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"74.111.203.55","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723218825916,"flow_src_last_pkt_time":1686723218825916,"flow_dst_last_pkt_time":1686723218825916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"85.111.52.57","src_port":45266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":555,"packets-processed":554,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":555,"packets-processed":554,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686723785197536,"pkt":"3jHC4dyOPJTVQTiBCABFAAA++PJAADQRp\/m4wTqGWo0lOFNsAasAKnY8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":556,"packets-processed":555,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":556,"packets-processed":555,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686725098326675,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXmQz8sA6pZBUPssVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":557,"packets-processed":556,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":557,"packets-processed":556,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686725813807299,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+QzNAADQRXblAwcSFunDKNbLEAasAKhbkAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":558,"packets-processed":557,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":558,"packets-processed":557,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686729365919386,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbbu5Hf3PWo0lONgMAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":559,"packets-processed":558,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":559,"packets-processed":558,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686732302782823,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXyExMUepWpOrM95sAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":560,"packets-processed":559,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":560,"packets-processed":559,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686734552484911,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUTGF1kcWm\/UMteLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686745116214925,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQo0AACQRgdjnJlLdunDKNYGCAasAN5v9AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148551,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148564,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148564,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":564,"packets-processed":563,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":564,"packets-processed":563,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352182,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352185,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352185,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":566,"packets-processed":565,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":566,"packets-processed":565,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686782629632128,"pkt":"AAwp30Y4PJTVQTiBCABFCABLh+kAACIRQr6fPLR2pXLKPZovAasAN4eSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":567,"packets-processed":566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":567,"packets-processed":566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686783435918307,"pkt":"AAwp30Y4PJTVQTiBCABFCABL9voAACIR06ykwFt1pZBUPqE7AasAN4CGAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":568,"packets-processed":567,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":568,"packets-processed":567,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686785007737222,"pkt":"bpHurUgdPJTVQTiBCABFCABLA0AAACQRwTOboKXQRW27Nse0AasAN1XZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":569,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":569,"packets-processed":568,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686790507373750,"pkt":"xmjqc4OdPJTVQTiBCABFCABLxbwAACIRBPAjAGRzunDKNf5EAasANyOCAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686794003013015,"pkt":"AAwp30Y4PJTVQTiBCABFCABLrMYAACQRF6rn33nVWpOrMztCAasAN+JIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":571,"packets-processed":570,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":571,"packets-processed":570,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686799154433661,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbQVB2gagpXLKPddqAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":572,"packets-processed":571,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":572,"packets-processed":571,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686801707865988,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLmP8AACcROhldZnxwVW80OfvBAasANzNpAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":573,"packets-processed":572,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":573,"packets-processed":572,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686809757231212,"pkt":"3jHC4dyOPJTVQTiBCABFCABLKJcAACIRohgg+FR\/Wo0lOLDQAasAN3D5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686815428144220,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFFFGBs8Wm\/UMts1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":575,"packets-processed":574,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":575,"packets-processed":574,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686819439098098,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+YmVAADQRPoBAPtuCVW80OUQuAasAKoVzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2751,7 +2751,7 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686819690034608,"pkt":"bpHurUgdPJTVQTiBCABFCABS21FAAC4Ros0JoKoaRW27NtFFAasAPuH0AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":579,"packets-processed":578,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":579,"packets-processed":578,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820137258813,"pkt":"bs1PogZtPJTVQTiBCABFAAA+CBNAADQRmNRAwcSFWpG0Osi0AasAKgDvAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2765,7 +2765,7 @@ 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820293978966,"flow_src_last_pkt_time":1686820293978966,"flow_dst_last_pkt_time":1686820293978966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"186.112.202.53","src_port":41896,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820163339870,"flow_src_last_pkt_time":1686820163339870,"flow_dst_last_pkt_time":1686820163339870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"90.141.37.56","src_port":51252,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820910359963,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+iNFAADQRGBe\/OSSHpZBUPpZIAasAKjNcAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2776,22 +2776,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821183061310,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+lolAADQRCl9BwcuBWo0lOPn2AasAKs+tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":584,"packets-processed":583,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":584,"packets-processed":583,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821576328540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+edNAADQRJxlHvzWKpXLKPei+AasAKuDpAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686822857775383,"pkt":"ipffLU2SPJTVQTiBCABFAAA+b3NAADQRMYKgR9WMSm\/LN37iAasAKkrPAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686823539150971,"pkt":"ipffLU2SPJTVQTiBCABFAABLhjwAACcRTORiZ\/1zSm\/LN6HHAasAN41rAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":587,"packets-processed":586,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":587,"packets-processed":586,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686825966772504,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbU4h2Fo4pZBUPtxfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2804,18 +2804,18 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686826372484485,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtnBAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":590,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":590,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686827895727367,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbilBFN+XWpOrM8sJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":591,"packets-processed":590,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":591,"packets-processed":590,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686831590603565,"pkt":"AAwp30Y4PJTVQTiBCABFCABL3soAACQR5ZVYH27bpXLKPdRGAasAN0k0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":592,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":592,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834792524626,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX\/bOzrjxRW27NsSuAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2823,33 +2823,33 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834822514899,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbYW+I+FZVW80Oc6DAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":594,"packets-processed":593,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":594,"packets-processed":593,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686835718979040,"pkt":"AAwp30Y4PJTVQTiBCABFCABL0T8AACQR8xzjB7LfpZBUPvdFAasANyYxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":595,"packets-processed":594,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":595,"packets-processed":594,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686837738680875,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbc0i1oDTSm\/LN8YLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":596,"packets-processed":595,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":596,"packets-processed":595,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686840095634071,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSMJwAAGsR5fhDnxCWVW80OawPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":597,"packets-processed":596,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":597,"packets-processed":596,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686840886120988,"pkt":"ipffLU2SPJTVQTiBCABFCABL2jYAACQR6jfn33nVSm\/LN5SAAasAN4kIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":598,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":598,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686854380719448,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbEHa4XwdRW27NsydAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":599,"packets-processed":598,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":599,"packets-processed":598,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686869889080815,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN7ipAasAJTHQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2858,17 +2858,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686870203714333,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtoxLaDXpXLKPcuOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686871454458967,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Ntr1AasAJQ+DAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":602,"packets-processed":601,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":602,"packets-processed":601,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686873049876707,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":603,"packets-processed":602,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":603,"packets-processed":602,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686874733087762,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSDAasAJRXyAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2877,47 +2877,47 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686875253404813,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLoTQAACIRKX2Y\/6p8VW80ORc1AasANwqXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":605,"packets-processed":604,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686875903844766,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMqN5AasAJUcBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":606,"packets-processed":605,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":606,"packets-processed":605,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686876990016671,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPdn5AasAJRB2AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":607,"packets-processed":606,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":607,"packets-processed":606,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686878041820268,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPuoiAasAJQBOAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":608,"packets-processed":607,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":608,"packets-processed":607,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686879129948527,"pkt":"AAwp30Y4PJTVQTiBCABFAABLl1IAACcRO9qdePx7WpOrM6cwAasAN4gOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":609,"packets-processed":608,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":609,"packets-processed":608,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686883384416005,"pkt":"AAwp30Y4PJTVQTiBCABFCABLS3QAACMRefObuV3XpZBUPj6fAasAN97iAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":610,"packets-processed":609,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":610,"packets-processed":609,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686884068384734,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX1OuMgcLunDKNcCGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":611,"packets-processed":610,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":611,"packets-processed":610,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686887976934834,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbRJZ1jiBSm\/LN9NxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":612,"packets-processed":611,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":612,"packets-processed":611,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686889052799486,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbgOm0SSoWo0lONXtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":613,"packets-processed":612,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":613,"packets-processed":612,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686891665856707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+4yBAADQRvaRGvyW9WpG0OtJrAasAKvcVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2941,12 +2941,12 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891994836858,"flow_src_last_pkt_time":1686891994836858,"flow_dst_last_pkt_time":1686891994836858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.144.84.62","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891861875895,"flow_src_last_pkt_time":1686891861875895,"flow_dst_last_pkt_time":1686891861875895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"69.109.187.54","src_port":28945,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891930334421,"flow_src_last_pkt_time":1686891930334421,"flow_dst_last_pkt_time":1686891930334421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":618,"packets-processed":617,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":618,"packets-processed":617,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686893335451836,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+KW1AADQRd2JYP9q4unDKNeGgAasAKufqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686892196221763,"flow_src_last_pkt_time":1686892196221763,"flow_dst_last_pkt_time":1686892196221763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"95.185.37.180","dst_ip":"85.111.52.57","src_port":56601,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":619,"packets-processed":618,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":619,"packets-processed":618,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894095858225,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+DzlAADQRkZhfvtu5Wm\/UMv93AasAKsoVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2958,28 +2958,28 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894627287214,"pkt":"ipffLU2SPJTVQTiBCABFAAA+zylAADQR0apAOMuySm\/LN+POAasAKuXBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":622,"packets-processed":621,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":622,"packets-processed":621,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686895136332318,"pkt":"bpHurUgdPJTVQTiBCABFAABLZR8AACcRbf1dZnxwRW27NqqgAasAN4SOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894584993003,"flow_src_last_pkt_time":1686894584993003,"flow_dst_last_pkt_time":1686894584993003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"90.147.171.51","src_port":43664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":623,"packets-processed":622,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":623,"packets-processed":622,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686900080044444,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbia5GyWcWpG0OtW4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":624,"packets-processed":623,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686903641258422,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbOK61Z7hWm\/UMtEvAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":625,"packets-processed":624,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":625,"packets-processed":624,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686910566541526,"pkt":"3jHC4dyOPJTVQTiBCABFCABL+kUAACIR0GunB5p9Wo0lONlaAasAN0hxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":626,"packets-processed":625,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":626,"packets-processed":625,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686916643605858,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZlG2LpnWpOrM8wbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2987,7 +2987,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686916678686629,"pkt":"AAwp30Y4PJTVQTiBCABFCABS3OcAAGsROahDnxCWpXLKPWbPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":628,"packets-processed":627,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":628,"packets-processed":627,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686918716711404,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbEQ6FkMWVW80Oct8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2998,7 +2998,7 @@ 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":629,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":629,"packets-processed":629,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 629/629 ~~ skipped flows.............: 0 @@ -3007,9 +3007,9 @@ ~~ total active/idle flows...: 621/621 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8401454 bytes -~~ total memory freed........: 8401454 bytes -~~ total allocations/frees...: 121586/121586 +~~ total memory allocated....: 8979050 bytes +~~ total memory freed........: 8979050 bytes +~~ total allocations/frees...: 133317/133317 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 553 chars ~~ json message max len.......: 1000 chars diff --git a/test/results/default/ssdp-m-search-ua.pcap.out b/test/results/default/ssdp-m-search-ua.pcap.out index e88e918f2..43e5b2c65 100644 --- a/test/results/default/ssdp-m-search-ua.pcap.out +++ b/test/results/default/ssdp-m-search-ua.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648315275444157} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648315275444157} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315275444157,"pkt":"AQBef\/\/68C9LCZO8CABFAADKnWgAAAEReOXAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} @@ -7,7 +7,7 @@ 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648315277449906,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315277449906,"pkt":"AQBef\/\/68C9LCZO8CABFAADKWrMAAAERu5rAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315278446168,"pkt":"AQBef\/\/68C9LCZO8CABFAADKE\/4AAAERAlDAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315278446168,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648315278446168} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1648315278446168} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907737 bytes -~~ total memory freed........: 6907737 bytes -~~ total allocations/frees...: 114141/114141 +~~ total memory allocated....: 7485333 bytes +~~ total memory freed........: 7485333 bytes +~~ total allocations/frees...: 125872/125872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 626 chars ~~ json message max len.......: 1018 chars diff --git a/test/results/default/ssdp-m-search.pcap.out b/test/results/default/ssdp-m-search.pcap.out index 36f28f331..4ca4246ab 100644 --- a/test/results/default/ssdp-m-search.pcap.out +++ b/test/results/default/ssdp-m-search.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532054645808785} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532054645808785} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054645808785,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","domainame":""}} @@ -9,7 +9,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532054665808769,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054665808769,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxfl5AAEARVgTAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054700808779,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054700808779,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054735808753,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054735808753,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1532054735808753} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1532054735808753} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908136 bytes -~~ total memory freed........: 6908136 bytes -~~ total allocations/frees...: 114155/114155 +~~ total memory allocated....: 7485732 bytes +~~ total memory freed........: 7485732 bytes +~~ total allocations/frees...: 125886/125886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 555 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/ssh.pcap.out b/test/results/default/ssh.pcap.out index 70be27cc9..6aa542b0f 100644 --- a/test/results/default/ssh.pcap.out +++ b/test/results/default/ssh.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1320435464760244} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1320435464760244} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1320435464760244,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1320435464760244,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1320435464760270,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} @@ -12,7 +12,7 @@ 01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464769196,"flow_dst_last_pkt_time":1320435464769170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1320435464769196,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}}} 01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464769196,"flow_dst_last_pkt_time":1320435464770779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":805,"midstream":0,"thread_ts_usec":1320435464770779,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}} 02425{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435472330349,"flow_dst_last_pkt_time":1320435469423179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":1885,"midstream":0,"thread_ts_usec":1320435472330349,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":394614.2,"max":2907110,"stddev":888738.9,"var":789856780288.0,"ent":2.5,"data": [26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110]},"pktlen": {"min":52,"avg":158.7,"max":956,"stddev":230.1,"var":52961.8,"ent":4.1,"data": [64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196]},"bins": {"c_to_s": [12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.495864868,5.031404495,4.947339535,5.395304680,4.870416641,5.379396915,4.940637589,5.147055149,4.940637589,5.183596134,4.923395157,4.404554367,6.511710644,4.985801220,6.696379662,7.508841991,4.884933472,4.511087418,4.815073490,5.981212139,4.902175903,6.028761387,4.894361019,6.251031399,4.940637589,6.350845814,4.932822704,6.810175419,4.853535175,6.303876877,4.902175426,6.814750671]},"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1720684522536128} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":259,"packets-processed":258,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1720684522536128} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1720684522536128,"flow_src_last_pkt_time":1720684522536128,"flow_dst_last_pkt_time":1720684522536128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1720684522536128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58496,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1720684522536128,"flow_dst_last_pkt_time":1720684522536128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720684522536128,"pkt":"AAAAAAAAAAAAAAAACABFAAA8reZAAEAGjtN\/AAABfwAAAeSAH0BqHP8DAAAAAKAC\/9f+MAAAAgT\/1wQCCAoTnon7AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1720684522536128,"flow_dst_last_pkt_time":1720684522536143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720684522536143,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAR9A5IBixvQVahz\/BKAS\/8v+MAAAAgT\/1wQCCAoTnon7E56J+wEDAwc="} @@ -27,7 +27,7 @@ 02424{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1720684522536128,"flow_src_last_pkt_time":1720684524652827,"flow_dst_last_pkt_time":1720684524669099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1536,"flow_dst_max_l4_payload_len":1032,"flow_src_tot_l4_payload_len":2942,"flow_dst_tot_l4_payload_len":2499,"midstream":0,"thread_ts_usec":1720684524669099,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58496,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":137086.1,"max":1760401,"stddev":429110.5,"var":184135827456.0,"ent":2.0,"data": [15,26,399,418,18239,18259,766,7333,7507,42057,159691,241121,40366,47,1760376,1760401,5242,5241,16452,16479,57,377,41818,41531,35,107,6908,16477,17486,7983,16456]},"pktlen": {"min":52,"avg":222.5,"max":1588,"stddev":339.5,"var":115254.5,"ent":4.0,"data": [60,60,52,94,52,79,52,1588,1084,132,52,700,52,68,52,68,52,120,52,136,52,136,136,52,152,52,440,408,712,120,120,136]},"bins": {"c_to_s": [9,1,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [7,0,4,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1],"entropies": [4.252536774,4.689003468,4.585552216,5.369926929,4.547090530,5.079363823,4.585552216,4.903249741,5.052254200,5.907934189,4.582383156,7.480095863,4.624013901,4.798997879,4.532573700,4.193390369,4.547090530,6.043831348,4.494111538,6.221045017,4.532573700,6.281461239,6.243819237,4.547090530,6.325264454,4.494112015,7.404932976,7.381281376,7.703675270,6.010097980,5.907892227,6.108596802]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":17,"flow_first_seen":1720684522536128,"flow_src_last_pkt_time":1720684524712342,"flow_dst_last_pkt_time":1720684524712327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1536,"flow_dst_max_l4_payload_len":1032,"flow_src_tot_l4_payload_len":4270,"flow_dst_tot_l4_payload_len":2703,"midstream":0,"thread_ts_usec":1720684524712342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58496,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01230{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":99,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435713237065,"flow_dst_last_pkt_time":1320435713237024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":5109,"flow_dst_tot_l4_payload_len":13389,"midstream":0,"thread_ts_usec":1720684524712342,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":295,"packets-processed":295,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1720684524712342} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":295,"packets-processed":295,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1720684524712342} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 295/295 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6925507 bytes -~~ total memory freed........: 6925507 bytes -~~ total allocations/frees...: 114457/114457 +~~ total memory allocated....: 7503123 bytes +~~ total memory freed........: 7503123 bytes +~~ total allocations/frees...: 126189/126189 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2430 chars diff --git a/test/results/default/ssh_unidirectional.pcap.out b/test/results/default/ssh_unidirectional.pcap.out index 1b0f49e89..b4438ffab 100644 --- a/test/results/default/ssh_unidirectional.pcap.out +++ b/test/results/default/ssh_unidirectional.pcap.out @@ -1,5 +1,5 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716390538276349} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716390538276349} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1716390538276349,"flow_src_last_pkt_time":1716390538276349,"flow_dst_last_pkt_time":1716390538276349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716390538276349,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50306,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1716390538276349,"flow_dst_last_pkt_time":1716390538276349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1716390538276349,"pkt":"BBjWBrNamAGnpQyTCABFEABAAABAAEAGtJDAqALGwKgCAcSCABblRTTMAAAAALAC\/\/+VtgAAAgQFtAEDAwYBAQgKAf06hgAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1716390538276349,"flow_dst_last_pkt_time":1716390538278714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1716390538278714,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAAEAGtKTAqAIBwKgCxgAWxII6yHEV5UU0zaAScSCF9wAAAgQFtAQCCAp2FY2gAf06hgEDAwU="} @@ -9,7 +9,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1716390538500010,"flow_dst_last_pkt_time":1716390538499911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1716390538500010,"pkt":"BBjWBrNamAGnpQyTCABFEAA0AABAAEAGtJzAqALGwKgCAcSCABblRTTNOshxPYAQCAocRwAAAQEICgH9O2Z2FY4q"} 01072{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1716390538276349,"flow_src_last_pkt_time":1716390538500010,"flow_dst_last_pkt_time":1716390538499911,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1716390538500010,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50306,"dst_port":22,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7","server_signature":"","hassh_client":"","hassh_server":""}}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1716390538276349,"flow_src_last_pkt_time":1716390538825005,"flow_dst_last_pkt_time":1716390538826788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1716390538826788,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50306,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1716390538826788} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssh_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1716390538826788} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908014 bytes -~~ total memory freed........: 6908014 bytes -~~ total allocations/frees...: 114151/114151 +~~ total memory allocated....: 7485610 bytes +~~ total memory freed........: 7485610 bytes +~~ total allocations/frees...: 125882/125882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 1077 chars diff --git a/test/results/default/ssl-cert-name-mismatch.pcap.out b/test/results/default/ssl-cert-name-mismatch.pcap.out index ba7506a17..33215f5e2 100644 --- a/test/results/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/default/ssl-cert-name-mismatch.pcap.out @@ -1,16 +1,16 @@ -00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620643422034834} +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1620643422034834} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620643422034834,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422034834,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422162607,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1620643422162625,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620643422162625,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCRAAEAGNRbAqALeaJpZadX0AbtP8LY4aCxUYYAQAOWFsAAAAQEICgGXD0StfZhX"} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1620643422196037,"pkt":"BBjWBrNaACWQ1Mz5CABFAAEpgCVAAEAGNCDAqALeaJpZadX0AbtP8LY4aCxUYYAYAOWGpQAAAQEICgGXD02tfZhXFgMBAPABAADsAwNgmQ7zHV6F023ZZMjzy2PnOAFhzodV\/0kvIs9S5KNjJQAATMArwCzAhsCHwAnACsCswK3ACMAvwDDAisCLwBPAFMASAJwAncB6wHsALwA1AEEAhMCcwJ0ACgCeAJ\/AfMB9ADMAOQBFAIjAnsCfABYBAAB3ABcAAAAWAAAABQAFAQAAAAAAAAAaABgAABV3cm9uZy5ob3N0LmJhZHNzbC5jb23\/AQABAAAjAAAACgAMAAoAFwAYABkAFQATAAsAAgEAAA0AFgAUBAEEAwUBBQMGAQYDAwEDAwIBAgMAEAALAAkIaHR0cC8xLjE="} -01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620643422196037,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620643422196037,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422323351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620643422323351,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA0X1pAADAGZeBomllpwKgC3gG71fRoLFRhT\/C3LYAQAOX9lwAAAQEICq19mPkBlw9N"} -01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422325332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1408,"midstream":0,"thread_ts_usec":1620643422325332,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422325356,"flow_dst_last_pkt_time":1620643422325538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":3334,"midstream":0,"thread_ts_usec":1620643422325538,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422325332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1408,"midstream":0,"thread_ts_usec":1620643422325332,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422325356,"flow_dst_last_pkt_time":1620643422325538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":3334,"midstream":0,"thread_ts_usec":1620643422325538,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","domainame":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","server_names":"*.badssl.com,badssl.com","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB","blocks":0}}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422749798,"flow_dst_last_pkt_time":1620643422754639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":3608,"midstream":0,"thread_ts_usec":1620643422754639,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1620643422754639} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1620643422754639} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918511 bytes -~~ total memory freed........: 6918511 bytes -~~ total allocations/frees...: 114169/114169 +~~ total memory allocated....: 7496107 bytes +~~ total memory freed........: 7496107 bytes +~~ total allocations/frees...: 125900/125900 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars -~~ json message max len.......: 1600 chars -~~ json message avg len.......: 1056 chars +~~ json message max len.......: 1559 chars +~~ json message avg len.......: 1036 chars diff --git a/test/results/default/starcraft_battle.pcap.out b/test/results/default/starcraft_battle.pcap.out index b715b964b..bd049f743 100644 --- a/test/results/default/starcraft_battle.pcap.out +++ b/test/results/default/starcraft_battle.pcap.out @@ -1,5 +1,5 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437389953643103} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437389953643103} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1437389953643103,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -345,9 +345,9 @@ 01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1437389985446792,"flow_src_last_pkt_time":1437389985631224,"flow_dst_last_pkt_time":1437389985631183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2851,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"eu.battle.net"}} 00938{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01168{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01275{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01168{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389955642290,"flow_src_last_pkt_time":1437389955642290,"flow_dst_last_pkt_time":1437389955642290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01275{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389955642290,"flow_src_last_pkt_time":1437389955642290,"flow_dst_last_pkt_time":1437389955642290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389955642290,"flow_src_last_pkt_time":1437389955642290,"flow_dst_last_pkt_time":1437389955642290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00937{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1437389976946687,"flow_src_last_pkt_time":1437389980126345,"flow_dst_last_pkt_time":1437389976946687,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00946{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1437389958129733,"flow_src_last_pkt_time":1437389968685186,"flow_dst_last_pkt_time":1437389968685334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":101,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":118,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -380,7 +380,7 @@ 01037{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1437389964518743,"flow_src_last_pkt_time":1437389964635479,"flow_dst_last_pkt_time":1437389964635398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":350,"flow_dst_max_l4_payload_len":427,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":427,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1437389968488066,"flow_src_last_pkt_time":1437389968521953,"flow_dst_last_pkt_time":1437389968521934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1437389968488066,"flow_src_last_pkt_time":1437389968521953,"flow_dst_last_pkt_time":1437389968521934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":800,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":16,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":383,"global_ts_usec":1437389985996137} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":800,"packets-processed":797,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":16,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":383,"global_ts_usec":1437389985996137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 800/797 ~~ skipped flows.............: 0 @@ -389,9 +389,9 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7081986 bytes -~~ total memory freed........: 7081986 bytes -~~ total allocations/frees...: 115638/115638 +~~ total memory allocated....: 7660430 bytes +~~ total memory freed........: 7660430 bytes +~~ total allocations/frees...: 127396/127396 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 2452 chars diff --git a/test/results/default/steam.pcapng.out b/test/results/default/steam.pcapng.out index 915564197..c1d481f21 100644 --- a/test/results/default/steam.pcapng.out +++ b/test/results/default/steam.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705442515175582} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705442515175582} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":184,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442515175582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":1705442515175582,"pkt":"\/\/\/\/\/\/\/\/8C90rUP1CABFAADUuntAAEARTGbAqFjnwKhY\/2mcaZwAwDQJ\/\/\/\/\/yFMX6AWAAAACPzT8eO3vL\/PdhABGK\/Km6qggNnkApIAAAAICBAGGJzTASIJbG9jYWxob3N0MAI4yP7\/\/\/\/\/\/\/\/\/AUABSg4JNikQBgEAEAEQ3Z\/wMFgBYNL5m60GcAB6EUYwOjJGOjc0OkFEOjQzOkY1ogEOMTcyLjE3LjIyOS4xODSiAQ4xOTIuMTY4Ljg4LjIzMaoBDjE5NS4xOTEuMTU4Ljk0uAECwAEAyAHMxYetBtABAg=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":184,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442515175582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -19,9 +19,9 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFQAA8AABAADwGBZq8cmLgwKhY5wG70+MkPwhuq5LDZ6ASBZRqOQAAAgQFoAQCCAqFfZgFHn3yEwEDAwE="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA0jStAAEAGdLbAqFjnvHJi4NPjAburksNnJD8Ib4AQgAA5CQAAAQEICh598jGFfZgF"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAI5jSxAAEAGcrDAqFjnvHJi4NPjAburksNnJD8Ib4AYgAA7DgAAAQEICh598lGFfZgFFgMBAgABAAH8AwNfxxqyQDsLI\/BfkZLH2erYa0Z+0sMOBcsIeQNxjEjMkiDUxxyHexxRppvPLSXq20tzdwvAHMbsVPIAe+iM58JlOQBAEwITAxMBwCvAL8AswDDArsCswCPAJ8AJwBPAr8CtwCTAKMAKwBQAnMCgwJwAPAAvAJ3AocCdAD0ANQBBAIQA\/wEAAXMAAAASABAAAA13d3cuZG90YTIuY29tAAsABAMAAQIACgAIAAYAGQAYABcAIwAAM3QAAAAQAAsACQhodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwCLAIkAGQCFBAC9HqHq22t\/6FniAXQdaay82R8PCMxH55LMEV3rqBGruWI4B5OexFtmWVDLEJsv9Ew+Ltc6TT104WlHU9nnLNlgfAA2wAcSAJ7VGlDJMBznN6C8XZg9wWwd\/R\/jsHIcW7wFLNlwmFvy07w5p2qrd1zn90LgId\/0Ygang6PE6Pvj9GUNYwAVAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dota2","proto_id":"91.386","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.dota2.com","domainame":"www.dota2.com","tls": {"version":"TLSv1.2","ja3":"07eb11020e4395f99e5ef70baf9c1d11","ja3s":"","ja4":"t13d3213ht_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dota2","proto_id":"91.386","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.dota2.com","domainame":"www.dota2.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3213ht_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFQAA0C+ZAADwG+bu8cmLgwKhY5wG70+MkPwhvq5LFbIAQBOKXGgAAAQEICoV9mEUeffJR"} -01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dota2","proto_id":"91.386","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.dota2.com","domainame":"www.dota2.com","tls": {"version":"TLSv1.3","ja3":"07eb11020e4395f99e5ef70baf9c1d11","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213ht_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dota2","proto_id":"91.386","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"www.dota2.com","domainame":"www.dota2.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213ht_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"155.133.252.86","src_port":46604,"dst_port":27045,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAACAZiFAAEARIuDAqFjnm4X8VrYMaaUAbLHpAYFzZHBpbmd+vmJ+xyiIFwAAAAAGWVZlkdQNjGJBCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"155.133.252.86","src_port":46604,"dst_port":27045,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SteamDatagramRelay","proto_id":"235","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -31,24 +31,24 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA8AABAADcG9WEXNB13wKhY5wG74ZWwAQA5dBrJWaAS\/ogsUwAAAgQFoAQCCAr+zbcy3KhrRAEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA0njVAAEAGTlTAqFjnFzQdd+GVAbt0GslZsAEAOoAQgABOYQAAAQEICtyoa13+zbcy"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAI5njZAAEAGTE7AqFjnFzQdd+GVAbt0GslZsAEAOoAYgABQZgAAAQEICtyoa2b+zbcyFgMBAgABAAH8AwNikIRTmjjsm8Cq9\/8GCo7uY4ITpo38sRJUiYi1AhAFAyAbFF\/iTKaL17WIZBskDvgCRFLyMwGbGHosHcLs5aUfpgBAEwITAxMBwCvAL8AswDDArsCswCPAJ8AJwBPAr8CtwCTAKMAKwBQAnMCgwJwAPAAvAJ3AocCdAD0ANQBBAIQA\/wEAAXMAAAAZABcAABRhcGkuc3RlYW1wb3dlcmVkLmNvbQALAAQDAAECAAoACAAGABkAGAAXACMAADN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAiwCJABkAhQQBUBRXwkJUfrqd0frrDbTWBkBfPIpWUehYTVz+5RL38IjfO9pkTMJe6Z7O0PwfBxAf4Wa1A9FT54r0kiY7511CtloAhHdj4J9gdoJmOC9ZPuKglSHYujeR\/GLWq0rUAKfjrWlMMK0it6G6vdYKJwS8vSYkMQRdimJIjwVFVZxl3lnUUqgAFQBGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.2","ja3":"07eb11020e4395f99e5ef70baf9c1d11","ja3s":"","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA0snNAADcGQvYXNB13wKhY5wG74ZWwAQA6dBrLXoAQAfpVUwAAAQEICv7Nt1LcqGtm"} -01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.3","ja3":"07eb11020e4395f99e5ef70baf9c1d11","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"23.52.29.119","src_port":57749,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"api.steampowered.com","domainame":"api.steampowered.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFAAA0kf5AAHUG8Qii\/sYuwKhY52mexydh2OrIUE+V2oAS\/\/+IxgAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAAoXKBAAEAGW3PAqFjnov7GLscnaZ5QT5XaYdjqyVAQgACC1wAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAItXKFAAEAGWW3AqFjnov7GLscnaZ5QT5XaYdjqyVAYgACE3AAAFgMBAgABAAH8AwPmT8AByIkHT+O2zYJ5k+FP2Xs7ynbkEs14MPwGHNLzHyDn8dburj9pAH8+QRPAOZ019JPWGFhb97+n7GeR9eg1GgBAEwITAxMBwCvAL8AswDDArsCswCPAJ8AJwBPAr8CtwCTAKMAKwBQAnMCgwJwAPAAvAJ3AocCdAD0ANQBBAIQA\/wEAAXMAAAAeABwAABlleHQzLXN0bzEuc3RlYW1zZXJ2ZXIubmV0AAsABAMAAQIACgAIAAYAGQAYABcAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwCLAIkAGQCFBAB7H0\/PB1InfSWtOtYtEL\/3AyvSYMs63WaxXGS\/awbxInEVFZXadflzMeNP6fljsHJ9Hmyg7ZBlNX2bXLunKuIY+wE+H+leKPMAolwRZBuRLat7BuQXDu6pU4ne0GCHYp4PTeH5Me8M2EaaAF\/pKj6N6sAgghFm4Ohp+ui2tfD8uaGfCAAVAEEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01419{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ext3-sto1.steamserver.net","domainame":"ext3-sto1.steamserver.net","tls": {"version":"TLSv1.2","ja3":"07eb11020e4395f99e5ef70baf9c1d11","ja3s":"","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ext3-sto1.steamserver.net","domainame":"ext3-sto1.steamserver.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFAAXIkf9AAHUG63Oi\/sYuwKhY52mexydh2OrJUE+X31AQP\/9ijwAAFgMDAN8CAADbAwONoV3h7b8UMfISYsZJTZeJbJ2Oj3CKlh6clI6Uu9JXgCDn8dburj9pAH8+QRPAOZ019JPWGFhb97+n7GeR9eg1GhMCAACTACsAAgMEADMAiQAZAIUEAMHjaQJBZNAqZiralRID8S\/HLGaCD6Ch81s9DdQk2FHF2k7IIwBdsLBZUjChne9oQezBAH75HiMgf5wrzZvuzIprAXdyVzQAwmtHETODOMdUBQh8pQHtTMFkcJp50QXXLGBAHtHFR25QTwVJWY4eib9FwZ3b1DchIPLFEO+Ra0R2fSEqFAMDAAEBFwMDABe5EjXzoWZQ\/zt4oSKJXREmQCw7GyK5nBcDAwvG5q\/Fcmu1zirE6SzCoL2kGqSG4Hy6kiOZgteiSiqfHcFdG81UCeVPCJH14K491zfg7vusikjk\/9731GyKaQ4YLbNRcYQP1wn3YZ15QbN2iwXdRx2Ln2Ii6dbVu2pprIMuoHBTUVzoBcBxVLY7jBWYkLoHI\/jnTA4CaZuZb9bNHBBocvXpc1CUr3u3hYwue9pr1kADPF4UGXwuhBWn8bbMycHwB81wuNxlrVAAt+\/qxbgnKwLPZuk7CJ2oKpo1eP2+\/ZH7AkAbV+NIqJxd\/JnTkqkhD0x1Pfwnmg+d\/jU\/mwbSX6WzTlUB844BzSel7NE4P5nbqnlwll4tzHcmjhGze0HP7RAXZlrjX+dR1vUOjy0lvQbko+XUszmhUo8Rr5QcqDwFgIH7UsA7O5k\/+9EfAx5sYa64tmJhXShoPRR7sibQZcMMd4EdBiW4EhWsFid\/EDw1VbaSnNrKf\/IGPiv8LIbL+Dqg4rOMXihgOdZ+AB\/ZoudcDxB4CYU6KnukKSQgkdhdlqwmrLk3N2nPXWhshXdxlrFAPFsiwJLYpkxfsBvJYOjkRqSyaq\/Qh51CIJdMRYOXGi8h0EoKgyYR4uPKhAuDue2DCiD5E2qohwvtxUFg9UIMJS42ygntrogn7JbeoGzFLab9+HVh82MpoiDkS54GUnPgcxJxNJhTuZWysWk6g6MKIE6zzmiCAYAfEOcmYG7nZ5t1Aar2Rq9oV80AeSL2nVoWGhdlEOS5C3FJOrOe7vx6SnaDDiqvQJTytZ6mnPNqIXRX6TfSz+SSsC6fONTjKCwKteoPFy6nbiFliGYLBszb\/csLicDAdNqy+qOlH\/\/s+wQiSf9Z3tpp9NDfgKiZaFXFc73BzvFmKQqT3p0w6cW4YrAcDKjuH9aL\/EO5UWhtjw0DKNSEp7tqecsHDHgWTN2E3+u+Y\/rI4j+MdHkPc7p4DI8mXyYMkIShZ7GQYQtZO8E8i6RKQltV6gCBJ1nNe9m7Yb8PgcoJ6BALJc9MB2LD2lW5caI5k\/FGi+RdfcpbQTDMmQWIbxyeY0AEpvLaESSR8P6GkUazrGee63K9ytgcXBCtUFUdwgPuwtQe4CfwOlOTzXSMkVoWRE0nAkqnqMrPeVZzv8P1\/mAwGE8Xx1A7fPjCkbotKL3X7gfyvg38cmZvcYRa9kNngjWo4bHxpeLFEM\/qXzC0ECuw6fSmugA2Oya9O\/vsRamQLGZI1SUDT+oKQSNCR19KOJEz1OwkuNav2V7CEEOD2K1zv6mf8cFec8Ml3sBHFrujFrojXTzj4tMkjfEMmjphpUgIW\/HkqADdinKoZqniLHLElI9bwWwsLIGWNMXTP5UShsJJ3PplHZtzsUCjnZW5ym7r7WH7GwA4MJ2ZhxzCPLRPT7NBSJ5sQxvZkZBxQHUOU8HHt56ShacqUt4AzO0fuiY3RKmxXWhEc16Dr\/H51T5C1EPCkV26ARocbYtcPtQhzIdIv0VJ\/cVgL+93MD+3nf8KGmopgZatMiIbgHc1fEzs7qWIosPTPtSd\/+b25W863BkIVZWRHxzF8pGo3MEQ8XeRH2+JpSFQ"} -01464{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ext3-sto1.steamserver.net","domainame":"ext3-sto1.steamserver.net","tls": {"version":"TLSv1.3","ja3":"07eb11020e4395f99e5ef70baf9c1d11","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01423{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"ext3-sto1.steamserver.net","domainame":"ext3-sto1.steamserver.net","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d3213h2_85d9c3ed342d_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA8KYZAAEAGCzPAqFjnX2SND6RWAburZ7h5AAAAAKACfXgGMgAAAgQFtAQCCAoL2vJ0AAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA8AABAADcGPZlfZI0PwKhY5wG7pFaMrb\/Kq2e4eqAS\/oilkQAAAgQFoAQCCApfyulgC9rydAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAA0KYdAAEAGCzrAqFjnX2SND6RWAburZ7h6jK2\/y4AQAPsGKgAAAQEICgva8oxfyulg"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1705442537191671,"pkt":"SKmKCiNt8C90rUP1CABFAAI5KYhAAEAGCTTAqFjnX2SND6RWAburZ7h6jK2\/y4AYAPsILwAAAQEICgva8o1fyulgFgMBAgABAAH8AwOmMxZSIoy7mK6Lpz0XI4B02aMSJluKI9xF7DWnVTyw5SDDYS8ic+DWmmRumEuIgWHFwRn2rgZm6S92qAJJHx0QgAAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAAAABsAGQAAFnN0b3JlLnN0ZWFtcG93ZXJlZC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIOdI8bOiWsDJyfAm1HbVRcNKTIDDWmibQWidLOrAjA0NAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAoqKAAEAABUAxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705442537191671,"pkt":"8C90rUP1SKmKCiNtCABFIAA0lEBAADcGqWBfZI0PwKhY5wG7pFaMrb\/Lq2e6f4AQAfrOogAAAQEICl\/K6XgL2vKN"} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"store.steampowered.com","domainame":"store.steampowered.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"2.20.254.25","src_port":59739,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Steam","proto_id":"7.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"test.steampowered.com"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.100.141.15","src_port":42070,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -56,7 +56,7 @@ 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"155.133.252.86","src_port":46604,"dst_port":27045,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SteamDatagramRelay","proto_id":"235","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"162.254.198.46","dst_ip":"192.168.88.231","src_port":27038,"dst_port":50983,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Steam","proto_id":"91.74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":730,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":829,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"188.114.98.224","src_port":54243,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dota2","proto_id":"91.386","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9722,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1705442537191671} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9722,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1705442537191671} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6939991 bytes -~~ total memory freed........: 6939991 bytes -~~ total allocations/frees...: 114274/114274 +~~ total memory allocated....: 7517630 bytes +~~ total memory freed........: 7517630 bytes +~~ total allocations/frees...: 126007/126007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 2486 chars diff --git a/test/results/default/stomp.pcapng.out b/test/results/default/stomp.pcapng.out index 413a856a5..fa1fa3428 100644 --- a/test/results/default/stomp.pcapng.out +++ b/test/results/default/stomp.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705991300787923} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705991300787923} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300787923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705991300787923,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300787923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705991300787923,"pkt":"CAAnV5yX8C90rUP1CABFAAA8BTdAAEAGAofAqFjnwKhYxoes8K2uTxbxAAAAAKACfXgzLQAAAgQFtAQCCAo\/vGWFAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300788027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705991300788027,"pkt":"8C90rUP1CAAnV5yXCABFAAA8AABAAEAGB77AqFjGwKhY5\/Cth6x7iEuQrk8W8qAS\/oiWyQAAAgQFtAQCCAq1pSADP7xlhQEDAwc="} @@ -8,7 +8,7 @@ 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991300788235,"flow_dst_last_pkt_time":1705991300788027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705991300788235,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STOMP","proto_id":"390","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1705991300788235,"flow_dst_last_pkt_time":1705991300788283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705991300788283,"pkt":"8C90rUP1CAAnV5yXCABFAAA0r4NAAEAGWELAqFjGwKhY5\/Cth6x7iEuRrk8XDYAQAf3CBQAAAQEICrWlIAQ\/vGWF"} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991319806753,"flow_dst_last_pkt_time":1705991319806991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":291,"midstream":0,"thread_ts_usec":1705991319806991,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STOMP","proto_id":"390","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":486,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1705991319806991} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":19,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":486,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1705991319806991} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908188 bytes -~~ total memory freed........: 6908188 bytes -~~ total allocations/frees...: 114157/114157 +~~ total memory allocated....: 7485784 bytes +~~ total memory freed........: 7485784 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 977 chars diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out index 12bf73edc..a3432d37e 100644 --- a/test/results/default/stun.pcap.out +++ b/test/results/default/stun.pcap.out @@ -1,31 +1,31 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBfQAB8BgdqCk1uMwrOMu+idKQQzU6or+fFDB9QGAID5RwAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAJL3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAABMgAAAIBwAAQAAAADAAgAFP6Sh2rUbXt5fULrjXmoBfrzHXLRgCgABAIA\/Ec="} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01023{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1595356443140497,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwL+tAAEAR+4LAqAypSn33gKgIDZYAHBBnAAEAACESpEJTSGtoRjhvZHdneVY="} -00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1595356443150036,"pkt":"CL6sCxdumt9Y+uvcCABFAABEL+1AAEAR+2zAqAypSn33gKgIDZYAMLasAAMAFCESpEJTbkxmUnhTNmVRblQAGQAEEQAAAP8FAAdUWV9udWxsAA=="} -01100{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443150036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443150036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443163132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595356443163132,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8\/jcAAGYRRypKffeAwKgMqQ2WqAgAKM\/mAQEADCESpEJTSGtoRjhvZHdneVYAIAAIAAF9Unw9RaM="} -01015{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443163132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1595356443163132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.225:23616"}}} +01049{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443163132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1595356443163132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.225:23616","multimedia_flow_types":"Unknown"}}} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356443190759,"pkt":"mt9Y+uvcCL6sCxduCABFAABs\/jgAAGYRRvlKffeAwKgMqQ2WqAgAWOMzARMAPCESpEJTbkxmUnhTNmVRblQACQAEAAAEAQAUABF0dXJuLmwuZ29vZ2xlLmNvbQAAAAAVABhtYWg2b090bDM2TEY0bXdLMGF3VVlBPT0="} -01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1595356443190759,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {"mapped_address":"93.47.225.225:23616"}}} +01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1595356443190759,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {"mapped_address":"93.47.225.225:23616","multimedia_flow_types":"Unknown"}}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1595356443192532,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1595356443192532,"pkt":"CL6sCxdumt9Y+uvcCABFAAC4L+9AAEAR+vbAqAypSn33gKgIDZYApH8BAAMAiCESpEJJQ0N4YUFza1pKVHQAGQAEEQAAAAAGACJDSnlONHZnRkVnYStHc2tVSzIwWW1kYUxsSlFiSUlDakJRAAAAFAARdHVybi5sLmdvb2dsZS5jb20AAAAAFQAYbWFoNm9PdGwzNkxGNG13SzBhd1VZQT09AAgAFOteziidD2JqNMtJ7coYsavatLT5\/wUAB1RZX251bGwA"} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356444494918,"pkt":"CL6sCxdumt9Y+uvcCABFwABs98MAAEABcr7AqAypSn33gAMDDJoAAAAARQAAUAEJAABmEURFSn33gMCoDKkNlqgIADx61wEEACAhEqRCamF6aTYyTmZVRDV3AA0ABAAAAAAACAAUCDrQbj\/HZPzecgDWKnOqyyksqcs="} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.279952}} -00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1614938022295727} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1614938022295727} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} -01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938022302588,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0NvABAQAYIRKkQkJxcUN2YzZ5L2tJZQABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356444167246,"flow_dst_last_pkt_time":1595356444391402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} @@ -36,60 +36,60 @@ 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1629291451242856} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1629291451242856} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} -01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1629291451254377,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} -01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","domainame":"turner.facebook","stun": {}}} +01188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","domainame":"turner.facebook","stun": {"multimedia_flow_types":"Unknown"}}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1629291451258494,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1629291451270324,"pkt":"mt9Y+uvcCL6sCxduCABFAABoR\/RAAFURmvwfDVY2wKgMqZxDlOsAVNHFAQMAOCESpEI1elVqTVhIdmV3K3MAIAAIAAEKiHw9RkMAFgAIAAHzDz4f8nQADQAEAAADhAAIABQOnZFMqSzdx5eUgJnLKFvGMJq2Uw=="} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} 02379{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1643626018009166} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1643626018009166} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} -00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1643626018016908,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1643626018016908,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"} -01000{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","domainame":"apps-host.com","stun": {}}} +01033{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","domainame":"apps-host.com","stun": {"multimedia_flow_types":"Unknown"}}} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1647958145472010} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1647958145472010} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} -00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1647958145494943,"pkt":"mt9Y+uvcCL6sCxduCABFgAB4CTMAAGgRmhOO+lJjwKgMqQ2WwAEAZP2fAQEASCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAACAACAABDpd8PUUEAAgAFMkvMxJ2ZVgNos4I+G8Cki6KP0KSgCgABEOVy9w="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1647958145497647,"pkt":"CL6sCxdumt9Y+uvcCABFAAC1XMZAAEARLsPAqAypjvpSY8ABDZYAoaIVFv7\/AAAAAAAAAAAAjAEAAIAAAAAAAAAAgP791X1ylaTuNVSstdiIoIYfSIMff5WF4WIe0fPoTt2GU88AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEAAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ABQACAAEA"} -01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145497647,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01101{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145497647,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1647958145516401,"pkt":"CL6sCxdumt9Y+uvcCABFAACMXMdAAEARLuvAqAypjvpSY8ABDZYAePkAAAEAXCESpEJBQXJDQXNDU1c3RGUABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJQAAACQABG5\/Hv8ACAAU7HdlKrvT1M4pE3\/8LaAzyLRfKuCAKAAEaPPzUQ=="} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8","blocks":0}}} 02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1661169535535091} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1661169535535091} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} -01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAATv7\/\/6QAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01102{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01135{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535617418,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD39AADERbHGG4FpvwKgrqSJhvtYASKlmAQEALCESpEI4RCHR9KJD4dY6X5oAIAAIAAEAAHwzzS0ACAAUnwD9370BkZTUznvE5OGEytEUcI2AKAAEfF\/qog=="} -01016{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535617418,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} +01050{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535617418,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535657522,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZk0RAAEAR2S7AqCuphuBab77WImEAxZayFv7\/AAAAAAAAAAEAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01160{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":10,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1697468908358667} -00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":10,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1697468908358667} +00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908358667,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA87sUBCQAgIRKkQktkZmJkWjJhZlo4bAAIABRFsDl4oh6bf+GLBENYf43S4VSdWIAoAASacRNB"} -01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908376988,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA8RUlAAQAwgcoABgAAB9MKkTrsxfvKyNCu9gS++AsbDfw2nuN5u+yO6W11+g4qLAs+zBqAAAAB"} -01141{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468913582927,"pkt":"eq+3+1HBILAB4IZiht1mBDreAIQROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gCET3oBAQBoIRKkQjdxNnArS0o3QlNDMAAgABQAAprMAROvRT1M92Jj6lqjUHRrLgABABQAArveIAELBwo9wRJIoRCUEicoHoArABQAAg2WJgAZAEFgWZkAAAAZAAAAAIAsABQAAgBQJgAZAEFgWZkAAAAZAAAAAIAoAATOYQFM"} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":11,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1697468913582927} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":11,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1697468913582927} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 201/201 ~~ skipped flows.............: 0 @@ -98,9 +98,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936755 bytes -~~ total memory freed........: 6936755 bytes -~~ total allocations/frees...: 114436/114436 +~~ total memory allocated....: 7514395 bytes +~~ total memory freed........: 7514395 bytes +~~ total allocations/frees...: 126169/126169 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2384 chars diff --git a/test/results/default/stun_classic.pcap.out b/test/results/default/stun_classic.pcap.out index ca1e943c2..89c25e23e 100644 --- a/test/results/default/stun_classic.pcap.out +++ b/test/results/default/stun_classic.pcap.out @@ -1,15 +1,15 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1343740773475497,"pkt":"AAwpNoBVAAQTMSCJCABFoAA4AABAAEARYv+sED\/grBA\/FdcKNoYAJLX1AAEACJQp74gpTdUmMscpMcuNu0wAAwAEAAAAAA=="} -01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773475559,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKPHqAQEADJQp74gpTdUmMscpMcuNu0wAAQAIAAHXCqwQP+A="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773518458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773518458,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKK\/2gJKuFQTp+Zg6ptkiktiFIAD61K+9LBnIwoNfshVpLdY="} -01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773518458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1343740773518458,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","domainame":"","stun": {"mapped_address":"172.16.63.224:55050"}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773518458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1343740773518458,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","domainame":"","stream_content":"Audio","stun": {"mapped_address":"172.16.63.224:55050","multimedia_flow_types":"Audio"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519014,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKIHYgBKuFgTp+jg6ptkixFMgl8ob0pereNKsssPr4lzFXNo="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519635,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKGlAgBKuFwTp+tg6ptki+Hq86nrAqyROkV67ctF76o6uaf8="} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":13,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773708889,"flow_dst_last_pkt_time":1343740773691032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1343740773708889,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1343740773708889} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1343740773708889} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6908251 bytes -~~ total memory freed........: 6908251 bytes -~~ total allocations/frees...: 114159/114159 +~~ total memory allocated....: 7485869 bytes +~~ total memory freed........: 7485869 bytes +~~ total allocations/frees...: 125891/125891 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 559 chars -~~ json message max len.......: 1160 chars -~~ json message avg len.......: 857 chars +~~ json message max len.......: 1217 chars +~~ json message avg len.......: 886 chars diff --git a/test/results/default/stun_dtls_rtp.pcapng.out b/test/results/default/stun_dtls_rtp.pcapng.out index fcd638200..c597f180c 100644 --- a/test/results/default/stun_dtls_rtp.pcapng.out +++ b/test/results/default/stun_dtls_rtp.pcapng.out @@ -1,28 +1,28 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1669989925164266,"pkt":"CL6sCxduJjb1W8R1CABFAACQVjZAAEARNZzAqAycjvpSTJRPS2kAfJZwAAEAYCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAkAARufx7\/AAgAFFXMCO6dEOYzzYk4Nclzw7fn\/+udgCgABEyaSoM="} -01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1669989925187720,"pkt":"Jjb1W8R1CL6sCxduCABFgACAAAAAACkR4mKO+lJMwKgMnEtplE8AbJ74AQEAUCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgAAIAAIAAHRcnwxD0EACAAUJIx1+vxTzWOyfafF9tFkzZIBE8qAKAAEKQoUxA=="} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1669989925221418,"pkt":"CL6sCxduJjb1W8R1CABFAAC5VjpAAEARNW\/AqAycjvpSTJRPS2kApScvFv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79S\/RrlK87INy3ylIzfu8bizsUmZbJs1gA0ekqf6irQH0AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1669989925221418,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01113{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1669989925221418,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1245,"pkt_l4_len":1211,"thread_ts_usec":1669989925246353,"pkt":"Jjb1W8R1CL6sCxduCABFgATPAAAAACkR3hOO+lJMwKgMnEtplE8Eu\/g7Fv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79Y4oGJZyFb5JepAe9szJjjByvKZ37cPqVErYZyM765YAAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAgAFv79AAAAAAAAAAECvQsAArEAAQAAAAACsQACrgACqzCCAqcwggGPoAMCAQICCQC8uqOs09h3+zANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhoYW5nb3V0czAeFw0yMjExMzAxNzM1MThaFw0yMzEyMDExNzM1MThaMBMxETAPBgNVBAMMCGhhbmdvdXRzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1yxLV4kqNHdkASeF5xg7eBecoZkE9HEL3CyKnnV5t7toYNS4OeGhbcQbMPNSDSOnmlHbqdcw6ZEJuQgiDVPLlIYRs\/6teD1Rrh95uPxCli\/eawXofQ+85GwLd8HPu\/1Tf1KkdH7bTnI5ggNxJzvUIn7OvPEXLAxPOh7I3RCas4Cd7k+Oz1YQmbnYZfKYy3jnzIQ+h556EgecvjI9tDtX+SanJAa9c9M8yzK9YkbAGCSQV5haW7yBvttXD17QF64g2wM65j0g3uTJ7UrtyneMAht0I4sc8aCq7AhuwJnWwhakL3taKN6y6c2q98Okz0ECUeQ60147X\/ysmxI0vfS3wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAtFce+YJ3fArKQ4fKZHaF7w6Kn2kogyZChKZ\/Hr8mqr4iyQ2HgF5a8PPh\/BB+aDDMa7k4IZueAjh2a\/Y+Q0YKmwP4sMWrhKZjyg7loocB2Z93+BngDSUrNEnyPyOCN9ZeSj5sPLdOKtCQveKhJ+JpqKozl98tw1LmmE96d9gwb8f6Jld\/hD\/ZPjp3oucWhOyUvDDg08IOTCFjgw\/DGttdJzZkBMJyh7kfx4YrHfF2HYOOyG44BVLSsU+mtF8zjy4+slDyAC9GrxyBkpvINa2tR2uuH0fel3keaZjEPRwf6GZDs55po6e3PVX9sXBZAq9CvabFKHqC+YA5YP3U1cKkrFv79AAAAAAAAAAIBNAwAASgAAgAAAAABKAMAHSCbQVZZ8KrFVukce1QIPdZ2T96RMNZBLJbxPJsZqAz6HggEAQCRDe7GpBuvs6Fbe\/duaPnRzi+TuxO1aOrBXscZ4djas+UCamAjEbmU07x7uRr5uMpZqZI27NlR5\/7+AkrBrh6rckT+uo7sd5UZV7HyRKFUxK2YjkrS1HzkNFKp7RfB27LVg6pCeGHysEbHV8V8dPks1hAl834D9n2PtxaDwfhvehWA9hQk338ICURUX5EX+U\/IHQMBEcJVinCclbAzJDu0zMO+EESVFt0\/FVowcSbYpZ7fqrDjqh\/OFcjlRHUxdumeVRsT9idi1zgvn9NhIKP0\/enEfBqbQOpwI22cdU8fNKIJCPoeYSiIDy\/ceLYeDc6iY09Tn2ER0Y7KuhmW5eKbFv79AAAAAAAAAAMAJQ0AABkAAwAAAAAAGQIBQAASBAMIBAQBBQMIBQUBCAYGAQIBAAAW\/v0AAAAAAAAABAAMDgAAAAAEAAAAAAAA"} -01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC","blocks":0}}} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC","blocks":0}}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1669989925331729,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1669989925331729,"pkt":"CL6sCxduJjb1W8R1CABFAACUVj1AAEARNZHAqAycjvpSTJRPS2kAgIetAAEAZCESpEJHeElSOVZ4WXVGUjkABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAlAAAAJAAEbn8e\/wAIABRPuZAhjSuP3zBrIerigzXVUm4nSYAoAAQ65t8C"} 02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925844909,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989925844909,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":43515.6,"max":258068,"stddev":58201.4,"var":3387401984.0,"ent":4.0,"data": [23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379]},"pktlen": {"min":68,"avg":221.2,"max":1231,"stddev":244.4,"var":59721.8,"ent":4.4,"data": [144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]},"bins": {"c_to_s": [0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0],"entropies": [5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657055887,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657055887,"pkt":"CL6sCxduSKRyNpegCABFAAA08+VAAIAGV4zAqAy2jvpS+cQtDZbxQLjKAAAAAIAC+vBI\/gAAAgQFtAEDAwgBAQQC"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657058869,"pkt":"SKRyNpegCL6sCxduCABFgAA0AABAAG8GW\/KO+lL5wKgMtg2WxC3d8CUA8UC4y4AS\/\/9BHQAAAgQFhAEBBAIBAwMI"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1710679657060611,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1710679657060611,"pkt":"CL6sCxduSKRyNpegCABFAAAo8+dAAIAGV5bAqAy2jvpS+cQtDZbxQLjL3fAlAVAQAQOAvQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1710679657060888,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1710679657060888,"pkt":"CL6sCxduSKRyNpegCABFAAAo8+hAAIAGV5XAqAy2jvpS+cQtDZbxQLjL3fAlAVAQAgB\/wAAA"} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1710679657061095,"pkt":"CL6sCxduSKRyNpegCABFAABE8+lAAIAGV3jAqAy2jvpS+cQtDZbxQLjL3fAlAVAYAgCAvgAAAAMACCESpEJNeko1THZzcmRlbGMAGQAEEQAAAA=="} -00990{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657061095,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} -01034{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657063848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1710679657063848,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {}}} +01023{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657061095,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657063848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1710679657063848,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {"multimedia_flow_types":"Unknown"}}} 02224{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657765266,"flow_dst_last_pkt_time":1710679657791909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":656,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":1924,"midstream":0,"thread_ts_usec":1710679657791909,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46625.8,"max":509459,"stddev":117745.2,"var":13863926784.0,"ent":2.8,"data": [2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125]},"pktlen": {"min":40,"avg":142.1,"max":696,"stddev":150.7,"var":22704.0,"ent":4.4,"data": [52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160]},"bins": {"c_to_s": [8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989926044388,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657948817,"flow_dst_last_pkt_time":1710679657936697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1108,"flow_src_tot_l4_payload_len":1968,"flow_dst_tot_l4_payload_len":12540,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915048 bytes -~~ total memory freed........: 6915048 bytes -~~ total allocations/frees...: 114254/114254 +~~ total memory allocated....: 7492666 bytes +~~ total memory freed........: 7492666 bytes +~~ total allocations/frees...: 125986/125986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 2229 chars diff --git a/test/results/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/default/stun_dtls_rtp_unidir.pcapng.out index 745e3048e..2e88aa0a8 100644 --- a/test/results/default/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/default/stun_dtls_rtp_unidir.pcapng.out @@ -1,15 +1,15 @@ -00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"} -01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255723,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1449812497255723,"pkt":"ACZs0wdDACZsIyatCABFAAB4bmVAAEARuAEKAQADCgoAARbdCvgAZFQ9AQMASCESpELECsSOsFxxIrqIIMwAFgAIAAHMnSsTpEEAIAAIAAFGGCsYpEMADQAEAAACWIAiABpDb3R1cm4tNC41LjAuMyAnZGFuIEVpZGVyJy4wgCgABF9l9iI="} -01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255723,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815"}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255723,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815","multimedia_flow_types":"Unknown"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1449812497284653,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497284653,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL6AAAIAR9v4KCgABCgEAA\/7K4YIALHa+AAMAECESpELy08QBzM3M08FJbUoAGQAEEQAAAIAoAAQGWrhk"} -01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497284653,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497284653,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497284653,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497284653,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1449812497285016,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1449812497285016,"pkt":"ACZs0wdDACZsIyatCABFAACMbmpAAEARt+gKAQADCgoAARbdCvgAeNrAARMAXCESpELy08QBzM3M08FJbUoACQAwAAAEJU1pc21hdGNoZWQgYWxsb2NhdGlvbjogd3JvbmcgdHJhbnNhY3Rpb24gSUQAgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInAASAKAAEYViFJQ=="} -01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497285016,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497285016,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815"}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497285016,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497285016,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815","multimedia_flow_types":"Unknown"}}} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1449812497336154,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1449812497336154,"pkt":"ACZsuc\/8ACZsCyRcCABFAACAL6EAAIAR9r0KCgABCgEAA\/7K4YIAbNH9AAgAUCESpEIkVCKMfhmvXBar8\/cABgAJdXNlcm5hbWUxAAAAABQAAAAVAAAAEgAIAAHMcOG6pisAEgAIAAHMcCsSpNEACAAUPkaSjGDG59HsJQn9tgdRZ5t4az2AKAAE4Guc5w=="} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1449812497336559,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1449812497336559,"pkt":"ACZs0wdDACZsIyatCABFAABYbnRAAEARuBIKAQADCgoAARbdCvgARIGqAQgAKCESpEIkVCKMfhmvXBar8\/eAIgAaQ290dXJuLTQuNS4wLjMgJ2RhbiBFaWRlcicgd4AoAATjDw2r"} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1449812497364710,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1449812497364710,"pkt":"ACZsuc\/8ACZsCyRcCABFAACoL6IAAIAR9pQKCgABCgEAA\/7K4YIAlCONABYAeCESpEKYrfbhUiTxAi9XC4wAEgAIAAHMcOG6pisAEwBoAAEAVCESpEKu9pClNlbUssHvnF8ABgAZMjcwZTM5M2Y6ZWEydnJwQzRKd2NqQ0YwZQAAAAAkAARu\/\/\/\/gCoACP\/\/\/\/\/\/\/\/\/\/AAgAFC4EXURAQUKzurHPv\/8ZrRnsFrR1gCgABL8MLuw="} @@ -18,7 +18,7 @@ 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1449812497496479,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1449812497496479,"pkt":"ACZs0wdDACZsIyatCABFAADMboRAAEARt44KAQADCgoAARbdCvgAuIfMABcAnCESpEKabwkxCgNoKDFqLpgAEwBsAAEAWCESpEJ+6j0VqO37x7qvJhcABgAZZWEydnJwQzRKd2NqQ0YwZToyNzBlMzkzZgAAAAAlAAAAJAAEbn4A\/4AqAAgAAAAAAAAAAQAIABSRSix2Wt+JeRYEja3Dcq7w4OuHlYAoAARIzREHABIACAABzHArEqTRgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInICc="} 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/43 ~~ skipped flows.............: 0 @@ -27,10 +27,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911296 bytes -~~ total memory freed........: 6911296 bytes -~~ total allocations/frees...: 114193/114193 +~~ total memory allocated....: 7488936 bytes +~~ total memory freed........: 7488936 bytes +~~ total allocations/frees...: 125926/125926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 577 chars -~~ json message max len.......: 1297 chars -~~ json message avg len.......: 936 chars +~~ json message max len.......: 1331 chars +~~ json message avg len.......: 953 chars diff --git a/test/results/default/stun_dtls_unidirectional_client.pcap.out b/test/results/default/stun_dtls_unidirectional_client.pcap.out index debc00e55..823751cb7 100644 --- a/test/results/default/stun_dtls_unidirectional_client.pcap.out +++ b/test/results/default/stun_dtls_unidirectional_client.pcap.out @@ -1,16 +1,16 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975037261} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975037261} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761975037261,"pkt":"AAAA1W9UrOh7zGISCABFuACMS9UAAD8RCqYaUwlRISPfZ+DfAhwAeBxIAAEAXCESpEKZUujby\/MKtb8jCDoAJAAEfv\/\/\/4AqAAgAAAAAAAAAAAAGACE0RDJ1Z1BuQnpFMFJ3ejEvOldacWs5TytnaWo4YXp0TVQgICAACAAUvs4hyEIUQeaHuhq3F0UydHxRy82AKAAEFxfLgw=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1441761975322785,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1441761975322785,"pkt":"AAAA1W9UrOh7zGISCABFuACQpu4AAD8Rr4gaUwlRISPfZ+DfAhwAfKyCAAEAYCESpEKNBDrS8+vWXmiUEj8AJQAAACQABH7\/\/\/+AKgAIAAAAAAAAAAAABgAhNEQydWdQbkJ6RTBSd3oxLzpXWnFrOU8rZ2lqOGF6dE1UICAgAAgAFJ1lE3iulScRFHYsqkUDsOTbR3jzgCgABJnOUrQ="} -01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975322785,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975322785,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975322785,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975322785,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1441761975609299,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1441761975609299,"pkt":"AAAA1W9UrOh7zGISCABFuAD1lQ4AAD8RwQMaUwlRISPfZ+DfAhwA4bjWFv7\/AAAAAAAAAAAAzAEAAMAAAAAAAAAAwP7\/fP2dNK5HSSEl+QrubMEF8aptH3\/U+umh4bhpzrGBgzIAAABGwBTACgA5ADgAiACHwBnAD8AFADUAhMATwAkAMwAyAJoAmQBFAETAGMAOwAQALwCWAEEAB8ASwAgAFgATwBfADcADAAoA\/wEAAFAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA8AAQEADgAHAAQAAgABAA=="} -01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975609299,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":445,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975609299,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.0","ja3":"f5eee7bc59657db39e2b9cdd401d78b7","ja3s":"","ja4":"dd1d350400_23b9269eae60_dbc12469f409","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975609299,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":445,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975609299,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.0","ja3s":"","ja4":"dd1d350400_23b9269eae60_dbc12469f409","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761975908886,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":873,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":873,"pkt_l4_len":839,"thread_ts_usec":1441761975908886,"pkt":"AAAA1W9UrOh7zGISCABFuANb39wAAD8Rc88aUwlRISPfZ+DfAhwDR3CWFv7\/AAAAAAAAAAEA8wsAAbwAAQAAAAAA5wABuQABtjCCAbIwggEboAMCAQACCQD0VYORJLQQeTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMB4XDTE1MDkwODAwNTYzOFoXDTE2MDkwODAwNTYzOFowGzEZMBcGA1UEAwwQTGl2ZUZvdW5kcnkgSW5jLjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuyhRVMs+Bz5qXqjQxGuyubanVpTs60WsXdygsd2nIf4kvClwVquI8p1OxMqlgF8HlLijUgedsnTkkRmXmvipQaKNlBb+\/wAAAAAAAAACAOELAAG8AAEAAOcAANUnAKw\/TDJBOJEtFXJH4pn5j+EVPXFJwG0ewl7Y3I+QBvhsLsEcisVV6boyWBxnFqgDuk46QV\/oUQago8jLAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAbmuxjO+DGgTv9Cpvf7qVf5kLHqHELP9rky2H1P4GJ2nkhu32wLxDpHbNkCNXubBcoeKjifYW\/p7enSVXgJbHkC6K6K4pvbE6MpZEZziaHK+me7jcyIPcDIetLLB8DCmNWqBB1nwLfbv5oHQ\/sW4Fk7kc2N\/BnYBZnooBLXGA+QIW\/v8AAAAAAAAAAwBOEAAAQgACAAAAAABCQQRmi6ltyNjABc7J9cmLPyxxoFJaQFZGAdA4a0tDfgl\/OKIfL84oddpzdf6Kayr7\/BgOAKI24ob\/PlWf\/svbnjLBFv7\/AAAAAAAAAAQAjg8AAIIAAwAAAAAAggCAsV3MYNlV6t3t7wUcqu8HNVVy6F6itfNXpKr+SPzgWi5H+pHWgBnNYHji0+tD\/BDAG5eMCMDzQTG8jsgJXK5BB6Hr9Fe4qk2975dPYTHajbw52dKgFiq3UWDX4uFUP\/pzlqsiwXx3Mu39P5qXb6EHVSIE0\/ju6iWmEKcUmF\/7MZcU\/v8AAAAAAAAABQABARb+\/wABAAAAAAAAAEAMbAJX5zrSBaDIrFais+q41JcBYbEnW\/coGYBOyFA2dIufD7sV4lF\/Cqc3FzuF4ZsErUUG3QtWv\/gI2EBqztZC"} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976197146,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1441761976197146,"pkt":"AAAA1W9UrOh7zGISCABFuACQk6QAAD8RwtIaUwlRISPfZ+DfAhwAfLweAAEAYCESpEJrTB4zaBoKl1i8ZbIAJQAAACQABH7\/\/\/+AKgAIAAAAAAAAAAAABgAhNEQydWdQbkJ6RTBSd3oxLzpXWnFrOU8rZ2lqOGF6dE1UICAgAAgAFOc58IHgzuDAt1G6OOMDB5sPTvG4gCgABJMut1k="} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761976198231,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":831,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1456,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976198231,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1441761976198231} +00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1441761976198231} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909863 bytes -~~ total memory freed........: 6909863 bytes -~~ total allocations/frees...: 114145/114145 +~~ total memory allocated....: 7487481 bytes +~~ total memory freed........: 7487481 bytes +~~ total allocations/frees...: 125877/125877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 641 chars ~~ json message max len.......: 1669 chars diff --git a/test/results/default/stun_dtls_unidirectional_server.pcap.out b/test/results/default/stun_dtls_unidirectional_server.pcap.out index 3f674639a..9693d3ef3 100644 --- a/test/results/default/stun_dtls_unidirectional_server.pcap.out +++ b/test/results/default/stun_dtls_unidirectional_server.pcap.out @@ -1,16 +1,16 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975301582} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975301582} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975301582,"pkt":"AAAA1W9UACWeBue\/CABFAABckk9AAC8RlRMhI99nGlMJUQIc4N8ASKsWAQEALCESpEKZUujby\/MKtb8jCDoAIAAIAAHBzSQ2G6oACAAUOG6\/PReCUq3JlsJgMEqY8IjJzYmAKAAEznYIbw=="} -01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567"}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567","multimedia_flow_types":"Unknown"}}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1441761975587269,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975587269,"pkt":"AAAA1W9UACWeBue\/CABFAABckotAAC8RlNchI99nGlMJUQIc4N8ASNSBAQEALCESpEKNBDrS8+vWXmiUEj8AIAAIAAHBzSQ2G6oACAAUIpKr5uGsXESfGDFUtNMC1hzHXuWAKAAEdDFJvQ=="} -01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975587269,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975587269,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567"}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975587269,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975587269,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567","multimedia_flow_types":"Unknown"}}} 01778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"thread_ts_usec":1441761975874926,"pkt":"AAAA1W9UACWeBue\/CABFAAOwksNAAC8RkUshI99nGlMJUQIc4N8DnECPFv7\/AAAAAAAAAAAATwIAAEMAAAAAAAAAQ\/7\/Ut3Mk6tuqUdmPtD\/0S2zU9RVqlxrWoD6U0a\/TVOn1OYAwBQAABv\/AQABAAALAAQDAAECAA4ABQACAAIAAA8AAQEW\/v8AAAAAAAAAAQCXCwABvAABAAAAAACLAAG5AAG2MIIBsjCCARugAwIBAAIJAI+IoV4BAT+sMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEExpdmVGb3VuZHJ5IEluYy4wHhcNMTUwODI3MDkwNzA1WhcNMTYwODI3MDkwNzA1WjAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMIGfMBb+\/wAAAAAAAAACAPMLAAG8AAEAAIsAAOcNBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxCrcxmZoAQDywCn+GhZjY6HfSn5rqMz8TRnXcc9jU23Yw7Ja92mohgOZR+Qo+cJxTl4KAbuGwcr15mpZW4EgmhWKDiKWrm9p\/InJjxp8EV\/j\/1I882DRAH5+Q+bPFLybYmb9D8k0aB4Pk6G1yg7rz7edN3mQLG1gWVM9B0Sue+kCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB67saGPVm1sTpv5AjMP5+R3wU1alP1uCQcdTSjQINc9PU43HFJfgx3hRO9z0woHwd2\/SmekpEW\/v8AAAAAAAAAAwBWCwABvAABAAFyAABKWhEiJyIl8FFqfxCQFxSbeWOB+D4Mj0loQYDEtNn\/e6zVt69xYS8qgj0pEtvGIMjbCvtoIRAqZIAUIz008tTLs+oxzjGtCikCEMUW\/v8AAAAAAAAABACQDAAAxwACAAAAAACEAwAXQQR27Dr9onTZFENOQON2yhMqGeeWpnA0EbRn2QO4OiJK3PLw0gM9x1w47T3fp9MKcmnScctNeU08Pt58g+r58mG1AIBFM9pY+i47LW6ummB3ST2yBADv+dkmiRvzbBVmJd7PE9AYvjXL3Eafz8RkdBipCaI0id38AvmmeIcRnmMhFv7\/AAAAAAAAAAUATwwAAMcAAgAAhAAAQ903Y0Smx2StBdClTKUpU+l8IW81bgDY\/Jw8GMnhUuvrt8K1pDJ8KSmKX+lYFjY3wXaYjpuEk6aXRxBcS7chMS98E+gW\/v8AAAAAAAAABgASDQAABgADAAAAAAAGAwECQAAAFv7\/AAAAAAAAAAcADA4AAAAABAAAAAAAAA=="} -01521{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975874926,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.0","notafter":"2016-08-27 09:07:05","ja3":"","ja3s":"1974c5c625e99dc22d0477079a54aed3","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=LiveFoundry Inc.","subjectDN":"CN=LiveFoundry Inc.","fingerprint":"23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98","blocks":0}}} +01479{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975874926,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.0","ja3s":"1974c5c625e99dc22d0477079a54aed3","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=LiveFoundry Inc.","subjectDN":"CN=LiveFoundry Inc.","fingerprint":"23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98","blocks":0}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761976174312,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1441761976174312,"pkt":"AAAA1W9UACWeBue\/CABFAAB3kwJAAC8RlEUhI99nGlMJUQIc4N8AY1hwFP7\/AAAAAAAAAAgAAQEW\/v8AAQAAAAAAAABAMEcyXPNODypMYT0Ssk4r7kdOXW+9U7+hCDxTj4d5TTNRdICHtbeHbXcfrCzPQpDaPm44sdeZ+qA0rw0R8k1fQA=="} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976174318,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761976174318,"pkt":"AAAA1W9UACWeBue\/CABFAACMkwNAAC8RlC8hI99nGlMJUQIc4N8AeKyrAAEAXCESpEKP0YtwXMNQlfFxwRMAJAAEfv\/\/\/4ApAAgAAAAAAAAAAAAGACFXWnFrOU8rZ2lqOGF6dE1UOjREMnVnUG5CekUwUnd6MS8gICAACAAUiKI62VDnyBUKfHf8mnzR1DIkRoWAKAAEF76wAg=="} 01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761976462611,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976462611,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1441761976462611} +00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1441761976462611} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911971 bytes -~~ total memory freed........: 6911971 bytes -~~ total allocations/frees...: 114149/114149 +~~ total memory allocated....: 7489589 bytes +~~ total memory freed........: 7489589 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 627 chars ~~ json message max len.......: 1783 chars diff --git a/test/results/default/stun_google_meet.pcapng.out b/test/results/default/stun_google_meet.pcapng.out index b19836c6f..5318b7a36 100644 --- a/test/results/default/stun_google_meet.pcapng.out +++ b/test/results/default/stun_google_meet.pcapng.out @@ -1,32 +1,32 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="} -01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250407,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFptAAEARi+HAqAycSn2Af7FYS2YAHPW+AAEAACESpEI5R2RXSytLQjJQSUU="} -01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268181,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKIBgAQEADCESpEJrQUdOTnp2SE5INTkAIAAIAAG5anwxD5M="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268368,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKK9BAQEADCESpEI5R2RXSytLQjJQSUUAIAAIAAG5a3wxD5M="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003685843,"pkt":"CL6sCxduJjb1W8R1CABFAACYqbBAAEAR4hnAqAycjvpSTJUIS2kAhI1dAAEAaCESpEJmUVJDSFcxSjg2d0gABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAUSRkFwEU4Xe2ByBahcg5+zSK7DUGAKAAE7yXU\/g=="} -01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003713559,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASIF0AQEALCESpEJmUVJDSFcxSjg2d0gAIAAIAAG5anwxD5MACAAUnCbUxns7ByhLQe3gWJggj2fuRtmAKAAEzTlfeQ=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003846345,"pkt":"CL6sCxduJjb1W8R1CABFAACYqb1AAEAR4gzAqAycjvpSTLFYS2kAhPiuAAEAaCESpEJ5eUQvQ0MySmgwQzgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAU4qPC0PvptNKr3xno5a6znzZ8MzGAKAAEv54I6w=="} -01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685003850184,"pkt":"CL6sCxduJjb1W8R1CABFAACUqb5AAEAR4g\/AqAycjvpSTJUIS2kAgFc2AAEAZCESpEJDY3Vnd0VjS3M1U3EABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABQRBPG5ZvdojwQrf8+QT0UUl+pOj4AoAAQCVNkR"} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1687685003855449,"pkt":"CL6sCxduJjb1W8R1CABFAAC5qb9AAEAR4enAqAycjvpSTJUIS2kApae7Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79U8QvlMKD8CG3V6IBJXGiID2FZCQNFMTf8XUxGUuriccAAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003855449,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003855449,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003867991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003867991,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASHlbAQEALCESpEJDY3Vnd0VjS3M1U3EAIAAIAAG5anwxD5MACAAUwCCc9hgGT3NviGnhjeZxerIm0rSAKAAEHcTQ5Q=="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003871067,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASNxmAQEALCESpEJ5eUQvQ0MySmgwQzgAIAAIAAG5a3wxD5MACAAUaD29YF1YYGCxoofK6W8JUGRlPi2AKAAEqdOw\/Q=="} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003874645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1331,"midstream":0,"thread_ts_usec":1687685003874645,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003874645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1331,"midstream":0,"thread_ts_usec":1687685003874645,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61","blocks":0}}} 02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003919073,"flow_dst_last_pkt_time":1687685003929116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":7356,"midstream":0,"thread_ts_usec":1687685003929116,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":15371.1,"max":164341,"stddev":39368.1,"var":1549851008.0,"ent":2.4,"data": [27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4]},"pktlen": {"min":65,"avg":290.0,"max":1231,"stddev":203.2,"var":41279.0,"ent":4.7,"data": [152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]},"bins": {"c_to_s": [0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685004461444,"pkt":"CL6sCxduJjb1W8R1CABFAACQqfNAAEAR4d7AqAycjvpSTLFYS2kAfJPgAAEAYCESpEJGRUJQYzFVQThCU1AABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFJQqoiZNzooLvSeLzTVTKlh5edo9gCgABHuCmMA="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004479004,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASO9LAQEALCESpEJGRUJQYzFVQThCU1AAIAAIAAG5a3wxD5MACAAUZp5QRw5NXPsy5Qrlhatah3HbNzqAKAAE\/XolSw=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685004552860,"pkt":"CL6sCxduJjb1W8R1CABFAACYqfxAAEAR4c3AqAycjvpSTJUIDZYAhMEOAAEAaCESpEJkZjhUNVpmTjU5SmwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAU\/8e7e1q7nO+JanZDE+IEZSthIJKAKAAEX0MtGQ=="} -00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004581588,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASCeyAQEALCESpEJkZjhUNVpmTjU5SmwAIAAIAAG5anwxD5MACAAUknV2wFqXEiEKuyN60myVdsDzL\/aAKAAEo4ih3Q=="} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004584424,"pkt":"CL6sCxduJjb1W8R1CABFAACUqf9AAEAR4c7AqAycjvpSTJUIDZYAgLy7AAEAZCESpEJJam5UNEJmQVFiVEMABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTB+QY1ErQZS1eZfETcnOWmhQrDlIAoAAQyeiKC"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004602242,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASIipAQEALCESpEJJam5UNEJmQVFiVEMAIAAIAAG5anwxD5MACAAUNyYqXJb8YAlyLHDvuycWYeMvOtaAKAAEKV9M7g=="} @@ -34,16 +34,16 @@ 00967{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004641696,"flow_dst_last_pkt_time":1687685004774208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":729,"midstream":0,"thread_ts_usec":1687685004774208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685005044008,"pkt":"CL6sCxduJjb1W8R1CABFAACYqhVAAEAR4bTAqAycjvpSTLFYDZYAhPO5AAEAaCESpEI1dDZmdW80dXd2ZFEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAUwxd71h3E7agGXCWb8vXAdS7WxdiAKAAE3AMc7g=="} -00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005074246,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASDkIAQEALCESpEI1dDZmdW80dXd2ZFEAIAAIAAG5a3wxD5MACAAUKJAPNrjYz21z+bHY5KMtFb5duTSAKAAE5XSGkg=="} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685005134784,"pkt":"CL6sCxduJjb1W8R1CABFAACQqhdAAEAR4brAqAycjvpSTLFYDZYAfBEPAAEAYCESpEJMdTA0T2pTbmZiWUwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFCDz+0pfbrz6PIl8RjxJCBwiBtxogCgABB6deew="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005152424,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASIG9AQEALCESpEJMdTA0T2pTbmZiWUwAIAAIAAG5a3wxD5MACAAUuQ1+j1g08fL3se212BIsEXEi+UiAKAAE2tP0Qg=="} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1687685006880453,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685006880453,"pkt":"CL6sCxduJjb1W8R1CABFAACQqo5AAEAR4UPAqAycjvpSTLFYDZYAfBw7AAEAYCESpEJkc3FYeGtnZGhzUlgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFPlpNUakcs8YpG4lPzhlKqXBYvLJgCgABLD\/\/FE="} 02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685007476840,"flow_dst_last_pkt_time":1687685007173710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":1668,"flow_dst_tot_l4_payload_len":977,"midstream":0,"thread_ts_usec":1687685007476840,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":286,"avg":178865.5,"max":1000041,"stddev":232359.1,"var":53990768640.0,"ent":4.0,"data": [28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252]},"pktlen": {"min":68,"avg":110.7,"max":565,"stddev":85.7,"var":7337.9,"ent":4.8,"data": [152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91]},"bins": {"c_to_s": [0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0],"entropies": [6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012276569,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwhAAEARi3TAqAycSn2Af5UIS2YAHLudAAEAACESpEJId3pvTWRNK3NxNSs="} -01183{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39032"}}} +01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39032","multimedia_flow_types":"Unknown"}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012277026,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwlAAEARi3PAqAycSn2Af7FYS2YAHH+BAAEAACESpEJ3NDhicURMWGJEVmc="} -01183{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39033"}}} +01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39033","multimedia_flow_types":"Unknown"}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012293995,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKHUhAQEADCESpEJId3pvTWRNK3NxNSsAIAAIAAG5anwxD5M="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012294220,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKDkEAQEADCESpEJ3NDhicURMWGJEVmcAIAAIAAG5a3wxD5M="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022297743,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022297743,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNNAAEARianAqAycSn2Af5UIS2YAHKJSAAEAACESpEJyZU55VnlHRHFRT3A="} @@ -55,16 +55,16 @@ 01140{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1697468935898948} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1697468935898948} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468935898948,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIQRQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCETH0AAQBoIRKkQmtPaTNJMjc0OHB2QQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACQABG5\/KP\/AWQACAAEAAAAIABSaw7PkfELbyrRWbnt+uUO3nio4h4AoAAQFm42R"} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":138,"pkt_l4_len":84,"thread_ts_usec":1697468935925806,"pkt":"eq+3+1HBILAB4IZiht1oAAAAAFQRLCABSGBIZAAGAAAAAAAAAIEgAQsHCj3BEkihEJQSJygeS2myBABUH7UBAQA4IRKkQmtPaTNJMjc0OHB2QQAgABQAApMWAROvRWFyqCEBkyegKldeXwAIABRao\/B2snGHws1Zgw4ooYPYdfXECoAoAARLYFXf"} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1697468935980588,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":182,"pkt_l4_len":128,"thread_ts_usec":1697468935980588,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIARQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCAlQsAAQBkIRKkQklKWEltb0ZTakFCeQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACUAAAAkAARufyj\/AAgAFNZu6Oob5xGMQcSQb\/xSO\/LQem81gCgABOAjV\/w="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":219,"pkt_l4_len":165,"thread_ts_usec":1697468935981271,"pkt":"ILAB4IZieq+3+1HBht1gC69IAKURQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCljD8W\/v8AAAAAAAAAAACQAQAAhAAAAAAAAACE\/v1yUTxW+i8++bcAq\/9RTCU282o\/zwxzeEvd2cieXfMxQgAAABbAK8AvzKnMqMAJwBPACsAUAJwALwA1AQAARAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAJAAYAAQAIAAcA"} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1697468935981271,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1697468935981271,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936000252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":138,"pkt_l4_len":84,"thread_ts_usec":1697468936000252,"pkt":"eq+3+1HBILAB4IZiht1oAAAAAFQRLCABSGBIZAAGAAAAAAAAAIEgAQsHCj3BEkihEJQSJygeS2myBABUSZIBAQA4IRKkQklKWEltb0ZTakFCeQAgABQAApMWAROvRUN3mVslzlbHeGZqZwAIABTbqKo9M\/yTuZazw\/cuDuO8mJiCI4AoAARaF4V+"} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936003277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1355,"midstream":0,"thread_ts_usec":1697468936003277,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31","blocks":0}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936003277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1355,"midstream":0,"thread_ts_usec":1697468936003277,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31","blocks":0}}} 02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468936037339,"flow_dst_last_pkt_time":1697468936047117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1148,"flow_dst_tot_l4_payload_len":6916,"midstream":0,"thread_ts_usec":1697468936047117,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9243.9,"max":81640,"stddev":19965.3,"var":398613152.0,"ent":2.8,"data": [26858,81640,683,74446,3025,28042,16509,24776,333,0,0,0,0,0,0,0,0,0,0,0,0,0,11517,15951,2780,0,0,0,0,0,0]},"pktlen": {"min":85,"avg":300.0,"max":1251,"stddev":206.9,"var":42788.4,"ent":4.7,"data": [172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308]},"bins": {"c_to_s": [0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.951032162,5.736715317,5.834187984,5.024463177,5.864942074,7.322808743,6.692216396,5.868327141,7.354635239,4.724500656,7.025775909,7.078637600,7.104609966,7.082355022,7.017282486,7.010787487,7.078490257,7.062924862,7.034311771,7.109773636,7.020790577,7.051887035,5.674198151,5.651331425,5.745950699,7.084123135,7.055697918,7.005239010,7.013784885,6.117315292,7.010463715,6.985410213]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -73,7 +73,7 @@ 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1697468936608486} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1697468936608486} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 362/362 ~~ skipped flows.............: 0 @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6932439 bytes -~~ total memory freed........: 6932439 bytes -~~ total allocations/frees...: 114569/114569 +~~ total memory allocated....: 7510145 bytes +~~ total memory freed........: 7510145 bytes +~~ total allocations/frees...: 126305/126305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2277 chars diff --git a/test/results/default/stun_msteams_unidir.pcapng.out b/test/results/default/stun_msteams_unidir.pcapng.out index 2ab0ae1b0..82ae07b99 100644 --- a/test/results/default/stun_msteams_unidir.pcapng.out +++ b/test/results/default/stun_msteams_unidir.pcapng.out @@ -1,15 +1,15 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1618744005970632,"pkt":"AAAAAAAAAAUA5TB2CABFAABkOG0AAG4RTXE0c4g3CgAAAQ2Xw1YAUAESAQEANCESpEJWcAnCrgDmmNmPAZCAcAAEAAAABwAgAAgAAeJEc6CbOQAIABQIHBh8TPkDR23jBTje41VGgqHl0IAoAARRPQxU"} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"82.178.63.123:50006"}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"mapped_address":"82.178.63.123:50006","multimedia_flow_types":"Audio"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1618744006480313,"pkt":"AAAAAAAAAAUA5TB2CABFAABDOHAAAG4RTY80c4g3CgAAAQ2Xw1YAL7urgMkABQAAA+hURUE7b2gVFPqcmMldelzzgAChXgHj5LmQ6OP80uFw"} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744006480313,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"82.178.63.123:50006"}}} +01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744006480313,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"mapped_address":"82.178.63.123:50006","multimedia_flow_types":"Audio"}}} 02175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480313,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHEAAG4RSPY0c4g3CgAAAQ2Xw1YExyyCgMkBKwAAA+g04NBQkTiMlctbYK4Ra5ZLFxfT\/GCsQYdz1vjgNQA1Yv3zTqyHRqqkzmfn4FhRBqYB99GgUjrRqOuhvmKcA\/Lt3E3NRJRdu306hPEpD00o2CCAYtDvSrHOD4KmaFm31I8JRlmZcekFc3KGedIrt39z66JpA2S2KmkNos15cl6k7bkUhHDVz\/noudmFAm+ttAqMeR2Ht229wsfef49c1wB2VCP6NMdq52i\/BsRt2Yriaf9JgkkwxZ0hOmElJhbth\/\/VOXxqWfx3hsmECk+3sBNLLbKQSZoen3KPLK5dl97FeVlHMA5zrUT2\/PXyL3OGPD+KQexREy\/ycs\/cK+vthQcxym2f9SUSiZUDDnSG8vu0797yG6+njY7z78b9u8mhN418L25e7RzNDgrGrD+Nwn5OYf\/Yn93Seenj9qPgzXbLOrDc\/uNKkrw8rHlnLqGggO\/SqOqn50rngJzGCxrrQa7AHRZu3m7rTK8x3M0ojCGv9Y7R9xSdmM2f7qCdpYZmmF7Nu9K9FnvXeGbSdOqvGbjq3IWoNDra5tmx8c5h5XZSMwgKmO00OZOj7W4u074hccuoJwD7XP6y8qhc\/+Rc1\/AHpXtZAFft02QWkdGiP1+w1\/OHU009QR7q6DXiQ1TiPTKyZtHJEIhTxoFs\/YB5jjmyn5qGDMtVVPYPTYJ\/Zrmmb3ENsnPkOzZ7WIhjLZblk+9B32L6\/6LCfZx4WGEO5d2GJO34mReC8CpkBOWQsm+XgYIGkqJzetGxpQdPcq59PDDvC0dhjtBOJ90b9q\/JOrIrC0Aa6OoYQMATGO\/+bBvUwbLqEcEVwsKW3zh96a9ST4YRXrd3hQEEk4nHmOryRc\/t34lz8iH4+2S2OaK3IpD1rDpQ9UQ+fkW0Twbc2YUqgB0ltG2iNX2JaewC62q3ln3vK4i49OPjfED+CAusbaqzYuPvj2lg61xa6bBXuHaE3R2z5SHs0kH03NOgtoEpedOZ6eol1piYdkHRIqW\/uV3m1ZvSHgLaIKVS2bToeI8mpiIB8cvCRRlYcXdVnnGBeU21nIq6ptov2ipm1j142PWQtY0YPI3NHkLy2mhKuRjr8YYuwrJl2KxP0OYFdrhKF2bcXqbJytKrShR9597UTHHw6ukhv2m19IjNYDMEts9YNaN1IwixG8DsyKB+bAfvfh9ALZOLJQQLAO0v1oUPVU2yNZ9QAdo773Q1R81glQvHRCzRxfhJP1+0GSDlQwcLtXPIyyOQv9M5dfKmjl9znQFz+BvQpsCkv0rNyKmREyfBQ2\/i1DpywnKQXTEJyaBxDtZshq6xz\/4TH3dhWt5AC84ZpNxQAoUzyhoLWwiRcnrUUuI6rWJE9sI2mRklLdt1rpIpRECWbKRULyWCHLkNfER1zgLftc3aTijTVu0MUnu7bpPtDBRIs2GNiIK9Kwj2QDP3FUDViBP+ekkyn+MfxL1\/SMG1vf5rrAzWe961dxAdmfvFgU3Yf\/ge6w39I1pB46H9wAeViPTu5xA8L3xhUb2KynqSUAJbxGTEGGSRDvQhWhaLJBn+pvcnB\/C\/N7E0W+kyjyN6SYxyKhkihBNZihCaRhGeNNnSxmvdgAChXwFNTpX4H6DrGf6c"} 02170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744006480360,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480360,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHIAAG4RSPU0c4g3CgAAAQ2Xw1YEx\/GBgMkBKwAAA+gk6GdnQrq1sxg2rp3tQsLgw0gVWymTaLOvFHT9ui9D7gDmu\/IOxaHejjGputpbrUbXgAbO8Er99xmHrDIMUbUtyv51Hl7AneuGh6Dd2p5b\/VwN4FXKvV+F+9SbOhEAXHBCYBh8VFS+gkvRvb5DM05KtlLw3IlGYKJIjBf+U9MtVgNdPrr\/SUHwUJnVhqaFyMbeFNwwwjKt6W2sHlQ72rrpPBq4S3rd+Oe6kEb1pEYreq6bW1jEGHdkOV0iMK0Jrk+7Mr\/iAK1zlpK6Lr\/o+CIxRNeX3vLHLOFk63nkefy0IYKoOev6VK0c2oTcvttvlpvT4nuVeCtO34N9H1eF6gZ5iQfmgYZnv8JY6Gse5CnhCmALTKVCNIzytzsvQP5nntxH1Re9YTf38i1Wn7vQ3q\/GsfKaeEQFnApXe7KiW0ezdf7Wa1SQ\/gCnbIJs2390UpYixvatPIUurguPoVkFZUWMx21eEdysM9loFemtygvGTTFEr6TVPztELotocBHR05nFbKhmEumGH0VD11Z9Zn00I6Qcy9GrBja9dX7AMG9MWIh6dO1uT6Q7K32st76EZcJMPK6jf2mRRu2rmKjvy3iyMJI4zao8WBQ+RS\/q1HkmDaQQfOMGlzLEy24bXJ6bl6jeHzl0VrhmJ5lIBGm6YxLbNAWKJK7pW\/1+e9nAUIpqcna3GU7DZqjcDQYLYcYGbYl9MxJ8yJtwv8TUlEzOgeoR6gLH8odQhnVskEi9WnOkrb0FXzeU5vpLKLTevAisomyWbIJAQXW1jmnCMnZsU9bXqz6gsW9rOvE8aIwRLWzn72RU+B+rD13+E7VdNEQu+CxTs0HXh5eswjm+jKjiL4XIN+B1HyAFjm7gfxpPZVA0VXGgVxcb6ECAUg91y2oSFlfwSzKSqlpnM5GjsmkEEgIWKh+jaRFv7w\/leDpePcdailRyGFuKP2FfSJQST2W2zlQrMF\/oNUjP6aZdNaxzoSoCXMJd7Up\/mt8RqMgsrWcYUMHvQ06h+exj898vCZtB1V+TLwW9uBektzF+CXOqqrF1Z9FSLK6FRk\/mRj4sDj4kh9egaoIbswL\/TUDlkzUlOiGsXKLhjW3tS3FyfPt1tfezIXGHEh4EW60zksXjIEgJDPLc\/qO4WG42aNVJdylffvScrUJ3xzSfGuM0vqgfMiB+3CM4zhYcDJCEucrnFdmhMiEQPdR7A9TRXrNULsYoSroOvapvGllOcBcM6yVEVim0NhZ6IqBqdVPRFgM6TEKUId6MqCsrZOn505zSvp6uI+iYbTVt2vAwVNgy8zy9fIWVcuykSzkvH+d42DP+VXtpttwkWetjb36T\/ZS2XTr7PuIk7Yvla\/G4HlzHMbBpi60aJl0BS37yoR0f2qm9WHw2KnODhEyhAYb4IeKTGj\/HuRy9XbO6k1YH6otSJwQ\/cgkZs2iWIsENJksqX0PSeqfZ7ACHXxQiZEIMG8YTWkv4u7u2JT7ExAILLkiwT\/QQD4jmFyu\/ht83e0GIjVy9NYLfpkj64XFHRO7PLRYwx8ki+XfUPsu1+DA2BfaB3A+I8\/B11Z4sg+PtwrTD3Q9hvnk7uPTQPIiGzwEGgAChYAHgggO6ksVgq664"} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744006794573,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1618744006794573,"pkt":"AAAAAAAAAAUA5TB2CABFAACHOHQAAG4RTUc0c4g3CgAAAQ2Xw1YAc6HlgMgADgAAA+hZLCORUikt0lMMVuqc62jK8b9ObVoTSM\/lJgLtxS1nRRDaLJ4KDYgtyq2PsWx4ZAx8e0UeKef0\/\/qTc52IDGdgIZ3TuK4YxTFWM4fkMdciSGlScqeAAKFiAVZYWPTPO\/w0aQ0="} -01238{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744010505540} +01232{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744010505540} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907989 bytes -~~ total memory freed........: 6907989 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7485607 bytes +~~ total memory freed........: 7485607 bytes +~~ total allocations/frees...: 125882/125882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 578 chars ~~ json message max len.......: 2180 chars -~~ json message avg len.......: 1363 chars +~~ json message avg len.......: 1364 chars diff --git a/test/results/default/stun_signal.pcapng.out b/test/results/default/stun_signal.pcapng.out index 8f3497be3..c45c5a5dd 100644 --- a/test/results/default/stun_signal.pcapng.out +++ b/test/results/default/stun_signal.pcapng.out @@ -1,23 +1,23 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040699,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVtAAEAR0ZPAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} -00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} -00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} @@ -26,89 +26,89 @@ 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087800,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936120747,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} -01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135326,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135326,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} -01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135836,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135836,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936138159,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Lz5AAOMRv58jnrenwKgMqQ2Wml4AZJPmARMASCESpEI3Q1lCTmVMaEVzcmUACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjOGY3M2M5NzZiMDJiOWM4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABHmTjPc="} -01135{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936144585,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936144585,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVZAAEAR9G\/AqAypI563p5peDZYAfGxHAAMAYCESpEJTREg5Z3IrK1V4dm0AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGM4ZjczYzk3NmIwMmI5YzgACAAUVADVyCcFlHpNR6\/JlEM11GK82Wc="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936150821,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150821,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbroAAOABw1cjnrenwKgMqQMDpckAAAAARQAAOJ1UQAAdERfKwKgMqSOet6eaXgG7ACT1pAADAAghEqRCSktITllCRzRleVZKABkABBEAAAA="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936160415,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4L0JAAOARwpsjnrenwKgMqQ2WuGQAZP9bARMASCESpEIwWE1VcCtxUS9rUlMACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NTNlMjE2ZTYwMmRiMDdlABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBFo+J8="} -01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936185855,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936185855,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVhAAEAR9G3AqAypI563p7hkDZYAfGwXAAMAYCESpEJMbjdHYmN5WG5rbm4AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDk1M2UyMTZlNjAyZGIwN2UACAAUIW2HvRLiM2\/Mn2aCV9BfzE1X65g="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936331596,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936331596,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbuUAAOABwzQjnrenwKgMqQMDpcEAAAAARQAAMJ1iQAAgERTEwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936411307,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} -01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936411307,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11888"}}} +01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936411307,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11888","multimedia_flow_types":"Unknown"}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936415304,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} -01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936415304,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889"}}} +01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936415304,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","multimedia_flow_types":"Unknown"}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936663206,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80O8AACYRz3Os\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936821517,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936821517,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWdAAEAR9L7AqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -00999{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} -01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956903176,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956921410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} -01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956960274,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956960274,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} -01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956969064,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956969064,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956977270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7RAAOQRrikjnrenwKgMqQ2WnA4AZNRVARMASCESpEJuWjVNSmNUejZrc3YACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlM2Q3MGU4YTI4NzhlYWI4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABPdDwsE="} -01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956982713,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956982713,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnupAAEAR8tvAqAypI563p5wODZYAfID0AAMAYCESpEJoVnBuRlhEMWd5a3MAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGUzZDcwZThhMjg3OGVhYjgACAAUhea72wHPPgTdSOnBEkAPMzKPAD4="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956988183,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7VAAOARsigjnrenwKgMqQ2WqDwAZD47ARMASCESpEJQZE0rWTlGNXNyQ3EACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyYzViYWNlMTgyOWQyNjllABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBNbgMs="} -01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956989826,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956989826,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnutAAEAR8trAqAypI563p6g8DZYAfJbSAAMAYCESpEJELzRSL1I0ZVdVN0kAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDJjNWJhY2UxODI5ZDI2OWUACAAUvJldU9tsWUvBCpl53HMUEVhvq8k="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} -01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957151010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957151010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957172132,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevRAAEARy\/rAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} -01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957172132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957172132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957180832,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957180832,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvxAAEAR8ynAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957210204,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957210204,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv5AAEAR8x\/AqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957219600,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957219600,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv9AAEAR8x7AqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957274630,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86goAACYRtlis\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} -01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957274630,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11910"}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957274630,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11910","multimedia_flow_types":"Unknown"}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957301798,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8efYAACURJ+2s\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} -01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957301798,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11911"}}} +01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957301798,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11911","multimedia_flow_types":"Unknown"}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957525218,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86ikAACYRtjms\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957551924,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8ergAACURJyus\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957650455,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957650455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxNAAEAR8xLAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957680781,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957680781,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxZAAEAR8w\/AqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} -01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1636901958386718,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958386718,"pkt":"CL6sCxdumt9Y+uvcCABFAABcaztAAEARa7LAqAypEsODj6g87uQASCG+AQEALCESpEJ2dFg5dWZIQUdCakMAIAAIAAHP9jPRJ80ACAAUJmmebdkZZFSwkh7L8yz62k564LmAKAAEReD9tw=="} @@ -126,68 +126,68 @@ 01022{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} -01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998642149,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998642149,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} -01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} -01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} -01134{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998645824,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998645824,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} -01134{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -01031{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {}}} +01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} -01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80"}}} +01158{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} -01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998663215,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998663215,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998669539,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49kxAAOQRNEUjnnrTwKgMqQ2WlFIAZMvXARMASCESpEJOTG9MWFNjWDdLU3cACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2MzExMjRhZWUxZDEzNDUwABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABOHlRAQ="} -01145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80"}}} +01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865349,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865349,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998892782,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998892782,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FlAAEAR8pjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998900771,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998900771,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVXoAAOMBFnQjnnrTwKgMqQMDaO0AAAAARQAAMNxXQAAgERKjwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998914396,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998914396,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FtAAEAR8pbAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967333,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967333,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929"}}} +01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967333,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929","multimedia_flow_types":"Unknown"}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967382,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11928"}}} +01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11928","multimedia_flow_types":"Unknown"}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242071,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uigAACUR57qs\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242113,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OWgAACYRZvus\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386450,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386450,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3HxAAEAR8n3AqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386783,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386783,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3H1AAEAR8nzAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000114802,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000114802,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/RAAEARXvnAqAypEsODj7qX0yYASLB3AQEALCESpEJBbDNpSTF1eStSR1UAIAAIAAHyNDPRJ80ACAAUTu361RDreRFUJBDgnwLv4nPGjjiAKAAENi4ivw=="} @@ -230,7 +230,7 @@ 01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":30,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1636902021384737} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":30,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1636902021384737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 @@ -239,9 +239,9 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6973895 bytes -~~ total memory freed........: 6973895 bytes -~~ total allocations/frees...: 114861/114861 +~~ total memory allocated....: 7551689 bytes +~~ total memory freed........: 7551689 bytes +~~ total allocations/frees...: 126601/126601 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/stun_signal_tcp.pcapng.out b/test/results/default/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..56786f649 --- /dev/null +++ b/test/results/default/stun_signal_tcp.pcapng.out @@ -0,0 +1,28 @@ +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378288841,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378288841,"pkt":"ILAB4IZiSKRyNpegCABFAAA0B4lAAIAGELDAqAF1I9v8kshgAFBbKS1nAAAAAIAC+vBAUwAAAgQFtAEDAwgBAQQC"} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378293937,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADoGXjkj2\/ySwKgBdQBQyGCXmzc3WyktaIASf5Ts8QAAAgQFjAEBBAIBAwMK"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1733247378294067,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1733247378294067,"pkt":"ILAB4IZiSKRyNpegCABFAAAoB4xAAIAGELnAqAF1I9v8kshgAFBbKS1ol5s3OFAQAgOrMAAA"} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1733247378295356,"pkt":"ILAB4IZiSKRyNpegCABFAABEB49AAIAGEJrAqAF1I9v8kshgAFBbKS1ol5s3OFAYAgMlbwAAAAMACCESpEJKbERKTE9Ea0ZJSWYAGQAEEQAAAA=="} +01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378295356,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378300425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1733247378300425,"pkt":"SKRyNpegILAB4IZiCABFAAAoHURAADoGQQEj2\/ySwKgBdQBQyGCXmzc4WykthFAQACCs9wAAAAAAAAAA"} +01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378307859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1733247378307859,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} +02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378757373,"flow_dst_last_pkt_time":1733247378756881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":248,"flow_src_tot_l4_payload_len":1352,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1733247378757373,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":30212.0,"max":286751,"stddev":67983.4,"var":4621743104.0,"ent":3.1,"data": [5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409]},"pktlen": {"min":40,"avg":111.6,"max":288,"stddev":62.1,"var":3852.6,"ent":4.8,"data": [52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140]},"bins": {"c_to_s": [6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0],"entropies": [4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":274,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247395709690,"flow_dst_last_pkt_time":1733247395702394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":1420,"flow_src_tot_l4_payload_len":58588,"flow_dst_tot_l4_payload_len":27476,"midstream":0,"thread_ts_usec":1733247395709690,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 500/500 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 86064 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7501782 bytes +~~ total memory freed........: 7501782 bytes +~~ total allocations/frees...: 126370/126370 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 539 chars +~~ json message max len.......: 2217 chars +~~ json message avg len.......: 1303 chars diff --git a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out index e33f53e1f..03e5ff333 100644 --- a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -1,14 +1,14 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645514762350619} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645514762350619} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514762350619,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1645514762350619,"pkt":"AAAAAAAAAAoA2nGfCABFAAA8AABAAFcGEY6mrI6DF7fFRw2Xp2H0bFeT0HMflKAS\/\/+7nwAAAgQFtAQCCAr+HMRdGiKsgwEDAwg="} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514762356326,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxJAAD8GdmcXt8VHpqyOg6dhDZfQcx+U9GxXlIAYAU3vTgAAAQEIChoirLb+HMRdAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} -00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1645514762356326,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1645514762356326,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762715323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514762715323,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxNAAD8GdmYXt8VHpqyOg6dhDZfQcx+w9GxXlIAYAU3ulgAAAQEIChoirQH+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514763155219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514763155219,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxVAAD8GdmQXt8VHpqyOg6dhDZfQcx\/M9GxXlIAYAU3t4wAAAQEIChoirZj+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1645514773276175,"pkt":"AAAAAAAAAA4AwKFPCABFAACIsxpAAD8GdicXt8VHpqyOg6dhDZfQcx\/o9GxXlIAZAU3usAAAAQEIChoiuYL+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAAADAAghEqRCcEtuRTlSWGdGWWxZABkABBEAAAAAAwAIIRKkQnBLbkU5UlhnRllsWQAZAAQRAAAA"} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1645514773276175,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1645514773276175} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1645514773276175} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909806 bytes -~~ total memory freed........: 6909806 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7487402 bytes +~~ total memory freed........: 7487402 bytes +~~ total allocations/frees...: 125874/125874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars -~~ json message max len.......: 997 chars -~~ json message avg len.......: 788 chars +~~ json message max len.......: 1030 chars +~~ json message avg len.......: 804 chars diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out index c8b5ccca3..425914d7c 100644 --- a/test/results/default/stun_wa_call.pcapng.out +++ b/test/results/default/stun_wa_call.pcapng.out @@ -1,44 +1,44 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} -01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478"}}} +01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="} -01161{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029608,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478"}}} +01195{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029608,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="} -01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035552,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035552,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="} -01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968036993,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968036993,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="} -01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478"}}} +01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="} -01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478"}}} +01198{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478"}}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037483,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478"}}} +01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037483,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="} -01076{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968037875,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"93.57.123.227:3478"}}} +01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968037875,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044522,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwhAAFURgBGd8Ms+wKgMnA2WtjwATEezAQMAMCESpEJwdYtExyOnTtGTSicAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUiLSqHkDyO4Nn0koco41Anoog2hY="} -01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968044522,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.203.62:3478"}}} +01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968044522,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044575,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwlAAFURgBCd8Ms+wKgMnA2WtjwATDevAQMAMCESpEJwdYtExyOnTtGTSigAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUPpUdGzsHO6o60A2P\/YzAPtGyD14="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968055421,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFBAAFYRrcmd8Oc+wKgMnA2WtjwATEo8AQMAMCESpEJwdYtExyOnTtGTSikAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDIACAAUfe6H1Xa456A0pvmxA+2DiUprJrM="} -01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968055421,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.231.62:3478"}}} +01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968055421,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968058079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968058079,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFJAAFYRrced8Oc+wKgMnA2WtjwATE4+AQMAMCESpEJwdYtExyOnTtGTSioAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUwWTirh60\/VHH+ED4aqqQivjmyd4="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060837,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpVxAAFMRAcmd8BUzwKgMnA2WtjwATKdbAQMAMCESpEJwdYtExyOnTtGTSisAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUABEIe9NGgDdArgJP1RoA97aa1Do="} -01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968060837,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.21.51:3478"}}} +01113{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968060837,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060888,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpV1AAFMRAcid8BUzwKgMnA2WtjwATFmEAQMAMCESpEJwdYtExyOnTtGTSiwAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUdeov0ALnfOy1FSGpfbM\/gVsZOSo="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064266,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NlAAFQRJ06d8MMwwKgMnA2WtjwATMmfAQMAMCESpEJwdYtExyOnTtGTSi0AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUEauiV+5OdWK08lpoY4KvoDM8wkA="} -01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968064266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.195.48:3478"}}} +01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968064266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064299,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NpAAFQRJ02d8MMwwKgMnA2WtjwATLBEAQMAMCESpEJwdYtExyOnTtGTSi4AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUBF3x7h5ICsoSF2To96zryfeV154="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659970501672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1676659970501672,"pkt":"Jjb1W8R1CL6sCxduCABFAABKBqBAAFcRdqJdOXvjwKgMnA2WtjwANj3TgcoAB+FyMapRK5FaypeotDESW84OgO841cZwILWkJxeAAAAB+Wopohy6zZkyGw=="} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970535244,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970535244,"pkt":"CL6sCxduJjb1W8R1CABFwAEsfaFAAEARhOzAqAycnfDLPrY8DZYBGBQxAAMA\/CESpEJwdYtExyOnTtGTSjFAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLzib3wACAAUXTCmuD43X2iZxaQUlL\/5MyGiwQU="} @@ -48,59 +48,59 @@ 02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625741,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01202{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625741,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626848,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01202{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626848,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478"}}} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627131,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478"}}} +01202{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627131,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="} -01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478"}}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="} -01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627411,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478"}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627411,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="} -01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478"}}} +01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627695,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478"}}} +01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627695,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="} -01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020633882,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.203.62:3478"}}} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020633882,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1676660020635842,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1676660020635842,"pkt":"CL6sCxduJjb1W8R1CABFwABci9RAAEARd4nAqAycnfDLPsF2DZYASEFRCAQALCESpEI9TftlKWJACU3e+UNABwACAfQAAAAWAAgAASyEvOJvfAAIABQ46era\/Z2SZjhFF95tb67cFTcxPA=="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646356,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEA9AAFYRwgqd8Oc+wKgMnA2WwXYATESqAQMAMCESpEI9TftlKWJACU3e+TsAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAU2sO6qtIQRG8Fb8Ku\/1Yc8bkNCwU="} -01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646356,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.231.62:3478"}}} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646356,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646394,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEBBAAFYRwgmd8Oc+wKgMnA2WwXYATMHdAQMAMCESpEI9TftlKWJACU3e+TwAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUtd5zvNHTNstw7o7HFkTuf+A5wEQ="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646446,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX5AAFMRn1q5PNgzwKgMnA2WwXYATEpFAQMAMCESpEI9TftlKWJACU3e+UEAIAAIAAHRX3wxD0FAAgAIAAABhmC5laEACAAUH8edTAMAuZVpRGGCYax6hVg0ya8="} -01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646446,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"185.60.216.51:3478"}}} +01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646446,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646471,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX9AAFMRn1m5PNgzwKgMnA2WwXYATDurAQMAMCESpEI9TftlKWJACU3e+UIAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUqiKz9h9t1ITvWTv\/BN9zdrh6ouk="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649547,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFdAAFMRioSzPMAwwKgMnA2WwXYATFMNAQMAMCESpEI9TftlKWJACU3e+T8AIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUAUJ5rKYzB8P+FxjEnR76AoJ8\/mE="} -01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649547,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"179.60.192.48:3478"}}} +01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649547,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649585,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFhAAFMRioOzPMAwwKgMnA2WwXYATFWhAQMAMCESpEI9TftlKWJACU3e+UAAIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUgv6L2fitRmrDKBO6QOmHmVTNEwk="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649607,"pkt":"Jjb1W8R1CL6sCxduCABFAABg00xAAFQRI82d8MQ+wKgMnA2WwXYATB51AQMAMCESpEI9TftlKWJACU3e+T0AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUDM36X1qnGrp9aVSAhimrdKC7fMo="} -01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649607,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.196.62:3478"}}} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649607,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649623,"pkt":"Jjb1W8R1CL6sCxduCABFAABg001AAFQRI8yd8MQ+wKgMnA2WwXYATIH0AQMAMCESpEI9TftlKWJACU3e+T4AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUxKTeHLccf0M6tOjMy8siv2yc4lE="} 02206{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1676660024325807,"pkt":"CL6sCxduJjb1W8R1CABFwAB1QNhAAEARWCPAqAycXSF2V8F2oJMAYc1lkHgABQAA3UBRZ9y23r4AA1ErK2EAvZEZhwAAAKbOSK90hIl36enLLzUIk6r\/w1XH6T2mtq3Gg8VNMWWeuoZcZLDNzrjMgd0lraiBKjJ3Gy5jB\/m61+BApbg="} -01094{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","stream_content":"Audio"}} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024620334,"pkt":"CL6sCxduJjb1W8R1CABFwABISE9AAEAR8Q7AqAycClIo8cF2nfQANEB+AAEAGCESpEIXwuNn6QQGBGvPy2QACAAUUNSepUVO3cHbT1W7D8IkB9QMLLk="} -01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1676660025173851,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025173851,"pkt":"CL6sCxduJjb1W8R1CABFwABISHxAAEAR8OHAqAycClIo8cF2nfQANJUKAAEAGCESpEJbGGZZJbjNIbGSmgoACAAUqscImv03XhISfmW0WS8IT6fPtOk="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1676660025726086,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025726086,"pkt":"CL6sCxduJjb1W8R1CABFwABISIRAAEAR8NnAqAycClIo8cF2nfQANJ6PAAEAGCESpEKk0qlxm\/ZTOSdEwkYACAAUXDPKAV6TGyzZ4WyS4fYKXK0zlIs="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1676660026276036,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660026276036,"pkt":"CL6sCxduJjb1W8R1CABFwABISLRAAEAR8KnAqAycClIo8cF2nfQANMOEAAEAGCESpEKl9A496LZkbYe+i00ACAAU\/ewrDda+DUas0DsT+++L7XeLDdc="} @@ -129,7 +129,7 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1676660035303048} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -138,9 +138,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6953649 bytes -~~ total memory freed........: 6953649 bytes -~~ total allocations/frees...: 114872/114872 +~~ total memory allocated....: 7531289 bytes +~~ total memory freed........: 7531289 bytes +~~ total allocations/frees...: 126605/126605 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 582 chars ~~ json message max len.......: 2211 chars diff --git a/test/results/default/stun_zoom.pcapng.out b/test/results/default/stun_zoom.pcapng.out index d21a99cc6..0bdc4c362 100644 --- a/test/results/default/stun_zoom.pcapng.out +++ b/test/results/default/stun_zoom.pcapng.out @@ -1,31 +1,31 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535555383,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABTFtYB0ycot0Qy1S9naomjILfmurIAoAAQ+7lku"} -01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535607032,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD3xAADERbHSG4FpvwKgrqSJhvtYASE6sAQEALCESpEIJLXMzkXIYSWor3N8AIAAIAAEAAHwzzS0ACAAUX9ajIUvkC+s+fBB\/ykxaS5wOOuqAKAAEnxO\/9Q=="} -01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} +01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535607198,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535607198,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzhAAEAR2VvAqCuphuBab77WImEApMlhAAEAiCESpELh2wHdYLBaO1o3kj4ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535618755,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kztAAEAR2VjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535638993,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0BAAEAR2VPAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} -01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535718922,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535718922,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0tAAEAR2UjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535739218,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k09AAEAR2UTAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} -01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} -01517{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}} +01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01476{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535812586,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD6NAADARbU2G4FpvwKgrqSJhz0kASPHKAQEALCESpEJLP6Z0mpHuyXM99DsAIAAIAAEAAHwzzS0ACAAUCL5PYVNYAABIJaSs+ThbSkIV4CuAKAAEBcrGkQ=="} -01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} -01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} +01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -34,10 +34,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923322 bytes -~~ total memory freed........: 6923322 bytes -~~ total allocations/frees...: 114229/114229 +~~ total memory allocated....: 7500962 bytes +~~ total memory freed........: 7500962 bytes +~~ total allocations/frees...: 125962/125962 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 608 chars ~~ json message max len.......: 2185 chars -~~ json message avg len.......: 1374 chars +~~ json message avg len.......: 1373 chars diff --git a/test/results/default/syncthing.pcap.out b/test/results/default/syncthing.pcap.out index 2692b2e33..e175e0f04 100644 --- a/test/results/default/syncthing.pcap.out +++ b/test/results/default/syncthing.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663058610822000} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663058610822000} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":267,"pkt_l4_len":213,"thread_ts_usec":1663058610822000,"pkt":"MzMAAIOEYDjgxTWght1gAesUANURAf6AAAAAAAAAYjjg\/\/7FNaD\/EgAAAAAAAAAAAAAAAIOEpYJSIwDV+Zwup9kLCiCSt2JimWKUgl\/GzObPNHlCiCgtc7Xs3y3LKb\/UhMQtbxIZdGNwOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIXdGNwOi8vMTkyLjE2OC4wLjE6MjIwMDASF3RjcDovLzE5Mi4xNjguMy4xOjIyMDAwEhpxdWljOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIYcXVpYzovLzE5Mi4xNjguMC4xOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4zLjE6MjIwMDAYzqG5+MLl+b1h"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} @@ -37,7 +37,7 @@ 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":510,"pkt_l4_len":476,"thread_ts_usec":1663059067177000,"pkt":"\/\/\/\/\/\/\/\/YDjgxTWgCABFAAHwU\/5AALkR5UrAqAJkwKgC\/9bBUiMB3IihLqfZCwogkrdiYplilIJfxszmzzR5QogoLXO17N8tyym\/1ITELW8S6gFyZWxheTovLzE1MS44MC40My4xNjc6MjIwNjcvP2dsb2JhbExpbWl0QnBzPTAmaWQ9UVpKRllPUy1CSlBBNFVPLVlQQVhDTlUtUEVHT1BWNC1YNTZJSU9aLTNJR0pEMlAtSDVZNUFDSS00Rk1DTkFOJm5ldHdvcmtUaW1lb3V0PTJtMHMmcGluZ0ludGVydmFsPTFtMHMmcHJvdmlkZWRCeT1odHRwcyUzQSUyRiUyRmtleWJhc2UuaW8lMkZtb3ZpdXJvJnNlc3Npb25MaW1pdEJwcz0wJnN0YXR1c0FkZHI9JTNBMjIwNzASGnF1aWM6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4wLjE6MjIwMDASGHF1aWM6Ly8xOTIuMTY4LjMuMToyMjAwMBIYcXVpYzovLzIuMjAzLjIzNC40OjIyMDAwEhl0Y3A6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhd0Y3A6Ly8xOTIuMTY4LjAuMToyMjAwMBIXdGNwOi8vMTkyLjE2OC4zLjE6MjIwMDAYtbyZh9yrvO9z"} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663058647185000,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663058647185000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":47077,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663059067177000,"flow_src_last_pkt_time":1663059067179000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.255","src_port":54977,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":34,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1663059067179000} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":34,"packets-processed":34,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1663059067179000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 34/34 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915627 bytes -~~ total memory freed........: 6915627 bytes -~~ total allocations/frees...: 114200/114200 +~~ total memory allocated....: 7493223 bytes +~~ total memory freed........: 7493223 bytes +~~ total allocations/frees...: 125931/125931 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 1177 chars diff --git a/test/results/default/synscan.pcap.out b/test/results/default/synscan.pcap.out index d98e947c6..d437f53f6 100644 --- a/test/results/default/synscan.pcap.out +++ b/test/results/default/synscan.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056274870,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056274870,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1278275056274870,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056276409,"flow_src_last_pkt_time":1278275056276409,"flow_dst_last_pkt_time":1278275056276409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056276409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -4137,7 +4137,7 @@ 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":985,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060005897,"flow_src_last_pkt_time":1278275060005897,"flow_dst_last_pkt_time":1278275060005897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060115959,"flow_src_last_pkt_time":1278275060115959,"flow_dst_last_pkt_time":1278275060115959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1062,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060115959,"flow_src_last_pkt_time":1278275060115959,"flow_dst_last_pkt_time":1278275060115959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":31038,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275058031084,"flow_src_last_pkt_time":1278275058031084,"flow_dst_last_pkt_time":1278275058093377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01100{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275058031084,"flow_src_last_pkt_time":1278275058031084,"flow_dst_last_pkt_time":1278275058093377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275058031084,"flow_src_last_pkt_time":1278275058031084,"flow_dst_last_pkt_time":1278275058093377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060291939,"flow_src_last_pkt_time":1278275060291939,"flow_dst_last_pkt_time":1278275060291939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060291939,"flow_src_last_pkt_time":1278275060291939,"flow_dst_last_pkt_time":1278275060291939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":64623,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -4285,7 +4285,7 @@ 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275057477748,"flow_src_last_pkt_time":1278275057477748,"flow_dst_last_pkt_time":1278275057477748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00987{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058220417,"flow_src_last_pkt_time":1278275058220417,"flow_dst_last_pkt_time":1278275058220417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058220417,"flow_src_last_pkt_time":1278275058220417,"flow_dst_last_pkt_time":1278275058220417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01134{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275057678024,"flow_src_last_pkt_time":1278275057678024,"flow_dst_last_pkt_time":1278275057740769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"","domainame":"","smtp": {"user":"","password":"","auth_failed":0}}} +01241{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275057678024,"flow_src_last_pkt_time":1278275057678024,"flow_dst_last_pkt_time":1278275057740769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"","domainame":"","smtp": {"user":"","password":"","auth_failed":0}}} 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275057678024,"flow_src_last_pkt_time":1278275057678024,"flow_dst_last_pkt_time":1278275057740769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00987{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058596242,"flow_src_last_pkt_time":1278275058596242,"flow_dst_last_pkt_time":1278275058596242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058596242,"flow_src_last_pkt_time":1278275058596242,"flow_dst_last_pkt_time":1278275058596242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -4321,7 +4321,7 @@ 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060801319,"flow_src_last_pkt_time":1278275060801319,"flow_dst_last_pkt_time":1278275060801319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1278275056276783,"flow_src_last_pkt_time":1278275056276783,"flow_dst_last_pkt_time":1278275077368085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1278275056276783,"flow_src_last_pkt_time":1278275056276783,"flow_dst_last_pkt_time":1278275077368085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275060291625,"flow_src_last_pkt_time":1278275060291625,"flow_dst_last_pkt_time":1278275060352856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01098{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275060291625,"flow_src_last_pkt_time":1278275060291625,"flow_dst_last_pkt_time":1278275060352856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275060291625,"flow_src_last_pkt_time":1278275060291625,"flow_dst_last_pkt_time":1278275060352856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":70,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060292515,"flow_src_last_pkt_time":1278275060292515,"flow_dst_last_pkt_time":1278275060292515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060292515,"flow_src_last_pkt_time":1278275060292515,"flow_dst_last_pkt_time":1278275060292515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -4385,13 +4385,13 @@ 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056276573,"flow_src_last_pkt_time":1278275056276573,"flow_dst_last_pkt_time":1278275056276573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00987{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275057478316,"flow_src_last_pkt_time":1278275057478316,"flow_dst_last_pkt_time":1278275057478316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275057478316,"flow_src_last_pkt_time":1278275057478316,"flow_dst_last_pkt_time":1278275057478316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275056340211,"flow_src_last_pkt_time":1278275056340211,"flow_dst_last_pkt_time":1278275056401702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01097{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275056340211,"flow_src_last_pkt_time":1278275056340211,"flow_dst_last_pkt_time":1278275056401702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275056340211,"flow_src_last_pkt_time":1278275056340211,"flow_dst_last_pkt_time":1278275056401702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060847420,"flow_src_last_pkt_time":1278275060847420,"flow_dst_last_pkt_time":1278275060847420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060847420,"flow_src_last_pkt_time":1278275060847420,"flow_dst_last_pkt_time":1278275060847420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060949114,"flow_src_last_pkt_time":1278275060949114,"flow_dst_last_pkt_time":1278275060949114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1657,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060949114,"flow_src_last_pkt_time":1278275060949114,"flow_dst_last_pkt_time":1278275060949114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275059345187,"flow_src_last_pkt_time":1278275059345187,"flow_dst_last_pkt_time":1278275059407001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01098{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275059345187,"flow_src_last_pkt_time":1278275059345187,"flow_dst_last_pkt_time":1278275059407001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1278275059345187,"flow_src_last_pkt_time":1278275059345187,"flow_dst_last_pkt_time":1278275059407001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36061,"dst_port":113,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059626781,"flow_src_last_pkt_time":1278275059626781,"flow_dst_last_pkt_time":1278275059626781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059626781,"flow_src_last_pkt_time":1278275059626781,"flow_dst_last_pkt_time":1278275059626781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":125,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -6509,13 +6509,13 @@ 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060846832,"flow_src_last_pkt_time":1278275060846832,"flow_dst_last_pkt_time":1278275060846832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060949640,"flow_src_last_pkt_time":1278275060949640,"flow_dst_last_pkt_time":1278275060949640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060949640,"flow_src_last_pkt_time":1278275060949640,"flow_dst_last_pkt_time":1278275060949640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5054,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059851931,"flow_src_last_pkt_time":1278275059851931,"flow_dst_last_pkt_time":1278275059851931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01066{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059851931,"flow_src_last_pkt_time":1278275059851931,"flow_dst_last_pkt_time":1278275059851931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059851931,"flow_src_last_pkt_time":1278275059851931,"flow_dst_last_pkt_time":1278275059851931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061107870,"flow_src_last_pkt_time":1278275061107870,"flow_dst_last_pkt_time":1278275061107870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01067{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061107870,"flow_src_last_pkt_time":1278275061107870,"flow_dst_last_pkt_time":1278275061107870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061107870,"flow_src_last_pkt_time":1278275061107870,"flow_dst_last_pkt_time":1278275061107870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059962089,"flow_src_last_pkt_time":1278275059962089,"flow_dst_last_pkt_time":1278275059962089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01066{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059962089,"flow_src_last_pkt_time":1278275059962089,"flow_dst_last_pkt_time":1278275059962089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059962089,"flow_src_last_pkt_time":1278275059962089,"flow_dst_last_pkt_time":1278275059962089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061211941,"flow_src_last_pkt_time":1278275061211941,"flow_dst_last_pkt_time":1278275061211941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01067{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061211941,"flow_src_last_pkt_time":1278275061211941,"flow_dst_last_pkt_time":1278275061211941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {}}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061211941,"flow_src_last_pkt_time":1278275061211941,"flow_dst_last_pkt_time":1278275061211941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058721544,"flow_src_last_pkt_time":1278275058721544,"flow_dst_last_pkt_time":1278275058721544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058721544,"flow_src_last_pkt_time":1278275058721544,"flow_dst_last_pkt_time":1278275058721544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -7993,7 +7993,7 @@ 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060746505,"flow_src_last_pkt_time":1278275060746505,"flow_dst_last_pkt_time":1278275060746505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060850680,"flow_src_last_pkt_time":1278275060850680,"flow_dst_last_pkt_time":1278275060850680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060850680,"flow_src_last_pkt_time":1278275060850680,"flow_dst_last_pkt_time":1278275060850680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21571,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2011,"packets-processed":2011,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1854,"total-guessed-flows":140,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2011,"packets-processed":2011,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1854,"total-guessed-flows":140,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 ~~ skipped flows.............: 0 @@ -8002,10 +8002,10 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 11755294 bytes -~~ total memory freed........: 11755294 bytes -~~ total allocations/frees...: 140072/140072 +~~ total memory allocated....: 12332990 bytes +~~ total memory freed........: 12332990 bytes +~~ total allocations/frees...: 151808/151808 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars -~~ json message max len.......: 1216 chars -~~ json message avg len.......: 876 chars +~~ json message max len.......: 1246 chars +~~ json message avg len.......: 891 chars diff --git a/test/results/default/syslog.pcap.out b/test/results/default/syslog.pcap.out index 57f948df2..bf13bcb26 100644 --- a/test/results/default/syslog.pcap.out +++ b/test/results/default/syslog.pcap.out @@ -1,9 +1,9 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":108743144,"packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":108743144} 01223{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":703,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":703,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AqsAIUW0AqkAAEAAQBEKT1+I8jZdFH5uAgICAgKVMFQ8MjY+SmFuIDAxIDAwOjAxOjQ3IG5iNiBuYmQ6IDAxPTc7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMDc7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7MDc9NDA7MDg9MTA7MEE9MTQwMTA7MEI9MTEyODswQz0xNjAwMDswRD0xMDY4OzBFPTMzLjA7MEY9MTguNDsxMj02LjI7MTM9Ni44OzE0PTE5Ljg7MTU9MTIuMTsxNj0wOzE3PTA7MTg9MDsxOT0wOzFCPTE7MUM9QURTTDIrOzFEPTA7MUU9YXV0bzsxRj0xOzIxPTA7MjI9Mzk7MjM9MDsyND0yNjs0Qj0zOzRDPTA7NEQ9MjQ3Mzg7NEU9MzEzNTE2OzRGPTA7NTA9MDs1MT0wOzUyPTA7MTA9MTsxMT00OzMwPTA7MzE9MDszMj0yOzMzPTI7MzQ9MDszNT0wOzM2PTA7NDE9MDs0Mj11bmtub3duOzdDPTA7N0Q9dW5rbm93bjsyRD11bmtub3duOzJGPXVua25vd247Mzk9MDszQT0wOzQ0PTQ5OzQ2PTQ5OzQ4PTQ5OzNCPTA7M0M9MDszRD0wOzNFPTA7M0Y9MDs0MD0wOzc3PTU7Nzg9MDs3OT0wOzkwPTA7OTE9MDs5Mj0wOzk4PTs5OT07OWE9dW5rbm93bjs5Yj1vbjs5Yz1kb3duOzlkPTA7QjA9MA=="} 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":113756696,"packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":113756696} 00791{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":379,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":379,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AWcAIUW0AWUAAEAAQBEL0V+I8jZdFH4wAgICAgFRGxc8MjY+SmFuIDAxIDAwOjAxOjUzIG5iNiBuYmQ6IDAxPTg7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMTM7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7Mzc9NDszMD0wOzMxPTA7MzI9MjszMz0yOzM0PTA7MzU9MDszNj0wOzQxPTA7NDI9dW5rbm93bjs3Qz0wOzdEPXVua25vd247MkQ9dW5rbm93bjsyRj11bmtub3duOzM5PTA7M0E9MDs0ND01NTs0Nj01NTs0OD01NQ=="} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1377043331844398,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -11,14 +11,14 @@ 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1377043331893307,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043331893307,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1377043337197703,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1377043337197703,"pkt":"vDBb56YVAASWJ4vKCABFAACIJ3YAADwRXV2sFDM2rB9uKAICAgIAdHXTPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBJZGxlIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDYyNTQKMCBMSVAoRjgsRjcpIFJlY2VpdmVkCgoA"} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1377043337206117,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043337206117,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ3cAADwRXQisFDM2rB9uKAICAgIAyG\/hPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTI0MQowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIERPV046IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1388653792914155} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1388653792914155} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653792914155,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043354299811,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653841215658,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -32,7 +32,7 @@ 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":121,"flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267494812,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267494812,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406267510571,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267510571,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} @@ -43,7 +43,7 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"vlan_id":121,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279481997,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279497874,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":29,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1600781689297122,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -63,7 +63,7 @@ 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1600781952293713,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1600782411853866} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":35,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1600782411853866} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":1600782411853866,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -93,7 +93,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":52,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1618744015613076} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":52,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1618744015613076} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1618744015613076,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -118,7 +118,7 @@ 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":84,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":3,"total-active-flows":17,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1639052948178444} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":84,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":3,"total-active-flows":17,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":121,"global_ts_usec":1639052948178444} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":408,"flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -126,7 +126,7 @@ 01006{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744128983164,"flow_src_last_pkt_time":1618744128983164,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1906,"l3_proto":"ip4","src_ip":"169.46.82.162","dst_ip":"10.186.117.194","src_port":52173,"dst_port":49948,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01228{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"vlan_id":1506,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":85,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1646228387732435} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":85,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1646228387732435} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435} 00991{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388234384,"packet_id":86,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384} @@ -135,7 +135,7 @@ 00891{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":449,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":449,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa0AIUUAAav9yAAAMxEhssN4pYZT66ndAgIq+AGXbaE8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjMzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5NzI2NS0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidHlwZSI6ICJxdWVyeSIsICJpZCI6IDM5MDc0LCAicnJuYW1lIjogIm9wZW52cG50ZWMuZXRyYS1pZC5jb20iLCAicnJ0eXBlIjogIkEiLCAidHhfaWQiOiAwfX0="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765633,"packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633} 00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":89,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1646781267422628} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":89,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1646781267422628} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","vlan_id":2005,"flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -149,7 +149,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":2005,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"vlan_id":408,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":94,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1646781268509996} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":94,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1646781268509996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 ~~ skipped flows.............: 0 @@ -158,9 +158,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6957457 bytes -~~ total memory freed........: 6957457 bytes -~~ total allocations/frees...: 114436/114436 +~~ total memory allocated....: 7535083 bytes +~~ total memory freed........: 7535083 bytes +~~ total allocations/frees...: 126168/126168 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 285 chars ~~ json message max len.......: 2234 chars diff --git a/test/results/default/tailscale.pcap.out b/test/results/default/tailscale.pcap.out index 73f99bd6d..3a33b537f 100644 --- a/test/results/default/tailscale.pcap.out +++ b/test/results/default/tailscale.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623328901893092} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623328901893092} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1623328901893092,"pkt":"poPnuslkAAwplE+vCABFAAB4d9xAAEART3bAqFgDEsRHs6KpoqkAZHYFVFPwn5KstoR90hKud3v64hSzbQ2XEVLwx+BSTgwosKAQW1+mFhcDIU7pTkASV+cPow8CosaxW7erOd5Ypqum39pp9XjnyWeXa9gOouLKbhi2mYRqmqG3HWqWW+4="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -9,7 +9,7 @@ 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623328903725945,"flow_dst_last_pkt_time":1623328904184015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1623328904184015,"pkt":"AAwplE+vpoPnuslkCABFAACcwGAAADARAAASxEezwKhYA6KpoqkAiNUeBAAAAJjIPnoBAAAAAAAAAIDRhelXasbgL\/+zYa0dujImbboZHw5LtTzrMLrAnJiErjX4Q\/gpsHyUZ2phBiZAcnlAJHPknh+UjOJs8w8oU91sAPPQbskYRx3J+rH+DeFVFEtkDOzsDsjpsegoPlzrb\/fiUGSsuyCgJy+T4mnA9xA="} 02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328910935194,"flow_dst_last_pkt_time":1623328911751937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":1430,"flow_dst_tot_l4_payload_len":2162,"midstream":0,"thread_ts_usec":1623328911751937,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":609708.0,"max":1999684,"stddev":605237.1,"var":366311899136.0,"ent":4.2,"data": [1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405]},"pktlen": {"min":120,"avg":140.2,"max":156,"stddev":15.4,"var":237.9,"ent":5.0,"data": [120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120]},"bins": {"c_to_s": [0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1],"entropies": [6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":56,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328931902798,"flow_dst_last_pkt_time":1623328933775730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":5700,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1623328933775730,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":107,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1623328933775730} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":107,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1623328933775730} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 107/107 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910716 bytes -~~ total memory freed........: 6910716 bytes -~~ total allocations/frees...: 114244/114244 +~~ total memory allocated....: 7488312 bytes +~~ total memory freed........: 7488312 bytes +~~ total allocations/frees...: 125975/125975 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 2244 chars diff --git a/test/results/default/targusdataspeed_false_positives.pcap.out b/test/results/default/targusdataspeed_false_positives.pcap.out index 33e5f2635..b964e3b3f 100644 --- a/test/results/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/default/targusdataspeed_false_positives.pcap.out @@ -1,4 +1,4 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":35569737,"pkt":"UlQAEjUCCAAn5uVZCABFAAB+ehEAAIARLTAKAAIPT6Q3e126E4kAahVHZDE6YWQyOmlkMjA69gJ3AZhiwRyVvvTzAO9QVrdoSnA2OnRhcmdldDIwOvYCdwGYYsEclb708wDvUFa3aEpxZTE6cTk6ZmluZF9ub2RlMTp0ODqI0o3DoQnQUDE6eTE6cWU="} 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -9,7 +9,7 @@ 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":47351725,"pkt":"CAAn5uVZUlQAEjUCCABFAAFLPoUAAEARp+tZQC3jCgACDxRRXboBN3DOZDI6aXA2Ol0v4fi2NTE6cmQyOmlkMjA6Cixkc\/ArsXcJ7U3wslfTpV0++Qo1Om5vZGVzMjA4OgnoTWcn5Dz1WsC7MJGi19W6kHfXwIMsWf7sCMB+iYC28R+pvpNIPRWUbo8TACBttiU\/eIoJTCvSXHm7E6mVIW1xdJVtFGBxj71Fdbbh6Qi0O4aQ71PNaDpVSFMJBfrOkxEjUPl1HgURCYdIr0PZ+eaVADua7fVMXBTcQ4EChJrSdkcJ4hLhbiau6yJI+VuOfD+bIhmzz7V5SbNlNQhV3fqFlrrzSnPbqxOCr29KlotYDsDTJxC1CNuf8fG76euzpts8hww+mSReDZCIHta8ty8xOnBpNDY2NDVlZTE6dDg6yqEY3ZzscnUxOnY0OkxUAQIxOnkxOnJl"} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35636027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":46627016,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":47351725} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":47351725} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910165 bytes -~~ total memory freed........: 6910165 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7487761 bytes +~~ total memory freed........: 7487761 bytes +~~ total allocations/frees...: 125885/125885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 641 chars ~~ json message max len.......: 1096 chars diff --git a/test/results/default/tcp_scan.pcapng.out b/test/results/default/tcp_scan.pcapng.out index 1ec5e8728..94885f021 100644 --- a/test/results/default/tcp_scan.pcapng.out +++ b/test/results/default/tcp_scan.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1674583448287506} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1674583448287506} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1674583461865595,"pkt":"AICPmq69KDc3AG3ICABFAABAAABAAP8G97LAqAGywKgBAtvQAFAaMXySAAAAALAC\/\/+gxwAAAgQFtAEDAwUBAQgKBzOYGQAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461865599,"flow_dst_last_pkt_time":1674583461865599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865599,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -25,21 +25,21 @@ 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583501982691,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501982691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501982691,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":63243,"dst_port":3392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501982691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1674583501982691,"pkt":"AICPmq69KDc3AG3ICABFAAAohgUAADMGfcbAqAGywKgBAvcLDUDJoapcAAAAAFApBACvbAAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501983146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1674583501983146,"pkt":"KDc3AG3IAICPmq69CABFAAAo8MlAAEAGxgHAqAECwKgBsg1A9wsAAAAAyaGqXVAUAACzgAAAAAAAAAAA"} -01177{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583480667908,"flow_src_last_pkt_time":1674583480667908,"flow_dst_last_pkt_time":1674583480668537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":43067,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +01284{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583480667908,"flow_src_last_pkt_time":1674583480667908,"flow_dst_last_pkt_time":1674583480668537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":43067,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583480667908,"flow_src_last_pkt_time":1674583480667908,"flow_dst_last_pkt_time":1674583480668537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":43067,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461866897,"flow_dst_last_pkt_time":1674583461866656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +01202{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461866897,"flow_dst_last_pkt_time":1674583461866656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461866897,"flow_dst_last_pkt_time":1674583461866656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01050{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461866946,"flow_dst_last_pkt_time":1674583461866839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01157{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461866946,"flow_dst_last_pkt_time":1674583461866839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461866946,"flow_dst_last_pkt_time":1674583461866839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01063{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01170{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583496676115,"flow_src_last_pkt_time":1674583496676115,"flow_dst_last_pkt_time":1674583496676680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":57916,"dst_port":3391,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01100{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583496676115,"flow_src_last_pkt_time":1674583496676115,"flow_dst_last_pkt_time":1674583496676680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":57916,"dst_port":3391,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583496676115,"flow_src_last_pkt_time":1674583496676115,"flow_dst_last_pkt_time":1674583496676680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":57916,"dst_port":3391,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583488939833,"flow_src_last_pkt_time":1674583488939833,"flow_dst_last_pkt_time":1674583488940443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":62971,"dst_port":3390,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01100{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583488939833,"flow_src_last_pkt_time":1674583488939833,"flow_dst_last_pkt_time":1674583488940443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":62971,"dst_port":3390,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583488939833,"flow_src_last_pkt_time":1674583488939833,"flow_dst_last_pkt_time":1674583488940443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":62971,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00993{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583501982691,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501983146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":63243,"dst_port":3392,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +01100{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583501982691,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501983146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":63243,"dst_port":3392,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583501982691,"flow_src_last_pkt_time":1674583501982691,"flow_dst_last_pkt_time":1674583501983146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":63243,"dst_port":3392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1674583501983146} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1674583501983146} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/18 ~~ skipped flows.............: 0 @@ -48,10 +48,10 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6922676 bytes -~~ total memory freed........: 6922676 bytes -~~ total allocations/frees...: 114233/114233 +~~ total memory allocated....: 7500412 bytes +~~ total memory freed........: 7500412 bytes +~~ total allocations/frees...: 125971/125971 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars -~~ json message max len.......: 1182 chars -~~ json message avg len.......: 856 chars +~~ json message max len.......: 1289 chars +~~ json message avg len.......: 909 chars diff --git a/test/results/default/teams.pcap.out b/test/results/default/teams.pcap.out index 6db56c737..f63997e9a 100644 --- a/test/results/default/teams.pcap.out +++ b/test/results/default/teams.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -32,14 +32,14 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"} -01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01528{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"} -01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01874{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01833{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00291{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249} 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"} 02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,16 +55,16 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01343{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"} -01576{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01529{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 02298{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485} @@ -77,9 +77,9 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01343{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01875{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01834{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338} 00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -121,7 +121,7 @@ 00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -130,17 +130,17 @@ 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -01135{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} +01123{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -150,17 +150,17 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"} -01543{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} +01499{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 01139{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.113.194.132,ttl=104"]}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -168,9 +168,9 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"} -01634{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01587{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","domainame":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -183,15 +183,15 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"} -01876{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01835{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214} 00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -208,7 +208,7 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"} -01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} 02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"} 02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"} @@ -219,9 +219,9 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01362{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"} -01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02209{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} @@ -233,16 +233,16 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01876{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01835{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} @@ -254,10 +254,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"} -02087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} -02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +02046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} +02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -300,49 +300,49 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","domainame":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01374{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"} -01713{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01666{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01876{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01835{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"} -01876{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01835{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} -01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} -02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} +02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"} -01656{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01609{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 02346{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -353,15 +353,15 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"} -01878{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} +01837{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -374,10 +374,10 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"} -01877{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} -02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01836{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -389,7 +389,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -401,7 +401,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"} -01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"} 02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} @@ -428,16 +428,16 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01397{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"} -01485{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01451{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -448,43 +448,43 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} -00997{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01047{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -00997{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01047{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} @@ -493,15 +493,15 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01858{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01817{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01858{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01817{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -512,40 +512,40 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01360{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="} -01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} -01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} -01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"159.145.24.130:64794"}}} +01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"159.145.24.130:64794","multimedia_flow_types":"Audio"}}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} -01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"18.140.192.228:28678"}}} +01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"18.140.192.228:28678","multimedia_flow_types":"Audio"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -554,9 +554,9 @@ 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="} 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} @@ -570,7 +570,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -578,21 +578,21 @@ 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01169{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01159{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01159{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01160{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} @@ -605,8 +605,8 @@ 01160{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 01169{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00869{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com"}} @@ -616,7 +616,7 @@ 01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com"}} 00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com"}} -01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com"}} @@ -632,8 +632,8 @@ 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net"}} -01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com"}} -00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com"}} +00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net"}} @@ -643,29 +643,29 @@ 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net"}} 00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01215{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01215{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01160{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01160{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01070{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -674,9 +674,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8345483 bytes -~~ total memory freed........: 8345483 bytes -~~ total allocations/frees...: 117024/117024 +~~ total memory allocated....: 8923253 bytes +~~ total memory freed........: 8923253 bytes +~~ total allocations/frees...: 128763/128763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 295 chars ~~ json message max len.......: 2501 chars diff --git a/test/results/default/teamspeak3.pcap.out b/test/results/default/teamspeak3.pcap.out index 2fdee408b..b2b705a7b 100644 --- a/test/results/default/teamspeak3.pcap.out +++ b/test/results/default/teamspeak3.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946745680740311} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946745680740311} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745680740311,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="} 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} @@ -7,7 +7,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946745681306941,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745681306941,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946745681306983,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946745681306983,"pkt":"REREREREZmZmZmZmCABFAADYyX5AAHgRnXQKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946745682007760,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745682007760,"pkt":"REREREREZmZmZmZmCABFAAA+yf1AAHgRnY8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2MAAAAAAAAAAA=="} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1667856551682719} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1667856551682719} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551682719,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667856551682719,"pkt":"AABeAAEK6qmpVXFVCABFAAAg6GhAAD8RkF7BHxlGM0S1XAfbB9oADMMjAYCEAQ=="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1667856551687540,"pkt":"6qmpVXFVEA5+JvHACABFAAAkwyxAADQRwJYzRLVcwR8ZRgfaB9sAEFGEAYCEAXxl2acAAAAAAAA="} @@ -17,247 +17,247 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745717746131,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551693001,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1667857151661156,"flow_dst_last_pkt_time":1667856551693001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667857151661156,"pkt":"AABeAAEK6qmpVXFVCABFAAAgFyVAAD8RYaLBHxlGM0S1XAfbB9oADMMjAYKEAQ=="} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857151666127,"flow_dst_last_pkt_time":1667857151670963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1667857151670963,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1667857751746605} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":21,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1667857751746605} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857751751776,"flow_dst_last_pkt_time":1667857751756665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1667857751756665,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1667858351841483} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1667858351841483} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858351846489,"flow_dst_last_pkt_time":1667858351851342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1667858351851342,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858951749360,"flow_dst_last_pkt_time":1667858951754177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":65,"midstream":0,"thread_ts_usec":1667858951754177,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1667859551930352} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1667859551930352} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667859551935305,"flow_dst_last_pkt_time":1667859551940122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1667859551940122,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860151925248,"flow_dst_last_pkt_time":1667860151930037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1667860151930037,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1667860752077584} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":42,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1667860752077584} 02222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4821,"avg":270993696.0,"max":600180997,"stddev":298614912.0,"var":89170865459036160.0,"ent":3.8,"data": [4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963]},"pktlen": {"min":32,"avg":40.0,"max":44,"stddev":4.7,"var":22.0,"ent":5.0,"data": [32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861351993175,"flow_dst_last_pkt_time":1667861351998031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1667861351998031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1667861952155552} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":50,"packets-processed":49,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1667861952155552} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861952160606,"flow_dst_last_pkt_time":1667861952165473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1667861952165473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667862552075384,"flow_dst_last_pkt_time":1667862552080210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1667862552080210,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1667863152145991} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":35,"global_ts_usec":1667863152145991} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863152150938,"flow_dst_last_pkt_time":1667863152155777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1667863152155777,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863752105541,"flow_dst_last_pkt_time":1667863752110395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":169,"midstream":0,"thread_ts_usec":1667863752110395,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1667864352264298} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1667864352264298} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864352269395,"flow_dst_last_pkt_time":1667864352274267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1667864352274267,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1667864952277211} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":69,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1667864952277211} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":30,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864952282201,"flow_dst_last_pkt_time":1667864952287024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1667864952287024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1667865552502273} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1667865552502273} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":32,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667865552507391,"flow_dst_last_pkt_time":1667865552512264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1667865552512264,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866152387758,"flow_dst_last_pkt_time":1667866152392764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":221,"midstream":0,"thread_ts_usec":1667866152392764,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1667866752540859} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":82,"packets-processed":81,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1667866752540859} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":36,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866752545981,"flow_dst_last_pkt_time":1667866752550878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":234,"midstream":0,"thread_ts_usec":1667866752550878,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867352498846,"flow_dst_last_pkt_time":1667867352503806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1667867352503806,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1667867952564843} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":48,"global_ts_usec":1667867952564843} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867952571449,"flow_dst_last_pkt_time":1667867952576449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1667867952576449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1667868552626724} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":94,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1667868552626724} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":42,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667868552631982,"flow_dst_last_pkt_time":1667868552644435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1667868552644435,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1667869152831749} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":52,"global_ts_usec":1667869152831749} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":44,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869152836944,"flow_dst_last_pkt_time":1667869152841890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":286,"midstream":0,"thread_ts_usec":1667869152841890,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":46,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869752718957,"flow_dst_last_pkt_time":1667869752723999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":299,"midstream":0,"thread_ts_usec":1667869752723999,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1667870352860295} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1667870352860295} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":48,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870352865541,"flow_dst_last_pkt_time":1667870352870527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1667870352870527,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1667870952861879} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":113,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":57,"global_ts_usec":1667870952861879} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":50,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870952856962,"flow_dst_last_pkt_time":1667870952861879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":500,"flow_dst_tot_l4_payload_len":325,"midstream":0,"thread_ts_usec":1667870952861879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1667871552965002} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1667871552965002} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":52,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667871552970090,"flow_dst_last_pkt_time":1667871552974984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":338,"midstream":0,"thread_ts_usec":1667871552974984,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1667872152967383} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1667872152967383} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872152962414,"flow_dst_last_pkt_time":1667872152967383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":351,"midstream":0,"thread_ts_usec":1667872152967383,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1667872753004113} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1667872753004113} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872753009396,"flow_dst_last_pkt_time":1667872753014340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":364,"midstream":0,"thread_ts_usec":1667872753014340,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":126,"packets-processed":125,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1667873353144571} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":126,"packets-processed":125,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1667873353144571} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":58,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873353149829,"flow_dst_last_pkt_time":1667873353154817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":377,"midstream":0,"thread_ts_usec":1667873353154817,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1667873953146815} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":133,"packets-processed":132,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":67,"global_ts_usec":1667873953146815} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":60,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873953141847,"flow_dst_last_pkt_time":1667873953146815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":390,"midstream":0,"thread_ts_usec":1667873953146815,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1667874553276670} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":134,"packets-processed":133,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":69,"global_ts_usec":1667874553276670} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":62,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667874553281783,"flow_dst_last_pkt_time":1667874553286698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":403,"midstream":0,"thread_ts_usec":1667874553286698,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":64,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875153244452,"flow_dst_last_pkt_time":1667875153249351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1667875153249351,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1667875753342484} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1667875753342484} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":66,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875753347778,"flow_dst_last_pkt_time":1667875753352702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":429,"midstream":0,"thread_ts_usec":1667875753352702,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1667876353408264} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1667876353408264} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":68,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876353413449,"flow_dst_last_pkt_time":1667876353418444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1667876353418444,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1667876953587033} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":150,"packets-processed":149,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1667876953587033} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":70,"flow_dst_packets_processed":70,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876953592257,"flow_dst_last_pkt_time":1667876953597228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":455,"midstream":0,"thread_ts_usec":1667876953597228,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667877553543097,"flow_dst_last_pkt_time":1667877553548159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1667877553548159,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1667878153569226} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":158,"packets-processed":157,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1667878153569226} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":74,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878153574404,"flow_dst_last_pkt_time":1667878153579443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":481,"midstream":0,"thread_ts_usec":1667878153579443,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1667878753632528} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":81,"global_ts_usec":1667878753632528} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":76,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878753638134,"flow_dst_last_pkt_time":1667878753643091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1667878753643091,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1667879353636120} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":166,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1667879353636120} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":78,"flow_dst_packets_processed":78,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879353641506,"flow_dst_last_pkt_time":1667879353646439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1667879353646439,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1667879953703352} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":85,"global_ts_usec":1667879953703352} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":80,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879953708739,"flow_dst_last_pkt_time":1667879953713725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":520,"midstream":0,"thread_ts_usec":1667879953713725,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1667880553876737} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":174,"packets-processed":173,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":87,"global_ts_usec":1667880553876737} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":82,"flow_dst_packets_processed":82,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667880553881895,"flow_dst_last_pkt_time":1667880553886879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":533,"midstream":0,"thread_ts_usec":1667880553886879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":84,"flow_dst_packets_processed":84,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881153859790,"flow_dst_last_pkt_time":1667881153864831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1667881153864831,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1667881753952134} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":182,"packets-processed":181,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":90,"global_ts_usec":1667881753952134} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":86,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881753957333,"flow_dst_last_pkt_time":1667881753962303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1667881753962303,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":88,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882353935191,"flow_dst_last_pkt_time":1667882353940184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1667882353940184,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":190,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":93,"global_ts_usec":1667882954166449} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":190,"packets-processed":189,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":93,"global_ts_usec":1667882954166449} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":90,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882954171570,"flow_dst_last_pkt_time":1667882954176520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":585,"midstream":0,"thread_ts_usec":1667882954176520,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":92,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667883554074126,"flow_dst_last_pkt_time":1667883554079112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":598,"midstream":0,"thread_ts_usec":1667883554079112,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1667884154200917} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":198,"packets-processed":197,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":96,"global_ts_usec":1667884154200917} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":94,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884154206101,"flow_dst_last_pkt_time":1667884154211101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":611,"midstream":0,"thread_ts_usec":1667884154211101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":96,"flow_dst_packets_processed":96,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884754157900,"flow_dst_last_pkt_time":1667884754162909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1667884754162909,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1667885354328064} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":206,"packets-processed":205,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":99,"global_ts_usec":1667885354328064} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":98,"flow_dst_packets_processed":98,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885354333244,"flow_dst_last_pkt_time":1667885354338234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":980,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_usec":1667885354338234,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1667885954340552} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":210,"packets-processed":209,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":101,"global_ts_usec":1667885954340552} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885954345790,"flow_dst_last_pkt_time":1667885954350789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":650,"midstream":0,"thread_ts_usec":1667885954350789,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":103,"global_ts_usec":1667886554547380} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":214,"packets-processed":213,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":103,"global_ts_usec":1667886554547380} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":102,"flow_dst_packets_processed":102,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667886554552478,"flow_dst_last_pkt_time":1667886554557490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":663,"midstream":0,"thread_ts_usec":1667886554557490,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":104,"flow_dst_packets_processed":104,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887154419061,"flow_dst_last_pkt_time":1667887154424032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1667887154424032,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":106,"global_ts_usec":1667887754581847} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":222,"packets-processed":221,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":106,"global_ts_usec":1667887754581847} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":106,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887754587099,"flow_dst_last_pkt_time":1667887754592084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":689,"midstream":0,"thread_ts_usec":1667887754592084,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":108,"flow_dst_packets_processed":108,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888354542054,"flow_dst_last_pkt_time":1667888354546973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":702,"midstream":0,"thread_ts_usec":1667888354546973,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":230,"packets-processed":229,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1667888954680644} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":230,"packets-processed":229,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1667888954680644} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":110,"flow_dst_packets_processed":110,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888954685885,"flow_dst_last_pkt_time":1667888954690939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":715,"midstream":0,"thread_ts_usec":1667888954690939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1667889554755560} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":234,"packets-processed":233,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1667889554755560} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":112,"flow_dst_packets_processed":112,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667889554760836,"flow_dst_last_pkt_time":1667889554765828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1120,"flow_dst_tot_l4_payload_len":728,"midstream":0,"thread_ts_usec":1667889554765828,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":113,"global_ts_usec":1667890154914103} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":238,"packets-processed":237,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":113,"global_ts_usec":1667890154914103} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":114,"flow_dst_packets_processed":114,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890154919389,"flow_dst_last_pkt_time":1667890154924380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1140,"flow_dst_tot_l4_payload_len":741,"midstream":0,"thread_ts_usec":1667890154924380,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":116,"flow_dst_packets_processed":116,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890754878493,"flow_dst_last_pkt_time":1667890754883473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1160,"flow_dst_tot_l4_payload_len":754,"midstream":0,"thread_ts_usec":1667890754883473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1667891355001091} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":116,"global_ts_usec":1667891355001091} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":118,"flow_dst_packets_processed":118,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891355006788,"flow_dst_last_pkt_time":1667891355011838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":767,"midstream":0,"thread_ts_usec":1667891355011838,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":120,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891954956914,"flow_dst_last_pkt_time":1667891954961842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1667891954961842,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1667892555167346} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":254,"packets-processed":253,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":119,"global_ts_usec":1667892555167346} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":122,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667892555172533,"flow_dst_last_pkt_time":1667892555177496,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":793,"midstream":0,"thread_ts_usec":1667892555177496,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":124,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893155127871,"flow_dst_last_pkt_time":1667893155132919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":1667893155132919,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":122,"global_ts_usec":1667893755260179} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":262,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":122,"global_ts_usec":1667893755260179} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":126,"flow_dst_packets_processed":126,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893755265342,"flow_dst_last_pkt_time":1667893755270276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":819,"midstream":0,"thread_ts_usec":1667893755270276,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":124,"global_ts_usec":1667894355302105} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":124,"global_ts_usec":1667894355302105} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":128,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894355307414,"flow_dst_last_pkt_time":1667894355312359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1667894355312359,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1667894955409230} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":270,"packets-processed":269,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1667894955409230} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":130,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894955414396,"flow_dst_last_pkt_time":1667894955419371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1667894955419371,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":132,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667895555356769,"flow_dst_last_pkt_time":1667895555361872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":858,"midstream":0,"thread_ts_usec":1667895555361872,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1667896155512008} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":278,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":129,"global_ts_usec":1667896155512008} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":134,"flow_dst_packets_processed":134,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896155517256,"flow_dst_last_pkt_time":1667896155522215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1340,"flow_dst_tot_l4_payload_len":871,"midstream":0,"thread_ts_usec":1667896155522215,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":136,"flow_dst_packets_processed":136,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896755496441,"flow_dst_last_pkt_time":1667896755501407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":884,"midstream":0,"thread_ts_usec":1667896755501407,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1667897355721055} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":286,"packets-processed":285,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1667897355721055} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":138,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897355726163,"flow_dst_last_pkt_time":1667897355731141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1380,"flow_dst_tot_l4_payload_len":897,"midstream":0,"thread_ts_usec":1667897355731141,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":140,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897955693161,"flow_dst_last_pkt_time":1667897955698197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":910,"midstream":0,"thread_ts_usec":1667897955698197,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1667898555812144} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":294,"packets-processed":293,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":135,"global_ts_usec":1667898555812144} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":142,"flow_dst_packets_processed":142,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667898555817351,"flow_dst_last_pkt_time":1667898555822315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":923,"midstream":0,"thread_ts_usec":1667898555822315,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":144,"flow_dst_packets_processed":144,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899155761861,"flow_dst_last_pkt_time":1667899155766839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":936,"midstream":0,"thread_ts_usec":1667899155766839,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":302,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1667899755907084} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":302,"packets-processed":301,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":138,"global_ts_usec":1667899755907084} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":146,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899755912613,"flow_dst_last_pkt_time":1667899755917554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":949,"midstream":0,"thread_ts_usec":1667899755917554,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":148,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900355876128,"flow_dst_last_pkt_time":1667900355881101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1667900355881101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":310,"packets-processed":309,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":141,"global_ts_usec":1667900956028384} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":310,"packets-processed":309,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":141,"global_ts_usec":1667900956028384} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900956033514,"flow_dst_last_pkt_time":1667900956038487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1667900956038487,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":152,"flow_dst_packets_processed":152,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667901555988133,"flow_dst_last_pkt_time":1667901555993121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1520,"flow_dst_tot_l4_payload_len":988,"midstream":0,"thread_ts_usec":1667901555993121,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":144,"global_ts_usec":1667902156041748} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":318,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":144,"global_ts_usec":1667902156041748} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":154,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902156047066,"flow_dst_last_pkt_time":1667902156052018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":1001,"midstream":0,"thread_ts_usec":1667902156052018,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1667902756106952} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":322,"packets-processed":321,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":146,"global_ts_usec":1667902756106952} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":156,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902756112485,"flow_dst_last_pkt_time":1667902756117482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1014,"midstream":0,"thread_ts_usec":1667902756117482,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":148,"global_ts_usec":1667903356166082} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":326,"packets-processed":325,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":148,"global_ts_usec":1667903356166082} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":158,"flow_dst_packets_processed":158,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903356171219,"flow_dst_last_pkt_time":1667903356176150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1580,"flow_dst_tot_l4_payload_len":1027,"midstream":0,"thread_ts_usec":1667903356176150,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":330,"packets-processed":329,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":150,"global_ts_usec":1667903956205391} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":330,"packets-processed":329,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":150,"global_ts_usec":1667903956205391} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":160,"flow_dst_packets_processed":160,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903956210625,"flow_dst_last_pkt_time":1667903956215536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1667903956215536,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1667904556255353} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":152,"global_ts_usec":1667904556255353} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":162,"flow_dst_packets_processed":162,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667904556260623,"flow_dst_last_pkt_time":1667904556265561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1667904556265561,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":154,"global_ts_usec":1667905156369162} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":338,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":154,"global_ts_usec":1667905156369162} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":164,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905156374273,"flow_dst_last_pkt_time":1667905156379254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":1066,"midstream":0,"thread_ts_usec":1667905156379254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":166,"flow_dst_packets_processed":166,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905756313488,"flow_dst_last_pkt_time":1667905756318378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1660,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1667905756318378,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":346,"packets-processed":345,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":157,"global_ts_usec":1667906356457980} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":346,"packets-processed":345,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":157,"global_ts_usec":1667906356457980} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":168,"flow_dst_packets_processed":168,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906356463124,"flow_dst_last_pkt_time":1667906356468031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1680,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1667906356468031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":170,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906956410643,"flow_dst_last_pkt_time":1667906956415568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":1105,"midstream":0,"thread_ts_usec":1667906956415568,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":160,"global_ts_usec":1667907556513484} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":354,"packets-processed":353,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":160,"global_ts_usec":1667907556513484} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":172,"flow_dst_packets_processed":172,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667907556518677,"flow_dst_last_pkt_time":1667907556523620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":1118,"midstream":0,"thread_ts_usec":1667907556523620,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":361,"packets-processed":360,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":162,"global_ts_usec":1667908156515424} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":361,"packets-processed":360,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":162,"global_ts_usec":1667908156515424} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":174,"flow_dst_packets_processed":174,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908156510528,"flow_dst_last_pkt_time":1667908156515424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":1131,"midstream":0,"thread_ts_usec":1667908156515424,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1667908756689314} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":362,"packets-processed":361,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":164,"global_ts_usec":1667908756689314} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":176,"flow_dst_packets_processed":176,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908756694403,"flow_dst_last_pkt_time":1667908756699292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":1144,"midstream":0,"thread_ts_usec":1667908756699292,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":178,"flow_dst_packets_processed":178,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909356671590,"flow_dst_last_pkt_time":1667909356676397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1780,"flow_dst_tot_l4_payload_len":1157,"midstream":0,"thread_ts_usec":1667909356676397,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":167,"global_ts_usec":1667909956810650} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":370,"packets-processed":369,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":167,"global_ts_usec":1667909956810650} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":180,"flow_dst_packets_processed":180,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909956815838,"flow_dst_last_pkt_time":1667909956820716,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1800,"flow_dst_tot_l4_payload_len":1170,"midstream":0,"thread_ts_usec":1667909956820716,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":182,"flow_dst_packets_processed":182,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667910556765092,"flow_dst_last_pkt_time":1667910556769939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1820,"flow_dst_tot_l4_payload_len":1183,"midstream":0,"thread_ts_usec":1667910556769939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":170,"global_ts_usec":1667911156952838} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":378,"packets-processed":377,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":170,"global_ts_usec":1667911156952838} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":184,"flow_dst_packets_processed":184,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911156957940,"flow_dst_last_pkt_time":1667911156962766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":1196,"midstream":0,"thread_ts_usec":1667911156962766,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":186,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911756928410,"flow_dst_last_pkt_time":1667911756933311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1860,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1667911756933311,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":173,"global_ts_usec":1667912357066553} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":386,"packets-processed":385,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":173,"global_ts_usec":1667912357066553} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":188,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912357071592,"flow_dst_last_pkt_time":1667912357076394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1880,"flow_dst_tot_l4_payload_len":1222,"midstream":0,"thread_ts_usec":1667912357076394,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":390,"packets-processed":389,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1667912957180917} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":390,"packets-processed":389,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1667912957180917} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":190,"flow_dst_packets_processed":190,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912957187835,"flow_dst_last_pkt_time":1667912957193306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1900,"flow_dst_tot_l4_payload_len":1235,"midstream":0,"thread_ts_usec":1667912957193306,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":192,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667913557149355,"flow_dst_last_pkt_time":1667913557154138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":1248,"midstream":0,"thread_ts_usec":1667913557154138,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":398,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":178,"global_ts_usec":1667914157284622} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":398,"packets-processed":397,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":178,"global_ts_usec":1667914157284622} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":194,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914157289594,"flow_dst_last_pkt_time":1667914157294449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":1261,"midstream":0,"thread_ts_usec":1667914157294449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":402,"packets-processed":401,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1667914757354818} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":402,"packets-processed":401,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1667914757354818} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":196,"flow_dst_packets_processed":196,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914757360081,"flow_dst_last_pkt_time":1667914757364918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":1274,"midstream":0,"thread_ts_usec":1667914757364918,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":182,"global_ts_usec":1667915357412080} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":182,"global_ts_usec":1667915357412080} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":198,"flow_dst_packets_processed":198,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915357417116,"flow_dst_last_pkt_time":1667915357421996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1287,"midstream":0,"thread_ts_usec":1667915357421996,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":184,"global_ts_usec":1667915957427289} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":410,"packets-processed":409,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":184,"global_ts_usec":1667915957427289} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":200,"flow_dst_packets_processed":200,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915957432416,"flow_dst_last_pkt_time":1667915957437254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2000,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1667915957437254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":186,"global_ts_usec":1667916557456657} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":186,"global_ts_usec":1667916557456657} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":202,"flow_dst_packets_processed":202,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667916557461709,"flow_dst_last_pkt_time":1667916557466499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":1313,"midstream":0,"thread_ts_usec":1667916557466499,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":204,"flow_dst_packets_processed":204,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917157423210,"flow_dst_last_pkt_time":1667917157428021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2040,"flow_dst_tot_l4_payload_len":1326,"midstream":0,"thread_ts_usec":1667917157428021,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":189,"global_ts_usec":1667917757547203} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":189,"global_ts_usec":1667917757547203} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":206,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917757552293,"flow_dst_last_pkt_time":1667917757557136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2060,"flow_dst_tot_l4_payload_len":1339,"midstream":0,"thread_ts_usec":1667917757557136,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":191,"global_ts_usec":1667918357617085} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":426,"packets-processed":425,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":191,"global_ts_usec":1667918357617085} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":208,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918357622166,"flow_dst_last_pkt_time":1667918357626995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2080,"flow_dst_tot_l4_payload_len":1352,"midstream":0,"thread_ts_usec":1667918357626995,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1667918957773708} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":430,"packets-processed":429,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":193,"global_ts_usec":1667918957773708} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":210,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918957778810,"flow_dst_last_pkt_time":1667918957783659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":1365,"midstream":0,"thread_ts_usec":1667918957783659,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":212,"flow_dst_packets_processed":212,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667919557747659,"flow_dst_last_pkt_time":1667919557752579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2120,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1667919557752579,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1667920157885500} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":438,"packets-processed":437,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1667920157885500} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":214,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920157890541,"flow_dst_last_pkt_time":1667920157895403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2140,"flow_dst_tot_l4_payload_len":1391,"midstream":0,"thread_ts_usec":1667920157895403,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":216,"flow_dst_packets_processed":216,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920757821189,"flow_dst_last_pkt_time":1667920757826024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2160,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1667920757826024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":199,"global_ts_usec":1667921357934789} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":446,"packets-processed":445,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":199,"global_ts_usec":1667921357934789} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":218,"flow_dst_packets_processed":218,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921357939819,"flow_dst_last_pkt_time":1667921357944657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2180,"flow_dst_tot_l4_payload_len":1417,"midstream":0,"thread_ts_usec":1667921357944657,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1667921957936046} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":450,"packets-processed":449,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1667921957936046} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":220,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921957941247,"flow_dst_last_pkt_time":1667921957946139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2200,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1667921957946139,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1667922558027247} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":454,"packets-processed":453,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":203,"global_ts_usec":1667922558027247} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":222,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667922558032278,"flow_dst_last_pkt_time":1667922558037152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2220,"flow_dst_tot_l4_payload_len":1443,"midstream":0,"thread_ts_usec":1667922558037152,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":224,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923157994247,"flow_dst_last_pkt_time":1667923157999099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2240,"flow_dst_tot_l4_payload_len":1456,"midstream":0,"thread_ts_usec":1667923157999099,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":462,"packets-processed":461,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1667923758140912} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":462,"packets-processed":461,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":206,"global_ts_usec":1667923758140912} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":226,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923758145987,"flow_dst_last_pkt_time":1667923758150812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2260,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1667923758150812,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1667924358195146} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":208,"global_ts_usec":1667924358195146} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":228,"flow_dst_packets_processed":228,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924358200510,"flow_dst_last_pkt_time":1667924358205436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2280,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1667924358205436,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":210,"global_ts_usec":1667924958336024} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":470,"packets-processed":469,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":210,"global_ts_usec":1667924958336024} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":230,"flow_dst_packets_processed":230,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924958341359,"flow_dst_last_pkt_time":1667924958346268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2300,"flow_dst_tot_l4_payload_len":1495,"midstream":0,"thread_ts_usec":1667924958346268,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":232,"flow_dst_packets_processed":232,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667925558331107,"flow_dst_last_pkt_time":1667925558336001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1667925558336001,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1667926158477541} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":478,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1667926158477541} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":234,"flow_dst_packets_processed":234,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926158482640,"flow_dst_last_pkt_time":1667926158487504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":1521,"midstream":0,"thread_ts_usec":1667926158487504,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":236,"flow_dst_packets_processed":236,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926758424196,"flow_dst_last_pkt_time":1667926758429128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2360,"flow_dst_tot_l4_payload_len":1534,"midstream":0,"thread_ts_usec":1667926758429128,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1667927358576852} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":486,"packets-processed":485,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":216,"global_ts_usec":1667927358576852} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":238,"flow_dst_packets_processed":238,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927358582077,"flow_dst_last_pkt_time":1667927358587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2380,"flow_dst_tot_l4_payload_len":1547,"midstream":0,"thread_ts_usec":1667927358587005,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":240,"flow_dst_packets_processed":240,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927958536913,"flow_dst_last_pkt_time":1667927958541805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1667927958541805,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":494,"packets-processed":493,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1667928558676547} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":494,"packets-processed":493,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1667928558676547} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":242,"flow_dst_packets_processed":242,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667928558681642,"flow_dst_last_pkt_time":1667928558686523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2420,"flow_dst_tot_l4_payload_len":1573,"midstream":0,"thread_ts_usec":1667928558686523,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":244,"flow_dst_packets_processed":244,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929158637190,"flow_dst_last_pkt_time":1667929158642079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2440,"flow_dst_tot_l4_payload_len":1586,"midstream":0,"thread_ts_usec":1667929158642079,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":222,"global_ts_usec":1667929758769940} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":502,"packets-processed":501,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":222,"global_ts_usec":1667929758769940} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":246,"flow_dst_packets_processed":246,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929758775023,"flow_dst_last_pkt_time":1667929758779865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2460,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1667929758779865,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":248,"flow_dst_packets_processed":248,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930358755038,"flow_dst_last_pkt_time":1667930358759853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":1612,"midstream":0,"thread_ts_usec":1667930358759853,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":225,"global_ts_usec":1667930958886671} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":510,"packets-processed":509,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":225,"global_ts_usec":1667930958886671} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":250,"flow_dst_packets_processed":250,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930958891808,"flow_dst_last_pkt_time":1667930958896692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1625,"midstream":0,"thread_ts_usec":1667930958896692,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":252,"flow_dst_packets_processed":252,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667931558871110,"flow_dst_last_pkt_time":1667931558875920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2520,"flow_dst_tot_l4_payload_len":1638,"midstream":0,"thread_ts_usec":1667931558875920,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":228,"global_ts_usec":1667932159023314} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":518,"packets-processed":517,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":228,"global_ts_usec":1667932159023314} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":254,"flow_dst_packets_processed":254,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932159028303,"flow_dst_last_pkt_time":1667932159033132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":1651,"midstream":0,"thread_ts_usec":1667932159033132,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":522,"packets-processed":521,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":230,"global_ts_usec":1667932759077722} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":522,"packets-processed":521,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":230,"global_ts_usec":1667932759077722} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":256,"flow_dst_packets_processed":256,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932759082733,"flow_dst_last_pkt_time":1667932759087559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":1664,"midstream":0,"thread_ts_usec":1667932759087559,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":258,"flow_dst_packets_processed":258,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933358966393,"flow_dst_last_pkt_time":1667933358971321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1667933358971321,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1667933959089706} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":530,"packets-processed":529,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1667933959089706} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":260,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933959094917,"flow_dst_last_pkt_time":1667933959099748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":1690,"midstream":0,"thread_ts_usec":1667933959099748,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":235,"global_ts_usec":1667934559114048} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":534,"packets-processed":533,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":235,"global_ts_usec":1667934559114048} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":262,"flow_dst_packets_processed":262,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667934559119423,"flow_dst_last_pkt_time":1667934559124245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2620,"flow_dst_tot_l4_payload_len":1703,"midstream":0,"thread_ts_usec":1667934559124245,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":538,"packets-processed":537,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1667935159188577} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":538,"packets-processed":537,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1667935159188577} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":264,"flow_dst_packets_processed":264,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935159193608,"flow_dst_last_pkt_time":1667935159198401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2640,"flow_dst_tot_l4_payload_len":1716,"midstream":0,"thread_ts_usec":1667935159198401,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":266,"flow_dst_packets_processed":266,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935759106386,"flow_dst_last_pkt_time":1667935759111237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2660,"flow_dst_tot_l4_payload_len":1729,"midstream":0,"thread_ts_usec":1667935759111237,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":240,"global_ts_usec":1667936359250805} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":546,"packets-processed":545,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":240,"global_ts_usec":1667936359250805} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":268,"flow_dst_packets_processed":268,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936359255952,"flow_dst_last_pkt_time":1667936359260802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2680,"flow_dst_tot_l4_payload_len":1742,"midstream":0,"thread_ts_usec":1667936359260802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":550,"packets-processed":549,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":242,"global_ts_usec":1667936959271744} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":550,"packets-processed":549,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":242,"global_ts_usec":1667936959271744} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":270,"flow_dst_packets_processed":270,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936959276903,"flow_dst_last_pkt_time":1667936959281745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":1667936959281745,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":554,"packets-processed":553,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":244,"global_ts_usec":1667937559422166} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":554,"packets-processed":553,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":244,"global_ts_usec":1667937559422166} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":272,"flow_dst_packets_processed":272,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667937559427332,"flow_dst_last_pkt_time":1667937559432171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":1768,"midstream":0,"thread_ts_usec":1667937559432171,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":274,"flow_dst_packets_processed":274,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938159333625,"flow_dst_last_pkt_time":1667938159338503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":1781,"midstream":0,"thread_ts_usec":1667938159338503,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":247,"global_ts_usec":1667938759434538} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":562,"packets-processed":561,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":247,"global_ts_usec":1667938759434538} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":276,"flow_dst_packets_processed":276,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938759439542,"flow_dst_last_pkt_time":1667938759444375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2760,"flow_dst_tot_l4_payload_len":1794,"midstream":0,"thread_ts_usec":1667938759444375,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":278,"flow_dst_packets_processed":278,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939359421713,"flow_dst_last_pkt_time":1667939359426519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2780,"flow_dst_tot_l4_payload_len":1807,"midstream":0,"thread_ts_usec":1667939359426519,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":250,"global_ts_usec":1667939959475875} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":570,"packets-processed":569,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":250,"global_ts_usec":1667939959475875} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":280,"flow_dst_packets_processed":280,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939959480953,"flow_dst_last_pkt_time":1667939959485802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2800,"flow_dst_tot_l4_payload_len":1820,"midstream":0,"thread_ts_usec":1667939959485802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1667940559505023} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":574,"packets-processed":573,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1667940559505023} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":282,"flow_dst_packets_processed":282,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667940559510206,"flow_dst_last_pkt_time":1667940559515036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2820,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1667940559515036,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":578,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":254,"global_ts_usec":1667941159559112} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":578,"packets-processed":577,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":254,"global_ts_usec":1667941159559112} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":284,"flow_dst_packets_processed":284,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941159564239,"flow_dst_last_pkt_time":1667941159569033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2840,"flow_dst_tot_l4_payload_len":1846,"midstream":0,"thread_ts_usec":1667941159569033,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":256,"global_ts_usec":1667941759635973} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":582,"packets-processed":581,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":256,"global_ts_usec":1667941759635973} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":286,"flow_dst_packets_processed":286,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941759641101,"flow_dst_last_pkt_time":1667941759645959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2860,"flow_dst_tot_l4_payload_len":1859,"midstream":0,"thread_ts_usec":1667941759645959,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1667942359803826} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":586,"packets-processed":585,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1667942359803826} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":288,"flow_dst_packets_processed":288,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667942359808855,"flow_dst_last_pkt_time":1667942359813747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2880,"flow_dst_tot_l4_payload_len":1872,"midstream":0,"thread_ts_usec":1667942359813747,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":589,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":260,"global_ts_usec":1667942359813747} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":589,"packets-processed":589,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":260,"global_ts_usec":1667942359813747} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 589/589 ~~ skipped flows.............: 0 @@ -266,9 +266,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927074 bytes -~~ total memory freed........: 6927074 bytes -~~ total allocations/frees...: 114737/114737 +~~ total memory allocated....: 7504670 bytes +~~ total memory freed........: 7504670 bytes +~~ total allocations/frees...: 126468/126468 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2227 chars diff --git a/test/results/default/teamviewer.pcap.out b/test/results/default/teamviewer.pcap.out index ccce35b78..cedd49535 100644 --- a/test/results/default/teamviewer.pcap.out +++ b/test/results/default/teamviewer.pcap.out @@ -1,4 +1,4 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="} @@ -16,11 +16,11 @@ 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":520201475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":520201475,"pkt":"CAAns+YuUlQAEjUCCABFAAAwFQEAAEARG41dL+DxCgACD4zFhnEAHDKfAAAAAAAAAABEJgMXJHMEAAAAAAA="} 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":31,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521274313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":13050,"midstream":0,"thread_ts_usec":521274313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":36716.1,"max":442863,"stddev":96766.6,"var":9363771392.0,"ent":2.6,"data": [12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12]},"pktlen": {"min":44,"avg":438.8,"max":1052,"stddev":450.4,"var":202865.5,"ent":4.2,"data": [124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71]},"bins": {"c_to_s": [0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [2.665547609,2.681676626,0.777366042,0.400940508,3.903489351,2.792044401,3.098856926,2.998324156,3.315334082,4.078965187,4.029050350,3.961237431,3.922775745,3.062608480,3.152767181,0.385090381,0.379928052,0.378026903,0.379928052,0.378026903,0.379928052,0.379928052,0.379928052,0.378026903,0.390793800,4.132575512,3.859765768,5.537042618,4.036628723,3.928550959,4.210556507,4.727299213]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":579147460,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":633881700} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":337,"packets-processed":336,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":633881700} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":639022187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":129,"flow_dst_packets_processed":160,"flow_first_seen":330297046,"flow_src_last_pkt_time":729854393,"flow_dst_last_pkt_time":729854070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":60753,"flow_dst_tot_l4_payload_len":64705,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":352,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":729854393} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":352,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":729854393} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 352/352 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920242 bytes -~~ total memory freed........: 6920242 bytes -~~ total allocations/frees...: 114502/114502 +~~ total memory allocated....: 7497860 bytes +~~ total memory freed........: 7497860 bytes +~~ total allocations/frees...: 126234/126234 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 513 chars ~~ json message max len.......: 2389 chars diff --git a/test/results/default/telegram.pcap.out b/test/results/default/telegram.pcap.out index 714f9eb70..11a8d561f 100644 --- a/test/results/default/telegram.pcap.out +++ b/test/results/default/telegram.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588779596451825} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1588779596451825} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1588779596451825,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -156,7 +156,7 @@ 00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779625981468,"flow_src_last_pkt_time":1588779625981468,"flow_dst_last_pkt_time":1588779625981468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779625981468,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dhcp": {"fingerprint":"","class_ident":""}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626393710,"flow_src_last_pkt_time":1588779626393710,"flow_dst_last_pkt_time":1588779626393710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779626393710,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1588779626393710,"flow_dst_last_pkt_time":1588779626393710,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1588779626393710,"pkt":"\/\/\/\/\/\/\/\/BJImXJc1CABFAADlSCQAAIARbWnAqAErwKgB\/wCKAIoA0XdaEQLkXsCoASsAigC7AAAgRUVFRkZERUxGRUVQRkFDTkZDRUNERkZFREJEQ0VIQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAREVTS1RPUC1SQjVUMTJHAAoAAxAAAA8BVaoA"} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626393710,"flow_src_last_pkt_time":1588779626393710,"flow_dst_last_pkt_time":1588779626393710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779626393710,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"desktop-rb5t12g","domainame":"desktop-rb5t12g"}} +00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626393710,"flow_src_last_pkt_time":1588779626393710,"flow_dst_last_pkt_time":1588779626393710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779626393710,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"desktop-rb5t12g","domainame":"desktop-rb5t12g"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626394307,"flow_src_last_pkt_time":1588779626394307,"flow_dst_last_pkt_time":1588779626394307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779626394307,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1588779626394307,"flow_dst_last_pkt_time":1588779626394307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1588779626394307,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOW9EAAEARmjHAqAFNwKgB\/wCJAIkAOrFARg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} 00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626394307,"flow_src_last_pkt_time":1588779626394307,"flow_dst_last_pkt_time":1588779626394307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779626394307,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup","domainame":"workgroup"}} @@ -181,10 +181,10 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1588779632315962,"flow_dst_last_pkt_time":1588779608134321,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1588779632315962,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABES\/gAAEARqizAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634762513,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634762513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViWJsAAEARtXvAqAFN2DrNRPIWAbsFTgTHw1EwNDZQozVJE19KlwkAAAABdLDg+WGAhzOZu62GoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbfji0b2UKZEBPixRS8R5FV4DZD4i7T\/6B0Z4nKaYTElCcNQLL0+vajT\/QP9tp6wIGReVi8x7NFEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwAuVjx2eeSNkn+AhDtSgQn3BeW8lDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAAuXQLYHE9JIhKrGV8rvXoOxMjFuf2JfKTHXlSKWC8+sAyENtsO94X6K9sux59v7JM7rsrjePubGsEAWqYL7e1xkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634762513,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6","quic_version":"Q046"}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634762513,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Q046"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634764481,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634764481,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634764481,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViUS0AAEARvOnAqAFN2DrNRMaGAbsFTkE+w1EwNDZQdSQ0JxgV+\/AAAAABpTtWGWoI4a2O5woGoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbapsx9TSQuPwh8YeJs33Nmze8URvGPZoGeJQWhFImAF+FKGJcZ5Gv+AWggZjhNIH2DzcOgKswVEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwTrr3TE8EhubDtCHdJzdVC1d+PPBDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAIbXL08ZJ3aJ+3OQ3+Rsvbic8DCd31+92QlBmAfJ4ZcgyovDvfnINbPNV9UIgMSv\/oTfYVDM1unv0Eg0xlJTYVZkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634764481,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634764481,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6","quic_version":"Q046"}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634764481,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634764481,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","quic": {"quic_version":"Q046"}}} 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634794508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634794508,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADcR1xbYOs1EwKgBTQG78hYFTlCg01EwNDYFozVJE19KlwkAAAABlFnOyl1IE6Kl9p2lJqJe20wr+YJJK3OQaQI+K1yyeZR9yLW3lS\/Tdnt9xcKqAlOjTi1OwA2w6a7+tRtr3KAKpiTPSke9Qgxq9RZuUGOobpscabZyRsqHgng7hPe2XFawQxldFDSjxKnYQdE5FFv9BpDrnq\/TTXf9TFvgw\/QnXVAz5Cyt9UqBUF1hH0e8eHxu6vo8lxkhnIhe5h6hLOoAm1BnioEr9hnRo4ORCSZRNuTGnhroEuVGyj5HhhPz45sTADcZH\/aRhJy7qwSQPpjxKMRjwHfkXW+yFpSOG3Hp5CsHedxutEJhnZDI+4BG1I6mpoDE8Zvk+SOrrxTdABEKpyABqDKs78QbQi9n46y46LF2JTAo36T9cjW0OkfnS1dX8RBGe5tpl\/GX8HAEOsAa\/z+6O4B5WSOIZhf34xGOy\/N3OFC+u9lN+ttVyLf++3WOzpd57ZzPwtC+yE\/BNwbA4eO5JHsp6kPUffzjzL5K4L4obRfRfmFzgUJr2AvlNCCKETOUv9FcgCj+O3Ce2J+FzvWWvPIvOKN37xrUN\/mjFcjn6vrnzc3WHSBHZUUQPgLL9gdUFNa8\/yQjJhbGLlt8bvQA1SJaoWXDVmYJjnjFSJJFF8RWpizfJP35dxquwrjEwUged8l6McoK7qHu4Ld19f6o8UJyTgkxjnhmujMkW40UK64Bo1F6vaXjIzepbsvzrfPs4buhFyCPcm2wLFZq5nMbYvmNgbBAMNYgQ7+Y4Zo47U6dIvcnsHay4b8rdIZC\/Ra4RUg2MEAVMY04nZVwsS9kMvxjw7tWpuLXdlQCjlvuGOf6dZ6k9rHdaI3URstXL6UuWo0Gdj\/NtiaGySmIHVV6i7EbmaJp3uFyYDnUvrIMjfc6ghlolVGsZni+GAZQbXnpWH5ualh+GQk\/IS2IEz0uyBJ6dsYticBr8EFAQR7hHY\/3OyEr27WwpwoLmUJn9UQqUUNET0+qTxL027bZTqGeTGLe2rH0z4qd78Ue12s\/mmitdGeaTOEIB+kN9Oz976ydi7i+SoMBr\/+hKLj5gjHsfiNqAK8opkFFxqyBh0nqOBdwUSl8gZVmShAcuOo649XW2Yut5pCeSZfn3ZoRq+lWx89wdySCjOMW8exEEWunv6bjn3slpy7AmRkw+sPRuDmUtrstSTMggBfN+zYz4kU9msu81pr+IK0y7aQh4mmTipBI3toWvtKGgxtFFCU+90ZF+2e26g7ax+JPhJWCf1aeqV2qjVTswyDUe+X8YVqx5YC7ACn0pIzEQj12x8eSFM60TkG8kXSrR+cBcSE4aaYhrAy3pypcCtMV26Co80JeaaDwDMCwmVAzo0E\/BwpqMknzmJBeyZjvON\/562D3ZU9nDxApe4H14sNeh3KyKanbNvTWcgxWJPs+wQ9X1d9egrD3CNpHov7eGsS9E5PTryqkw6dcr07anAdXKz39OKneC7uTIi2xMN4pi9HDUne9kKxezY6JaiaaEds0Egs5TrKu5MlMzp7QSr1MmDFu7VQLrafQLtQSQLw0f+CkdiOkRSoewADHR7WnRu3Pw\/1y7ALeor+7d7v\/xVkXtV0+u1JaX2B1bUYYuBQruUl0bp5QCHut4tI5G7u+9P1dYnUX\/rSklohEaFv70M62kLeKCl4bX8BdPalaH0yKRZF9q2iCLDdluLwx+pd3G8lRNNpU8gMggNTI9z\/7Pxs0oOqfN32KINp0rOMXmr0ZD6E5U7SeSuShxUVrIQgXkF5QTsc4zAeYQXZrfPFcKANcrPTz3MqQYdpM"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1588779634795180,"flow_dst_last_pkt_time":1588779634794508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1588779634795180,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4emwAAEARmNTAqAFN2DrNRPIWAbsAJN5oQKM1SRNfSpcJAg\/VJy\/hU5JXfMk208XyiTI7oA=="} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634797116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634797116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADgR1hbYOs1EwKgBTQG7xoYFTqbf01EwNDYFdSQ0JxgV+\/AAAAAB\/upOH6rH2BIyQSeP5oglrVNRjLzUPYUddHT9m6BsmcKmApdlysrOkxHuxx9vijlyM8wYkq7JvX19IQMhKJZA0U6a8sLp7rHlGFo5nqmm0jMnW7WPHt\/LNpmp9sMej9LIYl7HVWlYuGONw23gJgIuAlpWAO6yh+eVnrhPvfDTj31c6\/L1ooPLrq5NV7Gc7jNhPXAjTc4ZaIElGMpTUieuhBDEobdC\/yRUwhIJac7BNwvPjcF+IDwdoZlLRJw3R5oXAi2b\/NF4EAf1KMRYvNmplcTy11GLuiSvRAmihe5Rh\/orc2nsZbWj+vVmUmzCiWHVssa5KLzmBbkyMh6lJPB3gwNR9L\/Fq9yeGKy0+1JnwE4BdYx5u8HLnX2wgYVFT\/rFfn1Oc62CdMeazmAG7K4pybekkUnanBSVSlDsTtacnk6lBahTKCPl4BKZo41FpeNyrCv6CdLYcTHgeBE4YGrMXUeFT\/ilVEPrTMzFe5kzHIStA3AKnuB\/P+S0D02eLWMotPjv93++mmxST6HP114UWR5QNEIWRxUS8RL0hQeu4zY97Ng6cw4CKN+Csj\/ZvkP4kxD\/Zq7tP6yj9mYvYIO9zExfP9oeGiwS\/4f+6unIp0FdFoZmq8bqYOIOw8QtYVOoNnStryjcigG\/awK2ZaMXV+46Pnbc7phNOyTwsLBxxc\/12QJJ45cSQCeX9fI3HOGC6Lef+EyN3wVq9oB+wBoxI5umm0icT\/zZ2yvFo6UFJ2uDstyecW1AqbCfnn6WWrQLz6eMr+vL\/JleVbbatuBYa5gdk2Yt+67fkdck3Dk3mkph8oGaf+SDkR7Tf9p8ulHM4RwOnQJFlNf4xkSWeQGBLD6wjBE4rkLONEpat+rbynMjiBPAofixsPnISwVDLf0nq9DMrjUvdWlIIMyhGej2e24qnTkMu6p7FC\/huIoB0mRmYhHnBPlCQn\/LUzArFEcNys29X1cxw25iplZFvHkHdOc24AY5G54G00MdsxNdaE\/paJZz93dfFlaEUpxXdsPnTzUS4pfi+tXdLdZlCDSCbcoeLXsZ10o3zvR7bkNwPdSYObv6FtEohnNHd5N8A7GThnHg9zUXltLPSF3xHvq8673iVUYgBtPyG5IX44udpmQI7jeus04VvFTz2gu4npRTD34iJ0hoN0ntT0nFkqcX5\/lL09qWjNDuFP\/S1ls4UAok+2ha5s3PvhtAKIlco7aoWYLrSj95gTSsEvt+vv6BHLLnycSfEmJgy7LNVNyoUK4C4+9WgT1JfWOmVbGaY23xkwzP15QjiTTdKIEkJwiBmgJIruM0dA1J41jJPUcFpH8opFJyrh1InbMhpwrdsem5Er87sEkX0BhYPXkyvKucSZm6W1RMofNDgCdyw5TOBfDKdoqNmc54r82qBE2FvdTks67OsedSUGg\/xIKev6elshEbqcaKfcXRRyuerRJ9Na1ZC85buNS0\/0S8Uk1MnuNcWLIniDOgLmxDYioY8+6ffXPskGoeJ6mpsWIPFN\/ZXPivRS+0hFla3abk42RYHrYiht3fXvADKY3mvEEwWMSzU84L2ho8ij4vLNJYBjTvbpsEkPGMqANA85Spe5XJ9p4g9hQurfHWfSLDKdhStCgrn8jpcM\/\/FkUBZViwdPAW2JLOvsdSXQXeDGKI7nTEgI0kYpnr4frOKaPCHqb3HEqFHSRiARTSD0ufyxhTd6AYnG3WyBQ7hHD\/6lTnreRmZxISZ6q\/gFRJTubvR8\/BO8IvV1XaeMgD55oE\/mi7ALMHyuc8OmMt"} @@ -316,7 +316,7 @@ 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779600828022,"flow_src_last_pkt_time":1588779600828022,"flow_dst_last_pkt_time":1588779600842525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e7047.e12.akamaiedge.net"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1588779603292829,"flow_src_last_pkt_time":1588779643386383,"flow_dst_last_pkt_time":1588779603292829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1588779626394307,"flow_src_last_pkt_time":1588779626394481,"flow_dst_last_pkt_time":1588779626394307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"workgroup"}} -01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626393710,"flow_src_last_pkt_time":1588779626393710,"flow_dst_last_pkt_time":1588779626393710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"desktop-rb5t12g"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779626393710,"flow_src_last_pkt_time":1588779626393710,"flow_dst_last_pkt_time":1588779626393710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"desktop-rb5t12g"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":0,"flow_first_seen":1588779596708234,"flow_src_last_pkt_time":1588779655297309,"flow_dst_last_pkt_time":1588779596708234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19803,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_dacp._tcp.local"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1588779596465053,"flow_src_last_pkt_time":1588779654853821,"flow_dst_last_pkt_time":1588779596465053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":311,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2177,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_spotify-connect._tcp.local"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779615961995,"flow_src_last_pkt_time":1588779615961995,"flow_dst_last_pkt_time":1588779615961995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -337,7 +337,7 @@ 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1588779637830278,"flow_src_last_pkt_time":1588779640832531,"flow_dst_last_pkt_time":1588779637830278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01096{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1588779617174225,"flow_src_last_pkt_time":1588779618677198,"flow_dst_last_pkt_time":1588779617174225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1588779617174225,"flow_src_last_pkt_time":1588779618677198,"flow_dst_last_pkt_time":1588779617174225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1566,"packets-processed":1566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":14,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":340,"global_ts_usec":1588779655298782} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1566,"packets-processed":1566,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":14,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":340,"global_ts_usec":1588779655298782} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1566/1566 ~~ skipped flows.............: 0 @@ -346,9 +346,9 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7064648 bytes -~~ total memory freed........: 7064648 bytes -~~ total allocations/frees...: 116210/116210 +~~ total memory allocated....: 7642148 bytes +~~ total memory freed........: 7642148 bytes +~~ total allocations/frees...: 127939/127939 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 2354 chars diff --git a/test/results/default/telegram_videocall.pcapng.out b/test/results/default/telegram_videocall.pcapng.out index e37bbd061..b7b5d4278 100644 --- a/test/results/default/telegram_videocall.pcapng.out +++ b/test/results/default/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,46 +67,46 @@ 01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524693,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5hAAEARsUTAqAypW2wJI5\/KBXgAHDtQAAEAACESpEJIMnFVQ1lxbmo0T2k="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524739,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJRAAEARBFXAqAypW2wNF5\/KBXgAHHQdAAEAACESpEJIUHBYOFJCa1BTZ3I="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524758,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhapAAEARe1PAqAypW2wRAp\/KBXgAHEVfAAEAACESpEJ6MlBsUVQ4ZXFBUGU="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524853,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5lAAEARsUPAqAypW2wJI6TVBXgAHErTAAEAACESpEJkbkR6YnRjOCtUeXU="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJVAAEARBFTAqAypW2wNF6TVBXgAHA1WAAEAACESpEJySFdkRXFhMm8xbWY="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524980,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhatAAEARe1LAqAypW2wRAqTVBXgAHD1nAAEAACESpEJhWUs4ZHp0RDFIYlM="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554802,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/lAADIRxqNbbAkjwKgMqQV4n8oAXEAzAQEAQCESpEJIMnFVQ1lxbmo0T2kAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATBooRE"} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554820,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/pAADIRxqJbbAkjwKgMqQV4pNUAXBWkAQEAQCESpEJkbkR6YnRjOCtUeXUAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAR+XQGa"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353559621,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V55AAEARsTbAqAypW2wJI57DBXgAJBZLAAMACCESpEJHRnE0WVpwcXk3QUQAGQAEEQAAAA=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353561154,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJZAAEARBEvAqAypW2wNF8IDBXgAJEywAAMACCESpEJLQjVlaHNjb05HRFcAGQAEEQAAAA=="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353562490,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbBAAEARe0XAqAypW2wRAsJ0BXgAJDsLAAMACCESpEJFS2c2dEFDQVFCNysAGQAEEQAAAA=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353563617,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V59AAEARsTXAqAypW2wJI5PZBXgAJDwFAAMACCESpEJzL2NkT3M5d09DczAAGQAEEQAAAA=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353566545,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJdAAEARBErAqAypW2wNF5KaBXgAJGk9AAMACCESpEIvdUUyY2tqRkhzZzgAGQAEEQAAAA=="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353568287,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbFAAEARe0TAqAypW2wRApJEBXgAJEOkAAMACCESpEJXdzMwem5Vb2lRUDIAGQAEEQAAAA=="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592239,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAFAADIRxpNbbAkjwKgMqQV4k9kAZPzIARMASCESpEJzL2NkT3M5d09DczAACQAQAAAEAVVuYXV0aG9yaXplZAAVABBhNGI2N2JkMTFmM2NiZmYyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABO5pXhk="} -01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592256,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAJAADIRxpJbbAkjwKgMqQV4nsMAZEcIARMASCESpEJHRnE0WVpwcXk3QUQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlYWIwNmM2ZGY2ZjJmYmQwABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABGO2Od8="} -01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594045,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6JAAEARsNLAqAypW2wJI5PZBXgAhCZ9AAMAaCESpEJFSFhETzUvU2I4WmwAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABSa2oTP+7Bjuk0YfAJVIWF1r6CZLw=="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594670,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6NAAEARsNHAqAypW2wJI57DBXgAhH5NAAMAaCESpEJCSnNBNVVDNDVaczQAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQZWFiMDZjNmRmNmYyZmJkMAAIABQ3n8Ssx4zZQ2K\/+FBSUazQoV0PUg=="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UApAADIRxopbbAkjwKgMqQV4k9kAZBfMAQMASCESpEJFSFhETzUvU2I4WmwAFgAIAAHWO3p+rWEAIAAIAAEMd3w9RQQADQAEAAAAPIAiAAROb25lAAgAFDGrj6855gYmVWWfBmziWEVvbHJ9gCgABAsNSy8="} @@ -116,15 +116,15 @@ 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353672049,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYb9AADARrv5bbBECwKgMqQV4n8oAXCujAQEAQCESpEJ6MlBsUVQ4ZXFBUGUAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQpALNo"} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353675084,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYcBAADARrv1bbBECwKgMqQV4pNUAXHVmAQEAQCESpEJhWUs4ZHp0RDFIYlMAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAS7Js+E"} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353693931,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqVAAC4Ru\/tbbA0XwKgMqQV4wgMAZCInARMASCESpEJLQjVlaHNjb05HRFcACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2NzMyOTkyMzg2Njc4NTEyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABG2eqec="} -01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01198{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353695557,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKBAAEARA+HAqAypW2wNF8IDBXgAhKOZAAMAaCESpEJBZEN4cW5HdEFGQU8AGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQNjczMjk5MjM4NjY3ODUxMgAIABRKYn5RRlidqeK90JE9dWYntqfWLQ=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353698133,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqZAAC4Ru\/pbbA0XwKgMqQV4kpoAZPeaARMASCESpEIvdUUyY2tqRkhzZzgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3ZjJlMDdkMzhhN2Q1YThjABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABDZy+Rc="} -01165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01198{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353700165,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKFAAEARA+DAqAypW2wNF5KaBXgAhB4eAAMAaCESpEI2L3k5MTJBekgxNVIAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABTXGOjRtHPJu2U2mkxXIuxzgoEzTg=="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353712008,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YcdAADARru5bbBECwKgMqQV4wnQAZOVuARMASCESpEJFS2c2dEFDQVFCNysACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5MjNjZjRhOTEyZWVjNjExABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABFPoPFk="} -01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353715592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YchAADARru1bbBECwKgMqQV4kkQAZK5TARMASCESpEJXdzMwem5Vb2lRUDIACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxMDliZmI2ZjU1NGFiNmFkABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABNveHo0="} -01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353724990,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhbhAAEARet3AqAypW2wRAsJ0BXgAhOBeAAMAaCESpEJOYVAxRW84NkxIcTEAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTIzY2Y0YTkxMmVlYzYxMQAIABTpiYU0jQHbI6r9fZq35jAxaSIy6w=="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353727618,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhblAAEARetzAqAypW2wRApJEBXgAhGZOAAMAaCESpEJoMWhNTlhETUJIWlUAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS50SfZ32flyf6YLkGd\/QoaStRrpQ=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353827428,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqlAAC4Ru\/dbbA0XwKgMqQV4wgMAZNM9AQMASCESpEJBZEN4cW5HdEFGQU8AFgAIAAHSfHp+qVUAIAAIAAEMcXw9RQQADQAEAAAAPIAiAAROb25lAAgAFLgmrFOsF293H+j5NDMwvQveTpPagCgABNdIUvI="} @@ -136,16 +136,16 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353979030,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353979030,"pkt":"CL6sCxdumt9Y+uvcCABFAACcV8FAAEARsK\/AqAypW2wJI57DBXgAiFzeAAgAbCESpEJLaEd2a0srdWZmaFcAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEGVhYjA2YzZkZjZmMmZiZDAACAAUou+k3ZoALmVPw8\/5VjA1fhf0byM="} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032353980549,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nBAAEARHLXAqAypCi5nyKWlpjoAbMb5AAEAUCESpEJPWEdZRU12Q2M1emIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUHa4B58DlCkqNNIW2N\/CJ9XQ+OsmAKAAEIkgRlA=="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354029382,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nRAAEARHLHAqAypCi5nyJ\/KpjoAbAm8AAEAUCESpEJCRXZwZkpKcGErWXYABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUV+RY7KavrTSyyjnYz1cDc6MlH+eAKAAEpABGKg=="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354077734,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq5pAAEARVurAqAypXSQNc6WlikEAbG5EAAEAUCESpEJQRW1oRjBpWkxwdVIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUeafd1aPwqIpYtKwwpuDeqKaNUbSAKAAEORW\/pw=="} -01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354126265,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq55AAEARVubAqAypXSQNc5\/KikEAbGK3AAEAUCESpEJMbE5LWHlWbCtGZlIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9Z04zkepdoWOsJ4ulp8YAe9jLUWAKAAEwATfyg=="} -01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354153456,"pkt":"mt9Y+uvcCL6sCxduCABFAABckpZAADYRehJdJA1zwKgMqYpBpaUASG0rAQEALCESpEJQRW1oRjBpWkxwdVIAIAAIAAEMenw9RQQACAAUrYd+q6RhgtRWxOyn0FCZYgykzwuAKAAEkVZ5KQ=="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1648032354165754,"pkt":"CL6sCxdumt9Y+uvcCABFAAAzq6JAAEARVy\/AqAypXSQNc6WlikEAH+78q+Dhs46p+vnyB59A6gTAmoVxX5wJtWc="} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354166263,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kpdAADYRefFdJA1zwKgMqYpBpaUAaPtpAAEATCESpEJnZHVuWHZ4blRHNEYABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABSu\/Dy1RdR7tJjCJ1zcoT327GhS+4AoAASaKnbd"} @@ -154,9 +154,9 @@ 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354253306,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kp1AADYReetdJA1zwKgMqYpBn8oAaCMkAAEATCESpEJIcTZVWmxodDUwUysABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABQBRhbWlQ7rMVy3PFduS9dj7gJsXoAoAARM5ARh"} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354255084,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq61AAEARVvvAqAypXSQNc5\/KikEASJBeAQEALCESpEJIcTZVWmxodDUwUysAIAAIAAGrU3w2qTEACAAUOSToq9gxyjIfvqnLxYFg75erULqAKAAEpWnpWQ=="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354274610,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3npAAEARHKvAqAypCi5nyKWlpjoAbOFzAAEAUCESpEJtdnE4djNMTnl3dk0ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUDInqNRBWk8dEJqTJc6HmCvGSZlqAKAAEY6GN3A=="} -01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354323453,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3n5AAEARHKfAqAypCi5nyJ\/KpjoAbLNZAAEAUCESpEJFbzlBWnVtb3doY3gABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUhaAVye4hAtQKKUN05sPT8bSFgCSAKAAEE\/ftBA=="} -01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354372109,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354372109,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oFAAEARHKTAqAypCi5nyKWlpjoAbMtbAAEAUCESpEJTRTZGa284cW1DQmIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUzYBYKBlzlZ6Eaa\/nFMVbWPeH8RSAKAAER59Heg=="} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354421706,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354421706,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oNAAEARHKLAqAypCi5nyJ\/KpjoAbNnMAAEAUCESpEJkVUE4UWRoMit2dFIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9E6Knx5J8q4IYolGkKVYGZzVeFSAKAAEDziXvg=="} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -176,19 +176,19 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359107008,"pkt":"mt9Y+uvcCL6sCxduCABFAABAp+JAAOsG1DA0OhIZwKgMqRRmnwbmakAqdp6QO4AYAHI69AAAAQEICk97b0VBLHTpwv4ABQAAAAANIwHG"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359108251,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0S0pAAEAG29XAqAypNDoSGZ8GFGZ2npA75mpANoAQAKwMngAAAQEICkEsdPpPe29F"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557266,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWxxAAEARrcDAqAypW2wJI5\/KBXgAHJMEAAEAACESpEJKWGZZVmEzZGpzK04="} -01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401","multimedia_flow_types":"Unknown"}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557512,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWx1AAEARrb\/AqAypW2wJI6TVBXgAHEc2AAEAACESpEJaT3lOZUhRVUNaSWY="} -01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401","multimedia_flow_types":"Unknown"}}} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587689,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUlAADIRwVNbbAkjwKgMqQV4n8oAXLPRAQEAQCESpEJKWGZZVmEzZGpzK04AIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAQThhZ3"} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587715,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUpAADIRwVJbbAkjwKgMqQV4pNUAXGDgAQEAQCESpEJaT3lOZUhRVUNaSWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATgolB7"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363660886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFlAAEARAJDAqAypW2wNF6TVBXgAHIUQAAEAACESpEJ4TDNiVmMzcVJ5TTE="} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401","multimedia_flow_types":"Unknown"}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363670970,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFpAAEARAI\/AqAypW2wNF5\/KBXgAHDFOAAEAACESpEJ4Mld2aHpNWHgzMEw="} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401","multimedia_flow_types":"Unknown"}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363673567,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiUNAAEARd7rAqAypW2wRAp\/KBXgAHEXLAAEAACESpEJOZGorcy85N3hYOEQ="} -01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401","multimedia_flow_types":"Unknown"}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363677290,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiURAAEARd7nAqAypW2wRAqTVBXgAHGCFAAEAACESpEJZeUEvTW1CRVIxeUE="} -01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401","multimedia_flow_types":"Unknown"}}} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363794064,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVNAAC4RuVVbbA0XwKgMqQV4pNUAXC8AAQEAQCESpEJ4TDNiVmMzcVJ5TTEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAASEVJgu"} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363805878,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVZAAC4RuVJbbA0XwKgMqQV4n8oAXDw7AQEAQCESpEJ4Mld2aHpNWHgzMEwAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAQ+iHz\/"} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363819830,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZztAADARqYJbbBECwKgMqQV4n8oAXJquAQEAQCESpEJOZGorcy85N3hYOEQAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAASOxt8C"} @@ -239,7 +239,7 @@ 01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01081{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01188{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00791{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -255,7 +255,7 @@ 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 889/887 ~~ skipped flows.............: 0 @@ -264,9 +264,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7030800 bytes -~~ total memory freed........: 7030800 bytes -~~ total allocations/frees...: 115412/115412 +~~ total memory allocated....: 7608768 bytes +~~ total memory freed........: 7608768 bytes +~~ total allocations/frees...: 127160/127160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2353 chars diff --git a/test/results/default/telegram_videocall_2.pcapng.out b/test/results/default/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..e536bea17 --- /dev/null +++ b/test/results/default/telegram_videocall_2.pcapng.out @@ -0,0 +1,80 @@ +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731946730424347,"pkt":"AQBeAAD7dNo47VMyCABFAABJz2FAAP8R\/pzAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} +01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731946733955605,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900337,"pkt":"dNo47VMyYhO2esBpCABFAAA4MVhAAEAR15vAqAxDW2wJapwgBXgAJPquAAMACCESpEJqbjEvdGFsZ2dHd3IAGQAEEQAAAA=="} +01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900481,"pkt":"dNo47VMyYhO2esBpCABFAAA4CeVAAEAR+3XAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900572,"pkt":"dNo47VMyYhO2esBpCABFAAA4bgpAAEARkyLAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740900678,"pkt":"dNo47VMyYhO2esBpCABFAABEEnFAAEAR9tbAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901087,"pkt":"dNo47VMyYhO2esBpCABFAABE+u5AAEARBlvAqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901130,"pkt":"dNo47VMyYhO2esBpCABFAABEAY5AAEARA6rAqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740924754,"pkt":"YhO2esBpdNo47VMyCABFAAB446VAADMRMg5bbAlqwKgMQwV4nCAAZJQXARMASCESpEJqbjEvdGFsZ2dHd3IACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NDQ3YzBhODM4ODc3NDYzABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABE+Mpgc="} +01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731946740924754,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946740924787,"pkt":"YhO2esBpdNo47VMyCABFAABc7RxAADQRKBNbbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731946740929880,"pkt":"dNo47VMyYhO2esBpCABFAACYMVpAAEAR1znAqAxDW2wJapwgBXgAhAJ3AAMAaCESpEJsTFp4REFIYU15dVIAGQAEEQAAAAAGAB0xNzMxOTY4MzQxOjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTQ0N2MwYTgzODg3NzQ2MwAIABR2KtKB33CStbawXfNsZh\/G\/qvnnA=="} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740957073,"pkt":"YhO2esBpdNo47VMyCABFAAB446ZAADMRMg1bbAlqwKgMQwV4nCAAZDpdAQMASCESpEJsTFp4REFIYU15dVIAFgAIAAGyOHp+rSgAIAAIAAG4bXwxDtIADQAEAAAAPIAiAAROb25lAAgAFJlm+aznLL1e9oLm1nndfGyxhvvEgCgABLF4z2o="} +00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741023286,"pkt":"YhO2esBpdNo47VMyCABFAABcXThAADERtudbbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="} +00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741048373,"pkt":"YhO2esBpdNo47VMyCABFAABcZP9AADMRqTJbbBEIwKgMQwJVtlMASPRsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146448,"pkt":"dNo47VMyYhO2esBpCABFAAA4CfFAAEAR+2nAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146448,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146793,"pkt":"dNo47VMyYhO2esBpCABFAAA4bhJAAEARkxrAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146793,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415294,"pkt":"dNo47VMyYhO2esBpCABFAABEEpBAAEAR9rfAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415371,"pkt":"dNo47VMyYhO2esBpCABFAABE+wxAAEARBj3AqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415476,"pkt":"dNo47VMyYhO2esBpCABFAABEAZpAAEARA57AqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741438361,"pkt":"YhO2esBpdNo47VMyCABFAABc7YBAADQRJ69bbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="} +00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741455021,"pkt":"dNo47VMyYhO2esBpCABFAACUEpNAAEAR9mTAqAxDW2wJCqzzAlUAgHyHyTuYM2k\/Rq6r+4eN3ZN1HXFa7KgAAABgAAEATCESpEJGSHIzakJmWDlZZFMABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABRP6D96wpT\/fEBrc+uxm4DhzbqVVYAoAAQMwkOe"} +01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741455021,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741535530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741535530,"pkt":"YhO2esBpdNo47VMyCABFAABcXUJAADERtt1bbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="} +00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741562289,"pkt":"YhO2esBpdNo47VMyCABFAABcZT9AADMRqPJbbBEIwKgMQwJVtlMASPNsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD2aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741563039,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731946741563039,"pkt":"dNo47VMyYhO2esBpCABFAACcMZVAAEAR1vrAqAxDW2wJapwgBXgAiIiMAAgAbCESpEJMS2hqRmNPSktXYS8AEgAIAAHvmHp+rSgABgAdMTczMTk2ODM0MToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDk0NDdjMGE4Mzg4Nzc0NjMACAAUfZYAz1TCSseNGKU6e+wfgKw\/POI="} +00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741638435,"pkt":"YhO2esBpdNo47VMyCABFAACUXU5AADERtplbbA0awKgMQwJWpbEAgLnOyTuYM2k\/Rq6r+4eNjxlZTO1GBpwAAABgAAEATCESpEIwM1UvU3NIOVJGMEUABgAJMkdTaDpRU2gxAAAAwFcABAADA4SAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABTXPLZETMdJvNRvTRPxblog6S0sPoAoAAT2Mcen"} +01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":248,"midstream":0,"thread_ts_usec":1731946741638435,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741647287,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741647287,"pkt":"dNo47VMyYhO2esBpCABFAAA4CgNAAEAR+1fAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741648442,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741648442,"pkt":"dNo47VMyYhO2esBpCABFAAA4biRAAEARkwjAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741797117,"pkt":"dNo47VMyYhO2esBpCABFAACU+zBAAEARBcnAqAxDW2wRCLZTAlUAgPrbyTuYM2k\/Rq6r+4eNp\/o6mYvDr3MAAABgAAEATCESpEJOaDNhdFBKSlg5a20ABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTs6d5ccQOT\/RksJw\/DwndeFN1ti4AoAASntpvk"} +01042{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741797117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946742240391,"flow_dst_last_pkt_time":1731946742264226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":262,"flow_src_tot_l4_payload_len":2187,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1731946742264226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":87224.0,"max":633159,"stddev":149549.7,"var":22365106176.0,"ent":3.7,"data": [24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564]},"pktlen": {"min":56,"avg":146.8,"max":680,"stddev":107.0,"var":11452.5,"ent":4.8,"data": [56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89]},"bins": {"c_to_s": [1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742647652,"pkt":"dNo47VMyYhO2esBpCABFAAA4CkNAAEAR+xfAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742649019,"pkt":"dNo47VMyYhO2esBpCABFAAA4boZAAEARkqbAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +02241{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742282512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":1980,"midstream":0,"thread_ts_usec":1731946742884971,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":108584.7,"max":699013,"stddev":167856.0,"var":28175654912.0,"ent":3.8,"data": [24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013]},"pktlen": {"min":68,"avg":160.0,"max":624,"stddev":120.1,"var":14426.0,"ent":4.7,"data": [68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148]},"bins": {"c_to_s": [0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0],"entropies": [4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":120,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946743383191,"flow_dst_last_pkt_time":1731946743371372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1193,"flow_src_tot_l4_payload_len":45388,"flow_dst_tot_l4_payload_len":65505,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946742336578,"flow_dst_last_pkt_time":1731946742616857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":776,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742970662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":2068,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946742234615,"flow_dst_last_pkt_time":1731946742577561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1731946743383191} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 315/315 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 118015 bytes +~~ total detected protocols..: 8 +~~ total active/idle flows...: 8/8 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7511070 bytes +~~ total memory freed........: 7511070 bytes +~~ total allocations/frees...: 126263/126263 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 567 chars +~~ json message max len.......: 2389 chars +~~ json message avg len.......: 1477 chars diff --git a/test/results/default/telegram_voice.pcapng.out b/test/results/default/telegram_voice.pcapng.out new file mode 100644 index 000000000..0ed7f5047 --- /dev/null +++ b/test/results/default/telegram_voice.pcapng.out @@ -0,0 +1,97 @@ +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731945706423652,"pkt":"AQBeAAD7dNo47VMyCABFAABJO\/ZAAP8RkgjAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} +01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945709952490,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731945709952490,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="} +01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945709952490,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945715153114,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1731945715153114,"pkt":"dNo47VMyYhO2esBpCABFAABS16hAAEARyV3AqAxDwKgMAa4eADUAPsLYgNEBAAABAAAAAAAAFWNyYXNobHl0aWNzcmVwb3J0cy1wYQpnb29nbGVhcGlzA2NvbQAAAQAB"} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945715153114,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1731945715155704,"pkt":"YhO2esBpdNo47VMyCABFAABi8EtAAEARsKrAqAwBwKgMQwA1rh4AToIigNGBgAABAAEAAAAAFWNyYXNobHl0aWNzcmVwb3J0cy1wYQpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAAAAgAEAAAAAA=="} +01174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945715155704,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["0.0.0.0,ttl=2"]}}} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728458253,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728458253,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xb1AAEARo3fAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728458253,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728459223,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728459223,"pkt":"dNo47VMyYhO2esBpCABFAAA4EXJAAEAR87fAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728459223,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728460409,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728460409,"pkt":"dNo47VMyYhO2esBpCABFAAA4LCpAAEAR3RHAqAxDW2wJIqZHBXgAJEsGAAMACCESpEIzTys2Y1BhOWVxeGkAGQAEEQAAAA=="} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728460409,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728461584,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728461584,"pkt":"dNo47VMyYhO2esBpCABFAABEHXtAAEAR56PAqAxDW2wNM5hzAlUAMHVSXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728461584,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728463022,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728463022,"pkt":"dNo47VMyYhO2esBpCABFAABEyWdAAEARN+PAqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728463022,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728464288,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728464288,"pkt":"dNo47VMyYhO2esBpCABFAABEWSpAAEARr+PAqAxDW2wJRKAzAlQAMCRTXPOTdb7uCtvt6zwJ96Mr0f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728464288,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731945728488726,"pkt":"YhO2esBpdNo47VMyCABFAAB4xN5AADQRUB1bbAkiwKgMQwV4pkcAZDn2ARMASCESpEIzTys2Y1BhOWVxeGkACQAQAAAEAVVuYXV0aG9yaXplZAAVABA4YzhhOWJmNmE0MDc3YTE2ABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABJjQB4c="} +01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945728488726,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728489362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728489362,"pkt":"YhO2esBpdNo47VMyCABFAABcTiVAADMRx9BbbAlEwKgMQwJUoDMASJ7WXPOTdb7uCtvt6zwJ96Mr0f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYpkAAA=="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728494473,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731945728494473,"pkt":"dNo47VMyYhO2esBpCABFAACYLCxAAEAR3K\/AqAxDW2wJIqZHBXgAhAxtAAMAaCESpEJwVUxJeGRiQVdKMFYAGQAEEQAAAAAGAB0xNzMxOTY3MzI5OjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOGM4YTliZjZhNDA3N2ExNgAIABQm+N1\/wSiwtOXIMpNlS1zDLPeq8A=="} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728494473,"flow_dst_last_pkt_time":1731945728524234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731945728524234,"pkt":"YhO2esBpdNo47VMyCABFAAB4xOhAADQRUBNbbAkiwKgMQwV4pkcAZCuQAQMASCESpEJwVUxJeGRiQVdKMFYAFgAIAAHmfnp+rWAAIAAIAAG4TXwxDtIADQAEAAAAPIAiAAROb25lAAgAFM5pB5c1eleZe\/6c\/z+F7CzLuE7OgCgABFQL6vg="} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728584147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728584147,"pkt":"YhO2esBpdNo47VMyCABFAABcWFJAADERu7RbbA0zwKgMQwJVmHMASPHVXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYJkAAA=="} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728609969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728609969,"pkt":"YhO2esBpdNo47VMyCABFAABc6YBAADMRJLJbbBEHwKgMQwJVtxQASIZMXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYZkAAA=="} +00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728706036,"pkt":"YhO2esBpdNo47VMyCABFAACUTkpAADMRx3NbbAlEwKgMQwJUoDMAgHtqXPOTdb7uCtvt6zwJ96Mr0ZuShe4AAABgAAEATCESpEJoaGtXcGNWVXpySVIABgAJS0x0MzpPZ3pWAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTxjAEB0\/jnWqnvYdX1S+b9+3BmXYAoAARQiC5f"} +01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1731945728706036,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728709636,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1731945728709636,"pkt":"dNo47VMyYhO2esBpCABFAAB0WS9AAEARr67AqAxDW2wJRKAzAlQAYEs2XPOTdb7uCtvt6zwJm5KF7vejK9EAAABAAQEALCESpEJoaGtXcGNWVXpySVIAIAAIAAEjRnp+rQYACAAUbdtTUes+IvzXP3cb0qK2aH6\/gNqAKAAEBJsbdw=="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728710788,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728710788,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xc1AAEARo2fAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728710788,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728710788,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728711013,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728711013,"pkt":"dNo47VMyYhO2esBpCABFAAA4EYtAAEAR857AqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728711013,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728711013,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728714153,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728714153,"pkt":"dNo47VMyYhO2esBpCABFAACUWTBAAEARr43AqAxDW2wJRKAzAlQAgG30XPOTdb7uCtvt6zwJm5KF7vejK9EAAABgAAEATCESpEI0MGVWenAxdGxjbmQABgAJT2d6VjpLTHQzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABQUZZOHVHammz9bm6rlsbiZMuqFn4AoAAQtt\/ba"} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728858961,"flow_dst_last_pkt_time":1731945728524234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731945728858961,"pkt":"dNo47VMyYhO2esBpCABFAACcLDhAAEAR3J\/AqAxDW2wJIqZHBXgAiOqQAAgAbCESpEJOK1doL01hbW9jM1YAEgAIAAGWoHp+rWAABgAdMTczMTk2NzMyOToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDhjOGE5YmY2YTQwNzdhMTYACAAU75sz2EBb0hSU\/yLvGAjc3jfRyEc="} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728584147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728962208,"pkt":"dNo47VMyYhO2esBpCABFAABEHZRAAEAR54rAqAxDW2wNM5hzAlUAMHVSXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728963821,"flow_dst_last_pkt_time":1731945728609969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728963821,"pkt":"dNo47VMyYhO2esBpCABFAABEyX1AAEARN83AqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728995458,"pkt":"YhO2esBpdNo47VMyCABFAACUWHFAADERu11bbA0zwKgMQwJVmHMAgDvkXPOTdb7uCtvt6zwJb31myCmOxcsAAABgAAEATCESpEJEbE1XZHhyZEpQWFgABgAJS0x0MzpPZ3pWAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABS2yKV+wUzYSSt9TjMvT2twQfopgoAoAATUf0H9"} +01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1731945728995458,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728999059,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1731945728999059,"pkt":"dNo47VMyYhO2esBpCABFAAB0HZVAAEAR51nAqAxDW2wNM5hzAlUAYP9BXPOTdb7uCtvt6zwJKY7Fy299ZsgAAABAAQEALCESpEJEbE1XZHhyZEpQWFgAIAAIAAEjR3p+qXEACAAUNbxkRyuSnMtEid3t8H4BEMIHj4uAKAAExuFdQQ=="} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728963821,"flow_dst_last_pkt_time":1731945729110362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945729110362,"pkt":"YhO2esBpdNo47VMyCABFAABc6cNAADMRJG9bbBEHwKgMQwJVtxQASIVMXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcACZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYZkAAA=="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731945729210681,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945729210681,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xc9AAEARo2XAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731945729214956,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945729214956,"pkt":"dNo47VMyYhO2esBpCABFAAA4EaJAAEAR84fAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728965019,"flow_dst_last_pkt_time":1731945729659565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":640,"flow_src_tot_l4_payload_len":1556,"flow_dst_tot_l4_payload_len":3292,"midstream":0,"thread_ts_usec":1731945729659565,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":54709.9,"max":245348,"stddev":61453.4,"var":3776523008.0,"ent":4.1,"data": [25074,216674,245348,4517,49052,101090,2123,47856,705,203,47977,8,48680,63235,15,67883,33733,30921,5566,35563,42632,10,106554,90512,4893,3141,92065,131857,148102,20831,29188]},"pktlen": {"min":68,"avg":179.5,"max":668,"stddev":151.2,"var":22848.8,"ent":4.6,"data": [68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92]},"bins": {"c_to_s": [0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.577797413,4.704595566,5.840540886,6.068605900,5.729596138,5.724494934,6.023389339,5.735745430,5.209395409,6.047139168,5.621933937,5.952142715,5.800000668,6.109596729,6.500761509,6.081621647,6.754777431,5.751046658,6.006148338,4.577797413,4.704595566,7.371456146,5.947301865,6.372353077,5.506771564,5.806564331,6.849390507,5.727319241,5.766920567,5.701651573,6.887141705,5.708128929]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02376{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945729768352,"flow_dst_last_pkt_time":1731945729070645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":948,"midstream":0,"thread_ts_usec":1731945729768352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":263,"avg":61876.7,"max":364488,"stddev":85905.3,"var":7379713024.0,"ent":4.0,"data": [28317,34064,35508,364488,566,362690,49517,68716,48417,51074,2919,56026,29084,263,48698,1930,20770,10384,79381,92318,1601,769,131478,118774,44174,69454,51913,13839,47939,1880,51228]},"pktlen": {"min":56,"avg":136.9,"max":237,"stddev":39.8,"var":1586.6,"ent":4.9,"data": [56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82]},"bins": {"c_to_s": [1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.971485138,5.671458721,5.746047974,5.878075600,5.706763744,5.727324486,5.785743237,5.641233921,5.929356098,5.664824486,5.968761921,5.817453384,5.830233097,5.731947422,5.954558372,5.994700909,5.790436745,5.817786694,5.885230064,5.863245964,5.738586903,5.528282642,6.865426064,5.427438736,6.728340626,6.638175011,6.711227417,6.654670715,5.510934830,6.905664921,5.741343975,5.854089737]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731945730211455,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945730211455,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xi9AAEARowXAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731945730212650,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945730212650,"pkt":"dNo47VMyYhO2esBpCABFAAA4EfBAAEAR8znAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1731945732214609,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945732214609,"pkt":"dNo47VMyYhO2esBpCABFAAA4XrRAAEARooDAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1731945732214755,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945732214755,"pkt":"dNo47VMyYhO2esBpCABFAAA4EqZAAEAR8oPAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945732214609,"flow_dst_last_pkt_time":1731945733394117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945733394117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945729110362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945738970403,"pkt":"dNo47VMyYhO2esBpCABFAABEzUFAAEARNAnAqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945736216693,"flow_dst_last_pkt_time":1731945739144052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945739144052,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":241,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742420231,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1731945742420231,"pkt":"dNo47VMyYhO2esBpCABFwAEFw38AAEABhD\/AqAxDW2wJIgMDL10AAAAARQAA6dCeQAA0EUPsW2wJIsCoDEMFeKZHANUK1kAAAMmQb2AJzb3qHHAerQa+3gACImIAyjEA+ABKS8ce3yTB2t4dJ0Gq0MjI3DQc3a7luHIJR7sQrMRvHrxrIsP+1AgD+2TZkP6mYt4lsYZ\/LfTY1rQm16V09KwAjNVzc2DmDqff4tuttobLGtALUjjw0eT1RB8\/Tzx94UspBNvBqnLdwxrpjljx38\/VDd\/yMgt5SOu\/cbylLKZ6s9TwAFTEf7V12BeqWik\/WQDQv\/9BXRMMVVgo63X7iHa11\/Zbc7776lDaT7M+twE1+8w="} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":241,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742420231,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":6.979447}} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1731945742427566,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1731945742427566,"pkt":"dNo47VMyYhO2esBpCABFwAB8w4AAAEABhMfAqAxDW2wJIgMDLtQAAAAARQAAYNCgQAA0EURzW2wJIsCoDEMFeKZHAExbNAEEADAhEqRCenpYWVJwRFFDb201AA0ABAAAAACAIgAETm9uZQAIABQ+KeI5lcomrBSJbcYHE6UGj1Uj14AoAAQNK102"} +00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1731945742483377,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1731945742483377,"pkt":"dNo47VMyYhO2esBpCABFwAB9w4EAAEABhMXAqAxDW2wJIgMDLtUAAAAARQAAYdCnQAA0EURrW2wJIsCoDEMFeKZHAE3xhEAAAEEX\/v0AAQAAAAAACAA0AAEAAAAAAAgL4navLTSfGO6ZdGR1XF3agUnmdNc0JqHPz11AONRepxhXuTrfKSh\/DdS\/Ug=="} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1731945742486517,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1731945742486517,"pkt":"dNo47VMyYhO2esBpCABFwACFw4IAAEABhLzAqAxDW2wJIgMDLt0AAAAARQAAadCoQAA0EURiW2wJIsCoDEMFeKZHAFWli0AAAEkX\/v0AAQAAAAAACQA8AAEAAAAAAAndkPmzy1kMGucJfQE2hnwTqBl5kurGYSy1jtwjjMEdLnj7utWJl\/Uku5oSw49NQ7SZgNrJ"} +00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1731945742490274,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1731945742490274,"pkt":"dNo47VMyYhO2esBpCABFwABjw4MAAEABhN3AqAxDW2wJIgMDLrsAAAAARQAAR9CrQAA0EUSBW2wJIsCoDEMFeKZHADNWfUAAACcV\/v0AAQAAAAAACgAaAAEAAAAAAAr81xeavmYd7qWcd6iCtVgKwnw="} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742490274,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":79,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945738968988,"flow_dst_last_pkt_time":1731945739091138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":60,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945738970434,"flow_dst_last_pkt_time":1731945738995534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":640,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":11896,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01163{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":401,"flow_dst_packets_processed":341,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945742396734,"flow_dst_last_pkt_time":1731945742488310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":56131,"flow_dst_tot_l4_payload_len":53338,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945741156829,"flow_dst_last_pkt_time":1731945735000846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":884,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945740903911,"flow_dst_last_pkt_time":1731945739145072,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":552,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945739117008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com"}} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1731945742490274} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 870/868 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 127117 bytes +~~ total detected protocols..: 10 +~~ total active/idle flows...: 10/10 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7531907 bytes +~~ total memory freed........: 7531907 bytes +~~ total allocations/frees...: 126839/126839 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 561 chars +~~ json message max len.......: 2381 chars +~~ json message avg len.......: 1470 chars diff --git a/test/results/default/telnet.pcap.out b/test/results/default/telnet.pcap.out index 6f59bb9ac..3a70e7d02 100644 --- a/test/results/default/telnet.pcap.out +++ b/test/results/default/telnet.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":943755158387203} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":943755158387203} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":943755158387203,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158387203,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158389728,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="} @@ -11,7 +11,7 @@ 01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160949196,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160949196,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"fake","password":""}}} 02271{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160950568,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160950568,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":172,"avg":125200.9,"max":1232764,"stddev":336743.6,"var":113396252672.0,"ent":2.2,"data": [2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372]},"pktlen": {"min":52,"avg":63.2,"max":137,"stddev":18.8,"var":354.0,"ent":4.9,"data": [60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52]},"bins": {"c_to_s": [15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0],"entropies": [4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} 01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755197957149,"flow_dst_last_pkt_time":943755197958477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":943755197958477,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":943755197958477} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":943755197958477} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912353 bytes -~~ total memory freed........: 6912353 bytes -~~ total allocations/frees...: 114231/114231 +~~ total memory allocated....: 7489949 bytes +~~ total memory freed........: 7489949 bytes +~~ total allocations/frees...: 125962/125962 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars ~~ json message max len.......: 2276 chars diff --git a/test/results/default/tencent_games.pcap.out b/test/results/default/tencent_games.pcap.out index c33d41549..9fbd88fd5 100644 --- a/test/results/default/tencent_games.pcap.out +++ b/test/results/default/tencent_games.pcap.out @@ -1,5 +1,5 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707238628700988} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1707238628700988} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707238628700988,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628700988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707238628700988,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.130.19.227","src_port":43300,"dst_port":65010,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628700988,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707238628700988,"pkt":"RQAAPBTXQABABi6oCtetASuCE+OpJP3ySA0izgAAAACgAv\/\/6UkAAAIEJugEAggKADg0GAAAAAABAwMJ"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707238628897041,"pkt":"RQAAMAAAQABABkOLK4IT4wrXrQH98qkkd+t360gNIs9wEgQAXdMAAAIEJugDAwkA"} @@ -7,7 +7,7 @@ 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":116,"pkt_l4_len":96,"thread_ts_usec":1707238628901586,"pkt":"RQAAdBTZQABABi5uCtetASuCE+OpJP3ySA0iz3frd+xQGACAkWEAADNmAAsACxABAAAAAAEAAABMAAAAAAIDAAAnEAAAAGUAAwMAAAAUOTA4OTQ5OTU2NTE0OTMyMDQzMAAAAAAAAAAAAAAAAwAAAAAAAAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1707238628700988,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707238628901586,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.130.19.227","src_port":43300,"dst_port":65010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628901869,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707238628901869,"pkt":"RQAAKAAAQABABkOTK4IT4wrXrQH98qkkd+t37EgNIxtQEAP\/soAAAA=="} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710911174720280} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":390,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1710911174720280} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710911174720280,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174720280,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911174720280,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.97.166","src_port":46658,"dst_port":8085,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174720280,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1710911174720280,"pkt":"RQAAPLrbQABABsQjCtetAaI+Yaa2Qh+VE6JEngAAAACgAv\/\/DDQAAAIEJugEAggKD4MhPgAAAAABAwMJ"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174815632,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1710911174815632,"pkt":"RQAAMAAAQABABn8Loj5hpgrXrQEflbZCd+t36xOiRJ9wEhAAcS4AAAIEJugDAwkA"} @@ -23,7 +23,7 @@ 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201551469,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":378,"pkt_l4_len":358,"thread_ts_usec":1710911201676284,"pkt":"RQABej1+AABABm0gCtetAaI+dMmncFD7voEv1Xfrd+xQGACAbJAAAAAAAU54ATVRy2rDMBD8lz27Ru9HbjmUnAKl0JvByNY6mNiWK4uUEPLvle0E6aAd7WhnRg9Y8LfuPRxYAe3otyMlhBaQ7jPmcwFdDGPdz3AASsp1UWKggDmGFpdlZxQwhje5gBvGpQ9TZhzPp8+fj+PkY+j9hyxJJjbB3\/PVo4Iw45RJFRwq0FxIa4jWQlKihTGygqICN8\/vDsaN3bDFRXQbxBVlesfmwaVXI30hLqY+ZR0bSPbn2k1zClfcYdk1eSbhbYOcWC+NMygkc7xhhBNKrHK+EW33Zq+pbMTvr1N9CuEy5HKdFsOAr\/lWcmWU5YxZIYUSjFfwzMZ3L9n66iTXE6a\/EK\/1njScQ9MPmPEFJ1+nfsQluXHLXWchlDJClZZrgjHrj\/Vt\/xTFyrwpVWVuWOn9ZY3eIecd61rFrOw011IaL9AylNrYjih4\/gOOuZK9"} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1710911201480980,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201551469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911201676284,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.116.201","src_port":42864,"dst_port":20731,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201676455,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1710911201676455,"pkt":"RQAAKAAAQABABmvwoj50yQrXrQFQ+6dwd+t37L6BMSdQEA\/\/+QgAAA=="} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1710946393543759} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1710946393543759} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710946393543759,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393543759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946393543759,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"129.226.103.74","src_port":47046,"dst_port":31003,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393543759,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1710946393543759,"pkt":"RQAAPEo\/QABABk94CtetAYHiZ0q3xnkblxhB9QAAAACgAv\/\/rcQAAAIEJugEAggKMFSdvAAAAAABAwMJ"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393905382,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1710946393905382,"pkt":"RQAAMAAAQABABpnDgeJnSgrXrQF5G7fGd+t365cYQfZwEgQAvA4AAAIEJugDAwkA"} @@ -34,7 +34,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1710911201480980,"flow_src_last_pkt_time":1710911201708919,"flow_dst_last_pkt_time":1710911201676455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":433,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.116.201","src_port":42864,"dst_port":20731,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1710946393543759,"flow_src_last_pkt_time":1710946394270452,"flow_dst_last_pkt_time":1710946394629878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":2332,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":2332,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"129.226.103.74","src_port":47046,"dst_port":31003,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1710911174720280,"flow_src_last_pkt_time":1710911174823773,"flow_dst_last_pkt_time":1710911174895319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":125,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":125,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.97.166","src_port":46658,"dst_port":8085,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4226,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1710946394629878} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4226,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1710946394629878} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923969 bytes -~~ total memory freed........: 6923969 bytes -~~ total allocations/frees...: 114210/114210 +~~ total memory allocated....: 7501565 bytes +~~ total memory freed........: 7501565 bytes +~~ total allocations/frees...: 125941/125941 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 519 chars ~~ json message max len.......: 1143 chars diff --git a/test/results/default/teredo.pcap.out b/test/results/default/teredo.pcap.out index 4a14e3f31..af96493e8 100644 --- a/test/results/default/teredo.pcap.out +++ b/test/results/default/teredo.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1438853615305874} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1438853615305874} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853615305874,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853632713044,"flow_src_last_pkt_time":1438853632713044,"flow_dst_last_pkt_time":1438853632766780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619844656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629411015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1438853653403120} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1438853653403120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917829 bytes -~~ total memory freed........: 6917829 bytes -~~ total allocations/frees...: 114205/114205 +~~ total memory allocated....: 7495425 bytes +~~ total memory freed........: 7495425 bytes +~~ total allocations/frees...: 125936/125936 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 583 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/teso.pcapng.out b/test/results/default/teso.pcapng.out index afdb58364..c7eb7a8e7 100644 --- a/test/results/default/teso.pcapng.out +++ b/test/results/default/teso.pcapng.out @@ -1,12 +1,12 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712418301084759} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712418301084759} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712418301084759,"flow_src_last_pkt_time":1712418301084759,"flow_dst_last_pkt_time":1712418301084759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712418301084759,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.124","src_port":56158,"dst_port":24120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712418301084759,"flow_dst_last_pkt_time":1712418301084759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712418301084759,"pkt":"SKmKCiNt8C90rUP1CABFAAA82gtAAEAGvz\/AqFjnn2TofNteXjgasIY1AAAAAKACfXihnwAAAgQFtAQCCAp+hX5eAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712418301084759,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712418301128154,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADAGqUufZOh8wKhY5144215\/Y1ZDGrCGNqASOJCd4wAAAgQFnAQCCAo\/Q+PVfoV+XgEDAwk="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1712418301128165,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712418301128165,"pkt":"SKmKCiNt8C90rUP1CABFAAA02gxAAEAGv0bAqFjnn2TofNteXjgasIY2f2NWRIAQAPuhlwAAAQEICn6Ffok\/Q+PV"} 01705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1712418301129917,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":924,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":924,"pkt_l4_len":890,"thread_ts_usec":1712418301129917,"pkt":"SKmKCiNt8C90rUP1CABFAAOO2g1AAEAGu+vAqFjnn2TofNteXjgasIY2f2NWRIAYAPuk8QAAAQEICn6Ffos\/Q+PVAAADVgABAAEAAANOARAAFGdhY2hpbXVjaGlsZWF0aGVybWFuAAACcnUAC0iEkgAAAIAAAACLeJwBgAB\/\/y4wRUeEdGjc5neH87hiJx9oyD3v96QHA5asa5HfLYmf3nqmKdbNvGzbLm7oNkPUbCFzjQ7j9UiWJUJjExrJfUy4iljWE3\/rc+fZtyTQeEJp+uULKiQqNsgNQ6IIgy2uTypl7qgCEpHqHD7B9UhYOLnRgbRG9Hll9Z8qMFXI7zzA1I0+pwQAAAAABrUK4AAAAIAAAACLeJwBgAB\/\/0mEA2Z9GhR6SYngu9R1xkz7ExgdBhJ8jUIilNUvNEAUV9NsJmaftH1\/5En0PPmrDu5V+hhv0hoEubEP77gCyfidH6XlJ\/sXc3gTiZD\/qmej73EIQSfV34stfr\/7I39Yzhg6VIyzPsiCjewOUL9gxNWvIzJBLkOVkFc5lU9532TYuxU8hwAAAIAAAACLeJwBgAB\/\/3DwUbbo8PDrE5GLBWXapmz9TMd9iV22KZOslNaOi3MSXvk03UvYZeJydbZOWJgkVUpPPj8CNzqDh+Vqj1yriGHviu0D48KBluBY0Qd+1VPLlP7OcVd3Bpx28Qon0pq9Z9Q4hegEQHI4wl6efZDYwAPdFlb298YHrndKgttYwtmEPExD4gAAAIAAAACLeJwBgAB\/\/1rN52\/9s5kHG34xzcF3bSQxOD9IDLs3Kxg2IvKfqcF5Ltzk1NkhJ0bsWo5I8SQggmQa0gzi+430PvGTruw+B4ccuFQmGsPlnpYTBLdAHaJURLWPx+Rk0C59QrMnLwUa66YElpND4UQmpmxe8ZhJ2VyhQr2GoqwimM\/Zpj1SZzNLOJI8nQAAAIAAAACLeJwBgAB\/\/zegm2yCFkJlFXSgwiL1njXdrIlYshdwN8AXA6IBzvAhVoQ3TpCLMzwNk6it7nB\/fPtDNt+yWRD6by5omXmylaLBrcQBEhm7cc33Igm1hTrNCL34XZvS7zMW4BRllLH7qCjBI6s6SiRCywevzEadyC6oARpmgBiXueRbQYg9wnU+ChE8FAscD7YAFmVzby5saXZlLjkuMy42LjI4NDk5MDMAACQ1ZDlmNDhjMS1hMWQxLTQ0ZTAtOWM1ZS0zMWJiZmMwNmQwMGQA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712418301084759,"flow_src_last_pkt_time":1712418301129917,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":858,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":858,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712418301129917,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.124","src_port":56158,"dst_port":24120,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":858,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1712439835982020} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":858,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1712439835982020} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712439835982020,"flow_src_last_pkt_time":1712439835982020,"flow_dst_last_pkt_time":1712439835982020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439835982020,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.114","src_port":47860,"dst_port":24504,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1712439835982020,"flow_dst_last_pkt_time":1712439835982020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712439835982020,"pkt":"SKmKCiNt8C90rUP1CABFAAA8OUlAAEAGYAzAqFjnn2Tocrr0X7h9O8qgAAAAAKACfXihlQAAAgQFtAQCCAqzbEgoAAAAAAEDAwc="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1712439835982020,"flow_dst_last_pkt_time":1712439836021952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712439836021952,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADEGqFWfZOhywKhY51+4uvQkJzqKfTvKoaASOJD4HQAAAgQFnAQCCApAjHiUs2xIKAEDAwk="} @@ -15,7 +15,7 @@ 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712439835982020,"flow_src_last_pkt_time":1712439836023732,"flow_dst_last_pkt_time":1712439836021952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":835,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439836023732,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.114","src_port":47860,"dst_port":24504,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712439835982020,"flow_src_last_pkt_time":1712439836023732,"flow_dst_last_pkt_time":1712439836021952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":835,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439836023732,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.114","src_port":47860,"dst_port":24504,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712418301084759,"flow_src_last_pkt_time":1712418301129917,"flow_dst_last_pkt_time":1712418301128154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":858,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":858,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712439836023732,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.100.232.124","src_port":56158,"dst_port":24120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TES_Online","proto_id":"408","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1712439836023732} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/teso.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1712439836023732} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6914369 bytes -~~ total memory freed........: 6914369 bytes -~~ total allocations/frees...: 114160/114160 +~~ total memory allocated....: 7491965 bytes +~~ total memory freed........: 7491965 bytes +~~ total allocations/frees...: 125891/125891 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1710 chars diff --git a/test/results/default/tftp.pcap.out b/test/results/default/tftp.pcap.out index fa4c7c5d1..c9b5cda2e 100644 --- a/test/results/default/tftp.pcap.out +++ b/test/results/default/tftp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946730124846355} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946730124846355} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946730124846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtViAEUAGx52AAEAAAAAAAAAAAAAAG9jdGV0AA=="} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -15,7 +15,7 @@ 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 01194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_usec":946730124846355,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkygAAIARI03AqAAKwKgA\/Q11xboCDFT\/AAMAA3Byb3RvY29sIHdhcyBvcmlnaW5hbGx5IGRlc2lnbmVkIGJ5IE5vZWwgQ2hpYXBwYSwgYW5kIHdhcwogICByZWRlc2lnbmVkIGJ5IGhpbSwgQm9iIEJhbGR3aW4gYW5kIERhdmUgQ2xhcmssIHdpdGggY29tbWVudHMgZnJvbQogICBTdGV2ZSBTenltYW5za2kuICBUaGUgY3VycmVudCByZXZpc2lvbiBvZiB0aGUgZG9jdW1lbnQgaW5jbHVkZXMKICAgbW9kaWZpY2F0aW9ucyBzdGVtbWluZyBmcm9tIGRpc2N1c3Npb25zIHdpdGggYW5kIHN1Z2dlc3Rpb25zIGZyb20KICAgTGFycnkgQWxsZW4sIE5vZWwgQ2hpYXBwYSwgRGF2ZSBDbGFyaywgR2VvZmYgQ29vcGVyLCBNaWtlIEdyZWVud2FsZCwKICAgTGl6YSBNYXJ0aW4sIERhdmlkIFJlZWQsIENyYWlnIE1pbG8gUm9nZXJzIChvZiBVU0MtSVNJKSwgS2F0aHkKICAgWWVsbGljaywgYW5kIHRoZSBhdXRob3IuICBUaGUgYWNrbm93bGVkZ2VtZW50IGFuZCByZXRyYW5zbWlzc2lvbgogICBzY2hlbWUgd2FzIGluc3BpcmVkIGJ5IFRDUCwgYW5kIHRoZSBlcnJv"} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":8256,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":0.0,"max":0,"stddev":0.0,"var":0.0,"ent":0.0,"data": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"pktlen": {"min":46,"avg":295.0,"max":544,"stddev":249.0,"var":62001.0,"ent":4.4,"data": [544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.265709877,3.000972986,4.623624802,3.000972986,4.859318733,3.000972986,4.935849667,2.941084146,4.381216049,2.957494497,4.600720406,3.000972986,4.634294987,3.000972986,4.567757130,3.000972986,4.459813595,3.000972986,4.388016701,2.941084146,4.358253002,3.000972986,4.537627220,2.941084146,4.658279419,2.941084146,4.567505836,3.000972986,4.506970406,3.000972986,4.253873825,3.000972986]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946733724846355} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":102,"packets-processed":101,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":946733724846355} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946733724846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtVjAEUAGx52AAFzeXNtYW4ubGlzAG9jdGV0AA=="} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"sysman.lis"}}} @@ -25,7 +25,7 @@ 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":24795,"flow_dst_tot_l4_payload_len":196,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":946737844630728} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":103,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":946737844630728} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":946737844630728,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"zz.bin"}}} @@ -36,7 +36,7 @@ 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":946737844632198,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgquAAAEARbK+sHAWqrBwFW\/JqrkoADPvdAAQAAQ=="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946737844631726,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1032,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":108,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":7,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1692571562010945} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":108,"packets-processed":107,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":7,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1692571562010945} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562010945,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1692571562010945,"pkt":"gB8CRSVHAADNOBNDCABFAABJmb1AAEARGqHAqAItwKgCyIwAAEUANb2WAAJlbXB0eTEwMEtCAG9jdGV0AGJsa3NpemUAMTQ2OAB0c2l6ZQAxMDAwMDAA"} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562010945,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"empty100KB"}}} @@ -47,7 +47,7 @@ 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946737844631726,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1032,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26189,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1692571562013335} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":109,"packets-processed":109,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26189,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1692571562013335} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 ~~ skipped flows.............: 0 @@ -56,9 +56,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6929843 bytes -~~ total memory freed........: 6929843 bytes -~~ total allocations/frees...: 114335/114335 +~~ total memory allocated....: 7507499 bytes +~~ total memory freed........: 7507499 bytes +~~ total allocations/frees...: 126069/126069 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 517 chars ~~ json message max len.......: 2179 chars diff --git a/test/results/default/threema.pcap.out b/test/results/default/threema.pcap.out index ec98eb685..a795bd40d 100644 --- a/test/results/default/threema.pcap.out +++ b/test/results/default/threema.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655301424082000} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655301424082000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301424082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424082000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sOJAAD8GIgbAqAJkuVjsbsR6FGaFcI59AAAAAKAC\/\/+zrwAAAgQFtAQCCAoADj6fAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424108000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxHpp4+23hXCOfqAS\/\/9\/CwAAAgQFrAEDAwYEAggK7ZTvbAAOPp8="} @@ -21,7 +21,7 @@ 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301676990000,"pkt":"eJS0JASgYDjgxTWgCABFAABkOh1AAD8GmKPAqAJkuVjsbsVEFGa+1hz2PrdC4oAYAVeW7QAAAQEICgAPJvYNuzbqEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k5Ez5IOu8sHTBCPJKxiuLUM"} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301677017000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301677017000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxUQ+t0LivtYdJoAYBBT1kQAAAQEICg27NwgADyb2pST6cJDhur1ILq6UIEWtlnuQFkcU2\/xfWadEuFW78qsYg5wMjFnUvaWsfnK6Fp3dpRxs6\/7D1WxjM2X8\/Gu1wMcVtNcAnkhA9GW1gMlDC+8="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301678700000,"flow_dst_last_pkt_time":1655301677048000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655301678700000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1655304039977000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":43,"packets-processed":42,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1655304039977000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655304039977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304039977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8D\/ZAAD8GwvLAqAJkuVjsbsW6FGZ91skoAAAAAKAC\/\/\/3HAAAAgQFtAQCCAoAEMbeAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304040001000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxbp03BGqfdbJKaAS\/\/+2UQAAAgQFrAEDAwYEAggKO2t+0gAQxt4="} @@ -30,7 +30,7 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655304040005000,"flow_dst_last_pkt_time":1655304040029000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655304040029000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxbp03BGrfdbJWYAYBBS+bwAAAQEICjtrfvAAEMblDwmY0u1\/FJJlG8pGMzR4DHUA2SbDCPgL7VMIbmcQJS5Wyz7JHVONLuWdk575DHG9THznkpqJQgv38Qj\/f\/dhFRs1\/8YAkvYQ2sZA5fjM1T8="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304040312000,"flow_dst_last_pkt_time":1655304040064000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655304040312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301738438000,"flow_dst_last_pkt_time":1655301678762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655304045367000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655306704436000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655306704436000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655306704436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8W4NAAD8Gd2XAqAJkuVjsbsYeFGbGZSToAAAAAKAC\/\/+Z2wAAAgQFtAQCCAoAEn9rAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704460000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxh4tYXzzxmUk6aAS\/\/9+tQAAAgQFrAEDAwYEAggKd2P5ZgASf2s="} @@ -38,7 +38,7 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655306704464000,"pkt":"eJS0JASgYDjgxTWgCABFAABkW4VAAD8GdzvAqAJkuVjsbsYeFGbGZSTpLWF89IAYAVetkAAAAQEICgASf3J3Y\/lmEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k4sbataBLDe6as2OUn4cnpB"} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704488000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655306704488000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxh4tYXz0xmUlGYAYBBTJUQAAAQEICndj+YQAEn9yeZWV+OdkU0mSnCGppCSAJbL9JS8rd+OXEO3cXQRLF+HwyR8sz+yuANi\/FNlAZNb3PrHf0YF9udqW3VvcrW+\/D2pjQJ1v\/TFBzsLCAdVVzZ8="} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304045367000,"flow_dst_last_pkt_time":1655304045364000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655306704559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655307958972000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":41,"global_ts_usec":1655307958972000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655307958972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958972000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80XZAAD8GAXLAqAJkuVjsbsasFGYhOI\/mAAAAAKAC\/\/\/0UwAAAgQFtAQCCAoAFl6QAAAAAAEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958996000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxqxr+FC1ITiP56AS\/\/\/D1gAAAgQFrAEDAwYEAggK\/JV3MgAWXpA="} @@ -51,7 +51,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301621987000,"flow_dst_last_pkt_time":1655301622013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":468,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 01062{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"7":"Match by IP"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":83,"packets-processed":83,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1655308018973000} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":83,"packets-processed":83,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":54,"global_ts_usec":1655308018973000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 83/83 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6934352 bytes -~~ total memory freed........: 6934352 bytes -~~ total allocations/frees...: 114287/114287 +~~ total memory allocated....: 7511948 bytes +~~ total memory freed........: 7511948 bytes +~~ total allocations/frees...: 126018/126018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 545 chars ~~ json message max len.......: 1067 chars diff --git a/test/results/default/thrift.pcap.out b/test/results/default/thrift.pcap.out index f51fe5065..0f544d4f3 100644 --- a/test/results/default/thrift.pcap.out +++ b/test/results/default/thrift.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157360,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157360,"pkt":"ZGV2aWNlZHJpdmVyCABFAAA0aulAAIAGAACp\/jv3qf4uBNCLKwLKdsytAAAAAIACIAB\/HQAAAgQFtAEDAwgBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157427,"pkt":"ZHJpdmVyZGV2aWNlCABFAAA0AABAAD4Gvc2p\/i4Eqf479ysC0Iu7suEFynbMroASchBOjwAAAgQFtAEBBAIBAwMG"} @@ -8,14 +8,14 @@ 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157555,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1618939325157615,"pkt":"ZHJpdmVyZGV2aWNlCABFAAAoqt1AAD4GEvyp\/i4Eqf479ysC0Iu7suEGynbM1lAQAcn\/fwAAAAAAAAAA"} 02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325159246,"flow_dst_last_pkt_time":1618939325159187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2920,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3250,"flow_dst_tot_l4_payload_len":7422,"midstream":0,"thread_ts_usec":1618939325159246,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":119.8,"max":188,"stddev":47.3,"var":2241.9,"ent":4.8,"data": [67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119]},"pktlen": {"min":40,"avg":375.2,"max":2960,"stddev":637.8,"var":406764.6,"ent":3.6,"data": [52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960]},"bins": {"c_to_s": [5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":171,"packets-processed":170,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 07056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4936,"pkt_l4_len":4902,"thread_ts_usec":1622206473205908,"pkt":"AAAAAAAAAAAAAAAACABFABM6Zi5AAEARw4J\/AAABfwAAAcAMGq8TJhE6goGygQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBaGuaOvmYTOqQQWABbMtcCLqNbW4eoBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFprMtIHs2OEFFrAHGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3NzUxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWnNG0gezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWxJryxpeBoekEFgAWyPDeuea8r6YuFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFval54Hs2OEFFqwJGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3ODMxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW\/qvngezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAW8uWpt+qqgKsEFgAWqYLBtf270evxARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbonO2B7NjhBRbeBxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzgzOAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFoSh7YHs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFvqGnZy9+dfwAhYAFtO46sffyaa7GhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaOjdaC7NjhBRaqBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzk4NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtaQ1oLs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuzjrKCg6bX5ARYAFpqsg8CNmf7v3wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWxozeguzY4QUW1AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjc5OTQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBb4kN6C7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbgo7HM4sDc9gIWABat27nxrfeN4TsWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW5q\/Cg+zY4QUW+AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjgxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBawtMKD7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbcivTis8qLvAEWABbczvODu7Ks5pEBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrrbloTs2OEFFrQFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjQxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFuaWr8eDzPlFFgAW2IOOiNmRvvVRFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFqjTnoTs2OEFFsIFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjUyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWrtaehOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWqOOBz+7B0NMCFgAW5qywk4TRx6YBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs6wo4Ts2OEFFsoDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjU2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFozT1u+3sNX5AxYAFruLnr+svsXNXBYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhas7ryE7NjhBRbKCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODI5MwAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFqD2vITs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuTvlKK6tbniBBYAFt7TxoLztJ7ExgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqrLkhezY4QUW3g0ZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1NzMAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbMu+SF7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABaAqfv135ayxQEWABbxqpG05PnOr20WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW3PrvhezY4QUWgAIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1ODUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW7v+RypLGwoIFFgAWpa2JyqmV2qBHFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs7htobs2OEFFvoKGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4NzA2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW2Oi2huzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWvrSo25Lk6ZEBFgAW\/Mu25N3Uuy8WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWnKqph+zY4QUWygQZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg4MjcAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWqqCtwe+ZmegCFgAWrqHm7O\/56JRtFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrT9rYfs2OEFFrgMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4ODM3ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW6oSuh+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAWtIi99PnliOMDFgAWr4D1oIH+tqbMARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbIi9iH7NjhBRa4Cxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODg4NgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvyS2Ifs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpiG28yl9YTqAxYAFp6Khpqln4D\/vAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtIWniOzY4QUWwgcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkwMDUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa6iqeI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbU4KrL85XASBYAFtnRoOjBlpPt8wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW9tnkiOzY4QUW4AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBaI3uSI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABbyn72E39iHyQIWABb8lfCbktCR8\/QBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFo7D84js2OEFFtYGGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MTMyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWtMfziOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW1r+jys2k3sEBFgAWqbSn9uzasMAgFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFpDVs4ns2OEFFsYIGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MjM4ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWutqziezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAAAA=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":104,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325167655,"flow_dst_last_pkt_time":1618939325167596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6875,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":14450,"flow_dst_tot_l4_payload_len":71295,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 06247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4322,"pkt_l4_len":4288,"thread_ts_usec":1622206484939295,"pkt":"AAAAAAAAAAAAAAAACABFABDUa\/ZAAEARwCB\/AAABfwAAAcAMGq8QwA7UgoG0gQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBa0g7LzyrnngQEWABblrKGoxcOvpxwWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWhLSTiuzY4QUW8AIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjk0MDQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWtv6FuMfW8JgCFgAW3qHqkaHita3BARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbAwKqK7NjhBRbKAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTQ0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABbstN+sgbOr9wMWABbIn4yOmKP384MBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuSY7ovs2OEFFp4JGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5NjcxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWlp\/ui+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW0tWM2OiK4r0BFgAWo+eQwO2qkOjeARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAha414eM7NjhBRbmBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTcwNAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsDbh4zs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAFpryttmhxKdTFgAWseWtqrqlgq9cFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFtqLpI3s2OEFFtYFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5OTMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFtrmpq3dmcfxARYAFtjY6ratrM+VrgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqsnLjezY4QUWpAgZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAwMTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW3sK6\/MSryJHTARYAFqLGvoqEgZqcLBYAGAZ4eHgxMjMlBhaUjfCM7NjhBRbc+Z4BGRwYEXNhbXBsaW5nLnByaW9yaXR5FQZGAgAZDAAWyKqwjd6emYcEFgAW4qH\/nbeXkeoCFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuyjkY7s2OEFFtAMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMTM1ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW8KuRjuzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWpLug4Pyk6vkCFgAW3OjsypaSgdgeFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFryryo7s2OEFFsIDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMjMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFvzArf3L35zQBBYAFq2f5a3mhJWg9QEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW\/P7pjuzY4QUW+AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAyODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWkvOmk8WC2swCFgAWtI7dwaDc4Z2\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbqnOWP7NjhBRaWCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDQ3MAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvSj5Y\/s2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpTB1qCT2cqkBBYAFvSMwrWC39zRxQEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtOPrj+zY4QUWigYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA0ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbi5uuP7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABb+mOqot9nKqQQWABa2lJymztvVvjYWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWgpOxkOzY4QUWwgEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA1ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWjv\/Q15zA+P8DFgAW+\/2iuY3E3+P9ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaepeOQ7NjhBRaWBBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDY1OAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsyn45Ds2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFujnhs\/6qqS7AxYAFub224W23ojIPhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaGgYeS7NjhBRamAhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDk2NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABakkI\/xl8iqzQMWABaIpcHvzq\/79SoWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWzNuwkuzY4QUWwAoZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwMzQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa04rCS7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABa8+tv72OzRmAIWABbH5c6EkKG4hCIWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWloTAkuzY4QUW4gEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwNTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW\/N+I9eTZqIwDFgAWg7v+\/4PfgvG7ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbQ+fuS7NjhBRbcAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTE0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtz7+5Ls2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFsSeqPfrlcbzAhYAFqXK8qPO186QwAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWlNCJk+zY4QUW9AMZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzExNjgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWxPPB2pP1wZMBFgAW+KuAr+XO8fi\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaO\/8uU7NjhBRa6BBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTQzNgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFuyBzJTs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAAAA="} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206484939295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":172,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":172,"packets-processed":172,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 172/172 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917053 bytes -~~ total memory freed........: 6917053 bytes -~~ total allocations/frees...: 114322/114322 +~~ total memory allocated....: 7494649 bytes +~~ total memory freed........: 7494649 bytes +~~ total allocations/frees...: 126053/126053 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 530 chars ~~ json message max len.......: 7061 chars diff --git a/test/results/default/tinc.pcap.out b/test/results/default/tinc.pcap.out index 951bf69b6..934302455 100644 --- a/test/results/default/tinc.pcap.out +++ b/test/results/default/tinc.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983475109122,"flow_dst_last_pkt_time":1495983475109062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":3036,"flow_dst_tot_l4_payload_len":2354,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":101,"flow_dst_packets_processed":29,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983470930418,"flow_dst_last_pkt_time":1495983470973187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":132724,"flow_dst_tot_l4_payload_len":31332,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":105,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983463866065,"flow_dst_last_pkt_time":1495983463817214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1468,"flow_src_tot_l4_payload_len":28820,"flow_dst_tot_l4_payload_len":135316,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":317,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":317,"packets-processed":317,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928318 bytes -~~ total memory freed........: 6928318 bytes -~~ total allocations/frees...: 114499/114499 +~~ total memory allocated....: 7505998 bytes +~~ total memory freed........: 7505998 bytes +~~ total allocations/frees...: 126234/126234 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 527 chars ~~ json message max len.......: 2481 chars diff --git a/test/results/default/tk.pcap.out b/test/results/default/tk.pcap.out index 7b48324a8..382cfa414 100644 --- a/test/results/default/tk.pcap.out +++ b/test/results/default/tk.pcap.out @@ -1,5 +1,5 @@ -00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613939315029133} +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00828{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1613939315029133} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1613939315029133,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk","domainame":"whois.dot.tk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -18,7 +18,7 @@ 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315127338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315184123,"flow_src_last_pkt_time":1613939315184123,"flow_dst_last_pkt_time":1613939315239614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315127815,"flow_src_last_pkt_time":1613939315127815,"flow_dst_last_pkt_time":1613939315183610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk"}} -00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1613939315239614} +00833{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1613939315239614} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912547 bytes -~~ total memory freed........: 6912547 bytes -~~ total allocations/frees...: 114165/114165 +~~ total memory allocated....: 7490143 bytes +~~ total memory freed........: 7490143 bytes +~~ total allocations/frees...: 125896/125896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars ~~ json message max len.......: 1106 chars diff --git a/test/results/default/tls-appdata.pcap.out b/test/results/default/tls-appdata.pcap.out index 666abae7a..7fc15a21e 100644 --- a/test/results/default/tls-appdata.pcap.out +++ b/test/results/default/tls-appdata.pcap.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642636825083000} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642636825083000} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1642636825083000,"pkt":"YDjgxTWgeJS0JASgCABFAADTdsZAAFQGdWizPMOtwKgCZAG77NyYT4Q6bz7CkoAYARcapAAAAQEICuA9efAA6xLnFwMDAJq6kl+L8CkANElxlxEecHMQmMQNkeaHxIp41zgnfTmHWl1kbYylGWBjaZG2NzJzlVXZWLztslEjbtyBdUs5oPdXaxkx+\/Qqz25LpRnvI2Oa6mejiJQ6cva3m1sq7WKg7Tr1kRyTeD3F3LCkV1iqkLWh7Tv+UIHyUeGMLTuUM2Ln4Jd+SMy0A0nofS3noQlT0jEHIJotqStJgnoJ"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -9,7 +9,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825302000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825302000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"} 00933{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825302000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825302000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825303000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1643610288722000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1643610288722000} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288722000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1643610288722000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUr1ZAAG4GmdrAqAJkNN\/GB+ZgAbs5J4UhnRUwIFAQJz3DuQAAFwMDBbsPVRnTUZmGPBlnKdgK94iLfa1WzOumranE61s0xvAtVjrmnivoUriXENTZHZ6xJ+jtI02SpI1pRFy9oatnRAti+z3dflh9zDeImNOzWaaReV7pRcOrrq7tetZhYkU+J8nisBJ42M5+CPOJz2x9RWtShEja6uVC5aX31AdfQo20rLfO\/h359IB7fzanuauTs\/HdR9kryxM8fpmunMnX8WXp67VFyeXC9tn4sMVL2L1iFuAZ2WReqtOFPjc27OdH3FdONsJrS3rdK2QVlml0LGbtHI9L05So1IHq5iGWqnYrZQ589c78wmLTg0z6Ka0yN+W3FGjoIGV3+LcQLvz6QRgjR\/kIHAJohOAQCxTc9V8F6Gv4p79TOjrL8QYreKxwrcyV7t0\/ffxHqa6wsgnwahqHz5mGSmBc+NEk20kRh8LU5Ux04uV1MrApZkpFkwVelAuPdI3nbz4UYiSP08RLjt7FwNdonwA2wk0UsATBQ2iYBLpKcWy8MNYJXPH2+OoHv7AYz4ifKDgWz1xsViG63GdMyM6QWXC1knvXeFbsFV0zb686r04l1qD5DGVWted1hpWErKnl1mFLjhp7NBh19Fu92aw6Pp1LmbPygTeDVvX2BkgA980SLqucCK1QQ\/87Y2y1rEMBDJI337XRO9fLLom3N1GZGcfdjcOmFx23h3Xsl+JOKuIRqUHcNjsuWmsI93vxv7AiXhfl3ON6PBpCzXsWfQd5CnOow3DrBISIOf0QBKNxmFchEodhvvam7eYuYBOrQVQbZqwqAEmXVvmKkPfxg11O7945k9bJbHrHGnTHIJFPF8Wi5iInrrMIczLCm1Ty3X1uvh+KSzqOKu23gp0oy8tw8FSTiaFy88XbiN7NdhsKDDqcgzhRWXEyoPsqv8ZLHWmNQtFHEc1otdBhKSXxBo4sSfSRCFeFjnRiWuoJkIwrZr\/BJCPDk0kJntgUkKLVBB9u32VxY3auwEwW8zwog0Kk3+GGDIkvqFTJNbiOxAZx3Bh00tLdNxMKdSO2fUGW4NL+WwwvLg+eGNlmxqkHecoyIHU6SnMN0ibGz7t0FimXl9FSI77SBAp8XGca7+fLewD9OHIgZzvqQJhSicTTl9ZflYmqdns0hrrJmkNCykZ4VHxI+domV7DRJABw2KvQ0HwDx5SMRpKeA2sueP598Raa+9F37mFZha6n1dhCKRSIkHPBCXwqEfhybcdOppz7dducg\/rDRmksOfTm7RdRFeBiYRjuqqdrpfrvqj4+n50RtPuOEamaACLRJe6TZ7AW60wNgZ4dbP5mBUOsUL+tGIvS3nrV+yuTsPHrJLA6h95nQQJJp1gPln6Nqwtu9dkRRA6KEKJsdtHc3JqWZjaSLJzaseg\/8y7N52Wwn6qAh47XHIlR\/ujrZyknuYN7irKa4apesgI2eDCnzFOHgd17m7AHq7vKvKmnQgplT+sFJcUwVu3nfqOhQjoDv02P5GlZXrAskO+6m+j9jtZMWk5ljB89fKaXNeLo2zjdBvluIThOvbDD4qSD+Jyi+\/ACr297jxF4hgS34EXR2bPMBCWBQ7weITTmdrwxEGtvfRK6RrUaKt0mA7Mmh2K3xkeJIyTQWAWBfCDfp+4+jtl\/HFNZ3X72EWk2uH6pI3SkOAUM71ZFkDV0zGFae0Xl1Uvj44SLDq0NxVlzOiFLtUYYjE6EZp45LPVhL8l6xcclI4RpJZwSBG5E9xwp658S+bV\/0zFdLWUxoCdi1hOVc+KmQMRQFDNgNxnLdxBG\/I6e1KPzAP3ozk4qy5VXGqPMtnuKoWBMuYqKTJjEAlG62upJHVz1g7aZjkN7ewqhTZXT4U3\/nLD+KKBpRA+6aGJQ3Wk\/Yc7YyxkVi+HCxxNdytkZcR22mmETB+o4WMzW60Iu0eFVoPREMdUcI4HUkA0F\/UGykYOAX3kyJbTw"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643610288724000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8r1dAAG4Gn3HAqAJkNN\/GB+ZgAbs5J4rNnRUwIFAYJz2+IQAAaUBxB\/Gc\/nglm3L+T6FaB1y1dAs="} @@ -20,11 +20,11 @@ 04463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288740000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":1643610288740000,"pkt":"YDjgxTWgeJS0JASgCABFAAuAJktAADkGUjo038YHwKgCZAG75mCdFTXMOSeK4VAQCRbJZQAAojBMnRDZFuM5IayC7DxZg14hGjptzpz7JyYn\/VlCW5HvsHG0Mf4\/S4so+0jRr7AUxe\/99FVXASYAy6+CnvN+L3wtaase6XcKwXPlMdIoSbRjhWoksZG1BLBjH5CzFnJVtvvwB4EQoSLCePdVBagaQtfWaLJfD9KQjJfE3+tjeuNO1zSZMQ3b3SV\/CSdUT8nZm6O5PfBzi9sFGCnyTeNgfHUexbr2KlFVjtjvSJtGOZY9oQaXPXGon+WPWFia+cJl+PLMl30C6oEUkTrH1lnP6uYZAtt02PaZK3cUjSU38gWQl0mmp1p4JVBUFUunkphM0+4YGawKHKXk+vQiFjN3ioqCBpN2z5nUccWMpzdzKOH6igknO7RExCKwvouXPpQ1blUE60W7wlRxBK7a0fhB\/hEFnGm0piRzqfUyfkXfj8Aof2hNjFMEOEym2LmXZpn326GR6rL8krrzqq3jihuk9\/AJbQW14B0xtzidDDna0EDhooCbiph5alqpOttnFPxdRRlN4M3rm\/reacV6TXT7cW1KkHfh4S8amolRozdjsBvB+KXa1i0gO\/5vi2yk8+fmbTfysVYk0Mvot7TD7\/Q1OwHq8ukhZ98JRoSBH0A8ZugikuD+4fy8dDXQgmV9\/YjKxYS6suqEHKksJ6+eZnU0mOC1DFDZX8lJCGWr8U4GyEY2CucVAkVGOktZvjRxG+3KNum5rBmsjeKJKSXGphUlupzVu0f4VVY7wiV4ctynrgVcw6ux9CX0IeEQl5wqxPMtwt7BaO89NjsCNj6gBqvFnAiEPTlZMERaymXlqNjw6veeiP13MVewTF0Rlrxjs8XDcqVMweVVmiCGwNbAjrc9sbh5GiU+faYg0AZTYafaQ36A7UsGPL3XlJxu951A5GXa6I2hlFIfAm7t0yxrQzKkAFb92IMk0IgoUmNFBTaMIniGjbcg\/z72wygn0RTxN8KnivzxYQacLE1FbOM0XK4dmV2rWgp+Woc+M1naNVKjCed5+RuQ+PBJD2sGM593KdXRlSF0I\/SAHo+T0+jf2U3PXlt2QrPuQpndaIkizrlweYwaGhzlzfAThT79ndRbdgGdHcTIIJL+MXNsCiks6XeMcyRuHaOEvM1XIHYKmvKFAJZlleY\/Md9YkNu8Lc1FVg28\/P\/YP9PE+FE0wUPrHKDT90ahjqHx43fmVvDRFl0eyLX3VrDZHsVxgJz2NN\/6cFvSemOcMT6B5\/SaiFcsESeYNjEqMLLc\/tV3eHld9iBH+VKKSpOWuT31emkQm6WixpHzFLID7PdiPOPeJv\/Z++fRf7ZLiyjHCozFlx4mqF7XfW9kA9UjpiMSECP+TidaPkx1HpdntfbzbR7fbmt6D993D4P6R0yffuLWnvUMv4qc+9exQOApudzlzhy8NkoTfBeulTXY5\/ULZFEW04bMOmxUV5Ne4bJTPM85nWvxLwxrGbnCTGn1gZMhUBctWzKdsQtAZQBwJqg\/qxXYLpiyHVwsiuv7ogoiDRR6QB6CsGgfBJOngbM\/aB5tsN1FXLYI2gLNzpo+xIqeYAtt1NTdzgJBvWrxj6Duk0z6E4qZpjDk\/svivOFJiM8KoSRX02zLN5x++UZ25zaMeFAwNEEL35xQQ4+Romt98\/A8tPyC4dL3gsmm7tYWUXOSd8QR\/+NkCUj\/dcif73fs+3ibQHbzNwa6kSb32Hx6C5Y+4xJeMGX92ODFuVRrt83\/1jnoAmrYSyiFAHhIOa1xKvUU8AH\/LXNtfqCN74U9hr+Wn8eg8quEgaeugyd7xLnbDYEQqYYnIcDbxSZ6XYYn9DMkM0ySze2bJmgpY9ix3kvkhVIIHhheuMqAS9jeqpodL+prASW5286G5rJV1w6ZaHEbL9tyhpXhdjHxkKivgLhvlkGYbWuGY2gK4BqKCsUf0afYcwpk59fZcpXaa\/X1cUuThVmEFyCzCKV90qwcQbbh3NV94v59hKYCqRRVRhczTJbB3O24laSakXKqPpoCepQA4PYv0unbtAjaTLi7fnhCTbkJUeBKwZDldC5PTtweRlnf8strRAZKsIR8IQXhz+ZULlotXXCRgmVXaJT6ntsyREGK4i2UG6IiNPExNFOuYp7ngey+fOEo37VnteRim5SBGHCmpjlaIEO6il7e14KczR2ul0BjjZg1LVP4XtQzVGx50jB2l8EZPGZrIiDab6th1u3sffiYMboSZlVYcGeeeQAQYcxYkSJ5ikCOo2r71WNGtMobC1nRrpkIkH60qawk3IFODuL3ip6EVMR0gUK4uJLQ451UAiCycCyM3CKstjMDA3+H2kNBwIk3K3ualeSa0ojhqP9TMdZ2Upmf7xvtPxNOj3h7Vepw41umUU94JF4B56rNQVjbppIuFIvFcX0R4mYCImIYYsreCnItiEnzaz8qLLKy0DfMK0uYjezNlowQAxgmeGeM7rACrWUV8MTm\/FksrPSXAAjmkFYlv0\/ha6Hgb5hC7dwHoszxFNONQhLvB+l1oMZE3OczPqJkj2NcafixDE7zVK+ICgGbXwYGzzVjpgU3jKIBPryo+Mtqmz9ww8OES90G77kCoTiJrGSIbwPF9xf6g56VF9GoPrRNwWpdiu3KuJYw98xjWhVX2xnNbhSb4CONR1K1stR3uCOKxPYE1Y0WCpQ5aDNUSlleK5PTy4H51wRPNViq9PWUz72OoK2qNv7Cm2bFrTIY\/uCDzd4QSh9OHwBLCqlInnnwzjZ3hk9I6v7OyEGeqjryjZ8Xdy8iIoPkYNQJBlq5UbqDVkawPgYeELv3Xp+4mLSAz3VjZsPByIvGEuV5erP1UlRyVhmB+g64ztQZglHJAUxLbmhoCe43waLX218\/mXhae1gmHPSpKzBfGlu32McJYULZY32m+WjPTruIMvwjvc6SKGFSR0vSBsOkqlUtZV3yp9sqkwkU+LeNfQVrRZzzRFN6DGJ24PJfxgvI1RYt8dN2Nri4x7+3pAfT5WWt+O6qbHbvfM8h+hBty\/3VRCemu+NcbzhUmRNuS9yHf0pm5rCKEl5F2kggRV\/GrvmICg3rJCbvLZjITqdjJmYudk5RyaSyiJTaYphXdTPMcl4YG8cyyAH6s\/1wgixKpV3xb\/SfMo4qWJoIVuhR7WvPzNE\/MI0ALUEw63Pc3e8E4+F3F2bjw8BGgwKoQfW2Lyfo24WttMks8v8TOzcFnwSxtAPEjoZ8zUo\/uvMNI917Cfo2O2azHoB26EdQTS73RiPZo1210flS1H9TiWVMOwalb\/LRkw8knpierR0b3sF9t1vudCPcllN\/5soJ1f2xf\/Nh\/YJcFGdtYLxK3I0j9\/V6D6fmziCR08\/WOtbeL4EQKrGverdZekDGA7LmHuyhMOxDNE06L4PcioMQclaxuQyq38gf5nWqDn6RoVu3Z41rAgmRlLOnF18QFLOBDph08txavJqEvdWoTP+qDUKSDfYW+QFthsg+Qo+JgOoHCWonB8FWzYEgWi8\/atdiP5WDsg2rwQrr\/NUT1vgk5ZclxAx1\/e54AU9jBsWrS4sUBQQb3bLz2P7PqgURGuoIecGXEI\/hnw109WGsaESCD9fllzvGhKzmyWbTPb1KCFfmfAQpkuHkBytT5BBiBauRp5IEiTD4bjWwk9lHcRP6F3bisGHc+igeU9j62Qa9LX3HabNwo1841nlNNKWPQ+zsvGMqE3e2viT4h\/3LDoe4E1i1FBbi4OzpDPLSJ\/dxPvQ\/+1eGqycUBPOm4aqeSJh4OgXPDJpRHNr7MWnZ\/WfBGq4GZHKyKD4IcFcLwVibRcMQQ7pkbbzEla\/I4\/EdC1pemyTZynZWPszPz4NWCy22jypV\/MHL0PpLsWrMnnU7TRwpsljMYp00akEln5hv5cNWNhrdre4SI+py"} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288741000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02139{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610304703000,"flow_dst_last_pkt_time":1643610304703000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":4416,"flow_dst_tot_l4_payload_len":30419,"midstream":1,"thread_ts_usec":1643610304703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1031032.2,"max":15956000,"stddev":3917522.5,"var":15346982453248.0,"ent":1.0,"data": [2000,15000,3000,0,16000,0,0,0,0,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,15941000,1000,15956000,5000,0,19000,1000,1000]},"pktlen": {"min":40,"avg":1129.2,"max":2944,"stddev":1252.1,"var":1567845.6,"ent":4.0,"data": [1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9]},"directions": [0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0],"entropies": [7.874306679,5.500818253,4.652828693,7.888679028,7.939795017,4.981687069,7.939328194,4.931686878,4.931686878,7.934259415,7.938295841,4.981687069,4.931687355,4.931687355,4.981687069,7.885500431,5.513399124,4.565871716,7.865909100,7.927158833,4.881687164,7.936643124,4.881687164,7.934941769,7.882087708,5.613399506,4.522394180,7.860544682,7.936390877,4.881687641,7.928893089,4.912815094]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1643611942615000} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643612754900000} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1643614758865000} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":46,"packets-processed":45,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1643611942615000} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":76,"packets-processed":75,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1643612754900000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1643614758865000} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":49,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643614758886000,"flow_dst_last_pkt_time":1643614758885000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":11776,"flow_dst_tot_l4_payload_len":101176,"midstream":1,"thread_ts_usec":1643614758886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1643614758886000} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1643614758886000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6954462 bytes -~~ total memory freed........: 6954462 bytes -~~ total allocations/frees...: 114277/114277 +~~ total memory allocated....: 7532058 bytes +~~ total memory freed........: 7532058 bytes +~~ total allocations/frees...: 126008/126008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 4468 chars diff --git a/test/results/default/tls-esni-fuzzed.pcap.out b/test/results/default/tls-esni-fuzzed.pcap.out index 5670fec34..bb3751557 100644 --- a/test/results/default/tls-esni-fuzzed.pcap.out +++ b/test/results/default/tls-esni-fuzzed.pcap.out @@ -1,18 +1,18 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01543{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680387847337,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} -01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01544{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680391590254,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -01474{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} +01543{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01310{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01310{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01311{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":3,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,10 +21,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919932 bytes -~~ total memory freed........: 6919932 bytes -~~ total allocations/frees...: 114175/114175 +~~ total memory allocated....: 7496422 bytes +~~ total memory freed........: 7496422 bytes +~~ total allocations/frees...: 125908/125908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars -~~ json message max len.......: 1509 chars -~~ json message avg len.......: 1066 chars +~~ json message max len.......: 1549 chars +~~ json message avg len.......: 1086 chars diff --git a/test/results/default/tls-rdn-extract.pcap.out b/test/results/default/tls-rdn-extract.pcap.out index c8a6f1058..2c8a4c59f 100644 --- a/test/results/default/tls-rdn-extract.pcap.out +++ b/test/results/default/tls-rdn-extract.pcap.out @@ -1,16 +1,16 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PJAADUGLVrVx5X7CgAAAQG7emnv2LZrZGeGnVAQGJhAQwAAFgMBAEoCAABGAwEAAAAAWuuHTEcV+akd0cdt\/mCIl2W0D3ZsYen8qlKhhyDexkYNJNvmICdLfXfmBpGxedPIi6ruP\/C4V2lgLy7HPwAvABYDARoFCwAaAQAZ\/gAOyDCCDsQwgg2soAMCAQICCmkXyLYACAACTA8wDQYJKoZIhvcNAQEFBQAwgYsxEzARBgoJkiaJk\/IsZAEZFgNjb20xGTAXBgoJkiaJk\/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRcwFQYKCZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQXV0aG9yaXR5MB4XDTExMTAyMTE2NDIwM1oXDTEzMTAyMDE2NDIwM1owggVRMQswCQYDVQQGEwJVUzEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQLEwNHRlMxHjAcBgNVBAMMFSoub2ZmaWNlYXBwcy5saXZlLmNvbTEUMBIGA1UEAwwLKi5tc2Fkcy5uZXQxGTAXBgNVBAMMECouYWRzMi5tc2Fkcy5uZXQxGDAWBgNVBAMMDyouc3RjLnMtbXNuLmNvbTEtMCsGA1UEAwwkY2RuLmRjMmZpbGVzLioubGl2ZWZpbGVzdG9yZS1pbnQuY29tMSAwHgYDVQQDDBdjZG4uKi5saXZlZmlsZXN0b3JlLmNvbTEoMCYGA1UEAwwfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLmNvbTEsMCoGA1UEAwwjKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb20xLTArBgNVBAMMJCoubWFya2V0cGxhY2Uud2luZG93c21vYmlsZS1wZXJmLmNvbTEYMBYGA1UEAwwPKi5zdGoucy1tc24uY29tMRswGQYDVQQDExJhamF4Lm1pY3Jvc29mdC5jb20xJDAiBgNVBAMMGyoubWljcm9zb2Z0LXNicy1kb21haW5zLmNvbTETMBEGA1UEAwwKKi5saXZlLm5ldDESMBAGA1UEAwwJKi5tc24uY29tMRYwFAYDVQQDDA0qLm1zbi1pbnQuY29tMSMwIQYDVQQDDBoqLmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbTEdMBsGA1UEAwwUKi5mMWRzLndseHJzLWludC5jb20xHjAcBgNVBAMMFSouc2hhcmVkLmxpdmUtaW50LmNvbTEaMBgGA1UEAwwRKi5zaGFyZWQubGl2ZS5jb20xGDAWBgNVBAMMDyoubWljcm9zb2Z0LmNvbTETMBEGA1UEAwwKKi5saXZlLmNvbTEXMBUGA1UEAwwOKi5saXZlLWludC5jb20xFDASBgNVBAMMCyoud2x4cnMuY29tMRgwFgYDVQQDDA8qLndseHJzLWludC5jb20xFzAVBgNVBAMMDiouc3Qucy1tc24uY29tMRgwFgYDVQQDDA8qLnN0Yi5zLW1zbi5jb20xKTAnBgNVBAMTIGltYWdlcy5tb3h5LndpbmRvd3NwaG9uZS1pbnQuY29tMRkwFwYDVQQDDBAqLndseHJzdS1pbnQuY29tMSwwKgYDVQQDEyNpbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUtaW50LmNvbTEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLmNvbTEVMBMGA1UEAwwMKi5qcC5tc24uY29tMRswGQYDVQQDDBIqLmMzc2NzLmpwLm1zbi5jb20xGDAWBgNVBAMMDyouYXNwbmV0Y2RuLmNvbTEWMBQGA1UEAwwNKi5ob3RtYWlsLmNvbTEqMCgGA1UEAwwhKi5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY28="} -01447{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":1460,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":1460,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PRAADUGLVjVx5X7CgAAAQG7emnv2MHTZGeGnVAQGJhsRwAALXBjLndpbmRvd3NwaG9uZS1pbnQuY29tghYqLm1hbmFnZS5taWNyb3NvZnQuY29tMB0GA1UdDgQWBBR3cTg6hCQojXMJJ5D1bQIhPIcNAjAfBgNVHSMEGDAWgBQIQuPbThFm87UIxUDbVXwzRhGDODCCAQoGA1UdHwSCAQEwgf4wgfuggfiggfWGWGh0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcmyGVmh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoOCkuY3JshkFodHRwOi8vY29ycHBraS9jcmwvTWljcm9zb2Z0JTIwU2VjdXJlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDgpLmNybDCBvwYIKwYBBQUHAQEEgbIwga8wXgYIKwYBBQUHMAKGUmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcnQwTQYIKwYBBQUHMAKGQWh0dHA6Ly9jb3JwcGtpL2FpYS9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoOCkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQowJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAzjHSjzBBboE6Hf63YDAZ0eEE3Fr233P7k1evyql\/LmafHbV8kz4aMun+H+VIZeRM5Bql9x7WpjwQDS+J+smj4QnJo\/6ntdr3MlGPRoDRdkfFG7SosnI\/eCbIu9XuIWOHkZSH4\/9X7izdGgsuT0UnVndeXlHcgDw1ihOLBtxnkosbQSMKCF9\/HjID72MCp56vMoSU+WuvUQXXBr\/LgJr8eUtWe0pS65dkmCZ\/QNCuARDC2VnL+opy23sLHDSC3saZZQ+ZMxgShBWj\/VUrF5JAj8XmonqXVJeNovnT8++jWSd9AcVEkeZAo2TqMC\/26PhofncqN75eWaN2qQf74Z0rNwAGFzCCBhMwggP7oAMCAQICCmEDMzYABQAAADAwDQYJKoZIhvcNAQEFBQAwJzElMCMGA1UEAxMcTWljcm9zb2Z0IEludGVybmV0IEF1dGhvcml0eTAeFw0xMDA1MTkyMjEzMzBaFw0xNDA1MTkyMjIzMzBaMIGLMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MRQwEgYKCZImiZPyLGQBGRYEY29ycDEXMBUGCgmSJomT8ixkARkWB3JlZG1vbmQxKjAoBgNVBAMTIU1pY3Jvc29mdCBTZWN1cmUgU2VydmVyIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqfX5ELzRmCX5Hqq\/WLKNiL9Rzgkcm8zQIQUCK3OApcz3EMWC2IbKi4PDNj+XOdPOnDee3y\/snLw24k4jxCcNhft1v3m1\/1J294AOuWXbdvz+RBBPC7Q71vXyYPt443QRNUZxuQACc4uBrDlm0cMTU1ScVGHudzpMoDEXlBga\/Tjkaixb4AUwW5OJy3YCmzylKaksVTJ7ZBDUD4L5vngUkaWmqoT3HH6G2BvifvydbGkisQ5DY1QAjQTXD9cJsgHLO533WdK3fQxM1qce9aWAv5cIU="} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5UxAADUGLQDVx5X7CgAAAQG7emnv2MeHZGeGnVAQGJhPMQAAiAWJbWaSMKuviDnX1C0Llpx4JK8Aq88JPhOua8Pg4c9gf4tT3ALQ87CGEd69AgMBAAGjggHaMIIB1jASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBQIQuPbThFm87UIxUDbVXwzRhGDODALBgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwgACDAjBgkrBgEEAYI3FQIEFgQUforCnFoyjMJxotlPdXD3qRv2lAUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwHwYDVR0jBBgwFoAUMyHwy\/6ioESS3vY7M9hfAUuXeF0wgaMGA1UdHwSBmzCBmDCBlaCBkqCBj4Y2aHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3JshjRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3Jshh9odHRwOi8vY29ycHBraS9jcmwvbXN3d3coNSkuY3JsMHkGCCsGAQUFBwEBBG0wazA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvbXN3d3coNSkuY3J0MCsGCCsGAQUFBzAChh9odHRwOi8vY29ycHBraS9haWEvbXN3d3coNSkuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQCPwtFc7xQRdxdjBzxMfGja\/oZK4iDMP7AnPdHirMiLSKbkWfc6Bq19UvH2ZWGWISKuaL4vet6zDPXpxd34ZYJdy2w+DDcRdBUJeFW9JhK71pV007z1dgkqat82xI5W1R8g33+CMNdDq2gii2paxZvQnY0LDFCFfsxagAeLA06\/vV9sVg8FqeJUw6XTUlxfTQvdBfhREgMhb5xsl5gqwcERvL0brvvjV19PHwCe4qRR0\/esCTdYpQkh0XLQssGL203cE9FUWE0rwK36Uxk1sRWoQmS37ccfpXmoDTjUUL\/0Wv8v6b8\/fTjl+yAM1E7gLx1FevsoLzFIb8xuXGhC+urICwEw7BAmQjgjqcMZuNlwGmgsksufc+bM\/zMj7ttetX8FWD9QxRwIGPTrL2KqU\/ehzd7j64IcGmdroUynaHFA0WU7QRicSeNx++tNg5PTR+ZkQsu2NRz7NA6hKPuMoacfAShR5XGUN5zcQVt8fuksI2eUnXPfX0B5o42VMMxTFwi8UIbz\/BAZgfz0Wm7z3KKadXvDrKBR7TK2WN9PjpFTatKqG13mU7iJo56JoeMp4LNs6xrMb1qqwuL2HkUp79bCQ7E7rT4m\/IGXXEj9Ylk0ksn7uaHXQgX7GfZ+MvspNNWHZuUEHcg+EPqmePUefd4aOnh83CpxBqMtbwVVI4uQ7wAFFjCCBRIwggR7oAMCAQICBAcnYgIwDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMDA0MTQxODEyMjZaFw0xODA0MTQxODEyMTRaMCcxJTAjBgNVBAMTHE1pY3Jvc29mdCBJbnRlcm5ldCBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC99M0npUrYkBnbsgp7YKROjw6Yo5x8UHbrs0qMnxiw55rFK4KGCSisERIyJvUZ6vC4Z2jFBv30Ga7ZE6DQgScIpnmcBPVIMi42H6trJuyhQ7SdgLBJA+qCSV8FE8Wgg1\/hKvQEGUt+yNqIvLVdA7x4VqHpf8Vq77b\/HQFZtx9TWl\/G+JFtxX1Dkxg="} -03679{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B","blocks":0}}} +03638{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","domainame":"ads1.msads.net","tls": {"version":"TLSv1","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B","blocks":0}}} 01311{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":946681200000000} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6951588 bytes -~~ total memory freed........: 6951588 bytes -~~ total allocations/frees...: 114196/114196 +~~ total memory allocated....: 7529184 bytes +~~ total memory freed........: 7529184 bytes +~~ total allocations/frees...: 125927/125927 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars -~~ json message max len.......: 3684 chars -~~ json message avg len.......: 2077 chars +~~ json message max len.......: 3643 chars +~~ json message avg len.......: 2059 chars diff --git a/test/results/default/tls_1.2_unidirectional_client.pcapng.out b/test/results/default/tls_1.2_unidirectional_client.pcapng.out index cf6be46a5..0a3d49649 100644 --- a/test/results/default/tls_1.2_unidirectional_client.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_client.pcapng.out @@ -1,14 +1,14 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469263977} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469263977} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949469263977,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469263977,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949469263977,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949469263977,"pkt":"CL6sCxduJjb1W8R1CABFAAA8kXxAAEAGMpbAqAyc2DrRKqtOAbtVk\/1OAAAAAKAC\/\/87hgAAAgQFtAQCCApl0zAPAAAAAAEDAwk="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949469272227,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469272227,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kX1AAEAGMp3AqAyc2DrRKqtOAbtVk\/1PP1MFxIAQAKxU8AAAAQEICmXTMBhcKnNd"} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656949469283222,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1656949469283222,"pkt":"CL6sCxduJjb1W8R1CABFAADokX5AAEAGMejAqAyc2DrRKqtOAbtVk\/1PP1MFxIAYAKxxYAAAAQEICmXTMCNcKnNdFgMBAK8BAACrAwOORSBwmf9YknaS9OJI0z+j4jjhz++G5UyjyTr2GDmv3AAACMArwCzAL8AwAQAAegAAACQAIgAAH25vdGlmaWNhdGlvbnMtcGEuZ29vZ2xlYXBpcy5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIB"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949469283222,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469283222,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"notifications-pa.googleapis.com","domainame":"notifications-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3":"66fdcab9689b131fd04777de513ae009","ja3s":"","ja4":"t12d0409h2_dd22d19553a2_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949469283222,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469283222,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"notifications-pa.googleapis.com","domainame":"notifications-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d0409h2_dd22d19553a2_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949469307583,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469307583,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kX9AAEAGMpvAqAyc2DrRKqtOAbtVk\/4DP1MLToAQALFOZwAAAQEICmXTMDtcKnOA"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949469307896,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469307896,"pkt":"CL6sCxduJjb1W8R1CABFAAA0kYBAAEAGMprAqAyc2DrRKqtOAbtVk\/4DP1MQ2IAQALdI1wAAAQEICmXTMDtcKnOA"} 01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1656949469263977,"flow_src_last_pkt_time":1656949480565802,"flow_dst_last_pkt_time":1656949469263977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1862,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949480565802,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"216.58.209.42","src_port":43854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1862,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949480565802} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1862,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949480565802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910190 bytes -~~ total memory freed........: 6910190 bytes -~~ total allocations/frees...: 114157/114157 +~~ total memory allocated....: 7487786 bytes +~~ total memory freed........: 7487786 bytes +~~ total allocations/frees...: 125888/125888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars -~~ json message max len.......: 1410 chars -~~ json message avg len.......: 981 chars +~~ json message max len.......: 1369 chars +~~ json message avg len.......: 960 chars diff --git a/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out b/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out index a59ef0766..fc1de2460 100644 --- a/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_client_no_cert.pcapng.out @@ -1,14 +1,14 @@ -00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592153034} +00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592153034} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592153034,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592153034,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655389592153034,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655389592153034,"pkt":"CL6sCxduJjb1W8R1CABFAAA8LQBAAEAGfq\/AqAycrEMVhZwWAbuIMgssAAAAAKAC\/\/9bCQAAAgQFtAQCCAoQnRwbAAAAAAEDAwk="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655389592207546,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592207546,"pkt":"CL6sCxduJjb1W8R1CABFAAAoLQFAAEAGfsLAqAycrEMVhZwWAbuIMgstwx6+DVAQAKxtvgAA"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1655389592208489,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655389592208489,"pkt":"CL6sCxduJjb1W8R1CABFAAItLQJAAEAGfLzAqAycrEMVhZwWAbuIMgstwx6+DVAYAKy7+AAAFgMBAgABAAH8AwNMe0pOfKDgGGEcKmNZultSywyxCFzaSXJC5Yc2T4k18yCMccSHTLc6u77I7rKgloPHXem\/eIollts0D\/kX46bregAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAASABAAAA1zYi5hZHRpZHkub3JnABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAwMdswymTtNyKpgmoigvFmzas05foxOlAf46HdKjLpI7ryS5G\/fjyZZCMrfFLU0CKp+nR5JlUacAjgqyjEKSAojpQD4nZBH\/RcPkFpM4o1XkBTYzO0z3tOCW1sEaDv\/XFS\/CGCDHolYAeRPZVcLHILuATKNkwsKfvc7c7sVBnbTNljb5j5iRSsBNarLQyQkhGKEOWoi3r1dbxtraDne1N4BdF8Deedzd8qkwF4D76hm2ZOz9nSjCrgIxlxoJki2kNmQAQAAsACQhodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACC99ZQOOiLagtJWG3C4EOH9sqNDaCC1g7DmUNmoAJ8laQAtAAIBAQArAAkIAwQDAwMCAwEAFQArAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592208489,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592208489,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sb.adtidy.org","domainame":"sb.adtidy.org","tls": {"version":"TLSv1.2","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592208489,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592208489,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sb.adtidy.org","domainame":"sb.adtidy.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655389592250074,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592250074,"pkt":"CL6sCxduJjb1W8R1CABFAAAoLQNAAEAGfsDAqAycrEMVhZwWAbuIMg0ywx6+r1AQAKxrFwAA"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655389592255139,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1655389592255139,"pkt":"CL6sCxduJjb1W8R1CABFAABbLQRAAEAGfozAqAycrEMVhZwWAbuIMg0ywx6+r1AYAKxWUQAAFAMDAAEBFgMDACgAAAAAAAAAAAHqNiA\/AZp+DK3ZaLmgyUaCAFQqANlaQ7IRek9VkVX6"} 01114{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655389592153034,"flow_src_last_pkt_time":1655389592454103,"flow_dst_last_pkt_time":1655389592153034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592454103,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"172.67.21.133","src_port":39958,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00873{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592454103} +00873{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_client_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592454103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910014 bytes -~~ total memory freed........: 6910014 bytes -~~ total allocations/frees...: 114151/114151 +~~ total memory allocated....: 7487610 bytes +~~ total memory freed........: 7487610 bytes +~~ total allocations/frees...: 125882/125882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars -~~ json message max len.......: 1415 chars -~~ json message avg len.......: 982 chars +~~ json message max len.......: 1374 chars +~~ json message avg len.......: 962 chars diff --git a/test/results/default/tls_1.2_unidirectional_server.pcapng.out b/test/results/default/tls_1.2_unidirectional_server.pcapng.out index 7a3f26b47..9c3cbd723 100644 --- a/test/results/default/tls_1.2_unidirectional_server.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_server.pcapng.out @@ -1,15 +1,15 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469270147} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949469270147} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469270147,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469270147,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949469270147,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949469270147,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8RzAAAHgGhGLYOtEqwKgMnAG7q04\/UwXDVZP9T6AS\/\/8m9gAAAgQFlgQCCApcKnNdZdMwDwEDAwg="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949469289435,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949469289435,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0RzYAAHgGhGTYOtEqwKgMnAG7q04\/UwXEVZP+A4AQAQVTxAAAAQEIClwqc3Fl0zAj"} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656949469305633,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1656949469305633,"pkt":"Jjb1W8R1CL6sCxduCABFgAW+Rz4AAHgGftLYOtEqwKgMnAG7q04\/UwXEVZP+A4AQAQXJLAAAAQEIClwqc4Bl0zAjFgMDAEgCAABEAwNiwwrdHSGVJBcOnHDjURL11x8Z6tKeqaZET1dOR1JEAQDAKwAAHAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIWAwMRJwsAESMAESAABhcwggYTMIIE+6ADAgECAhEAqpvy2VcJP3ES7+QrUmQDbjANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMjA2MDYwOTE3NTlaFw0yMjA4MjkwOTE3NThaMCIxIDAeBgNVBAMTF3VwbG9hZC52aWRlby5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjZvciFYYqKY36U\/mduLgZGs11NHdJBecfyYF4bg1giNxkvoEAEgrekhz6ukqZCGyRjGQuLEvh9uSybcRCNdmNKOCA+kwggPlMA4GA1UdDwEB\/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQZVQeRxIX1R0onD08AZvfyeyoZfDAfBgNVHSMEGDAWgBSKdH+vhc3ulc09nNDiRhTzcTUdJzBqBggrBgEFBQcBAQReMFwwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFjMzAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMWMzLmRlcjCCAZgGA1UdEQSCAY8wggGLghd1cGxvYWQudmlkZW8uZ29vZ2xlLmNvbYIUKi5jbGllbnRzLmdvb2dsZS5jb22CESouZG9jcy5nb29nbGUuY29tghIqLmRyaXZlLmdvb2dsZS5jb22CEyouZ2RhdGEueW91dHViZS5jb22CECouZ29vZ2xlYXBpcy5jb22CEyoucGhvdG9zLmdvb2dsZS5jb22CFyoueW91dHViZS0zcmQtcGFydHkuY29tghF1cGxvYWQuZ29vZ2xlLmNvbYITKi51cGxvYWQuZ29vZ2xlLmNvbYISdXBsb2FkLnlvdXR1YmUuY29tghQqLnVwbG9hZC55b3V0dWJlLmNvbYIfdXBsb2Fkcy5zdGFnZS5nZGF0YS55b3V0dWJlLmNvbYIVYmctY2FsbC1kb25hdGlvbi5nb29nghtiZy1jYWxsLWRvbmF0aW9uLWFscGhhLmdvb2eCHGJnLWNhbGwtZG9uYXRpb24tY2FuYXJ5Lmdvb2eCGWJnLWNhbGwtZG9uYXRpb24tZGV2Lmdvb2cwIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0bWsuY3JsMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAGBOIV99wAABAMARzBFAiBS7BBkK+RSHSVS69I0ImxnTWNzE9wfhN+oZ3Sn2roPHwIhAKzg8HS3TXN94lLY0GPFLc4I2Li7WrJSH92miEDUD+rMAHcAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAGBOIV+BgAABAMASDBGAiEAqr1VpE1mmeFb6D0XVHNp1zNEkcBZQFAlKUbIXxYklPACIQDzUVnnDEz4P2KNaPc2GRy6G1RbO58GktP\/E5G64DC+vzANBgkqhkiG9w0BAQsFAAOCAQEAbXEzUDPuF2e0OJyLbx1xOPHUFbxBZgw="} -01260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469305633,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1418,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469305633,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469305633,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1418,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469305633,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949469305685,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1656949469305685,"pkt":"Jjb1W8R1CL6sCxduCABFgAW+Rz8AAHgGftHYOtEqwKgMnAG7q04\/UwtOVZP+A4AQAQUFEQAAAQEIClwqc4Bl0zAjIlstsmCFgZ31PsJW9B7AODKIveOsfWNxY7PWvR63idgGORZYI6NM3euLfUjXF1C\/J9wmPnLV2FTcNY6wY3DvmzcPouk\/a0A+FESBNoeAyGuaWO6zx3+S5kmIIkWihGxKIBv3MjWpmpMn+X8z6FuCtbI1OtHLrGGLj+YPozTp3g58ATStWwThTfJBPtq5JTqALrEXKjRt1WmhUApcXZfVV9cKiWxzzEz4TZKi2PtejCsIgYURzzUG9+4Hcs4KIInpuYTdu6zLbGzLdubU\/3nFVT3I0avxNJ0Ew159ocwDIkk8xPTnHeouKEsABZowggWWMIIDfqADAgECAg0CA7xTWWs0xxj1AVBmMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRQwEgYDVQQDEwtHVFMgUm9vdCBSMTAeFw0yMDA4MTMwMDAwNDJaFw0yNzA5MzAwMDAwNDJaMEYxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRMwEQYDVQQDEwpHVFMgQ0EgMUMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Yjf52KMHjf4N0KQf2yH0PtlgiX96MtrpP9t6Voj4pn2HOmSA5kTfAkKivpC1l5WJKp6M4Qf0elpu7l07FdMZmiTdzdVU\/45EE23NLtfJXc3OxeU6jzlndW8w7RD6y6nR++wRBFj2LRBhd1BMEiTG7+39uBFAiHglkIXz9krZVY0ByYEDaj9fcou7+pIfDdNPwCfg9\/vdYQueVdc\/FduGpb\/\/Iyappm+Jdl\/liwG9xEqAoCA62MYPFBJh+WKyl8ZK1mWgQCg+1HbyncLC8mWT+9wScdcbSD9mbS04soud\/0t3Au2axMMjBkrF5aYufCL9qAnu7bjjVGPva7Hm7GJnQIDAQABo4IBgDCCAXwwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSKdH+vhc3ulc09nNDiRhTzcTUdJzAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO\/wiRNxPjBoBggrBgEFBQcBAQRcMFowJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5nb29nL2d0c3IxMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHNyMS5kZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5wa2kuZ29vZy9ndHNyMS9ndHNyMS5jcmwwVwYDVR0gBFAwTjA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAgEAiX2sIFwMPL6aqFeVG7Su+qulcnG0NpX930ARA0zCRhS7FCSr8FBxItutxG5\/z\/Fqb8iDG9jOiV+HbIe4qQyjm6FilJOV31uuZhkLApae\/LXnEGk+estGSV9G4UGx15hNZTQAgBo\/T59sf0kAgVNBpJIhgoIa8aNEWypQEhNNwVM280IIr1T6jndTG2Q4JxcJvVjJG3w5LVvzztTtl9sUA78JUyQfwgwEeZgm8mHxU1L9QowbZis\/FaG7\/\/ab44GaAQZxiTUoJN3hvesZLeFIyz1Zg1G0dMadfMaxhluvzDTE08zUgRGVAKH0EiIB+rSDca+Mt4xzJKw3U8IAkD8R\/lztNpQ="} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949469305704,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1656949469305704,"pkt":"Jjb1W8R1CL6sCxduCABFgAW+R0AAAHgGftDYOtEqwKgMnAG7q04\/UxDYVZP+A4AYAQVR6AAAAQEIClwqc4Bl0zAjEDu9Ka7ixzpiO2xj2YC\/WXGsYye5TBeg2vZzFb8q3o\/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjOz23HFtz30dZGm6fKa+l3D\/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJGAJ2xDx8hcFH1mt0G\/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz\/OAipmsHMdMqUybDKwjuDEI\/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl1IXNDw9bg1kWRxYtnCQ6yICmJhSFm\/Y3m6xv+cXDBlHz4n\/FsRC6UfTdAAVmMIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ\/E8FjTDTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYxOTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y\/lD63ladAPKH9gvl9MgaCcfb2jH\/76Nu8ai6Xl6OMS\/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs\/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI\/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK\/GP5Afl4\/Xtcd\/p2h\/rs37EOeZVXtL0m79YB0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6TKX\/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy\/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ\/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO\/wiRNxPjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo\/\/z9SzBgBggrBgEFBQcBAQRUMFIwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUHMAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAyMAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIFAwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9NR3t5P+T4Vxfq7s="} -01894{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469305720,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469305720,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.youtube-3rd-party.com,upload.google.com,*.upload.google.com,upload.youtube.com,*.upload.youtube.com,uploads.stage.gdata.youtube.com,bg-call-donation.goog,bg-call-donation-alpha.goog,bg-call-donation-canary.goog,bg-call-donation-dev.goog","notafter":"2022-08-29 09:17:58","ja3":"","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=upload.video.google.com","negotiated_alpn":"h2","fingerprint":"A9:8F:37:B3:54:4F:D0:01:B7:8D:0F:88:21:37:4A:EB:F7:E3:D3:F2","blocks":0}}} +01852{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469305720,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469305720,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.youtube-3rd-party.com,upload.google.com,*.upload.google.com,upload.youtube.com,*.upload.youtube.com,uploads.stage.gdata.youtube.com,bg-call-donation.goog,bg-call-donation-alpha.goog,bg-call-donation-canary.goog,bg-call-donation-dev.goog","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=upload.video.google.com","negotiated_alpn":"h2","fingerprint":"A9:8F:37:B3:54:4F:D0:01:B7:8D:0F:88:21:37:4A:EB:F7:E3:D3:F2","blocks":0}}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1656949469270147,"flow_src_last_pkt_time":1656949469704772,"flow_dst_last_pkt_time":1656949469270147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6022,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949469704772,"l3_proto":"ip4","src_ip":"216.58.209.42","dst_ip":"192.168.12.156","src_port":443,"dst_port":43854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1656949469704772} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1656949469704772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924926 bytes -~~ total memory freed........: 6924926 bytes -~~ total allocations/frees...: 114179/114179 +~~ total memory allocated....: 7502522 bytes +~~ total memory freed........: 7502522 bytes +~~ total allocations/frees...: 125910/125910 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 570 chars ~~ json message max len.......: 2494 chars diff --git a/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out b/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out index 00fc516c0..ff082377a 100644 --- a/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out +++ b/test/results/default/tls_1.2_unidirectional_server_no_cert.pcapng.out @@ -1,14 +1,14 @@ -00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592192414} +00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655389592192414} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592192414,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592192414,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655389592192414,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655389592192414,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0AABAADMGuLesQxWFwKgMnAG7nBbDHr4MiDILLYAS+vAy3AAAAgQFeAEBBAIBAwMO"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655389592248391,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592248391,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJuVAADMGkd6sQxWFwKgMnAG7nBbDHr4NiDINMlAQAARsYQAA"} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1655389592248416,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1655389592248416,"pkt":"Jjb1W8R1CL6sCxduCABFAADKJuZAADMGkTusQxWFwKgMnAG7nBbDHr4NiDINMlAYAASwXQAAFgMDAGoCAABmAwNiqz2YWoCEl3D4tHP\/MVqCrYrpKVTxeVMhkYR1wD6E5CCMccSHTLc6u77I7rKgloPHXem\/eIollts0D\/kX46bresArAAAeABcAAP8BAAEAAAsAAgEAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACgAAAAAAAAAAGE\/SF\/syQgSLgkbA3sSxHH7QmjuH6W2s1Av0Avpy49k"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592248416,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":162,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592248416,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"http\/1.1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592248416,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":162,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592248416,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655389592294804,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592294804,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJudAADMGkdysQxWFwKgMnAG7nBbDHr6viDINZVAQAARrjAAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655389592336100,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655389592336100,"pkt":"Jjb1W8R1CL6sCxduCABFAAAoJuhAADMGkdusQxWFwKgMnAG7nBbDHr6viDIO61AQAARqBgAA"} 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655389592192414,"flow_src_last_pkt_time":1655389592493255,"flow_dst_last_pkt_time":1655389592192414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655389592493255,"l3_proto":"ip4","src_ip":"172.67.21.133","dst_ip":"192.168.12.156","src_port":443,"dst_port":39958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1426,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592493255} +00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_1.2_unidirectional_server_no_cert.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1426,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1655389592493255} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909960 bytes -~~ total memory freed........: 6909960 bytes -~~ total allocations/frees...: 114149/114149 +~~ total memory allocated....: 7487556 bytes +~~ total memory freed........: 7487556 bytes +~~ total allocations/frees...: 125880/125880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars -~~ json message max len.......: 1282 chars -~~ json message avg len.......: 914 chars +~~ json message max len.......: 1273 chars +~~ json message avg len.......: 910 chars diff --git a/test/results/default/tls_1.3_unidirectional_client.pcapng.out b/test/results/default/tls_1.3_unidirectional_client.pcapng.out index 981762418..2e40b3698 100644 --- a/test/results/default/tls_1.3_unidirectional_client.pcapng.out +++ b/test/results/default/tls_1.3_unidirectional_client.pcapng.out @@ -1,14 +1,14 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481728614} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481728614} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481728614,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481728614,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949481728614,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949481728614,"pkt":"CL6sCxduJjb1W8R1CABFAAA8eAdAAEAGrjHAqAycjvq4RJtGAbtwW5KhAAAAAKAC\/\/9eLgAAAgQFtAQCCAr+HzcuAAAAAAEDAwk="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949481737014,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481737014,"pkt":"CL6sCxduJjb1W8R1CABFAAA0eAhAAEAGrjjAqAycjvq4RJtGAbtwW5Ki80vO8YAQAKwcfgAAAQEICv4fN0H6OrM2"} 01324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656949481742226,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":630,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":630,"pkt_l4_len":596,"thread_ts_usec":1656949481742226,"pkt":"CL6sCxduJjb1W8R1CABFAAJoeAlAAEAGrAPAqAycjvq4RJtGAbtwW5Ki80vO8YAYAKxDKAAAAQEICv4fN0b6OrM2FgMBAi8BAAIrAwPTol15Ye7ueRnNYUvYsPY9Wm+MbKTeGCi9oFT5VvGvJCBpHOIBNvi8KKcKM+fvOMAbgh5LqzuHddRpF4neucp4FAAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAcAAAAATABEAAA53d3cuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAg3QXJ806VYbh7M66ZUyBOnN8XpNcfviwb9mMPmNUE5D4ALQACAQEAKwAJCAMEAwMDAgMBACkBGQD0AO4BwQkvzy5VZtqmOD9Tn1Wt64hh6BPL2wjRKu0HnrWE+kUe6HVwH++B+i2vorHKYAA1plJNzKu7kHelfo+CRKbgWNIendHvN785DuS1UdXafC4uky14qkLhpRbNzmb5mYkovLjfq7cBhGboaZTH2YaWIgghy\/rFQoYoaYjfXAb2AGZ7k0C0GNwspETwWHeQiLbZQ\/GmPJxryE0NPjUp2ZUyJMsc92lx8xZo6x9haBdZVvMkRC7ZWDyscBGNAOvJlB6qalTd3I46ygJ0pJzDKHyMpL31uXX4DncrzsF8PKdHG2eKBfiO1nURmmXAREJz55fF4wAhIJHkL+ITYBZToeXnlbem\/JOL33G1HI6mFQ6RrsZUV2JZ"} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481742226,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":564,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":564,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481742226,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3":"c67e9dc27d283f1f89b4ebb4b4670c21","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481742226,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":564,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":564,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481742226,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","domainame":"www.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713ht_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949481767911,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481767911,"pkt":"CL6sCxduJjb1W8R1CABFAAA0eApAAEAGrjbAqAycjvq4RJtGAbtwW5TW80vPy4AQAK4ZMQAAAQEICv4fN2D6OrNU"} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949481771419,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1656949481771419,"pkt":"CL6sCxduJjb1W8R1CABFAAB0eAtAAEAGrfXAqAycjvq4RJtGAbtwW5TW80vPy4AYAK7\/zQAAAQEICv4fN2T6OrNUFAMDAAEBFwMDADU2T0t2AElxo\/Anpd0+OP0c8HeptmhgzRsgsC93f4R0i9hqd0JFuQkCXfoK7TiZ0rbPid+YdQ=="} 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1656949481728614,"flow_src_last_pkt_time":1656949481798742,"flow_dst_last_pkt_time":1656949481728614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":564,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":886,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481798742,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.184.68","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481798742} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_client.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481798742} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909985 bytes -~~ total memory freed........: 6909985 bytes -~~ total allocations/frees...: 114150/114150 +~~ total memory allocated....: 7487581 bytes +~~ total memory freed........: 7487581 bytes +~~ total allocations/frees...: 125881/125881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars -~~ json message max len.......: 1423 chars -~~ json message avg len.......: 990 chars +~~ json message max len.......: 1382 chars +~~ json message avg len.......: 970 chars diff --git a/test/results/default/tls_1.3_unidirectional_server.pcapng.out b/test/results/default/tls_1.3_unidirectional_server.pcapng.out index 27eab950b..31cc11e88 100644 --- a/test/results/default/tls_1.3_unidirectional_server.pcapng.out +++ b/test/results/default/tls_1.3_unidirectional_server.pcapng.out @@ -1,14 +1,14 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481735174} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656949481735174} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481735174,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481735174,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656949481735174,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656949481735174,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8KqgAAHgGAxGO+rhEwKgMnAG7m0bzS87wcFuSoqAS\/\/\/ujQAAAgQFlgQCCAr6OrM2\/h83LgEDAwg="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656949481748657,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481748657,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0Kq0AAHgGAxSO+rhEwKgMnAG7m0bzS87xcFuU1oAQAQUZ3wAAAQEICvo6s0P+HzdG"} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656949481762948,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_usec":1656949481762948,"pkt":"Jjb1W8R1CL6sCxduCABFgAEOKq4AAHgGAjmO+rhEwKgMnAG7m0bzS87xcFuU1oAYAQWvSgAAAQEICvo6s1T+HzdGFgMDAIACAAB8AwPFdBezpyZ8GeFDFEe\/VxkY\/EY+KimSxj0iQQVO+0kZUCBpHOIBNvi8KKcKM+fvOMAbgh5LqzuHddRpF4neucp4FBMBAAA0ACkAAgAAADMAJAAdACDMTHpJJ+bDtG3n+ds53atZrbXodiEyFaHEG\/A1sqzKTgArAAIDBBQDAwABARcDAwBKd3zsDveLqhSbHuxwFSCqTC9oOWMia69a6m77b5Vy3O15I1FURyP6XjZGGfPc1A6K3p1LisG9ylhUxOMFlG\/8OheXXdrSfyYoTWw="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481762948,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481762948,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.3","ja3":"","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481762948,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481762948,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","blocks":0}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656949481783540,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481783540,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0KrYAAHgGAwuO+rhEwKgMnAG7m0bzS8\/LcFuVFoAQAQUYhAAAAQEICvo6s2b+Hzdk"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656949481792511,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656949481792511,"pkt":"Jjb1W8R1CL6sCxduCABFgAA0KroAAHgGAweO+rhEwKgMnAG7m0bzS8\/LcFuWAIAQAQkXgAAAAQEICvo6s2\/+Hzdx"} 01102{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1656949481735174,"flow_src_last_pkt_time":1656949481804763,"flow_dst_last_pkt_time":1656949481735174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656949481804763,"l3_proto":"ip4","src_ip":"142.250.184.68","dst_ip":"192.168.12.156","src_port":443,"dst_port":39750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481804763} +00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_1.3_unidirectional_server.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1656949481804763} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909922 bytes -~~ total memory freed........: 6909922 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7487518 bytes +~~ total memory freed........: 7487518 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars -~~ json message max len.......: 1224 chars -~~ json message avg len.......: 890 chars +~~ json message max len.......: 1215 chars +~~ json message avg len.......: 886 chars diff --git a/test/results/default/tls_2_reasms.pcapng.out b/test/results/default/tls_2_reasms.pcapng.out index 320989bba..18bd96a74 100644 --- a/test/results/default/tls_2_reasms.pcapng.out +++ b/test/results/default/tls_2_reasms.pcapng.out @@ -1,15 +1,15 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052958270296} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052958270296} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052958270296,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052958270296,"pkt":"AAAAAAAAAAgAHsfjCABFAAA8AABAAFkGPQnAW7quGYlQIAG7lPYStl7aMwcmoaAS\/\/+mFwAAAgQFcAQCCAqXmyQsjJgTHgEDAwg="} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958421275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1639052958421275,"pkt":"AAAAAAAAAAQAaxhhCABFAAHI7AFAAD8GaXsZiVAgwFu6rpT2AbszByahErZe24AYAVd0fQAAAQEICoyYE\/2XmyQsFgMBAY8BAAGLAwMAlXJSyLbTWNrF02NSj28hHamky0L5wCYQnHUCL\/6z3iD5LhfBzVNFGwCCqzHgNKOymBfZ7K0vIQElpPRSPY852QAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgECxpEscXa0pzp0dwcj2NsRSDz0wt8A5bNiy0soe+2RYADQAKAAgEAwUDBgMIBAAAABQAEgAAD2kuaW5zdGFncmFtLmNvbQAQABQAEgJoMgVoMi1mYghodHRwLzEuMQAtAAMCAQAAKgAAACkAsgCNAIeEDo4Sq5aYEoWVI9gb5X7lsbxoLQQbqHnFpnF8aI1WLwAAAADufwuTcgHc7lYZ8SVlha1U3Zkr0Vd9xmvbgpohpkFSNMLDIZ8FmR2pTMB4b2CxLJGFEpspmoijBCvKQSfpFOQOBLhObW1gKrl6AV8Y7rEcYgAxc577AZrXxt9LdTNXMRicjW5cSz1JACEgle78vT7B+RG\/cD3MjAcV8pXx7rRg8Vriehdr1EpDdxs="} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958421275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1639052958421275,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","domainame":"i.instagram.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309h2_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958421275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1639052958421275,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","domainame":"i.instagram.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309h2_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639052958436332,"pkt":"AAAAAAAAAAQAaxhhCABFAAV47AJAAD8GZcoZiVAgwFu6rpT2AbszByg1ErZe24AQAVepZAAAAQEICoyYFAKXmyQsFAMDAAEBFwMDB1O1YvAjmAVvFYPaIz9rOWdMaG6+gx7Iqcu3ciBuQrL7wU6zVYSD2azoYGbl1kCIMEXgSIQDQ\/uKW3p++axDcf7O6xXEY9PnUcyYeZEoSBPJcHy\/kHoxV+BATYToX008kaB6yckdAEy8rCGzF9oWhDc9vIuadxTlf17oP6tHEM1VholXosfHCNm0IuiTMOZSNZyCOUwcS8y5Zr5NOEEmfj\/RQRrxAuWdtlkg4mTMEJAxEInXlWdtEyMHhzIViIZhHCJto\/WcWHy8S\/UwAjTmzUFzro2LhnAffuLyvY1Ia4Cgq0O0SXECLa0gpkerElFHOqANB0gRjKEcTGVdVwudVKtcyKJuLavDs7jhmNPiVZrU7Rr+LpHa+UbMRWLe9Od0e7uCURWI2udH8cobA1i2uTE4PC0vq\/c49tTe6m1Z64XBvIf5Y5ZtK5Azk5WARq6J5UcG7GMfN3rqLeXQZcsuyQBF2F4\/JXW7YZbVv6cv5jF8aOpJxliTwHdpcuzO+iuEDn\/hDjXRobfqGfc9c+oecKiE59ZYclMNc67j0Kc5N4JTEbiaw988SjsW\/Nd+8RMo1+q87OtvjtSIGN7qEA5L8Sbb+I0Z2ncJzEPIUYHALorxagYGfrtIDZtDN\/q7vfCPB3QjT5njGmmzlSqYpPaCR3Ui79E6K0FO+Dv495jFoAworuP4R7kpMSpCKmydSF\/NWiAptGPRjD4RJk8X0Sjgv01EZqTDsUK1lyxRxA5nwUxACFDiTaJ\/\/IG5IReccY0YjMbDlq9WvDpjVFlp1iqxzRUoF1lsfih3w9Bm1L5e1f2QLCz9CqVy5p7ixAjH+UGSJS3uol8WB\/4Y2RjILC5UFgvJHyhg+lgMuC5bQuDo420um\/ZIazWaPioGzFA1moJiQ6zfp5iSh\/gMVOAFMWulxj58w5jD5W41vtacLuH6rAaHW6hnGOyWEVpQJR0VdY\/dK\/ch+R\/vEWwAqQHvk0WZyOd2Mc73bhGmnbSwAJeiqrkIGivSeWGMygzhCMcdXj92wOeorl5iiyRG2RB7i4uAz09YI+ZO\/3zQ10aUKwiXePbkhzOyWRlMTnsyXHvm3yluSfYMYjQVxAG0bsEIJc+iBkakJClFruqIMzdU+FwLPlzK7UMX1ddJFgMnURlTMSo40rTETmPiRxqBCIz9kL6HQjPsD0vQMWQ1IR2ugdMM+OGoGPbVTfnp2pi0EBuOBbWxeJ494BT60CtOgkfHM8oOT36\/i+H6wplklBFpReKeNG821t0cc4iBiXiI9IqWa6C9ZGD1sZ1f7NDLzfGMchhGIW+\/Aj4gQxnr+rNjFr5DbP4ERmjlhCa+PvBjn5UHOy\/PYrlxIsvfO7072\/itk0ywNjyLXfsQcHEfSqV81O9NUP33dUoQPSA1Gc6nSrYIa0ysYqhg5LJu\/bQG4cGD+E9h6fdmOkmWaZjArX3F7bag30oGMFWKWs4GGdTZxQg0Eyy+ChnFBtEO+VzpK+2RcLvPcIg\/nlicthUP8MljQOvTQ0x48AswmIpzX6sktS3FVU6IZCXi3Ctm0h8w1kQ0dS7nwxt+Kyx1\/lM9vblmQ3R5FE4dlvrkQVtm8vhWW6O9EtewzqzuLWNHi7CJbLjnsq3eueLEvf0uEsodJBQg+R5NSwb615AoGG2YZ80D08zVyD8vJ9NX8RH1KkW08+ZOd28NIz9psJrqsV\/kuZ208vVJBYnAtY7WBhRT3rMQLmQHXapWIfUguC1SVplU1nrQE1BZSXNd2SdKAQcyWC3XPm2H1g0HZo1UhbN7TB2oww=="} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639052958440022,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1639052958440022,"pkt":"AAAAAAAAAAgAHsfjCABFAAEMncpAAFkGnm7AW7quGYlQIAG7lPYStl7bMwcoNYAYAQUB5gAAAQEICpebJNWMmBP9FgMDAIACAAB8AwOh0RhwdtZzQRJqaArDvh+i27bVONJsz2iIhPNly1m5GCD5LhfBzVNFGwCCqzHgNKOymBfZ7K0vIQElpPRSPY852RMBAAA0ACsAAvsaADMAJAAdACB8gz0cXkLPkFoLODjw05r6hTp2Sjt7uinhsxF8cQ09cAApAAIAABQDAwABARcDAwBItFrWOrbdU5EzOCIn3wLjG\/LVLcKuw4b0SjHw1Y+Np4ym+OQ6Nxs4gIDlI63fclFESZGB0jA\/RnD3ySc7hUPmHlMhbq188T1U"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958440022,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1752,"midstream":0,"thread_ts_usec":1639052958440022,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","domainame":"i.instagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958440022,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1752,"midstream":0,"thread_ts_usec":1639052958440022,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","domainame":"i.instagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052958440086,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1639052958440086,"pkt":"AAAAAAAAAAgAHsfjCABFAACEnctAAFkGnvXAW7quGYlQIAG7lPYStl+zMwcoNYAYAQVfGQAAAQEICpebJNaMmBP9FwMDAEsVFAAoT9R4PGUK6JrmQv\/2lo7Dahbke\/2rvVxk1LkuGDP3Y8z\/sO7TJHJKOoOMuj6Phx3KHeI4aO8E3Ijyz4MTDLUa8BC7ydQgDY8="} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":3,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052959221756,"flow_dst_last_pkt_time":1639052958885962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":3685,"flow_dst_tot_l4_payload_len":2290,"midstream":0,"thread_ts_usec":1639052959221756,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052959221756} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052959221756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924747 bytes -~~ total memory freed........: 6924747 bytes -~~ total allocations/frees...: 114159/114159 +~~ total memory allocated....: 7502343 bytes +~~ total memory freed........: 7502343 bytes +~~ total allocations/frees...: 125890/125890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2386 chars -~~ json message avg len.......: 1466 chars +~~ json message avg len.......: 1465 chars diff --git a/test/results/default/tls_2_reasms_b.pcapng.out b/test/results/default/tls_2_reasms_b.pcapng.out index 3da5e0edc..acd8bdd26 100644 --- a/test/results/default/tls_2_reasms_b.pcapng.out +++ b/test/results/default/tls_2_reasms_b.pcapng.out @@ -1,15 +1,15 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052962482663} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052962482663} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052962482663,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052962482663,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zceQAAAgQFcAQCCAq\/P97mAJHwdAEDAwg="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052963485255,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zYjwAAAgQFcAQCCAq\/P+LQAJHwdAEDAwg="} 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052963506941,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"thread_ts_usec":1639052963506941,"pkt":"AAAAAAAAAAQAaxhhCABFAAHXN0RAAD8GtkjE6qXYWA6Jw5MaAbtLIsc2KBVEuYAYBVlooQAAAQEICgCR8Nu\/P97mFgMBAZ4BAAGaAwOwXGKuy9fQEywJtLrK9Q4WQEOXFgg7F02Duwho7RCZXiCbv0ACoTPxsYE+8Du\/oovylIsJjYgk88YoxhddfiCfjAAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAghXe\/1emANHV3tGh1svOLmeTuQfd0XCUvyDRNsJ78jS4ADQAKAAgEAwUDBgMIBAAAACAAHgAAG3ZpZGVvLmZtY3QyLTMuZm5hLmZiY2RuLm5ldAAQAAsACQhodHRwLzEuMQAtAAMCAQAAKgAAACkAvgCZAJNCNsoHdh+QE43suoKzTbbejW9fn+1JNMqA2dA1EXAjWwAAAABhddLBWO3EI8Vv9oMcTjuPqfg+AALBy+E6qurJ1EhLlI8LgQjFmRiop6Tp71FIRYIpYE7QdcVAaEAo6sS2jjywif7hR\/lFJhzPOP5PENPXf8esTMtArSSXVBJZ6fsAwEkYzx75kWqtXVkcdHQ4EYgp2eInACEg5GwbYSuujnqCZSr3oYTzsII+L2ZYpQNbgfidz3\/bxp0="} -01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052963506941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":419,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":419,"midstream":0,"thread_ts_usec":1639052963506941,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052963506941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":419,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":419,"midstream":0,"thread_ts_usec":1639052963506941,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d0309ht_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639052963519069,"pkt":"AAAAAAAAAAQAaxhhCABFAAV4N0VAAD8GsqbE6qXYWA6Jw5MaAbtLIsjZKBVEuYAQBVm+uwAAAQEICgCR8Nu\/P97mFAMDAAEBFwMDBtX9sPMqVokICAEgsw7\/2xKffa+79\/TkNjoYL4I1YbQadnHIh0McrSV1dydP86LlPn\/qFBdMi1XSvHZrxtq5l0VqPLatMtEy2LLDBOH41+dlcBy9ZcEHwVP8dUCrB+nyhm5AatwyoBGzXlWb7\/ygeUrsgMwQzeNgWtnmi\/VuhZoVdPlmSmCMuzA4Vj7Popyl2xCS9K+xpS6KSKmn4XXWmfAxbikPjZoD+9nCYEg5UYVqxbxdlu76lZTm60Gz9KLR2luW3hTd8XZE7hzbrc3O8\/0o8iem6LoBAeYTgB+I8h7sYOgQ9UEojl+sIbdFJ3z8dWT0AAcTHWGiFhABYSnUjwRjbWdtj8zfG2C3cMHGtlAVXnXm8l88sUQnilFEsXBwzNnU37av\/OY5gUWvJiXjppNJsCqW01\/KMES27fDoOVuN\/P1OiIDQMtdk6QlKJDJ+5z+pMALEhj6OMSNF9KGqdgjb14t5qU4sKa4QjyEzD10OnKIs24AHQ\/OG4d0sh4DOJ33P\/jl1d7kziadgcNaBfZ1+SA8v76VYJWeikAj+QT4N+JXywDMf61ja+Vez8IpnV1sGSYIVRyqk1lFF6pKWL7pIzcfPFSiSIhTRasNNwKf\/PJqbgBICK02O+jrh89im2TMMLA9Kbi7FMbZ6YnY17PWDGDdH840jn1zuzpM02dHgSo4EisyL+SB+9RaWEw6sVQAmAfysqwzc5V5Hmnadw\/SAQV0+vwYUMNMA\/vT+TtmcwMm3pv9daCZk7AICPcO5x+SiENnJ0zXRDuklI+3Ys0OdUZDfkvbjLw9pdtaHodRr5yDICMPx5ksS7yJme6jKlbKwg+7R\/\/EhroRVTCK1af06Gbzw9KOXSubnWtHztDXImDdM4FuNoQQPUQbAcjUsJkh8GZrjwl+UsfgGYHtKAVUlJdegLnivk1tmGkZYxrq07\/NbstWqDhHMFNvHdBn0\/Tx74sa678WWdh93zgr\/YiCPWD++bUhjPLn\/IwzdHxNV1F1AiGurCFJcFunWHeFxpYPPe8TjONIaI17xUkZoO4bgfu0RpCwWSiz0ID1+fNwqT05WAwilxoTyLZUg+Bi5PjMQ8vE7+N9nMBkYtPzvMQPg\/TKZ5OE0hWj18addR6frim6DEB9Db4Wx\/f3Rs5zQcefTLUqcgVSbDnkf1v9Bt0N\/Y5+EBbCk0GQUj67K1fbMWlmwZVDzHuFllhhR5z4pEBJYQaKh3mzzVc8XeUZu23VFvi5JcxAmOe8+1MEL+HyMsVa204A+BKEsZXnAqhn\/DT8a2nKqVLZP9z\/Ojuut9OrraFLcFE5NXwBGHbxlFGGlgk0PSeNfvVZ6cPC8pZcZ0QLyDm7BqAaz+JB6ptEDsgL2EahnM3TVdr+8TMDQxMTK\/TvnYoTdyIKepMnAVDlwiO9X08za+UFmZJe2dzx+oyfmLkGScGoXhr1QZ2cENccs+bJTtua19wI2ZpyWpX8UH\/vSSKfiTYnvhHagwaPVh\/Oy7n5m2B1KdjKVO\/4biWvkPMCSZDEySY7nJujia3KCkEetMG7vb6HSVBt5Kqn6x8eflTKQUAHZ1PidWk30TPLR2ClWzps40DgozU\/F6Rx8b8HigNLTRhLQHJ0w8MGoX\/2GT6MUOx4xNHd\/n0hcrUrtUX+oeWtKzBC8PKAz98QPp9hPLapCJWjWeP3+ZrVsJtlCxiUpFQ1DEDAKr7FxJVUixeDhRhThpTjlk7X4kCpMprR13z+M7J8rrNy6iZBc76Iqz+RWEGyg2bhjg3gEQvQInHnxpq0l8+3sEw=="} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1639052963520379,"pkt":"AAAAAAAAAAEAEgm4CABFAAESFlNAAFgGvv5YDonDxOql2AG7kxooFUS5SyLI2YAYAHvAaQAAAQEICr8\/4vQAkfDbFgMDAIACAAB8AwO6kuss6bcDSmq8e3GmR05l1RLxmI+dIDHmj2MZ7KgmySCbv0ACoTPxsYE+8Du\/oovylIsJjYgk88YoxhddfiCfjBMBAAA0ACsAAvsaADMAJAAdACAT3wI3T1d\/roP16TYt+DuVSSDCoKmbANYTUw0nFkrHCgApAAIAABQDAwABARcDAwBOZM1cpMqCvWSFHnQFxWqH2pxndfCRMiA\/Np\/+gM72QwNKEfL75BOGgEEdzjYI+CBE83znTyMCWcL06Crm+s3ylM3y+iehn1hG+hQOkfn2"} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1639052963520379,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1639052963520379,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","domainame":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.3 (Fizz)","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963537951,"flow_dst_last_pkt_time":1639052963523453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":10270,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1639052963537951,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052963537951} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1639052963537951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6954834 bytes -~~ total memory freed........: 6954834 bytes -~~ total allocations/frees...: 114163/114163 +~~ total memory allocated....: 7532430 bytes +~~ total memory freed........: 7532430 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 2393 chars diff --git a/test/results/default/tls_alert.pcap.out b/test/results/default/tls_alert.pcap.out index 883d9f47d..109cb0c6a 100644 --- a/test/results/default/tls_alert.pcap.out +++ b/test/results/default/tls_alert.pcap.out @@ -1,14 +1,14 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1628259176203392} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1628259176203392} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176203392,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1628259176203392,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1628259176203813,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1628259176203877,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1628259176203877,"pkt":"AICPmq69oM7IELEuCABFAAA0AABAAEAGtp\/AqAHAwKgBFPa2AbvtIEkPxKHNRoAQEBUDzQAAAQEIChPSI\/sAseWt"} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1628259176204397,"pkt":"AICPmq69oM7IELEuCABFAAD7AABAAEAGtdjAqAHAwKgBFPa2AbvtIEkPxKHNRoAYEBXUyQAAAQEIChPSI\/wAseWtFgMBAMIBAAC+AwFS2zXz6qEYi\/Hhk\/zPMz5Yc\/Q1u9wcSBgXhT9UdiVqOgAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGUtYW5hbHl0aWNzLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176204397,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176204397,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1628259176204809,"pkt":"oM7IELEuAICPmq69CABFAAA0KOtAAEAGjbTAqAEUwKgBwAG79rbEoc1G7SBJ1oAQAOsSLwAAAQEICgCx5a0T0iP8"} -01521{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1628259176204934,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1642662403350000} +01480{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1628259176204934,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1642662403350000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662403350000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2VAAD8GBknAqAJkoCzKypOUAbvHogbZRxwevVAYAY\/SKwAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -18,7 +18,7 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642662404144000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662404144000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2lAAD8GBkXAqAJkoCzKypOUAbvHogbZRxwevVAZAY\/SKgAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} 01214{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176205826,"flow_dst_last_pkt_time":1628259176206182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662407022000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1642662407022000} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1642662407022000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -27,10 +27,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916757 bytes -~~ total memory freed........: 6916757 bytes -~~ total allocations/frees...: 114173/114173 +~~ total memory allocated....: 7494353 bytes +~~ total memory freed........: 7494353 bytes +~~ total allocations/frees...: 125904/125904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars -~~ json message max len.......: 1526 chars -~~ json message avg len.......: 1029 chars +~~ json message max len.......: 1485 chars +~~ json message avg len.......: 1008 chars diff --git a/test/results/default/tls_certificate_too_long.pcap.out b/test/results/default/tls_certificate_too_long.pcap.out index 1e0642541..488cadce2 100644 --- a/test/results/default/tls_certificate_too_long.pcap.out +++ b/test/results/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074745096,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074745096,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":394,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074926313,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -59,13 +59,13 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077517315,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077517411,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077517411,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168077517977,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KWAbtjvPcx2r1+vlAYEAD30wAAFgMBAgABAAH8AwNkegAS3SJdh+Ps6UKG9MyXAf0SRqbWmWVBhQp\/VOVADSDgVOCn66tcEgqkfLL0mp6O7VxhxdDeiMyDL+q388p15AA2uroTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfVpaAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqqqgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmqqgABAAAdACAJu3qSxuQsxDbpNVWddZpTF2zJ6kWp8q3j+IxIhWZeHwAtAAIBAQArAAsKGhoDBAMDAwIDASoqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077517977,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077517977,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077557557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077557625,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077557625,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168077557905,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KXAbtENsV1fW7dVFAYEAAkCwAAFgMBAgABAAH8AwNPLclcNOiYyKfkFUFX9CBTeYItyA+K1YMdY+Waaxu8GiAZcvK6JMhkcMeFF\/bogwVRv4DlHl2J+vNEetT4N0HCDAA2amoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfdraAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqKigAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmKigABAAAdACDwwbzb63uhezmRq24dKuSGOD4717wf5fUd\/9x8ZXG6RQAtAAIBAQArAAsKWloDBAMDAwIDAbq6AAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077557905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077557905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168077565896,"pkt":"8BiYFWV8WNVuaKQACABFAAXQQHJAAG0G0vQocQovwKgBeQG70pbavX6+Y7z5NlAQCANxtAAAFgMDDxACAABaAwNg7VsNiz+wizixR9j60nU5wQVw\/OZ309c5RX1hR6XMSyDtDwAAQdTTz2ltKh+JWyvmjp8TN3AFuIHXs68A2pPeOsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01941{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077565902,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01900{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077565902,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1626168077590364,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="} 01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} @@ -81,7 +81,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168077604997,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="} 01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604997,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168077607577,"pkt":"8BiYFWV8WNVuaKQACABFAAXQihNAAG0GiVMocQovwKgBeQG70pd9bt1URDbHelAQCAMVNQAAFgMDDxACAABaAwNg7VsNrUHv7aK8m51exLCgb9UXgehWdrwaasjq\/kZHuSBKRQAAJAFMO\/\/9EucIis19X6Ej2yC9TNEzZ7sX6gMxycAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01941{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077607612,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01900{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077607612,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1626168077619979,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"} 01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168077619979,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077620854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077620854,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -152,15 +152,15 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079206860,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079207008,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079207008,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079207901,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KaAbvsuittZB61d1AYEACJCgAAFgMBAgABAAH8AwMDKPIIMryvI0pEIYfkwpdZziP1ocCKGJOQqDIxBQeYkCDt7fbkdmYliTmJGei2O++fHAfoNoC5YkkDcTx0aHwyCgA26uoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAoKCgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBRl1S9svmUTgvrEZzkNMujiVqHzc70acKshZGFVJo2UAAtAAIBAQArAAsK6uoDBAMDAwIDAWpqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079207901,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079207901,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079191811,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079243524,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079243607,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079243607,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079243987,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KbAbvR3yLyxIkucVAYEABrKgAAFgMBAgABAAH8AwO1hBGpy3+S+rRxjgLBoJRVX7qoCeE+Ka2HorEpSKj6nCDqF1HdOAmp+O3EFYLMuwKar2f6dybtNo9WKAZ2qmv1OQA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfdraAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqamgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmamgABAAAdACAOdhFnUVLJQSE5jPczjbh5JY+1ipK3sAvXRLyv18O4ewAtAAIBAQArAAsKenoDBAMDAwIDAQoKAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079243987,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079243987,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168079255800,"pkt":"8BiYFWV8WNVuaKQACABFAAXQJA5AAG0G71gocQovwKgBeQG70ppkHrV37LotclAQCAMYcQAAFgMDDxACAABaAwNg7VsPNbhpFtTs7XlFPY0F\/axpZerVj9YBcE+6IZbpaCDaJAAAnEXh\/2sue2V5EkUlKI\/sfD0TnXJr82bTBEVV7cAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079255807,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079255807,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079296976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168079296976,"pkt":"8BiYFWV8WNVuaKQACABFAAXQS\/RAAG0Gx3IocQovwKgBeQG70pvEiS5x0d8k91AQCANyPQAAFgMDDxACAABaAwNg7VsP3ihfIbejS7d9r9O+Hbrzpqz3vHyWDIaorK6SRyBlFwAAe5OeINT99eUZefJSf4c9dr\/N0A1TNqki1Z9hoMAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079297042,"flow_dst_last_pkt_time":1626168079297122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079297122,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079297042,"flow_dst_last_pkt_time":1626168079297122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079297122,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168079361941,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} @@ -173,15 +173,15 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079905490,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079957007,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079957076,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079957076,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079957351,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KcAbuMyd8Dbs76zlAYEABDlgAAFgMBAgABAAH8AwMgbPK9I4TzFoyQdXNftSqLtc4HmFOyqsEZQJHzzYzlriAqNEHSztqcrM\/D+veI5\/m+1rARfQ5p00F5SiZjrJVo+AA2uroTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfUpKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAApaWgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArAClaWgABAAAdACB6JGjBUt+g7AvFg+oGELCVd0olZyOpZz8HyaRohlR6AwAtAAIBAQArAAsK2toDBAMDAwIDAVpaAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079957351,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079957351,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079937697,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079986558,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079986635,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079986635,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079986894,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KdAbvq1sJSd7qmPVAYEACgHwAAFgMBAgABAAH8AwOafk3P0X6QUcg58fAxSEB8O5EwTuSV\/5piw2ufBOQSYCDrIYHGunI6VpocdN6m2fIsEnR2dW7f2uA5iXmzb9sA0AA26uoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAArq6gAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACnq6gABAAAdACCtOcDu7VvNq8oOkM1M85JEhe8H5v1SSt5Ji5AGSpEzHgAtAAIBAQArAAsKuroDBAMDAwIDASoqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079986894,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079986894,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168080007051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080007051,"pkt":"8BiYFWV8WNVuaKQACABFAAXQg1hAAG0GkA4ocQovwKgBeQG70pxuzvrOjMnhCFAQCANf0wAAFgMDDxACAABaAwNg7VsQ1pfr38OYTI5xjO1At1qrE0i1jUK28rRezGoaCyDGBwAAykBbzWGIy8rqbcJLhgaZ3hDQ5FOt+EPYGhMNVsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080007157,"flow_dst_last_pkt_time":1626168080007331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080007331,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080007157,"flow_dst_last_pkt_time":1626168080007331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080007331,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080036867,"pkt":"8BiYFWV8WNVuaKQACABFAAXQTOZAAG0GxoAocQovwKgBeQG70p13uqY96tbEV1AQCAPSSgAAFgMDDxACAABaAwNg7VsQPRGFUXV4NTK5nbpfGxvlr4YbH3NCue852uw1MyDiJQAAknLiqu\/0vHjzbE6U5Wh7dwDBQ2qUtxPCs6ZnSsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080036872,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080036872,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080092272,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} @@ -193,15 +193,15 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168080587652,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1626168080587719,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168080587719,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168080587994,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KeAbvRcN5tICOQClAYEAAMdQAAFgMBAgABAAH8AwPMjYIsgAQp6pn3ZtQXAiaGKm\/rmXKTkqMv3ljJ+5MIayAtgt8PaC6+AbFrQYAXJm2rRzFyWGNBrmBWTNsT5nam3wA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAra2gAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACBerNIBvIcNw8LE\/PhOJJ1NcP0K+YPLbp6TK\/l72MTiJQAtAAIBAQArAAsKuroDBAMDAwIDAerqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080587994,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080587994,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080569908,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168080617186,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1626168080617265,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168080617265,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168080617623,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KfAbtYRRqKFul7QlAYEACyQgAAFgMBAgABAAH8AwM03dkqNEVfsVa2AthcA+pbUsijyUyY2d64e5OAJVmG1SAeuh8Osv1FCBNVAHQS7imShqcMBm8Zp+TsRBclD8tdEQA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfbq6AAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAq6ugAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACm6ugABAAAdACDlACMA3\/CIa29aVDTicFGCShqJK7VgcOuJMJ73UOtPegAtAAIBAQArAAsKKioDBAMDAwIDAcrKAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080617623,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080617623,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080639024,"pkt":"8BiYFWV8WNVuaKQACABFAAXQfrhAAG0GlK4ocQovwKgBeQG70p4gI5AK0XDgclAQCAN8ogAAFgMDDxACAABaAwNg7VsQq\/CAoDwacZtQhsI4Gak5tQl3Guhn7+5+Dn36YCDBRwAAHWtVq2hn1QPrjqQsaKVRhJJvFksZnJMqyuj60cAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080639030,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080639030,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666081,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080666081,"pkt":"8BiYFWV8WNVuaKQACABFAAXQhXRAAG0GjfIocQovwKgBeQG70p8W6XtCWEUcj1AQCAMG0QAAFgMDDxACAABaAwNg7VsQnrej6hQdjxxCIt\/S3WS6bxuZx\/7n5fuTboeL2yDYPgAAtMdAptxolJXPN3G6KdiJmQf+ymwgaiqIU\/n4ycAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080666086,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080666086,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080732598,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} @@ -249,7 +249,7 @@ 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076015959,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168079653752,"flow_dst_last_pkt_time":1626168079674037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":323,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"235.33.22.2.in-addr.arpa"}} 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168076655532,"flow_dst_last_pkt_time":1626168076674265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":90,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":431,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"60.21.149.52.in-addr.arpa"}} -00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1626168081946770} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1626168081946770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -258,9 +258,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7117740 bytes -~~ total memory freed........: 7117740 bytes -~~ total allocations/frees...: 114981/114981 +~~ total memory allocated....: 7695372 bytes +~~ total memory freed........: 7695372 bytes +~~ total allocations/frees...: 126714/126714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2529 chars diff --git a/test/results/default/tls_change_cipher.pcap.out b/test/results/default/tls_change_cipher.pcap.out index f30b908d1..b5a57e74b 100644 --- a/test/results/default/tls_change_cipher.pcap.out +++ b/test/results/default/tls_change_cipher.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784524708924} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705784524708924} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784524708924,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784524708924} 00483{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":134,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":134,"pkt_l4_len":0,"thread_ts_usec":1705784524708924,"pkt":"AAAAAAAAAAEAAAACgQANQoEAAHEIAEVoAHCULAAAOxGs0QqED7AKhhleCGgIaABcAAAw\/wBMkkgABkUAAEwAAEAA7wYHXhKLBwisHb6dAbv1TcvywT+rt1Qx4BL0J8GNAAACBAVQBAIICgxXutK5JPKSAQMDBx4QEAAIeIpV\/fie+Nc5ojE="} 00305{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784524879194,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784524879194} @@ -28,7 +28,7 @@ 02279{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1458,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1458,"pkt_l4_len":0,"thread_ts_usec":1705784524708924,"pkt":"AAAAAAAAAAEAAAABgQCNQoEAgHEIAEVoBZwyewAA\/xFFVgqGGV4KhA+wCGgIaAWIP0Uw\/wV4BES1rkUABXgAAEAAQAaxMqwdvp0SiwcI9U0Bu6u3eGrL8sFA0BAQBlXnAAABAQgKuSUGPgxXvFYeEiAFIwPhxbmOfz8AAApKPikAADgqY+MAQU98TYSNKdSEnsx74PNTfX7gd5k+yBDbLmllQwhxUbwG1HJMootoStVKOnnK3k2XSIoip818wahl+woOOj+NhDulJ\/Ni\/PWzy0s1Oaxt2K4acg2HdaVloTHS0rnrtnLI1G+lrkgpcvUxCt54Cg+4x2kQPrN67G6aJ2hfUSesPXeTjzJPv62jNHC325Nv7cHKI0fHHBzpMeuYGEbFbJQgYL0Qo8yqCF3GdKv9tKtmS+vsbn3cdu80pt2kq7QZ44QnsQSF9kxZCv0PP4\/Em+2WIEoj25IjHt2E+F8d6wmVs8JPd4RQK3BZyVRaI7UFZzICc7wOi5dVk+eAC0CBAFX\/8VNLJnVKVNjNzPzZhIT0rNYa+bYpzaWxnHJeTAsqX\/HfiwMPWgJPneUa\/m1nXT1hLqOW+1rNy6\/1ginGrbh6hvtJYMLPjf1tr9LcsPOusDjw6v+3PyZcFZMtdkABcOPKZV7NplsTjgIsqXLpzmKsC+1xNB6s1zxCQtyY4UJ4FnEv48d2IIz+8x6VYrDxnG5QPcYrzNYAGrf\/VK0ELnX576V1FEdca5DKl\/K\/yjVL0qu1IFzBAOBma6Ox9ZcumC2KbwhHE\/LN82fSnIysJtyFqczTF1k9SJMH6xYpbVO232R7vCyFgji8B6mUEXWDbcsOilF92xaweoVEmiwGx\/jYbyEwO6ZaORbOkd4wcZjthfmFu7j3NE083Y5JpHs6SImulEYw1KxgBPpT9t2R6EgWWf5BNeXBpJ54BCNOxHm1qldCT3D5+Cg92q50tiDUNq0L3b7yKGIaoThNLvVH5JMJxDMcUeYhFnfXMvFSGqmtBXwiNGSmL5CT4bcNEkVsp2VZQ85MBaKTprPxq85p16dKPngLWNqKYMi3nImRgGSfZKQG2531JtRrxvT0LUfZiMkgXG9D0cU8ynP5FWTdiC0b56XA\/VyR\/pCrm\/cXvy8s69lfLnn3RvMa8zqVM3TUpP4y7DibdCyg6JWwvZHqrr7QKf6mDRG\/1aY3PsVCiNO0RXSr16wYa7ghO1btDLjAyNLPEPQnfzSfpXL+QZU\/Laf6\/Dm6my03F2qvJmsruJBGQjzipiZphzVqaWlJ\/9mVRWiPj6N3GIIZMEgeT7ZTSO0XsC3cXzaBPa5cXYQFsOoftqZb6CN6KvqIKZwbLpz+stlxkkJlZW286zIpxFOkCVKGl3f2rIf6E6\/sz0f7l8Gd5eTlgcaRr0McAbJiQi86f2MEWIg5D2A2poEwujwcW61WCn6Vq6cQdcqQYi6dzu+bIxBr0FmJKX4mUJDHQTUqINOBjdmqy\/aJezeoJ6rDfoNURtDzdDPc1BIARMhg8\/Ctt2ehN5RAACUlOiRRouSgsyNYwuwVMmiMMbc94u8TwonRAM76veZoD\/PJqHWUE8FnISuyBmdsRzf9JK7QQ3EodbY36iUo2TxlUb8MPJ9id7kvzW41ZSVGtyl0WVciEf1CbYZivAO+aL82adaKw3J9lCdu9Rho5bzEh85Eg3RMyBaMyJw+a97fq\/QZBEew4Agp7shoq2\/KtGPCeQP4H\/vBe5KyyVbCtUoN8CnJYiHMTs4Nwu3y6eGMPfv8N\/IYLe3D6rkHl6dkpzeAOFEMG4mHfRQ6GGxy2bFl3cl9RIPFxQiCoUi2uJBx7AlrnDA\/kjg0R8gQG81yXKLeAMA3A1Dy4HoiEz7DJy9jfw7DurRReCtiN2JwCQpR7xGTe1KQb3LZ39qeVH0n9\/hmsYyElLa1DMAIHIyfmZTeRj6eEAnJ"} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1705784529694103,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1705784529694103} 02281{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1458,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1458,"pkt_l4_len":0,"thread_ts_usec":1705784524708924,"pkt":"AAAAAAAAAAEAAAABgQCNQoEAgHEIAEVoBZwyfAAA\/xFFVQqGGV4KhA+wCGgIaAWIP0Uw\/wV4BES1rkUABXgAAEAAQAaxMqwdvp0SiwcI9U0Bu6u3fZrL8sFA0BAQBmLeAAABAQgKuSUGPgxXvFYeEiAFIwPhxbmOfz8AAApKPikAALkLPIqoV8bueYFSu2MlIeN77Pg8FRuXg+UHwu8cAyOc6iZso+4ZMZ91Kc7txxkHV5viAMMJtlb66zwZbnHlzgatfdx5eC1iSoNL5CS136gBJbF8wJPrDm4mbSWJjtf4uAywrMHfheCzBFdgU1SonzjvCiLxHmaMjhQhmzlZCxxVtilrJgLyHrsrAIC+3nF+6hbUtqDAOX7N2rpGgH05SATgLsLbqitLcsK72Hfsx\/Hlcb5ifdEKJvxAlpGoNH9Em5RXrJuOX4cUKo\/BXiNQqsjn0U95zpxXR2doESt1vLuqOAzdytpBfVFJi+ZK6LSMsFYYK5bdARgEzeQZOg4YH3mkpVhTgVHJoaotClp3DncwJGHrcLgL5Tu5PMeQRpPnDrA68fGbJ5sxybPaPP4xMtVAg05EFDxOtUiKc5hNSCXSD8YgFk096si+j9Syat8G5aoGX\/e4BO9YU7945A7xBA0\/b7Xg3h7V\/Qlfh4trqesM0HegrBL\/SZ8AybXwg7mvJy0N9AkIs\/qVM3RkgnsX4g6\/hDy2jV9w8pXGx96JganSsQGgKenWC4V03FVXndRhVqtbaTUgtJ790qDYaWaM1bOIlXahnSznp8bVKf1972ckM1wrNr1RLkwUhQ3yWWcXvGerJRTHGQQD7exdtl4ONRHP6TL9+ZvUGbINg6IU+ApY6arEXsnREerTusN55qlcv8yHTZECw6o\/sRyLeuX0i6dMyOoeTVLwxCKxkjyhnJG8v59maC54sgv2jK\/guw479v1ccxxbk+OnwULONWCUY5v0laCUuLiFkuD\/9jwcV7xr7dAa5q8CK+Crh\/Q8kkk9Cw4iILzosmybqvda5KFCtmhK4txjOn2qSgzv\/dj7kUDXQmopN7UP0zBLNQ8A1mi9asPilPPVyb9a\/dC5ontWFUJCjn7EXWWP3Tn9zj86GQzSu0P1ikYQ5eQW\/ChXcJ1\/idBSe87lUAlx8eDWIwE4xLdKA3yrd447J1XqIsitSjv9WpoPb9JqiuA9ueUkLYhFwjYLWZbuBiEztwIKXyYyBWUcuhG5pINIKt1pLOPaN9nDcsvnG7HG8Xn0kCa7irNSjI4nCI3mgP5ydYuvmk0SNSx1+SnNBaoFMJeypjDS98wmwXG93gISEdiPNv0d5bVJQWiLdzmjpHRPA2hDSpBHczcSHSgpDetnQLs7jg9N5I8\/8hUtUbaRZ66M\/aK+ifklpE8WHf4f5xYfiITYnPRW4cMGcSEObTo8VcI7\/oIqAmK7\/cnxMI4MjsbBOZg6s4jmbB6URC6QwjiF1ijFnWKpuP2syv8\/DNuccNTzuvW+jhahVNPFSZnlbl\/DOCi9z4r67nZxcj1d6\/a7kTDCtR\/Yj2BBL6M71gQOyXCKP34xhAMZzJamQT48Q5vLSWtOx7\/WiC+Z47umbvzUMqlm4CeEOczNn2YavCHkoRd314TqGqVofG+oEgUXPZLYOFmPPxaiMLeSU3gTzzXmVIifg02MxtRvQ3BJLlA3PlS46kEr2mEXI72oI3UJUCUDaWPvPQdZILxcHabjrg3jUHS7e4dXBaAxt51y8r9G9+1wJ9bCuYL61tEXC41JA83\/ufCUjizoIrGvYJvA1rRXKpoikxY49vomwPDe6qYfZ4PrXZCHJ7fOxuslJNGcAwbmfOAEUkV8\/q6A8AuOB9oGRmvZa7IPpaSoPx2jKv2ySImrUj1LcnxZTMuZMQQwhkIiXUfOguoikn3EVtbjBW8HlpT\/k1\/AZks6\/5eP6\/4r1tf09BQHh0xW"} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1705784529694103} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_change_cipher.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1705784529694103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/0 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6905233 bytes -~~ total memory freed........: 6905233 bytes -~~ total allocations/frees...: 114126/114126 +~~ total memory allocated....: 7482829 bytes +~~ total memory freed........: 7482829 bytes +~~ total allocations/frees...: 125857/125857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 310 chars ~~ json message max len.......: 2286 chars diff --git a/test/results/default/tls_cipher_lens.pcap.out b/test/results/default/tls_cipher_lens.pcap.out index 17e406913..6ed169312 100644 --- a/test/results/default/tls_cipher_lens.pcap.out +++ b/test/results/default/tls_cipher_lens.pcap.out @@ -1,26 +1,26 @@ -00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1391444859282829} +00620{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1391444859282829} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","domainame":"www.google.it","tls": {"version":"TLSv1","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","ja4":"t10d360600_77f462745360_6072aad2e91d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","domainame":"www.google.it","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360600_77f462745360_6072aad2e91d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mGAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhgD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mFAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhQD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mEAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","ja4":"t10d660000_1ade43d4e5bc_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d660000_1ade43d4e5bc_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mHAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAAAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1391444859282829} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1391444859282829} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -29,10 +29,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927548 bytes -~~ total memory freed........: 6927548 bytes -~~ total allocations/frees...: 114196/114196 +~~ total memory allocated....: 7505144 bytes +~~ total memory freed........: 7505144 bytes +~~ total allocations/frees...: 125927/125927 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 625 chars -~~ json message max len.......: 1322 chars -~~ json message avg len.......: 972 chars +~~ json message max len.......: 1281 chars +~~ json message avg len.......: 952 chars diff --git a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out index 60a4299bc..710f0a1c6 100644 --- a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -1,23 +1,23 @@ -00653{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00874{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663090549179486} +00653{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00874{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1663090549179486} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549179486,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"} 00979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1663090549180495,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAFVb6hAAEAGlWzAqAGAw7WusLyEAbsbAqep\/y9LZoAYAfYShgAAAQEICjj2GdeczD4KFgMBARwBAAEYAwPezn7TVz\/Q\/8BnfJIGEA0lTFPiRL5wdTC0FDXR7VNhOwAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAbwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAEAAWABQTYW55ZGVzay82LjIuMC9saW51eA=="} -01592{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":289,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} +01551{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":289,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549197307,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549197307,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA08UVAADYGHvDDta6wwKgBgAG7vIT\/L0tmGwKoyoAQAftF2wAAAQEICpzMPhw49hnX"} 02540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1663090549200737,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXc8UZAADYGGUfDta6wwKgBgAG7vIT\/L0tmGwKoyoAQAft8iwAAAQEICpzMPh449hnXFgMDAFcCAABTAwNjIL91SRnydgdaTxNrxwq2ei\/yA3QhYIRET1dOR1JEASA7bE87ePGwmM5NBEP9isH9Lz0k78bjSqz4FUIsc9pXNsAsAAAL\/wEAAQAACwACAQAWAwMItwsACLMACLAAA0MwggM\/MIIBJwIJAPGIMHZ0UySTMA0GCSqGSIb3DQEBCwUAMEgxFzAVBgNVBAMMDkFueU5ldCBSb290IENBMSAwHgYDVQQKDBdwaGlsYW5kcm8gU29mdHdhcmUgR21iSDELMAkGA1UEBhMCREUwHhcNMTgxMTE4MDIxNDIzWhcNMjgxMTE1MDIxNDIzWjBGMQswCQYDVQQGEwJERTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxFTATBgNVBAMMDEFueU5ldCBSZWxheTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEimSq43jXFd4y0DWmX27+lJ7CD1sFgnD\/iYL6vzT5r88O9fhn8M\/e++YZZi52ShTQpoZZcpRdLmq451xVL8rL8wDQYJKoZIhvcNAQELBQADggIBAGaRMkjCQwOFjmCpjVewPT62MuIafRSC4Z0O+0QWB1PHDHb2GlJ5LWbUFThy1vpyjh19L1wPCxJWhaY8PttZrUJFsoFAOthHxaopXOcDA0mgW0k\/ljLL+1fwcvADKqBcacDvUvI3a9S1Cibm6CC5S4u7Y95vZWqfXdfBl5stME6agYW0HJKm7dh6+d+dA7OQnHipyLoOPKzsFNt9UbOXBrn2d2Cr\/lmDr46XVinH235xedHH99q2yPevjyTgGwDfFtEZD9FanUcBfCdTgE9e5p5qbCT+p+SAfI5YsNQSTfArm7reqCIp\/\/ykK+bUhdN7zx9uuxCVXAzDJjlTyOx8NOJ4zttMDeZwfJev+OGhYVouqoNxF0SgnfxMEfy0XPp2wXEZoySQO0+pz8APHRZysuwFzalvy9pDczR8elyWDce\/2b4BkLc4W7yJheLb539UUoq+3al4Vc7dPrKTUuUPOBbOuzXO4Z9Zod+eDRw0b1QJQAniymVNFEJMPaOrgfLzTcGa\/dKQ1diwXhIKLMNWxN7bQ5LBrfHh\/PvD74hacQYkXLdHYW\/kukh6eIsjvV9uEW1d+2PJsVgVlaMm0ky2p+Q5POfjWbYrXy6OcO14LP9VzsT8ZminOkRX8km1ObtFBCwm03x93FrfzkmQzxQdQ99Hr49V9XxJA52jASKsiq2RAAVnMIIFYzCCA0ugAwIBAgIJAIf7DQy3sYvoMA0GCSqGSIb3DQEBBQUAMEgxFzAVBgNVBAMMDkFueU5ldCBSb290IENBMSAwHgYDVQQKDBdwaGlsYW5kcm8gU29mdHdhcmUgR21iSDELMAkGA1UEBhMCREUwHhcNMTQwNDExMDIzNzU1WhcNMjQwNDA4MDIzNzU1WjBIMRcwFQYDVQQDDA5BbnlOZXQgUm9vdCBDQTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxCzAJBgNVBAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtBVBDdoa01og\/vnfvwqM8aSt79RUlufigrcNAOrxN+LXjKEWO6BoCDiqbdsmvqZpkzaojh5w3KyBHuLdFoM0tRVw9YrNne5dgHxaeKIHpK7m+NYx+lx7u+Ba61Evl7\/2+zMnkLPY5ODNaDtqh2ymDefYvWHfVmsq4Rwr9Z+\/hd2MWwYecX+6SqZAsHcX6iw\/W5QUhS6tEWGriPYBu7NHa+KBGPGOOebYewxjhoOscIR1Jy01PXt7qM6ySHkIOC2CJn6TSzJ2ZoWn\/crxCi\/HYg9qQP4aa1gcU+RjwXWDmqt4BEmDH+cjcJ+jv2jRMy9M3l6GmH1hfQE09Zw="} -01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":289,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} +01613{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549180495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":289,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549527373,"flow_dst_last_pkt_time":1663090549527373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549527373,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549527373,"flow_dst_last_pkt_time":1663090549527373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549527373,"pkt":"eq+3+1HBPKn0qB\/sCABFAAA88WpAAEAGxMvAqAGAwKgBtelqG56be30wAAAAAKAC+vB3mwAAAgQFtAQCCArJG2odAAAAAAEDAwc="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549527373,"flow_dst_last_pkt_time":1663090549534594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549534594,"pkt":"PKn0qB\/seq+3+1HBCABFAAA8AABAAEAGtjbAqAG1wKgBgBue6WrMegHIm3t9MaAS\/\/\/DPQAAAgQFtAQCCAqdmkNeyRtqHQEDAwk="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1663090549534685,"flow_dst_last_pkt_time":1663090549534594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549534685,"pkt":"eq+3+1HBPKn0qB\/sCABFAAA08WtAAEAGxNLAqAGAwKgBtelqG56be30xzHoByYAQAfbwDgAAAQEICskbaiSdmkNe"} 00942{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549534594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_usec":1663090549535303,"pkt":"eq+3+1HBPKn0qB\/sCABFAAE78WxAAEAGw8rAqAGAwKgBtelqG56be30xzHoByYAYAfYbhwAAAQEICskbaiWdmkNeFgMBAQIBAAD+AwPvODj+9SYuhstdSMJlZdUKTSJhZKy\/ZqhW60k7W2M6dwAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01540{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549534594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549535303,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01499{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549534594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549535303,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549540818,"pkt":"PKn0qB\/seq+3+1HBCABFAAA02g9AAEAG3C7AqAG1wKgBgBue6WrMegHJm3t+OIAQAKzwSQAAAQEICp2aQ2XJG2ol"} 01375{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549222749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1094,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":1383,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01359{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549603905,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1663090549603905} +00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":17,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1663090549603905} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916773 bytes -~~ total memory freed........: 6916773 bytes -~~ total allocations/frees...: 114175/114175 +~~ total memory allocated....: 7494390 bytes +~~ total memory freed........: 7494390 bytes +~~ total allocations/frees...: 125907/125907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 588 chars ~~ json message max len.......: 2545 chars diff --git a/test/results/default/tls_ech.pcapng.out b/test/results/default/tls_ech.pcapng.out index d328dd16e..3f8698275 100644 --- a/test/results/default/tls_ech.pcapng.out +++ b/test/results/default/tls_ech.pcapng.out @@ -1,15 +1,15 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1688191412684193,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412684193,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACAGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBAB\/zqHAAABAQgKd+NnFk7TX8o="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":670,"pkt_l4_len":616,"thread_ts_usec":1688191412684389,"pkt":"ILAB4IZiNObXAhsnht1gC2UeAmgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBgB\/zzPAAABAQgKd+NnFk7TX8oWAwECQwEAAj8DAx0oZiYaJMwMFcbeulsOlxoZojtyUk06HKKs6lbQH9u+IOCcoK4iEjoWXwEA+vIN+3ks9Ri5QAqLtS74CzwGBZzZACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAdZqagAAADMAKwApGhoAAQAAHQAgdElCiNf\/wfqgRpaFVvZGsCSoVf7tJ8eT6AhUE6p0ETYAIwAA\/wEAAQAALQACAQEAGwADAgACAAoACgAIGhoAHQAXABgAFwAAAAUABQEAAAAAABIAAAArAAcG2toDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAQAA4ADAJoMghodHRwLzEuMQAAACUAIwAAIHBlcmZvcm1hbmNlLnJhZGFyLmNsb3VkZmxhcmUuY29t\/g0A+gAAAQAB2AAglVfBAMcb93aSkFbQIVkfZRUAHcHfESW5JAjZhoGloWcA0A3wlw2ffLQmwFmx4P6V\/Xwi+KVETWUyFJb6hXgeTF4xRlzHA+M2ityLRqaqstnSve4wBOXVwImLA1UxfzIS0WDh6AaqRcw+CjUVBgcYyXYCWv0\/BLltvQOamfSn2Yghqa2qNygp2re8mWWVmlqPTuNlBs0bq6CL0ll\/RkQD3P7tmjxJ8rguU6XKjQnqQxWLWMeHhqcsbPq7mZn6MaquKi9UFC9Hvvz1QsgFMFhOJYPWeDInAPacsjv2zKCBDD3vPKFk09\/rYX57ZNvnbmSJxNoACwACAQBEaQAFAAMCaDL6+gABAA=="} -01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} -01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916809 bytes -~~ total memory freed........: 6916809 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7494405 bytes +~~ total memory freed........: 7494405 bytes +~~ total allocations/frees...: 125885/125885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars -~~ json message max len.......: 1390 chars -~~ json message avg len.......: 977 chars +~~ json message max len.......: 1368 chars +~~ json message avg len.......: 967 chars diff --git a/test/results/default/tls_esni_sni_both.pcap.out b/test/results/default/tls_esni_sni_both.pcap.out index 4d99b5c67..479ceff73 100644 --- a/test/results/default/tls_esni_sni_both.pcap.out +++ b/test/results/default/tls_esni_sni_both.pcap.out @@ -1,24 +1,24 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595697574192522} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1595697574192522} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697574192522,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1595697574192522,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1595697574222665,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1595697574222752,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1595697574222752,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595697574223192,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":688,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":688,"pkt_l4_len":654,"thread_ts_usec":1595697574223192,"pkt":"LLBdqyO5+P\/CRWqLCABFAAKiAABAAEAGXzLAqAEVaBGvVdjMAbsVnUj2YzZRGlAYEABWzQAAFgMBAnUBAAJxAwMGpWRlayh22tFtXEAzmjJevDFs1IWqC4u2bXbxwIE69xC3C2PdEU5UEeZFLwoPl1YAAAYTAxMBEwIBAAIyAAAAMwAxAAAudGhlc2UtYXJlLW5vdC10aGUtZHJvaWRzLXlvdXJlLWxvb2tpbmctZm9yLmNvbf\/OAW4TAQAdACDbPfgwm2DuUZA1nST0TTbZcl3w+W\/UxK+KeNTQ8XZoWAAgv3B+CGpVXz5mDsUtrAvL6LtcWXtckj8m0zxukSXGubwBJLiEXRo3Il0FXLcYe218vYUq39pSaQl2gMs4ivT8n1x7zgN3LVJZggr8LaXJSaZj+ZfScLvSUl0NfE2D5vqc+gOMHnjCyEe7IDOFOZjn05FzfBy7N5ap9\/JNXoj2xa+U6V2TwvihaOc\/GNCQ6radfGia+nrZvKr+\/PSWUJ3U3+s+ls4zTysApsA8H5wb9QQLoDHnidAxhd22vS0hBakUY1GaI8quApXj8Gi3AdmbGrSGWDxyVN2ge+mdUMI+RoHLYqX6pmmt\/vdmkxN3iLPApbDuw24AT4oR57WxTdN\/UMH28g1ogoYgvvt0YKXWkQJVwSb5If5rcPLpxymWg\/rm+dBosTm60e9wnaghZCsA+n\/Ru6RO9sPaxhBDxDQiTz5XD2LapL8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABgAFggEBAEEAwgFBQEFAwgGBgEGAwIBAgMAMgASABAEAQQDBQEFAwYBBgMCAQID\/wEAAQAAEgAAADMAJgAkAB0AIKwXrYJPOPenZGQf1a2Cz8a6UMLnBYZ9xGnya\/eMwngzACsAAwIDBA=="} -01520{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574223192,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697574223192,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"these-are-not-the-droids-youre-looking-for.com","domainame":"these-are-not-the-droids-youre-looking-for.com","tls": {"version":"TLSv1.2","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3","blocks":0}}} +01479{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574223192,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697574223192,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"these-are-not-the-droids-youre-looking-for.com","domainame":"these-are-not-the-droids-youre-looking-for.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1595697574223192,"flow_dst_last_pkt_time":1595697574265763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1595697574265763,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAo1A9AADkGlJxoEa9VwKgBFQG72MxjNlEaFZ1LcFAQAELmiAAA"} -01571{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574223192,"flow_dst_last_pkt_time":1595697574271419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697574271419,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"these-are-not-the-droids-youre-looking-for.com","domainame":"these-are-not-the-droids-youre-looking-for.com","tls": {"version":"TLSv1.3","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3","blocks":0}}} +01530{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574223192,"flow_dst_last_pkt_time":1595697574271419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697574271419,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"these-are-not-the-droids-youre-looking-for.com","domainame":"these-are-not-the-droids-youre-looking-for.com","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3","blocks":0}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597731441,"flow_dst_last_pkt_time":1595697597731441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697597731441,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595697597731441,"flow_dst_last_pkt_time":1595697597731441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1595697597731441,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1595697597731441,"flow_dst_last_pkt_time":1595697597760281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1595697597760281,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1595697597760372,"flow_dst_last_pkt_time":1595697597760281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1595697597760372,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"} 01402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597760281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":693,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":693,"pkt_l4_len":659,"thread_ts_usec":1595697597760792,"pkt":"LLBdqyO5+P\/CRWqLCABFAAKnAABAAEAGXy3AqAEVaBGvVdjaAbvycO9kZJomslAYEAA4MwAAFgMBAnoBAAJ2AwNdJNFyReVirRSVojufnGMbeLCCSIfasM1ieW4FG8of3hAwM4m8b00Q9oV+Hc7T5oMLAAYTAxMBEwIBAAI3AAAAOAA2AAAzeW91LXRoaW5rLXRoYXRzLW5vcm1hbC10bHMtdHJhZmZpYy15b3VyZS1zZWVpbmcuY29t\/84BbhMBAB0AIJnVpjNl66MOXpvmx41gUQaYeiX7Z6hw7BwkUWzRGGpOACC\/cH4IalVfPmYOxS2sC8vou1xZe1ySPybTPG6RJca5vAEkS4DxHD4+QDhSKdiI9dtzmEYOX\/XsngPoMxgQvNMUwzIntV9PDa3UuBPJJ0uISr3A0kNEKeu1WYMqXVS11VsTg2a9oo\/43miikoJcoUUiy1+yOgTMZU6cbZxblnsgUg1\/xO\/snQQVSkBCjdT7iXQq+6rdARBQIPBbI8RPIWgC\/aX5zfvRKbqhzKSkI16fHp0WqW\/nLO8BrKQzxpfdSdI4nhqvgX9U6XHk8pDekey4Olh2o7N7l+ZuvLuQrv4785RVuirst7QWHRV2Bry+Hk0MA5HVdlJYWh5sSSkPTUD9beLuumP3bW19kkE0M1up6+gTpBl9qsjvZgOotscar2pvqtkrE0XfU6KUOEWnq2oJz8N4PI+8cq1Isu1cBJJOnfv1frzevwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGAAWCAQEAQQDCAUFAQUDCAYGAQYDAgECAwAyABIAEAQBBAMFAQUDBgEGAwIBAgP\/AQABAAASAAAAMwAmACQAHQAgyNi4uav9JMuW\/0Qhwazj9bJ0hRmofP\/tRvglJ5t3J3AAKwADAgME"} -01531{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597760281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697597760792,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","domainame":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.2","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3","blocks":0}}} +01490{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597760281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697597760792,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","domainame":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597798677,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1595697597798677,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAok5FAADkG1RpoEa9VwKgBFQG72Npkmiay8nDx41AQAEKMNwAA"} -01582{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597802693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697597802693,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","domainame":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.3","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3","blocks":0}}} +01541{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597802693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697597802693,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","domainame":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3","blocks":0}}} 01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574326162,"flow_dst_last_pkt_time":1595697574326417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":6772,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597855622,"flow_dst_last_pkt_time":1595697597855003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":5312,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1595697597855622} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1595697597855622} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -27,10 +27,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6950883 bytes -~~ total memory freed........: 6950883 bytes -~~ total allocations/frees...: 114207/114207 +~~ total memory allocated....: 7527271 bytes +~~ total memory freed........: 7527271 bytes +~~ total allocations/frees...: 125934/125934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 540 chars -~~ json message max len.......: 1587 chars -~~ json message avg len.......: 1062 chars +~~ json message max len.......: 1546 chars +~~ json message avg len.......: 1042 chars diff --git a/test/results/default/tls_false_positives.pcapng.out b/test/results/default/tls_false_positives.pcapng.out index 7d8a5b7d0..d4b367dfd 100644 --- a/test/results/default/tls_false_positives.pcapng.out +++ b/test/results/default/tls_false_positives.pcapng.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1641232761063506} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1641232761063506} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641232761063506,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1641232761063506,"pkt":"AAAAAAAAAAcAi3YBCABFAAA0AABAADcGbxAKCgoBwKgAAQWlUfMZL\/oS1g972YASchBrdgAAAgQFtAEBBAIBAwMK"} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761612243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1641232761612243,"pkt":"AAAAAAAAAAcAi3YBCABFAACs+xRAAD4GbIPAqAABCgoKAVHzBaXWD3vZGS\/6E1AYBVnujAAAhAAAAAKIJwDIAAUJDggAAAAEAFNDuAsEAAEAAAAEAFND8wMEAGAAAAAFAGFidmVyBAAxMDA3CwBjb3VudHJ5Y29kZQIAT00DAGlzcAcAT29yZWRvbwIAb3MHAGFuZHJvaWQHAHNka3R5cGUEAG5lcnYLAHZlcnNpb25jb2RlBAA0ODIz"} @@ -8,7 +8,7 @@ 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1641232761626007,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1641232767278395,"pkt":"AAAAAAAAAAcAi3YBCABFAAF\/+xdAAD4Ga63AqAABCgoKAVHzBaXWD4HVGS\/6IFAYBVm3VgAAb2RlBAAAABQAcXVpY19kb3dubG9hZF9wYXJhbTEAAAAAEgBxdWljX3VwbG9hZF9wYXJhbTIAAAAAFABxdWljX2Rvd25sb2FkX3BhcmFtMgAAAAAJAGV3bWFfc2xvdwMAAAASAHF1aWNfdXBsb2FkX3BhcmFtMQAAAAAOAGxpbWl0X3Jlc2xldmVsAQAAABEAc19waWNrX2xldmVsX21vZGUNAAAAEgBxdWljX3VwbG9hZF9wYXJhbTACAAAACgBzcGVlZF9tb2RlBAAAAAkAZXdtYV9mYXN0CQAAABgAcXVpY19kb3dubG9hZF9wYXJhbXNfbnVtAwAAAAgAcGxheV9vd24DAAAAFgBwaWNrX2xldmVsX2luZGVwZW5kZW50AAAAAAcAYndlX2RlZgEAAAAUAHF1aWNfZG93bmxvYWRfcGFyYW0wAgAAAP\/\/\/\/8BAAAAgAAAAA=="} 00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1641232767465459} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":30,"packets-processed":30,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1641232767465459} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910531 bytes -~~ total memory freed........: 6910531 bytes -~~ total allocations/frees...: 114168/114168 +~~ total memory allocated....: 7488127 bytes +~~ total memory freed........: 7488127 bytes +~~ total allocations/frees...: 125899/125899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 560 chars ~~ json message max len.......: 2419 chars diff --git a/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out index e39f19be2..746ccfbc3 100644 --- a/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/default/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,5 +1,5 @@ -00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} +00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298253624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253624,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADypskAAQAaTB38AAAF\/AAABrYgEOPrjCTkAAAAAoAL\/1\/4wAAACBP\/XBAIICoJ3H6YAAAAAAQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253646,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253646,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDitiFpVj4z64wk6oBL\/y\/4wAAACBP\/XBAIICoJ3H6aCdx+mAQMDBw=="} @@ -26,16 +26,16 @@ 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298310198,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725100298313607,"pkt":"AAAAAQAGILAB4IZiAACG3WABZDcAKAZ6KgAUUEACBBYAAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7EW0+tTyNwXJRugEv\/\/C5sAAAIEBMQEAggK3tRe\/1MCDNcBAwMI"} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725100298313659,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725100298313659,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAKi4kAIAZAIAELBwo9wRKGKIiqiwCRPCoAFFBAAgQWAAAAAAAAIA6xFgG73BclG9PrU8mAEAH\/xAQAAAEBCApTAgza3tRe\/w=="} 01292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":605,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":605,"pkt_l4_len":549,"thread_ts_usec":1725100298313913,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAKi4kCJQZAIAELBwo9wRKGKIiqiwCRPCoAFFBAAgQWAAAAAAAAIA6xFgG73BclG9PrU8mAGAH\/xgkAAAEBCApTAgzb3tRe\/xYDAQIAAQAB\/AMD0QQOGD1r51FKjEPNQJN1h62HWSTHs5bRNmVY2hJonmEgbnxnUOUBRf5MJC1ai8S6VAQph1UkRLBIC2FW5HjjmfEAPhMCEwMTAcAswDAAn8ypzKjMqsArwC8AnsAkwCgAa8AjwCcAZ8AKwBQAOcAJwBMAMwCdAJwAPQA8ADUALwD\/AQABdQAAABQAEgAAD3d3dy55b3V0dWJlLmNvbQALAAQDAAECAAoAFgAUAB0AFwAeABkAGAEAAQEBAgEDAQQzdAAAABAADgAMAmgyCGh0dHAvMS4xABYAAAAXAAAAMQAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAgArAAUEAwQDAwAtAAIBAQAzACYAJAAdACAlt12GL08sPkwJuetHKa9LUAZJmFh0wmqKvWTBdy8bGwAVAK4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298313913,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298313913,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298317482,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725100298317482,"pkt":"AAAAAQAGILAB4IZiAACG3WABZDcAIAZ6KgAUUEACBBYAAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7EW0+tTydwXJyCAEAEFNmcAAAEBCAre1F8CUwIM2w=="} -01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298341941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1725100298341941,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298341941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1725100298341941,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432355,"flow_dst_last_pkt_time":1725100298432652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4876,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":22039,"midstream":0,"thread_ts_usec":1725100298432652,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7890.7,"max":49565,"stddev":13540.2,"var":183336016.0,"ent":3.3,"data": [3409,3461,254,3875,24459,28067,229,0,209,14,2973,7544,5275,6462,46393,49565,1,0,8985,52,29,430,0,0,0,285,43,26100,26117,380,0]},"pktlen": {"min":72,"avg":786.9,"max":4948,"stddev":1186.2,"var":1407143.5,"ent":3.9,"data": [80,80,72,589,72,1280,72,4904,631,72,72,345,720,103,103,72,1280,293,1280,72,72,72,1280,1280,1280,4948,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,1,0,0,1,0,1,1],"entropies": [4.755182266,5.261822701,5.153629780,4.806141853,5.165501118,7.786862373,5.164113998,7.965732574,7.625080109,5.164113998,5.164113998,7.146784306,7.713749886,5.760443687,5.767366886,5.125851631,7.825596809,7.149698257,7.853908539,5.153629303,5.153629303,5.153629303,7.834226608,7.855994701,7.841277122,7.962058067,5.125851631,5.153629780,7.850774765,5.153629303,7.848540783,7.840482712]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01018{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298407018,"flow_dst_last_pkt_time":1725100298407002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":9887,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18427,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432922,"flow_dst_last_pkt_time":1725100298432653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":31703,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7074469 bytes -~~ total memory freed........: 7074469 bytes -~~ total allocations/frees...: 114293/114293 +~~ total memory allocated....: 7652065 bytes +~~ total memory freed........: 7652065 bytes +~~ total allocations/frees...: 126024/126024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 2208 chars diff --git a/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out index b7b3836ff..310a69a90 100644 --- a/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/default/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999181087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181087,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzyHEAAQAZKnX8AAAF\/AAAB7O4EOOE3LPkAAAAAoAL\/1\/4wAAACBP\/XBAIICrEoZggAAAAAAQMDBw=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181104,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181104,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDjs7jONTa3hNyz6oBL\/y\/4wAAACBP\/XBAIICrEoZgixKGYIAQMDBw=="} @@ -50,17 +50,17 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999229171,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999229192,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKjRM5Wxk\/rFM6UoBL\/y\/4wAAACBP\/XBAIICrEoZjixKGY4AQMDBw=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1725367999229206,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999229206,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADTxD0AAQAZLsn8AAAF\/AAABo0QE0usUzpTOVsZQgBACAP4oAAABAQgKsShmOLEoZjg="} 00945{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":346,"pkt_l4_len":310,"thread_ts_usec":1725367999254153,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAUrxEEAAQAZKm38AAAF\/AAABo0QE0usUzpTOVsZQgBgCAP8+AAABAQgKsShmUbEoZjgWAwEBEQEAAQ0DAyFGnh8Cu2Rm520uiVKrZ3Z0nhuQpd8QGiRhwieK6Fq7IGWx9syJCANsbwb1\/6RMETFXEH9DLz1n5y+wNDEptuuPACbAK8AvwCzAMMypzKjACcATwArAFACcAJ0ALwA1wBIAChMBEwITAwEAAJ4AAAANAAsAAAh0ZXN0LmxhbgAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAFwAAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAUEAwQDAwAzACYAJAAdACCdNqsfelyxagOYCAVYwvh5JHJ9cB\/kxfOyzmGD42qyLA=="} -01371{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999254153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999254153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999254186,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999254186,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADT8A0AAQAZAvn8AAAF\/AAABBNKjRM5WxlDrFM+qgBAB\/v4oAAABAQgKsShmUbEoZlE="} -01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999255053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1126,"midstream":0,"thread_ts_usec":1725367999255053,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999255053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1126,"midstream":0,"thread_ts_usec":1725367999255053,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999286453,"flow_dst_last_pkt_time":1725367999286453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999286453,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999286453,"flow_dst_last_pkt_time":1725367999286453,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999286453,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADyj8EAAQAaQ48CoAbeO+rSO5WoBuxNFvnkAAAAAoAL68AYXAAACBAW0BAIICvUADzYAAAAAAQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999286453,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999289133,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegb6U476tI7AqAG3AbvlauLwuUUTRb56oBL\/\/2yMAAACBAWEBAIICjS\/R5j1AA82AQMDCA=="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1725367999289173,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999289173,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADSj8UAAQAaQ6sCoAbeO+rSO5WoBuxNFvnri8LlGgBAB9gYPAAABAQgK9QAPODS\/R5g="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725367999289505,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjmj8kAAQAaO5MCoAbeO+rSO5WoBuxNFvnri8LlGgBgB9ggUAAABAQgK9QAPOTS\/R5gWAwECAAEAAfwDA4eghpH2KHwMz8AziuY+gtGDs4emEbDYMr6OK+pG\/9UPIOlVNmZrGlj4sxUBofwqgMFT84dd6Al6OXnI6uFNzHqnAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAgD6DiLfdb+oxcXsrCDCUXGsf+oAEllX5Rv3fccTFrE34AFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999289505,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999289505,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999291862,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999291862,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADSCqgAAega3sY76tI7AqAG3AbvlauLwuUYTRcB\/gBABBZgZAAABAQgKNL9Hm\/UADzk="} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999309030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1725367999309030,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999309030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1725367999309030,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999398999,"flow_dst_last_pkt_time":1725367999398966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":12908,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":7260.0,"max":70369,"stddev":15439.7,"var":238384560.0,"ent":3.0,"data": [2680,2720,332,2729,17168,19575,50,34,34,27,27,25,25,22,8415,468,11244,2981,2278,5685,46101,70369,31667,78,33,33,33,33,80,80,33]},"pktlen": {"min":52,"avg":481.5,"max":1452,"stddev":599.8,"var":359742.8,"ent":3.9,"data": [60,60,52,569,52,1452,52,1452,52,1452,52,1452,52,1053,52,132,245,700,83,83,52,52,1452,52,80,52,1452,52,1452,52,1452,52]},"bins": {"c_to_s": [14,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.560013294,5.154205322,4.948144436,4.755980968,4.948144436,7.827642918,4.832759857,7.843367100,4.871221066,7.869987488,4.818243027,7.874095440,4.832759380,7.816403389,4.818242550,6.232886791,6.951427460,7.683448792,5.618761063,5.537375927,4.909682751,4.909683228,7.868943691,4.909682751,5.617374897,4.909682751,7.869823933,4.909682751,7.884392262,4.909682751,7.861354828,4.830034733]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":369,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":369,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999398999,"flow_dst_last_pkt_time":1725367999398966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":12908,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} @@ -72,7 +72,7 @@ 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999228105,"flow_src_last_pkt_time":1725367999228105,"flow_dst_last_pkt_time":1725367999228906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":38613,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227989,"flow_src_last_pkt_time":1725367999227989,"flow_dst_last_pkt_time":1725367999228682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":39434,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999367164,"flow_dst_last_pkt_time":1725367999322863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7292,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} +00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7068855 bytes -~~ total memory freed........: 7068855 bytes -~~ total allocations/frees...: 114369/114369 +~~ total memory allocated....: 7646472 bytes +~~ total memory freed........: 7646472 bytes +~~ total allocations/frees...: 126101/126101 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2169 chars diff --git a/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out index 6a5285670..d5050c3fe 100644 --- a/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/default/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050807636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807636,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwowkAAQAYT+H8AAAF\/AAABnMgEOHy9vSYAAAAAoAL68P4wAAACBAW0BAIICoRbnDUAAAAAAQMDBw=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807653,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDicyAJPxIx8vb0noBL+iP4wAAACBAW0BAIICoRbnDWEW5w1AQMDBw=="} @@ -50,17 +50,17 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050816926,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050816944,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNLiEjFAczCFrjZxoBL+iP4wAAACBAW0BAIICoRbnD6EW5w+AQMDBw=="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050816958,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050816958,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQSuEAAQAYqCn8AAAF\/AAAB4hIE0oWuNnExQHMxgBAB9v4oAAABAQgKhFucPoRbnD4="} 00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":346,"pkt_l4_len":310,"thread_ts_usec":1725132050847484,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAUoSuUAAQAYo838AAAF\/AAAB4hIE0oWuNnExQHMxgBgB9v8+AAABAQgKhFucXIRbnD4WAwEBEQEAAQ0DA30EqsQ+BgaZ\/NZ2sl5LiKqVzr2U1xOlxN3yXjWxHQZ9IDZNzzYemQ9l55Gei+lOem3cnZHqk5apYKdjmjaVAs8mACbAK8AvwCzAMMypzKjACcATwArAFACcAJ0ALwA1wBIAChMBEwITAwEAAJ4AAAANAAsAAAh0ZXN0LmxhbgAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAFwAAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAUEAwQDAwAzACYAJAAdACALRGEIG9aswGxEJ3DWHRdQjm36OhPnUR7s3CJMIcmqPQ=="} -01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050847484,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050847484,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050847514,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050847514,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQmGUAAQAYWqX8AAAF\/AAABBNLiEjFAczGFrjeHgBAB+\/4oAAABAQgKhFucXIRbnFw="} -01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050848915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1120,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1120,"midstream":0,"thread_ts_usec":1725132050848915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050848915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1120,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1120,"midstream":0,"thread_ts_usec":1725132050848915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050873451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050873451,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050873451,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050873451,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADxo9EAAQAZqn8CoAbfYOsyO5PQBu7ZCkCEAAAAAoAL68GdXAAACBAW0BAIICjq0ShsAAAAAAQMDBw=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050876326,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegaZE9g6zI7AqAG3Abvk9JZ2W362QpAioBL\/\/3dxAAACBAWEBAIICjYtj346tEobAQMDCA=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050876380,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050876380,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADRo9UAAQAZqpsCoAbfYOsyO5PQBu7ZCkCKWdlt\/gBAB9mdPAAABAQgKOrRKHjYtj34="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725132050876814,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjlo9kAAQAZooMCoAbfYOsyO5PQBu7ZCkCKWdlt\/gBgB9mlUAAABAQgKOrRKHzYtj34WAwECAAEAAfwDA55vVzXI3mQH9e+wyvy5I6cXpuQRP5nZ6hYxg\/mFdw9\/IF4ht1IC8no54a26Y6+rkaHkm29\/NMcYzHfS4NjAh1BbAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAghYsBTkOlEYIUsZIxHX6uxj6aE6rZEFOhADLyFofqEmYAFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050876814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050876814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050879524,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050879524,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADRY\/wAAegaAHNg6zI7AqAG3Abvk9JZ2W3+2QpIngBABBaL9AAABAQgKNi2PgTq0Sh8="} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050895591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725132050895591,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050895591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725132050895591,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":11,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050944716,"flow_dst_last_pkt_time":1725132050904186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2544,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7291,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050816780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} @@ -71,7 +71,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050978467,"flow_dst_last_pkt_time":1725132050978462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1405,"flow_dst_tot_l4_payload_len":10691,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} -00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -80,10 +80,10 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7141001 bytes -~~ total memory freed........: 7141001 bytes -~~ total allocations/frees...: 114372/114372 +~~ total memory allocated....: 7718618 bytes +~~ total memory freed........: 7718618 bytes +~~ total allocations/frees...: 126104/126104 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars -~~ json message max len.......: 1420 chars -~~ json message avg len.......: 994 chars +~~ json message max len.......: 1379 chars +~~ json message avg len.......: 974 chars diff --git a/test/results/default/tls_heur__vmess-tcp.pcapng.out b/test/results/default/tls_heur__vmess-tcp.pcapng.out index c7507e930..44f5c2d1a 100644 --- a/test/results/default/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/default/tls_heur__vmess-tcp.pcapng.out @@ -1,5 +1,5 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604542518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542518,"pkt":"AAADBAAGAAAAAAAAClUIAEUAADwueUAAQAYOQX8AAAF\/AAABkWIEOC0ia0MAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hcAAAAAAQMDBw=="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542542,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDiRYncsq\/stImtEoBL\/y\/4wAAACBP\/XBAIICoL13heC9d4XAQMDBw=="} @@ -27,15 +27,15 @@ 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725108606672884,"flow_dst_last_pkt_time":1725108604629032,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108606672884,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAO6GIAKAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2QAAAACgAv8oyAcAAAIEBYwEAggKdV2ESAAAAAABAwMH"} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725108606672884,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108606682534,"pkt":"AAAAAQAGILAB4IZiAACG3WgIzOgAKAZ6KgAUUEAGCA0AAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7yuGkObbhI3xtqgEv\/\/GcUAAAIEBMQEAggKzLRTuXVdhEgBAwMI"} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725108606682587,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725108606682587,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAO6GIAIAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2hpDm2+AEAH\/x\/8AAAEBCAp1XYRRzLRTuQ=="} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108606682993,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606707789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1725108606707789,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108606682993,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606707789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1725108606707789,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02216{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606811390,"flow_dst_last_pkt_time":1725108606811354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":17178,"midstream":0,"thread_ts_usec":1725108606811390,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":140796.1,"max":2053502,"stddev":429032.8,"var":184069177344.0,"ent":1.9,"data": [1019825,1024027,2053502,9703,406,10463,14792,0,24842,18,170,0,116,29,3354,490,13422,1,9609,1757,11412,77711,1,0,87369,366,324,304,298,178,191]},"pktlen": {"min":72,"avg":635.5,"max":2488,"stddev":846.4,"var":716345.8,"ent":3.9,"data": [80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72]},"bins": {"c_to_s": [13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,5]},"directions": [0,0,0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,1,1,0,1,0,1,0,1,0],"entropies": [4.850302696,4.800302982,4.850302696,5.367949963,5.219669819,4.818557739,5.209185123,7.915221691,7.834231853,5.219669819,5.247447491,7.848894119,7.900642872,5.219669819,5.219669819,6.392518997,6.617354393,7.706577778,5.915785313,6.435108185,5.884278774,5.236962795,7.850246906,7.152086258,7.852072716,5.247447491,7.906479836,5.247447491,7.917565346,5.247447491,7.928373814,5.247447491]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108606812524,"flow_dst_last_pkt_time":1725108606812503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":7115,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18442,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01012{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606831814,"flow_dst_last_pkt_time":1725108606831771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":20846,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7028012 bytes -~~ total memory freed........: 7028012 bytes -~~ total allocations/frees...: 114292/114292 +~~ total memory allocated....: 7605608 bytes +~~ total memory freed........: 7605608 bytes +~~ total allocations/frees...: 126023/126023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2221 chars diff --git a/test/results/default/tls_heur__vmess-websocket.pcapng.out b/test/results/default/tls_heur__vmess-websocket.pcapng.out index a9ad0c765..985df5ceb 100644 --- a/test/results/default/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/default/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ -00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} +00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711295335,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295335,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSqkAAQAYqEH8AAAF\/AAABrfQEOJ96Es4AAAAAoAL\/1\/4wAAACBP\/XBAIICtChiqgAAAAAAQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295427,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDit9LL9yaKfehLPoBL\/y\/4wAAACBP\/XBAIICtChiqjQoYqoAQMDBw=="} @@ -19,23 +19,23 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711300968,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711300981,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKDprSj9ZbQuMp5oBL\/y\/4wAAACBP\/XBAIICtChiq3QoYqtAQMDBw=="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711300988,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711300988,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADTadkAAQAZiS38AAAF\/AAABg6YE0tC4ynm0o\/WXgBACAP4oAAABAQgK0KGKrdChiq0="} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":253,"pkt_l4_len":217,"thread_ts_usec":1725278711301309,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAO3ad0AAQAZhkX8AAAF\/AAABg6YE0tC4ynm0o\/WXgBgCAP7hAAABAQgK0KGKrtChiq1HRVQgLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xOjEyMzQNClVzZXItQWdlbnQ6IEdvLWh0dHAtY2xpZW50LzEuMQ0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1LZXk6IGtaWkl3RHJuSG1XWXhqaDdhL3ZsOHc9PQ0KU2VjLVdlYlNvY2tldC1WZXJzaW9uOiAxMw0KVXBncmFkZTogd2Vic29ja2V0DQoNCg=="} -01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711301309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1:1234\/","code":0,"content_type":"","user_agent":"Go-http-client\/1.1"}}} +01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711301309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1:1234\/","code":0,"content_type":"","user_agent":"Go-http-client\/1.1"}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711301316,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711301316,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQh2kAAQAYa6H8AAAF\/AAABBNKDprSj9ZfQuMsygBAB\/\/4oAAABAQgK0KGKrtChiq4="} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711354999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711354999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711354999,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711354999,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADxpTUAAQAbLhsCoAbeO+rSOyL4Bu\/iOndoAAAAAoAL68AYXAAACBAW0BAIICn93k8EAAAAAAQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711357820,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegb6U476tI7AqAG3AbvIvhyjoLD4jp3boBL\/\/639AAACBAWEBAIICidEO4R\/d5PBAQMDCA=="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711357866,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711357866,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADRpTkAAQAbLjcCoAbeO+rSOyL4Bu\/iOndsco6CxgBAB9gYPAAABAQgKf3eTxCdEO4Q="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725278711358145,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjlpT0AAQAbJh8CoAbeO+rSOyL4Bu\/iOndsco6CxgBgB9ggUAAABAQgKf3eTxCdEO4QWAwECAAEAAfwDA46xyPKufA0h2C\/na1nFm9C+KMncQt0f3tSOiZ28qNdGIL9APvSF8v4p3TWMCqfXvgibYWFwkYj2wAKYq4tRTOVrAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAgCUnwEnwXeX81FYV10UkXFjD\/yp2qEOm4vSM6NHBI6TUAFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711358145,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711358145,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711360754,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711360754,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADSPwQAAegaqmo76tI7AqAG3AbvIvhyjoLH4jp\/ggBABBdmKAAABAQgKJ0Q7h393k8Q="} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711376987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725278711376987,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -02432{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469124,"flow_dst_last_pkt_time":1725278711469141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":18274,"midstream":0,"thread_ts_usec":1725278711469141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":10849.3,"max":81912,"stddev":22504.7,"var":506460032.0,"ent":2.8,"data": [13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23]},"pktlen": {"min":52,"avg":665.1,"max":2104,"stddev":842.7,"var":710078.0,"ent":3.9,"data": [60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531]},"bins": {"c_to_s": [13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711376987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725278711376987,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469124,"flow_dst_last_pkt_time":1725278711469141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":18274,"midstream":0,"thread_ts_usec":1725278711469141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":10849.3,"max":81912,"stddev":22504.7,"var":506460032.0,"ent":2.8,"data": [13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23]},"pktlen": {"min":52,"avg":665.1,"max":2104,"stddev":842.7,"var":710078.0,"ent":3.9,"data": [60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531]},"bins": {"c_to_s": [13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} 02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469489,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711469627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11240.2,"max":82049,"stddev":21975.3,"var":482912224.0,"ent":3.1,"data": [92,113,78,106,382,425,4533,4672,44031,9418,77646,24339,284,267,4160,279,19,13,40,4612,3350,3674,624,41294,82049,41160,126,151,203,160,146]},"pktlen": {"min":52,"avg":653.0,"max":3984,"stddev":1237.6,"var":1531706.8,"ent":3.3,"data": [60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901]},"bins": {"c_to_s": [13,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.747500420,4.638530731,4.549884796,4.638531208,4.628801823,4.600069046,4.733144760,4.497382641,4.600069046,4.669951916,7.947538853,4.676992416,7.920604706,4.600069046,6.167953491,5.851360321,5.834712982,5.660713673,6.112284660,4.676992416,7.680773735,5.506919861,5.521921158,4.676992416,7.956730843,4.561607838,7.954389572,4.561607361,7.916389942,4.561607838,7.802294254]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01267{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469193,"flow_dst_last_pkt_time":1725278711469186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":19186,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} +01281{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469193,"flow_dst_last_pkt_time":1725278711469186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":19186,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469639,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":17,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711492259,"flow_dst_last_pkt_time":1725278711492259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":21168,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,10 +44,10 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7101754 bytes -~~ total memory freed........: 7101754 bytes -~~ total allocations/frees...: 114295/114295 +~~ total memory allocated....: 7679385 bytes +~~ total memory freed........: 7679385 bytes +~~ total allocations/frees...: 126028/126028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars -~~ json message max len.......: 2437 chars -~~ json message avg len.......: 1499 chars +~~ json message max len.......: 2451 chars +~~ json message avg len.......: 1506 chars diff --git a/test/results/default/tls_invalid_reads.pcap.out b/test/results/default/tls_invalid_reads.pcap.out index d6dc568dd..6d2567157 100644 --- a/test/results/default/tls_invalid_reads.pcap.out +++ b/test/results/default/tls_invalid_reads.pcap.out @@ -1,18 +1,18 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1252380859868541} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1252380859868541} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859868541,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859868541,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859884558,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1252380859884593,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1252380859884593,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_usec":1252380859885010,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"} -01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859885010,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859885010,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859903858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1252380859903858,"pkt":"ABy\/OaVxABTRQblQCABFIAAoZLsAADcGSFXOIT1xwKgKZQG7D3++yAIwc1S12FAQAC7dpgAAAAAAAAAA"} -01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859904145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":851,"midstream":0,"thread_ts_usec":1252380859904145,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","ja4":"","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1421985541772794} +01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859904145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":851,"midstream":0,"thread_ts_usec":1252380859904145,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"53611273a714cb4789c8222932efd5a7","ja4":"","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1421985541772794} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1421985541772794,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} -01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859943054,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1544035479538596} +01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859943054,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1544035479538596} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479538596,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479538596} 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479721867,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479721867} @@ -21,7 +21,7 @@ 00743{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} 01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1544035479768404} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1544035479768404} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/9 ~~ skipped flows.............: 0 @@ -30,10 +30,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916429 bytes -~~ total memory freed........: 6916429 bytes -~~ total allocations/frees...: 114162/114162 +~~ total memory allocated....: 7494057 bytes +~~ total memory freed........: 7494057 bytes +~~ total allocations/frees...: 125894/125894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 311 chars -~~ json message max len.......: 1254 chars -~~ json message avg len.......: 782 chars +~~ json message max len.......: 1348 chars +~~ json message avg len.......: 829 chars diff --git a/test/results/default/tls_long_cert.pcap.out b/test/results/default/tls_long_cert.pcap.out index 31eecc20e..1d80371f9 100644 --- a/test/results/default/tls_long_cert.pcap.out +++ b/test/results/default/tls_long_cert.pcap.out @@ -1,17 +1,17 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1553619078033240} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1553619078033240} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078033240,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1553619078033240,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1553619078058439,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1553619078058524,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1553619078058524,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1553619078058827,"pkt":"BBjWMe9aeDHBvV4kCABFAAI5AABAAEAGNczAqAJ+aG\/XXesOAbssL+yCMZpGX4AYCAq5aAAAAQEICiSv2Y7Qt2rgFgMBAgABAAH8AwNIXs7ENgjZTiNTE9f7O6LZiEI6uIc1pNyGFGqcdf\/LQyBdW5a1Bj3nkJn1H8mNAZlpujswEx54IJ8raTCHYls3FgAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZGKigAAAAAAFgAUAAARd3d3LnJlcHViYmxpY2EuaXQAFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApSkoAAQAAHQAgHx3Qgw74Ok9EJ4ixjMksToTJ1f0PfjMmJ83bCaqtyGQALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078058827,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078058827,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078088544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1553619078088544,"pkt":"eDHBvV4kBBjWMe9aCABFAAA0ITlAADYGIJhob9ddwKgCfgG76w4xmkZfLC\/uh4AQAOu5bwAAAQEICtC3av8kr9mO"} -01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078091883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1553619078091883,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02821{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078093048,"flow_dst_last_pkt_time":1553619078093749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1553619078093749,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1","blocks":0}}} +01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078058827,"flow_dst_last_pkt_time":1553619078091883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1553619078091883,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +02780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078093048,"flow_dst_last_pkt_time":1553619078093749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1553619078093749,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","domainame":"www.repubblica.it","tls": {"version":"TLSv1.2","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1","blocks":0}}} 02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078157096,"flow_dst_last_pkt_time":1553619078157742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1610,"flow_dst_tot_l4_payload_len":13760,"midstream":0,"thread_ts_usec":1553619078157742,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8011.5,"max":34221,"stddev":11402.3,"var":130012760.0,"ent":3.6,"data": [25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1]},"pktlen": {"min":52,"avg":532.9,"max":1500,"stddev":584.9,"var":342142.3,"ent":4.1,"data": [64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1],"entropies": [4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":96,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619149347313,"flow_dst_last_pkt_time":1553619149372363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":102711,"midstream":0,"thread_ts_usec":1553619149372363,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":182,"packets-processed":182,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1553619149372363} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":182,"packets-processed":182,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1553619149372363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 182/182 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6973171 bytes -~~ total memory freed........: 6973171 bytes -~~ total allocations/frees...: 114387/114387 +~~ total memory allocated....: 7550767 bytes +~~ total memory freed........: 7550767 bytes +~~ total allocations/frees...: 126118/126118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars -~~ json message max len.......: 2826 chars -~~ json message avg len.......: 1640 chars +~~ json message max len.......: 2785 chars +~~ json message avg len.......: 1620 chars diff --git a/test/results/default/tls_malicious_sha1.pcapng.out b/test/results/default/tls_malicious_sha1.pcapng.out index c3f51d709..cf14a7d27 100644 --- a/test/results/default/tls_malicious_sha1.pcapng.out +++ b/test/results/default/tls_malicious_sha1.pcapng.out @@ -1,16 +1,16 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702228308364885} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1702228308364885} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702228308364885,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308364885,"pkt":"ILAB4IZiNObXAhsnht1gBp8UACgGQCABCwcKPcESlyb2Q6g4sMQqABRQQAIEFAAAAAAAACATnWYBu84tckQAAAAAoAL\/KH9nAAACBAWMBAIICukUG0AAAAAAAQMDBw=="} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308367897,"pkt":"NObXAhsnILAB4IZiht1gDMV9ACgGeioAFFBAAgQUAAAAAAAAIBMgAQsHCj3BEpcm9kOoOLDEAbudZrVQLe3OLXJFoBL\/\/4e2AAACBATEBAIICnEgCajpFBtAAQMDCA=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1702228308367916,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1702228308367916,"pkt":"ILAB4IZiNObXAhsnht1gBp8UACAGQCABCwcKPcESlyb2Q6g4sMQqABRQQAIEFAAAAAAAACATnWYBu84tckW1UC3ugBAB\/39fAAABAQgK6RQbQ3EgCag="} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":316,"pkt_l4_len":262,"thread_ts_usec":1702228308374788,"pkt":"ILAB4IZiNObXAhsnht1gBp8UAQYGQCABCwcKPcESlyb2Q6g4sMQqABRQQAIEFAAAAAAAACATnWYBu84tckW1UC3ugBgB\/4BFAAABAQgK6RQbSnEgCagWAwEA4QEAAN0DAy03kR4Lu0iaEKHGYh0C5H6XquFn6nN7v3Lt\/Ep7d6IDAAA4wCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAB8AAAAFAASAAAPd3d3LnByYnRlc3QuZGV2AAsABAMAAQIACgAMAAoAHQAXAB4AGQAYM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAg=="} -01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702228308374788,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3":"00bcd759cb8ad485fdbf1e7a0c5b94b4","ja3s":"","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702228308374788,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308378123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1702228308378123,"pkt":"NObXAhsnILAB4IZiht1gDMV9ACAGeioAFFBAAgQUAAAAAAAAIBMgAQsHCj3BEpcm9kOoOLDEAbudZrVQLe7OLXMrgBABBbOVAAABAQgKcSAJsekUG0o="} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308398326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1702228308398326,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3":"00bcd759cb8ad485fdbf1e7a0c5b94b4","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01539{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308398348,"flow_dst_last_pkt_time":1702228308398561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":4628,"midstream":0,"thread_ts_usec":1702228308398561,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","server_names":"www.prbtest.dev","ja3":"00bcd759cb8ad485fdbf1e7a0c5b94b4","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1D4","subjectDN":"CN=www.prbtest.dev","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:DB:34:F8:75:63:2C:7E:1E:C0:9D:75:82:7F:82:D2:33:6D:FE:B6","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308398326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1702228308398326,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01498{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308398348,"flow_dst_last_pkt_time":1702228308398561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":4628,"midstream":0,"thread_ts_usec":1702228308398561,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","domainame":"www.prbtest.dev","tls": {"version":"TLSv1.2","server_names":"www.prbtest.dev","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_dd0a478c1db3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1D4","subjectDN":"CN=www.prbtest.dev","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:DB:34:F8:75:63:2C:7E:1E:C0:9D:75:82:7F:82:D2:33:6D:FE:B6","blocks":0}}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308484038,"flow_dst_last_pkt_time":1702228308437375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":4762,"midstream":0,"thread_ts_usec":1702228308484038,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1702228308484038} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1702228308484038} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919411 bytes -~~ total memory freed........: 6919411 bytes -~~ total allocations/frees...: 114169/114169 +~~ total memory allocated....: 7497007 bytes +~~ total memory freed........: 7497007 bytes +~~ total allocations/frees...: 125900/125900 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars -~~ json message max len.......: 1544 chars -~~ json message avg len.......: 1046 chars +~~ json message max len.......: 1503 chars +~~ json message avg len.......: 1026 chars diff --git a/test/results/default/tls_missing_ch_frag.pcap.out b/test/results/default/tls_missing_ch_frag.pcap.out index ed412d679..caf439de0 100644 --- a/test/results/default/tls_missing_ch_frag.pcap.out +++ b/test/results/default/tls_missing_ch_frag.pcap.out @@ -1,14 +1,14 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626252471399786} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626252471399786} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626252471399786,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626252471399786,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAA8hHQAAH0G5JMKCgoBwKgAAQG7gScvWJhthsBAKqAS\/\/9QwwAAAgQFtAQCCApDaqR2wYhnewEDAwg="} 01943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1090,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1090,"pkt_l4_len":1056,"thread_ts_usec":1626252471549953,"pkt":"WPmHGpl1ZIeIEyz\/CABFAAQ0\/b1AADMGcVLAqAABCgoKAYEnAbuGwEAqL1iYboAYAKxR2gAAAQEICsGIaBBDaqR2FgMBBdwBAAXYAwNEa2hVTZJgASBSwfkI66LYxvlq75ZhdUSD3hgV+1QPOSD\/YaaV0OXvSK6c4cW3cThct7voag1kyNOqp2BHGtTdrgAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAVviooAAAAAACwAKgAAJ3IxLS0tc24tNWY1bnhndmg1by1oanVsLmdvb2dsZXZpZGVvLmNvbQAXAAD\/AQABAAAKAAwACvr6QTgAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwTBBL\/6+gABAEE4BJJN2na6uqPHrTPCb\/ILC4h5b3iKIpiqhO312LpjPLgWI86KCmdcCFKYTA3q3tYncymKC7UeIblB55L9t0UFbXqgEn\/fqdxSz6ckZsrtMqwRqfX2cel2WxfY\/aCfW\/vDYB9cWgIbMVWFo2botYfIlYMs0+p+iPkUjoVrNGSCC2VFWOOl1kkUQlsLOGuuFrivum9yxjiZNtHxmAMLLE0umqwruzOY3v9MhI11X9Rs2e4pdwrusuWg+crjjLJLuNx2PDVhjGTRlSvKZIDkgs584qrnA4lK+6TMLkjjfdVqz8YlHU\/ukhF\/OkMR4STHU0TtP9j6fb5+IBTm4M3T7+aKBDgbO5Hlh5+C8KkuBZGMPCbCyyKyiMwmwYV6w4Z7FsEw4szZms4D1vNzCTtzmDX1iFlrRZ39HnHTOWGlFhOSpWxQ1alyFepq0amj5qrD5lEvsid4WL9YWPA6iEH+lS2HeVFxxX6+jjMoxiIobXnjSbihlEeJcjau9qW1HFM5Cf5OK6fgE+qsckMrRD+YBi7IR3FZyn50e4A3B8EUBjnUVb1WOvGXtljlHpAsp7E+9dpaG79UnFS1oz42rTBAf+hfswwdjp6OUNAy3mW\/mKgdG2DJUB1G6xGuCdDkvCiNAMuiSu0sn+24wJf35y13AA5Q3yi6BouVJ3zsl70B8HaknCCcr6p2NTZO9CpEW2h85dbOzpy6RvfWJDYrSXlz7xTgBc3xb9NFXoe92VswvO\/t9Y\/euwUjjOCHegKSVZeTWzbyQet6U0oOGhLjzN1lccJPGSSiHgjhQeZsHB4JeDMe8JqFXFLLBAU5aZJ7DOpRoMquil1EUV0AwlN2ufTfLnLEVoThaC8bUobosvXMg7TyMFtHlSBIAfIvnjqMWiuXTg416E50S3\/9\/mUZYnOfu30kw0DWTkH7rVL7FRcnryKmnk26KijDapfaBn3tczZ6CkMEklqww1oSSqMFwGKANYj9ia0u9A467OwvDTGpp9NQuw4Dpr2\/LPsZcQ=="} 02441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1626252471561439,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561439,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoAAAH0G3SMKCgoBwKgAAQG7gScvWJhuhsBGC4AQARTYnQAAAQEICkNqpRfBiGgQFgMDBOwCAAToAwNVX87iKZlxBq+WYRUIkFBF14EoT1kYKAvln22sCAVoqyD\/YaaV0OXvSK6c4cW3cThct7voag1kyNOqp2BHGtTdrhMCAASgADMElkE4BJLBQasIlOpbJOILLOmR5aQ1oInQ3vlNzO8zfgaHNrIaA6YGQq0l1Gjn1A5MUJzn8SI2epMblYyf7sr1o7dDE6KQSVxazYyPk\/ZWdzhYCiPUfoRRhjm\/\/Kde2Tj+aUCqcXdbIGcl9\/3IwXQZX\/1JAgbwDNcbBobweUKyoxRs0bCogx9My\/jCXqOM5ZVfFplV3ohEOPwxezU8aOfWbqKLEGB0\/yC6C82j4HCJTPNgBEVox6N+GaGPoOdSeHK0M5s6qaEDLlrAGOxH0JD2VTQPIg6YT7jddMd6bAv6J8DVEo7lkpU4BzLStzrMiGWpS26jukpPjdOyV9JOHcCcjLNloYqvNhaxI4XvHnuxkPMj1eHtGWln41fIRWtum\/qbPS2UOJY9CB\/tx1+nSEVRhq1mvFwVWgNhseSYLHUehP85M91HGhKcFHIU+Gfdvi9lc8Dy0Vcwwkd3NDJOASXUM+Au01H4\/wFl2L0BpqzFVpKPA2kqLp3Dr4o8OQOkrV9DRQdHqDybf1miCOwc39THmMPvTFYDr78ZFbeaT7Fi\/tydhHmhP\/EgIL0K+P++zGsBltb28UZaMro6vudFgT3D3l2E1KBeci16d6Y0YAfHeA5pQVBoFhefXVJrAys7EU\/PrPC6ZJlLdwJvvlml6GLNVOvGoauFXqdnOfFTQZ50aCvE7lPyNdpIDLf+imVqdE4sfGyeYn9PadgXqy5qL9Ia5GpP9ryDshK3NYTioSn1e9bj4c2SXiSXCBbqAYDqCl4P9B9zDjnDUGIl+DmKz5G9ke6WncxQGP6au30+bnll4Cv2AJAqan9Bsq4VU7y4wE1jGUCWEshzeBwHAUPaVM3eiGvj\/aCxmdSOkz79ub2VHEJekjYMYUiB+6X1mTmrpuQpUOiO\/88FvrRK+EXpmAqJ1gIgCBgPJ\/lNi8caMzVWPbrHkFLFC2EELcX0knqqdR+G1jVlxZLuuyeiMvSppBafdODZ170ar7egOWDjxf8IjNuyK8S0w0AbNtZrOG3BQRpSLowhHqdZSeOK4tj57fyqZ9sdvyDKoG\/9Y5TWzA5kVOKc7VLglXHvLmMghDGNRY\/A7c6tcRmlMT0dgDfej1B+Q8eQ0z2oFoVwZ\/gCcdPHTO4Yrl\/8myPwjIn5usnqHRUyfITt9zLeRwsFPPb3luUvzFRfStLMyBktefN9tQN+YA1500ctc9oOFsomaFnLnFRwLYsCotxzt3Gxsl\/MJVbDTgo8+gSwODH+q1BWXYnrAL2OilA0iU3LW08rymHW04OEqYxuH7JWZV+G4pUc19K6GB3nouejKG9uUI1xKAOG6g2X3JHV\/6yU8x+emq5DxfcfHY7ENdwpy5ja7bPWvqhSajOAXLI6FkLtlBo50Bplh50oRXPcpNzrjMM0SaLaLjgD03m9Krh5qcwSW15C9+V1X4KlWklT69D9SBRZJ\/vEP0Q5\/KSxGMr8kQuNlbYwI0X+ME038yq5ZCd0\/Z2ZNwhahH6z1IMrID2ItbSzWgdRoeXjC5nvRQS313QmM0Bs28O5MpT7zFLY8PZXUSbAzvM9rliWal0QtwwAKwACAwQUAwMAAQEXAwMS7fBu4wCRo9OoXAke+BK64j6n\/SQgfn\/SSWSuaIYl9qg\/CLMI3+qLAhQ0suF6cZ\/n+2R2IWzUwibwRoGoMkmpY6suIm334gOwMSeQdijn0vCbl87GHL3AIi0mxHnOlSgNDkFhfCpCW6vGiK2q7PmC1Pw="} -01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471561439,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1388,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1626252471561439,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.3","ja3":"","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","blocks":0}}} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471561439,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1388,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1626252471561439,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","blocks":0}}} 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1626252471561460,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561460,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoEAAH0G3SIKCgoBwKgAAQG7gScvWJ3ahsBGC4AQARQdlwAAAQEICkNqpRfBiGgQLjUyE6mzLz+vWovIaoDU7c1aSmNZ7ckkGpcjHq+Zs6kWfD0Do8FrM4cLVV8PUqsQI0Gn956PKHQW3yAdxqD9JQczlAn8Q3x9QAEJNGr6flpe6S5CaTqM6FoDp\/dLFlwLBTeiibV6ZJvrJtn5X9\/fewzJTdwBjRiQ9PuN69skL1uu7AWFSGSpHWPd3wTy7jq83fttcU15jnhv1jWjYbX0myHuvDb9jMe6+t4tjxxTHB7fn14x5ShHvXoHCPL3b9ekqDP9txy0NMOzkk1iGhLGy0TMLhDepafRYgXDNUQA0jq+FeMFM1mI9qRuolZcxYCl6magHjI6Yzk8NbBzxvlq2i\/l01oDXmOyETOneNxaDpMEA5ULsGYeHjbnoH6+WNaIwrChoggZmXW998QtH2VnhTbpB+a+vTVY347dyVc+wBODPa\/qj7KH3Igi0b9PKWOWrCUGUEz25BBGlbeFm5e2jQG2FBbXSf4sGvR\/7Em2tVplLwJdfED3AJRds7xxCFa1aE2FFjVkpRR3deYTSedcPAHD8Ot1pKHb+2OtoxaLpzEd2LvaWfH+APj9rXPwnppF+rxzzG+FbFSONBmzqeyJjdMUXkkDq8iSkg4SWVPPCj4UX8A69WGYd1LAnTyax6GQQy5D142NsvpAhAid2vKYgBgSl5KIgvEaWfqHzqOfVn7XxiT+luD3e5TsozVOb09kvcfIjgXRaRc7J8R4VWrtwQw3S0UmJgfJ7voaPb1bk8PjJyTvaOsyR4460u3IgpLvelLz4J7gDf0ouy\/+rWmbVihg6yzCS0nXHITykyGI1I1+GMpZRgBl5Kf5vC8qfgfEqfJ8E62nCkXp4iszrdKiXiGGejfE6CkCBduKfTFyV5t35wYVxGNJF3OIC6o+pVn+jgGZelAqlQcIyAmBD9pYpaKBGo2W\/a9XbKJuBNLxvghTm0KLJQjHmHYcT0r5wtryOVlb8d4ygj9G88V6orvZcTrzxu3uo53ZrzFCTQK1Tbma70xIH9gTOoxU4rfphwXW7DPcMYC2wVEPRxQZicL8pZxw8rEuNcNLP\/jcOxWreWsaMcExdlsgoIwQJjlqIeO2yw5MerYsKb+koSWLz32E9iubBIvzdnqCcj4yUD2+NSwphRb\/j8FJXJ6Yjli4wusIoQQKVEpY3WpyUbmUUOlXYgSirH6oFhCApF1KZ4ZjoISl7g7j\/QF\/\/eNL7F9EsM92sCop2padW0b\/CxdNSBHjgQT9rqU\/5Wrv4s194NQQA6XLN8E5BjUUbhwT8XZRFqaFTlUPVdEvjpMyPB2fX3HY0XlTfpBjHYjJ7N9ypazmAf3\/2SltbgI9AL2J+QyCGUmM7btpWTPvRIU77ZXPeHuwdVJ66YN4q3JH7DYkCupd5rzFWDNCpYcp+7hLBtJxBC7ixKVCwCb5A3JDWy3kFXKvmU+PufQMPBY64EwXmheRdAeMiDBoTyT5NB0rzH36BPawUCiBp6ngUgeVwF4wp5NYWCTxvSu1n9xn6dNScFch3F9270gfEVIyPT8PLMXJHqedWWabErPWAiqpWUVODVDKK8td5QsQxTuRDDeiXDHxFSbkqSbZwzXfJRW+XNgLCizmMLLRgyxq1mTlPgy11\/vV6sU\/uuh\/OQT2S3xjKJrV+BUAnbSb18NrNROH64cnLN+D\/DT5QPWo6DPRmKiRLvay1Q78D3C6kP4y+NAdpTYaJm8ae5zHb8sa0+1Fq7AFDmxBGSuNEUM7gY0yPQEtz2NCtO+iJ7nVT5lTYudViuJaeAPp4iUOCpzTa8y7pYq7Mw7IM+rqKtWFbBHy5RlgnUEqDvAjcF3j\/FYtWQlRS\/7c50Vh8UE2DTYqu7OeV7w="} 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1626252471561481,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561481,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoIAAH0G3SEKCgoBwKgAAQG7gScvWKNGhsBGC4AQARRbywAAAQEICkNqpRfBiGgQRaOfchYHfhkEuC+plydgQpXSK9I6ZkSYOkCsdCiCnDmK0WwRx57RrGKWw2KHjtIVlQ\/4zQUTZ5jfEvt97SYQbBDdcLHULbKkEbNedv3iYxXxjT+nCb4IXSchmmTSGQECdaqDj5h79oc4CjRX\/4cATKK\/qcxeRESDvN6tq3yxkZYFG8+N+Arf0e\/wdmZBZBZybFhkJwA\/1YpmFd320ieTDe92z9NUz1culXvp8lPlRhI3RMm\/xmjaed+arMpZO7rY+Q\/e3rg3FOXdr0T5xYxZnEHs2LSXEcqagca0DH5kvLPZ7UYRtU0SHlh2LFXa470iU8qQ+AIYwMcgNxkz9RLy8QUDp1NeYj6a7DuAONGUN6TjhdSeskZ51YNna8nHRAfWO\/mNpfS+fo7ECjkbzuxyraKe99lMQV9SDZQSRzHb9McaufyEQmf4owwlZ5ixKuhXkdZEsOJBs9rjtcIQ56qOizQeKcMkHVPYGK2r0GnHeE5VJcCycgsuOezT+QCvbrZLaPU5crNcY0vQ5LTY4UrKbLbJQiAI2W+HrDdtGMGfnXdDxWf2dNLWxoosntoLuYzhD0zo4\/89xh2MaQv8ukMhBYzyGHApxJK2zPP28UJk59XiR5t5cNI6wE1ypz+3zeT6VMImVsQKr8mX5UwbJV5NR1wGD9YJUZTKzP3mKVx4NYSn04DAkTg5GS8G6RwmfYpFfwy52S8UIekf8KlDMFGZY\/hsNIvYUzjlrg5eHINAovTJIoprQsDi2Zcb8itOX2ZlAx0U7VQjske86xyrNL29NGkEJGvaiSdOkC1fN\/0hC5xMVZdqWGs1ctl8immhsx\/5pvHB1w+TN4i5\/vIkBleKBuZR1yTfNVS7eKSVoFSOjabkOQSmnxPkGnedUoV5zGaqP2gSNB5XulklcOGO\/6dgcaY7lb1vaWcc2wk5nKOrUEhEkZDUD43AqlncBiSPTOEERBRHqSY79rkfpxoOtKjTAkJoq2Ln2Ne9eKQ+lgHk4Kkz8hSc\/G20klTxnYyyxuJcukthpO\/CGQJiVi9C1tgng0rG7jx8jRFW07oxmOa7ceSS6N\/asgsYbGLaItsqhe4b94MNOvL8INUmpNWpBrSe447hATYea4nYdlWcB17QV+yS3NrVygWvyUUSh+uO0U3cR9+yvO\/AP\/1lnnNllCAViXXp4NFqVL2r+R7nkQ25+zCvkBM\/OIed8bOoGQ6f70gTGCmk2W5mej\/dFwnjNrqC43Iv18QXnnBKqoyRosrvYj4PSraBWlHocnugHlhdlsCR7LikvWPQtGVjayQshq8l2Ez2JGK\/xOjNB28ZMqaOlWlhodgcZVXFvmABgrO6QGSsRcJ9OIpjO\/u0qn519WG6O2bkfZkMKq6GnDN\/eUUkQx6w2ESTIaKLjMwYBri89DYsubD9cmBW4cZVwnbUl4ECYN9pQbGDnoPvLHOOPbvTNVEtQuGH\/CbBqBzlwqwdtGEQHMRPb2c8UHaiESvtSCQeA\/NjnUZYIT5BJfO9rFiZoBXosTLyObfmZK1gLb4qd7fClq1zNt1vxijHgbjY3hncITIKuBNHa+HW0FK07V5bn6lqfG75pOsFo84vaWxlDkuQ4yF+svLcRACkRbeKse+1R63Y9mPfiCvBMUWZBxLBIX3lb8u3WScx0AmC99+EgId8\/QNZydqfBAiFrq5dMWyyfZgXuqhgEziEwhi926d1FttgIxGE1D34kr1iqzPxKFcIi55Zmeq6q8zEfMhrDhRVIRwO6P+QhYDuvXKAjfjWVnB66R\/zLie\/R4yV74PcgieI+Jd0B3DlvlUEEFOrmVJxi6RGdSpjig66uZCI+Ahxx0JlkB8j1V3DaaR1rXc="} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471614928,"flow_dst_last_pkt_time":1626252471774171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1957,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":6121,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1626252471774171,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1626252471774171} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1626252471774171} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919910 bytes -~~ total memory freed........: 6919910 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7497506 bytes +~~ total memory freed........: 7497506 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 2446 chars diff --git a/test/results/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/default/tls_multiple_synack_different_seq.pcapng.out index 43e0b5aa8..261c1eeaa 100644 --- a/test/results/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,16 +1,16 @@ -00640{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054241336766} +00640{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054241336766} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054241336766,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054241336766,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054243383123,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054243383123,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639054255176225,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054255176225,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76heqdkwFy+TVr4AS\/\/8PjAAAAgQFmAMDCAEEAgEB"} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054270239927,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76heoqQ0Ay+TVr4AS\/\/9QXgAAAgQFmAMDCAEEAgEB"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1639054270551210,"pkt":"AAAAAAAAAAEATp6rCABFAAItAABAAD8GZRfAqAABCgoKAeoXAbvL5NWvqKkNAVAYIAAOjQAAFgMBAgABAAH8AwPRpuiJzKi\/CAC9rIZI8bugSVncK9HzssrvnThR\/kPMNiCHaXgUnhifcS1Ra\/QTiS0f79cIbjnryt5pZhcz7wWBcgAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAAAADYANAAAMWJvbHQtcHJvZC1zMy1ldS13ZXN0LTEuczMuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIAXls2oN4bu+PcQ0RivslzO6RVx9Richvv37GLgQ8oFxAC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAgoKAAEAABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01375{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270551210,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01431{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712706,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712706,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -02128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.s3-eu-west-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76","blocks":0}}} +01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270239927,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270551210,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01390{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712706,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712706,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +02087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","domainame":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.s3-eu-west-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76","blocks":0}}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054270712778} +00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054270712778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927671 bytes -~~ total memory freed........: 6927671 bytes -~~ total allocations/frees...: 114170/114170 +~~ total memory allocated....: 7505267 bytes +~~ total memory freed........: 7505267 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars -~~ json message max len.......: 2133 chars -~~ json message avg len.......: 1303 chars +~~ json message max len.......: 2092 chars +~~ json message avg len.......: 1283 chars diff --git a/test/results/default/tls_port_80.pcapng.out b/test/results/default/tls_port_80.pcapng.out index 4fbe699c5..9e8b9754b 100644 --- a/test/results/default/tls_port_80.pcapng.out +++ b/test/results/default/tls_port_80.pcapng.out @@ -1,15 +1,15 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744619257945} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1618744619257945} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744619257945,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619257945,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619383792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619383792,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744620269813,"flow_dst_last_pkt_time":1618744619383792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744620269813,"pkt":"AAAAAAAAAAQAaFgECABFAAA062tAAH8G+tA5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744620269813,"flow_dst_last_pkt_time":1618744620390110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744620390110,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744620269813,"flow_dst_last_pkt_time":1618744620395537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744620395537,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} -01503{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744630475192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744633780253,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -01565{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744630475192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744633780253,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744633908597} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":13,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1618744633908597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912169 bytes -~~ total memory freed........: 6912169 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7489765 bytes +~~ total memory freed........: 7489765 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars -~~ json message max len.......: 1570 chars -~~ json message avg len.......: 1035 chars +~~ json message max len.......: 1529 chars +~~ json message avg len.......: 1016 chars diff --git a/test/results/default/tls_torrent.pcapng.out b/test/results/default/tls_torrent.pcapng.out index 056cdd756..4f5855848 100644 --- a/test/results/default/tls_torrent.pcapng.out +++ b/test/results/default/tls_torrent.pcapng.out @@ -1,16 +1,16 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054407415018} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054407415018} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054407415018,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407415018,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407427808,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1639054407443003,"pkt":"AAAAAAAAAAgAP8PgCABFAAF07ppAAH8GNzXAqAABCgoKAeXaAbsR7uhvhBxN9VAYAQFi5gAAFgMBAUcBAAFDAwMaHZWwfkF0Un0n60H4DuzdTswHjey14FNv5IuITjtzKgAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAABuAAAAFQATAAAQd2ViLnV0b3JyZW50LmNvbQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407443003,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407443003,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1639054407574962,"pkt":"AAAAAAAAAAcAAh9nCABFAAWguhQAAOMGQ48KCgoBwKgAAQG75dqEHE31Ee7pu1AQAAU3+QAAFgMDAF8CAABbAwP+1aIFvtuLFqorVtURyKtxJmuEjtNbJPZET1dOR1JEASAPFPmd1pKPcHAqV39UhmxIVg30JwkOus8KP4KygsLYfMAvAAATAAAAAAALAAIBAP8BAAEAACMAABYDAxQCCwAT\/gAT+wAGljCCBpIwggV6oAMCAQICCQCS8bkwu9pMuTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0yMTA5MjcwNzE2MDVaFw0yMjA5MjQyMjI2NTdaMBkxFzAVBgNVBAMMDioudXRvcnJlbnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTO2wNBdtR++YLOp5kvYcqPK2u6ZxdhRZc9XajSwWXjyZXywMZ\/BIb8HbgP+3gMXBWrBQCsME4\/+T0QMNhp\/sW\/Vb+VSEG\/V4ahwceJzBSFEB4uIKSzEFOXxfoBYn61yBKCQ+ae+Mb6TR9LKIat50+mHgF1hYP9\/SleSJyqu2ms9ofuWfSGHiFhs9ZOHW6QKLDUToOE\/Qbr3MxYEyTHVKwzknBd0vsPopG+8rIdt0VtIy5CtqWPeetLiKpLzf3STIKoVqSVIfr\/DMdf+rFCNE5Pd5G38bEwmPa8rGRAAiF4gqeV6fIx5gTWxKEVp0Hfnr6+FEWswQI+UhdU+wIJUGQIDAQABo4IDPzCCAzswDAYDVR0TAQH\/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH\/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0zMzI2LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG\/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMCcGA1UdEQQgMB6CDioudXRvcnJlbnQuY29tggx1dG9ycmVudC5jb20wHQYDVR0OBBYEFOsO\/XrZtafpQd33i+tfxbHj6wTZMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXwmHJUVAAAEAwBIMEYCIQDTRf5YuQ0snS3t3ioihWCwui5tTohRCvqQuqe7C9B5awIhAL0SWtcf9dt2j65Wq16DJpZ95qXNo3ypCqn9cMXmJRbFAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF8JhyXTQAABAMARzBFAiB9QrkdR2\/0PNEGxfCKDYn7qaf7epIFcyVslOAShqEy2AIhAIf\/XZ9pDNuAUOcpqGaIKV9AL+iZtq1dNDHEyW8="} -01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407574962,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407574962,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1639054407574962,"pkt":"AAAAAAAAAAcAAh9nCABFAAWguhUAAOMGQ44KCgoBwKgAAQG75dqEHFNtEe7pu1AQAAUYcAAATOdWegB3AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfCYcl7YAAAQDAEgwRgIhAK4QNflwf2+HmIqhCL9XiHr\/3hZ4rrGkhnfWeFejDXyxAiEAkt4xpF+LNjEYvkL7B3tjWsbNVXyTtKH9fOJGtd3NG3swDQYJKoZIhvcNAQELBQADggEBAIFf2lmzR3Mwx1K7jh2VeoyiVGSWAcezryvzzvuJkFttEXNY9uQ6fzVJ1GQwHY8Sgk4RebBUmLhxeHVBfbL4oklNJVitp3p0rJlVE66ss2RvgGq+BLxu8QkuSBvws6zi5r1mCJHh6DlGGb\/l8FXxnxlRL9iztFjmEDreL\/juCdzrKe4yoFY9OwFK0hDfG6NY5eXFxMDAvqJ3aHoK2c+0FO1kROazovg3o3Sb0vhbjlT\/Mvxcygcek7IjdtKQTqXGaT3UdrQTZZmrCaHWPIvNhYuEuIcPApBXT31DgdD5bjzjBMZ76wnMcGd1Wcajuonylorrq+jtjuunrrK1xqwO5vMABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08="} -01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8","blocks":0}}} +01656{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","domainame":"web.utorrent.com","tls": {"version":"TLSv1.2","server_names":"*.utorrent.com,utorrent.com","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8","blocks":0}}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054407576647} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054407576647} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924398 bytes -~~ total memory freed........: 6924398 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7501994 bytes +~~ total memory freed........: 7501994 bytes +~~ total allocations/frees...: 125885/125885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2426 chars diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out index ae67937a6..dd9d5a44c 100644 --- a/test/results/default/tls_unidirectional.pcap.out +++ b/test/results/default/tls_unidirectional.pcap.out @@ -1,5 +1,5 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716391295141432} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1716391295141432} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1716391295141432,"flow_src_last_pkt_time":1716391295141432,"flow_dst_last_pkt_time":1716391295141432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716391295141432,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1716391295141432,"flow_dst_last_pkt_time":1716391295141432,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1716391295141432,"pkt":"BBjWBrNamAGnpQyTCABFEABAAABAAEAGtJDAqALGwKgCAcV0AbvJdNGHAAAAALAC\/\/9WmgAAAgQFtAEDAwYBAQgKU2WkuAAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1716391295141432,"flow_dst_last_pkt_time":1716391295144129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1716391295144129,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAAEAGtKTAqAIBwKgCxgG7xXQXDCaiyXTRiKAScSAokwAAAgQFtAQCCAp2IRoMU2WkuAEDAwU="} @@ -8,7 +8,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1716391298433365,"flow_dst_last_pkt_time":1716391298435643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1716391298435643,"pkt":"mAGnpQyTBBjWBrNaCABFAAA0SwlAAEAGaaPAqAIBwKgCxgG7xXQXDCajyXTRioAQA4mrOwAAAQEICnYhJudTZbGU"} 00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1716391295141432,"flow_src_last_pkt_time":1716391299826932,"flow_dst_last_pkt_time":1716391299826821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716391299826932,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1716391295141432,"flow_src_last_pkt_time":1716391299826932,"flow_dst_last_pkt_time":1716391299826821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1716391299826932,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"192.168.2.1","src_port":50548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1716391299826932} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1716391299826932} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909917 bytes -~~ total memory freed........: 6909917 bytes -~~ total allocations/frees...: 114147/114147 +~~ total memory allocated....: 7487513 bytes +~~ total memory freed........: 7487513 bytes +~~ total allocations/frees...: 125878/125878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 934 chars diff --git a/test/results/default/tls_verylong_certificate.pcap.out b/test/results/default/tls_verylong_certificate.pcap.out index 7a7a8254d..73c75b0e6 100644 --- a/test/results/default/tls_verylong_certificate.pcap.out +++ b/test/results/default/tls_verylong_certificate.pcap.out @@ -1,17 +1,17 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -04023{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +03982{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7109929 bytes -~~ total memory freed........: 7109929 bytes -~~ total allocations/frees...: 114329/114329 +~~ total memory allocated....: 7687525 bytes +~~ total memory freed........: 7687525 bytes +~~ total allocations/frees...: 126060/126060 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 562 chars -~~ json message max len.......: 4028 chars -~~ json message avg len.......: 2208 chars +~~ json message max len.......: 3987 chars +~~ json message avg len.......: 2188 chars diff --git a/test/results/default/tls_with_huge_ch.pcapng.out b/test/results/default/tls_with_huge_ch.pcapng.out index f6e1ac4ca..03e899134 100644 --- a/test/results/default/tls_with_huge_ch.pcapng.out +++ b/test/results/default/tls_with_huge_ch.pcapng.out @@ -1,15 +1,15 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722705809121409} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722705809121409} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705809121409,"flow_dst_last_pkt_time":1722705809121409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705809121409,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722705809121409,"flow_dst_last_pkt_time":1722705809121409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705809121409,"pkt":"CL6sL1vgJjb1q0oRCABFAAA8\/K5AAEAGkqGsHlTB0P3Zjp7AAbtJBsIzAAAAAKAC\/\/9ilAAAAgQFtAQCCAq83NFrAAAAAAEDAwk="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722705810148119,"flow_dst_last_pkt_time":1722705809121409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705810148119,"pkt":"CL6sL1vgJjb1q0oRCABFAAA8\/K9AAEAGkqCsHlTB0P3Zjp7AAbtJBsIzAAAAAKAC\/\/9ekQAAAgQFtAQCCAq83NVuAAAAAAEDAwk="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1722705810148119,"flow_dst_last_pkt_time":1722705810289689,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705810289689,"pkt":"Jjb1q0oRCL6sL1vgCABFAAA8AABAADMGnFDQ\/dmOrB5UwQG7nsAWuutCSQbCNKASqbDBJgAAAgQFtAQCCApUIp2JvNzVbgEDAwk="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1722705810148119,"flow_dst_last_pkt_time":1722705811303712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705811303712,"pkt":"Jjb1q0oRCL6sL1vgCABFAAA8AABAADMGnFDQ\/dmOrB5UwQG7nsAWuutCSQbCNKASqbC9LwAAAgQFtAQCCApUIqGAvNzVbgEDAwk="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1722705812160470,"flow_dst_last_pkt_time":1722705811303712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705812160470,"pkt":"CL6sL1vgJjb1q0oRCABFAAA8\/LBAAEAGkp+sHlTB0P3Zjp7AAbtJBsIzAAAAAKAC\/\/9WtgAAAgQFtAQCCAq83N1JAAAAAAEDAwk="} -01587{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705812759372,"flow_dst_last_pkt_time":1722705812695734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11423,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705812759372,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"66d6080b942b0b593896bf729f3fd326","ja3s":"","ja4":"t13d1811h2_f71e3e15ae0d_5c3a8cf9b2bc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01546{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705812759372,"flow_dst_last_pkt_time":1722705812695734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11423,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705812759372,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1811h2_f71e3e15ae0d_5c3a8cf9b2bc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02530{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705812759372,"flow_dst_last_pkt_time":1722705812898719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11423,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705812898719,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":239202.4,"max":2012351,"stddev":473245.9,"var":223961677824.0,"ent":3.0,"data": [1026710,1168280,1014023,2012351,2192,420,20309,996657,23024,142064,364,141901,250,227258,1480,197,261,228178,1493,260,259,202424,192,1415,182,144,201161,608,1037,164,15]},"pktlen": {"min":52,"avg":410.5,"max":1076,"stddev":482.4,"var":232750.2,"ent":4.0,"data": [60,60,60,60,60,52,52,1076,60,52,1076,1076,52,52,1076,1076,1076,1076,52,52,52,52,1076,1076,1076,1076,211,52,52,52,52,52]},"bins": {"c_to_s": [5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,1],"entropies": [4.825882912,4.792549610,5.346035480,5.379368782,4.792549610,5.118428230,5.118428230,2.408794641,5.379368782,5.195351601,0.482256204,0.482256204,5.079966545,5.195351124,0.481554657,0.481554657,0.485973686,0.484114915,5.195351601,5.156889915,5.156889915,5.065449238,0.481554657,0.481554627,0.478994340,0.480853081,1.871818542,5.118428230,5.079966545,5.118428230,5.118428230,5.156889915]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01327{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":234,"flow_first_seen":1722705809121409,"flow_src_last_pkt_time":1722705840605309,"flow_dst_last_pkt_time":1722705840791503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":38922,"flow_dst_tot_l4_payload_len":51750,"midstream":0,"thread_ts_usec":1722705840791503,"l3_proto":"ip4","src_ip":"172.30.84.193","dst_ip":"208.253.217.142","src_port":40640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":428,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1722705840791503} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tls_with_huge_ch.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":428,"packets-processed":428,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":90672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1722705840791503} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 428/428 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6998153 bytes -~~ total memory freed........: 6998153 bytes -~~ total allocations/frees...: 114582/114582 +~~ total memory allocated....: 7575749 bytes +~~ total memory freed........: 7575749 bytes +~~ total allocations/frees...: 126313/126313 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 569 chars ~~ json message max len.......: 2535 chars -~~ json message avg len.......: 1469 chars +~~ json message avg len.......: 1468 chars diff --git a/test/results/default/toca-boca.pcap.out b/test/results/default/toca-boca.pcap.out index 6af91de84..0c01d4659 100644 --- a/test/results/default/toca-boca.pcap.out +++ b/test/results/default/toca-boca.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648999646082000} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648999646082000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1648999646082000,"pkt":"eJS0JASgYDjgxTWgCABFAABUT6gAAD8RuzzAqAJkW8dR4cP9E78AQBEY\/\/8AAQAAAAQitua6Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,12 +7,12 @@ 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646116000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1648999646128000,"pkt":"eJS0JASgYDjgxTWgCABFAABxT6sAAD8RuxzAqAJkW8dR4cP9E78AXV\/iu8gAAgAAADIitua6Af8ABAAAABQAAAAAAAAAAH370YUGAAEEAAAANQAAAAHzAAEIHkEGAwBmMzYxNWExNy02MDg0LTQwYzUtYmZkNS0yZmZiYTRkMQ=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1648999646161000,"pkt":"YDjgxTWgeJS0JASgCABFAABLMqoAADsR3ENbx1HhwKgCZBO\/w\/0AN2KSAAAAAn370bQitua6AQAAAAAAABQAAAAAAAAAAQAAADIGAAEAAAAADwAAAAHzAQA="} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648999646194000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1648999646194000,"pkt":"eJS0JASgYDjgxTWgCABFAAC7T7gAAD8RusXAqAJkW8dR4cP9E78Ap6eQu8gAAwAAAHQitua6AQAABAAAABQAAAAAAAAAAX370bQGAAEEAAAAcwAAAALzBgABAUNgHwPphFRWEeG7K1su8dh7ceJAIgMbYEW8\/IlaIVUMHV0pUYGkvKEUCp0YWnRyweSVzbsPVZeP3OdC\/CCq\/oATU+qSsKMyrHnO8SqUZVPoXQLHChtZdlXOpTLON959iRFoDP8BBAAAAAwAAAAC"} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1649338791869000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1649338791869000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649338791869000,"pkt":"eJS0JASgYDjgxTWgCABFAABUquwAAD8RF0nAqAJkXCaaMaQmE78AQOkN\/\/8AAQAAAA0lI+N2Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999647452000,"flow_dst_last_pkt_time":1648999648493000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":991,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1649339413371000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":17,"packets-processed":16,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1649339413371000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649339413371000,"pkt":"eJS0JASgYDjgxTWgCABFAABUVGwAAD8RbcnAqAJkXCaaMdj4E78AQKGB\/\/8AAQAAAA8HHhQ0Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -24,7 +24,7 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1649339424328000,"pkt":"YDjgxTWgeJS0JASgCABFAABojnsAAHkR+aVcJpoxwKgCZBO\/gGMAVCBGAAAAAhCV6uVoVFlOAf8AAAAAABQAAAAAAAAAAQAAABAD\/wEAAAAALAAAAAA0zASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1649357329801000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":33,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1649357329801000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1649357329801000,"pkt":"eJS0JASgYDjgxTWgCABFAABxId0AAD8R6VDAqAJkW8dRe9bHE78AXZvqAZ0AAgAAADR76ExLAf8AAAAAABQAAAAAAAAAAIrS+jcGAAEEAAAANQAAAAHzAAEIHkEEAQA4MjYyMDUzMS04NzM3LTQ4MjQtOGZkMi1hNGQyOWUyNA=="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -52,13 +52,13 @@ 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1649357796478000,"pkt":"eJS0JASgYDjgxTWgCABFAAC76dUAAD8RIQ7AqAJkW8dRe5FiE78Ap9\/gQYIAAwAAEKFwWW0qAQAAAAAAABQAAAAAAAAAAYraGScGAAEEAAAAcwAAAALzBgABAUNgqO2TCWkNPwQmb\/To5eafmHwk2M3jcXw+syR8\/2ZkLpAnxsjBo9NJIRg3niLIEBe1BKRcjcw9VsSC9Wp8xiV3ZwLnTCAQMR7QxRv8JFOFvJff26sic0VghOwZl+0g5UdBDP8BBAAAAAwAAAAC"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1649358122834000} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":52,"packets-processed":51,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1649358122834000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649358122834000,"pkt":"YDjgxTWgeJS0JASgCABFAACyLPAAADsR4fxbx1F7wKgCZBO\/gh8AnmVJAAAAAorfFD0zMIisAQAAAAAAABQAAAAAAAAAAgAAAG4GAAEAAAAAdgAAAALzBwAAAAgBAUNg8vSS5O+J\/XjOQQuCE\/Kz82hilWidCgaS8LTWICvsbjJnfEWbmMIZg+HqoUshflWYbYRWr5V8d81p2Yo8Hq57m1zea2a8m\/5YufPz7tt8hhSQ3WPzZMeBz21Wv8GmKuYQ"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1649360879587000} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":53,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1649360879587000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649360879587000,"pkt":"YDjgxTWgeJS0JASgCABFAACykLMAADsRfjlbx1F7wKgCZBO\/nWIAnpDwAAAAAosJJVgh87CXAQAAAAAAABQAAAAAAAAAAgAAAn4GAAEAAAAAdgAAAALzBwAAAAgBAUNgLNWb5SaCJAocJvmSqainbl+Oa4DJn3IT4qVSI8qFj6X5DLzbYJpCJ8LrRJdeJ7QpAQUlDLFkzmCIsWSJViCx2U\/siT702DkXpm6dZLrYzkK0dSx2ekQBCbW\/YHJC1uBB"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -70,7 +70,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649361166006000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8JwkAAD8R5FnAqAJkW8dRe94gE78AKB4+Pk0AAQAADyI7JuZnAQAAAAAAABQAAAAAAAAAA4sNhA4="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649411629031000} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":56,"packets-processed":55,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":73,"global_ts_usec":1649411629031000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649411629031000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d50AAD8Rk8XAqAJkW8dRe8WoE78AKHeQB0IAAQAAAiMEvRHkAQAAAAAAABQAAAAAAAAAA44Pjyk="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -88,18 +88,18 @@ 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"thread_ts_usec":1649411857970000,"pkt":"YDjgxTWgeJS0JASgCABFAAHhCAgAADsRBbZbx1F7wKgCZBO\/kS8Bza5qAAAAAo4TDaEsoxytBwAAAAAAACAAAAACAAAAAfME4gPjDRYC5Q03COQN3wMGAAEAAAABmQAAAAPzA+YAAAgC3x7dB4ADNjVOQzAyZGNzN0NUenlXakNnbnRIZGQ4Uzc2NXZZeXdsTy9qM3pYcW9OdGpvRkozdTlGZHFjeUVpeksvdktmMy9IdldhSkwySW9EdW9Ia0VPSE1sYkQ2aHlPVlBGZkpSaEtxUnRuZUVYNUdGZ0NMRkF1WGl1ai9FdHd2RWFRdURVM3dUZXY3WTFCZ0pqL0tHaHhVdnBDWHpLWkFIb3ZVdkVZNDk0dmFMQSswNlJrUHBXNnVJNU9JYzZSaU5ZODhuK0RtYTRtdm11bGZQakZzQWxCNlE2WlZWZGpoWnJOV1NQcjlaL0ROR2VaUlRFNEc4aEFJZDRrRVl4ZWExZE1UU2Y0cHhmL3RibndmcVdvQ2JWNmhsbE5nSkt3akF0REkxQUV3cmZVeUdxLytxaUc3S2RWVXpDRndMSDVUdWRCRU1vak5XTjlNM0RsV0FHZnBtaW14T1g1S2pmWWw2WkhLV3RKRmhuNUM4dmN6dXZWTTdJZENXeXZzWWl3Umhuam9O"} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1649756653649000} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":73,"packets-processed":72,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":91,"global_ts_usec":1649756653649000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649756653649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8JawAADsR6bdbx1F6wKgCZBO\/hscAKBKXAAAAAa\/cVZosVa4ZAQAAAAAAABQAAAAAAAAABAAAATQ="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01161{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1649949002676000} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":98,"global_ts_usec":1649949002676000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649949002676000,"pkt":"YDjgxTWgeJS0JASgCABFAATMcx8AADsRl01bx1HhwKgCZBO\/xKEEuJV9AAAAAbaSYs0pd\/HxCAABAAAABKQAAAAFAAAABQAAAAsAAAAAAAAtKgAAAADzBOYB3hXbAQcgYnVzY28gYW1pZ29zIHNveSBwb2xpY2lhIGZyYW5jZXMVBwcCc3QG8KfG20BqSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBwU0OTExMhUHBwJzdAYOLbLdRgoyQQP9HAP8AwoHAm1kAwEHAm1wAxkHAnN2IgP\/AwoHB1NoZXJsb24VBwcCc3QGcT0Kp+h8QkED\/RwD\/AMKBwJtZAMBBwJtcAMFBwJzdiID\/wMKBxNnYXRvcyBnYW1lXzEwOjUzOjMyFQcHAnN0BjeJQaB7OklBA\/0cA\/wDCgcCbWQDAQcCbXADDwcCc3YDAQP\/AwoHCTEwMDAwNDAwMBUHBwJzdAbjpZt0D0BJQQP9HAP8AwoHAm1kAwEHAm1wAwcHAnN2IgP\/AwoHCeaIkeeahOWPkRUHBwJzdAaWQ4v8vMVJQQP9HAP8AwYHAm1kAwEHAm1wAxQHAnN2IgP\/AwYHEHB2cCBoYXJkZWNvcvCfkoAVBwcCc3QG\/tR42XVFSUED\/RwD\/AMJBwJtZAMBBwJtcAMPBwJzdiID\/wMKBwU0MzY4MhUHBwJzdAbn+6nx3kJJQQP9HAP8AwoHAm1kAwEHAm1wAxwHAnN2IgP\/AwoHBGJvdDMVBwcCc3QGAAAAkNDkSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBw4gZ2FtZV8wMjozNTo0MxUHBwJzdAYzMzNDUqhJQQP9HAP8AwoHAm1kAwEHAm1wIgcCc3YDAQP\/AwoHCkdUQSBWIGxpZmUVBwcCc3QGqvHS3eg1SUED\/RwD\/AMKBwJtZAMBBwJtcAMBBwJzdiID\/wMKBxPRg9GDMSBnYW1lXzA2OjE0OjIwFQcHAnN0BrByaKHFz0ZBA\/0cA\/wDCgcCbWQDAQcCbXADCwcCc3YDAQP\/AwoHBTY1MjIwFQcHAnN0BolBYKUCYEdBA\/0cA\/wDCgcCbWQDAQcCbXAiBwJzdiID\/wMKBwU4MTU0OBUHBwJzdAbfT433oXoxQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHDiBnYW1lXzA0OjMwOjQxFQcHAnN0BqabxBDRRUlBA\/0cA\/wDCgcCbWQDAQcCbXADHQcCc3YDAQP\/AwoHBTI4NjQ1FQcHAnN0Bi2ynf8p6kpBA\/0cA\/wDCgcCbWQDAQcCbXADFQcCc3YiA\/8DCgcFMTMxNjUVBwcCc3QGvHSTeDIhQ0ED\/RwD\/AMKBwJtZAMBBwJtcAMVBwJzdiID\/wMKBwU0NDg2OBUHBwJzdAYZBFbuLowxQQP9HAP8AwoHAm1kAwEHAm1wAw0HAnN2IgP\/AwoHCWphamFqYWphahUHBwJzdAYbL90E6kNDQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHBDcxNjAVBwcCc3QGj8L16LZhMkED\/RwD\/AMKBwJtZCIHAm1wAxsHAnN2IgP\/AwoHBuWSjOW5sxUHBwJzdAacxCBQ\/Po0QQP9HAP8AwoHAm1kAwIHAm1wAwMHAnN2"} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1649959918209000} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":75,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":102,"global_ts_usec":1649959918209000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649959918209000,"pkt":"YDjgxTWgeJS0JASgCABFAATMlmcAADsRdGxbx1F6wKgCZBO\/3lgEuGJXAAAAAbv54rwVf+7RCAABAAAABKQAAAAFAAAABQAAAB4AAAAAAACDaAAAAADzBOYAAd5oAfRzAAkyNTY1ODIyODNoAAhi\/W8BcwACTFZzAARNYWxscwACQ0x5AARpAAAAAgAAAAMAAAAEAAAABXMAAkNUcwABQWL8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTM2MDA2OTEyNWgABGL\/YgpzAAJMVnMABlNjaG9vbGL9bwFi\/GIHcwAKMjExMDU4MjkwNGgACGL9bwFzAAJMVnMABlNjaG9vbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAGRGlncmVmYvxiB3MAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5OTY4MzY0MmgACGL9bwFzAAJMVnMABE1hbGxzAAJDTHkAAWkAAAAFcwACQ1RzAAFRYvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAkxNTUyMTI1OTdoAAhi\/W8BcwACTFZzAAdGYWN0b3J5cwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAjZgdin2LHYs2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTc2NjI2NTIyN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAARCYW5pYvxiCXMAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5MTc3MDA5N2gACGL9bwFzAAJMVnMABk9mZmljZXMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAEWmFza2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzU4NjQ3NzY4aAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwADY2F0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzMzNTE4NjcyaAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAFVmlyZ2li\/GIKcwACQ1BzAABzAAJDR28BYv9iCnMACTg0ODM1MzYzN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAdnaXltZXJ0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzQ5OTgwOTQ2aAAIYv1vAXMAAkxWcwAGU2Nob29scwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAZ2dnZ2dnZi\/GIJcwACQ1BzAABzAAJDR28BYv9iCnMACjE1ODg5MTA3NDVoAAhi\/W8BcwACTFZzAAZTY2hvb2xzAAJDTHkABmkAAAAAAAAAAQAAAAIAAAADAAAABAAAAAVzAAJDVHMABjExMjIzM2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzY2Njk2NjY0aAAE"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -107,7 +107,7 @@ 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":77,"packets-processed":76,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1650009948783000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":77,"packets-processed":76,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":110,"global_ts_usec":1650009948783000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1650009948783000,"pkt":"YDjgxTWgeJS0JASgCABFAATMx5YAADsRQtZbx1HhwKgCZBO\/qI8EuNNNAAAAAbo0YlQBhGKwCAABAAAABKQAAAAIAAAABQAAAAgAAAADAAAj7AAADYwDAgcCbXAiBwJzdiID\/wMKBwU1NDI1ORUHBwJzdAb0\/dQYS1k2QQP9HAP8AwEHAm1kIgcCbXADDQcCc3YiA\/8DAgdI0LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtSBnYW1lXzEwOjI3OjAxFQcHAnN0BnsUrmeuBTZBA\/0cA\/wDAQcCbWQDAQcCbXADHgcCc3YDAQP\/AwoHCEdhbWU4NjgzFQcHAnN0BvLSTULOBjZBA\/0cA\/wDAQcCbWQDAgcCbXADIAcCc3YiA\/8DAQcIR2FtZTIxMjkVBwcCc3QG8tJNsnClS0ED\/RwD\/AMBBwJtZAMCBwJtcAMWBwJzdiID\/wMBBwNvcmEVBwcCc3QG+n5qXFaeS0ED\/RwD\/AMHBwJtZAMCBwJtcAMgBwJzdiID\/wMKBwhHYW1lNTA4NBUHBwJzdAakcD2aTKZLQQP9HAP8AwEHAm1kAwIHAm1wAxUHAnN2IgP\/AwEHCEdhbWU2ODM3FQcHAnN0BlpkO2+BpEtBA\/0cA\/wDAQcCbWQDAgcCbXADGwcCc3YiA\/8DAQcIR2FtZTc1MDIVBwcCc3QGxSCwkiDnREED\/RwD\/AMBBwJtZAMCBwJtcAMZBwJzdiID\/wMBBwhHYW1lODMzNRUHBwJzdAamm8TQnahLQQP9HAP8AwEHAm1kAwIHAm1wIgcCc3YiA\/8DAQcIR2FtZTg5MjYVBwcCc3QGtvP9xMypS0ED\/RwD\/AMBBwJtZAMCBwJtcAMeBwJzdiID\/wMBBwRtZW1lFQcHAnN0Bq5H4YrzN0lBA\/0cA\/wDAgcCbWQDAgcCbXADHgcCc3YiA\/8DAgcIR2FtZTMxMjUVBwcCc3QGHVpkG0xbNkED\/RwD\/AMBBwJtZAMCBwJtcAMdBwJzdiID\/wMBBwhHYW1lNDQxMxUHBwJzdAYzMzMT7lo2QQP9HAP8AwEHAm1kAwIHAm1wAw4HAnN2IgP\/AwEHAzAwMBUHBwJzdAb+1Hi5oeZEQQP9HAP8AwIHAm1kAwIHAm1wAx4HAnN2IgP\/AwIHCEdhbWUyMDU4FQcHAnN0Bilcj7LI5kRBA\/0cA\/wDAQcCbWQDAgcCbXADBwcCc3YiA\/8DAQcIR2FtZTQ2OTYVBwcCc3QGoBovvVRbNkED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMBBwUyMzQzMBUHBwJzdAZWDi2CBeZEQQP9HAP8AwEHAm1kAwIHAm1wAxsHAnN2IgP\/AwoHCEdhbWU3NDUzFQcHAnN0BhkEVo6EOUlBA\/0cA\/wDAQcCbWQDAgcCbXADDQcCc3YiA\/8DAQcFNjA4NDIVBwcCc3QGuB6Fq9mpS0ED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMKBwRPa3VsFQcHAnN0BkSLbMc\/WzZBA\/0cA\/wDAwcCbWQDAQcCbXADFAcCc3YiA\/8DCgcIR2FtZTQzODYVBwcCc3QGYhBYacWlS0ED\/RwD\/AMBBwJtZAMCBwJtcAMV"} 01164{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -115,7 +115,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1650009948783000} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":77,"packets-processed":77,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1650009948783000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -124,9 +124,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6957533 bytes -~~ total memory freed........: 6957533 bytes -~~ total allocations/frees...: 114437/114437 +~~ total memory allocated....: 7535129 bytes +~~ total memory freed........: 7535129 bytes +~~ total allocations/frees...: 126168/126168 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2176 chars diff --git a/test/results/default/tor.pcap.out b/test/results/default/tor.pcap.out index 6bc0a12b0..2b990b63b 100644 --- a/test/results/default/tor.pcap.out +++ b/test/results/default/tor.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383821660212806} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1383821660212806} 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821660212806,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821660212806} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821662212866,"packet_id":2,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821662212866} @@ -11,9 +11,9 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1383821665420161,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383821665491157,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1383821665491486,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821665491486,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_usec":1383821665498155,"pkt":"UlQA2EYhUlQAWul3CABFAAD\/A2BAAIAGenPAqAH8W49d8semAbvp\/8nT+Fm4\/VAYAQAYUgAAFgMBANIBAADOAwFSe39m5Uhx5LWaEhy\/VSH7GBPue0xnQwvtdptmyyiBdQAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAF0AAAAZABcAABR3d3cuY3Q3Y3RyZ2I2Y3I3LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821665498155,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.ct7ctrgb6cr7.com","domainame":"www.ct7ctrgb6cr7.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665491157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821665498155,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.ct7ctrgb6cr7.com","domainame":"www.ct7ctrgb6cr7.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665595471,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383821665595471,"pkt":"UlQAWul3UlQA2EYhCABFAAAovfFAAC4GErlbj13ywKgB\/AG7x6b4Wbj96f\/KqlAQAHsD0AAA"} -01513{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665606254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":748,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1383821665606254,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.ct7ctrgb6cr7.com","domainame":"www.ct7ctrgb6cr7.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7","blocks":0}}} +01472{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821665498155,"flow_dst_last_pkt_time":1383821665606254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":748,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1383821665606254,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.ct7ctrgb6cr7.com","domainame":"www.ct7ctrgb6cr7.com","tls": {"version":"TLSv1","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7","blocks":0}}} 00289{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821666212873,"packet_id":25,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821666212873} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821666164055,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666407384,"flow_dst_last_pkt_time":1383821666407384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821666407384,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -21,9 +21,9 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1383821666407384,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383821666480751,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1383821666481792,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821666481792,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1383821666482149,"pkt":"UlQA2EYhUlQAWul3CABFAAEGA2pAAIAG0YnAqAH8Ljs0H8enAbvpjJYZMTT2fVAYAQDoYgAAFgMBANkBAADVAwFSe39nmuU3sweaQVD0jHq0Cq72Q\/dbDCXKTgOCZqGRcwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGQAAAAgAB4AABt3d3cuZTZyNXA1N2tiYWZ3cnhqM3Bsei5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -01548{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821666482149,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com","domainame":"www.e6r5p57kbafwrxj3plz.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01507{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666480751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821666482149,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com","domainame":"www.e6r5p57kbafwrxj3plz.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666554821,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383821666554821,"pkt":"UlQAWul3UlQA2EYhCABFAAAoI35AACwGBlQuOzQfwKgB\/AG7x6cxNPZ96YyW91AQAB4ZHwAA"} -01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666558024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1383821666558024,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com","domainame":"www.e6r5p57kbafwrxj3plz.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C","blocks":0}}} +01722{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821666482149,"flow_dst_last_pkt_time":1383821666558024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1383821666558024,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com","domainame":"www.e6r5p57kbafwrxj3plz.com","tls": {"version":"TLSv1","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C","blocks":0}}} 00289{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821668212884,"packet_id":55,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821668212884} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821668066805,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668403824,"flow_dst_last_pkt_time":1383821668403824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821668403824,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -31,9 +31,9 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1383821668403824,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383821668547648,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1383821668548030,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821668548030,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1383821668548416,"pkt":"UlQA2EYhUlQAWul3CABFAAEIA3dAAIAGxrrAqAH8JuVGNceoAbuUs9YyhA0RIVAYAQDlUgAAFgMBANsBAADXAwFSe39pbZn4CAZLPeIeRH8NC+wysEGwDtFI6Y81\/Q\/FOwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGYAAAAiACAAAB13d3cucTRjeWFtbmM2bXRva2p1cnZkY2x0LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01553{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821668548416,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com","domainame":"www.q4cyamnc6mtokjurvdclt.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01512{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668547648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821668548416,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com","domainame":"www.q4cyamnc6mtokjurvdclt.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668700311,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383821668700311,"pkt":"UlQAWul3UlQA2EYhCABFAAAodvRAADQGoB0m5UY1wKgB\/AG7x6iEDREhlLPXElAQABC1rQAA"} -01761{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668700468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383821668700468,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com","domainame":"www.q4cyamnc6mtokjurvdclt.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A","blocks":0}}} +01720{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821668548416,"flow_dst_last_pkt_time":1383821668700468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383821668700468,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com","domainame":"www.q4cyamnc6mtokjurvdclt.com","tls": {"version":"TLSv1","ja3s":"e1691a31bfe345d2692da75636ddfb00","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A","blocks":0}}} 00289{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821670213310,"packet_id":80,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821670213310} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821669834523,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00289{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821672213282,"packet_id":83,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821672213282} @@ -61,7 +61,7 @@ 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821673254958,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821693159821,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1383821693159821,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} -01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821693159821,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc","domainame":"endian-pc"}} +00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821693159821,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc","domainame":"endian-pc"}} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1383821703288336,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1383821703288336,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 02578{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821704424659,"flow_dst_last_pkt_time":1383821704566665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4598,"flow_dst_tot_l4_payload_len":5464,"midstream":0,"thread_ts_usec":1383821704566665,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":113,"avg":2328505.8,"max":31166013,"stddev":7549668.5,"var":56997495963648.0,"ent":1.9,"data": [143824,144206,386,152663,157,159633,171698,164686,190851,113,190713,627,185098,185495,145105,5747,151688,184201,104686,289985,146556,2535956,2930532,30770666,31166013,871,147027,185685,696487,885191,147130]},"pktlen": {"min":40,"avg":355.8,"max":1500,"stddev":354.9,"var":125974.5,"ent":4.3,"data": [52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]},"bins": {"c_to_s": [4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1],"entropies": [4.463158131,4.830034256,4.398030758,5.447000027,4.784183979,7.571198463,6.865525723,5.932188988,6.092850685,7.880095005,6.536722183,4.338141918,7.694956303,4.765311718,7.651318550,4.834183693,7.635929585,7.668802738,4.680641174,7.700941086,7.633764267,4.834183693,7.670955658,4.311074257,7.633520603,4.630640984,7.649660587,7.669915199,4.784183979,7.648267269,7.643295765,4.684184074]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} 02336{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821704889950,"flow_dst_last_pkt_time":1383821704958016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3939,"flow_dst_tot_l4_payload_len":9093,"midstream":0,"thread_ts_usec":1383821704958016,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":120,"avg":2548633.8,"max":37995839,"stddev":9273754.0,"var":86002509021184.0,"ent":1.4,"data": [70996,71325,6669,104314,10783,112643,88567,84606,73691,120,73665,754,108431,107711,67797,2260,74630,103567,101811,113368,368689,686539,37720424,37995839,68191,67504,104050,189003,360821,68695,181]},"pktlen": {"min":40,"avg":448.8,"max":1500,"stddev":476.2,"var":226793.4,"ent":4.2,"data": [52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500]},"bins": {"c_to_s": [5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1],"entropies": [4.540081501,4.945419312,4.484987259,5.397112370,4.884183884,7.396267891,6.599942207,5.960015774,6.090528011,7.870100975,6.529747963,4.484987259,7.677678108,4.884183884,7.605023384,4.884183884,7.649974346,7.648893833,7.709483624,7.672764301,4.834183693,7.653419495,4.441509247,7.662259102,4.884183884,7.661063194,4.884183884,7.656208992,7.855939388,4.484987259,7.873313904,7.885534286]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -70,7 +70,7 @@ 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383821734359648,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383821734359648,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1383821763366999,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1383821763366999,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -01117{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821763366999,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc"}} +00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383821763366999,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc"}} 02568{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821774388112,"flow_dst_last_pkt_time":1383821702813857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3946,"flow_dst_tot_l4_payload_len":5300,"midstream":0,"thread_ts_usec":1383821774388112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":90,"avg":4657651.5,"max":71328355,"stddev":14789051.0,"var":218716025389056.0,"ent":1.8,"data": [73367,74408,357,74070,3203,80209,86098,83238,77261,90,76164,838,117183,116350,75240,23977,101877,114494,465564,429267,3455,80828,117031,388775,507320,75910,393949,666205,34353103,34399015,71328355]},"pktlen": {"min":40,"avg":330.6,"max":1500,"stddev":347.1,"var":120444.2,"ent":4.2,"data": [52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46]},"bins": {"c_to_s": [6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0],"entropies": [4.540081024,4.892440796,4.398030758,5.485852242,4.734183788,7.345484734,6.684501171,5.938382626,6.188065529,7.865236759,6.545697212,4.398030758,7.637940407,4.784183979,7.634158611,4.784183979,7.710437775,7.659512520,4.784183979,7.657443523,4.834184170,7.637063503,7.660885811,4.834184170,7.674984455,7.682085514,4.765312195,7.644844532,4.544876099,7.636578560,4.347350597,4.457919598]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1383822123915516,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1383822123915516,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00290{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822124212807,"packet_id":299,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822124212807} @@ -88,13 +88,13 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1383822129897135,"flow_dst_last_pkt_time":1383822129961527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822129961527,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1383822129962943,"flow_dst_last_pkt_time":1383822129961527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383822129962943,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822129949318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1383822129965354,"pkt":"UlQA2EYhUlQAWul3CABFAAD5CJtAAIAGvnHAqAH81FOb+sfmAbsbVwNnrWI9fVAYAQBc+gAAFgMBAMwBAADIAwFSe4E3FMYInxr2a\/LGdBo7iY6X3woxpwwwB2E4X+3g5wAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFcAAAATABEAAA53d3cudDNpM3J1LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822129949318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822129965354,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.t3i3ru.com","domainame":"www.t3i3ru.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822129949318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822129965354,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.t3i3ru.com","domainame":"www.t3i3ru.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822129961527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1383822129972457,"pkt":"UlQA2EYhUlQAWul3CABFAAD9CJxAAIAGdTnAqAH8W49d8sfnAbtnuw7Nw96cNlAYAQCN\/AAAFgMBANABAADMAwFSe4E3htlD0jNwndR+1ou7jED0jjAcq7bR5WAiBXnUvwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFsAAAAXABUAABJ3d3cuZ2Z1N2hieHBmcC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822129961527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822129972457,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com","domainame":"www.gfu7hbxpfp.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01492{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822129961527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822129972457,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com","domainame":"www.gfu7hbxpfp.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822130021438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822130021438,"pkt":"UlQAWul3UlQA2EYhCABFAAAooqlAADEGdDTUU5v6wKgB\/AG7x+atYj19G1cEOFAQAHuoVgAA"} -01499{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822130023500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":743,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":743,"midstream":0,"thread_ts_usec":1383822130023500,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.t3i3ru.com","domainame":"www.t3i3ru.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B","blocks":0}}} +01458{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822129965354,"flow_dst_last_pkt_time":1383822130023500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":743,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":743,"midstream":0,"thread_ts_usec":1383822130023500,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.t3i3ru.com","domainame":"www.t3i3ru.com","tls": {"version":"TLSv1","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B","blocks":0}}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822130043639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822130043639,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVpRAAC4GehZbj13ywKgB\/AG7x+fD3pw2Z7sPolAQAHuSHgAA"} -01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822130047877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":748,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1383822130047877,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com","domainame":"www.gfu7hbxpfp.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7","blocks":0}}} +01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822129972457,"flow_dst_last_pkt_time":1383822130047877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":748,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1383822130047877,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com","domainame":"www.gfu7hbxpfp.com","tls": {"version":"TLSv1","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7","blocks":0}}} 00290{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822130216146,"packet_id":326,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822130216146} 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":326,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822130168859,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822130889737,"flow_dst_last_pkt_time":1383822130889737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822130889737,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -102,9 +102,9 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1383822130889737,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822131033681,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1383822131034064,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383822131034064,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1383822131034778,"pkt":"UlQA2EYhUlQAWul3CABFAAD6CLBAAIAGwY\/AqAH8JuVGNcfoAbv0twfgYNP3BVAYAQATzQAAFgMBAM0BAADJAwFSe4E45UNCHF+9nmoqAUUyRuC4BvKCHcuaRNsIL6pQWAAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFgAAAAUABIAAA93d3cuam10czJpZC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822131034778,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","domainame":"www.jmts2id.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822131034778,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","domainame":"www.jmts2id.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131183159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822131183159,"pkt":"UlQAWul3UlQA2EYhCABFAAAogW9AADQGlaIm5UY1wKgB\/AG7x+hg0\/cF9LcIslAQABBhHwAA"} -01497{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131220406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383822131220406,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","domainame":"www.jmts2id.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131220406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383822131220406,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","domainame":"www.jmts2id.com","tls": {"version":"TLSv1","ja3s":"e1691a31bfe345d2692da75636ddfb00","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A","blocks":0}}} 02554{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822132138706,"flow_dst_last_pkt_time":1383822132203451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5299,"midstream":0,"thread_ts_usec":1383822132203451,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":146,"avg":146706.0,"max":990883,"stddev":220400.9,"var":48576569344.0,"ent":3.9,"data": [64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902]},"pktlen": {"min":40,"avg":348.2,"max":1500,"stddev":347.1,"var":120448.8,"ent":4.3,"data": [52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]},"bins": {"c_to_s": [4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1],"entropies": [4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} 00290{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822132212345,"packet_id":380,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822132212345} 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":380,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132203451,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -112,7 +112,7 @@ 01042{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01367{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821774461034,"flow_dst_last_pkt_time":1383821774460689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3946,"flow_dst_tot_l4_payload_len":5300,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.e6r5p57kbafwrxj3plz.com"}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"endian-pc"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822123915516,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00290{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822134212476,"packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822134212476} 00365{"packet_event_id":1,"packet_event_name":"packet","packet_id":383,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -142,9 +142,9 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190950538,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1383822190951036,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383822190951036,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1383822190951387,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190951387,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","domainame":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190951387,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","domainame":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191021804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822191021804,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"} -01514{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191037108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":740,"midstream":0,"thread_ts_usec":1383822191037108,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","domainame":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0","blocks":0}}} +01473{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191037108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":740,"midstream":0,"thread_ts_usec":1383822191037108,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","domainame":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3s":"184d532a16876b78846ae6a03f654890","ja4":"t10d360300_77f462745360_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822217531372,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -153,7 +153,7 @@ 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1383822224935668,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822224935668,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1383822232938483,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822232938483,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822232938483,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":495,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":156,"global_ts_usec":1383822262211943} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":495,"packets-processed":337,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":156,"global_ts_usec":1383822262211943} 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01360{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.gfu7hbxpfp.com"}} @@ -163,7 +163,7 @@ 01371{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":23,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821726553851,"flow_dst_last_pkt_time":1383821727479587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5770,"flow_dst_tot_l4_payload_len":8096,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.q4cyamnc6mtokjurvdclt.com"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131785827,"flow_dst_last_pkt_time":1383822131929382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1654,"flow_dst_tot_l4_payload_len":2534,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822274144364,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":514,"packets-processed":349,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1383822276211998} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":514,"packets-processed":349,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":166,"global_ts_usec":1383822276211998} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 514/349 ~~ skipped flows.............: 0 @@ -172,9 +172,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7129808 bytes -~~ total memory freed........: 7129808 bytes -~~ total allocations/frees...: 114685/114685 +~~ total memory allocated....: 7707404 bytes +~~ total memory freed........: 7707404 bytes +~~ total allocations/frees...: 126416/126416 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 293 chars ~~ json message max len.......: 2583 chars diff --git a/test/results/default/tplink_shp.pcap.out b/test/results/default/tplink_shp.pcap.out index 589da03e5..2045cf58a 100644 --- a/test/results/default/tplink_shp.pcap.out +++ b/test/results/default/tplink_shp.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671480246580620} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671480246580620} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480246580620,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -129,7 +129,7 @@ 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480773884477,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480820817294,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480829271720,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":81,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1671480846725682} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":81,"packets-processed":80,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1671480846725682} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480852858303,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480798218993,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480855668852,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -210,7 +210,7 @@ 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481373980200,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481420854606,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481429280552,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1671481446878800} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":161,"packets-processed":160,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1671481446878800} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481452994794,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481398291656,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481455655666,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -291,7 +291,7 @@ 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481974156304,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482020847120,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482029297368,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1671482047021959} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1671482047021959} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482053161546,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481998330813,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482055666013,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -311,7 +311,7 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671482058418105,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482113211224,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482107022461,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":251,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1671482115665844} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":251,"packets-processed":251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":314,"global_ts_usec":1671482115665844} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 251/251 ~~ skipped flows.............: 0 @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931328 bytes -~~ total memory freed........: 6931328 bytes -~~ total allocations/frees...: 114457/114457 +~~ total memory allocated....: 7508924 bytes +~~ total memory freed........: 7508924 bytes +~~ total allocations/frees...: 126188/126188 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2290 chars diff --git a/test/results/default/trdp.pcapng.out b/test/results/default/trdp.pcapng.out index c5f1fa3ca..1cdeaffaa 100644 --- a/test/results/default/trdp.pcapng.out +++ b/test/results/default/trdp.pcapng.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723810608335977} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723810608335977} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723810608335977,"flow_src_last_pkt_time":1723810608335977,"flow_dst_last_pkt_time":1723810608335977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723810608335977,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":45482,"dst_port":17225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1723810608335977,"flow_dst_last_pkt_time":1723810608335977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1723810608335977,"pkt":"CAAn3fxv8C90rUP1CABFYAA8+LxAAEAGDt3AqFjnwKhYirGqQ0nzfO+VAAAAAKAC+vAy8QAAAgQFtAQCCAoRbapHAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1723810608335977,"flow_dst_last_pkt_time":1723810608336075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1723810608336075,"pkt":"8C90rUP1CAAn3fxvCABFYAA8AABAAEAGB5rAqFiKwKhY50NJsapWPA2X83zvlqAS\/ogD\/QAAAgQFtAQCCAqWroRpEW2qRwEDAwc="} @@ -18,7 +18,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1723810608348266,"flow_src_last_pkt_time":1723810608348266,"flow_dst_last_pkt_time":1723810608348266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1723810608348266,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":45318,"dst_port":17225,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TRDP","proto_id":"424","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1723810608335977,"flow_src_last_pkt_time":1723810608348266,"flow_dst_last_pkt_time":1723810608348259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1723810608348266,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":45482,"dst_port":17225,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TRDP","proto_id":"424","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1723810608348266,"flow_src_last_pkt_time":1723810608348266,"flow_dst_last_pkt_time":1723810608348266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723810608348266,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.138","src_port":47228,"dst_port":17224,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TRDP","proto_id":"424","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1723810608348266} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/trdp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1723810608348266} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912803 bytes -~~ total memory freed........: 6912803 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7490399 bytes +~~ total memory freed........: 7490399 bytes +~~ total allocations/frees...: 125905/125905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 983 chars diff --git a/test/results/default/trickbot.pcap.out b/test/results/default/trickbot.pcap.out index 8f5e5aaf0..c6f542ecb 100644 --- a/test/results/default/trickbot.pcap.out +++ b/test/results/default/trickbot.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609266107551500} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1609266107551500} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609266107551500,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1609266107551500,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107797175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1609266107797175,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} @@ -10,7 +10,7 @@ 01652{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107797702,"flow_dst_last_pkt_time":1609266108728827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1358,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1358,"midstream":0,"thread_ts_usec":1609266108728827,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196","domainame":"82.118.225.196","http": {"url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 10"}}} 02558{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266109737227,"flow_dst_last_pkt_time":1609266110219915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":27187,"midstream":0,"thread_ts_usec":1609266110219915,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":156585.2,"max":931328,"stddev":258444.3,"var":66793451520.0,"ent":3.3,"data": [245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14]},"pktlen": {"min":40,"avg":930.0,"max":1500,"stddev":662.5,"var":438885.5,"ent":4.5,"data": [52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194]},"bins": {"c_to_s": [7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1],"entropies": [4.776611805,4.925117970,4.762815475,5.824206829,6.033888340,4.784183979,4.834183693,7.786707878,4.931687355,7.831421852,4.931687355,7.870709896,7.856476307,4.931687355,7.869441509,7.864507675,7.865448475,7.873723507,7.871662140,7.892165661,7.878643513,7.860257149,7.887190342,7.870031357,7.873756886,7.255901337,4.931687355,7.870108604,4.931687355,7.875472546,7.873021603,7.864452362]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196"}} 01363{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266115947454,"flow_dst_last_pkt_time":1609266115947521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":56713,"midstream":0,"thread_ts_usec":1609266115947521,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1609266115947521} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":74,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1609266115947521} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 74/74 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6912313 bytes -~~ total memory freed........: 6912313 bytes -~~ total allocations/frees...: 114222/114222 +~~ total memory allocated....: 7489991 bytes +~~ total memory freed........: 7489991 bytes +~~ total allocations/frees...: 125956/125956 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 532 chars ~~ json message max len.......: 2563 chars diff --git a/test/results/default/tumblr.pcap.out b/test/results/default/tumblr.pcap.out index 8565cf23f..b77d280fb 100644 --- a/test/results/default/tumblr.pcap.out +++ b/test/results/default/tumblr.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605292102219041} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1605292102219041} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102219041,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292102219041,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292102602965,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102602965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -62,18 +62,18 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105230486,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105230554,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105230554,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105231042,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaAiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBgB++4yAAABAQgKUVPzg8LdnfMWAwECAAEAAfwDAwsTuD27e9O7zSR9QGg\/BjcA3VInM4oSJon9YBOCv5++IFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAja2gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKdraAAEAAB0AIDYvcGjd9fK5d+Sh8kpRELYm8anOzkwuInZrhF5dnrEgAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAjo6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105231042,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105231042,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02154{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":3903.1,"max":45055,"stddev":9416.3,"var":88667112.0,"ent":2.8,"data": [365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28]},"pktlen": {"min":72,"avg":608.3,"max":1472,"stddev":669.7,"var":448506.0,"ent":4.1,"data": [184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72]},"bins": {"c_to_s": [12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]},"directions": [0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105274861,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105274861,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105278180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl6n7vbsgBALMO8iAAABAQgKwt2eLFFT84M="} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105278180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105278180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105299371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105299399,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105299399,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105299606,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBgB+x+BAAABAQgKUVPzyMLdnkMWAwECAAEAAfwDAy8GqoFoWkNyI7mYtVTa5cXzmnUMn\/AW4e4uQZtHexViIHBqihZlPQxi4\/Swmz8DIl9f5mkTuI3AenD0Ehe9UmbOACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIBw5Ol89JTdAu7B94JP0srEvQLd+Q79aN+DwFdZiG4R\/AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAhoaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105299606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105299606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105322435,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv5yG572bgBEB+\/EWAAABAQgKUVPz38LdnkM="} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105340527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105340527,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105340527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105340527,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","domainame":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105347875,"flow_dst_last_pkt_time":1605292105347850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1519,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1605292105347875,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9713.3,"max":47694,"stddev":16101.6,"var":259260704.0,"ent":3.2,"data": [33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8]},"pktlen": {"min":72,"avg":300.7,"max":1280,"stddev":381.9,"var":145812.8,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72]},"bins": {"c_to_s": [10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0],"entropies": [5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105418417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105418417,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="} @@ -82,14 +82,14 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105447883,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105447904,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105447904,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="} 01409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"thread_ts_usec":1605292105448108,"pkt":"qtsDr8lk5EKm5WPyht1gDBurAowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBgB+4JWAAABAQgKE2bkZMLdntgWAwECZwEAAmMDA01hkKus+MkqaNZ11u\/JhpX8opi+Paz\/2culjqS\/fRVYIMdAvSOkLp4IegED4alflZbkeoPKAFn+1vm3NO5kGg0FACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqamgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACAZgcv6djgDbSXoFxR2Bhsr1SLhgniKBtXtlIDDETXMCAAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAIKCgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNam9hQpY2hMMKuXsZwFntxH9VeeCDjG5ZumnFfjZUDtOBPLSzw4R57\/QCBI18BwcPm48mrUGyW53Ub1R1QzZAjB7iAKV4vFIwFfFqvyyzCt+XQCHUSkW6UYjU9HW8UHVOSLv+gTEZIbkGDOYtPsq7YccVngTZL3n3IHqwmTgcbP5ueNH8XOZq7\/Y1OeX7Wx9xVtrBDjNMgQxbOzaBnVFB93EKDMM4PQzj6qYiuKetEAoBMozzmixqRKxA5zUbOA5h0RPxge6RCPaz+BuJE3Cm\/zM5MOERtu8U1IsclnN2s3hdk+igAAxMH67OIYeJEbtrgELqGnjRFz2Dy5CExYP6mmzTrMo8NEajMnamg6uhqcAqBJ0WIxFJA=="} -01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105448108,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105448108,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105459292,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105459314,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105459314,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105459543,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCAiUGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBgB+\/IDAAABAQgKvgPSKsLdnuMWAwECAAEAAfwDA0SwrBQ+d5serlsxTSylSCJ2cOl7xaFhVNFnNENmyXzLII1+rGz9ESjQv1hbMrYHKnzgyMTJu0Ir\/kwfyDkc\/1pDACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVY29va2lleC5uZ2QueWFob28uY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA9g892NhkW61BobOu+QMSd1m\/f0wlw8Wps+OIILfVOLAAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAALq6gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105459543,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","domainame":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105459543,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","domainame":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105485825,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105485825,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou4O5h3ogBALPfjjAAABAQgKwt2e\/hNm5GQ="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105492745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105492745,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a5gJBmZgBALMKpAAAABAQgKwt2fBr4D0io="} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105494854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292105494854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105494854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292105494854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105669051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_usec":1605292105669051,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="} 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105669051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -108,7 +108,7 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105774640,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="} 00957{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105774640,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105774928,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBALhxGlAAABAQgKwt2gGCyJ4k4="} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605292105774928,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","domainame":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605292105774928,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","domainame":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105789000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":205,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":205,"pkt_l4_len":151,"thread_ts_usec":1605292105789000,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAJcGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBgLh4oBAAABAQgKwt2gIiyJ4k4XAwMAcvJ676RsxXZ5oBs6OGzQqykqUEr3Z5TFSkZKsLr3jmM2YiVsojp\/iKfkn4WsVwk6xE+3pYlY7baFutWk3YOJdUe42QIFmRoIaWPZHUxxJ72tc0a\/9w3XW4cb6EZieEibCx4fYcBpRjmfe8aHsBh0yypXqQ=="} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108746966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108746966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108746966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108746966,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="} @@ -127,9 +127,9 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292108917845,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605292108917920,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108917920,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292108918360,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBgB+1S7AAABAQgKBcmoXcLdrGcWAwECAAEAAfwDAwjhV3OqKqFQfpcnWP89rtumm\/UccggvWkyi\/8FQZPWxIDvu3xcXjzuK8OGeiJCkn4luO5ref2KxaCnpVBkTuZCrACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGAAWAAATNjQubWVkaWEudHVtYmxyLmNvbQAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgZaSQBi71IH\/A5WZQ4IeqmtWtcLONPQZBNc11j5iQXXAALQACAQEAKwALChoaAwQDAwMCAwEAGwADAgACuroAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292108918360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","domainame":"64.media.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292108918360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","domainame":"64.media.tumblr.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108948507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108948507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUZ6pXlYgBALMLUWAAABAQgKwt2sggXJqF0="} -01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108973288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292108973288,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","domainame":"64.media.tumblr.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108973288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292108973288,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","domainame":"64.media.tumblr.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114506948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292114506948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114506948,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292114506948,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292114736576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="} @@ -195,12 +195,12 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292121507427,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605292121507474,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121507474,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292121507997,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1AiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBgB+yW6AAABAQgKmLVM28Ld3ZQWAwECAAEAAfwDA9nSk2KeVcFHOIgIqlGvi0eycTTMQTOty0xI9t2BdS31IHNR5s\/xYMO8\/2mipv181fxQHxiQGiouoi3LhBjKSL1oACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY2F0YXN0ZXJzLnR1bWJsci5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIObRVS3K9ld1BBlaeDdBVyGReJdkTjt6xYTnNvdI\/itGAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAnp6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292121507997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","domainame":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292121507997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","domainame":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121536972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121536972,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYYDXPyRgBALMHR7AAABAQgKwt3dsZi1TNs="} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121674877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292121674877,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121674877,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121674877,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="} -01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121697370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292121697370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","domainame":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01681{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121697627,"flow_dst_last_pkt_time":1605292121698447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5097,"midstream":0,"thread_ts_usec":1605292121698447,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","domainame":"catasters.tumblr.com","tls": {"version":"TLSv1.2","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2","blocks":0}}} +01371{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121697370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292121697370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","domainame":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3s":"738f0c3c6e00286f3afac626676d352d","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121697627,"flow_dst_last_pkt_time":1605292121698447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5097,"midstream":0,"thread_ts_usec":1605292121698447,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","domainame":"catasters.tumblr.com","tls": {"version":"TLSv1.2","server_names":"*.tumblr.com,tumblr.com","ja3s":"738f0c3c6e00286f3afac626676d352d","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121698552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="} 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121915646,"flow_dst_last_pkt_time":1605292121915718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":11033,"midstream":0,"thread_ts_usec":1605292121915718,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":27721.0,"max":189403,"stddev":49540.4,"var":2454247936.0,"ent":3.2,"data": [21421,21468,523,29545,160398,189403,235,0,213,14,842,826,3808,144,202,28681,1,1011,77988,2,103570,74,656,29813,79144,108203,110,95,435,441,86]},"pktlen": {"min":72,"avg":454.0,"max":1472,"stddev":568.3,"var":322990.4,"ent":4.0,"data": [80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1],"entropies": [4.847575665,5.264388561,5.273682594,4.570615292,5.139187336,7.183391094,5.218127251,7.306411743,7.637944698,5.179864883,5.245904922,7.569734573,5.218127251,6.162980080,6.493566990,7.590200424,5.139187336,5.139187336,5.083631992,7.038479328,6.319642544,5.162571907,5.162571907,5.715408325,5.083631992,7.863587856,5.218127251,7.862967491,5.245904922,7.863145828,5.190349579,7.850796700]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122064463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122064463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -211,7 +211,7 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122094721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122094761,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122094761,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122094987,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBgB+5pFAAABAQgK2Fs6O8Ld39kWAwECAAEAAfwDA4SEFpd+Ui2RJOstUdyWPiOQJLso1+e8murU+rSUvScLIOxlBCWQSXeBEkOuoY9ArjNfnRtplIaJsV3gAzrnHWtBACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACBB0ZlvhvxIZjessBrEqcEd8cKmBCymsB2\/FWOJUIU9TwAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKKigABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122094987,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122094987,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122095843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122095843,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292122116538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122116538,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBAMRA6zAAABAQgKwt3f5SRHkBQ="} @@ -221,11 +221,11 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122163288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122163315,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122163315,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122163584,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBgB+67mAAABAQgKEsEoDMLd3\/0WAwECAAEAAfwDA7bS9qVsy5B4YR21YJQRtEh5Py7oz+4S+4EMfJZtbGRGIFTZBy5p0gziG2ybvndeac3\/kMpuKpBLUHIf7VQxlGl9ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGAAWAAATYWpheC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACPr6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp+voAAQAAHQAg8WEmWZ9OWDe9\/XkTSDe85PaENProAIW9qnEE9QmUWSAALQACAQEAKwALCurqAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122163584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","domainame":"ajax.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122163584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","domainame":"ajax.googleapis.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122165400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122165400,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5JAHmpvgBALMAhqAAABAQgKwt3gBdhbOjs="} -01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122177975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122177975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122177975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122177975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","domainame":"apis.google.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122207366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122207366,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbqCIuQ0+gBALMBcPAAABAQgKwt3gTxLBKAw="} -01379{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122212637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122212637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","domainame":"ajax.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122212637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122212637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","domainame":"ajax.googleapis.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122274057,"flow_dst_last_pkt_time":1605292122274042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":8808,"midstream":0,"thread_ts_usec":1605292122274057,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11497.2,"max":67472,"stddev":19899.9,"var":396007328.0,"ent":3.2,"data": [67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8]},"pktlen": {"min":72,"avg":378.4,"max":1280,"stddev":464.3,"var":215557.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0],"entropies": [4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122281616,"flow_dst_last_pkt_time":1605292122282509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":9011,"midstream":0,"thread_ts_usec":1605292122282509,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":14038.7,"max":83018,"stddev":20606.9,"var":424642560.0,"ent":3.6,"data": [30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942]},"pktlen": {"min":72,"avg":384.2,"max":1280,"stddev":474.8,"var":225406.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1],"entropies": [4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_usec":1605292122439986,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="} @@ -241,12 +241,12 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122697976,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122698027,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122698027,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="} 01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"thread_ts_usec":1605292122698360,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1AowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBgB+5tKAAABAQgKE2cnxsLd4joWAwECZwEAAmMDAxcqM3SukIiua6aXUWl305akyrAbsQ8fC5QrHYGn8yAqIOfUpAFM2ex8Yzi\/Sen\/tnD95LkMo2l4V+QtyZhS\/smCACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqKigAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDK7MvCss9kPuP\/sGQIpNIgaBZPSr9Qiypf8B3tmZxOcgAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAKamgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNcM02Z66mKz\/ebRIkuOX18rpowH2yWfRzdOZHXike\/2DtKx+3unPfKAy7bV8y4oY0zmw0E1pgUb7btO6Vjk+uxl7qJDciqRgqzQMVKk21FI05k9Tj8+QijWSqapfQXpJZo9ZGd54w+gB1V2q8Nw7dtF2+eFiyJH2mXerNpN0ZE6fUqgXQsD4DbRpYQjZTIcPcs\/we2ogtL0JfR+e875ICH323jad+VODdi9WWJ93O+ld3DiE0YkFyo7kp5dxhnBMUode0ut+uFiEfQ9mADB5yJ2cgEQe3BR1tRHNJhSdnJ6lY4sULQAxMNVjiEV0UOkpjkSg09LdgE2p3Pne63LSoF7PSJBmSVGBkf3yxkp3tDTf\/lSBUFM44A=="} -01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122698360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122698360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122698834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122698834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122698834,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122698834,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122740353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122740353,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGQ8FflcgBALPUoSAAABAQgKwt3iZBNnJ8Y="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122741055,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":731,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122755298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292122755298,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":731,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122755298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292122755298,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","domainame":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3s":"2253c82f03b621c5144709b393fde2c9","ja4":"t13d1515h2_8daaf6152771_0ece2fe8a3fb","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":746,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292122813676,"flow_dst_last_pkt_time":1605292122725006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":764,"flow_dst_max_l4_payload_len":1279,"flow_src_tot_l4_payload_len":4217,"flow_dst_tot_l4_payload_len":4676,"midstream":0,"thread_ts_usec":1605292122813676,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":98,"avg":1119414.5,"max":16588707,"stddev":4059258.8,"var":16477581213696.0,"ent":1.4,"data": [29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822]},"pktlen": {"min":72,"avg":350.4,"max":1351,"stddev":367.9,"var":135349.6,"ent":4.3,"data": [80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656]},"bins": {"c_to_s": [9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.797575951,5.229953289,5.190349579,7.030211926,4.972520828,6.811050892,5.091930866,6.334684849,7.516590118,5.055853844,5.055853844,7.313119888,5.190349579,7.806543827,5.218127251,7.745193005,5.000298500,7.694315910,5.134794235,7.706961155,5.028076172,7.266840458,5.190349579,7.564545631,4.972520828,7.854704857,5.162571907,7.655811310,5.000298500,7.622268677,5.134794235,7.624323368]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122874816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122874816,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="} @@ -326,7 +326,7 @@ 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122484196,"flow_dst_last_pkt_time":1605292122517767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":212,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":755,"packets-processed":755,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":329,"global_ts_usec":1605292122899206} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":755,"packets-processed":755,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":329,"global_ts_usec":1605292122899206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 755/755 ~~ skipped flows.............: 0 @@ -335,9 +335,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7675669 bytes -~~ total memory freed........: 7675669 bytes -~~ total allocations/frees...: 115565/115565 +~~ total memory allocated....: 8253265 bytes +~~ total memory freed........: 8253265 bytes +~~ total allocations/frees...: 127296/127296 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 573 chars ~~ json message max len.......: 2265 chars diff --git a/test/results/default/tunnelbear.pcap.out b/test/results/default/tunnelbear.pcap.out index f234516a5..b5410786e 100644 --- a/test/results/default/tunnelbear.pcap.out +++ b/test/results/default/tunnelbear.pcap.out @@ -1,18 +1,18 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":180833453,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180833453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":204,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":180833453,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180833453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":180833453,"pkt":"UlQAEjUCCAAns+YuCABFAADok9pAAEARvW8KAAIPjl1OT+EkymwA1AI7AQAAADFmGKwJrQ4czaGW2fivZifDA9bZgR+goGC1L1XT5Tb4ffONTEiIno7ADCXgv6ivhjOazMjC\/t3fNY+F6sUlmLsJKJDCgyGPUnt\/\/rJPAiu0ANf8FF8A7J313jnyFJAtRq6DvVU3WC8bIK2TvwFn3bJURdR7JOOW8a4igqigeFA5ckhI5+F1XHPSmY8AS0K+sKuVxh08pxhxLPsdtwiOTkCR0xbrNfYg21AogaRMjbfQPsSLDYOaMYAAAAAAAAAAAAAAAAAAAAAA"} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":180920999,"pkt":"CAAns+YuUlQAEjUCCABFAACABmkAAEARi0mOXU5PCgACD8ps4SQAbB8QAgAAAALKGgAxZhisCgAFM6wRAwETE2VWnB7YZghBjVnpNQ3KTJTOED2SjFWO8s1dICoQdyfV8AE0uBoG0OSiaX+P0MRGTYfAATJAL6RBGx5gpd\/iAAAAAAAAAAAAAAAAAAAAAA=="} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":180833453,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":204,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":180920999,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard.TunnelBear","proto_id":"206.299","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":180833453,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":204,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":180920999,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard.TunnelBear","proto_id":"206.299","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":180921737,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":180921737,"pkt":"UlQAEjUCCAAns+YuCABFAAA8lA5AAEARvecKAAIPjl1OT+EkymwAKBGZBAAAAALKGgAAAAAAAAAAANEgI73FyY4eHUJx9U1UE5w="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":180952857,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":180952857,"pkt":"UlQAEjUCCAAns+YuCABFAABslChAAEARvZ0KAAIPjl1OT+EkymwAWDU4BAAAAALKGgABAAAAAAAAAFC28F6vCsoDQl1BKDztz8bTxV\/i8iNoB8iJi5BnnIjKt8JoCFNvi2krNfZLHpmfDClTm9SLapiAtgmos93886Q="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":180952885,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":180952885,"pkt":"UlQAEjUCCAAns+YuCABFAABslClAAEARvZwKAAIPjl1OT+EkymwAWGIoBAAAAALKGgACAAAAAAAAAN+OZseZLG64qqjwhSSP6cXIgA4mV8Kre\/iZWIHFbWaRmSmw1+rPHtcU3wDw6AmdNtXHewk7LByBQZPbfZbxTAc="} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1655734524312623} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1655734524312623} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524312623,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524312623,"pkt":"ABoRAAACABoRAAABCABFAAA8wQ5AAEAGbKcKCAABaBGa7MQCAbs6\/WaPAAAAAKAC\/\/8qygAAAgQFtAQCCAoBY6eBAAAAAAEDAwg="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319931,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGXXZoEZrsCggAAQG7xALFAplwOv1mkFAS\/\/\/dDQAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524319986,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319986,"pkt":"ABoRAAACABoRAAABCABFAAAowQ9AAEAGbLoKCAABaBGa7MQCAbs6\/WaQxQKZcVAQ\/\/\/dDgAA"} 01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524320000,"pkt":"ABoRAAACABoRAAABCABFAAItwRBAAEAGarQKCAABaBGa7MQCAbs6\/WaQxQKZcVAY\/\/\/BLwAAFgMBAgABAAH8AwPk34tg8AHVJzjRYyHrpNCudSsBrVAevTx2Gxd6iOzlPiCmbhGpvk\/Hs9hN+pwujvy50uyqu5C3POsjOrMnub0cxgAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABmwAAABcAFQAAEmFwaS50dW5uZWxiZWFyLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAMAJ82VJCtYolEtrmEBslUOZ6TOvlCveQTCYtajEuEGwCsKFGEVjXgSM2\/W2kzbzFyzWer90vOdXYfA1a+pViPoEtG\/hx8A2b8WR7t5R30NjKogvAksZuJftTJdfteyHCIWMTYdfryMtphHjNW4SUNc4OV36Ht4AvrpkkXom5ksAYdtWwvzRyGAjoksL973FCtPYosKqdcPeFzh+o6Oxzshj72aNgAnzokPG8SothiU680Dg90cqLxiVDdMUydxwu+4AEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAFQBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524320000,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524320000,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524320123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524320123,"pkt":"ABoRAAACABoRAAABCABFAAAoAFVAABAGXXVoEZrsCggAAQG7xALFAplxOv1olVAQ\/\/\/bCQAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524335198,"flow_dst_last_pkt_time":1655734524335198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524335198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524335198,"flow_dst_last_pkt_time":1655734524335198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524335198,"pkt":"ABoRAAACABoRAAABCABFAAA8r3BAAEAGpgkKCAABaBFzKLAwAbtQpAj3AAAAAKAC\/\/+uSwAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="} @@ -25,36 +25,36 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524343748,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524345914,"pkt":"ABoRAAACABoRAAABCABFAAAoAFhAABAGhTZoEXMoCggAAQG7sDQINzcF98jI+1AS\/\/8YoAAA"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524345961,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524345961,"pkt":"ABoRAAACABoRAAABCABFAAAor3FAAEAGphwKCAABaBFzKLAwAbtQpAj4r1v3CVAQ\/\/8YpQAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524345975,"pkt":"ABoRAAACABoRAAABCABFAAItr3JAAEAGpBYKCAABaBFzKLAwAbtQpAj4r1v3CVAY\/\/8HwwAAFgMBAgABAAH8AwPPe3hbM8dAy+GlGgF0b7BMeTFTravNzEo1RIhmijyHVSDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524345975,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524345975,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524346036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524346036,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGhTVoEXMoCggAAQG7sDCvW\/cJUKQK\/VAQ\/\/8WoAAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524346049,"flow_dst_last_pkt_time":1655734524346049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524346049,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524346049,"flow_dst_last_pkt_time":1655734524346049,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524346049,"pkt":"ABoRAAACABoRAAABCABFAAA8HIhAAEAGOPIKCAABaBFzKLA6AbvglrsBAAAAAKAC\/\/9sQgAAAgQFtAQCCAoBY6eJAAAAAAEDAwg="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524346049,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524346950,"pkt":"ABoRAAACABoRAAABCABFAAAoAFpAABAGhTRoEXMoCggAAQG7sDofaUT+4Ja7AlAS\/\/8YmgAA"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524347016,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347016,"pkt":"ABoRAAACABoRAAABCABFAAAohANAAEAG0YoKCAABaBFzKLAyAbsgvSOG30Lce1AQ\/\/8YowAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524347041,"pkt":"ABoRAAACABoRAAABCABFAAIthARAAEAGz4QKCAABaBFzKLAyAbsgvSOG30Lce1AY\/\/+nOwAAFgMBAgABAAH8AwOBQin+ycoWMW96U2S7Nyf8lKHjOUpraieioMywXXJL4CDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347041,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347041,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524347175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347175,"pkt":"ABoRAAACABoRAAABCABFAAAoAFtAABAGhTNoEXMoCggAAQG7sDLfQtx7IL0li1AQ\/\/8WngAA"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524347199,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347199,"pkt":"ABoRAAACABoRAAABCABFAAAob35AAEAG5g8KCAABaBFzKLA0Abv3yMj7CDc3BlAQ\/\/8YoQAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524347219,"pkt":"ABoRAAACABoRAAABCABFAAItb39AAEAG5AkKCAABaBFzKLA0Abv3yMj7CDc3BlAY\/\/8gMQAAFgMBAgABAAH8AwNcAcPwKnj56cC0mJiZpEWc7eyWZWWRb+wm4SSq0gSKpSDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347219,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347219,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524347297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347297,"pkt":"ABoRAAACABoRAAABCABFAAAoAFxAABAGhTJoEXMoCggAAQG7sDQINzcG98jLAFAQ\/\/8WnAAA"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524347317,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347317,"pkt":"ABoRAAACABoRAAABCABFAAAoHIlAAEAGOQUKCAABaBFzKLA6AbvglrsCH2lE\/1AQ\/\/8YmwAA"} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524347416,"pkt":"ABoRAAACABoRAAABCABFAAItHIpAAEAGNv8KCAABaBFzKLA6AbvglrsCH2lE\/1AY\/\/\/taQAAFgMBAgABAAH8AwNzy1xM18VuxwIHxJY+cqMgXzNl9drV0itVzASv6gjKliDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347416,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347416,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524347518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347518,"pkt":"ABoRAAACABoRAAABCABFAAAoAF1AABAGhTFoEXMoCggAAQG7sDofaUT\/4Ja9B1AQ\/\/8WlgAA"} -01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524417182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1655734524417182,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} -01593{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524417598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5473,"midstream":0,"thread_ts_usec":1655734524417598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","server_names":"*.tunnelbear.com,tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF","blocks":0}}} -01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524479120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1655734524479120,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} -01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524479396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3655,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3655,"midstream":0,"thread_ts_usec":1655734524479396,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} -01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524479592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3658,"midstream":0,"thread_ts_usec":1655734524479592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} +01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524417182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1655734524417182,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524417598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5473,"midstream":0,"thread_ts_usec":1655734524417598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","server_names":"*.tunnelbear.com,tunnelbear.com","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF","blocks":0}}} +01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524479120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1655734524479120,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} +01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524479396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3655,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3655,"midstream":0,"thread_ts_usec":1655734524479396,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} +01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524479592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3658,"midstream":0,"thread_ts_usec":1655734524479592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524480852,"flow_dst_last_pkt_time":1655734524480852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524480852,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524480852,"flow_dst_last_pkt_time":1655734524480852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524480852,"pkt":"ABoRAAACABoRAAABCABFAAA83gpAAEAGu\/QKCAABovfzvLmIAbsjcXmhAAAAAKAC\/\/+l3QAAAgQFtAQCCAoBY6erAAAAAAEDAwg="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524480852,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524482578,"pkt":"ABoRAAACABoRAAABCABFAAAoAGxAABAGyaei9\/O8CggAAQG7uYjcjoZeI3F5olAS\/\/9T0QAA"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524482823,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524482823,"pkt":"ABoRAAACABoRAAABCABFAAAo3gtAAEAGvAcKCAABovfzvLmIAbsjcXmi3I6GX1AQ\/\/9T0gAA"} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524484592,"pkt":"ABoRAAACABoRAAABCABFAAIt3gxAAEAGugEKCAABovfzvLmIAbsjcXmi3I6GX1AY\/\/+WTAAAFgMBAgABAAH8AwPdoGF70W3A+CHAdR4ClxewXfs5tap8jsVR3I\/hQbsXjSAcEa4OgnAATC+4XMxeR+\/oOPBucT0zEVEWK1hzrBhSFwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAACIAIAAAHW1vYmlsZS1jb2xsZWN0b3IubmV3cmVsaWMuY29tABcAAAAjAMAc6HhX9xuZD5Fr70azY+MzqYNdAXSTjMQ4IA6wzEC2P3hVSk5QgFo5iPN2xg1o+OrJGswecJNUtgaP4gaSGrWjFfG2zUXgffNDHNV+JxDwYogQlHJkBCaTWoF4gGoKVEQnIZJK\/kZPneegIpzEvPMdOXoqoC7CrFaZW4VHcCgrWc7yMMTn+ST1zOaSeuDHkcyekWnAodKwzImkR5Kjgzq0BuxAy72wKWhansW2FOfhPyY4Bj0TSxTnmuiLslycsT8ADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABgAFQBeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524484592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524484592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524484796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524484796,"pkt":"ABoRAAACABoRAAABCABFAAAoAG9AABAGyaSi9\/O8CggAAQG7uYjcjoZfI3F7p1AQ\/\/9RzQAA"} -01638{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524597187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3864,"midstream":0,"thread_ts_usec":1655734524597187,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","server_names":"*.newrelic.com,newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77","blocks":0}}} +01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524597187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3864,"midstream":0,"thread_ts_usec":1655734524597187,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","server_names":"*.newrelic.com,newrelic.com","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77","blocks":0}}} 02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524914388,"flow_dst_last_pkt_time":1655734524915156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":2952,"flow_dst_tot_l4_payload_len":9379,"midstream":0,"thread_ts_usec":1655734524915156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":37391.9,"max":265866,"stddev":60218.7,"var":3626296576.0,"ent":3.5,"data": [4811,10763,14,6027,71146,71669,62476,63085,171,99,103,116,2258,2217,58331,58816,497,202,194,148,171,85,633,797,214474,265866,52392,51419,53825,54567,51776]},"pktlen": {"min":40,"avg":426.0,"max":3697,"stddev":812.3,"var":659832.9,"ent":3.5,"data": [60,40,40,557,40,3697,40,133,40,576,40,576,40,305,40,376,361,40,576,40,150,40,40,78,40,1632,40,691,40,352,40,2871]},"bins": {"c_to_s": [7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1],"entropies": [4.505928516,4.461769581,4.584184170,6.096171856,4.530641556,7.154915333,4.484183788,5.938849449,4.530641079,7.408299446,4.530641556,7.614147663,4.580641270,7.362629890,4.511769295,7.075150967,7.354639530,4.461769581,7.592569828,4.461769581,6.475907803,4.530641556,4.584184170,5.252028465,4.480641842,7.871288776,4.584184170,7.643190861,4.584184170,7.059779167,4.584184170,7.871583939]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525210582,"flow_dst_last_pkt_time":1655734525210582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525210582,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655734525210582,"flow_dst_last_pkt_time":1655734525210582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734525210582,"pkt":"ABoRAAACABoRAAABCABFAAA8oPNAAEAGtIYKCAABaBFzKLBEAbsaEwikAAAAAKAC\/\/\/kSwAAAgQFtAQCCAoBY6hXAAAAAAEDAwg="} @@ -64,20 +64,20 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1655734525218267,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525221695,"pkt":"ABoRAAACABoRAAABCABFAAAoAJNAABAGhPtoEXMoCggAAQG7sEZV93e9qgiIQ1AS\/\/8YjgAA"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1655734525221954,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525221954,"pkt":"ABoRAAACABoRAAABCABFAAAooPRAAEAGtJkKCAABaBFzKLBEAbsaEwil5ez3XFAQ\/\/8YkQAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734525221986,"pkt":"ABoRAAACABoRAAABCABFAAItoPVAAEAGspMKCAABaBFzKLBEAbsaEwil5ez3XFAY\/\/\/VWwAAFgMBAgABAAH8AwOD21mof\/yQQcqXJfkfiM\/Gq4YkF6Y5BPGpbf86MIansiAN71R3+ObtCkanxhMzSgwSAMPgpmEbcLpm\/4d\/FCeJcQAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurUenpIKScqougExtT90O4XVdylj7yhXbabgTI97Utdqq8X6Nd28DP0twFQg1m62LJ2BTFOikZhogFtIA9HG\/0BNh5wxWFPHzqFD7ZHCloKbcwsD9mzTrRPBd7mAj+Eo9r9UEQqvETsHu1i04iOc0WTq+lbcyk1RjLb9T0V85ZhgEBE7nnrdXLAig0BkXuYvUIQNVmcHG2vpp2qDRpQJPL7g+cIGx2aTgUEiylR3KxnhGgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525221986,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525221986,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525222170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525222170,"pkt":"ABoRAAACABoRAAABCABFAAAoAJRAABAGhPpoEXMoCggAAQG7sETl7PdcGhMKqlAQ\/\/8WjAAA"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1655734525222205,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525222205,"pkt":"ABoRAAACABoRAAABCABFAAAoIBtAAEAGNXMKCAABaBFzKLBGAbuqCIhDVfd3vlAQ\/\/8YjwAA"} 01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734525224208,"pkt":"ABoRAAACABoRAAABCABFAAItIBxAAEAGM20KCAABaBFzKLBGAbuqCIhDVfd3vlAY\/\/9sCgAAFgMBAgABAAH8AwMLkwU\/hFvxNVPmM2PwO25yhVvBKGFsW5iWv3P4rk7vySAN71R3+ObtCkanxhMzSgwSAMPgpmEbcLpm\/4d\/FCeJcQAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurUenpIKScqougExtT90O4XVdylj7yhXbabgTI97Utdqq8X6Nd28DP0twFQg1m62LJ2BTFOikZhogFtIA9HG\/0BNh5wxWFPHzqFD7ZHCloKbcwsD9mzTrRPBd7mAj+Eo9r9UEQqvETsHu1i04iOc0WTq+lbcyk1RjLb9T0V85ZhgEBE7nnrdXLAig0BkXuYvUIQNVmcHG2vpp2qDRpQJPL7g+cIGx2aTgUEiylR3KxnhGgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525224208,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525224208,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525224559,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525224559,"pkt":"ABoRAAACABoRAAABCABFAAAoAJVAABAGhPloEXMoCggAAQG7sEZV93e+qgiKSFAQ\/\/8WigAA"} -01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525281832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734525281832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525332870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734525332870,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525281832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734525281832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525332870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734525332870,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525773780,"flow_dst_last_pkt_time":1655734525773395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1655734525773780,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":35827.1,"max":233720,"stddev":54909.0,"var":3015001088.0,"ent":3.6,"data": [3428,3938,2003,2864,57273,107978,750,51373,305,140,145,128,138,133,50874,51892,1049,50443,50842,196795,233720,37672,51488,50853,51099,141,51026,454,234,444,1019]},"pktlen": {"min":40,"avg":149.7,"max":789,"stddev":198.3,"var":39337.4,"ent":4.1,"data": [60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40]},"bins": {"c_to_s": [9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0],"entropies": [4.472595215,4.630641460,4.634183884,6.061924934,4.530641556,6.057179928,4.684184074,5.430868149,4.530642033,7.374313831,4.580641747,7.639074802,4.530642033,7.179740906,4.461769581,5.884557247,7.359737873,4.580641747,5.284663200,4.580641747,7.730541706,4.684184074,6.845517159,4.684184074,5.293632984,4.565311909,5.134845257,4.480641842,4.465312481,4.430641651,4.480641842,4.471928596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":1,"flow_first_seen":180833453,"flow_src_last_pkt_time":181212896,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":2012,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1655734525874298,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard.TunnelBear","proto_id":"206.299","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":1,"flow_first_seen":180833453,"flow_src_last_pkt_time":181212896,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":2012,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1655734525874298,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard.TunnelBear","proto_id":"206.299","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734754614463,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754614463,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1655734754614463,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734754614463,"pkt":"ABoRAAACABoRAAABCABFAAAoVtFAAEAGeswKnoRbaBFyKJX+AbuhM960Ee9+klAQAVedJwAA"} 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1655734754615913,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734754615913,"pkt":"ABoRAAACABoRAAABCABFAAItVtJAAEAGeMYKnoRbaBFyKJX+AbuhM960Ee9+klAYAVc2sQAAFgMBAgABAAH8AwOffU2PEFvusphnSRt4iypv4+ZmiFJN5MhWLpPRgxBGWyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734754615913,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754615913,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734754615913,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754615913,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754648445,"flow_dst_last_pkt_time":1655734754648445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754648445,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1655734754648445,"flow_dst_last_pkt_time":1655734754648445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655734754648445,"pkt":"ABoRAAACABoRAAABCABFAAA0IExAAEAGe28KnoRbCAgICMewADWRpqgvfDsVvoAQAVcLYgAAAQEICgFkiHG27faC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1655734754650552,"flow_dst_last_pkt_time":1655734754648445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655734754650552,"pkt":"ABoRAAACABoRAAABCABFAAA0IE1AAEAGe24KnoRbCAgICMewADWRpqgvfDsVvoARAVcLYAAAAQEICgFkiHK27faC"} @@ -92,24 +92,24 @@ 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655734755247797,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755253147,"pkt":"ABoRAAACABoRAAABCABFAAAoAEtAABAGu2yd8AcgCggAAQG760Bh6FXTnheqLVAS\/\/8TvQAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1655734755253236,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755253236,"pkt":"ABoRAAACABoRAAABCABFAAAoIyxAAEAGaIsKCAABnfAHIOtAAbueF6otYehV1FAQ\/\/8TvgAA"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1655734755261650,"pkt":"ABoRAAACABoRAAABCABFAAENIy1AAEAGZ6UKCAABnfAHIOtAAbueF6otYehV1FAY\/\/+IWAAAFgMBAOABAADcAwOsr29P2twClx8bHowQVLbEFOIfgXx4Um\/PRTqetwAKayAJgCCyumPCkV7eO\/7Vf3tcjjqysKhIo+yuxRqkzL9EWgACEwEBAACRAA0ABAACBAMACgAEAAIAFwAtAAIBAQArAAUEAwT7GgAyAAQAAgQDAAAAGwAZAAAWbXF0dC1taW5pLmZhY2Vib29rLmNvbQAzAEcARQAXAEEEBf5Ra9IX7SPc8S6fcj6gxQyagTTzrgYTC+7wvM8qYnNgrN3e7bLLfQ9\/kVrPaK1nw304GIZoWsIceuyroYqzMw=="} -01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734755261650,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.2","ja3":"82932b3c6398511df186dfc9416db2d4","ja3s":"","ja4":"t00d010700_0f2cb44170f4_8e1d4e45f8f1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734755261650,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t00d010700_0f2cb44170f4_8e1d4e45f8f1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755261981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755261981,"pkt":"ABoRAAACABoRAAABCABFAAAoAExAABAGu2ud8AcgCggAAQG760Bh6FXUnherElAQ\/\/8S2QAA"} -01440{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755401702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2760,"midstream":0,"thread_ts_usec":1655734755401702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.3","ja3":"82932b3c6398511df186dfc9416db2d4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t00d010700_0f2cb44170f4_8e1d4e45f8f1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} +01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755401702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2760,"midstream":0,"thread_ts_usec":1655734755401702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","domainame":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t00d010700_0f2cb44170f4_8e1d4e45f8f1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759670358,"flow_dst_last_pkt_time":1655734759670358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734759670358,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1655734759670358,"flow_dst_last_pkt_time":1655734759670358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734759670358,"pkt":"ABoRAAACABoRAAABCABFAAA8gORAAEAGxNEKCAABY1OHqrnqAbsKjg29AAAAAKAC\/\/\/wSgAAAgQFtAQCCAoBZI1ZAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1655734759670358,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734759675362,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGdXZjU4eqCggAAQG7uer1cfJCCo4NvlAS\/\/\/\/JQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1655734759675514,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734759675514,"pkt":"ABoRAAACABoRAAABCABFAAAogOVAAEAGxOQKCAABY1OHqrnqAbsKjg2+9XHyQ1AQ\/\/\/\/JgAA"} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1655734759678624,"pkt":"ABoRAAACABoRAAABCABFAADNgOZAAEAGxD4KCAABY1OHqrnqAbsKjg2+9XHyQ1AY\/\/\/YtgAAFgMBAKABAACcAwNp+aodAZwhy854vK3YMbAdCOa+jBULG06oYohax\/LlpAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABX\/wEAAQAAAAAXABUAABJjYXBpLmdyYW1tYXJseS5jb20AFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAAAsAAgEAAAoACAAGAB0AFwAY"} -01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734759678624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","domainame":"capi.grammarly.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734759678624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","domainame":"capi.grammarly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759679237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734759679237,"pkt":"ABoRAAACABoRAAABCABFAAAoAFVAABAGdXVjU4eqCggAAQG7uer1cfJDCo4OY1AQ\/\/\/+gQAA"} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734760073409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1655734760073409,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","domainame":"capi.grammarly.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734760123780,"flow_dst_last_pkt_time":1655734760124600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":5414,"midstream":0,"thread_ts_usec":1655734760124600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","domainame":"capi.grammarly.com","tls": {"version":"TLSv1.2","server_names":"capi.grammarly.com,capi-msdk.grammarly.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=capi.grammarly.com","fingerprint":"1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734760073409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1655734760073409,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","domainame":"capi.grammarly.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01557{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734760123780,"flow_dst_last_pkt_time":1655734760124600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":5414,"midstream":0,"thread_ts_usec":1655734760124600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","domainame":"capi.grammarly.com","tls": {"version":"TLSv1.2","server_names":"capi.grammarly.com,capi-msdk.grammarly.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=capi.grammarly.com","fingerprint":"1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764418751,"flow_dst_last_pkt_time":1655734764418751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734764418751,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1655734764418751,"flow_dst_last_pkt_time":1655734764418751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734764418751,"pkt":"ABoRAAACABoRAAABCABFAAA8CMpAAEAGFLAKCAABSn3IvLfGFGxd05k2AAAAAKAC\/\/\/UHwAAAgQFtAQCCAoBZJH8AAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1655734764418751,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764423369,"pkt":"ABoRAAACABoRAAABCABFAAAoAGFAABAGTS1Kfci8CggAARRst8aiLGbJXdOZN1AS\/\/\/GXAAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1655734764423501,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764423501,"pkt":"ABoRAAACABoRAAABCABFAAAoCMtAAEAGFMMKCAABSn3IvLfGFGxd05k3oixmylAQ\/\/\/GXQAA"} 01255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_usec":1655734764426265,"pkt":"ABoRAAACABoRAAABCABFAAI9CMxAAEAGEq0KCAABSn3IvLfGFGxd05k3oixmylAY\/\/8lgwAAFgMBAhABAAIMAwPQqV6\/XDPY9+eFQAl61YOGsyFP552V\/ZndZv0yw7FMrSAiyjluEa\/DifWXNA3j4w+sCUv8aGLluyKFrtavmD6AzAAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAaEAAAAVABMAABBtdGFsay5nb29nbGUuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACCdjpKs00Rk5nhyQVIde4JwTCr+4ZSfRPtkDa\/rTxcFOwAtAAIBAQArAAkIAwQDAwMCAwEAKQEHAOIA3AHhLjkyJagZsK5yJTXQjn67URRVTl1KLG0ljNHj1XTvj3Fat17GOxP1DId7vAc1VojEW9JYszOL9xiI3kYIKi1eNJzKwLsX1klCWaZd3cQK2Gkjumf\/UB49TpeK8TIxcQVeZNaK0EenrON5xm2aYBuhj6IMgY\/X7c2zxo2i+Fs3brGOIhvCSqKCOPlmjeP4t7UNrmPaFQ77WPk7rlZsCFsLgmE7BKwMDer9rzQDynBnD9UMTCVHsEmNq\/thjMQ8ND6FLrOf53qxVXyQvhZN+kcWHqXXRARFbLq0lsfBY3ZnACEghDQOuRIjZnU+F7Mt3evP2P4CuyjN+L77rDjfKobYKbo="} -01504{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734764426265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"","ja4":"t13d171200_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01463{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734764426265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d171200_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764426590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764426590,"pkt":"ABoRAAACABoRAAABCABFAAAoAGJAABAGTSxKfci8CggAARRst8aiLGbKXdObTFAQ\/\/\/ESAAA"} 01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":27,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734525873766,"flow_dst_last_pkt_time":1655734525874298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":4308,"flow_dst_tot_l4_payload_len":9410,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524597364,"flow_dst_last_pkt_time":1655734524593066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3984,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -117,13 +117,13 @@ 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524597767,"flow_dst_last_pkt_time":1655734524593379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3985,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525633318,"flow_dst_last_pkt_time":1655734525631645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525773780,"flow_dst_last_pkt_time":1655734525773395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}} -01547{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764619627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":203,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":203,"midstream":0,"thread_ts_usec":1655734764619627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.3","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d171200_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01506{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764619627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":203,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":203,"midstream":0,"thread_ts_usec":1655734764619627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","domainame":"mtalk.google.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d171200_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776460292,"flow_dst_last_pkt_time":1655734776460292,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776460292,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776460292,"flow_dst_last_pkt_time":1655734776460292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776460292,"pkt":"ABoRAAACABoRAAABCABFAAA8JvtAAEAGL38KCAABaBFyKIQmAbsyg7tFAAAAAKAC\/\/9Q8AAAAgQFtAQCCAoBZJ2+AAAAAAEDAwg="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776460292,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776464346,"pkt":"ABoRAAACABoRAAABCABFAAAoAGhAABAGhiZoEXIoCggAAQG7hCbNfES6MoO7RlAS\/\/9FrgAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776465590,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776465590,"pkt":"ABoRAAACABoRAAABCABFAAAoJvxAAEAGL5IKCAABaBFyKIQmAbsyg7tGzXxEu1AQ\/\/9FrwAA"} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776467599,"pkt":"ABoRAAACABoRAAABCABFAAItJv1AAEAGLYwKCAABaBFyKIQmAbsyg7tGzXxEu1AY\/\/+IIwAAFgMBAgABAAH8AwNTpunh0LjCGnwVAqLDAciitV0MXZLQ78SEgG6X61y9YyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776467599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776467599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776467730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776467730,"pkt":"ABoRAAACABoRAAABCABFAAAoAGlAABAGhiVoEXIoCggAAQG7hCbNfES7MoO9S1AQ\/\/9DqgAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776512617,"flow_dst_last_pkt_time":1655734776512617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776512617,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776512617,"flow_dst_last_pkt_time":1655734776512617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776512617,"pkt":"ABoRAAACABoRAAABCABFAAA8+whAAEAGMq0KCAABaBGa7MbYAbtnT2bDAAAAAKAC\/\/8FIwAAAgQFtAQCCAoBZJ3LAAAAAAEDAwg="} @@ -134,7 +134,7 @@ 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776516959,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776519307,"pkt":"ABoRAAACABoRAAABCABFAAAoAGtAABAGhiNoEXIoCggAAQG7hC6mxsXIWTk6OFAS\/\/9FpgAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776519395,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776519395,"pkt":"ABoRAAACABoRAAABCABFAAAop\/xAAEAGrpEKCAABaBFyKIQuAbtZOTo4psbFyVAQ\/\/9FpwAA"} 01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776520253,"pkt":"ABoRAAACABoRAAABCABFAAItp\/1AAEAGrIsKCAABaBFyKIQuAbtZOTo4psbFyVAY\/\/9MfwAAFgMBAgABAAH8AwOknOCLy71YefiER+zKi8m1CnLACan\/7sQTy2WdZ0CVICBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776520253,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776520253,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776520427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776520427,"pkt":"ABoRAAACABoRAAABCABFAAAoAGxAABAGhiJoEXIoCggAAQG7hC6mxsXJWTk8PVAQ\/\/9DogAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776520455,"flow_dst_last_pkt_time":1655734776520455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776520455,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776520455,"flow_dst_last_pkt_time":1655734776520455,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776520455,"pkt":"ABoRAAACABoRAAABCABFAAA8vpVAAEAGl+QKCAABaBFyKIQyAbvrdiNYAAAAAKAC\/\/8vzwAAAgQFtAQCCAoBZJ3NAAAAAAEDAwg="} @@ -143,44 +143,44 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776527103,"flow_dst_last_pkt_time":1655734776527103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776527103,"pkt":"ABoRAAACABoRAAABCABFAAA8wepAAEAGlI8KCAABaBFyKIQ2AbtYcFwkAAAAAKAC\/\/+KBAAAAgQFtAQCCAoBZJ3OAAAAAAEDAwg="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776527103,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776537507,"pkt":"ABoRAAACABoRAAABCABFAAAoAG5AABAGhiBoEXIoCggAAQG7hDanj6PbWHBcJVAS\/\/9FngAA"} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776537556,"pkt":"ABoRAAACABoRAAABCABFAAIt+wpAAEAGMLoKCAABaBGa7MbYAbtnT2bEmLCZPVAY\/\/8\/EgAAFgMBAgABAAH8AwOH80T4CE4khYV1szYAtq+YZDsOD3qGDLe+3r1RXwNbuCA1kJ+Av4IHht19pxpJNBfZnKOurF+9kn4TKSkMzW91IwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABmwAAABcAFQAAEmFwaS50dW5uZWxiZWFyLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAMAJ82VJCtYolEtrmEBslUOZSXCRP0vr8LQObgnB\/pfPwTLNKtxWxaf6mW1EJhF4s1ufH5BEWRDYzY9\/h4q420TuILtHy62\/G+yPFzewJleDMF9wJVAx29BuRTffiQKaPG+Ax8uAbLXV4WUYsbo+BvPL6+9IYVJP1djS8vMCe2sn\/PZLn2LYxUzl2amwE\/FBSos8hqn8cx4P+h99GrkrMAVkGWuisHE7OZQbh8s9KizVlJ7sXpH1FCV888le4Rb2\/tAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAFQBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776537556,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776537556,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776538063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776538063,"pkt":"ABoRAAACABoRAAABCABFAAAoAG9AABAGXVtoEZrsCggAAQG7xtiYsJk9Z09oyVAQ\/\/\/YMwAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776538093,"flow_dst_last_pkt_time":1655734776538093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776538093,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776538093,"flow_dst_last_pkt_time":1655734776538093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776538093,"pkt":"ABoRAAACABoRAAABCABFAAA8tphAAEAGn+EKCAABaBFyKIQ4AbtFRStWAAAAAKAC\/\/\/N+wAAAgQFtAQCCAoBZJ3OAAAAAAEDAwg="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776538093,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539151,"pkt":"ABoRAAACABoRAAABCABFAAAoAHBAABAGhh5oEXIoCggAAQG7hDi6utSpRUUrV1AS\/\/9FnAAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776539181,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539181,"pkt":"ABoRAAACABoRAAABCABFAAAovpZAAEAGl\/cKCAABaBFyKIQyAbvrdiNZFIncqFAQ\/\/9FowAA"} 01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776539194,"pkt":"ABoRAAACABoRAAABCABFAAItvpdAAEAGlfEKCAABaBFyKIQyAbvrdiNZFIncqFAY\/\/8vTAAAFgMBAgABAAH8AwPEsc6CTwivs\/ByMWtjVkVeAiCB0uzU7VDcO3u\/BMNu3yBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776539194,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776539194,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776539255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539255,"pkt":"ABoRAAACABoRAAABCABFAAAoAHFAABAGhh1oEXIoCggAAQG7hDIUidyo63YlXlAQ\/\/9DngAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776539267,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539267,"pkt":"ABoRAAACABoRAAABCABFAAAowetAAEAGlKIKCAABaBFyKIQ2AbtYcFwlp4+j3FAQ\/\/9FnwAA"} 01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776539277,"pkt":"ABoRAAACABoRAAABCABFAAItwexAAEAGkpwKCAABaBFyKIQ2AbtYcFwlp4+j3FAY\/\/+c\/wAAFgMBAgABAAH8AwOqGYCUoX7WlmH6ltWde3RyWqua\/ToNUKpl4ZPw5WPBsyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776539277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776539277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776539342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539342,"pkt":"ABoRAAACABoRAAABCABFAAAoAHJAABAGhhxoEXIoCggAAQG7hDanj6PcWHBeKlAQ\/\/9DmgAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776541755,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776541755,"pkt":"ABoRAAACABoRAAABCABFAAAotplAAEAGn\/QKCAABaBFyKIQ4AbtFRStXurrUqlAQ\/\/9FnQAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776541777,"pkt":"ABoRAAACABoRAAABCABFAAIttppAAEAGne4KCAABaBFyKIQ4AbtFRStXurrUqlAY\/\/+r4gAAFgMBAgABAAH8AwMkKjoMXLKVnO5owWRfL+pfjnEnLKSyDkDVMn\/f2RUJIiBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776541777,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776541777,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776541966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776541966,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGhhtoEXIoCggAAQG7hDi6utSqRUUtXFAQ\/\/9DmAAA"} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776705460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776705460,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776705460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776705460,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776705767,"flow_dst_last_pkt_time":1655734776705767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776705767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776705767,"flow_dst_last_pkt_time":1655734776705767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776705767,"pkt":"ABoRAAACABoRAAABCABFAAA8nhVAAEAG++kKCAABovfzvLxeAbvXLAPvAAAAAKAC\/\/9urgAAAgQFtAQCCAoBZJ36AAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776705767,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776707406,"pkt":"ABoRAAACABoRAAABCABFAAAoAHVAABAGyZ6i9\/O8CggAAQG7vF4o0\/wQ1ywD8FAS\/\/9Q+wAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776707864,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776707864,"pkt":"ABoRAAACABoRAAABCABFAAAonhZAAEAG+\/wKCAABovfzvLxeAbvXLAPwKNP8EVAQ\/\/9Q\/AAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776708195,"pkt":"ABoRAAACABoRAAABCABFAAItnhdAAEAG+fYKCAABovfzvLxeAbvXLAPwKNP8EVAY\/\/\/ZQQAAFgMBAgABAAH8AwP2P\/anEHQDLYJzzNMuo0lVq1yDfOJ4xtlYm9HjmLjKQSAxsWZ00gpVVgL+6\/1OlRNTfpRGs4polAHP2pf73TCHlwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAACIAIAAAHW1vYmlsZS1jb2xsZWN0b3IubmV3cmVsaWMuY29tABcAAAAjAMAc6HhX9xuZD5Fr70azY+Mz8r8SsauutecKFcXwEw+w0rHkwbgHpv7fMcfvYs7QxtyTKncDznNyuTWRSvLgn1HPsz62a8nTggBprd+EjadxMsiHM\/gbj8Gmf6Exjq5wAZlkY2hVF4C4iZw7QZO7QNvb6Fk0bgTwmvSx15V0Lw\/e6fF4eWMfK5cJ73p0mSb9eEs7WD03tHdnvVMCnkRmj8q749R7b7mXdidYc5RMVyLUdFb0KMV0AYu9iiQCv7UTl3cADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABgAFQBeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776708195,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776708195,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776708284,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776708284,"pkt":"ABoRAAACABoRAAABCABFAAAoAHdAABAGyZyi9\/O8CggAAQG7vF4o0\/wR1ywF9VAQ\/\/9O9wAA"} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776870421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776870421,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776870956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776870956,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776871396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776871396,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776872181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776872181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776874125,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5473,"midstream":0,"thread_ts_usec":1655734776874125,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","server_names":"*.tunnelbear.com,tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF","blocks":0}}} -01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776969484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3864,"midstream":0,"thread_ts_usec":1655734776969484,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","server_names":"*.newrelic.com,newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776870421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776870421,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776870956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776870956,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776871396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776871396,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776872181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776872181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776874125,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5473,"midstream":0,"thread_ts_usec":1655734776874125,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","domainame":"api.tunnelbear.com","tls": {"version":"TLSv1.2","server_names":"*.tunnelbear.com,tunnelbear.com","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF","blocks":0}}} +01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776969484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3864,"midstream":0,"thread_ts_usec":1655734776969484,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","domainame":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","server_names":"*.newrelic.com,newrelic.com","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77","blocks":0}}} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776909928,"flow_dst_last_pkt_time":1655734777250607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2900,"flow_src_tot_l4_payload_len":3230,"flow_dst_tot_l4_payload_len":3163,"midstream":0,"thread_ts_usec":1655734777250607,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":39998.4,"max":340372,"stddev":83812.5,"var":7024526848.0,"ent":3.0,"data": [4054,5298,2009,3384,237730,240091,25,2380,9328,9409,226,61,1426,1484,112,59,79,69,100518,152574,52262,7046,20588,16017,10024,8002,820,1293,7036,6175,340372]},"pktlen": {"min":40,"avg":240.4,"max":2940,"stddev":516.4,"var":266681.9,"ent":3.5,"data": [60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940]},"bins": {"c_to_s": [3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1],"entropies": [4.460013390,4.480641842,4.515312195,6.108502865,4.580641747,6.049703121,4.634183884,5.378616810,4.580641747,5.520286560,4.580641747,5.850438595,4.530641556,7.632115364,4.530641556,7.628461361,4.580641747,6.826807022,4.530641556,5.918608665,5.310303688,4.580641747,5.303310871,7.209881783,4.580641747,7.572566509,4.580641747,6.476149559,4.580641747,7.298981190,4.530641556,7.923994541]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777904202,"flow_dst_last_pkt_time":1655734777904202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734777904202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1655734777904202,"flow_dst_last_pkt_time":1655734777904202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734777904202,"pkt":"ABoRAAACABoRAAABCABFAAA8VQtAAEAGAW8KCAABaBFyKIRCAbtalsosAAAAAKAC\/\/8YcQAAAgQFtAQCCAoBZJ8nAAAAAAEDAwg="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1655734777904202,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777909352,"pkt":"ABoRAAACABoRAAABCABFAAAoALVAABAGhdloEXIoCggAAQG7hEKlaTXTWpbKLVAS\/\/9FkgAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1655734777910499,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777910499,"pkt":"ABoRAAACABoRAAABCABFAAAoVQxAAEAGAYIKCAABaBFyKIRCAbtalsotpWk11FAQ\/\/9FkwAA"} 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734777912168,"pkt":"ABoRAAACABoRAAABCABFAAItVQ1AAEAG\/3sKCAABaBFyKIRCAbtalsotpWk11FAY\/\/8d9wAAFgMBAgABAAH8AwMmAdKYGKsqqphSvWqupDgnKUFtDbqLJVhyc5O8GAS+ayBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734777912168,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734777912168,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","domainame":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777912678,"pkt":"ABoRAAACABoRAAABCABFAAAoALZAABAGhdhoEXIoCggAAQG7hEKlaTXUWpbMMlAQ\/\/9DjgAA"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734762085906,"flow_dst_last_pkt_time":1655734762035602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":6373,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734777910457,"flow_dst_last_pkt_time":1655734777903866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2900,"flow_src_tot_l4_payload_len":4802,"flow_dst_tot_l4_payload_len":6169,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}} @@ -198,7 +198,7 @@ 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734756001569,"flow_dst_last_pkt_time":1655734755950969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01058{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr": []}}} 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":433,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94189,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":21,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":22,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1655734778245353} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":433,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94189,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":21,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":22,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1655734778245353} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 433/433 ~~ skipped flows.............: 0 @@ -207,9 +207,9 @@ ~~ total active/idle flows...: 22/22 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7115821 bytes -~~ total memory freed........: 7115821 bytes -~~ total allocations/frees...: 114951/114951 +~~ total memory allocated....: 7693438 bytes +~~ total memory freed........: 7693438 bytes +~~ total allocations/frees...: 126683/126683 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2181 chars diff --git a/test/results/default/tuya_lp.pcap.out b/test/results/default/tuya_lp.pcap.out index b0d63ffda..393e67e52 100644 --- a/test/results/default/tuya_lp.pcap.out +++ b/test/results/default/tuya_lp.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671220121927386} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1671220121927386} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220121927386,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtTsAAP8RUnvAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -104,7 +104,7 @@ 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220155060818,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220154967079,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220157322347,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1671220158572989} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":98,"packets-processed":98,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":107,"global_ts_usec":1671220158572989} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6938651 bytes -~~ total memory freed........: 6938651 bytes -~~ total allocations/frees...: 114354/114354 +~~ total memory allocated....: 7516247 bytes +~~ total memory freed........: 7516247 bytes +~~ total allocations/frees...: 126085/126085 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/ubntac2.pcap.out b/test/results/default/ubntac2.pcap.out index add27aac0..172a9bec3 100644 --- a/test/results/default/ubntac2.pcap.out +++ b/test/results/default/ubntac2.pcap.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1486943433175002} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1486943433175002} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1486943433175002,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="} 00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}} @@ -34,7 +34,7 @@ 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943504301123,"flow_src_last_pkt_time":1486943504301123,"flow_dst_last_pkt_time":1486943504301123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943443357445,"flow_src_last_pkt_time":1486943443357445,"flow_dst_last_pkt_time":1486943443357445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1486943504301123} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1486943504301123} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924281 bytes -~~ total memory freed........: 6924281 bytes -~~ total allocations/frees...: 114214/114214 +~~ total memory allocated....: 7501877 bytes +~~ total memory freed........: 7501877 bytes +~~ total allocations/frees...: 125945/125945 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 989 chars diff --git a/test/results/default/uftp_v4_v5.pcap.out b/test/results/default/uftp_v4_v5.pcap.out index c7934eb5e..151148cf8 100644 --- a/test/results/default/uftp_v4_v5.pcap.out +++ b/test/results/default/uftp_v4_v5.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470520349359079} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470520349359079} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520349359079,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470520349359079,"pkt":"AQBeBAQB4uTeDjcKCABFAABEKQoAAAERnJkKAAAB5gQEAZE1BBQAMPRHQAEAAAoAAAGW9MMEAJ0AAAEGABQAAAUUV6ZcHQAFelHmBAQB5gUFOA=="} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520349359079,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} @@ -15,7 +15,7 @@ 02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1470520360296546,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1470520360296546,"pkt":"AQBeBQU44uTeDjcKCABFAAVItJ0AAAERCsoKAAAB5gUFOJE1BBQFNPqDQAkAFwoAAAGW9MMEAGwYAAkCAAEAAAABdXwNPP7MjoQG3As8\/JQ6fO4EAWTHhAs8AAD+NPJE\/8j6ZAPcyYQCzP0U+6QofP7s6wTRhAWc3YQCrP+I7AT+FAHsBpz8JAdc9USmhAAIfXz\/TP6MFPzyxBz8+eT+vPvkAOTlBP10voQBBDp83YSChDB8toRJfAm8LnwDnJaE6gT\/8AIM\/4jpBP2UEvxZfP6cvoTjBA\/8BhxdfAJMAewR\/PAEroS2hAOcYXwCzAIsvoS6hEl8ANTtBADEAswBBI6EKnz5pP2024T\/PPlkBdzxRPsk+ySahCZ8\/wwACJKEAOQCzPREAMRdfADkHPz65P00CDz9VBv8\/5DrBNuEBVzbhP+QnoQACAB4Nnw8fDJ8WXzThAPcAez0RPy0BBwW\/KKEAwzNhNmE80T6ZPPEACi+hAHM4QT89P9s\/4j55ACU6gQCLPFE\/6j\/qL6EpoQsfP508cTjBP\/wAIT+VP98+uT81Fl8YXwAeP\/IAwzzRAk8Acz9tMuE\/8BxfP10BhzDhP1UdXz6JAScHvwCzOkEAmz8ZAAw\/CQCjNmEADD\/0E18AcwAcP3UvoT3RDh88cRtfN2E\/owLvAGM\/4gACBf8AEDdhA\/8+iTPhAk8JHwCzKaEAEj+nBj8\/4j1RBH8\/yzsBN+EAKT\/LPzUFfz\/+ABARXwQ\/A\/84gQAAA28C7z+7P\/o0YQACNeEz4QJPDx8hoT4RBT8AywC7A68\/wwCrAIMG\/zlBP4Uz4QAlBH8+6T0xIaE\/lQBZL6E8kRFfI6EPHz8lAUcdXwAQAcc+EQCjAA4w4QsfOkECjzFhCJ8\/qzHhP+4\/8jsBOkE\/uz5ZABwVXzZhOkE\/6j99AAwAiwB7P+gZXwBROYEyYTmBMeEAFhVfGV8AMTyxAB4AQQ2fOYEBxwU\/HV8bXyehP88Auwa\/P9sAiwAxE18+2TxRAEU\/8ge\/ABo90RtfP+gw4QFnAMMQXwJvAAo+qT89G18A0zwxALMzYQBrPZE\/9gLPP6MGvzxRP\/4y4S6hP+g\/lQB7OgEA2z+3Ch8\/TQufOUEAcwwfAIsAUT3xPvk\/6gX\/DB8noR5fOIE\/0z+jH18A5ymhAVcAMQCrOUEBxz\/2P+wdXzxxKaEBdwC7P30bXxZfP\/gF\/yKhIaEEfz65JqEBtwDnP7MaXz91KqEAFDsBN+E98TxRP10ALT\/qP+g\/xzoBGV8xYQOPANMAGABdAAo8cRpfPlkxYTZhBv8Hfz\/TAs834T0xMeE4QT75A886wT\/HAF0JnwG3Dh8\/uwEXA08AAgS\/PNEAqwPPAEk6gT\/qP\/o\/xzdhPok\/9gACPik\/9gA9LKEkoQAILqE\/PQG3Pok5gQwfOUEFPz9NJaE9UQFnP\/YOnwAeACUADgLvDR8BlwBBANscXz\/DEF8\/LQA5PwkAEgyfP+QDzz91P00AAgT\/PzU9cT7ZBT87AQCbABg\/xwLPOME04TDhP+4\/PQW\/AQcqoQZ\/AHMHPz2xDJ8CbwBBFl8AJSuhL6E90QAGN+Ey4QDLAAABBzuBPfEyYT9dDp8+2S2hPwkCDwFnOEE6gT\/fADkFPwBrBT8y4SehAIMCTz9NAAo34QufBf8\/8DDhF18AFCChAEE7wQX\/A48Cbz+NP+4\/XSOhP30moTwBAA4Acz+zAEk\/ywyfBT8\/dSKhH18AAD75Ag8\/nRFfA88A2yahP0UABjnBPskCbxNfAXc3YQAYG18IHz65A88InwJvP5UKnz+3AUcAHD\/2P+wLnzLhA=="} 02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1470520360306726,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1470520360306726,"pkt":"AQBeBQU44uTeDjcKCABFAAVItJ4AAAERCskKAAAB5gUFOJE1BBQFNPqDQAkAGAoAAAGW9MMEAGwYAAkCAAEAAAACWXwkfAAogoQIPP+YwYT8JLKEAFj+dP8s2YT9NB789kS6hACk\/TQE3DJ8ADDwBPok\/vwG3P+YANT4RAFE\/vwLvOME++SChNmE0YTzxAFk9ETyROkE2YTrBEl86gQC7Br8AGC2hPwkACAW\/AOcqoT\/6AB4CDwKvPHEvoQ6fAFE\/bQX\/P+o\/rz1RH188MTnBAZcNHwufPTE7wQFnKKEeXxJfAAA+KQBVOgEFvxxfAe8\/2wG3PDENHz\/yAGM++QW\/OMEG\/wAGAAwAORZfJqEBRzZhP+Q2YRpfP+Y\/4htfP\/Y\/6D99LKEAAgAAMWE9UQmfBP8ADCmhE180YTyRPtkACD\/XDZ8AFDDhABoAMQCbP88BBz\/TP789kQGHEF814QApOkExYT\/qAEEuoT+VEV8GfwF3OIE\/7gBZNGE9MSKhAFkZXz\/XP40DLx9fFF8+SS2hPFEACABjAAo6QTzRA\/8AmwA5P0UPnz9FAE0AAD\/+Bv8ADgBJPzUB7wAeIaEdXzyxIKE\/8iihP6cWXwLvP50w4TzRAA4Asz2xBz8w4TqBP3U\/yz+VCB8+eT91P7MDDyehARcFfz+nDB80YQufAdcALQR\/IKE++QAQPxkAmz\/qNuEE\/yOhPmk8URZfHF8KnzFhC58roQa\/P9c\/qzBhPkk\/VQAcP\/w\/6gMvPJEAww0fPjkKnwBFKKEE\/z\/PJ6EBlz8JP4U\/owCbAF0\/fTFhAB4FfwCLL6ECjz91PRENnwAYBH8AAABJN+ECbz+VAAoYXyOhAHsACgufE1880R1fG18CTz3RPbEPHwGXDp8F\/z8tAIs04T+nCZ8BZwC7AVctoT91MOEAXT\/qAFUPHwEHDJ8AFBZfDZ8\/lQd\/Ch8A0wBVAAQGPzvBAg85QQAIAZcCjxJfPdE\/owBBAAIA9wFXOYE5gQBrMuE\/dT\/bP00\/VQLvABw9ESKhAEE88QP\/BD8EPyyhA28+OT6JAEkCrwAEPHEkoRZfABQ14QAlFV8ASQFnPfEAgz+jPbEDbz\/DP7MALQBjP40ADD\/sAMs\/6j9VAGsHPwC7OQEloQOPNOE\/8D9VIKE8cT4pBX8moSqhPlkGvx5fAe8dXzHhPjk\/swIvAPcE\/z+dP3Uz4TFhPmk\/jQLvP8888TBhP\/IADj3xDp8BBy6hMWEAHADLP509MT\/sP3UE\/wCLAAA24QMPMeEWXzqBP\/QFPwAAK6EBpzxRAB4HPwFXP7sA5wmfMGEDzwGXAFk+WTPhAE0UXxpfP40wYQP\/P\/ow4RtfAA4\/nTmBBn8\/fQAABT8ADgAxABQkoQc\/NGEANQGHDJ8\/1z2RIqE80QAaAIs14T\/8BL8\/jTRhHF8BNzFhF18RXwIvPfEAFACjAu8cXwBdEl8BdwE3KqENnyuhPyU04T\/iMOE6QRNfCJ85ATFhIKEABjnBAYcAYxlfAWcfXwE3P0U6ATyRAi8AwzmBAFUASQufARcAiwAQPzUASRVfACUkoQEXPzUioR1fDx8+eQA9PskAAgAtP\/gJHyuhMOE8AQBRP9MAVT+zAScAqyChBP84QQBzCh8AAj3xLaE\/7AQ\/CJ8\/+D\/PAs85gQW\/OUEdXzkBASc+qT+zAHM9MQC7MWEAEgufIKE+ER9fAHsaXz\/qMeE\/uwAxJaEBlwCLMWEw4T7ZAAA3YT+nA88Jnz+vJaEAHj3xAC0\/nQOPCB8TXz8lDJ8OHyOhMmEVXz91P\/4BhzkBBv8wYT4pA88+EQAYJ6E\/6h1fA=="} 02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1470520360229659,"flow_src_last_pkt_time":1470520360591846,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39804,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520360591846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.5.5.56","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2611,"avg":11683.5,"max":34161,"stddev":5575.8,"var":31089772.0,"ent":4.8,"data": [30115,34161,2611,10180,10550,10594,10828,10246,10558,10557,10556,10583,10563,10535,10559,10563,10563,10560,10561,10563,10560,10566,10563,10559,10562,10561,10562,10568,10569,10551,10560]},"pktlen": {"min":52,"avg":1271.9,"max":1352,"stddev":310.4,"var":96320.5,"ent":4.9,"data": [52,88,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352]},"bins": {"c_to_s": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.032077789,4.387442589,6.264836311,6.324838638,6.289998055,6.323163033,6.229429245,6.406879425,6.267192841,6.205362320,6.298496723,6.241475582,6.138225555,6.329536438,6.287923336,6.323319435,6.333083630,6.235994816,6.309918404,6.324777603,6.341393471,6.331569195,6.304657459,6.334339142,6.321240425,6.300824165,6.315955162,6.324560642,6.260947227,6.319898605,6.235000610,6.290291309]},"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1587654931600405} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":284620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1587654931600405} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654931600405,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587654931600405,"pkt":"AQBeBAQBAAwp5FM7CABFAgBEsg8AAAERWzDAqAG65gQEAZJRBBQAMIVjUAEAAMCoAboCEajFAJ0AAAEGABQCAAUUAAWj9rg5P77mBAQB5gUFWA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654931600405,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} @@ -26,7 +26,7 @@ 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520360229659,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":0,"flow_first_seen":1470520360229659,"flow_src_last_pkt_time":1470520362577967,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.5.5.56","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654933667144,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1587654933667144} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":285420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1587654933667144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919829 bytes -~~ total memory freed........: 6919829 bytes -~~ total allocations/frees...: 114416/114416 +~~ total memory allocated....: 7497425 bytes +~~ total memory freed........: 7497425 bytes +~~ total allocations/frees...: 126147/126147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2386 chars diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out index a9b84d539..e3eb4e370 100644 --- a/test/results/default/ultrasurf.pcap.out +++ b/test/results/default/ultrasurf.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 04058{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609846,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -13,23 +13,23 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778372319,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1656652778421535,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778421535,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANJfAQAA\/BhQfCoQAF0ExRBmU6MOFszN1Dr8TpwSAEAFXcrgAAAEBCAoDVuLwJt9+2g=="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652778421539,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOZfBQAA\/BhIZCoQAF0ExRBmU6MOFszN1Dr8TpwSAGAFXVWEAAAEBCAoDVuLyJt9+2hYDAQIAAQAB\/AMDr1TvmxMyvNf+q717HlpuVMH9\/2gtPNvQ62Ai\/wsFQ4Egfoq8jeo6ii7AK7CjRsR0vzcKrDa5VfBts3k4lPGsvG8AIJqaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk8rKAAAAFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZ3vWq9kYKj\/3HkFLmmuM0Bc2kp7XBZSKjegj2paQwPPt0ERZnWpYSLR+I7K4AUK9Y2TaBWgf+V91OWtns7JMLmSahqNo2fkYDjSGf\/yU2ej1t1mOtjzmMMwNNMp0AhdbJ5wAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAg+punvdb2lxSVGdI6QjnaO96xqz7MDZUMuBufWP7ID30ALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACCgoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgHP+C37PmGfwkkqH3YtMvFo8GlUohGpFAmkcmxiOcfaY="} -01600{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778421539,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01559{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778421539,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778641891,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANDC5QAA3BoMmQTFEGQqEABfDhZTovxOnBLMzdxOAEAA1cMUAAAEBCAom33\/oA1bi8g=="} -01645{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652778641896,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652778641896,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02514{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652779042511,"flow_dst_last_pkt_time":1656652779222772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":5006,"flow_dst_tot_l4_payload_len":4491,"midstream":0,"thread_ts_usec":1656652779222772,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62676.8,"max":270784,"stddev":99488.0,"var":9897854976.0,"ent":3.4,"data": [211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4]},"pktlen": {"min":52,"avg":349.3,"max":1400,"stddev":449.6,"var":202163.0,"ent":4.0,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113]},"bins": {"c_to_s": [7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1],"entropies": [4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831434184,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831434184,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPDStQAA\/BncqCoQAF0ExRBmVCMOFn9EiagAAAACgAv\/\/g5YAAAIEBVAEAggKA1cWxwAAAAABAwMI"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831643678,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZUIPEwzlZ\/RImugEnEgLEwAAAIEBYwEAggKJuBPGgNXFscBAwMJ"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1656652831673898,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831673898,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANDSuQAA\/BncxCoQAF0ExRBmVCMOFn9EiazxMM5aAEAFXyn8AAAEBCAoDVxcDJuBPGg=="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652831673908,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOTSvQAA\/BnUrCoQAF0ExRBmVCMOFn9EiazxMM5aAGAFXu7MAAAEBCAoDVxcEJuBPGhYDAQIAAQAB\/AMDO7Zo\/JbRTk369S4SCoIhOmdg2TC3hkHYNT7vL9EGoF4gmvMu5lvj5xNX7exy1AfIdKk6v5iYOkqNu7hLh1Y7e9QAIFpaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk1paAAAAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZA+EuMf2lqc1yOKhVFtOQQEzV7TIAzUr4SQaoe3tyBYupujSwQJJFCyCF65TcO0wfF4l8YlF7mJ8mCVWiyJnQVyFOQ5cPFn287fUzN2Zjut\/czCT8Xb6ucpXDdeIzkMQwPQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAghi1p4yRBK379yGiurG3H4Jj+BGfDg24Eyg2DXh39FV0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACGhoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgJjoaetj0dIRwl01FzpE8h7C\/sNwfh2G7XMxsxF6YNAA="} -01600{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831673908,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01559{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831673908,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","vlan_id":200,"flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831894729,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANPHLQAA3BsITQTFEGQqEABfDhZUIPEwzlp\/RJHCAEAA1yI0AAAEBCAom4FAoA1cXBA=="} -01645{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01604{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1514h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02501{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832235258,"flow_dst_last_pkt_time":1656652832454997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":4808,"flow_dst_tot_l4_payload_len":5851,"midstream":0,"thread_ts_usec":1656652832454997,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":58770.5,"max":269120,"stddev":100848.2,"var":10170350592.0,"ent":3.1,"data": [209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3]},"pktlen": {"min":52,"avg":385.6,"max":1400,"stddev":479.7,"var":230117.0,"ent":4.1,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]},"bins": {"c_to_s": [7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"vlan_id":200,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":333,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":333,"packets-processed":333,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 333/333 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7054659 bytes -~~ total memory freed........: 7054659 bytes -~~ total allocations/frees...: 114540/114540 +~~ total memory allocated....: 7632297 bytes +~~ total memory freed........: 7632297 bytes +~~ total allocations/frees...: 126273/126273 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 572 chars ~~ json message max len.......: 4063 chars diff --git a/test/results/default/umas.pcap.out b/test/results/default/umas.pcap.out index 206d98158..a9133160d 100644 --- a/test/results/default/umas.pcap.out +++ b/test/results/default/umas.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1427906557268207} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1427906557268207} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557268207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1427906557268207,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557268207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1427906557268207,"pkt":"AABUFPJPPJcOkVSrCABFAAA0BEhAAIAGAADAqD9kwKg\/\/R4mAfZGhPwKAAAAAIAC+vAA2QAAAgQFtAEDAwABAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557269147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":28,"thread_ts_usec":1427906557269147,"pkt":"PJcOkVSrAABUFPJPCABFAAAwA8UAAEAGdlHAqD\/9wKg\/ZAH2HiaDEM+9RoT8C3ASEAC94gAAAgQFtAEDAwABAQ=="} @@ -9,7 +9,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1427906557270030,"flow_dst_last_pkt_time":1427906557270934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1427906557270934,"pkt":"PJcOkVSrAABUFPJPCABFAAAoA8YAAEAGdljAqD\/9wKg\/ZAH2HiaDEM++RoT8FVAQD\/3pnwAAAAAAAAAAr4V9rA=="} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906557351115,"flow_dst_last_pkt_time":1427906557356975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":1681,"midstream":0,"thread_ts_usec":1427906557356975,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":804,"avg":5537.9,"max":7349,"stddev":1780.8,"var":3171216.5,"ent":4.9,"data": [940,1019,804,1787,4681,6040,6956,6823,7337,7349,5705,5982,6152,6208,5897,5633,6112,6363,7173,6903,5759,5817,5975,5922,6032,6032,6059,6067,5931,5946,6272]},"pktlen": {"min":40,"avg":114.8,"max":301,"stddev":89.3,"var":7972.7,"ent":4.6,"data": [52,50,40,50,50,96,51,63,300,300,51,97,51,159,50,116,51,63,301,301,50,116,50,116,59,153,59,209,59,153,59,299]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,3,3,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.246296406,4.708757401,4.521928310,4.311788559,4.583464622,4.516215324,4.273243427,4.058829784,1.425814629,1.414997816,4.327260494,4.809130192,4.337956429,2.794489384,4.322699070,3.938342094,4.248828888,4.110339642,7.800658226,7.811439037,4.362698555,3.921101093,4.362698555,3.944849730,4.149783134,3.941774607,4.248089790,3.106703520,4.183681011,2.442554474,4.214191437,2.672472954]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus.UMAS","proto_id":"44.364","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":97,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906558034821,"flow_dst_last_pkt_time":1427906558034788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":16862,"midstream":0,"thread_ts_usec":1427906558034821,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus.UMAS","proto_id":"44.364","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":191,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1427906558034821} +00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":191,"packets-processed":191,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1427906558034821} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 191/191 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6913177 bytes -~~ total memory freed........: 6913177 bytes -~~ total allocations/frees...: 114329/114329 +~~ total memory allocated....: 7490773 bytes +~~ total memory freed........: 7490773 bytes +~~ total allocations/frees...: 126060/126060 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2164 chars diff --git a/test/results/default/upnp.pcap.out b/test/results/default/upnp.pcap.out index f422b5524..ec90e4b42 100644 --- a/test/results/default/upnp.pcap.out +++ b/test/results/default/upnp.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1541515314826314} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1541515314826314} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_usec":1541515314826314,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 01389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1541515317470215,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1541515317470215,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtoAAAERvoLAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314827161,"flow_src_last_pkt_time":1541515321472909,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515320458778,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1541515321472909} +00839{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":14,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":19,"global_ts_usec":1541515321472909} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910343 bytes -~~ total memory freed........: 6910343 bytes -~~ total allocations/frees...: 114160/114160 +~~ total memory allocated....: 7487939 bytes +~~ total memory freed........: 7487939 bytes +~~ total allocations/frees...: 125891/125891 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 614 chars ~~ json message max len.......: 1419 chars diff --git a/test/results/default/viber.pcap.out b/test/results/default/viber.pcap.out index 304d843be..568f856e9 100644 --- a/test/results/default/viber.pcap.out +++ b/test/results/default/viber.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1527155638428936,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -26,16 +26,16 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1527155639240854,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155639414725,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1527155639417273,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639417273,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155639419114,"pkt":"AA6OMNv9MAdNo1+nCABFAADoC6NAAEAGkIzAqAARNkWm4pB6Abv8W2qvTzEkCoAYAq3FAQAAAQEICgAhYTtMsKWZFgMBAK8BAACrAwOf\/2TjK8r1kWpdan2TJekyDzujbi8jagHQAHL6QuSe+wAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639419114,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639414725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155639419114,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639592888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155639592888,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0gc9AAOYGdRM2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG4XbAAAAQEICkywpcUAIWE7"} -01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155639594657,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01649{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155639594933,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} +01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155639594657,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155639419114,"flow_dst_last_pkt_time":1527155639594933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155639594933,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640085923,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640085923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640085923,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1527155640085923,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155640261254,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1527155640264334,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640264334,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1527155640275168,"pkt":"AA6OMNv9MAdNo1+nCABFAADosZRAAEAG6prAqAARNkWm4pB8Abt0c9Bx9BYx5YAYAq1TTQAAAQEICgAhYhBMsKZsFgMBAK8BAACrAwPxHao\/Q96Yxv6ptzoREqGRwhus41t797c9sc55oDAI4gAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640275168,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640261254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155640275168,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mapi.apptimize.com","domainame":"mapi.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1527155640275168,"flow_dst_last_pkt_time":1527155640450457,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155640450457,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0l3xAAOYGX2Y2RabiwKgAEQG7kHz0FjHldHPRJYAQAG6FIwAAAQEICkywppwAIWIQ"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641574870,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641574870,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641574870,"flow_dst_last_pkt_time":1527155641574870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1527155641574870,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="} @@ -47,10 +47,10 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641697916,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641714003,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641716061,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641716061,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155641717778,"pkt":"AA6OMNv9MAdNo1+nCABFAADs25NAAEAGCXnAqAARNuZdYOCwAbu7GrjlFg8sv4AYAq3PXQAAAQEICgAhY3p+anA4FgMBALMBAACvAwM9xUi6e2VHcfR2Et1lmWRy3PNn2wAw6MtgIjCKmCwNtgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAYABYAABNtZWRpYS5jZG4udmliZXIuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} -01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641717778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641714003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641717778,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641733771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641733771,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0XIVAAPQG1T425l1gwKgAEQG74LAWDyy\/uxq5nYAQAHY1FQAAAQEICn5qcDoAIWN6"} -01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641736492,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01567{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641736812,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39","blocks":0}}} +01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641736492,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641697916,"flow_src_last_pkt_time":1527155641717778,"flow_dst_last_pkt_time":1527155641736812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641736812,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"media.cdn.viber.com","domainame":"media.cdn.viber.com","tls": {"version":"TLSv1.2","server_names":"*.cdn.viber.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1527155641813689,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"} 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641813689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641813689,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -61,10 +61,10 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1527155641845544,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155641865014,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1527155641867207,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641867207,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1527155641868230,"pkt":"AA6OMNv9MAdNo1+nCABFAADrnX5AAEAGR7rAqAARNuZdNdKuAbvV1v7ndwuRKoAYAq2cvgAAAQEICgAhY6B+anCqFgMBALIBAACuAwM1qr437x53guPHYx6idTGnRu91RvVMpGhSbboCtiTLxAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABp\/wEAAQAAAAAXABUAABJkbC1tZWRpYS52aWJlci5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641868230,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641865014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155641868230,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641887306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155641887306,"pkt":"MAdNo1+nAA6OMNv9CABFAAA04YZAAPQGUGg25l01wKgAEQG70q53C5Eq1db\/noAQAHYchQAAAQEICn5qcKwAIWOg"} -01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641890520,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641890790,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A","blocks":0}}} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155641890520,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01527{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641868230,"flow_dst_last_pkt_time":1527155641890790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1527155641890790,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"dl-media.viber.com","domainame":"dl-media.viber.com","tls": {"version":"TLSv1.2","server_names":"*.viber.com,viber.com","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","ja4":"t12d1409h2_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A","blocks":0}}} 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1527155641845544,"flow_src_last_pkt_time":1527155641984215,"flow_dst_last_pkt_time":1527155641981830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":20153,"midstream":0,"thread_ts_usec":1527155641984215,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":8869.6,"max":47784,"stddev":14735.4,"var":217133360.0,"ent":3.3,"data": [19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080]},"pktlen": {"min":52,"avg":714.1,"max":1500,"stddev":673.4,"var":453425.2,"ent":4.3,"data": [60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52]},"bins": {"c_to_s": [11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.571673393,5.231404781,5.154164791,5.626152039,5.147462368,7.170236111,7.463209152,7.511432171,7.329006195,5.115703106,5.154164791,5.192625999,5.154164791,6.447020531,7.153199196,7.703028202,7.855375767,7.870701790,7.853311062,7.869762897,7.858384132,7.891494274,7.876748085,7.889567852,7.884804249,7.876610279,7.713707447,5.154164791,5.154164314,5.115703106,5.154164314,5.109001160]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","proto_id":"91.144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155644240774,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1527155644240774,"flow_dst_last_pkt_time":1527155644240774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1527155644240774,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="} @@ -80,9 +80,9 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1527155646850574,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155646851668,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1527155646855196,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646855196,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1527155646860573,"pkt":"AA6OMNv9MAdNo1+nCABFAAI5QKtAAEAGczPAqAARrNkXTqq2Abu2kyjV4Kxf1YAYAq1z5wAAAQEICgAhaICjjizLFgMBAgABAAH8AwNBPsdw19xPZmwn4MTofE7KpZzlehZ2ryKsHoehtt8SkyAtuuVLu0IaXHkCuJfDbS+MIlAXHQF7wFtqpJjA8h8AEwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAABgAFgAAE2FwcC1tZWFzdXJlbWVudC5jb20AFwAAACMA2gB3xmugirq4ty3TFMj+47dZbYBXktcQ\/Fy823lCDlYKB2I9H4xj09kCGfGET468Pn7WKGmpHa+d4io34b79G4zdduOMVQjYCVWJd2+svjjieR2WmccqyJfAVJDiSGaILG39AMxmPrLGKG+W90qFvZ+sjOk1xBxZC4lq\/vWERh9dI8LaVYFE2i7VMlSVzcW5MKdEpuvpZDk7ugj4\/NffY7m0Pt8V62OtFaSYvEHuUpsBuuh2p0N2Bnn0v0DCnV5O+4x\/YpKAcbs0\/4gq2kI7gwNYwqLZdKvB5cFAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAYABUATgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646860573,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646851668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646860573,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646861661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155646861661,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SUsAADoGspis2RdOwKgAEQG7qrbgrF\/VtpMq2oAQAKrpygAAAQEICqOOLNYAIWiA"} -01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646862539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1527155646862539,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155646850574,"flow_src_last_pkt_time":1527155646860573,"flow_dst_last_pkt_time":1527155646862539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1527155646862539,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","domainame":"app-measurement.com","tls": {"version":"TLSv1.2","ja3s":"67619a80665d7ab92d1041b1d11f9164","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646968117,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155646968117,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155646968117,"flow_src_last_pkt_time":1527155646968117,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155646968117,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_805741c9._sub._googlecast._tcp.local","domainame":"_805741c9._sub._googlecast._tcp.local","mdns": {}}} @@ -101,7 +101,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1527155648513495,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155648523699,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1527155648526879,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648526879,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} 00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1527155648533128,"pkt":"AA6OMNv9MAdNo1+nCABFAADscjJAAEAGbjnAqAARl2UBgtnCAbvgBRguc5vxF4AYAq0GIgAAAQEICgAhaiLIDMgpFgMBALMBAACvAwNMJ7CvztfSmUaRPcK3z4cAvGSi2\/cpgw4T9New8B2\/AwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAbABkAABZ2ZW5ldGlhLmlhZC5hcHBib3kuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648533128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com","domainame":"venetia.iad.appboy.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155648513495,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648523699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155648533128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"venetia.iad.appboy.com","domainame":"venetia.iad.appboy.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1527155648533128,"flow_dst_last_pkt_time":1527155648543275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155648543275,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0OTlAADoGreqXZQGCwKgAEQG72cJzm\/EX4AUY5oAQADvpRQAAAQEICsgMyC4AIWoi"} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1527155666982912,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982912,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1527155666982983,"flow_dst_last_pkt_time":1527155646968117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1527155666982983,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} @@ -127,10 +127,10 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1527155671066998,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1527155671237849,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1527155671240677,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671240677,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"thread_ts_usec":1527155671250450,"pkt":"AA6OMNv9MAdNo1+nCABFAADpFZFAAEAG0VPAqAARNrtbtr+YAbtog5WtghP4IoAYAq2yzwAAAQEICgAhgFEsBh44FgMBALABAACsAwNpu8fyH0bmBuIhI45OMI2QAejACKsvR53r1YItFVUgZgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABn\/wEAAQAAAAAYABYAABNicmFoZS5hcHB0aW1pemUuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671250450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671237849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155671250450,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671421054,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155671421054,"pkt":"MAdNo1+nAA6OMNv9CABFAAA05kFAAOYGW1c2u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG4d1gAAAQEICiwGHmYAIYBR"} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155671423359,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01653{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155671423665,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} +01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1527155671423359,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1527155671066998,"flow_src_last_pkt_time":1527155671250450,"flow_dst_last_pkt_time":1527155671423665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":4873,"midstream":0,"thread_ts_usec":1527155671423665,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"brahe.apptimize.com","domainame":"brahe.apptimize.com","tls": {"version":"TLSv1.2","server_names":"*.apptimize.com,apptimize.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t12d1409ht_c866b44c5a26_e08eabe7240f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5","blocks":0}}} 02215{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155675775126,"flow_dst_last_pkt_time":1527155675692683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":2947,"flow_dst_tot_l4_payload_len":930,"midstream":0,"thread_ts_usec":1527155675775126,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":129,"avg":328607.8,"max":525007,"stddev":210300.8,"var":44226416640.0,"ent":4.6,"data": [129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810]},"pktlen": {"min":48,"avg":149.2,"max":285,"stddev":100.4,"var":10086.1,"ent":4.7,"data": [285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155670663972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677865795,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoJAAEAGCKDAqAAREskEILFwAbuQXSU4zKxZYoARAq21qAAAAQEICgAhhscAWtCx"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1527155677865795,"flow_dst_last_pkt_time":1527155677897422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1527155677897422,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0iblAACsG7mgSyQQgwKgAEQG7sXDMrFlikF0lOYARANKbQAAAAQEICgBa7PMAIYbH"} @@ -165,7 +165,7 @@ 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"graph.facebook.com"}} 00997{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mapi.apptimize.com"}} 01018{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network","hostname":"app.adjust.com"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":425,"packets-processed":420,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":17,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":168,"global_ts_usec":1648952182644000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":425,"packets-processed":420,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":17,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":168,"global_ts_usec":1648952182644000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952182644000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="} @@ -202,7 +202,7 @@ 00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155648481643,"flow_src_last_pkt_time":1527155648481643,"flow_dst_last_pkt_time":1527155648506661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":141,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":141,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"venetia.iad.appboy.com"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":440,"packets-processed":435,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":17,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":205,"global_ts_usec":1648954023554000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":440,"packets-processed":435,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":17,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":205,"global_ts_usec":1648954023554000} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="} @@ -210,24 +210,24 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":451,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":17,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1648968035683000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":451,"packets-processed":446,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":17,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":213,"global_ts_usec":1648968035683000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183650000,"flow_dst_last_pkt_time":1648952183755000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":3321,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":452,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":17,"total-updates":4,"current-active-flows":1,"total-active-flows":29,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1715331685398311} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":452,"packets-processed":447,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":17,"total-updates":4,"current-active-flows":1,"total-active-flows":29,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":219,"global_ts_usec":1715331685398311} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715331685398311,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1715331685398311,"pkt":"CL6sCxduJjb1W8R1CABFAAAwLv5AAEARJz\/AqAycEsMEeZ4iAbsAHH8nAAEAACESpEJpS3RkcjBHQk5VUWM="} -01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715331685398311,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685398311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1715331685398311,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1715331685398311,"flow_dst_last_pkt_time":1715331685410686,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1715331685410686,"pkt":"Jjb1W8R1CL6sCxduCABFAABE3VtAAPMRxcwSwwR5wKgMnAG7niIAMKZZAQEAFCESpEJpS3RkcjBHQk5VUWMAIAAIAAGggXwxDdSAKAAEVLrX+g=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1715331685438872,"flow_dst_last_pkt_time":1715331685410686,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1715331685438872,"pkt":"CL6sCxduJjb1W8R1CABFAAA4LwFAAEARJzTAqAycEsMEeZ4iAbsAJA\/XAAMACCESpEIxYStaQlhLTjE4eVoAGQAEEQAAAA=="} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1715331685438872,"flow_dst_last_pkt_time":1715331685450305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1715331685450305,"pkt":"Jjb1W8R1CL6sCxduCABFIABw3VxAAPMRxX8SwwR5wKgMnAG7niIAXJRqARMAQCESpEIxYStaQlhLTjE4eVoACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2OWY0ZWExMDQyNDliZDFlABQACXZpYmVyLmNvbQAAAIAoAARzed6Q"} -01176{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685438872,"flow_dst_last_pkt_time":1715331685450305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1715331685450305,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.ViberVoip","proto_id":"78.414","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"viber.com","domainame":"viber.com","stun": {"mapped_address":"93.35.169.150:33171"}}} +01210{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331685438872,"flow_dst_last_pkt_time":1715331685450305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1715331685450305,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.ViberVoip","proto_id":"78.414","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"viber.com","domainame":"viber.com","stun": {"mapped_address":"93.35.169.150:33171","multimedia_flow_types":"Unknown"}}} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1715331685451739,"flow_dst_last_pkt_time":1715331685450305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1715331685451739,"pkt":"CL6sCxduJjb1W8R1CABFAACYLwJAAEARJtPAqAycEsMEeZ4iAbsAhK\/tAAMAaCESpEJUb0g2cXg2UTZ4ZDYAGQAEEQAAAAAGAB4xNzE1Mzc0ODg1OjU5Njk2NDM0NDk3MDE2NTgwNzIAAAAUAAl2aWJlci5jb20AAAAAFQAQNjlmNGVhMTA0MjQ5YmQxZQAIABR9bzPIbOVJLPCcAYDacCMg8OpbgA=="} 01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1715331685398311,"flow_src_last_pkt_time":1715331688662030,"flow_dst_last_pkt_time":1715331688673643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":560,"midstream":0,"thread_ts_usec":1715331688673643,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.195.4.121","src_port":40482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.ViberVoip","proto_id":"78.414","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"viber.com"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1715331688673643,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":466,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127821,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":30,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":230,"global_ts_usec":1715331688673643} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":466,"packets-processed":462,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127821,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":30,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":230,"global_ts_usec":1715331688673643} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 466/462 ~~ skipped flows.............: 0 @@ -236,9 +236,9 @@ ~~ total active/idle flows...: 30/30 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7164558 bytes -~~ total memory freed........: 7164558 bytes -~~ total allocations/frees...: 114998/114998 +~~ total memory allocated....: 7742154 bytes +~~ total memory freed........: 7742154 bytes +~~ total allocations/frees...: 126729/126729 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2483 chars diff --git a/test/results/default/vivox.pcapng.out b/test/results/default/vivox.pcapng.out new file mode 100644 index 000000000..60f80c9b6 --- /dev/null +++ b/test/results/default/vivox.pcapng.out @@ -0,0 +1,31 @@ +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1736098551173084} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736098551173084,"flow_src_last_pkt_time":1736098551173084,"flow_dst_last_pkt_time":1736098551173084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098551173084,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.98.21","src_port":40434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1736098551173084,"flow_dst_last_pkt_time":1736098551173084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736098551173084,"pkt":"WJz8EDlx8C90rUP1CABFAAA8QL1AAEAGgEjAqAENVexiFZ3yAbsgSJ2NAAAAAKAC+vB55QAAAgQFtAQCCArWFxEgAAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1736098551173084,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736098551287255,"pkt":"8C90rUP1WJz8EDlxCABFAAA89EdAAPIGGr1V7GIVwKgBDQG7nfKx4iqwIEidjqASEODR3gAAAgQFoAEBCAo3iZW\/1hcRIAQCAAA="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1736098551287268,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736098551287268,"pkt":"WJz8EDlx8C90rUP1CABFAAA0QL5AAEAGgE\/AqAENVexiFZ3yAbsgSJ2OseIqsYAQ+vB53QAAAQEICtYXEZI3iZW\/"} +00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1736098551288314,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1736098551288314,"pkt":"WJz8EDlx8C90rUP1CABFAAEZQL9AAEAGf2nAqAENVexiFZ3yAbsgSJ2OseIqsYAY+vB6wgAAAQEICtYXEZM3iZW\/FgMDAOABAADcAwN2jcTN7fcnePB42dANAkFMP7nqS0thMoYh+O24N5NjNgAAMsAszKnArcAKwCvArMAJwDDMqMAUwC\/AEwCdwJ0ANQCcwJwALwCfzKrAnwA5AJ7AngAzAQAAgQAFAAUBAAAAAAAKABYAFAAXABgAGQAdAB4BAAEBAQIBAwEEAAsAAgEAAA0AIgAgBAEICQgEBAMIBwUBCAoIBQUDCAgGAQgLCAYGAwIBAgMAFgAAABcAAAAjAAD\/AQABAAAAABcAFQAAEm10MXMud3d3LnZpdm94LmNvbQAcAAJAAA=="} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736098551173084,"flow_src_last_pkt_time":1736098551288314,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098551288314,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.98.21","src_port":40434,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Vivox","proto_id":"91.441","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"mt1s.www.vivox.com","domainame":"mt1s.www.vivox.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d251000_7415a186c913_577ffa9d9a5c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736098603422280,"flow_src_last_pkt_time":1736098603422280,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603422280,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.96.158","src_port":55921,"dst_port":40354,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1736098603422280,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736098603422280,"pkt":"WJz8EDlx8C90rUP1CABFAAA8+cMAAEARCK7AqAENVexgntpxnaIAKHh5gH9bqwAAAAD\/XRO8YAEEibT55wKQB51QAAAAAAAAASA="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1736098603460154,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1736098603460154,"pkt":"WJz8EDlx8C90rUP1CABFAABm+coAAEARCH3AqAENVexgntpxnaIAUnijgH9brAAAAoD\/XRO8YAEPCbT55wKQB51QBAbjeAAAQAB4C+TBNuzFjYxJRpkDoctvrhecGVpkCcOC+fGzGwVWZ66wYr8vd7aS3gA="} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1736098603480145,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1736098603480145,"pkt":"WJz8EDlx8C90rUP1CABFAACd+c0AAEARCEPAqAENVexgntpxnaIAiXjagH9brQAABQD\/XRO8YAEcybT55wKQB51QDBY2MAAAQAB4gD1KNOa9ziu4B\/P+5qq5RqiJyesGsQL2AlIgLTFs3CotH12hFo548kHlmVv\/0HCgQGFYM1MY4HkEp0ifB3gnMiZkAxRj5ytOooqsrmh1MlJgxWozkZ9N26hE3xts\/xqw"} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1736098603422280,"flow_src_last_pkt_time":1736098603480145,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603480145,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.96.158","src_port":55921,"dst_port":40354,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1736098603422280,"flow_src_last_pkt_time":1736098603480145,"flow_dst_last_pkt_time":1736098603422280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603480145,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.96.158","src_port":55921,"dst_port":40354,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736098551173084,"flow_src_last_pkt_time":1736098551288314,"flow_dst_last_pkt_time":1736098551287255,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736098603480145,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"85.236.98.21","src_port":40434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Vivox","proto_id":"91.441","proto_by_ip":"Vivox","proto_by_ip_id":441,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/vivox.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":16,"global_ts_usec":1736098603480145} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 7/7 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 464 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7489901 bytes +~~ total memory freed........: 7489901 bytes +~~ total allocations/frees...: 125890/125890 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 547 chars +~~ json message max len.......: 1277 chars +~~ json message avg len.......: 911 chars diff --git a/test/results/default/vk.pcapng.out b/test/results/default/vk.pcapng.out index 0cce4be8d..99a2705d6 100644 --- a/test/results/default/vk.pcapng.out +++ b/test/results/default/vk.pcapng.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675334160555793} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675334160555793} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1675334160555793,"pkt":"dNqIE5X\/CI6QkAulCABFAABYkT1AAEAGDU7AqAH5V\/CBg4RwAbulKVT5c9gL4IAYAfUCFQAAAQEIColQoiPg\/q3hFwMDAB8CiHoHbb46sk3wEVp76KY8pTJ63EhTj6jLGV9BFA03"} 00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -28,10 +28,10 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1675334163912330,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334163912330,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8NrJAAEAGQG7AqAH5V\/CpCoDeAbv+rdTPAAAAAKAC+vDONQAAAgQFtAQCCAqGVd7QAAAAAAEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1675334163924007,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163924007,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M1JAAEAGM1fAqAH5V\/C5iecSAbu7eFLfUNdjUoAQAfZ4HwAAAQEICgjLqWdPxntE"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1675334163925396,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334163925396,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5M1NAAEAGMVHAqAH5V\/C5iecSAbu7eFLfUNdjUoAYAfYVNQAAAQEICgjLqWhPxntEFgMBAgABAAH8AwNnbUUms7QYWRlqCZNhNSMraTYFvfiT1A85uxUfa\/O8cCDBLnOZTAAYcYr0\/ZDxJkl03RMY1c1gNEN8N0xr1smF9QAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTEwLnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKoswRjGbmCmpaxXSEHLvgd++No7Y14ZlWcFQ1J670JSABcAQQSIWxKfrT6sHQH\/lzxjLlsogxYMOxPXqUCRO7qDFvuXs\/ftLZkNDJWV+OuzkKqoYDx8nyIJtAIkk4FYjTOo9jfIACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01384{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334163925396,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163925396,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-10.userapi.com","domainame":"sun9-10.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01343{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334163925396,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163925396,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-10.userapi.com","domainame":"sun9-10.userapi.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1675334163926309,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163926309,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0NrNAAEAGQHXAqAH5V\/CpCoDeAbv+rdTQ0FRQoIAQAfaQUwAAAQEICoZV3t4hlCMC"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1675334163927880,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334163927880,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5NrRAAEAGPm\/AqAH5V\/CpCoDeAbv+rdTQ0FRQoIAYAfZwxgAAAQEICoZV3uAhlCMCFgMBAgABAAH8AwPYFC3+HLk+ra42QcRcW+4vj\/uAmRrp8TDn4tmDyIPkYiAyRnNxjUaEMd8VVhp20b\/ufXj4kauUhbWcflfaoiUJawAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTg3LnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOwK9qkxQoqdTlDuQKN96mzTVqQEPRPgZGelrus+MfYTABcAQQTrzqy1vJ8S5Dgj1CpKyIZ8zOVBKyHEIDa1+XZMd2VVJBbsoBLB+jw5+4njgJd1++yvrVZi8LCuDLcNUbR\/5\/BnACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334163927880,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163927880,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-87.userapi.com","domainame":"sun9-87.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334163927880,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163927880,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-87.userapi.com","domainame":"sun9-87.userapi.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1675334163945166,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163945166,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M1RAAEAGM1XAqAH5V\/C5iecSAbu7eFTkUNdueoAQAeBq4wAAAQEICgjLqXxPxntU"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1675334163945189,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163945189,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M1VAAEAGM1TAqAH5V\/C5iecSAbu7eFTkUNdzUoAQAddmFAAAAQEICgjLqXxPxntU"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1675334163945204,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334163945204,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0NrVAAEAGQHPAqAH5V\/CpCoDeAbv+rdbV0FRWNIAQAe2IoAAAAQEICoZV3vEhlCMS"} @@ -53,10 +53,10 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675334171362184,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334171362184,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8Q5pAAEAGM4XAqAH5V\/CpC+lKAbsWBT0vAAAAAKAC+vAqQAAAAgQFtAQCCAqCQZ62AAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675334171373776,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171373776,"pkt":"dNqIE5X\/CI6QkAulCABFAAA08dBAAEAGhV7AqAH5V\/CpA7s+AbsjOashlnO8o4AQAfYfGAAAAQEICl\/TQTv6Zhg5"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1675334171375184,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334171375184,"pkt":"dNqIE5X\/CI6QkAulCABFAAI58dFAAEAGg1jAqAH5V\/CpA7s+AbsjOashlnO8o4AYAfanBQAAAQEICl\/TQTz6Zhg5FgMBAgABAAH8AwNHM3kEP49myOvCSrXAdKU7Yt6+0sjdwtkn\/vIYZ8i6ByCh1E1RkB+FTTj6RPm5LdINb00L3aWCRB1EQjRMs3s1PAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTgwLnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDo5IpsibFD6a0cmcLXiDi07TFMgIUBdnuIa+4+kUXJWABcAQQQEANM0uFwKpAS3Hj\/IyxBKLb8exgHkG5uDFr8AdcI4svmD6cKjwB8Fjt5T7K7hn9wQKh8f1zySzoWNXjSn\/FR\/ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01382{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171375184,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171375184,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-80.userapi.com","domainame":"sun9-80.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171375184,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171375184,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-80.userapi.com","domainame":"sun9-80.userapi.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1675334171376069,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171376069,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0Q5tAAEAGM4zAqAH5V\/CpC+lKAbsWBT0wlfCfrYAQAfZlWwAAAQEICoJBnsQnYo+N"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1675334171377801,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675334171377801,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5Q5xAAEAGMYbAqAH5V\/CpC+lKAbsWBT0wlfCfrYAYAfbdOQAAAQEICoJBnsYnYo+NFgMBAgABAAH8AwOQ1ipKKkoBOZ1ua3rJnpVwxNltLBUKzPSnAqO7jB6ZTSDqwOo0Xqip4n\/tWNKbOc4+AttIdImTX1P6\/J9a5gSd6gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABNzdW45LTg4LnVzZXJhcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AINqRBqm9CArIXUTUUe8yUeEx1ltvRAxRNajVZs9KCmAuABcAQQTq007urizgZjRi5OGpgrFc+raEfEPKyONDr6A\/lZwBHl9Zs74ic9nuZPDfZEU1Zrv\/t8GYcbfrhBDNb7OmlPpwACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171377801,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171377801,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-88.userapi.com","domainame":"sun9-88.userapi.com","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171377801,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171377801,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"sun9-88.userapi.com","domainame":"sun9-88.userapi.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1675334171392040,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171392040,"pkt":"dNqIE5X\/CI6QkAulCABFAAA08dJAAEAGhVzAqAH5V\/CpA7s+AbsjOa0mlnPHy4AQAeAR4QAAAQEICl\/TQU36ZhhH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1675334171392071,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171392071,"pkt":"dNqIE5X\/CI6QkAulCABFAAA08dNAAEAGhVvAqAH5V\/CpA7s+AbsjOa0mlnPMo4AQAdcNEgAAAQEICl\/TQU36ZhhH"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1675334171393460,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334171393460,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0Q51AAEAGM4rAqAH5V\/CpC+lKAbsWBT81lfCq1YAQAeBYIwAAAQEICoJBntUnYo+d"} @@ -81,7 +81,7 @@ 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171488140,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":909,"packets-processed":909,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675334178414776} +00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":909,"packets-processed":909,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675334178414776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 909/909 ~~ skipped flows.............: 0 @@ -90,9 +90,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6976250 bytes -~~ total memory freed........: 6976250 bytes -~~ total allocations/frees...: 115173/115173 +~~ total memory allocated....: 7553846 bytes +~~ total memory freed........: 7553846 bytes +~~ total allocations/frees...: 126904/126904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 2271 chars diff --git a/test/results/default/vnc.pcap.out b/test/results/default/vnc.pcap.out index faebb7dd2..74890b2dc 100644 --- a/test/results/default/vnc.pcap.out +++ b/test/results/default/vnc.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1476111264364066} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1476111264364066} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1476111264364066,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364066,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364590,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} @@ -18,7 +18,7 @@ 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111287358990,"flow_dst_last_pkt_time":1476111287224950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1476111287358990,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":53542.1,"max":538844,"stddev":125065.9,"var":15641482240.0,"ent":3.0,"data": [107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724]},"pktlen": {"min":40,"avg":56.8,"max":75,"stddev":12.6,"var":158.0,"ent":5.0,"data": [52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67]},"bins": {"c_to_s": [13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2485,"flow_dst_packets_processed":1058,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111280884547,"flow_dst_last_pkt_time":1476111280846496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":64000,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":684,"flow_dst_packets_processed":324,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111290613528,"flow_dst_last_pkt_time":1476111290394024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":17754,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4551,"packets-processed":4551,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1476111290613528} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4551,"packets-processed":4551,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1476111290613528} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4551/4551 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7046136 bytes -~~ total memory freed........: 7046136 bytes -~~ total allocations/frees...: 118705/118705 +~~ total memory allocated....: 7623796 bytes +~~ total memory freed........: 7623796 bytes +~~ total allocations/frees...: 130438/130438 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 533 chars ~~ json message max len.......: 2389 chars diff --git a/test/results/default/vrrp3.pcapng.out b/test/results/default/vrrp3.pcapng.out index 3a836caf5..f41cb921f 100644 --- a/test/results/default/vrrp3.pcapng.out +++ b/test/results/default/vrrp3.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606456815,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="} 00893{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -12,7 +12,7 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","vlan_id":36,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589370643139440,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370643139440,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} 00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370680701452,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"vlan_id":36,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910227 bytes -~~ total memory freed........: 6910227 bytes -~~ total allocations/frees...: 114156/114156 +~~ total memory allocated....: 7487823 bytes +~~ total memory freed........: 7487823 bytes +~~ total allocations/frees...: 125887/125887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 939 chars diff --git a/test/results/default/vxlan.pcap.out b/test/results/default/vxlan.pcap.out index 533fcd3c9..e8ca4a861 100644 --- a/test/results/default/vxlan.pcap.out +++ b/test/results/default/vxlan.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","vlan_id":5,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645225,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -60,7 +60,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442864784,"flow_src_last_pkt_time":1639650442864881,"flow_dst_last_pkt_time":1639650442864784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645316,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":0,"flow_first_seen":1639650442941597,"flow_src_last_pkt_time":1639650443276182,"flow_dst_last_pkt_time":1639650442941597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68647,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"vlan_id":5,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":127,"packets-processed":127,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6930336 bytes -~~ total memory freed........: 6930336 bytes -~~ total allocations/frees...: 114352/114352 +~~ total memory allocated....: 7507932 bytes +~~ total memory freed........: 7507932 bytes +~~ total allocations/frees...: 126083/126083 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 614 chars ~~ json message max len.......: 2512 chars diff --git a/test/results/default/wa_video.pcap.out b/test/results/default/wa_video.pcap.out index a4871a13f..e9c3407f5 100644 --- a/test/results/default/wa_video.pcap.out +++ b/test/results/default/wa_video.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455764448302} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455764448302,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -11,41 +11,41 @@ 01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767568247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1561455767568247,"pkt":"kLkxKPrKxiwDYGpkCABFAAH8cYEAAFMGf6Gd8BQ1wKgCDBRmwMsu6FKhm9EhroAYALRm5AAAAQEICh5+deo0zyVKLSQRVEKsxJjcWg\/H\/lMobRMW7X9RKF\/hZslxhUvme\/4heGQVcnrwt\/Fm5F2U+oLk+gFf2tebzVJU2bS4GWtpyfd7t0eGRRsksu\/IwWXxVQVfXmQWdqBagMROU0+Iv7cKU9E8j8khrgiQj04I4dJ4yob8xXCok1OIYUG8NdpqehsPn5Rq59THddLOmCgUSKZz\/u1aE7VKWVIXUVp7k19fdFvu2yb39GEDWSdBf4J9Oqs32QeZC52b5oVKE0ithMi9GHf6l\/ui7QsmMqIoJ3dCOeAzESPIDse\/Uw0Z19U+hGKwuaFZZxgdpjsRxn00Hd+xbUGY0TDE8Z\/s2TerF+yrQYARAtLEhyCWaiulNjDn+9f5mpFDmqUMLqsqClVwjcqNgfvRUqMf1Kng1nEjbYVdz0eYwkqEjFo20rkpLUKiaSh7EGttgz7HvZkjaMo8Q4Blqb1fKhQbir5L3ofhHA7goOKU5PHOFmaXZoL5abuQvfLea45eBI4EWKOxGMZDoeA8fGnY5ydOnOswhZUwVx+Pbot37CPOJwe1CCDdAiYytUlelaYcf3Hqbnb4mn5pjMUkvJohvpHobUScb2AcifLrDY6QnEnHXu93"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789452,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789547,"pkt":"xiwDYGpkkLkxKPrKCABFAACax74AAEAReqPAqAIMHw1WMNG4DZYAhm0nAAMAaiESpEIMCJFuDJOtHXjqlE1AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789547,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01150{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789547,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789676,"pkt":"xiwDYGpkkLkxKPrKCABFAACaIVsAAEARBNTAqAIMuTzYM9G4DZYAhlDzAAMAaiESpEIMCJFuDJOtHXjqlE5AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789803,"pkt":"xiwDYGpkkLkxKPrKCABFAACa3V0AAEARSNHAqAIMuTzYM9G4DZYAhlDyAAMAaiESpEIMCJFuDJOtHXjqlE9AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789803,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789803,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790205,"pkt":"xiwDYGpkkLkxKPrKCABFAACaO9gAAEARHKbAqAIMnfDBMNG4DZYAhoNAAAMAaiESpEIMCJFuDJOtHXjqlFBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00987{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790329,"pkt":"xiwDYGpkkLkxKPrKCABFAACaLgUAAEARKnnAqAIMnfDBMNG4DZYAhoM\/AAMAaiESpEIMCJFuDJOtHXjqlFFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01120{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790329,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790329,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790753,"pkt":"xiwDYGpkkLkxKPrKCABFAACab00AAEAR1OTAqAIMszzAMNG4DZYAhm7yAAMAaiESpEIMCJFuDJOtHXjqlFJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790875,"pkt":"xiwDYGpkkLkxKPrKCABFAACaCwQAAEAROS7AqAIMszzAMNG4DZYAhm7xAAMAaiESpEIMCJFuDJOtHXjqlFNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790875,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790875,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769791001,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNcQAAEARH6zAqAIMnfDEPtG4DZYAhoAuAAMAaiESpEIMCJFuDJOtHXjqlFRAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00987{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769791128,"pkt":"xiwDYGpkkLkxKPrKCABFAACaC9gAAEARSZjAqAIMnfDEPtG4DZYAhoAtAAMAaiESpEIMCJFuDJOtHXjqlFVAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01120{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791128,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791128,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769802594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769802594,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k4AAFQRMGUfDVYwwKgCDA2W0bgANE7GAQMAGCESpEIMCJFuDJOtHXjqlEwAIAAIAAHuJHGmBnJAAgAIAAABa44EONE="} -01032{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769802594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769802594,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046"}}} +01066{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769802594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769802594,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046","multimedia_flow_types":"Unknown"}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769803703,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769803703,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k8AAFQRMGQfDVYwwKgCDA2W0bgANE7FAQMAGCESpEIMCJFuDJOtHXjqlE0AIAAIAAHuJHGmBnJAAgAIAAABa44EONE="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812721,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769812721,"pkt":"kLkxKPrKxiwDYGpkCABFAABI3v0AAFMRY8Sd8MQ+wKgCDA2W0bgANGHGAQMAGCESpEIMCJFuDJOtHXjqlFQAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="} -01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769812721,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046"}}} +01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769812721,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046","multimedia_flow_types":"Unknown"}}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769812753,"pkt":"kLkxKPrKxiwDYGpkCABFAABI3v4AAFMRY8Od8MQ+wKgCDA2W0bgANGHFAQMAGCESpEIMCJFuDJOtHXjqlFUAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769813684,"pkt":"kLkxKPrKxiwDYGpkCABFAABI86gAAFMRH9i5PNgzwKgCDA2W0bgANDKMAQMAGCESpEIMCJFuDJOtHXjqlE4AIAAIAAHuJHGmBnJAAgAIAAABa44EONY="} -01034{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769813684,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046"}}} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769813684,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046","multimedia_flow_types":"Unknown"}}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769817420,"pkt":"kLkxKPrKxiwDYGpkCABFAABIYqUAAFMRzt6zPMAwwKgCDA2W0bgANFCKAQMAGCESpEIMCJFuDJOtHXjqlFIAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="} -01034{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769817420,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046"}}} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769817420,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046","multimedia_flow_types":"Unknown"}}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769823739,"pkt":"kLkxKPrKxiwDYGpkCABFAABIblcAAFAR2nid8MEwwKgCDA2W0bgANGTSAQMAGCESpEIMCJFuDJOtHXjqlFAAIAAIAAHuJHGmBnJAAgAIAAABa44EON0="} -01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769823739,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046"}}} +01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455769823739,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:53046","multimedia_flow_types":"Unknown"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455770313920,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455770313920,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455770313920,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} @@ -62,20 +62,20 @@ 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1561455780246416,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455780246416,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInq0AAP8RG\/gAAAAA\/\/\/\/\/wBEAEMBNNtIAQEGAH5K8tcAOwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781247252,"pkt":"xiwDYGpkkLkxKPrKCABFAABIyagAAEARnszAqAIMATxOQNG46GMANIouAAEAGCESpELJdbow6qY0UK1Q3DAACAAUjCUqyJwTIDkKR+sjy0Uf5fkPaoE="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781352254,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="} -01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781879070,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="} -01238{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781879070,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781879070,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782059394,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="} -01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455782059394,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455782059394,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782574285,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782574285,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782679175,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782679175,"pkt":"xiwDYGpkkLkxKPrKCABFAABINRkAAEAR7qjAqAIMW\/w4M9G4f4EANKRJAAEAGCESpEL4j9YAEpPJGTu3VCAACAAUGXORRrB48FGvPcJutSVccHGlcxM="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783193737,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783193737,"pkt":"xiwDYGpkkLkxKPrKCABFAABIsaMAAEARttHAqAIMATxOQNG46GMANHtxAAEAGCESpEIVyYRJkvEHQDbjhQYACAAUZX4tAsQf0pHGsCjjkogdi3Laxls="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783298322,"pkt":"xiwDYGpkkLkxKPrKCABFAABIAp0AAEARISXAqAIMW\/w4M9G4f4EANIWbAAEAGCESpEK7pDhewrPJPGinrSwACAAUDjWxbcggz7kXknMp3MU9Yvs9ftw="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783331681,"pkt":"kLkxKPrKxiwDYGpkCABFAABIi6YAADERpxtb\/DgzwKgCDH+B0bgANIC7AAEAGCESpELmDdRM\/MC6WEQIBDAACAAUFJ5Jo0QxW+Y3GOxMikLa0AFDz2E="} -01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455783331681,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455783331681,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 02354{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":6,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783672290,"flow_dst_last_pkt_time":1561455783683909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":15240,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1561455783683909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":150054.5,"max":1979427,"stddev":383224.6,"var":146861080576.0,"ent":2.7,"data": [707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189]},"pktlen": {"min":72,"avg":523.5,"max":1146,"stddev":432.0,"var":186635.8,"ent":4.5,"data": [72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210]},"bins": {"c_to_s": [0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1],"entropies": [5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783829036,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783829036,"pkt":"xiwDYGpkkLkxKPrKCABFAABICZUAAEARXuDAqAIMATxOQNG46GMANOSYAAEAGCESpELddkAJ1F+LPT0EgzwACAAUXmgJtoJkdYveryQNIL+PUoNUtYY="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455791449110,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -108,7 +108,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1561455795283003} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":781,"packets-processed":781,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":111,"global_ts_usec":1561455795283003} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/781 ~~ skipped flows.............: 0 @@ -117,9 +117,9 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6963354 bytes -~~ total memory freed........: 6963354 bytes -~~ total allocations/frees...: 115065/115065 +~~ total memory allocated....: 7540994 bytes +~~ total memory freed........: 7540994 bytes +~~ total allocations/frees...: 126798/126798 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2441 chars diff --git a/test/results/default/wa_voice.pcap.out b/test/results/default/wa_voice.pcap.out index d5a376966..39f015032 100644 --- a/test/results/default/wa_voice.pcap.out +++ b/test/results/default/wa_voice.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","domainame":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -38,9 +38,9 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1561455689909150,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455689928899,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1561455690036803,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455690036803,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1561455690039586,"pkt":"xiwDYGpkkLkxKPrKCABFAAI5AABAAEAGAMvAqAIMHw1WM8VHAbtOnG1l7gMI\/YAYBAYvJwAAAQEICjTOBWCHqaVzFgMBAgABAAH8AwNcVCo+6ckxRamHLuTFRhM635aj8rPn5Xsyc8oyNs70zCDheIsHXcZUiMjn0WFeVyeYgqZCpFf+j0FPaajeZJof+QA0EwMTARMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACIAIAAAHW1lZGlhLW14cDEtMS5jZG4ud2hhdHNhcHAubmV0ABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGUBEpxLHOCHLdBePKDwToeE+eWXh1GjpLqsIp7hpBQmAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455690039586,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","domainame":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","ja4":"t13d2615h2_2802a3db6c62_0f2fdc61901b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455690039586,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","domainame":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2615h2_2802a3db6c62_0f2fdc61901b","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455690055150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455690055150,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0CsgAAFQGJAgfDVYzwKgCDAG7xUfuAwj9TpxvaoAQAHFafgAAAQEICoeppfc0zgVg"} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455690058075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455690058075,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","domainame":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.3","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","ja4":"t13d2615h2_2802a3db6c62_0f2fdc61901b","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455690058075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455690058075,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","domainame":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.3","ja3s":"475c9302dc42b2751db9edcac3b74891","ja4":"t13d2615h2_2802a3db6c62_0f2fdc61901b","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690224696,"flow_dst_last_pkt_time":1561455690224643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":7979,"midstream":0,"thread_ts_usec":1561455690224696,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20356.1,"max":163286,"stddev":46938.1,"var":2203181824.0,"ent":2.5,"data": [19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,0,250,1,16,17472,279,12,8,2386,284,150,389,567]},"pktlen": {"min":52,"avg":343.6,"max":1440,"stddev":489.7,"var":239839.3,"ent":3.9,"data": [64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0],"entropies": [4.453177452,5.156567574,5.038779736,4.954115391,5.062724590,7.845219135,7.875988007,7.363695621,5.038779736,5.077241421,6.006405830,6.022478580,5.964075089,5.738524437,7.327147007,7.233700752,5.115703106,6.979569435,6.337362766,5.826725960,5.032077789,6.041212559,7.548195839,4.923395157,4.961856842,5.000318050,4.947339535,7.873440742,5.038779736,7.854992867,7.876389503,5.699865818]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455701309996,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455701309996,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455701309996,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} @@ -69,40 +69,40 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706881597,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455706881597,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912375,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912436,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912436,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912436,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912561,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912682,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01121{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912682,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912682,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913062,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913136,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913136,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913136,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913639,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913891,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01121{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913891,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913891,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914378,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914597,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914597,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01155{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914597,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} -01034{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706925823,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372"}}} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706925823,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372","multimedia_flow_types":"Unknown"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925951,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925951,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPYAAFQRCb4fDVYwwKgCDA2W3AgANMY5AQMAGCESpEKmZ0918K0sABMVszcAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706935510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706935510,"pkt":"kLkxKPrKxiwDYGpkCABFAABIB5sAAFMROyed8MQ+wKgCDA2W3AgANNk5AQMAGCESpEKmZ0918K0sABMVsz4AIAAIAAHthnGmBnJAAgAIAAABa44DQzo="} -01037{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706935510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706935510,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372"}}} +01071{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706935510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706935510,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372","multimedia_flow_types":"Unknown"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706942065,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706942065,"pkt":"kLkxKPrKxiwDYGpkCABFAABISQ8AAFER\/sCd8MEwwKgCDA2W3AgANNxIAQMAGCESpEKmZ0918K0sABMVszoAIAAIAAHthnGmBnJAAgAIAAABa44DQz0="} -01037{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706942065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706942065,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372"}}} +01071{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706942065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706942065,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372","multimedia_flow_types":"Unknown"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706942143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706942143,"pkt":"kLkxKPrKxiwDYGpkCABFAABIdjQAAFMRu0+zPMAwwKgCDA2W3AgANMf9AQMAGCESpEKmZ0918K0sABMVszwAIAAIAAHthnGmBnJAAgAIAAABa44DQzo="} -01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706942143,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706942143,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372"}}} +01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706942143,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706942143,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372","multimedia_flow_types":"Unknown"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706945445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706945445,"pkt":"kLkxKPrKxiwDYGpkCABFAABIKZAAAFMR6fC5PNgzwKgCDA2W3AgANKn2AQMAGCESpEKmZ0918K0sABMVszgAIAAIAAHthnGmBnJAAgAIAAABa44DQ0I="} -01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706945445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706945445,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372"}}} +01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706945445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455706945445,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"80.180.162.48:52372","multimedia_flow_types":"Unknown"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706979952,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455706979952,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClm6MAAAIRafbAqAIM7\/\/\/+vzMB2wAkbYGTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706979952,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} @@ -116,9 +116,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1561455707474558,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455707511792,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1561455707513528,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455707513528,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1561455707524675,"pkt":"xiwDYGpkkLkxKPrKCABFAAI5AABAAEAGw+bAqAIMnfAUNMVIAbt68MpOu7CnhYAYBAZ\/fQAAAQEICjTOSaW1oF6CFgMBAgABAAH8AwOH9qQ7+yKL4tunVBajRAEMZcD0LnYn0chkBCJ8V\/W5wSAyZRitQuT5VUG0rd7O73q87mICh7P83OWE866NlPwORwA0EwMTARMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEHBwcy53aGF0c2FwcC5uZXQAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAzACYAJAAdACCprT1zqPKQIzBBlpj9bMg6Glq9UTNfNHVaZHTwErUpPQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAKcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707524675,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","domainame":"pps.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_c5b8c5b1cdcb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707524675,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","domainame":"pps.whatsapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_c5b8c5b1cdcb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707563261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455707563261,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0dcMAAFMGfSid8BQ0wKgCDAG7xUi7sKeFevDMU4AQAHH9LAAAAQEICrWgXrQ0zkml"} -01369{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707564246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455707564246,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","domainame":"pps.whatsapp.net","tls": {"version":"TLSv1.3","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","ja4":"t13d2614h2_2802a3db6c62_c5b8c5b1cdcb","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707564246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455707564246,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","domainame":"pps.whatsapp.net","tls": {"version":"TLSv1.3","ja3s":"475c9302dc42b2751db9edcac3b74891","ja4":"t13d2614h2_2802a3db6c62_c5b8c5b1cdcb","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707778028,"flow_dst_last_pkt_time":1561455707778471,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":9370,"midstream":0,"thread_ts_usec":1561455707778471,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":19593.0,"max":129132,"stddev":30818.3,"var":949767616.0,"ent":3.5,"data": [37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120]},"pktlen": {"min":52,"avg":374.4,"max":1440,"stddev":526.3,"var":277041.4,"ent":3.9,"data": [64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440]},"bins": {"c_to_s": [10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1],"entropies": [4.421927452,5.127645493,4.947339535,4.844649315,5.024262905,7.828526497,7.880538940,7.342582226,4.947340012,4.947340012,6.096442223,5.933140755,5.903703690,5.761512756,7.014289856,6.959705353,6.368111134,4.923395157,4.923395157,5.597574711,5.062724590,5.763532162,4.985801220,5.859550953,4.947339535,4.985801220,7.559065819,4.947340012,7.871157646,7.859573364,7.846300602,7.844365597]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1561455709888553,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1561455709888553,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1561455709890098,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455709890098,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} @@ -145,22 +145,22 @@ 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1561455729803232,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455729803232,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqcAAP8RG\/4AAAAA\/\/\/\/\/wBEAEMBNNt7AQEGAH5K8tcACAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455730495456,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} -01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} -01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731073692,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731073692,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455731356928,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 02227{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546]},"pktlen": {"min":30,"avg":110.0,"max":306,"stddev":87.2,"var":7598.9,"ent":4.6,"data": [154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1],"entropies": [6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731665769,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731699179,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="} -01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455731699179,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455731699179,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731771636,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="} -01087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731876139,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":347,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455731876139,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731876139,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":347,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455731876139,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","stream_content":"Audio"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732298035,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="} -01238{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455732298035,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455732298035,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1561455732919461,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732919461,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="} 02369{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1561455733543524,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455733543524,"pkt":"xiwDYGpkkLkxKPrKCABFAABIhgkAAEAR4mvAqAIMATxOQNwI+xoANNyjAAEAGCESpEKaqxAMcXf5HhivnksACAAUXrUv35eEVCK3ZPufCanP8gSQnE8="} @@ -218,7 +218,7 @@ 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704557041,"flow_src_last_pkt_time":1561455704557041,"flow_dst_last_pkt_time":1561455704557041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690240149,"flow_dst_last_pkt_time":1561455690302153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":20101,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":736,"packets-processed":734,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":22,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":221,"global_ts_usec":1561455743434771} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":736,"packets-processed":734,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":22,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":221,"global_ts_usec":1561455743434771} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 ~~ skipped flows.............: 0 @@ -227,9 +227,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7090460 bytes -~~ total memory freed........: 7090460 bytes -~~ total allocations/frees...: 115199/115199 +~~ total memory allocated....: 7668100 bytes +~~ total memory freed........: 7668100 bytes +~~ total allocations/frees...: 126932/126932 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 524 chars ~~ json message max len.......: 2501 chars diff --git a/test/results/default/waze.pcap.out b/test/results/default/waze.pcap.out index 76e5be30b..47b4b0278 100644 --- a/test/results/default/waze.pcap.out +++ b/test/results/default/waze.pcap.out @@ -1,5 +1,5 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435587866603221} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1435587866603221} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587866603221,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587866603221,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1435587867103902,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587867103902,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} @@ -28,32 +28,32 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1435587868645018,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868645018,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1435587868645125,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868645125,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868633828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1435587868906825,"pkt":"ABoRAAACABoRAAABCABFAAB7145AAEAGPlMKCAABNubjrLHZAFCatruQZUlEcVAY\/\/9jcwAAR0VUIC9pbWFnZXMvSEQvQ0gyLnBuZyBIVFRQLzEuMA0KSG9zdDogcm9hZHNoaWVsZHMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQo="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868633828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587868906825,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868633828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587868906825,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1435587868906825,"flow_dst_last_pkt_time":1435587868908213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868908213,"pkt":"ABoRAAACABoRAAABCABFAAAodHZAABAG0b425uOsCggAAQBQsdllSURxmra741AQ\/\/\/YugAA"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868996463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587868996463,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868996463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587868996463,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868998782,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1435587869002019,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869002019,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587869002239,"pkt":"ABoRAAACABoRAAABCABFAADejYhAAEAGxp8KCAABLjOtto0EAbvOcuGGMY0ee1AY\/\/+QzQAAFgMBALEBAACtAwFksj7uK\/R43HfLeC3YagY+KKYMl8Gp\/0RLJxa1HLl7kwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869002239,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869002239,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869002486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869002486,"pkt":"ABoRAAACABoRAAABCABFAAAodHlAABAGEGUuM622CggAAQG7jQQxjR57znLiPFAQ\/\/86awAA"} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1435587869054724,"pkt":"ABoRAAACABoRAAABCABFAADWcVlAAEAGms0KCAABrcJ2MI7pAburox2AVFzigVAY\/\/9mQwAAFgMBAKkBAAClAwGlXtzD4CYR60HmpO3Epp6iuyOtJr59nHMXn8J60vKduCBvCKEM0sorljArU6qw4dCFWjF23JNAwYV6Z6lEcvF3aQAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869054724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869054724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869054928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869054928,"pkt":"ABoRAAACABoRAAABCABFAAAodHxAABAGyFitwnYwCggAAQG7julUXOKBq6MeLlAQ\/\/\/whAAA"} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587869106324,"pkt":"ABoRAAACABoRAAABCABFAADeH6tAAEAGNH0KCAABLjOtto0GAbtbbHOupJOMU1AY\/\/9DnQAAFgMBALEBAACtAwGHsWGgHOt8dG+f+uI0AkWsU3L2DLrIYI7d\/JEa4+8W9QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869106324,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869106324,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869106781,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869106781,"pkt":"ABoRAAACABoRAAABCABFAAAodH5AABAGEGAuM622CggAAQG7jQakk4xTW2x0ZFAQ\/\/86aQAA"} -01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869107169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1435587869107169,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","blocks":0}}} +01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869107169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1435587869107169,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"23f1f6e2f0015c166df49fdab4280370","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","blocks":0}}} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869162594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869162594,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869162594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587869162594,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869163745,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1435587869163885,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869163885,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1435587869165386,"pkt":"ABoRAAACABoRAAABCABFAAC0XmpAAEAGtz4KCAABNubjrLHgAFDjpDJRHFvNsFAY\/\/8QEAAAR0VUIC9sYW5nX2Fzci9sYW5nLnBvcnR1Z3Vlc2VfYnJfYXNyIEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFR1ZSwgMjggQXByIDIwMTUgMTQ6NTA6MjUgR01UDQo="} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869165386,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869165386,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869165848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869165848,"pkt":"ABoRAAACABoRAAABCABFAAAodIVAABAG0a825uOsCggAAQBQseAcW82w46Qy3VAQ\/\/\/YegAA"} -01413{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869425938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587869425938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01689{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} -01689{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01372{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869425938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587869425938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01648{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01648{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1435587870163940,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587870163940,"pkt":"ABoRAAACABoRAAABCABFAABNMsRAAEAGQsMKECWdriXnUaUQFGaA18okWhY9doAYAVcm3gAAAQEICgAIbJ1BJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587867781306,"flow_dst_last_pkt_time":1435587871459664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587871459664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net","domainame":"xtra1.gpsonextra.net","http": {"url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871656080,"flow_dst_last_pkt_time":1435587871656080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871656080,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -65,10 +65,10 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1435587871658817,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871659994,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871660158,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871660158,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1435587871689811,"pkt":"ABoRAAACABoRAAABCABFAADD\/jZAAEAGF2MKCAABNubjrLHiAFBcJZMHo9ps+lAY\/\/+63QAAR0VUIC9sYW5nX3R0cy9sYW5nLnBvcnR1Z3Vlc2VfYnJfdHRzP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMDggQXByIDIwMTUgMTI6MTI6MjcgR01UDQo="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871689811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871689811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1435587871689811,"flow_dst_last_pkt_time":1435587871690083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871690083,"pkt":"ABoRAAACABoRAAABCABFAAAodJ9AABAG0ZU25uOsCggAAQBQseKj2mz6XCWTolAQ\/\/\/YaQAA"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1435587871690486,"pkt":"ABoRAAACABoRAAABCABFAADBNxpAAEAG3oEKCAABNubjrLHkAFDBi1orPnSl1lAY\/\/8BLAAAR0VUIC9zaGllbGRzX2NvbmZfbmV3X2xhdGFtP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiByb2Fkc2hpZWxkcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBTdW4sIDI5IE1hciAyMDE1IDExOjI5OjUxIEdNVA0K"} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871690486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871659994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871690486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com","domainame":"roadshields.waze.com","http": {"url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1435587871690486,"flow_dst_last_pkt_time":1435587871690659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871690659,"pkt":"ABoRAAACABoRAAABCABFAAAodKFAABAG0ZM25uOsCggAAQBQseQ+dKXWwYtaxFAQ\/\/\/YaQAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587871918621,"flow_dst_last_pkt_time":1435587871918621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871918621,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1435587871918621,"flow_dst_last_pkt_time":1435587871918621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587871918621,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} @@ -91,79 +91,79 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871945754,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871945754,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871945866,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871945866,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872045758,"pkt":"ABoRAAACABoRAAABCABFAADecItAAEAGp\/oKCAABsCJnacdpAbv69x3CBQjiP1AY\/\/86cAAAFgMBALEBAACtAwGmC6YG6dpggqRoocPCS6GRSW3HALPFXrzPaO9ENu8EQgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872045758,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872045758,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872051153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872051153,"pkt":"ABoRAAACABoRAAABCABFAAAodLFAABAG1IqwImdpCggAAQG7x2kFCOI\/+vceeFAQ\/\/\/EYwAA"} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872139946,"pkt":"ABoRAAACABoRAAABCABFAADeKgJAAEAG7oMKCAABsCJnacdqAbskTkdJ27G4uFAY\/\/\/bawAAFgMBALEBAACtAwGNvLHuc12\/pFbnkT4Pum8D8uFdGv9vMlW4Y0hHfiKGhwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872139946,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872139946,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587872140238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872140238,"pkt":"ABoRAAACABoRAAABCABFAAAodLNAABAG1IiwImdpCggAAQG7x2rbsbi4JE5H\/1AQ\/\/\/EYgAA"} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872205500,"pkt":"ABoRAAACABoRAAABCABFAADe\/W5AAEAGGxcKCAABsCJnacdrAbsTBZAl7Ppv3FAY\/\/9RtAAAFgMBALEBAACtAwGE\/segDJyCTDDrsx\/XYj7jlyYez\/MCm2qOXqnc1anvDwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872205500,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872205500,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872206080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872206080,"pkt":"ABoRAAACABoRAAABCABFAAAodLRAABAG1IewImdpCggAAQG7x2vs+m\/cEwWQ21AQ\/\/\/EYQAA"} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872289316,"pkt":"ABoRAAACABoRAAABCABFAADexDZAAEAGxO4KCAABNBFy25hiAbudWal9YqZWhFAY\/\/8vsgAAFgMBALEBAACtAwF2lB5vq2mfN7X6ktw+ENS1yvGFdgW5h3\/A\/IpZBJlZIAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872289316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872289316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872289966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872289966,"pkt":"ABoRAAACABoRAAABCABFAAAodLVAABAGRSY0EXLbCggAAQG7mGJiplaEnVmqM1AQ\/\/9kCgAA"} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1435587872340645,"pkt":"ABoRAAACABoRAAABCABFAADFRGlAAEAG0S4KCAABNubjrLHqAFALhykw9HjW0VAY\/\/\/+LwAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL3Byb21wdHNfY29uZi5idWY\/cnRzZXJ2ZXItaWQ9MTUgSFRUUC8xLjANCkhvc3Q6IGNyZXMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQpJZi1Nb2RpZmllZC1TaW5jZTogVHVlLCAyMyBKdW4gMjAxNSAyMTo0MToxMyBHTVQNCg=="} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872340645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872340645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587872341312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872341312,"pkt":"ABoRAAACABoRAAABCABFAAAodLZAABAG0X425uOsCggAAQBQser0eNbRC4cpzVAQ\/\/\/YXwAA"} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872476294,"flow_dst_last_pkt_time":1435587872476294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872476294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1435587872476294,"flow_dst_last_pkt_time":1435587872476294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587872476294,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1435587872476294,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872477714,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1435587872478810,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872478810,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1435587872479232,"pkt":"ABoRAAACABoRAAABCABFAADAWSRAAEAGvHgKCAABNubjrLHwAFDxQTSnDr7LWlAY\/\/9RbQAAR0VUIC9sYW5ncy8xLjAvbGFuZy5wb3J0dWd1ZXNlX2JyP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTcgSnVuIDIwMTUgMTQ6MDk6MzggR01UDQo="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872479232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872479232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872479402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872479402,"pkt":"ABoRAAACABoRAAABCABFAAAodL9AABAG0XU25uOsCggAAQBQsfAOvsta8UE1P1AQ\/\/\/YXgAA"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872515481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872515481,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872568660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872568660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01594{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872569585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587872569585,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872515481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872515481,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872568660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872568660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872569585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587872569585,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872702798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872702798,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872702798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587872702798,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872704043,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1435587872705148,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872705148,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1435587872706282,"pkt":"ABoRAAACABoRAAABCABFAAC+Y6tAAEAGsfMKCAABNubjrLHyAFAC8Q5A\/Q7xwVAY\/\/8YIAAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL2xhbmcuY29uZj9ydHNlcnZlci1pZD0xNSBIVFRQLzEuMA0KSG9zdDogY3Jlcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDE4IEp1biAyMDE1IDEyOjA2OjEyIEdNVA0K"} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872706282,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} +01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872706282,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","domainame":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872706630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872706630,"pkt":"ABoRAAACABoRAAABCABFAAAodM1AABAG0Wc25uOsCggAAQBQsfL9DvHBAvEO1lAQ\/\/\/YXgAA"} 02398{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873023451,"flow_dst_last_pkt_time":1435587873023894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587873023894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2041,"avg":339878.5,"max":3680611,"stddev":884676.9,"var":782653259776.0,"ent":2.8,"data": [3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477]},"pktlen": {"min":40,"avg":1952.7,"max":11819,"stddev":3090.5,"var":9551440.0,"ent":3.5,"data": [60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174]},"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net"}} 02430{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587873119875,"flow_dst_last_pkt_time":1435587873120117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5461,"flow_src_tot_l4_payload_len":3221,"flow_dst_tot_l4_payload_len":13199,"midstream":0,"thread_ts_usec":1435587873120117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":169,"avg":289408.8,"max":1658841,"stddev":505049.6,"var":255075106816.0,"ent":3.3,"data": [1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061]},"pktlen": {"min":40,"avg":553.8,"max":5501,"stddev":1270.8,"var":1615041.0,"ent":3.0,"data": [60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40]},"bins": {"c_to_s": [5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} -01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587873537747,"flow_dst_last_pkt_time":1435587873741385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873741385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} -01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587873745477,"flow_dst_last_pkt_time":1435587874033211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587874033211,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} +01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587873537747,"flow_dst_last_pkt_time":1435587873741385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873741385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} +01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587873745477,"flow_dst_last_pkt_time":1435587874033211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587874033211,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57","blocks":0}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1435587874253893,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587874253893,"pkt":"ABoRAAACABoRAAABCABFAABNMsVAAEAGQsIKECWdriXnUaUQFGaA18okWhY9doAYAVclRQAAAQEICgAIbjZBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878215938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878215938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878215938,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587878215938,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878217263,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1435587878217523,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878217523,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587878444441,"pkt":"ABoRAAACABoRAAABCABFAADeEZlAAEAGd4wKCAABNBFy25htAbtopH5Wl1uBq1AY\/\/\/QKAAAFgMBALEBAACtAwGuYbGMU0Nfp5xq\/npkGkka24sX9VU\/rk18edcLN8FjCgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878444441,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878444441,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878444758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878444758,"pkt":"ABoRAAACABoRAAABCABFAAAodRtAABAGRMA0EXLbCggAAQG7mG2XW4GraKR\/DFAQ\/\/9j\/wAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878606407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878606407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878606407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587878606407,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878608820,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1435587878609194,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878609194,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"} -01318{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878781291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587878781291,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01594{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878831646,"flow_dst_last_pkt_time":1435587878832590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2123,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587878832590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878781291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587878781291,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878831646,"flow_dst_last_pkt_time":1435587878832590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2123,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587878832590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587878901005,"pkt":"ABoRAAACABoRAAABCABFAADeDkNAAEAGtvcKCAABsCK6tI3YAbvsnGGpE2OeWFAY\/\/8ZoQAAFgMBALEBAACtAwFWCBNoAIHi9OlNrmTTyx\/umOS8ZNI54fs0MYN5hNdT+wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878901005,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878901005,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878901314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878901314,"pkt":"ABoRAAACABoRAAABCABFAAAodSJAABAGgM6wIrq0CggAAQG7jdgTY55Y7JxiX1AQ\/\/+qqQAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879018798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879018798,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879018798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587879018798,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879020661,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1435587879020846,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879020846,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587879181153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879181153,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587879233437,"flow_dst_last_pkt_time":1435587879233895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879233895,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587879181153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879181153,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587879233437,"flow_dst_last_pkt_time":1435587879233895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879233895,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587879574527,"pkt":"ABoRAAACABoRAAABCABFAADeCj5AAEAGuvwKCAABsCK6tI3aAbtwD3ovj\/CF0lAY\/\/\/+sgAAFgMBALEBAACtAwGSsw\/fktSmaBgooXXKSQQjKTgV1PXtiav8sr65RpY55wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879574527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879574527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879574890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879574890,"pkt":"ABoRAAACABoRAAABCABFAAAodSlAABAGgMewIrq0CggAAQG7jdqP8IXScA965VAQ\/\/+qpwAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879850574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879850574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879850574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587879850574,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879852814,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1435587879853039,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879853039,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"} -01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879855334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879855334,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879907076,"flow_dst_last_pkt_time":1435587879907785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879907785,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879855334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879855334,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879907076,"flow_dst_last_pkt_time":1435587879907785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879907785,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587879958583,"pkt":"ABoRAAACABoRAAABCABFAADeFxFAAEAGrikKCAABsCK6tI3cAbueIGdsYd+YlVAY\/\/+8qQAAFgMBALEBAACtAwFRXWw4ffzcoR+ELSkdRag9IC5DFcRvWYz6Kh3Hk0YO0AAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879958583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879958583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879958805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879958805,"pkt":"ABoRAAACABoRAAABCABFAAAodTFAABAGgL+wIrq0CggAAQG7jdxh35iVniBoIlAQ\/\/+qpQAA"} -01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587880568184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587880568184,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587880568184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587880568184,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587880576575,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880576575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587880576575,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880576575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1435587880576575,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880577294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587880577294,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"} @@ -217,9 +217,9 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1435587894241434,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894244164,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1435587894244582,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894244582,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587894323314,"pkt":"ABoRAAACABoRAAABCABFAADe7\/BAAEAGZDcKCAABLjOtto0mAbvDfJnrPINmFlAY\/\/+u+wAAFgMBALEBAACtAwFHEcC8WvO2sF2kYiE8YWqxi\/TdpMl6\/BrnTeWud37DVAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894323314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894323314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894323591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894323591,"pkt":"ABoRAAACABoRAAABCABFAAAodXJAABAGD2wuM622CggAAQG7jSY8g2YWw3yaoVAQ\/\/86SQAA"} -01691{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894759207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587894759207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894759207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587894759207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587898822469,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898822469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587898822469,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898822469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587898822469,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898824110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587898824110,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} @@ -232,10 +232,10 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1435587905035020,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905038374,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1435587905039092,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905039092,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587905111264,"pkt":"ABoRAAACABoRAAABCABFAADe2iVAAEAGegIKCAABLjOtto0pAbvwXaAgD6Jf4VAY\/\/\/tNgAAFgMBALEBAACtAwGvtEh7ZPeUuZEpuZqGf1gkt94wLOoQqmQjq2yZ1wt58QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587905111264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587905111264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905111789,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905111789,"pkt":"ABoRAAACABoRAAABCABFAAAodYdAABAGD1cuM622CggAAQG7jSkPol\/h8F2g1lAQ\/\/86RgAA"} -01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905510433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587905510433,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} -01691{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905561592,"flow_dst_last_pkt_time":1435587905565256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587905565256,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905510433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587905510433,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","blocks":0}}} +01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905561592,"flow_dst_last_pkt_time":1435587905565256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587905565256,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B","blocks":0}}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880580707,"flow_src_last_pkt_time":1435587880589785,"flow_dst_last_pkt_time":1435587880581398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880580707,"flow_src_last_pkt_time":1435587880589785,"flow_dst_last_pkt_time":1435587880581398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01144{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873026877,"flow_dst_last_pkt_time":1435587873026338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net"}} @@ -244,13 +244,13 @@ 00914{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880589106,"flow_src_last_pkt_time":1435587880590669,"flow_dst_last_pkt_time":1435587880589665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880589106,"flow_src_last_pkt_time":1435587880590669,"flow_dst_last_pkt_time":1435587880589665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1435587867443555,"flow_src_last_pkt_time":1435587867443555,"flow_dst_last_pkt_time":1435587867753906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587869162291,"flow_dst_last_pkt_time":1435587869162022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":1624,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} -01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869302269,"flow_dst_last_pkt_time":1435587869302057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871946086,"flow_dst_last_pkt_time":1435587871945236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871945981,"flow_dst_last_pkt_time":1435587871944650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":355,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":355,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} -01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872478908,"flow_dst_last_pkt_time":1435587872478463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872705357,"flow_dst_last_pkt_time":1435587872704733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} -01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872838050,"flow_dst_last_pkt_time":1435587872837958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587869162291,"flow_dst_last_pkt_time":1435587869162022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":1624,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} +00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869302269,"flow_dst_last_pkt_time":1435587869302057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871946086,"flow_dst_last_pkt_time":1435587871945236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871658817,"flow_src_last_pkt_time":1435587871945981,"flow_dst_last_pkt_time":1435587871944650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":355,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":355,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"roadshields.waze.com"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872478908,"flow_dst_last_pkt_time":1435587872478463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872705357,"flow_dst_last_pkt_time":1435587872704733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":393,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872838050,"flow_dst_last_pkt_time":1435587872837958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com"}} 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587873226090,"flow_dst_last_pkt_time":1435587873171594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":3994,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":7719,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01109{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587880857470,"flow_dst_last_pkt_time":1435587880856912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":21888,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":56070,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587882306533,"flow_dst_last_pkt_time":1435587880854651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":11132,"flow_src_tot_l4_payload_len":1238,"flow_dst_tot_l4_payload_len":41633,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -266,7 +266,7 @@ 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880578787,"flow_src_last_pkt_time":1435587880583260,"flow_dst_last_pkt_time":1435587880579481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880579627,"flow_src_last_pkt_time":1435587880583768,"flow_dst_last_pkt_time":1435587880580413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880579627,"flow_src_last_pkt_time":1435587880583768,"flow_dst_last_pkt_time":1435587880580413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869400451,"flow_dst_last_pkt_time":1435587869349566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":548,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":681,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869400451,"flow_dst_last_pkt_time":1435587869349566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":548,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":681,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880576575,"flow_src_last_pkt_time":1435587880583014,"flow_dst_last_pkt_time":1435587880577703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880576575,"flow_src_last_pkt_time":1435587880583014,"flow_dst_last_pkt_time":1435587880577703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880577937,"flow_src_last_pkt_time":1435587880583141,"flow_dst_last_pkt_time":1435587880578520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} @@ -279,7 +279,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1435587898822469,"flow_src_last_pkt_time":1435587899372457,"flow_dst_last_pkt_time":1435587899318080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":290,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":597,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":282,"global_ts_usec":1435587907392933} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":597,"packets-processed":597,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":282,"global_ts_usec":1435587907392933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 597/597 ~~ skipped flows.............: 0 @@ -288,9 +288,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7489391 bytes -~~ total memory freed........: 7489391 bytes -~~ total allocations/frees...: 115270/115270 +~~ total memory allocated....: 8066955 bytes +~~ total memory freed........: 8066955 bytes +~~ total allocations/frees...: 127003/127003 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2457 chars diff --git a/test/results/default/webdav.pcap.out b/test/results/default/webdav.pcap.out index b4c19ad2d..40b0f5a55 100644 --- a/test/results/default/webdav.pcap.out +++ b/test/results/default/webdav.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1677169246853624} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1677169246853624} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246853624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1677169246853624,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246853624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1677169246853624,"pkt":"AAHH9haIEACQor51CABFAAA0mWtAAIAGUOEKGAi9aJyVBsXcAFDgPQjbAAAAAIAC+vC0YgAAAgQFtAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1677169246873589,"pkt":"EACQor51AAHH9haICABFAAAs0NgAAIAGWXxonJUGChgIvQBQxdy+mZKp4D0I3GAS+vCMJAAAAgQFtA=="} @@ -7,7 +7,7 @@ 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1677169246874184,"pkt":"AAHH9haIEACQor51CABFAADQmW1AAIAGUEMKGAi9aJyVBsXcAFDgPQjcvpmSqlAY+vDPfQAAUFJPUEZJTkQgL3dlYmRhdiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTWljcm9zb2Z0LVdlYkRBVi1NaW5pUmVkaXIvMTAuMC4xOTA0NQ0KRGVwdGg6IDANCnRyYW5zbGF0ZTogZg0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IDEwNC4xNTYuMTQ5LjYNCg0K"} 01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1677169246874184,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"104.156.149.6","domainame":"104.156.149.6","http": {"url":"104.156.149.6\/webdav","code":0,"content_type":"","user_agent":"Microsoft-WebDAV-MiniRedir\/10.0.19045"}}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246874364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1677169246874364,"pkt":"EACQor51AAHH9haICABFAAAo0NkAAIAGWX9onJUGChgIvQBQxdy+mZKq4D0JhFAQ+vCjOQAA"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1720686494824645} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":15,"packets-processed":14,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1720686494824645} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1720686494824645,"flow_src_last_pkt_time":1720686494824645,"flow_dst_last_pkt_time":1720686494824645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1720686494824645,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":35612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1720686494824645,"flow_dst_last_pkt_time":1720686494824645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720686494824645,"pkt":"pJGxF+92NObXAhsnCABFAAA86f9AAEAGITPAqBCtxvSXP4scAFBI7gRxAAAAAKAC+vAvuAAAAgQFtAQCCApVKw89AAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1720686494824645,"flow_dst_last_pkt_time":1720686494850786,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1720686494850786,"pkt":"NObXAhsnpJGxF+92CABFAAA8iSNAAGwGVg\/G9Jc\/wKgQrQBQixwLdXs7SO4EcqAS\/\/+T5QAAAgQFrAEDAwgEAggK1tnpyFUrDz0="} @@ -72,7 +72,7 @@ 01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1720686569180748,"flow_src_last_pkt_time":1720686569288568,"flow_dst_last_pkt_time":1720686569288532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":1417,"flow_src_tot_l4_payload_len":666,"flow_dst_tot_l4_payload_len":2196,"midstream":0,"thread_ts_usec":1720686579520364,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":47726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"www.dlp-test.com"}} 01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1720686545193315,"flow_src_last_pkt_time":1720686545300881,"flow_dst_last_pkt_time":1720686545300854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":779,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":974,"midstream":0,"thread_ts_usec":1720686579520364,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":55974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"www.dlp-test.com"}} 01129{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1720686579411325,"flow_src_last_pkt_time":1720686579520364,"flow_dst_last_pkt_time":1720686579520335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":779,"flow_src_tot_l4_payload_len":668,"flow_dst_tot_l4_payload_len":974,"midstream":0,"thread_ts_usec":1720686579520364,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"198.244.151.63","src_port":57432,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"www.dlp-test.com"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1720686579520364} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":92,"packets-processed":92,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1720686579520364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6927867 bytes -~~ total memory freed........: 6927867 bytes -~~ total allocations/frees...: 114354/114354 +~~ total memory allocated....: 7505596 bytes +~~ total memory freed........: 7505596 bytes +~~ total allocations/frees...: 126093/126093 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 1590 chars diff --git a/test/results/default/webex.pcap.out b/test/results/default/webex.pcap.out index 997c78eaa..42b1d9673 100644 --- a/test/results/default/webex.pcap.out +++ b/test/results/default/webex.pcap.out @@ -1,22 +1,22 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1444570624860575,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860575,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1444570624860735,"pkt":"ABoRAAACABoRAAABCABFAADrOXVAAEAGTOQKCAABQERpZ6GCAbtPGIcNsOd49FAYOQh62gAAFgMBAL4BAAC6AwNWGmYAecKEXHBKd9RHCMqE79SthA0OtjJysVWA+njuJAAAOMwUzBPMFcAUwAoAOQA4ADXAEsAIABYAEwAKwC\/AK8ATwAkAogCeADMAMgCcAC\/AEcAHAAUABAD\/AQAAWQAAABUAEwAAEHJhZGNvbS53ZWJleC5jb20ACwACAQAACgAIAAYAGQAYABcAIwAAAA0AIgAgBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAQEzdAAA"} -01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624860735,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624860735,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860939,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ9AABAGtg1ARGlnCggAAQG7oYKw53j0TxiH0FAQ\/\/9YHgAA"} -01669{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570625418062,"flow_dst_last_pkt_time":1444570625424499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570625424499,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -02322{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570626601155,"flow_dst_last_pkt_time":1444570626600999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":2935,"flow_dst_tot_l4_payload_len":8179,"midstream":0,"thread_ts_usec":1444570626601155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":160,"avg":112724.9,"max":557327,"stddev":156273.3,"var":24421341184.0,"ent":3.7,"data": [6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546]},"pktlen": {"min":40,"avg":387.9,"max":2760,"stddev":588.9,"var":346810.6,"ent":3.8,"data": [60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0],"entropies": [4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01731{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570625418062,"flow_dst_last_pkt_time":1444570625424499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570625424499,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","server_names":"*.webex.com","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +02425{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570626601155,"flow_dst_last_pkt_time":1444570626600999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":2935,"flow_dst_tot_l4_payload_len":8179,"midstream":0,"thread_ts_usec":1444570626601155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":160,"avg":112724.9,"max":557327,"stddev":156273.3,"var":24421341184.0,"ent":3.7,"data": [6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546]},"pktlen": {"min":40,"avg":387.9,"max":2760,"stddev":588.9,"var":346810.6,"ent":3.8,"data": [60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0],"entropies": [4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627404164,"flow_dst_last_pkt_time":1444570627404164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570627404164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1444570627404164,"flow_dst_last_pkt_time":1444570627404164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570627404164,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1444570627404164,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570627409779,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1444570627410952,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570627410952,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570627411108,"pkt":"ABoRAAACABoRAAABCABFAAELhnVAAEAG\/8MKCAABQERpZ6GEAbuwMDkOT8\/G81AYOQi8XAAAFgMBAN4BAADaAwNWGmYD1bgajSKfLk8MBc\/KhqagawnHbCgQ2bA0JfR3iiCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570627411108,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570627411108,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627411318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570627411318,"pkt":"ABoRAAACABoRAAABCABFAAAoASdAABAGtfVARGlnCggAAQG7oYRPz8bzsDA58VAQ\/\/9X\/AAA"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627815979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570627815979,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01420{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627815979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570627815979,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628113579,"flow_dst_last_pkt_time":1444570628113579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628113579,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1444570628113579,"flow_dst_last_pkt_time":1444570628113579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570628113579,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1444570628113579,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628117515,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"} @@ -25,15 +25,15 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1444570628117770,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628121468,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1444570628121847,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628121847,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570628121998,"pkt":"ABoRAAACABoRAAABCABFAAELCqdAAEAGe5IKCAABQERpZ6GGAbuTEbVlbO5KnFAYOQgw\/QAAFgMBAN4BAADaAwNWGmYE7RhsRONG\/m1MT5VVrdjnvzP1znNlFG2+WauU5SCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628121998,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628121998,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628122193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628122193,"pkt":"ABoRAAACABoRAAABCABFAAAoATdAABAGteVARGlnCggAAQG7oYZs7kqckxG2SFAQ\/\/9X+gAA"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1444570628122373,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628122373,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570628122668,"pkt":"ABoRAAACABoRAAABCABFAAELSv5AAEAGOzsKCAABQERpZ6GHAbtcKPU+o9cKw1AYOQiciAAAFgMBAN4BAADaAwNWGmYEkvVIckj2nKXTHHhTgHLpDPs+ur2PFRE7SXTT+yCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="} -01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628122668,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628122668,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628122955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628122955,"pkt":"ABoRAAACABoRAAABCABFAAAoAThAABAGteRARGlnCggAAQG7oYej1wrDXCj2IVAQ\/\/9X+QAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628514304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1444570628514304,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628565912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570628565912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570629212279,"flow_dst_last_pkt_time":1444570629155254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":46819,"midstream":0,"thread_ts_usec":1444570629212279,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":156,"avg":114813.1,"max":455330,"stddev":125812.7,"var":15828844544.0,"ent":4.1,"data": [5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449]},"pktlen": {"min":40,"avg":1574.7,"max":18006,"stddev":3700.1,"var":13691057.0,"ent":2.9,"data": [60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40]},"bins": {"c_to_s": [10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01419{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628514304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1444570628514304,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01421{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628565912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570628565912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570629212279,"flow_dst_last_pkt_time":1444570629155254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":46819,"midstream":0,"thread_ts_usec":1444570629212279,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":156,"avg":114813.1,"max":455330,"stddev":125812.7,"var":15828844544.0,"ent":4.1,"data": [5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449]},"pktlen": {"min":40,"avg":1574.7,"max":18006,"stddev":3700.1,"var":13691057.0,"ent":2.9,"data": [60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40]},"bins": {"c_to_s": [10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570630272557,"flow_src_last_pkt_time":1444570630272557,"flow_dst_last_pkt_time":1444570630272557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570630272557,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1444570630272557,"flow_dst_last_pkt_time":1444570630272557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1444570630272557,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1444570630272557,"flow_dst_last_pkt_time":1444570630272755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570630272755,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"} @@ -47,25 +47,25 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1444570631722722,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570631726320,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1444570631726629,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570631726629,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570631731449,"pkt":"ABoRAAACABoRAAABCABFAABn7rpAAEAGmCIKCAABQERpZ6GKAbt6Ji+XhdnQalAYOQgODwAAFgMBADoBAAA2AwHgmz2uanfCUjnykbM2Mv9FAODhfxJmAjR5YaebpjX1JgAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570631731449,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570631731449,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631731733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570631731733,"pkt":"ABoRAAACABoRAAABCABFAAAoAWdAABAGtbVARGlnCggAAQG7oYqF2dBqeiYv1lAQ\/\/9YmgAA"} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570632251291,"flow_dst_last_pkt_time":1444570632251919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570632251919,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570632251291,"flow_dst_last_pkt_time":1444570632251919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570632251919,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632436109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632436109,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632436109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570632436109,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632439585,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1444570632470387,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470387,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570632470550,"pkt":"ABoRAAACABoRAAABCABFAABnE6NAAEAGB8YKCAABFyz987+YAbs3etLYyIUtKVAYOQiFHgAAFgMBADoBAAA2AwGEmq+NZP+kc3ErHq1IRgxSv+RZnIPy+ZyIImU+XVBptwAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632470778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470778,"pkt":"ABoRAAACABoRAAABCABFAAAoAWxAABAGSjwXLP3zCggAAQG7v5jIhS0pN3rTF1AQ\/\/\/PFwAA"} -02197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} +02156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633357298,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570633357298,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633360351,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1444570633360483,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633360483,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570633362374,"pkt":"ABoRAAACABoRAAABCABFAABn7DJAAEAGmqoKCAABQERpZ6GOAbtaKC3jpdfSHlAYOQhBGAAAFgMBADoBAAA2AwHTw\/bn8phv0cUj5hxDCEb0N0sEPfC+Zz7P154TmGT2KQAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633362374,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633362374,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633362543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633362543,"pkt":"ABoRAAACABoRAAABCABFAAAoAXtAABAGtaFARGlnCggAAQG7oY6l19IeWiguIlAQ\/\/9YlgAA"} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633810470,"flow_dst_last_pkt_time":1444570633811592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570633811592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633810470,"flow_dst_last_pkt_time":1444570633811592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570633811592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 02443{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570635772189,"flow_dst_last_pkt_time":1444570635721813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":8847,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":33212,"midstream":0,"thread_ts_usec":1444570635772189,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":383,"avg":154174.4,"max":1031495,"stddev":247176.8,"var":61096366080.0,"ent":3.8,"data": [3053,3185,1891,2192,397016,448096,52033,52145,383,52378,209850,261823,51847,1288,975,979869,1031495,52580,53500,94069,93832,53071,53864,119063,117547,148351,147839,51431,51376,96737,96627]},"pktlen": {"min":40,"avg":1108.5,"max":8887,"stddev":2294.9,"var":5266403.5,"ent":3.1,"data": [60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40]},"bins": {"c_to_s": [12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.446510792,4.665312290,4.665311813,5.339869976,4.565312386,7.238214016,4.665312290,7.216020107,4.615311623,7.281401634,4.615312576,5.978787422,7.616997242,4.515312195,5.692360401,4.565312386,7.861890793,4.665311813,7.976788044,4.665311813,7.858300209,4.715312004,7.979997158,4.665311813,6.756694794,4.615312099,7.862811089,4.611769199,7.975809574,4.715312004,7.874713421,4.715312004]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570636151328,"flow_dst_last_pkt_time":1444570636151328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636151328,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636151328,"flow_dst_last_pkt_time":1444570636151328,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636151328,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} @@ -75,32 +75,32 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636155519,"flow_dst_last_pkt_time":1444570636155519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636155519,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636155519,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636157830,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636154295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636157950,"pkt":"ABoRAAACABoRAAABCABFAABntbdAAEAGMt8KCAABch3V1KL+AbsYGndd5+WIpFAYOQhDcwAAFgMBADoBAAA2AwEixpBV3K1aYKpnKzRaOLYWz3kxtW8gINw5Lf9cpQ2h2AAABAA1AP8BAAAJACMAAAAPAAEB"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636154295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636157950,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636154295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636157950,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636158232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636158232,"pkt":"ABoRAAACABoRAAABCABFAAAoAY9AABAGF0dyHdXUCggAAQG7ov7n5YikGBp3nFAQ\/\/+43wAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636158443,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636158443,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636159914,"pkt":"ABoRAAACABoRAAABCABFAABnNxtAAEAGux4KCAABch3MMcm+AbvkVPXxG6sKEFAYOQjpBAAAFgMBADoBAAA2AwELSWRUw5u41GvWexySi8w7aRuG0UGhgcOkKRM8ZLYwuAAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636159914,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636159914,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636160142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636160142,"pkt":"ABoRAAACABoRAAABCABFAAAoAZBAABAGIOlyHcwxCggAAQG7yb4bqwoQ5FT2MFAQ\/\/+bwgAA"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636160380,"flow_dst_last_pkt_time":1444570636160380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636160380,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636160380,"flow_dst_last_pkt_time":1444570636160380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636160380,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636160380,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636163417,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636163735,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636163735,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636164429,"pkt":"ABoRAAACABoRAAABCABFAABn0G5AAEAGr7QKCAAB0cXen7mKAbt7nBKHhGPtelAYOQh2yQAAFgMBADoBAAA2AwENSlEe7+NgWQr9TJ\/2WZpS5a6sUQSaq2ncdIKzDktEmAAABAA1AP8BAAAJACMAAAAPAAEB"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636164429,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636164429,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636164621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636164621,"pkt":"ABoRAAACABoRAAABCABFAAAoAZJAABAGrtDRxd6fCggAAQG7uYqEY+16e5wSxlAQ\/\/854AAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636170439,"flow_dst_last_pkt_time":1444570636170439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636170439,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636170439,"flow_dst_last_pkt_time":1444570636170439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636170439,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636170439,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636175135,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636175390,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636175390,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636176823,"pkt":"ABoRAAACABoRAAABCABFAABnc+FAAEAGAsoKCAABQER5meEvAbvnI7E1GNxOzFAYOQg\/MQAAFgMBADoBAAA2AwHlQjeb\/eKZHKuppjWfos5yg+nhloBcE1OwdwWUSYyZagAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636176823,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636176823,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636177089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636177089,"pkt":"ABoRAAACABoRAAABCABFAAAoAZRAABAGpVZARHmZCggAAQG74S8Y3E7M5yOxdFAQ\/\/8IwwAA"} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636180806,"flow_dst_last_pkt_time":1444570636180806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636180806,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636180806,"flow_dst_last_pkt_time":1444570636180806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636180806,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636180806,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636183521,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636183683,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636183683,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636185047,"pkt":"ABoRAAACABoRAAABCABFAABnnxFAAEAGbAYKCAABPm3nA7L2AbufQl3kYL2iHVAYOQiqgAAAFgMBADoBAAA2AwG1npMJl\/ayeEKp148YQXJQu08Kp5pJKEAcdvXjyY7AEAAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636185047,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636185047,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636185321,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636185321,"pkt":"ABoRAAACABoRAAABCABFAAAoAZZAABAGOcE+becDCggAAQG7svZgvaIdn0JeI1AQ\/\/\/LaAAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636248727,"flow_dst_last_pkt_time":1444570636248727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636248727,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636248727,"flow_dst_last_pkt_time":1444570636248727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636248727,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} @@ -119,30 +119,30 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636264505,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636268416,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636268706,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636268706,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636268852,"pkt":"ABoRAAACABoRAAABCABFAABnNIlAAEAGUy8KCAABQERojK3MAbt5hvZ3hnkJilAYOQhZ6QAAFgMBADoBAAA2AwFZAOdrf318d9DQoA0D3C8cGGy1yScsdSsQfqgP8YHJWQAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636268852,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636268852,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636269047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269047,"pkt":"ABoRAAACABoRAAABCABFAAAoAZxAABAGtltARGiMCggAAQG7rcyGeQmKeYb2tlAQ\/\/9NMwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636269399,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269399,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636269543,"pkt":"ABoRAAACABoRAAABCABFAABn0S5AAEAGIrEKCAABch3Ki7gMAbtSShPerbXsI1AYOQjEKQAAFgMBADoBAAA2AwEgf\/e\/jgX0597KeqXA4hkOqtuJMPxy38wcZQGqQdMmagAABAA1AP8BAAAJACMAAAAPAAEB"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636269543,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636269543,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636269759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269759,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ1AABAGIoJyHcqLCggAAQG7uAyttewjUkoUHVAQ\/\/+vGgAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636269901,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269901,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636270105,"pkt":"ABoRAAACABoRAAABCABFAABn70RAAEAGjwQKCAABrfMETM36AbsKei209YXSTVAYOQhXBgAAFgMBADoBAAA2AwEbjnmamhrG0ilv8MM2B7NxSQPfoK5gN5dT14i2jCOS+AAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636270105,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636270105,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636270294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636270294,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ5AABAGrOqt8wRMCggAAQG7zfr1hdJNCnot81AQ\/\/8jlgAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636270430,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636270430,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636270568,"flow_dst_last_pkt_time":1444570636270568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636270568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636270568,"flow_dst_last_pkt_time":1444570636270568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636270568,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636270568,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636273711,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636273982,"pkt":"ABoRAAACABoRAAABCABFAABnu9hAAEAGuwcKCAABQER5ZMv7AbtwVXklj6qG3FAYOQirFAAAFgMBADoBAAA2AwHYELTmAdFk47j\/kG3RMIzBgWabbigjj\/WcrWQ+O8XfAwAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636273982,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636273982,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636274175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636274175,"pkt":"ABoRAAACABoRAAABCABFAAAoAaBAABAGpX9ARHlkCggAAQG7y\/uPqobccFV5ZFAQ\/\/8eLAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636274320,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636274320,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636274819,"pkt":"ABoRAAACABoRAAABCABFAABnYetAAEAGFPYKCAABQER5Y9qhAbtb96MbpAhc5lAYOQh9SQAAFgMBADoBAAA2AwFui4ALd8hCzC1Hn0XZp9IbNctVu8L5+XzvOp52wmP4PgAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636274819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636274819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636275494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636275494,"pkt":"ABoRAAACABoRAAABCABFAAAoAaFAABAGpX9ARHljCggAAQG72qGkCFzmW\/ejWlAQ\/\/8PhwAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636275644,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636275644,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636276432,"pkt":"ABoRAAACABoRAAABCABFAABn79lAAEAGBoYKCAABch3IC7rhAbtuYS0kkZ7S3VAYOQiWfgAAFgMBADoBAAA2AwGYeAXD1rCaFxll3KHQwiDcn3jmpgdAsGqZOECdkGYcowAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636276432,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636276432,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636276627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636276627,"pkt":"ABoRAAACABoRAAABCABFAAAoAaJAABAGJP1yHcgLCggAAQG7uuGRntLdbmEtY1AQ\/\/+uxQAA"} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636359207,"flow_dst_last_pkt_time":1444570636359207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636359207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636359207,"flow_dst_last_pkt_time":1444570636359207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636359207,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="} @@ -152,42 +152,42 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636364135,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636368157,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636368456,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636368456,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636368630,"pkt":"ABoRAAACABoRAAABCABFAABn6INAAEAGnl8KCAABQERpYciqAbsEZyp8+5jVhVAYOQiOAwAAFgMBADoBAAA2AwG0+nLinPAGG4t2PmApyj1cBSRGozWXopqiBuxsT+LyqQAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636368630,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636368630,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636369036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636369036,"pkt":"ABoRAAACABoRAAABCABFAAAoAaVAABAGtX1ARGlhCggAAQG7yKr7mNWFBGcqu1AQ\/\/8xgAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636369197,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636369197,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636369622,"pkt":"ABoRAAACABoRAAABCABFAABnY+NAAEAGIv8KCAABQERpYpEJAbvtraEbElJe5lAYOQjiHgAAFgMBADoBAAA2AwF3tBEHB6guyNBNlJmUpeM5u9lxXWyFQhCvqu17Ld8y\/QAABAA1AP8BAAAJACMAAAAPAAEB"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636369622,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636369622,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636369848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636369848,"pkt":"ABoRAAACABoRAAABCABFAAAoAaZAABAGtXtARGliCggAAQG7kQkSUl7m7a2hWlAQ\/\/9pIAAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636387910,"flow_dst_last_pkt_time":1444570636387910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636387910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636387910,"flow_dst_last_pkt_time":1444570636387910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636387910,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636387910,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636395572,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636395961,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636395961,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636397645,"pkt":"ABoRAAACABoRAAABCABFAABn2lpAAEAGrIIKCAABQERpZ6GqAbsG3Rla+SLmp1AYOQjTBwAAFgMBADoBAAA2AwHQxD6jP9mnXAR\/gJlsx5rnkfAjqPqPevvcaVvn\/9cADgAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636397645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636397645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636398289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636398289,"pkt":"ABoRAAACABoRAAABCABFAAAoAahAABAGtXRARGlnCggAAQG7oar5IuanBt0ZmVAQ\/\/9YegAA"} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636462122,"flow_dst_last_pkt_time":1444570636471138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636471138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636701917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636701917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636698579,"flow_dst_last_pkt_time":1444570636703657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636703657,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636706197,"flow_dst_last_pkt_time":1444570636706939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636706939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636773132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636773132,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636827404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636827404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636828477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636828477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636826252,"flow_dst_last_pkt_time":1444570636829761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636829761,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636894711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636894711,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01737{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636897531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636897531,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636963026,"flow_dst_last_pkt_time":1444570636963296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636963296,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636462122,"flow_dst_last_pkt_time":1444570636471138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636471138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636701917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636701917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636698579,"flow_dst_last_pkt_time":1444570636703657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636703657,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636706197,"flow_dst_last_pkt_time":1444570636706939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636706939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636773132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636773132,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636827404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636827404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636828477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636828477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636826252,"flow_dst_last_pkt_time":1444570636829761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636829761,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636894711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636894711,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01696{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636897531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636897531,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636963026,"flow_dst_last_pkt_time":1444570636963296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636963296,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570637191973,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570637191973,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570637191973,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570638197194,"flow_dst_last_pkt_time":1444570638198277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2842,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638198277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570638199485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638199485,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570637191973,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=d3833767","to":""}}} +01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570638197194,"flow_dst_last_pkt_time":1444570638198277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2842,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638198277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570638199485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638199485,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570638225615,"flow_dst_last_pkt_time":1444570638225615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570638225615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1444570638225615,"flow_dst_last_pkt_time":1444570638225615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570638225615,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1444570638225615,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570638234305,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1444570638237460,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570638237460,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1444570639260467,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570639260467,"pkt":"ABoRAAACABoRAAABCABFAAAoUR5AAEAGN0YKCAAB2DrQKKmpAbtoC5KAl\/RtgVAQOQgY+gAA"} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570639266192,"pkt":"ABoRAAACABoRAAABCABFAAELUR9AAEAGNmIKCAAB2DrQKKmpAbtoC5KAl\/RtgVAYOQjE6AAAFgMBAN4BAADaAwOv\/q6xmTCIAwLzDcizR7a\/t25hvWTVcDLyx+PEedO+jAAAKMArwCzAL8AwAJ4An8AJwArAE8AUADMAOcAHwBEAnACdAC8ANQAFAP8BAACJAAAAHQAbAAAYc3NsLmdvb2dsZS1hbmFseXRpY3MuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01343{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570639266192,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570639266192,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570639266643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570639266643,"pkt":"ABoRAAACABoRAAABCABFAAAoAfBAABAGtnTYOtAoCggAAQG7qamX9G2BaAuTY1AQ\/\/9RHwAA"} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1444570639266868,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570639266868,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570640269875,"flow_src_last_pkt_time":1444570640269875,"flow_dst_last_pkt_time":1444570640269875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640269875,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -238,30 +238,30 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1444570640399473,"flow_dst_last_pkt_time":1444570640344333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570640399473,"pkt":"ABoRAAACABoRAAABCABFAAA82ZRAAEAGODkKCAABPm3geMe\/Abvolh2LAAAAAKACOQhRpAAAAgQFtAQCCAoATMR9AAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640399473,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640403608,"pkt":"ABoRAAACABoRAAABCABFAAAoAgRAABAGP94+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640404023,"flow_dst_last_pkt_time":1444570640355809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640404023,"pkt":"ABoRAAACABoRAAABCABFAAAofMJAAEAGd1wKCAABch3Ki7gfAbudV784YqhAyVAQOQh2PgAA"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640269875,"flow_src_last_pkt_time":1444570640404146,"flow_dst_last_pkt_time":1444570640355809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640269875,"flow_src_last_pkt_time":1444570640404146,"flow_dst_last_pkt_time":1444570640355809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640404444,"flow_dst_last_pkt_time":1444570640365211,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640404444,"pkt":"ABoRAAACABoRAAABCABFAAAonBpAAEAGTLsKCAABch3V1KMdAbtvG1\/wkOSgEVAQOQh\/9wAA"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640284770,"flow_src_last_pkt_time":1444570640404564,"flow_dst_last_pkt_time":1444570640365211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404564,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640284770,"flow_src_last_pkt_time":1444570640404564,"flow_dst_last_pkt_time":1444570640365211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404564,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640404851,"flow_dst_last_pkt_time":1444570640372948,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640404851,"pkt":"ABoRAAACABoRAAABCABFAAAoYQtAAEAGkW0KCAABch3MMcncAbvjbaL\/HJJdAlAQOQhi2wAA"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570640404972,"flow_dst_last_pkt_time":1444570640372948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404972,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570640404972,"flow_dst_last_pkt_time":1444570640372948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404972,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640405337,"flow_dst_last_pkt_time":1444570640381985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640405337,"pkt":"ABoRAAACABoRAAABCABFAAAoS5BAAEAGO5EKCAABQERpYpETAbtLyIh6tDd3h1AQOQgwTQAA"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640310108,"flow_src_last_pkt_time":1444570640405816,"flow_dst_last_pkt_time":1444570640381985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640405816,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640310108,"flow_src_last_pkt_time":1444570640405816,"flow_dst_last_pkt_time":1444570640381985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640405816,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640406122,"flow_dst_last_pkt_time":1444570640395199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640406122,"pkt":"ABoRAAACABoRAAABCABFAAAoc3dAAEAGE6UKCAABQERpZ6GyAbtpybCPljZPclAQOQgfqQAA"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570640406243,"flow_dst_last_pkt_time":1444570640395199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406243,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570640406243,"flow_dst_last_pkt_time":1444570640395199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406243,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640406529,"flow_dst_last_pkt_time":1444570640399302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640406529,"pkt":"ABoRAAACABoRAAABCABFAAAotGpAAEAGXXcKCAABPm3geMe+AbssX3Bx06CPkFAQOQiEYgAA"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570640406648,"flow_dst_last_pkt_time":1444570640399302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406648,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570640406648,"flow_dst_last_pkt_time":1444570640399302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406648,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640406931,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640406931,"pkt":"ABoRAAACABoRAAABCABFAAAo2ZVAAEAGOEwKCAABPm3geMe\/Abvolh2MF2nidVAQOQiEYQAA"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570640407052,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640407052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570640407052,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640407052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640407386,"flow_dst_last_pkt_time":1444570640348304,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640407386,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGo40Khc4vUEpuRIKzAbsvtI0dAAAAAFAEAADXXQAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1444570640407983,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640407983,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1444570640408102,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640408102,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570640408223,"pkt":"ABoRAAACABoRAAABCABFAAEAO9pAAEAGNYcKCAABUEpuRILnAbv7u\/+EBEQAfVAYOQjgzQAAFgMBANMBAADPAwFWGmYQaUf4c9qAoNyA\/Wv7T0CEUJYDhQEnkMlpU0A7GyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640382255,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408223,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640382255,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408223,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640408448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640408448,"pkt":"ABoRAAACABoRAAABCABFAAAoAgxAABAGoC1QSm5ECggAAQG7gucERAB9+7wAXFAQ\/\/9hwQAA"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570640408569,"pkt":"ABoRAAACABoRAAABCABFAAEAsmRAAEAGvvwKCAABUEpuRILoAbtZhnZApnmJwVAYOQglNwAAFgMBANMBAADPAwFWGmYQn3y+Y635kayg0wLQlN\/9KaMadTF0LMgTLEN5tSBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640408732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640408732,"pkt":"ABoRAAACABoRAAABCABFAAAoAg1AABAGoCxQSm5ECggAAQG7guimeYnBWYZ3GFAQ\/\/9hwAAA"} -01843{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570640491206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":3697,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3697,"midstream":0,"thread_ts_usec":1444570640491206,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D","blocks":0}}} -01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640593166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570640593166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01802{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570640491206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":3697,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3697,"midstream":0,"thread_ts_usec":1444570640491206,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D","blocks":0}}} +01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640593166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570640593166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640698322,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570640698322,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1444570644691510,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570644691510,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669736143,"flow_dst_last_pkt_time":1444570669736143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669736143,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -272,69 +272,69 @@ 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1444570669745822,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669760020,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1444570669760287,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669760287,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570669760654,"pkt":"ABoRAAACABoRAAABCABFAABn0OpAAEAGQLgKCAABPm3geMfSAbvlsh8IGk3g+VAYOQh66wAAFgMBADoBAAA2AwE1744IWto6M0QCtsjP9fOG23xHxlWSJd969XnKXp6XHQAABAA1AP8BAAAJACMAAAAPAAEB"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669760654,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669760654,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669761708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669761708,"pkt":"ABoRAAACABoRAAABCABFAAAoAiRAABAGP74+beB4CggAAQG7x9IaTeD55bIfR1AQ\/\/+9FwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1444570669762448,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669762448,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570669762590,"pkt":"ABoRAAACABoRAAABCABFAABnQwRAAEAGzp4KCAABPm3geMfTAbvSW4zuLaRzE1AYOQhN4wAAFgMBADoBAAA2AwE4pMre7\/gDNHFUYUtdH4I+oIdCvO8Q22rK5cuvc6RHAwAABAA1AP8BAAAJACMAAAAPAAEB"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669762590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669762590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669763196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669763196,"pkt":"ABoRAAACABoRAAABCABFAAAoAiVAABAGP70+beB4CggAAQG7x9MtpHMT0luNLVAQ\/\/+9FgAA"} -01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570670676967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670676967,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570670730016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670730016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570670676967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670676967,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570670730016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670730016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672215106,"flow_dst_last_pkt_time":1444570672215106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570672215106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1444570672215106,"flow_dst_last_pkt_time":1444570672215106,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570672215106,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1444570672215106,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570672219041,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1444570672219386,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570672219386,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570672269788,"pkt":"ABoRAAACABoRAAABCABFAABnMYpAAEAGVVMKCAABQERpZ6HLAbsAQeF2\/74ei1AYOQieegAAFgMBADoBAAA2AwGjqRN4oMmUAvXJWDJ5WPEL71jxOoo9r1VB6+4PEHNUEQAABAA1AP8BAAAJACMAAAAPAAEB"} -01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570672269788,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570672269788,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672270226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570672270226,"pkt":"ABoRAAACABoRAAABCABFAAAoAjtAABAGtOFARGlnCggAAQG7ocv\/vh6LAEHhtVAQ\/\/9YWQAA"} -01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672626514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570672626514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01697{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672626514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570672626514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674487975,"flow_dst_last_pkt_time":1444570674487975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570674487975,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1444570674487975,"flow_dst_last_pkt_time":1444570674487975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570674487975,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1444570674487975,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570674499448,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1444570674500159,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570674500159,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570674600509,"pkt":"ABoRAAACABoRAAABCABFAADjCCBAAEAGeYsKCAABrfMAbtlxAbui3tn9XSEmBFAYOQgu1wAAFgMBALYBAACyAwF10XyjAsAxicBbHHpuW8T0LZqOxOyDfFNTQx6hPM8mVgAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570674600509,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570674600509,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674600804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570674600804,"pkt":"ABoRAAACABoRAAABCABFAAAoAkpAABAGsByt8wBuCggAAQG72XFdISYEot7auFAQ\/\/8bgQAA"} 02453{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570675008962,"flow_dst_last_pkt_time":1444570675008306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":10527,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":17665,"midstream":0,"thread_ts_usec":1444570675008962,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":142,"avg":339536.2,"max":2214636,"stddev":547768.4,"var":300050219008.0,"ent":3.7,"data": [14198,16626,142,3176,966820,968167,50625,52096,160025,217339,56893,151808,203416,506402,456173,506119,506174,257962,307348,51007,1799,210726,261737,55501,54303,51893,51311,2214636,2165090,3222,2890]},"pktlen": {"min":40,"avg":619.6,"max":10567,"stddev":1915.7,"var":3669828.5,"ent":2.5,"data": [60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40]},"bins": {"c_to_s": [13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.471673965,4.784184456,4.784183979,5.354527950,4.684184074,7.260420322,4.784183979,7.246551991,4.734184265,5.886437893,7.525208473,4.734184265,7.158136368,4.734184265,7.747338772,4.784183979,7.959521770,4.784183979,6.617527962,4.784183979,7.154652596,4.834184170,6.117394924,4.834184170,6.934138775,4.784184456,7.251028061,4.734184742,7.541121960,4.784183979,7.600737572,4.834183693]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570675110598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570675110598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570675110598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570675110598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 02427{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":675,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570675113022,"flow_dst_last_pkt_time":1444570675113218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":4673,"flow_dst_tot_l4_payload_len":3966,"midstream":0,"thread_ts_usec":1444570675113218,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":309,"avg":346901.8,"max":2270107,"stddev":598058.5,"var":357673959424.0,"ent":3.3,"data": [9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021]},"pktlen": {"min":40,"avg":310.6,"max":3947,"stddev":685.4,"var":469733.5,"ent":3.5,"data": [60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40]},"bins": {"c_to_s": [3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570675941714,"flow_dst_last_pkt_time":1444570675941714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570675941714,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1444570675941714,"flow_dst_last_pkt_time":1444570675941714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570675941714,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1444570675941714,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570675945842,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1444570675946782,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570675946782,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570675997260,"pkt":"ABoRAAACABoRAAABCABFAADjSaZAAEAGwloKCAABPm3lnsp5AbteGJvWoedkK1AYOQjWkQAAFgMBALYBAACyAwEHq+X4OM58pZkulReYFtDW\/RDKtfBfQqv2TASThhAOCAAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570675997260,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570675997260,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675997731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570675997731,"pkt":"ABoRAAACABoRAAABCABFAAAoAnBAABAGOkw+beWeCggAAQG7ynmh52QrXhickVAQ\/\/+0zgAA"} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570679512700,"flow_dst_last_pkt_time":1444570679512700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570679512700,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1444570679512700,"flow_dst_last_pkt_time":1444570679512700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570679512700,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1444570679512700,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570679516479,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1444570679516623,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570679516623,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570679526515,"pkt":"ABoRAAACABoRAAABCABFAADjdLlAAEAGDPIKCAABrfMAbtl1Abugj6dvX3BYklAYOQi67gAAFgMBALYBAACyAwE3afvT656oHHNlOl3\/S5vQra3qbarVhBS8TCkcXn\/60QAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570679526515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570679526515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679526722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570679526722,"pkt":"ABoRAAACABoRAAABCABFAAAoAplAABAGr82t8wBuCggAAQG72XVfcFiSoI+oKlAQ\/\/8bfQAA"} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":737,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570680082130,"flow_dst_last_pkt_time":1444570680091160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570680091160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":737,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570680082130,"flow_dst_last_pkt_time":1444570680091160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570680091160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":759,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570668729335,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570688887871,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693238349,"flow_dst_last_pkt_time":1444570693238349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570693238349,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1444570693238349,"flow_dst_last_pkt_time":1444570693238349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570693238349,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1444570693238349,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570693244944,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1444570693245402,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570693245402,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570693297839,"pkt":"ABoRAAACABoRAAABCABFAADjLORAAEAGVMcKCAABrfMAbtl3AbsPD\/XX8PAKKlAYOQjZZAAAFgMBALYBAACyAwFP3AbhLhTWOx1T12yIPxjjHHkav2YDbjvETRMnoVMoSgAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570693297839,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570693297839,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693298648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570693298648,"pkt":"ABoRAAACABoRAAABCABFAAAoAxJAABAGr1St8wBuCggAAQG72Xfw8AoqDw\/2klAQ\/\/8bewAA"} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":773,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693766903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570693766903,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":773,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693766903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570693766903,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570694561618,"flow_dst_last_pkt_time":1444570694561618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570694561618,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1444570694561618,"flow_dst_last_pkt_time":1444570694561618,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570694561618,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1444570694561618,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570694564407,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1444570694564543,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570694564543,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570694614759,"pkt":"ABoRAAACABoRAAABCABFAADj02tAAEAGOJUKCAABPm3lnsp\/AbubwQrRZD71MFAYOQigvgAAFgMBALYBAACyAwGiAbZfNeJzK4ep+8FP1757rfliUbGs5JPyfYBIT\/aU1QAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570694614759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570694614759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694615065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570694615065,"pkt":"ABoRAAACABoRAAABCABFAAAoAyxAABAGOZA+beWeCggAAQG7yn9kPvUwm8ELjFAQ\/\/+0yAAA"} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699074033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699074033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699074033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699074033,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077509,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1444570699077833,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077833,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570699079240,"pkt":"ABoRAAACABoRAAABCABFAAEAOjxAAEAGnrQKCAABNvEgDrSDAbvRQeFILr4euVAYOQhpTwAAFgMBANMBAADPAwFWGmZLJysQyU55el0fA2qHtq46\/QtJIPLxFEGaenjG8gAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABgAAAAGAAWAAATYXBpLmNyaXR0ZXJjaXNtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699079481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699079481,"pkt":"ABoRAAACABoRAAABCABFAAAoA2ZAABAGBmM28SAOCggAAQG7tIMuvh650UHiIFAQ\/\/+XtAAA"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699096723,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699096723,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} @@ -352,16 +352,16 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699212387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699212387,"pkt":"ABoRAAACABoRAAABCABFAAAoA2tAABAGIdNOLu1bCggAAQBQ6W3tNUJ0Esq+21AQ\/\/9\/NAAA"} 01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699202178,"flow_dst_last_pkt_time":1444570699445643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699445643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} 01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699101872,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699469003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699469003,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} -01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01685{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} +01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699916083,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699916083,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699917636,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1444570699917753,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699917753,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570699968023,"pkt":"ABoRAAACABoRAAABCABFAAEAM+tAAEAGPXYKCAABUEpuRIMPAbsBc+gn\/owX2lAYOQhMegAAFgMBANMBAADPAwFWGmZL3uOMxVToaE\/p7S\/f3l0TPSF72MmK+MgBnG9FXiBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699968023,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699968023,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699968436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699968436,"pkt":"ABoRAAACABoRAAABCABFAAAoA3pAABAGnr9QSm5ECggAAQG7gw\/+jBfaAXPo\/1AQ\/\/9hmQAA"} -01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570700123146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700123146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":867,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570700123146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700123146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700561150,"flow_dst_last_pkt_time":1444570700561150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700561150,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1444570700561150,"flow_dst_last_pkt_time":1444570700561150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570700561150,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1444570700561150,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700563231,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"} @@ -371,37 +371,37 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1444570700565371,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700565371,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1444570700565470,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700565470,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570700615658,"pkt":"ABoRAAACABoRAAABCABFAAEAd7hAAEAG+agKCAABUEpuRIMRAbsN6aun8hZUWlAYOQiQtAAAFgMBANMBAADPAwFWGmZMED4A5Nh17gO7bSCRkq5lMHNAG46Z4njZWjB\/3CBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700615658,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700615658,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700615826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700615826,"pkt":"ABoRAAACABoRAAABCABFAAAoA4tAABAGnq5QSm5ECggAAQG7gxHyFlRaDemsf1AQ\/\/9hlwAA"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570700616161,"pkt":"ABoRAAACABoRAAABCABFAAEACydAAEAGZjoKCAABUEpuRIMSAbsmf9c42YAoyVAYOQhPIgAAFgMBANMBAADPAwFWGmZMUiXWlfiAkM3TLt+8m\/rKGRmXBLOAMg7wv4yATyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700616161,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700616161,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700616245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700616245,"pkt":"ABoRAAACABoRAAABCABFAAAoA4xAABAGnq1QSm5ECggAAQG7gxLZgCjJJn\/YEFAQ\/\/9hlgAA"} -01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700767052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700767240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700767052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700767240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712008198,"flow_dst_last_pkt_time":1444570712008198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570712008198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1444570712008198,"flow_dst_last_pkt_time":1444570712008198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570712008198,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1444570712008198,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570712012584,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1444570712013209,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570712013209,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570712016521,"pkt":"ABoRAAACABoRAAABCABFAADjBP5AAEAGfK0KCAABrfMAbtmHAbtwYOR4j58biVAYOQiiYgAAFgMBALYBAACyAwGU3Odz\/vfsiokT464lK0c\/\/ta9zx7QCCoXHtBhwwrAhAAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570712016521,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570712016521,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712016964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570712016964,"pkt":"ABoRAAACABoRAAABCABFAAAoA7tAABAGrqut8wBuCggAAQG72YePnxuJcGDlM1AQ\/\/8bawAA"} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":949,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570713707778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570713707778,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":949,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570713707778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570713707778,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713719932,"flow_dst_last_pkt_time":1444570713719932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570713719932,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1444570713719932,"flow_dst_last_pkt_time":1444570713719932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570713719932,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1444570713719932,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570713727956,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1444570713730352,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570713730352,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570713734065,"pkt":"ABoRAAACABoRAAABCABFAAEAm6BAAEAG1cAKCAABUEpuRIMXAbuTJntHbNmEulAYOQhTzAAAFgMBANMBAADPAwFWGmZZuBzwgmCJdcmTjbwZnC8oKUidI7QzbitGwcbpgSBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":962,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570713734065,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":962,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570713734065,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713734643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570713734643,"pkt":"ABoRAAACABoRAAABCABFAAAoA8RAABAGnnVQSm5ECggAAQG7gxds2YS6kyZ8H1AQ\/\/9hkQAA"} -01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570715238965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570715238965,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570715238965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570715238965,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716599098,"flow_dst_last_pkt_time":1444570716599098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570716599098,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1444570716599098,"flow_dst_last_pkt_time":1444570716599098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570716599098,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1444570716599098,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570716603330,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1444570716604060,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570716604060,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570716610502,"pkt":"ABoRAAACABoRAAABCABFAADjldhAAEAGdigKCAABPm3lnsqRAbsgVHeD36uIflAYOQieBgAAFgMBALYBAACyAwH2mTMdHJrmw7XGFaYthT2kGUSX+T\/uNQ3U\/xVLblVUyQAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":990,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570716610502,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":990,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570716610502,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716610944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570716610944,"pkt":"ABoRAAACABoRAAABCABFAAAoA9JAABAGOOo+beWeCggAAQG7ypHfq4h+IFR4PlAQ\/\/+0tgAA"} -01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570717923568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570717923568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01700{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570717923568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570717923568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570718801686,"flow_src_last_pkt_time":1444570718801686,"flow_dst_last_pkt_time":1444570718801686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570718801686,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1444570718801686,"flow_dst_last_pkt_time":1444570718801686,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1444570718801686,"pkt":"ABoRAAACABoRAAABCABFAAAk4zFAAEARKYMKCAABPm3lnso8IygAEONTAQAAAAAAAAE="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1444570718801686,"flow_dst_last_pkt_time":1444570718921691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1444570718921691,"pkt":"ABoRAAACABoRAAABCABFAAAkA95AABARONc+beWeCggAASMoyjwAEESbAgAAAAC4nQE="} @@ -419,7 +419,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1444570733095720,"flow_dst_last_pkt_time":1444570732090067,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570733095720,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1444570733095720,"flow_dst_last_pkt_time":1444570733103855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570733103855,"pkt":"ABoRAAACABoRAAABCABFAAAoA+xAABAGPfY+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1444570733104129,"flow_dst_last_pkt_time":1444570733103855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570733104129,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/1AAEAGidAKCAABPm3geMf2AbvHvWEvAAAAAKACOQgLHwAAAgQFtAQCCAoATOgAAAAAAAEDAwY="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1444570732086555,"flow_src_last_pkt_time":1444570733112697,"flow_dst_last_pkt_time":1444570733111880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570733112697,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1444570732086555,"flow_src_last_pkt_time":1444570733112697,"flow_dst_last_pkt_time":1444570733111880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570733112697,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1074,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738415965,"flow_dst_last_pkt_time":1444570738415965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738415965,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1444570738415965,"flow_dst_last_pkt_time":1444570738415965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570738415965,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1444570738415965,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738418908,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"} @@ -429,12 +429,12 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1444570738422731,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738422731,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1444570738422892,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738422892,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570738424345,"pkt":"ABoRAAACABoRAAABCABFAABnpaBAAEAGbAIKCAABPm3geMf6AbsEHk9D++GwvlAYOQh\/zQAAFgMBADoBAAA2AwHh7e2VL35m23t1WU\/32VTucYT8nOT5NyMFMmtQATYTFwAABAA1AP8BAAAJACMAAAAPAAEB"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738424345,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738424345,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738424731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738424731,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/FAABAGPfE+beB4CggAAQG7x\/r74bC+BB5PglAQ\/\/+87wAA"} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570738426143,"pkt":"ABoRAAACABoRAAABCABFAABneOtAAEAGmLcKCAABPm3geMf7AbvAYZI2P55ty1AYOQia+QAAFgMBADoBAAA2AwFlZ\/2gy5EJcUBexsWY6X0\/hsP+2A782vGEfEVj8EbqUwAABAA1AP8BAAAJACMAAAAPAAEB"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738419074,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738426143,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738419074,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738426143,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738426631,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738426631,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/JAABAGPfA+beB4CggAAQG7x\/s\/nm3LwGGSdVAQ\/\/+87gAA"} -01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1092,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570740300724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570740300724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01699{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1092,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570740300724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570740300724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1109,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570733113725,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570741466310,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -449,7 +449,7 @@ 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570640345761,"flow_dst_last_pkt_time":1444570639251010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636961710,"flow_dst_last_pkt_time":1444570636898687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6221,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570639257331,"flow_dst_last_pkt_time":1444570638211737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6157,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01192{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570670369848,"flow_dst_last_pkt_time":1444570670371970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570670373481,"flow_dst_last_pkt_time":1444570670373944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":50,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570738301094,"flow_dst_last_pkt_time":1444570704270773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":9593,"flow_dst_tot_l4_payload_len":4003,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -460,7 +460,7 @@ 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570690937763,"flow_dst_last_pkt_time":1444570690940588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570709696086,"flow_dst_last_pkt_time":1444570709697460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":21,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570737975878,"flow_dst_last_pkt_time":1444570724068036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":378,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":2973,"flow_dst_tot_l4_payload_len":4667,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01046{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1444570719041198,"flow_src_last_pkt_time":1444570720045734,"flow_dst_last_pkt_time":1444570719047347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01153{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1444570719041198,"flow_src_last_pkt_time":1444570720045734,"flow_dst_last_pkt_time":1444570719047347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00772{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1444570719041198,"flow_src_last_pkt_time":1444570720045734,"flow_dst_last_pkt_time":1444570719047347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570638236318,"flow_dst_last_pkt_time":1444570638237176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640284770,"flow_src_last_pkt_time":1444570645699944,"flow_dst_last_pkt_time":1444570645701285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -471,11 +471,11 @@ 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570694561091,"flow_dst_last_pkt_time":1444570694561429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":1184,"flow_dst_tot_l4_payload_len":4163,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570716597084,"flow_dst_last_pkt_time":1444570716597765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":1184,"flow_dst_tot_l4_payload_len":4163,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570640382255,"flow_src_last_pkt_time":1444570699864721,"flow_dst_last_pkt_time":1444570699865096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01080{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570699915685,"flow_dst_last_pkt_time":1444570699915948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570700460758,"flow_dst_last_pkt_time":1444570700460696,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":342,"flow_src_tot_l4_payload_len":905,"flow_dst_tot_l4_payload_len":471,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570713718387,"flow_dst_last_pkt_time":1444570713719355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":418,"flow_src_tot_l4_payload_len":828,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01080{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570713708611,"flow_dst_last_pkt_time":1444570713710887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570715292587,"flow_dst_last_pkt_time":1444570715293172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":882,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01183{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570699915685,"flow_dst_last_pkt_time":1444570699915948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01185{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570700460758,"flow_dst_last_pkt_time":1444570700460696,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":342,"flow_src_tot_l4_payload_len":905,"flow_dst_tot_l4_payload_len":471,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01185{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570713718387,"flow_dst_last_pkt_time":1444570713719355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":418,"flow_src_tot_l4_payload_len":828,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01183{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570713708611,"flow_dst_last_pkt_time":1444570713710887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570715292587,"flow_dst_last_pkt_time":1444570715293172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":882,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570640403901,"flow_dst_last_pkt_time":1444570640268632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":5352,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640310108,"flow_src_last_pkt_time":1444570645705710,"flow_dst_last_pkt_time":1444570645707930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570640344797,"flow_dst_last_pkt_time":1444570639237539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2842,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -484,10 +484,10 @@ 00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":2,"flow_first_seen":1444570718801686,"flow_src_last_pkt_time":1444570739041892,"flow_dst_last_pkt_time":1444570719039150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"Webex","proto_id":"141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":2,"flow_first_seen":1444570718801686,"flow_src_last_pkt_time":1444570739041892,"flow_dst_last_pkt_time":1444570719039150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570642072869,"flow_dst_last_pkt_time":1444570642071950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3697,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":4403,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":47,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570630376197,"flow_dst_last_pkt_time":1444570630325666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17680,"flow_src_tot_l4_payload_len":8928,"flow_dst_tot_l4_payload_len":78158,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} -01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570630162612,"flow_dst_last_pkt_time":1444570630112026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":3283,"flow_dst_tot_l4_payload_len":103369,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} -01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628618984,"flow_dst_last_pkt_time":1444570628619392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628568018,"flow_dst_last_pkt_time":1444570628568372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":47,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570630376197,"flow_dst_last_pkt_time":1444570630325666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17680,"flow_src_tot_l4_payload_len":8928,"flow_dst_tot_l4_payload_len":78158,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} +01249{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570630162612,"flow_dst_last_pkt_time":1444570630112026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":3283,"flow_dst_tot_l4_payload_len":103369,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} +01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628618984,"flow_dst_last_pkt_time":1444570628619392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628568018,"flow_dst_last_pkt_time":1444570628568372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570633204836,"flow_dst_last_pkt_time":1444570633140171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":8394,"flow_src_tot_l4_payload_len":1423,"flow_dst_tot_l4_payload_len":23537,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01210{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":19,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570635974432,"flow_dst_last_pkt_time":1444570635923915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":8847,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":39451,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570640346348,"flow_dst_last_pkt_time":1444570639263789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -497,7 +497,7 @@ 01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570645703037,"flow_dst_last_pkt_time":1444570645704812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01203{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570633205058,"flow_dst_last_pkt_time":1444570633137443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":3643,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570639255598,"flow_dst_last_pkt_time":1444570638202080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6168,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1110/1110 ~~ skipped flows.............: 0 @@ -506,9 +506,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973042 bytes -~~ total memory freed........: 7973042 bytes -~~ total allocations/frees...: 116284/116284 +~~ total memory allocated....: 8551012 bytes +~~ total memory freed........: 8551012 bytes +~~ total allocations/frees...: 128028/128028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 2458 chars diff --git a/test/results/default/websocket-chisel-ssh.pcap.out b/test/results/default/websocket-chisel-ssh.pcap.out new file mode 100644 index 000000000..32a706691 --- /dev/null +++ b/test/results/default/websocket-chisel-ssh.pcap.out @@ -0,0 +1,32 @@ +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1736499612067222} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736499612067222,"flow_src_last_pkt_time":1736499612067222,"flow_dst_last_pkt_time":1736499612067222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736499612067222,"l3_proto":"ip4","src_ip":"172.18.82.242","dst_ip":"172.18.82.243","src_port":41986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1736499612067222,"flow_dst_last_pkt_time":1736499612067222,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736499612067222,"pkt":"+A6OkVFv+OTjyhVrCABFAAA81hRAAEAGZp2sElLyrBJS86QCAFCGekYjAAAAAKAC\/9zZCQAAAgQFHgQCCAqQcnBCAAAAAAEDAwc="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1736499612067222,"flow_dst_last_pkt_time":1736499612280156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1736499612280156,"pkt":"AOTjyhVrAA6OkVFvCABFAAA8AABAADMGSbKsElLzrBJS8gBQpAKDtgcNhnpGJKAS\/ohS8AAAAgQFHgQCCAq9BT+TkHJwQgEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1736499612280226,"flow_dst_last_pkt_time":1736499612280156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736499612280226,"pkt":"AA6OkVFv+OTjyhVrCABFAAA01hVAAEAGZqSsElLyrBJS86QCAFCGekYkg7YHDoAQAgB82gAAAQEICpBycRe9BT+T"} +00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1736499612280719,"flow_dst_last_pkt_time":1736499612280156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1736499612280719,"pkt":"AA6OkVFv+OTjyhVrCABFAAET1hZAAEAGZcSsElLyrBJS86QCAFCGekYkg7YHDoAYAgB\/cQAAAQEICpBycRe9BT+TR0VUIC8gSAdUUC8xLjENCkhvc3Q6IHNvbWV0aGluZzEudGxkOjgwDQpVc2VyLUFnZW50OiBHby1odHRwLWNsaWVudC8xLjENCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBjRDFQZTlnaDlpZkhGQkVVZXhPa3p3PT0NClNlYy1XZWJTb2NrZXQtUHJvdG9jb2w6IGNoaXNlbC12Mw0KU2VjLVdlYlNvY2tldC1WZXJzaW9uOiAxMw0KVXBncmFkZTogd2Vic29ja2V0DQoNCg=="} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1736499612067222,"flow_src_last_pkt_time":1736499612280719,"flow_dst_last_pkt_time":1736499612280156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1736499612280719,"l3_proto":"ip4","src_ip":"172.18.82.242","dst_ip":"172.18.82.243","src_port":41986,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"something1.tld","domainame":"something1.tld","http": {}}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736499612587861,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":181,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.243","dst_ip":"172.18.82.242","src_port":80,"dst_port":51634,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"thread_ts_usec":1736499612587861,"pkt":"+OTjyhVrAA6OkVFvCABFAADp8nxAADMGVoisElLzrBJS8gBQybKDtgcOhnpHA4AYAfwdaQAAAQEICr0FQKCQcnEXSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClNlcnZlcjogbmdpbngNCkRhdGU6IEZyaSwgMTAgSmFuIDIwMjUgMDk6MDA6MTIgR01UDQpDb25uZWN0aW9uOiB1cGdyYWRlDQpVcGdyYWRlOiB3ZWJzb2NrZXQNClNlYy1XZWJTb2NrZXQtQWNjZXB0OiB1VWNwdXRYaFRqeVJ6ZWtCb3NwNVpEWnZsb0U9DQoNCg=="} +01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1736499612587861,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":181,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.243","dst_ip":"172.18.82.242","src_port":80,"dst_port":51634,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1736499612587861,"pkt":"+OTjyhVrAA6OkVFvCABFAABM8n1AADMGVySsElLzrBJS8gBQybKDtgfDhnpHA4AYAfxLkgAAAQEICr0FQKCQcnEXghZTU0gtY2hpc2VsLXYzLXNlcnZlcg0K"} +01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1736499612587861,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.243","dst_ip":"172.18.82.242","src_port":80,"dst_port":51634,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1736499612280719,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1736499612587861,"pkt":"+OTjyhVrAA6OkVFvCABFAAA08ntAADMGVz6sElLzrBJS8gBQpAKDtgcOhnpHA4AQAfx68wAAAQEICr0FQJ+QcnEX"} +01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1736499612067222,"flow_src_last_pkt_time":1736499612280719,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":181,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.242","dst_ip":"172.18.82.243","src_port":41986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"56": {"risk":"Obfuscated Traffic","severity":"High","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"something1.tld"}} +01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1736499612587861,"flow_src_last_pkt_time":1736499612587861,"flow_dst_last_pkt_time":1736499612587861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1736499612587861,"l3_proto":"ip4","src_ip":"172.18.82.243","dst_ip":"172.18.82.242","src_port":80,"dst_port":51634,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/websocket-chisel-ssh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":9,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1736499612587861} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 9/9 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 633 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7488020 bytes +~~ total memory freed........: 7488020 bytes +~~ total allocations/frees...: 125896/125896 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 558 chars +~~ json message max len.......: 1235 chars +~~ json message avg len.......: 894 chars diff --git a/test/results/default/websocket.pcap.out b/test/results/default/websocket.pcap.out index 0bb76775c..d1c363d14 100644 --- a/test/results/default/websocket.pcap.out +++ b/test/results/default/websocket.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1475155931028697} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1475155931028697} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1475155931028697,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -8,7 +8,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1475155946903705,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1475156008638608,"pkt":"AAwpij2nAFBWwAAICABFAAA9BeZAAEAGXPzAqCsBwKgrh8c3MDnJ1LFpPIpUtFAYP+K7sAAAgY+3zv1X36uRO9juijLVvZI03KuJ"} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1475156008657690,"pkt":"AFBWwAAIAAwpij2nCABFAABf27ZAAEAGhwnAqCuHwKgrATA5xzc8ilS0ydSxflAYAO0H8wAAgTUyMTozNDo1MyAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IGhlbGxvIHdlYnNvY2tldA=="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":39,"midstream":1,"thread_ts_usec":1475156008657690,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1475156008657690} +00840{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1475156008657690} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909806 bytes -~~ total memory freed........: 6909806 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7487402 bytes +~~ total memory freed........: 7487402 bytes +~~ total allocations/frees...: 125874/125874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 556 chars ~~ json message max len.......: 978 chars diff --git a/test/results/default/wechat.pcap.out b/test/results/default/wechat.pcap.out index d68c7f546..62a61bdf6 100644 --- a/test/results/default/wechat.pcap.out +++ b/test/results/default/wechat.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492167337792745} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1492167337792745} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":604,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167337792745,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_usec":1492167337792745,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167337792797,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} @@ -25,10 +25,10 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1492167342893680,"flow_dst_last_pkt_time":1492167342941852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167342941852,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8xIIAADIGPqOs2RYOwKgBZwG7lwHnJuhS57I\/mKASpajHRwAAAgQFZAQCCApd2bi8ADCwEQEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1492167342941899,"flow_dst_last_pkt_time":1492167342941852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167342941899,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4dAAEAGJkbAqAFnrNkWDpcBAbvnsj+Y5yboU4AQAOWaewAAAQEICgAwsB1d2bi8"} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1492167342942107,"flow_dst_last_pkt_time":1492167342941852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1492167342942107,"pkt":"8IQvSpdgeJKcD6iOCABFAAESj4hAAEAGJWfAqAFnrNkWDpcBAbvnsj+Y5yboU4AYAOXwqgAAAQEICgAwsB1d2bi8FgMBANkBAADVAwNGweD9NUKL5AVTYyYP+mu6+yZ5eVPxgI+DpY7zF4i1IwAAIEpKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAjOrqAAD\/AQABAAAAACcAJQAAInNhZmVicm93c2luZy5nb29nbGV1c2VyY29udGVudC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGPr6AAEA"} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167342942107,"flow_dst_last_pkt_time":1492167342941852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167342942107,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com","domainame":"safebrowsing.googleusercontent.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167342942107,"flow_dst_last_pkt_time":1492167342941852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167342942107,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com","domainame":"safebrowsing.googleusercontent.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1492167342942107,"flow_dst_last_pkt_time":1492167342994339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167342994339,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0xKkAADIGPoSs2RYOwKgBZwG7lwHnJuhT57JAdoAQAVSY+QAAAQEICl3ZuPEAMLAd"} -01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167342942107,"flow_dst_last_pkt_time":1492167342995064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1492167342995064,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com","domainame":"safebrowsing.googleusercontent.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -02428{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167342997482,"flow_dst_last_pkt_time":1492167342997934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":4212,"midstream":0,"thread_ts_usec":1492167342997934,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com","domainame":"safebrowsing.googleusercontent.com","tls": {"version":"TLSv1.2","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53","blocks":0}}} +01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167342942107,"flow_dst_last_pkt_time":1492167342995064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1492167342995064,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com","domainame":"safebrowsing.googleusercontent.com","tls": {"version":"TLSv1.2","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +02387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167342893680,"flow_src_last_pkt_time":1492167342997482,"flow_dst_last_pkt_time":1492167342997934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":4212,"midstream":0,"thread_ts_usec":1492167342997934,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleusercontent.com","domainame":"safebrowsing.googleusercontent.com","tls": {"version":"TLSv1.2","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53","blocks":0}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167345896252,"flow_src_last_pkt_time":1492167345896252,"flow_dst_last_pkt_time":1492167345896252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167345896252,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1492167345896252,"flow_dst_last_pkt_time":1492167345896252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167345896252,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5hAAEAGF5PAqAFn2DrNTroLAbv4cm+uICz91YAQATUbzAAAAQEICgAwswD2qQZf"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167345896311,"flow_src_last_pkt_time":1492167345896311,"flow_dst_last_pkt_time":1492167345896311,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167345896311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -44,7 +44,7 @@ 01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167350333752,"flow_src_last_pkt_time":1492167350333752,"flow_dst_last_pkt_time":1492167350372335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1492167350372335,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.23.67,ttl=29"]}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167350385726,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167350385726,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167350385726,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivyhAAEAR8DbAqAFnrNkXQ8kzAbsFThBpDTHWY7YNkySLUTAzNQEAZRP82mbzhTNOuyagAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167350385726,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167350385726,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64","quic_version":"Q035"}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167350385726,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167350385726,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","quic": {"quic_version":"Q035"}}} 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1492167350386186,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1492167350386186,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCvylAAEAR9BXAqAFnrNkXQ8kzAbsBbud7DTHWY7YNkySLUTAzNQLvwr0xyGRZ7meDZlovLzVjAbbzC3jR2f2rSyaEQR29GdHUR3g0xdsFTdTip7X1Nnsf4tYU5MBGkSRYowzYqBAgeAEueiV49O5ngVqvp6AacuKzAzgJV3z622EcXJUEyhTJ+nOIANjFkaDTQTI+jdNEu4FfF\/TnyxM++AGJ3to5M6SWYBz2BeCP\/OGMSC7yUukPIe4sRQeIQcXq+IYSj3PAlHKxZT8HDRP7kjwgghqQy0grhbmgn+9HaZmoQLo9gu4ijkDWy6wUW+W8oMWbJ3Ky6wEFXzApvzV\/FZNjJh6PDtkHubM5JHhhh00iIakeLzopZrU7PnZst39suCb9JKpUYtFvmoJnG3+X2ld76667v+kx3ZpHcdgXPlvpm8rm+2k6Em\/vgF23i7kHM9aRW5K+1InNa4QsADwuokzDCUylLbXZYixDaZtGruoPUyaIkf6OjyLbS2SNBQ=="} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1492167350462573,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167350462573,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivzBAAEAR8C7AqAFnrNkXQ8kzAbsFTm8mDTHWY7YNkySLUTAzNQMCK\/NUmHquSjxA+X2gAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1492167350462573,"flow_dst_last_pkt_time":1492167350488480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167350488480,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7yTMFTuPKBNtpRNeisKdzzqqB80k\/RvEcLV+eNstooOP26jQwiV8kAUkwPIMgeBmjqFkk1eZa85ntkHHKG5sLS2nvF5TmkUr+if921Zg1I0\/4gCajXiftZ1cQ7HzDlknoAxBMi+AaCHBUPnPHivZkyl4iSGvXlnHgng3\/7naBjCDqlDK6F+CuxkK8R8D3zCSfpOaKQGBLlchz5S+hCTIwqEd99ts2qf\/5eNYdL5VkMpB5nPqZijuHeZKsbAA\/ctrAa2iT4JB48UuOXvpg5wOCy\/anBkev1fI+1TTLsBMyhp3HjpYh2aKJvkMCmiRctHYEQnmaEMBwOlLcCDMzXUr6cVbELb2ipeNilNIPUR6fbRTICFCh\/dLk8Z8s4+2+q+YRvL47cij8qjU\/MSP\/JdAcQdXgf4J1moMV\/HD76jtK\/q6K2AELbJTL7zlTXQDvl7lhybUqmS8n2wO6ChZ8mkKRPXTTl52a1+v\/t94S8AMxF3uAvJ9f0fJ\/ZMEI3IZ6O7qMEGehlJFUg6ku3WOM+3kE9ZCniZ1GxLmVMmc7+ELA+4BU071ElcmB0cNHc3igocgwlfnuRZX3+k22dSiwenP+A9\/TUyzBAHrcaRXwxtrkUB5nhrAwxJ7sXU8h0m3RmPoZeSXzzc9FxpQ5MJBVfPZ2nvgM8SZWj76Mbmfae4W0Y5pSAxeitiyz6e\/pvVhOlpfDYK7FaYxKn1bgfQne5NYXwxOjjO8qXjZbyhi6U1yf0AFPol4fV4k6ffTGHaG+993EhQAEInqFjs5KLpUuYY0UmCTl9cNR7U0ln37rA4ek3m2s0HjMh2LjsowbaeOmpJRUN6KZp0r5FoNKL2Rbyy6azhyGhinEk2F7Nx7T7OFc8qzh5U88cLdGwsiClMeV++e44EyVBwnyLUnGa79agiHRfcH8uQeFO2JdRvD8m0OGuY\/X4Xq2M9cudkHEZSL9Cvaxgr19m\/Ehm6WWrLrr5ou2qkcyHZ3odgdmbvlBOkYXAqUw1OB0DtQD3U6wTXoHGqO0PM1\/UtTkXAr1qpn86JcvZn\/ynpf2O5qdTtcOKebDq3DgNLkK0T9cm1y1rD4T88uFzlXeHlJh99mdpFsPJ+vFVCQJPwP7vqfT71mINa6\/Pb0Q7bplVWYi1b+UplNOm7yEjJaBRU8Bhv5Pxyh091JSaVecSM2kcDi5U\/hakzgazrriEloDM0v4i1dEuq0I7ZBLcjJFITvSi14YlRX8vKn4kLmPQ3\/oteLhKPRWjTUKm67b08p+Rv8wo6\/ZnvVJVK\/7YJnm2usF3Wz7NfPzR6ckRZ7uYkJZmfPh8\/VTMnabtN3diLkyqGe2ks0kfaaMAlrrWQhbKh5F1K\/LsLNpBub30iqBt5MUt5aEFkSBabvJWtjubQn6QyW8GVs2dFwnL\/CjJFVDk8+kRhzcqwTcIkUO4tw7WxxCUf0F3PNbBjXIBOJrChJ1p3uBHljOGy2Dh0DxDK+EyF7GTnybbIRpeK2oedkfCEnpPpUi7IlpneqyneEiPOyp2oNCjVACBgL5+pYyFsR5gW6VnysncwXQfH26UNpBXtf5HwJr+NOuLicMNTiFrLT4hNvlLhb3HdSm4\/kbBpXefbUT++QhHN5PIPKN2F75i0fG4B9SKWDSWSc\/XO7Nr\/jOHdYwW3e+5zfODYV5lIC5IJtaSio5iRwf\/LvS2RbglFn3Jj94DvsSRYClnbw0fes8mzb2I5dE9C5wElePnvErieuDHTJLAwGVHurqwdlhGSdQnFmnpIjvps8w458iyTv63wjC\/7VPejnxfmCEmz3XcXd1WkP82S2K"} @@ -56,7 +56,7 @@ 01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167351026518,"flow_src_last_pkt_time":1492167351026518,"flow_dst_last_pkt_time":1492167351061131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1492167351061131,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleDocs","proto_id":"5.241","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"docs.google.com","domainame":"docs.google.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.198.46,ttl=217"]}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167351067458,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167351067458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167351067458,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibQVAAEARaA3AqAFn2DrGLuD3AbsFTsxKDU3ZCrKMtFhpUTAzNQFnbJE8FVI6Xr9TUAWgAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kb2NzLmdvb2dsZS5jb21yl6H2wP73bUTm\/HO\/L6W7bp3Xhczs9ysCSmeki\/j96A7sEoRFEAE+SB65YLwp5s+42jMDuJu4lkMvUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq3MDAwMDAwMDCSV1vE+gNbm7+W8XblWvpmJ\/49qGQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAt6rwWAAAAADtcasM4uYqOdGcPkgWTuPinp6tSgmHbpcCw+LDtPZmZuBaJu0QIw4bgS6gnY4km2fVf4E4bxQZEQJVfGW2\/zkLZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmueetXmAEAL+XPr519ndPJ3mPFBWs\/DigCPL0uG+UOo9PlVynP5lP7SYDz1bkGMXY1YNt3+9e\/xaovsHZwZUHeJNaLtZCflec\/IAM0fVlrvjwb6nbNCsXZz6\/cPg4kuVRS2mBg046WN6uU3IIy4QYEX9WeFcdSLySSFcZAp9Y92PScUgAJmXEYeE91IXZUb3jX3RMxTRdpIGidUSIrQaDk8neMszYOzIv3i7wAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167351067458,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167351067458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleDocs","proto_id":"188.241","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"docs.google.com","domainame":"docs.google.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64","quic_version":"Q035"}}} +01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167351067458,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167351067458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleDocs","proto_id":"188.241","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"docs.google.com","domainame":"docs.google.com","quic": {"quic_version":"Q035"}}} 01769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1492167351067660,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":969,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":969,"pkt_l4_len":935,"thread_ts_usec":1492167351067660,"pkt":"8IQvSpdgeJKcD6iOCABFAAO7bQZAAEARabPAqAFn2DrGLuD3AbsDp2YqDU3ZCrKMtFhpUTAzNQJxZNfHCC8u2f35luXQX7wk8+5+gy499Uo4Fg20rRdDDy5CsdXoRXrF+phU81nis1nRDRx09GXiKDxOppPR5wHoCPv6GGJ1a2aSeKMbWb+zwKTlNc+IgrbKFFqH047ViEQZsFLjifeqmjWw3kLjF9wuTO5xmTDc8NygVX92ZUjcWiRsZklVVPx3NbEThZxDUrne5HeS9hEKQhiWqsRNFsJ5ZewxcV+5cYvvBeYiQR+kS3f\/LZqZAjI6Q5gDCFVg4IVHBTbsdm3CNW6MkXX6Z21DpqBMIia1Z2wV8I9lmIjOLOKjoJcu+pem0sj3G6u1FBaJ6UzuToaeQVFoQV1B7THlLpcbWhfyxWuv5Vq5Nhbvz\/hy9e3GvHaPkX2Ap3unG8P22QcYcGd\/BWZtvoWlpacJDV2epOkkS7tt5wlFKOWfO8\/5Yu\/gJ5xuBFw7XGdmQknr+9LaS3e8wZiMR1ZfimH2Wrss8HcQEl9TcUi0OPt7hg4vPxA1umUMgAjxmP3GICQIJ8v3MSyfSe36zfbmMnzMFR+cZ4RVKOKFuZsig3U7Qla3oB3K2bziFfb7gRL+hERHc4YgKgGNFngj+oqw2jdkj\/RqXvOIZPBl74wKoDpJdAAu0pwpTpg0OYCvwu\/ep3j0WkfwnzYcwnEEOfrkyBT8sslKLByrPD6217xh62Bp0UxecAcjRSXYnXrLG4gF\/OklBRUl9MWf17862YoGJ6mbQ8Q1BCG\/ur1PzAt2\/FqJ05MHkwrkRVSHl4pDeBaR66Du4ZmV0GBx989HTukTQy\/3OGUKXjAXhJdjcsLd1jo\/K0yDhk26WE7HHoqWgHvMgQjGE2RFzuX36OVzPCIEOwd9oe0YVvAfM\/rVc9genM5Hy7Sv8mutamuMH7bROMktPGAdZ\/IFx5w4VWad64HIS2eSUBLGRLvosHNSRrNdfupAMBGIyjJeytCFI+Ljtgl1sqegx6JwAaGxpjS+ZJjXdtHKXMd1GSxa\/aZjv\/gLSgGEeQHgpM0w997OPOSc\/oXhrMG2H9dPnVY0gxfZjD+EVSDAUqgCePMf4Xk+wruAsQ37\/lHXudBmH90ljRj8ye51wbrJXjVUKo39iLcU6hZ05\/StCBdO\/xPb895mMSP5JnWfCWFSaYGQN4FQQYatRm1PasNLHcHWO0PLezKCDM2gsmrDE3X\/KwGBhJhce2KxIu1Tjfe9ZeVoyy0Oxy0Bb7O\/93ta"} 02346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1492167351067660,"flow_dst_last_pkt_time":1492167351121999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167351121999,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcR3XLYOsYuwKgBZwG74PcFTmzaBOou0Nigzud3ZaOudETm8GBczN7q3HxIUIOzVIoPsD73AQkDw5o48VPCPgxwE9bagOsfguW4BXFTqIT1IIV5ThjijbPacPMIeuYY+tLcR\/SESotUnfD6k31MBpngxATfGEoS3TSTc9aVt2BKPUkJNXTxIqajXh4z+2CjCT16kZiox8Qmel6o7NAeDdJDfOL+51L\/G92mnF40IupMo8kyn6Yeya9Ad1Q2D\/p2FAN4KbvETwnyCCrN\/3BzK6jhLgRMRUMpD76aZzYbZwTnnjn5cPWJgIaiNlEoyxA7CP6REtuotFUshn\/4\/Je7Jbm8GzbVpuThmCVdHsCKO9eQafmXETXyGPOX37U\/+RYvpidmrbPADR3IJ0YyPcE55eQPeQ3SLMLpJR+N0H26d91w3L3p89mtepH0NeIecXxbZcygXiO3ouImKiBH5Sols1nP6qAehqtyidEipR4ZPAV4Xw0h5rAYVjkhxL41hJnSJmoocaWAxV46W2QvJzsrabDi5M9SzvhRJAsPZZY4K6G5dvQpS2uzTzQOzxWkGBlQl7RRRgKZIcNK4yIcQD0yIGCwwoktA2Ld1Idk2Cu5os+Y7KXAeUWL4EghycwrRGckuLuUQjKt2wiWE8fO7O4\/Lv2VZCpq74PXu3G5CCkcU65VQJeeZrPt8UoeqowDQ+esOAIZ137WnNojv8+UsGDeg+xMKBRUrYaoT8ER8YifN6riDqUjipfNYkbEn8ucoDGqAIlyleAS5\/XHM13il1iRyxEOLilein7LTbUQNfwFOf8EzXgCnR+IpNR4wHUKNWXhmNPOYokIP23Sl\/FaC5yeTIvYRTQb\/x8mhYj\/WIs05PouLe9Pt+TRR3N2YyYcD4kqZDJk1bVFKuF7bqCGCM51z3lvURyUWHByifpl1Q0srxqBnb92qDujj+Ug5Hs9Ty\/kFB8qHvx1Dfq78jAeHz0fzz7AMlq+79RPkRIGLCbIkRGUTiiYKOqV8DW1cQsg\/KZWg+kdRSdfwb30mOCaUqILvOyhuHsdt\/VlQOncdoNcoPzCka952teJvpu3kHP0JF00GT6\/QgvMxqqvMT68gpqKr7VNH2JM4rMWfmQe7d70oO4rLXnu5+c5UkqU4+\/yoY+zdy1UMw3UYnE\/RB4x5v7QiQt4jRnCl6tLIdDw9lQg9IzEnVZzw2lt7lY+\/FC4dmux3GBahkU7C9wFjO9v95glXVXJsAYEhvS3wJvsdmH9ydK\/F3zD4bHe6QH8wln\/KtF+\/2hcmCsTO+QWhFCYnQytBu\/Dd7UqbnYMeu6CvYKHngUiBNqyzWOGJEUUIwiWru1HLQ+oi18IFAgJS2Pl99aG5LYQ83XtdOxJ4pO0nKlJ0xc1wx6vqc9D94XgPsJhPmRnKuyWzZTwOjFjJ4fG3PqBIeO52giJ97T6kI1ufnseC2DoOQ7mgmmkhk1xFPh\/iCEO2sH8\/yvC3ciJ3q1jHvS6trEx0psWwZhrcKMoj6uJQAqWOx\/4VMZblPtRO0JRK2sKrnR0AuXFvTgyJJXrSQnKCt4f0Ie08Z0FhokeNmZugGY11eoMg2b0Ohw1Gcl+Nco\/Mm0dOR0d0ZzowYYFQVn8Z1G5U0v2I0P+bjqBg\/Oft0VL\/uESmpcBS8+q9YYq03mdZfyrm0Wll6v2MrVZ+luVDiDPf+2zCNGMeJyqwXqCBY\/GUBtV\/ORVHwTg4O9+bDUiGoGMfoIrfv0WX52viV1sxsvodgKw\/K7R89paaPWnO6gRTKekrbX0nVKtcWseMnbmEds6efJmpuqUD3hZqUyUuRhdxz6a7pUXagTh"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1492167351122989,"flow_dst_last_pkt_time":1492167351121999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1492167351122989,"pkt":"8IQvSpdgeJKcD6iOCABFAABFbRRAAEARbRvAqAFn2DrGLuD3AbsAMQ6vDE3ZCrKMtFhpA7Y9jgNT0qCEjni6SuPZWM+AykfeqYgCOx\/sRFcfvEI="} @@ -85,32 +85,32 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1492167353687624,"flow_dst_last_pkt_time":1492167354049234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167354049234,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700mLgJvryODc86ASN8g1VAAAAgQFoAQCCApF8RJmADC6mwEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1492167354049274,"flow_dst_last_pkt_time":1492167354049234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167354049274,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmpAAEAGrtrAqAFny82XotNJAbvI4Nzzi4Cb7IAQAOWalAAAAQEICgAwuvZF8RJm"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1492167354049650,"flow_dst_last_pkt_time":1492167354049234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167354049650,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiZmtAAEAGrevAqAFny82XotNJAbvI4Nzzi4Cb7IAYAOVDAAAAAQEICgAwuvZF8RJmFgMBAOkBAADlAwMg8ecmhVvNIGBKxVKhOhJWIrAbXQB1XAVkfDWfr1I96iDQqVQUi2ekdsYx76vXfMv4reYubqyVUBJq1nTozJ\/kzAAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgqKgABAA=="} -01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167354049650,"flow_dst_last_pkt_time":1492167354049234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167354049650,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167354049650,"flow_dst_last_pkt_time":1492167354049234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167354049650,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1492167353937975,"flow_dst_last_pkt_time":1492167354296899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167354296899,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG700oogx9AoQ\/Rp6ASN8hHnAAAAgQFoAQCCApF8RKkADC62gEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1492167354296948,"flow_dst_last_pkt_time":1492167354296899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167354296948,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a31AAEAGqcfAqAFny82XotNKAbuhD9GnKIMfQYAQAOWs3QAAAQEICgAwuzRF8RKk"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1492167354049650,"flow_dst_last_pkt_time":1492167354427364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167354427364,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0iSlAAC0GnnvLzZeiwKgBZwG700mLgJvsyODd4YAQAHiZtAAAAQEICkXxEsUAMLr2"} -01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167354049650,"flow_dst_last_pkt_time":1492167354430928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167354430928,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167354430957,"flow_dst_last_pkt_time":1492167354487785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167354487785,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167354049650,"flow_dst_last_pkt_time":1492167354430928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167354430928,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167354430957,"flow_dst_last_pkt_time":1492167354487785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167354487785,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1492167355372539,"flow_dst_last_pkt_time":1492167354296899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167355372539,"pkt":"8IQvSpdgeJKcD6iOCABFAAEia35AAEAGqNjAqAFny82XotNKAbuhD9GnKIMfQYAYAOWR5gAAAQEICgAwvEFF8RKkFgMBAOkBAADlAwPQGPUQ73ic+7iVIAjQSjq5W05BxFF6D6kJRu\/s5h+d6yA3foG4i9pV6QeN41xMuSS6TypXmVvnRL5nSZVX0j3qogAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIGhoAHQAXABgaGgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167353937975,"flow_src_last_pkt_time":1492167355372539,"flow_dst_last_pkt_time":1492167354296899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167355372539,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167353937975,"flow_src_last_pkt_time":1492167355372539,"flow_dst_last_pkt_time":1492167354296899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167355372539,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1492167353674975,"flow_dst_last_pkt_time":1492167355388384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_usec":1492167355388384,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8NAAEAGcN3AqAFny82XotMqAbshWCCwT4FL\/oAYAchBqgAAAQEICgAwvEVF0aSGFwMDBJ8AAAAAAAAACSCXh69SRVNj7LxTHyTa29lyIMx5rUn\/Kbsx2RSLcx6h5Rof7MvhSBslxiMA7RM+grN19AFhFkb86ybE4QzYLqZogvxRJjzavJpiSw0h2JHTRLw5hxkIJT93\/hBnX4KXAJggRKu+zDGdqHHdv4fTutm2SVgm7d7YrX77rNoEa49Z7tjdE+lO2DuQkrDWrkIcPj0eYPzI9xDvhacp1zu+uHhR194mvhqvVQzKnG9JQA7M8yc34zhOP58E3OjjXwz3ELzMbE8lsUYni0FdVDzD5AHz2ZXkJTACi6epY43d8swMwJs750LtRYiDdf+30r4284+LeVd8LVUpJU\/rrav+ZKJhyQ9sw9XMWliErx\/Hsl\/5h3MZRKZeqbDE6P8CmhyiQOuweltYgaOp1rsNtfHpo493xewTpz5snn5PbRcKUqFF5M4r7lhwPPhIeVK4WOUH\/33+Sq98q7EPLrHMUFohSF90hiJaXtAj+rHVK1gMf9oOJW2ySdU7MX2DS86yuQ6kfFtJuGuxo1Cz6PJoomwid9YpsbBbTMx6m4z9l\/ny1t10Pd97BylHaTo6YBGXBgtaz8dbyFkkD5Nbk5dwtmaGlM9uIlF\/rv5c1A55dbIdj8naBbyQ7fTwTJFbjISBkJmpaQoU2kc\/zziP44xaoDUxaRt9Ry\/806C0HPovj+JC6hKAJhd7IU3lz1cd2EcOR09Ulbh6GcnGtGoIEgMSnOqlHSHFOvhwMJOgqMdjV4Ts3j6kz4nuUL7P9W38WCZ6Et6v6MCfJC1NHlb+BiknubpqgZZ7mM9\/dQzJwaHAVm1pExnTA0Qtn9u2w0Ob0wTvtwWHLqB8+w1X5lLgz+g0\/KazNnFwZsVC8NJt7gXfJimXlNiQyyoVZPRU5TsryE76p7eJsfK2K3vD+oV2xOy0odJivKdVU9d\/b0lN4vXAAJXGR8apbNgPqwivAZHIvQdWqFgNwio4MLv0L8zBSqiIiaIpEMDbJPlGf3NTa8KHL9KuF0\/XkvPuIqyQ1vikTJWv3M0PfnYGX\/91JwgIycN3X4tfAJPTYU1bJR8H9lqbTS68wW7e8n7Z9kn4BsSK8WdGfSG\/BGchlsNazeLO6dljFOzNH1Nb0yqv79UpRl3Kr1HkZo+mQcyTmdDq73MBTVTodPICJb5JR1YLjVlWLyhlubA3PMAZhd7v493hq7IuxuvrhHldQDGHsYcPZ0+ZYWLqkDletWw1l3zV0GxsjRhJ3s3iffY9XBpGE8EG39zicWNmnu8THVvBYw\/7ASp9iDFLWiJkigPswdmPFhkbbEWproj9M3h6bBS7Z9ohy6yUXPGG6RKTKX45Eg\/Pm2f3Y3bPQ15p4S5E260\/wYzmk6Pco8MZXXOtCrfsbgBU3U\/QFaYJziOi8kV14C9ocoOj7UNbOPlK4JGIThUQC22wBIoO4QcICqfGi12dFi3\/dZawWcVCDgNfdmaRqjA7vn2Ew3dMX8AfiCfUGFCye6yKRfSC\/KcvJGql1sIadq+izTaBp+jfWADKBhJTOB7x6VUd2Bs6qIc6mkvKSj4SxqM+NPNL5GVHDR9qjJ4H5zSi"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1492167355708813,"flow_dst_last_pkt_time":1492167355388384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167355708813,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0dwVAACwGsZ\/LzZeiwKgBZwG70ypPgUv+IVglVIAQAR3wRAAAAQEICkXRpoMAMLxF"} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1492167355714716,"flow_dst_last_pkt_time":1492167355388384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1492167355714716,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwZAACwGsNjLzZeiwKgBZwG70ypPgUv+IVglVIAYAR1S1AAAAQEICkXRpoQAMLxFFwMDAMGOrZUQQd+elO6yUWZaxB1XMRBaU5iIrSWBDYFMTBklza86ZAJ6mlfc+fSz1nangNwW6dDHehHKK9aovFSe8h\/p4B1XlNKo6T5XxbmSKu1Sbxvxyur1MrHjSISlyLPclpL0f6AhZsZEEcReSmOdovjdyShnPTyu0ybkZB4WFJHVgACkcFaPkTxnnNq1rLUf91oPxf\/kt+Uc1aHDCkMk\/Kcb18Ipw1elIOYbN1xUGZ7sM+yxphWAWHZg+LCttdBqRoJi"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167355723894,"flow_dst_last_pkt_time":1492167355723894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167355723894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1492167355723894,"flow_dst_last_pkt_time":1492167355723894,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167355723894,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8P4ZAAEAG1bbAqAFny82XotNLAbtsCoMeAAAAAKACchAveAAAAgQFtAQCCAoAMLyYAAAAAAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1492167355372539,"flow_dst_last_pkt_time":1492167355738109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167355738109,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0C01AAC4GG1jLzZeiwKgBZwG700oogx9BoQ\/SlYAQAHip5wAAAQEICkXxFAwAMLxB"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167353937975,"flow_src_last_pkt_time":1492167355372539,"flow_dst_last_pkt_time":1492167355743680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167355743680,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167353937975,"flow_src_last_pkt_time":1492167355743715,"flow_dst_last_pkt_time":1492167355744203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167355744203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167353937975,"flow_src_last_pkt_time":1492167355372539,"flow_dst_last_pkt_time":1492167355743680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167355743680,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167353937975,"flow_src_last_pkt_time":1492167355743715,"flow_dst_last_pkt_time":1492167355744203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167355744203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1492167355723894,"flow_dst_last_pkt_time":1492167356077508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167356077508,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700uz8YPYbAqDH6ASN8iq2QAAAgQFoAQCCApFrUFyADC8mAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1492167356077551,"flow_dst_last_pkt_time":1492167356077508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167356077551,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4dAAEAG1b3AqAFny82XotNLAbtsCoMfs\/GD2YAQAOUQHAAAAQEICgAwvPFFrUFy"} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1492167356077750,"flow_dst_last_pkt_time":1492167356077508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167356077750,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiP4hAAEAG1M7AqAFny82XotNLAbtsCoMfs\/GD2YAYAOVYrwAAAQEICgAwvPFFrUFyFgMBAOkBAADlAwPrb22xHnXa3171HQ\/x0N7leORqlrAubtrqrBze9\/ohpiA3foG4i9pV6QeN41xMuSS6TypXmVvnRL5nSZVX0j3qogAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8amoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIamoAHQAXABi6ugABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167356077750,"flow_dst_last_pkt_time":1492167356077508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167356077750,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167356077750,"flow_dst_last_pkt_time":1492167356077508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167356077750,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1492167353687624,"flow_src_last_pkt_time":1492167356095248,"flow_dst_last_pkt_time":1492167356095234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":5826,"flow_src_tot_l4_payload_len":4717,"flow_dst_tot_l4_payload_len":16498,"midstream":0,"thread_ts_usec":1492167356095248,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":287,"avg":155330.1,"max":410564,"stddev":180667.8,"var":32640860160.0,"ent":3.8,"data": [361610,361650,376,378130,3564,381307,56857,56856,287,287,2657,376606,375028,3327,373835,38287,2818,410564,21157,3298,393374,30885,401110,383706,785,383140,2859,2894,5754,1113,1113]},"pktlen": {"min":52,"avg":715.5,"max":5878,"stddev":1101.2,"var":1212669.6,"ent":3.9,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,219,52,1225,429,52,250,1140,1480,1480,52,1480,1480,52,5878,52]},"bins": {"c_to_s": [9,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.726680756,5.187538624,5.014835835,5.834213257,5.171407223,6.822011948,4.961856842,7.516278267,5.025067806,7.308955193,4.986606121,6.311928749,5.841652393,7.825830460,7.553427219,5.094483852,7.883197308,6.999384403,4.986606121,7.834380150,7.373102665,5.171406746,7.071372032,7.838574886,7.869080067,7.888019085,4.948144436,7.880359650,7.858109951,5.025067806,7.967877865,5.132945538]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1492167356114749,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1492167356114749,"pkt":"AQBeAAD7eJKcD6iOCABFAABEvOpAAAERGbTAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1492167356114803,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_usec":1492167356114803,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1492167356077750,"flow_dst_last_pkt_time":1492167356487983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167356487983,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0whVAAC0GZY\/LzZeiwKgBZwG700uz8YPZbAqEDYAQAHgPQQAAAQEICkWtQcwAMLzx"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167356077750,"flow_dst_last_pkt_time":1492167356488969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167356488969,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167356489000,"flow_dst_last_pkt_time":1492167356489253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167356489253,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167356077750,"flow_dst_last_pkt_time":1492167356488969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167356488969,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167355723894,"flow_src_last_pkt_time":1492167356489000,"flow_dst_last_pkt_time":1492167356489253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167356489253,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1492167345896252,"flow_dst_last_pkt_time":1492167360622900,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1492167360622900,"pkt":"eJKcD6iO8IQvSpdgCABFoABrfSgAADcGnizYOs1OwKgBZwG7ugsgLP3V+HJvr4AYAV2wggAAAQEICvap78EAL9cAFwMDADI7\/WDixcApjMc4oo49oFJiwuyoshtW5rSqz9ahoHcSOkzcmjO3CkNO6pgK6XLAf2uLNg=="} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1492167345896252,"flow_src_last_pkt_time":1492167345896252,"flow_dst_last_pkt_time":1492167360622900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":55,"midstream":1,"thread_ts_usec":1492167360622900,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1492167360622960,"flow_dst_last_pkt_time":1492167360622900,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167360622960,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5lAAEAGF5LAqAFn2DrNTroLAbv4cm+vICz+DIAQATUj0AAAAQEICgAwwWH2qe\/B"} @@ -126,12 +126,12 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1492167366908400,"flow_dst_last_pkt_time":1492167367227479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167367227479,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG700zSrc67fl9SHKASN8jkhQAAAgQFoAQCCApF0bHCADDHhQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1492167367227571,"flow_dst_last_pkt_time":1492167367227479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167367227571,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0lZ9AAEAGf6XAqAFny82XotNMAbt+X1Ic0q3OvIAQAOVJ0gAAAQEICgAwx9RF0bHC"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1492167367228238,"flow_dst_last_pkt_time":1492167367227479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167367228238,"pkt":"8IQvSpdgeJKcD6iOCABFAAEilaBAAEAGfrbAqAFny82XotNMAbt+X1Ic0q3OvIAYAOWQkQAAAQEICgAwx9VF0bHCFgMBAOkBAADlAwMIMAddqPI8parJRh1yfNKrDdpzlU1BZ7DFnpjp1nvcByAw4BRL3PXeGMjW+qUk6QYvRqoU0TSzHBocUA21W5zrfgAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8CgoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABhaWgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167366908400,"flow_src_last_pkt_time":1492167367228238,"flow_dst_last_pkt_time":1492167367227479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167367228238,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167366908400,"flow_src_last_pkt_time":1492167367228238,"flow_dst_last_pkt_time":1492167367227479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167367228238,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1492167367159051,"flow_dst_last_pkt_time":1492167367489344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167367489344,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hVJQAAAgQFoAQCCApFrUycADDHwwEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1492167367489409,"flow_dst_last_pkt_time":1492167367489344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167367489409,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1492167367228238,"flow_dst_last_pkt_time":1492167367549012,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167367549012,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0fK9AACwGq\/XLzZeiwKgBZwG700zSrc68fl9TCoAQAHhI\/wAAAQEICkXRshMAMMfV"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167366908400,"flow_src_last_pkt_time":1492167367228238,"flow_dst_last_pkt_time":1492167367549744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167367549744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167366908400,"flow_src_last_pkt_time":1492167367549800,"flow_dst_last_pkt_time":1492167367550195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167367550195,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167366908400,"flow_src_last_pkt_time":1492167367228238,"flow_dst_last_pkt_time":1492167367549744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167367549744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167366908400,"flow_src_last_pkt_time":1492167367549800,"flow_dst_last_pkt_time":1492167367550195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167367550195,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1492167367489409,"flow_dst_last_pkt_time":1492167368738739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167368738739,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hTlgAAAgQFoAQCCApFrU3YADDIFgEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1492167368738777,"flow_dst_last_pkt_time":1492167368738739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167368738777,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGdAAEAGxN3AqAFny82XotNNAbtphJenp1y9yYAQAOW5NQAAAQEICgAwyU5FrUyc"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167377896227,"flow_dst_last_pkt_time":1492167377896227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167377896227,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -144,26 +144,26 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1492167378674770,"flow_dst_last_pkt_time":1492167379033998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167379033998,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG7005qx4IjSnNKJ6ASN8i96gAAAgQFoAQCCApF0b0+ADDTAgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1492167379034085,"flow_dst_last_pkt_time":1492167379033998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167379034085,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSVAAEAGfB\/AqAFny82XotNOAbtKc0onaseCJIAQAOUjLAAAAQEICgAw01xF0b0+"} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1492167379034520,"flow_dst_last_pkt_time":1492167379033998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167379034520,"pkt":"8IQvSpdgeJKcD6iOCABFAAEimSZAAEAGezDAqAFny82XotNOAbtKc0onaseCJIAYAOUQ7wAAAQEICgAw01xF0b0+FgMBAOkBAADlAwOGOumiw0u0u0I6gmpzIGxnGk0VZSO+6aIdnNrT8rHiHCB+R4AGaiYYG\/eTLeHwwqwepnXhm94m+8GpHgG9docrHAAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABiqqgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167379034520,"flow_dst_last_pkt_time":1492167379033998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167379034520,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167379034520,"flow_dst_last_pkt_time":1492167379033998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167379034520,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1492167378926091,"flow_dst_last_pkt_time":1492167379279841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167379279841,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8iurAAAAgQFoAQCCApFrVgaADDTQQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1492167379279928,"flow_dst_last_pkt_time":1492167379279841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167379279928,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cOtAAEAGpFnAqAFny82XotNPAbtxraOsZPN7f4AQAOUT8AAAAQEICgAw05lFrVga"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1492167379034520,"flow_dst_last_pkt_time":1492167379394583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167379394583,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0P71AAC0G5+fLzZeiwKgBZwG7005qx4IkSnNLFYAQAHgiUAAAAQEICkXRvZkAMNNc"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167379034520,"flow_dst_last_pkt_time":1492167379396531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167379396531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167379396586,"flow_dst_last_pkt_time":1492167379397022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167379397022,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167379034520,"flow_dst_last_pkt_time":1492167379396531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167379396531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167378674770,"flow_src_last_pkt_time":1492167379396586,"flow_dst_last_pkt_time":1492167379397022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167379397022,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1492167380233041,"flow_dst_last_pkt_time":1492167379279841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167380233041,"pkt":"8IQvSpdgeJKcD6iOCABFAAEicOxAAEAGo2rAqAFny82XotNPAbtxraOsZPN7f4AYAOVbvgAAAQEICgAw1IhFrVgaFgMBAOkBAADlAwP\/XNiqxBer6CoBriARmvadzv\/U5kXIDNO5dJQ14ZPOdyCc+qdX8GXELVfQ5N806uYJcFsoXMTX+cAyXbg9n1utjQAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB82toAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIWloAHQAXABiqqgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167380233041,"flow_dst_last_pkt_time":1492167379279841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167380233041,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167380233041,"flow_dst_last_pkt_time":1492167379279841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167380233041,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1492167380233041,"flow_dst_last_pkt_time":1492167380457988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167380457988,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8itLQAAAgQFoAQCCApFrVlBADDTmQEDAwc="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167380581732,"flow_dst_last_pkt_time":1492167380581732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167380581732,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1492167380581732,"flow_dst_last_pkt_time":1492167380581732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167380581732,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8GvtAAEAG+kHAqAFny82XotNQAbtFV84kAAAAAKACchDy2AAAAgQFtAQCCAoAMNTfAAAAAAEDAwc="} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167380458046,"flow_dst_last_pkt_time":1492167380590172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167380590172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167380590211,"flow_dst_last_pkt_time":1492167380590625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167380590625,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167380458046,"flow_dst_last_pkt_time":1492167380590172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167380590172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167378926091,"flow_src_last_pkt_time":1492167380590211,"flow_dst_last_pkt_time":1492167380590625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167380590625,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1492167380581732,"flow_dst_last_pkt_time":1492167380894348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167380894348,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701DDsQ6LRVfOJaASN8i7gwAAAgQFoAQCCApFrVm2ADDU3wEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1492167380894386,"flow_dst_last_pkt_time":1492167380894348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167380894386,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GvxAAEAG+kjAqAFny82XotNQAbtFV84lw7EOjIAQAOUg0QAAAQEICgAw1S1FrVm2"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1492167380894610,"flow_dst_last_pkt_time":1492167380894348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167380894610,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiGv1AAEAG+VnAqAFny82XotNQAbtFV84lw7EOjIAYAOWJCgAAAQEICgAw1S1FrVm2FgMBAOkBAADlAwPkquj1+KgT4KNlV8MaR+Hdvo3+qTOKljkN+dwtx1j15iCc+qdX8GXELVfQ5N806uYJcFsoXMTX+cAyXbg9n1utjQAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIqqoAHQAXABj6+gABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167380894610,"flow_dst_last_pkt_time":1492167380894348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167380894610,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167380894610,"flow_dst_last_pkt_time":1492167380894348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167380894610,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1492167380894610,"flow_dst_last_pkt_time":1492167381211728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167381211728,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0VIpAACwG1BrLzZeiwKgBZwG701DDsQ6MRVfPE4AQAHggAAAAAQEICkWtWgYAMNUt"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167380894610,"flow_dst_last_pkt_time":1492167381212485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167381212485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167381212528,"flow_dst_last_pkt_time":1492167381212932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167381212932,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167380894610,"flow_dst_last_pkt_time":1492167381212485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167381212485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167380581732,"flow_src_last_pkt_time":1492167381212528,"flow_dst_last_pkt_time":1492167381212932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167381212932,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167382020263,"flow_src_last_pkt_time":1492167382020263,"flow_dst_last_pkt_time":1492167382020263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167382020263,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1492167382020263,"flow_dst_last_pkt_time":1492167382020263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167382020263,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1492167382020263,"flow_dst_last_pkt_time":1492167382374842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1492167382374842,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"} @@ -186,21 +186,21 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1492167400812629,"flow_dst_last_pkt_time":1492167401175317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167401175317,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701Ey6mUDkjdWIqASN8j5bgAAAgQFoAQCCApFrW16ADDooQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1492167401175359,"flow_dst_last_pkt_time":1492167401175317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167401175359,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voFAAEAGVsPAqAFny82XotNRAbuSN1YiMuplBIAQAOVesAAAAQEICgAw6PtFrW16"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1492167401176057,"flow_dst_last_pkt_time":1492167401175317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167401176057,"pkt":"8IQvSpdgeJKcD6iOCABFAAEivoJAAEAGVdTAqAFny82XotNRAbuSN1YiMuplBIAYAOVZ9QAAAQEICgAw6PtFrW16FgMBAOkBAADlAwPYeeuaiTy\/tIyKXoKofIhRithfsRyeOK+DY3\/clVFvoSA3mLBCmIceJJgOxXyELRaSDZshWQNNLhQemCnnvWjecwAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABiamgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167401176057,"flow_dst_last_pkt_time":1492167401175317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167401176057,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167401176057,"flow_dst_last_pkt_time":1492167401175317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167401176057,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1492167401063693,"flow_dst_last_pkt_time":1492167401410519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167401410519,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8iiggAAAgQFoAQCCApF0dMbADDo3wEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1492167401410611,"flow_dst_last_pkt_time":1492167401410519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167401410611,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0BAAEAGFgTAqAFny82XotNSAbu9GRfhaSEzFIAQAOUHxwAAAQEICgAw6TZF0dMb"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1492167401176057,"flow_dst_last_pkt_time":1492167401535088,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167401535088,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0CNFAAC0GHtTLzZeiwKgBZwG701Ey6mUEkjdXEIAQAHhd1AAAAQEICkWtbdUAMOj7"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167401176057,"flow_dst_last_pkt_time":1492167401535740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167401535740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167401535804,"flow_dst_last_pkt_time":1492167401537513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167401537513,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167401176057,"flow_dst_last_pkt_time":1492167401535740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167401535740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167401535804,"flow_dst_last_pkt_time":1492167401537513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167401537513,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1492167382020263,"flow_dst_last_pkt_time":1492167402013192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1492167402013192,"pkt":"eJKcD6iO8IQvSpdgCABFoABHL81AAC4G9pPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAYAIMZWAAAFQMDABoY8p0q0Neyx8LzFoDelCtviTdTs0pFnXUR7g=="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1492167382020263,"flow_src_last_pkt_time":1492167382020263,"flow_dst_last_pkt_time":1492167402013192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1492167402013192,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1492167402013258,"flow_dst_last_pkt_time":1492167402013192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167402013258,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokupAAEAGgjXAqAFny82X058kAbutvz99aYB+rVAQAdESCQAA"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1492167402013258,"flow_dst_last_pkt_time":1492167402013506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167402013506,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL85AAC4G9rHLzZfTwKgBZwG7nyRpgH6trb8\/fVARAIMTVgAA"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1492167402310146,"flow_dst_last_pkt_time":1492167401410519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167402310146,"pkt":"8IQvSpdgeJKcD6iOCABFAAEi\/0FAAEAGFRXAqAFny82XotNSAbu9GRfhaSEzFIAYAOXLGwAAAQEICgAw6hdF0dMbFgMBAOkBAADlAwNcdyw1yRDcJ84bZrg3yfpXPyAQAyCg+1tU4GVhjRrgZCAaIhm+GrvSL4C3za8tBz\/r8L0Wzeb9BIm3rLTP4zTFlAAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8KioAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABg6OgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167402310146,"flow_dst_last_pkt_time":1492167401410519,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167402310146,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167402310146,"flow_dst_last_pkt_time":1492167401410519,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167402310146,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1492167402310146,"flow_dst_last_pkt_time":1492167402503323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167402503323,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8ihIwAAAgQFoAQCCApF0dQjADDpNgEDAwc="} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167402503381,"flow_dst_last_pkt_time":1492167402665578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167402665578,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167402665635,"flow_dst_last_pkt_time":1492167402666132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167402666132,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167402503381,"flow_dst_last_pkt_time":1492167402665578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167402665578,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167402665635,"flow_dst_last_pkt_time":1492167402666132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167402666132,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 02224{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1492167400812629,"flow_src_last_pkt_time":1492167418885540,"flow_dst_last_pkt_time":1492167414163142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":8690,"flow_dst_tot_l4_payload_len":5502,"midstream":0,"thread_ts_usec":1492167418885540,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":652,"avg":1013658.8,"max":6862195,"stddev":1947754.9,"var":3793749016576.0,"ent":3.1,"data": [362688,362730,698,359771,652,359747,1773,1754,3156,359980,358071,7205,373852,64622,431388,4503,369570,39986,442333,4042219,3253,4448907,74384,439211,6493521,3286,6862195,32133,397513,4719084,3239]},"pktlen": {"min":52,"avg":496.0,"max":1740,"stddev":523.8,"var":274414.8,"ent":4.2,"data": [60,60,52,290,52,1480,52,1740,52,178,103,1220,521,52,283,1292,527,52,988,52,1220,511,52,283,52,1292,527,52,989,52,1220,516]},"bins": {"c_to_s": [7,0,0,1,0,0,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0],"entropies": [4.693346977,5.208290577,5.053297043,5.889862537,5.094483852,6.800672054,5.014835835,7.599623203,4.948144436,6.376589775,6.023739815,7.844972134,7.566354275,5.091758728,7.215152264,7.841954708,7.609091282,4.979098797,7.780104637,5.063529015,7.807397842,7.520520687,4.948143959,7.157586575,5.026988506,7.822068691,7.580903053,5.176993370,7.824234486,5.025067329,7.837800980,7.490112305]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1492167401063693,"flow_src_last_pkt_time":1492167421570947,"flow_dst_last_pkt_time":1492167421929069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":7047,"flow_dst_tot_l4_payload_len":5272,"midstream":0,"thread_ts_usec":1492167421929069,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":539,"avg":1334601.0,"max":6095000,"stddev":2041764.4,"var":4168801845248.0,"ent":3.5,"data": [346826,346918,899535,1092804,193235,160456,1799,162254,554,539,2941,351941,387151,4178860,3305,4577735,29191,386626,5733723,3651,6095000,83021,440653,5485473,3274,5845918,30151,387318,1889056,2742,2249980]},"pktlen": {"min":52,"avg":437.7,"max":1740,"stddev":521.0,"var":271486.5,"ent":4.1,"data": [60,60,52,290,60,52,52,1480,52,1740,52,178,103,52,1292,527,52,989,52,1220,508,52,283,52,1292,527,52,989,52,1220,513,52]},"bins": {"c_to_s": [9,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1]},"directions": [0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1],"entropies": [4.760014057,5.220871925,5.000318050,5.874381065,5.254205227,5.053296566,5.118428230,6.815816879,4.983880520,7.609316826,4.930902004,6.376590252,5.910619259,5.025067806,7.831663132,7.556474686,4.961856365,7.782391071,4.983880520,7.816404343,7.565681934,5.094483852,7.163718224,5.063529015,7.819398880,7.535512924,5.132945538,7.794347763,5.101990700,7.811570168,7.574221134,5.100070000]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1492167422952271,"flow_dst_last_pkt_time":1492167377936495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167422952271,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"} @@ -233,53 +233,53 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1492167452759446,"flow_dst_last_pkt_time":1492167453125561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167453125561,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701NWIPBqVq5Fu6ASN8jLwAAAAgQFoAQCCApF0gWaADEbWwEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1492167453125650,"flow_dst_last_pkt_time":1492167453125561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167453125650,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuJAAEAGtmLAqAFny82XotNTAbtWrkW7ViDwa4AQAOUxAAAAAQEICgAxG7dF0gWa"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1492167453126120,"flow_dst_last_pkt_time":1492167453125561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167453126120,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiXuNAAEAGtXPAqAFny82XotNTAbtWrkW7ViDwa4AYAOUnVwAAAQEICgAxG7dF0gWaFgMBAOkBAADlAwMB1JsivsRgj8yUUGC\/C0eM+z7uYBFdAkifuDVMARIokyD2Roioh3VliBz70\/MEuqHmVMPaLVlcE9C1qSXIt5UDlQAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8mpoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI2toAHQAXABgqKgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167453126120,"flow_dst_last_pkt_time":1492167453125561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167453126120,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167453126120,"flow_dst_last_pkt_time":1492167453125561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167453126120,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1492167453010353,"flow_dst_last_pkt_time":1492167453357624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167453357624,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gDZQAAAgQFoAQCCApF0gXVADEbmgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1492167453357702,"flow_dst_last_pkt_time":1492167453357624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167453357702,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsxAAEAGBnnAqAFny82XotNUAbuiFhVSX4uT4oAQAOVoqQAAAQEICgAxG\/FF0gXV"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1492167453126120,"flow_dst_last_pkt_time":1492167453494187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167453494187,"pkt":"eJKcD6iO8IQvSpdgCABFoAA09Z1AAC0GMgfLzZeiwKgBZwG701NWIPBrVq5GqYAQAHgwIwAAAQEICkXSBfYAMRu3"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167453126120,"flow_dst_last_pkt_time":1492167453494952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167453494952,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167453494995,"flow_dst_last_pkt_time":1492167453503112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167453503112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167453126120,"flow_dst_last_pkt_time":1492167453494952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167453494952,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167453494995,"flow_dst_last_pkt_time":1492167453503112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167453503112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1492167454373136,"flow_dst_last_pkt_time":1492167453357624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167454373136,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiDs1AAEAGBYrAqAFny82XotNUAbuiFhVSX4uT4oAYAOURrgAAAQEICgAxHO9F0gXVFgMBAOkBAADlAwOwu7FYw\/oDOwKcTwOiOKv7YlMzDssvxBClvfkpiaCariDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJgAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8uroAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIuroAHQAXABhaWgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167453010353,"flow_src_last_pkt_time":1492167454373136,"flow_dst_last_pkt_time":1492167453357624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454373136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167453010353,"flow_src_last_pkt_time":1492167454373136,"flow_dst_last_pkt_time":1492167453357624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454373136,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167454457964,"flow_dst_last_pkt_time":1492167454457964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454457964,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1492167454457964,"flow_dst_last_pkt_time":1492167454457964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167454457964,"pkt":"8IQvSpdgeJKcD6iOCABFAAA86XpAAEAGK8LAqAFny82XotNVAbue7PR+AAAAAKACchAqvwAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167454458448,"flow_src_last_pkt_time":1492167454458448,"flow_dst_last_pkt_time":1492167454458448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454458448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1492167454458448,"flow_dst_last_pkt_time":1492167454458448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167454458448,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cSZAAEAGpBbAqAFny82XotNWAbsdO2wiAAAAAKACchA0zAAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1492167454373136,"flow_dst_last_pkt_time":1492167454526589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167454526589,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gB6QAAAgQFoAQCCApF0gb6ADEb8QEDAwc="} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167453010353,"flow_src_last_pkt_time":1492167454526614,"flow_dst_last_pkt_time":1492167454734223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167454734223,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167453010353,"flow_src_last_pkt_time":1492167454734253,"flow_dst_last_pkt_time":1492167454734884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167454734884,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167453010353,"flow_src_last_pkt_time":1492167454526614,"flow_dst_last_pkt_time":1492167454734223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167454734223,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167453010353,"flow_src_last_pkt_time":1492167454734253,"flow_dst_last_pkt_time":1492167454734884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167454734884,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1492167454458448,"flow_dst_last_pkt_time":1492167454801978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167454801978,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701bGHEoeHTtsI6ASN8gRwgAAAgQFoAQCCApF0gdIADEdBAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1492167454802019,"flow_dst_last_pkt_time":1492167454801978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167454802019,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSdAAEAGpB3AqAFny82XotNWAbsdO2wjxhxKH4AQAOV3BwAAAQEICgAxHVpF0gdI"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1492167454802251,"flow_dst_last_pkt_time":1492167454801978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167454802251,"pkt":"8IQvSpdgeJKcD6iOCABFAAEicShAAEAGoy7AqAFny82XotNWAbsdO2wjxhxKH4AYAOXnawAAAQEICgAxHVpF0gdIFgMBAOkBAADlAwNlRdxMBOhusYOhke3C4aoS6XOzHHv0fe3kJrWbx7\/QPCDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJgAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB82toAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABhKSgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167454458448,"flow_src_last_pkt_time":1492167454802251,"flow_dst_last_pkt_time":1492167454801978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454802251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167454458448,"flow_src_last_pkt_time":1492167454802251,"flow_dst_last_pkt_time":1492167454801978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454802251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167454818522,"flow_dst_last_pkt_time":1492167454818522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454818522,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1492167454818522,"flow_dst_last_pkt_time":1492167454818522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167454818522,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8NuJAAEAG3lrAqAFny82XotNXAbvn9Cu8AAAAAKACchCqHQAAAgQFtAQCCAoAMR1eAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1492167454457964,"flow_dst_last_pkt_time":1492167454836839,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167454836839,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701XgAvN\/nuz0f6ASN8ip9gAAAgQFoAQCCApFraHjADEdBAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1492167454836942,"flow_dst_last_pkt_time":1492167454836839,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167454836942,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06XtAAEAGK8nAqAFny82XotNVAbue7PR\/4ALzgIAQAOUPMwAAAQEICgAxHWNFraHj"} 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1492167454837325,"flow_dst_last_pkt_time":1492167454836839,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167454837325,"pkt":"8IQvSpdgeJKcD6iOCABFAAEi6XxAAEAGKtrAqAFny82XotNVAbue7PR\/4ALzgIAYAOV+twAAAQEICgAxHWNFraHjFgMBAOkBAADlAwOV9frOGjvUn7m\/tE4bAyr+3UrlA9jYYKoC1I6VS\/9RdiDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJgAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABjKygABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167454837325,"flow_dst_last_pkt_time":1492167454836839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454837325,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167454837325,"flow_dst_last_pkt_time":1492167454836839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167454837325,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1492167454802251,"flow_dst_last_pkt_time":1492167455176105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167455176105,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0TYZAACwG2x7LzZeiwKgBZwG701bGHEofHTttEYAQAHh2NQAAAQEICkXSB5kAMR1a"} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167454458448,"flow_src_last_pkt_time":1492167454802251,"flow_dst_last_pkt_time":1492167455179324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":3116,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167455179324,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167454458448,"flow_src_last_pkt_time":1492167454802251,"flow_dst_last_pkt_time":1492167455179324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":3116,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167455179324,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1492167454818522,"flow_dst_last_pkt_time":1492167455179366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167455179366,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701d\/O17O5\/QrvaASN8geewAAAgQFoAQCCApFraI2ADEdXgEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1492167455179381,"flow_dst_last_pkt_time":1492167455179366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167455179381,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuNAAEAG3mHAqAFny82XotNXAbvn9Cu9fztez4AQAOWDvAAAAQEICgAxHbhFraI2"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1492167455180487,"flow_dst_last_pkt_time":1492167455179366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167455180487,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiNuRAAEAG3XLAqAFny82XotNXAbvn9Cu9fztez4AYAOU9hQAAAQEICgAxHblFraI2FgMBAOkBAADlAwM9fcE0colRywJmHYx0JC6oiZlXQMNTk+HTiXDSO5d6\/iAcYMK9E59njED1hK3WStu15DAHEEhJMQg30HN\/4iKe5QAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8ysoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABg6OgABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167455180487,"flow_dst_last_pkt_time":1492167455179366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167455180487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167455180487,"flow_dst_last_pkt_time":1492167455179366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167455180487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1492167454837325,"flow_dst_last_pkt_time":1492167455190875,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167455190875,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0UbtAAC4G1OnLzZeiwKgBZwG701XgAvOAnuz1bYAQAHgOWgAAAQEICkWtojsAMR1j"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167454837325,"flow_dst_last_pkt_time":1492167455193294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167455193294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167455193307,"flow_dst_last_pkt_time":1492167455196100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167455196100,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167454837325,"flow_dst_last_pkt_time":1492167455193294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167455193294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167455193307,"flow_dst_last_pkt_time":1492167455196100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167455196100,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1492167455180487,"flow_dst_last_pkt_time":1492167455499530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167455499530,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0\/F1AACwGLEfLzZeiwKgBZwG701d\/O17P5\/Qsq4AQAHiC3gAAAQEICkWtopIAMR25"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167455180487,"flow_dst_last_pkt_time":1492167455501579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167455501579,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167455501611,"flow_dst_last_pkt_time":1492167455502415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167455502415,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167455180487,"flow_dst_last_pkt_time":1492167455501579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167455501579,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167455501611,"flow_dst_last_pkt_time":1492167455502415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167455502415,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167455528205,"flow_dst_last_pkt_time":1492167455528205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167455528205,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1492167455528205,"flow_dst_last_pkt_time":1492167455528205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167455528205,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8kudAAEAGglXAqAFny82XotNYAbvneYz3AAAAAKACchBIqgAAAgQFtAQCCAoAMR4QAAAAAAEDAwc="} 02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1492167452759446,"flow_src_last_pkt_time":1492167455588916,"flow_dst_last_pkt_time":1492167455588897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":6267,"flow_dst_tot_l4_payload_len":10981,"midstream":0,"thread_ts_usec":1492167455588916,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":470,"avg":182545.8,"max":469392,"stddev":189984.8,"var":36094242816.0,"ent":4.0,"data": [366115,366204,470,368626,765,368875,8160,8175,3097,367881,365600,3239,378746,92724,1992,469392,27762,1703,407097,30016,408635,3752,397818,10943,404654,396022,789,396156,518,1239,1756]},"pktlen": {"min":52,"avg":591.5,"max":1740,"stddev":612.0,"var":374517.1,"ent":4.2,"data": [60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,330,52,1225,429,52,250,1225,429,52,250,1140,1480,1480,52,1480,1480,52]},"bins": {"c_to_s": [7,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.693346977,5.074957371,4.839769840,5.845041752,5.171406746,6.800355911,5.053297043,7.610657692,4.986605644,6.235470772,5.957188606,7.840703964,7.543376446,5.056021690,7.864466667,7.286510468,5.025067329,7.818862438,7.434236050,5.041504860,7.005474091,7.809962749,7.378694057,5.056022167,7.067446709,7.836442947,7.850297451,7.840147018,4.909682751,7.856178284,7.859716892,4.986605644]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1492167455528205,"flow_dst_last_pkt_time":1492167455891345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167455891345,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701iyhnqT53mM+KASN8htQwAAAgQFoAQCCApFraLqADEeEAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1492167455891380,"flow_dst_last_pkt_time":1492167455891345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167455891380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuhAAEAGglzAqAFny82XotNYAbvneYz4soZ6lIAQAOXShAAAAQEICgAxHmpFraLq"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1492167455891558,"flow_dst_last_pkt_time":1492167455891345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167455891558,"pkt":"8IQvSpdgeJKcD6iOCABFAAEikulAAEAGgW3AqAFny82XotNYAbvneYz4soZ6lIAYAOW1DgAAAQEICgAxHmpFraLqFgMBAOkBAADlAwP9NQ6LikCBiVimjppT8i2VlLy8HZBkMhwiS9FNacyQcSDLK5nEKozFFehKxLSZMCTAPUR52rwta8Dt2NpTSUG7QAAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8CgoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167455891558,"flow_dst_last_pkt_time":1492167455891345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167455891558,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167455891558,"flow_dst_last_pkt_time":1492167455891345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167455891558,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1492167455891558,"flow_dst_last_pkt_time":1492167456250115,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167456250115,"pkt":"eJKcD6iO8IQvSpdgCABFoAA02dBAAC0GTdTLzZeiwKgBZwG701iyhnqU53mN5oAQAHjRqQAAAQEICkWto0QAMR5q"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167455891558,"flow_dst_last_pkt_time":1492167456251036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167456251036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167456251067,"flow_dst_last_pkt_time":1492167456251627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167456251627,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167455891558,"flow_dst_last_pkt_time":1492167456251036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167456251036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167455528205,"flow_src_last_pkt_time":1492167456251067,"flow_dst_last_pkt_time":1492167456251627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167456251627,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167456832685,"flow_dst_last_pkt_time":1492167456833193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":3068,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":21943,"midstream":0,"thread_ts_usec":1492167456833193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":485,"avg":129962.4,"max":646724,"stddev":181880.5,"var":33080510464.0,"ent":3.5,"data": [360844,360859,1106,320164,2049,321124,836,835,489,485,2516,331784,329811,339551,757,339771,547,4542,5088,2482,2487,1143,1132,271360,646724,757,376133,549,914,1456,539]},"pktlen": {"min":52,"avg":817.6,"max":3120,"stddev":861.6,"var":742326.2,"ent":4.2,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1140,1480,1480,52,1480,1480,52,2908,52,3120,52,1140,1480,1480,52,1480,1480,52,1480]},"bins": {"c_to_s": [11,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,2]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1],"entropies": [4.726680756,5.220871925,5.014835358,5.858064651,5.079967022,6.831523418,5.053297043,7.519194603,5.025067329,7.301003456,5.025067329,6.369594574,5.816505909,7.860216618,7.880475521,7.853042603,5.063529015,7.867065430,7.870931625,5.025067806,7.935112953,5.025067806,7.943042755,4.986606121,7.835324287,7.881664753,7.863303185,5.017560005,7.863364220,7.864516258,5.132945061,7.866506577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 02211{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167457755437,"flow_dst_last_pkt_time":1492167457756747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":6267,"flow_dst_tot_l4_payload_len":9439,"midstream":0,"thread_ts_usec":1492167457756747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":383,"avg":212782.5,"max":951677,"stddev":233185.6,"var":54375542784.0,"ent":4.0,"data": [378875,378978,383,354036,2419,355982,2806,2818,1046,367448,367322,4404,365806,31144,394889,3196,367851,55930,2766,420112,17934,846,381296,34840,434328,543113,951677,371599,549,523,1340]},"pktlen": {"min":52,"avg":543.3,"max":1740,"stddev":599.1,"var":358890.2,"ent":4.1,"data": [60,60,52,290,52,1480,52,1740,52,178,103,1225,429,52,250,1292,527,52,1480,216,52,1225,429,52,250,52,1140,1480,52,1480,52,1480]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,1,0,0,1,0,1,0,1],"entropies": [4.714098930,5.162375927,5.053297043,5.901997566,5.094483376,6.795276642,5.014835358,7.609866619,4.988526344,6.379345417,6.050486088,7.830496788,7.398893356,5.094483852,7.075847626,7.833686829,7.562863827,5.130220413,7.881128788,6.984771252,5.025067329,7.832070827,7.381729126,5.056022167,7.076413155,5.025067806,7.815702915,7.858382225,5.063529015,7.880737305,5.063529015,7.870216846]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167422991183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167468008215,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNFAAEAGqhrAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT22vQAAAQEICgAxKkAyc0s1"} @@ -300,14 +300,14 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1492167617248213,"flow_dst_last_pkt_time":1492167617560653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167617560653,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701\/B3aGGedWdcKASN8hYRQAAAgQFoAQCCApFrkDUADG7\/gEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1492167617560732,"flow_dst_last_pkt_time":1492167617560653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167617560732,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpJAAEAG7rLAqAFny82XotNfAbt51Z1wwd2hh4AQAOW9kgAAAQEICgAxvExFrkDU"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1492167617561213,"flow_dst_last_pkt_time":1492167617560653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167617561213,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiJpNAAEAG7cPAqAFny82XotNfAbt51Z1wwd2hh4AYAOWw1gAAAQEICgAxvExFrkDUFgMBAOkBAADlAwOiNE1rRkT0h3QOeP2KdM3vXFnz\/PaRz1MgqYNk+PneFSA+FXDDfXOJsJmV4DXnwkF2Bf3XeOpXHU2Ui84OelC\/LQAgqqrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8SkoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABhqagABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167617561213,"flow_dst_last_pkt_time":1492167617560653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167617561213,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167617561213,"flow_dst_last_pkt_time":1492167617560653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167617561213,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1492167617247977,"flow_dst_last_pkt_time":1492167617562993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167617562993,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0KCxAACwGAHnLzZeiwKgBZwG7016qUxmsLakleYAQAJ8hsQAAAQEICkWuQNUAMbv9"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1492167617247730,"flow_dst_last_pkt_time":1492167617598882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167617598882,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0701AAC0GOFfLzZeiwKgBZwG7011ZGE0wTWdde4AQAOqB1AAAAQEICkXSpjoAMbv9"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1492167617498933,"flow_dst_last_pkt_time":1492167617850648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167617850648,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iTkQAAAgQFoAQCCApF0qaCADG8PAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1492167617850743,"flow_dst_last_pkt_time":1492167617850648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167617850743,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VVAAEAGO+\/AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX41AAAAQEICgAxvJRF0qaC"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1492167617561213,"flow_dst_last_pkt_time":1492167617880360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167617880360,"pkt":"eJKcD6iO8IQvSpdgCABFoAA04KNAACwGSAHLzZeiwKgBZwG701\/B3aGHedWeXoAQAHi8wQAAAQEICkWuQSQAMbxM"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167617561213,"flow_dst_last_pkt_time":1492167617881041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167617881041,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167617881093,"flow_dst_last_pkt_time":1492167617883554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167617883554,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167617561213,"flow_dst_last_pkt_time":1492167617881041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167617881041,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167617881093,"flow_dst_last_pkt_time":1492167617883554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167617883554,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1492167617850743,"flow_dst_last_pkt_time":1492167618976754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167618976754,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iSHwAAAgQFoAQCCApF0qecADG8lAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1492167618976798,"flow_dst_last_pkt_time":1492167618976754,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167618976798,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VZAAEAGO+7AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX3ugAAAQEICgAxva5F0qaC"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167619048267,"flow_src_last_pkt_time":1492167619048267,"flow_dst_last_pkt_time":1492167619048267,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167619048267,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -349,12 +349,12 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1492167639887918,"flow_dst_last_pkt_time":1492167640203151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167640203151,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Ea0aYHbXWdhqASN8gHqwAAAgQFoAQCCApF8injADHSGQEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1492167640203226,"flow_dst_last_pkt_time":1492167640203151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167640203226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T51AAEAGxafAqAFny82XotNhAbttdZ2GGtGmCIAQAOVs9wAAAQEICgAx0mhF8inj"} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1492167640203667,"flow_dst_last_pkt_time":1492167640203151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167640203667,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiT55AAEAGxLjAqAFny82XotNhAbttdZ2GGtGmCIAYAOVdJQAAAQEICgAx0mhF8injFgMBAOkBAADlAwNTKUS2Efj261J+LE5stULB\/lzfBlOjyL3qEyuaPjoLLSDg0to5\/h\/p7gAXT1kViG+D6U7ulXWnLBXIcoeBXEekvwAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8SkoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIKioAHQAXABi6ugABAA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167640203667,"flow_dst_last_pkt_time":1492167640203151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167640203667,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167640203667,"flow_dst_last_pkt_time":1492167640203151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167640203667,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1492167640138557,"flow_dst_last_pkt_time":1492167640450553,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167640450553,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hErAAAAgQFoAQCCApF8iogADHSWAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1492167640450646,"flow_dst_last_pkt_time":1492167640450553,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167640450646,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUdAAEAGv\/3AqAFny82XotNiAbsbK4cf8lL5uYAQAOWp+QAAAQEICgAx0qZF8iog"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1492167640203667,"flow_dst_last_pkt_time":1492167640521509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167640521509,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0jDpAACwGnGrLzZeiwKgBZwG702Ea0aYIbXWedIAQAHhsJwAAAQEICkXyKjIAMdJo"} -01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167640203667,"flow_dst_last_pkt_time":1492167640523427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167640523427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01804{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167640523484,"flow_dst_last_pkt_time":1492167640523898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167640523898,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167640203667,"flow_dst_last_pkt_time":1492167640523427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167640523427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167640523484,"flow_dst_last_pkt_time":1492167640523898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167640523898,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1492167640450646,"flow_dst_last_pkt_time":1492167641723120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167641723120,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hDHwAAAgQFoAQCCApF8itfADHSpgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1492167641723166,"flow_dst_last_pkt_time":1492167641723120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167641723166,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUhAAEAGv\/zAqAFny82XotNiAbsbK4cf8lL5uYAQAOWouwAAAQEICgAx0+RF8iog"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167648243043,"flow_src_last_pkt_time":1492167648243043,"flow_dst_last_pkt_time":1492167648243043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167648243043,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -369,13 +369,13 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1492167648277830,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167648582668,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1492167648582745,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167648582745,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1492167648583174,"pkt":"8IQvSpdgeJKcD6iOCABFAAIteuNAAEAGkejAqAFny82eIqtKAbscYaCrh1jrRVAYAOXThgAAFgMBAgABAAH8AwOCKLlYqqAvHPbStkNWfjviIJbNG8Opd41AdjWFUM5PDSCzw4Dj+1hijcfqB70gmV5q3+xDc\/7ZaGy4swNwVbbuBgAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTuroAAP8BAAEAAAAAEgAQAAANcmVzLnd4LnFxLmNvbQAXAAAAIwDA2rkP6N2F29W8IwDuml2ZBBexYWjz5d457nDC1tP3qzS2OGOajXlg7G9AUXA4imekq\/giRMEwa6iYhFjFjW4HKVdggoetJsKG1EFlq7Nse5+E1dc7PIUx4S\/ZrSiowXWl3yiYnLRXfAjDAJmKDd8SHhSHQTacbrGt8DQhtrFK0Cnfg4052zdZqAPMursq2AeUYh3+Ngc6z81+fZTHJbme2+rUNgUjlpPVl20yUvASxiP0qdMrlctOXqH2ToAmQQaKAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAgqKgAdABcAGFpaAAEAABUAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167648583174,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","domainame":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","ja4":"t12d1512h2_f0daf39aad75_1c0c7ba38891","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167648583174,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","domainame":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1512h2_f0daf39aad75_1c0c7ba38891","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1492167648494081,"flow_dst_last_pkt_time":1492167648873395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167648873395,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1492167648873492,"flow_dst_last_pkt_time":1492167648873395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167648873492,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"} 02216{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":947,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167648260043,"flow_dst_last_pkt_time":1492167648882009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":6405,"flow_dst_tot_l4_payload_len":7218,"midstream":0,"thread_ts_usec":1492167648882009,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":441,"avg":560200.5,"max":6615415,"stddev":1552002.6,"var":2408711979008.0,"ent":2.6,"data": [315233,315308,441,318358,1918,319817,471,453,1116,1109,2559,316619,315146,4640,327259,29671,2699,353912,21653,4624,349989,32226,392645,18020,3295,380639,36894,359501,6259002,6615415,265584]},"pktlen": {"min":52,"avg":478.2,"max":1480,"stddev":547.1,"var":299293.4,"ent":4.1,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1],"entropies": [4.726680279,5.174957275,5.014835358,5.912752151,5.171406746,6.803393364,5.091758728,7.515910149,5.101990700,7.309720993,5.063529491,6.343719959,6.031068325,7.837167740,7.550827026,5.056021690,7.882212639,6.268015385,4.972088814,7.844335079,7.397187710,5.132945061,7.032490730,4.986606121,7.848376274,7.566510677,5.171406746,7.791433334,5.101990700,7.786844254,5.101990700,7.872010231]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648901608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167648901608,"pkt":"eJKcD6iO8IQvSpdgCABFoAAouBhAADEGZRjLzZ4iwKgBZwG7q0qHWOtFHGGisFAQAHukpAAA"} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648902355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1492167648902355,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","domainame":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","ja4":"t12d1512h2_f0daf39aad75_1c0c7ba38891","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -01968{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648902391,"flow_dst_last_pkt_time":1492167648903691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3430,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4890,"midstream":0,"thread_ts_usec":1492167648903691,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","domainame":"res.wx.qq.com","tls": {"version":"TLSv1.2","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","ja4":"t12d1512h2_f0daf39aad75_1c0c7ba38891","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648902355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1492167648902355,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","domainame":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3s":"290adf098a54ade688d1df074dbecbf2","ja4":"t12d1512h2_f0daf39aad75_1c0c7ba38891","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +01927{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648902391,"flow_dst_last_pkt_time":1492167648903691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3430,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4890,"midstream":0,"thread_ts_usec":1492167648903691,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","domainame":"res.wx.qq.com","tls": {"version":"TLSv1.2","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3s":"290adf098a54ade688d1df074dbecbf2","ja4":"t12d1512h2_f0daf39aad75_1c0c7ba38891","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650311981,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650311981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650311981,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650311981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1492167650311981,"pkt":"8IQvSpdgeJKcD6iOCABFAAA916xAAEAR3k3AqAFnwKgB\/uySADUAKTCBKzkBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650311981,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650311981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650311981,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -383,7 +383,7 @@ 01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167650311981,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650345975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1492167650345975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.23.67,ttl=29"]}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650348036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167650348036,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibiVAAEARQTrAqAFnrNkXQ4sRAbsFTiZlDSoBZwIONIO7UTAzNQGbgwNlLywtCSgLtCegAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb227JKt8ARxJVGRWJtplczZ+Y0Ub6N9qmKgMLrSZKyo986eVN4hLCQ8XNjFEbipb4AqXbG2doRLcUxXPUTAzNQHogWCSkhrofu2AhqIVgpFY8KviMDAwMDAwMDA5UDTgFLbVCW\/cQ8zfwllNkC+Y3GQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAA4qvwWAAAAABQ8MfjcV\/rNPz9nE7SSiHC6cDht5RKlsv0JChHgsKm0olGM4pgTHU2HYUvFhtNkOqQx\/75FAQP87Et+xOmGXIhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees8hQEA9eDJxrTnigGUXAfpWeAkSroNTkBs4scsx1Ra2LSNreNDFvpSDuqq6UeKpHg6NTM40g2RnXl5QzirTperKCTKzWwn+4\/bmuO2uGlriSPr4ExcTigYtlruN8fxdgnsCAuRhi2\/JFjFnbJqpKvDwpzJerd7H8C9zsxPzgMehsK4\/vItkCcZuwJmgaicPHLBf9M3RGKygCyV25zBdoSYTv7XUf5XBhgAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650348036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64","quic_version":"Q035"}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650348036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","domainame":"ssl.gstatic.com","quic": {"quic_version":"Q035"}}} 00998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1492167650348333,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1492167650348333,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="} 02340{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1492167650348333,"flow_dst_last_pkt_time":1492167650401660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167650401660,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1492167650402045,"flow_dst_last_pkt_time":1492167650401660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1492167650402045,"pkt":"8IQvSpdgeJKcD6iOCABFAABFbjFAAEARRkvAqAFnrNkXQ4sRAbsAMdx0DCoBZwIONIO7A\/2cOIqV1ZCK4h2eK05EMevTWpEuYxJ\/wRQedJtK4Zk="} @@ -391,7 +391,7 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1492167654504261,"flow_dst_last_pkt_time":1492167619048267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167654504261,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167669545491,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1492167669545491,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167669545491,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc","domainame":"giovanni-pc"}} +00990{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167669545491,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc","domainame":"giovanni-pc"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1023,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426352,"flow_src_last_pkt_time":1492167644990474,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167669545491,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1023,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167644990362,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167669545491,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1492167690433709,"flow_dst_last_pkt_time":1492167440370306,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_usec":1492167690433709,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9oAAAEC8bHAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} @@ -405,17 +405,17 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1492167695237173,"flow_dst_last_pkt_time":1492167695562421,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167695562421,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1492167695562496,"flow_dst_last_pkt_time":1492167695562421,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167695562496,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1492167695562959,"flow_dst_last_pkt_time":1492167695562421,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167695562959,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiM95AAEAG4HjAqAFny82XotNlAbtEgzv8oCSZZ4AYAOVrOQAAAQEICgAyCHhF0vJmFgMBAOkBAADlAwO2WFDDl4dFyeBPNOhybUjd72FmGP\/nu4brBDO9flonhCBYxgzAaMyfJOk08sA4g8dg3UnK03IZIzAXShNAci3a7gAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8WloAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIWloAHQAXABjKygABAA=="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167695237173,"flow_src_last_pkt_time":1492167695562959,"flow_dst_last_pkt_time":1492167695562421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167695562959,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167695237173,"flow_src_last_pkt_time":1492167695562959,"flow_dst_last_pkt_time":1492167695562421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167695562959,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1492167695488485,"flow_dst_last_pkt_time":1492167695854360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167695854360,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1492167695854441,"flow_dst_last_pkt_time":1492167695854360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167695854441,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1492167695562959,"flow_dst_last_pkt_time":1492167695890423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167695890423,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0a99AACwGvMXLzZeiwKgBZwG702WgJJlnRIM86oAQAHh\/dgAAAQEICkXS8rgAMgh4"} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167695237173,"flow_src_last_pkt_time":1492167695562959,"flow_dst_last_pkt_time":1492167695891120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167695891120,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167695237173,"flow_src_last_pkt_time":1492167695891176,"flow_dst_last_pkt_time":1492167695891511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167695891511,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167695237173,"flow_src_last_pkt_time":1492167695562959,"flow_dst_last_pkt_time":1492167695891120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167695891120,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167695237173,"flow_src_last_pkt_time":1492167695891176,"flow_dst_last_pkt_time":1492167695891511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167695891511,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1492167696636507,"flow_dst_last_pkt_time":1492167695854360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167696636507,"pkt":"8IQvSpdgeJKcD6iOCABFAAEixuZAAEAGTXDAqAFny82XotNmAbsIrs6Dmix84YAYAOUVZQAAAQEICgAyCYVF0vKlFgMBAOkBAADlAwMlUfNTDYjhvRdeF23CS9txxbOTIA6V\/rqxhzXUPkoC0SBB4xlOjKoTkDpNNo30AWaSGj1BD\/4+Gt6DSefvkE2ybgAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIWloAHQAXABhaWgABAA=="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167695488485,"flow_src_last_pkt_time":1492167696636507,"flow_dst_last_pkt_time":1492167695854360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167696636507,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167695488485,"flow_src_last_pkt_time":1492167696636507,"flow_dst_last_pkt_time":1492167695854360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167696636507,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1492167696636507,"flow_dst_last_pkt_time":1492167697002676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167697002676,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0jyRAAC0GmIDLzZeiwKgBZwG702aaLHzhCK7PcYAQAHhJJwAAAQEICkXS88UAMgmF"} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167695488485,"flow_src_last_pkt_time":1492167696636507,"flow_dst_last_pkt_time":1492167697005590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167697005590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167695488485,"flow_src_last_pkt_time":1492167697005638,"flow_dst_last_pkt_time":1492167697006161,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167697006161,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167695488485,"flow_src_last_pkt_time":1492167696636507,"flow_dst_last_pkt_time":1492167697005590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167697005590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167695488485,"flow_src_last_pkt_time":1492167697005638,"flow_dst_last_pkt_time":1492167697006161,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167697006161,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1492167697384234,"flow_dst_last_pkt_time":1492167449288224,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1492167697384234,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650446122,"flow_dst_last_pkt_time":1492167650467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1825,"flow_dst_tot_l4_payload_len":1727,"midstream":0,"thread_ts_usec":1492167697412244,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com"}} 00996{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167648243043,"flow_src_last_pkt_time":1492167648243043,"flow_dst_last_pkt_time":1492167648277339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":495,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":495,"midstream":0,"thread_ts_usec":1492167697412244,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"res.wx.qq.com"}} @@ -430,19 +430,19 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1492167720101930,"flow_dst_last_pkt_time":1492167720458117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167720458117,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1492167720458175,"flow_dst_last_pkt_time":1492167720458117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167720458175,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"} 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1492167720458584,"flow_dst_last_pkt_time":1492167720458117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167720458584,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiR8RAAEAGzJLAqAFny82XotNnAbsR+WeuFAZnW4AYAOXtRgAAAQEICgAyIMhFrqVHFgMBAOkBAADlAwO4FYiIFcG2NJgznPgifBfdh+y\/SP3z7w7BFwt\/H9iuDCAVSEeMY2IvjCMgDjKK8SiyT+W1aOjnLn\/Q4fRxYvFJEgAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8iooAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIGhoAHQAXABiamgABAA=="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167720458584,"flow_dst_last_pkt_time":1492167720458117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167720458584,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167720458584,"flow_dst_last_pkt_time":1492167720458117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167720458584,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1492167720353253,"flow_dst_last_pkt_time":1492167720700672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167720700672,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1492167720700737,"flow_dst_last_pkt_time":1492167720700672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167720700737,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1492167720458584,"flow_dst_last_pkt_time":1492167720811434,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167720811434,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0wsRAAC0GZODLzZeiwKgBZwG702cUBmdbEflonIAQAHh5ZAAAAQEICkWupZ8AMiDI"} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167720458584,"flow_dst_last_pkt_time":1492167720812106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167720812106,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167720812140,"flow_dst_last_pkt_time":1492167720812783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167720812783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167720458584,"flow_dst_last_pkt_time":1492167720812106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167720812106,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167720812140,"flow_dst_last_pkt_time":1492167720812783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167720812783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1492167722010515,"flow_dst_last_pkt_time":1492167720700672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167722010515,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiTqJAAEAGxbTAqAFny82XotNoAbuP9m4Pb2aKH4AYAOXLQgAAAQEICgAyIkxF0wrqFgMBAOkBAADlAwPB\/pJ6BvhHBq\/4TId1UjdeYYD0wwj82jOL+qyjL+5dzCBgvGDUb62G4Do9NReMfS8YxaGk\/NAEyDLFergV\/vcvsQAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8mpoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABh6egABAA=="} -01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167722010515,"flow_dst_last_pkt_time":1492167720700672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167722010515,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167722010515,"flow_dst_last_pkt_time":1492167720700672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167722010515,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1492167722010515,"flow_dst_last_pkt_time":1492167722070985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167722070985,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iqwgAAAgQFoAQCCApF0wxBADIhBQEDAwc="} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167722071030,"flow_dst_last_pkt_time":1492167722364483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167722364483,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01805{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167722364537,"flow_dst_last_pkt_time":1492167722365024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167722365024,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167722071030,"flow_dst_last_pkt_time":1492167722364483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167722364483,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167722364537,"flow_dst_last_pkt_time":1492167722365024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167722365024,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1178,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426352,"flow_src_last_pkt_time":1492167713329983,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167722796259,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} -01124{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1178,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167722796259,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} +01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1178,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167722796259,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1178,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167713329924,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167722796259,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 02215{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1181,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167729700517,"flow_dst_last_pkt_time":1492167729700473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":6405,"flow_dst_tot_l4_payload_len":7217,"midstream":0,"thread_ts_usec":1492167729700517,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":333,"avg":619262.2,"max":7132743,"stddev":1664228.6,"var":2769657004032.0,"ent":2.7,"data": [356187,356245,409,353317,672,353556,677,668,333,334,2390,365567,364474,5597,381303,26713,2760,403898,13549,5018,378842,57192,418881,4165,370546,28172,433154,6695589,7132743,143519,540660]},"pktlen": {"min":52,"avg":478.2,"max":1480,"stddev":547.1,"var":299307.7,"ent":4.1,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,249,1292,527,52,989,52,1113,52,1480,52]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [4.614099026,5.054205418,4.784065247,5.803813457,5.041504860,6.789727688,4.976373672,7.508995056,4.909682751,7.239485741,4.948143959,6.283991337,5.914185047,7.847993851,7.497515678,5.056021690,7.882184505,6.223571301,4.818242073,7.846398354,7.468954086,5.094483852,7.143380165,7.812929153,7.551878452,5.132945061,7.789383411,4.948144436,7.801686287,4.986605644,7.883557796,4.871221066]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1216,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167617247730,"flow_src_last_pkt_time":1492167617247730,"flow_dst_last_pkt_time":1492167617598882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167749276262,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -464,12 +464,12 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1492167765433146,"flow_dst_last_pkt_time":1492167765701156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167765701156,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1492167765701236,"flow_dst_last_pkt_time":1492167765701156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167765701236,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1492167765701869,"flow_dst_last_pkt_time":1492167765701156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167765701869,"pkt":"8IQvSpdgeJKcD6iOCABFAAEi8RhAAEAGJzXAqAFny82Tq+K0AbvYTb2jpZNfdIAYAOUfdwAAAQEICgAyTPdF8qRxFgMBAOkBAADlAwN2f14Oc5hAS77GsYiJJWuQsbu0wB7\/AFxtEPxKO0DQmSCLvNA70NWnnOkivxA3NtxTObgLtgPDGlVnUKXVA0Y5mQAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8WloAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABgKCgABAA=="} -01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167765433146,"flow_src_last_pkt_time":1492167765701869,"flow_dst_last_pkt_time":1492167765701156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167765701869,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167765433146,"flow_src_last_pkt_time":1492167765701869,"flow_dst_last_pkt_time":1492167765701156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167765701869,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1492167765657286,"flow_dst_last_pkt_time":1492167765933685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167765933685,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1492167765933797,"flow_dst_last_pkt_time":1492167765933685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167765933797,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1227,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1492167765701869,"flow_dst_last_pkt_time":1492167765972098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167765972098,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0+8BAAC8GLdvLzZOrwKgBZwG74rSlk1902E2+kYAQAHiclQAAAQEICkXypLQAMkz3"} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167765433146,"flow_src_last_pkt_time":1492167765701869,"flow_dst_last_pkt_time":1492167765976298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167765976298,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167765433146,"flow_src_last_pkt_time":1492167765976336,"flow_dst_last_pkt_time":1492167765976846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167765976846,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167765433146,"flow_src_last_pkt_time":1492167765701869,"flow_dst_last_pkt_time":1492167765976298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167765976298,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167765433146,"flow_src_last_pkt_time":1492167765976336,"flow_dst_last_pkt_time":1492167765976846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167765976846,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1492167765933797,"flow_dst_last_pkt_time":1492167767274060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167767274060,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h73QAAAgQFoAQCCApFrtMIADJNMQEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1492167767274119,"flow_dst_last_pkt_time":1492167767274060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167767274119,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwVAAEAGsjbAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXhegAAAQEICgAyToBFrtG3"} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1492167617248213,"flow_src_last_pkt_time":1492167639887622,"flow_dst_last_pkt_time":1492167640200064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":3694,"flow_dst_tot_l4_payload_len":4335,"midstream":0,"thread_ts_usec":1492167767276191,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} @@ -482,12 +482,12 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1492167776953879,"flow_dst_last_pkt_time":1492167777220516,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167777220516,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1492167777220585,"flow_dst_last_pkt_time":1492167777220516,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167777220585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1492167777221018,"flow_dst_last_pkt_time":1492167777220516,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167777221018,"pkt":"8IQvSpdgeJKcD6iOCABFAAEik9dAAEAGhHbAqAFny82Tq+K2AbuZa8QiF9i4foAYAOUtNAAAAQEICgAyWDdF00IlFgMBAOkBAADlAwO7CPpUAi5ji1WrIUUoJckLyw+WP0iTwMQC+JpZ0PHlhCBDtbBAnWnGygM6P1AG0j+Q0vm5\/VvsmvPTT+HjfnB2iAAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAICgoAHQAXABhaWgABAA=="} -01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167777221018,"flow_dst_last_pkt_time":1492167777220516,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167777221018,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167777221018,"flow_dst_last_pkt_time":1492167777220516,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167777221018,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1492167777204515,"flow_dst_last_pkt_time":1492167777476493,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167777476493,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1492167777476579,"flow_dst_last_pkt_time":1492167777476493,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167777476579,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1492167777221018,"flow_dst_last_pkt_time":1492167777492766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167777492766,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0+hdAAC8GL4TLzZOrwKgBZwG74rYX2Lh+mWvFEIAQAHhg0gAAAQEICkXTQmkAMlg3"} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167777221018,"flow_dst_last_pkt_time":1492167777494071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167777494071,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167777494128,"flow_dst_last_pkt_time":1492167777494665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167777494665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167777221018,"flow_dst_last_pkt_time":1492167777494071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167777494071,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167777494128,"flow_dst_last_pkt_time":1492167777494665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167777494665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1492167777476579,"flow_dst_last_pkt_time":1492167778905220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167778905220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j+HgAAAgQFoAQCCApFrt5kADJYdwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1492167778905291,"flow_dst_last_pkt_time":1492167778905220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167778905291,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvxAAEAGuj\/AqAFny82Tq+K3Abv08QbKs2vgPoAQAOVjuwAAAQEICgAyWdxFrtz+"} 02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1310,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1492167776953879,"flow_src_last_pkt_time":1492167781392220,"flow_dst_last_pkt_time":1492167781372855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":8609,"flow_dst_tot_l4_payload_len":6923,"midstream":0,"thread_ts_usec":1492167781392220,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":433,"avg":285719.9,"max":2508511,"stddev":565344.7,"var":319614582784.0,"ent":3.4,"data": [266637,266706,433,272250,1305,273110,594,572,2940,271769,269630,3217,281421,29714,327642,3217,299639,37418,350851,50937,3180,368575,30208,307140,2227616,3191,2508511,50935,328714,16106,3139]},"pktlen": {"min":52,"avg":537.9,"max":1740,"stddev":561.4,"var":315202.6,"ent":4.2,"data": [60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1357,1225,429,52,250,52,1292,527,52,990,52,1292,527,52,1367,52,1225,429]},"bins": {"c_to_s": [7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0],"entropies": [4.726680279,5.287539005,5.053297043,5.856728077,5.094483852,6.784938335,4.976374149,7.592500210,4.986606121,6.312986374,5.936172009,7.837973118,7.533455849,5.132945538,7.845239639,7.816359520,7.375327110,5.132945538,7.120093346,4.986605644,7.828961372,7.600332737,5.079966545,7.769877911,4.933627129,7.832687378,7.593090057,5.138531685,7.868632793,4.933627605,7.822371960,7.393807888]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} @@ -497,7 +497,7 @@ 00931{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492167440984773,"flow_src_last_pkt_time":1492167695144163,"flow_dst_last_pkt_time":1492167440984773,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167782480271,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00930{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167449288224,"flow_src_last_pkt_time":1492167697384234,"flow_dst_last_pkt_time":1492167449288224,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167782480271,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426352,"flow_src_last_pkt_time":1492167781907538,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167782480271,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} -01124{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167782480271,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} +01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167782480271,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167781907341,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167782480271,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167788126900,"flow_src_last_pkt_time":1492167788126900,"flow_dst_last_pkt_time":1492167788126900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167788126900,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1492167788126900,"flow_dst_last_pkt_time":1492167788126900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1492167788126900,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} @@ -567,7 +567,7 @@ 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1492167788128365,"flow_src_last_pkt_time":1492167840352767,"flow_dst_last_pkt_time":1492167788128365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426352,"flow_src_last_pkt_time":1492167781907538,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492167795292702,"flow_src_last_pkt_time":1492167796728951,"flow_dst_last_pkt_time":1492167795292702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"lbjamwptxz"}} -01124{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} +01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167669545491,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167795092845,"flow_src_last_pkt_time":1492167795103351,"flow_dst_last_pkt_time":1492167795092845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cansaqcq"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167781907341,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1492167788126900,"flow_src_last_pkt_time":1492167840351414,"flow_dst_last_pkt_time":1492167788126900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167844485906,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} @@ -594,18 +594,18 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1492167865975033,"flow_dst_last_pkt_time":1492167866243313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167866243313,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1492167866243399,"flow_dst_last_pkt_time":1492167866243313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167866243399,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1492167866243873,"flow_dst_last_pkt_time":1492167866243313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167866243873,"pkt":"8IQvSpdgeJKcD6iOCABFAAEicVhAAEAGpvXAqAFny82Tq+K4AbvAQN+2X2dcG4AYAOUGhQAAAQEICgAyryZFrzOuFgMBAOkBAADlAwM6MRNk3EmFJ9vIXCbdCkO3vP+WoKpqLBvgL+NdCbhfqyAMsBFok8j6ktN3mDNfYh89ubRYR7QbnhPUZ8eCwdphMwAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8GhoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABhqagABAA=="} -01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167866243873,"flow_dst_last_pkt_time":1492167866243313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167866243873,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167866243873,"flow_dst_last_pkt_time":1492167866243313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167866243873,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1492167866226283,"flow_dst_last_pkt_time":1492167866495347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167866495347,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1492167866495436,"flow_dst_last_pkt_time":1492167866495347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167866495436,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1492167866243873,"flow_dst_last_pkt_time":1492167866513757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167866513757,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0b+pAAC8GubHLzZOrwKgBZwG74rhfZ1wbwEDgpIAQAHjq5wAAAQEICkWvM\/EAMq8m"} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167866243873,"flow_dst_last_pkt_time":1492167866514555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167866514555,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167866514612,"flow_dst_last_pkt_time":1492167866514947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167866514947,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167866243873,"flow_dst_last_pkt_time":1492167866514555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167866514555,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167866514612,"flow_dst_last_pkt_time":1492167866514947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1492167866514947,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1492167866495436,"flow_dst_last_pkt_time":1492167867786741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167867786741,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8h\/HQAAAgQFoAQCCApFrzUwADKvZQEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1492167867786787,"flow_dst_last_pkt_time":1492167867786741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167867786787,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOlAAEAGlFLAqAFny82Tq+K5AbuucSvGejQMP4AQAOXkuAAAAQEICgAysKhFrzPt"} 02198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1465,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1492167865975033,"flow_src_last_pkt_time":1492167868793020,"flow_dst_last_pkt_time":1492167868783731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":12291,"flow_dst_tot_l4_payload_len":3489,"midstream":0,"thread_ts_usec":1492167868793020,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":181506.0,"max":1577028,"stddev":351924.9,"var":123851137024.0,"ent":3.2,"data": [268280,268366,474,270444,798,270739,392,385,993,969,2788,273097,271415,164,26,13,12,11,1155,289376,22800,22424,9724,380702,1255603,4960,1577028,73342,350958,5989,3258]},"pktlen": {"min":52,"avg":545.6,"max":1480,"stddev":599.0,"var":358844.3,"ent":4.1,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527]},"bins": {"c_to_s": [7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0],"s_to_c": [6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0],"entropies": [4.680765629,5.154205322,4.884933472,5.839785576,5.017560482,6.813761711,4.831954956,7.514670849,4.842186928,7.190687180,4.895165443,6.306419849,5.873158932,7.841919422,7.869560242,7.865934372,7.865987301,7.878506184,7.864762306,7.242313385,4.964581966,4.834680080,4.895165443,6.393952847,4.986606121,7.814539909,7.515988827,5.061608315,7.244477749,4.895165443,7.844690800,7.504737377]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1492167866226283,"flow_src_last_pkt_time":1492167871050375,"flow_dst_last_pkt_time":1492167867786741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167871050375,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167866226283,"flow_src_last_pkt_time":1492167871050375,"flow_dst_last_pkt_time":1492167871323158,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167871323158,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167866226283,"flow_src_last_pkt_time":1492167871323215,"flow_dst_last_pkt_time":1492167871323625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167871323625,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1492167866226283,"flow_src_last_pkt_time":1492167871050375,"flow_dst_last_pkt_time":1492167867786741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167871050375,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167866226283,"flow_src_last_pkt_time":1492167871050375,"flow_dst_last_pkt_time":1492167871323158,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167871323158,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167866226283,"flow_src_last_pkt_time":1492167871323215,"flow_dst_last_pkt_time":1492167871323625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167871323625,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1492167720101930,"flow_src_last_pkt_time":1492167747781443,"flow_dst_last_pkt_time":1492167748133185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":6405,"flow_dst_tot_l4_payload_len":21244,"midstream":0,"thread_ts_usec":1492167872304268,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1492167720353253,"flow_src_last_pkt_time":1492167747781344,"flow_dst_last_pkt_time":1492167748129921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":3167,"midstream":0,"thread_ts_usec":1492167872304268,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167765155968,"flow_src_last_pkt_time":1492167765155968,"flow_dst_last_pkt_time":1492167765432548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":349,"midstream":0,"thread_ts_usec":1492167872304268,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","proto_id":"5.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"web.wechat.com"}} @@ -620,7 +620,7 @@ 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426352,"flow_src_last_pkt_time":1492167781907538,"flow_dst_last_pkt_time":1492167338426352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167852023021,"flow_src_last_pkt_time":1492167852023021,"flow_dst_last_pkt_time":1492167852023021,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492167795292702,"flow_src_last_pkt_time":1492167796728951,"flow_dst_last_pkt_time":1492167795292702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"lbjamwptxz"}} -01124{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167848542496,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":413,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} +01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167848542496,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":413,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167795092845,"flow_src_last_pkt_time":1492167795103351,"flow_dst_last_pkt_time":1492167795092845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cansaqcq"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167781907341,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1513,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1492167788126900,"flow_src_last_pkt_time":1492167840351414,"flow_dst_last_pkt_time":1492167788126900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167897092721,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} @@ -633,12 +633,12 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1492167905310934,"flow_dst_last_pkt_time":1492167905585622,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167905585622,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1492167905585722,"flow_dst_last_pkt_time":1492167905585622,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167905585722,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1492167905586242,"flow_dst_last_pkt_time":1492167905585622,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_usec":1492167905586242,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiY7xAAEAGtJHAqAFny82Tq+K6AbsLFrb4XHaQS4AYAOUEvAAAAQEICgAy1ZJFr1oYFgMBAOkBAADlAwOpwzJj9zQUL7FTARxwe22aWmPjNgjLbbTXUoctVXlwQCAXdM3iNMSeSRYu5rAL4uxt+WZ\/oboN6SP4aeC7pGEeFQAgqqrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8OjoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIysoAHQAXABhqagABAA=="} -01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167905310934,"flow_src_last_pkt_time":1492167905586242,"flow_dst_last_pkt_time":1492167905585622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167905586242,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167905310934,"flow_src_last_pkt_time":1492167905586242,"flow_dst_last_pkt_time":1492167905585622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167905586242,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1492167905561959,"flow_dst_last_pkt_time":1492167905858313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167905858313,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_src_last_pkt_time":1492167905858383,"flow_dst_last_pkt_time":1492167905858313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167905858383,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1520,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1492167905586242,"flow_dst_last_pkt_time":1492167905863511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167905863511,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0yhRAAC8GX4fLzZOrwKgBZwG74rpcdpBLCxa35oAQAHhKtQAAAQEICkWvWl8AMtWS"} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167905310934,"flow_src_last_pkt_time":1492167905586242,"flow_dst_last_pkt_time":1492167905866052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167905866052,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167905310934,"flow_src_last_pkt_time":1492167905866087,"flow_dst_last_pkt_time":1492167905866538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167905866538,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} +01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167905310934,"flow_src_last_pkt_time":1492167905586242,"flow_dst_last_pkt_time":1492167905866052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1492167905866052,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01766{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167905310934,"flow_src_last_pkt_time":1492167905866087,"flow_dst_last_pkt_time":1492167905866538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":238,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":3116,"midstream":0,"thread_ts_usec":1492167905866538,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"web.wechat.com","domainame":"web.wechat.com","tls": {"version":"TLSv1.2","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","ja4":"t12d1511h2_f0daf39aad75_eb7c9aabf852","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","advertised_alpns":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_src_last_pkt_time":1492167905858383,"flow_dst_last_pkt_time":1492167907207381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1492167907207381,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8glwAAAAgQFoAQCCApFr1uvADLV1gEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1492167907207433,"flow_dst_last_pkt_time":1492167907207381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167907207433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gthAAEAGlmPAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWLXAAAAQEICgAy1ydFr1pd"} 00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1550,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1492167765657286,"flow_src_last_pkt_time":1492167777220927,"flow_dst_last_pkt_time":1492167777220877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167911211986,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -646,7 +646,7 @@ 00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167851203580,"flow_src_last_pkt_time":1492167851203580,"flow_dst_last_pkt_time":1492167851203580,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167765155968,"flow_src_last_pkt_time":1492167765155968,"flow_dst_last_pkt_time":1492167765432548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":349,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","proto_id":"5.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"web.wechat.com"}} 00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167849769805,"flow_src_last_pkt_time":1492167851204799,"flow_dst_last_pkt_time":1492167849769805,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1553,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":61,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":649,"global_ts_usec":1492171154216266} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1553,"packets-processed":1552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":61,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":649,"global_ts_usec":1492171154216266} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_usec":1492171154216266,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -666,7 +666,7 @@ 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167852023021,"flow_src_last_pkt_time":1492167852023021,"flow_dst_last_pkt_time":1492167852023021,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167849769805,"flow_src_last_pkt_time":1492167851204799,"flow_dst_last_pkt_time":1492167849769805,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492167795292702,"flow_src_last_pkt_time":1492167796728951,"flow_dst_last_pkt_time":1492167795292702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"lbjamwptxz"}} -01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167848542496,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":413,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167669545491,"flow_src_last_pkt_time":1492167848542496,"flow_dst_last_pkt_time":1492167669545491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":413,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167795092845,"flow_src_last_pkt_time":1492167795103351,"flow_dst_last_pkt_time":1492167795092845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cansaqcq"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1492167788126900,"flow_src_last_pkt_time":1492167911210632,"flow_dst_last_pkt_time":1492167788126900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1492167338426301,"flow_src_last_pkt_time":1492167781907341,"flow_dst_last_pkt_time":1492167338426301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171154792257,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local"}} @@ -806,7 +806,7 @@ 01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171269383166,"flow_src_last_pkt_time":1492171269383221,"flow_dst_last_pkt_time":1492171269383166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171269383221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.debian.pool.ntp.org","domainame":"1.debian.pool.ntp.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171269548804,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171269548804,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1492171269548804,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwL\/IAAIARhLfAqAFkwKgB\/wCKAIoA3H89EQ7\/KMCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} -01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171269548804,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171269548804,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc","domainame":"giovanni-pc"}} +00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171269548804,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171269548804,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc","domainame":"giovanni-pc"}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":1492171269750011,"flow_dst_last_pkt_time":1492171267294534,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1492171269750011,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJttAAEARjxjAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171267294534,"flow_src_last_pkt_time":1492171269750011,"flow_dst_last_pkt_time":1492171267294534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171269750011,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WeChat","proto_id":"5.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"webpush.web.wechat.com","domainame":"webpush.web.wechat.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171270418166,"flow_src_last_pkt_time":1492171270418166,"flow_dst_last_pkt_time":1492171270418166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171270418166,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -866,7 +866,7 @@ 01079{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1492171175912251,"flow_src_last_pkt_time":1492171268600285,"flow_dst_last_pkt_time":1492171175912251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":91,"flow_first_seen":1492167353674975,"flow_src_last_pkt_time":1492167907140029,"flow_dst_last_pkt_time":1492167906819599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":1188,"flow_src_tot_l4_payload_len":9306,"flow_dst_tot_l4_payload_len":55836,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171171688264,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2376,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171269548804,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171269548804,"flow_src_last_pkt_time":1492171269548804,"flow_dst_last_pkt_time":1492171269548804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"giovanni-pc"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1492171250302344,"flow_src_last_pkt_time":1492171253304834,"flow_dst_last_pkt_time":1492171250302344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171184747647,"flow_src_last_pkt_time":1492171184747647,"flow_dst_last_pkt_time":1492171184747647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","proto_id":"5.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 01094{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1492171176772333,"flow_src_last_pkt_time":1492171271288336,"flow_dst_last_pkt_time":1492171176772333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} @@ -885,7 +885,7 @@ 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171268754627,"flow_src_last_pkt_time":1492171273759735,"flow_dst_last_pkt_time":1492171268754627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492171269383166,"flow_src_last_pkt_time":1492171269383221,"flow_dst_last_pkt_time":1492171269383166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171274755195,"flow_src_last_pkt_time":1492171274755195,"flow_dst_last_pkt_time":1492171274755195,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1672,"packets-processed":1672,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":69,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":888,"global_ts_usec":1492171291761740} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1672,"packets-processed":1672,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":69,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":888,"global_ts_usec":1492171291761740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 ~~ skipped flows.............: 0 @@ -894,10 +894,10 @@ ~~ total active/idle flows...: 109/109 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8183662 bytes -~~ total memory freed........: 8183662 bytes -~~ total allocations/frees...: 117755/117755 +~~ total memory allocated....: 8761156 bytes +~~ total memory freed........: 8761156 bytes +~~ total allocations/frees...: 129483/129483 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars -~~ json message max len.......: 2433 chars -~~ json message avg len.......: 1479 chars +~~ json message max len.......: 2392 chars +~~ json message avg len.......: 1459 chars diff --git a/test/results/default/weibo.pcap.out b/test/results/default/weibo.pcap.out index cb9f855b1..3f8e30767 100644 --- a/test/results/default/weibo.pcap.out +++ b/test/results/default/weibo.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1463089067804779} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1463089067804779} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089067804779,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1463089067804779,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1463089067804822,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_usec":1463089067804822,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="} @@ -174,7 +174,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073479289,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073635672,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073635736,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1463089073635736,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073635941,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1463089073635941,"pkt":"kDVu60UQeJKcD6iOCABFAADwPQ5AAEAGyarAqAFpL1lB5caLAbuG5TcYPGq4OFAYAOU\/oAAAFgMBAMMBAAC\/AwOXT1\/apC0sseL9tClTjO1tCqBgMoC4vQJs2bkXrM\/zTQAAHMypzKjMFMwTwCvAL8AKwBTACcATAJwANQAvAAoBAAB6\/wEAAQAAAAARAA8AAAxnLmFsaWNkbi5jb20AFwAAACMAAAANABIAEAYBBgMFAQUDBAEEAwIBAgMABQAFAQAAAAAzdAAAABIAAAAQABcAFQJoMghzcGR5LzMuMQhodHRwLzEuMXVQAAAACwACAQAACgAIAAYAHQAXABg="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073479289,"flow_src_last_pkt_time":1463089073635941,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073635941,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"g.alicdn.com","domainame":"g.alicdn.com","tls": {"version":"TLSv1.2","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","ja4":"t12d1412h2_20a10634286c_ce3753e6c77f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}} +01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073479289,"flow_src_last_pkt_time":1463089073635941,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073635941,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"g.alicdn.com","domainame":"g.alicdn.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1412h2_20a10634286c_ce3753e6c77f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073537807,"flow_dst_last_pkt_time":1463089073759907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073759907,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073759940,"flow_dst_last_pkt_time":1463089073759907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1463089073759940,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073760507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1463089073760507,"pkt":"eJKcD6iOkDVu60UQCABFAACPAABAAEARtqPAqAEBwKgBaQA1xdAAe7w5O9aBgAABAAMAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAHADAAFAAEAAAJYAAcEYWNqc8ATwC8ABQABAAABAAAhBGFjanMGYWxpeXVuA2NvbQNnZHMKYWxpYmFiYWRuc8AawEIAAQABAAAAbAAEKpy4Ew=="} @@ -264,7 +264,7 @@ 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071755114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071755114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":498,"packets-processed":498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":267,"global_ts_usec":1463089073893914} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":498,"packets-processed":498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":267,"global_ts_usec":1463089073893914} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 498/498 ~~ skipped flows.............: 0 @@ -273,9 +273,9 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7029408 bytes -~~ total memory freed........: 7029408 bytes -~~ total allocations/frees...: 115199/115199 +~~ total memory allocated....: 7607678 bytes +~~ total memory freed........: 7607678 bytes +~~ total allocations/frees...: 126950/126950 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 528 chars ~~ json message max len.......: 2244 chars diff --git a/test/results/default/whatsapp.pcap.out b/test/results/default/whatsapp.pcap.out index 41b7032b8..4af026fb3 100644 --- a/test/results/default/whatsapp.pcap.out +++ b/test/results/default/whatsapp.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655030801747000} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655030801747000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655030801747000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ABpAAD8GAijAqAJkszzDMa8EFGbkDT9OAAAAAKAC\/\/\/IawAAAgQFtAQCCArFapnmAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655030801776000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030801776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ABtAAD8GAi\/AqAJkszzDMa8EFGbkDT9PTyfQe4AQAKy6dAAAAQEICsVqmgM2ROYE"} @@ -7,7 +7,7 @@ 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655030801890000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQAB1AAD8GARHAqAJkszzDMa8EFGbkDT9TTyfQe4AYAKyJ+wAAAQEICsVqmnU2ROZ3AAAECAkIAldBBQIAAQ4SiwIKIDj7+pXlvAgmViwpUlFGYvO7\/yYma2eom\/G2OTNSuB9CEjDDX+ArZolS0PQnuB247fnbmCRsbrfgMrMGVJKMEE0t2\/JRP8Web3dbO7XmVIhSAMUatAGDAKIxOIhCtS95+1nqKJyrSC2PmyXih4qhdJJJio4iS3y2E7TtcgDKuHyZ\/UvYMWM1fN9zY73yjAQyazTEx2GF7o2qsRZh+ii4dJBC1jpfEIfBRkuogNaLxnCXPsblfV1VotCn1Pe51mjYXnk7cnPMyVrGE9EczxjQfevJacaaYgo8HcbO\/l9KLqGgkMzIQe5860q0eu8zygvB+CnrGia9AmXhxwG9DXMaMKJhPVwRBswrmz0="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801890000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655030802021000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030802021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AB5AAD8GAizAqAJkszzDMa8EFGbkDUBvTyfQtIAQAKy3MAAAAQEICsVqmvg2ROb6"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655031983762000} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":9,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1655031983762000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655031983762000,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655031983762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655031983762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wNRAAD8GQW3AqAJkszzDMZyUFGb3fC5VAAAAAKAC\/\/8sUAAAAgQFtAQCCAo3N9QvAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655031983792000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655031983792000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wNVAAD8GQXTAqAJkszzDMZyUFGb3fC5W\/Bdho4AQAIAA5AAAAQEICjc31GXWXSVb"} @@ -22,7 +22,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655032257115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/\/WVAAD8GBNnAqAJkszzDMaUgFGax9BltNUwtP4AYAVcS1AAAAQEICkZl\/WKo3wJ9AAAECAkIAldBBQI="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032257115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655032257144000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655032257144000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6\/WZAAD8GA93AqAJkszzDMaUgFGax9Bl4NUwtP4AYAVeyGgAAAQEICkZl\/X+o3wKaAAEDEoACCiAZZWNRxkRzymWLkvWv1TnfFzp\/HkwlWZjEklDe99VAfhIwme3J57adounR96qJXaoGJ9\/P\/qwfwkKChs9JuHY8Xv1MEqhXwWeQFybfIOgJQA\/aGqkBC5bxG\/SW8DPfHniUt1jbZ2dRLdxurPEJvB\/Or4kxrapciCjPoSjKvgXme6PN\/oOHzq0gKZq9SGSx6FhHIihHWnH8eK0VSUc53EWTGnhN\/30gQHZh9un0MZ0+ia7xXgMk385gTrfAQvxkkWPB7B4ett3W7NEuQnJkmSj1NTGse5fecHmRPAfc6h2TEgsk+0mvyE6X9Ilvw4d9UKzTB5jTpCZ3DqZZbwdPng=="} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1655032857220000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":26,"packets-processed":25,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1655032857220000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857220000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655032857220000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wH9AAD8GQcLAqAJkszzDMaXEFGbLQu4oAAAAAKAC\/\/8vAgAAAgQFtAQCCApGbyV9AAAAAAEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655032857250000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032857250000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wIBAAD8GQcnAqAJkszzDMaXEFGbLQu4pkG\/w9oAQAVfp3wAAAQEICkZvJafXThmp"} @@ -30,7 +30,7 @@ 00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655032857857000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFwIJAAD8GQLbAqAJkszzDMaXEFGbLQu4tkG\/w9oAYAVdjHAAAAQEICkZvKAfXThwIAAAECAkIAldBBQIAAQMSgAIKIK1KJx1PnKk1pL6t1MbgR11TASauAEZZazQ8SNc\/svphEjD1vsMAWwdxY7rp\/NBRE9fSJSDyQi2+YPf8MDFZb9yUAo8hEfqWNj2VoAZlwbyUx7UaqQG3zFrlHQDyS4ZUUK3HVSlPbCD0Wgk3Ie2BeEz\/OeAu15sD6W1uI3uFpQv1KsNJoxw5uFL0w0Bf3eU0e0j49oXwcNam2mnkVU9nxM8q4z6rlcyPmMv7rJ1Ofv1AYGAKVUn75C3mXm3ER4vAezfKAKZaBPXqtk9FYf8ZZEhUBMSwluTw1l4fXnb52oHkYSgIZir3UMauZ9RA5GDs1Tvk37bRwa3Xi+YrHTKb"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655032858009000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032858009000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wINAAD8GQcbAqAJkszzDMaXEFGbLQu8+kG\/xL4AQAVfioQAAAQEICkZvKJ\/XThyh"} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655033482376000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":33,"global_ts_usec":1655033482376000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655033482376000,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033482376000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655033482376000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gelAAD8GgFjAqAJkszzDMZzyFGaeLx0YAAAAAKAC\/\/83kgAAAgQFtAQCCAo3PDMVAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655033482414000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033482414000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gepAAD8GgF\/AqAJkszzDMZzyFGaeLx0Zpn\/BEoAQAIBtAgAAAQEICjc8MzXDJ83z"} @@ -52,7 +52,7 @@ 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655033850680000,"pkt":"eJS0JASgYDjgxTWgCABFAAFW8OZAAD8GEEHAqAJkszzDMZ0MFGa\/1NfHoiLOPYAYAIDqqQAAAQEICjc9xrppw+BLAAAECAsICVdBBQIAARQSkQIKIIWiVZcpSaSpS0wa6A1pLwk8Zk1\/z9qJ1T6f4Z\/2lZVXEjDQa\/Mzv1Xbe6yEXg1RMK7xAVWS5\/gg0yRaYkQ\/jmAXm8ZLLIy2AJqWxAZXLpRaD1QaugF+sjMVYJRs7OSYVpKL05qk8NYHnUetCeAnd6JfcTDEz+ZetSOCyq08mxgiwl8Af\/7SbFLFgX2H8i8LiJr0ImpshHYvlAL+KzUXxI7jj2H41W4vlUGdwN6mhJKreWveUBLOkSgxvVZcNAq4rxdBzulcV262lISooGtBZtHXy9rzLxZq0hu6\/gqiUgRR1zMURpouCFSl2EsY6RluLOlw2t8mrRqh8qCUrKg6h4K23MHuam9NZfZMLtWpZOw="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655033850395000,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033850680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1655033850885000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033850885000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08OdAAD8GEWLAqAJkszzDMZ0MFGa\/1NjpoiLOdoAQAIA39AAAAQEICjc9x41pw+F1"} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1655034332550000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":58,"packets-processed":57,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1655034332550000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332550000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655034332550000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8s3tAAD8GTsbAqAJkszzDMbNsFGaY2PgHAAAAAKAC\/\/+CVAAAAgQFtAQCCArFiW3yAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655034332580000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s3xAAD8GTs3AqAJkszzDMbNsFGaY2PgILoO694AQAKylowAAAQEICsWJbhFxU6\/V"} @@ -60,7 +60,7 @@ 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655034332681000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQs35AAD8GTa\/AqAJkszzDMbNsFGaY2PgMLoO694AYAKyIQwAAAQEICsWJbnVxU7A5AAAECAkIAldBBQIAAQ4SiwIKIKHufl5sXussMAhh0p2\/ov1K8qbgZUmwKi9OWg6ykiwzEjA0l5XOlCDi1Vokb77mNfeOWPrLzKrl4cBvJSnz6b6OpllKXqNELvV9TjDMNg9m2NsatAGEAtqJL0uvfBOEv9jC9l6jTRNc\/NKsEOvisYVSReExtAE04Pzl+dAtiLjrZ6MqtBqeDLLi4SlEeeSkOLjMHl\/ISCl0Dm\/xeIkCziwQn25As52c8XcuNRHVxMJak4sKuuCm4KKx09ssdIeVR2SXPMdDxTXZpZZTV92cShnAxFetZFuoG2g6Jlthv1eik9as3VMscANTNS4dKc0FH1iioHEVa9f2dyF04y5o88Mw6CjlmL7HByE="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655034332808000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332808000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s39AAD8GTsrAqAJkszzDMbNsFGaY2PkoLoO7MIAQAKyihAAAAQEICsWJbvRxU7C4"} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1655036863658000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":66,"packets-processed":65,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":63,"global_ts_usec":1655036863658000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655036863658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VU1AAD8GrPTAqAJkszzDMZ\/6FGZJAAaOAAAAAKAC\/\/\/gngAAAgQFtAQCCAo3avKLAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1655036863694000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VU5AAD8GrPvAqAJkszzDMZ\/6FGZJAAaPQBkrQIAQAIAuZAAAAQEICjdq8tim3M31"} @@ -68,7 +68,7 @@ 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655036863823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWVVBAAD8Gq9fAqAJkszzDMZ\/6FGZJAAaTQBkrQIAYAIAw3wAAAQEICjdq81mm3M5rAAAECAsICVdBBQIAARQSkQIKIAI3u8Y0o0ZFT\/OtJzcX3UaQ\/IWQGdbv0wEMHTK1l6woEjDMb3ve3Vlqa1zLSyWsq7HX19F5FqxgNDPVPZovnbkaWWTiEYUfyj9dhIYbLUbhjpoaugEYt5e54yUK0Dz2mXgmLjkLbqfw43funUzgI06KJeAdOTz48asdCtBqKsa57JzlcA8hKYLsAYAMXhENhJAMeKh+7iZsKK6QLl2OW+eCsVwf0sdlSSfzN0BeoIQW9Wt0qe8vcVYbW8VUzvTywUdhc5Eibzu+tOU31RbI\/1Q822GOha0izKT6E5UicKg7VroJrRkc6v4BGSSjH+7x5dR4DHzXhQPdVB2E0D9ObRCPXt2S8u\/UAiy1f3hsiJw="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655036863976000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VVFAAD8GrPjAqAJkszzDMZ\/6FGZJAAe1QBkreYAQAIAq0wAAAQEICjdq8\/Km3M8N"} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1655037784969000} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":74,"packets-processed":73,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":71,"global_ts_usec":1655037784969000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037784969000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655037784969000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eZJAAD8GiK\/AqAJkszzDMaD+FGaPGwMEAAAAAKAC\/\/\/PkAAAAgQFtAQCCAo3eL\/2AAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1655037785024000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655037785024000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eZNAAD8GiLbAqAJkszzDMaD+FGaPGwMFTC+Ch4AQAIA0RwAAAQEICjd4wGKeH1xF"} @@ -83,7 +83,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655037943383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7ZINAAD8Gnc\/AqAJkszzDIb+CFGZJeEXBlbThyYAYAKzl3AAAAQEIClkJjtmTiu6cAAAECAkIBQ=="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037943383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1655037943384000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655037943384000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ZIRAAD8GndHAqAJkszzDIb+CFGZJeEXIlbThyYAYAKybpQAAAQEIClkJjtmTiu6cV0EFAg=="} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1655038737650000} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":90,"packets-processed":89,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":86,"global_ts_usec":1655038737650000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038737650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655038737650000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+jpAAD8GCAfAqAJkszzDMaFIFGaFGhCGAAAAAKAC\/\/9PGwAAAgQFtAQCCAo3gTyYAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655038737824000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038737824000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+jtAAD8GCA7AqAJkszzDMaFIFGaFGhCH4E9fBoAQAIAQ0gAAAQEICjeBPUjxtjrK"} @@ -92,7 +92,7 @@ 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738036000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738036000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1655038738226000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038738226000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+j5AAD8GCAvAqAJkszzDMaFIFGaFGhGt4E9fP4AQAIAL\/wAAAQEICjeBPsPxtjzD"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030802079000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738381000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1655041569928000} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":98,"packets-processed":97,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":95,"global_ts_usec":1655041569928000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041569928000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655041569928000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8yNhAAD8GOWnAqAJkszzDMaKKFGb8FC6CAAAAAKAC\/\/\/RUwAAAgQFtAQCCAo3qCQAAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1655041569964000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655041569964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0yNlAAD8GOXDAqAJkszzDMaKKFGb8FC6DekSzAYAQAIDQKAAAAQEICjeoJCQj994H"} @@ -106,7 +106,7 @@ 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257332000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032858052000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655033797377000,"flow_src_last_pkt_time":1655033797657000,"flow_dst_last_pkt_time":1655033797377000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1655042688447000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":106,"packets-processed":105,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":109,"global_ts_usec":1655042688447000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042688447000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655042688447000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8k4BAAD8GbsHAqAJkszzDMaNQFGac145xAAAAAKAC\/\/+5KwAAAgQFtAQCCAo3tzqhAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1655042688525000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655042688525000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0k4FAAD8GbsjAqAJkszzDMaNQFGac145yikooJoAQAIAprAAAAQEICje3OwWKYYCH"} @@ -115,7 +115,7 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042689683000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042689683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1655042689901000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1655042689901000,"pkt":"eJS0JASgYDjgxTWgCABFAAA3k4RAAD8GbsLAqAJkszzDMaNQFGac146BikooJoAYAIALawAAAQEICje3QFiKYYVaAAEU"} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332854000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042690163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1655043596112000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":114,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":118,"global_ts_usec":1655043596112000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043596112000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sPxAAD8GUVXAqAJkszzDIZJqFGboXByKAAAAAKAC\/\/9iMwAAAgQFtAQCCAoEt\/vxAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1655043596145000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043596145000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sP1AAD8GUVzAqAJkszzDIZJqFGboXByLxoplnYAQAKyC0AAAAQEICgS3\/BKyfC6v"} @@ -123,7 +123,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655043596146000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7sP9AAD8GUVPAqAJkszzDIZJqFGboXByPxoplnYAYAKxwrAAAAQEICgS3\/BOyfC6vAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596146000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1655043596147000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655043596147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sQBAAD8GUVXAqAJkszzDIZJqFGboXByWxoplnYAYAKwmdAAAAQEICgS3\/BSyfC6vV0EFAg=="} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1655044288744000} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":122,"packets-processed":121,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1655044288744000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288744000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044288744000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Rj1AAD8GvBTAqAJkszzDIZLOFGbS4v0+AAAAAKAC\/\/8FAwAAAgQFtAQCCAoEwo14AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1655044288776000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044288776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Rj5AAD8GvBvAqAJkszzDIZLOFGbS4v0\/XwbxEoAQAKw+pwAAAQEICgTCjaZrpjiA"} @@ -131,7 +131,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655044288777000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7RkBAAD8GvBLAqAJkszzDIZLOFGbS4v1DXwbxEoAYAKwsgwAAAQEICgTCjadrpjiAAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288777000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1655044288780000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655044288780000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4RkFAAD8GvBTAqAJkszzDIZLOFGbS4v1KXwbxEoAYAKziSgAAAQEICgTCjahrpjiAV0EFAg=="} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1655044965142000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":130,"packets-processed":129,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1655044965142000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965142000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044965142000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8At1AAD8G\/2TAqAJkszzDMbK6FGZec+QxAAAAAKAC\/\/+2PgAAAgQFtAQCCApG+geGAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1655044965172000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965172000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0At5AAD8G\/2vAqAJkszzDMbK6FGZec+QyZebbNIAQAVdZxAAAAQEICkb6B6qVR7NZ"} @@ -140,7 +140,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965221000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965221000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1655044965369000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965369000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AuFAAD8G\/2jAqAJkszzDMbK6FGZec+VHZebbbYAQAVdW7QAAAQEICkb6CG+VR7Qd"} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036864020000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":138,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":143,"global_ts_usec":1655045751925000} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":138,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":143,"global_ts_usec":1655045751925000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045751925000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655045751925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tn9AAD8GS8LAqAJkszzDMbMAFGajVEhsAAAAAKAC\/\/+wTwAAAgQFtAQCCApG\/mQPAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1655045751957000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045751957000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toBAAD8GS8nAqAJkszzDMbMAFGajVEhtoOKxA4AQAVeXTwAAAQEICkb+ZC\/0vP+i"} @@ -150,7 +150,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1655045752137000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045752137000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toNAAD8GS8bAqAJkszzDMbMAFGajVEmCoOKxPIAQAVeUmAAAAQEICkb+ZOP0vQBX"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037785423000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943539000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2513,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1655049443230000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":146,"packets-processed":145,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":153,"global_ts_usec":1655049443230000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443230000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655049443230000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8KCVAAD8G2hzAqAJkszzDMbVGFGZeo\/3WAAAAAKAC\/\/\/eUwAAAgQFtAQCCApHIcLoAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1655049443263000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443263000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KCZAAD8G2iPAqAJkszzDMbVGFGZeo\/3XmmmBIoAQAVfWlwAAAQEICkchwwlHYNIU"} @@ -160,7 +160,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1655049443533000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KClAAD8G2iDAqAJkszzDMbVGFGZeo\/7smmmBW4AQAVfTLgAAAQEICkchxBdHYNMh"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738381000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041570363000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":163,"global_ts_usec":1655050704430000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":154,"packets-processed":153,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":163,"global_ts_usec":1655050704430000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655050704430000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655050704430000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84MFAAD8GJbDAqAJkHw1TMZ0gFGZ02VSkAAAAAKAC\/\/8otQAAAgQFtAQCCAoO3mAcAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1655050704485000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655050704485000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04MJAAD8GJbfAqAJkHw1TMZ0gFGZ02VSlljrOS4AQAKxhJgAAAQEICg7eYFQ9kVNR"} @@ -177,7 +177,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051220512000,"flow_src_last_pkt_time":1655051220578000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220578000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655051220580000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051220580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rVRAAD8GVQHAqAJkszzDIbGeFGYTOuP28T6CsoAYAKzQiQAAAQEICgUsUt67e8sgV0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596381000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220729000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1655051492307000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":170,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":180,"global_ts_usec":1655051492307000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655051492307000,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051492307000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655051492307000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gfhAAD8GgEnAqAJkszzDMahMFGbuqHaiAAAAAKAC\/\/+qzgAAAgQFtAQCCAo39wnAAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1655051492339000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655051492339000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gflAAD8GgFDAqAJkszzDMahMFGbuqHajLwsyzYAQAIACagAAAQEICjf3Cd8Kl2oU"} @@ -193,7 +193,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794037000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794037000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1655051794039000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051794039000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4OxFAAD8Gx0TAqAJkszzDIbIiFGatOxW\/\/J8dd4AYAKy6IgAAAQEICgU1Eu0r+T5\/V0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288931000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":185,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1655052148615000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":185,"packets-processed":184,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1655052148615000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052148615000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052148615000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kfpAAD8GcEfAqAJkszzDMaiQFGZmurw1AAAAAKAC\/\/+h\/wAAAgQFtAQCCAo3+VSkAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1655052148658000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052148658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kftAAD8GcE7AqAJkszzDMaiQFGZmurw2KlSpWIAQAIA0yQAAAQEICjf5VPJAoYbY"} @@ -209,7 +209,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438654000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1655052438655000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655052438655000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kq9AAD8Gb6bAqAJkszzDIbPaFGZdYrgzyEw0oYAYAKzY6QAAAQEICgU+6PTmsVfEV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965409000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438807000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":212,"global_ts_usec":1655052853504000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":201,"packets-processed":200,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":212,"global_ts_usec":1655052853504000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052853504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8WWJAAD8GqN\/AqAJkszzDMajGFGY2dfJkAAAAAKAC\/\/87qwAAAgQFtAQCCAo3+7TWAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1655052853586000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853586000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWNAAD8GqObAqAJkszzDMajGFGY2dfJl9PmkqoAQAICs4QAAAQEICjf7tS9HlNt1"} @@ -217,7 +217,7 @@ 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655052853647000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWWWVAAD8Gp8LAqAJkszzDMajGFGY2dfJp9PmkqoAYAIC\/dgAAAQEICjf7tWxHlNveAAAECAsICVdBBQIAARQSkQIKIA3YWjJeBPhhoYOLdXhImll2N3KB40xe5nXzVGKqi8lQEjB05YuN1sXT57G3SBCHnJEdXNBkV371\/xsNWC+B2W2c9R3PBaYxYkKqi91RPjTM0AAaugEXP+3uWGvoVm871kn2wjtmhgKuIJkNizNK\/9coL6rphC9vh6dV2jEyqfOFbZgWf8o\/EQFKWMBHIh7wJxYJvwjapQxRD1filQ5M12e0QPKj6ordybKIELcsCt7hErPy6sAkIPGcz3XyhYz\/Lb7ROlM7yct5Zfi3MPdNu9Wu4\/cE+HnYCNJgp1xz6RWgg5HS126k8knfuWBZUdlK+HGAXOiiBP94NYsZKb1yA+Td5aUETEJNN76KzEDIwLE="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853647000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1655052853815000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853815000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWZAAD8GqOPAqAJkszzDMajGFGY2dfOL9Pmk44AQAICplQAAAQEICjf7thRHlNx9"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1655053633670000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":209,"packets-processed":208,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":220,"global_ts_usec":1655053633670000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633670000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655053633670000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8mVhAAD8GaOnAqAJkszzDMajeFGZP5tJgAAAAAKAC\/\/\/ryAAAAgQFtAQCCAo3\/AszAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1655053633701000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633701000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVlAAD8GaPDAqAJkszzDMajeFGZP5tJhk8uMoIAQAIDJOAAAAQEICjf8C1OqRoX7"} @@ -226,7 +226,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633738000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633738000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1655053633894000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633894000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVxAAD8GaO3AqAJkszzDMajeFGZP5tOHk8uM2YAQAIDGYQAAAQEICjf8DBOqRoaz"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045752178000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1655054457330000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":217,"packets-processed":216,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":229,"global_ts_usec":1655054457330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655054457330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VnBAAD8Gq+HAqAJkszzDIbWEFGa\/BmevAAAAAKAC\/\/\/mlQAAAgQFtAQCCAoFUzIKAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1655054457362000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655054457362000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VnFAAD8Gq+jAqAJkszzDIbWEFGa\/Bmewdx424oAQAKySKwAAAQEICgVTMiqQiUPS"} @@ -234,7 +234,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7VnNAAD8Gq9\/AqAJkszzDIbWEFGa\/Bme0dx424oAYAKyABgAAAQEICgVTMiyQiUPSAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457365000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VnRAAD8Gq+HAqAJkszzDIbWEFGa\/Bme7dx424oAYAKw1zgAAAQEICgVTMi2QiUPSV0EFAg=="} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1655056441533000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":225,"packets-processed":224,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":237,"global_ts_usec":1655056441533000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441533000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655056441533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8SQJAAD8GuU\/AqAJkszzDIbkAFGYVt3HxAAAAAKAC\/\/87QgAAAgQFtAQCCAoFcXjRAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1655056441563000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655056441563000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SQNAAD8GuVbAqAJkszzDIbkAFGYVt3Hym+tfO4AQAKzuQwAAAQEICgVxePCucNFZ"} @@ -242,7 +242,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7SQVAAD8GuU3AqAJkszzDIbkAFGYVt3H2m+tfO4AYAKzcHwAAAQEICgVxePGucNFZAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441565000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4SQZAAD8GuU\/AqAJkszzDIbkAFGYVt3H9m+tfO4AYAKyR5wAAAQEICgVxePKucNFZV0EFAg=="} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":233,"packets-processed":232,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":245,"global_ts_usec":1655059510580000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":233,"packets-processed":232,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":245,"global_ts_usec":1655059510580000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655059510580000,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510580000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655059510580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GcJAAD8G6I\/AqAJkszzDIZuUFGY95P\/EAAAAAKAC\/\/\/fxAAAAgQFtAQCCAoFoDuLAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1655059510610000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655059510610000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GcNAAD8G6JbAqAJkszzDIZuUFGY95P\/FCFqhLIAQAKyMSwAAAQEICgWgO6lMbYt5"} @@ -255,7 +255,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794206000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443593000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704962000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1655060495977000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":241,"packets-processed":240,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1655060495977000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060495977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655060495977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YJ5AAD8GobPAqAJkszzDIZysFGYCJGGJAAAAAKAC\/\/+p9wAAAgQFtAQCCAoFq0oxAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1655060496008000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655060496008000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YJ9AAD8GobrAqAJkszzDIZysFGYCJGGK2sw1x4AQAKwONAAAAQEICgWrSlDEovR\/"} @@ -266,7 +266,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148966000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853872000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438807000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":250,"packets-processed":249,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1655061657436000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":250,"packets-processed":249,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":269,"global_ts_usec":1655061657436000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061657436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655061657436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88nlAAD8GD8jAqAJkszzDMauyFGbsqzKiAAAAAKAC\/\/9iSAAAAgQFtAQCCAo4IpSyAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1655061657568000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061657568000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08npAAD8GD8\/AqAJkszzDMauyFGbsqzKjnK08DIAQAIBE+AAAAQEICjgilXAR0WBF"} @@ -282,7 +282,7 @@ 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655061873368000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKrKVAAD8GTrnAqAJkHw1dNr\/IFGZDXSW7fPQug4AYAIAPIwAAAQEICiQe2Mk8ThxmAAAECAsIDFdBBQIAAQgShQIKIOtKWvwh5\/ppyWV2\/78chw3eIBPlsh8jrfmHIruLZFUBEjC8WKWRQo+Toueq8YzobY4B8yj8PYgyc5mZhB9VKcjqzcB8IoQ1aRkf5QNWNURnuAcargE6xFUNq2D4uR+PXdAcvbjNXFB5HDx1ZVwyvCTiNXVhCL6BhskFeQ\/B2Nx6pN9cBoWD9XwKx9sQ\/HDlQBa7N83O5tyYcWmNAZ9ncVm1XLv2ZOlh1AA4iL2jTKOdgiv3hRlObMCcpNmk43fS1h8PPV9yFeoFc+Gfn40oM54oUWEVIUaJmiVnzB0xDdMDFSfDPeextxbIqFwAo0oeVBPt\/dZa4kxfLjr6sam3BkXtoCE="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061873368000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1655061873760000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061873760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rKZAAD8GT87AqAJkHw1dNr\/IFGZDXSbRfPQuvIAQAID0DgAAAQEICiQe2lA8Th4U"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":285,"global_ts_usec":1655062569330000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":266,"packets-processed":265,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":285,"global_ts_usec":1655062569330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655062569330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MZZAAD8G0KvAqAJkszzDMavKFGbYH58HAAAAAKAC\/\/9yPQAAAgQFtAQCCAo4IyzLAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1655062569374000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569374000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZdAAD8G0LLAqAJkszzDMavKFGbYH58IMQLbuIAQAIC6CgAAAQEICjgjLRYTN8Yz"} @@ -291,7 +291,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569427000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1655062569631000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569631000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZpAAD8G0K\/AqAJkszzDMavKFGbYH6AuMQLb8YAQAIC23AAAAQEICjgjLgwTN8cM"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457533000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569674000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":274,"packets-processed":273,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1655063661893000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":274,"packets-processed":273,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":294,"global_ts_usec":1655063661893000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661893000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655063661893000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86plAAD8GF7jAqAJkszzDIaAeFGY4VRBmAAAAAKAC\/\/\/+RwAAAgQFtAQCCAoF0w05AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1655063661925000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655063661925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06ppAAD8GF7\/AqAJkszzDIaAeFGY4VRBnHmH5pIAQAKyJNgAAAQEICgXTDVr1t5VE"} @@ -299,7 +299,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655063661927000,"pkt":"eJS0JASgYDjgxTWgCABFAAA76pxAAD8GF7bAqAJkszzDIaAeFGY4VRBrHmH5pIAYAKx3EgAAAQEICgXTDVv1t5VEAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661927000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1655063661932000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655063661932000,"pkt":"eJS0JASgYDjgxTWgCABFAAA46p1AAD8GF7jAqAJkszzDIaAeFGY4VRByHmH5pIAYAKws1wAAAQEICgXTDV\/1t5VEV0EFAg=="} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":302,"global_ts_usec":1655064434682000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":282,"packets-processed":281,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":302,"global_ts_usec":1655064434682000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655064434682000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z49AAD8GmrLAqAJkszzDMbDqFGZ3oUxiAAAAAKAC\/\/\/KHwAAAgQFtAQCCArGt\/RXAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1655064434714000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5BAAD8GmrnAqAJkszzDMbDqFGZ3oUxjZjrG2IAQAKzrtwAAAQEICsa39HeqpjSg"} @@ -308,7 +308,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434792000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434792000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1655064434967000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434967000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5NAAD8GmrbAqAJkszzDMbDqFGZ3oU1+ZjrHEYAQAKzoaQAAAQEICsa39XSqpjWd"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441715000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064435041000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":311,"global_ts_usec":1655065264797000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":290,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":311,"global_ts_usec":1655065264797000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065264797000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065264797000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ttVAAD8GS2zAqAJkszzDMclYFGbchY4CAAAAAKAC\/\/8wGwAAAgQFtAQCCApH\/04jAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1655065264828000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065264828000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ttZAAD8GS3PAqAJkszzDMclYFGbchY4DukzwuYAQAVeNLQAAAQEICkf\/TkbK+lov"} @@ -316,7 +316,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655065265128000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/tthAAD8GS2bAqAJkszzDMclYFGbchY4HukzwuYAYAVc4UgAAAQEICkf\/T3LK+ltbAAAECAkIAldBBQI="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065265128000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1655065265158000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655065265158000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6ttlAAD8GSmrAqAJkszzDMclYFGbchY4SukzwuYAYAVdbewAAAQEICkf\/T5DK+lt5AAEDEoACCiDyxnqELyO9DiOmj4gPsgZm81Sa79ftPFhljmr6qd1oQRIwPThdAFhj1B8I6QIvLX+j77uZklWR949rKuYWFBAMzbAuiseHDvS\/rZsok+lxvjUTGqkBsBREb\/7qCModtRpyj2H2YRH1M5ApgLzF7ttqBftUW3wdYyrLJuoEonja\/7H4LpxRuY+gcYnHQGtxrAaPdQEncGi6Fk6waqXV3d2Zg4ZB5+6FPI97xoGCuvCea81xyBWQqQijjE9PkudLXzutMO28tR6YGthlDu\/\/9D0TWhgA6hCecNjNt2dwbiW\/Kz1bV72uX\/ixxRHupAn2SMzdRJZRySzwM0s4RUGpjA=="} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":298,"packets-processed":297,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":319,"global_ts_usec":1655065885451000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":298,"packets-processed":297,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":319,"global_ts_usec":1655065885451000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885451000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065885451000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8arBAAD8Gl5HAqAJkszzDMbtMFGZqrJ7gAAAAAKAC\/\/9fsQAAAgQFtAQCCApxKmRoAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1655065885484000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0arFAAD8Gl5jAqAJkszzDMbtMFGZqrJ7h+p4p8oAQAIDu2wAAAQEICnEqZIk6KEA5"} @@ -331,7 +331,7 @@ 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFghRAAD8GfyTAqAJkszzDMcoMFGZjsgDNIofjooAYAVe7cwAAAQEICkgIdo+T2De6AAAECAkIAldBBQIAAQMSgAIKIGY3KWvn5J6GZpS11PnywxLfIHHXDvcK7V62IsunAMEDEjADq3ZZlzgjaZEqlCz6O08aSPjXHdQ0IuiHcCaxzQveaZZMxvOrsWM5F7XCzC96RfsaqQGd81nmQhfDXeVMMDOoaD0Mgro6ELu5D0o9ieeCZCxmbzoxR3\/0Ndq1VZ0SdnBJJzqydQm98nXNDwEK0L2+hugBWxHMNDGEHMZjb2pDknP978ZhmTmGaO1i6twTH1OWKZNtvyC6EvqH52quDrZGzGV4HfLpNGMi9QWTbCtOzGI9sDclk3GlCbjtQiwuR\/6h2b9ZEypfpXelvdwljtC7gAj9v8XNTwoIW\/R7"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ghVAAD8GgDTAqAJkszzDMcoMFGZjsgHeIofj24AQAVdmEgAAAQEICkgIdzST2Dhe"} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":334,"global_ts_usec":1655067574156000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":313,"packets-processed":312,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":334,"global_ts_usec":1655067574156000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655067574156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655067574156000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZktAAD8Gm\/bAqAJkszzDMbEWFGZP\/CSfAAAAAKAC\/\/80aAAAAgQFtAQCCArGuNlKAAAAAAEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1655067574187000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655067574187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZkxAAD8Gm\/3AqAJkszzDMbEWFGZP\/CSg\/FJ4JoAQAKwGCgAAAQEICsa42a+DX2Qy"} @@ -348,7 +348,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072120000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072120000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1655068072276000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068072276000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f0tAAD8Ggv7AqAJkszzDMcu4FGbUWpKBCrZXSYAQAVd6sgAAAQEICkgqJNyouQJ\/"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060496256000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":351,"global_ts_usec":1655068204945000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":329,"packets-processed":328,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":351,"global_ts_usec":1655068204945000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068204945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655068204945000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eR1AAD8GiTTAqAJkszzDIaLAFGY48OrHAAAAAKAC\/\/8oAgAAAgQFtAQCCAoF9wW8AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1655068204976000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068204976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eR5AAD8GiTvAqAJkszzDIaLAFGY48OrIWCi8FIAQAKyAowAAAQEICgX3Bdt\/K0Hp"} @@ -363,7 +363,7 @@ 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655068672682000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFf7ZAAD8GgYLAqAJkszzDMcxGFGbT7keADNw8XIAYAVehngAAAQEICkgzTjPXLOIKAAAECAkIAldBBQIAAQMSgAIKIDTcgksnXRnebbwmEuP9yUM\/1VSf4uQ1RouMKF0wgxIMEjDa551egy9lP6Mucm2Ek37zsxPaQNIuZdlwglvM7Ytx\/e\/0R7Hg0Cxszw\/udO9P+ywaqQFAJTfp0KeYzwP5Pp2S\/FItGxL0ldUZvokSzO91CpfFFmo1bQGwmlLrmfIQd0nrsAxpua75td5KHth\/zvTo8QNnFP2+4zM8kAPUilZu6WgbaJyBs002FLq+y9i+ZBrz8i1XeheToEo3s5FsZkg+ZXnMqQdYF3uhDmsLzyoSu1QZNNflxKN+d2Q9g5a8QiVKOvvBqrmJnIWY8dUBesFIclYgR9PjxVB8M+Dh"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068672682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1655068672825000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068672825000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f7dAAD8GgpLAqAJkszzDMcxGFGbT7kiRDNw8lYAQAVekkQAAAQEICkgzTsLXLOKZ"} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":345,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":366,"global_ts_usec":1655069476999000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":345,"packets-processed":344,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":366,"global_ts_usec":1655069476999000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069476999000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655069476999000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8v0dAAD8GQwrAqAJkszzDIaL6FGZl3G3iAAAAAKAC\/\/\/JXwAAAgQFtAQCCAoF+bQbAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1655069477033000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477033000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0hAAD8GQxHAqAJkszzDIaL6FGZl3G3jvQquJIAQAKzBYgAAAQEICgX5tE0ysJf9"} @@ -373,7 +373,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1655069477208000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0tAAD8GQw7AqAJkszzDIaL6FGZl3HLcvQquXYAQAKy60QAAAQEICgX5tP4ysJir"} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873914000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657966000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":376,"global_ts_usec":1655071168997000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":353,"packets-processed":352,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":376,"global_ts_usec":1655071168997000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655071168997000,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071168997000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655071168997000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/oFAAD8GA8DAqAJkszzDMbxqFGaCVc7FAAAAAKAC\/\/8bsQAAAgQFtAQCCApxNV+xAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1655071169028000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071169028000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/oJAAD8GA8fAqAJkszzDMbxqFGaCVc7GXkxmWYAQAIBN7gAAAQEICnE1X+Ud8hk1"} @@ -397,7 +397,7 @@ 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655071204870000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFpTFAAD8GbTbAqAJkHw1GMti0FGbC7URUktIbLIAYAVehCAAAAQEICpXhmHfVew4yAAAECAkIAldBBQIAAQMSgAIKIMbXMYxfoYkD5uM34AbTFmSF9c2ZsAJyUzuaseKfJmIFEjAXEG2A5EfAZg6UlPBuMtMJJKAJT8gydNa5jpvKH90uzjr5LMC\/040NXR\/W3njCrMsaqQFSGe3aY2dBEaAQ3stGpVcWbKKtk4lzLmY8GArNOt\/RBEztMz\/hQ3kJcymnjCbJHmMnazpuUL7GvLdfvpsygQKvMSNl0py\/U+76puYv1+op3fPZuCmPiO+ruxnr4GlVsYBr2TgzB7BDaidsEhkz2D0D6dVePn1xxMVdny6QIrYH1yF\/ZIWkgNBfOJda5dxU1rZB\/veq5rmWOQmOyg95qD1XFbzv0fbSPCRt"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655071204543000,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071204870000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1655071205707000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071205707000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0pTJAAD8GbkbAqAJkHw1GMti0FGbC7UVlktIbZYAQAVeSqQAAAQEICpXhm7zVew+y"} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":400,"global_ts_usec":1655073402411000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":374,"packets-processed":373,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":400,"global_ts_usec":1655073402411000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402411000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655073402411000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dBJAAD8Gji\/AqAJkszzDMb2aFGahzCxlAAAAAKAC\/\/+a8AAAAgQFtAQCCApxUGIQAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1655073402445000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655073402445000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dBNAAD8GjjbAqAJkszzDMb2aFGahzCxmjLLTN4AQAICpvAAAAQEICnFQYjPQSe8a"} @@ -409,7 +409,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265368000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1655074111508000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":382,"packets-processed":381,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":412,"global_ts_usec":1655074111508000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074111508000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655074111508000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DYdAAD8G9LrAqAJkszzDMbMaFGYrB92KAAAAAKAC\/\/+Y9QAAAgQFtAQCCAo4NG1HAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1655074111556000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074111556000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DYhAAD8G9MHAqAJkszzDMbMaFGYrB92LuiGK2IAQAIABZwAAAQEICjg0bW5hoB8L"} @@ -431,7 +431,7 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655074681541000,"pkt":"eJS0JASgYDjgxTWgCABFAAFF1rlAAD8GKn\/AqAJkszzDMeNWFGYDhPIY+mPdyoAYAVc8EAAAAQEICkiO\/lDslGphAAAECAkIAldBBQIAAQMSgAIKIONURYOzj5yFvitPyR1HlvZLz09wP1MKDXCGkntEHmUvEjCKWDm8Di8PELTWn1odPuYtpyyU06Gop72zRsjsSLbPffjhK\/lnsN1jYnZu6Oxd\/ysaqQH2fWZCzpkathuNxNe2o891SYzt+fHmwNCOOayFx52MuNgH\/6lBAtCikLFZnJ+Q7b2fxit4hePoiVFtWTOWcwOPkLzeesGAWy5rmf9nmAlD1SUcWLqPTfL7n3Dlp34MQEWG3E1vWJy3jDC63Wq1LUdyerPkcja3pXFI72YGGR1xdH\/biDZZ3k3eGIz8i6CDkPQiKXU9alyM0\/qxxUtX\/hQqzil2ObNwVoEU"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074681541000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1655074681699000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074681699000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01rpAAD8GK4\/AqAJkszzDMeNWFGYDhPMp+mPeA4AQAVfWCAAAAQEICkiO\/u3slGr\/"} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":434,"global_ts_usec":1655075014427000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":406,"packets-processed":405,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":434,"global_ts_usec":1655075014427000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075014427000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84Y1AAD8GIMTAqAJkszzDIacsFGb7al66AAAAAKAC\/\/87hQAAAgQFtAQCCAoGKrcsAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1655075014457000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075014457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04Y5AAD8GIMvAqAJkszzDIacsFGb7al674\/2+D4AQAKzv2QAAAQEICgYqt1ks76qT"} @@ -440,7 +440,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014459000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1655075014461000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075014461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA44ZFAAD8GIMTAqAJkszzDIacsFGb7al7G4\/2+D4AYAKyTegAAAQEICgYqt14s76qTV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574418000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":443,"global_ts_usec":1655075686356000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":414,"packets-processed":413,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":443,"global_ts_usec":1655075686356000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075686356000,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686356000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075686356000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QvtAAD8Gv1bAqAJkszzDIaiQFGbxmYdKAAAAAKAC\/\/\/ajwAAAgQFtAQCCAoGNPf0AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1655075686389000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075686389000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QvxAAD8Gv13AqAJkszzDIaiQFGbxmYdLWdXXDoAQAKw7swAAAQEICgY0+BVuVC2V"} @@ -450,7 +450,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1655075686392000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075686392000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Qv9AAD8Gv1bAqAJkszzDIaiQFGbxmYdWWdXXDoAYAKzfVAAAAQEICgY0+BluVC2VV0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068205140000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072357000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":453,"global_ts_usec":1655078415178000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":422,"packets-processed":421,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":453,"global_ts_usec":1655078415178000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655078415178000,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078415178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655078415178000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CblAAD8G+IjAqAJkszzDMbaMFGYZMLRzAAAAAKAC\/\/8IFAAAAgQFtAQCCArHDabLAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1655078415208000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078415208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbpAAD8G+I\/AqAJkszzDMbaMFGYZMLR0Md5NzYAQAKysVQAAAQEICscNpurDrEZZ"} @@ -474,7 +474,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078418150000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078418150000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06u5AAD8GF1vAqAJkszzDMbYGFGbAe09aKCJ2ZYAQAIBysQAAAQEICjg3\/F+LqpEF"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069477452000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672866000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1655079015860000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":442,"packets-processed":441,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":477,"global_ts_usec":1655079015860000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655079015860000,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079015860000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655079015860000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+71AAD8GBoTAqAJkszzDMbawFGbU0lPTAAAAAKAC\/\/+CegAAAgQFtAQCCArHFtE1AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1655079015890000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655079015890000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+75AAD8GBovAqAJkszzDMbawFGbU0lPU4I1M54AQAKyMuwAAAQEICscW0VNPFaco"} @@ -492,7 +492,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655079242760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA71X5AAD8GLNTAqAJkszzDIbBKFGYSKeei9mtN3YAYAKy21AAAAQEICgZrPCN7C7NTAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655079242727000,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079242760000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1655079242764000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655079242764000,"pkt":"eJS0JASgYDjgxTWgCABFAAA41X9AAD8GLNbAqAJkszzDIbBKFGYSKeep9mtN3YAYAKxsmQAAAQEICgZrPCd7C7NTV0EFAg=="} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":458,"packets-processed":457,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1655085444940000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":458,"packets-processed":457,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":495,"global_ts_usec":1655085444940000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085444940000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655085444940000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OS9AAD8GyRLAqAJkszzDMeuoFGZwsQ0oAAAAAKAC\/\/8MiAAAAgQFtAQCCApJMzrhAAAAAAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1655085444971000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655085444971000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OTBAAD8GyRnAqAJkszzDMeuoFGZwsQ0pZQWH8YAQAVeTjwAAAQEICkkzOwA0eITQ"} @@ -506,7 +506,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111844000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402833000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681757000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":509,"global_ts_usec":1655089030478000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":466,"packets-processed":465,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":509,"global_ts_usec":1655089030478000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655089030478000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8PU5AAD8GxPPAqAJkszzDMYAeFGbXqdzGAAAAAKAC\/\/+LPgAAAgQFtAQCCApJafDnAAAAAAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1655089030510000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655089030510000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0PU9AAD8GxPrAqAJkszzDMYAeFGbXqdzHU7KHPoAQAVeFmQAAAQEICklp8QcyIyXX"} @@ -519,7 +519,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655078415178000,"flow_src_last_pkt_time":1655078415507000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655079015860000,"flow_src_last_pkt_time":1655079016137000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655078417966000,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078417966000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":522,"global_ts_usec":1655090233457000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":474,"packets-processed":473,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":522,"global_ts_usec":1655090233457000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233457000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655090233457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YMVAAD8GoXzAqAJkszzDMbfuFGYjjxw1AAAAAKAC\/\/8ccQAAAgQFtAQCCArHvx46AAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1655090233489000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233489000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMZAAD8GoYPAqAJkszzDMbfuFGYjjxw2tsj\/nIAQAKzs8QAAAQEICse\/HlqH9x8U"} @@ -527,7 +527,7 @@ 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655090233603000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLYMhAAD8GoGrAqAJkszzDMbfuFGYjjxw6tsj\/nIAYAKz7xQAAAQEICse\/Hs2H9x+GAAAECAsICFdBBQIAAQkShgIKICL7PW3574TmjsxPc4PYUXbgLIRzLkSpjJUfuyP8EXoDEjA0da9FQiqfAjoDY1tgcac3k4SJDhZNONhNsG1AZJ\/17mrPMmmgD6MKyeBp3wpknAIarwGwqVXGYklD4UfBqBVJD9VnQBIilSLyYkgW3toqqTTHVSDoC6so2E3kEfo0wq++wjBSsFcLfr2IxsnMq4cQxzqBe++jQFco3BYlyDRDLgZUbb3v6DLKAs1w6wmVY6RASK1s5i8C5yY++EYNwiRIiZ3NII1bO2RyKk+UsW+nC04+8RSYt2Tz4DlvaaiYNIvCFVL8G7tCaAQcQ3YI55VUM58sZvBsx4nTgWfg94upnXSA"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1655090233759000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233759000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMlAAD8GoYDAqAJkszzDMbfuFGYjjx1Rtsj\/1YAQAKzpgAAAAQEICse\/H2mH9yAi"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":482,"packets-processed":481,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":530,"global_ts_usec":1655091294583000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":482,"packets-processed":481,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":530,"global_ts_usec":1655091294583000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294583000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655091294583000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/r9AAD8GA4LAqAJkszzDMcAeFGacobJEAAAAAKAC\/\/\/yvwAAAgQFtAQCCApxiYbPAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1655091294836000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091294836000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sBAAD8GA4nAqAJkszzDMcAeFGacobJFhNtvm4AQAIBe2QAAAQEICnGJh9AM9r+2"} @@ -535,7 +535,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655091294939000,"pkt":"eJS0JASgYDjgxTWgCABFAAFK\/sJAAD8GAnHAqAJkszzDMcAeFGacobJJhNtvm4AYAIDmTwAAAQEICnGJiDYM9sCzAAAECAsIDFdBBQIAAQgShQIKIA4Pg8SPfXudDGrgRbkYSf\/nv1vxylfpNaOYoMHWS2kZEjDPRReg0qr7n7oGXz7TcUJSphq9mywRyfMmZmWOBNOCY3vXOosliHPK2OoOP1MV0WQargFIBGi0484zpCr8IUSfMcE7LQgkmNYpS1HBR2jdlWgnSdJAxUWfuDQ9UoK+rLfd7DCXAOKIs7E4dlxpvP3Yty0Mf\/tNV6cW1LRpBjZL0gpc6cRIhq8uF2fmp\/3AuGRGjfheB9M3vEdgAqxiyaevcQzvCXQCbY9Xm9Q7CjXiF8fXBRLkbx4OZpsRSIyEI14JpKzhHJegbZVz8XMCb9ubAsE7B9+xWOY56isNa4CLSt0="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294939000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1655091295131000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091295131000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sNAAD8GA4bAqAJkszzDMcAeFGacobNfhNtwDYAQAIBaGAAAAQEICnGJiQoM9sGx"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":538,"global_ts_usec":1655096063383000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":489,"packets-processed":488,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":538,"global_ts_usec":1655096063383000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655096063383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80GdAAD8GMdrAqAJkszzDMcBQFGYzpQPcAAAAAKAC\/\/+30QAAAgQFtAQCCApxjNjtAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1655096063418000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063418000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GhAAD8GMeHAqAJkszzDMcBQFGYzpQPdMmkwzoAQAIAjpQAAAQEICnGM2RDAwp5N"} @@ -544,7 +544,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063459000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063826000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GtAAD8GMd7AqAJkszzDMcBQFGYzpQT3MmkxB4AQAIAf4AAAAQEICnGM2qjAwp8n"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085445318000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063826000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1655097851208000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":497,"packets-processed":496,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":547,"global_ts_usec":1655097851208000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851208000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655097851208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hVJAAD8GfO\/AqAJkszzDMbj2FGbdMghiAAAAAKAC\/\/9ZggAAAgQFtAQCCAo4P8nQAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1655097851243000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVNAAD8GfPbAqAJkszzDMbj2FGbdMghj2gcbf4AQAIDKFgAAAQEICjg\/yfKnyyA1"} @@ -554,7 +554,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1655097851776000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVZAAD8GfPPAqAJkszzDMbj2FGbdMgmJ2gcbuIAQAIDFJwAAAQEICjg\/zAinyyGv"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233805000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030857000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1655099328045000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":505,"packets-processed":504,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":557,"global_ts_usec":1655099328045000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328045000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655099328045000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8L\/pAAD8G0kfAqAJkszzDMcBWFGYVxjf+AAAAAKAC\/\/\/UVQAAAgQFtAQCCApxjaYfAAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1655099328158000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328158000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/tAAD8G0k7AqAJkszzDMcBWFGYVxjf\/2SNcwIAQAIBe7wAAAQEICnGNpo+IgeTO"} @@ -563,7 +563,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328197000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328197000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":5,"flow_src_last_pkt_time":1655099328567000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/5AAD8G0kvAqAJkszzDMcBWFGYVxjkZ2SNc+YAQAIBa0gAAAQEICnGNqCqIgeX9"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091295192000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":322,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328610000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":566,"global_ts_usec":1655100445438000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":513,"packets-processed":512,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":566,"global_ts_usec":1655100445438000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445438000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655100445438000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dbNAAD8GjI7AqAJkszzDMcBiFGbUEWBGAAAAAKAC\/\/9\/mgAAAgQFtAQCCApxjhQ6AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1655100445526000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445526000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbRAAD8GjJXAqAJkszzDMcBiFGbUEWBH1mTBCIAQAIABwwAAAQEICnGOFJasjGe\/"} @@ -571,7 +571,7 @@ 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655100445594000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKdbZAAD8Gi33AqAJkszzDMcBiFGbUEWBL1mTBCIAYAIBMJAAAAQEICnGOFNmsjGg5AAAECAsIDFdBBQIAAQgShQIKIHj+X\/9Fl\/4t1nk3tiDKlT2kCmgsMRIwrZqTx6jmPT0wEjAbPfaNCrf9+apgcMO2IjeLYErAu\/\/B7qzkdN2M0urQtQq0nmg6ZWW8ONDvTa1W1bMargFs2lWSZuN3XOx4hK\/+JMknJ2b6UgVpwGRlgoGot2ojnzKHp4LvYYPcs4PZgwJlxhuVjwSQwxt3iTkBD9JnQY\/M0ilvugt0xw03w1z4Nvbd31IUUKOp8DEX6CtyXzHRASFRFA432Munimlz+4XjTslMU2Q9ILfOt6D\/pcSRIR4pgWhoyM7Z1C26lg3TOGQfeuCXYRmGERlEAdurxaMet+fwCPKGh6ZkxYGCHtLcVkA="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445594000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1655100445964000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbdAAD8GjJLAqAJkszzDMcBiFGbUEWFh1mTBQYAQAID9iwAAAQEICnGOFkqsjGjv"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1655101503188000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":521,"packets-processed":520,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":574,"global_ts_usec":1655101503188000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655101503188000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uEdAAD8GSfrAqAJkszzDMbjAFGZ59kNkAAAAAKAC\/\/+x6gAAAgQFtAQCCArH7AorAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1655101503221000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503221000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEhAAD8GSgHAqAJkszzDMbjAFGZ59kNlF+8VdoAQAKz2ngAAAQEICsfsCkuDiThP"} @@ -579,7 +579,7 @@ 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655101503267000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLuEpAAD8GSOjAqAJkszzDMbjAFGZ59kNpF+8VdoAYAKxbNQAAAQEICsfsCnmDiTh8AAAECAsICFdBBQIAAQkShgIKIAZUmmLyHPfKQnosmA\/ZcvDvtXLg5S93ZMd+AgnOfFhzEjC20yIdEGkkBO6fPumrM10uER2PxE\/aLgIDquC87Lo\/vd\/Ly30Pa4DV2T+sKc37c64arwF\/a\/pIAVsGbEtZMyNoRQ++yeOpqeyHKF7CDAXlxe4CgrVxOuIUu7w4afuQCnv8BdE\/4MwTakO9saxnL9D93QKRObRQuca3Pma3Nz6bE4LY9nL0IgPDFWsUg+ZoBKQEPYz3g9rPhkchNH38VUtSBcZ05C2RJnlzczoSyCQaiV76W1aC2\/vQ87D4Ir2wOBQ7pwJNFzn9+GHYSnHJugHvlZFLss3jeHakn0n3aw9hXuXN"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503267000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1655101503428000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEtAAD8GSf7AqAJkszzDMbjAFGZ59kSAF+8V6IAQAKzzcAAAAQEICsfsCxuDiTkg"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":529,"packets-processed":528,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1655104186658000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":529,"packets-processed":528,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":582,"global_ts_usec":1655104186658000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655104186658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8z9lAAD8GMmjAqAJkszzDMbscFGbxjY\/TAAAAAKAC\/\/\/9wgAAAgQFtAQCCAo4WoeCAAAAAAEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1655104186714000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104186714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z9pAAD8GMm\/AqAJkszzDMbscFGbxjY\/UkjD8dIAQAIBW5gAAAQEICjhah\/LAS4W5"} @@ -588,7 +588,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186938000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186938000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1655104187147000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104187147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z91AAD8GMmzAqAJkszzDMbscFGbxjZD6kjD8rYAQAIBSSAAAAQEICjhaiabAS4dE"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104187274000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":591,"global_ts_usec":1655105188559000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":537,"packets-processed":536,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":591,"global_ts_usec":1655105188559000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105188559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105188559000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8S7JAAD8Gto\/AqAJkszzDMbnmFGYb9oTUAAAAAKAC\/\/+DSwAAAgQFtAQCCArH\/lQiAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1655105188592000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105188592000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0S7NAAD8GtpbAqAJkszzDMbnmFGYb9oTVXDwEToAQAKxqDAAAAQEICsf+VEPB4STE"} @@ -604,7 +604,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756007000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756007000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1655105756193000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105756193000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kA1AAD8GcjzAqAJkszzDMcEUFGaXC5ee7mWk64AQAIBipAAAAQEICjhyeqEzIlxy"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851805000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756270000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":553,"packets-processed":552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":607,"global_ts_usec":1655105790019000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":553,"packets-processed":552,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":607,"global_ts_usec":1655105790019000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790019000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105790019000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DWBAAD8G9OHAqAJkszzDMboSFGb46AYSAAAAAKAC\/\/\/MkwAAAgQFtAQCCArIAKx7AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1655105790049000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790049000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWFAAD8G9OjAqAJkszzDMboSFGb46AYTXUqYTIAQAKwfkAAAAQEICsgArJpsf3jg"} @@ -612,7 +612,7 @@ 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655105790086000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLDWNAAD8G88\/AqAJkszzDMboSFGb46AYXXUqYTIAYAKwCvAAAAQEICsgArL9sf3kEAAAECAsICFdBBQIAAQkShgIKIKhBdjc2VPy8DR5rvHtno\/OCv0FzCxecldwoE0c0L4JHEjAk9D\/ZsxpIppNjRmSJJg3UjEzOPx84Wd7QQQQPBFbbHeahXxiBBwcGREcwaPBMXpIarwHexXT4AoY347kTk+5GKG\/TMtP1A3stxDLHBOYWDncAtU3x4qMUkZrLR7K+dUgdVZlOsTgRWO2CUaAluzf0j2Fzb7R+5hlR39l1\/ZaRg7f8jzTNBB7KEyhhlyVGvUUb9D2IbA+kci9HDk1Awcp6+eNy41CccaN6zt8m2Upix9rgC1aKZXJtjWqo6o8qfwZgqjycUVKJgFBByrw2KpKm9Ui19xk9NXKRclBEEjkbd5Nb"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1655105790243000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWRAAD8G9OXAqAJkszzDMboSFGb46AcuXUqYhYAQAKwcvAAAAQEICsgArVtsf3mf"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1655108001441000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":561,"packets-processed":560,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":615,"global_ts_usec":1655108001441000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108001441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108001441000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CbZAAD8G+IvAqAJkszzDMcHKFGbmPQGiAAAAAKAC\/\/9GsQAAAgQFtAQCCApxlpgrAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1655108001604000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108001604000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbdAAD8G+JLAqAJkszzDMcHKFGbmPQGj6JAdY4AQAICr2gAAAQEICnGWmOHkUd4Y"} @@ -636,7 +636,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655108453728000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLGEFAAD8G6PHAqAJkszzDMbp6FGaSP+CHCev7oYAYAKw4MQAAAQEICsgJ8ShJX8CRAAAECAsICFdBBQIAAQkShgIKIL4GNcYClGlnFtJLkAUkKwU0YIGOT1ari6I5ZZVmYZwEEjBM3cfaRk3NmpoqvEvIf\/plMcusmIxjZe+WNB5b3H9ZpAhyJr2ElSPTLvDTfBGDNXoarwFChKWOq45ClrR\/bKwxPt5WVALJ3p7gHJ3PeE5+4BSmqLvkqcXJSeBPukO\/3KeOa2xctKFPg8UQqu5430KrKc2rc8yz2wDaJbuHmUsqifuZOrOa9d7do8CB3NpqbcaBbwJO6IF+is8R53KmqzFzfirW+0az\/B2tEXxK9xumCMYP0Ea1nVt3bNSdFMCLUA3jls00aVfrTWWQ76aWPps6NeLEiNQre2sG18sdjW5i+Svf"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108453728000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1655108453883000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108453883000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GEJAAD8G6gfAqAJkszzDMbp6FGaSP+GeCev72oAQAKwvuQAAAQEICsgJ8cJJX8Es"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":639,"global_ts_usec":1655108977493000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":585,"packets-processed":584,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":639,"global_ts_usec":1655108977493000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977493000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108977493000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8FDpAAD8G7gfAqAJkszzDMZIcFGYxkZdqAAAAAKAC\/\/+qXQAAAgQFtAQCCAo4hrwhAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1655108977535000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108977535000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FDtAAD8G7g7AqAJkszzDMZIcFGYxkZdrFO3l4YAQAIAhNgAAAQEICjiGvEzZk+LX"} @@ -645,7 +645,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977793000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977793000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1655108978003000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108978003000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FD5AAD8G7gvAqAJkszzDMZIcFGYxkZiRFO3mGoAQAIAcXwAAAQEICjiGvh\/Zk+R8"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503710000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108978075000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":593,"packets-processed":592,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":648,"global_ts_usec":1655109656108000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":593,"packets-processed":592,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":648,"global_ts_usec":1655109656108000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656108000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655109656108000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kRFAAD8GcTDAqAJkszzDMbqgFGZw+MTeAAAAAKAC\/\/+uLgAAAgQFtAQCCArIDZNpAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1655109656138000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656138000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRJAAD8GcTfAqAJkszzDMbqgFGZw+MTfqcWd3IAQAKwWxQAAAQEICsgNk4cgPV1+"} @@ -653,7 +653,7 @@ 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655109656174000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLkRRAAD8GcB7AqAJkszzDMbqgFGZw+MTjqcWd3IAYAKyltAAAAQEICsgNk6wgPV2jAAAECAsICFdBBQIAAQkShgIKIEJnBc1C4LBUWYfVbR0MBs9Vedh2qDkdgnthFMah69sKEjBbeqUlhFEGlyZlGLbvtxNl\/jG22mlNm7QBJQkWKNjzIn\/01On7w2ne\/8HGawLaqpkarwEicy2ftvBeqkkjE79mspVBiH7RCSjPWzB6FmmUK5adnY4tSCupr4L8zEulLShlb42L2ygwAJWPT\/rKs0UFx7KndVJpDEadUP6eTjbAebv+s3CAz8N0PgdAKd4fdxZKDAmXjLytK+7C\/GlCD7+MjsRV\/YR1nCCWemBWD39Ghixh3pdU1PeBRsTMgwSjnxYX6cAr\/SyebNkgj3aPLvg9zeigfUqchhJ5kTR0D9TdtI\/M"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656174000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1655109656661000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656661000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRVAAD8GcTTAqAJkszzDMbqgFGZw+MX6qcWeFYAQAKwTEAAAAQEICsgNlMggPV6e"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":656,"global_ts_usec":1655110961423000} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":601,"packets-processed":600,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":656,"global_ts_usec":1655110961423000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655110961423000,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655110961423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655110961423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8fpBAAD8Gg7HAqAJkszzDMZOGFGbaRgeTAAAAAKAC\/\/9KQgAAAgQFtAQCCAo4pQHWAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1655110961452000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655110961452000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0fpFAAD8Gg7jAqAJkszzDMZOGFGbaRgeUJF2xy4AQAIA9NgAAAQEICjilAfPDMqHR"} @@ -668,7 +668,7 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655111269298000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFEa5AAD8G74rAqAJkszzDMZMqFGZD+lK+LP1J\/oAYAVfosgAAAQEICkpzeEH1Cal8AAAECAkIAldBBQIAAQMSgAIKIP05yfQLJ1k4YN75b0bGs4Ylgfmfi\/IFvLiPro6jlGQtEjCmbiVahf1VncWlfaTW+\/WbaSRS6QjS2Nsx9o5oyyNwCpGWS5inFdgz\/63J5F44t2MaqQE4ehodUlmNxZZkAWB\/iaJy2eF3safRoUpltQuob\/02ypH9\/ICdJd2p2TWDHcxzcX66mvMqGSN7Wb7mMYyTgz4r47n2GtS2axys7Ye7ZeiVO3xW7+KyiB\/rYsIxQGuPcE4aCqDM4RDuTwrDeCdFnZSRZRWwcY+eNMdvHg+NXYk3ucRHAxE2dnxF6LET0mzlPVCJrUd+kcZ1qwDG6+QiSEpHfASwoatuph7m"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111268965000,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111269298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1655111269446000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111269446000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Ea9AAD8G8JrAqAJkszzDMZMqFGZD+lPPLP1KN4AQAVci+gAAAQEICkpzeNX1CaoQ"} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":617,"packets-processed":616,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":671,"global_ts_usec":1655111789393000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":617,"packets-processed":616,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":671,"global_ts_usec":1655111789393000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655111789393000,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111789393000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655111789393000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zPVAAD8GNUzAqAJkszzDMbrCFGZ1lRVTAAAAAKAC\/\/8y6QAAAgQFtAQCCArIErl2AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1655111789426000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111789426000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0zPZAAD8GNVPAqAJkszzDMbrCFGZ1lRVUyQX5N4AQAKyN9wAAAQEICsgSuZfNwELk"} @@ -698,7 +698,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7nT5AAD8GZRTAqAJkszzDIbXwFGY7fhdvAsizuoAYAKwsNgAAAQEICgaMpcv4l4WbAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111980926000,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111980926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nT9AAD8GZRbAqAJkszzDIbXwFGY7fhd2AsizuoAYAKzh\/QAAAQEICgaMpcz4l4WbV0EFAg=="} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":648,"packets-processed":647,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":701,"global_ts_usec":1655113084330000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":648,"packets-processed":647,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":701,"global_ts_usec":1655113084330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655113084330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA81OlAAD8GLVjAqAJkszzDMZVaFGZIDGKXAAAAAKAC\/\/9f+wAAAgQFtAQCCAo4tSFvAAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1655113084383000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655113084383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01OpAAD8GLV\/AqAJkszzDMZVaFGZIDGKYqtuzMYAQAID\/YQAAAQEICji1IaRj8syi"} @@ -707,7 +707,7 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084612000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084612000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1655113084695000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655113084695000,"pkt":"eJS0JASgYDjgxTWgCABFAAFL1O1AAD8GLEXAqAJkszzDMZVaFGZIDGKnqtuzMYAYAICmWQAAAQEICji1Ittj8s28AAEUEpECCiDQISpTuXT+fM1sVkgw9WSLhrRW\/MBiu5786BpIyh5jNBIwxj9Q9UJOznhSMHnK6hbgij+Wn2mU2B0vnbqpx84LX7F2R0vRlMyngyZbJGEpS6eJGroBDO+WJEaCNNBpJpkKqD5ipZMWusBkF0O4ja17SAtzM8tcqpQHA1Ryn4IXnff6jdyTgrVnQ9p0q0zO8Z2L7OrR\/VxGLNyah9h+Dts\/xWbiwFwGdkGxB86jTRrNuzzS5ZqpLR8z+aMqtTHgeMMHJ8NjzeY1grhJv2Jkud6\/sCK3wgpP8qkvIm\/N9uMKCMUrETtZtKz7NH9R2gQC5GKMOSMAzJLwfMCDS3Dqwe3W3A2iV7eapzM+FP+FTQbd"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188835000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":710,"global_ts_usec":1655114622076000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":656,"packets-processed":655,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":710,"global_ts_usec":1655114622076000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655114622076000,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655114622076000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8E3JAAD8G7t\/AqAJkszzDIbi0FGYRoZALAAAAAKAC\/\/83+QAAAgQFtAQCCAoGqmEpAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1655114622106000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655114622106000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0E3NAAD8G7ubAqAJkszzDIbi0FGYRoZAMgQqHroAQAKz9CwAAAQEICgaqYVZ8b+Op"} @@ -717,7 +717,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1655114622115000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655114622115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4E3ZAAD8G7t\/AqAJkszzDIbi0FGYRoZAXgQqHroAYAKygqAAAAQEICgaqYV98b+OpV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790289000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756270000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":664,"packets-processed":663,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":720,"global_ts_usec":1655116217773000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":664,"packets-processed":663,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":720,"global_ts_usec":1655116217773000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116217773000,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116217773000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116217773000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8AehAAD8GAFrAqAJkszzDMZmmFGbbOiylAAAAAKAC\/\/9QjQAAAgQFtAQCCApyEZX4AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1655116217805000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116217805000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AelAAD8GAGHAqAJkszzDMZmmFGbbOiymFXtouYAQAIBHtQAAAQEICnIRlijWRuJq"} @@ -728,7 +728,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108385462000,"flow_src_last_pkt_time":1655108385787000,"flow_dst_last_pkt_time":1655108385462000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453928000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001999000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":518,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":672,"packets-processed":671,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":731,"global_ts_usec":1655116940904000} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":672,"packets-processed":671,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":731,"global_ts_usec":1655116940904000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116940904000,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116940904000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116940904000,"pkt":"eJS0JASgYDjgxTWgCABFAAA890NAAD8GCv7AqAJkszzDMZxGFGZlwIwQAAAAAKAC\/\/9j2AAAAgQFtAQCCApyHJYRAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_src_last_pkt_time":1655116940935000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116940935000,"pkt":"eJS0JASgYDjgxTWgCABFAAA090RAAD8GCwXAqAJkszzDMZxGFGZlwIwR5J7sZYAQAIAZ6gAAAQEICnIclkN2QDC1"} @@ -748,7 +748,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655114622076000,"flow_src_last_pkt_time":1655114622275000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656661000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655111789393000,"flow_src_last_pkt_time":1655111789765000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":679,"packets-processed":679,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":751,"global_ts_usec":1655116941291000} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":679,"packets-processed":679,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":751,"global_ts_usec":1655116941291000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 679/679 ~~ skipped flows.............: 0 @@ -757,9 +757,9 @@ ~~ total active/idle flows...: 86/86 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7307796 bytes -~~ total memory freed........: 7307796 bytes -~~ total allocations/frees...: 115923/115923 +~~ total memory allocated....: 7885392 bytes +~~ total memory freed........: 7885392 bytes +~~ total allocations/frees...: 127654/127654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2263 chars diff --git a/test/results/default/whatsapp_login_call.pcap.out b/test/results/default/whatsapp_login_call.pcap.out index d50a42739..5c791c572 100644 --- a/test/results/default/whatsapp_login_call.pcap.out +++ b/test/results/default/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582222253233} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582222253233} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582222253233,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582222253233,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432582222267722,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1432582222267722,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} @@ -68,12 +68,12 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1432582227604482,"flow_dst_last_pkt_time":1432582227886313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582227886313,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0rZoAAO4G4r4RsmgMwKgCBAG7wDE71dh745uf14ASH\/64\/gAAAgQFoAEDAwQBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1432582227887645,"flow_dst_last_pkt_time":1432582227886313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582227887645,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo79dAAEAGDo7AqAIEEbJoDMAxAbvjm5\/XO9XYfFAQQADZtwAA"} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1432582227896350,"flow_dst_last_pkt_time":1432582227886313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_usec":1432582227896350,"pkt":"xiwDYGpkAPS5Jrv0CABFAADm\/b5AAEAG\/+jAqAIEEbJoDMAxAbvjm5\/XO9XYfFAYQAAWUgAAFgMBALkBAAC1AwNVY3hTkWg+eTHwOUaw54SWwWf9D1HPpzrAyt\/Q2NH3agAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQgAAABgAFgAAE3F1ZXJ5LmVzcy5hcHBsZS5jb20ACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582227896350,"flow_dst_last_pkt_time":1432582227886313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582227896350,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com","domainame":"query.ess.apple.com","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582227896350,"flow_dst_last_pkt_time":1432582227886313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582227896350,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com","domainame":"query.ess.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1432582227885449,"flow_dst_last_pkt_time":1432582228041916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582228041916,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0MLsAADQGJ4q4rbMlwKgCBBRmwDLYm8Xdgj7imoAQAgJ0EAAAAQEICg\/xi44t+jDG"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1432582227884677,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582228152588,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UDkAAO4GQB4RsmgOwKgCBAG7wDON4auhp3wzpIASH\/48GwAAAgQFoAEDAwQBAQQC"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1432582228167635,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582228167635,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoC8AAAEAGMqTAqAIEEbJoDsAzAbunfDOkAAAAAFAEAADWZAAA"} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1432582227896350,"flow_dst_last_pkt_time":1432582228180686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1432582228180686,"pkt":"APS5Jrv0xiwDYGpkCABFAAXIrZwAAO4G3SgRsmgMwKgCBAG7wDE71dh845uglVAYCgbCZAAAFgMDDU4CAABNAwNVY3hUdBSmIsuRSfKUkSKfJawGUTPdCW2wlAc+B2NhsCAEgWdpsy6+A4+ZhL8Tkx4bi2N8e1FKAmfseEZ9Bgb9VAAEAAAF\/wEAAQALAAz1AAzyAAQuMIIEKjCCAxKgAwIBAgIIQV3GMSw7NA4wDQYJKoZIhvcNAQELBQAwbTEnMCUGA1UEAwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTUwNTA2MDEwOTQ3WhcNMTYwNjA0MDEwOTQ3WjBXMRgwFgYDVQQDDA8qLmVzcy5hcHBsZS5jb20xGTAXBgNVBAsMEElTRyBEZWxpdmVyeSBPcHMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aHlPz8zEr2\/OlryJSjAdm3sBeBzxOb\/IYmo5gsM\/DRfPN4PDf\/LrTFueEMTiR1M5eH6brzPM75EM9O6pYBeSfzTeLrmzkrQKWAysaI+eWoj+0wnQMFSNCiK1eEGkr56WF5QbZQwBgXQ7UW332Ww5HOZX7ppN9mzT+UcRSwZ+eJ1dFDZ46Ie+bEJOBHexWMO+bjrT6T5lFV0oxGUlGiQ98q6BwqpSmIGFuXz7+dKT+4GA0iO\/RHQmq65u82gk8zLaBnGTQJkGs5aM0NxfMtOiLhzTLaaEt6YpqlVE\/7HORmtYFJLNt4ZqIUGIEb3QhUF\/fhRt4KhGl5TGt58qtS9zwIDAQABo4HjMIHgMB0GA1UdDgQWBBTnAJO\/qk1G34wBscywcpJsl6a9yzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCzFbVLdMe+M7AiB7d\/cykMARQHQMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlc2VydmVyYXV0aGNhMS5jcmwwDgYDVR0PAQH\/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQTMBGCDyouZXNzLmFwcGxlLmNvbTARBgsqhkiG92NkBhsEAgQCBQAwDQYJKoZIhvcNAQELBQADggEBAB8k4DiGeRhLlP0hiINVbMh3H\/n8I\/7a3QFwAzuim\/AqtI+nIHxJH9NO4z4fgiGpCmBe\/QTEz8LJghnPNsXdqhe0gJgoTFI0K4Zk73j1Y1F1yNiMcbd\/xxPUPif8gSiJElgVmq0j5wge8856CEIqaCvJHXfCSs\/S5UI5uLwzRe2Kt40codzp8blUE\/XjzKPR4zqaDMlWxOzMadpoEjn9BtvP9skUbgmpAX\/guSHB2LDg6qwkf8Y7BJnIo0mmhs0vmssvJlDDhl0pZUqjnW2QtO8df6+a\/l6hO8\/uod6Yasaqu86iEOd8YqJaCL68F6utzwMb9ZRPgkQL0Z\/oLSgCiMkAA\/wwggP4MIIC4KADAgECAggjaXQErcuDFDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMTQwMzA4MDE1MzA0WhcNMjkwMzA4MDE1MzA0WjBtMScwJQYDVQQDDB5BcHBsZSBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0ExIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQsw"} -01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582227896350,"flow_dst_last_pkt_time":1432582228181842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":3411,"midstream":0,"thread_ts_usec":1432582228181842,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com","domainame":"query.ess.apple.com","tls": {"version":"TLSv1.2","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B","blocks":0}}} +01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582227896350,"flow_dst_last_pkt_time":1432582228181842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":3411,"midstream":0,"thread_ts_usec":1432582228181842,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com","domainame":"query.ess.apple.com","tls": {"version":"TLSv1.2","server_names":"*.ess.apple.com","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582228503997,"flow_src_last_pkt_time":1432582228503997,"flow_dst_last_pkt_time":1432582228503997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582228503997,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1432582228503997,"flow_dst_last_pkt_time":1432582228503997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1432582228503997,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXUnXJAAEAG3ojAqAIEEW7lDsApFGe4aEuG1IsaTIAQIAA3PgAAAQEICi36MxJvhmvfFwMBACDgnfLWgV8g\/pw7jjX\/\/3ZDH1tB+gK1jE9k\/rmu6RmKPhcDAQdQwvKiQZwynx6ML8uHDg8WgbZIBNPdSiBPAiHm7VZMSxjHJ7BGJ8hRCNCOXC6LyliytHBkvL\/WQAE0iyMMgIlOMed9vHW1FQrPwtxifubqT35jWP9Nwm9hOQ2sUXPF6J6ZcqeRRxjts4LAxUp+ZVHbqO88UycvtArFRoKmsjwuTsOHFL0h\/BX9z3nWEUxaS9mVyhudzOuBlhf3aNgcppeJ3Mr6DsSPYDWrJ1Ko6GUQ6Mz7WhKyRp+OhCR+8vNcJ+2CIpa9aPiStGZvZFFuJ5eoJiBK6lrgPDyxxPa\/Z82Zx7iZHY+\/ajmPTXvQU4j7rC5OlL\/ZO1JkHVVmXmK1\/n5cUDYPvmxuWKEEWDx8eNxgRC58OMj0i5sHQHDG+ZLwIW4R3Ebyfp++7DjTwhy7uHM9lVzOAa6qgVVbeWZWLm5Zp4udgSHyIGs6plbNOhN8Lb7TTV3BFKBjCbwxtnCR+8lPTlOVAewtoM48Z0qRSJODl9LDmyJOnkTl+LQlbM7hWhZq\/VVyYDivHB+RnYZFdt7ZvWbMsFi9dXD6LjMsdLkj0RU\/SFA5gXvUGWy9x04Yo\/WqRH7ng0WIs\/oAxdVKAH0RL\/egfgAwRrcRgu3dPMqb8b19+PmNfa+WFGFnW0JLuexKCM9POmeD5yw6nk\/ac9Raq2rKcykqXxndrastmOjTbplC4qeRqr0LASV9tRAtG4WvYwC\/dfTiBawq859mBNGrglJvult9KPMKQPFULDG6x+KBv4eYpxjRc54qoabZQMWqqc+\/C0Emvy+eYJXsquvu+83ilyZ2N5sYlJ92HKH8JfE8JTIg5o3c9zLm5ZWhw8+NmQMwd0i5bU9vg06cROWuAG\/JN1YaR0pdUTITubm5mlduwzPQc2BVmXII2GZu105+s7qlJpQzMmRVjoqYtbOeWHJKIQ4UQdZCqzpz4AcWUN7LNHzsfvI5B8mXgc+B7aL8Y8jc2YqBmFk1dHfnjKeYCxGmRBZHJy7WbY9uViabjXvTq6pmYIGh+8lsYGwBwhWNapwWuc8Bw0b65ZKVGVcMKolOabscbWi+EYPJjuvFKgqZscrMC1dXZUtfdGPsPdXUlxbBMQ2Kup7KMqRXjqDlL2rJPpRC\/J6FfjQ+IKNfM\/RVAKV8teQWPRPthAH1FIrtEy51cDQixMgza8uftMRBKRfqEYXF7XVD5164o\/Mck2RudrQlyQmifMkcXuuW1kb2sTQoTz3p0Ox09YvEjxH+5SXf2MqAQ5cwiqd8fGHwSVuprE4y5B+B+0nEsRucTP\/97X6ZaOAcSRCuPQgdHN1NHCSQ8002IEFsPCRXQaWhb\/8KMjfJXXs1I3Eouoy5fGg9Eon7zV6InzJDOtmcVxRzUBgfDR1DGBIMOusKSnnAX1htfNBhCsM31KRySVA9BnU7p8tKS\/3BfJCTQQBoGTP2MoOxAiFKkSgXEh3w0kC\/x4kpimxmzxtGXOOQBZWNBgxyNTYgb0Sf9nOE+sqmGbSG7xueIM5u7Dd864xcMPmVsE1VcOkz2PMHbXIHe+roLyX2aqyb6Yu22cChJiPbSlY+mRr9siD+E7u3KnznXJcpEJBSd3utMm4QryOQBR9FCdalU2IyjVmAb148IpK6Ghgjmw7oVrHdCZXaVw+zfL1FhqC9Bd1VFHiBGm211UlGgrjedJW7mv5NM2z0cPLUMCaZycFw6G4KQN6aDAE1rL1eqhrIxxsuhCw0HsrKiJLLdGsa1+3Rf\/uEKt1c0Ng9dAzkrCJEwEwHx3trkLyhj9\/ja7mEqYBSp5Sx0mCtwBbfi6wnI8gTgb3WlgH0Ha3ke8bRCbeKw4dCUR0GSPUQYm4lO6VKKERImy3aoUDOHbtquSKZKUtb1hVt"} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582228503997,"flow_src_last_pkt_time":1432582228503997,"flow_dst_last_pkt_time":1432582228503997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582228503997,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -83,17 +83,17 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1432582228504689,"flow_dst_last_pkt_time":1432582228753368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582228753368,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JuMAAC8Gq7gRbuUOwKgCBBRnwCnUixpMuGhRJoAQAQ6R7QAAAQEICm+GjQ4t+jMS"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1432582228504689,"flow_dst_last_pkt_time":1432582228758036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582228758036,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JuQAAC8Gq7cRbuUOwKgCBBRnwCnUixpMuGhTAIAQASWP9wAAAQEICm+GjRMt+jMS"} 01754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1432582229313322,"flow_dst_last_pkt_time":1432582228758036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":940,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":940,"pkt_l4_len":906,"thread_ts_usec":1432582229313322,"pkt":"xiwDYGpkAPS5Jrv0CABFAAOeCM9AAEAGdWLAqAIEEW7lDsApFGe4aFMA1IsaTIAYIAAJ\/gAAAQEICi36Nkxvho0TFwMBACAlPDy+6eU1URCb\/ilwjZ\/NM4vs5JNXKOeqBoWnuFfSpBcDAQNA3j6jFaNyp+Ee\/ueUmJ4vlYvRK6kIcmHPC2wSftiGLR4gr5c\/Gb\/AgGHTRAH\/r9QBCzwugl9+wIQsEEA+6vgnX80sTVdiCq3IE0ZfhwPcmqS\/pvpJq+j5hyWlZXNXxBAlIeuiPMUI7U1xe4adpS+ZdUxATIGzNM6hrWeZ9H4ASsfQXeiA+wdzvISU9UxFu83+z22MDx\/tldbYAE+R8dfZ1\/auzjriI8GHA5\/Z6Cc+Uz0r1oTWeoBe3R2YcD7pJ1Zp+GUdsNfFNsOOljc6msXw5zV8uKCTwzPdu1PB0VQRVdAKD+vFDEflXLvINqtZdS+GiBKca8KXunrfOFq7X1OoUZQZllLznrlGRARAU4V1Y7cGkmN8Uc2h1tGvN\/5iRKDzTZFhU5XJe4P\/iKT6ObWhjHQUMbLQK\/O\/weHxMKyTP9++DqmeWXj0JsiGUj5GSaaoQ+KDUml6Yqq02t81luMmnBNmeqVavl5012j2lGmh80AxHNPNWRZiVQNRDcTSSfp91g1UvA75D2gSMzIYw13NDzT9yRfpHFL1O1KpPU3dtcFgTnouF262JANgvzjPLbUYkD8qcdDjprWUY421XR1k5dKQq1eKe8aO8MrOlOI1dk0bBpb46SY8pGCb0wUs\/JJj0+ykc4w2dot17bxGgM1vpWVNWtftB7w479ANTyXb\/vsu4\/IFF29hdjwpRD3YVYqEczDcy74P9cuNs2\/frl\/d80ieXwrpsOhbVVW6CRic9yCz8z0BapVHv2EbrzpMkhKISSrAZ+CPGJIQoG2tQSbXzAKV3e2IWOEQJVMhqYxIUF1a2DbR00i68r9L4H7pNaIXs5RuM1uRA2q+2E4H6hsR3U2vC+apU2DQHkZ04jGoyLn2yaCx8TqsmQwWf58m3h0WkbOED\/Fe4DxQ\/9UY9GB3cQZ9rTty0KPxrmpN5mArMfL21LYMnkrY3aTybt1p4CiU69ruMsGvI\/gImnWD9rYEwuNqpD5Sn1AtqFHf\/17YOVQuqms9g9uLrVyXBwFKmjMaFaMK8LxW8LHpc\/BPQcCfoJiWAJNmkMBdMnR8r9I87mCv\/CAa\/B\/pu0dz7SnGhhQTZ2vSAcoHnKO5WtXEktOiDg=="} -02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582229309355,"flow_dst_last_pkt_time":1432582229616362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":6050,"midstream":0,"thread_ts_usec":1432582229616362,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":119895.3,"max":712466,"stddev":179472.3,"var":32210292736.0,"ent":3.4,"data": [281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952]},"pktlen": {"min":40,"avg":432.9,"max":1480,"stddev":595.1,"var":354099.2,"ent":3.8,"data": [64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40]},"bins": {"c_to_s": [9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02424{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582229309355,"flow_dst_last_pkt_time":1432582229616362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":6050,"midstream":0,"thread_ts_usec":1432582229616362,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":119895.3,"max":712466,"stddev":179472.3,"var":32210292736.0,"ent":3.4,"data": [281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952]},"pktlen": {"min":40,"avg":432.9,"max":1480,"stddev":595.1,"var":354099.2,"ent":3.8,"data": [64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40]},"bins": {"c_to_s": [9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582230648273,"flow_dst_last_pkt_time":1432582230648273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582230648273,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1432582230648273,"flow_dst_last_pkt_time":1432582230648273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1432582230648273,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZppAAEAGvV7AqAIEEa1CZsA0AbuMr4Y\/AAAAALAC\/\/\/iDQAAAgQFtAEDAwQBAQgKLfo7WAAAAAAEAgAA"} 02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582227643274,"flow_src_last_pkt_time":1432582230649748,"flow_dst_last_pkt_time":1432582230614203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":445,"midstream":0,"thread_ts_usec":1432582230649748,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":192819.5,"max":709350,"stddev":172077.7,"var":29610717184.0,"ent":4.4,"data": [153871,242175,244771,708056,709350,35643,213202,306,145666,324955,262756,250323,148242,98446,249378,163432,164508,351063,174021,177975,4,178327,331,171720,16,302683,276,301856,4,0,204047]},"pktlen": {"min":52,"avg":102.8,"max":253,"stddev":60.8,"var":3698.6,"ent":4.8,"data": [64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118]},"bins": {"c_to_s": [9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0],"entropies": [4.535581589,5.323234558,5.284870625,5.118428230,6.648615837,6.247110844,5.434191704,5.231892109,5.169486046,7.074976444,5.807060719,5.762281895,5.680767059,5.207947731,7.065171242,5.820694447,5.246409416,6.336829185,5.802911282,6.766283989,5.781786919,5.740469933,6.833239079,5.270353794,5.863435745,5.886964798,7.017980099,5.284870625,5.854554653,5.807495594,5.816376686,6.257439613]},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1432582230648273,"flow_dst_last_pkt_time":1432582230787552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582230787552,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0jEsAAO8GKLkRrUJmwKgCBAG7wDR81DyUjK+GQIASH\/6qEgAAAgQFoAEDAwQBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1432582230854807,"flow_dst_last_pkt_time":1432582230787552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582230854807,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLotAAEAG9YXAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAQQADKywAA"} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1432582230862990,"flow_dst_last_pkt_time":1432582230787552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1432582230862990,"pkt":"xiwDYGpkAPS5Jrv0CABFAAELd3hAAEAGq7XAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAYQADmeAAAFgMBAN4BAADaAwNVY3hWzpRvQb4tQBJl4xyEq38xvRpwxqpjBZECV8GAECDnNWvFSuDQ9RWxNOp1GECdroi8RHuHNQND3XitCRrHVABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAABHAAAAHQAbAAAYcDUzLWJ1eS5pdHVuZXMuYXBwbGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="} -01357{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582230862990,"flow_dst_last_pkt_time":1432582230787552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582230862990,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582230862990,"flow_dst_last_pkt_time":1432582230787552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582230862990,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1432582230862990,"flow_dst_last_pkt_time":1432582231003202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582231003202,"pkt":"APS5Jrv0xiwDYGpkCABFAAAojFMAAO8GKL0RrUJmwKgCBAG7wDR81DyVjK+HI1AQCgL\/5gAA"} -01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582230862990,"flow_dst_last_pkt_time":1432582231003264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1432582231003264,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582231572130,"flow_dst_last_pkt_time":1432582231504448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5225,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582231572130,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":57420.4,"max":246332,"stddev":88943.3,"var":7910914560.0,"ent":3.4,"data": [139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179]},"pktlen": {"min":40,"avg":289.3,"max":1480,"stddev":408.5,"var":166890.9,"ent":3.9,"data": [64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40]},"bins": {"c_to_s": [9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0],"entropies": [4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} +01462{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582230862990,"flow_dst_last_pkt_time":1432582231003264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1432582231003264,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +02431{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582231572130,"flow_dst_last_pkt_time":1432582231504448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5225,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582231572130,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":57420.4,"max":246332,"stddev":88943.3,"var":7910914560.0,"ent":3.4,"data": [139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179]},"pktlen": {"min":40,"avg":289.3,"max":1480,"stddev":408.5,"var":166890.9,"ent":3.9,"data": [64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40]},"bins": {"c_to_s": [9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0],"entropies": [4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582233314493,"flow_src_last_pkt_time":1432582233314493,"flow_dst_last_pkt_time":1432582233314493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582233314493,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1432582233314493,"flow_dst_last_pkt_time":1432582233314493,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582233314493,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0kh5AAEAGATfAqAIEXbqHCMAoAFBgmxszxhyTY4ARIABAdgAAAQEICi36RbdjLQIx"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1432582233314493,"flow_dst_last_pkt_time":1432582233380398,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582233380398,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewoAADkGX0tduocIwKgCBABQwCjGHJNjYJsbNIAQAebnbwAAAQEICmMteVEt+kW3"} @@ -118,67 +118,67 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1432582236282161,"flow_dst_last_pkt_time":1432582236144785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582236282161,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790823,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238790823,"pkt":"xiwDYGpkAPS5Jrv0CABFwACarW0AAEARhl7AqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790823,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790823,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238790889,"pkt":"xiwDYGpkAPS5Jrv0CABFwACat4MAAEARfEjAqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790889,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790889,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791013,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791013,"pkt":"xiwDYGpkAPS5Jrv0CABFwACayJAAAEARiRnAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791013,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791013,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791094,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaw2YAAEARjkPAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791094,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791094,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791235,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa2EoAAEARf1\/AqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791350,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa9a4AAEARYfvAqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791350,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791350,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791504,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791504,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa8J4AAEARUgvAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791504,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791504,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791682,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLVIAAEARFVjAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791682,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791682,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791744,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791744,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNZEAAEARBxnAqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791744,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791744,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791932,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa90wAAEARRV3AqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791932,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791932,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791993,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791993,"pkt":"xiwDYGpkAPS5Jrv0CABFwACahRkAAEARwwDAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791993,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791993,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792200,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaCdEAAEARPknAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792200,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792200,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792300,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWjwAAEAR4G3AqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792451,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWaMAAEAR4QbAqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792451,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792451,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792569,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792569,"pkt":"xiwDYGpkAPS5Jrv0CABFwACagnUAAEARzDTAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792569,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792569,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792699,"pkt":"xiwDYGpkAPS5Jrv0CABFwACakcIAAEARvOfAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792699,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792699,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238857632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238857632,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28gAAFURZ\/MfDUAwwKgCBA2WyT4ANKxZAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnU="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238857632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238857632,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238857632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238857632,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238857679,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238857679,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28kAAFURZ\/IfDUAwwKgCBA2WyT4ANKxXAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238878783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238878783,"pkt":"APS5Jrv0xiwDYGpkCABFAABIJlcAAFMRBGUfDVswwKgCBA2WyT4ANP0WAQMAGCESpEIAAJhbSrigEVALo04AIAAIAAGRdm4xsYdAAgAIAAABTYyOMoM="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238878783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238878783,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238878783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238878783,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238878787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238878787,"pkt":"APS5Jrv0xiwDYGpkCABFAABIJlgAAFMRBGQfDVswwKgCBA2WyT4ANP0UAQMAGCESpEIAAJhbSrigEVALo04AIAAIAAGRdm4xsYdAAgAIAAABTYyOMoU="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238888244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238888244,"pkt":"APS5Jrv0xiwDYGpkCABFAABIKucAAE4R+\/YfDWQOwKgCBA2WyT4ANMZzAQMAGCESpEIAAHUQ+ENDH9BeI3kAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnw="} -01044{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238888244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238888244,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238888244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238888244,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238888265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238888265,"pkt":"APS5Jrv0xiwDYGpkCABFAABIKugAAE4R+\/UfDWQOwKgCBA2WyT4ANMZxAQMAGCESpEIAAHUQ+ENDH9BeI3kAIAAIAAGRdm4xsYdAAgAIAAABTYyOMn4="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238888266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238888266,"pkt":"APS5Jrv0xiwDYGpkCABFAABIUUgAAFYR1HMfDV0wwKgCBA2WyT4ANIbjAQMAGCESpEIAAOhOyhcXEAbXGlwAIAAIAAGRdm4xsYdAAgAIAAABTYyOMow="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238888266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238888266,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238888266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238888266,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238897932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238897932,"pkt":"APS5Jrv0xiwDYGpkCABFAABIUUkAAFYR1HIfDV0wwKgCBA2WyT4ANIbhAQMAGCESpEIAAOhOyhcXEAbXGlwAIAAIAAGRdm4xsYdAAgAIAAABTYyOMo4="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238990342,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238990342,"pkt":"APS5Jrv0xiwDYGpkCABFAABIHLUAAFQRHwcfDUkwwKgCBA2WyT4ANElHAQMAGCESpEIAABpmz0oddRqYGlYAIAAIAAGRdm4xsYdAAgAIAAABTYyOMr4="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238990342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238990342,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238990342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582238990342,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238991668,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238991668,"pkt":"APS5Jrv0xiwDYGpkCABFAABIHLYAAFQRHwYfDUkwwKgCBA2WyT4ANElFAQMAGCESpEIAABpmz0oddRqYGlYAIAAIAAGRdm4xsYdAAgAIAAABTYyOMsA="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582239035303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582239035303,"pkt":"APS5Jrv0xiwDYGpkCABFAABIsFoAAFQRjmEfDUYwwKgCBA2WyT4ANL3lAQMAGCESpEIAACUBlIyWX5N55xQAIAAIAAGRdm4xsYdAAgAIAAABTYyOMrg="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582239035303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582239035303,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582239035303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582239035303,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582239035335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582239035335,"pkt":"APS5Jrv0xiwDYGpkCABFAABIsFsAAFQRjmAfDUYwwKgCBA2WyT4ANL3kAQMAGCESpEIAACUBlIyWX5N55xQAIAAIAAGRdm4xsYdAAgAIAAABTYyOMrk="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582239055080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582239055080,"pkt":"APS5Jrv0xiwDYGpkCABFAABI6QYAAFMRTSUfDU\/AwKgCBA2WyT4ANHa7AQMAGCESpEIAADsyhsRFd5d2aQUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuQ="} -01044{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582239055080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582239055080,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582239055080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582239055080,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582239055087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582239055087,"pkt":"APS5Jrv0xiwDYGpkCABFAABI6QcAAFMRTSQfDU\/AwKgCBA2WyT4ANHa5AQMAGCESpEIAADsyhsRFd5d2aQUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuY="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582239083443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582239083443,"pkt":"APS5Jrv0xiwDYGpkCABFAABIAeoAAFYRK9IfDVUwwKgCBA2WyT4ANFR5AQMAGCESpEIAADIU0Oi5cQTqY2QAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuM="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582239083443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582239083443,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582239083443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582239083443,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:45156","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582239083446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582239083446,"pkt":"APS5Jrv0xiwDYGpkCABFAABIAesAAFYRK9EfDVUwwKgCBA2WyT4ANFR4AQMAGCESpEIAADIU0Oi5cQTqY2QAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuQ="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582244297765,"flow_src_last_pkt_time":1432582244297765,"flow_dst_last_pkt_time":1432582244297765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582244297765,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1432582244297765,"flow_dst_last_pkt_time":1432582244297765,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582244297765,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAojkRAAEAGShnAqAIEEaeOH8AMAbt6TdZMbFoWmFAR\/\/+4DAAA"} @@ -209,17 +209,17 @@ 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582257197582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1432582257197582,"pkt":"APS5Jrv0xiwDYGpkCABFAAByH68AAFYRBeMfDV0wwKgCBA2WyT4AXrjagckACUwonm2wHgwTDvqn09dI5Tl\/4L+Lv6PBoXbsprKS9SgxRhWHjq5qsMlCLel9YINSbVW1kyOkA+bDEjDWVO8fpWX9e7C0gAAAAVvv5xPqYsEj4ls="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258587552,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258587552,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258587552,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258587552,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258730153,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIG0oAAEARj7DAqAIEW\/2wQck+JIAANKXrAAEAGCESpELdaIZ9jcVOA62tiygACAAUhE7qa\/gs1xldMnASKkUclFJWums="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258815685,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="} 00932{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582258825375,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"} -01097{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582258825375,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582258825375,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","stream_content":"Audio"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258881819,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258881819,"pkt":"APS5Jrv0xiwDYGpkCABFAABIE\/gAAC8RqMJb\/bBBwKgCBCSAyT4ANMrWAAEAGCESpEKeaboEfgZsasdwHloACAAUqRSMFuqpInS4y87I6AOf8O\/PSC8="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1432582258885754,"flow_dst_last_pkt_time":1432582258881819,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258885754,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI60MAAEARv7bAqAIEW\/2wQck+JIAANLSRAQEAGCESpEKeaboEfgZsasdwHloACAAURgJjd0i0VDTJJrV76xTQyOSNOaY="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1432582259254832,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582259254832,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="} -01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582259254832,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582259254832,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582259254832,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582259254832,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1432582259886962,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582259886962,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI77MAAEARawTAqAIEAcJav8k+65gANKqSAAEAGCESpEK30Ms3\/7rzJdDOeSQACAAUjiMqFpbreAaLOXedI1Eon++y9eE="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1432582260514270,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582260514270,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI+cUAAEARYPLAqAIEAcJav8k+65gANJE\/AAEAGCESpEJlzPg4GxgzVtPAczQACAAUByzPknXSQgU3SCNOJEjP0trCKUQ="} 02375{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582260754649,"flow_dst_last_pkt_time":1432582260775626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":3471,"flow_dst_tot_l4_payload_len":2001,"midstream":0,"thread_ts_usec":1432582260775626,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":131289.3,"max":352421,"stddev":70223.6,"var":4931354624.0,"ent":4.7,"data": [85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877]},"pktlen": {"min":50,"avg":199.0,"max":337,"stddev":98.8,"var":9763.6,"ent":4.8,"data": [72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291]},"bins": {"c_to_s": [1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -279,84 +279,84 @@ 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1432582288984274,"flow_dst_last_pkt_time":1432582271840128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582288984274,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFAAAP8RdlUAAAAA\/\/\/\/\/wBEAEMBNOdPAQEGALYzLg0AEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337662,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337662,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalSUAAEARuYTAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337662,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337662,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337727,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaZm0AAEAR6DzAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":872,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337727,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":872,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337727,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337848,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337848,"pkt":"xiwDYGpkAPS5Jrv0CABFwACajDIAAEARrnfAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337848,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337848,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337941,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalgkAAEARpKDAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337941,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337941,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338078,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338078,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaRlMAAEARAcfAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338078,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338078,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338210,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1Y0AAEARcozAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338210,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338210,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338341,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338341,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaIqQAAEARINbAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338341,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338341,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338539,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNRkAAEARDmHAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338539,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338539,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338593,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4C0AAEARtrvAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338735,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaP+kAAEARVwDAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":880,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338735,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":880,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338735,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338853,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338853,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaOAUAAEARBaXAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338853,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338853,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339205,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLOMAAEAREMfAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339205,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339205,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339330,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339330,"pkt":"xiwDYGpkAPS5Jrv0CABFwACafE8AAEAR0VrAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339330,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339330,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339473,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1VQAAEAReFXAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":884,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339473,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":884,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339473,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339591,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaPWIAAEARBkjAqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339722,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4JwAAEARYw3AqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":886,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339722,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01162{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":886,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339722,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296389707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296389707,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbcAAFYRcAQfDV0wwKgCBA2WzjoANObxAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzk="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":887,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296389707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296389707,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":887,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296389707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296389707,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296391231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296391231,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbgAAFYRcAMfDV0wwKgCBA2WzjoANObvAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzs="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296441767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296441767,"pkt":"APS5Jrv0xiwDYGpkCABFAABIu\/4AAFIRdr0fDVQwwKgCBA2WzjoANKRaAQMAGCESpEIAAPM63M4iUJ72Oh0AIAAIAAG2aW4xsYdAAgAIAAABTYyPE2E="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296441767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296441767,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296441767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296441767,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296443204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296443204,"pkt":"APS5Jrv0xiwDYGpkCABFAABIu\/8AAFIRdrwfDVQwwKgCBA2WzjoANKRZAQMAGCESpEIAAPM63M4iUJ72Oh0AIAAIAAG2aW4xsYdAAgAIAAABTYyPE2I="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296448307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296448307,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4fkAAFYRTJKzPMAwwKgCBA2WzjoANIBbAQMAGCESpEIAAHR4erx3E5L39hkAIAAIAAG2aW4xsYdAAgAIAAABTYyPE0Q="} -01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296448307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296448307,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296448307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296448307,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296449785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296449785,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4fsAAFYRTJCzPMAwwKgCBA2WzjoANIBZAQMAGCESpEIAAHR4erx3E5L39hkAIAAIAAG2aW4xsYdAAgAIAAABTYyPE0Y="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296464788,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296464788,"pkt":"APS5Jrv0xiwDYGpkCABFAABI3osAAFMRTTAfDVowwKgCBA2WzjoANIR9AQMAGCESpEIAAEIAbV8qcywo32IAIAAIAAG2aW4xsYdAAgAIAAABTYyPE04="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296464788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296464788,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296464788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296464788,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296465530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296465530,"pkt":"APS5Jrv0xiwDYGpkCABFAABI3owAAFMRTS8fDVowwKgCBA2WzjoANIR7AQMAGCESpEIAAEIAbV8qcywo32IAIAAIAAG2aW4xsYdAAgAIAAABTYyPE1A="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296488822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296488822,"pkt":"APS5Jrv0xiwDYGpkCABFAABIVHgAAFQR50MfDUkwwKgCBA2WzjoANIfaAQMAGCESpEIAAPA16Ue1KOAmhBUAIAAIAAG2aW4xsYdAAgAIAAABTYyPE2w="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296488822,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296488822,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296488822,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296488822,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296490101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296490101,"pkt":"APS5Jrv0xiwDYGpkCABFAABIVHkAAFQR50IfDUkwwKgCBA2WzjoANIfZAQMAGCESpEIAAPA16Ue1KOAmhBUAIAAIAAG2aW4xsYdAAgAIAAABTYyPE20="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296515706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296515706,"pkt":"APS5Jrv0xiwDYGpkCABFAABIfMQAAFURvPcfDUowwKgCBA2WzjoANF8yAQMAGCESpEIAAMYoECn4BPzbT0AAIAAIAAG2aW4xsYdAAgAIAAABTYyPE4Q="} -01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296515706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296515706,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296515706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296515706,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296517176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296517176,"pkt":"APS5Jrv0xiwDYGpkCABFAABIfMUAAFURvPYfDUowwKgCBA2WzjoANF8wAQMAGCESpEIAAMYoECn4BPzbT0AAIAAIAAG2aW4xsYdAAgAIAAABTYyPE4Y="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296549936,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296549936,"pkt":"APS5Jrv0xiwDYGpkCABFAABI3hsAAE0RrN+t\/HIBwKgCBA2WzjoANEEuAQMAGCESpEIAAPckPngMfZVuqj0AIAAIAAG2aW4xsYdAAgAIAAABTYyPE3Q="} -01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296549936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296549936,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296549936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296549936,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296551704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296551704,"pkt":"APS5Jrv0xiwDYGpkCABFAABI3h0AAE0RrN2t\/HIBwKgCBA2WzjoANEEsAQMAGCESpEIAAPckPngMfZVuqj0AIAAIAAG2aW4xsYdAAgAIAAABTYyPE3Y="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296565602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296565602,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4sAAFMRJqEfDU\/AwKgCBA2WzjoANNk2AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE58="} -01044{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296565602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296565602,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779"}}} +01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":901,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296565602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582296565602,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"79.35.21.197:38779","multimedia_flow_types":"Unknown"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296567432,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296567432,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4wAAFMRJqAfDU\/AwKgCBA2WzjoANNk0AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE6E="} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":932,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582247125660,"flow_src_last_pkt_time":1432582285062641,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582297518674,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":932,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582246280217,"flow_src_last_pkt_time":1432582276331177,"flow_dst_last_pkt_time":1432582246280217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582297518674,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1432582302350249,"flow_dst_last_pkt_time":1432582296443204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1432582302350249,"pkt":"xiwDYGpkAPS5Jrv0CABFwABy39QAAEARY\/3AqAIEHw1UMM46DZYAXmPlgckACQoVDhA\/cDmPP2GH+dw+eSd5Ut6D6R34wbCvsCoYFHs8lda5k2P52vD1dbELS8rcXVWf0VY2IFXDP5up5wUe\/tYGcpldgAAAAb5uMWFJKkRckYE="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303186638,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303186638,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI\/ugAAEARW8\/AqAIEAcJav846yg8ANOnpAAEAGCESpEL3EVgs34UDSm8ZSi0ACAAUBo8N2M5l\/vTJutWmGJeHW1ycL5M="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303186638,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303186638,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303300524,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303300524,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIibwAAEARIT7AqAIEW\/2wQc46JcEANNm\/AAEAGCESpEJqJ0QlQ7N3HdICmh0ACAAUdy+mbVoXRYBrOj7VSucZjRXX5oc="} -01132{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303300524,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303300524,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303604793,"pkt":"APS5Jrv0xiwDYGpkCABFAABI2uIAAC8R4ddb\/bBBwKgCBCXBzjoANGAJAAEAGCESpEIU61RZ3ZsVVlL2qyQACAAUqmIWy0WW07d7nJ5APIsHCVUVL7g="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1432582303607918,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303607918,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbOUAAEARPhXAqAIEW\/2wQc46JcEANIk8AQEAGCESpEIU61RZ3ZsVVlL2qyQACAAU6CFWVCyx0lHi4kItE160ER18SxI="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303616302,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIgjEAAEARKMnAqAIEW\/2wQc46JcEANMh1AAEAGCESpEIsOC9qKgcRQkh47WsACAAU2ZdPl1kHfCpml7O+IRdvILydfEM="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303694711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303694711,"pkt":"APS5Jrv0xiwDYGpkCABFAABIBlkAAC8RtmFb\/bBBwKgCBCXBzjoANK7MAQEAGCESpEIsOC9qKgcRQkh47WsACAAUfDHrJU+Q0hLT1ujVdOoJkJQ5oh0="} -01098{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303733149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":290,"midstream":0,"thread_ts_usec":1432582303733149,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01123{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303733149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":290,"midstream":0,"thread_ts_usec":1432582303733149,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","stream_content":"Audio"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1432582303831637,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303831637,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIdWcAAEAR5VDAqAIEAcJav846yg8ANHIiAAEAGCESpEJT9nMzid0wAn5OIFYACAAUj7UY3ZixJKF1uir6vHE5QBib28w="} -01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303831637,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303831637,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303831637,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303831637,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1432582304464260,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582304464260,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIRQUAAEARFbPAqAIEAcJav846yg8ANIW7AAEAGCESpEIZoNpuKgJFUxs+kVcACAAURUHG5kUyySWGpYslvS2cuO+ddv8="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1432582305100006,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582305100006,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI+yoAAEARX43AqAIEAcJav846yg8ANESCAAEAGCESpEKHi4QAVEzkfV5fTxcACAAUSe5EBzgFfmq12TvpmvAMFQPSazU="} 02365{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582305119064,"flow_dst_last_pkt_time":1432582305008654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":1888,"flow_dst_tot_l4_payload_len":1727,"midstream":0,"thread_ts_usec":1432582305119064,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":40,"avg":113763.5,"max":307394,"stddev":86013.0,"var":7398240768.0,"ent":4.5,"data": [304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436]},"pktlen": {"min":54,"avg":141.0,"max":306,"stddev":58.8,"var":3453.3,"ent":4.9,"data": [72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171]},"bins": {"c_to_s": [1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0],"entropies": [5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -398,10 +398,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1432582355253275,"flow_dst_last_pkt_time":1432582355393148,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582355393148,"pkt":"APS5Jrv0xiwDYGpkCABFAAA009MAAO8G4TARrUJmwKgCBAG7wDWkxiaffnJFJIASH\/7nbQAAAgQFoAEDAwQBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1432582355478348,"flow_dst_last_pkt_time":1432582355393148,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582355478348,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1432582355482566,"flow_dst_last_pkt_time":1432582355393148,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1432582355482566,"pkt":"xiwDYGpkAPS5Jrv0CABFAAELcyVAAEAGsAjAqAIEEa1CZsA1Abt+ckUkpMYmoFAYQABJcgAAFgMBAN4BAADaAwNVY3jT+WAMBJPe1sSsxt7B5e33LtE3N+Ij9pRhB6MISiDnNWvFSuDQ9RWxNOp1GECdroi8RHuHNQND3XitCRrHVABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAABHAAAAHQAbAAAYcDUzLWJ1eS5pdHVuZXMuYXBwbGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="} -01358{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582355482566,"flow_dst_last_pkt_time":1432582355393148,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582355482566,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582355482566,"flow_dst_last_pkt_time":1432582355393148,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582355482566,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1432582355482566,"flow_dst_last_pkt_time":1432582355622036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582355622036,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo09YAAO8G4TkRrUJmwKgCBAG7wDWkxiagfnJGB1AQCgI9QgAA"} -01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582355482566,"flow_dst_last_pkt_time":1432582355622106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1432582355622106,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":57713.9,"max":271808,"stddev":91895.6,"var":8444797952.0,"ent":3.3,"data": [139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275]},"pktlen": {"min":40,"avg":289.3,"max":1480,"stddev":408.5,"var":166876.7,"ent":3.9,"data": [64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40]},"bins": {"c_to_s": [9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0],"entropies": [4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} +01463{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582355482566,"flow_dst_last_pkt_time":1432582355622106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1432582355622106,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com","domainame":"p53-buy.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d370500_07a749158664_d075105c1994","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +02431{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":57713.9,"max":271808,"stddev":91895.6,"var":8444797952.0,"ent":3.3,"data": [139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275]},"pktlen": {"min":40,"avg":289.3,"max":1480,"stddev":408.5,"var":166876.7,"ent":3.9,"data": [64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40]},"bins": {"c_to_s": [9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0],"entropies": [4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582223077297,"flow_src_last_pkt_time":1432582223379275,"flow_dst_last_pkt_time":1432582223271314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582223077297,"flow_src_last_pkt_time":1432582223379275,"flow_dst_last_pkt_time":1432582223271314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582223075943,"flow_src_last_pkt_time":1432582223379519,"flow_dst_last_pkt_time":1432582223276650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -419,7 +419,7 @@ 00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224235628,"flow_src_last_pkt_time":1432582224264733,"flow_dst_last_pkt_time":1432582224263291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224235628,"flow_src_last_pkt_time":1432582224264733,"flow_dst_last_pkt_time":1432582224263291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582224230305,"flow_src_last_pkt_time":1432582224260694,"flow_dst_last_pkt_time":1432582224259122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":85,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01062{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582227884677,"flow_src_last_pkt_time":1432582228167635,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01169{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582227884677,"flow_src_last_pkt_time":1432582228167635,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582227884677,"flow_src_last_pkt_time":1432582228167635,"flow_dst_last_pkt_time":1432582228152588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00978{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224210874,"flow_src_last_pkt_time":1432582224240462,"flow_dst_last_pkt_time":1432582224238952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582224210874,"flow_src_last_pkt_time":1432582224240462,"flow_dst_last_pkt_time":1432582224238952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -475,12 +475,12 @@ 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235999137,"flow_src_last_pkt_time":1432582236282161,"flow_dst_last_pkt_time":1432582236144785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01178{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":24,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582264928868,"flow_dst_last_pkt_time":1432582264924464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":10180,"flow_dst_tot_l4_payload_len":5304,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com"}} -01178{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com"}} +01281{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":24,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582264928868,"flow_dst_last_pkt_time":1432582264924464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":10180,"flow_dst_tot_l4_payload_len":5304,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com"}} +01281{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"p53-buy.itunes.apple.com"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582223191773,"flow_dst_last_pkt_time":1432582223190009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":340,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582227526441,"flow_src_last_pkt_time":1432582227526441,"flow_dst_last_pkt_time":1432582227594651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"query.ess.apple.com"}} -01156{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582260448775,"flow_dst_last_pkt_time":1432582260403082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":8646,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com"}} +01259{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582260448775,"flow_dst_last_pkt_time":1432582260403082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":8646,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"query.ess.apple.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582227595809,"flow_src_last_pkt_time":1432582227595809,"flow_dst_last_pkt_time":1432582227624839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13.whatsapp.net"}} 01244{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582267983119,"flow_src_last_pkt_time":1432582311138615,"flow_dst_last_pkt_time":1432582267983119,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -494,7 +494,7 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284806157,"flow_src_last_pkt_time":1432582285047789,"flow_dst_last_pkt_time":1432582284806157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac.local"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284805992,"flow_src_last_pkt_time":1432582285047820,"flow_dst_last_pkt_time":1432582284805992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac.local"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1432582228503997,"flow_src_last_pkt_time":1432582353694076,"flow_dst_last_pkt_time":1432582353955055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":234,"flow_src_tot_l4_payload_len":4006,"flow_dst_tot_l4_payload_len":468,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1253,"packets-processed":1251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":46,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":497,"global_ts_usec":1432582361929399} +00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1253,"packets-processed":1251,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":46,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":497,"global_ts_usec":1432582361929399} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1253/1251 ~~ skipped flows.............: 0 @@ -503,9 +503,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7170680 bytes -~~ total memory freed........: 7170680 bytes -~~ total allocations/frees...: 116057/116057 +~~ total memory allocated....: 7748480 bytes +~~ total memory freed........: 7748480 bytes +~~ total allocations/frees...: 127796/127796 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2513 chars diff --git a/test/results/default/whatsapp_login_chat.pcap.out b/test/results/default/whatsapp_login_chat.pcap.out index f25801af4..5fbf83061 100644 --- a/test/results/default/whatsapp_login_chat.pcap.out +++ b/test/results/default/whatsapp_login_chat.pcap.out @@ -1,5 +1,5 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582377898864} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432582377898864} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582377898864,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -58,7 +58,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582396509617,"flow_src_last_pkt_time":1432582426553706,"flow_dst_last_pkt_time":1432582396509617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01210{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1432582411561512,"flow_src_last_pkt_time":1432582431565397,"flow_dst_last_pkt_time":1432582411561512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1699,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":93,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1432582431565397} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":93,"packets-processed":93,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":61,"global_ts_usec":1432582431565397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/93 ~~ skipped flows.............: 0 @@ -67,9 +67,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6937492 bytes -~~ total memory freed........: 6937492 bytes -~~ total allocations/frees...: 114320/114320 +~~ total memory allocated....: 7515109 bytes +~~ total memory freed........: 7515109 bytes +~~ total allocations/frees...: 126052/126052 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 542 chars ~~ json message max len.......: 2496 chars diff --git a/test/results/default/whatsapp_voice_and_message.pcap.out b/test/results/default/whatsapp_voice_and_message.pcap.out index 46c50862d..e97bcc78d 100644 --- a/test/results/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/default/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,5 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820558921094} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1432820558921094} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820558921094,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820558921094,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820558921094,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558982129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820558982129,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} @@ -9,49 +9,49 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1432820559129925,"flow_dst_last_pkt_time":1432820559130047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820559130047,"pkt":"ABoRAAACABoRAAABCABFAAAoAANAABAG9Oi4rbMuCggAAQG7ipj561IVBhSunVAQ\/\/+s6QAA"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567259228,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820567259228,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567259228,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567259228,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567597088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820567597088,"pkt":"ABoRAAACABoRAAABCABFAABIAA5AABAR7VEfDVQwCggAAQ2W0XQANI6xAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAHzk56wzx5AAgAIAAABTZrCzrs="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1432820567597180,"flow_dst_last_pkt_time":1432820567597088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820567597180,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1432820567597180,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820567917126,"pkt":"ABoRAAACABoRAAABCABFAABIAA9AABAR7VAfDVQwCggAAQ2W0XQANNaZAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAGqbZ6wzx5AAgAIAAABTZrCz\/k="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567917248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820567917248,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567917248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567917248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820568117413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568117413,"pkt":"ABoRAAACABoRAAABCABFAABIABBAABAR908fDUowCggAAQ2W0XQANMmPAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGyFZ6wzx5AAgAIAAABTZrC0PY="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1432820568118085,"flow_dst_last_pkt_time":1432820568117413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568118085,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1432820568118085,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568346844,"pkt":"ABoRAAACABoRAAABCABFAABIABFAABAR904fDUowCggAAQ2W0XQANO2fAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGNHp6wzx5AAgAIAAABTZrC0d0="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568346936,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568346936,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568346936,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568346936,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568646771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568646771,"pkt":"ABoRAAACABoRAAABCABFAABIABJAABARAU4fDUAwCggAAQ2W0XQANK\/IAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAG83p6wzx5AAgAIAAABTZrC0t8="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1432820568646863,"flow_dst_last_pkt_time":1432820568646771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568646863,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1432820568646863,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568946667,"pkt":"ABoRAAACABoRAAABCABFAABIABNAABARAU0fDUAwCggAAQ2W0XQANMbTAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAGkqZ6wzx5AAgAIAAABTZrC1Ak="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568947491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568947491,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568947491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568947491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820569197308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820569197308,"pkt":"ABoRAAACABoRAAABCABFAABIABRAABAROYut\/HkBCggAAQ2W0XQANOG6AQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGGsp6wzx5AAgAIAAABTZrC1Qc="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1432820569197369,"flow_dst_last_pkt_time":1432820569197308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820569197369,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1432820569197369,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820569427136,"pkt":"ABoRAAACABoRAAABCABFAABIABVAABAROYqt\/HkBCggAAQ2W0XQANNKXAQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGU1Z6wzx5AAgAIAAABTZrC1gc="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820569427258,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820569427258,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820569427258,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820569427258,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569716748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820569716748,"pkt":"ABoRAAACABoRAAABCABFAABIABZAABAR7RmzPMAwCggAAQ2W0XQANM1bAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGhQp6wzx5AAgAIAAABTZrC1xA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1432820569716839,"flow_dst_last_pkt_time":1432820569716748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820569716839,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1432820569716839,"flow_dst_last_pkt_time":1432820570006695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820570006695,"pkt":"ABoRAAACABoRAAABCABFAABIABdAABAR7RizPMAwCggAAQ2W0XQANLmCAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGz+p6wzx5AAgAIAAABTZrC2DE="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570006787,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820570006787,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00999{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570006787,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570006787,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570428723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820570428723,"pkt":"ABoRAAACABoRAAABCABFAABIABhAABAR8bcfDU\/ACggAAQ2W0XQANGvgAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGA\/J6wzx5AAgAIAAABTZrC2ZA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1432820570428815,"flow_dst_last_pkt_time":1432820570428723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820570428815,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1432820570428815,"flow_dst_last_pkt_time":1432820570876782,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820570876782,"pkt":"ABoRAAACABoRAAABCABFAABIABlAABAR8bYfDU\/ACggAAQ2W0XQANGAYAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGLCJ6wzx5AAgAIAAABTZrC20w="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570876843,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820570876843,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570876843,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570876843,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820571176892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571176892,"pkt":"ABoRAAACABoRAAABCABFAABIABpAABAR5EUfDV0wCggAAQ2W0XQANAkRAQMAGCESpEIAABBswYmYde0br2MAIAAIAAGc8p6wzx5AAgAIAAABTZrC3MQ="} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1432820571176953,"flow_dst_last_pkt_time":1432820571176892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820571176953,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1432820571176953,"flow_dst_last_pkt_time":1432820571488171,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571488171,"pkt":"ABoRAAACABoRAAABCABFAABIABtAABAR5EQfDV0wCggAAQ2W0XQANLfgAQMAGCESpEIAABBswYmYde0br2MAIAAIAAHs556wzx5AAgAIAAABTZrC3f8="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820571488232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820571488232,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820571488232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820571488232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571716839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571716839,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1432820571716900,"flow_dst_last_pkt_time":1432820571716839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820571716900,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1432820571716900,"flow_dst_last_pkt_time":1432820571916791,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571916791,"pkt":"ABoRAAACABoRAAABCABFAABIAB1AABAR+EIfDUkwCggAAQ2W0XQANFhcAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGhVZ6wzx5AAgAIAAABTZrC3+M="} @@ -123,7 +123,7 @@ 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820627171490,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1432820695137128} +00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":261,"packets-processed":261,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":126,"global_ts_usec":1432820695137128} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 ~~ skipped flows.............: 0 @@ -132,9 +132,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6954102 bytes -~~ total memory freed........: 6954102 bytes -~~ total allocations/frees...: 114540/114540 +~~ total memory allocated....: 7531698 bytes +~~ total memory freed........: 7531698 bytes +~~ total allocations/frees...: 126271/126271 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2215 chars diff --git a/test/results/default/whatsappfiles.pcap.out b/test/results/default/whatsappfiles.pcap.out index 92da9e643..e62858be5 100644 --- a/test/results/default/whatsappfiles.pcap.out +++ b/test/results/default/whatsappfiles.pcap.out @@ -1,27 +1,27 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1519924083411187} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1519924083411187} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924083411187,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1519924083411187,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1519924083501147,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1519924083503118,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1519924083503118,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoRwJzRhWoAQCAWMQgAAAQEICijlFlQJITj5"} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"thread_ts_usec":1519924083506116,"pkt":"XEl5dU5qkLkxKPrKCABFAAEnAABAAEAG5ZnAqAIduTzYNcIKAbs8JoRwJzRhWoAYCAVSawAAAQEICijlFlYJITj5FgMBAO4BAADqAwPdYI75M\/7Hk5QfaVF+3jFJrn8JCAyxqJHjkbfYArYsNAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACZ\/wEAAQAAAAAZABcAABRtbWctZm5hLndoYXRzYXBwLm5ldAAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924083506116,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","ja4":"t12d2011h2_2a284e3b0c56_8d24740b1268","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924083506116,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2011h2_2a284e3b0c56_8d24740b1268","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083596769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1519924083596769,"pkt":"kLkxKPrKXEl5dU5qCABFAAA0WA5AAFUGeX65PNg1wKgCHQG7wgonNGFaPCaFY4AQAHKSgAAAAQEICgkhOVko5RZW"} -01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083598208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1519924083598208,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d2011h2_2a284e3b0c56_8d24740b1268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01735{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083599471,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":3208,"midstream":0,"thread_ts_usec":1519924083599471,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d2011h2_2a284e3b0c56_8d24740b1268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB","blocks":0}}} +01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083598208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1519924083598208,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d2011h2_2a284e3b0c56_8d24740b1268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01694{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083506116,"flow_dst_last_pkt_time":1519924083599471,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":3208,"midstream":0,"thread_ts_usec":1519924083599471,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d2011h2_2a284e3b0c56_8d24740b1268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB","blocks":0}}} 02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924108832377,"flow_dst_last_pkt_time":1519924084217928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":5152,"flow_dst_tot_l4_payload_len":3695,"midstream":0,"thread_ts_usec":1519924108832377,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":846062.3,"max":24639770,"stddev":4345174.0,"var":18880535724032.0,"ent":0.5,"data": [89960,91931,2998,95622,1439,1232,31,95929,999,78942,282792,460945,6,97926,4,3994,6995,998,5,4,115136,17,1231,43,102916,998,41079,24639770,4996,5995,2998]},"pktlen": {"min":52,"avg":329.1,"max":1450,"stddev":491.8,"var":241822.2,"ent":3.8,"data": [64,60,52,295,52,1450,1450,464,52,52,52,178,310,133,52,52,105,102,94,235,90,52,90,52,162,52,52,52,275,1450,1450,1450]},"bins": {"c_to_s": [9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0],"s_to_c": [5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0],"entropies": [4.421927452,5.154205322,5.000318527,5.630068779,5.156889915,6.911639214,7.331070900,7.439278603,5.077241421,5.077241421,4.892748356,6.281505585,7.104421139,6.400995731,4.993616104,5.038779736,5.644111633,5.709043026,5.428511143,6.868546009,5.439019203,5.156889439,5.895723343,5.156889439,6.637435913,5.038779736,5.077241421,5.156889915,7.004677773,7.873590469,7.843841553,7.873690605]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240121220,"flow_dst_last_pkt_time":1519924240121220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924240121220,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1519924240121220,"flow_dst_last_pkt_time":1519924240121220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1519924240121220,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1519924240121220,"flow_dst_last_pkt_time":1519924240177946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1519924240177946,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1519924240182174,"flow_dst_last_pkt_time":1519924240177946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1519924240182174,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1519924240183173,"flow_dst_last_pkt_time":1519924240177946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1519924240183173,"pkt":"XEl5dU5qkLkxKPrKCABFAAI5AABAAEAG5IfAqAIduTzYNcIiAbuCj0Eoz69sqoAYCAWCiQAAAQEICijnd5a3hjooFgMBAgABAAH8AwNLVHn\/qWaqe3EcBfpck7lkGf95e1gm1h4KmRyfvYLGZSCx8n8z8XDJ+pVmShGZO5o0rp2h9+q5RbYekK14EkkJrwAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAYv\/AQABAAAAABkAFwAAFG1tZy1mbmEud2hhdHNhcHAubmV0ABcAAAAjAMBMhNjUH0CTvBnqiVFQaCRU+XdLmaAKsl6RhTDQdfjln21DO\/iuWwaZv7o0tRnrD0zGXfKLE21hGZsgP5yp6jr2e7zLS8WzWE70eK8AvPN\/2PjRvQ2KQLFih5DQ\/7VS1GZgxdE1esumsOXZvO8dCDRl\/ywTNL5\/eViaZ7Hv3xuhTsvPPVj0WmGTBPBd2Ojt+5YFTF6Vikm\/vwOo1oRafYFUsHDDXtp5HL7hG8EbbmkYJAuTL5bcgEDz3EgkXrvdezoADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABgAFQAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240183173,"flow_dst_last_pkt_time":1519924240177946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924240183173,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","ja4":"t12d2012h2_2a284e3b0c56_bea5132cbaaf","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240183173,"flow_dst_last_pkt_time":1519924240177946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924240183173,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2012h2_2a284e3b0c56_bea5132cbaaf","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1519924240183173,"flow_dst_last_pkt_time":1519924240243918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1519924240243918,"pkt":"kLkxKPrKXEl5dU5qCABFAAA0Vs5AAFUGer65PNg1wKgCHQG7wiLPr2yqgo9DLYAQAHLJsAAAAQEICreGOmoo53eW"} -01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240183173,"flow_dst_last_pkt_time":1519924240244034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1519924240244034,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","ja4":"t12d2012h2_2a284e3b0c56_bea5132cbaaf","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240183173,"flow_dst_last_pkt_time":1519924240244034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1519924240244034,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net","domainame":"mmg-fna.whatsapp.net","tls": {"version":"TLSv1.2","ja3s":"96681175a9547081bf3d417f1a572091","ja4":"t12d2012h2_2a284e3b0c56_bea5132cbaaf","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","blocks":0}}} 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240317078,"flow_dst_last_pkt_time":1519924240518900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":12875,"midstream":0,"thread_ts_usec":1519924240518900,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":19146.4,"max":107518,"stddev":30886.0,"var":953946176.0,"ent":3.3,"data": [56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201]},"pktlen": {"min":52,"avg":485.4,"max":1450,"stddev":599.2,"var":359069.1,"ent":4.0,"data": [64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450]},"bins": {"c_to_s": [6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.220872402,5.062724590,6.536932945,5.310736179,6.547456264,5.115703106,5.511427402,5.798887253,5.734943390,5.532109261,7.100424290,6.478804111,5.091758728,5.529591560,5.233812809,6.065113068,5.272274971,6.031597137,5.091758728,5.070539474,5.272274971,7.882384777,7.084619522,7.865714073,7.857034683,7.885036469,7.857791901,7.873408318,7.856501579,7.894844532,7.850902557]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":149,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924193366820,"flow_dst_last_pkt_time":1519924193429446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":178544,"flow_dst_tot_l4_payload_len":4980,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net"}} 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":178,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924247388841,"flow_dst_last_pkt_time":1519924247384385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":225649,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"mmg-fna.whatsapp.net"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":620,"packets-processed":620,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1519924247388841} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":620,"packets-processed":620,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1519924247388841} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 620/620 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6996614 bytes -~~ total memory freed........: 6996614 bytes -~~ total allocations/frees...: 114796/114796 +~~ total memory allocated....: 7574210 bytes +~~ total memory freed........: 7574210 bytes +~~ total allocations/frees...: 126527/126527 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 551 chars ~~ json message max len.......: 2202 chars diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out index 6a5fc2c05..292776b42 100644 --- a/test/results/default/whois.pcapng.out +++ b/test/results/default/whois.pcapng.out @@ -1,5 +1,5 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507397119066212} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507397119066212} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119066212,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1507397119066212,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1507397119183017,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} @@ -7,17 +7,17 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1507397119183714,"pkt":"UlQAEjUCCAAnPqwxCABFAAA1fotAAEAGwO0KAAIPwAAvO6ycACuFe1kDAJdeAlAYchD7cQAAZXhhbXBsZS5jb20NCg=="} 00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119183714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com","domainame":"example.com"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1507397119183935,"pkt":"CAAnPqwxUlQAEjUCCABFAAAoSF4AAEAGNyjAAC87CgACDwArrJwAl14ChXtZEFAQ\/\/\/KnQAAAAAAAAAA"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460416,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB8BpDHChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1603,"flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":228,"pkt_l4_len":190,"thread_ts_usec":1604305198677924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAA0uAtQAB5BrdDChEiiwoRMwj6EBD3\/zhGhz5vYKBQGAICz4oAABYDAwClAQAAoQMDX5\/BMV1rPKhByzNRK4rcAwy\/wMJWuP4Xh6PiU3vD\/KoAACbALMArwDDAL8AkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFIABQAFAQAAAAAACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABAADgAMAmgyCGh0dHAvMS4xABcAAP8BAAEA"} -01533{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01739{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5","blocks":0}}} +01492{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5","blocks":0}}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119368026,"flow_dst_last_pkt_time":1507397119369277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","vlan_id":1908,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} @@ -27,7 +27,7 @@ 01112{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":""}} 00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1908,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01322{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"vlan_id":1603,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919370 bytes -~~ total memory freed........: 6919370 bytes -~~ total allocations/frees...: 114194/114194 +~~ total memory allocated....: 7496966 bytes +~~ total memory freed........: 7496966 bytes +~~ total allocations/frees...: 125925/125925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 2160 chars diff --git a/test/results/default/windowsupdate_over_http.pcap.out b/test/results/default/windowsupdate_over_http.pcap.out index 70b8aec1a..a7c65184b 100644 --- a/test/results/default/windowsupdate_over_http.pcap.out +++ b/test/results/default/windowsupdate_over_http.pcap.out @@ -1,4 +1,4 @@ -00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":94209879,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":94209879,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":94209879,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zkVAAIAGQI8KAAIPl2NIfcKXAFAVLcI9AAAAAIAC+vDt3QAAAgQFtAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":94216419,"pkt":"CAAn5uVZUlQAEjUCCABFAAAs7dwAAEAGoQCXY0h9CgACDwBQwpcBAsoBFS3CPmAS\/\/9G0AAAAgQFtA=="} @@ -8,7 +8,7 @@ 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":94216898,"pkt":"CAAn5uVZUlQAEjUCCABFAAAo7d0AAEAGoQOXY0h9CgACDwBQwpcBAsoCFS3EHVAQ\/\/9crgAA"} 01659{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94225646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":94225646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125","domainame":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":206,"content_type":"application\/octet-stream","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}} 01260{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":94209879,"flow_src_last_pkt_time":94227136,"flow_dst_last_pkt_time":94226926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":14400,"midstream":0,"thread_ts_usec":94227136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125"}} -00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":94227136} +00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":94227136} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6909120 bytes -~~ total memory freed........: 6909120 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7486730 bytes +~~ total memory freed........: 7486730 bytes +~~ total allocations/frees...: 125906/125906 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 521 chars ~~ json message max len.......: 1664 chars diff --git a/test/results/default/windscribe.pcapng.out b/test/results/default/windscribe.pcapng.out index 2fffbf43a..3c80ff934 100644 --- a/test/results/default/windscribe.pcapng.out +++ b/test/results/default/windscribe.pcapng.out @@ -1,15 +1,15 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721745032772331} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1721745032772331} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745032772331,"flow_dst_last_pkt_time":1721745032772331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721745032772331,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1721745032772331,"flow_dst_last_pkt_time":1721745032772331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721745032772331,"pkt":"CL6sCxduJjb1W8R1CABFAAA8Q\/1AAEAGZ1XAqAyca6FWhKTQAbu70yBCAAAAAKAC\/\/\/24AAAAgQFtAQCCApTM+veAAAAAAEDAwk="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1721745032772331,"flow_dst_last_pkt_time":1721745032911061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1721745032911061,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGulJroVaEwKgMnAG7pNBJaO1Iu9MgQ6ASqbAnGQAAAgQFtAQCCArOUiECUzPr3gEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1721745032997668,"flow_dst_last_pkt_time":1721745032911061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1721745032997668,"pkt":"CL6sCxduJjb1W8R1CABFAAA0Q\/5AAEAGZ1zAqAyca6FWhKTQAbu70yBDSWjtSYAQAKz9\/AAAAQEIClMz7M3OUiEC"} 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745032911061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1721745033016839,"pkt":"CL6sCxduJjb1W8R1CABFAADqQ\/9AAEAGZqXAqAyca6FWhKTQAbu70yBDSWjtSYAYAKypaAAAAQEIClMz7ODOUiECFgMBALEBAACtAwPrDhJ+KBE03qHnI54rgAHqj39q6+bsdcSI9hg9Nu2c2yC5pT7l7eVEgzkzmRWY6Q\/K6718hX3SZINZqxjF9wReiwAkzKkAnAA8wDDALwCdwCfAK8AswCPACsATAAXABwAvwAkANcARAQAAQAAQAA4ADAJoMghodHRwLzEuMQANABAADgIBBAMEAQUDBgECAwUBABcAAAAKAAgABgAdABcAGAAjAAAACwACAQA="} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745032911061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721745033016839,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3aed7e7668a1356721767da8740f69ed","ja3s":"","ja4":"t12d1806h2_102b67c9f592_d0797edaf0d0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745032911061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1721745033016839,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1806h2_102b67c9f592_d0797edaf0d0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745033155514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1721745033155514,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0FEtAADEGpg9roVaEwKgMnAG7pNBJaO1Ju9Mg+YAQAFX8lgAAAQEICs5SIfZTM+zg"} -01943{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745033155535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1036,"midstream":0,"thread_ts_usec":1721745033155535,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Windscribe","proto_id":"91.429","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3aed7e7668a1356721767da8740f69ed","ja3s":"00be073a5459cc054724f5808fd7ab67","ja4":"t12d1806h2_102b67c9f592_d0797edaf0d0","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230","subjectDN":"C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230","advertised_alpns":"h2,http\/1.1","fingerprint":"A5:6B:13:F0:68:BE:8C:0F:54:C9:15:A7:D6:68:75:F7:3F:49:92:DE","blocks":0}}} +01902{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033016839,"flow_dst_last_pkt_time":1721745033155535,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1036,"midstream":0,"thread_ts_usec":1721745033155535,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Windscribe","proto_id":"91.429","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"00be073a5459cc054724f5808fd7ab67","ja4":"t12d1806h2_102b67c9f592_d0797edaf0d0","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230","subjectDN":"C=US, ST=CA, L=San Francisco, O=Windscribe, OU=IT Dept., CN=54.153.90.230","advertised_alpns":"h2,http\/1.1","fingerprint":"A5:6B:13:F0:68:BE:8C:0F:54:C9:15:A7:D6:68:75:F7:3F:49:92:DE","blocks":0}}} 01431{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1721745032772331,"flow_src_last_pkt_time":1721745033946014,"flow_dst_last_pkt_time":1721745033764796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":787,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2275,"flow_dst_tot_l4_payload_len":5707,"midstream":0,"thread_ts_usec":1721745033946014,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"107.161.86.132","src_port":42192,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Windscribe","proto_id":"91.429","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1721745033946014} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/windscribe.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":24,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1721745033946014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6924231 bytes -~~ total memory freed........: 6924231 bytes -~~ total allocations/frees...: 114174/114174 +~~ total memory allocated....: 7501827 bytes +~~ total memory freed........: 7501827 bytes +~~ total allocations/frees...: 125905/125905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars -~~ json message max len.......: 1948 chars -~~ json message avg len.......: 1206 chars +~~ json message max len.......: 1907 chars +~~ json message avg len.......: 1186 chars diff --git a/test/results/default/wireguard.pcap.out b/test/results/default/wireguard.pcap.out index e6e5806c8..9d17a4c82 100644 --- a/test/results/default/wireguard.pcap.out +++ b/test/results/default/wireguard.pcap.out @@ -1,5 +1,5 @@ -00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532126321356858} +00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00835{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1532126321356858} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0lLWDOjblv1r4CABFiACwAksAAEARY1YKCQABCgkAAqnGymwAnBTCAQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1532126321359376,"pkt":"Ojblv1r4ouY0lLWDCABFiAB4KjkAAEARO6AKCQACCgkAAcpsqcYAZBSKAgAAAAb0favYN9AwsY1VUL1AQqN6RoI6wI2x7GaDm8DKLWS8Fc2AIytmIy+uwkr4kY3hBg\/1yY6GXV818nIhTFJgEQ3Exh4yzdhUIQAAAAAAAAAAAAAAAAAAAAA="} @@ -8,7 +8,7 @@ 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1532126321359708,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126321359929,"pkt":"Ojblv1r4ouY0lLWDCABFAACcKjoAAEARPAMKCQACCgkAAcpsqcYAiBSuBAAAANg30DAAAAAAAAAAAG9PCA6fUmkbvpSFNfecE+1o8JFF1SPu2whyZfloCC9wc1cpJj7aYnx2g83AuAozVtlTbJ8OKHJ5e1yBcguguOpyM8bev58PvujxDsGJhbgkvzUPi4GA0Ipk5r6YEAiaw9E2PtXhKcoeBCXPfpSWVlk="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532126322363971,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126322363971,"pkt":"ouY0lLWDOjblv1r4CABFAACcApAAAEARY60KCQABCgkAAqnGymwAiBSuBAAAAAb0fasBAAAAAAAAAHzNKCSiKfzNFoU7Hv+UasxWNazSNhCJwxaXBs4Pz2LNqySyHtibW+QDk8FpLPp6KYHljK6RU0il+fyDPap6kagbUeVbtzLq3DhtalfmJbCSy1upQ\/apOsaaBwHpnmAipi8Gbzy2IjKAkdrVnfE\/bjM="} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1532126461633953,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1563973554628757} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1563973554628757} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":800,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1563973554628757,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_usec":1563973554628757,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1563973554628780,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"} @@ -18,7 +18,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1563973554711201,"flow_dst_last_pkt_time":1563973554642219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1563973554711201,"pkt":"OCxKuzMdABAY3q0FCABFAAB8FcIAADURYrmLosCdwKgADspsjRQAaAbHBAAAAL5AaY1tAAAAAAAAAPpGK9K5H5VHV22UlCuzckhifHXG0mCPbNY7tJ3Ehp5q9DbTenVPM\/dETy5WTx4iR6yiQjK\/qZpSgBD1KbJ+XOoBt2B9Juw3RjALxSawFkyQ"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973564026333,"flow_dst_last_pkt_time":1563973563910592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":4672,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1563973564026333} +00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1563973564026333} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911568 bytes -~~ total memory freed........: 6911568 bytes -~~ total allocations/frees...: 114202/114202 +~~ total memory allocated....: 7489164 bytes +~~ total memory freed........: 7489164 bytes +~~ total allocations/frees...: 125933/125933 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 619 chars ~~ json message max len.......: 1610 chars diff --git a/test/results/default/wow.pcap.out b/test/results/default/wow.pcap.out index 6644ceb26..d69d3a21b 100644 --- a/test/results/default/wow.pcap.out +++ b/test/results/default/wow.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437858769436349} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1437858769436349} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858769436349,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437858769436349,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437858769436349,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858769436349,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437858769437258,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858769437258,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} @@ -29,7 +29,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1437858849702632,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702632,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702756,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1437858849489494,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849924849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":50,"midstream":0,"thread_ts_usec":1437858849924849,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":83,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1437859397750241} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":83,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":32,"global_ts_usec":1437859397750241} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437859397750241,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750241,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1437859397750308,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750308,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} @@ -42,7 +42,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1437858780584251,"flow_src_last_pkt_time":1437858781945900,"flow_dst_last_pkt_time":1437858782413909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":401,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":5,"flow_first_seen":1437858849489494,"flow_src_last_pkt_time":1437858850365838,"flow_dst_last_pkt_time":1437858850365461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859398404065,"flow_dst_last_pkt_time":1437859398661830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":93,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":95,"packets-processed":95,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1437859398661830} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":95,"packets-processed":95,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":45,"global_ts_usec":1437859398661830} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 ~~ skipped flows.............: 0 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6926371 bytes -~~ total memory freed........: 6926371 bytes -~~ total allocations/frees...: 114293/114293 +~~ total memory allocated....: 7504024 bytes +~~ total memory freed........: 7504024 bytes +~~ total allocations/frees...: 126026/126026 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars ~~ json message max len.......: 1389 chars diff --git a/test/results/default/xdmcp.pcap.out b/test/results/default/xdmcp.pcap.out index a3bc094e4..f6b555343 100644 --- a/test/results/default/xdmcp.pcap.out +++ b/test/results/default/xdmcp.pcap.out @@ -1,5 +1,5 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1538467333581076} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1538467333581076} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"thread_ts_usec":1538467333581076,"pkt":"CAAngNsFUlQAEjUACABFAAAjIEIAAP8Rg4AKAQICCgECBO\/yALEAD\/cgAAEAAgABAAAAAAAAAAAAAAAA"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} @@ -8,7 +8,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1538467333586740,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1538467333731484,"pkt":"UlQAEjUACAAngNsFCABFAABQuVJAAEARaUMKAQIECgECAgCx7\/IAPBhVAAEACAAuDIAyAwAAAAAAEk1JVC1NQUdJQy1DT09LSUUtMQAQTPvoMVb5+UR+Qxed0+SWjg=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1538467334608643,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1538467334608643,"pkt":"CAAngNsFUlQAEjUACABFAAA5IEQAAP8Rg2gKAQICCgECBO\/yALEAJZG\/AAEACgAXDIAyAwAAAA9NSVQtdW5zcGVjaWZpZWQ="} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467336601228,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1538467336601228,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1538467336601228} +00836{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1538467336601228} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907787 bytes -~~ total memory freed........: 6907787 bytes -~~ total allocations/frees...: 114143/114143 +~~ total memory allocated....: 7485383 bytes +~~ total memory freed........: 7485383 bytes +~~ total allocations/frees...: 125874/125874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 536 chars ~~ json message max len.......: 966 chars diff --git a/test/results/default/xiaomi.pcap.out b/test/results/default/xiaomi.pcap.out index 5dcb34dae..e6e25d1bc 100644 --- a/test/results/default/xiaomi.pcap.out +++ b/test/results/default/xiaomi.pcap.out @@ -1,9 +1,9 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","vlan_id":208,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_usec":1639054136437359,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="} 00967{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"vlan_id":208,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":""}} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643625846975752,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643625846975752,"pkt":"AAAAAAAAAA0AYH2pCABFFAA8AABAAC4G2JdzpErowKj02xRms1CUmJB5c0FIJ6ASaVAVsQAAAgQFUAQCCAri0mMlEWpVrAEDAwk="} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625847008745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1643625847008745,"pkt":"AAAAAAAAAAoAtbdgCABFAADsPqBAAEAGh1vAqPTbc6RK6LNQFGZzQUgnlJiQeoAYAKxOqAAAAQEIChFqVg7i0mMlwv4ABQAAAKwAAgAWAAAAjggAGgp4aWFvbWkuY29tKgRDT05OSAAIahINUmVkbWkgTm90ZSA5UxoRVjEyLjUuMi4wLlJKV01JWE0iKmEtRDdBNUQ4QTlCNTM3NTI5Rjk2NkU0MjlEMDU4ODYyMDMyNEY2QzVFMigqMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS4zNS43Mzo1MjIyQhBhcl9FR18jdS1udS1sYXRuSgIYAFAebjssqA=="} @@ -26,7 +26,7 @@ 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858163146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643625858251774,"pkt":"AAAAAAAAAAUARa2GCABFFAB2BwBAAC0GT7dhJ3eswKhdOxRmySBqbHLjb20PkIAYADWSLgAAAQEIChVvdCQWrKzjwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjkyODQzNjUzNzESBGQzOGMaAggAIgB+7gui"} 01830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1013,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1013,"pkt_l4_len":979,"thread_ts_usec":1643625858290111,"pkt":"AAAAAAAAAAUARa2GCABFAAPnXtVAAEAG4YTAqF07YSd3rMkgFGZvbQ+QamxzJYAYAVdAegAAAQEIChasrWIVb3Qkwv4ABQAAA6ePAlQXgwcDpjrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln6n2ECEvLfwgzevfD1u\/CWmlaUPaZueHN8B9ew4RhxHiqHdSsBkyR3\/8cXiDijQq6T8Ek7smY\/RX\/5leFfWyTeoTllIzIUkB55Pa1o+qg3e53JuNFDNQfWiRPHBesCrCXsbija8s1EZqinSwpndgCEBFquauEl0+Ragp0lMAm7RxiyEIiOyxii5gY6FbeEsulHj5K+xrSQspZJtPdEOSpF1rz3Gyo9NjcCfsHV9R4Qi2\/9SJtd09CAVq8p243RiYrBSFNXlnTx1d+gDkjIIWEnSHiWm6wI3RKFPkfupRRU42022iQm6gc+ln75Gn85HTw+NXyOi7hiRF7DRS7G7djKIAszOszTFHRkkpjyJOeBTxqe0\/cP7iVPR4k8S8Yt2IIyGHi9Ev4Zlb4gChCAaSmqzYYUrN1LvdTCbvsqCb4+X\/nhcnmWWblseOpPYxDs0BNszHZKDXWo+ranx19e5G\/9xXDFrAxfcMfNuriGBbbVAXe7462XSH\/+tpcjQk24myuI7hOvnD750dNp\/HrqJWAHUQZ74X6JknAabe7d8J0L2HrM9CKftKHNEwNVBo2W7hYmWR4sIdVm9PC1yhLua4+FQb6gD7CfCitUins9w35O879aJ6hQ6ifA72fy1CW8kYwHTRt1PYIpZxMYXrmTgEWSWA9qM82PLbe5eiXV7BJfNYZoJLzdYqhwGnnsmohpFVuKyUorBJD7vvuQD3SNaJCkOcjkonUC7w1Aoq\/LEleMvZMCV5xjp40ct2wu2xQKSVdZolpUZwqutt8Gf9sRoGhgdIPb9EK542l8\/A7tHHzrmc8IOcyiGpNJ\/EuwyWs7gFpgVLTXSPqTbe1qzkw0S2Y2nPo+6Ky42BpsyBzk4qUs6ydaYyDy4szOeNYiIojVSTrTxAv81CONJ2+ehjOWR8xPviE1S1QIXaYB4Gqs\/lZigZFQG\/oXglQxrWoVdulOJx7hBr6CvDnOH8iaYOEAE+dhE0\/fUwSxsmmO3nkoBZimUpkdwux5rIZFUx9dApAbOxa7+aCnM4QzRm98LOIHsLSXbGeit3y2PpoHyZPuSe4WpTir5GONnCdFxFykyAYWy1Q4zL\/K\/oFI9aozHoou7\/tqoKcgsNRo43pfiO7Jzlwy0YGnBZXXeyDs7q5ihlPt6rz9zQzrxMSuy3zrUgN1tIfI5+V1VE="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1643625858384595,"pkt":"AAAAAAAAAAUARa2GCABFFACdBwFAAC4GTo9hJ3eswKhdOxRmySBqbHMlb20TQ4AYADRRBgAAAQEIChVvdKgWrK1iwv4ABQAAAF2PAlQXgwcA7DrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln4nmG0Vi+OwwzW+foz4TyXEsJXPSpg\/XoqwJuhd4u9kuYCJ6VJSia4DKX"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1649839944752000} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":29,"global_ts_usec":1649839944752000} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649839944752000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944752000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MLBAAD8GlDbAqAJkA3+wSpNMFGaY8mRiAAAAAKAC\/\/+SoQAAAgQFtAQCCAodPXxCAAAAAAEDAwk="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944776000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPMGEOYDf7BKwKgCZBRmk0xMrReHmPJkY6ASaN+IpwAAAgQFrAQCCAr78kDrHT18QgEDAwg="} @@ -37,7 +37,7 @@ 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625847231770,"flow_dst_last_pkt_time":1643625847145760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":928,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":1112,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"47.241.35.73"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625858130651,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":947,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1117,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"47.241.59.87"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1643625848421465,"flow_src_last_pkt_time":1643625997739244,"flow_dst_last_pkt_time":1643625997646742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1085,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"47.241.35.73"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1649853179269000} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":34,"packets-processed":33,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":40,"global_ts_usec":1649853179269000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179269000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179269000,"pkt":"eJS0JASgYDjgxTWgCABFAAA82XxAAD8GovfAqAJkEsHperAyFGbKjahPAAAAAKAC\/\/8SCgAAAgQFtAQCCAp5z8VmAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179291000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPUGxnMSwel6wKgCZBRmsDIvdwKjyo2oUKASaN9j8wAAAgQFrAQCCAqcy3ZJec\/FZgEDAwg="} @@ -46,16 +46,16 @@ 01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com","domainame":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649853179337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Y2JAAPUGYxkSwel6wKgCZBRmsDIvdwKkyo2pKYAQAG758wAAAQEICpzLdnh5z8WU"} 01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649840399878000,"flow_dst_last_pkt_time":1649840399901000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":933,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":171,"midstream":0,"thread_ts_usec":1649853179854000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com"}} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1650283578710000} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":49,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":49,"global_ts_usec":1650283578710000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283578710000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650283578710000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DvVAAD8GnQ7AqAJky2sBQb46AFChwP+pAAAAAKAC\/\/8meQAAAgQFtAQCCArLcGZmAAAAAAEDAwk="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650283579013000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAACkGwgvLawFBwKgCZABQvjrJa8kHocD\/qoASchB61gAAAgQFrAEBBAIBAwMH"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1650283579202000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoDvZAAD8GnSHAqAJky2sBQb46AFChwP+qyWvJCFAQAKwtBQAA"} 00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_usec":1650283579202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGEDvdAAD8Gm8TAqAJky2sBQb46AFChwP+qyWvJCFAYAKx3MgAAR0VUIC8xNjQ1NjYvc2lnbl9kP2hvc3Q9YXBwbWFya2V0Lm1pY2xvdWQueGlhb21pLm5ldCZzZGs9YW5kcm9pZF8xLjMuMyZ0PTE2NTAyODQxNzkmcz03NjJmMmMwN2NmOTI2MmM2MTc1M2Y0NWI0MTE3YzIzMiZzaWQ9amNjTTdQRjRYWTBUJm5ldD13aWZpJmJzc2lkPTAyJTNBMDAlM0EwMCUzQTAwJTNBMDAlM0EwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMDsgUmVkbWkgTm90ZSA5IFBybyBNSVVJL1YxMi4wLjMuMC5RSlpNSVhNKQ0KSG9zdDogMjAzLjEwNy4xLjY1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01553{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"203.107.1.65","domainame":"203.107.1.65","http": {"url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"203.107.1.65","domainame":"203.107.1.65","http": {"url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}}} 01176{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853538407000,"flow_dst_last_pkt_time":1649853179817000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":948,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":593,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} -01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1650283579202000} +01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":52,"packets-processed":52,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1650283579202000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 ~~ skipped flows.............: 0 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936582 bytes -~~ total memory freed........: 6936582 bytes -~~ total allocations/frees...: 114286/114286 +~~ total memory allocated....: 7514162 bytes +~~ total memory freed........: 7514162 bytes +~~ total allocations/frees...: 126017/126017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1835 chars diff --git a/test/results/default/xss.pcap.out b/test/results/default/xss.pcap.out index fd54e9375..b838584e2 100644 --- a/test/results/default/xss.pcap.out +++ b/test/results/default/xss.pcap.out @@ -1,5 +1,5 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243489609806} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1655243489609806} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489609806,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609806,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA8+yJAAEAGt3DAqANtwKgDa9EKAFDSR62xAAAAAKAC+vBHrAAAAgQFtAQCCAqQR5ueAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609822,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QpkRtWU0ketsqAS\/og+LAAAAgQFtAQCCAqztRhGkEebngEDAwc="} @@ -14,7 +14,7 @@ 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489620426,"flow_dst_last_pkt_time":1655243489615942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":608,"flow_dst_tot_l4_payload_len":1843,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107"}} 00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1655243489620426} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1655243489620426} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6910721 bytes -~~ total memory freed........: 6910721 bytes -~~ total allocations/frees...: 114169/114169 +~~ total memory allocated....: 7488331 bytes +~~ total memory freed........: 7488331 bytes +~~ total allocations/frees...: 125901/125901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 1414 chars diff --git a/test/results/default/yandex.pcapng.out b/test/results/default/yandex.pcapng.out index 2f8751f2d..92848c837 100644 --- a/test/results/default/yandex.pcapng.out +++ b/test/results/default/yandex.pcapng.out @@ -1,34 +1,34 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675629757956767} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675629757956767} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757956767,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757956767,"pkt":"dNqIE5X\/CI6QkAulCABFAAA87YBAAEAG6CrAqAH51bTMup0aAbsZxJRyAAAAAKAC+vDi+wAAAgQFtAQCCApF2HIeAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757971675,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcG3qvVtMy6wKgB+QG7nRotDdTkGcSUc6ASqUoQtAAAAgQFggQCCApPBdMWRdhyHgEDAwg="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1675629757971734,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757971734,"pkt":"dNqIE5X\/CI6QkAulCABFAAA07YFAAEAG6DHAqAH51bTMup0aAbsZxJRzLQ3U5YAQAfbmlAAAAQEICkXYci1PBdMW"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675629757972020,"pkt":"dNqIE5X\/CI6QkAulCABFAAI57YJAAEAG5ivAqAH51bTMup0aAbsZxJRzLQ3U5YAYAfZ\/EwAAAQEICkXYci1PBdMWFgMBAgABAAH8AwP+vI3mLN5Z+wBnku34fYzINGujNs\/+gAsvFuXSOXknZCD6SKp6ZH+Gnp264bYpR97eRIjgLauFRWr5TqKNguHKtAAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABQAEgAAD211c2ljLnlhbmRleC5regAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgBddzRfBLAWsja3T4QoBg0WPg0yskDzcG6ZG7KDUVPmQALQACAQEAKwAHBkpKAwQDAwAbAAMCAAJEaQAFAAMCaDLa2gABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757972020,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757972020,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757997818,"pkt":"CI6QkAuldNqIE5X\/CABFAAA03SdAADcGAYzVtMy6wKgB+QG7nRotDdTlGcSWeIAQAKjlzQAAAQEICk8F0yZF2HIt"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675629757997818,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757997886,"flow_dst_last_pkt_time":1675629758006704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4440,"midstream":0,"thread_ts_usec":1675629758006704,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88","blocks":0}}} -00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1675632200347508} +01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675629757997818,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757997886,"flow_dst_last_pkt_time":1675629758006704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4440,"midstream":0,"thread_ts_usec":1675629758006704,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88","blocks":0}}} +00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1675632200347508} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200347508,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632200347508,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8p+RAAEAGmcPAqAH5spqD2N8mAbsQs3pEAAAAAKAC+vC2kwAAAgQFtAQCCAoxyf\/EAAAAAAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675632200354042,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200354042,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+VAAEAGmcrAqAH5spqD2N8mAbsQs3pFVOenIIAQAfYqYQAAAQEICjHJ\/8uE0TMJ"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1675632200354473,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632200354473,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5p+ZAAEAGl8TAqAH5spqD2N8mAbsQs3pFVOenIIAYAfa4rAAAAQEICjHJ\/8uE0TMJFgMBAgABAAH8AwMCeOB+UV1Zl9rAfoMXDlTph\/llJNZPDmuYxOLa\/xVPqSAPpKtXfFpcXtQD9gJxdXfYfia9BR5gQVgTgED8FRJLwQAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABEADwAADHlhc3RhdGljLm5ldAAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgBpJMFfO4MRn+lGw5Q9QiDVq4CEy2Rx1IolF7flyHs38ALQACAQEAKwAHBtraAwQDAwAbAAMCAAJEaQAFAAMCaDLKygABAAAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200354473,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200354473,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"yastatic.net","domainame":"yastatic.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200354473,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200354473,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"yastatic.net","domainame":"yastatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1675632200360494,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200360494,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+dAAEAGmcjAqAH5spqD2N8mAbsQs3xKVOe1eoAQAdoaEwAAAQEICjHJ\/9GE0TMO"} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675632200360995,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1675632200360995,"pkt":"dNqIE5X\/CI6QkAulCABFAACEp+hAAEAGmXfAqAH5spqD2N8mAbsQs3xKVOe1eoAYAfV\/yAAAAQEICjHJ\/9KE0TMOFAMDAAEBFwMDAEWES\/y0BE+L50ZNcAv1HLApgKrcw1X3eeizDczeW49HnM30ZKZ\/Xv6Np0EU8iQuqAO+wCt5OYJYbXGxQhiooyFlrGchlRE="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204761716,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632204761716,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675632204761716,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632204761716,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8lc5AAEAGq9nAqAH5spqD2KR2AbtfewqXAAAAAKAC+vAA6gAAAgQFtAQCCAoxyhEDAAAAAAEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1675632204793132,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632204793132,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0lc9AAEAGq+DAqAH5spqD2KR2AbtfewqYK6FU0oAQAfbe9gAAAQEICjHKESKE0URG"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1675632204793462,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632204793462,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5ldBAAEAGqdrAqAH5spqD2KR2AbtfewqYK6FU0oAYAfbgCQAAAQEICjHKESKE0URGFgMBAgABAAH8AwMMhTgCx3sXJJ1s+Gg3dB1Y1YFOA0Qyx6jeNfCNHy8JpyBEH+2sTaBY75L\/Bj6JtOKcZ+SvYj0u3Z\/hJ+uso7EoPQAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAAABEADwAADHlhc3RhdGljLm5ldAAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAghSc9eOL2w0XPC0T6QBKFqvyvrtYVTs7ArgPcjXsVywQALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204793462,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632204793462,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"yastatic.net","domainame":"yastatic.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204793462,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632204793462,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"yastatic.net","domainame":"yastatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1675632204799736,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632204799736,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0ldFAAEAGq97AqAH5spqD2KR2AbtfewydK6FfvoAQAeHR9AAAAQEICjHKESmE0URl"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1675632204799743,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632204799743,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0ldJAAEAGq93AqAH5spqD2KR2AbtfewydK6FjLYAQAdvOiwAAAQEICjHKESmE0URl"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541901678,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632541901678,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1675632541901678,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632541901678,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8S\/JAAEAG2RfAqAH5V\/r7Fp+mAbu5dvRGAAAAAKAC+vDj1gAAAgQFtAQCCAo\/vsSoAAAAAAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1675632541925599,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632541925599,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0S\/NAAEAG2R7AqAH5V\/r7Fp+mAbu5dvRHDdkSX4AQAfbPgAAAAQEICj++xMDvqiwS"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1675632541925736,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632541925736,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5S\/RAAEAG1xjAqAH5V\/r7Fp+mAbu5dvRHDdkSX4AYAfb6mQAAAQEICj++xMDvqiwSFgMBAgABAAH8AwPtfMIz6oqBmkptHceMPSbazAEu8ZWM6rOqvlqkat+IUSAka0ycDBu+EbgeRfD6GHwOlyzkKSdus12s2L8YXYqHmwAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAAABsAGQAAFmZlbmVrLm1hcmtldC55YW5kZXgucnUAFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIAA+NQoQ84hyf2kgxArk8+vgM6rjv\/t2S60kQ9wDA9xSAC0AAgEBACsABwaKigMEAwMAGwADAgACRGkABQADAmgy2toAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541925736,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632541925736,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMarket","proto_id":"91.56","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"fenek.market.yandex.ru","domainame":"fenek.market.yandex.ru","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541925736,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632541925736,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMarket","proto_id":"91.56","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"fenek.market.yandex.ru","domainame":"fenek.market.yandex.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1675632541941369,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632541941369,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0S\/VAAEAG2RzAqAH5V\/r7Fp+mAbu5dvZMDdkX1YAQAe3H6gAAAQEICj++xM\/vqiwn"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1675632541943460,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632541943460,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0S\/ZAAEAG2RvAqAH5V\/r7Fp+mAbu5dvZMDdkdS4AQAe3CcgAAAQEICj++xNHvqiwn"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771618343,"flow_dst_last_pkt_time":1675632771618343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771618343,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -36,32 +36,32 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1675632771618343,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632771649047,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLrRX+vpswKgB+QG73+pH994CthYMD6ASqUoBvAAAAgQFggQCCAo5XGBDyUFbawEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1675632771649112,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771649112,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M7JAAEAG8gnAqAH5V\/r6bN\/qAbu2FgwPR\/feA4AQAfbXjAAAAQEICslBW4o5XGBD"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632771649412,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5M7NAAEAG8APAqAH5V\/r6bN\/qAbu2FgwPR\/feA4AYAfYFMAAAAQEICslBW4o5XGBDFgMBAgABAAH8AwPDl+2JFmjKIL7hDfisu89CzYhXZkk\/vwPriWM+Vkg18yCa6rOPbjh937N+DNbc2nfyeYbs5z5msoTSUhsQcGcNWQAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAAABQAEgAAD2Nsb3VkLnlhbmRleC5ydQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkVZtnZwInP6KVt0j5rOweQ5b6EbbUxEB0f8PVn84fF0ALQACAQEAKwAHBioqAwQDAwAbAAMCAAJEaQAFAAMCaDKamgABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771649412,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771649412,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771661361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771661361,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0o39AADcGizxX+vpswKgB+QG73+pH994DthYOFIAQAKjWtwAAAQEICjlcYGHJQVuK"} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771666494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675632771666494,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1675633561788867} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771666494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675632771666494,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1675633561788867} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561788867,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561788867,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8OJ1AAEAG7PzAqAH5V\/r6huXQAbth\/x6mAAAAAKAC+vAp1QAAAgQFtAQCCAqt2\/gKAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561796212,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLppX+vqGwKgB+QG75dDNImeHYf8ep6ASqUqZLQAAAgQFggQCCAroj8Uzrdv4CgEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561796246,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561796246,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0OJ5AAEAG7QPAqAH5V\/r6huXQAbth\/x6nzSJniIAQAfZvFgAAAQEICq3b+BHoj8Uz"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561796388,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5OJ9AAEAG6v3AqAH5V\/r6huXQAbth\/x6nzSJniIAYAfZUdAAAAQEICq3b+BHoj8UzFgMBAgABAAH8AwPOIUBKVKp8ZIN\/EU9VoiHQ2AlXZ+uEELBPqWzpmhja2SAKtUg2hG8DnSzG1e1bqKHeg+5gxcar1cZ5N1LebgjawAAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAAABUAEwAAEGRpcmVjdC55YW5kZXgua3oAFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIIA8oyLKide20cLJ\/ycLxubM9zuROWUepq2\/4LpEMhQeAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyenoAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561796388,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"direct.yandex.kz","domainame":"direct.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561796388,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"direct.yandex.kz","domainame":"direct.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561800946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561800946,"pkt":"CI6QkAuldNqIE5X\/CABFAAA07UlAADcGQVhX+vqGwKgB+QG75dDNImeIYf8grIAQAKhuWgAAAQEICuiPxTit2\/gR"} -01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561803570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675633561803570,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"direct.yandex.kz","domainame":"direct.yandex.kz","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561803570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675633561803570,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"direct.yandex.kz","domainame":"direct.yandex.kz","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8SfhAAEAGy0vAqAH5TVgVf6fKAbs1\/d2ZAAAAAKAC+vBx\/wAAAgQFtAQCCArUsCPKAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8IgYAADcGPD5NWBV\/wKgB+QG7p8q7yurkNf3dmqASqUrqiAAAAgQFggQCCAoXvxrK1LAjygEDAww="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0SflAAEAGy1LAqAH5TVgVf6fKAbs1\/d2au8rq5YAQAfbAcgAAAQEICtSwI9QXvxrK"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5SfpAAEAGyUzAqAH5TVgVf6fKAbs1\/d2au8rq5YAYAfa+zQAAAQEICtSwI9UXvxrKFgMBAgABAAH8AwPPjOXZH7bor02bzsColNH1LCr4dbD1DUsA1Xru6JQG\/iCmsiAZnEV2EdUXvMGlNOj\/Yg\/rBaYWHu+JG0FfmKdBVQAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAAAACAAHgAAGzEuZG93bmxvYWRlci5kaXNrLnlhbmRleC5regAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAglM7QJHbac9VGEYIQIOVtNhWVrjyyN0uhmbCBF21+ICEALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDL6+gABAAAVALwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0IgcAADcGPEVNWBV\/wKgB+QG7p8q7yurlNf3fn4AQAAvAVAAAAQEIChe\/Gs3UsCPV"} -01372{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} -02701{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5411,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.downloader.disk.yandex.uz,downloader.disk.yandex.ru,*.disk.yandex.net,*.downloader.disk.yandex.az,*.downloader.disk.yandex.by,*.downloader.disk.yandex.co.il,*.downloader.disk.yandex.com,*.downloader.disk.yandex.com.am,*.downloader.disk.yandex.com.ge,*.downloader.disk.yandex.com.tr,*.downloader.disk.yandex.ee,*.downloader.disk.yandex.fr,*.downloader.disk.yandex.kg,*.downloader.disk.yandex.kz,*.downloader.disk.yandex.lt,*.downloader.disk.yandex.lv,*.downloader.disk.yandex.md,*.downloader.disk.yandex.net,*.downloader.disk.yandex.ru,*.downloader.disk.yandex.tj,*.downloader.disk.yandex.tm,downloader.disk.yandex.az,downloader.disk.yandex.by,downloader.disk.yandex.co.il,downloader.disk.yandex.com,downloader.disk.yandex.com.am,downloader.disk.yandex.com.ge,downloader.disk.yandex.com.tr,downloader.disk.yandex.ee,downloader.disk.yandex.fr,downloader.disk.yandex.kg,downloader.disk.yandex.kz,downloader.disk.yandex.lt,downloader.disk.yandex.lv,downloader.disk.yandex.md,downloader.disk.yandex.net,downloader.disk.yandex.tj,downloader.disk.yandex.tm,downloader.disk.yandex.uz","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.downloader.disk.yandex.uz","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"5F:90:0E:31:DE:D3:1E:B0:D7:D0:03:03:C0:2E:6B:5D:53:A4:D3:77","blocks":0}}} +01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +02660{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5411,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.downloader.disk.yandex.uz,downloader.disk.yandex.ru,*.disk.yandex.net,*.downloader.disk.yandex.az,*.downloader.disk.yandex.by,*.downloader.disk.yandex.co.il,*.downloader.disk.yandex.com,*.downloader.disk.yandex.com.am,*.downloader.disk.yandex.com.ge,*.downloader.disk.yandex.com.tr,*.downloader.disk.yandex.ee,*.downloader.disk.yandex.fr,*.downloader.disk.yandex.kg,*.downloader.disk.yandex.kz,*.downloader.disk.yandex.lt,*.downloader.disk.yandex.lv,*.downloader.disk.yandex.md,*.downloader.disk.yandex.net,*.downloader.disk.yandex.ru,*.downloader.disk.yandex.tj,*.downloader.disk.yandex.tm,downloader.disk.yandex.az,downloader.disk.yandex.by,downloader.disk.yandex.co.il,downloader.disk.yandex.com,downloader.disk.yandex.com.am,downloader.disk.yandex.com.ge,downloader.disk.yandex.com.tr,downloader.disk.yandex.ee,downloader.disk.yandex.fr,downloader.disk.yandex.kg,downloader.disk.yandex.kz,downloader.disk.yandex.lt,downloader.disk.yandex.lv,downloader.disk.yandex.md,downloader.disk.yandex.net,downloader.disk.yandex.tj,downloader.disk.yandex.tm,downloader.disk.yandex.uz","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.downloader.disk.yandex.uz","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"5F:90:0E:31:DE:D3:1E:B0:D7:D0:03:03:C0:2E:6B:5D:53:A4:D3:77","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.37","src_port":45224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8IrdAAEAG8ubAqAH5TVgVJbCoAbtwbSvyAAAAAKAC+vD7iQAAAgQFtAQCCAq55SO+AAAAAAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0IrhAAEAG8u3AqAH5TVgVJbCoAbtwbSvzIzNXzIAQAfYuGAAAAQEICrnlI8tBETkL"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5IrlAAEAG8OfAqAH5TVgVJbCoAbtwbSvzIzNXzIAYAfZ2jQAAAQEICrnlI8xBETkLFgMBAgABAAH8AwONGvS9MmqqZL9T3ClOAGVvpPjxzHWlIP4olaHhgQsb\/CDthZgapOHsJ2O5NTn7e\/gZksqqfVl\/\/JkZ1WaML2X2GQAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAAABMAEQAADm1haWwueWFuZGV4Lmt6ABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACAkr3PGdPqnDY8uLrmpb2FtlwoAx0C4wNo3IAgESOcdKQAtAAIBAQArAAcGOjoDBAMDABsAAwIAAkRpAAUAAwJoMioqAAEAABUAyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01387{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.37","src_port":45224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMail","proto_id":"91.33","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"mail.yandex.kz","domainame":"mail.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.37","src_port":45224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMail","proto_id":"91.33","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"mail.yandex.kz","domainame":"mail.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0IrpAAEAG8uvAqAH5TVgVJbCoAbtwbS34IzNiuIAQAeEg2gAAAQEICrnlI\/9BETk5"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0IrtAAEAG8urAqAH5TVgVJbCoAbtwbS34IzNnzIAQAe0buAAAAQEICrnlJAFBETk5"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -69,9 +69,9 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLdNX+vtNwKgB+QG7yQbFPwqb7Utc5aASqUpyugAAAgQFggQCCAq16DoO3DRlOQEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0PaFAAEAG5znAqAH5V\/r7TckGAbvtS1zlxT8KnIAQAfZInQAAAQEICtw0ZUa16DoO"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5PaJAAEAG5TPAqAH5V\/r7TckGAbvtS1zlxT8KnIAYAfailwAAAQEICtw0ZUa16DoOFgMBAgABAAH8AwOm7RyGDwkffhrTHSV0k8xrfr3RiLQxlf4UrOrBvfJJ7CCd0X8JXbKNT15HH9DNBfZs0Z+8YAO5K\/hl6Cw3a\/IdyQAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAAAABYAFAAAEW1ldHJpa2EueWFuZGV4Lmt6ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACBEUCGuLpWvG++4yM5Km9c0yR6odx0OblwH2t31KC0rDAAtAAIBAQArAAcGGhoDBAMDABsAAwIAAkRpAAUAAwJoMmpqAAEAABUAxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"metrika.yandex.kz","domainame":"metrika.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"metrika.yandex.kz","domainame":"metrika.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0DE5AADcGIY1X+vtNwKgB+QG7yQbFPwqc7Ute6oAQAKhH3AAAAQEICrXoOhjcNGVG"} -01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"metrika.yandex.kz","domainame":"metrika.yandex.kz","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"metrika.yandex.kz","domainame":"metrika.yandex.kz","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771825396,"flow_dst_last_pkt_time":1675632771825396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1072,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":1669,"flow_dst_tot_l4_payload_len":8437,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561812922,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2077,"flow_dst_tot_l4_payload_len":5437,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632203871485,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -81,7 +81,7 @@ 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204850774,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2703,"flow_dst_tot_l4_payload_len":5466,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629758531921,"flow_dst_last_pkt_time":1675629758544983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":2357,"flow_dst_tot_l4_payload_len":4682,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":130,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675633561819787} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":130,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675633561819787} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 130/130 ~~ skipped flows.............: 0 @@ -90,10 +90,10 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7066310 bytes -~~ total memory freed........: 7066310 bytes -~~ total allocations/frees...: 114469/114469 +~~ total memory allocated....: 7643906 bytes +~~ total memory freed........: 7643906 bytes +~~ total allocations/frees...: 126200/126200 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 547 chars -~~ json message max len.......: 2706 chars -~~ json message avg len.......: 1625 chars +~~ json message max len.......: 2665 chars +~~ json message avg len.......: 1605 chars diff --git a/test/results/default/yojimbo.pcap.out b/test/results/default/yojimbo.pcap.out index df10303cc..85540406c 100644 --- a/test/results/default/yojimbo.pcap.out +++ b/test/results/default/yojimbo.pcap.out @@ -1,10 +1,10 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705841430802164} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1705841430802164} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1120,"pkt_l4_len":1086,"thread_ts_usec":1705841430802164,"pkt":"AAAAAAAAAAAAAAAACABFAARSxRtAAMIR8Xx\/AAABfwAAAYdOnEAEPgJSAE5FVENPREUgMS4wMgAAAAAAAAAAACATrWUAAAAAKEYo4cxsxbeO0bGn47kL6bIDhwFb6cXNgaAmgqG7OfEIoRHWgUHLOBEsmzkfjmvr6Cthgf2QIZ4Mk97xNQCSoVT3IBfKGcbuFUHtjUME04dUg7FSon9uKz63H8kkKmDM27hCsGkJ8pcpvjODFXa6vECBXfQ7YwQcC2hwnujXyAGXyxzMKYHJtc5zGs9uPLGhiXZjs2b6ZRVpcMfTM+TUewRvLl9d5pRM8MRznO6ke8Xij0xoZ4bLXDhDZPxxUSUVxlUi6PhvuXQHObIM\/Irjj0yYWbNeS58cDeEjgOhfFfUE4p7fKkwPOxG+L1LHt2i\/pa4hsJZd0nLAKeYIMmzBiXnhLmYw4aEX7KAldE8N5x6a28ChMpaJMTJaXdYeCFkSOSETAf5VATmAjsz246WRUBfKruKjYi8w3DE12Fy8q218zC6ajbMjixM5OZLYE1sQG54x2IGCnJrOSpeuH9vhXzg2pOr9jgTQC9tXUBIK+BRNxNdMRgGvAf8OPPdNPcqfzkMwzZyUNQ\/X04UIZ6bgZZJPXY+y5y6bcC\/g9UhsUR0EhuEaQOCeeS2KdT9X91bAosid3B8wXik5wugpmMknTQgFVJYtrv4hdQMejIa9CfAO9EoqOaFhYmjQtOVG2zByti3XrAIzqgPAtzkaaqxG\/kTxzvAUPgfDvj1vwKigHErva2jRMBMRYc7fbqVifXw\/5oCpNfT4haDeRE63W5LKPGcmgPUgTPAzrXHPE\/Cq5+pd3Rt0+DN\/VSMKYiSD9MAyk89fLaGI2W5c0QiWHVz+axOGP\/A5u2B2vBfPfMh1AaTS93MK2gyLL+HpMqcgYbXmyscvSydsrTl22fDmJYaUBcx32PcIQxaBxchgWRuJGWEiw2eQmZCQD4I\/WZqmzDRX088uAJ6qxRD+3xulxNOTxaqQNUh7ZxTktY4BswfyhNDJtqiYALpiEUNCzpAJSNm4FPNz8um1NGS9d3Dqlwp\/q6t8ZcMsQvpR1yhIBA25SdfmSxrb8p+l1QcjONwKhERsV9voT5pKSzybGc3pgzBRumB3VwY\/ZDYkj8uqoegxypS5Asq\/kC6A0xOkYpUIpttO3TOT6ESzAIqKxH8MIpyux5EE6onb1aqExUmjiIV40rg5XdsQspYr\/\/W3AIpktQpP\/0e+44QlnvT565BwfSP+TULnRvrtYXdwt9c52oukW09dpwXDN0wOhY4i8TIDqjp0+bXvULBMFKp4IkzmRvciwOsw0G1nWP4ZY11NM2vPdIYWaaX4TrkxuE5sMAhxj81+AiEYrkCDqZ3wnzr1gqS+O+eTzyuSzbjZ3vJ32fEbVr9h9T\/+ZUw5aAIYvIAcIcKWdBFxw3VYno5Dec9Hb82M+AI4a5b6jkRyqbp4x0KEtIBTd1IlRBcm4w=="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Yojimbo","proto_id":"388","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Yojimbo","proto_id":"388","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1705841430802164} +00838{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1705841430802164} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907642 bytes -~~ total memory freed........: 6907642 bytes -~~ total allocations/frees...: 114138/114138 +~~ total memory allocated....: 7485238 bytes +~~ total memory freed........: 7485238 bytes +~~ total allocations/frees...: 125869/125869 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 617 chars ~~ json message max len.......: 1976 chars diff --git a/test/results/default/youtube_quic.pcap.out b/test/results/default/youtube_quic.pcap.out index 863eb410b..6a60ebe65 100644 --- a/test/results/default/youtube_quic.pcap.out +++ b/test/results/default/youtube_quic.pcap.out @@ -1,15 +1,15 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1489363823466752} +00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1489363823466752} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823466752,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","quic": {"quic_version":"Q035"}}} 01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1489363823467160,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"thread_ts_usec":1489363823467160,"pkt":"gCqojWksxCwDBkn+CABFAAGdQ1YAAEARAADAqAEH2DrNQtbVAbsBiWjHDZNw4V58RG0IUTAzNQIjOTX0HE3l5Scr7Fgx2f\/r+qyKcH\/8LtiyPftQGYB9rCN29+bVRC8cQk9\/xGvEd6aBS8oqh8NZIxXxQWKlTa8RiJV0BMsIA0J2xai1sihftSstpiUm4Hfb5ePoNWBO9sfumkF4vn\/9w\/9icDJdGccA4OzurorhUAKZSZXQ2C+f4aKf6nX2PELscDc2K8rYtLquJGdtKf4c79ur+nT\/zIZbwAI5FHcm2kTejfWn+vqhJAD0GuZjr1fez\/qk2C34VbRcKzU+r3sMaPUtMdGtgzscnCkXVApYI9m9bd3dzj+CzxW8qOJ7mCU2emBxJ\/DIq4W6MZVOQ8P1s290Mflqj2Ld8WgZbVsDG+nGkhewE4Z8dkUPa+UkVgjTddS58Gokmrg9Z3Adl+QFItNyGTCZv48hVxEemek454JnWb6oZl4ujKpXhQA0CaX5LNroX5y5o\/Wny9SJ17j8aIxrDR0s65vzthwadNOZLJ62NA+MTWY0IQjOuA=="} 02344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1489363823467160,"flow_dst_last_pkt_time":1489363823527694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823527694,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG71tUFTuocBCh3B7XiTuKXN4LFlWznTXqPOMTIP1YB45lXi+l5CF8JASyEKKaDONFN5YR3rA\/p9CKVXhUMWNxz3dKUg1yQftOAuLAuCFZHEo433jmLn2X4f\/Owuck2m9UesvdXoxzwq4xDpUXHvNH9PzNMS1XtEZ0KDZ904pHEN+ZkjUiA2jK\/AWrBBVjEsqHcAMngSVXjIyTLuIfTfT50KGoQr9mSm5SWUDtU4w+2DwTLde4slXrVb5tsrZJ9hx6FXeBCOwNcjEoeHA7do276\/9KH1k58X3zu+PQcEwnHQBIs5Nvjxz0m7lZ\/e4WfsWAx90HOH6likwa4aRKygVjLaiXObj1BRuaQFXdbITUHeb\/v1Bb0ex9qIwx0kcogAUVq6KGcRlImR2VCET7Q2UPfBF1HkA3bAqvJ6t1BP07HS8IKIEm70QgionKkRzGiFzdUhT09R6zdeXllUpiA63fBrBRfZD4ih6nX4zo\/yc\/lz+z\/tYWWCPtitjIx3R+MsYy6evVwKHmKh4xLbNgtf6Bu5FREacax96iyQP2\/vuAdKPy+I6gMbTz04jy4zg2nTKOKHNa3aAGNL9B3Uh5t6mqJXuzsLfLLTPDw3wrJPan+M\/0XoefuuxvaucM7CeSe1bcynXGH+VeCKK3X6BEjxAIAyaIH3WN4GasKfIjmi2abIP71bMldE4Rrc0QpuysWWFnpQQt9pN2sP40R1CWaJEjWn2UIOe0P10GgnLa0xDEY45T4mm1G5cRaybTY1lDhwEfyXyWZ9AZfiHELWMCRxQrjRsfwPjDlL6jHi\/zHIUWOI\/T4jgDqU2KclKtGJHvbzyipTcTSry1Z9gmEkVPVvz\/8EjMnwGHjnltQ6Dn6FOkOgVFgA2iD5qiIgNLtjkUfH1GBvC5KbT9MfqpK2j2k4rSt9zbnBWSsgHnKyvlhVlk4OSMFjMkESHpv2MoP7kPpHn9hYZR+DGSK3WZiE2JTywLeaTFpsQZ3daTQq1Vr04zxtlC9vRWSZgVtzp+73FUoayEpGTdeO3UERRAep7Gz6OHwglh0vTs4C4cI3glPhuREbf69JIx21MPWU3j5sPCPzg7nPp1rI9ewTvRn38IUIjcvV1KuUH4IRVmz5W6wsHwHFtnkwFNuxtYxLxpK0EDIngGp5d6ht7210ydmiQr6O0ON8qJtc3t5+jXn6ntXD+RhEqv4GCaMWHbVrUNZALDxj9JvSEzyroxEuoApEO8TL\/ZdVC\/slwR1pM3JdbAsWN2rxIFLM5krFwOakRgi754xhdBEry7MgvTwiHsgDJ3Rg3jSdB9jubcVT3HICTRmj1vR\/GLDAyPIFAzuuaVmpolrsQwDxFuyNGOcjHVBUbeP6bnCaCs1JfK35oan09836\/37ZWojhkKHAUoDUCP0eOYnRmUhbwOggCe7+p8hW83\/lILFNK1NDMAm7qAsqoccxqNT61ke0qmot69NhPXpwpGUt\/gK3nyvFne4lsK7S7r1eMvI29rlDBY0L\/e2MX+l+NFFonVbYbxqlVZxk5h57Py0nXsSE5q43RZq\/Ab5Ljnrfv\/qOWasfLkVsR95Ih7otWzubnTYoOB5dgkPlalnkY+ZT0ynhrpD6iNCVYd4popCzZS+uE59ZqtbLuU6i6Oh3yTkUuBN6l4rJS\/6y1YL+YBtywlzVVi2gqoBTO6RyHcXMeDc6anBpSJn+Y11FC9lfnd1ZBuVxPW\/4cBKWMy9IKMGLXE8iIH1zC\/mEqW8ZtRWLvviks2j2E9BFu9ovslgURdyPBgw2o0Whiqb07OoUWWMBoSXHynCDs+gbza+6qUl"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1489363823467160,"flow_dst_last_pkt_time":1489363823527699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1489363823527699,"pkt":"xCwDBkn+gCqojWksCABFAAA7AABAADcR3IXYOs1CwKgBBwG71tUAJ1gdAAJToMXcTxyWQBEndSjIH+c74XrspwzymN45kSe5Xg=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1489363823528185,"flow_dst_last_pkt_time":1489363823527699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1489363823528185,"pkt":"gCqojWksxCwDBkn+CABFAABFmZwAAEARAADAqAEH2DrNQtbVAbsAMWdvDJNw4V58RG0IA4pBZ++jAYkOLlkHlCitPHPsL9hXYhophG9IU8XMssI="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823738796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823738796,"pkt":"gCqojWksxCwDBkn+CABFAAVi1UgAAEARAADAqAEH2DrGIdsKAbsFTmVrDWI\/o1o3gkQjUTAzNQG3J1X3HMsKZ2COv5qgARQFQ0hMTxMAAABQQUQA1AMAAFNOSQDhAwAAVkVSAOUDAABDQ1MA9QMAAE1TUEP5AwAAVUFJRCgEAABUQ0lELAQAAFBETUQwBAAAU1JCRjQEAABTTUhMOAQAAElDU0w8BAAAQ1RJTUQEAABOT05QZAQAAE1JRFNoBAAAU0NMU2wEAABDU0NUbAQAAENPUFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0teXQzLmdncGh0LmNvbVEwMzUB6IFgkpIa6H7tgIaiFYKRZAAAAGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8zAAAAAFg1MDkAABAAAQAAAB4AAABv48VYAAAAADHS1o9J\/TTNQYjpQh1bWy1pxKNWlJuoLy5bOHLwnEpeZAAAAAEAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823738796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823738796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","domainame":"yt3.ggpht.com","quic": {"quic_version":"Q035"}}} 02335{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823782478,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823782478,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTqYeCGI\/o1o3gkQjAfrje9Hje5P995YFE4ABUkVKAAgAAABTVEsAPAAAAFNOTwB0AAAAUFJPRroAAABTQ0ZHWQEAAFJSRUpdAQAAU1RUTGUBAABDU0NUVwIAAENSVP\/\/BQAA+LXECKXyXyaGkNvk1LnkKe2HcwZSdJKMjSZdwRtRvlgkC7wrIojsxa12VSbQ+UqytsSw5ZWrAguctbN84e+itVKKdDan60SbCn6HO8EhAZXhZCoi6zTXVPfruFP+xbK0jobs4P1ETvvj7642AaRXoyX3AiUwRAIga0VZvCZ3TBiWNQTgv6KY8y2d9RkggowYQwi1RHlUtm4CIDUxV08RC49VVgJORrtGSNh+UsyMA8+5V0kTzoS1\/6EyU0NGRwgAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABUQktQIAAAAFBVQlNDAAAAS0VYU0cAAABPQklUTwAAAEVYUFlXAAAAQUVTR0NDMjBrdmP1GwKyBEvvwtZJjj6PQ0hJRFRCMTAgAAC7MI00KZ1MP25xAs8ApFxY\/QSpEMcZP7AIDZmbDnFGD0MyNTUwMDAwMDAwMEDbx1gAAAAADAAAAND3AQAAAAAAAPAAdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVplaZe7AAAEAwBGMEQCIFrxuSR6yQfoERjhpyCo\/HC4DbnJyy5PDUNSQYvoLd7WAiA1du1k\/DfC+hSnbCFZ+CiZL\/WBsCA2tHRh+V5os9e8wAB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWmVpmAsAAAQDAEgwRgIhAK1Z+StuHvhEQzbhrizA0oP28zksTi\/aWkPYynKMWI7wAiEAoZsd0Sdt7uEo3XB3wMmgRGZNny2cfedCYnG3zpLag4YBA37tgIaiFYKRAgAAAAMB6IFgkpIa6AAAAAAAKgcAAHi7gTUtv1NjZwCWXOxKBk1sXJA2HIf55ae2MzL3PkFvyFGxkQUqDMwNjIyMgPkFmJfA7TkDUyC2MDUHdaIKsVrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/EguwvUlgC5i0dcCximIGFgJilKBqbG1Dxw1BtEGgizsQO9e84W2BLhADOYGdmZnRhYMt6FvD+wnV996Zw\/hsoKnDX1AkfE3LjmrmD0Xbj\/45IfeVee\/OywebVOPSnedOpTyamR\/2zN7jmfePP5sO3s0PyvawoWN7GsN2hiWU2oLGtizgMpEGRpYk4FchKbcLm1SUZLL7GgoBiHrApEtiAfzNUrBqaYxPRUqGJgYi4Gq+LT0kvKyU+HKWsSBPILUIWUtEBUbn4eMKcm4jBGE6QGbLcuVIVuSn55Xk5+Ygq6UnVMpaUF2BQqYChEVwEMgJT80qSc1OSczORs9ADgBoZbekEG3F8QzSnAIioVLAQP1+LKvBRo5QWWEIFJlKcm5WSmQ02Q19IrTkxLzSstwBHgYAV5KUn5FTgUKGrpEQoceYQS7IEioYUrJhFa9YpTgUFSgq6AByVW+dGjWYFgJEvhCWxORFDzowe0KPbgEMISyNrFJcB4SNYrSMwDOiE3Mx9f2hXDIS6LPxz4S\/PSMnOA5VFqil5eankxUtuLvcEgA6kEjwGWQdpIZbM8tLgsyM6EGgoukd09Hd2NwIWvNlJxD1MMDC6gj4sNkXWAqgCk9qDW3+B7S2xzw150iDxJLJ4oWT2f5yFamwi5WMfaiVKENDKAtRxaz4WDjS29kQdYohsYQFpFmgbqBqoLlBco"} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823783077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823783077,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTtjVCGI\/o1o3gkQjAl1iY1+IPhyu0ittLaQBLgUZARLyTw62Xo9mQ7Tn55dir+alTNnl+EuTXetgrtU\/li3WZUF3t3EtPfqBg1nJrPp7bar7qdPHbjH8jwhk+pimkWuq6rVs4cviafuTL\/pWbDvkJD1zwixjdUFbM0aGipe63\/v0luly7P6xK4d1\/V35zVlHfZnq9OpLDbRdp3F95Wn77GK+6cqsr8cEfY77RjhzSh7Unhdryl2mU\/IhTPRZgsMXhZ65ayI6rm07a3GnaGsF6wp\/3rLVzcqh63smBXkUr5RrfvOpMsbbX\/13ZPXcymfXdeZ+LWmcELGYmfOd+prGpXeZdtiyB0ssnuZwNOYGp72hD8PxC2ds8mZMXnnvqd7Gb2w82Yw3Hn\/6nvVjXthRi\/UnDQF+1X0RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02326{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1489363823786198,"flow_dst_last_pkt_time":1489363823783077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823786198,"pkt":"gCqojWksxCwDBkn+CABFAAViJ80AAEARAADAqAEH2DrGIdsKAbsFTmVrDGI\/o1o3gkQjAiGIK5vcpGTBZSvo8kAB8A0BAQCmqwAABgGkARQFAARDSExPHQAAAFBBRADgAAAAU05JAO0AAABTVEsAKQEAAFNOTwBhAQAAVkVSAGUBAABDQ1MAdQEAAE5PTkOVAQAATVNQQ5kBAABBRUFEnQEAAFVBSUTMAQAAU0NJRNwBAABUQ0lE4AEAAFBETUTkAQAAU1JCRugBAABTTUhM7AEAAElDU0zwAQAAQ1RJTfgBAABOT05QGAIAAFBVQlM4AgAATUlEUzwCAABTQ0xTQAIAAEtFWFNEAgAAWExDVEwCAABDU0NUTAIAAENPUFRMAgAAQ0NSVGQCAABDRVRWCAMAAENGQ1cMAwAAU0ZDVxADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb234tcQIpfJfJoaQ2+TUueQp7YdzBlJ0koyNJl3BG1G+WCQLvCsiiOzFrXZVJtD5SrK2xLDllasCC5y1s3zh76K1Uop0NqfrRJsKfoc7wSEBleFkKiLrNNdU9+u4U\/7FsrSOhuzg\/URO++PvrjYBpFejJfcCJVEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwgSzFPd1PF3axaL5AyOwihDE6fodkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAAAD8vOozazLmpoBftyzTtCx5YKTvR4nOBeG4\/kV1kARA+4k\/WgyE0qpyY6\/Vmf8Zw2NuauSPM16NLrixbiDiic5ZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmueeuz4LezLgHTiAD9ingf73at+XMxbEjkphGxSG8164iKphvSEu+eXttq72TUCPMa+W1RiMCzpfKfm\/QWCvfl5WFPUyFUVqXZsQ32ccFhA5pOW3TPaEQPm24aQNsEU5bODTt4ZVJl7cXlqmDTH9smgAaCJ4WDS4jTYXgfvLQFOwGDw10cs8nRU23ebDlhF0iw1LHIUiuHpoUraaxsVdUNL4ZG678u9gAA8AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -17,7 +17,7 @@ 02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823844687,"flow_dst_last_pkt_time":1489363823852784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3698,"flow_dst_tot_l4_payload_len":22654,"midstream":0,"thread_ts_usec":1489363823852784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":7092.9,"max":47402,"stddev":13323.0,"var":177502752.0,"ent":3.3,"data": [43682,599,47402,292,154,45,22593,22345,6,41882,73,4311,1249,5208,1009,1199,2078,995,1205,2173,1079,939,1972,1276,1007,2312,930,1274,2300,574,7716]},"pktlen": {"min":59,"avg":851.5,"max":1378,"stddev":620.1,"var":384534.2,"ent":4.5,"data": [1378,1378,1378,1378,445,163,164,63,1378,59,69,69,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1016,1378]},"bins": {"c_to_s": [0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0]},"directions": [0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [2.490298986,7.548896313,2.557327986,5.454246521,7.513552189,6.657486916,6.667313099,5.203137398,7.879892826,5.320584774,5.540966511,5.620818138,7.837260723,7.846781731,5.625435352,7.860443115,7.869290352,5.595131874,7.865964890,7.867100716,5.462482452,7.871220112,7.858954430,5.583694935,7.863245964,7.872319698,5.564828873,7.868106365,7.885589600,5.529245377,7.780364990,7.853522778]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363824401150,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363824401150,"pkt":"gCqojWksxCwDBkn+CABFAAVisIYAAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQGC9mpeAxq6QsMNjNmgAQAEQ0hMTx0AAABQQUQACAEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0gCa63gfstks25NXDBda+jRe1AwMuFIPOgLr8Vdt88WUvAddL7KVg5kyrPLEzz5PxZEMuEuhwybaZ0VEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjcDAwMDAwMDAwQoHc+xZQMEvJrifGGZTcfUn5aXxkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAcOPFWAAAAACN\/AA7IChJw\/uFk6rkJtT8KHam\/zP1YJxL1R6PGerdhviM0jsqfVXK1sMGRgIfu1Gw5yjD\/\/Q\/fKW3aZLxbK0ZZAAAAAEAAABDMjU1qvorPqjeOwuq+is+qN47Cz2t9HxBefiRQAt7kKmueet+NAEAgygqfGXu0L2syT5vA8mDxoSqG087cDiVovZ6s0ywmTUWtgw5lXy+Ac4T6qWEMJOPvUqVQrabfhIiKh6bU4h\/Diu+B3D3YFOkHFOA3JEmhpJ\/3PZn9DncBSC36LdWvsJ8Uwgl2IG2lc1SfhMotW8c5gE3wCT8YVfQJL1vCNMKzgZWBrzkDiYZ7cTxYUMsLfK1F7K2mD1WVm4PU008ujahjZ6t1bAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363824401150,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363824401150,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","domainame":"googleads.g.doubleclick.net","quic": {"quic_version":"Q035"}}} 02344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1489363824401989,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363824401989,"pkt":"gCqojWksxCwDBkn+CABFAAViiX4AAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQL3N20WC4prgrlnEEXpdg0UiWbXJhn9rrqPsD7nypSAi6kAnw8WQDgk9WvHBUMq3ztLT3UfD0gz+me7oBLVs9bjXCdM3vfRP04sqX92qJrBMWJiq3+eKjCNhyA3dhTNbGSGyKI7\/jcHFMipWf2f2NsuOihlYKhTPSCEE\/3dxQ5VpSOD4BfoNhUiG4SLXDgBvtHLX5RXQiz6BGmJPkfw0Dv35AvtRBL6UAIgkl\/K+oTxY08q1VHTawdG6K3aOXtZN79Qa45uh7pT1oVWMplxpgw8JT2Arpn6WXMTVuz7IIjcMmVGkmTbz31c16ROCt97FgLzWLKXSjlRTCuInYAnb8OLy7A3ZgiVpjlf24uxYYBETmSsYE22pkbiA3KDPQJQySgTeBTaSmM7bUYZKVC0sqnRUOvf3ZY91A7qJZn\/ba900D1Z+aCkzIM+N0cL4OdjAPHVbjoNNBPob96VT7KYOqrcxvdgiQK4z8YyO7qPdy3wkVPEp8S1cfxO0GcnNc57dkkmdplcftLswiLsyuSbEUEIvemACkZhnlX++EeQWxNqo5pgetjas2fIO3OoczlGrqEelJ1yoqALFrNOoHHqiCTaPzG9Vq6SC5ccc+y0eJXHfhIMNqRedbbXK4yLYwqtZ9myh7TSQTMNDNtNNcokuMoYRffKy+Hilx9blgPA+kxeACnNv8k+XoHbLejLn53fsVGrfJ27oHLpBxd0gpX8C1SWMyy3mXnpEVSzUrkvObuxIcI1iIIRkXe4ha0xa6JvFSR1XvxPQ5uBs1VZvBiRzdozCrjMOEc9HhPIaepumDcavW6RkKdtpFOTOABhKPB+xTF+tw5twgZvOB6spOi3XFDCLlgZYRUP2AglByKCpQdxHum5b0xn6Bxg+gulV7DAa4F6bq\/phQubcSVFzDkjjddAVTq8Ke7Bcb2PIaw4POMGF8i+3Ejx3gConV0\/n9f+1mrX6y1TPQ+529up7M7aIJBqu\/KbECK4GCmg+69dFQcqMdvDDodT0LicyE6jgNHVr3Xxl9T9WRp\/ZEkID0WaSc8lamVKWuAoEej6VLe9Xsojacxjt0L1ZkVNCdZBeOWPV\/2r27Cc0KxFG00xU+mkL6oc\/P+4mp1vjwqej4OpJO4H7X\/bD1uR+eKFP96VSf8gVXiQ3DmEGxcfGruXncj9yz32x4yvvKzg03pwZiXXTtpaX0N3ObUthGwiiBr3OqJCsJVke4\/DSc35dh+HTeY+td+Oc4jCcwuV2lOoS0dT73DkKXYTbuBravYDZhjPNKQNF+6bWKCm8kZsYuCZUcPzccjiAYkhk0zhBSnaWNqdI6hOWVUghH2pIeRl1S8CHH23kuVsWd8GixiV6+GG7ClvWoVE8MrCJVfuDBih03bB7tpS\/HVKC2E9e6YR1Im8\/dzl\/GrYBeLaQJMx6dvF2cWrBFw9TxwkKIBGesF7P4zSSZnZmPB\/8T0n45nH26wWJrG9slMatMUMQF1ah+pPdZ8x+tlROoO4fF2yjn4px+eRlie\/MHUCbhkcAUhlXdTBiPNIvr7yc+xKglTelzU+igEYMaYRT7qb8rNLbLWFex\/imDEBTq6nYSPvkTgwNxYJA65n\/p6p8VPjqErPaqpEUd07O9wbQiW9G2X\/qbV3yLCPMbA96flDvOZN+LC6\/DnJyMwZn5lo+SBoTbwt518b7bgUS1UA82oVmCGe8vFKQu9\/05aE1OZbqUSUoFxZX0RxFiFxGsclnNnAvgLNexJFieDNVkLIeVZwsdn1VKuKE5NTKqEm\/iO1n+rmnQA3"} 00944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1489363824402026,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1489363824402026,"pkt":"gCqojWksxCwDBkn+CABFAAFWgV8AAEARAADAqAEH2DrNQtJjAbsBQmiADXhX73QJ\/9nIUTAzNQNN4EYmtc8pzVIIOlw5wUUTViVod6Y0+1HgA3vBxmFBB9XdzPolT4EuSqVTYDWG+BQf0+uutBG1cIb1StnXne22+Sa3VBkmnkxHzdhhHTq5RFHE1DzOC1OWyujit50aD9fovXbwARSedQlPJ7gjdJSVfTm6O3nF2k42pradZvrpU1ech4qBDDCfAnmOfCXqI5NXsD3jyb4bcNfoTf5ko+c96L+Kv0ngIjlmGgFFf6vJ8QwUVroovQmrUV9bPxW9NYlbZzDQO3\/aocbUP2HxCiVbIwPbD2Jd4G+p\/+kRB\/3zN\/cBW\/zgsZhwNASU8TEuM0gATTjCn+DvX6KA+8RurPRChvD1WnZ\/ZRI9q2M84tMzgiUjvDAoLSC7i0dr41HUDnzmJH+mr0XOTEoxFNo="} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1489363824402026,"flow_dst_last_pkt_time":1489363824514002,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363824514002,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG70mMFTvESBCvtW+gxVkE6hk54oTddBgdr86L3SyOjvMXEQqPmvkBuAaRNa6ZCVY4F4aeZ\/bjVKIBAGz+eSKeCquWfodKaC7xRPAq3rLOEQqnljpR0JWshHnnqwhS1Yjep2YOpeC3fb3CYkH4FaQOWKQEvD8gout64p2+hePX1+sAk6iXLStjU2uuDlmVIc3PpAB1wzCM5dWWCE3aIKRaMRGfZxpLv7sGZRaoFrtl0JSaeaB9jn8MIsXZBOVcRtPaJLDQuUU620tGy069cqwEfvKMOXUSj7tTPTWy0x0QxdOrlpxBRCMMZN\/BdP1\/UaMrUBPhVe8sDv+ch6XsuW5JOQ04Whk2+M5NgFwohM27Rki9\/ssGbnQrtDt1Gl0sj6QLMJ+0gOf3ENnzWJ23kiz6bc9fVfcMDSkS7OsNHbFr2pF4Hzi7aZWcoNV3Guo3Q8Fbya7stdMjWQTT2rpMvZfHm5PhvQNxOPT8\/jqU95zkLWJ8ghGBXVOKXJyiX7IALIyBuVLAsLkeKu6jOvhwnew5mnLWC\/c+5xNqYdkuwMduDi8iF1mXKLPscsnMOlDuqwAJhrQGXBFqOaZxXSObFnuFPtOInLDT8PlhhEEayPmx4+D879MyfnhcQ4nwPVpeP\/8mmGfleQsFzHYn+l0ZN7i4WTlhiKG\/C\/mtO\/nMGOTLBsvlssjvQzTb\/OoY4tvps4OyqH7t81\/DXd5s7I4ykh7dOFuM+EchHgHnrTKjfFBC3gg8sQ35yDx3VlyF5NWnQkSesIqMj4\/VjshLaCD6snidaO6Bvg5o5c1MMOisPf4KkqlZh5Yfr9NBx3JsfnMz6M5lBLPtdaRaePspaWNka4lD3JgOkcztB46Qm\/qE3gMJDSW9nuM+9BBvaAne+Ty\/3\/LQiW40aeLeNHn8s6s4e+2bBuyNKqruC8eYkQI315sqCNN5TJnBat\/EuFiFQ\/z0SlrPUXxxkoKFFaCrF3K9gCpeNWKbIezHQlS5aNLE2xewI0rup2+Tyk+voOlo3fVmL+w0J+QFSF3ctNgOURJhBxxnbQijP6l+g8ngzpgYiAECyc0HKDQ+G21Q9piUF1NkcM+tXa+IJNUhtzdeNT4Hu26y6vRKT+umb1vyRD7yawpmBR7LRWxKeIx+XFz3hQ63\/5Nax5FE4KqRv+PKIAW9sOgagWyHHv3ownXp8vR3LszhQgQ5aVyZfCu2s+WEqE2jF\/APd2a9UVJ3vCEQGoYgXdCcib4KuCMh4bsaPKDIMRvj8k487Vv3jp9XbY4X66etKFH12Sj8mn851aGpMwTZvEVveXOvQt0xJIzcdRDFRan8qkMCgcVy1S9G0rNhMAh6IdBk4GdDPWjB\/igrD5zXBaNBYrlnDrytUy1eljMlTExzVwndd7J4NREyWH7MbhQsPRMsahE3FcHNC6mENLK0zOVoXNyKhAlNCDvomkRPsdm2vcsxZqfBocGLOcuVyViU7AK6qMbviYxcVLP7w90PFWUSkFjGMdxUoEbkvo9y57znWRPo3\/PslxdNLRDfLTSCbOccNJ0uYLMuB23e9PXHKfogva3uQ6Jest\/Jd6aKe0PNYNZ\/7hn4L76yiuQqsuqKH8JvtZYaHBXT2qp1Wm5J4vzxsStLdsVxgUVQgCOMZVBbhkLOHzIRhwisH5t6jUXi+i1ROO2c3iOqxc4tYaptEykWfrfVKtUKibUiKnGx7qaN9txVqcq5GSAZu\/DmIG6vegxGbNdAK3ZvtLMwjcxkEsFOcs7f+odlh1TBLgaIgMhVI9ekiVe7CXOwWghfAwrCBftd93Q8i3XywDuUBcgiu"} @@ -25,7 +25,7 @@ 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824712581,"flow_dst_last_pkt_time":1489363824840806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3551,"flow_dst_tot_l4_payload_len":4358,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363824024913,"flow_dst_last_pkt_time":1489363823999542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2018,"flow_dst_tot_l4_payload_len":1915,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":113,"flow_dst_packets_processed":145,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363826862170,"flow_dst_last_pkt_time":1489363826861980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":11365,"flow_dst_tot_l4_payload_len":156294,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":289,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1489363826862170} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":289,"packets-processed":289,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1489363826862170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 289/289 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6920898 bytes -~~ total memory freed........: 6920898 bytes -~~ total allocations/frees...: 114451/114451 +~~ total memory allocated....: 7498350 bytes +~~ total memory freed........: 7498350 bytes +~~ total allocations/frees...: 126179/126179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2350 chars diff --git a/test/results/default/youtubeupload.pcap.out b/test/results/default/youtubeupload.pcap.out index c735b8794..7e3221835 100644 --- a/test/results/default/youtubeupload.pcap.out +++ b/test/results/default/youtubeupload.pcap.out @@ -1,8 +1,8 @@ -00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1511102576794424} +00618{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1511102576794424} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102576794424,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64","quic_version":"Q039"}}} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"quic_version":"Q039"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576835328,"flow_dst_last_pkt_time":1511102576835328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576835328,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1511102576835328,"flow_dst_last_pkt_time":1511102576835328,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1511102576835328,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"} 02334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576850542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102576850542,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTpL9CJHSvk7nMdgaAY7UOy2eqBjwqYbdQEABH3gBAQD\/\/\/\/6BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAEbxGDSLTF1Q0EvnndIQSTAo6qDgodwKRUkl\/wgXSXZEn9QM2BlHJ5TGchczmqfpPPkVE8tMlsFMfVeayelDb2fy4YzLDv2N+n2kP+GPU+AvJ+LZZRk0N6KyGXGuCIybXc0DgBajeTEN+eTXljBGAiEAu2XBBVnB4JB\/pAM2aIMKtRsM68whkJeFp\/sUQ4KWuigCIQClJ1nIthgBruSaqgIGHfDqWyoEY6pcU10gsmGqIhMu0lNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADPfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} @@ -12,13 +12,13 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1511102576835328,"flow_dst_last_pkt_time":1511102576862601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1511102576862601,"pkt":"2MuK4S0uXEl5dU5qCABFAAA0ZyEAADkGk5es2RdvwKgCGwG74GxxouM+VgMPS4ASpxyk0AAAAgQFZAEBBAIBAwMI"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1511102576863442,"flow_dst_last_pkt_time":1511102576862601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1511102576863442,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAUhAAIAGcnzAqAIbrNkXb+BsAbtWAw9LcaLjP1AQAQKLbgAAAAAAAAAA"} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576862601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1511102576864014,"pkt":"XEl5dU5q2MuK4S0uCABFAADyAUlAAIAGcbHAqAIbrNkXb+BsAbtWAw9LcaLjP1AYAQIOQAAAFgMBAMUBAADBAwNzaV7n51zb2vS21tc4seF5SjI58V9vWFLJqkFFqW5W8AAAHHp6wCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AAoBAAB8WloAAP8BAAEAAAAAFwAVAAASdXBsb2FkLnlvdXR1YmUuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIamoAHQAXABjq6gABAA=="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576862601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576864014,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","tls": {"version":"TLSv1.2","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","ja4":"t12d1310h2_8b80da21ef18_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576862601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576864014,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1310h2_8b80da21ef18_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576901733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1511102576901733,"pkt":"2MuK4S0uXEl5dU5qCABFAAAoZzQAADkGk5Cs2RdvwKgCGwG74GxxouM\/VgMQFVAQAKyK+gAA"} -01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576919746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1511102576919746,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","tls": {"version":"TLSv1.2","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","ja4":"t12d1310h2_8b80da21ef18_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01837{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576921788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4056,"midstream":0,"thread_ts_usec":1511102576921788,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","ja4":"t12d1310h2_8b80da21ef18_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63","blocks":0}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576919746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1511102576919746,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","tls": {"version":"TLSv1.2","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","ja4":"t12d1310h2_8b80da21ef18_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01796{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576921788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4056,"midstream":0,"thread_ts_usec":1511102576921788,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","ja4":"t12d1310h2_8b80da21ef18_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102578051971,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578051971,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV5AAIARbSHAqAIbrNkXb\/MYAbsFTi5hDQjRAddSQpCnUTAzOQGXrkR+sB0UFtwM1LigAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAdZgRWgAAAAA2Qv7BjobCVSSNm3vqxisDs2cBNiW7yusCpyOOCMJF82QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102578051971,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64","quic_version":"Q039"}}} +01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102578051971,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","domainame":"upload.youtube.com","quic": {"quic_version":"Q039"}}} 02335{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578108526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578108526,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTs8jCAjRAddSQpCnAZLrpBY0DjIhd5jwe0ABH5UBAQD\/\/\/\/1BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAOdd9OCaMJjZHEuQSnBheExXijy9L8yxcLxijUGUgt7VeQLmXHCE0dSCjTwUu4DOXBlw0HTG62CtZtu2a6Ru1X+sH1IA2FJqDRpGVA5MHyMKc7vKtJZUWy6Wq\/FvJH3N94ZirXYSBfeq9Qo8ATBGAiEAppVGAzltTsobgX744i5bBeIqIDO\/YtwFhdblUPMaf9ECIQDgN5eoKUWZEY4A\/yjD3jA5j4ZdDcRSfqhMU1oZUTGdIVNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADNfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578109522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578109522,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTrFpCAjRAddSQpCnArwHRDvEv6bzYWaHzaQBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02325{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1511102578117740,"flow_dst_last_pkt_time":1511102578109522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578117740,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV9AAIARbSDAqAIbrNkXb\/MYAbsFTgWcDAjRAddSQpCnAsbNRhPFJhDd2f0pyEACFIECAgEAAOY2AAOIBgCkAQUUBABDSExPHQAAAFBBRADfAAAAU05JAPEAAABTVEsAKQEAAFNOTwBdAQAAVkVSAGEBAABDQ1MAcQEAAE5PTkORAQAATVNQQ5UBAABBRUFEmQEAAFVBSUTIAQAAU0NJRNgBAABUQ0lE3AEAAFBETUTgAQAAU01ITOQBAABJQ1NM6AEAAENUSU3wAQAATk9OUBACAABQVUJTMAIAAE1JRFM0AgAAU0NMUzgCAABLRVhTPAIAAFhMQ1REAgAAQ1NDVEQCAABDT1BUSAIAAENDUlRgAgAASVJUVGQCAABDRVRWCAMAAENGQ1cMAwAAU0ZDVxADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29t51304JowmNkcS5BKcGF4TFeKPL0vzLFwvGKNQZSC3tV5AuZccITR1IKNPBS7gM5cGXDQdMbrYK1m27ZrpG7Vf6wfUgDYUmoNGkZUDkwfIwpzu8q0llRbLpar8W8kfc33hmKtdhIF96r1CjwBUTAzOQHogWCSkhrofu2AhqIVgpFaEZh1MDAwMDAwMDBZwphmdL7Yts0y+qUR1kfRSDFXSWQAAABBRVNHQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjT2WrIAgJRr6TC6B5YGxsq+AAAAAFg1MDkBAAAAHgAAAHWYEVoAAAAAY86fJYRsWvt+n8SMuRjDn5CDfPNuMMHuyZztFKKwgWq63bH0pGsbpiKJlwdORVq++wXvbyC+Jog1Q4kiEaUUI2QAAAABAAAAQzI1NZwUB\/4nw78HNVJUT5wUB\/4nw78HmpHtbxwAgQ5AC3uQqa5565jAAAAE39g8QbpBjsXpZJ0k2Opa1yiXuoap6rNlFyRG3VaiUwwUTIXHR7HUE8tH+qMCGSkVfFDe9ZwBj5iFLt6nb9dICVRJNIeq99y3gDocOmnE3lMaHWOMgX5wcE5URr2JRfmKpGOgc7tXbRVfGIzEEC8Zcrx\/h1b4mHL5eogupc3r3xXMzTaDPU27bKw026+kjZ5+CM9l3v8W6hXwvRN\/+i6loGkEhQAA8AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -27,7 +27,7 @@ 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":20,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102580286427,"flow_dst_last_pkt_time":1511102580285015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":97113,"flow_dst_tot_l4_payload_len":5163,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576954116,"flow_dst_last_pkt_time":1511102576952686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":4409,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102594783349,"flow_dst_last_pkt_time":1511102594936951,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":8105,"flow_dst_tot_l4_payload_len":6001,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com"}} -00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":137,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1511102594936951} +00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":137,"packets-processed":137,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1511102594936951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 137/137 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6928830 bytes -~~ total memory freed........: 6928830 bytes -~~ total allocations/frees...: 114320/114320 +~~ total memory allocated....: 7506330 bytes +~~ total memory freed........: 7506330 bytes +~~ total allocations/frees...: 126049/126049 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2355 chars diff --git a/test/results/default/z3950.pcapng.out b/test/results/default/z3950.pcapng.out index dca8b3597..e50860127 100644 --- a/test/results/default/z3950.pcapng.out +++ b/test/results/default/z3950.pcapng.out @@ -1,12 +1,12 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623680697296098} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623680697296098} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623680697296098,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697296098,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697327356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623680697329724,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1623680697329724,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1623680697330632,"pkt":"eJS0JASgYDjgxTWgCABFAACC7v1AAH8Gl1\/AqAJkwa7wXeYpANJ85vsC3ZUIa1AYAgRPTgAAtFiDAgDghAMAwaKFBAQAAACGBAQAAACfbgI4MZ9vClpPT00tQy9ZQVqfcC41LjQuMSAxMmI5NmNlNzE1NjBhNTY2ZGZmZjU5MDFlMmIxYWFhOWQyZGM5NGNj"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697354970,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623680697354970,"pkt":"YDjgxTWgeJS0JASgCABFAAAoHB9AADYGs5jBrvBdwKgCZADS5indlQhrfOb7XFAQAfbzhQAAAAAAAAAA"} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1625070123680497} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1625070123680497} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625070123680497,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123680497,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123709562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123709562,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"} @@ -17,7 +17,7 @@ 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680698821983,"flow_dst_last_pkt_time":1623680698846157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":3918,"midstream":0,"thread_ts_usec":1625070132777881,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070196998319,"flow_dst_last_pkt_time":1625070132777866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1625070196998319,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070200217383,"flow_dst_last_pkt_time":1625070200217346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":199,"midstream":0,"thread_ts_usec":1625070200217383,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1625070200217383} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":31,"packets-processed":31,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1625070200217383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915183 bytes -~~ total memory freed........: 6915183 bytes -~~ total allocations/frees...: 114188/114188 +~~ total memory allocated....: 7492800 bytes +~~ total memory freed........: 7492800 bytes +~~ total allocations/frees...: 125920/125920 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 529 chars ~~ json message max len.......: 1110 chars diff --git a/test/results/default/zabbix.pcap.out b/test/results/default/zabbix.pcap.out index 3a7f595ea..903e8646d 100644 --- a/test/results/default/zabbix.pcap.out +++ b/test/results/default/zabbix.pcap.out @@ -1,5 +1,5 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572254070608539} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1572254070608539} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608539,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608539,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608854,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} @@ -7,7 +7,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1572254070608917,"pkt":"RoQclwmZOjUSPEK7CABFAABL5AlAAEAGTtfAqENiwKhDGd9KJ0JwAdHVcPF4ZYAYAOUICgAAAQEICivCNdQrfUX3WkJYRAEKAAAAAAAAAHByb2MubnVtW10="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608917,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070609214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572254070609214,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4ZAAEAGe3HAqEMZwKhDYidC30pw8XhlcAHR7IAQAONpMQAAAQEICit9RfcrwjXU"} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":11,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825792772,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792772,"pkt":"AAwphPY8AAwpXdTzCABFAAA86nZAAEAGwNPAqAcQwKgHEY9bJ0PFmT3IAAAAAKAC+vDyGgAAAgQFtAQCCArVxDu9AAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792809,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj1uwlSH0xZk9yaAS\/ohzWgAAAgQFtAQCCAqaoA3u1cQ7vQEDAwc="} @@ -193,7 +193,7 @@ 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952793338,"flow_dst_last_pkt_time":1657872952793345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1657872930793502,"flow_src_last_pkt_time":1657872930795972,"flow_dst_last_pkt_time":1657872930795980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":55759,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872946792586,"flow_src_last_pkt_time":1657872946796114,"flow_dst_last_pkt_time":1657872946796119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":745,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":745,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":60217,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":236,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} +00848{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":236,"packets-processed":236,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 236/236 ~~ skipped flows.............: 0 @@ -202,9 +202,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6969773 bytes -~~ total memory freed........: 6969773 bytes -~~ total allocations/frees...: 114650/114650 +~~ total memory allocated....: 7547369 bytes +~~ total memory freed........: 7547369 bytes +~~ total allocations/frees...: 126381/126381 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars ~~ json message max len.......: 1004 chars diff --git a/test/results/default/zattoo.pcap.out b/test/results/default/zattoo.pcap.out index 5732f58a0..9ba53d090 100644 --- a/test/results/default/zattoo.pcap.out +++ b/test/results/default/zattoo.pcap.out @@ -1,13 +1,13 @@ -00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614851148233981} +00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1614851148233981} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148233981,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148233981,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148234305,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614851148234307,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614851148234307,"pkt":"5kBKB+riApXG95NLCABFAAAo4ZoAAIAGAAAKZQACCmYAAgtyAbsk8\/zsJPQBbFAQgAEU6QAAAAAAAAAA"} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614851148234343,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1614851148234343,"pkt":"5kBKB+riApXG95NLCABFAACZ4ZsAAIAGAAAKZQACCmYAAgtyAbsk8\/zsJPQBbFAYgAEVWgAAFgMBAGwBAABoAwOpVsjRdlRp5n5ox12BZ\/COuzBju5OK0bbc5ADigFdQ+AAABACcAP8BAAA7AAAADwANAAAKemF0dG9vLmNvbQANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAzN0AAA="} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148234343,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148234343,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"zattoo.com","domainame":"zattoo.com","tls": {"version":"TLSv1.2","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"","ja4":"t12d020300_798dd72d0aaa_b23915e3e4f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148234343,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148234343,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"zattoo.com","domainame":"zattoo.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d020300_798dd72d0aaa_b23915e3e4f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 01977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614851148234343,"flow_dst_last_pkt_time":1614851148235031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1126,"pkt_l4_len":1092,"thread_ts_usec":1614851148235031,"pkt":"ApXG95NL5kBKB+riCABFAARY4ZQAAH8GQT0KZgACCmUAAgG7C3Ik9AFsJPP9XVAYgAF5rwAAFgMDAFUCAABRAwOR\/yrr003y1T8YL8MoFETqHMynN68dbh13IBOeR2Do1SDQBQjGS45qaNOJeTBTonc3VMfEPg7VYJOOvourY07tqgCcAAAJAAAAAP8BAAEAFgMDA8gLAAPEAAPBAAO+MIIDujCCAqICCQCaEe3CMatphTANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMSQwIgYDVQQKDBtTcGlyZW50IENvbW11bmljYXRpb25zIEluYy4xCzAJBgNVBAsMAklUMRgwFgYDVQQDDA93d3cuc3BpcmVudC5jb20xITAfBgkqhkiG9w0BCQEWEnRlc3RDQUBzcGlyZW50LmNvbTAeFw0yMTAzMDQwMjQyNDJaFw0zMTAzMDIwMjQyNDJaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxEzARBgNVBAoMCnphdHRvby5jb20xEjAQBgNVBAsMCU1hcmtldGluZzETMBEGA1UEAwwKemF0dG9vLmNvbTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEBzcGlyZW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKM6DuS5i\/Oqs0LZZHpSM9rVgdIjKuFnl9HJgvu8kBZqzcrCdrHma\/DYryOIrIzsWBjOHVukwPtscV22+isOq3EJLYPaxV14icojfp5QCDe61iXBCB447x\/dJ0Y+4uvC2Cp3vEDvXYLl0aGc\/OLYiTlOrovAwXzWoBa9O4qJdvtY9N1qpG6Adoi5VL0yIP47+8\/YOi+NvcYIN4OVM5NAxUXK63IXlsCNMULmkan80bLkLyd8293sF\/9kBl0mVtxwR9bmkybEBpe5dRKSHh6RmgjxbhSvID2TjU4cuq0uq8UvbNOQPkJ7c0RbwBvGZF4pbQq0exCNLrFk8INXO1Hy0q0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAL\/FeRL109QPDqjkUFNKooeSYyJm7uhWIlUxBGa3PQNYzaffll\/cmbT3tGos1CdcllOqwbo+AiSEU3aWqK\/Nzt8+MPah8EjBNuWbi+iRig+1RmptubCsTOXuhr4KuIz4e\/PhH\/mSNeHUesBw32LWbHnPGRVWQR1xsztiqwA73AidpuviKAoi\/pUfqOjm4TxuoZwzfE4FFer\/5huOKYEl62VKIYiCUQwFKdr62TVtoPQ4gRwRkoRDuHdArFT9ZJSTDRh5jSPTikiEjdOyf\/tKEQInmfvHCSaV7BS4dBd0dgeV8TkRpsxCHwA2h+EXT4m6ur\/pOV4eyJyFh0k84OPBb6xYDAwAEDgAAAA=="} -01833{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148234343,"flow_dst_last_pkt_time":1614851148235031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":1072,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":1072,"midstream":0,"thread_ts_usec":1614851148235031,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"zattoo.com","domainame":"zattoo.com","tls": {"version":"TLSv1.2","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","ja4":"t12d020300_798dd72d0aaa_b23915e3e4f5","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2","blocks":0}}} +01792{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148234343,"flow_dst_last_pkt_time":1614851148235031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":1072,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":1072,"midstream":0,"thread_ts_usec":1614851148235031,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"zattoo.com","domainame":"zattoo.com","tls": {"version":"TLSv1.2","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","ja4":"t12d020300_798dd72d0aaa_b23915e3e4f5","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2","blocks":0}}} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614851148248095,"flow_src_last_pkt_time":1614851148248095,"flow_dst_last_pkt_time":1614851148248095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148248095,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614851148248095,"flow_dst_last_pkt_time":1614851148248095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148248095,"pkt":"5kBKB+riApXG95NLCABFAAAw4b4AAIAGAAAKZQACCmYAAgt4AFAk9NudAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614851148248095,"flow_dst_last_pkt_time":1614851148248527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148248527,"pkt":"ApXG95NL5kBKB+riCABFAAAw4bcAAH8GRUIKZgACCmUAAgBQC3gk9N+yJPTbnnASgAHePQAAAgQFtAMDAQA="} @@ -17,7 +17,7 @@ 01069{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614851148248533,"flow_dst_last_pkt_time":1614851148248907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"thread_ts_usec":1614851148248907,"pkt":"ApXG95NL5kBKB+riCABFAAG84bgAAH8GQ7UKZgACCmUAAgBQC3gk9N+zJPTdL1AYgAGT3gAASFRUUC8xLjAgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDY5MzQ0MjM5NA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAyNTANCkRhdGU6IFNhdCwgMjAgQXVnIDIwMTEgMjM6MzQ6NTkgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjw\/eG1sIHZlcnNpb249IjEuMCI\/PjwhRE9DVFlQRSBjcm9zcy1kb21haW4tcG9saWN5IFNZU1RFTSAiaHR0cDovL3d3dy5tYWNyb21lZGlhLmNvbS94bWwvZHRkcy9jcm9zcy1kb21haW4tcG9saWN5LmR0ZCI+PGNyb3NzLWRvbWFpbi1wb2xpY3k+PGFsbG93LWFjY2Vzcy1mcm9tIGRvbWFpbj0iKiIvPjxhbGxvdy1odHRwLXJlcXVlc3QtaGVhZGVycy1mcm9tIGRvbWFpbj0iKiIgaGVhZGVycz0iKiIvPjwvY3Jvc3MtZG9tYWluLXBvbGljeT4="} 01008{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1614851148248095,"flow_src_last_pkt_time":1614851148254413,"flow_dst_last_pkt_time":1614851148254534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":961,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":5785,"flow_dst_tot_l4_payload_len":2260,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Zattoo","proto_id":"7.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"zattosecurehd2-f.akamaihd.net"}} 01316{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148237771,"flow_dst_last_pkt_time":1614851148238027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1165,"flow_dst_max_l4_payload_len":1072,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":2030,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} -00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1614851148254534} +00842{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":32,"packets-processed":32,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1614851148254534} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915460 bytes -~~ total memory freed........: 6915460 bytes -~~ total allocations/frees...: 114193/114193 +~~ total memory allocated....: 7493086 bytes +~~ total memory freed........: 7493086 bytes +~~ total allocations/frees...: 125925/125925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 1982 chars diff --git a/test/results/default/zoom.pcap.out b/test/results/default/zoom.pcap.out index bb62ec87d..f1e917cfd 100644 --- a/test/results/default/zoom.pcap.out +++ b/test/results/default/zoom.pcap.out @@ -1,8 +1,8 @@ -00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} +00609{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00830{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520466080774,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466209429,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1569520466209429,"pkt":"AQBeAAD7KDc3AG3ICABFAABJ4i8AAAERNFzAqAF14AAA+xTpFOkANQtaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} 01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466209429,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_spotify-connect._tcp.local","domainame":"_spotify-connect._tcp.local","mdns": {}}} @@ -11,16 +11,16 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1569520466316930,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520466355017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1569520466355115,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520466355115,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520466355344,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG95nAqAF1p2PXpNZPEVI+PYNDfog2UoAYECxTkgAAAQEICiWcz4Xh63OkFgMBAgABAAH8AwMNN3rZQIy1W6cxVq6XcSeMK0WraD3DhdYuuqU1GeYt1CAlA\/kunOkhTd5wsEiS6\/3fwP4i6nJuxBCdQo4WkiQHSgCgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhACNwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEABwCMwBHAB8AMwAIABQAEAIoA\/wEAARMAAAASABAAAA1kYXRpLm50b3Aub3JnAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466355344,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466355344,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520466392600,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05\/ZAADUGHKinY9ekwKgBdRFS1k9+iDZSPj2FSIAQAOuJ0gAAAQEICuHrc8olnM+F"} -01482{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":142,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":142,"midstream":0,"thread_ts_usec":1569520466392965,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01448{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":142,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":142,"midstream":0,"thread_ts_usec":1569520466392965,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"dd4b012f7a008e741554bd0a4ed12920","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 00293{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1569520467785843,"packet_id":16,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520467785843} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1569520466531926,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520467811636,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1569520467811636,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520467811636,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569520468207688,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520468207688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520468207688,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520468207688,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01483{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520468207688,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520468207688,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520468207892,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520468207892,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1569520468207892,"pkt":"AQBef\/\/6KDc3AG3ICABFAACaDxkAAAER+CLAqAF17\/\/\/+t7BB2wAhjkTTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520468207892,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520468207892,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} @@ -49,24 +49,24 @@ 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469081864,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520469081864,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} 01217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520469090576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvbAqAF1NMo+7tZQAbuf1vAclW0+lVAYIABOFwAAFgMBAgABAAH8AwOmdJtxNFfMjcfLUUPitDEoY1B0Di2UTNnlfk3BbUb8gQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEAAOAAALbG9nLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEzdAAAABAACwAJCGh0dHAvMS4xABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469116573,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469189810,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469198772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469198772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469200030,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469200030,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01585{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01544{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469210161,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469221116,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469231500,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469231500,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469242043,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469253995,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469264582,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469264582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469274880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469340783,"flow_dst_last_pkt_time":1569520469340783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":263,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469340783,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -110,17 +110,17 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469950703,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470060882,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470061040,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470061040,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} 01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470086807,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAyDAqAF1NMo+xNZRAbvXiDKJch71hFAYIACSLwAAFgMBAgABAAH8AwM713rsHGfD7mJ354PwCuGZwTjUqrrL0CuQ4TzCSd+cxAAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAADAAKAAAHem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABATN0AAAAEAALAAkIaHR0cC8xLjEAFQC7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470022260,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470134646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470134790,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470134790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470165906,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvjAqAF1NMo+7NZSAbv67hZuvPb3MFAYIADjOQAAFgMBAgABAAH8AwObHTBBjptn8M2MO45Zv5ljKTP+98xeE3APrXXUMhcUnQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEQAPAAAMd3d3My56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBM3QAAAAQAAsACQhodHRwLzEuMQAVALYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470197342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470197342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoYcxAAO8G9Fc0yj7EwKgBdQG71lFyHvWE14g0jlAQAAcuWwAAAAAAAAAA"} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01579{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01538{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470278606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470278606,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAo8dBAAO4GZSs0yj7swKgBdQG71lK89vcw+u4Yc1AQAAfaYgAAAAAAAAAA"} -01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01589{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01548{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470350181,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520470350181,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -143,7 +143,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470742847,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470775023,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470775077,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470775077,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470775257,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGESXAqAF11ROQadZTAbug3l1O65\/ugYAYECymXAAAAQEICiWc4KR4fR7ZFgMBAgABAAH8AwPRx3t0AQC89u4npqZep9xPHWEGdKDNX7\/XvDvIBxB6XwAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAYABYAABN6b29tYW0xMDV6Yy56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470775257,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470775257,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1569520470776015,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQ61QAADcRFILAqAEBwKgBdQA14s8APF0wRhSBgAABAAEAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVA=="} 01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742102,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520470776015,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["213.244.140.84,ttl=300"]}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470776773,"flow_dst_last_pkt_time":1569520470776773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470776773,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -151,27 +151,27 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470755397,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470787298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470787406,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470787406,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470787532,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGESbAqAF11ROQaNZUAbsLvIncw8JYaYAYECxC1AAAAQEICiWc4K97WhBHFgMBAgABAAH8AwMlumOwogFlEGJOALeiTken6cU+5C6E0iipQGcv9AdGngAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAYABYAABN6b29tYW0xMDR6Yy56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470787532,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470787532,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470769557,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470790501,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470790590,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470790590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470790730,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGFFjAqAF11fSMVdZVAbvq+zZIyCpTPYAYECxm4gAAAQEICiWc4LJ4gwNrFgMBAgABAAH8AwPOsWIRZYhgC2j87iAcGDuF\/Bs6QMfxdEKwNJwvqjcyKAAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAXABUAABJ6b29tZnI4NXpjLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUApQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470790730,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470790730,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470776773,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470801162,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470801244,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470801244,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470801435,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGFFnAqAF11fSMVNZWAbv57BLnLYr\/FYAYECz3EQAAAQEICiWc4Lx8tQexFgMBAgABAAH8AwOnhWFSZkMidqzMf2GAlFCBDInFtmdcn\/lf0Xn0vzHFbgAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAXABUAABJ6b29tZnI4NHpjLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUApQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470801435,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470801435,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470808123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470808123,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA08HhAADAGMrHVE5BpwKgBdQG71lPrn+6BoN5fU4AQAAv+\/AAAAQEICnh9HvolnOCk"} -01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470810026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470810026,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470810026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470810026,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470812241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470812241,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UEJAADMG0xrV9IxVwKgBdQG71lXIKlM96vs4TYAQAAu5NgAAAQEICniDA4AlnOCy"} -01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470814322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470814322,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470814322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470814322,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470820356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470820356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0SA5AADAG2xzVE5BowKgBdQG71lTDwlhpC7yL4YAQAAsxMQAAAQEICntaEGglnOCv"} -01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470810307,"flow_dst_last_pkt_time":1569520470820993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470820993,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} -01385{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470822146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470822146,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470814549,"flow_dst_last_pkt_time":1569520470822639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470822639,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01668{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470810307,"flow_dst_last_pkt_time":1569520470820993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470820993,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470822146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470822146,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01666{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470814549,"flow_dst_last_pkt_time":1569520470822639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470822639,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470826162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470826162,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0+NxAADMGKoHV9IxUwKgBdQG71lYtiv8V+ewU7IAQAAuz6AAAAQEICny1B8olnOC8"} -01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470828021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470828021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470822425,"flow_dst_last_pkt_time":1569520470829736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470829736,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} -01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470828543,"flow_dst_last_pkt_time":1569520470837019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470837019,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470828021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470828021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01668{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470822425,"flow_dst_last_pkt_time":1569520470829736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470829736,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01666{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470828543,"flow_dst_last_pkt_time":1569520470837019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470837019,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520471147573,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471147573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471147573,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471147573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1569520471147573,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCtGEAAP8Rg4LAqAF1wKgBAcfxADUALsLBHCQBAAABAAAAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAE="} 01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520471147573,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471147573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471147573,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -182,10 +182,10 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1569520471189039,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520471220660,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1569520471220821,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520471220821,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520471221044,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGaODAqAF1bV6gY9ZXAbsw+fmXh4XXdIAYECwk4gAAAQEICiWc4kt2KotLFgMBAgABAAH8AwOzVpYU92e7nLk\/fVgH9DH3k0vHgfUwYGgBmhkxDvYbiwAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAZABcAABR6b29tZnJuOTltbXIuem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471221044,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471221044,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471253409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520471253409,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0XB9AADMGG8ZtXqBjwKgBdQG71leHhdd0MPn7nIAQAAs5sQAAAQEICnYqi2wlnOJL"} -01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471255395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520471255395,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01711{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471255585,"flow_dst_last_pkt_time":1569520471266033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520471266033,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01346{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471255395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520471255395,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01670{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471255585,"flow_dst_last_pkt_time":1569520471266033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520471266033,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1569520471399595,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1569520471399595,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 01051{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520471399595,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520471399595,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02309{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471662963,"flow_dst_last_pkt_time":1569520471590160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3063,"flow_dst_tot_l4_payload_len":8708,"midstream":0,"thread_ts_usec":1569520471662963,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":28227.3,"max":156067,"stddev":40349.6,"var":1628089600.0,"ent":3.8,"data": [31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101]},"pktlen": {"min":52,"avg":420.5,"max":1492,"stddev":552.4,"var":305116.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223]},"bins": {"c_to_s": [10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0],"entropies": [4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} @@ -214,7 +214,7 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520473116083,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1569520473116331,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520473116331,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1569520473121070,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1569520473121070,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDmwAAEARnEPAqAF1bV6gY\/EjImEAS0M9BQ0AAAAMASGOnDkoxEsvqQJwcoIuVvYBAAQDAgAAAAAAAAABAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQ=="} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":217,"global_ts_usec":1673444902645655} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":217,"global_ts_usec":1673444902645655} 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902645655,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902645655} 00517{"packet_event_id":1,"packet_event_name":"packet","packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":167,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":167,"pkt_l4_len":0,"thread_ts_usec":1569520473198709,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJHKGwAA\/xGzEwqGGUMKhA+wCGgIaAB9eUgw\/wBtBJhmXEUAAG316wAAQBEffgqMdSPBeiPtskIiYQBZseADAAAAEg\/+mNIAJy7JAQVA3IMlEZ3S66JjfHMo8enxO0XEN5PMhIeLRp6CXCZ6i5NbikRhcdwrc6d1VElcFx1R+ZHQglXiW8kQjpgMrPMjkQA="} 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902769137,"packet_id":702,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902769137} @@ -309,12 +309,12 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us"}} -01052{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01159{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01232{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520471156543,"flow_dst_last_pkt_time":1569520471156659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520471159604,"flow_dst_last_pkt_time":1569520471159577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":5902,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":317,"global_ts_usec":1673445056996306} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":317,"global_ts_usec":1673445056996306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/697 ~~ skipped flows.............: 0 @@ -323,9 +323,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7246727 bytes -~~ total memory freed........: 7246727 bytes -~~ total allocations/frees...: 115300/115300 +~~ total memory allocated....: 7824385 bytes +~~ total memory freed........: 7824385 bytes +~~ total allocations/frees...: 127034/127034 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 298 chars ~~ json message max len.......: 2404 chars diff --git a/test/results/default/zoom2.pcap.out b/test/results/default/zoom2.pcap.out index e4d22ca03..74f0f112a 100644 --- a/test/results/default/zoom2.pcap.out +++ b/test/results/default/zoom2.pcap.out @@ -1,14 +1,14 @@ -00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} +00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642965458577754,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642965458577754,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1642965458578318,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnAfAqAGykMNJmsOcAbton\/9kKeQPU4AYECyrnwAAAQEICgTY4hFc+vuKFgMBAgABAAH8AwOO2vgf4iUeLHcmin76FetTzif4epe9\/gXN3lJSewaegyB1dTrY0NkEM948B6g5lBQPt8cxp9dWgzj78Ont7RxBygAcEwITAxMBwDAAn8yozKrALwCewCgAa8AnAGcA\/wEAAZcAAAAgAB4AABt6b29tc2pjY3YxNTRtbXIuc2pjLnpvb20udXMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAAAUABQEAAAAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACA4hYQMZ8eDjT1hA6NoNPOI0ed7ZtC8\/eHn4DwMJ5pePwAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458578318,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458578318,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458751640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642965458751640,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA082tAADEGuaCQw0mawKgBsgG7w5wp5A9TaKABaYAQAAsxRAAAAQEIClz6\/DkE2OIR"} -01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1642965458752945,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1642965458752990,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7","blocks":0}}} +01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1642965458752945,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01692{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1642965458752990,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.sjc.zoom.us","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965459595620,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965459595620,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965459595620,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} @@ -43,7 +43,7 @@ 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":98,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965464235467,"flow_dst_last_pkt_time":1642965464220244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":6619,"flow_dst_tot_l4_payload_len":13719,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":66,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460403587,"flow_dst_last_pkt_time":1642965460412418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":2702,"flow_dst_tot_l4_payload_len":61420,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1642965500043016} +00844{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1642965500043016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 342/342 ~~ skipped flows.............: 0 @@ -52,9 +52,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6935908 bytes -~~ total memory freed........: 6935908 bytes -~~ total allocations/frees...: 114525/114525 +~~ total memory allocated....: 7513504 bytes +~~ total memory freed........: 7513504 bytes +~~ total allocations/frees...: 126256/126256 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2208 chars diff --git a/test/results/default/zoom_p2p.pcapng.out b/test/results/default/zoom_p2p.pcapng.out index 29a8e7b31..8c6536e0d 100644 --- a/test/results/default/zoom_p2p.pcapng.out +++ b/test/results/default/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -16,10 +16,10 @@ 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892618882757,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633743872,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSEAAEARTXPAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633744357,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSIAAEARTXLAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842799,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM0AACoBQ7vO91fVwKgMnAMK8UwAAAAARQAASDkhAAAvEV5zwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.315078}} @@ -81,10 +81,10 @@ 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463041,"pkt":"CL6sCxduJjb1W8R1CABFAABInAUAAEARN2fAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463255,"pkt":"CL6sCxduJjb1W8R1CABFAABInAYAAEARN2bAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560468,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1oAACoB1gbO9wr9wKgMnAMKpHQAAAAARQAASJwFAAAvEUhnwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.318754}} @@ -131,7 +131,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6958358 bytes -~~ total memory freed........: 6958358 bytes -~~ total allocations/frees...: 115034/115034 +~~ total memory allocated....: 7535954 bytes +~~ total memory freed........: 7535954 bytes +~~ total allocations/frees...: 126765/126765 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 575 chars ~~ json message max len.......: 2326 chars diff --git a/test/results/default/zug.pcap.out b/test/results/default/zug.pcap.out index 370f6d04b..84bd8209d 100644 --- a/test/results/default/zug.pcap.out +++ b/test/results/default/zug.pcap.out @@ -1,9 +1,9 @@ -00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1683726609201364} +00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1683726609201364} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683726609201364,"flow_src_last_pkt_time":1683726609201364,"flow_dst_last_pkt_time":1683726609201364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683726609201364,"l3_proto":"ip4","src_ip":"197.130.35.95","dst_ip":"163.40.238.205","src_port":39594,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1683726609201364,"flow_dst_last_pkt_time":1683726609201364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683726609201364,"pkt":"PHc4rUOjRjCuBxptCABFAACWud1AAD8RBqLFgiNfoyjuzZqqSjgAgtArAHpVRxCuoEEAbrwqaLJud0OTiHhyfLKFFVbCvCrtUGe+F5gQSvbpXmb4qIr5txtNI2it9UorS+WZDZBwIeQ5MAMovy+bzbpDtQjADR\/X00Xy2yhu+HCKdNHybGtd4qcTN7oqNVLanHdek8KKwsNpdl+5ID2OwjmnC\/o="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683726609201364,"flow_src_last_pkt_time":1683726609201364,"flow_dst_last_pkt_time":1683726609201364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683726609201364,"l3_proto":"ip4","src_ip":"197.130.35.95","dst_ip":"163.40.238.205","src_port":39594,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1683727905139157} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":6,"global_ts_usec":1683727905139157} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683727905139157,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683727905139157,"pkt":"ADsD+gOwwddEBmcGCABFAACWhyNAAD8RYULhboJmhZZphqwiSjgAgvi+AHpVRxDNLFMAbko56ORtJSqLUwxPrgwGIggUuNywfxRiepZM3Bwx3bY+8BVqnFyCdoHQQkntnD2zJ8xN53oQhkxs93eG\/hVg1\/ufEnHjZNhcMuQuPWzuuv4beVXiwXdUoVCqf\/UxsEwtNwcIdFr9DD38157zzNXDIqE="} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683727905139157,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -12,18 +12,18 @@ 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1683728060301039,"flow_dst_last_pkt_time":1683728060301039,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683728060301039,"pkt":"PC8MQ7Q\/oefp8FWkCABFAACWcN5AAD8R3nt13MUpLBaE4ZK0SjgAguYLAHpVRxAbTrgAbvoJDZN8SPuKYA6jToxwINwWUyheOmJTC01nkgSRxRd4CIN2aqWnhITmK3ivlTB0RcknBtuEgtDKghDE2I+C7+u97FzPOQs1MGWWxPIDpNlQcWur9ZhJ06AXWq2vzW6kNujD+tJ0TqZSOBxQfLJaj2A="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683728060301039,"flow_src_last_pkt_time":1683728060301039,"flow_dst_last_pkt_time":1683728060301039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683728060301039,"l3_proto":"ip4","src_ip":"117.220.197.41","dst_ip":"44.22.132.225","src_port":37556,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683728060301039,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":366,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1683734952148704} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":366,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1683734952148704} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683734952148704,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":410,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683734952148704,"l3_proto":"ip4","src_ip":"61.59.105.181","dst_ip":"199.24.15.231","src_port":19000,"dst_port":48793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01059{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"thread_ts_usec":1683734952148704,"pkt":"PL0ZovEE4aiDxctrCABFAAG2U1NAAC0RevQ9O2m1xxgP50o4vpkBovNlAZpVRxC5jr8BiLXGWblyHBWcxoOpYgwH4kTPGL7aHsEwcKx1c74DAglO9pd20WBpqnTxF5RPd22hnmf8cCfSPEew2tq2ID\/pvz+xYWxzYAie+sddoMGYgT4m0j4H5eQYAZnQ8q4koB9UuO5PSsYQgT6MNpTWzj1sMuPRuOfoCcg3AzaEr1zRrTjeCqWZURwBzWKZ0nwCfkPo6KzkW0apXm7duuGLCiUJlDrDWkWnymHRPTgm9oyeJOfvmXRvQ1VeTZURwr5RvvgPAWB7mpmmMvpvhKDNNRTAJr2eK6qO\/7Rg+av6CaZYrHaAWaHpBzxU5UT9law2miL0Dn5BjoN6lJaNPpBAlHOYbjQmgOe9q\/UvZWu8BTc96\/0c9Wi97GDGFvMhr3jDI8wfIGPklFnKRBLnUvOmVVzQVHZl29T+21XO0UeurQikFoc43b57UEkjguQY62hg9urUVPSYm9WFdXS4Se6twx2UWwxyFX86KHwsabYhz8i2ojFKhTAFpcMbOu3SXGmEAgvB0E+nb1XMOhAsOd\/7SopEDAc="} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683728060301039,"flow_src_last_pkt_time":1683728060301039,"flow_dst_last_pkt_time":1683728060301039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683734952148704,"l3_proto":"ip4","src_ip":"117.220.197.41","dst_ip":"44.22.132.225","src_port":37556,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683727905139157,"flow_src_last_pkt_time":1683727905139157,"flow_dst_last_pkt_time":1683727905139157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683734952148704,"l3_proto":"ip4","src_ip":"225.110.130.102","dst_ip":"133.150.105.134","src_port":44066,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1683795503095835} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":4,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1683795503095835} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683795503095835,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"173.46.102.72","dst_ip":"204.88.149.147","src_port":41686,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683795503095835,"pkt":"PJFY\/pn8Dhcrg4b+CABFAACWnT5AAD8RKLatLmZIzFiVk6LWSjgAgjsSAHpVRxDd\/acAaQ4plwDYFUdWOYeEaXSTXIBIwsYDLUQ0OSZRywj7O\/WCbwHaVDgLSFtQJg5pLRNOhdzPnMXjvlwE4K+rOpVm64NE32P3xvu6V0cqvWSPXmvqJ3F\/s9jaGtOvHM2PTpcwDGyngeBgp4V3xF7PPuTG330="} 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683795503095835,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"173.46.102.72","dst_ip":"204.88.149.147","src_port":41686,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01090{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683734952148704,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":410,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"61.59.105.181","dst_ip":"199.24.15.231","src_port":19000,"dst_port":48793,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683734952148704,"flow_src_last_pkt_time":1683734952148704,"flow_dst_last_pkt_time":1683734952148704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":410,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683795503095835,"l3_proto":"ip4","src_ip":"61.59.105.181","dst_ip":"199.24.15.231","src_port":19000,"dst_port":48793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":898,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1683798207057178} +00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":898,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1683798207057178} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"74.90.102.55","dst_ip":"17.218.251.92","src_port":44370,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1683798207057178,"pkt":"PO2gb2lau3UM5hbzCABFAACWxHdAAD8RuRdKWmY3Edr7XK1SSjgAgrq9AHpVRxCZqrwAbuLdBlzqs+49WsSxb9ohIqmSjrZV2pV8vq23AgVem0\/rjKpdgf5g2d8b7Kic8xqWFoIonx0VNf441J\/GBdbekB8yVCPDyaper6qaispHGCJ9zEXttbVpoxrbg5QERcnV+Yp5zbMNRJdxvYfEDbpVeSg="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"74.90.102.55","dst_ip":"17.218.251.92","src_port":44370,"dst_port":19000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -33,7 +33,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"52.104.45.69","dst_ip":"53.52.158.15","src_port":44174,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"MS_OneDrive","proto_by_ip_id":221,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683798207057178,"flow_src_last_pkt_time":1683798207057178,"flow_dst_last_pkt_time":1683798207057178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"74.90.102.55","dst_ip":"17.218.251.92","src_port":44370,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1683795503095835,"flow_src_last_pkt_time":1683795503095835,"flow_dst_last_pkt_time":1683795503095835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1683798207057178,"l3_proto":"ip4","src_ip":"173.46.102.72","dst_ip":"204.88.149.147","src_port":41686,"dst_port":19000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ZUG","proto_id":"415","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1142,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1683798207057178} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/zug.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1142,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":36,"global_ts_usec":1683798207057178} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6922134 bytes -~~ total memory freed........: 6922134 bytes -~~ total allocations/frees...: 114211/114211 +~~ total memory allocated....: 7499730 bytes +~~ total memory freed........: 7499730 bytes +~~ total allocations/frees...: 125942/125942 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 613 chars ~~ json message max len.......: 1095 chars diff --git a/test/results/disable_aggressiveness/ookla.pcap.out b/test/results/disable_aggressiveness/ookla.pcap.out index 7d942d404..98e96f167 100644 --- a/test/results/disable_aggressiveness/ookla.pcap.out +++ b/test/results/disable_aggressiveness/ookla.pcap.out @@ -1,4 +1,4 @@ -00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":21,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -31,15 +31,15 @@ 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":71,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1679653269892307} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1679653269908388,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269908388,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0d9xAAEAGx6LAqAGAaBDRDL7WAbvTK4fea1RAWIAQAfZrSQAAAQEICo25BcBAz3Kn"} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1679653269910213,"pkt":"ILAB4IZiPKn0qB\/sCABFAAI5d91AAEAGxZzAqAGAaBDRDL7WAbvTK4fea1RAWIAYAfa4FAAAAQEICo25BcJAz3KnFgMBAgABAAH8AwOTb4oxeXvjc\/45zkuVq4G3Zgn7TLoS1mljZT9BkHGn2CDtXOYXkAvuYV+YZrFG8XIpj5iT35mrgepNsvEywjPasgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuc3BlZWR0ZXN0Lm5ldAAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA0PGs+cvY7SZzZ7ub5BC\/x6sXI+NPwgqK8CA+8hBBoUAAXAEEE8gwagQRgBRZQFjLsDlZBIDoi55K5OCyygtEfRg6ZTvyJ0PS0\/RImIv79eDtxwURuWaTzp0u6GF0tY0r+YgsRoAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269910213,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269924034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653269924034,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0tiRAADkGkFpoENEMwKgBgAG7vtZrVEBY0yuJ44AQAAhrHwAAAQEICkDPcriNuQXC"} -01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269910213,"flow_dst_last_pkt_time":1679653269928207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1679653269928207,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.speedtest.net","domainame":"www.speedtest.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01164{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069114050266,"flow_dst_last_pkt_time":1491069114084923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":1434,"flow_dst_tot_l4_payload_len":1546,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"massarosa-1.speedtest.welcomeitalia.it"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069115874461,"flow_dst_last_pkt_time":1491069115908957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":1679653269948533,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306712675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306712675,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,12 +47,12 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1679653306712675,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653306719019,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGuYlZYGyqwKgBgB+Qi\/ZNWoqZHmeg66AScSCZvQAAAgQFtAQCCApaPwmg5DYp\/AEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1679653306719028,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306719028,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA0211AAEAG1zPAqAGAWWBsqov2H5AeZ6DrTVqKmoAQAfY3rQAAAQEICuQ2KgNaPwmg"} 01409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_usec":1679653306722610,"pkt":"ILAB4IZiPKn0qB\/sCABFAAKo215AAEAG1L7AqAGAWWBsqov2H5AeZ6DrTVqKmoAYAfbO\/gAAAQEICuQ2KgZaPwmgFgMBAm8BAAJrAwP259mDz8GEpoy1f+OzLC\/9thLG4EqdLGdZzXCGK9Q4uiBQNxCTYiOnTdmODfCjz\/77scOJabNQfOM8CXn\/Kv428AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAgAAAAAjACEAAB5zcGQtcHViLW1pLTAxLTAxLmZhc3R3ZWJuZXQuaXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCmIGoQSjFxbhP0oQ2mf3jldqLVT4IJ26DAHB\/y9dgXLwAXAEEE8z8E+HP3NhUI\/F3JutRCkkZAA38B+4XEE0qHvfJW\/ErxaU6ku0G019ynBdDwM0s6b8hWwbPTFIbOGQegCvJDQAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwB8AhNezxWqfHNqTai25upcAXujZ45XM67IJ06apg7LqGTJweebMuDRIw07Sj31fESMcFNp17AprOYwSXu+YS9IV7JhT9qQ4OZmstow1igpGfzEfe\/xOI8FkLjugMpGDY1pCU3HpxsD9EoT1P15QOhLf1dMPMUABrcy7YEdQeCwvbp2qZm8hgV1Lh+SnlNLe9mxhXktl5gH4Z6wg4QeX0rx2IRHvSjtKcrCLpyghx76lSgi1P+ZDn7AN\/VgIhiOzujGKo4YAISC+J4uYrIYL20ogu5h0JOx5bT1YAelSKoit\/6udwZ+98w=="} -01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01376{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306719019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653306722610,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1679653306727552,"pkt":"PKn0qB\/sILAB4IZiCABFAAA0gz1AADkGNlRZYGyqwKgBgB+Qi\/ZNWoqaHmejX4AQAO02NQAAAQEIClo\/CarkNioG"} -01460{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01419{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653306722610,"flow_dst_last_pkt_time":1679653306727563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":628,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1679653306727563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","domainame":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":113,"packets-processed":113,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7078439 bytes -~~ total memory freed........: 7078439 bytes -~~ total allocations/frees...: 114343/114343 +~~ total memory allocated....: 7656103 bytes +~~ total memory freed........: 7656103 bytes +~~ total allocations/frees...: 126076/126076 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 1484 chars diff --git a/test/results/disable_metadata/sip.pcap.out b/test/results/disable_metadata/sip.pcap.out deleted file mode 100644 index 31b4e2cc7..000000000 --- a/test/results/disable_metadata/sip.pcap.out +++ /dev/null @@ -1,74 +0,0 @@ -00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} -00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} -00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_usec":1120469572981006,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYWY1NjZiZTE4MjA3MDA4NGM2Zjc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} -01423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_usec":1120469590259876,"pkt":"ADBUADRWAODtAW69CABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MyIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWFmNTY2YmUxODIwNzAwODRjNmY3NDA3MDZiYiIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9ImJkNzlmZWNhZTYwMGEyZWI3OWQzN2VjNzMyMTQ4MzBiIg0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} -00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469590405967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_usec":1120469590405967,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/U8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzgtNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"} -00979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469590455801,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_usec":1120469590455801,"pkt":"AODtAW69ADBUADRWCABFAAF2AABAADcRirfU8iEjwKgBAhPEE8QBYot4U0lQLzIuMCA0MDMgV3JvbmcgcGFzc3dvcmQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDY5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04ZTk0OGIwDQpUbzogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODUtMTcwMWFmOTgtNTFhNjViMzQwDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjINCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} -00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469680188467,"flow_dst_last_pkt_time":1120469680330692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":486,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":1624,"midstream":0,"thread_ts_usec":1120469680330692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469847669186,"flow_dst_last_pkt_time":1120469847809339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":2601,"midstream":0,"thread_ts_usec":1120469847809339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469938910409,"flow_dst_last_pkt_time":1120469939047813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":3908,"flow_dst_tot_l4_payload_len":3578,"midstream":0,"thread_ts_usec":1120469939047813,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":21,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470002992221,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4598,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470002992221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049188993,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARyuzAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1120470049696866,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049696866,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470050699023,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1120470051405231,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQLzIuMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIElOVklURQ0KU2VydmVyOiBTaXAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xMiAoaTM4Ni9saW51eCkpDQpDb250ZW50LUxlbmd0aDogMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ9MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYV9jbnQ9PTEiDQoNCg=="} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470032084958,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4603,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470051405231,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01016{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1120470083308013,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1120470083308013,"pkt":"ADBUADRWAODtAW69CABFAAGTaoEAAIARzJjAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470085961798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":5813,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470100322200,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4613,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -02300{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470268180956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470268180956,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8864,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470268180956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470315341351,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":57,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470315341351,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8874,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470315341351,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} -00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":25,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470966606422,"flow_dst_last_pkt_time":1120470966601590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":17169,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1120470966606422,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="} -00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985418358,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="} -00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985421891,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} -00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1120470985427557,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985427557,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+sB4emFkcGBneMvv7+rslZHu5OLqkpKdkpCUlZGcnpuHh4GAgoODgYGGhoGBgIGDg4GAhoSFhZ6ZhYSFhYeHhoWFhICCgIOBmJyQnZ+Yn5CW6u7s6e7ol+ji7vrcWtzJ8\/Lz9ujq7u6XkZaWkZ2Ym5iFh4aGhZyemZ6fmZ+fk5OfhYeEk5STk5eU6fj3T1hDVM9BQg=="} -00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1120470985429664,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985429664,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAAB1g3lstxRH1wVt719vLg7uHxw3h4ZGRhfE9UWV\/Rz+Dt5\/PklJOUlJXt4uzx+Pjm5PPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX6u7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="} -00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470986363611,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1120470986363611,"pkt":"ADBUADRWAODtAW69CABFAACEbAUAAIARFqPAqAEC1PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAA="} -00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471018723316,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19699,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471018881832,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471065350255,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19709,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471065350255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -01099{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 112/112 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 44455 bytes -~~ total detected protocols..: 3 -~~ total active/idle flows...: 4/4 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918220 bytes -~~ total memory freed........: 6918220 bytes -~~ total allocations/frees...: 114288/114288 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 622 chars -~~ json message max len.......: 2305 chars -~~ json message avg len.......: 1462 chars diff --git a/test/results/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/disable_metadata/tls_verylong_certificate.pcap.out deleted file mode 100644 index 89d673eab..000000000 --- a/test/results/disable_metadata/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,29 +0,0 @@ -00638{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} -00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} -00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} -01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01246{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -03889{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","notafter":"2020-08-29 17:19:32","ja3":"","ja3s":"","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} -01048{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 48/48 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 19077 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7109929 bytes -~~ total memory freed........: 7109929 bytes -~~ total allocations/frees...: 114329/114329 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 571 chars -~~ json message max len.......: 3894 chars -~~ json message avg len.......: 2149 chars diff --git a/test/results/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/disable_metadata_and_flowrisks/sip.pcap.out new file mode 100644 index 000000000..3d19a9661 --- /dev/null +++ b/test/results/disable_metadata_and_flowrisks/sip.pcap.out @@ -0,0 +1,74 @@ +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} +00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} +01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=903df0a","to":""}}} +01177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_usec":1120469572981006,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYWY1NjZiZTE4MjA3MDA4NGM2Zjc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} +01437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469572981006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_usec":1120469590259876,"pkt":"ADBUADRWAODtAW69CABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MyIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWFmNTY2YmUxODIwNzAwODRjNmY3NDA3MDZiYiIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9ImJkNzlmZWNhZTYwMGEyZWI3OWQzN2VjNzMyMTQ4MzBiIg0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} +00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469590405967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_usec":1120469590405967,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/U8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzgtNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"} +00993{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1120469590259876,"flow_dst_last_pkt_time":1120469590455801,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_usec":1120469590455801,"pkt":"AODtAW69ADBUADRWCABFAAF2AABAADcRirfU8iEjwKgBAhPEE8QBYot4U0lQLzIuMCA0MDMgV3JvbmcgcGFzc3dvcmQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDY5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04ZTk0OGIwDQpUbzogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODUtMTcwMWFmOTgtNTFhNjViMzQwDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjINCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} +00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469680188467,"flow_dst_last_pkt_time":1120469680330692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":486,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":1624,"midstream":0,"thread_ts_usec":1120469680330692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469847669186,"flow_dst_last_pkt_time":1120469847809339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":2601,"midstream":0,"thread_ts_usec":1120469847809339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469938910409,"flow_dst_last_pkt_time":1120469939047813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":3908,"flow_dst_tot_l4_payload_len":3578,"midstream":0,"thread_ts_usec":1120469939047813,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":21,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470002992221,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4598,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470002992221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049188993,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARyuzAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} +01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":"\"arik\" ;tag=6433ef9","to":""}}} +01626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1120470049696866,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049696866,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} +01626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470050699023,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} +01326{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1120470050699023,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1120470051405231,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQLzIuMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIElOVklURQ0KU2VydmVyOiBTaXAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xMiAoaTM4Ni9saW51eCkpDQpDb250ZW50LUxlbmd0aDogMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ9MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYV9jbnQ9PTEiDQoNCg=="} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470032084958,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4603,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470051405231,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01030{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1120470083308013,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1120470083308013,"pkt":"ADBUADRWAODtAW69CABFAAGTaoEAAIARzJjAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470085961798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":5813,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470100322200,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4613,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00860{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02314{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470268180956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470268180956,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8864,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470268180956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470315341351,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":57,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470315341351,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8874,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470315341351,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00992{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":69,"packets-processed":68,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} +00992{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00992{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":25,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470966606422,"flow_dst_last_pkt_time":1120470966601590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":17169,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1120470966606422,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="} +00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985418358,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="} +00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985421891,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} +00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","stream_content":"Audio"}} +00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1120470985427557,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985427557,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+sB4emFkcGBneMvv7+rslZHu5OLqkpKdkpCUlZGcnpuHh4GAgoODgYGGhoGBgIGDg4GAhoSFhZ6ZhYSFhYeHhoWFhICCgIOBmJyQnZ+Yn5CW6u7s6e7ol+ji7vrcWtzJ8\/Lz9ujq7u6XkZaWkZ2Ym5iFh4aGhZyemZ6fmZ+fk5OfhYeEk5STk5eU6fj3T1hDVM9BQg=="} +00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1120470985429664,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985429664,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAAB1g3lstxRH1wVt719vLg7uHxw3h4ZGRhfE9UWV\/Rz+Dt5\/PklJOUlJXt4uzx+Pjm5PPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX6u7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="} +00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470986363611,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1120470986363611,"pkt":"ADBUADRWAODtAW69CABFAACEbAUAAIARFqPAqAEC1PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAA="} +00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471018723316,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19699,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471018881832,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471065350255,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19709,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471065350255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +01113{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":112,"packets-processed":112,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 112/112 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 44455 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7495816 bytes +~~ total memory freed........: 7495816 bytes +~~ total allocations/frees...: 126019/126019 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 636 chars +~~ json message max len.......: 2319 chars +~~ json message avg len.......: 1476 chars diff --git a/test/results/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..71b90a29b --- /dev/null +++ b/test/results/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out @@ -0,0 +1,29 @@ +00652{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00873{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} +01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} +01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +04005{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} +02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} +01062{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} +00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata_and_flowrisks\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 48/48 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 19077 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7687525 bytes +~~ total memory freed........: 7687525 bytes +~~ total allocations/frees...: 126060/126060 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 585 chars +~~ json message max len.......: 4010 chars +~~ json message avg len.......: 2211 chars diff --git a/test/results/disable_protocols/dns_long_domainname.pcap.out b/test/results/disable_protocols/dns_long_domainname.pcap.out index c9d540009..c450cc546 100644 --- a/test/results/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/disable_protocols/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ -00634{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00634{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","domainame":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com"}} -00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +00859{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":2,"packets-processed":2,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907695 bytes -~~ total memory freed........: 6907695 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485291 bytes +~~ total memory freed........: 7485291 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 620 chars ~~ json message max len.......: 1283 chars diff --git a/test/results/disable_protocols/pluralsight.pcap.out b/test/results/disable_protocols/pluralsight.pcap.out index 1db38fb0f..056109a8a 100644 --- a/test/results/disable_protocols/pluralsight.pcap.out +++ b/test/results/disable_protocols/pluralsight.pcap.out @@ -1,62 +1,62 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373355952549,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139861,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqW9AAOAGNyw2RbwSwKgBgAG7ppJ9QO7TOZprmoAQAG5jngAAAQEIClIxHsWK+PqXFgMDAEYCAABCAwOA5WC3JqevYzzUx7sAgkcnkWLtUg1Xcif8LAl\/TJHvdQDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDFCsLABQnABQkAAa\/MIIGuzCCBaOgAwIBAgIIRQTgxdAUfGQwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwNTAyMTYwMjA4WhcNMjIwNzAxMjM0MjI4WjA\/MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGjAYBgNVBAMMESoucGx1cmFsc2lnaHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSJg4wZgzdbbQJBQZhpcu6kt1yALpBEwdrVeNm1058LHSvcFCpcQ7k2VflDO787iBTgMlrfWy2xPSA7dEEi3sWmGvwZhI42laHi\/cRXRuYGgAg+p5ED1\/KI4VgH0+\/DEDlJmdBUPV4w70Lzu\/VFvb5N6Kw9OPAje4RaJcjYC6fjHvQDyP8IefKIgkzP\/J68B00drY5eqZcv63b1GwhRozV7ChHkjNJwACK6ZKNc1d65kuAAQlO8yxZbKqqIP8vsHzhwdrLvF2OkMFV9i\/YcFzJmEwdUHpo2qHLQXdNUUdz0lxCntTc5uG8AFLCsuVyzRahyj9I2frvleD\/hGr412owIDAQABo4IDQzCCAz8wDAYDVR0TAQH\/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH\/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0xOTI1LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG\/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMC0GA1UdEQQmMCSCESoucGx1cmFsc2lnaHQuY29tgg9wbHVyYWxzaWdodC5jb20wHQYDVR0OBBYEFHGsEKvGACoriNxVjIM6FsyWy5xFMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXHWH6HXAAAEAwBHMEUCIQCdq2ML0Jumv\/iwktHg9EsmJGw6zFWoVcwtyGu\/OquCpwIgJNt1t1fAS5zanYUHVg1aMgxKZxKpYR6jQNCINKhMD8EAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXHWH6eYAAAEAwBHMEUCIQDOz0qVjezJW1dWI7uBCCgp8Vare8XuroiKxVinR889OwIgTBWtS\/mx69sNFk2T86UGhx90X2tLUGINGtaF04Pqrs0AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMA="} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139917,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139917,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqXBAAOAGNys2RbwSwKgBgAG7ppJ9QPR7OZprmoAQAG5r5gAAAQEIClIxHsWK+PqX75SYVdaJ0N0AAAFx1h+p5gAABAMARzBFAiArTqTaTNvTVBxKcE\/cBnjdmdOpwF7wOjcm630XBESqNQIhAP9I\/m28a30n87OXSSWJMlzY0ZubLGqcj8tRe9nxjdH6MA0GCSqGSIb3DQEBCwUAA4IBAQArJTxpGLwd+6RFESgocdVAaUnnWVF05CS6VyiI\/I\/6hlgY98VaPMbYAUs625+z4QW6RINrj\/dBbui4MFxolC+9fx01MHlq8FWGhd6ATKhv9SsO39\/E7GyBeHsdEDqXs5\/rAOwx7YkF9iaJEzlt9DxDaybhln4vlGlbk4WSRU8XJJEXZcvvMBDpLw2v2xC1PTQ+qQYru7XvN8uqc5qpIflenl6uZn8fv8mM9AIofo2gd0QTddupk+TbkOroHXLBf9I4mGcXV7ofNOZhiVDQs179yI7PbSfDz\/HBeL8engijD\/xuPLda37wCjIJ07hx0Z0ehQNPvZtHGLsnh96sdovIjAATUMIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v\/z5lz4\/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK\/6AYZ15V8TPLvQ\/MDxdR\/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR\/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv\/oV9PBO9sPpyIBslQj6Zz91cxG7685C\/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6Enrg="} -01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} +01675{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","domainame":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357854664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357854664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357861427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357861427,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357870317,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357870481,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357870481,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357870481,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357879338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="} 01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357879453,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357879453,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357879453,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357887214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwy7JAADkG3ZGSSz7QwKgBgAG7px6MpPZpf\/N244AQAQnCdgAAAQEICkLpCKmuLco3FgMDAFICAABOAwO6XIhZjRsIbZDozpr1cCQJ4YRKyEEKscq5XpJVSzbGlADALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDCzYLAAsyAAsvAAZzMIIGbzCCBVegAwIBAgIQAS9nOSftrM\/NLZrw\/SoL\/DANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UEAxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA1MTAyMzA5NTdaFw0yMjA2MTEyMzA5NTZaMBYxFDASBgNVBAMMCyouaW1naXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM2d7k3mMXLoGZ8dsCzKEv\/iAG7db5OS9zWBDVE3gTu2BP7KvkzsRhp3tj40M5uHOpBk78Onyv05WUN8dlLDCKppJ1MyuTtZ7Js+LE1GTMKOIrO13a9rwuvdYmoe2V4ccVVbXeX34ZVJPDHkMOWMH99sBaFNROtf64LhLu1ng8NBkUjhNzWSfQdrg2G\/BGXVWv5UQf9\/TXXwzGZV+7k\/SIXwWlwMiRImjm2IPCyM7xO9PdPs1F0mep723FE9NdEjZx6bVITNwxRluW8EDNnV2OGfJc4svjsY9F0fTNEehrrkyA78fo0co8gFcYFIfYoFQ8Tx0Ye2nmOI71+eH20DfwIDAQABo4IDeDCCA3QwOQYDVR0RBDIwMIILKi5pbWdpeC5jb22CCyouaW1naXgubmV0gglpbWdpeC5jb22CCWltZ2l4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU6xzs2st5sPHVa9gktTgoye33VTBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQwHwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho\/nwwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABeViLVtAAAAQDAEYwRAIgFJUbp8zRVM2ymHpaBv7zGx+3V0vX1oW8W6pafQNwJIECIF82EX0oLSxMljZcWPIehFSBOYBdc5vOapX2e2OMeIbUAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF5WItWyAAABAMASDBGAiEA76uJqqwZa4Jhk2SQ2jcwQBZYH7n+uyGeoOr2oOiiF0MCIQDtiVL1M\/n0TGXMpgng7tQ="} -01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357887214,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357887214,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357887220,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwy7NAADkG3ZCSSz7QwKgBgAG7px6MpPulf\/N244AQAQkZKgAAAQEICkLpCKmuLco3ahV8ZpdERTsq5aiKCdel9zgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXlYi1c\/AAAEAwBHMEUCIQD88phuR9bgOJ50FssFiYaBo4yrHB5J95ouhbRLpptKlQIgcaHKzP6l2VLeTLrHXQKoXz9kqKD4AiCQzgcvVBxkOhYwDQYJKoZIhvcNAQELBQADggEBACRyUMLxw3XkYr0iGFf7LSN1EpWsOR0qXYUJeSD+gEbwZ6e\/2WbwIcpz7MW0qa2Kp7tFkw9Uh7Cp+zdjYfMQKhzpCp2+Ws0mTcAssCHYkeGkfwBHRVpFnbCnZ7cqA6x5\/ERoiJ6e9ShnTl8gREqPjEe\/kqgGIH6VxnEajqxXNAXu847jy+zUobNrPprEr8sJU1Wn1tZELcR+VzsTicoSUiddXVVqYB7uusn9fYRaNBwA3PFergkTUdpoJjRwrj5fri9mQErJKsKdU+gfusdKByvu6KA3arN\/Gv3F\/C3AwZv02+50jWZTEjyDjcvNw364BTNfQ8iLfDIFMzK\/BFImhL0ABLYwggSyMIIDmqADAgECAhB4AxggzwI286aFGLrvt\/cBMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTIwMDcyODAwMDAwMFoXDTI5MDMxODAwMDAwMFowVTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKzApBgNVBAMTIkdsb2JhbFNpZ24gQXRsYXMgUjMgRFYgVExTIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJp0\/QYg1WB2tVDaYfybSL6DdaL9KMIEKnP0tn3z15ZGtqDjONRzmzZYn09a\/Vc5sXRuEu02evPRsKhrC1C6fp02XmYdgHV9sUiJIhT74j1X1sYezj1puaAA9YtIXhR+kqgmEn9t2P0Nff8s8Jn7vT+xFdcb+qwtgjTlYZYS2qdWfjBcQv6FagKfzJCOxvBTAAKrQyMiBHKlpuZPc5E4sYTr\/Z8e5Dk\/QgeMtSmi+QXMiJN2hffcsYUa2zcdzv4NohbwyxTVu3ZQmuSeUuEZmXf0A+GdqWZ\/kCoXCxw6UKSrTmma9hHJy+LlWii\/4FJzmpgTYtxLiqTf0QLnpCf+8FAgMBAAGjggGFMIIBgTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEJtVy1PHyZ3dKYnZPaA+o9IaP58MB8GA1UdIwQYMBaAFI\/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1yMy5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3M="} -01623{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357887226,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} +01582{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357887226,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","domainame":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} 02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357901597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwx75AADkG4YWSSz7QwKgBgAG7pyYtR\/VMmAavmYAQAQkZkgAAAQEICvWEFyKuLcpAFgMDAFICAABOAwMgeDaCaH+ifl7BHuGkMXIEJdYJhJkayUt39GpkFgu93wDALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDCzYLAAsyAAsvAAZzMIIGbzCCBVegAwIBAgIQAS9nOSftrM\/NLZrw\/SoL\/DANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UEAxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA1MTAyMzA5NTdaFw0yMjA2MTEyMzA5NTZaMBYxFDASBgNVBAMMCyouaW1naXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM2d7k3mMXLoGZ8dsCzKEv\/iAG7db5OS9zWBDVE3gTu2BP7KvkzsRhp3tj40M5uHOpBk78Onyv05WUN8dlLDCKppJ1MyuTtZ7Js+LE1GTMKOIrO13a9rwuvdYmoe2V4ccVVbXeX34ZVJPDHkMOWMH99sBaFNROtf64LhLu1ng8NBkUjhNzWSfQdrg2G\/BGXVWv5UQf9\/TXXwzGZV+7k\/SIXwWlwMiRImjm2IPCyM7xO9PdPs1F0mep723FE9NdEjZx6bVITNwxRluW8EDNnV2OGfJc4svjsY9F0fTNEehrrkyA78fo0co8gFcYFIfYoFQ8Tx0Ye2nmOI71+eH20DfwIDAQABo4IDeDCCA3QwOQYDVR0RBDIwMIILKi5pbWdpeC5jb22CCyouaW1naXgubmV0gglpbWdpeC5jb22CCWltZ2l4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU6xzs2st5sPHVa9gktTgoye33VTBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQwHwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho\/nwwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABeViLVtAAAAQDAEYwRAIgFJUbp8zRVM2ymHpaBv7zGx+3V0vX1oW8W6pafQNwJIECIF82EX0oLSxMljZcWPIehFSBOYBdc5vOapX2e2OMeIbUAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF5WItWyAAABAMASDBGAiEA76uJqqwZa4Jhk2SQ2jcwQBZYH7n+uyGeoOr2oOiiF0MCIQDtiVL1M\/n0TGXMpgng7tQ="} -01378{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357901597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwx79AADkG4YSSSz7QwKgBgAG7pyYtR\/qImAavmYAQAQlntQAAAQEICvWEFyKuLcpAahV8ZpdERTsq5aiKCdel9zgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXlYi1c\/AAAEAwBHMEUCIQD88phuR9bgOJ50FssFiYaBo4yrHB5J95ouhbRLpptKlQIgcaHKzP6l2VLeTLrHXQKoXz9kqKD4AiCQzgcvVBxkOhYwDQYJKoZIhvcNAQELBQADggEBACRyUMLxw3XkYr0iGFf7LSN1EpWsOR0qXYUJeSD+gEbwZ6e\/2WbwIcpz7MW0qa2Kp7tFkw9Uh7Cp+zdjYfMQKhzpCp2+Ws0mTcAssCHYkeGkfwBHRVpFnbCnZ7cqA6x5\/ERoiJ6e9ShnTl8gREqPjEe\/kqgGIH6VxnEajqxXNAXu847jy+zUobNrPprEr8sJU1Wn1tZELcR+VzsTicoSUiddXVVqYB7uusn9fYRaNBwA3PFergkTUdpoJjRwrj5fri9mQErJKsKdU+gfusdKByvu6KA3arN\/Gv3F\/C3AwZv02+50jWZTEjyDjcvNw364BTNfQ8iLfDIFMzK\/BFImhL0ABLYwggSyMIIDmqADAgECAhB4AxggzwI286aFGLrvt\/cBMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTIwMDcyODAwMDAwMFoXDTI5MDMxODAwMDAwMFowVTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKzApBgNVBAMTIkdsb2JhbFNpZ24gQXRsYXMgUjMgRFYgVExTIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJp0\/QYg1WB2tVDaYfybSL6DdaL9KMIEKnP0tn3z15ZGtqDjONRzmzZYn09a\/Vc5sXRuEu02evPRsKhrC1C6fp02XmYdgHV9sUiJIhT74j1X1sYezj1puaAA9YtIXhR+kqgmEn9t2P0Nff8s8Jn7vT+xFdcb+qwtgjTlYZYS2qdWfjBcQv6FagKfzJCOxvBTAAKrQyMiBHKlpuZPc5E4sYTr\/Z8e5Dk\/QgeMtSmi+QXMiJN2hffcsYUa2zcdzv4NohbwyxTVu3ZQmuSeUuEZmXf0A+GdqWZ\/kCoXCxw6UKSrTmma9hHJy+LlWii\/4FJzmpgTYtxLiqTf0QLnpCf+8FAgMBAAGjggGFMIIBgTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEJtVy1PHyZ3dKYnZPaA+o9IaP58MB8GA1UdIwQYMBaAFI\/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1yMy5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3M="} -01621{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} +01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","domainame":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358908144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358908144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358948816,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373358949276,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358988767,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRJAAOUGNN0Sy8k4wKgBgAG7pnpgCgHKF43OUIAQAG7AjQAAAQEICpVe25C7LqGoFgMDAEYCAABCAwONSvORfRK+oCxj36Hg6J2Hj1QoaCg2HEgsIONHMtI7MQDALwAAGgAAAAD\/AQABAAALAAQDAAECABAABQADAmgyFgMDD1QLAA9QAA9NAAbPMIIGyzCCBbOgAwIBAgIQB\/B75x6f37TLIkIFT5mkADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTEwMDEwMDAwMDBaFw0yMjEwMDEyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHDAaBgNVBAMTE3N0dC5wbHVyYWxzaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr0xSOZf6cCydxEcuFpMVtE13xSxgvN+BhmKgaQAFAzHuwpqwKyaYNmuuLH\/VY4kWvt8oOW3wCuzOM+EMY1K7qcL+jle28Q47YlvtlMucVxaWwRNmKApjrDY2t5SUUQdf2joKa3AMbeENJerDPlu+0VGDcQTqWT9piC0Gkf4X3KOy\/pQfvHRbuzGVd27UtimfLJFXU0JlWM+hCFgHHXQ0OsRQGtSRQn7NHHZvcjzGEcKei5SlMP5F+AbeUb0TDvIhz8x1hWofd9DhmJevyeADezC\/ufKEHGqCAV5PP3Z1d2enMQP1jzKpQXhefR9QTTv1Xw+xqOoPmo8RYBDpRcC6HAgMBAAGjggN4MIIDdDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUBvB7mWhufk4oLyHNuYTGk+hRL+IwHgYDVR0RBBcwFYITc3R0LnBsdXJhbHNpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB\/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfD5FpRQAAAQDAEgwRgIhANbj9wEZj1VoGi2UMZnu3XdkngNqGzgH0H+SQhnbt3jmAiEAqwd+SxYB3DbbxtBV\/7joXhChyIF2XFd33lGbzb6QjcEAdwBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXw+RaUVAAAEAwBIMEYCIQDAIrZL2u\/2JggDkhT0JCtofKLodQnV8LO7lcpEm5pVngIhAM0ARgZECXgacp8gNEXiUuDbe\/K5+5FF6yOd5k8zoidrAHYA36Veq2iCTx8="} -01378{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358992536,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRNAAOUGNNwSy8k4wKgBgAG7pnpgCgdyF43OUIAQAG4ZwQAAAQEICpVe25C7LqGobK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfD5FpVkAAAQDAEcwRQIgD\/C+dWI8FNoRd7swKXa4Z3HVOZE6Xo7KLlhYwlDQxUUCIQCORa5g5oY\/p0EanlV0l9hVbXFwuN3kDs7vi8zHYx0FHzANBgkqhkiG9w0BAQsFAAOCAQEAi6q+Yac3NG5zNVZmjOqlgVySNn4urWYHVdnWUcpSV1FJEbUvEiDf6tt46etJ35ZdH6y8l394Q7SRjdYbsn4fD\/+G1nXxjmE4R1M4s9O9PIX353I\/EynAH\/JMAEHRHDLvAMSqCPTBDGQoI\/MgZeEqkZ45e6CE1was5eBG\/IVEv5AISEuq9PMyxIRwHqPEyekxORc5LUg\/jZoUKL9sOGiDWpuM4l2CFZJFEqYf9Qquu5ANUnEjWiMeqiIu55kD1AtVpL5t6znkbU19ECEyuL9lJ\/R1BjOCUDSFpmWLJRHg1pEVTh3mx2+HxqVgJwUWZ8rKriBkPEnLAZJWN54WtrOPrQAEwjCCBL4wggOmoAMCAQICEAbY2QTVWENG9oovp1QifsQwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjEwNDE0MDAwMDAwWhcNMzEwNDEzMjM1OTU5WjBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFLs2VHcLzdT1jb7Jztw2blHzETVK1KZkYfLArsZAflLtzcuQog7d\/jxNCemql6HYKI5RFW2x6fWMJR5yw0DS7SkuFWy\/F5X7O7h8olA3uaUkFmEGBPVxNJ8Og3Z4Pf59NLZ0wiUabfDpkQ7VdRdCbifcfKYi4TG38jiCVTb8E0WACLhP\/4vqdYSSJ7lq2iiJsVvKB83+lRqNWw7TfiNrSCS2K1SZrsx2fW4z7149YSXkTxv3FCfViEA4CxgQH6+coyu7SOJ4cnxSt01KjWl97DZPnKzlOiVrx4F45JAymu+0lPpBW5zvJcGVdta3mnK6InIBO10D1A0yEwB5PqmfUCAwEAAaOCAYIwggF+MBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLdrouqoqoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG\/WwCATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEAgDLOXgvdbloNCq\/h1oTLwI76hXDt2l2zDPcrdUD+hQr68zF4t3BLGolYuoC982sd6X7PC7pYnFnUkNP9bP3QmG23cYJbz20LWgnQe97EQ9gqpN6eQSZfu4+Zy92u4ahvn4c="} -01662{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} +01621{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","domainame":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359576448,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359576448,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359597402,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359600685,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359600685,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359600685,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359621466,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcUA5AADkGH1NoE6J\/wKgBgAG7vzSUVFy13W9PjFAQAEN7JQAAFgMDAHoCAAB2AwP2A+As2n18m0TB8jYY2sY624Si9JzWk3n9xO7CVTKi4CA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHhMBAAAuADMAJAAdACAiOXjhETkQ4gsvJVg73916HOcBZsIAzfHY15rQ215hVQArAAIDBBQDAwABARcDAwfOcAF\/5E51Sf0bJ0BGworKSnQ8uQGhQ+8YRQ8HA7lFgceS0e147fyx2dg\/er0k9EfR4+8g7kA8C5yG0MP0ctVxAi31I1vbQcrFcTG5BRrW+J3BvZAupknRPpB2G0qIOGo3utPvQDdWA3bcXxkc4J9derN0WXMPIDrpeWBwY1IQGQFxfYiER5N1\/u\/Bs9hoxhUa7MKPB1DbN17Dw2+76X9BXfJYTGG2+oe3VURo9b\/CHvqAA7L0EvD4zjBOXSVAEsr4NA1JQ\/tIIVIUtX31vA+LsJzPj5N9gJADJMdt2FyOjyuDHB1F6xleVBsn2uzOA+DCR+u4sHyIKINsJaS\/Wk8Lyo0lA8DzJUTq9LW9zJG4XkGnPJ+lYmXGXbXvzOKn6Q5dO9hAHxG6iBQfQWa5dWCJ6SE7RrXJ+46aA5tjNsE4jdkFrcnChExyvsra\/bDhM7678iRq5nFqST5Au0r5M5ykliVYcCYa45fmWTJjouzh3OzCOLe\/8ddMbsw2A444sU5tduvnkgHpzIRFQwQdYCX6juY5GnGVZ66RFAiruFOq0XQWeRelvFObDZtsNyWqJUkJWSva+PqlQiRvaw976+dwVabEQ8MTycAR\/piLInqJxloBeVfLFvmEV51MdWe+s4tPmHRdwgrA2xUyGbVYNuDTpS6I+4tCd5UP5ktCw3WNNaS8jr6RHVVCawxM4haHVgPtrAO2l5HVKNZtiyL8KpJbQyXWChKWjNEvuvB4uNQbzaRs+lnSHeQNgHfGDVd9dRAwIMZ5tgVIHYwjuSYwIISaLjXDYSasOOVyIsSdR07+XHsofhuZ8VluEqfjaJitPdZ2vMbflj\/qyYnDZyKkv+tXyYThWOL\/Dq4H4QNyHD\/Ap1H0iRDfCgpwuxwWNfDfVn7S0ccy5LvwvLo++Fena1EE2Q1NobG4k3ch19wjk4BMgoYH0frT22KM4kfw+7+Wy+Ppjd5FHjezdnUHv2AHx9zTmN+Nwr+bFFsrbJwnRIlsRV05xxKtaAa4XHXawh3apLnxaUPXW3BLN7lF0CiwUUS6uzy6eyUIf37mQz1u\/zTbAXpjma696kPL2EiRqNLldlWSxDoXSEn\/DFMiGrYpAnexhYlRPUju7yKIRjDYW6sJNfpMyiCyzezIV8ROrKCYUeLsv+ENJ1j0+oBrom1tVBzoSsz6ApwgtYUTNomsCBx+77hYwkdTRswoBo9l+oZy2SgYDMTiUH1TALmuyj56miHHvAfIevP22nFB3piotWvfiOGeTw59T\/qShe9eHBSCK5s2TMkbYcH72BTOXawzSc2pSb0uN0orUwaruxzKBkOJnfLmzdUfNF8jA2TTKfaSxRVehOneQ081r6HjVlARpUaEU2SN8UahiKh8aL8aGIq9inh7cYvLqG2lI767yOrFCLo2umRGqSXA+\/J1utRkHtkqvIW43IiNicTMkQCrkCF37IUkoNFE4rIhv8uaxDJ4Aoaf2tkKsVtDkwAduS81ULSAiec\/tvz\/2uuGWgQo2fxcPHiNp+xEv0VcSqGV\/0jOGUSohk7ar5z7aULgUE\/K6F4Xls5KOhHVPZuY57NwwYmvY19AhBICcLc\/kr+XXMg2xtl9mvGC+MjoIpZbVLL2D2xpgPWQX4DfF5NtProg8W5JEi+MBDKl+\/O2N8hMZrQHnnlSi2VACm4mdXeCwRdwyDXz8VHhslqVyL6VAcDHcAoa5qazxz8ZuprG1OKZQ9Q8pyVkrO4J5dZeNCvGvI6O9rFvHIE48bjRJtkfkew="} -01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359621466,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359621466,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","domainame":"www.pluralsight.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359646502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359646502,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359662167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359662306,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01373{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01332{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 02528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359681609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXciMBAADkGtzFoEdHwwKgBgAG7ruI30m4WyDHTqVAQAEMEpAAAFgMDAHoCAAB2AwPh3f4G6bvkpAQiBlVF27q7BUriTXi+L8W0hRbgEpZaoiDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRhMBAAAuADMAJAAdACA1SyvSQZLLx5CIHv4HSvtmmCUXoZblQcltm9P7V5WpIAArAAIDBBQDAwABARcDAwwzmT+Htjc5hkKanw\/IShWHFSoHCihsxypO2X+bsSjpwMmM9sH5YD79mqbLGND5TLQzhnwEx6cw5hrszrANTqt\/hHmfTxGJHTmIg9d+PzYlznjyJf8kSYA45HzBeXkEMc6uPO4NwiMvO2n78Gu30CV+TWYgfT0b15WA5H9vY9Xu\/V8RFdxMbaKGFia36IyaX5O\/8ke0pBwdrJXOVuqOQhF8CeV8Fh6w3PUEfuYXD4+Ho33B12ArNvK3hYu7A\/s3k2BRfDaPzqCtp086iJx0y39Ho2dJBXgxQFyVWnmnsd20f5YDk4M\/xkmxuKOOOArMJPwKYBoPrXvq3\/JRU2QhZBOxUwgBpJglNvZBrqKKvpCkGjiHYTVStQx9RudFVvC3myuChgy\/1G0vy80sg6Ky+Y\/\/3kNqAM\/tANNu5mQx3WbYrvvfTmDGCU9AYGcppPTP09XJnodaV8\/CkiqTbPMuyCkYqvCI5WwnyGC8WZYpKt+2TazshOiXqO9SL1RHv6Dn8te02a+10maxCvSlAqJBWR1+x+r+ThqQTllwTjIE9ldAyhj8ENZbbjj+ocUdjDQ\/suSJ9GPBe7o5y5U0tgXCBLgkqjGoTeMbYy6LVJn1ShYjby7XjWr1QSKmsm3D5VZ91QCbp8LXn28LvZldZyecaHfl8wO7ipN+ECY2WQUeLyHyxoJRrxRDNi43\/BsYJnohonEepMLiaGMHeGTkbT+FozcpsymnssgPxEzVyGVodKDyDiMtOS2\/4gVH00s+CjiEOvU\/WA2WYO+W0GaBoObQCC8C+wgP8X+9\/Lly4MJ8uYHzwJZULnomHy4Zhu3eO8OaaOD8adiKrmX6nf6RRAu9XTBSP6Pea+PT8ApgiP6cHHICUjEIoh1EKF0UWXUO9dydWy8GNBhCnF52mzdJWkKFMi4\/fZktIi123bVOx\/8O85m8SxP9YAHKNNRoCN75\/KXIi7BsS\/yRQl3sqhWASSR7qZOvy+t0usBhHJ97tgy43o+oXVboG5ECaj0mauoYvu75AmhrEMI5qxh+LSqg+vNZHX32i43L5wOTf5bLMarYHZ2zd3Pg+FItI\/oos+WGxlPPYSigPsvRd0ylS\/YCDOt9L5JYmtpF33miRvOv++1Yk\/XWR5vMXeGReVxoq8ugQklfwnbSUSgD6wAX+kbj8AKGs5ZYuXyk7kqFG\/vMOTQPPCPk\/rCLij28VaGG3XQju7sjATGtsw5czsHJGiGwlP5tELr5hlojoMQrDMZr03CYMBu\/6EmnFBWmF1oJZfg4bGfWGEPfI7OoSqGHyoSay0AIlQVjj+d9f0FDqQ97cabxH0umDoaC\/FKH6X\/yc\/hrjIl4HmRt7VMpQyz2KdTzE8B4vzoujGXvtombEVZZCjytpnXTvHrVZua0Nx6vnYWN6U8hOPTiQzVv6YW6MflR92hbAH3p76MQVsREGfgb9bUAvIi+LGIt8MS39s03IWH5ITKktk1M0EDFu9rxI3fMzRA2+G+N4DZBBqlW0y+82xrp9wlYKMPmZCijkiUoYkreaDPjpGYTvkJAsDo1MY+vTQW3dm5sfsFKLG7cIjM6A3z4yo\/7FFTyhkQz7qkQuhIb45msYMVl46RKf8E4zW5YOVa5yF4IQYePRSUh+e\/LuyeYbl7fd6XURSxrpcv5Ie0Xz51vOk3KidEbdAfwA3A5yNwHZ+P2B22mjmaE\/kNxdDWA\/RSgensrsfzyAwjZrMsqHPSI5rKW2m9kOpusiMUcPgzvTzqRcYx8vb4upSN5jLk="} -01418{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01377{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","domainame":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":44,"packets-processed":44,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6979279 bytes -~~ total memory freed........: 6979279 bytes -~~ total allocations/frees...: 114298/114298 +~~ total memory allocated....: 7556875 bytes +~~ total memory freed........: 7556875 bytes +~~ total allocations/frees...: 126029/126029 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 563 chars ~~ json message max len.......: 2533 chars diff --git a/test/results/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/disable_protocols/quic-mvfst-27.pcapng.out index df4c2a459..15db90432 100644 --- a/test/results/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,13 +1,13 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} 02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464206,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464217,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02280{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918304 bytes -~~ total memory freed........: 6918304 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7495900 bytes +~~ total memory freed........: 7495900 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 635 chars ~~ json message max len.......: 2285 chars diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out index 75951237f..4fd9c2dbf 100644 --- a/test/results/disable_protocols/soap.pcap.out +++ b/test/results/disable_protocols/soap.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00839{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":946731321416000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} @@ -10,7 +10,7 @@ 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} 01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","domainame":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1639054092487860} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","vlan_id":808,"flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} @@ -21,7 +21,7 @@ 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"vlan_id":808,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +00849{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6917245 bytes -~~ total memory freed........: 6917245 bytes -~~ total allocations/frees...: 114189/114189 +~~ total memory allocated....: 7494878 bytes +~~ total memory freed........: 7494878 bytes +~~ total allocations/frees...: 125922/125922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2479 chars diff --git a/test/results/disable_use_client_ip/bot.pcap.out b/test/results/disable_use_client_ip/bot.pcap.out index 1f4f386bf..173cec230 100644 --- a/test/results/disable_use_client_ip/bot.pcap.out +++ b/test/results/disable_use_client_ip/bot.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} @@ -9,7 +9,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","vlan_id":77,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} 02309{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} 01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"vlan_id":77,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"atlanteditorino.it"}} -00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} +00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/disable_use_client_ip\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":402,"packets-processed":402,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6919527 bytes -~~ total memory freed........: 6919527 bytes -~~ total allocations/frees...: 114546/114546 +~~ total memory allocated....: 7497142 bytes +~~ total memory freed........: 7497142 bytes +~~ total allocations/frees...: 126278/126278 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 568 chars ~~ json message max len.......: 2314 chars diff --git a/test/results/disable_use_client_port/iphone.pcap.out b/test/results/disable_use_client_port/iphone.pcap.out index 78aafd130..39f307e5e 100644 --- a/test/results/disable_use_client_port/iphone.pcap.out +++ b/test/results/disable_use_client_port/iphone.pcap.out @@ -1,5 +1,5 @@ -00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} +00627{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00848{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_usec":1582454552576659,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -102,13 +102,13 @@ 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598252419,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598402840,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598404960,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598404960,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"} 01257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598405072,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqn\/AqAIREfi5jMWPAbsN6rbVpgxzC4AYBAuh0wAAAQEIChHf52v26Z7FFgMBAgABAAH8AwN8\/m8PXyQO32u1iV6RcZDnMbTrrPixNIjOuJcPKyu2YCAqbhRZg6XgGUsXaOUau6tuuVwQheEDrsOtyWvnbE4KuAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAAB0AGwAAGHAyNi1mbWZtb2JpbGUuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAqltozl1XctQvleGh0N7IIp3TCS7HFVxwjJhj0\/2bbZgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598405072,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598402840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598405072,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598377826,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598412214,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1582454598412843,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="} 01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598373077,"flow_src_last_pkt_time":1582454598373077,"flow_dst_last_pkt_time":1582454598412843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1582454598412843,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"mesu.apple.com","domainame":"mesu.apple.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.105.202,ttl=15","17.253.53.203,ttl=15"]}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598413932,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598413932,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598414051,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598412214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598414051,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598416547,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598416547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598416547,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598418108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598418108,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -116,7 +116,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598387073,"flow_dst_last_pkt_time":1582454598426588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598426588,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598385187,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598427688,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598447691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598447691,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"} -01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598377826,"flow_src_last_pkt_time":1582454598414051,"flow_dst_last_pkt_time":1582454598449324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598449324,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gspe35-ssl.ls.apple.com","domainame":"gspe35-ssl.ls.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598418108,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598453979,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598416547,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598459069,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598542807,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598542807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598542807,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -127,28 +127,28 @@ 01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598387073,"flow_src_last_pkt_time":1582454598545135,"flow_dst_last_pkt_time":1582454598426588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":131,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598545135,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","proto_id":"7.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Safe","category_id":30,"category":"ConnCheck","hostname":"captive.apple.com","domainame":"captive.apple.com","http": {"url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598545149,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598545149,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"} 01257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598545339,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGYlTAqAIREYICLsWRAbsZOusY368Fo4AYBAtvbAAAAQEIChHf5\/C1T9HeFgMBAgABAAH8AwM6mEOdusbq\/ybUNBuomqShrPK58qj3XjuDYY2EHh6A2yDTYkCcwL+VPEDok15qjRZu79\/9di6dUR8br4F4StJmaAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABsAGQAAFmdzcDg1LXNzbC5scy5hcHBsZS5jb20AFwAAACMAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIN+r0D4xweI5p++PFWedre1z33L6xxisP0vyRpUTwaJfAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598545339,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598427688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598545339,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598546213,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598546213,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"} 01259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598546273,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWTAbsyJO8WaVjUYYAYBAtPcwAAAQEIChHf5\/cAH8DDFgMBAgABAAH8AwOBTBzeu5w1Vp+4geGIpFJ17FWadQ3l1s5HLAc6L2e5gyD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zswA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIPp0HJk26NqhkuEuWSOpHU2lL9tl\/4KvwEcCcIghS34tAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546273,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598453979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546273,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598546318,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598546318,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598546492,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWSAbt\/OqmN8vqp6oAYBAvCpQAAAQEIChHf5\/iK\/qiVFgMBAgABAAH8AwOL0zmb\/pU6qAogKIFd\/Y4fHsvdGFAF8ZjXl6m9+L0uvyBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGFNND5R7cze3Z4nraCyXLPxW4F9FRO9m0bNnjdxh\/Y+AC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546492,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598459069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598546492,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598556458,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598556458,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0f0MAADEGfEMR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6uuGQAAAQEICvbpn14R3+dr"} -01404{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598558094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598558094,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -03577{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598559758,"flow_dst_last_pkt_time":1582454598568201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454598568201,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2","blocks":0}}} +01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598405072,"flow_dst_last_pkt_time":1582454598558094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598558094,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +03536{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1582454598252419,"flow_src_last_pkt_time":1582454598559758,"flow_dst_last_pkt_time":1582454598568201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454598568201,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-fmfmobile.icloud.com","domainame":"p26-fmfmobile.icloud.com","tls": {"version":"TLSv1.2","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2","blocks":0}}} 00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598582484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_usec":1582454598582484,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="} 01222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598542807,"flow_src_last_pkt_time":1582454598542807,"flow_dst_last_pkt_time":1582454598582484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1582454598582484,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","proto_id":"5.143","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.248.176.75,ttl=34","17.248.177.133,ttl=34","17.248.176.40,ttl=34","17.248.176.141,ttl=34"]}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598584084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598584084,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0nTYAADIGrQ0R\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVURAAAAQEICgAfwUQR3+f3"} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598584601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598584601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598418108,"flow_src_last_pkt_time":1582454598546273,"flow_dst_last_pkt_time":1582454598584601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598584601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598545135,"flow_dst_last_pkt_time":1582454598585123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598585123,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jIAADIGTBER\/WnKwKgCEQBQwACbtSzOLJXrtYAQAHVahwAAAQEICh00JSQR3+fp"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598587648,"flow_dst_last_pkt_time":1582454598587648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598587648,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598587648,"flow_dst_last_pkt_time":1582454598587648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598587648,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598589226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598589226,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06hUAADIGyEURggIuwKgCEQG7xZHfrwWjGTrtHYAQAANrugAAAQEICrVP0n8R3+fw"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598590442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598590442,"pkt":"xGGLNYKpxiwDYGpkCABFAAA00AIAADIGekER\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHV62AAAAQEICor+qRgR3+f4"} -01325{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598590958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598590958,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598592070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01675{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3606,"midstream":0,"thread_ts_usec":1582454598592156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51","blocks":0}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598416547,"flow_src_last_pkt_time":1582454598546492,"flow_dst_last_pkt_time":1582454598590958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598590958,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"mesu.apple.com","domainame":"mesu.apple.com","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598592070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01634{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598385187,"flow_src_last_pkt_time":1582454598545339,"flow_dst_last_pkt_time":1582454598592156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3606,"midstream":0,"thread_ts_usec":1582454598592156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsp85-ssl.ls.apple.com","domainame":"gsp85-ssl.ls.apple.com","tls": {"version":"TLSv1.2","server_names":"*.ls.apple.com","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d2614h2_2802a3db6c62_0e42e90cf648","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598587648,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598621600,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598713167,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598713167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598713167,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598713167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598713167,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="} @@ -178,7 +178,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598721885,"flow_dst_last_pkt_time":1582454598721885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598721885,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598723398,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598723398,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598723584,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WUAbuGKOrEAHfVYYAYBAvpygAAAQEIChHf6IhbEwd4FgMBAgABAAH8AwMzFRfGYqEP+F2R9Wbx8vDWDUZY+c8QBvM8\/0aM\/WEb9iAqPOeRwqVGvKjyGH\/94GF\/v\/oQUTEAuuxnTPPcBfvphwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACDRnQWWCbYOcip82sNQrIRN4GlIi3Ilb2X7z1S+9ioubgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598723584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598621600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598723584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598755439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1582454598755439,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="} 01141{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713167,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598755439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1582454598755439,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","proto_id":"5.143","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.icloud.com","domainame":"www.icloud.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["23.45.74.46,ttl=24"]}}} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713214,"flow_dst_last_pkt_time":1582454598756296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_usec":1582454598756296,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="} @@ -190,7 +190,7 @@ 01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713473,"flow_src_last_pkt_time":1582454598713473,"flow_dst_last_pkt_time":1582454598758732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1582454598758732,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"bag.itunes.apple.com","domainame":"bag.itunes.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["95.101.24.53,ttl=23"]}}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713711,"flow_dst_last_pkt_time":1582454598758813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":1582454598758813,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="} 01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713711,"flow_src_last_pkt_time":1582454598713711,"flow_dst_last_pkt_time":1582454598758813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1582454598758813,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"bag.itunes.apple.com","domainame":"bag.itunes.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["95.101.24.53,ttl=23"]}}} -01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598759177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598759177,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598759177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598759177,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713833,"flow_dst_last_pkt_time":1582454598759486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1582454598759486,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"} 01149{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713833,"flow_src_last_pkt_time":1582454598713833,"flow_dst_last_pkt_time":1582454598759486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1582454598759486,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"init.itunes.apple.com","domainame":"init.itunes.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["95.101.24.53,ttl=27"]}}} 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598713588,"flow_dst_last_pkt_time":1582454598760578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1582454598760578,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="} @@ -199,7 +199,7 @@ 01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713413,"flow_src_last_pkt_time":1582454598713413,"flow_dst_last_pkt_time":1582454598760726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":170,"midstream":0,"thread_ts_usec":1582454598760726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"cl4.apple.com","domainame":"cl4.apple.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["104.73.61.30,ttl=15"]}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598766077,"flow_dst_last_pkt_time":1582454598766077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598766077,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598766077,"flow_dst_last_pkt_time":1582454598766077,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598766077,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"} -01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598768102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454598768102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} +01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454598587648,"flow_src_last_pkt_time":1582454598723584,"flow_dst_last_pkt_time":1582454598768102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454598768102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598766077,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598801586,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598721885,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598867837,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454598885958,"flow_src_last_pkt_time":1582454598885958,"flow_dst_last_pkt_time":1582454598885958,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598885958,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -212,21 +212,21 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598888448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454598888448,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598888916,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598888916,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} 01257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598889102,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01289{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598801586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598889102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598892865,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598892865,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598893224,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598893224,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454598867837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598893224,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598925453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598925453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"} -01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598766077,"flow_src_last_pkt_time":1582454598889102,"flow_dst_last_pkt_time":1582454598926093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598926093,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"iphone-ld.apple.com","domainame":"iphone-ld.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1582454598888448,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454598926741,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1582454598934682,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598934682,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454598934804,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598926741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454598934804,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598972842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454598972842,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"} -01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598888448,"flow_src_last_pkt_time":1582454598934804,"flow_dst_last_pkt_time":1582454598974332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454598974332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cl4.apple.com","domainame":"cl4.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599039138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599039138,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"} -01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599041842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599041842,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -04056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599054383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454599054383,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599041842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599041842,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +04015{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454598893224,"flow_dst_last_pkt_time":1582454599054383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5760,"midstream":0,"thread_ts_usec":1582454599054383,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"p26-keyvalueservice.icloud.com","domainame":"p26-keyvalueservice.icloud.com","tls": {"version":"TLSv1.2","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F","blocks":0}}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599054579,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599054579,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1582454599054579,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"} 00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599054579,"flow_src_last_pkt_time":1582454599054579,"flow_dst_last_pkt_time":1582454599054579,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599054579,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -246,10 +246,10 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599225110,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599259226,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1582454599261184,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599261184,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454599261304,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WYAbuypew79Fp1GIAYBAuhcQAAAQEIChHf6p1bEwn1FgMBAgABAAH8AwOqol5kmYHgPoq84\/\/Da6\/5UhNT\/nZAKlLwtuCLeOmg2yA8i7r3+6nZyxj+LpdSSvhjZQ\/dp+uNkXD86w44FnW6iwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACADkr8qMij58U130ShRmVJ57YHqBPAcvleuo4UFzSZLegAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599261304,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599259226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599261304,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599293969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599293969,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0rPkAAC4GWs4R+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6u6vgAAAQEIClsTChkR3+qd"} -01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599295578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599295578,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599297969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599297969,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} +01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599295578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599295578,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454599261304,"flow_dst_last_pkt_time":1582454599297969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599297969,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599396067,"flow_dst_last_pkt_time":1582454599396067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599396067,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599396067,"flow_dst_last_pkt_time":1582454599396067,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454599396067,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599396209,"flow_dst_last_pkt_time":1582454598373420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1582454599396209,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"} @@ -258,19 +258,19 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599396067,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599585460,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1582454599602893,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599602893,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454599603102,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGvlfAqAIREYmmI8WZAbu9h96y\/4UcMIAYBAvDAwAAAQEIChHf7BTKEDlZFgMBAgABAAH8AwMQmWdlc9Dfkc1LTp0B8prq1RD11s0EClXeRC7LPUuboSA7ltXQId7DryBOaTjcsMFd7i63qypbauhtrKXc6bkI8wA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWdzYS5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAALAAkIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgrVr\/fu0h15DcdosIeP8S9EdnaZyYtU\/hcTn61FxtjHIALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599603102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599585460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599603102,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599740262,"flow_dst_last_pkt_time":1582454599740262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599740262,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599740262,"flow_dst_last_pkt_time":1582454599740262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1582454599740262,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599740262,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599774111,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1582454599776186,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599776186,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454599776389,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WaAbsCzUbEtxQHi4AYBAtFmAAAAQEIChHf7JhbEwv6FgMBAgABAAH8AwNJX\/Eg20C+2ys6T03zkHgGLiGZXi9UmQqJ4J0DwpXX4SAQcYer1CdJmG86iQRBRTj9FNUOUTD+JW73wsBQqImhngA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAWHeLk31ojbBM2sakys3+a3F5WQLHPz5v8kP2YwKoSSAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599776389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599774111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599776389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599791465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599791465,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0JhcAACsG70cRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEF4nwAAAQEICsoQOigR3+wU"} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599793104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599793104,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01647{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599794234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1582454599794234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6","blocks":0}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599793104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599793104,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01606{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454599603102,"flow_dst_last_pkt_time":1582454599794234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1582454599794234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gsa.apple.com","domainame":"gsa.apple.com","tls": {"version":"TLSv1.2","server_names":"gsas.apple.com,gsa.apple.com","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d2613ht_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599810214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454599810214,"pkt":"xGGLNYKpxiwDYGpkCABFAAA03G4AAC0GLFkR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6u24QAAAQEIClsTDB0R3+yY"} -01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599811781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599811781,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01757{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599814156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599814156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} +01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599811781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454599811781,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454599740262,"flow_src_last_pkt_time":1582454599776389,"flow_dst_last_pkt_time":1582454599814156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4320,"midstream":0,"thread_ts_usec":1582454599814156,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gateway.icloud.com","domainame":"gateway.icloud.com","tls": {"version":"TLSv1.2","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3s":"1e60202b4001a190621caa963fb76697","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE","blocks":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599929249,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599929249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599929249,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599929249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1582454599929249,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} 01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454599929249,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599929249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454599929249,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -282,9 +282,9 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1582454599934729,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454599967985,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600080813,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600080813,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} 01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600080888,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454599967985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600080888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600115292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600115292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"} -01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600080888,"flow_dst_last_pkt_time":1582454600116695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600116695,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"play.itunes.apple.com","domainame":"play.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":397,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599225110,"flow_src_last_pkt_time":1582454600252426,"flow_dst_last_pkt_time":1582454600287478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1018,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2233,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1582454600287478,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":67409.2,"max":654765,"stddev":146324.1,"var":21410738176.0,"ent":2.9,"data": [34116,36074,120,34743,1609,104,2287,55,140235,397,7279,143339,13,33865,58,1492,19,11,252,423,44,150,34850,6,1213,30,128241,155238,167955,510701,654765]},"pktlen": {"min":40,"avg":299.4,"max":1492,"stddev":449.8,"var":202280.4,"ent":3.8,"data": [64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52]},"bins": {"c_to_s": [9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1],"entropies": [4.410132408,5.160978794,5.101186275,4.520410061,5.142373085,6.747455597,7.544580936,7.534257412,7.316954136,4.932822704,5.009746075,6.044896126,5.671187878,6.038887501,4.985801220,5.024262905,5.722696304,5.781558990,5.543742657,7.804463387,5.504428864,7.447539806,5.482206821,4.932822704,5.457657814,4.988526344,4.974009514,4.894361019,7.697007179,5.009746075,4.521928787,5.089394093]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1582454599934729,"flow_src_last_pkt_time":1582454600290030,"flow_dst_last_pkt_time":1582454600371223,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3458,"flow_dst_tot_l4_payload_len":5165,"midstream":0,"thread_ts_usec":1582454600371223,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25541.8,"max":147307,"stddev":44603.2,"var":1989448704.0,"ent":3.2,"data": [33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566]},"pktlen": {"min":52,"avg":322.1,"max":1492,"stddev":461.1,"var":212650.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1],"entropies": [4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}} 02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":412,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1582454598721885,"flow_src_last_pkt_time":1582454600432880,"flow_dst_last_pkt_time":1582454600398737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":13211,"flow_dst_tot_l4_payload_len":8177,"midstream":0,"thread_ts_usec":1582454600432880,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":109285.4,"max":803512,"stddev":185220.7,"var":34306707456.0,"ent":3.4,"data": [145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245]},"pktlen": {"min":52,"avg":721.0,"max":1492,"stddev":667.3,"var":445284.8,"ent":4.3,"data": [64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492]},"bins": {"c_to_s": [8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0],"entropies": [4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","proto_id":"91.143","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -298,9 +298,9 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1582454600508065,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454600541627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1582454600545275,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600545275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454600545389,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600541627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600545389,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600579000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454600579000,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"} -01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454600508065,"flow_src_last_pkt_time":1582454600545389,"flow_dst_last_pkt_time":1582454600580592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1582454600580592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"sync.itunes.apple.com","domainame":"sync.itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1582454553219847,"flow_src_last_pkt_time":1582454596366527,"flow_dst_last_pkt_time":1582454553219847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}} 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454595354441,"flow_src_last_pkt_time":1582454595354441,"flow_dst_last_pkt_time":1582454595354441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454556158287,"flow_src_last_pkt_time":1582454586170857,"flow_dst_last_pkt_time":1582454556158287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -353,7 +353,7 @@ 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585624880,"flow_src_last_pkt_time":1582454585624880,"flow_dst_last_pkt_time":1582454585624880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454585625038,"flow_src_last_pkt_time":1582454585625038,"flow_dst_last_pkt_time":1582454585625038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1582454599396067,"flow_src_last_pkt_time":1582454600252093,"flow_dst_last_pkt_time":1582454600443725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3842,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} +00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/disable_use_client_port\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":500,"packets-processed":486,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":356,"global_ts_usec":1582454600748726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 ~~ skipped flows.............: 0 @@ -362,10 +362,10 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7564852 bytes -~~ total memory freed........: 7564852 bytes -~~ total allocations/frees...: 115493/115493 +~~ total memory allocated....: 8142466 bytes +~~ total memory freed........: 8142466 bytes +~~ total allocations/frees...: 127225/127225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 544 chars -~~ json message max len.......: 4061 chars -~~ json message avg len.......: 2302 chars +~~ json message max len.......: 4020 chars +~~ json message avg len.......: 2282 chars diff --git a/test/results/dns_process_response_disable/dns.pcap.out b/test/results/dns_process_response_disable/dns.pcap.out index eb87f907d..db46bc370 100644 --- a/test/results/dns_process_response_disable/dns.pcap.out +++ b/test/results/dns_process_response_disable/dns.pcap.out @@ -1,17 +1,17 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} 00312{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00430{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00312{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00601{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com"}} -00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/3 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907700 bytes -~~ total memory freed........: 6907700 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485296 bytes +~~ total memory freed........: 7485296 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 317 chars ~~ json message max len.......: 1117 chars diff --git a/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out index f879d236c..27c360d5b 100644 --- a/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out +++ b/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out @@ -1,17 +1,17 @@ -00651{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00872{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} +00651{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00872{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} -00874{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} +00874{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} 00334{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00334{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00623{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com"}} -00877{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} +00877{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/3 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907700 bytes -~~ total memory freed........: 6907700 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485296 bytes +~~ total memory freed........: 7485296 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 339 chars ~~ json message max len.......: 1128 chars diff --git a/test/results/enable_doh_heuristic/doh.pcapng.out b/test/results/enable_doh_heuristic/doh.pcapng.out index 09d66b090..4f48435cb 100644 --- a/test/results/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/enable_doh_heuristic/doh.pcapng.out @@ -1,16 +1,16 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623220847894289,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847894289,"pkt":"pJGxgjQ53KYyW3JVCABFAAAoGoZAAEAGW6PAqAH9AQEBAYycAbvJgv8C0IDGKVAQAfb7rwAAAAAAAAAA"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1623220847903684,"pkt":"pJGxgjQ53KYyW3JVCABFAAEtGodAAEAGWp3AqAH9AQEBAYycAbvJgv8C0IDGKVAYAfbHEwAAFgMBAQABAAD8AwPoLOpgwE25psercF8dtgS9urXcGuIXWON7hv8MEOxxwCBmK04kA9gzmAQCdEKOzz6ZUSvZIzIKAJ4xNU24mlRHDQAmzKjMqcAvwDDAK8AswBPACcAUwAoAnACdAC8ANcASAAoTAxMBEwIBAACNAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIBKfRS3py5Rs1YQ6EAtEgG+yypeHCfHggy9eoe\/nh6Bu"} -01465{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847916856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847916856,"pkt":"3KYyW3JVpJGxgjQ5CABFAAAoTTlAADgGMPABAQEBwKgB\/QG7jJzQgMYpyYMAB1AQAEL8XgAAAAAAAAAA"} -01516{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01475{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02394{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":120,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6931027 bytes -~~ total memory freed........: 6931027 bytes -~~ total allocations/frees...: 114269/114269 +~~ total memory allocated....: 7508623 bytes +~~ total memory freed........: 7508623 bytes +~~ total allocations/frees...: 126000/126000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 548 chars ~~ json message max len.......: 2399 chars -~~ json message avg len.......: 1411 chars +~~ json message avg len.......: 1409 chars diff --git a/test/results/enable_payload_stat/1kxun.pcap.out b/test/results/enable_payload_stat/1kxun.pcap.out index c1fad9024..7b07192f7 100644 --- a/test/results/enable_payload_stat/1kxun.pcap.out +++ b/test/results/enable_payload_stat/1kxun.pcap.out @@ -1,5 +1,5 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -177,7 +177,7 @@ 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379520893,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104379520893,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1470104379579523,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} -01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} +01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1470104379579704,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379887477,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104379887477,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379903616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -238,9 +238,9 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381238763,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381238800,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381238800,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104381239406,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381240437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381240437,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"} -01587{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01546{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381626995,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381831288,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104381831288,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381895304,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -327,6 +327,7 @@ 01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} +01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390838554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390838554,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"} 01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00964{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390945416,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104390945416,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -366,7 +367,7 @@ 00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile","domainame":"nasfile"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610555,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} -01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} +01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393610744,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610744,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393611090,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393813792,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393813792,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} @@ -405,6 +406,7 @@ 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1470104399854544,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="} +01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:88","identity":"4MNAT","version":"6.35.1 (stable)","software_id":"N538-G04U","board":"RB450G","uptime":2207654912}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104399958731,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -444,13 +446,15 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104402239704,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402239746,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402239746,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104402240297,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402241217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402241217,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"} -01587{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01546{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1470104402518151,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518736,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"thread_ts_usec":1470104402518736,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfUAAAQR9UfAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518845,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"thread_ts_usec":1470104402518845,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624102,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -473,6 +477,7 @@ 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1470104405589893,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104405589893,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClUIAAAAERsvXAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1470104405794164,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:56:47:4F","identity":"IPv6Route","version":"6.35.4 (stable)","software_id":"VS1L-Q18R","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":101135872}}} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104406717230,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -541,9 +546,9 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414301595,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414301595,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414301849,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301849,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104414302554,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414303590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414303590,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"} -01588{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01547{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1470104414395988,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} 01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -598,9 +603,9 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104423247634,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1470104423247712,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423247712,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104423248266,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423249191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423249191,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"} -01588{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01547{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00992{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104403029956,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -686,10 +691,10 @@ 00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air"}} -01140{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01021{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":692,"global_ts_usec":1654385119050609} +00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1654385119050609} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01509{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -724,8 +729,7 @@ 01270{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104382084909,"flow_dst_last_pkt_time":1470104381881083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":3612,"flow_dst_tot_l4_payload_len":6271,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152"}} 01270{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":3,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380928909,"flow_dst_last_pkt_time":1470104380732533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com"}} -00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104433238541,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -739,10 +743,8 @@ 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -01000{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01001{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104431294729,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} @@ -766,8 +768,7 @@ 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420540216,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sonusav"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430476697,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} @@ -833,8 +834,8 @@ 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104394635803,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104422179603,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":650,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} -01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} -01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -849,8 +850,7 @@ 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00946{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402724346,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01255{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145"}} 01260{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144"}} @@ -967,7 +967,7 @@ 02884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1044,7 +1044,7 @@ 02263{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1469,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385147928387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":113644,"midstream":1,"thread_ts_usec":1654385147928387,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":96206.9,"max":899707,"stddev":188732.5,"var":35619966976.0,"ent":3.0,"data": [205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478]},"pktlen": {"min":337,"avg":3651.9,"max":18772,"stddev":4182.9,"var":17496908.0,"ent":4.3,"data": [566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1],"entropies": [5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1654385156800184,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832164,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} 02473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832624,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":4,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaMAAHsGmjWs2RJiwKgCfgBQrVDIz2yiXVm79oAYAQUqYQAAAQEICjsKomxlPCxhRGOWlBMPc8NAU6L0AwXb0xP1hbpNb5QnvHhi14QH7hpA5J0epCNAI3FD6VpnsrglBBzqahPzg4fcrfNXbgrfEbonfkeun55U+msWCvcE1LU7Yio2c8X7OQ+d5X4k+j0B5ep3RiVLjpfR4ocOAYEuhKUB4nGsBURKil10712buRM+PclvqoI1KAUsL0tsAmoUL6HFIPRQdutoJDJyRc5EVtem3kT4dzXrVQepXcBf9GZiP6CftumvxXxrNunGKz5t5cF84x9XP6Y\/7knp+i8Vn86u\/+pqUdKbDToayA7i7UI\/SNaAYv02Kc7c6Qw3+yNRFjGRREinrCl0ixySgNb2ie2qO0RX1shg3FFg0KncbzO5dzF3f5aX+V0m8x5m9vMy\/135ezrze8z8az7Krfvvmbo\/YPa\/VVp5uX\/cl0qZAvu0QInmj91Gdoi5sbbh67vw+xZ+9+D3Hfy+h18Ffj\/A79\/hdx9+sVp43IbHK3xee\/tO+fv1hn6YxlxuL+gQc4uonNQR5FsxNlvSJyv5KZYIIsInUFEXMhTdWeuUqK+b+9aJvfE8E90f0FNKD2D5s8eOM3r0zA31h\/OXpv7YgT\/FvzSOTR4ogVeQW\/z\/uhMsyRlkcqIEZJoe6l5iDcF7EL8zR0Cg6R8Jy2mIL6DHjMlk6u4PZyom6wbQAVo4N0vAs0AXRFVlkY8Vi15ZFvyuY6pGnRArOKwAfhZ3Qdh3sQY7cg+xF\/rHJZ4x5K3VXTfa5J3VNdq4iSZ2iY8It0ER86E4JLehjxJ+hFgc9+ZTd7Lpg0aiAZ9QlHiT+ZjEqx6RF6uL8BeIJ6URJ+lOZTbnmQIQ+efojFAB7f20ZDzZ7f0+KCc5FXx+ZQUDMs6WjsF0Sjgtb0u+PhE2g8zL5DjJygQcVSwGRWsTnTme2hTD0TuGevusrXFvANaijt4+uqsT6hXgRl4BlrluiEkGUb2LfK+d36QdkMnmDJYic6iNBnCWN4CXe+1Eg1w3OqW3ptNx1tep9oL9t9P9Rx6hO7z\/zr+z\/+ckMX3QlaxwR7EuZxZxsF+oy\/JXwrZpvue4xHdi7ghYb5klrfMNsBko3BfquxyDjbasUqLm9UfoBMRhtFHR0E5lXdWrjHQxtwGc+AiMZcAAsyKcQpDI6T7+FIAw9OgDLPg+aoXv3pVxtVtXarBW0d6+rT75795Vrzs+JvlrRg3Syk+9d+\/q150epPXW6kAe7CsP1EmzXwgKfqG36EPrPZiK6V1IPaBEN1zt0SZTd6Xc7setQ719Xi\/03+nQHEA1WDehZvTpIdivAmQlvFd97FWhB6pLpLTfjEARBgxa6G\/yDh9cXXcucT5li4nFNguBmmmSSHeZXr6Sewvfoek4scAoLP8RHjmw2vSx+ZXwLQzm7DIWYgU1f61K4grIJlTy6Ke8Hb4Me8PRHXQJIFKvrrhDe+QA8q6Q2Qq2hM4Pfa0jANBbUMyJGWCp0xGGD1tdN9CqaKvAKAL4qVfRS4b+Ym\/qVeaWs46+7S5nPJbq4lx7AGmtU6+umijlWaoH4F8rV0tPiCuajh+gpKUGb9\/W14xW+clH91X9G5HNRTjirzAVX6kMF\/tfKZtb2zu7e+8\/7B98PDw6Pvn0+fTs\/MvXi2\/fL4llg4DqB+FNrz8Yjsa\/JtPZ\/Pbu\/uF3yShXqrV6o9lSYrqB3ltKYcME5lrYgD\/rP036t0j\/KtdUzK+9sxN+kejgZhNY+SDox1VpnS\/UlcyRnKxkB35ZYKDu+9Ei\/orbEwAl+guAXOD+Ax1pymFWUJ\/YD1q3LCHe2pbuWGn51KIKp5XEkLDfd33Sp16AkyE8IB1y0feaWrm+MKc9hn+EyhcRaU1WtPUwc5lAtTINRvO+g6b7yPvPdVZgJQcrw9Fw3R2MZw8rkek="} @@ -1211,7 +1211,7 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":5,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1654385231918113,"pkt":"tKXvZygQnLbQ0+MzCABFAACf7FpAAEAGOy\/AqAJ+I5wsDaY6AFDzNbjrO3\/xc4AYAfUTYQAAAQEIChlnG+cPV8RmLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogZGUwMS5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1654385232006384,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01695{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01580{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} 01940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} @@ -1237,7 +1237,7 @@ 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1249,7 +1249,7 @@ 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":23,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385178226563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":24480,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":116776,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} -01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} +01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} @@ -1271,7 +1271,7 @@ 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385144960570,"flow_dst_last_pkt_time":1654385145144651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":753,"flow_dst_max_l4_payload_len":1654,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":5796,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1721,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":1721,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} -01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} 01164{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} @@ -1300,18 +1300,18 @@ 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00872{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2427316 bytes -~~ total detected protocols..: 177 +~~ total detected protocols..: 182 ~~ total active/idle flows...: 197/197 -~~ total timeout flows.......: 20 +~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7508660 bytes -~~ total memory freed........: 7508660 bytes -~~ total allocations/frees...: 118823/118823 +~~ total memory allocated....: 8088565 bytes +~~ total memory freed........: 8088565 bytes +~~ total allocations/frees...: 130666/130666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 11864 chars diff --git a/test/results/flow-analyse/caches_cfg/ookla.pcap.out b/test/results/flow-analyse/caches_cfg/ookla.pcap.out index 2d0d5e04a..d7126d6c8 100644 --- a/test/results/flow-analyse/caches_cfg/ookla.pcap.out +++ b/test/results/flow-analyse/caches_cfg/ookla.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,55,46216,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,55,46052,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_cfg/teams.pcap.out b/test/results/flow-analyse/caches_cfg/teams.pcap.out index 55d5d3edf..5dbba2981 100644 --- a/test/results/flow-analyse/caches_cfg/teams.pcap.out +++ b/test/results/flow-analyse/caches_cfg/teams.pcap.out @@ -14,6 +14,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" -1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,668,670898,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,46,33,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,16,0,0,11,27,19,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,78,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 +0,668,669315,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,51,28,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,12,0,0,11,27,23,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,78,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_global/bittorrent.pcap.out b/test/results/flow-analyse/caches_global/bittorrent.pcap.out index 22649fd5e..624f9dd9a 100644 --- a/test/results/flow-analyse/caches_global/bittorrent.pcap.out +++ b/test/results/flow-analyse/caches_global/bittorrent.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.3,198.100.146.9,tcp,52915,60163,finished,12,20,1455469976336620,1455469980135637,1455469980194523,17,0,176,1440,904,20536,1,12043,246997.4,919975,228791.8,52345696256.0,4.4,"176832,184047,360999,337345,477634,919975,779765,619481,619422,156869,158080,151021,161242,12043,185627,163549,148908,165750,153542,19235,148725,12813,146117,495893,130312,32142,133808,27318,421482,129521,27423",66,722.4,1492,635.2,403438.9,4.4,"120,132,611,228,66,176,90,86,1492,69,1166,69,609,81,69,389,69,188,609,1492,1492,1492,1492,1492,188,1492,1492,1492,1492,197,1492,1492","5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1","6.014183998,6.126387119,4.946569443,5.524954319,4.794059277,3.940484047,5.368589878,4.276479721,7.786795139,4.471814156,7.741641998,4.592490196,7.566695690,4.716621876,4.551665783,7.390619278,4.569711208,2.883123636,7.557919025,4.866727352,7.736888409,7.724407196,7.768088341,7.796109200,3.117206812,7.722576141,7.763302326,7.809885979,7.808127880,3.077500105,7.837090492,7.871365547",BitTorrent,37,0,Acceptable,Download,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,164,150428,6341,279641,24,11,13,0,1,0,24,0,0,22,0,88,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,22,0,0,0,0,0,24,0,0,24,0,0,0,24,24,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,164,150428,6341,279641,24,11,13,0,1,0,24,0,0,22,0,88,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,22,0,0,0,0,0,24,0,0,24,0,0,0,24,24,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_global/lru_ipv6_caches.pcapng.out b/test/results/flow-analyse/caches_global/lru_ipv6_caches.pcapng.out index 809712b5c..d3e2ac822 100644 --- a/test/results/flow-analyse/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-analyse/caches_global/lru_ipv6_caches.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,89,92580,14408,846,12,0,12,0,0,0,12,9,0,11,0,41,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,5,1,11,0,0,0,0,0,0,0,0,0,0,0,0,3,0,5,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,8,0,0,0,0,0,13,8,0,0,0,0,0,0,12,0,3,9,0,0,12,12,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0 +0,89,92625,14408,846,12,0,12,0,0,0,12,9,0,11,0,41,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,5,1,11,0,0,0,0,0,0,0,0,0,0,0,0,3,0,5,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,8,0,0,0,0,0,13,8,0,0,0,0,0,0,12,0,3,9,0,0,12,12,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_global/mining.pcapng.out b/test/results/flow-analyse/caches_global/mining.pcapng.out index 1773184eb..3556e8127 100644 --- a/test/results/flow-analyse/caches_global/mining.pcapng.out +++ b/test/results/flow-analyse/caches_global/mining.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.148,94.23.199.191,tcp,46838,3333,finished,17,15,1514196188350524,1514196304559034,1514196304640605,0,0,1448,310,8887,914,0,13,7499954.5,71693099,18613570.0,346464978993152.0,2.4,"80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986",52,358.8,1500,549.1,301531.9,3.7,"60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77","8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0","10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1","4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365",Mining,42,0,Unsafe,Mining,6,DPI,"22" 1,ip4,192.168.2.148,116.211.167.195,tcp,53846,3333,finished,17,15,1514196196437568,1514196705571136,1514196705879789,0,0,1444,310,3127,2699,0,11,32857284.0,170525395,51784400.0,2681624034541568.0,3.4,"308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525",40,223.6,1484,347.6,120860.4,3.9,"60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46","12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1","4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598",Mining,42,0,Unsafe,Mining,6,DPI,"22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,41,37434,146948,30432,4,1,3,0,4,0,4,0,0,4,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,41,37434,146948,30432,4,1,3,0,4,0,4,0,0,4,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_global/ookla.pcap.out b/test/results/flow-analyse/caches_global/ookla.pcap.out index 70ac34a2c..8b5caf727 100644 --- a/test/results/flow-analyse/caches_global/ookla.pcap.out +++ b/test/results/flow-analyse/caches_global/ookla.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,55,43684,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,55,43520,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_global/teams.pcap.out b/test/results/flow-analyse/caches_global/teams.pcap.out index 0afdbce8e..f873c495e 100644 --- a/test/results/flow-analyse/caches_global/teams.pcap.out +++ b/test/results/flow-analyse/caches_global/teams.pcap.out @@ -9,11 +9,11 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",TLS.Microsoft365,91.219,1,Acceptable,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" 1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" -1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,3,DPI (partial),"" +1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Teams,91.250,1,Safe,Collaborative,3,DPI (partial),"" 1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" 1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" -1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,668,642480,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,42,37,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,20,0,0,11,27,19,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 +0,668,640870,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,51,28,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,12,0,0,11,27,27,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/caches_global/zoom_p2p.pcapng.out b/test/results/flow-analyse/caches_global/zoom_p2p.pcapng.out index 9db0b76cb..efb88ad89 100644 --- a/test/results/flow-analyse/caches_global/zoom_p2p.pcapng.out +++ b/test/results/flow-analyse/caches_global/zoom_p2p.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,10.78.14.178,udp,42208,47312,finished,32,0,1666892923321165,1666892923731059,1666892923321165,84,0,84,0,2688,0,0,149,13222.4,52278,15933.9,253890336.0,4.0,"206,27265,11246,7707,6831,1534,149,13289,6864,1707,40450,203,15506,643,33328,247,50821,420,5857,5665,52278,379,7223,2326,22718,234,30994,178,40889,183,22554",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.994051456,4.951597214,4.994051933,4.994051456,4.976194382,4.976194382,4.994051456,4.958336830,4.976194382,4.994051456,4.958336830,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.951597214,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456",Zoom,189,1,Acceptable,Video,6,DPI,"46" 1,ip4,192.168.12.156,10.78.14.178,udp,49579,49586,finished,32,0,1666892923611662,1666892924448503,1666892923611662,84,0,84,0,2688,0,0,338,26994.9,54779,14468.3,209331424.0,4.7,"23783,338,29801,1565,40495,506,22699,46435,8735,38102,43592,20546,19277,34040,24361,41537,21146,25008,31087,47211,23803,22874,54779,5988,45050,14923,26821,31551,48347,23766,18675",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.927000046,4.944857121,4.909142494,4.902402878,4.927000046,4.912628174,4.927000046,4.927000046,4.909142494,4.927000046,4.909142494,4.927000046,4.927000046,4.927000046,4.927000046,4.898025990,4.927000046,4.927000046,4.927000046,4.927000046,4.927000046,4.902402401,4.909142494,4.927000046,4.927000046,4.909142494,4.927000046,4.894771099,4.902402401,4.927000046,4.909142494,4.909142494",Zoom,189,1,Acceptable,Video,6,DPI,"46" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,134,115505,137033,103149,13,0,13,27,4,0,13,3,0,5,0,58,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,0,0,0,0,0,13,0,0,0,11,2,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,134,115637,137033,103149,13,0,13,27,4,0,13,3,0,5,0,58,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,0,0,0,0,0,13,0,0,0,11,2,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/1kxun.pcap.out b/test/results/flow-analyse/default/1kxun.pcap.out index bcdb387aa..a9aa96deb 100644 --- a/test/results/flow-analyse/default/1kxun.pcap.out +++ b/test/results/flow-analyse/default/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1303,1555843,156501,2270815,197,9,188,38,13,6,177,33,14,38,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,166,6,116,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,63,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,177,0,0,0,0,0,37,6,20,0,0,0,0,172,25,0,98,99,0,0,197,177,6,14,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 +0,1303,1555868,156501,2270815,197,9,188,38,13,6,182,33,9,33,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,6,121,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,68,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,32,6,20,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/443-chrome.pcap.out b/test/results/flow-analyse/default/443-chrome.pcap.out index f3e5c2e6c..b446d57b4 100644 --- a/test/results/flow-analyse/default/443-chrome.pcap.out +++ b/test/results/flow-analyse/default/443-chrome.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,7592,1440,0,1,0,1,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,7599,1440,0,1,0,1,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/443-curl.pcap.out b/test/results/flow-analyse/default/443-curl.pcap.out index 19da739ce..568931173 100644 --- a/test/results/flow-analyse/default/443-curl.pcap.out +++ b/test/results/flow-analyse/default/443-curl.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.13,178.62.197.130,tcp,55523,443,info,17,15,1581113120474299,1581113121447770,1581113121447985,0,0,517,1440,899,10128,0,2,62811.5,784064,190271.5,36203257856.0,2.2,"38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248",52,397.2,1492,558.7,312115.0,3.8,"64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492","10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1","4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502",TLS.ntop,91.26,1,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,13788,930,65886,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,13700,930,65886,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/443-firefox.pcap.out b/test/results/flow-analyse/default/443-firefox.pcap.out index 378c85fe6..90547d7d1 100644 --- a/test/results/flow-analyse/default/443-firefox.pcap.out +++ b/test/results/flow-analyse/default/443-firefox.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.13,178.62.197.130,tcp,53096,443,info,15,17,1581109488041083,1581109490061876,1581109490062194,0,0,517,1440,1047,13867,0,2,130384.0,1655693,403949.6,163175268352.0,2.0,"38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243",52,518.7,1492,610.4,372566.0,4.0,"64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016","11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1","4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265",TLS.ntop,91.26,1,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,14036,7675,406398,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,13948,7675,406398,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/443-git.pcap.out b/test/results/flow-analyse/default/443-git.pcap.out index be6ac16da..61d22cc79 100644 --- a/test/results/flow-analyse/default/443-git.pcap.out +++ b/test/results/flow-analyse/default/443-git.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.13,140.82.114.4,tcp,55744,443,info,17,15,1581113657633853,1581113658139408,1581113658139371,0,0,517,1424,850,8277,0,2,32615.3,143502,53225.8,2832981760.0,3.2,"110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227",52,337.8,1476,464.4,215710.4,4.0,"64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52","14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0","0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0","4.341937065,5.174957275,4.831954479,4.223120689,6.954095364,7.397567272,7.645401001,5.014835358,4.976373672,6.355282307,5.929066658,4.937911987,6.952417850,7.419026852,6.223026752,4.937911987,4.976373672,5.637029648,7.370140076,5.726850986,4.937911987,4.937911987,4.899450302,6.443542957,4.976373672,7.866954327,7.624365330,5.014835358,5.014835358,7.857865334,7.532955170,5.014835358",TLS.Github,91.203,1,Acceptable,Collaborative,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,15833,881,31704,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,15710,881,31704,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/443-opvn.pcap.out b/test/results/flow-analyse/default/443-opvn.pcap.out index a5f5ea9c7..5a0961ade 100644 --- a/test/results/flow-analyse/default/443-opvn.pcap.out +++ b/test/results/flow-analyse/default/443-opvn.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.84,192.12.192.103,tcp,52973,1194,finished,17,15,1581153175528454,1581153177970762,1581153177992252,0,0,1440,1440,3449,3196,0,4,158261.5,1160659,364282.7,132701855744.0,2.7,"21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313",52,260.3,1492,407.4,166005.6,3.8,"64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104","7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1","4.398337364,5.141623974,4.810735226,5.491009712,5.116507530,5.561252594,4.971283913,5.772772789,5.078045845,6.141608238,5.116507530,6.862905025,4.887658596,7.272125721,5.704599857,5.040360451,5.785276413,6.812845707,7.438625336,5.154969215,5.830996513,4.908878326,6.252464294,5.009745598,7.575043678,7.235865593,4.971283913,5.734311104,5.063528538,6.235281944,5.217375278,5.826463223",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10084,3974,4543,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10084,3974,4543,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/443-safari.pcap.out b/test/results/flow-analyse/default/443-safari.pcap.out index bb1a1473e..372d4e9e1 100644 --- a/test/results/flow-analyse/default/443-safari.pcap.out +++ b/test/results/flow-analyse/default/443-safari.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.13,178.62.197.130,tcp,53031,443,info,17,15,1581109359601646,1581109360694080,1581109360694172,0,0,328,1440,797,9828,0,2,70482.6,695650,174729.3,30530334720.0,2.6,"38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125",52,384.7,1492,559.6,313139.8,3.8,"64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492","11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1","4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314",TLS.ntop,91.26,1,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,13547,797,16406,1,0,1,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,13459,797,16406,1,0,1,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/4in4tunnel.pcap.out b/test/results/flow-analyse/default/4in4tunnel.pcap.out index 1c69971aa..1c1a65ee6 100644 --- a/test/results/flow-analyse/default/4in4tunnel.pcap.out +++ b/test/results/flow-analyse/default/4in4tunnel.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,9911,0,0,0,0,0,0,0,0,0,0,0,0,5,0,1,0,1,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,17,9911,0,0,0,0,0,0,0,0,0,0,0,0,5,0,1,0,1,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/4in6tunnel.pcap.out b/test/results/flow-analyse/default/4in6tunnel.pcap.out index 5cdf16fd0..9be451507 100644 --- a/test/results/flow-analyse/default/4in6tunnel.pcap.out +++ b/test/results/flow-analyse/default/4in6tunnel.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,9861,316,1464,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,9861,316,1464,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/6in4tunnel.pcap.out b/test/results/flow-analyse/default/6in4tunnel.pcap.out index 0fbae26c4..e4dced906 100644 --- a/test/results/flow-analyse/default/6in4tunnel.pcap.out +++ b/test/results/flow-analyse/default/6in4tunnel.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,174.3.73.24,184.105.255.26,41,,,info,18,14,1444236893450580,1444236901127917,1444236901118187,72,0,276,1877,2127,4797,0,105,494998.2,1005120,454962.0,206990442496.0,4.2,"104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539",92,236.4,1897,383.0,146712.7,4.1,"124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145","0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1","0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0","5.680680275,5.741242886,5.591180325,5.686768055,5.741242886,5.686768055,5.741242886,5.664551258,5.741242886,5.729067326,5.773500919,5.648445129,5.741242886,5.664551258,5.725113869,5.680680275,5.735155106,4.719979763,4.710355759,4.773607731,4.870984077,5.180728912,5.772128105,5.515571117,5.818006039,5.609004974,6.932967663,6.965810776,5.515571117,5.514929771,6.708754063,6.001224995",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10212,11600,24375,1,0,1,0,1,0,0,0,1,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10212,11600,24375,1,0,1,0,1,0,0,0,1,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/6in6tunnel.pcap.out b/test/results/flow-analyse/default/6in6tunnel.pcap.out index 41471c026..db6100ecb 100644 --- a/test/results/flow-analyse/default/6in6tunnel.pcap.out +++ b/test/results/flow-analyse/default/6in6tunnel.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8608,104,0,2,0,2,0,0,0,0,0,2,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,2,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8608,104,0,2,0,2,0,0,0,0,0,2,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,2,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/flow-analyse/default/BGP_Cisco_hdlc_slarp.pcap.out index 080d4d82e..3285d59b5 100644 --- a/test/results/flow-analyse/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/flow-analyse/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7852,76,269,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7852,76,269,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/BGP_redist.pcap.out b/test/results/flow-analyse/default/BGP_redist.pcap.out index f975277d3..33cd387f9 100644 --- a/test/results/flow-analyse/default/BGP_redist.pcap.out +++ b/test/results/flow-analyse/default/BGP_redist.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,9,6562,115,0,1,0,1,0,0,0,1,0,0,0,1,1,1,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,9,6562,115,0,1,0,1,0,0,0,1,0,0,0,1,1,1,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/EAQ.pcap.out b/test/results/flow-analyse/default/EAQ.pcap.out index 5651da7fa..4c7842530 100644 --- a/test/results/flow-analyse/default/EAQ.pcap.out +++ b/test/results/flow-analyse/default/EAQ.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,269,194061,2383,10862,31,2,29,29,0,0,31,0,0,23,0,144,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,31,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,22,0,2,0,0,0,0,31,0,0,2,29,0,0,31,31,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0 +0,269,193861,2383,10862,31,2,29,29,0,0,31,0,0,23,0,144,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,31,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,21,0,2,0,0,0,0,31,0,0,2,29,0,0,31,31,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-analyse/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 50e12b3da..e63f9f51f 100644 --- a/test/results/flow-analyse/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/flow-analyse/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.35.60.100,10.23.1.52,udp,15580,16756,finished,32,0,1228468965434208,1228468966054624,1228468965434208,172,0,172,0,5504,0,0,1438,20013.4,39530,4863.7,23655656.0,4.9,"20823,19142,39530,1438,19970,20000,19294,20526,19616,19873,20995,20283,18519,20415,19722,19948,20367,20228,19700,20355,19296,20527,20111,20020,19630,19979,19869,20276,20190,19810,19964",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1.668765187,1.658265829,1.688265920,1.668265820,1.688265920,1.664491415,1.674491525,1.654990792,1.678265929,1.688265920,1.674491405,2.400679350,2.428031683,2.447857141,2.461457968,2.439298868,2.470501661,2.457857370,2.473841906,2.452007294,2.451812983,2.430955410,2.434056997,2.410386086,2.416019678,2.457857370,2.467857122,2.455026150,2.458799601,2.438038588,2.441251755,2.457820177",RTP,87,0,Acceptable,Media,6,DPI,"" 1,ip4,10.35.40.25,10.35.40.200,udp,5060,5060,finished,16,16,1228468958651923,1228469002203721,1228469002181512,383,0,881,852,9868,8158,0,263,2809077.0,27628387,6895590.0,47549159309312.0,2.5,"1429,5975,263,162733,421,6673080,696,6843298,378,2041486,761,2040704,344,12449,653,131771,424,27628387,388,27585469,481,6913792,703,6841323,326,83992,388,88136,409,19767,961",290,591.3,909,211.9,44888.2,4.9,"905,905,290,290,474,474,811,811,438,438,880,880,411,411,779,779,479,479,446,446,558,558,832,832,350,350,461,461,438,438,909,909","0,0,0,0,0,0,0,0,0,0,0,2,4,2,0,0,0,0,0,0,0,0,0,2,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,2,0,2,0,0,4,2,0,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,1,1,0,0,0,0","5.687162399,5.687162399,5.626669884,5.626669884,5.571601391,5.571601391,5.667925358,5.667925358,5.573338985,5.573338985,5.690092564,5.690092564,5.617296219,5.617296219,5.771171570,5.771171570,5.591165543,5.591165543,5.621240139,5.621240139,5.739367962,5.739367962,5.722489834,5.722489834,5.587724209,5.587724209,5.563357353,5.563357353,5.591295242,5.591295242,5.709114552,5.709114552",SIP,100,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,52,55395,56781,136335,5,0,5,6,3,0,5,0,0,0,0,25,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,52,55748,56781,136335,5,0,5,6,3,0,5,0,0,0,0,25,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/IEC104.pcap.out b/test/results/flow-analyse/default/IEC104.pcap.out index b7f4f9961..c7b56c5f3 100644 --- a/test/results/flow-analyse/default/IEC104.pcap.out +++ b/test/results/flow-analyse/default/IEC104.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,12562,609,0,2,0,2,0,0,0,2,0,0,2,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,17,12562,609,0,2,0,2,0,0,0,2,0,0,2,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out b/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out index 4bfa2478e..ed2d60235 100644 --- a/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out +++ b/test/results/flow-analyse/default/KakaoTalk_chat.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 113,ip4,10.24.82.188,173.252.97.2,tcp,35503,443,info,18,14,1430069026370215,1430069036014563,1430069032269782,0,0,654,1280,1689,3666,0,3723,501416.6,3802978,831986.8,692202045440.0,3.7,"995911,1037903,49316,6684,695526,683563,56000,2329864,2320373,251618,299011,4547,4395,4089,3723,105469,239411,242157,376495,82611,125763,244537,287323,18128,164581,238983,428131,146027,274079,3802978,24719",40,209.0,1320,352.3,124085.1,3.7,"60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116","11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0","4.685176849,4.685176849,4.968303204,4.931687355,5.173561573,5.104666710,4.981687546,4.658042908,5.164632797,4.931687355,6.476998329,4.734184265,7.115762234,4.784183979,6.729174137,4.884183884,6.557168484,4.881687164,5.730113029,4.834184170,7.744181156,4.881687164,5.543020725,4.884183884,7.357668877,4.981687546,5.880825043,4.834184170,6.839711666,4.981687546,5.593678474,6.365212917",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"7" 113,ip4,10.24.82.188,173.252.97.2,tcp,35511,443,info,16,16,1430069036068122,1430069064769263,1430069064804816,0,0,522,1280,1362,3690,0,122,1852833.4,27030701,6601250.5,43576507498496.0,1.5,"41748,45806,2228,39459,11261,448395,183,2868,498749,183,122,36927,124176,229920,321990,23011,161804,229858,405273,183,57404,108246,75989,156006,245086,67993,69489,26937805,56885,27030701,8087",40,198.8,1320,348.1,121165.0,3.7,"60,44,40,224,44,40,1320,1320,1027,40,40,40,162,40,87,40,562,40,69,40,199,312,40,40,78,40,69,40,67,116,40,40","10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1","4.718510151,5.042055130,4.931687355,5.220941067,4.748951435,4.981687069,6.464412689,7.117209911,6.734959602,4.834183693,4.884183884,4.884183884,6.501401424,4.931686878,5.853732109,4.834183693,7.664524555,4.981687069,5.600991726,4.784183979,6.880613327,7.129980087,5.031687260,4.981687069,5.767374516,4.884183884,5.543020248,4.884183884,5.563827038,6.334234238,5.031687260,5.031687260",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"7" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,270,241649,15862,36150,38,8,30,1,3,5,33,33,0,10,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,26,9,16,8,0,0,0,0,0,0,0,0,0,0,0,9,5,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,10,4,14,0,0,0,0,38,0,0,19,18,1,0,38,33,5,0,0,0,0,0,0,4,0,13,2,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,270,240854,15862,36150,38,8,30,1,3,5,33,33,0,10,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,26,9,16,8,0,0,0,0,0,0,0,0,0,0,0,9,5,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,10,4,14,0,0,0,0,38,0,0,19,18,1,0,38,33,5,0,0,0,0,0,0,4,0,13,2,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out b/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out index 71aca5909..56ec8c5b5 100644 --- a/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out +++ b/test/results/flow-analyse/default/KakaoTalk_talk.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 113,ip4,10.24.82.188,110.76.143.50,tcp,32968,8080,info,18,14,1430069163715308,1430069202114386,1430069181143378,0,0,746,852,2452,3072,0,2289,1800875.8,20336762,4155046.5,17264411672576.0,2.9,"141571,151855,11750,244934,5676,231720,5279,268921,267944,260468,295685,6066894,6069489,2289,183686,177368,76049,36560,148072,8359650,8675995,4516,469818,147369,147094,2564,694885,724152,479767,20336762,1138366",52,225.5,904,230.0,52885.8,4.4,"60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238","8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0","4.739262104,5.194311619,5.168681622,5.344344139,5.053296566,7.386932850,5.077241421,7.234003544,7.051656723,7.730213165,7.626702785,5.130219936,7.729208469,5.130219936,7.004224300,7.276331425,5.168681622,5.053296566,6.966996193,5.168681622,7.017478943,5.091758251,6.947218895,5.130219936,7.270596504,5.168681622,6.928867817,6.919858456,5.130219936,5.071470261,7.064198494,7.072602749",TLS.KakaoTalk,91.193,1,Acceptable,Chat,6,DPI,"5,6,7,8" 113,ip4,10.24.82.188,110.76.143.50,tcp,58857,9001,info,18,14,1430069164966834,1430069202329230,1430069203383368,0,0,794,852,2842,3488,0,183,2444481.5,21237091,5342425.0,28541506813952.0,2.9,"148041,148315,14374,196289,3692,185608,22217,228394,215698,291656,316833,4536377,4872620,301514,147949,147858,122284,336243,8596588,8810699,73731,557586,700867,602508,20472016,917846,21237091,519257,336,183,1054260",52,251.1,904,266.4,70953.5,4.3,"60,60,52,194,52,904,52,378,286,750,718,52,846,830,52,350,52,222,52,350,52,222,222,52,64,238,238,414,52,52,52,64","9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1","4.685176373,5.185489655,5.156889915,5.339006424,5.207143307,7.375075340,5.233812809,7.382006645,6.995015144,7.704098225,7.705970764,5.248330116,7.776240349,7.756853104,5.171406746,7.334384441,5.130220413,7.042468071,5.207143307,7.231501102,5.171406746,6.845736027,6.836727142,5.130220413,5.138105392,7.055267334,7.030057430,7.403200150,5.248330116,5.168681622,5.248330116,5.220060349",TLS.KakaoTalk,91.193,1,Acceptable,Chat,6,DPI,"5,6,7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,145,122774,146910,144494,20,6,14,0,4,9,11,5,0,5,0,73,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,9,5,4,2,0,0,0,0,0,0,0,2,0,0,0,5,0,0,0,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,8,6,0,0,0,0,20,0,0,15,5,0,0,20,11,9,0,0,0,0,0,0,7,2,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,145,122849,146910,144494,20,6,14,0,4,9,11,5,0,5,0,73,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,9,5,4,2,0,0,0,0,0,0,0,2,0,0,0,5,0,0,0,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,8,6,0,0,0,0,20,0,0,15,5,0,0,20,11,9,0,0,0,0,0,0,7,2,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/NTPv2.pcap.out b/test/results/flow-analyse/default/NTPv2.pcap.out index 36ed84e20..5eff20dd9 100644 --- a/test/results/flow-analyse/default/NTPv2.pcap.out +++ b/test/results/flow-analyse/default/NTPv2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,6030,368,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,6030,368,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/NTPv3.pcap.out b/test/results/flow-analyse/default/NTPv3.pcap.out index 57aaabf98..fc17266e5 100644 --- a/test/results/flow-analyse/default/NTPv3.pcap.out +++ b/test/results/flow-analyse/default/NTPv3.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5590,48,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5590,48,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/NTPv4.pcap.out b/test/results/flow-analyse/default/NTPv4.pcap.out index 57aaabf98..fc17266e5 100644 --- a/test/results/flow-analyse/default/NTPv4.pcap.out +++ b/test/results/flow-analyse/default/NTPv4.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5590,48,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5590,48,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/Oscar.pcap.out b/test/results/flow-analyse/default/Oscar.pcap.out index 9d85545c1..9a488891d 100644 --- a/test/results/flow-analyse/default/Oscar.pcap.out +++ b/test/results/flow-analyse/default/Oscar.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.30.29.3,178.237.24.249,tcp,63357,443,info,19,13,1434606464176482,1434606524600171,1434606524130160,0,0,315,1360,1138,3047,0,3,3883141.0,58215154,14267685.0,203566836875264.0,1.3,"28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580",40,172.5,1400,263.3,69345.6,4.0,"64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76","11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0","4.441382408,4.871388912,4.661769390,7.090702057,4.724371910,4.661769390,5.245636463,4.661769390,4.009517670,4.346171379,4.611769676,4.280395031,3.817430019,3.863874197,4.611769676,4.309496880,4.501398563,3.542632341,4.154665947,4.611769676,3.726292849,4.611769199,5.504406452,4.457919598,3.418277502,4.801239491,4.544876099,5.035846710,4.611769676,4.478143215,4.501398087,4.761171341",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10434,1504,3946,1,0,1,0,1,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10434,1504,3946,1,0,1,0,1,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/TivoDVR.pcap.out b/test/results/flow-analyse/default/TivoDVR.pcap.out index 3e47bfe2a..6a6c5a0d4 100644 --- a/test/results/flow-analyse/default/TivoDVR.pcap.out +++ b/test/results/flow-analyse/default/TivoDVR.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6703,334,0,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6703,334,0,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/WebattackRCE.pcap.out b/test/results/flow-analyse/default/WebattackRCE.pcap.out index ea96bb1d0..8c5f73f47 100644 --- a/test/results/flow-analyse/default/WebattackRCE.pcap.out +++ b/test/results/flow-analyse/default/WebattackRCE.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,3191,3398669,138401,0,797,0,797,0,0,0,797,0,0,797,0,797,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,797,0,0,797,0,0,0,0,0,0,0,0,0,0,0,0,797,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,797,0,0,0,0,0,778,797,62,4,0,0,0,797,0,0,797,0,0,0,797,797,0,0,0,0,0,2,0,797,0,0,0,0,0,62,777,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 +0,3191,3398669,138401,0,797,0,797,0,0,0,797,0,0,797,0,797,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,797,0,0,797,0,0,0,0,0,0,0,0,0,0,0,0,797,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,797,0,0,0,0,0,778,797,62,4,0,0,0,797,0,0,797,0,0,0,797,797,0,0,0,0,0,2,0,797,0,0,0,0,0,62,777,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/WebattackSQLinj.pcap.out b/test/results/flow-analyse/default/WebattackSQLinj.pcap.out index 875189352..c79abeacc 100644 --- a/test/results/flow-analyse/default/WebattackSQLinj.pcap.out +++ b/test/results/flow-analyse/default/WebattackSQLinj.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,75,66837,4839,18821,9,9,0,0,0,0,9,0,0,9,0,45,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,9,0,0,0,0,9,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,75,66837,4839,18821,9,9,0,0,0,0,9,0,0,9,0,45,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,9,0,0,0,0,9,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/WebattackXSS.pcap.out b/test/results/flow-analyse/default/WebattackXSS.pcap.out index ee8ac1e3a..d44daa12b 100644 --- a/test/results/flow-analyse/default/WebattackXSS.pcap.out +++ b/test/results/flow-analyse/default/WebattackXSS.pcap.out @@ -19,4 +19,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,172.16.0.1,192.168.10.50,tcp,34940,80,finished,21,11,1499348002450018,1499348012729966,1499348012487215,0,0,585,1868,4840,16321,0,168,655391.8,4897215,1186666.9,1408178323456.0,3.5,"168,874,4896388,4897215,3139,3939,250433,254530,4103,1006878,1011034,4128,267330,271177,3882,1007953,1011957,4030,246777,250412,3605,1038702,1042399,3673,241578,245223,3629,1046261,1049943,3750,242035",52,713.8,1920,751.0,564013.2,4.2,"60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.571673870,5.072907925,4.969671726,5.887361526,4.878231525,7.741217613,4.885738850,6.010152817,7.782044411,4.945419312,5.887085915,7.743456841,4.983880997,6.006285667,7.788482189,4.969364166,5.877018929,7.744219303,4.983880997,6.010739803,7.771894455,4.983880997,5.901759148,7.743703842,5.022342682,6.005155087,7.771924019,4.892440796,5.896227837,7.743970394,4.983880997,6.034862995",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" 1,ip4,172.16.0.1,192.168.10.50,tcp,35626,80,finished,21,11,1499348068136241,1499348078263151,1499348077222575,0,0,585,1868,4840,16415,0,124,619782.1,3953842,972474.7,945707024384.0,3.7,"124,706,3953188,3953842,3024,3763,1020630,1024309,3710,248238,252345,4156,1041683,1045979,4295,255096,258771,3649,1007135,1010804,3655,252666,256217,3575,1010481,1014239,3761,262869,266680,3784,1039870",52,716.7,1920,755.5,570797.2,4.2,"60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.605007172,5.106241703,4.969672203,6.010980606,4.854287148,7.776665688,4.983880997,5.869518280,7.738469601,5.022342682,6.005230904,7.777610302,5.022342682,5.854826927,7.740310192,5.022342682,6.000309944,7.769937992,5.022342682,5.859811783,7.741565704,4.983880997,6.018991470,7.775127888,4.983880997,5.899751663,7.740706921,4.945419312,6.032977104,7.768198013,4.945419312,5.894873619",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,5305,3644362,857367,3234521,661,657,4,0,19,639,22,0,0,22,0,3299,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,639,22,0,22,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,22,0,22,0,0,0,0,661,0,0,661,0,0,0,661,22,639,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,5305,3644362,857367,3234521,661,657,4,0,19,639,22,0,0,22,0,3299,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,639,22,0,22,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,22,0,22,0,0,0,0,661,0,0,661,0,0,0,661,22,639,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/activision.pcap.out b/test/results/flow-analyse/default/activision.pcap.out index e709ada32..d4254cf8e 100644 --- a/test/results/flow-analyse/default/activision.pcap.out +++ b/test/results/flow-analyse/default/activision.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,26909,620,764,4,0,4,1,0,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,38,26909,620,764,4,0,4,1,0,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/adult_content.pcap.out b/test/results/flow-analyse/default/adult_content.pcap.out index d8ed556d3..d3c939ab0 100644 --- a/test/results/flow-analyse/default/adult_content.pcap.out +++ b/test/results/flow-analyse/default/adult_content.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9775,3131,3791,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9842,3131,3791,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/afp.pcap.out b/test/results/flow-analyse/default/afp.pcap.out index f38e6aa51..cd9dc153c 100644 --- a/test/results/flow-analyse/default/afp.pcap.out +++ b/test/results/flow-analyse/default/afp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7846,44,118,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7846,44,118,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/agora-sd-rtn.pcap.out b/test/results/flow-analyse/default/agora-sd-rtn.pcap.out index 5de83a45b..0d40a8e30 100644 --- a/test/results/flow-analyse/default/agora-sd-rtn.pcap.out +++ b/test/results/flow-analyse/default/agora-sd-rtn.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,238,230328,54495,40944,26,0,26,23,0,0,26,0,0,0,0,130,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,26,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,26,0,0,26,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,238,230328,54495,40944,26,0,26,23,0,0,26,0,0,0,0,130,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,26,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,26,0,0,26,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ah.pcapng.out b/test/results/flow-analyse/default/ah.pcapng.out index 93f92d301..2fe7346ec 100644 --- a/test/results/flow-analyse/default/ah.pcapng.out +++ b/test/results/flow-analyse/default/ah.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,12635,790,742,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,12635,790,742,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ajp.pcap.out b/test/results/flow-analyse/default/ajp.pcap.out index f396740bb..61991c0d4 100644 --- a/test/results/flow-analyse/default/ajp.pcap.out +++ b/test/results/flow-analyse/default/ajp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,43,24475,2112,482,2,0,2,0,0,0,2,0,0,0,12,10,1,0,1,1,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,43,24475,2112,482,2,0,2,0,0,0,2,0,0,0,12,10,1,0,1,1,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/alexa-app.pcapng.out b/test/results/flow-analyse/default/alexa-app.pcapng.out index 43a3f00f4..d9ce53ca8 100644 --- a/test/results/flow-analyse/default/alexa-app.pcapng.out +++ b/test/results/flow-analyse/default/alexa-app.pcapng.out @@ -12,10 +12,10 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,172.16.42.216,54.239.29.253,tcp,40854,443,info,17,15,1490976107365814,1490976108753694,1490976108749413,0,0,1460,1460,5131,7946,0,38,89402.5,932653,197976.2,39194591232.0,3.0,"109911,111642,1568,102004,158,101584,303,1866,56194,150,87519,19070,7646,147913,304065,639361,932653,32742,136,49,686,68,38,318,579,110731,248,1820,214,123,120",40,450.1,1500,541.5,293230.8,4.0,"60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40","11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0","0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0","4.660013676,5.218094349,4.762815475,5.646678925,7.241643429,7.258272171,4.781687260,4.831686974,7.252469063,4.652828693,6.063538551,4.881687164,7.878282547,7.156798363,4.522393703,7.878647804,7.879301548,4.652828693,7.771139622,7.614057541,7.658779144,7.663974285,7.639388084,7.634205341,7.870131969,5.701726913,4.831686974,4.831687450,4.881687164,4.831686974,4.881687164,4.881687164",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" 1,ip4,172.16.42.216,52.94.232.134,tcp,45711,443,info,21,11,1490976088937719,1490976109911223,1490976110045165,0,0,1460,901,10414,1844,0,138,1357450.1,9247029,2197151.2,4827473510400.0,3.5,"992408,1100523,1068,243574,812,17238,3008616,6019841,9247029,138,67248,300,303,66691,669495,281,275185,528033,1079938,2835215,349963,114629,72089,219293,5051089,276,5193864,64990,174211,2275400,2411210",40,425.8,1500,556.2,309356.4,3.9,"60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46","9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0","7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1","4.705928802,4.705928802,5.160700798,5.077367783,4.881687164,4.881687164,5.840246201,5.847414970,5.847414970,6.003486633,5.947547913,4.693943024,4.831686974,6.024143219,4.609350204,7.869801998,7.823491096,7.871860504,7.870593548,7.871356964,4.565872192,7.822906017,4.609350204,7.791450024,4.681686878,7.872803211,6.941987991,4.652828693,7.739228249,4.881687164,4.931686878,4.544876575",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" 1,ip4,172.16.42.216,176.32.101.52,tcp,44001,443,info,17,15,1490976093358419,1490976114866501,1490976095732113,0,0,1460,1460,3149,4067,0,32,770379.9,19096185,3357549.8,11273140961280.0,1.4,"123577,127990,5388,470526,584,630,42,1232537,1463,5048,697,664,10016,973197,496,53,32,190922,73204,348,171867,142,116971,408177,413652,66693,140934,83299,138,166304,19096185",40,267.5,1500,412.9,170449.2,3.9,"60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342","7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0","4.739262104,5.134761333,4.812815189,5.509502888,4.565871716,7.166137695,7.318473339,7.577383041,5.500881672,5.500882149,4.831686974,4.881687164,4.734184265,6.340515137,4.501398087,4.501398087,4.835486889,5.641122818,4.831686974,7.860523701,7.242097378,4.462505341,6.761913776,6.045580387,7.062158108,7.012423515,6.904469013,4.522393703,4.565872192,7.040098190,4.831687450,7.286717415",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"15" -1,ip4,172.16.42.216,52.84.63.56,tcp,51986,80,finished,17,15,1490976134141916,1490976134949644,1490976134943908,0,0,547,1448,1641,15770,0,121,51926.5,295198,97638.1,9533208576.0,3.0,"57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334",52,597.0,1500,635.8,404189.9,4.1,"60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0","4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"35" +1,ip4,172.16.42.216,52.84.63.56,tcp,51986,80,finished,17,15,1490976134141916,1490976134949644,1490976134943908,0,0,547,1448,1641,15770,0,121,51926.5,295198,97638.1,9533208576.0,3.0,"57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334",52,597.0,1500,635.8,404189.9,4.1,"60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0","4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"" 1,ip4,172.16.42.216,54.239.29.253,tcp,40871,443,info,15,17,1490976136930982,1490976138976244,1490976139259019,0,0,1460,1460,6666,5757,0,24,141074.2,1107068,256640.3,65864265728.0,3.2,"111073,112352,831,179894,143,45,179940,2913,265,3255,516,135136,162,170164,502171,1107068,16816,231,180,41,28,24,706579,352,9657,355942,325,629177,147816,149,54",40,430.0,1500,555.4,308431.6,4.0,"60,48,40,283,46,125,93,40,40,99,1500,286,46,46,1500,1500,46,1500,121,1500,153,429,77,40,40,40,1500,318,46,1021,589,589","7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1","4.672595501,5.093094349,4.831687450,5.938469410,4.522393703,6.167151451,6.033568382,4.831686974,4.881687164,6.044344425,7.863042355,7.143759251,4.522394180,4.565872192,7.864801884,7.864607811,4.565872192,7.861513138,6.401272774,7.883206367,6.629675865,7.515489578,5.831597805,4.781687260,4.831687450,4.712815285,7.866571903,7.334980965,4.565871716,7.784813404,7.636542797,7.660583019",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" -1,ip4,172.16.42.216,52.84.63.56,tcp,51995,80,finished,15,17,1490976139643559,1490976140004854,1490976140002371,0,0,547,1448,1094,21002,0,45,23229.3,179149,43867.1,1924322304.0,3.1,"31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484",52,743.4,1500,681.3,464196.8,4.3,"60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0","4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"35" -1,ip4,172.16.42.216,52.84.63.56,tcp,51992,80,finished,16,16,1490976139642766,1490976140230625,1490976140359077,0,0,547,1448,1641,18414,0,97,42070.0,510931,110064.9,12114281472.0,2.5,"24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416",52,679.6,1500,671.9,451493.0,4.2,"60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1","4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"35" +1,ip4,172.16.42.216,52.84.63.56,tcp,51995,80,finished,15,17,1490976139643559,1490976140004854,1490976140002371,0,0,547,1448,1094,21002,0,45,23229.3,179149,43867.1,1924322304.0,3.1,"31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484",52,743.4,1500,681.3,464196.8,4.3,"60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0","4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"" +1,ip4,172.16.42.216,52.84.63.56,tcp,51992,80,finished,16,16,1490976139642766,1490976140230625,1490976140359077,0,0,547,1448,1641,18414,0,97,42070.0,510931,110064.9,12114281472.0,2.5,"24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416",52,679.6,1500,671.9,451493.0,4.2,"60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1","4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"" 1,ip4,172.16.42.216,52.85.209.197,tcp,55242,443,info,15,17,1490976029248822,1490976030758212,1490976150757970,0,0,1448,1448,5474,6814,0,33,3968339.8,120002762,21185284.0,448816230694912.0,0.3,"77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69",52,436.5,1500,570.0,324877.8,3.9,"60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52","9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0","7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1","4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"15" 1,ip4,172.16.42.216,54.239.28.178,tcp,50799,443,info,18,14,1490976177276176,1490976187574979,1490976187571653,0,0,1460,1460,8229,4012,0,112,664331.6,8001087,1905246.8,3629965115392.0,2.5,"133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048",40,424.7,1500,584.7,341856.6,3.8,"60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40","9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0","4.739262104,5.176427841,4.831687450,5.587803364,6.784171104,7.276063442,7.379589558,4.681686878,4.831686974,4.881687164,7.374952793,4.565872192,6.002931595,7.862873554,6.853326321,4.609350204,7.863068104,6.002931595,4.831687450,7.863775730,4.652828693,7.736141205,4.831687450,7.863870144,7.273199081,4.501398087,4.781687260,4.544876099,7.864799976,4.565871716,4.609350204,4.881687164",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" 1,ip4,172.16.42.216,52.85.209.143,tcp,41828,443,info,15,17,1490976195529965,1490976195874449,1490976195873685,0,0,1448,1448,4065,11044,0,49,22200.1,105973,31062.3,964868608.0,3.6,"42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893",52,525.8,1500,600.4,360465.6,4.1,"60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52","9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0","4.672595501,5.194312096,4.986606121,5.562634945,5.014835358,6.943727970,7.231536865,7.504313469,7.550236702,5.056022167,4.926120281,5.003043652,4.940637589,6.271958828,7.856376171,7.737624168,5.206705093,6.298671246,7.856991291,5.133970261,7.098200321,5.000318050,4.979098797,7.871394634,7.857693672,7.882867336,7.672193050,7.592197895,6.342199802,4.986606121,6.480828762,4.846472263",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"" @@ -23,4 +23,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,172.16.42.216,52.84.62.115,tcp,41914,443,info,18,14,1490976195985305,1490976196879161,1490976196866304,0,0,1285,1448,5470,9856,0,50,57253.4,264056,85984.0,7393244160.0,3.6,"22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142",52,532.2,1500,595.2,354289.1,4.1,"60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52","12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0","2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0","4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"" 1,ip4,172.16.42.216,54.239.23.94,tcp,44912,443,info,18,14,1490976186884448,1490976195471370,1490976197346218,0,0,1460,1460,10437,5046,0,32,614473.9,7470598,1477715.5,2183643136000.0,2.8,"168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122",40,526.2,1500,637.5,406420.1,3.9,"60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46","8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1","4.626680374,5.134761333,4.831686974,5.716956139,4.609350204,4.505982876,7.141723156,7.316176414,4.831687450,4.812815189,7.392494678,7.608505726,4.881687164,4.831687450,6.348018646,7.864303589,7.858262062,7.260771751,4.390829086,4.347350597,5.864610672,4.390829086,4.684184074,7.859017372,7.859235764,7.859332085,7.859507561,4.784183979,4.347350597,7.859881401,4.457920074,4.501398087",TLS.AmazonAWS,91.265,1,Acceptable,Cloud,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1415,1290165,399153,588052,160,104,56,77,23,14,146,143,0,74,5,679,1,0,1,1,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,82,78,8,138,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0,0,0,0,14,39,0,0,0,0,1,0,0,0,0,0,2,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,146,0,0,0,0,0,38,5,59,0,0,0,0,156,4,0,121,33,1,5,160,146,14,0,0,0,0,0,0,2,0,8,51,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,1415,1279370,399153,588052,160,104,56,77,23,14,146,143,0,62,5,679,1,0,1,1,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,82,78,8,138,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0,0,0,0,14,39,0,0,0,0,1,0,0,0,0,0,2,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,146,0,0,0,0,0,26,5,59,0,0,0,0,156,4,0,121,33,1,5,160,146,14,0,0,0,0,0,0,2,0,8,51,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/alicloud.pcap.out b/test/results/flow-analyse/default/alicloud.pcap.out index bb0d63190..01046c2c1 100644 --- a/test/results/flow-analyse/default/alicloud.pcap.out +++ b/test/results/flow-analyse/default/alicloud.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,135,95393,5696,2176,15,0,15,0,0,0,15,0,0,0,0,75,1,0,1,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,15,0,0,0,15,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,135,95393,5696,2176,15,0,15,0,0,0,15,0,0,0,0,75,1,0,1,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,15,0,0,0,15,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/among_us.pcap.out b/test/results/flow-analyse/default/among_us.pcap.out index 1a71c3047..393c50f7d 100644 --- a/test/results/flow-analyse/default/among_us.pcap.out +++ b/test/results/flow-analyse/default/among_us.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5514,15,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5514,15,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/amqp.pcap.out b/test/results/flow-analyse/default/amqp.pcap.out index 584017f98..003c0a2cd 100644 --- a/test/results/flow-analyse/default/amqp.pcap.out +++ b/test/results/flow-analyse/default/amqp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,127.0.0.1,127.0.1.1,tcp,44205,5672,finished,16,16,1490904166118902,1490904169595775,1490904169595788,37,0,329,0,2113,0,1,31,224314.8,2001684,536643.9,287986745344.0,2.4,"31,198,177,103,103,2001663,2001684,188,167,98,97,1032593,1032598,113,109,94,93,11037,11041,111,108,94,93,17674,17676,105,104,99,99,412703,412706",52,118.0,381,99.5,9895.7,4.6,"93,52,148,52,355,52,93,52,148,52,355,52,90,52,148,52,381,52,89,52,148,52,257,52,91,52,148,52,311,52,90,52","0,6,0,5,0,0,1,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.892737865,4.569115162,5.131951332,4.569115162,5.420554638,4.569115162,4.937272072,4.569115162,5.150565624,4.569115162,5.432780266,4.569115162,4.933847904,4.569115162,5.110024929,4.516136646,5.444756508,4.569115162,4.894715786,4.569115162,5.123056412,4.569115162,5.521058559,4.530653477,4.818450451,4.530653477,5.131469727,4.569115162,5.487017632,4.569115162,4.933847904,4.569115162",AMQP,192,0,Acceptable,RPC,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,23655,12849,105,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,28,23655,12849,105,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/android.pcap.out b/test/results/flow-analyse/default/android.pcap.out index be94aa106..d97882923 100644 --- a/test/results/flow-analyse/default/android.pcap.out +++ b/test/results/flow-analyse/default/android.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.16,216.239.38.120,tcp,32996,443,info,17,15,1582454871152402,1582454871906464,1582454871901421,0,0,512,1418,819,10828,0,3,48486.5,404574,104241.1,10866214912.0,3.0,"13673,15022,32725,47474,16568,3,34518,282,386517,404574,19668,197623,221096,19209,15019,27735,41804,1657,22,36,1002,1575,133,18,9,1204,14,1169,2703,19,10",52,416.5,1470,552.7,305506.2,3.9,"60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52","13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0","0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0","4.671797276,5.277319908,5.092563152,5.518131256,5.077241421,7.236341000,7.433474064,5.131024837,5.131024837,6.086913109,7.119209766,4.962661266,7.515064716,4.947339535,5.439514160,5.038779736,7.633175850,5.015639782,7.866302967,7.846067905,7.867026806,7.835390091,5.092563152,7.847195148,7.413039684,5.580356598,5.054101467,5.092563152,5.054101467,5.092563152,5.015639782,4.977178097",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,436,378966,25482,76498,63,9,54,3,1,3,60,44,0,9,0,196,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,41,10,36,14,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,1,30,0,0,0,3,3,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,15,0,0,0,0,0,0,58,5,0,28,31,0,4,63,60,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,436,376907,25482,76498,63,9,54,3,1,3,60,44,0,7,0,196,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,41,10,36,14,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,1,30,0,0,0,3,3,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,13,0,0,0,0,0,0,58,5,0,28,31,0,4,63,60,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/anyconnect-vpn.pcap.out b/test/results/flow-analyse/default/anyconnect-vpn.pcap.out index c479c261f..d92d5972e 100644 --- a/test/results/flow-analyse/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-analyse/default/anyconnect-vpn.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.0.227,8.37.96.194,tcp,56921,4287,info,16,16,1569687260591875,1569687261807505,1569687261836138,0,0,1195,1368,2943,4489,0,272,79351.4,384774,121592.3,14784686080.0,3.7,"28537,28596,272,35158,11581,46466,4231,33144,2963,31899,1468,30539,1730,30777,254948,281121,5133,31326,314965,342213,26303,53543,25788,25778,4801,30501,2712,28408,358152,384774,2066",52,285.0,1420,416.2,173206.9,3.9,"64,64,52,200,52,1360,52,1247,52,103,52,496,52,463,52,363,52,167,52,777,52,1420,52,1160,52,114,52,122,52,110,52,110","9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1","4.328511238,5.005488396,4.776612282,5.402243614,5.091758728,7.442438602,4.882569313,7.578964233,4.916693211,5.863890648,4.829590321,7.531296730,4.969671726,7.509452820,4.882569313,7.315038681,4.993616581,6.548084259,4.959492683,7.706759453,5.014835358,7.870440960,4.921030998,7.786418438,4.882569313,6.148206234,5.014835358,6.198904037,4.921030998,6.028552055,5.091758728,6.119950771",TLS,91,1,Safe,Web,6,DPI,"5,6,15,24" 1,ip4,10.0.0.227,8.37.102.91,tcp,56929,443,info,15,17,1569687267035097,1569687267393587,1569687267393508,0,0,965,1448,1471,13402,0,0,23125.8,138032,32185.7,1035917504.0,3.6,"42362,42438,1999,46916,1210,46124,40336,4,40344,1,37231,6,37243,1,97159,138032,40854,1159,43270,9027,4,1,1,0,9,1,1,51168,0,0,0",52,517.3,1500,619.3,383541.0,4.0,"64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52","12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0","4.215306282,4.950672150,4.700937271,5.452831745,4.700937271,7.337546349,4.738150120,7.112461567,7.211231709,4.791128635,4.791128635,7.407482147,5.922111034,4.791128635,4.829590321,7.350569248,6.160544395,4.791128635,7.794639587,4.868052006,7.862796307,6.916011810,7.871273518,6.899218082,7.872875214,6.733156681,7.846444607,6.809710979,4.829590321,4.767184258,4.829590321,4.829590321",TLS,91,1,Safe,Web,6,DPI,"8,15,24" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,457,389391,38688,56727,69,10,59,3,3,6,61,34,2,17,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,53,13,48,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,35,1,0,0,10,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,13,14,5,0,0,0,0,66,3,0,22,37,2,8,69,61,6,2,0,0,0,0,0,6,1,2,6,0,0,0,2,0,0,5,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,6,0,0,0,0 +0,457,388858,38688,56727,69,10,59,3,3,6,61,34,2,17,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,53,13,48,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,35,1,0,0,10,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,13,14,5,0,0,0,0,66,3,0,22,37,2,8,69,61,6,2,0,0,0,0,0,6,1,2,6,0,0,0,2,0,0,5,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,6,0,0,0,0 diff --git a/test/results/flow-analyse/default/anydesk.pcapng.out b/test/results/flow-analyse/default/anydesk.pcapng.out index 6a9f4ee2c..bbc77e337 100644 --- a/test/results/flow-analyse/default/anydesk.pcapng.out +++ b/test/results/flow-analyse/default/anydesk.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.187,192.168.1.178,tcp,54164,7070,info,14,18,1613977595379986,1613977601740964,1613977601737415,0,0,3926,1460,5712,2727,0,0,410271.2,3021750,825943.1,682181918720.0,2.9,"491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006",40,306.3,3966,747.4,558552.1,3.1,"52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116","6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1","11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0","4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"5,15,24,30" 1,ip4,192.168.1.128,195.181.174.176,tcp,48260,443,info,16,16,1663090549161771,1663090558034917,1663090558365585,0,0,1448,1448,5817,3029,0,4,583127.8,8444631,2063627.1,4258557067264.0,1.5,"17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993",52,328.9,1500,495.5,245485.5,3.8,"60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145","8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0","7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1","4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"24,30,31" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,66,66748,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,66,66338,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/atg.pcap.out b/test/results/flow-analyse/default/atg.pcap.out index 39b991ec8..af448328a 100644 --- a/test/results/flow-analyse/default/atg.pcap.out +++ b/test/results/flow-analyse/default/atg.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,13242,146,768,2,1,1,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,13242,146,768,2,1,1,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/avast.pcap.out b/test/results/flow-analyse/default/avast.pcap.out index 99d582947..0abeafd81 100644 --- a/test/results/flow-analyse/default/avast.pcap.out +++ b/test/results/flow-analyse/default/avast.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,101,72686,1031,246,10,2,8,0,0,0,10,0,0,0,0,50,1,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,101,72686,1031,246,10,2,8,0,0,0,10,0,0,0,0,50,1,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/avast_securedns.pcapng.out b/test/results/flow-analyse/default/avast_securedns.pcapng.out index 648eade0e..45a5d9800 100644 --- a/test/results/flow-analyse/default/avast_securedns.pcapng.out +++ b/test/results/flow-analyse/default/avast_securedns.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,218,180790,1521,6688,39,0,39,9,0,0,39,0,0,0,0,77,1,0,1,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,39,0,0,39,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,218,180790,1521,6688,39,0,39,9,0,0,39,0,0,0,0,77,1,0,1,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,39,0,0,39,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bacnet.pcap.out b/test/results/flow-analyse/default/bacnet.pcap.out index 9460e2687..77880cc34 100644 --- a/test/results/flow-analyse/default/bacnet.pcap.out +++ b/test/results/flow-analyse/default/bacnet.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,57,46078,398,0,10,0,10,5,0,0,10,0,0,0,0,14,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,57,46078,398,0,10,0,10,5,0,0,10,0,0,0,0,14,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bad-dns-traffic.pcap.out b/test/results/flow-analyse/default/bad-dns-traffic.pcap.out index 551be50da..5cd5e8826 100644 --- a/test/results/flow-analyse/default/bad-dns-traffic.pcap.out +++ b/test/results/flow-analyse/default/bad-dns-traffic.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.43.91,4.2.2.4,udp,56354,53,finished,19,13,1486012635073060,1486012651592518,1486012651846910,53,0,248,281,1392,1397,0,63089,1073977.6,4101854,689094.3,474850951168.0,4.7,"1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851",81,115.2,309,50.6,2560.6,4.9,"119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309","0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1","4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755",DNS,5,0,Acceptable,Network,6,DPI,"16,23,27" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,39,42401,44399,38931,3,0,3,3,1,0,3,8,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,6,6,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,39,42401,44399,38931,3,0,3,3,1,0,3,8,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,6,6,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/badpackets.pcap.out b/test/results/flow-analyse/default/badpackets.pcap.out index 4270d3585..36231bcb9 100644 --- a/test/results/flow-analyse/default/badpackets.pcap.out +++ b/test/results/flow-analyse/default/badpackets.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,194,128098,0,0,0,0,0,0,0,0,0,0,0,0,95,0,1,0,1,2,0,0,0,0,0,0,0,0,89,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,194,128098,0,0,0,0,0,0,0,0,0,0,0,0,95,0,1,0,1,2,0,0,0,0,0,0,0,0,89,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/beckhoff_ads.pcapng.out b/test/results/flow-analyse/default/beckhoff_ads.pcapng.out index 45956e7b7..2afbac3ab 100644 --- a/test/results/flow-analyse/default/beckhoff_ads.pcapng.out +++ b/test/results/flow-analyse/default/beckhoff_ads.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.99,192.168.1.8,tcp,49201,48898,finished,17,15,1464342183296235,1464342209208136,1464342209208822,0,0,96,278,1036,880,0,347,1671757.6,25812409,6313651.0,39862191259648.0,1.1,"347,423,388,1169,198854,25613267,25812409,3967,3716,23996,23596,50986,50986,3994,4006,2129,2480,1881,1867,1982,1982,1999,1993,2000,1998,2015,2016,2024,2026,1996,1996",40,100.4,318,47.8,2284.8,4.9,"48,48,40,78,86,40,90,90,90,318,118,86,78,86,82,82,118,86,136,87,133,86,134,87,135,86,134,87,136,87,134,86","3,5,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,13,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.102187157,4.537780762,4.334184647,4.058208466,4.054616928,4.453056335,3.858134031,3.871968746,3.874475002,3.622990608,3.363279343,3.975625038,4.113958359,4.077686787,3.958570004,4.088738441,3.346330643,4.026189327,4.928956985,4.066451550,4.906247616,4.092061996,4.933094978,4.057775021,4.965210915,4.115317822,4.918169498,4.066451550,4.982229233,4.089439869,4.933094501,4.147351265",BeckhoffADS,365,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10136,1376,1934,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10136,1376,1934,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bets.pcapng.out b/test/results/flow-analyse/default/bets.pcapng.out index 6dd786c39..76f82d44f 100644 --- a/test/results/flow-analyse/default/bets.pcapng.out +++ b/test/results/flow-analyse/default/bets.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 12,ip4,192.168.10.2,13.224.103.22,tcp,60099,443,info,16,16,1693252376328241,1693252376473051,1693252376516940,0,0,328,1368,573,6919,0,1,10758.4,46532,18210.4,331618016.0,3.2,"45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747",52,286.8,1420,477.2,227739.3,3.6,"64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52","12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1","4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11970,573,6919,1,1,0,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11888,573,6919,1,1,0,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bfcp.pcapng.out b/test/results/flow-analyse/default/bfcp.pcapng.out index dbf6fe2cf..ea9342790 100644 --- a/test/results/flow-analyse/default/bfcp.pcapng.out +++ b/test/results/flow-analyse/default/bfcp.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,12364,24,24,2,1,1,0,0,0,2,0,0,0,0,7,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,17,12364,24,24,2,1,1,0,0,0,2,0,0,0,0,7,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bfd.pcap.out b/test/results/flow-analyse/default/bfd.pcap.out index fabcde757..605a5ff59 100644 --- a/test/results/flow-analyse/default/bfd.pcap.out +++ b/test/results/flow-analyse/default/bfd.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,26,19276,192,0,4,0,4,0,0,0,4,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,26,19276,192,0,4,0,4,0,0,0,4,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bitcoin.pcap.out b/test/results/flow-analyse/default/bitcoin.pcap.out index a81a143b3..c6a029213 100644 --- a/test/results/flow-analyse/default/bitcoin.pcap.out +++ b/test/results/flow-analyse/default/bitcoin.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.142,66.68.83.22,tcp,55383,8333,finished,9,23,1301328472925065,1301328607711436,1301328616076718,44,0,1448,1448,9102,23653,1,11,8965742.0,134322478,25481870.0,649325705166848.0,2.2,"62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753",72,1075.6,1500,630.5,397582.1,4.7,"157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0","0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.314049721,4.516415119,5.159438610,5.621953964,5.629888535,5.436272144,5.232412338,5.492824554,5.047397614,6.620144367,6.645269394,6.641551971,6.624248028,6.652445793,6.650110245,6.173855782,3.519509792,3.418695927,3.522331953,3.473526716,3.458976030,3.461488724,3.521340132,3.498308420,3.439558506,3.445366859,3.488321781,3.470211506,3.484444618,3.500530481,3.521874428,3.458418369",BITCOIN,343,0,Acceptable,Crypto_Currency,6,DPI,"" 1,ip4,192.168.1.142,195.218.16.178,tcp,55400,8333,finished,6,26,1301328699728375,1301328741904043,1301328743741542,44,0,1448,1448,5826,27918,1,34,2780285.0,41186439,7975567.0,63609669419008.0,2.2,"128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074",72,1106.5,1500,621.5,386298.0,4.7,"157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0","1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0","0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.383668423,4.444240093,4.982605934,4.668665886,4.713104248,4.762123585,4.780815601,5.560832977,4.996669769,6.587570190,6.648486137,6.600738525,6.599431038,3.406774759,3.373550653,3.345058441,3.338595867,3.355129480,3.392081499,3.337737560,3.285459280,3.329736471,3.341146708,3.315114975,3.270951748,3.318075180,3.308751106,3.279112339,3.298598528,3.384484768,3.426392555,3.339625120",BITCOIN,343,0,Acceptable,Crypto_Currency,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,57,51048,112000,279630,6,0,6,0,3,0,6,0,0,0,0,30,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,57,51048,112000,279630,6,0,6,0,3,0,6,0,0,0,0,30,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bittorrent.pcap.out b/test/results/flow-analyse/default/bittorrent.pcap.out index 41ac01734..a4cdf9b48 100644 --- a/test/results/flow-analyse/default/bittorrent.pcap.out +++ b/test/results/flow-analyse/default/bittorrent.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.3,198.100.146.9,tcp,52915,60163,finished,12,20,1455469976336620,1455469980135637,1455469980194523,17,0,176,1440,904,20536,1,12043,246997.4,919975,228791.8,52345696256.0,4.4,"176832,184047,360999,337345,477634,919975,779765,619481,619422,156869,158080,151021,161242,12043,185627,163549,148908,165750,153542,19235,148725,12813,146117,495893,130312,32142,133808,27318,421482,129521,27423",66,722.4,1492,635.2,403438.9,4.4,"120,132,611,228,66,176,90,86,1492,69,1166,69,609,81,69,389,69,188,609,1492,1492,1492,1492,1492,188,1492,1492,1492,1492,197,1492,1492","5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1","6.014183998,6.126387119,4.946569443,5.524954319,4.794059277,3.940484047,5.368589878,4.276479721,7.786795139,4.471814156,7.741641998,4.592490196,7.566695690,4.716621876,4.551665783,7.390619278,4.569711208,2.883123636,7.557919025,4.866727352,7.736888409,7.724407196,7.768088341,7.796109200,3.117206812,7.722576141,7.763302326,7.809885979,7.808127880,3.077500105,7.837090492,7.871365547",BitTorrent,37,0,Acceptable,Download,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,164,149444,6341,279641,24,11,13,0,1,0,24,0,0,22,0,88,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,22,0,0,0,0,0,24,0,0,24,0,0,0,24,24,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,164,149444,6341,279641,24,11,13,0,1,0,24,0,0,22,0,88,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,22,0,0,0,0,0,24,0,0,24,0,0,0,24,24,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bittorrent_tcp_miss.pcapng.out b/test/results/flow-analyse/default/bittorrent_tcp_miss.pcapng.out index a8e8cbd64..83ea2b929 100644 --- a/test/results/flow-analyse/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/flow-analyse/default/bittorrent_tcp_miss.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.122.34,178.71.206.1,tcp,48987,6881,finished,12,20,1673446123917965,1673446124132868,1673446124132335,0,0,471,1440,1025,22693,0,8,13847.5,64959,17166.0,294672928.0,3.8,"18673,26924,29858,64959,29324,33873,54911,20576,19623,21996,21047,6908,279,229,213,159,199,287,569,92,484,33856,18,24514,384,131,356,353,18454,16,8",40,782.2,1480,666.4,444053.7,4.4,"60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40","8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0","4.679967880,5.131024837,4.765311718,7.106909752,7.520512581,4.903055668,7.548049450,7.183899879,6.238460064,5.624160767,5.095487118,4.067485332,7.834874630,7.871198177,7.882282257,7.884436607,7.876652241,7.857866764,7.878300190,7.864074230,7.855942726,7.876870155,4.853056431,4.803055763,7.863341808,7.865004539,7.869568825,7.874233246,7.854714394,4.853055954,4.903056145,4.853055954",BitTorrent,37,0,Acceptable,Download,5,DPI (cache),"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,11473,1093,90373,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,11473,1093,90373,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bittorrent_utp.pcap.out b/test/results/flow-analyse/default/bittorrent_utp.pcap.out index ac382957a..44cc00b34 100644 --- a/test/results/flow-analyse/default/bittorrent_utp.pcap.out +++ b/test/results/flow-analyse/default/bittorrent_utp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,82.243.113.43,192.168.1.5,udp,64969,40959,finished,18,14,1456385034843882,1456385041276103,1456385041181191,20,0,1472,477,14142,872,0,959,411920.3,5430275,1202360.0,1445669502976.0,2.4,"4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540",48,497.2,1500,600.8,360942.7,4.0,"132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037","3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0","11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0","5.803075790,5.866444111,4.474482536,4.231768131,4.447527885,5.267382622,4.667174816,5.259760857,3.872052193,5.423846722,5.259760857,4.750508785,5.806200504,7.847329140,4.531593323,7.839333057,4.619647026,7.837954521,4.582609653,7.820847988,4.619647026,4.109564304,7.831181049,4.693720818,7.634190559,4.693720818,7.787273407,4.892893314,4.750508785,7.761264801,7.781966686,7.702743530",BitTorrent,37,0,Acceptable,Download,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,20051,34748,3258,2,0,2,0,1,0,2,2,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,23,20051,34748,3258,2,0,2,0,1,0,2,2,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bjnp.pcap.out b/test/results/flow-analyse/default/bjnp.pcap.out index 0fa892026..67ac1a97f 100644 --- a/test/results/flow-analyse/default/bjnp.pcap.out +++ b/test/results/flow-analyse/default/bjnp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,43,34460,160,0,10,0,10,0,0,0,10,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,43,34460,160,0,10,0,10,0,0,0,10,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bot.pcap.out b/test/results/flow-analyse/default/bot.pcap.out index 49cf9abb6..1e4286427 100644 --- a/test/results/flow-analyse/default/bot.pcap.out +++ b/test/results/flow-analyse/default/bot.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,40.77.167.36,89.31.72.220,tcp,64768,80,finished,7,25,1645108240233170,1645108240455112,1645108240455337,0,0,316,1440,316,33120,0,4,14326.1,114244,36180.2,1309009792.0,2.2,"409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465",46,1086.5,1480,631.2,398369.0,4.6,"48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480","6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1","4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334",HTTP,7,0,Acceptable,Web,6,DPI,"44" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,11102,316,406780,1,1,0,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,11102,316,406780,1,1,0,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bt-dns.pcap.out b/test/results/flow-analyse/default/bt-dns.pcap.out index 30fd4ab27..238efc05b 100644 --- a/test/results/flow-analyse/default/bt-dns.pcap.out +++ b/test/results/flow-analyse/default/bt-dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6406,30,46,1,0,1,0,0,0,1,1,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6406,30,46,1,0,1,0,0,0,1,1,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bt-http.pcapng.out b/test/results/flow-analyse/default/bt-http.pcapng.out index d8b104a00..4c8f7945c 100644 --- a/test/results/flow-analyse/default/bt-http.pcapng.out +++ b/test/results/flow-analyse/default/bt-http.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9411,370,340,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9181,370,340,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/bt_search.pcap.out b/test/results/flow-analyse/default/bt_search.pcap.out index a2c9652ea..1088bd685 100644 --- a/test/results/flow-analyse/default/bt_search.pcap.out +++ b/test/results/flow-analyse/default/bt_search.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6433,238,0,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6433,238,0,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/c1222.pcapng.out b/test/results/flow-analyse/default/c1222.pcapng.out index 2eff08057..ae53aae2c 100644 --- a/test/results/flow-analyse/default/c1222.pcapng.out +++ b/test/results/flow-analyse/default/c1222.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,10369,244,111,2,0,2,0,0,0,2,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,10369,244,111,2,0,2,0,0,0,2,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/cachefly.pcapng.out b/test/results/flow-analyse/default/cachefly.pcapng.out index 9282b26ae..b3ade2c74 100644 --- a/test/results/flow-analyse/default/cachefly.pcapng.out +++ b/test/results/flow-analyse/default/cachefly.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,18503,5242,517,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,18380,5242,517,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/can.pcap.out b/test/results/flow-analyse/default/can.pcap.out index a123bbe48..7e0f39852 100644 --- a/test/results/flow-analyse/default/can.pcap.out +++ b/test/results/flow-analyse/default/can.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,36,29674,360,0,8,0,8,1,0,0,8,0,0,0,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,36,29674,360,0,8,0,8,1,0,0,8,0,0,0,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/capwap.pcap.out b/test/results/flow-analyse/default/capwap.pcap.out index 9a2597a6f..eb614128e 100644 --- a/test/results/flow-analyse/default/capwap.pcap.out +++ b/test/results/flow-analyse/default/capwap.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.10.9,192.168.10.10,udp,5246,12380,finished,17,15,1422329005767224,1422329016659899,1422329016659404,64,0,1457,1457,8579,6468,0,0,702737.3,10093423,2455548.8,6029719371776.0,1.6,"760,9998434,10093423,96372,2625,2,127,182379,1,0,0,94,314122,135275,2746,249,111759,1,157255,1,325739,280124,1,39490,1,39481,264,2133,995,502,500",92,498.2,1485,485.4,235625.0,4.4,"142,142,101,92,133,576,576,346,576,576,165,315,406,123,1485,1485,1485,1437,1021,1437,461,141,109,125,141,125,109,877,141,109,125,861","0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0","0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0","3.893290997,3.893290997,4.830492973,4.615938187,5.436969757,6.642759323,6.913249969,6.397701263,6.902666569,6.846169949,6.368118286,7.090667248,7.118800163,5.456940651,7.874491215,7.866423607,7.870229721,7.867388248,7.782578468,7.843720436,7.507147312,6.314983845,5.763504982,6.039584160,6.280849457,6.035200119,5.804700375,7.759332657,6.342943668,5.774928570,6.117315292,7.735942364",CAPWAP,247,0,Acceptable,Network,6,DPI,"" 1,ip4,192.168.10.10,192.168.10.9,udp,12380,5247,finished,32,0,1422329017533285,1422329049032294,1422329017533285,80,0,283,0,4909,0,0,499857,1016097.1,3999845,875106.2,765810835456.0,4.6,"499983,500014,499872,2999961,499995,500031,499980,499982,499890,499986,499975,499998,499999,999998,999993,500014,2999827,1000005,999991,500032,1999814,500016,499990,999989,500017,1499983,499857,1999983,999996,999993,3999845",108,181.4,311,58.4,3415.7,4.9,"108,195,282,137,224,137,108,195,311,137,108,108,137,282,137,195,195,282,137,195,108,253,166,195,195,195,253,137,108,195,224,166","0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.322847843,4.775271893,5.243394375,4.682712078,4.886671543,4.761803627,4.409015179,4.971165657,5.125069618,4.609245777,4.380640507,4.355712414,4.823248386,4.982461452,4.627756596,4.929459095,4.873090267,5.032708645,4.636066914,4.873720646,4.399159431,4.936395168,4.818520069,5.070401192,4.945625305,4.792158127,4.963052750,4.698768139,4.306179047,4.887980938,4.937054634,4.651456833",CAPWAP,247,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,70,56795,48656,33179,5,0,5,15,2,0,5,0,0,0,9,17,1,0,1,1,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,70,56795,48656,33179,5,0,5,15,2,0,5,0,0,0,9,17,1,0,1,1,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/capwap_data.pcapng.out b/test/results/flow-analyse/default/capwap_data.pcapng.out index f4aa34301..96a902b23 100644 --- a/test/results/flow-analyse/default/capwap_data.pcapng.out +++ b/test/results/flow-analyse/default/capwap_data.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,31,14546,0,0,0,0,0,0,0,0,0,0,0,0,14,0,1,0,1,1,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,31,14546,0,0,0,0,0,0,0,0,0,0,0,0,14,0,1,0,1,1,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/cassandra.pcap.out b/test/results/flow-analyse/default/cassandra.pcap.out index 9130a1949..a8f78ad1b 100644 --- a/test/results/flow-analyse/default/cassandra.pcap.out +++ b/test/results/flow-analyse/default/cassandra.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,26,18299,160,172,3,0,3,0,0,0,3,0,0,0,0,14,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,26,18299,160,172,3,0,3,0,0,0,3,0,0,0,0,14,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ceph.pcap.out b/test/results/flow-analyse/default/ceph.pcap.out index 793dd8358..826043309 100644 --- a/test/results/flow-analyse/default/ceph.pcap.out +++ b/test/results/flow-analyse/default/ceph.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.0.3.249,10.0.3.67,tcp,35556,6789,finished,16,16,1444254926293773,1444254926296112,1444254926296142,0,0,279,3467,1115,6094,0,8,151.9,411,119.2,14214.2,4.5,"53,81,240,253,16,84,8,105,31,134,52,139,36,95,126,151,45,237,411,352,352,337,227,33,140,286,44,383,70,131,56",52,277.8,3519,606.3,367642.9,3.6,"60,60,52,61,52,61,52,324,188,85,52,78,61,187,61,675,52,160,207,342,331,529,159,675,147,52,187,169,52,3519,52,147","8,1,0,2,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,2,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,1,1,0,1","4.415062904,4.780834198,4.585552692,5.013127804,4.686420441,5.066326618,4.686420441,1.480767250,2.119496346,3.943692684,4.686420441,4.274820805,4.955590725,3.217613459,4.955590248,2.337368011,4.647958755,3.441700935,3.464580774,5.300559044,5.232830048,6.238731384,3.562841177,2.348599672,3.969928980,4.685171604,3.406629562,3.573093653,4.685171604,2.285975933,4.633441925,3.913353920",Ceph,381,0,Acceptable,DataTransfer,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9878,1151,9638,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9878,1151,9638,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/check_mk_new.pcap.out b/test/results/flow-analyse/default/check_mk_new.pcap.out index f3159f4d2..d64a95bbc 100644 --- a/test/results/flow-analyse/default/check_mk_new.pcap.out +++ b/test/results/flow-analyse/default/check_mk_new.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.100.22,192.168.100.50,tcp,58998,6556,finished,16,16,1512031663734797,1512031663748376,1512031663748413,0,0,0,502,0,1376,0,27,877.3,2128,812.2,659616.6,4.3,"27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119",52,95.5,554,116.8,13650.4,4.4,"60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.777318954,5.266787052,5.116507530,5.382888317,4.972088814,5.429334641,5.063528538,5.369284153,5.025067329,5.119153976,5.025067329,5.200747967,5.025067329,3.834031105,5.063528538,5.200747967,4.972088814,5.439786434,5.116507530,4.356705666,5.078045845,5.383426666,5.078045845,5.414306641,5.078045845,5.456064701,5.116507530,5.341373920,5.010550022,5.388670444,5.116507530,5.245910168",CHECKMK,138,0,Acceptable,DataTransfer,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10032,0,13758,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10032,0,13758,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/chrome.pcap.out b/test/results/flow-analyse/default/chrome.pcap.out index a0716e7f6..913ba357b 100644 --- a/test/results/flow-analyse/default/chrome.pcap.out +++ b/test/results/flow-analyse/default/chrome.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,57,49670,8227,51402,6,0,6,0,0,0,6,6,0,0,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,57,49178,8227,51402,6,0,6,0,0,0,6,6,0,0,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/cip_io.pcap.out b/test/results/flow-analyse/default/cip_io.pcap.out index 0b2bb6530..5547df305 100644 --- a/test/results/flow-analyse/default/cip_io.pcap.out +++ b/test/results/flow-analyse/default/cip_io.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,7282,60,68,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,7282,60,68,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/citrix.pcap.out b/test/results/flow-analyse/default/citrix.pcap.out index 61f7a9059..4461cd998 100644 --- a/test/results/flow-analyse/default/citrix.pcap.out +++ b/test/results/flow-analyse/default/citrix.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,21.0.0.8,22.0.0.7,tcp,45225,1494,finished,27,5,0,72692,72684,0,0,343,84,1670,114,0,5,4689.5,56256,12448.2,154958800.0,2.6,"2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114",50,100.3,387,63.6,4041.6,4.8,"50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50","5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0","4.094119072,4.506643772,4.039021015,4.568367004,4.528367043,4.245353222,5.186970711,4.576177120,4.820792675,4.800546169,4.260721207,4.770667076,4.545018196,3.338554859,4.081573486,4.165511131,4.056994915,4.437763214,4.102537632,4.181773186,4.332800388,4.481823921,4.388646603,4.394422054,4.212355614,4.095830441,4.246722221,4.279045105,4.048637390,4.188758850,4.256690979,4.322698593",Citrix,132,1,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8607,3874,1616,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8607,3874,1616,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/cloudflare-warp.pcap.out b/test/results/flow-analyse/default/cloudflare-warp.pcap.out index 79b39782e..00e0e03f0 100644 --- a/test/results/flow-analyse/default/cloudflare-warp.pcap.out +++ b/test/results/flow-analyse/default/cloudflare-warp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,72,57563,3074,7477,9,2,7,0,0,3,6,3,0,1,0,38,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,2,0,6,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,2,0,0,0,0,0,0,9,0,0,8,1,0,0,9,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,72,57276,3074,7477,9,2,7,0,0,3,6,3,0,1,0,38,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,2,0,6,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,2,0,0,0,0,0,0,9,0,0,8,1,0,0,9,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/cnp_ip.pcapng.out b/test/results/flow-analyse/default/cnp_ip.pcapng.out index b8491804b..74e11fea4 100644 --- a/test/results/flow-analyse/default/cnp_ip.pcapng.out +++ b/test/results/flow-analyse/default/cnp_ip.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6123,60,0,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6123,60,0,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/coap_mqtt.pcap.out b/test/results/flow-analyse/default/coap_mqtt.pcap.out index c7715455c..1f1a7cbf4 100644 --- a/test/results/flow-analyse/default/coap_mqtt.pcap.out +++ b/test/results/flow-analyse/default/coap_mqtt.pcap.out @@ -8,4 +8,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.56.1,192.168.56.101,udp,50312,17500,finished,16,16,1455907274088318,1455907275896569,1455907275902611,95,0,101,24,1564,332,0,1319,116856.3,131359,22365.2,500202464.0,4.9,"1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537",46,87.2,129,38.5,1485.3,4.9,"125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49","0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" 1,ip4,192.168.56.1,192.168.56.101,udp,50319,17500,finished,16,16,1455907275690777,1455907277661201,1455907277663998,94,0,101,24,1561,329,0,5091,127214.4,172321,26264.3,689812928.0,4.9,"5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564",45,87.1,129,38.6,1487.1,4.9,"127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51","0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,121,102964,41887,11416,16,0,16,2,8,0,16,0,0,4,0,58,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,4,0,0,0,0,0,8,8,0,4,12,0,0,16,16,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,121,102964,41887,11416,16,0,16,2,8,0,16,0,0,4,0,58,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,4,0,0,0,0,0,8,8,0,4,12,0,0,16,16,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/codm.pcap.out b/test/results/flow-analyse/default/codm.pcap.out index c809ee421..799dc7c82 100644 --- a/test/results/flow-analyse/default/codm.pcap.out +++ b/test/results/flow-analyse/default/codm.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,21226,711,2403,3,0,3,0,0,0,3,1,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,25,21144,711,2403,3,0,3,0,0,0,3,1,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/collectd.pcap.out b/test/results/flow-analyse/default/collectd.pcap.out index ed3eb19ec..cd5ae6355 100644 --- a/test/results/flow-analyse/default/collectd.pcap.out +++ b/test/results/flow-analyse/default/collectd.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,127.0.0.1,127.0.0.1,udp,35988,25826,finished,32,0,1655315313991539,1655315583990823,1655315313991539,1311,0,1346,0,42548,0,0,417,8709655.0,10000474,3352121.2,11236716576768.0,4.8,"9999043,10000474,9999533,9999908,9999948,529,9999990,10000110,9999700,10000036,9999885,10000020,417,9999778,9999931,10000097,9999852,9999817,10000085,761,9999588,9999630,10000163,10000066,9999926,9999713,640,10000064,9999244,10000446,9999890",1339,1357.6,1374,10.8,116.6,5.0,"1371,1351,1357,1347,1351,1341,1355,1374,1365,1371,1372,1366,1372,1354,1361,1362,1339,1357,1354,1339,1351,1350,1353,1356,1370,1347,1367,1369,1374,1341,1345,1362","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,26,4,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.538798809,4.626172066,4.590242386,4.677317142,4.469442844,4.469480515,4.436117172,4.566956997,4.640308857,4.622093678,4.647140026,4.535036087,4.461278439,4.484570026,4.575104237,4.554965019,4.643092632,4.568192482,4.547473907,4.509483337,4.405175686,4.572257042,4.526435375,4.590792656,4.609064102,4.615740299,4.564195156,4.457546711,4.629378319,4.606139183,4.648756027,4.580255032",collectd,298,0,Acceptable,System,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,74,105193,105984,0,9,0,9,15,1,3,6,0,0,0,0,25,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,9,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,74,105193,105984,0,9,0,9,15,1,3,6,0,0,0,0,25,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,9,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/conncheck.pcap.out b/test/results/flow-analyse/default/conncheck.pcap.out index 19531ea62..9fe642fea 100644 --- a/test/results/flow-analyse/default/conncheck.pcap.out +++ b/test/results/flow-analyse/default/conncheck.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,81,63763,5724,5222,10,6,4,0,0,0,10,1,0,0,0,47,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,7,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,9,1,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,81,63763,5724,5222,10,6,4,0,0,0,10,1,0,0,0,47,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,7,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,9,1,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/corba.pcap.out b/test/results/flow-analyse/default/corba.pcap.out index 34c71a4dc..4b0ab02d1 100644 --- a/test/results/flow-analyse/default/corba.pcap.out +++ b/test/results/flow-analyse/default/corba.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,15098,20910,4122,2,0,2,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,15098,20910,4122,2,0,2,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/cpha.pcap.out b/test/results/flow-analyse/default/cpha.pcap.out index fcb7c019b..08b37ee0f 100644 --- a/test/results/flow-analyse/default/cpha.pcap.out +++ b/test/results/flow-analyse/default/cpha.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5589,50,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5589,50,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/crawler_false_positive.pcapng.out b/test/results/flow-analyse/default/crawler_false_positive.pcapng.out index b528c83eb..9e6fed40e 100644 --- a/test/results/flow-analyse/default/crawler_false_positive.pcapng.out +++ b/test/results/flow-analyse/default/crawler_false_positive.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9284,235,799,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9284,235,799,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/crynet.pcap.out b/test/results/flow-analyse/default/crynet.pcap.out index 2d2cc270c..7be0bd97b 100644 --- a/test/results/flow-analyse/default/crynet.pcap.out +++ b/test/results/flow-analyse/default/crynet.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,64,49038,8204,1463,7,0,7,0,0,0,7,0,0,0,0,35,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,64,49038,8204,1463,7,0,7,0,0,0,7,0,0,0,0,35,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/custom_categories.pcapng.out b/test/results/flow-analyse/default/custom_categories.pcapng.out index c04614504..ad72f167b 100644 --- a/test/results/flow-analyse/default/custom_categories.pcapng.out +++ b/test/results/flow-analyse/default/custom_categories.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip6,2001:db8:1::1,2001:db8:200::1,tcp,64720,20868,finished,16,16,921159918266121,921159920416135,921159920477444,0,0,164,568,687,1335,0,56989,140688.3,385938,76774.1,5894261248.0,4.8,"56989,57531,79880,80387,89216,138763,253258,182381,385938,91317,93080,94647,191269,165005,76892,108844,123707,109411,199372,90998,94037,69367,74265,78602,142565,139480,141464,314131,235639,200458,202444",72,135.7,640,113.0,12766.0,4.7,"80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116","12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1","3.368683577,4.029293060,3.817690372,4.358336926,4.312359810,6.673550606,6.224353790,3.789912701,4.102612972,4.484647751,4.159218788,6.579281807,6.467639446,3.817690372,4.106600761,6.354053020,6.361316204,3.779428005,4.600508690,5.055481434,3.751650333,4.102612972,6.370564461,4.049995422,4.126422405,4.126422405,4.078803539,7.576204777,3.789912701,4.708058834,3.789912701,5.130954742",SSH,92,1,Acceptable,RemoteAccess,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,27538,2156,5216,2,1,1,0,1,0,2,6,0,2,1,10,1,0,1,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,4,3,0,0,0,0,1,1,0,2,0,0,0,2,2,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,27538,2156,5216,2,1,1,0,1,0,2,6,0,2,1,10,1,0,1,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,4,3,0,0,0,0,1,1,0,2,0,0,0,2,2,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/custom_risk_mask.pcapng.out b/test/results/flow-analyse/default/custom_risk_mask.pcapng.out index 3492735f0..c3a950899 100644 --- a/test/results/flow-analyse/default/custom_risk_mask.pcapng.out +++ b/test/results/flow-analyse/default/custom_risk_mask.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9674,60,0,2,0,2,0,0,0,2,0,0,2,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9674,60,0,2,0,2,0,0,0,2,0,0,2,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out b/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out index db7bd6289..008a783d6 100644 --- a/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out +++ b/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,34,32272,3502,448,7,0,7,0,0,0,2,0,5,0,0,8,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,7,2,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,34,32272,3502,448,7,0,7,0,0,0,2,0,5,0,0,8,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,7,2,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/flow-analyse/default/custom_rules_same-ip_multiple_ports.pcapng.out index f71b8432c..4498f8c9f 100644 --- a/test/results/flow-analyse/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/flow-analyse/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,15983,0,0,3,0,3,0,0,1,0,0,2,0,0,8,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,15983,0,0,3,0,3,0,0,1,0,0,2,0,0,8,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dazn.pcapng.out b/test/results/flow-analyse/default/dazn.pcapng.out index 4a6cf6c3a..3f9fe61a9 100644 --- a/test/results/flow-analyse/default/dazn.pcapng.out +++ b/test/results/flow-analyse/default/dazn.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,30061,1551,4284,3,0,3,0,0,0,3,3,0,0,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,27,29815,1551,4284,3,0,3,0,0,0,3,3,0,0,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dcerpc.pcap.out b/test/results/flow-analyse/default/dcerpc.pcap.out index ec054af51..c51c5f4a5 100644 --- a/test/results/flow-analyse/default/dcerpc.pcap.out +++ b/test/results/flow-analyse/default/dcerpc.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,29680,6194,0,4,0,4,0,0,0,4,0,0,4,0,14,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,29680,6194,0,4,0,4,0,0,0,4,0,0,4,0,14,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dhcp-fuzz.pcapng.out b/test/results/flow-analyse/default/dhcp-fuzz.pcapng.out index 291ce4f8d..54179db54 100644 --- a/test/results/flow-analyse/default/dhcp-fuzz.pcapng.out +++ b/test/results/flow-analyse/default/dhcp-fuzz.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5873,300,0,1,0,1,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5873,300,0,1,0,1,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/diameter.pcap.out b/test/results/flow-analyse/default/diameter.pcap.out index ff61fe95e..e5ee8dd10 100644 --- a/test/results/flow-analyse/default/diameter.pcap.out +++ b/test/results/flow-analyse/default/diameter.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9711,1012,644,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9711,1012,644,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dicom.pcap.out b/test/results/flow-analyse/default/dicom.pcap.out new file mode 100644 index 000000000..229fa34f1 --- /dev/null +++ b/test/results/flow-analyse/default/dicom.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,22,41153,34384,0,4,0,4,0,0,0,4,0,0,0,0,6,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dingtalk.pcap.out b/test/results/flow-analyse/default/dingtalk.pcap.out index 12da89703..3c0322c1f 100644 --- a/test/results/flow-analyse/default/dingtalk.pcap.out +++ b/test/results/flow-analyse/default/dingtalk.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,15027,701,3493,2,1,1,0,0,0,2,1,0,0,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,14945,701,3493,2,1,1,0,0,0,2,1,0,0,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/discord.pcap.out b/test/results/flow-analyse/default/discord.pcap.out index b766c3bf4..29def387b 100644 --- a/test/results/flow-analyse/default/discord.pcap.out +++ b/test/results/flow-analyse/default/discord.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,316,263324,32475,48285,34,0,34,57,0,0,34,2,0,1,0,149,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,33,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,1,0,0,0,0,34,0,0,1,33,0,0,34,34,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,316,263201,32475,48285,34,0,34,57,0,0,34,2,0,1,0,149,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,33,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,1,0,0,0,0,34,0,0,1,33,0,0,34,34,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/discord_mid_flow.pcap.out b/test/results/flow-analyse/default/discord_mid_flow.pcap.out index f020eaaa4..15621a9cd 100644 --- a/test/results/flow-analyse/default/discord_mid_flow.pcap.out +++ b/test/results/flow-analyse/default/discord_mid_flow.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,14545,0,0,0,0,0,0,0,0,0,0,0,0,16,0,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,14545,0,0,0,0,0,0,0,0,0,0,0,0,16,0,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dlep.pcapng.out b/test/results/flow-analyse/default/dlep.pcapng.out index 464ae7e74..5840ec0d3 100644 --- a/test/results/flow-analyse/default/dlep.pcapng.out +++ b/test/results/flow-analyse/default/dlep.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,16,12804,106,145,3,0,3,0,0,0,3,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,16,12804,106,145,3,0,3,0,0,0,3,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dlms.pcap.out b/test/results/flow-analyse/default/dlms.pcap.out index e660fda62..baa4298fd 100644 --- a/test/results/flow-analyse/default/dlms.pcap.out +++ b/test/results/flow-analyse/default/dlms.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,14387,2659,32,2,1,1,0,0,0,2,0,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,14387,2659,32,2,1,1,0,0,0,2,0,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dlt_ppp.pcap.out b/test/results/flow-analyse/default/dlt_ppp.pcap.out index d0fd3f3fc..e42dfdf61 100644 --- a/test/results/flow-analyse/default/dlt_ppp.pcap.out +++ b/test/results/flow-analyse/default/dlt_ppp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,4,3700,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,4,3700,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dnp3.pcap.out b/test/results/flow-analyse/default/dnp3.pcap.out index 701f1e6bc..04f3a13b6 100644 --- a/test/results/flow-analyse/default/dnp3.pcap.out +++ b/test/results/flow-analyse/default/dnp3.pcap.out @@ -7,4 +7,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.0.8,10.0.0.3,tcp,1184,20000,finished,20,12,1097512255234470,1097512267645965,1097512267537969,0,0,24,17,144,153,0,0,797257.9,9487840,2344670.8,5497481068544.0,1.9,"0,0,157,0,0,360,0,0,1427,0,0,192830,0,0,9226978,0,0,9487840,0,0,187102,0,0,2636386,0,0,2814075,0,0,167839,0",46,52.8,64,7.0,48.7,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46","20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0","4.217971325,4.217971325,4.217971325,4.641540051,4.641540051,4.641540051,4.032184124,4.032184124,4.032184124,4.784216881,4.784216881,4.784216881,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.906424999,4.906424999,4.906424999,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.858093739,4.858093739,4.858093739,4.075662136,4.075662136",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" 1,ip4,10.0.0.9,10.0.0.3,tcp,1084,20000,finished,18,14,1097513177295531,1097513185001370,1097513185001533,0,0,24,17,144,51,0,0,497156.2,3963212,1082464.4,1171729022976.0,2.5,"0,0,199,0,0,410,0,0,1542,0,0,125290,0,0,3672101,0,0,3963212,0,0,1744251,0,0,1702440,0,0,2163787,0,0,2038609,0",46,50.8,64,7.1,50.0,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1","4.202244282,4.202244282,4.202244282,4.641540051,4.641540051,4.641540051,4.075662136,4.075662136,4.075662136,4.893180847,4.893180847,4.893180847,4.119140148,4.119140148,4.119140148,4.926108360,4.926108360,4.926108360,4.162619114,4.162619114,4.162619114,4.957358360,4.957358360,4.957358360,4.075662613,4.075662613,4.075662613,4.119140625,4.119140625,4.119140625,4.162619114,4.162619114",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,81,66205,2559,5229,8,2,6,0,7,0,8,0,0,0,0,40,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,8,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,81,66205,2559,5229,8,2,6,0,7,0,8,0,0,0,0,40,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,8,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns-exf.pcap.out b/test/results/flow-analyse/default/dns-exf.pcap.out index 95a371c9e..47870dba1 100644 --- a/test/results/flow-analyse/default/dns-exf.pcap.out +++ b/test/results/flow-analyse/default/dns-exf.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,9,9265,121,137,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,2,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 +0,9,9265,121,137,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,2,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns-google-nsid.pcapng.out b/test/results/flow-analyse/default/dns-google-nsid.pcapng.out index 7f8cb6e98..2e4f0fa6a 100644 --- a/test/results/flow-analyse/default/dns-google-nsid.pcapng.out +++ b/test/results/flow-analyse/default/dns-google-nsid.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,46,41531,368,1054,7,0,7,0,0,0,7,7,0,0,0,14,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,4,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,46,41531,368,1054,7,0,7,0,0,0,7,7,0,0,0,14,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,4,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns-invalid-chars.pcap.out b/test/results/flow-analyse/default/dns-invalid-chars.pcap.out index b49d0e02c..f23c25fd1 100644 --- a/test/results/flow-analyse/default/dns-invalid-chars.pcap.out +++ b/test/results/flow-analyse/default/dns-invalid-chars.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,9,8034,48,64,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,9,8034,48,64,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns-tunnel-iodine.pcap.out b/test/results/flow-analyse/default/dns-tunnel-iodine.pcap.out index fe0e27303..568a99188 100644 --- a/test/results/flow-analyse/default/dns-tunnel-iodine.pcap.out +++ b/test/results/flow-analyse/default/dns-tunnel-iodine.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.0.2.30,10.0.2.20,udp,44639,53,finished,19,13,1282356640051082,1282356645071860,1282356640060900,40,0,281,1434,2968,3580,0,93,162277.3,1002966,368318.9,135658823680.0,2.4,"93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454",68,232.6,1462,286.6,82112.7,4.4,"68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309","0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0","4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920",DNS,5,0,Acceptable,Network,6,DPI,"23,49" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12340,16812,35212,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 +0,13,12340,16812,35212,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns.pcap.out b/test/results/flow-analyse/default/dns.pcap.out index bf9cb9b84..dba8478b3 100644 --- a/test/results/flow-analyse/default/dns.pcap.out +++ b/test/results/flow-analyse/default/dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,9322,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,9322,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out b/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out index ccb47c2dd..f982349ea 100644 --- a/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out +++ b/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,192.168.20.211,1.1.1.1,tcp,44404,443,info,15,17,1585754662417775,1585754667234417,1585754667234382,0,0,261,1588,832,4006,0,10,310750.0,3088155,822603.9,676677156864.0,2.2,"15183,15220,354,15270,1846,16739,62,53,90384,91,71,105281,44,81,14863,21,60,6014,10,5995,405,8870,6443,1568614,19,1583566,686,15609,3073223,17,3088155",40,193.5,1628,364.6,132965.6,3.7,"60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40","9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1","0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0","4.667386532,4.668681622,4.543943405,5.982677937,4.205535889,7.833335876,4.543943405,7.877990246,4.493943214,6.023458481,6.306409836,6.668928623,4.205535889,4.138445377,6.120807171,4.543943405,4.249013901,5.515665054,7.178042412,5.484094143,4.446440220,6.385652542,4.249013901,4.205535889,7.207519531,5.404759407,4.543943405,6.804022312,4.205535412,7.318181038,5.501630783,4.543943405",TLS,91,1,Safe,Web,6,DPI,"24,52" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12844,1343,4713,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 +0,13,12762,1343,4713,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_ambiguous_names.pcap.out b/test/results/flow-analyse/default/dns_ambiguous_names.pcap.out index b86b50d9f..ac0340396 100644 --- a/test/results/flow-analyse/default/dns_ambiguous_names.pcap.out +++ b/test/results/flow-analyse/default/dns_ambiguous_names.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,63,57213,509,1438,10,0,10,0,0,0,10,10,0,1,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,4,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,1,0,2,0,0,0,0,10,0,0,0,10,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,63,57213,509,1438,10,0,10,0,0,0,10,10,0,1,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,4,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,1,0,2,0,0,0,0,10,0,0,0,10,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_doh.pcap.out b/test/results/flow-analyse/default/dns_doh.pcap.out index e22d9d1cf..8f1ce63e5 100644 --- a/test/results/flow-analyse/default/dns_doh.pcap.out +++ b/test/results/flow-analyse/default/dns_doh.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,172.20.10.4,104.16.248.249,tcp,49877,443,info,18,14,1571089200789290,1571089201723583,1571089201764372,0,0,517,1300,1424,4202,0,0,61592.7,535341,130172.4,16944855040.0,3.0,"87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,0,17900,147557,535341,708,88830,66,525420,6,10702,6",40,216.9,1340,327.3,107137.2,3.9,"64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71","9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1","4.441382408,4.801308632,4.503056526,5.369568825,4.730641365,7.827131748,7.862888336,4.630641460,4.453056335,7.522860050,4.630641460,5.744826317,6.939166546,7.200489998,6.276752949,4.730641365,7.589616776,7.428659439,5.699038506,4.730641365,4.730641365,4.680641174,5.688406467,4.780641556,6.111449242,6.391828060,6.039783001,6.407779217,4.780641556,4.730641365,7.064774990,5.558194637",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12407,3792,8866,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,12325,3792,8866,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_dot.pcap.out b/test/results/flow-analyse/default/dns_dot.pcap.out index 049b1b25f..9c3e8d92a 100644 --- a/test/results/flow-analyse/default/dns_dot.pcap.out +++ b/test/results/flow-analyse/default/dns_dot.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10986,548,3721,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10904,548,3721,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_exfiltration.pcap.out b/test/results/flow-analyse/default/dns_exfiltration.pcap.out index 5742c8424..9707d3b88 100644 --- a/test/results/flow-analyse/default/dns_exfiltration.pcap.out +++ b/test/results/flow-analyse/default/dns_exfiltration.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.220.56,192.168.203.167,udp,56373,53,finished,16,16,1580978146717893,1580978160880828,1580978160882236,59,0,173,344,1158,2183,0,3976,913783.2,1035526,281798.4,79410348032.0,4.8,"170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694",87,132.4,372,59.1,3497.9,4.9,"201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134","0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.667089462,4.689397812,4.760825157,4.825231075,4.676949501,4.874624252,4.717905998,4.933177948,4.565960884,4.809306622,4.614233017,4.906701565,4.640079498,4.841056824,4.601366520,4.896399975,4.614233017,4.837578773,4.621761799,4.830716610,4.594102859,4.805916786,4.652946472,4.869677067,4.607450485,4.854219437,4.621762276,4.930173397,4.677563667,4.830170631,4.546681404,4.850760937",DNS,5,0,Acceptable,Network,6,DPI,"16,27" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,15194,26119,34826,1,0,1,1,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,2,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,15194,26119,34826,1,0,1,1,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,2,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_fragmented.pcap.out b/test/results/flow-analyse/default/dns_fragmented.pcap.out index eb5f6e038..f67ff5c9d 100644 --- a/test/results/flow-analyse/default/dns_fragmented.pcap.out +++ b/test/results/flow-analyse/default/dns_fragmented.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,153,149347,1207,16654,21,2,19,0,0,0,21,22,0,10,7,49,1,0,1,3,0,0,0,0,0,0,0,0,4,0,0,3,0,0,0,0,0,1,20,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,2,16,0,0,0,0,0,5,16,0,2,19,0,0,21,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,7,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,153,149347,1207,16654,21,2,19,0,0,0,21,22,0,10,7,49,1,0,1,3,0,0,0,0,0,0,0,0,4,0,0,3,0,0,0,0,0,1,20,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,2,16,0,0,0,0,0,5,16,0,2,19,0,0,21,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,7,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_invert_query.pcapng.out b/test/results/flow-analyse/default/dns_invert_query.pcapng.out index 1c5b4c163..a02def44a 100644 --- a/test/results/flow-analyse/default/dns_invert_query.pcapng.out +++ b/test/results/flow-analyse/default/dns_invert_query.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6345,36,12,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6345,36,12,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dns_long_domainname.pcap.out b/test/results/flow-analyse/default/dns_long_domainname.pcap.out index 62549ff72..e266da669 100644 --- a/test/results/flow-analyse/default/dns_long_domainname.pcap.out +++ b/test/results/flow-analyse/default/dns_long_domainname.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,9,8026,61,117,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,9,8026,61,117,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out index 3f973ea3f..6692a2cb6 100644 --- a/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/flow-analyse/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1539,1581680,244416,44650,245,0,245,200,0,0,245,0,0,0,56,488,1,0,1,2,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,245,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,245,0,0,245,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,1539,1581890,244416,44650,245,0,245,200,0,0,245,0,0,0,56,488,1,0,1,2,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,245,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,0,0,0,0,0,0,0,0,0,245,0,0,0,245,0,0,245,245,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dnscrypt-v2-doh.pcap.out b/test/results/flow-analyse/default/dnscrypt-v2-doh.pcap.out index b28898863..b34334c41 100644 --- a/test/results/flow-analyse/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/flow-analyse/default/dnscrypt-v2-doh.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,309,419683,32683,152737,34,0,34,0,0,0,34,36,0,6,0,168,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,6,3,0,0,0,0,34,0,0,34,0,0,0,34,34,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,309,416813,32683,152737,34,0,34,0,0,0,34,36,0,6,0,168,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,6,3,0,0,0,0,34,0,0,34,0,0,0,34,34,0,0,0,0,0,0,0,6,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dnscrypt-v2.pcap.out b/test/results/flow-analyse/default/dnscrypt-v2.pcap.out index 1fc7ada3d..df5735598 100644 --- a/test/results/flow-analyse/default/dnscrypt-v2.pcap.out +++ b/test/results/flow-analyse/default/dnscrypt-v2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,18,19081,3264,784,3,0,3,0,0,0,3,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,18,19081,3264,784,3,0,3,0,0,0,3,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/flow-analyse/default/dnscrypt_skype_false_positive.pcapng.out index fef6cab46..6290ad4d9 100644 --- a/test/results/flow-analyse/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/flow-analyse/default/dnscrypt_skype_false_positive.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12358,1536,592,1,0,1,1,0,0,1,0,0,0,0,5,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,12358,1536,592,1,0,1,1,0,0,1,0,0,0,0,5,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/doh.pcapng.out b/test/results/flow-analyse/default/doh.pcapng.out index 9869fea59..b8fa5b46a 100644 --- a/test/results/flow-analyse/default/doh.pcapng.out +++ b/test/results/flow-analyse/default/doh.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,info,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24,52" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12737,1881,5821,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 +0,13,12655,1881,5821,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 diff --git a/test/results/flow-analyse/default/doq.pcapng.out b/test/results/flow-analyse/default/doq.pcapng.out index 81baca606..f50fee77d 100644 --- a/test/results/flow-analyse/default/doq.pcapng.out +++ b/test/results/flow-analyse/default/doq.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,18903,2350,2416,2,0,2,0,0,0,2,0,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,1,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,18862,2350,2416,2,0,2,0,0,0,2,0,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,1,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/doq_adguard.pcapng.out b/test/results/flow-analyse/default/doq_adguard.pcapng.out index de2e5ec85..ae92421ba 100644 --- a/test/results/flow-analyse/default/doq_adguard.pcapng.out +++ b/test/results/flow-analyse/default/doq_adguard.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.169,94.140.14.14,udp,41070,784,finished,16,16,1608278425043144,1608278427520204,1608278427556259,31,0,1232,1252,3388,9887,0,12,160973.4,1885270,453072.4,205274628096.0,2.4,"36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270",59,442.8,1280,522.9,273444.5,4.1,"1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69","4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0","0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0","0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1","7.847249508,6.664321423,7.854867935,7.829421520,7.845530033,7.828608036,5.784439087,5.698686600,6.822151661,5.751563549,7.848925114,7.841618061,7.849283695,7.840007782,7.166291237,5.550272942,5.778533459,5.825033665,5.698887825,7.230185032,6.684528351,6.026679039,5.577555180,5.650410652,7.431746960,5.496964455,5.706285954,5.435783863,6.043458462,6.076747894,6.093711376,5.553960800",QUIC.DoH_DoT,188.196,1,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,17296,10308,21705,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,17255,10308,21705,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-analyse/default/dos_win98_smb_netbeui.pcap.out index 0ae25490f..f4fd66b17 100644 --- a/test/results/flow-analyse/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/flow-analyse/default/dos_win98_smb_netbeui.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.239.129,192.168.239.255,udp,137,137,finished,32,0,1576409800543745,1576409931837438,1576409800543745,68,0,68,0,2176,0,0,43,4235280.5,96434388,17261798.0,297969697947648.0,1.5,"471,72,38984,710235,79,43,39467,709823,84,47,40333,710082,133,63,40024,760697,749893,749148,750102,96434388,763919,759984,756024,755162,752213,756593,760022,22000853,749883,749867,755005",96,96.0,96,0.0,0.0,5.0,"96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.156764984,4.210426807,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.176768780,4.177598476,4.193659782,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.155935764,4.289934158,4.323737621,4.323737621,4.323737621,4.282100201,4.282100201,4.282100201,4.248297215,4.376053333,4.376053333,4.376053333,4.355220318,4.281060219,4.286166668,4.277262688,4.307000160",NetBIOS,10,0,Acceptable,System,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,110,60827,5953,0,4,0,4,8,1,0,4,0,0,1,35,16,1,0,1,1,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,3,1,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,110,60351,5953,0,4,0,4,8,1,0,4,0,0,0,35,16,1,0,1,1,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,3,1,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dotenv.pcap.out b/test/results/flow-analyse/default/dotenv.pcap.out index e21992e00..d9405bf5e 100644 --- a/test/results/flow-analyse/default/dotenv.pcap.out +++ b/test/results/flow-analyse/default/dotenv.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10030,82,231,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,2,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,12,10030,82,231,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,2,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/drda_db2.pcap.out b/test/results/flow-analyse/default/drda_db2.pcap.out index 7025b13e4..e63261f7d 100644 --- a/test/results/flow-analyse/default/drda_db2.pcap.out +++ b/test/results/flow-analyse/default/drda_db2.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.106.1,192.168.106.128,tcp,4847,50000,finished,17,15,1175543772220609,1175543792690997,1175543792523346,0,0,663,630,2071,2488,0,489,1315262.1,17986057,4366159.0,19063346561024.0,1.8,"489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439",40,183.0,703,190.6,36335.2,4.3,"48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40","10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0","4.443420410,4.743162632,4.731687069,5.602320194,4.712815285,5.534297943,5.451408386,4.643942833,5.407389164,4.731687069,5.469695568,4.712814808,4.427623272,4.828757286,5.028375626,4.781687260,5.564469814,5.097215652,4.705523014,4.912525654,4.828757286,5.049652100,5.369750977,4.250173569,4.773659706,5.041621685,4.681686878,5.027119160,4.343546391,4.828757286,5.070929050,4.615311623",DRDA,227,0,Acceptable,Database,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10210,2081,2542,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10210,2081,2542,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dropbox.pcap.out b/test/results/flow-analyse/default/dropbox.pcap.out index b55e29b30..08b719c90 100644 --- a/test/results/flow-analyse/default/dropbox.pcap.out +++ b/test/results/flow-analyse/default/dropbox.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.56.1,192.168.56.101,udp,50312,17500,finished,16,16,1455907274088318,1455907275896569,1455907275902611,95,0,101,24,1564,332,0,1319,116856.3,131359,22365.2,500202464.0,4.9,"1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537",46,87.2,129,38.5,1485.3,4.9,"125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49","0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" 1,ip4,192.168.56.1,192.168.56.101,udp,50319,17500,finished,16,16,1455907275690777,1455907277661201,1455907277663998,94,0,101,24,1561,329,0,5091,127214.4,172321,26264.3,689812928.0,4.9,"5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564",45,87.1,129,38.6,1487.1,4.9,"127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51","0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,132,115817,43692,11224,15,0,15,4,4,0,15,11,0,5,0,63,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,6,0,0,0,0,0,0,15,0,0,0,15,0,0,15,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0 +0,132,115817,43692,11224,15,0,15,4,4,0,15,11,0,5,0,63,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,6,0,0,0,0,0,0,15,0,0,0,15,0,0,15,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls.pcap.out b/test/results/flow-analyse/default/dtls.pcap.out index bd6c7b0bc..3b8a9004f 100644 --- a/test/results/flow-analyse/default/dtls.pcap.out +++ b/test/results/flow-analyse/default/dtls.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,23444,3203,3518,2,0,2,0,0,0,2,2,0,2,4,7,1,0,1,3,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,4,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,28,23280,3203,3518,2,0,2,0,0,0,2,2,0,2,4,7,1,0,1,3,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,4,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls2.pcap.out b/test/results/flow-analyse/default/dtls2.pcap.out index d39e19242..46f87cca3 100644 --- a/test/results/flow-analyse/default/dtls2.pcap.out +++ b/test/results/flow-analyse/default/dtls2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,18522,1658,2073,1,0,1,5,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,17,18440,1658,2073,1,0,1,5,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls_certificate.pcapng.out b/test/results/flow-analyse/default/dtls_certificate.pcapng.out index c17d47690..8b63f3e9d 100644 --- a/test/results/flow-analyse/default/dtls_certificate.pcapng.out +++ b/test/results/flow-analyse/default/dtls_certificate.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,8334,1444,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,8292,1444,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls_certificate_fragments.pcap.out b/test/results/flow-analyse/default/dtls_certificate_fragments.pcap.out index 490545acc..42e893e30 100644 --- a/test/results/flow-analyse/default/dtls_certificate_fragments.pcap.out +++ b/test/results/flow-analyse/default/dtls_certificate_fragments.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,31618,3051,6050,2,0,2,0,0,0,2,5,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,4,3,1,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,25,31331,3051,6050,2,0,2,0,0,0,2,5,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,4,3,1,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls_mid_sessions.pcapng.out b/test/results/flow-analyse/default/dtls_mid_sessions.pcapng.out index 7c69efdce..7ab07c822 100644 --- a/test/results/flow-analyse/default/dtls_mid_sessions.pcapng.out +++ b/test/results/flow-analyse/default/dtls_mid_sessions.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,31,33444,29417,4629,4,0,4,0,0,0,4,0,0,0,0,16,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,31,33444,29417,4629,4,0,4,0,0,0,4,0,0,0,0,16,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls_old_version.pcapng.out b/test/results/flow-analyse/default/dtls_old_version.pcapng.out index 05fdcb8fc..c0fb987cf 100644 --- a/test/results/flow-analyse/default/dtls_old_version.pcapng.out +++ b/test/results/flow-analyse/default/dtls_old_version.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,12038,416,284,1,0,1,0,0,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,3,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,14,12038,416,284,1,0,1,0,0,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,3,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/flow-analyse/default/dtls_session_id_and_coockie_both.pcap.out index 729f609d5..31b406348 100644 --- a/test/results/flow-analyse/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/flow-analyse/default/dtls_session_id_and_coockie_both.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,10071,218,218,1,0,1,0,0,0,1,1,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9989,218,218,1,0,1,0,0,0,1,1,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/edonkey.pcap.out b/test/results/flow-analyse/default/edonkey.pcap.out index 03d4ddf87..a1c074ccf 100644 --- a/test/results/flow-analyse/default/edonkey.pcap.out +++ b/test/results/flow-analyse/default/edonkey.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8334,248,792,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8334,248,792,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/egd.pcapng.out b/test/results/flow-analyse/default/egd.pcapng.out index f1c82f4d6..b661d2229 100644 --- a/test/results/flow-analyse/default/egd.pcapng.out +++ b/test/results/flow-analyse/default/egd.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8020,295,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8020,295,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/elasticsearch.pcap.out b/test/results/flow-analyse/default/elasticsearch.pcap.out index a29b85238..a2aa493ee 100644 --- a/test/results/flow-analyse/default/elasticsearch.pcap.out +++ b/test/results/flow-analyse/default/elasticsearch.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,44,39214,8322,1267,7,1,6,0,0,0,7,0,0,0,0,19,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,44,39214,8322,1267,7,1,6,0,0,0,7,0,0,0,0,19,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/elf.pcap.out b/test/results/flow-analyse/default/elf.pcap.out index 8f4c52b33..e131ea9c1 100644 --- a/test/results/flow-analyse/default/elf.pcap.out +++ b/test/results/flow-analyse/default/elf.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,16,45570,62064,0,2,1,1,0,0,0,0,0,2,0,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,16,45570,62064,0,2,1,1,0,0,0,0,0,2,0,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/emotet.pcap.out b/test/results/flow-analyse/default/emotet.pcap.out index bde5a643d..2d61ce243 100644 --- a/test/results/flow-analyse/default/emotet.pcap.out +++ b/test/results/flow-analyse/default/emotet.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.2.25.102,193.252.22.84,tcp,57309,587,finished,13,19,1645830066121611,1645830074471734,1645830074471604,0,0,698,160,898,391,0,254,538713.4,3056402,774055.0,599161176064.0,3.7,"749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254",40,80.8,738,121.9,14849.5,4.3,"52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738","8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0","4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747",SMTP,3,0,Acceptable,Email,6,DPI,"" 1,ip4,10.3.29.101,104.161.127.22,tcp,56309,80,finished,12,20,1648563468993352,1648563469442201,1648563469442152,0,0,446,1361,446,24498,0,77,28956.4,204389,59845.4,3581476608.0,2.7,"115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690",40,820.0,1401,663.1,439751.8,4.4,"52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40","11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079",HTTP,7,0,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,60,54907,17972,71884,6,1,5,0,2,0,6,4,0,4,0,30,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,2,4,0,0,0,0,0,0,0,0,0,0,1,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,4,5,3,2,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,2,0,1,0,0,0,0,2,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0 +0,60,54785,17972,71884,6,1,5,0,2,0,6,4,0,4,0,30,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,2,4,0,0,0,0,0,0,0,0,0,0,1,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,4,5,3,2,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,2,0,1,0,0,0,0,2,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0 diff --git a/test/results/flow-analyse/default/encrypted_sni.pcap.out b/test/results/flow-analyse/default/encrypted_sni.pcap.out index 0428f6b7c..7e6f12a6a 100644 --- a/test/results/flow-analyse/default/encrypted_sni.pcap.out +++ b/test/results/flow-analyse/default/encrypted_sni.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,15900,2148,0,3,0,3,0,0,0,3,0,0,0,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,17853,2148,0,3,0,3,0,0,0,3,0,0,3,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,9,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0 diff --git a/test/results/flow-analyse/default/epicgames.pcapng.out b/test/results/flow-analyse/default/epicgames.pcapng.out index 723ef24c3..06c341440 100644 --- a/test/results/flow-analyse/default/epicgames.pcapng.out +++ b/test/results/flow-analyse/default/epicgames.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,25204,5959,1825,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,25204,5959,1825,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/esp.pcapng.out b/test/results/flow-analyse/default/esp.pcapng.out index a3c6e81d0..3a8b99497 100644 --- a/test/results/flow-analyse/default/esp.pcapng.out +++ b/test/results/flow-analyse/default/esp.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,12790,834,786,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,12790,834,786,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ethereum.pcap.out b/test/results/flow-analyse/default/ethereum.pcap.out index 8a9bd24b8..18e4e86aa 100644 --- a/test/results/flow-analyse/default/ethereum.pcap.out +++ b/test/results/flow-analyse/default/ethereum.pcap.out @@ -33,4 +33,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.184,138.75.171.190,tcp,56657,30303,finished,17,15,1578508365226088,1578508365751522,1578508366012044,0,0,539,459,779,523,0,8,42302.9,263115,95827.5,9182917632.0,2.4,"259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8",46,91.4,591,121.5,14755.2,4.3,"64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1","4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" 1,ip4,192.168.1.184,78.47.147.155,tcp,56673,30303,finished,23,9,1578508365712625,1578508366123630,1578508366123331,0,0,567,347,951,859,0,12,26506.8,285939,65286.3,4262303488.0,2.6,"40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216",52,109.6,619,120.4,14503.6,4.5,"64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84","16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0","4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,573,509691,43570,43398,74,47,27,0,33,3,71,0,0,0,0,315,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,71,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,56,18,0,0,74,71,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,573,509852,43570,43398,74,47,27,0,33,3,71,0,0,0,0,315,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,71,0,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,71,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,56,18,0,0,74,71,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ethernetIP.pcap.out b/test/results/flow-analyse/default/ethernetIP.pcap.out index 0b42cab75..9a7cd89de 100644 --- a/test/results/flow-analyse/default/ethernetIP.pcap.out +++ b/test/results/flow-analyse/default/ethernetIP.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,29161,6348,5528,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,29161,6348,5528,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ethersbus.pcap.out b/test/results/flow-analyse/default/ethersbus.pcap.out index d30ff8177..12053dbcf 100644 --- a/test/results/flow-analyse/default/ethersbus.pcap.out +++ b/test/results/flow-analyse/default/ethersbus.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7774,162,230,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7774,162,230,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ethersio.pcap.out b/test/results/flow-analyse/default/ethersio.pcap.out index bc9b7c01e..eeadff1e6 100644 --- a/test/results/flow-analyse/default/ethersio.pcap.out +++ b/test/results/flow-analyse/default/ethersio.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,172.23.2.27,172.23.2.15,udp,1024,6060,finished,32,0,1279888308544606,1279888311540875,1279888308544606,24,0,49,0,1543,0,0,3,96653.8,111455,18558.1,344403296.0,4.9,"96162,97433,107881,96056,97599,109902,95490,95566,98398,3,111001,95507,96493,95973,109998,96979,96994,97899,109080,95700,95853,95658,111455,95276,100124,106350,95476,95590,108907,95554,95912",52,76.2,77,4.3,18.9,5.0,"77,77,77,77,77,77,77,77,77,52,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77","1,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3.361773968,3.345603704,3.361774206,3.387748003,3.361773968,3.361774206,3.387748003,3.387748003,3.387748003,3.744090796,3.387748003,3.387748003,3.387748003,3.361773968,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.361774206,3.361774206,3.345603704,3.387748003,3.387748003",EtherSIO,363,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10140,1714,0,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10140,1714,0,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/exe_download.pcap.out b/test/results/flow-analyse/default/exe_download.pcap.out index ba1043db8..06d0a0efe 100644 --- a/test/results/flow-analyse/default/exe_download.pcap.out +++ b/test/results/flow-analyse/default/exe_download.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10759,153,13620,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,2,1,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0 +0,12,10759,153,13620,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,2,1,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/exe_download_as_png.pcap.out b/test/results/flow-analyse/default/exe_download_as_png.pcap.out index 2fbb6d9cd..8d895a76f 100644 --- a/test/results/flow-analyse/default/exe_download_as_png.pcap.out +++ b/test/results/flow-analyse/default/exe_download_as_png.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.9.25.101,185.98.87.185,tcp,49197,80,finished,11,21,1569434903040298,1569434904481632,1569434904508320,0,0,149,1460,149,25916,0,12,93850.2,613012,192589.9,37090865152.0,2.7,"400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344",40,855.0,1500,664.6,441668.3,4.4,"52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404","10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1","4.593450069,4.921897411,4.734183788,5.453228951,4.630641460,3.420540333,0.300011843,4.784183979,0.284853339,4.608477116,4.784183979,4.479417324,3.353007078,4.684184074,3.253508806,3.476947546,4.734183788,4.057516575,5.282192707,4.734183788,5.523138046,4.632616997,4.955163479,4.715311527,4.361701965,2.729017735,4.734184265,6.268059254,4.366500378,4.734183788,4.014078617,2.777677774",HTTP,7,0,Acceptable,Web,6,DPI,"4,12,47" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12801,149,88660,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,1,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,13,12801,149,88660,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,1,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/facebook.pcap.out b/test/results/flow-analyse/default/facebook.pcap.out index 2d5ae233b..061d29749 100644 --- a/test/results/flow-analyse/default/facebook.pcap.out +++ b/test/results/flow-analyse/default/facebook.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.43.18,31.13.86.36,tcp,44614,443,info,14,18,1472393123550766,1472393124118414,1472393124118402,0,0,517,1388,992,15090,0,193,36622.1,154982,57898.8,3352273664.0,3.3,"132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444",52,555.1,1440,613.3,376153.1,4.1,"60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52","10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0","0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,21546,2145,24374,2,0,2,0,1,0,2,3,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,21341,2145,24374,2,0,2,0,1,0,2,3,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/false_positives.pcapng.out b/test/results/flow-analyse/default/false_positives.pcapng.out index 0e83e6cc6..83d1ac0ca 100644 --- a/test/results/flow-analyse/default/false_positives.pcapng.out +++ b/test/results/flow-analyse/default/false_positives.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,94,48261,3200,2168,2,0,2,0,0,0,1,0,1,0,36,10,1,0,1,4,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,94,48286,3200,2168,2,0,2,0,0,0,1,0,1,0,36,10,1,0,1,4,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fastcgi.pcap.out b/test/results/flow-analyse/default/fastcgi.pcap.out index 9a698f174..1e0d5d703 100644 --- a/test/results/flow-analyse/default/fastcgi.pcap.out +++ b/test/results/flow-analyse/default/fastcgi.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.0.0.9,10.0.0.11,tcp,38254,9000,finished,16,16,1280403893598699,1280403895619664,1280403895619673,0,0,1055,1448,1095,14480,0,12,130385.1,2020143,496240.3,246254469120.0,1.0,"169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32",52,539.2,1500,672.8,452637.9,3.9,"60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.423614979,4.926749229,4.700937271,4.233195782,6.033331394,4.550921917,4.686420441,4.550921917,4.550921917,4.686420441,4.624014378,4.686420441,4.724881649,7.641661644,4.854783535,7.763941288,4.854784012,7.761142254,4.777860165,7.844599247,4.891996861,7.826266289,4.815073490,7.841456413,4.815073490,7.847429752,4.815073490,7.852382183,4.891996861,7.847055912,4.815073490,7.805794239",FastCGI,310,0,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,11422,1095,64400,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,11422,1095,64400,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fins.pcap.out b/test/results/flow-analyse/default/fins.pcap.out index 53dc87d71..f3a46e16b 100644 --- a/test/results/flow-analyse/default/fins.pcap.out +++ b/test/results/flow-analyse/default/fins.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.4.14.102,10.130.130.130,udp,58722,9600,finished,32,0,1233089082809333,1233089082810135,1233089082809333,16,0,37,0,613,0,0,22,25.9,31,1.6,2.4,5.0,"22,29,26,25,25,26,27,26,26,25,25,25,26,26,25,26,25,25,26,27,31,27,25,25,26,25,25,26,25,25,29",44,47.2,65,3.5,12.6,5.0,"46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65","31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3.966703415,3.990315914,4.006726265,4.050204754,4.015212536,4.077271938,4.033793926,4.077271938,4.093682766,4.093682766,4.093682766,4.093682766,4.050204754,4.093682766,4.093682766,4.093682766,4.093682766,4.050204277,4.077271938,4.222351551,4.000422955,3.952195406,3.979268074,4.288366795,3.913608313,3.913608313,3.913608789,3.913608313,3.837309122,4.107601166,3.918294430,3.660078049",FINS,362,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,50,28982,6659,252,3,1,2,0,1,0,3,0,0,0,12,12,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,50,28982,6659,252,3,1,2,0,1,0,3,0,0,0,12,12,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/firefox.pcap.out b/test/results/flow-analyse/default/firefox.pcap.out index 3c8b842aa..a858672ef 100644 --- a/test/results/flow-analyse/default/firefox.pcap.out +++ b/test/results/flow-analyse/default/firefox.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,57,50104,7370,44229,6,0,6,0,0,0,6,6,0,0,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,57,49612,7370,44229,6,0,6,0,0,0,6,6,0,0,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fix.pcap.out b/test/results/flow-analyse/default/fix.pcap.out index 6935a1f92..f41f5ff33 100644 --- a/test/results/flow-analyse/default/fix.pcap.out +++ b/test/results/flow-analyse/default/fix.pcap.out @@ -5,4 +5,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,208.245.107.3,192.168.0.20,tcp,4000,45584,finished,16,16,1493755109440420,1493755120254899,1493755120295550,0,0,39,87,498,173,1,168,699019.6,5507323,1280900.8,1640706605056.0,3.7,"168,500717,500699,200419,200471,184,89723,210661,340264,500679,460548,5507291,5507323,600979,600971,400442,400455,700964,700990,400404,400386,600557,600559,400806,400807,600830,600822,215,54314,45693,140268",40,63.6,127,21.9,481.2,4.9,"75,46,75,46,79,46,127,40,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,79,46,126,40,75,46","2,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1","4.945594788,4.398030758,5.188046455,4.398030758,5.199008465,4.457919598,6.476713657,4.730641365,4.962196827,4.457919598,5.241379738,4.501398087,5.161379337,4.501398087,5.025595188,4.457919598,5.052261829,4.457919598,5.214713573,4.457919598,5.224778175,4.501398087,5.241379738,4.457919598,5.025595188,4.501398087,5.249641418,4.501398087,6.379781723,4.730641365,4.998929024,4.457919598",FIX,230,0,Safe,RPC,6,DPI,"" 1,ip4,8.17.22.31,192.168.0.20,tcp,4000,40918,finished,16,16,1493755110328857,1493755130974521,1493755130974683,0,0,81,85,651,170,1,110,1331983.5,4175061,1132458.4,1282462056448.0,4.4,"110,1093319,1093395,599016,598995,1546128,1546141,239,22763,2072709,2137804,913298,870712,442005,442027,3366066,3366054,1195438,1195405,437653,437695,1550229,1550211,211,22417,1711389,1774342,1498173,1457475,4175061,4175010",52,77.7,137,28.5,811.2,4.9,"91,52,112,52,91,52,91,52,137,52,91,52,91,52,112,52,91,52,112,52,91,52,91,52,137,52,91,52,133,52,91,52","2,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1","5.567693233,5.103910923,5.539355278,5.053297043,5.492160797,5.118427753,5.446647644,5.118427753,6.341468334,5.115703106,5.351537228,5.171406269,5.539231300,5.171406746,5.445882797,5.171406746,5.442563534,5.118428230,5.588550091,5.209868431,5.417931080,5.209867954,5.425766945,5.132945061,6.498472691,5.168681622,5.496372223,5.094483376,5.470992565,5.171406269,5.501759529,5.171406746",FIX,230,0,Safe,RPC,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,104,80958,34736,2850,12,0,12,0,5,0,12,0,0,0,0,60,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,12,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,104,80958,34736,2850,12,0,12,0,5,0,12,0,0,0,0,60,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,12,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fix2.pcap.out b/test/results/flow-analyse/default/fix2.pcap.out index 06555d943..2996f3a21 100644 --- a/test/results/flow-analyse/default/fix2.pcap.out +++ b/test/results/flow-analyse/default/fix2.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.101.0.2,10.102.0.2,tcp,34962,1024,finished,14,18,1614758889588862,1614758889589960,1614758889589962,0,0,106,120,669,911,0,0,70.9,652,159.2,25335.5,3.1,"641,652,12,92,71,9,33,29,203,208,31,32,5,2,23,28,2,2,8,8,11,13,25,23,5,0,4,9,5,7,5",46,92.6,160,46.7,2179.9,4.8,"48,48,46,125,48,46,133,130,46,138,130,138,132,46,46,133,46,46,46,138,46,160,143,160,46,46,46,46,143,133,146,138","7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,1,1,0,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1","3.876627445,4.502165794,3.795586109,5.147858620,4.543832302,3.752108097,5.214525223,5.327383041,4.032184124,5.397408485,5.326416016,5.390491009,5.234700680,4.032184124,4.032184124,5.214525223,3.795585871,4.032184601,3.795585871,5.411900997,3.795585871,5.292957783,5.260262489,5.336493969,3.795586109,4.032184124,3.988706112,4.032184124,5.260262489,5.196290016,5.370437145,5.404983521",FIX,230,0,Safe,RPC,6,DPI,"" 1,ip4,10.101.0.2,10.102.0.9,tcp,34963,1024,finished,14,18,1614758889589020,1614758889590049,1614758889590048,0,0,106,120,762,801,0,0,66.4,570,137.8,18986.0,3.3,"568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,0,12,37,4,6,27,0,25",46,92.0,160,46.1,2122.5,4.8,"48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46","6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0","3.944233894,4.517892838,3.795586348,5.115859032,5.169412613,5.333189964,5.351288795,4.517892838,3.795586109,5.341800690,4.032184601,4.032184124,5.369617462,5.205471516,4.075662613,5.190125942,3.839064360,5.365781307,3.839064360,5.331775665,5.255437374,5.190015793,5.411532879,4.075662613,4.075662613,4.075662613,5.397834301,5.453368664,5.342391014,4.075662136,4.075662613,3.839064121",FIX,230,0,Safe,RPC,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,17539,24259,43697,2,2,0,0,2,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,17539,24259,43697,2,2,0,0,2,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/flute.pcapng.out b/test/results/flow-analyse/default/flute.pcapng.out index 8e782e5f7..eb2a9d9af 100644 --- a/test/results/flow-analyse/default/flute.pcapng.out +++ b/test/results/flow-analyse/default/flute.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,8679,1179,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,8679,1179,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/forticlient.pcap.out b/test/results/flow-analyse/default/forticlient.pcap.out index 4d9b36588..455106a7b 100644 --- a/test/results/flow-analyse/default/forticlient.pcap.out +++ b/test/results/flow-analyse/default/forticlient.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.178,82.81.46.13,tcp,61820,10443,info,19,13,1621067209199710,1621067210297694,1621067210301240,0,0,530,1440,1845,4568,0,39,70952.1,495036,111597.5,12454002688.0,3.7,"62553,62662,2345,64550,19935,1929,84016,11197,85323,74192,429584,495036,65428,84550,160241,75696,71555,6274,142878,591,65604,251,221,2934,4011,39,64164,57249,427,3990,89",52,253.0,1492,343.0,117623.0,4.1,"64,60,52,365,52,1492,1033,52,210,294,52,582,827,52,348,923,52,343,99,52,99,52,99,52,99,117,103,99,52,99,111,111","9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1","4.410132408,5.346732616,5.038779736,6.080028534,5.156889915,7.061070919,7.727006912,5.115703106,6.685589790,7.192217827,5.038779736,7.622327805,7.737955093,5.115703106,7.355971813,7.761943817,5.077241421,7.386271954,5.969920158,5.233812809,6.092373371,5.154164791,6.132777691,5.070539474,6.022900581,6.156826973,6.011271954,6.160604477,5.115703106,6.070930004,6.207380772,6.322289944",TLS.FortiClient,91.259,1,Safe,VPN,5,DPI (cache),"5,15" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,54,54561,73125,225634,5,4,1,0,1,0,5,10,0,5,0,25,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,5,0,0,0,0,0,0,0,0,0,0,4,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,10,10,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,15,0,0,0,0,0,0,2,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,54,53946,73125,225634,5,4,1,0,1,0,5,10,0,5,0,25,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,5,0,0,0,0,0,0,0,0,0,0,4,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,10,10,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,15,0,0,0,0,0,0,2,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ftp-start-tls.pcap.out b/test/results/flow-analyse/default/ftp-start-tls.pcap.out index 2111fd11e..a462962da 100644 --- a/test/results/flow-analyse/default/ftp-start-tls.pcap.out +++ b/test/results/flow-analyse/default/ftp-start-tls.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.238.26.36,10.220.50.76,tcp,62092,21,info,9,23,1383123629078448,1383123629152654,1383123629153383,0,0,330,512,609,3206,0,2,4811.0,40376,9556.7,91331016.0,3.2,"415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203",46,160.9,552,164.2,26956.4,4.4,"46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130","4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1","4.174477577,4.816402912,4.816402912,4.390829086,5.377844810,5.377844810,4.955727100,4.347350597,4.347350597,5.319664001,5.319664001,5.167058468,4.434307098,4.434307098,6.822389126,7.154568672,6.962697506,6.822389126,7.151652813,6.962697029,4.544876099,7.242094517,5.879006863,5.879006863,5.747309208,6.191079140,6.207472801,5.766408920,6.279234409,6.279234409,5.962334156,6.287871361",FTPS.Huawei,311.398,1,Acceptable,Web,6,DPI,"8,15,22,24" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,15182,856,3834,1,0,1,0,1,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,15182,856,3834,1,0,1,0,1,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ftp.pcap.out b/test/results/flow-analyse/default/ftp.pcap.out index d71021c95..4dc2967c9 100644 --- a/test/results/flow-analyse/default/ftp.pcap.out +++ b/test/results/flow-analyse/default/ftp.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.212,90.130.70.73,tcp,50694,21,finished,18,14,1552590234892296,1552590235175924,1552590235202548,0,0,30,241,86,532,0,6,19157.4,90047,20644.4,426190272.0,4.1,"27412,27520,29008,29012,526,27660,315,27401,217,69061,21193,90047,306,27070,21,26780,133,26972,64,26857,6,275,27478,27261,90,29,651,27147,26517,90,26761",52,71.9,293,42.7,1824.0,4.8,"64,60,52,72,52,68,52,86,52,65,52,75,52,57,52,86,52,58,67,117,52,52,63,96,52,293,52,82,74,52,57,86","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1","4.219557285,5.306893826,4.854784012,5.580945969,4.891996861,5.392103672,5.192626476,5.723867416,4.853535175,5.160228252,5.115703106,5.653334618,4.853535175,5.038432598,5.038779736,5.595732212,4.829590797,5.029721737,5.522709370,5.304079056,4.891996861,4.891996861,5.214752197,5.731670380,4.891996861,5.029207230,4.891996861,5.558178902,5.555310249,4.891996861,5.073520184,5.687595367",FTP_CONTROL,1,0,Unsafe,Download,6,DPI,"22,36" 1,ip4,192.168.1.212,90.130.70.73,tcp,50696,24523,info,13,19,1552590241545143,1552590241637688,1552590241639633,0,0,0,1440,0,24480,0,2,6033.4,29579,11108.9,123407192.0,3.1,"28770,28814,29579,29566,281,284,597,608,340,458,790,363,375,64,327,2,379,43,300,27513,27767,195,211,1702,115,4,1805,1866,1903,218,1796",52,818.0,1492,717.5,514855.0,4.3,"64,60,52,1492,64,1492,52,1492,52,1492,1492,52,1492,52,1492,1492,1492,52,52,1492,1492,52,1492,52,1492,1492,52,52,1492,52,1492,1492","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0","0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1","4.309056282,5.300120831,4.882569313,0.368800014,5.022979736,0.368800014,4.955154896,0.368800014,4.829590797,0.368800014,0.368800014,4.916693211,0.368800014,4.829590797,0.368800014,0.368800014,0.367459536,4.916693211,4.829590797,0.367459506,0.360797286,4.878231525,0.368800014,4.829590797,0.367459536,0.367459536,5.171406746,4.955154896,0.367459536,4.829590797,0.367459536,0.368800014",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,27041,174,111534,3,2,1,0,2,0,2,0,1,1,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,1,0,0,0,0,3,0,0,3,0,0,0,3,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,27041,174,111534,3,2,1,0,2,0,2,0,1,1,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,1,0,0,0,0,3,0,0,3,0,0,0,3,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ftp_failed.pcap.out b/test/results/flow-analyse/default/ftp_failed.pcap.out index 7a3bc5838..897a653d4 100644 --- a/test/results/flow-analyse/default/ftp_failed.pcap.out +++ b/test/results/flow-analyse/default/ftp_failed.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8572,24,112,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8572,24,112,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-analyse/default/fuzz-2006-06-26-2594.pcap.out index efb28b170..7f7ab1e61 100644 --- a/test/results/flow-analyse/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-analyse/default/fuzz-2006-06-26-2594.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.2,192.168.1.255,udp,137,137,finished,32,0,1120469540839312,1120470161396896,1120469540839312,42,0,50,0,1592,0,0,741823,20017986.0,47494748,22627942.0,512023754440704.0,3.9,"746308,47494748,744583,751092,46512252,745680,46548540,1500555,45837567,749435,751083,46756478,741823,751085,45987992,749213,47479804,47268139,749384,47257959,751080,46297871,749788,46627979,750158,751078,45907667,749430,751084,46347688,750041",78,78.0,78,0.0,0.0,5.0,"78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.275660515,4.184385777,4.229382992,4.337641239,4.229382992,4.245346546,4.229382992,4.275660515,4.299727440,4.275660515,4.292109013,4.275660515,4.337901115,4.229382992,4.229382992,4.203742027,4.250019550,4.178100586,4.229382992,4.255024433,4.194064140,4.238767147,4.229382992,4.325850487,4.194064140,4.194064140,4.264408588,4.321938515,4.255024433,4.256044388,4.229382992,3.185813189",NetBIOS,10,0,Acceptable,System,6,DPI,"" 1,ip4,212.242.33.35,192.168.1.2,udp,5060,5060,finished,10,22,1120469572981006,1120470268128176,1120470473529233,306,0,593,1076,4595,6254,0,25935,51474044.0,279041814,59389388.0,3527099352612864.0,4.2,"17474795,107207461,89874891,17280679,167478647,167525220,17335822,73902652,91241081,17333170,25935,17724998,29031776,29092737,68237242,29272359,29031830,29031631,29031476,18604480,279041814,227102,15287489,17115049,32679444,257340,76383084,29031077,58063525,24495477,17375114",33,367.0,1104,296.2,87757.2,4.4,"514,374,495,514,708,514,708,519,514,708,334,498,33,33,33,33,33,33,33,33,853,621,368,33,1104,473,363,33,33,33,466,701","0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1","5.828991890,5.782027245,5.782989502,5.772095203,5.761000156,1.504078388,3.362369776,2.947608709,5.765282631,4.114200115,5.769235611,3.191431999,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,5.808829308,5.790666103,5.744666100,4.098355293,1.549071550,5.804477692,4.601107121,4.098355293,4.037749290,4.098355293,3.348246098,2.334293365",SIP,100,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,2134,1916935,44774,16036,257,2,255,666,2,28,190,105,39,86,79,427,1,0,1,3,0,6,0,0,35,0,0,0,37,0,0,0,1,0,0,0,0,176,81,0,186,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0,0,156,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,190,0,0,0,0,0,120,1,51,0,0,0,0,257,0,0,23,224,0,10,257,190,28,39,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,0,2,0,0,82,0,0,0,0,0,0,0,0,0,0 +0,2134,1917039,44774,16036,257,2,255,666,2,28,190,105,39,84,79,427,1,0,1,3,0,6,0,0,35,0,0,0,37,0,0,0,1,0,0,0,0,176,81,0,186,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0,0,156,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,190,0,0,0,0,0,118,1,51,0,0,0,0,257,0,0,23,224,0,10,257,190,28,39,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,0,2,0,0,82,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out index 686134ff8..b43fc3bbd 100644 --- a/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/flow-analyse/default/fuzz-2006-09-29-28586.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,219,193065,14756,10874,39,12,27,0,0,22,13,1,4,12,8,82,1,0,1,1,0,2,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,34,5,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,10,1,0,0,0,39,0,0,37,0,0,2,39,13,22,4,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,219,193172,14756,10874,39,12,27,0,0,22,13,1,4,12,8,82,1,0,1,1,0,2,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,34,5,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,10,1,0,0,0,39,0,0,37,0,0,2,39,13,22,4,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-analyse/default/fuzz-2020-02-16-11740.pcap.out index ec297ab11..86fc34ed9 100644 --- a/test/results/flow-analyse/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/flow-analyse/default/fuzz-2020-02-16-11740.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.12.64.30,198.226.25.53,udp,29200,1812,finished,18,14,1528996068129675,1528997019398709,1528997011828903,655,0,703,276,12258,2595,0,155168,61128012.0,612411195,140850256.0,19838793242640384.0,2.7,"155168,452627740,595449,114837328,612411195,44261470,205164,4046522,4037802,201918,4553249,187053,43562433,202627,48502104,3244519,3442366,3335821,3536360,209147,201397,255983176,256164296,599645,6262990,492548,7309633,8000538,8015324,522347,7260933",165,492.2,731,248.2,61618.1,4.8,"683,243,225,304,225,731,165,683,165,683,192,731,683,731,683,192,165,683,731,165,683,192,731,225,711,731,711,304,731,225,711,731","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0","6.047428131,2.762376308,6.336006641,6.922207832,6.356189251,5.597228050,5.971614838,6.076896191,5.962701321,0.885235786,6.148619175,6.046576977,6.067515373,2.928206921,4.093657970,6.062733173,5.981721401,6.049886227,6.077444077,5.974218369,5.025151253,6.080809116,6.063514709,6.407587528,5.992080212,6.077442646,5.517450333,6.840845585,6.115455151,6.520883560,5.811926842,4.154052258",Radius,146,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,615,550013,109463,20335,79,0,79,133,1,3,57,0,19,0,65,107,1,0,1,5,0,11,0,0,27,0,0,0,27,0,0,0,0,0,0,0,0,22,57,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,72,0,7,79,57,3,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,615,550013,109463,20335,79,0,79,133,1,3,57,0,19,0,65,107,1,0,1,5,0,11,0,0,27,0,0,0,27,0,0,0,0,0,0,0,0,22,57,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,72,0,7,79,57,3,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/flow-analyse/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index 8ea5b88ea..9bbe2b326 100644 --- a/test/results/flow-analyse/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/flow-analyse/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,3868,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,3868,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/fuzz-2021-10-13.pcap.out b/test/results/flow-analyse/default/fuzz-2021-10-13.pcap.out index 22c3a5b17..dc092195e 100644 --- a/test/results/flow-analyse/default/fuzz-2021-10-13.pcap.out +++ b/test/results/flow-analyse/default/fuzz-2021-10-13.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,5,3231,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,5,3231,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out b/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out index 7af400590..cbe39ef46 100644 --- a/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/flow-analyse/default/gaijin_mobile_mixed.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,25730,1542,8296,3,0,3,0,0,0,3,2,0,1,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,3,0,0,2,1,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,25566,1542,8296,3,0,3,0,0,0,3,2,0,1,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,3,0,0,2,1,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gaijin_warthunder.pcap.out b/test/results/flow-analyse/default/gaijin_warthunder.pcap.out index 694fa4527..d641c7d25 100644 --- a/test/results/flow-analyse/default/gaijin_warthunder.pcap.out +++ b/test/results/flow-analyse/default/gaijin_warthunder.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,14703,887,58,2,0,2,0,0,0,2,0,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,14703,887,58,2,0,2,0,0,0,2,0,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gearman.pcap.out b/test/results/flow-analyse/default/gearman.pcap.out index c60a4dc25..0e184b23e 100644 --- a/test/results/flow-analyse/default/gearman.pcap.out +++ b/test/results/flow-analyse/default/gearman.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7749,26,12,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7749,26,12,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/geforcenow.pcapng.out b/test/results/flow-analyse/default/geforcenow.pcapng.out index 37837d256..5bf301423 100644 --- a/test/results/flow-analyse/default/geforcenow.pcapng.out +++ b/test/results/flow-analyse/default/geforcenow.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.245,80.84.167.206,tcp,57490,49100,info,15,17,1684671871380890,1684671871611894,1684671871611894,0,0,669,2896,1367,31825,0,0,14903.5,47333,17676.6,312463360.0,3.9,"41203,41243,226,42731,42519,54,16,5947,47333,41968,42407,0,41955,155,4158,2454,15862,0,0,41,9328,25186,0,25245,4217,4258,11750,11667,45,20,20",52,1089.8,2948,1283.5,1647314.5,4.0,"60,60,52,569,2948,52,575,52,145,326,721,324,235,52,217,96,96,2948,2948,2948,1500,52,2948,2948,52,2948,52,2948,52,2948,52,2948","10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10","0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1","4.825882912,5.279368877,5.207947731,4.797474861,7.333730698,5.169486046,7.591311932,5.169486046,6.138707161,7.168643475,7.677440643,7.274022579,6.973204136,5.207947731,6.943279743,5.763498783,5.664438248,7.941471577,7.933756351,7.935662746,7.862148762,5.207947731,7.936669827,7.942846298,5.207947731,7.941987514,5.169486046,7.928585052,5.270353794,7.943464279,5.217375278,7.941396713",TLS.GeForceNow,91.341,1,Fun,Game,6,DPI,"5" 1,ip4,192.168.1.245,80.84.167.206,udp,52441,18452,finished,16,16,1684671871710618,1684671872714424,1684671872714517,45,0,540,661,2076,2033,0,0,64764.7,689508,136017.0,18500616192.0,3.2,"66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261",53,156.4,689,133.9,17933.5,4.7,"124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105","0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1","5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956",DTLS.GeForceNow,30.341,1,Fun,Game,6,DPI,"32" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,32579,9542,53610,2,0,2,0,2,0,2,6,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,6,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,27,32474,9542,53610,2,0,2,0,2,0,2,6,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,6,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/genshin-impact.pcap.out b/test/results/flow-analyse/default/genshin-impact.pcap.out index e45efd8e0..e19ff834f 100644 --- a/test/results/flow-analyse/default/genshin-impact.pcap.out +++ b/test/results/flow-analyse/default/genshin-impact.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,56,41310,8247,5700,6,0,6,0,0,0,6,0,0,2,0,30,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,2,0,0,0,0,0,6,0,0,3,3,0,0,6,6,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,56,41310,8247,5700,6,0,6,0,0,0,6,0,0,2,0,30,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,2,0,0,0,0,0,6,0,0,3,3,0,0,6,6,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/git.pcap.out b/test/results/flow-analyse/default/git.pcap.out index 7ab58aa8e..405fb02a0 100644 --- a/test/results/flow-analyse/default/git.pcap.out +++ b/test/results/flow-analyse/default/git.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.77,5.153.231.21,tcp,47991,9418,finished,13,19,1460821630164056,1460821630544728,1460821630545903,0,0,527,2880,605,19825,0,29,24597.4,99851,28614.0,818762240.0,3.8,"57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651",52,690.9,2932,773.9,598945.8,4.1,"60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1","0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1","4.739262104,5.279368877,5.115703106,5.628006458,5.195351124,5.731617451,5.115702629,4.962421417,5.154164791,5.045848370,5.195351601,5.288749218,5.233812809,5.389901161,4.890160084,5.154164791,6.262699604,7.849300385,5.154164791,7.861139297,7.866855145,5.154164791,7.887691021,5.024262905,7.851975918,7.853373528,5.154164791,7.871936798,7.800623894,5.115703106,7.834641933,7.837094784",Git,226,0,Safe,Collaborative,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10025,605,67444,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10025,605,67444,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gnutella.pcap.out b/test/results/flow-analyse/default/gnutella.pcap.out index 4d89be934..657e39740 100644 --- a/test/results/flow-analyse/default/gnutella.pcap.out +++ b/test/results/flow-analyse/default/gnutella.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.2.15,109.214.154.216,tcp,50248,6346,finished,14,18,71205274,117002547,132821508,0,0,304,1024,705,2420,0,1091,3464951.8,22684647,6255594.5,39132462055424.0,3.3,"399865,400165,2576,3065,879170,880284,1091,343284,15848,359592,3003,2180,5087,145122,145627,10048654,10048652,469496,2676,472723,3557750,3604090,6175326,6222212,413766,464528,22633783,22684647,605343,604983,15818919",40,138.2,1064,217.4,47264.8,4.0,"52,44,40,344,40,323,143,40,118,762,40,53,58,40,149,40,104,40,1064,45,40,122,40,70,40,213,40,52,40,123,40,62","9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1","4.638531685,4.760457039,4.611769199,5.768550396,4.503056526,5.575543404,5.615631580,4.553056717,5.640929699,7.709812641,4.680641174,4.708038807,4.874885082,4.592897415,6.317804813,4.453056812,5.923436165,4.453056812,7.776337624,4.335103989,4.830641270,6.163827896,4.780641556,5.454720020,4.621928692,6.573338509,4.730640888,4.776329994,4.621928692,6.159438610,4.571928978,4.925578117",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" 1,ip4,10.0.2.15,86.208.180.181,tcp,50249,45883,finished,16,16,71205609,187576304,187064352,0,0,303,1065,713,3012,0,276,7491272.5,55455380,14262251.0,203411798622208.0,3.2,"106993,107336,276,805,178388,179820,1439,41004,98031,375723,432936,10046845,10046768,42293,94463,6595038,6594815,3591919,3643921,39217,93460,24009088,24063297,605105,604823,14641110,23768,14665256,55396943,55455380,453178",40,156.9,1105,244.6,59812.5,4.0,"52,44,40,343,40,323,143,40,912,40,149,40,104,40,1105,40,200,40,70,40,189,40,52,40,123,40,64,489,40,50,40,49","11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0","4.624014378,4.624093533,4.730641365,5.758390427,4.553056717,5.558244705,5.696007252,4.621928692,7.730160713,4.830641270,6.349717140,4.521929264,5.981128693,4.571928978,7.767892838,4.780641556,6.727245331,4.730641365,5.454720020,4.603056908,6.642654419,4.780641079,4.853253365,4.671928883,6.256999493,4.671928883,5.061660290,7.508594036,4.830641270,4.642780781,4.780641556,4.618614674",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,6866,5760854,149308,234286,801,66,735,2519,6,1,401,5,399,363,1,1928,1,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,405,396,1,42,0,0,356,0,2,0,0,0,0,0,0,0,1,0,356,0,0,0,0,0,0,32,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,401,0,0,0,0,0,369,6,0,0,0,0,0,787,14,0,137,653,5,6,801,401,1,399,0,0,0,0,0,7,1,0,0,1,0,0,5,0,0,2,0,0,0,0,0,0,360,0,2,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,6866,5759483,149308,234286,801,66,735,2519,6,1,401,5,399,361,1,1928,1,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,405,396,1,42,0,0,356,0,2,0,0,0,0,0,0,0,1,0,356,0,0,0,0,0,0,32,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,401,0,0,0,0,0,364,8,0,0,0,0,0,787,14,0,137,653,5,6,801,401,1,399,0,0,0,0,0,7,1,0,0,1,0,0,5,0,0,2,0,0,0,0,0,0,358,0,2,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0 diff --git a/test/results/flow-analyse/default/google_chat.pcapng.out b/test/results/flow-analyse/default/google_chat.pcapng.out index d12095364..d6b1726cf 100644 --- a/test/results/flow-analyse/default/google_chat.pcapng.out +++ b/test/results/flow-analyse/default/google_chat.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10429,663,2800,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10347,663,2800,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/google_meet.pcapng.out b/test/results/flow-analyse/default/google_meet.pcapng.out index 696dd45fd..73370c27b 100644 --- a/test/results/flow-analyse/default/google_meet.pcapng.out +++ b/test/results/flow-analyse/default/google_meet.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,22885,1824,6400,2,0,2,0,0,0,2,1,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,22762,1824,6400,2,0,2,0,0,0,2,1,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/google_ssl.pcap.out b/test/results/flow-analyse/default/google_ssl.pcap.out index 07b3546cb..bc40aa856 100644 --- a/test/results/flow-analyse/default/google_ssl.pcap.out +++ b/test/results/flow-analyse/default/google_ssl.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7740,644,6924,1,1,0,0,0,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7740,644,6924,1,1,0,0,0,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/googledns_android10.pcap.out b/test/results/flow-analyse/default/googledns_android10.pcap.out index 6af715c6a..cfda64079 100644 --- a/test/results/flow-analyse/default/googledns_android10.pcap.out +++ b/test/results/flow-analyse/default/googledns_android10.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.159,8.8.4.4,tcp,48098,853,info,16,16,1592552878549677,1592552881411235,1592552881429656,0,0,517,499,1522,3141,0,79,185210.9,1253719,341703.1,116761001984.0,3.2,"12746,14119,899,14919,79,14194,1137,19603,19131,13753,1318,58447,651251,714961,3808,23304,1234142,1253719,12532,32716,484043,503710,3783,30780,265369,292430,20267,12603,11759,7400,12615",52,198.2,569,197.9,39161.3,4.4,"60,60,52,569,52,199,52,103,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,211,551,52,52,551","8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1","4.235814571,4.852156162,4.801308155,6.238618374,4.739399433,6.089945793,4.839769840,5.473562241,4.801805496,6.831297874,4.671903133,7.530720711,4.839769840,6.775491714,4.763343334,7.509344101,4.801308155,6.680355549,4.891996861,7.580490112,4.947339535,6.744199276,4.770353794,7.577538013,4.860989094,6.758264065,4.878231525,6.768933296,7.616032600,4.884933472,4.916693211,7.554844856",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"15" 1,ip4,192.168.1.159,8.8.4.4,tcp,48210,853,info,16,16,1592553007037028,1592553013061132,1592553013091250,0,0,159,1418,1042,5862,0,78,389623.4,5703762,1387530.2,1925240193024.0,1.5,"14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586",52,268.2,1470,356.7,127227.7,4.1,"60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551","9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1","4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"15" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,77,72230,21058,76784,8,6,2,2,3,2,6,9,0,6,0,36,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,15,0,0,0,0,0,0,8,0,0,7,0,1,0,8,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,77,71656,21058,76784,8,6,2,2,3,2,6,9,0,6,0,36,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,15,0,0,0,0,0,0,8,0,0,7,0,1,0,8,6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gquic.pcap.out b/test/results/flow-analyse/default/gquic.pcap.out index 59455179b..5827f6048 100644 --- a/test/results/flow-analyse/default/gquic.pcap.out +++ b/test/results/flow-analyse/default/gquic.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,7567,1350,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,7497,1350,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gquic_only_from_server.pcap.out b/test/results/flow-analyse/default/gquic_only_from_server.pcap.out index 498b5bdc0..53c08a76c 100644 --- a/test/results/flow-analyse/default/gquic_only_from_server.pcap.out +++ b/test/results/flow-analyse/default/gquic_only_from_server.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15325,38360,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,15325,38360,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gre.pcapng.out b/test/results/flow-analyse/default/gre.pcapng.out index 9846434e4..7075450dc 100644 --- a/test/results/flow-analyse/default/gre.pcapng.out +++ b/test/results/flow-analyse/default/gre.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5932,346,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5932,346,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gtp_c.pcap.out b/test/results/flow-analyse/default/gtp_c.pcap.out index 36cdc1234..2401cb1d9 100644 --- a/test/results/flow-analyse/default/gtp_c.pcap.out +++ b/test/results/flow-analyse/default/gtp_c.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,7778,281,235,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,7778,281,235,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gtp_false_positive.pcapng.out b/test/results/flow-analyse/default/gtp_false_positive.pcapng.out index 47398b7ef..29000351a 100644 --- a/test/results/flow-analyse/default/gtp_false_positive.pcapng.out +++ b/test/results/flow-analyse/default/gtp_false_positive.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,22,17422,552,0,3,0,3,1,0,2,0,0,1,0,0,7,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,22,17422,552,0,3,0,3,1,0,2,0,0,1,0,0,7,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/gtp_prime.pcapng.out b/test/results/flow-analyse/default/gtp_prime.pcapng.out index b2307b597..92e184070 100644 --- a/test/results/flow-analyse/default/gtp_prime.pcapng.out +++ b/test/results/flow-analyse/default/gtp_prime.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,5,3340,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,5,3340,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/h323-overflow.pcap.out b/test/results/flow-analyse/default/h323-overflow.pcap.out index c2475bd10..397cd9331 100644 --- a/test/results/flow-analyse/default/h323-overflow.pcap.out +++ b/test/results/flow-analyse/default/h323-overflow.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5533,4,0,1,0,1,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5533,4,0,1,0,1,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/h323.pcap.out b/test/results/flow-analyse/default/h323.pcap.out index a589fbe70..9e5587853 100644 --- a/test/results/flow-analyse/default/h323.pcap.out +++ b/test/results/flow-analyse/default/h323.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,52,40041,2279,1712,6,0,6,1,0,0,6,0,0,1,0,27,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,1,0,0,0,0,0,6,0,0,4,2,0,0,6,6,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,52,40041,2279,1712,6,0,6,1,0,0,6,0,0,1,0,27,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,1,0,0,0,0,0,6,0,0,4,2,0,0,6,6,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/haproxy.pcap.out b/test/results/flow-analyse/default/haproxy.pcap.out index ca8322636..59324e715 100644 --- a/test/results/flow-analyse/default/haproxy.pcap.out +++ b/test/results/flow-analyse/default/haproxy.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,6171,309,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,6171,309,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hart_ip.pcap.out b/test/results/flow-analyse/default/hart_ip.pcap.out index ffff20784..aed56e1e9 100644 --- a/test/results/flow-analyse/default/hart_ip.pcap.out +++ b/test/results/flow-analyse/default/hart_ip.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.101,192.168.0.10,tcp,49559,5094,finished,21,11,1332170006682110,1332170007146558,1332170007098164,0,0,21,56,166,334,0,59,28403.3,52597,22842.4,521776032.0,4.4,"489,627,59,529,6562,7047,40729,44414,3850,48099,52597,4443,47632,51742,4204,47700,52126,4397,47740,52168,4255,47572,51280,3765,48303,52080,3816,48308,52067,3681,48221",40,56.6,96,16.0,257.1,4.9,"52,52,40,53,46,53,40,53,77,40,57,64,40,57,67,40,57,83,40,61,96,40,57,83,40,57,80,40,57,91,40,57","21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.554988384,4.685171604,4.571928501,4.471253872,4.260393620,4.480643749,4.571928501,4.395782471,4.769082069,4.571928501,4.510816574,4.597632408,4.408695698,4.629323483,4.652498245,4.571928501,4.559147835,4.455029011,4.521928310,4.707731247,4.663179398,4.521928787,4.664411545,5.564157963,4.571928501,4.664411545,3.902866364,4.571928501,4.664412022,4.235816956,4.571928501,4.651167870",HART-IP,72,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,18629,581,555,3,1,2,0,1,0,3,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,18629,581,555,3,1,2,0,1,0,3,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out index 208104bff..e4bc18b62 100644 --- a/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/flow-analyse/default/heuristic_tcp_ack_payload.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,194.226.199.103,217.69.139.59,tcp,62580,443,info,18,14,1682070088015038,1682070095281485,1682070089825216,0,0,569,2843,1472,9558,0,0,292794.3,5455602,1016505.8,1033283960832.0,1.7,"0,10465,0,1548808,0,1559948,0,2544,0,14096,0,4417,0,92,0,17069,0,11,0,4686,0,18454,0,216157,0,213846,0,10430,0,5455602,0",42,385.9,2883,734.4,539373.9,3.4,"52,52,46,46,46,46,42,42,609,609,46,46,1450,1450,2883,2883,42,42,42,42,166,166,298,298,42,42,298,298,42,42,71,71","14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2","0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0","4.540081024,4.540081024,4.772925377,4.772925377,4.772925377,4.772925377,4.829184532,4.829184532,7.086583614,7.086583614,4.565871716,4.565871716,7.215152740,7.215152740,7.539601803,7.539601803,4.715973377,4.715973377,4.733946800,4.733946800,6.348270416,6.348270416,7.138381004,7.138381004,4.781565666,4.781565666,7.126602650,7.126602650,4.733946800,4.733946800,5.169243813,5.169243813",,,,,,,,"" 1,ip4,194.226.199.61,2.22.40.186,tcp,6946,443,info,14,18,1682070122465460,1682070127475501,1682070127468714,0,0,1460,2920,3416,10610,0,1,323009.5,2634777,687597.7,472790597632.0,2.8,"9842,15325,2065171,1798,114,2048180,1988,1777,823,1,2161,39414,217233,215957,433218,854700,2634777,793,114791,2391,133538,311,1201538,215,30,1,210,55,15686,389,868",42,481.7,2960,697.2,486142.7,3.8,"52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673","8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1","0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0","4.767184734,4.961856842,4.961856842,4.767184734,4.617807865,6.804517746,4.961856842,4.961856842,4.565872192,7.936507702,7.812016487,7.865312576,4.834680557,5.055958748,7.863229275,7.863562107,7.864302158,4.873142242,4.834680557,4.725648880,4.773267746,6.283937454,6.596406460,4.609350204,7.253105640,7.293287277,4.609350204,6.180341721,5.790450096,7.859360218,7.630677700,7.711422920",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,57,47842,14860,81741,6,5,1,0,4,6,0,0,0,0,0,30,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,57,47842,14860,81741,6,5,1,0,4,6,0,0,0,0,0,30,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hislip.pcap.out b/test/results/flow-analyse/default/hislip.pcap.out index 413f5aa43..029b044ed 100644 --- a/test/results/flow-analyse/default/hislip.pcap.out +++ b/test/results/flow-analyse/default/hislip.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.64.0.127,10.64.0.72,tcp,51055,4880,finished,19,13,1395235022698475,1395235189368494,1395235189368700,0,0,26,41,195,208,0,172,10752911.0,30224299,11913816.0,141939022233600.0,4.0,"245,363,15354,15637,202654,30224299,30021867,21890463,21890725,221333,2690180,2911516,172,434,30016519,30016515,22101315,22101636,211148,5004629,5215774,205595,30216128,30010867,15065087,15272489,6292463,6085327,219281,2500471,2719758",40,55.1,81,11.5,131.2,5.0,"52,52,40,63,56,40,46,52,66,69,40,66,56,81,40,46,52,66,69,40,66,69,40,46,52,56,46,66,69,40,66,56","19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1","4.247216702,4.772274017,4.153702736,4.327305794,3.946276665,4.153702736,4.071110249,4.188837051,4.350000858,4.564953327,4.203702450,4.496242523,4.204648972,5.077324390,4.203702450,4.071110249,4.219791889,4.496243000,4.644472599,4.153702259,4.489754677,4.615487099,4.203702450,4.011221409,4.282197952,4.140867233,4.071110249,4.406847000,4.650129795,4.203702450,4.397905827,4.182415009",HiSLIP,372,0,Acceptable,IoT-Scada,6,DPI,"" 1,ip4,10.64.0.127,10.64.0.72,tcp,51053,4880,finished,18,14,1395234992923478,1395235216038558,1395235216038493,0,0,26,63,123,228,0,181,14394519.0,30237001,13485121.0,181848479105024.0,4.1,"244,360,10820,11109,202661,4710669,4913387,218770,8156706,8375451,205,492,7975375,7975670,215748,30237001,30021528,30014758,30014761,29999078,29999082,21560664,21560964,181,468,30013098,30013102,30014666,30014661,29999203,29999213",40,54.9,103,14.0,195.0,5.0,"52,52,40,63,56,40,62,103,40,66,56,81,40,66,69,40,46,52,46,52,46,52,66,56,81,40,46,52,46,52,46,52","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0","4.208755016,4.825252533,4.272574425,4.371034145,4.066899776,4.272574425,4.273222923,5.284747601,4.051712990,4.490328312,4.289557934,5.102015972,4.172574520,4.544446468,4.669953823,4.101713181,3.885338783,4.203743458,3.928816795,4.203743458,3.928816795,4.203743458,4.355523586,4.253843784,5.102015972,4.222574711,4.130999565,4.349692822,4.130999565,4.349692822,4.087521076,4.349692822",HiSLIP,372,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,39,33090,830,1033,4,4,0,0,4,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,39,33090,830,1033,4,4,0,0,4,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hl7.pcap.out b/test/results/flow-analyse/default/hl7.pcap.out index d6edd813f..e803eb3cc 100644 --- a/test/results/flow-analyse/default/hl7.pcap.out +++ b/test/results/flow-analyse/default/hl7.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8788,477,168,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,27,22628,3823,748,3,3,0,0,0,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hls.pcapng.out b/test/results/flow-analyse/default/hls.pcapng.out index deae90415..b1a4c867a 100644 --- a/test/results/flow-analyse/default/hls.pcapng.out +++ b/test/results/flow-analyse/default/hls.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8532,148,323,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8532,148,323,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hots.pcapng.out b/test/results/flow-analyse/default/hots.pcapng.out index ce1e4e2f5..b51682c69 100644 --- a/test/results/flow-analyse/default/hots.pcapng.out +++ b/test/results/flow-analyse/default/hots.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.0.73,24.105.56.13,udp,54598,3724,finished,14,18,1654637718943449,1654637719490075,1654637811243833,20,0,24,32,320,540,0,3612,2995064.8,91418317,16143814.0,260622725939200.0,0.2,"39885,24383,63734,66162,61944,34445,30828,61113,3612,33342,62853,57422,6903,91418317,63443,62525,36602,26359,63168,62882,63116,62919,63469,62673,63217,32441,30200,63038,62887,26082,37046",48,54.9,60,5.0,25.2,5.0,"52,48,52,52,52,52,48,52,48,52,52,52,48,52,60,60,60,48,60,60,60,60,60,60,60,60,48,60,60,60,48,60","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.946224213,4.767892838,4.792377472,4.869300842,4.946224213,4.946224213,4.809559822,4.869300842,4.767892838,4.907762527,4.946224213,4.907762527,4.752166748,4.946224213,4.432916641,4.366249561,4.366250038,3.700824261,4.366250038,4.432916641,4.332916737,4.399583340,4.199582577,4.302914619,4.287001610,4.366250038,3.742490768,4.353668213,4.366249561,4.399583340,3.742490768,4.366249561",Heroes_of_the_Storm,336,0,Fun,Game,6,DPI,"" 1,ip4,24.105.57.16,192.168.0.73,udp,3724,50609,finished,32,0,1654785317878340,1654785318886180,1654785317878340,20,0,122,0,2479,0,0,1113,32511.0,62822,18812.4,353907232.0,4.7,"31758,14744,16286,4737,58380,5040,58167,42440,20509,62822,16348,46993,45239,18003,62811,27060,19191,16374,50151,13098,1113,62335,31570,31017,31934,30736,13221,50259,34089,29278,62137",48,105.5,150,33.5,1124.4,4.9,"111,111,48,132,132,103,103,121,121,103,109,109,103,48,150,109,109,48,109,48,150,150,146,48,129,48,138,138,121,48,123,109","7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.727404118,5.736169815,3.659157991,5.974259377,6.029637337,5.373315811,5.410210133,5.896153450,5.877972126,5.645791054,5.660812855,5.713362217,5.521955967,3.700824261,6.180423737,5.754983425,5.770836353,3.742490768,5.748058796,3.700824261,6.267391682,6.252244949,6.277539730,3.742491007,6.034878731,3.742490768,6.026935577,6.097950459,5.911030293,3.700824499,5.963339806,5.665075302",Heroes_of_the_Storm,336,0,Fun,Game,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,32,26480,5321,624,3,0,3,1,2,0,3,0,0,0,0,15,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,32,26480,5321,624,3,0,3,1,2,0,3,0,0,0,0,15,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hpvirtgrp.pcap.out b/test/results/flow-analyse/default/hpvirtgrp.pcap.out index 732e5737f..9a1273033 100644 --- a/test/results/flow-analyse/default/hpvirtgrp.pcap.out +++ b/test/results/flow-analyse/default/hpvirtgrp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,82,59124,3797,1308,9,0,9,0,0,0,9,0,0,0,0,45,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,82,59124,3797,1308,9,0,9,0,0,0,9,0,0,0,0,45,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hsrp0.pcap.out b/test/results/flow-analyse/default/hsrp0.pcap.out index d760d23c9..3a262e71b 100644 --- a/test/results/flow-analyse/default/hsrp0.pcap.out +++ b/test/results/flow-analyse/default/hsrp0.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,15424,80,0,4,0,4,0,0,0,4,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,15424,80,0,4,0,4,0,0,0,4,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hsrp2.pcap.out b/test/results/flow-analyse/default/hsrp2.pcap.out index 1392749a2..53d0b57e4 100644 --- a/test/results/flow-analyse/default/hsrp2.pcap.out +++ b/test/results/flow-analyse/default/hsrp2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8854,104,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8854,104,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/hsrp2_ipv6.pcapng.out b/test/results/flow-analyse/default/hsrp2_ipv6.pcapng.out index fa669dc95..50bd5aaa9 100644 --- a/test/results/flow-analyse/default/hsrp2_ipv6.pcapng.out +++ b/test/results/flow-analyse/default/hsrp2_ipv6.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,19001,1998,0,2,0,2,4,0,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,19001,1998,0,2,0,2,4,0,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-basic-auth.pcap.out b/test/results/flow-analyse/default/http-basic-auth.pcap.out index 21f97800b..09f073d9c 100644 --- a/test/results/flow-analyse/default/http-basic-auth.pcap.out +++ b/test/results/flow-analyse/default/http-basic-auth.pcap.out @@ -9,4 +9,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.0.4,192.254.189.169,tcp,54506,80,finished,14,18,1381844093773653,1381844105235432,1381844105235372,0,0,643,1448,643,20540,0,1107,739467.7,9536721,2304771.2,5311970148352.0,2.0,"205051,205088,1239219,1239214,9336229,9536721,269698,3945,474186,3902,3868,3885,3880,7765,5508,5622,2491,3505,5894,3931,3951,3696,163375,167088,3967,3916,4585,3237,7851,1123,1107",52,715.0,1500,702.0,492871.9,4.2,"64,60,52,60,52,695,58,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,320,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0","4.421927452,5.139575005,5.115702629,5.139575005,5.130219936,5.878774166,5.340740204,5.419150352,5.488927364,5.014835358,5.291490555,5.085056305,5.042024136,5.061055183,5.053297043,5.085721970,4.955154419,5.096673012,5.053177357,5.091758728,5.124075890,5.046594620,5.088674068,5.274103165,5.053297043,5.222216129,5.032077789,5.196549416,5.517179966,5.077241421,5.796352386,5.014835358",HTTP,7,0,Acceptable,Web,6,DPI,"" 1,ip4,192.168.0.4,192.254.189.169,tcp,54584,80,finished,14,18,1381844112303792,1381844116079597,1381844116079543,0,0,731,1448,1442,17394,0,1516,243598.6,2440041,569983.2,324880891904.0,2.8,"191619,191694,451500,691227,18992,258717,2193011,2440041,223652,1516,472146,13231,13309,3452,4140,7544,3959,3958,4123,3470,7591,3945,4028,3911,158872,162735,3834,3852,3908,1859,5720",52,641.4,1500,656.8,431405.0,4.2,"64,60,52,783,52,189,52,763,58,1500,597,52,131,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,757,52","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0","4.334868431,4.994742393,5.077241421,5.863452911,4.993616104,5.802459240,5.038779736,5.873818874,5.189794064,5.430706978,5.489347935,5.091758251,5.402398586,5.091758728,5.437272549,5.178615093,5.091758728,5.015810490,5.046594620,5.086363792,5.083364964,5.091758728,5.094627380,4.993615627,5.060242653,5.186669827,5.053297043,5.220447540,4.993615627,5.439900398,5.703805923,5.130220413",HTTP,7,0,Acceptable,Web,6,DPI,"36" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,216,189394,23764,284058,25,25,0,0,9,9,16,4,0,15,0,125,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,4,0,17,0,0,0,0,25,0,0,25,0,0,0,25,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,216,189394,23764,284058,25,25,0,0,9,9,16,4,0,15,0,125,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,4,0,17,0,0,0,0,25,0,0,25,0,0,0,25,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out b/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out index 2a3eee549..c1c30213e 100644 --- a/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out +++ b/test/results/flow-analyse/default/http-crash-content-disposition.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8829,475,2369,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8829,475,2369,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-lines-split.pcap.out b/test/results/flow-analyse/default/http-lines-split.pcap.out index d6bfbfdc2..46aa7aa7d 100644 --- a/test/results/flow-analyse/default/http-lines-split.pcap.out +++ b/test/results/flow-analyse/default/http-lines-split.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9598,67,1632,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9598,67,1632,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-manipulated.pcap.out b/test/results/flow-analyse/default/http-manipulated.pcap.out index 108e12cc5..d2eab70fe 100644 --- a/test/results/flow-analyse/default/http-manipulated.pcap.out +++ b/test/results/flow-analyse/default/http-manipulated.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,15674,797,42034,2,1,1,0,0,0,2,0,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,15674,797,42034,2,1,1,0,0,0,2,0,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-proxy.pcapng.out b/test/results/flow-analyse/default/http-proxy.pcapng.out index 55e5efddd..1a7ca5e0f 100644 --- a/test/results/flow-analyse/default/http-proxy.pcapng.out +++ b/test/results/flow-analyse/default/http-proxy.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8668,294,716,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8668,294,716,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http-pwd.pcapng.out b/test/results/flow-analyse/default/http-pwd.pcapng.out index 36a066ca2..fcddcc1d4 100644 --- a/test/results/flow-analyse/default/http-pwd.pcapng.out +++ b/test/results/flow-analyse/default/http-pwd.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12279,747,250,1,1,0,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,12279,747,250,1,1,0,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http.pcapng.out b/test/results/flow-analyse/default/http.pcapng.out index 597a5d0c4..829add370 100644 --- a/test/results/flow-analyse/default/http.pcapng.out +++ b/test/results/flow-analyse/default/http.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8060,74,528,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8060,74,528,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http2.pcapng.out b/test/results/flow-analyse/default/http2.pcapng.out index 78f9cc2ce..3261e4044 100644 --- a/test/results/flow-analyse/default/http2.pcapng.out +++ b/test/results/flow-analyse/default/http2.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8277,319,272,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8277,319,272,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_asymmetric.pcapng.out b/test/results/flow-analyse/default/http_asymmetric.pcapng.out index 5f1739386..433d6d09d 100644 --- a/test/results/flow-analyse/default/http_asymmetric.pcapng.out +++ b/test/results/flow-analyse/default/http_asymmetric.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,21753,8665,0,2,2,0,0,0,0,2,1,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,3,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,20,21753,8665,0,2,2,0,0,0,0,2,1,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,3,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_auth.pcap.out b/test/results/flow-analyse/default/http_auth.pcap.out index 27a03aedf..9a263566c 100644 --- a/test/results/flow-analyse/default/http_auth.pcap.out +++ b/test/results/flow-analyse/default/http_auth.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.4,192.254.189.169,tcp,54337,80,finished,14,18,1381844050222515,1381844057134728,1381844055865656,0,0,739,1448,739,17637,0,139,405011.4,4861829,1193509.9,1424465723392.0,2.2,"180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016",52,626.9,1500,665.6,443042.2,4.1,"64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0","4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305",HTTP,7,0,Acceptable,Web,6,DPI,"36,43" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,13450,739,17637,1,1,0,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,13450,739,17637,1,1,0,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_connect.pcap.out b/test/results/flow-analyse/default/http_connect.pcap.out index 3c0e233cf..345dfc23f 100644 --- a/test/results/flow-analyse/default/http_connect.pcap.out +++ b/test/results/flow-analyse/default/http_connect.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.146,151.101.2.132,tcp,35968,443,info,16,16,1631454722867862,1631454722915624,1631454722915766,0,0,517,1384,1070,14818,0,14,3086.0,16011,4867.3,23690602.0,3.4,"8850,8886,2829,11347,7507,16011,65,50,21,19,18,33,7291,458,15010,14,4004,11279,678,666,42,41,26,25,27,27,115,115,31,32,149",52,549.0,1436,627.7,394029.6,4.0,"60,60,52,569,52,1436,52,1436,52,1436,52,971,52,116,541,52,52,111,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436","13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.679967880,5.108291149,5.100070000,5.268876553,5.138531685,7.847479820,5.061608315,7.859804630,5.061608315,7.874018669,5.061608315,7.772319317,5.061608315,6.130341530,7.577058315,5.047091484,5.047091484,6.133301258,5.100070000,7.864048481,5.100070000,7.878256798,5.100070000,7.852052212,5.061608315,7.879714489,5.100070000,7.869248867,5.023146629,7.862973690,5.100070000,7.856719017",TLS,91,1,Safe,Web,6,DPI,"" 1,ip4,192.168.1.103,192.168.1.146,tcp,1714,8080,finished,14,18,1631454722864133,1631454722971434,1631454722971505,0,0,517,5536,1512,22723,0,4,6924.9,53379,12836.3,164771856.0,3.4,"32,2664,352,3052,9578,12352,2730,16207,17263,6110,7163,474,478,42,22,11387,743,133,163,12593,29,193,4,101,98,705,4022,50186,53379,1210,1208",40,799.0,5576,1594.6,2542806.0,3.2,"52,52,46,243,40,116,557,40,5111,46,104,40,210,40,359,40,99,5576,2808,1424,71,46,40,46,5576,1424,949,46,173,40,115,40","7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1","4.439885139,4.777055740,4.478915215,5.741591930,4.562815189,5.677224636,5.225388527,4.612814903,7.961506844,4.522394180,6.123366356,4.662815094,7.000855446,4.662815094,7.384087086,4.612815380,5.976536274,7.968001366,7.926353455,7.858606339,5.619441509,4.435437202,4.593943596,4.462504864,7.966147423,7.859233379,7.772559643,4.522394180,6.695012093,4.662815094,6.320215225,4.662815094",HTTP_Connect,130,0,Acceptable,Web,6,DPI,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,26016,3644,53729,3,0,3,0,2,0,3,2,0,1,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,2,1,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,28,25934,3644,53729,3,0,3,0,2,0,3,2,0,1,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,2,1,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_guessed_host_and_guessed.pcapng.out b/test/results/flow-analyse/default/http_guessed_host_and_guessed.pcapng.out index 8ba59231b..ecbe09f25 100644 --- a/test/results/flow-analyse/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/flow-analyse/default/http_guessed_host_and_guessed.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,6097,49,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,6204,49,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_invalid_server.pcap.out b/test/results/flow-analyse/default/http_invalid_server.pcap.out index 86eb27132..175dcdd84 100644 --- a/test/results/flow-analyse/default/http_invalid_server.pcap.out +++ b/test/results/flow-analyse/default/http_invalid_server.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9998,82,407,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9998,82,407,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_ipv6.pcap.out b/test/results/flow-analyse/default/http_ipv6.pcap.out index eecd4a2da..791ce6c29 100644 --- a/test/results/flow-analyse/default/http_ipv6.pcap.out +++ b/test/results/flow-analyse/default/http_ipv6.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip6,2a00:d40:1:3:7aac:c0ff:fea7:d4c,2a00:1450:4001:803::1017,udp,45931,443,finished,17,15,1448269127400446,1448269137275811,1448269136257808,37,0,1350,1350,4058,4856,0,1512,604281.6,6008829,1486148.8,2208638173184.0,2.8,"25363,26190,172445,219452,15689,87208,38758,110203,47003,1512,26672,45844,1752482,1778725,6798,78256,246614,318052,6008829,6008710,4760,76866,102599,174483,2367,73860,70885,142482,2922,74310,992388",77,326.6,1398,376.2,141514.9,4.3,"1398,1398,85,1202,80,660,88,238,80,88,567,88,77,243,80,623,91,88,80,248,77,575,91,249,80,572,88,250,80,547,88,251","0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0","2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0","4.737460136,7.856492996,5.340356827,7.783504963,5.237494946,7.640817642,5.426836967,6.897242546,5.228057861,5.435415268,7.531185150,5.426837444,4.923079967,6.917997837,5.187493324,7.660722733,5.627426147,5.458142281,5.212494373,6.952660084,4.934730053,7.572426796,5.495558739,6.882013798,5.262493610,7.594254971,5.480869293,6.910377979,5.237494469,7.573482990,5.374089718,6.950065613",QUIC.Google,188.126,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,117,107137,10659,40534,15,3,12,0,1,7,8,13,0,5,0,55,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,1,5,1,2,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,1,0,4,0,0,0,0,0,15,0,13,2,0,0,15,8,7,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,117,106503,10659,40534,15,3,12,0,1,7,8,13,0,5,0,55,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,1,5,1,2,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,1,0,4,0,0,0,0,0,15,0,13,2,0,0,15,8,7,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_on_sip_port.pcap.out b/test/results/flow-analyse/default/http_on_sip_port.pcap.out index 4df602a4c..0dc393e97 100644 --- a/test/results/flow-analyse/default/http_on_sip_port.pcap.out +++ b/test/results/flow-analyse/default/http_on_sip_port.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,11856,223,1360,1,0,1,0,0,0,1,1,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,11856,223,1360,1,0,1,0,0,0,1,1,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_origin_different_than_host.pcap.out b/test/results/flow-analyse/default/http_origin_different_than_host.pcap.out index e861759b1..8291709e6 100644 --- a/test/results/flow-analyse/default/http_origin_different_than_host.pcap.out +++ b/test/results/flow-analyse/default/http_origin_different_than_host.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,6652,0,0,0,0,0,0,0,0,0,0,0,0,4,0,1,0,1,1,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,6652,0,0,0,0,0,0,0,0,0,0,0,0,4,0,1,0,1,1,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_starting_with_reply.pcapng.out b/test/results/flow-analyse/default/http_starting_with_reply.pcapng.out index e150de425..6582c80d8 100644 --- a/test/results/flow-analyse/default/http_starting_with_reply.pcapng.out +++ b/test/results/flow-analyse/default/http_starting_with_reply.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,17480,7613,688,1,1,0,0,0,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,14,17480,7613,688,1,1,0,0,0,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/flow-analyse/default/http_ua_splitted_in_two_pkts.pcapng.out index e3ac607d7..726d29424 100644 --- a/test/results/flow-analyse/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/flow-analyse/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,254.125.135.128,66.152.103.45,tcp,21359,80,finished,21,11,1506664814072079,1506664884688466,1506664884891709,0,0,1388,358,16613,1748,0,2278,4562452.0,23451757,7140164.0,50981941280768.0,3.5,"200188,228774,3208,234021,1087486,3262,1090830,5345683,5834,5351689,23448878,3179,23451757,8290030,3196,8292329,1123787,3421,1127523,8802271,4342,8806776,19530296,2278,19532387,1784873,3657,1788814,938512,3420,943316",60,626.3,1440,557.2,310424.4,4.5,"60,60,1440,327,181,1440,259,181,1440,535,410,1440,257,181,1440,327,181,1440,257,181,1440,461,410,1440,258,181,1440,313,181,1440,259,181","1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0","1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1","4.739262104,5.106893539,5.867009163,5.823337078,5.714051723,5.877876282,5.739666462,5.708738327,5.861988068,5.999320984,5.770567417,5.882071018,5.723089695,5.732763290,5.864256382,5.841103554,5.697688103,5.890019894,5.735716343,5.730837822,5.881994724,5.957257271,5.801627636,5.887722969,5.723830700,5.705350399,5.852463722,5.804970741,5.650331974,5.849934578,5.692368984,5.757890701",HTTP,7,0,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,13945,62424,6280,1,1,0,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,13945,62424,6280,1,1,0,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/i3d.pcap.out b/test/results/flow-analyse/default/i3d.pcap.out index c635e94b8..34be39fb1 100644 --- a/test/results/flow-analyse/default/i3d.pcap.out +++ b/test/results/flow-analyse/default/i3d.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,37,34058,33668,304,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,37,34058,33668,304,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/iax.pcap.out b/test/results/flow-analyse/default/iax.pcap.out index 7b54b1133..46fa1d47f 100644 --- a/test/results/flow-analyse/default/iax.pcap.out +++ b/test/results/flow-analyse/default/iax.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,82.110.36.84,192.168.2.120,udp,4569,4566,finished,27,5,1123840005963862,1123840006456930,1123840006059195,12,0,172,172,3882,372,0,948,18980.7,51403,10969.1,120322248.0,4.7,"2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140",40,161.5,200,59.5,3538.2,4.9,"94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192","3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.666565895,4.339823723,4.439823151,4.354552269,4.384184837,4.354552269,1.312757373,1.546443224,1.322564363,4.327484608,1.142194629,1.312757373,1.944322586,1.302340746,1.312757373,1.312757373,1.312757373,1.302340746,1.312757373,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.321057439,1.335405827,1.335405827,1.335405827,1.335405827",IAX,95,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9907,4046,3008,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9907,4046,3008,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/icmp-tunnel.pcap.out b/test/results/flow-analyse/default/icmp-tunnel.pcap.out index fb4689e5a..2d6f4f55a 100644 --- a/test/results/flow-analyse/default/icmp-tunnel.pcap.out +++ b/test/results/flow-analyse/default/icmp-tunnel.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.154.131,192.168.154.132,icmp,,,finished,23,9,1360227866459330,1360227888466859,1360227888466987,92,0,92,92,2116,828,0,998770,1419844.6,13999352,2296693.5,5274800750592.0,4.2,"998770,1000036,1000056,999983,1000051,1000074,1000009,1000032,1000047,1000127,999991,999982,1000043,999922,13999352,1001250,1001214,1000977,1001002,1001107,1001081,1000973,1000923,1000944,1000921,1001115,1001144,1001036,1001015,1001004,1001005",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.610230446,5.622818947,5.669650555,5.651793003,5.651793003,5.604961395,5.645053387,5.630681515,5.633935928,5.622818947,5.633935928,5.669650555,5.651793480,5.645053387,5.669650555,5.683875084,5.669650555,5.701732159,5.633935928,5.666017056,5.633935928,5.666017056,5.645053387,5.677134514,5.637421608,5.672758102,5.602598667,5.623562336,5.651793003,5.683875084,5.669650555,5.701732159",ICMP,81,0,Acceptable,Network,6,DPI,"17,35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,39,42844,83334,78134,1,0,1,26,1,0,1,0,0,1,0,5,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,39,42844,83334,78134,1,0,1,26,1,0,1,0,0,1,0,5,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/iec60780-5-104.pcap.out b/test/results/flow-analyse/default/iec60780-5-104.pcap.out index 29958cfa4..ee100eb21 100644 --- a/test/results/flow-analyse/default/iec60780-5-104.pcap.out +++ b/test/results/flow-analyse/default/iec60780-5-104.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,172.27.248.109,172.27.248.79,tcp,1578,2404,finished,19,13,1219992819942883,1219992991664467,1219992991860370,0,0,16,64,94,207,0,133,11085131.0,32516052,10877058.0,118310385483776.0,4.1,"133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039",40,51.6,104,11.5,132.4,5.0,"48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40","19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1","4.558206558,4.926427364,4.435436726,4.740953922,4.740953445,4.478915215,4.605515957,4.522393703,4.811381817,4.822690010,4.522393703,4.922443390,4.864342690,4.462504864,4.862554550,4.781687260,5.115302563,5.039213181,4.478915215,4.878964901,4.781687260,4.824862003,4.478915215,5.079588413,4.986872673,4.972445488,4.999047756,4.478915215,4.964986324,4.478915215,4.922443390,4.781687260",IEC60870,245,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,53,38508,413,335,6,6,0,0,1,0,6,0,0,0,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,53,38508,413,335,6,6,0,0,1,0,6,0,0,0,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ieee_c37118.pcap.out b/test/results/flow-analyse/default/ieee_c37118.pcap.out index 5e7481ab7..727fff13e 100644 --- a/test/results/flow-analyse/default/ieee_c37118.pcap.out +++ b/test/results/flow-analyse/default/ieee_c37118.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.0.20,192.168.0.241,tcp,36835,4712,finished,14,18,1218021007698753,1218021007982488,1218021007965319,0,0,18,134,36,890,0,207,17751.6,40001,13277.6,176295104.0,4.5,"1236,1270,207,1843,699,2315,976,1753,1047,20120,38956,19861,2840,19920,19921,20016,39141,19972,20168,38019,19966,20020,40000,19866,22584,20167,20073,37505,19862,19977,40001",52,81.6,186,31.5,989.7,4.9,"60,64,52,70,52,186,52,70,52,106,106,52,106,52,106,52,106,52,106,106,52,106,106,52,106,52,106,106,52,106,106,52","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,14,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0","4.496836185,5.048533440,4.931210041,4.651202679,4.969671726,4.443276405,4.931210041,4.690558434,4.969671249,5.657071114,5.579102516,4.969671249,5.555610657,4.969671726,5.699430466,4.969671726,5.692310333,5.008132935,5.652293205,5.602812290,4.931209564,5.597970963,5.583358288,4.931209564,5.605093002,4.931209564,5.657070637,5.635706902,5.008132935,5.642828465,5.594747066,5.008132935",IEEE-C37118,367,0,Acceptable,IoT-Scada,6,DPI,"" 1,ip4,192.168.0.10,192.168.0.60,udp,4712,4713,finished,3,29,1218023578251598,1218023578622812,1218023579169239,18,0,18,374,54,1718,0,19796,41576.0,318010,73009.0,5330315264.0,3.9,"316833,318010,54381,59605,20198,20004,19807,20001,20003,20201,19799,19994,20205,19798,20210,19796,20005,19991,20008,20200,19801,19996,20004,20000,20202,19800,20004,20000,20002,20201,19796",46,83.4,402,57.9,3351.1,4.8,"46,46,402,46,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,28,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.419025898,4.245112896,4.107680798,4.419026375,4.914726734,4.888411045,4.977291107,4.801239491,4.941042423,4.941042423,4.977291107,4.950975418,4.950975418,4.941042423,5.003606796,4.860224247,4.898343563,4.924659729,4.977291107,4.950975418,5.024288177,4.814043045,4.950975418,4.902923107,5.076920033,4.801239491,4.814043045,4.929238796,4.924659729,4.898343563,4.925475597,4.899159908",IEEE-C37118,367,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,22,19138,126,31204,2,1,1,0,2,0,2,0,0,0,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,22,19138,126,31204,2,1,1,0,2,0,2,0,0,0,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/imap-starttls.pcap.out b/test/results/flow-analyse/default/imap-starttls.pcap.out index 005167fd6..c9317f852 100644 --- a/test/results/flow-analyse/default/imap-starttls.pcap.out +++ b/test/results/flow-analyse/default/imap-starttls.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.17.53,212.227.17.186,tcp,49640,143,info,18,14,1437584567812552,1437584570639554,1437584570828629,0,0,318,1460,540,5653,0,1,188486.4,1677753,378167.8,143010873344.0,3.3,"189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432",40,235.2,1500,424.6,180326.2,3.6,"64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46","15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1","4.577819824,4.737868309,4.461769104,5.374657631,4.734183788,5.080696583,4.457919598,5.160151482,4.684183598,5.024262428,5.301461220,4.501398087,4.784183979,5.382153988,6.856912613,7.178915024,4.665312290,7.104553223,7.666580677,4.403056622,4.684184551,6.516188145,5.466528416,4.684184074,5.702392578,6.104408741,5.134844303,4.665312290,4.734184265,5.452422619,4.492897511,3.926021099",IMAPS,51,1,Safe,Email,6,DPI,"5,15,24" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,15157,540,5653,1,1,0,0,1,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,15157,540,5653,1,1,0,0,1,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/imap.pcap.out b/test/results/flow-analyse/default/imap.pcap.out index f010c988f..f9a663daf 100644 --- a/test/results/flow-analyse/default/imap.pcap.out +++ b/test/results/flow-analyse/default/imap.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.40.4.2,10.40.3.2,tcp,46045,143,finished,19,13,1213095262213846,1213095266780228,1213095266780369,0,0,73,696,179,1401,0,88,294609.8,4331408,1060070.4,1123749068800.0,1.4,"126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190",52,101.9,748,125.9,15857.5,4.4,"60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748","18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1","4.466519356,4.994044781,4.884933472,5.545080185,4.923395157,5.188045025,5.565508366,4.846471786,5.532327652,4.923395157,5.445330620,5.491897583,4.961857319,5.242550373,5.321550369,4.892440796,5.645212650,4.899451256,5.225256920,5.331891060,4.961856842,5.594664574,4.961857319,5.357347012,5.240169048,4.961857319,5.602889538,4.923395157,5.631970406,5.824433327,4.923395157,5.541430473",IMAP,4,0,Unsafe,Email,6,DPI,"22,36" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10692,179,1401,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10692,179,1401,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/imaps.pcap.out b/test/results/flow-analyse/default/imaps.pcap.out index 438a5dda8..a6ae25548 100644 --- a/test/results/flow-analyse/default/imaps.pcap.out +++ b/test/results/flow-analyse/default/imaps.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,18897,1582,6084,2,0,2,0,0,0,2,3,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,5,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,18925,1582,6084,2,0,2,0,0,0,2,3,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,5,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/imo.pcap.out b/test/results/flow-analyse/default/imo.pcap.out index a76a9d274..950a7b37e 100644 --- a/test/results/flow-analyse/default/imo.pcap.out +++ b/test/results/flow-analyse/default/imo.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.33.47.58,udp,49207,57604,finished,16,16,1646579366870607,1646579367998159,1646579367589404,1,0,100,107,241,239,0,22,59559.6,463846,120414.4,14499615744.0,3.2,"36207,20915,69195,11193,10953,10897,11928,60266,17574,7210,47,9880,379036,463846,100219,9477,9867,20901,22,106515,270,209,156,89,19549,7836,19677,23241,7950,3744,407480",29,43.0,135,23.0,529.8,4.9,"29,29,135,38,38,38,38,38,38,38,38,38,38,29,128,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38","15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0","4.444189072,4.513154984,6.563591003,4.339262962,4.286631107,4.266765594,4.339262962,4.339262962,4.444526196,4.391894341,4.372028828,4.444526196,4.444526196,4.444189072,6.433364868,4.458455563,4.458455563,4.511087418,4.511087418,4.511087418,4.405824184,4.405824184,4.405824184,4.458455563,4.458455563,4.511087418,4.353192329,4.511087418,4.385958672,4.458455563,4.458455563,4.266765594",IMO,216,0,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.12.169,185.155.137.30,udp,49207,36535,finished,17,15,1646579366752245,1646579368878172,1646579368918568,182,0,1224,224,11806,720,0,24,138459.7,1002796,305661.1,93428727808.0,2.8,"396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553",38,419.4,1252,488.9,239046.1,4.1,"228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39","0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0","10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1","6.951599121,7.408638477,4.155817986,6.605685711,7.827155590,7.851851463,6.958688259,6.942827225,7.823550224,7.844932079,7.851901054,7.830797195,6.188582897,7.144678593,4.053254128,7.818601608,4.339262486,7.858332157,6.930744171,4.391894341,4.391894341,4.391894341,4.391894341,4.155817986,6.930866241,6.293650627,7.455466747,6.412575722,6.928594112,4.207099915,6.941227913,4.207099915",IMO,216,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,19972,18943,12237,2,0,2,0,2,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,19972,18943,12237,2,0,2,0,2,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/instagram.pcap.out b/test/results/flow-analyse/default/instagram.pcap.out index d8ab0e793..70a0c7996 100644 --- a/test/results/flow-analyse/default/instagram.pcap.out +++ b/test/results/flow-analyse/default/instagram.pcap.out @@ -9,4 +9,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,2.22.236.51,192.168.0.103,tcp,80,44151,info,17,15,1436720952553865,1436720952574830,1436720952572908,1418,0,1418,0,24106,0,1,31,1290.6,3846,1167.1,1362190.6,4.3,"122,2106,427,3387,31,3174,2289,427,946,1892,213,2563,1831,3785,61,3846,183,1342,1312,367,183,213,275,519,519,885,854,2075,2106,2014,61",52,805.3,1470,707.6,500717.4,4.3,"1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0","7.838996410,5.123517990,7.796014309,7.834145069,5.123517990,5.085056305,7.799090385,5.085056305,7.778009892,7.746161938,5.046594620,5.085056305,7.694964409,5.085056305,7.722822666,7.781306744,5.161979675,5.109000683,7.744096756,5.161979675,7.786537647,5.161979675,7.830977440,5.161979675,7.801307678,5.123517990,7.796917439,5.123517990,7.805510998,5.123517990,7.825653553,7.826405048",,,,,,,,"" 1,ip4,192.168.2.17,31.13.86.52,tcp,49357,443,info,15,17,1568796254514906,1568796265194500,1568796265280665,0,0,597,1388,2170,10887,0,6,691785.6,10469815,2560795.0,6557671096320.0,1.2,"11096,12433,1241,548,13252,614,103,14204,568,14367,12466,169576,258,200,98,307,55,169,229,6,169709,106,1819,218,113,542,10413415,52212,10469815,9752,75862",52,460.7,1440,528.6,279392.3,4.1,"64,60,52,471,649,52,52,274,52,136,230,52,825,1440,1440,1440,1440,1440,628,1440,86,52,52,52,52,52,52,587,587,52,52,828","10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1","4.215376377,5.115063667,4.860988617,7.062851906,7.630533695,5.014835358,4.976373672,6.836615562,4.884933949,6.378606796,7.007258415,4.822527409,7.742178440,7.852344990,7.873802185,7.849394321,7.865141869,7.857724190,7.720446110,7.850056171,5.757548332,4.976373672,4.976373672,4.937912464,4.937911987,4.899450779,4.976373672,7.590856075,7.594714642,5.053297043,5.053297043,7.784784317",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,299,323468,116573,413697,38,6,32,4,9,7,30,18,1,5,0,150,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,16,5,3,22,0,0,0,0,0,0,0,0,0,0,0,5,18,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,14,0,0,0,0,38,0,0,30,7,1,0,38,30,7,1,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,299,322402,116573,413697,38,6,32,4,9,7,30,18,1,5,0,150,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,16,5,3,22,0,0,0,0,0,0,0,0,0,0,0,5,18,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,14,0,0,0,0,38,0,0,30,7,1,0,38,30,7,1,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ip_fragmented_garbage.pcap.out b/test/results/flow-analyse/default/ip_fragmented_garbage.pcap.out index 177972d86..716e0b45b 100644 --- a/test/results/flow-analyse/default/ip_fragmented_garbage.pcap.out +++ b/test/results/flow-analyse/default/ip_fragmented_garbage.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,51,25983,8,0,4,4,0,0,0,0,0,0,4,0,16,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,51,25983,8,0,4,4,0,0,0,0,0,0,4,0,16,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/iphone.pcap.out b/test/results/flow-analyse/default/iphone.pcap.out index 1b0654714..5d2fd65f1 100644 --- a/test/results/flow-analyse/default/iphone.pcap.out +++ b/test/results/flow-analyse/default/iphone.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.17,92.123.77.26,tcp,50587,443,info,18,14,1582454599934729,1582454600290030,1582454600371223,0,0,1440,1440,3458,5165,0,4,25541.8,147307,44603.2,1989448704.0,3.2,"33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566",52,322.1,1492,461.1,212650.1,3.9,"64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52","10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1","4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.17,17.248.185.87,tcp,50581,443,info,20,12,1582454598721885,1582454600432880,1582454600398737,0,0,1440,1440,13211,8177,0,19,109285.4,803512,185220.7,34306707456.0,3.4,"145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245",52,721.0,1492,667.3,445284.8,4.3,"64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492","8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0","4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,356,328663,99351,91009,51,3,48,0,4,1,50,40,0,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,17,24,9,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,356,327228,99351,91009,51,3,48,0,4,1,50,40,0,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,17,24,9,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ipp.pcap.out b/test/results/flow-analyse/default/ipp.pcap.out index 9ad3be952..a97430b51 100644 --- a/test/results/flow-analyse/default/ipp.pcap.out +++ b/test/results/flow-analyse/default/ipp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.10.10.49,10.10.10.251,tcp,55342,631,finished,21,11,1210953938235230,1210953938290667,1210953938297849,0,0,2896,25,26572,25,0,5,3808.3,9119,3527.0,12440042.0,4.2,"709,735,61,34,3567,1615,5071,72,15,5799,5726,12,3653,3625,5,7253,7252,7,8848,8850,9,9119,9104,8,7245,7239,6,7601,7598,8,7210",52,883.7,2948,882.8,779357.9,4.2,"60,60,52,196,200,52,77,52,2948,1500,52,2948,1572,52,1428,1596,52,1404,1620,52,1380,1644,52,1356,1668,52,1332,1692,52,1308,1716,52","3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9","11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1","4.357651234,4.697803974,4.615702629,5.523350239,5.368941784,4.692625999,5.211149216,4.615702629,4.113531590,3.955130577,4.654164314,3.740996838,3.516076803,4.731087208,3.522020817,3.493224859,4.647461891,4.069941521,4.504707813,4.692625523,4.258998871,4.157813072,4.731087208,4.248043537,4.662984848,4.692625999,4.682926178,4.280339241,4.692625523,4.155966759,4.117242336,4.601185799",HTTP.IPP,7.6,0,Acceptable,System,6,DPI,"5,12" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,24769,228781,1443,3,3,0,0,1,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,3,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,28,24769,228781,1443,3,3,0,0,1,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,3,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ipsec_isakmp_esp.pcap.out b/test/results/flow-analyse/default/ipsec_isakmp_esp.pcap.out index fef3915c7..bb80ae9c6 100644 --- a/test/results/flow-analyse/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/flow-analyse/default/ipsec_isakmp_esp.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.100,109.237.187.195,udp,14500,4500,finished,15,17,946763527783000,946763527783000,946763527783000,96,0,1332,1332,10224,7128,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",108,570.2,1360,486.8,236933.9,4.5,"844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236","0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0","0,0,2,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1","7.744743347,6.853363991,6.347064018,5.738097668,6.151700020,7.473697186,7.876097679,7.831090450,7.765502453,6.747092724,6.687656403,6.679874420,7.827803612,6.462619305,7.846179008,7.744938850,6.903948784,6.261349678,5.757190228,6.099359512,7.429207802,7.852733135,7.863712311,7.793406487,6.532532215,6.538568020,6.619940281,7.820692539,6.667374134,7.838056564,7.740211487,6.937667370",IPSec,79,1,Safe,VPN,6,DPI,"" 1,ip4,192.168.2.100,109.237.187.225,udp,14500,4500,finished,15,17,946763527783000,946763527783000,946763527783000,96,0,1332,1332,10240,5876,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",108,531.6,1360,472.2,222978.4,4.4,"844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236","0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0","0,0,3,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1","7.735000610,6.885608673,6.313099861,5.849783897,6.173916817,7.464264393,7.831699848,7.833400249,7.798014164,6.661001682,6.578844547,6.648502350,7.808434486,6.640223026,5.685765266,7.751714706,6.969136238,6.248125076,5.863762856,6.151700020,7.458979130,7.869451523,7.855331421,7.760697842,6.747092247,6.645437717,6.637656689,7.804164410,6.573502064,7.848899364,7.732619762,6.921160221",IPSec,79,1,Safe,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,321,317542,271448,145246,36,0,36,20,6,0,36,0,0,2,0,174,1,0,1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,36,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,3,0,0,0,0,0,0,36,0,0,0,36,0,0,36,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,321,317542,271448,145246,36,0,36,20,6,0,36,0,0,2,0,174,1,0,1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,36,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,3,0,0,0,0,0,0,36,0,0,0,36,0,0,36,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ipv6_in_gtp.pcap.out b/test/results/flow-analyse/default/ipv6_in_gtp.pcap.out index d638693ca..b5993a77c 100644 --- a/test/results/flow-analyse/default/ipv6_in_gtp.pcap.out +++ b/test/results/flow-analyse/default/ipv6_in_gtp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,4830,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,4830,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/iqiyi.pcap.out b/test/results/flow-analyse/default/iqiyi.pcap.out index c2e3be6a7..f9a6ac5a8 100644 --- a/test/results/flow-analyse/default/iqiyi.pcap.out +++ b/test/results/flow-analyse/default/iqiyi.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6381,135,136,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6381,135,136,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/irc.pcap.out b/test/results/flow-analyse/default/irc.pcap.out index 9e39a38ca..32c1c2114 100644 --- a/test/results/flow-analyse/default/irc.pcap.out +++ b/test/results/flow-analyse/default/irc.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8486,114,6901,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8486,114,6901,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/iso9506-1-mms.pcap.out b/test/results/flow-analyse/default/iso9506-1-mms.pcap.out index 4e6f1aaa7..c99b78934 100644 --- a/test/results/flow-analyse/default/iso9506-1-mms.pcap.out +++ b/test/results/flow-analyse/default/iso9506-1-mms.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7848,374,283,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7848,374,283,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/flow-analyse/default/ja3_lots_of_cipher_suites.pcap.out index 8ed006a60..ea6f3abc4 100644 --- a/test/results/flow-analyse/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/flow-analyse/default/ja3_lots_of_cipher_suites.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,16331,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1,0,1,1,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,25,16331,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1,0,1,1,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/flow-analyse/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index 1cbb113d0..c5917525c 100644 --- a/test/results/flow-analyse/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/flow-analyse/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,37,22845,2974,2858,1,0,1,0,0,0,1,0,0,0,13,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,37,22845,2974,2858,1,0,1,0,0,0,1,0,0,0,13,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/jabber.pcap.out b/test/results/flow-analyse/default/jabber.pcap.out index 8e647122e..b3f4cd039 100644 --- a/test/results/flow-analyse/default/jabber.pcap.out +++ b/test/results/flow-analyse/default/jabber.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,172.16.0.62,172.16.1.138,tcp,57122,5222,finished,17,15,1502380175298881,1502380175888009,1502380175887945,0,0,338,379,929,1483,0,72,38006.2,336798,84915.4,7210629120.0,2.8,"690,749,72,451,362,328,190,509,138,134,177,1433,1288,169,39805,40983,80676,197,580,336438,336798,280,830,51170,51717,134,126,305,762,115132,115569",52,128.0,431,104.5,10917.3,4.6,"64,60,52,74,52,168,52,229,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52","11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0","4.266673088,5.131404400,4.776611805,5.441964149,4.902175903,5.444538593,4.825252533,5.585448742,4.738150120,5.405127525,4.776611805,5.600682259,6.105852604,4.815073490,6.126323223,4.863714218,5.952934742,4.675744057,5.351836681,4.801308155,5.387970448,4.584303856,5.442506313,4.863714218,5.598178864,4.776611805,5.389763355,4.671903133,5.446438789,4.762094498,5.526237488,4.685171604",Jabber,67,0,Acceptable,Web,6,DPI,"" 1,ip4,172.16.0.62,172.16.1.138,tcp,57149,5222,finished,18,14,1502380915481182,1502381566576939,1502381566616902,0,0,239,463,1086,2076,1,2,42007464.0,600487770,147104800.0,21639823353708544.0,1.4,"5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992",52,150.8,515,117.9,13893.8,4.6,"291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52","9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1","5.572191238,5.460877895,5.502878189,4.891996861,4.853535175,5.455323696,5.262341499,4.891996861,5.508277893,5.549472332,4.853535175,5.489766598,5.608968258,5.516506672,5.456765175,4.747577667,5.601363182,4.800556183,5.462725163,4.870416641,5.430274010,4.908877850,5.580210686,4.647958755,5.434380531,5.509377956,4.699688911,4.762538910,5.683691025,4.646709919,5.424290180,4.908878326",Jabber,67,0,Acceptable,Web,6,DPI,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,110,83810,11121,27335,12,3,9,0,3,0,12,0,0,1,0,60,1,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,1,0,0,0,0,0,0,12,0,0,12,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,110,83810,11121,27335,12,3,9,0,3,0,12,0,0,1,0,60,1,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,1,0,0,0,0,0,0,12,0,0,12,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/jrmi.pcap.out b/test/results/flow-analyse/default/jrmi.pcap.out index 4526af44a..233dda6b6 100644 --- a/test/results/flow-analyse/default/jrmi.pcap.out +++ b/test/results/flow-analyse/default/jrmi.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7758,98,340,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7758,98,340,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/jsonrpc.pcap.out b/test/results/flow-analyse/default/jsonrpc.pcap.out index 7ef2aef5a..8f3c39e22 100644 --- a/test/results/flow-analyse/default/jsonrpc.pcap.out +++ b/test/results/flow-analyse/default/jsonrpc.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,16849,1176,615,2,1,1,0,0,0,2,1,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,20,16849,1176,615,2,1,1,0,0,0,2,1,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kafka.pcapng.out b/test/results/flow-analyse/default/kafka.pcapng.out index 8937fe7a5..15404b234 100644 --- a/test/results/flow-analyse/default/kafka.pcapng.out +++ b/test/results/flow-analyse/default/kafka.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,65,52863,2459,1886,9,1,8,0,0,1,8,0,0,0,0,27,1,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,9,8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,65,52863,2459,1886,9,1,8,0,0,1,8,0,0,0,0,27,1,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,9,8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kcp.pcap.out b/test/results/flow-analyse/default/kcp.pcap.out index 4bdc59c8e..1f8c26cb4 100644 --- a/test/results/flow-analyse/default/kcp.pcap.out +++ b/test/results/flow-analyse/default/kcp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip6,::1,::1,udp,47356,8000,finished,18,14,1704996858262666,1704996861362556,1704996861253026,24,0,1472,1472,10536,4648,0,8,196459.7,999896,320638.4,102808969216.0,3.6,"10081,20135,12,20201,59592,69805,99894,99909,99891,99844,90877,90889,99999,100075,109863,109777,399287,10,399267,295,10069,8,10072,990692,990417,990124,18,999896,9748,109493,10",72,522.5,1520,630.9,398013.8,4.0,"1520,72,1520,1176,96,104,104,104,104,104,104,104,104,104,104,104,104,1520,104,104,72,1520,1176,96,104,104,1520,1520,104,104,1520,1520","1,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0","1,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,1,0,0,0","7.925797939,1.903567076,7.926702023,7.892707825,1.970400572,1.794080019,2.325756550,1.794080019,2.325756550,1.794080019,2.299267054,1.794080019,2.299267292,1.774849296,2.294553518,1.870129108,2.404244423,7.929792404,1.888399601,2.381259918,2.030361176,7.930047035,7.898127079,2.064777851,2.212465048,2.729362011,7.931557655,7.930838585,2.231695890,2.722103357,7.931557655,7.930974960",KCP,385,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,36,46659,28368,4816,7,0,7,0,1,0,7,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,36,46659,28368,4816,7,0,7,0,1,0,7,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kerberos-error.pcap.out b/test/results/flow-analyse/default/kerberos-error.pcap.out index 939683daf..6f8e7bf9c 100644 --- a/test/results/flow-analyse/default/kerberos-error.pcap.out +++ b/test/results/flow-analyse/default/kerberos-error.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6817,287,102,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6817,287,102,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kerberos-login.pcap.out b/test/results/flow-analyse/default/kerberos-login.pcap.out index 78a42d262..b907832b9 100644 --- a/test/results/flow-analyse/default/kerberos-login.pcap.out +++ b/test/results/flow-analyse/default/kerberos-login.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,80,101921,17733,17509,13,1,12,7,0,0,13,1,0,0,0,29,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,1,12,0,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,80,101921,17733,17509,13,1,12,7,0,0,13,1,0,0,0,29,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,1,12,0,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kerberos.pcap.out b/test/results/flow-analyse/default/kerberos.pcap.out index cef10d8b8..96b0d5b1b 100644 --- a/test/results/flow-analyse/default/kerberos.pcap.out +++ b/test/results/flow-analyse/default/kerberos.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,190,176332,13668,10465,36,0,36,0,0,23,11,3,2,0,0,76,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,7,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,36,0,0,0,36,11,23,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,190,176332,13668,10465,36,0,36,0,0,23,11,3,2,0,0,76,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,7,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,36,0,0,0,36,11,23,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kerberos_fuzz.pcapng.out b/test/results/flow-analyse/default/kerberos_fuzz.pcapng.out index 1e5dc45bc..7354e25b7 100644 --- a/test/results/flow-analyse/default/kerberos_fuzz.pcapng.out +++ b/test/results/flow-analyse/default/kerberos_fuzz.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,6049,260,0,1,1,0,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,6049,260,0,1,1,0,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/kismet.pcap.out b/test/results/flow-analyse/default/kismet.pcap.out index bc32a9211..b9be40e35 100644 --- a/test/results/flow-analyse/default/kismet.pcap.out +++ b/test/results/flow-analyse/default/kismet.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,127.0.0.1,127.0.0.1,tcp,34065,2501,finished,16,16,1144004385285325,1144004397698680,1144004398798485,0,0,1045,199,1045,1777,0,28,836339.2,1099852,406205.2,165002641408.0,4.7,"28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828",40,128.9,1085,184.2,33913.2,4.2,"52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.152935505,4.370187283,4.291446209,5.295236588,4.191446304,4.892910004,4.291446209,4.891900063,4.458695412,4.585392952,4.341446400,5.037372112,4.341446400,5.005887508,4.291446686,5.014514446,4.341446400,4.979419708,4.291446686,5.025943279,4.341446400,5.016745567,4.291446686,4.993078232,4.341446400,5.021629810,4.341446400,5.025943279,4.341446400,5.025943279,4.291446209,5.037371635",Kismet,309,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10224,1045,1912,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10224,1045,1912,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/knxip.pcapng.out b/test/results/flow-analyse/default/knxip.pcapng.out index 3423a9416..1499a0330 100644 --- a/test/results/flow-analyse/default/knxip.pcapng.out +++ b/test/results/flow-analyse/default/knxip.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9393,62,0,2,0,2,0,0,0,2,0,0,0,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9393,62,0,2,0,2,0,0,0,2,0,0,0,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ldp.pcap.out b/test/results/flow-analyse/default/ldp.pcap.out index 2de4012f9..5ffdb8844 100644 --- a/test/results/flow-analyse/default/ldp.pcap.out +++ b/test/results/flow-analyse/default/ldp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,14746,360,244,3,0,3,0,0,0,3,0,0,0,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,14746,360,244,3,0,3,0,0,0,3,0,0,0,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/line.pcap.out b/test/results/flow-analyse/default/line.pcap.out index b797def46..d4720687a 100644 --- a/test/results/flow-analyse/default/line.pcap.out +++ b/test/results/flow-analyse/default/line.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.200.3.125,147.92.242.232,tcp,58160,443,info,14,18,1663913333003014,1663913342823022,1663913342822836,0,0,573,1460,3181,4192,0,0,633542.9,7306445,1725177.1,2976235913216.0,2.7,"237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727",40,272.5,1500,367.3,134881.6,4.1,"52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40","6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0","4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883",TLS.Line,91.315,1,Acceptable,Chat,6,DPI,"15" 1,ip4,10.200.3.125,147.92.169.90,udp,51161,29070,finished,19,13,1663913345063942,1663913345289714,1663913345324209,31,0,853,542,9673,6723,0,0,15678.7,225047,51123.4,2613605376.0,1.5,"175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48",59,540.4,881,131.0,17170.0,4.9,"881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570","1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1","7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664",LineCall,316,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,51,52991,25568,23936,5,1,4,1,4,0,5,2,0,1,0,25,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,4,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,3,0,0,0,0,0,0,5,0,0,2,3,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,51,52868,25568,23936,5,1,4,1,4,0,5,2,0,1,0,25,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,4,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,3,0,0,0,0,0,0,5,0,0,2,3,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/linecall_falsepositve.pcap.out b/test/results/flow-analyse/default/linecall_falsepositve.pcap.out index cc3b5e47c..a1268658f 100644 --- a/test/results/flow-analyse/default/linecall_falsepositve.pcap.out +++ b/test/results/flow-analyse/default/linecall_falsepositve.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,67,39575,0,0,0,0,0,0,0,0,0,0,0,0,32,0,1,0,1,1,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,67,39575,0,0,0,0,0,0,0,0,0,0,0,0,32,0,1,0,1,1,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/lisp_registration.pcap.out b/test/results/flow-analyse/default/lisp_registration.pcap.out index 2476b0d91..6a1979c18 100644 --- a/test/results/flow-analyse/default/lisp_registration.pcap.out +++ b/test/results/flow-analyse/default/lisp_registration.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,26999,1976,1814,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,2,2,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,26999,1976,1814,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,2,2,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/log4j-webapp-exploit.pcap.out b/test/results/flow-analyse/default/log4j-webapp-exploit.pcap.out index 6af471d9c..c7f1d7049 100644 --- a/test/results/flow-analyse/default/log4j-webapp-exploit.pcap.out +++ b/test/results/flow-analyse/default/log4j-webapp-exploit.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,172.16.238.10,10.10.10.31,tcp,55408,9001,info,17,15,1639425815944677,1639425823295194,1639425823295146,0,0,5,3,30,3,0,46,474225.3,7288582,1789599.0,3202664366080.0,1.1,"143,183,7288581,7288582,60489,60668,256,174,116,102,89,87,86,86,151,159,99,144,121,87,73,51,50,48,47,46,47,47,47,46,81",52,53.5,60,2.2,4.6,5.0,"60,60,52,55,52,53,52,53,52,53,52,53,52,53,52,53,52,53,52,55,52,57,52,55,52,55,52,55,52,55,52,55","17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.511636257,5.106626511,4.986606121,5.071912289,4.895165443,4.975576401,4.895165443,4.975576401,4.818242550,4.937840462,4.895165443,4.975576401,4.895165443,4.975576401,4.895165443,4.937840462,4.856703758,4.937840462,4.856703758,4.947280407,4.856703758,5.028079987,4.803725243,5.020007610,4.856703758,4.983644009,4.856703758,5.020007610,4.856703758,5.020007610,4.856703758,4.910916805",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,67,52001,2128,3702,7,6,1,0,1,0,5,2,2,5,4,32,1,0,1,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,5,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,3,1,5,0,0,0,7,0,0,7,0,0,0,7,5,0,2,0,0,0,0,2,3,0,0,0,0,0,0,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,67,52108,2128,3702,7,6,1,0,1,0,5,2,2,5,4,32,1,0,1,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,5,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,3,1,5,0,0,0,7,0,0,7,0,0,0,7,5,0,2,0,0,0,0,2,3,0,0,0,0,0,0,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out b/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out index d4dead43b..f6c27f39f 100644 --- a/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out +++ b/test/results/flow-analyse/default/lol_wild_rift_udp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,25335,251,1077,5,0,5,0,0,0,5,0,0,0,0,8,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,25335,251,1077,5,0,5,0,0,0,5,0,0,0,0,8,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/long_tls_certificate.pcap.out b/test/results/flow-analyse/default/long_tls_certificate.pcap.out index b3ea365ec..5e31ca27e 100644 --- a/test/results/flow-analyse/default/long_tls_certificate.pcap.out +++ b/test/results/flow-analyse/default/long_tls_certificate.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.60,106.15.100.123,tcp,55333,443,info,17,15,1609756181300869,1609756182512712,1609756182787262,0,0,517,1452,906,9549,0,4,87039.9,370939,130477.0,17024251904.0,3.4,"370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6",40,370.7,1492,546.6,298744.2,3.7,"64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52","10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1","4.353732109,4.287687778,4.680641651,4.404402256,4.565872192,6.234030724,4.660021305,4.709488392,4.630641460,6.835905075,4.680641651,7.511188984,4.580641747,7.512306690,4.740514278,6.280318737,6.238153934,4.870416164,5.914383888,6.170372486,4.680641651,4.680641651,5.707346439,5.695815086,5.241580486,6.007335186,5.319273472,6.145098209,4.778975964,5.063529015,5.025067329,5.063529015",TLS.Alibaba,91.274,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,17977,1073,11027,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,17854,1073,11027,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/lru_ipv6_caches.pcapng.out b/test/results/flow-analyse/default/lru_ipv6_caches.pcapng.out index 1c051d6a1..6db6627c1 100644 --- a/test/results/flow-analyse/default/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-analyse/default/lru_ipv6_caches.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,89,92046,14408,846,12,0,12,0,0,0,12,9,0,11,0,41,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,5,1,11,0,0,0,0,0,0,0,0,0,0,0,0,3,0,5,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,8,0,0,0,0,0,13,8,0,0,0,0,0,0,12,0,3,9,0,0,12,12,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0 +0,89,92091,14408,846,12,0,12,0,0,0,12,9,0,11,0,41,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,5,1,11,0,0,0,0,0,0,0,0,0,0,0,0,3,0,5,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,8,0,0,0,0,0,13,8,0,0,0,0,0,0,12,0,3,9,0,0,12,12,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/lustre.pcapng.out b/test/results/flow-analyse/default/lustre.pcapng.out index 1a66560f8..17f6eb96e 100644 --- a/test/results/flow-analyse/default/lustre.pcapng.out +++ b/test/results/flow-analyse/default/lustre.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,18,14371,3584,2184,2,0,2,0,0,0,2,0,0,0,0,10,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,18,14371,3584,2184,2,0,2,0,0,0,2,0,0,0,0,10,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/malformed_dns.pcap.out b/test/results/flow-analyse/default/malformed_dns.pcap.out index 5f7c2450d..1e45eebe7 100644 --- a/test/results/flow-analyse/default/malformed_dns.pcap.out +++ b/test/results/flow-analyse/default/malformed_dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,16317,56,5552,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 +0,12,16317,56,5552,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/malformed_icmp.pcap.out b/test/results/flow-analyse/default/malformed_icmp.pcap.out index 65d6377e7..4edde17be 100644 --- a/test/results/flow-analyse/default/malformed_icmp.pcap.out +++ b/test/results/flow-analyse/default/malformed_icmp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5714,8,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5714,8,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/malware.pcap.out b/test/results/flow-analyse/default/malware.pcap.out index 27c7c52b6..ad39eaec1 100644 --- a/test/results/flow-analyse/default/malware.pcap.out +++ b/test/results/flow-analyse/default/malware.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.20,193.109.85.123,tcp,41240,443,info,12,20,1698873191201916,1698873191527805,1698873191527955,0,0,652,1452,1216,15979,0,0,21029.9,110516,35172.1,1237078016.0,3.2,"66319,66394,7784,74731,3179,70080,59,0,52,87,88,2895,69320,66866,105647,5079,239,110516,108,104,86,291,185,72,128,388,325,210,535,106,55",40,579.6,1492,653.5,427088.1,4.0,"52,52,40,692,46,1492,40,46,121,52,1492,40,133,314,511,46,1492,1492,40,46,1367,1492,40,1492,46,1269,40,1492,1492,40,46,1492","9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0","0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1","4.739399433,4.931210041,4.784183979,7.178894043,4.434307575,7.386115074,4.884183884,4.434307098,6.317144871,4.988526344,7.610246658,4.884183884,5.998999596,7.235376835,7.554747581,4.434307098,7.863018513,7.867267132,4.834183693,4.434307575,7.860304356,7.871340752,4.884183884,7.867784977,4.434307098,7.823972225,4.884183884,7.868661404,7.861267567,4.834183693,4.477785587,7.882142067",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,45,42826,3925,51588,6,1,5,0,1,1,5,5,0,2,0,16,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,2,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,1,0,1,0,0,0,0,6,0,0,4,1,1,0,6,5,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,45,42580,3925,51588,6,1,5,0,1,1,5,5,0,2,0,16,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,2,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,1,0,1,0,0,0,0,6,0,0,4,1,1,0,6,5,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/memcached.cap.out b/test/results/flow-analyse/default/memcached.cap.out index 6356838bc..6ed94364e 100644 --- a/test/results/flow-analyse/default/memcached.cap.out +++ b/test/results/flow-analyse/default/memcached.cap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7814,7,1028,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7814,7,1028,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/merakicloud.pcapng.out b/test/results/flow-analyse/default/merakicloud.pcapng.out index ae92657c0..f161c2784 100644 --- a/test/results/flow-analyse/default/merakicloud.pcapng.out +++ b/test/results/flow-analyse/default/merakicloud.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,2.36.234.133,209.206.59.34,udp,47301,7351,finished,16,16,1673444916586594,1673445166592687,1673445166786552,112,0,155,148,2007,1246,0,185099,16135679.0,25010608,11213935.0,125752330682368.0,4.4,"185099,25000825,24997097,25000212,25005070,25000662,24996065,25000606,25010608,25000568,24997458,25000731,24998623,25000698,24997255,25000418,25005650,25000559,25008551,6242649,6445427,200886,201754,201009,201123,200007,200026,199896,198997,17753487,17954035",74,129.7,183,43.4,1881.8,4.9,"140,74,140,74,140,74,140,74,140,74,140,74,140,74,140,74,140,74,140,74,176,183,176,183,176,183,176,183,176,183,140,74","0,0,0,11,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1","5.828664303,4.613403797,5.810577869,4.640430927,5.848342419,4.630228996,5.771522522,4.640430927,5.791199684,4.667457581,5.868019581,4.630228996,5.832838535,4.667457104,5.791912556,4.640430927,5.823272228,4.640430450,5.805485725,4.694484234,6.490767479,6.480163097,6.449603081,6.561568260,6.490767956,6.556210518,6.465298176,6.530937672,6.547586918,6.608176708,5.825162888,4.694484234",MerakiCloud,66,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,17595,2679,1522,1,0,1,7,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,17595,2679,1522,1,0,1,7,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mgcp.pcap.out b/test/results/flow-analyse/default/mgcp.pcap.out index 13c3b3f0f..fe285438b 100644 --- a/test/results/flow-analyse/default/mgcp.pcap.out +++ b/test/results/flow-analyse/default/mgcp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,36,27828,1364,393,5,0,5,1,0,0,5,0,0,0,0,13,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,36,27828,1364,393,5,0,5,1,0,0,5,0,0,0,0,13,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mikrotik_mndp.pcap.out b/test/results/flow-analyse/default/mikrotik_mndp.pcap.out new file mode 100644 index 000000000..b2ee49ee0 --- /dev/null +++ b/test/results/flow-analyse/default/mikrotik_mndp.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,16,14304,435,0,3,0,3,0,0,0,3,0,0,0,0,3,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mining.pcapng.out b/test/results/flow-analyse/default/mining.pcapng.out index de04856da..220d3c8eb 100644 --- a/test/results/flow-analyse/default/mining.pcapng.out +++ b/test/results/flow-analyse/default/mining.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.148,94.23.199.191,tcp,46838,3333,finished,17,15,1514196188350524,1514196304559034,1514196304640605,0,0,1448,310,8887,914,0,13,7499954.5,71693099,18613570.0,346464978993152.0,2.4,"80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986",52,358.8,1500,549.1,301531.9,3.7,"60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77","8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0","10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1","4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365",Mining,42,0,Unsafe,Mining,6,DPI,"22" 1,ip4,192.168.2.148,116.211.167.195,tcp,53846,3333,finished,17,15,1514196196437568,1514196705571136,1514196705879789,0,0,1444,310,3127,2699,0,11,32857284.0,170525395,51784400.0,2681624034541568.0,3.4,"308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525",40,223.6,1484,347.6,120860.4,3.9,"60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46","12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1","4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598",Mining,42,0,Unsafe,Mining,6,DPI,"22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,41,37188,146948,30432,4,1,3,0,4,0,4,0,0,4,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,41,37188,146948,30432,4,1,3,0,4,0,4,0,0,4,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/modbus.pcap.out b/test/results/flow-analyse/default/modbus.pcap.out index 65d396a1f..ec6e46df8 100644 --- a/test/results/flow-analyse/default/modbus.pcap.out +++ b/test/results/flow-analyse/default/modbus.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.110.131,192.168.110.138,tcp,2074,502,finished,16,16,1223541953927963,1223541960939284,1223541960940128,12,0,12,11,192,176,1,835,452370.5,1014211,497296.8,247304159232.0,3.8,"1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912",51,51.5,52,0.5,0.2,5.0,"52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.526987553,4.730195045,4.438603878,4.877732754,4.429176807,4.636961937,4.429176331,4.877732754,4.622483730,4.730195045,4.589393616,4.838517189,4.622483730,4.730195045,4.550931931,4.916948318,4.569504738,4.769410610,4.627855301,4.916948318,4.622483730,4.730195045,4.627855301,4.916948795,4.622483730,4.769410610,4.627855301,4.862931252,4.607966423,4.769410610,4.627855301,4.916948318",Modbus,44,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9978,612,561,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9978,612,561,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/monero.pcap.out b/test/results/flow-analyse/default/monero.pcap.out index 766e60785..090a20f9d 100644 --- a/test/results/flow-analyse/default/monero.pcap.out +++ b/test/results/flow-analyse/default/monero.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,25680,1180,56628,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,25680,1180,56628,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mongo_false_positive.pcapng.out b/test/results/flow-analyse/default/mongo_false_positive.pcapng.out index ca2be9fec..25c70b435 100644 --- a/test/results/flow-analyse/default/mongo_false_positive.pcapng.out +++ b/test/results/flow-analyse/default/mongo_false_positive.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,10924,9246,1485,1,1,0,0,0,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,10924,9246,1485,1,1,0,0,0,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mongodb.pcap.out b/test/results/flow-analyse/default/mongodb.pcap.out index c9371a8f8..042c454a6 100644 --- a/test/results/flow-analyse/default/mongodb.pcap.out +++ b/test/results/flow-analyse/default/mongodb.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,58,44139,706,0,8,0,8,0,0,2,5,0,1,1,0,27,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,1,0,0,0,0,0,8,0,0,8,0,0,0,8,5,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,58,44139,706,0,8,0,8,0,0,2,5,0,1,1,0,27,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,1,0,0,0,0,0,8,0,0,8,0,0,0,8,5,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mpeg-dash.pcap.out b/test/results/flow-analyse/default/mpeg-dash.pcap.out index 7cb7a420e..7c61217dd 100644 --- a/test/results/flow-analyse/default/mpeg-dash.pcap.out +++ b/test/results/flow-analyse/default/mpeg-dash.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,28677,2220,1591,4,0,4,0,0,0,4,1,0,1,0,13,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,28677,2220,1591,4,0,4,0,0,0,4,1,0,1,0,13,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mpeg.pcap.out b/test/results/flow-analyse/default/mpeg.pcap.out index 34c8e68c4..b420078ed 100644 --- a/test/results/flow-analyse/default/mpeg.pcap.out +++ b/test/results/flow-analyse/default/mpeg.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9297,148,9215,1,1,0,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9318,148,9215,1,1,0,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mpegts.pcap.out b/test/results/flow-analyse/default/mpegts.pcap.out index 9e23fb5d1..bcae9ee63 100644 --- a/test/results/flow-analyse/default/mpegts.pcap.out +++ b/test/results/flow-analyse/default/mpegts.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,7868,1316,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,7868,1316,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mqtt.pcap.out b/test/results/flow-analyse/default/mqtt.pcap.out index 1bc445ff3..b9571fc4c 100644 --- a/test/results/flow-analyse/default/mqtt.pcap.out +++ b/test/results/flow-analyse/default/mqtt.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,11567,383,492,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,11567,383,492,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mssql_tds.pcap.out b/test/results/flow-analyse/default/mssql_tds.pcap.out index 6f5d42746..edd905af4 100644 --- a/test/results/flow-analyse/default/mssql_tds.pcap.out +++ b/test/results/flow-analyse/default/mssql_tds.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,65,65407,12590,1552,12,0,12,0,0,1,11,0,0,0,0,24,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,12,0,0,0,12,11,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,65,65407,12590,1552,12,0,12,0,0,1,11,0,0,0,0,24,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,12,0,0,0,12,11,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mullvad_dns.pcap.out b/test/results/flow-analyse/default/mullvad_dns.pcap.out index f98a9d204..8932d7ff1 100644 --- a/test/results/flow-analyse/default/mullvad_dns.pcap.out +++ b/test/results/flow-analyse/default/mullvad_dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,9,7576,56,74,1,0,1,0,0,0,1,1,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,9,7576,56,74,1,0,1,0,0,0,1,1,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mullvad_wireguard.pcap.out b/test/results/flow-analyse/default/mullvad_wireguard.pcap.out index 50d3d09cb..0a03b9f9a 100644 --- a/test/results/flow-analyse/default/mullvad_wireguard.pcap.out +++ b/test/results/flow-analyse/default/mullvad_wireguard.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8729,576,928,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8729,576,928,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mumble.pcapng.out b/test/results/flow-analyse/default/mumble.pcapng.out index da96a2c97..6f6de8ae4 100644 --- a/test/results/flow-analyse/default/mumble.pcapng.out +++ b/test/results/flow-analyse/default/mumble.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,22,18047,541,1488,3,0,3,0,0,0,3,1,0,1,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,22,17965,541,1488,3,0,3,0,0,0,3,1,0,1,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/munin.pcap.out b/test/results/flow-analyse/default/munin.pcap.out index de5c48a6c..ddac54644 100644 --- a/test/results/flow-analyse/default/munin.pcap.out +++ b/test/results/flow-analyse/default/munin.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,27022,242,1156,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,38,27022,242,1156,4,0,4,0,0,0,4,0,0,0,0,20,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/mysql.pcapng.out b/test/results/flow-analyse/default/mysql.pcapng.out index 671d72131..f84e7b43f 100644 --- a/test/results/flow-analyse/default/mysql.pcapng.out +++ b/test/results/flow-analyse/default/mysql.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,14428,1084,3187,2,2,0,0,0,0,2,0,0,0,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,14428,1084,3187,2,2,0,0,0,0,2,0,0,0,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nano.pcapng.out b/test/results/flow-analyse/default/nano.pcapng.out index 903cf578f..b3786dcea 100644 --- a/test/results/flow-analyse/default/nano.pcapng.out +++ b/test/results/flow-analyse/default/nano.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7867,40,200,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7867,40,200,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/natpmp.pcap.out b/test/results/flow-analyse/default/natpmp.pcap.out index 5712279c5..5bb9058a4 100644 --- a/test/results/flow-analyse/default/natpmp.pcap.out +++ b/test/results/flow-analyse/default/natpmp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,31,24821,88,28,4,0,4,0,0,0,4,4,0,2,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,31,24821,88,28,4,0,4,0,0,0,4,4,0,2,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nats.pcap.out b/test/results/flow-analyse/default/nats.pcap.out index 9b21f246d..3ea5db06e 100644 --- a/test/results/flow-analyse/default/nats.pcap.out +++ b/test/results/flow-analyse/default/nats.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,13907,276,636,2,1,1,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,13907,276,636,2,1,1,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/naver.pcap.out b/test/results/flow-analyse/default/naver.pcap.out index 7a94ae0a9..0fbd82129 100644 --- a/test/results/flow-analyse/default/naver.pcap.out +++ b/test/results/flow-analyse/default/naver.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,26423,1551,10972,3,0,3,0,0,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,26177,1551,10972,3,0,3,0,0,0,3,3,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/flow-analyse/default/ndpi_match_string_subprotocol__error.pcapng.out index 22a987dfb..674bbaf76 100644 --- a/test/results/flow-analyse/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/flow-analyse/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,13270,1648,1053,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,13,13270,1648,1053,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nest_log_sink.pcap.out b/test/results/flow-analyse/default/nest_log_sink.pcap.out index fcd5c4bfd..d5a068f0a 100644 --- a/test/results/flow-analyse/default/nest_log_sink.pcap.out +++ b/test/results/flow-analyse/default/nest_log_sink.pcap.out @@ -10,4 +10,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.242.15,35.174.82.237,tcp,63350,11095,finished,18,14,1536718052990525,1536718206570249,1536718206634864,0,0,531,677,1623,1739,0,1252,9910454.0,60155801,20689402.0,428051338887168.0,2.7,"68635,72232,634362,701888,15937,150934,1314255,1491295,109213,70989,18037,93450,70186,72141,7151,80030,74076,77118,76505,41618,115484,208508,59946855,60155801,60057740,60124304,30586012,30652885,66856,1252,68314",40,147.1,717,180.1,32452.7,4.2,"46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40","10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1","4.260394096,4.921897411,4.434307098,6.934753895,4.931686878,7.082575321,4.501398087,5.325510979,4.981687546,6.942802429,4.981687069,5.756309986,6.493349075,7.689117908,4.434307098,6.784736156,6.532172680,6.853400707,6.767163754,4.457919598,7.212311268,5.867391586,4.501398087,4.544876099,5.031687260,5.031687260,4.544876099,5.644305706,5.031687260,4.544876099,4.588354588,5.031687260",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" 1,ip4,192.168.242.15,35.174.82.237,tcp,63352,11095,finished,18,14,1536718206572751,1536718392321066,1536718332214337,0,0,532,676,1942,1904,0,4658,10044835.0,60173109,21953530.0,481957439864832.0,2.6,"65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330",40,162.2,716,185.8,34529.8,4.3,"46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46","10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0","4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,168,149952,55213,20167,17,12,5,8,10,1,16,5,0,1,0,80,1,0,1,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,1,0,0,0,0,0,0,17,0,0,13,4,0,0,17,16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,168,149952,55213,20167,17,12,5,8,10,1,16,5,0,1,0,80,1,0,1,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,1,0,0,0,0,0,0,17,0,0,13,4,0,0,17,16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netbios.pcap.out b/test/results/flow-analyse/default/netbios.pcap.out index af814ddb4..3718c1b1b 100644 --- a/test/results/flow-analyse/default/netbios.pcap.out +++ b/test/results/flow-analyse/default/netbios.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.4.131,10.0.5.255,udp,137,137,finished,32,0,1447772210350540,1447772220435262,1447772210350540,50,0,50,0,1600,0,0,14022,325313.6,749995,214669.9,46083158016.0,4.6,"471274,14022,264705,470792,80220,113829,555812,80046,113289,146849,489849,113312,146439,749995,33651,749542,308595,441426,307586,628917,121033,628920,470970,278997,470688,458539,291466,334217,123758,93119,532865",78,78.0,78,0.0,0.0,5.0,"78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.124596119,4.134274006,4.159914970,4.089276791,4.134274006,4.134274006,4.134274006,4.134274006,4.159914970,4.159914970,4.159914970,4.159914970,4.159914970,4.159914970,4.159914970,4.124596119,4.124596119,4.159914970,4.124596119,4.159914970,4.134274006,4.159914970,4.134274006,4.159914970,4.134274006,4.159914970,4.159914970,4.159914970,4.134274006,4.159914970,4.159914970,4.159914970",NetBIOS,10,0,Acceptable,System,6,DPI,"" 1,ip4,10.0.5.233,10.0.5.255,udp,137,137,finished,32,0,1447772211392771,1447772242251393,1447772211392771,50,0,50,0,1600,0,0,749128,995439.4,1515990,356068.3,126784610304.0,4.9,"749395,750108,1510862,749350,750084,1512101,749146,750073,1513657,749593,750165,1509201,749922,750117,1511084,749128,750100,1515990,749246,750060,1507974,749281,750095,1513465,749807,750021,1513052,749194,750091,1506879,749381",78,78.0,78,0.0,0.0,5.0,"78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3.923101902,3.923101902,3.923101902,3.852463722,3.780971527,3.862141609,3.923101902,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.923101902,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.897460699,3.897460699,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.820537567,3.897460699",NetBIOS,10,0,Acceptable,System,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,90,76316,13099,700,16,0,16,5,2,1,15,0,0,2,0,31,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,2,0,0,0,0,0,0,16,0,0,2,14,0,0,16,15,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,90,75721,13099,700,16,0,16,5,2,1,15,0,0,0,0,31,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,2,14,0,0,16,15,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netbios_wildcard_dns_query.pcap.out b/test/results/flow-analyse/default/netbios_wildcard_dns_query.pcap.out index 1fbbd5654..307856894 100644 --- a/test/results/flow-analyse/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/flow-analyse/default/netbios_wildcard_dns_query.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5891,50,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5891,50,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netease_games.pcapng.out b/test/results/flow-analyse/default/netease_games.pcapng.out index 914e57d89..0de7296e1 100644 --- a/test/results/flow-analyse/default/netease_games.pcapng.out +++ b/test/results/flow-analyse/default/netease_games.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,42,34664,874,782,5,0,5,0,0,0,5,3,0,2,0,19,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,3,0,0,0,0,0,0,5,0,0,1,4,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,42,34582,874,782,5,0,5,0,0,0,5,3,0,2,0,19,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,3,0,0,0,0,0,0,5,0,0,1,4,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netflix.pcap.out b/test/results/flow-analyse/default/netflix.pcap.out index 79fa074a8..0855efbaa 100644 --- a/test/results/flow-analyse/default/netflix.pcap.out +++ b/test/results/flow-analyse/default/netflix.pcap.out @@ -27,4 +27,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.7,184.25.204.10,tcp,53252,80,finished,6,26,1484319118658049,1484319118854817,1484319119584735,0,0,245,1448,245,34752,0,508,36240.5,99830,21554.2,464585632.0,4.7,"16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489",52,1146.7,1500,613.3,376142.5,4.7,"64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" 1,ip4,192.168.1.7,184.25.204.10,tcp,53251,80,finished,14,18,1484319118657433,1484319120611345,1484319120609765,0,0,245,1448,490,22387,0,241,126007.9,1416280,340787.6,116136157184.0,2.6,"15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156",52,767.5,1500,698.9,488505.9,4.3,"64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52","12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0","4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,557,565158,117204,768140,61,31,30,9,27,1,60,69,0,33,0,266,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,49,0,22,38,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,13,0,0,0,1,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,70,18,1,0,0,0,0,61,0,0,47,13,0,1,61,60,1,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,32,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,18,0,0 +0,557,562862,117204,768140,61,31,30,9,27,1,60,69,0,33,0,266,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,49,0,22,38,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,13,0,0,0,1,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,70,18,1,0,0,0,0,61,0,0,47,13,0,1,61,60,1,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,32,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,18,0,0 diff --git a/test/results/flow-analyse/default/netflow-fritz.pcap.out b/test/results/flow-analyse/default/netflow-fritz.pcap.out index 28e5c077a..edc04eead 100644 --- a/test/results/flow-analyse/default/netflow-fritz.pcap.out +++ b/test/results/flow-analyse/default/netflow-fritz.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,5825,180,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,5825,180,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/netflowv9.pcap.out b/test/results/flow-analyse/default/netflowv9.pcap.out index 5fe156c9e..4abf3c7c7 100644 --- a/test/results/flow-analyse/default/netflowv9.pcap.out +++ b/test/results/flow-analyse/default/netflowv9.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,17011,13468,0,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,17011,13468,0,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nfsv2.pcap.out b/test/results/flow-analyse/default/nfsv2.pcap.out index fb44ca929..8d279c0b6 100644 --- a/test/results/flow-analyse/default/nfsv2.pcap.out +++ b/test/results/flow-analyse/default/nfsv2.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,139.25.22.2,139.25.22.102,udp,1023,2049,finished,16,16,944207338490000,944207338580000,944207338580000,124,0,172,128,2168,1208,0,0,5806.5,40000,10088.1,101768992.0,3.3,"0,0,0,40000,40000,0,0,0,10000,10000,0,0,0,0,0,10000,10000,10000,10000,0,0,0,0,10000,10000,0,0,0,0,10000,10000",56,133.5,200,43.1,1860.8,4.9,"152,124,152,76,160,56,160,56,192,156,152,124,152,124,160,156,184,124,160,156,160,56,160,56,160,156,160,56,200,56,152,124","0,0,0,5,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","3.371484280,3.525987864,3.379018784,3.466069698,3.343606710,3.300534248,3.343606710,3.300534248,3.290571213,3.348722219,3.371484280,3.323238611,3.371484280,3.487642050,3.331106663,3.335901976,3.693611860,3.362390041,3.331106663,3.362183094,3.365244627,3.300534248,3.365244627,3.215625525,3.331106663,3.379842520,3.352744579,3.300534248,3.235463142,3.225106239,3.358326435,3.513812542",NFS,11,0,Acceptable,DataTransfer,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,42,34973,10080,6512,7,0,7,0,1,0,7,0,0,5,0,17,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,5,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,42,34973,10080,6512,7,0,7,0,1,0,7,0,0,5,0,17,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,5,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nfsv3.pcap.out b/test/results/flow-analyse/default/nfsv3.pcap.out index 5b152a0ed..86a5ef15f 100644 --- a/test/results/flow-analyse/default/nfsv3.pcap.out +++ b/test/results/flow-analyse/default/nfsv3.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,139.25.22.2,139.25.22.102,udp,1022,2049,finished,16,16,944207397400000,944207397500000,944207397500000,128,0,184,272,2256,2044,0,0,6451.6,50000,12325.8,151925088.0,3.2,"0,0,10000,10000,0,0,0,50000,50000,0,0,0,10000,10000,0,0,0,10000,10000,0,0,0,10000,10000,0,0,0,10000,10000,0,0",60,162.4,300,63.4,4021.9,4.9,"156,140,156,192,156,196,156,168,164,60,164,60,212,300,156,140,192,172,164,60,164,60,164,268,164,60,208,288,164,268,164,60","0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","3.326711178,3.327016592,3.326071262,3.163861752,3.338891745,3.169299841,3.334052563,3.097134829,3.262883663,3.180556774,3.262883902,3.113889694,2.862895966,3.295031309,3.326711178,3.137918949,3.170489788,3.257602215,3.320102930,3.147223234,3.332298279,3.147223234,3.250688314,3.172522783,3.332298279,3.180556774,3.225916147,3.296354771,3.267486334,3.381330967,3.502039671,3.180556774",NFS,11,0,Acceptable,DataTransfer,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,47,39244,8508,8932,8,0,8,0,1,0,8,0,0,6,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,47,39244,8508,8932,8,0,8,0,1,0,8,0,0,6,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nintendo.pcap.out b/test/results/flow-analyse/default/nintendo.pcap.out index 7c8b96a4d..9a8d74102 100644 --- a/test/results/flow-analyse/default/nintendo.pcap.out +++ b/test/results/flow-analyse/default/nintendo.pcap.out @@ -5,4 +5,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.114,93.237.131.235,udp,55915,56066,finished,22,10,1500731343061460,1500731344751616,1500731344671142,60,0,844,844,4168,1560,0,67,106446.4,757918,188381.8,35487694848.0,3.4,"726,2728,200750,236,363,313750,216,309,757918,67,245897,246,38434,238,116689,3047,25905,110485,1189,79734,7959,87905,10077,91853,20145,506365,607064,9714,10174,12917,36738",88,207.0,872,231.8,53743.0,4.4,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472","0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0","6.039587021,6.058817387,5.969922066,6.032328129,6.054103374,6.019590855,6.073334694,6.111796379,6.092565060,6.168863773,6.214584351,6.109002590,6.140205860,6.123519897,6.154723167,6.208508015,6.138843060,6.726152897,5.973575592,6.683043003,5.940660000,5.584841251,5.973575592,5.570620537,5.787140369,6.150815010,6.182018280,6.004880905,7.315718174,5.846724510,6.181584358,6.204835892",Nintendo,173,0,Fun,Game,6,DPI,"" 1,ip4,192.168.12.114,81.61.158.138,udp,55915,51769,finished,20,12,1500731343266581,1500731344811760,1500731344805333,60,0,844,844,2304,1712,0,137,99481.6,649265,183756.7,33766533120.0,3.2,"295,399,313495,260,289,284287,137,381,629371,5230,43658,5349,61371,137,131610,65365,7948,186,836,31052,435,67583,2946,484,7525,105852,5669,103301,9836,549379,649265",88,153.5,872,186.3,34709.8,4.4,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,104,104,88,104,104,872,88,872,88,104,104,88","0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0","6.066075802,6.142999172,6.123768806,6.032328606,6.188719273,6.181460857,6.181460857,6.169488430,6.111796379,6.038962364,6.065451622,6.120974541,6.128233433,6.053479195,6.116261482,6.740974426,6.004880905,6.097030163,6.166695118,6.774616718,6.150815487,6.220480442,5.905394077,6.170046329,6.234997272,5.541868210,5.928121090,5.589448929,6.027608395,6.189277172,6.140205860,6.004880905",Nintendo,173,0,Fun,Game,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,164,137253,151475,137750,21,2,19,0,5,6,15,9,0,2,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,1,2,12,0,0,0,0,0,0,0,0,0,0,0,1,0,0,9,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0,4,15,2,0,21,15,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,164,137007,151475,137750,21,2,19,0,5,6,15,9,0,2,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,1,2,12,0,0,0,0,0,0,0,0,0,0,0,1,0,0,9,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0,4,15,2,0,21,15,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/nntp.pcap.out b/test/results/flow-analyse/default/nntp.pcap.out index 9325d124b..c0f3e4bc5 100644 --- a/test/results/flow-analyse/default/nntp.pcap.out +++ b/test/results/flow-analyse/default/nntp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.190.20,192.168.190.5,tcp,55630,119,finished,19,13,1258844926423672,1258844993785292,1258844993785209,0,0,31,1448,113,4808,0,29,4345908.0,25684268,7782391.0,60565611347968.0,3.1,"157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283",40,205.9,1500,397.4,157950.1,3.6,"60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40","19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0","4.471673489,4.918822765,4.878231525,5.476410866,4.931209564,5.179985523,4.961856842,5.561774254,5.435857296,5.000318050,5.478010178,4.892747879,5.210754871,5.673897266,4.969671249,5.291449070,5.852569103,4.878231049,5.413592815,4.878231049,5.543476105,5.549430847,4.931209564,5.298630238,5.766685963,4.767184258,5.374790192,4.825252533,4.982897282,4.817437172,5.532413483,3.670482159",Usenet,93,0,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10136,113,4808,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10136,113,4808,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/no_sni.pcap.out b/test/results/flow-analyse/default/no_sni.pcap.out index a52861db0..fd916cbf6 100644 --- a/test/results/flow-analyse/default/no_sni.pcap.out +++ b/test/results/flow-analyse/default/no_sni.pcap.out @@ -1,6 +1,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.119,104.16.249.249,tcp,51606,443,info,17,15,1604822444486731,1604822444918595,1604822444918472,0,0,616,682,1296,1416,0,4,27858.2,180261,53974.2,2913210624.0,3.0,"137944,138022,4673,280,93,180261,3035,178242,156,4,141,2334,6395,1417,5511,15440,136,687,115,1388,73966,13479,4177,2946,6,76790,62,5422,2521,12,7950",40,127.2,722,163.8,26828.9,4.2,"64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40","10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0","4.396777153,4.868495941,4.453056812,7.114666462,4.555532932,6.968688488,4.414441109,7.666847229,4.630641460,6.135609627,4.457919598,4.630641460,6.314809799,4.414441109,5.619441509,4.511769772,6.797011852,6.413628101,6.156311035,6.369709969,5.547562122,4.414441109,4.414441109,4.414441109,7.324114323,5.703947544,4.630641460,4.630641460,4.457919598,7.272934914,5.647610664,4.630641460",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"" -1,ip4,192.168.1.119,104.16.124.96,tcp,51612,443,info,16,16,1604822444913120,1604822445694881,1604822445694834,0,0,947,1460,2075,8322,0,120,50434.7,472643,107031.5,11455736832.0,3.0,"121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593",40,367.0,1500,489.4,239474.4,3.9,"64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40","12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0","0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0","4.459277153,4.906957626,4.434184551,7.493985176,4.501398087,6.837790012,4.611769199,6.011372089,6.893880844,7.790526867,4.501398087,7.625611782,4.561769009,4.501398087,5.703947067,4.561769009,5.575730801,4.457919598,4.501398087,7.808494568,4.611769199,7.795384884,4.611769199,7.862168789,4.611769199,7.876565933,4.611769199,7.855591774,7.425184250,4.611769199,7.806784630,4.611769199",TLS,91,1,Safe,Web,6,DPI,"" -1,ip4,192.168.1.119,104.22.72.170,tcp,51637,443,info,18,14,1604822447287011,1604822447783794,1604822447783495,0,0,712,1460,1453,5882,0,23,32040.9,143742,43042.9,1852691072.0,3.8,"81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500",40,271.3,1500,409.4,167573.6,3.8,"64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40","12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0","4.459277153,4.906957626,4.521928787,7.339107990,4.501398087,7.864248276,7.833704948,4.680641651,5.877521515,6.990070820,7.449111938,6.292889118,6.375582218,7.833081245,4.709867954,4.544876099,7.609548569,4.680641651,5.444761276,4.457919598,5.626344681,4.680641651,7.643690109,5.580639362,4.630641460,4.630641460,7.406938553,4.680641651,5.636977673,4.680641651,7.347516537,4.680641651",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.119,104.16.124.96,tcp,51612,443,info,16,16,1604822444913120,1604822445694881,1604822445694834,0,0,947,1460,2075,8322,0,120,50434.7,472643,107031.5,11455736832.0,3.0,"121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593",40,367.0,1500,489.4,239474.4,3.9,"64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40","12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0","0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0","4.459277153,4.906957626,4.434184551,7.493985176,4.501398087,6.837790012,4.611769199,6.011372089,6.893880844,7.790526867,4.501398087,7.625611782,4.561769009,4.501398087,5.703947067,4.561769009,5.575730801,4.457919598,4.501398087,7.808494568,4.611769199,7.795384884,4.611769199,7.862168789,4.611769199,7.876565933,4.611769199,7.855591774,7.425184250,4.611769199,7.806784630,4.611769199",TLS,91,1,Safe,Web,6,DPI,"21,24,52" +1,ip4,192.168.1.119,104.22.72.170,tcp,51637,443,info,18,14,1604822447287011,1604822447783794,1604822447783495,0,0,712,1460,1453,5882,0,23,32040.9,143742,43042.9,1852691072.0,3.8,"81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500",40,271.3,1500,409.4,167573.6,3.8,"64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40","12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0","4.459277153,4.906957626,4.521928787,7.339107990,4.501398087,7.864248276,7.833704948,4.680641651,5.877521515,6.990070820,7.449111938,6.292889118,6.375582218,7.833081245,4.709867954,4.544876099,7.609548569,4.680641651,5.444761276,4.457919598,5.626344681,4.680641651,7.643690109,5.580639362,4.630641460,4.630641460,7.406938553,4.680641651,5.636977673,4.680641651,7.347516537,4.680641651",TLS,91,1,Safe,Web,6,DPI,"21,24,52" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,79,72364,14690,42821,8,3,5,0,3,0,8,9,0,1,0,40,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,3,7,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,1,0,0,0,0,0,0,8,0,0,8,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,79,76634,14690,42821,8,3,5,0,3,0,8,9,0,5,0,40,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,3,7,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,1,16,0,0,0,0,0,8,0,0,8,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,8,0,0,0,0 diff --git a/test/results/flow-analyse/default/nomachine.pcapng.out b/test/results/flow-analyse/default/nomachine.pcapng.out index da91f94d0..81e3f1502 100644 --- a/test/results/flow-analyse/default/nomachine.pcapng.out +++ b/test/results/flow-analyse/default/nomachine.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.88.231,192.168.88.208,tcp,48084,4000,finished,17,15,1703593377933911,1703593380672489,1703593380672652,0,0,130,1241,469,1882,0,45,176687.7,1638095,448935.7,201543221248.0,2.3,"190,212,342,43936,970891,1014483,2738,11428,49938,1596287,1638095,555,784,775,56,55,140,845,42186,71319,29841,49,45,75,72,614,631,211,72,278,176",40,114.5,1281,213.6,45617.6,4.0,"60,52,40,52,40,51,40,170,1281,40,166,91,40,113,40,77,40,162,162,40,103,40,109,40,77,119,91,40,77,93,40,77","13,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1","4.759215832,5.001122475,4.734183788,5.154968739,4.881686687,5.194689751,4.712814808,5.340074539,7.582360744,4.781687260,6.524080753,5.931896210,4.781687260,6.249127865,4.781687260,5.665949345,4.781687260,6.671448708,6.689945221,4.712814808,6.021168709,4.643942833,6.196946144,4.712814808,5.656145573,6.375697613,5.953874588,4.662815094,5.743871212,6.012063980,4.731687069,5.701727390",NoMachine,378,1,Acceptable,RemoteAccess,6,DPI,"30" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,16071,655,2744,2,1,1,0,1,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,16071,655,2744,2,1,1,0,1,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ocs.pcap.out b/test/results/flow-analyse/default/ocs.pcap.out index a99db8e40..2a50f142a 100644 --- a/test/results/flow-analyse/default/ocs.pcap.out +++ b/test/results/flow-analyse/default/ocs.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 12,ip4,192.168.180.2,178.248.208.54,tcp,49881,80,finished,32,0,1449652787983929,1449652790713183,1449652787983929,0,0,663,0,663,0,0,450,88040.5,928563,172609.9,29794174976.0,3.5,"83797,14275,246872,572,450,68391,1837,71492,506,5433,4137,41728,146026,90832,71054,77421,63432,3718,80468,1653,86121,564,67336,32599,43283,386587,73735,2510,928563,31722,2140",52,83.1,715,113.8,12942.2,4.5,"60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64","31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.517588139,5.123517990,6.025798798,5.070159912,5.236322403,5.173415184,5.239589214,5.201192856,5.264100075,5.236322403,5.236322403,5.182154179,5.152114868,5.091758728,5.194910049,5.194910049,5.132410049,5.154164791,5.115703106,5.115703106,5.032077789,5.132410049,5.163660049,5.132410049,5.163660049,5.115703106,5.168681622,5.220060349,5.169355392,5.008133411,5.120864868,5.077819824",HTTP.OCS,7.218,0,Fun,Media,6,DPI,"46" 12,ip4,192.168.180.2,178.248.208.210,tcp,42590,80,finished,32,0,1449652842628827,1449652843470951,1449652842628827,0,0,152,0,152,0,0,77,27165.3,79495,29589.7,875550464.0,4.0,"71399,1526,54762,1106,3570,59902,605,77,5328,64776,1667,1533,79495,5458,58361,1849,64604,1987,67520,26503,42864,25995,65439,972,48553,1253,1960,1270,75524,1445,4821",52,63.9,204,26.3,690.5,4.9,"60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72","31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.550921917,5.046595097,5.875504971,5.154164791,5.115703106,5.154164791,5.192625999,5.154164791,5.194910049,5.226160049,5.194910049,5.226160049,5.329917908,5.226160049,5.251310349,5.296718597,5.391922951,5.336368084,5.251310349,5.294355392,5.294355392,5.207143307,5.154164314,5.168681622,5.091758728,5.168681622,5.168681622,5.130220413,5.168681622,5.207143307,5.313810349,5.324496269",HTTP.OCS,7.218,0,Fun,Media,6,DPI,"11,46" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,137,114626,12361,0,20,5,15,7,2,2,18,0,0,10,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,2,3,8,7,0,0,0,0,0,0,0,4,0,0,1,5,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,11,0,7,0,0,0,0,20,0,0,12,8,0,0,20,18,2,0,0,0,0,0,0,0,0,4,0,0,0,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0 +0,137,114421,12361,0,20,5,15,7,2,2,18,0,0,10,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,2,3,8,7,0,0,0,0,0,0,0,4,0,0,1,5,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,11,0,7,0,0,0,0,20,0,0,12,8,0,0,20,18,2,0,0,0,0,0,0,0,0,4,0,0,0,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ocsp.pcapng.out b/test/results/flow-analyse/default/ocsp.pcapng.out index 7f79ebd10..971fb41f8 100644 --- a/test/results/flow-analyse/default/ocsp.pcapng.out +++ b/test/results/flow-analyse/default/ocsp.pcapng.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.128,52.85.15.92,tcp,49382,80,finished,17,15,1623227471703092,1623227587366039,1623227587361645,0,0,396,1006,396,1006,0,379,7461984.0,10240568,4364520.0,19049033498624.0,4.6,"11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865",104,148.3,1110,185.9,34567.0,4.5,"112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104","16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" 1,ip4,192.168.1.128,23.12.96.145,tcp,49034,80,finished,17,15,1623229850956311,1623229914599193,1623229904370774,0,0,387,1448,1159,5872,0,0,3776043.2,10241196,4797137.5,23012529143808.0,3.6,"12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196",104,324.2,1552,431.7,186386.9,4.1,"112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104","14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0","3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,93,86690,6995,26118,10,10,0,0,6,0,10,0,0,0,0,50,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,93,86690,6995,26118,10,10,0,0,6,0,10,0,0,0,0,50,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/oicq.pcap.out b/test/results/flow-analyse/default/oicq.pcap.out index 312c496eb..8ba5c85f5 100644 --- a/test/results/flow-analyse/default/oicq.pcap.out +++ b/test/results/flow-analyse/default/oicq.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,146,121439,1324,0,29,0,29,14,0,0,29,0,0,0,0,29,1,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,29,0,0,29,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,146,121439,1324,0,29,0,29,14,0,0,29,0,0,0,0,29,1,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,29,0,0,29,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ookla.pcap.out b/test/results/flow-analyse/default/ookla.pcap.out index 9c6471a0d..e2f6a07ed 100644 --- a/test/results/flow-analyse/default/ookla.pcap.out +++ b/test/results/flow-analyse/default/ookla.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,55,43354,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,55,43190,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/opc-ua.pcap.out b/test/results/flow-analyse/default/opc-ua.pcap.out index fe3e52032..3f1b3ea31 100644 --- a/test/results/flow-analyse/default/opc-ua.pcap.out +++ b/test/results/flow-analyse/default/opc-ua.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 0,ip4,127.0.0.1,127.0.0.1,tcp,57420,4840,finished,16,16,1667935846902658,1667935846904298,1667935846904284,0,0,166,608,868,1518,0,16,105.4,198,44.3,1960.7,4.8,"55,64,16,58,86,65,129,99,163,105,151,161,191,96,147,149,198,71,115,70,128,91,151,80,135,60,116,75,126,40,75",52,127.3,660,136.7,18687.8,4.5,"64,64,52,52,108,52,80,52,184,52,187,52,145,52,556,52,218,52,660,52,213,52,148,52,179,52,123,52,185,52,128,52","9,1,1,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,2,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0","3.813809156,4.504331589,4.429176807,4.429176807,4.495126247,4.429176807,3.962491751,4.429176807,4.640767574,4.429176331,4.837442398,4.429176807,4.591342926,4.429176807,5.161721230,4.467638016,4.647413254,4.506099701,5.545300007,4.506099701,4.926007271,4.506099701,5.000817299,4.467638016,4.492839813,4.429176331,4.218745708,4.467638016,4.550030231,4.506099701,4.219731808,4.506099701",OPC-UA,360,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9923,12547,11671,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9923,12547,11671,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openflow.pcap.out b/test/results/flow-analyse/default/openflow.pcap.out index 85ef3b369..759b841f4 100644 --- a/test/results/flow-analyse/default/openflow.pcap.out +++ b/test/results/flow-analyse/default/openflow.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7848,332,92,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7848,332,92,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn-tlscrypt.pcap.out b/test/results/flow-analyse/default/openvpn-tlscrypt.pcap.out index 2c081f09c..ff4bd16a2 100644 --- a/test/results/flow-analyse/default/openvpn-tlscrypt.pcap.out +++ b/test/results/flow-analyse/default/openvpn-tlscrypt.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,17821,0,0,0,0,0,0,0,0,0,0,0,0,13,0,1,0,1,1,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,17821,0,0,0,0,0,0,0,0,0,0,0,0,13,0,1,0,1,1,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn.pcap.out b/test/results/flow-analyse/default/openvpn.pcap.out index 8b94e4edc..293503f66 100644 --- a/test/results/flow-analyse/default/openvpn.pcap.out +++ b/test/results/flow-analyse/default/openvpn.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,3.111.166.78,85.134.13.165,udp,51146,1194,finished,18,14,1512848303527265,1512848306813195,1512848307027916,14,0,126,1200,1541,4853,0,55,218922.0,2241123,513027.0,263196672000.0,2.8,"216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926",46,227.9,1228,364.9,133184.4,3.9,"46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50","5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1","4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" 1,ip4,127.0.0.1,127.0.0.1,tcp,36138,443,finished,16,16,1674530805823658,1674530806238844,1674530806238807,0,0,1460,1386,3980,4153,0,34,26785.0,221529,54768.3,2999562752.0,3.1,"22199,22283,1235,1541,24351,24605,380,617,225,122,221396,221529,844,1007,149,112,201,197,52335,56406,4152,2697,123,2780,147,117,34,22205,65582,61984,18780",40,296.7,1500,446.1,199012.8,3.8,"60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40","7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0","10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0","4.369529724,4.398030758,4.339823246,5.763498783,3.898455381,5.946529865,4.389823437,5.850727081,3.985411644,7.430057526,3.941933870,7.823157787,4.339823246,5.788781643,7.836597443,4.289823055,3.985411644,5.865244389,3.985411644,7.759013176,5.942167759,3.985411882,7.803529263,7.856170654,3.985411882,7.761924267,3.985411882,3.941933393,5.743062019,4.172574520,7.582319260,4.339823246",OpenVPN,159,1,Acceptable,VPN,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,96,91911,49021,52809,10,1,9,0,6,0,10,0,0,8,0,50,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,8,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,96,91974,49021,52809,10,1,9,0,6,0,10,0,0,8,0,50,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,8,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out b/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out index a6bf3a70d..fc74e2aeb 100644 --- a/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out +++ b/test/results/flow-analyse/default/openvpn_nohmac.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,3.111.166.78,85.134.13.165,udp,51146,1194,finished,18,14,1512848303527265,1512848306813195,1512848307027916,14,0,126,1200,1541,4853,0,55,218922.0,2241123,513027.0,263196672000.0,2.8,"216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926",46,227.9,1228,364.9,133184.4,3.9,"46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50","5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1","4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11280,113447,150832,1,0,1,1,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11280,113447,150832,1,0,1,1,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn_nohmac_tcp.pcapng.out b/test/results/flow-analyse/default/openvpn_nohmac_tcp.pcapng.out index c0639ec82..dd0cc0447 100644 --- a/test/results/flow-analyse/default/openvpn_nohmac_tcp.pcapng.out +++ b/test/results/flow-analyse/default/openvpn_nohmac_tcp.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.181.235.122,10.251.71.30,tcp,39772,1194,finished,17,15,1358197736781122,1358197737942660,1358197737942559,0,0,274,348,534,1480,0,210,74934.7,1014473,247074.6,61045854208.0,1.8,"218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210",52,115.4,400,89.5,8001.3,4.7,"60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76","14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0","4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10169,6986,7709,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10169,6986,7709,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openvpn_obfuscated.pcapng.out b/test/results/flow-analyse/default/openvpn_obfuscated.pcapng.out index 894fb3e40..5e41fa08d 100644 --- a/test/results/flow-analyse/default/openvpn_obfuscated.pcapng.out +++ b/test/results/flow-analyse/default/openvpn_obfuscated.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,185.128.25.99,tcp,37976,465,info,15,17,1722427237865123,1722427239098966,1722427239119270,0,0,749,1448,2029,6170,0,4,80257.7,1019751,241804.0,58469183488.0,2.3,"20026,22066,6196,28075,47,21155,1036,26262,32,5,4,27970,122,183,23639,57497,41848,4811,15826,16412,4857,7937,24736,465,24028,23273,24679,66760,1019751,977576,716",52,308.7,1500,431.5,186180.0,4.0,"60,60,52,140,52,152,52,429,148,1500,1500,1500,52,52,152,164,52,52,376,873,52,52,801,52,310,172,395,176,52,199,52,148","7,0,1,3,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,4,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1","4.713300705,5.200119972,5.118428230,6.481626511,5.065449238,6.636507511,5.079966068,7.256804943,6.578202248,7.858069420,7.854922771,7.883089542,5.041504383,5.118428230,6.483579159,6.730767250,5.079966068,5.079966068,7.347016811,7.755306244,5.079966545,5.118428230,7.724539757,5.156889439,7.263402939,6.729237556,7.474316120,6.499718189,5.118428230,6.903886318,5.118427753,6.545400143",,,,,,,,"" 1,ip4,107.161.86.131,192.168.12.156,tcp,443,48072,info,11,21,1722705590754656,1722705591511972,1722705591387622,0,0,100,46,196,218,0,26,44847.8,303035,76201.7,5806696960.0,3.5,"102069,4840,6500,5499,5384,5348,5717,5375,5168,5616,5148,255594,100325,15640,143042,32722,143022,26,303035,27745,1278,5419,5419,5738,6677,5026,142895,27779,1244,5483,5509",52,67.3,152,23.7,562.8,4.9,"60,52,61,61,61,61,61,61,61,61,61,59,64,88,58,80,80,52,152,98,52,59,59,59,59,59,59,52,148,52,52,52","9,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","19,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0","5.300120831,5.233812809,5.399485111,5.467381954,5.434595108,5.401808262,5.500168800,5.401808262,5.455006599,5.377057552,5.233534813,5.055375576,5.207358360,5.946230888,5.336176872,5.165400982,5.130965233,5.231892586,6.316833973,5.691545963,5.156889915,5.259676456,5.280779839,5.403578281,5.333379745,5.369679928,5.299482346,5.193430901,6.433825016,5.140452385,5.193430901,5.270354271",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,26642,14851,27360,3,0,3,0,2,3,0,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,1,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,26642,14851,27360,3,0,3,0,2,3,0,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,1,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/openwire.pcapng.out b/test/results/flow-analyse/default/openwire.pcapng.out index 88d0c0fbc..de48a397f 100644 --- a/test/results/flow-analyse/default/openwire.pcapng.out +++ b/test/results/flow-analyse/default/openwire.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,15038,0,0,0,0,0,0,0,0,0,0,0,0,16,0,1,0,1,1,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,15038,0,0,0,0,0,0,0,0,0,0,0,0,16,0,1,0,1,1,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/opera-vpn.pcapng.out b/test/results/flow-analyse/default/opera-vpn.pcapng.out index 069f8d7d3..a517556a9 100644 --- a/test/results/flow-analyse/default/opera-vpn.pcapng.out +++ b/test/results/flow-analyse/default/opera-vpn.pcapng.out @@ -60,4 +60,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.29,77.111.247.69,tcp,51464,443,info,15,17,1694275760159362,1694275760281658,1694275760309664,0,0,1425,1440,2641,8573,0,2,8793.5,31869,12758.7,162784304.0,3.5,"27814,27894,493,28703,585,28762,647,649,242,123,27168,43,5005,31869,89,47,126,129,27303,4099,31345,165,134,214,2,194,86,122,214,26695,1637",52,403.1,1492,505.2,255231.4,4.0,"64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044","10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1","4.147110939,5.166787148,4.606328011,4.419630051,4.933627129,7.819243431,4.659306526,7.802917004,4.659306526,5.959871769,7.870406628,4.986605644,4.948144436,5.947135925,4.697768211,5.982440948,5.655566216,4.697768211,7.635627747,5.025067329,7.836093426,4.697768211,7.836949825,4.736229897,7.868122101,7.667487621,4.697768211,7.753278255,4.736229897,6.269422054,5.025067329,7.793452740",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" 1,ip4,192.168.1.29,77.111.247.69,tcp,51465,443,info,16,16,1694275760188445,1694275760330661,1694275760330585,0,0,1407,1440,3236,6065,0,50,9172.8,31292,12464.9,155373488.0,3.6,"26508,26656,121,27208,469,27459,90,122,166,118,25308,1248,5045,31292,95,50,135,141,26082,1531,27473,147,145,226,218,285,128,25620,80,2433,27757",52,343.3,1492,466.3,217422.7,3.9,"64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1184,52,154,659,52,52,274,52","10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0","4.209610939,5.279368401,4.736229897,4.419954300,5.101990700,7.829117298,4.813152790,7.823664188,4.813152790,6.035345554,7.863707542,5.140452385,5.101990700,5.872906685,4.813152790,5.931313038,5.576619148,4.813152790,7.646970272,5.101990700,7.820407391,4.813152790,7.792932510,4.813152790,7.834312439,4.813152790,6.429463387,7.615536690,4.948144436,5.025067806,7.217590809,4.736229897",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,618,625039,206752,980038,62,28,34,0,60,1,61,61,0,1,0,308,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,60,0,61,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,2,0,0,0,0,0,0,62,0,0,62,0,0,0,62,61,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,618,620144,206752,980038,62,28,34,0,60,1,61,61,0,1,0,308,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,60,0,61,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,2,0,0,0,0,0,0,62,0,0,62,0,0,0,62,61,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/oracle12.pcapng.out b/test/results/flow-analyse/default/oracle12.pcapng.out index 819c29a41..217dbd901 100644 --- a/test/results/flow-analyse/default/oracle12.pcapng.out +++ b/test/results/flow-analyse/default/oracle12.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8060,941,441,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8060,941,441,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/os_detected.pcapng.out b/test/results/flow-analyse/default/os_detected.pcapng.out index c9c8c568d..0abc26071 100644 --- a/test/results/flow-analyse/default/os_detected.pcapng.out +++ b/test/results/flow-analyse/default/os_detected.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,8186,1252,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 +0,7,8021,1252,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 diff --git a/test/results/flow-analyse/default/ospfv2_add_new_prefix.pcap.out b/test/results/flow-analyse/default/ospfv2_add_new_prefix.pcap.out index e24ecbf55..b0ecc91ee 100644 --- a/test/results/flow-analyse/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/flow-analyse/default/ospfv2_add_new_prefix.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,6197,88,44,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,6197,88,44,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_1.pcapng.out index 8eabb25ec..c4dd873e0 100644 --- a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,50157,2613,28,10,0,10,3,0,0,8,0,2,7,0,18,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,8,1,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,5,6,0,0,0,0,0,10,0,0,6,4,0,0,10,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,6,0,0,0,0,0,0 +0,59,50157,2613,28,10,0,10,3,0,0,8,0,2,7,0,18,1,0,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,8,1,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,5,6,0,0,0,0,0,10,0,0,6,4,0,0,10,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,6,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_2.pcapng.out index 1ce84a31b..079a69c01 100644 --- a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.1,10.10.10.1,tcp,8787,32177,finished,15,17,330297046,331331838,331332084,0,0,1460,1460,6059,4420,0,25,66768.7,274397,88285.8,7794386432.0,3.8,"136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29",40,369.0,1500,516.4,266637.3,3.8,"60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40","5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0","11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0","0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1","4.593347073,4.569403648,4.267595291,4.557471752,4.561769485,3.980688334,4.511769295,7.562818527,7.355636597,4.442897320,4.561769485,4.850268364,4.354552269,3.829532146,4.398030758,7.720746994,7.806058884,4.287461758,7.654390335,4.561769485,7.519946575,7.677032471,4.611769676,6.499645710,4.460224152,4.611769676,3.810093641,4.611769676,7.548070431,7.340783596,4.611769676,4.561769485",TeamViewer,148,1,Acceptable,RemoteAccess,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,65,50097,13912,15230,8,3,5,0,1,1,7,0,0,1,0,34,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,7,0,7,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,1,0,0,0,0,0,8,0,0,6,2,0,0,8,7,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,65,50097,13912,15230,8,3,5,0,1,1,7,0,0,1,0,34,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,7,0,7,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,1,0,0,0,0,0,8,0,0,6,2,0,0,8,7,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_3.pcapng.out index 074633942..f8c686f8a 100644 --- a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,7551,82,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,7551,82,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_4.pcapng.out index 7794f1cbc..743f347ae 100644 --- a/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/flow-analyse/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,5907,4,8,1,0,1,0,0,0,0,0,1,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,5907,4,8,1,0,1,0,0,0,0,0,1,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/paltalk.pcapng.out b/test/results/flow-analyse/default/paltalk.pcapng.out index 7d5d33925..d9797915e 100644 --- a/test/results/flow-analyse/default/paltalk.pcapng.out +++ b/test/results/flow-analyse/default/paltalk.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,33,26314,1047,1460,4,0,4,0,0,0,4,1,0,1,0,16,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,33,26232,1047,1460,4,0,4,0,0,0,4,1,0,1,0,16,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/path_of_exile.pcapng.out b/test/results/flow-analyse/default/path_of_exile.pcapng.out index e5b598d2a..055095afe 100644 --- a/test/results/flow-analyse/default/path_of_exile.pcapng.out +++ b/test/results/flow-analyse/default/path_of_exile.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,7357,31,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,34,24937,88,0,4,0,4,0,0,0,4,0,0,0,0,16,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pfcp.pcapng.out b/test/results/flow-analyse/default/pfcp.pcapng.out index ba623a493..9944d9eae 100644 --- a/test/results/flow-analyse/default/pfcp.pcapng.out +++ b/test/results/flow-analyse/default/pfcp.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8837,2395,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8837,2395,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pgm.pcap.out b/test/results/flow-analyse/default/pgm.pcap.out index 523b1cbff..a41ff514a 100644 --- a/test/results/flow-analyse/default/pgm.pcap.out +++ b/test/results/flow-analyse/default/pgm.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.244.64.154,235.0.1.47,113,,,finished,32,0,1654564815455078,1654564817394846,1654564815455078,36,0,1310,0,5416,0,0,16,62573.2,840685,155726.8,24250839040.0,2.9,"840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009",56,189.2,1330,214.8,46132.5,4.5,"56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113","0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.207933426,3.772077084,3.737904549,4.289524555,3.977143764,4.305780411,3.733274460,3.889899492,4.148006916,4.292365074,4.336574078,4.226692677,4.062590599,3.930770159,4.197418690,4.412383080,3.835077763,3.796297789,4.342565060,3.788575172,3.851600647,4.257427692,4.309153080,4.246764660,3.757787228,3.886102915,3.938454628,3.971912861,3.968787670,3.964792728,3.751131535,3.773303032",PGM,296,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,12016,162302,0,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,12016,162302,0,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pgsql.pcap.out b/test/results/flow-analyse/default/pgsql.pcap.out index 13889ab50..ba913a7c0 100644 --- a/test/results/flow-analyse/default/pgsql.pcap.out +++ b/test/results/flow-analyse/default/pgsql.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,52,36167,1157,1836,6,3,3,0,0,0,6,0,0,0,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,52,36167,1157,1836,6,3,3,0,0,0,6,0,0,0,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pgsql2.pcapng.out b/test/results/flow-analyse/default/pgsql2.pcapng.out index b330b0d58..0ec361646 100644 --- a/test/results/flow-analyse/default/pgsql2.pcapng.out +++ b/test/results/flow-analyse/default/pgsql2.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7964,800,1416,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7964,800,1416,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pia.pcap.out b/test/results/flow-analyse/default/pia.pcap.out index ffa0e649d..4e44a7ac8 100644 --- a/test/results/flow-analyse/default/pia.pcap.out +++ b/test/results/flow-analyse/default/pia.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12703,610,2622,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,12580,610,2622,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pim.pcap.out b/test/results/flow-analyse/default/pim.pcap.out index d7f5fb2c0..3de63b566 100644 --- a/test/results/flow-analyse/default/pim.pcap.out +++ b/test/results/flow-analyse/default/pim.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7777,580,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7777,580,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pinterest.pcap.out b/test/results/flow-analyse/default/pinterest.pcap.out index 8310df813..33e2dbe3f 100644 --- a/test/results/flow-analyse/default/pinterest.pcap.out +++ b/test/results/flow-analyse/default/pinterest.pcap.out @@ -2,7 +2,7 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7854,tcp,33262,443,info,15,17,1605289713743557,1605289713845515,1605289714059633,0,0,517,1048,1112,8219,0,0,13485.0,172415,32478.6,1054859584.0,2.7,"17629,17683,505,39969,1745,1,2,41182,41,13,234,2,0,175,23,26,7012,281,424,41621,1,1,33877,492,1,473,243,41960,172415,2,1",72,364.1,1120,421.4,177613.6,4.2,"80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549","10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1","4.847575665,5.229952335,5.179864883,4.532552719,5.045369625,6.786690235,4.454385281,6.617737293,5.179864883,5.207642555,5.263197899,7.131698132,7.585322857,6.331103802,5.207642555,5.150118828,5.137001514,6.091404438,6.368394852,7.380807877,5.073147297,5.045369625,7.067039967,5.263197899,6.187361240,5.128702641,5.207642555,5.611329079,5.128702641,7.815224648,7.838888168,7.557251453",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::84,tcp,38512,443,info,18,14,1605289714142423,1605289714260622,1605289714260607,0,0,954,1388,2837,7034,0,0,7625.3,53871,14761.3,217895472.0,3.0,"29210,29304,461,30605,2146,1,1,1,32223,44,9,7,7205,255,2012,156,139,311,354,53871,1,222,1,43618,1326,1,0,1343,231,798,527",72,381.0,1460,486.9,237029.2,4.1,"80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72","9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0","4.621765614,5.087494850,5.064152718,4.449456215,4.904376030,6.379762650,5.172341347,7.343800068,7.630727291,5.109223843,5.043183804,5.081446171,5.109223843,6.011801243,6.221057415,7.200978279,7.082930088,6.925302982,7.362153053,6.891495228,4.942638397,4.914860725,4.942638397,7.062083721,5.109223843,6.069666862,4.887083054,4.970416069,5.109223843,5.576783180,7.859548092,5.109223843",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::2004,tcp,40694,443,info,17,15,1605289714590794,1605289714712098,1605289714737758,0,0,517,1208,1066,4645,0,0,8653.8,43788,13864.0,192210288.0,3.4,"26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257",72,251.0,1280,327.8,107441.1,4.1,"80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72","12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1","4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" -1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2600:1901::7a0b::,tcp,47032,443,info,18,14,1605289714558209,1605289714795031,1605289714793606,0,0,517,1208,1778,5802,0,0,15232.9,132689,29577.9,874849472.0,3.1,"23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74",72,309.4,1280,401.1,160869.7,4.1,"80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571","11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0","4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2600:1901:0:7a0b::,tcp,47032,443,info,18,14,1605289714558209,1605289714795031,1605289714793606,0,0,517,1208,1778,5802,0,0,15232.9,132689,29577.9,874849472.0,3.1,"23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74",72,309.4,1280,401.1,160869.7,4.1,"80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571","11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0","4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513",TLS,91,1,Safe,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7854,tcp,33280,443,info,16,16,1605289714658043,1605289714873020,1605289714873010,0,0,517,1048,1043,6264,0,0,13869.2,89623,22425.8,502918720.0,3.3,"39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623",72,300.8,1120,374.8,140490.0,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72","11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0","4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::720,tcp,57050,443,info,16,16,1605289714782619,1605289714902517,1605289714903070,0,0,517,1388,1077,12561,0,0,7753.2,50337,15382.7,236626480.0,2.9,"50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589",72,498.7,1460,595.9,355070.7,4.0,"80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460","12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1","4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614",TLS,91,1,Safe,Media,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a03:2880:f030:13:face:b00c::3,tcp,51292,443,info,18,14,1605289715274358,1605289715471680,1605289715427326,0,0,517,1380,1347,5004,0,0,11299.7,93180,21751.5,473125984.0,3.0,"26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879",72,271.0,1452,368.4,135732.3,4.1,"80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199","12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0","5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"" @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::84,tcp,38546,443,info,15,17,1605289732959160,1605289733287022,1605289733341107,0,0,517,1388,1151,10308,0,0,22897.1,135965,39614.3,1569289984.0,3.2,"46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0",72,430.6,1460,544.3,296293.8,4.0,"80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460","9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1","4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7a6e,tcp,40114,443,info,16,16,1605289733399863,1605289733500742,1605289733511200,0,0,517,1048,1017,8749,0,1,6845.7,45476,12150.2,147627232.0,3.2,"20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2",72,377.7,1120,441.2,194656.5,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120","11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1","4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235",TLS.ADS_Analytic_Track,91.107,1,Tracker\/Ads,Advertisement,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,297,300389,30054,337815,37,5,32,0,13,16,21,33,0,1,0,137,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,13,3,6,11,0,0,1,0,0,0,0,0,0,0,0,8,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,1,0,0,0,0,0,0,0,37,0,37,0,0,0,37,21,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,297,298306,30054,337815,37,5,32,0,13,16,21,33,0,1,0,137,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,13,3,6,11,0,0,1,0,0,0,0,0,0,0,0,8,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,1,0,0,0,0,0,0,0,37,0,37,0,0,0,37,21,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pluralsight.pcap.out b/test/results/flow-analyse/default/pluralsight.pcap.out index 446b95991..17f5b2d3c 100644 --- a/test/results/flow-analyse/default/pluralsight.pcap.out +++ b/test/results/flow-analyse/default/pluralsight.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,74606,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,73950,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pop3.pcap.out b/test/results/flow-analyse/default/pop3.pcap.out index 970287449..e496abcd2 100644 --- a/test/results/flow-analyse/default/pop3.pcap.out +++ b/test/results/flow-analyse/default/pop3.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.4,212.227.15.166,tcp,26383,110,finished,14,18,1377201783749577,1377201784718387,1377201784718464,0,0,66,1460,124,8905,0,67,62506.4,111543,37805.0,1429214336.0,4.6,"48715,48825,52076,85284,79802,1152,96824,99740,95016,92446,96843,111543,96817,82417,95960,94961,97000,96016,95243,97960,1952,51026,3189,67,3235,44696,56453,59665,2391,50284,99",40,324.9,1500,545.2,297234.1,3.5,"52,52,40,97,46,58,66,46,131,52,58,106,131,46,58,46,72,46,132,48,58,1500,40,1500,1500,40,1229,48,58,1500,40,1500","13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,5,0,0","0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1","4.421030998,4.853535175,4.780641556,5.658839703,4.965921879,5.375223160,5.222204208,4.922443390,5.467526913,5.038779736,5.202809334,5.763947487,5.449919701,4.922443390,5.142296314,4.835486412,5.067367077,4.922443390,5.701879501,4.967222214,5.271774769,6.020136833,4.780641556,5.349530697,5.308346272,4.780641556,5.390463829,4.951495647,5.306257725,5.634154797,4.730641365,5.796863556",POP3,2,0,Unsafe,Email,6,DPI,"22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,53,40204,417,22283,6,6,0,0,1,0,6,0,0,6,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,1,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,53,40204,417,22283,6,6,0,0,1,0,6,0,0,6,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,1,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pop3_stls.pcap.out b/test/results/flow-analyse/default/pop3_stls.pcap.out index af4dcaecf..d3effa027 100644 --- a/test/results/flow-analyse/default/pop3_stls.pcap.out +++ b/test/results/flow-analyse/default/pop3_stls.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.20.18,72.249.41.52,tcp,50583,110,info,13,19,1346096808946579,1346096812985585,1346096813059760,0,0,314,1460,648,5522,0,215,262973.8,2072094,524859.6,275477528576.0,3.3,"68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810",40,234.5,1500,417.0,173868.9,3.7,"52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89","9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1","4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179",POPS,23,1,Safe,Email,6,DPI,"7,22" +1,ip4,192.168.20.18,72.249.41.52,tcp,50583,110,info,13,19,1346096808946579,1346096812985585,1346096813059760,0,0,314,1460,648,5522,0,215,262973.8,2072094,524859.6,275477528576.0,3.3,"68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810",40,234.5,1500,417.0,173868.9,3.7,"52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89","9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1","4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179",POPS,23,1,Safe,Email,6,DPI,"7,8,22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,14157,805,7462,1,1,0,0,1,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,14569,805,7462,1,1,0,0,1,0,1,3,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pops.pcapng.out b/test/results/flow-analyse/default/pops.pcapng.out index b826896ef..699ce830a 100644 --- a/test/results/flow-analyse/default/pops.pcapng.out +++ b/test/results/flow-analyse/default/pops.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,12664,184,2520,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,12664,184,2520,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/portable_executable.pcap.out b/test/results/flow-analyse/default/portable_executable.pcap.out index c92b29c60..a13daaa9f 100644 --- a/test/results/flow-analyse/default/portable_executable.pcap.out +++ b/test/results/flow-analyse/default/portable_executable.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,18645,11308,11308,2,0,2,0,0,1,0,0,1,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,18725,11308,11308,2,0,2,0,0,2,0,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/pptp.pcap.out b/test/results/flow-analyse/default/pptp.pcap.out index f42db2d3b..88ca77abd 100644 --- a/test/results/flow-analyse/default/pptp.pcap.out +++ b/test/results/flow-analyse/default/pptp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7973,356,384,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7973,356,384,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/profinet-io-le.pcap.out b/test/results/flow-analyse/default/profinet-io-le.pcap.out index a3ad0fe32..97ca88dfc 100644 --- a/test/results/flow-analyse/default/profinet-io-le.pcap.out +++ b/test/results/flow-analyse/default/profinet-io-le.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,7011,164,268,1,0,1,0,0,0,1,0,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,7011,164,268,1,0,1,0,0,0,1,0,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/protobuf.pcap.out b/test/results/flow-analyse/default/protobuf.pcap.out index 35e035d86..61d6f8ecf 100644 --- a/test/results/flow-analyse/default/protobuf.pcap.out +++ b/test/results/flow-analyse/default/protobuf.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,47,33860,1086,0,5,5,0,0,0,0,5,0,0,0,0,25,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,47,33860,1086,0,5,5,0,0,0,0,5,0,0,0,0,25,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/protonvpn.pcap.out b/test/results/flow-analyse/default/protonvpn.pcap.out index be831ea0a..5331c7539 100644 --- a/test/results/flow-analyse/default/protonvpn.pcap.out +++ b/test/results/flow-analyse/default/protonvpn.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,20460,1624,6451,3,0,3,0,0,1,2,2,0,2,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,1,0,0,0,0,3,0,0,2,1,0,0,3,2,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,25,20337,1624,6451,3,0,3,0,0,1,2,2,0,2,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,1,0,0,0,0,3,0,0,2,1,0,0,3,2,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/psiphon3.pcap.out b/test/results/flow-analyse/default/psiphon3.pcap.out index 7786f9c69..7e74943ba 100644 --- a/test/results/flow-analyse/default/psiphon3.pcap.out +++ b/test/results/flow-analyse/default/psiphon3.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 12,ip4,192.168.0.103,104.18.151.190,tcp,40557,443,info,18,14,1613865079123029,1613865079254264,1613865079202653,0,0,1008,1460,2038,5498,0,0,6801.9,46102,10684.6,114161304.0,3.6,"6003,17375,0,14372,0,0,998,15961,7000,4998,0,0,3002,27963,1997,2998,1002,0,7002,25852,0,1389,0,0,4047,20760,1037,46102,1001,0,0",40,277.5,1500,421.9,177964.3,3.8,"60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048","10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0","4.559092522,4.559092522,4.801308632,4.801308632,4.780641556,5.412927151,4.780641556,5.412927151,4.780641079,4.780641079,6.953819275,7.189953327,6.953819275,7.189953327,4.780641556,4.780641556,4.780641556,4.780641556,5.944580555,5.944580555,4.780641079,4.780641079,7.039272308,5.966729164,7.039272308,5.966729164,4.730641365,4.730641365,6.272472382,7.310267448,5.370555401,7.811244488",TLS.Psiphon,91.303,1,Acceptable,VPN,6,DPI,"24,52" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,14172,3700,5574,1,1,0,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0 +0,14,14049,3700,5574,1,1,0,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0 diff --git a/test/results/flow-analyse/default/ptpv2.pcap.out b/test/results/flow-analyse/default/ptpv2.pcap.out index de3cf6df5..e3259062b 100644 --- a/test/results/flow-analyse/default/ptpv2.pcap.out +++ b/test/results/flow-analyse/default/ptpv2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,17454,796,0,3,0,3,0,0,0,3,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,17454,796,0,3,0,3,0,0,0,3,0,0,0,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/punycode-idn.pcap.out b/test/results/flow-analyse/default/punycode-idn.pcap.out index 3642e93b9..4e8f4c8a7 100644 --- a/test/results/flow-analyse/default/punycode-idn.pcap.out +++ b/test/results/flow-analyse/default/punycode-idn.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,20770,232,836,3,1,2,0,0,0,3,3,0,2,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,20770,232,836,3,1,2,0,0,0,3,3,0,2,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-23.pcap.out b/test/results/flow-analyse/default/quic-23.pcap.out index 77e8459fe..3d0fdb49c 100644 --- a/test/results/flow-analyse/default/quic-23.pcap.out +++ b/test/results/flow-analyse/default/quic-23.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,13698,1993,3958,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,13657,1993,3958,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-24.pcap.out b/test/results/flow-analyse/default/quic-24.pcap.out index 8aba3605f..961fda302 100644 --- a/test/results/flow-analyse/default/quic-24.pcap.out +++ b/test/results/flow-analyse/default/quic-24.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,13394,4378,2992,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,13353,4378,2992,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-27.pcap.out b/test/results/flow-analyse/default/quic-27.pcap.out index 6f5234555..481419391 100644 --- a/test/results/flow-analyse/default/quic-27.pcap.out +++ b/test/results/flow-analyse/default/quic-27.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,17372,5523,6124,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,17262,5523,6124,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-28.pcap.out b/test/results/flow-analyse/default/quic-28.pcap.out index 2210c9f0b..6d3a78b01 100644 --- a/test/results/flow-analyse/default/quic-28.pcap.out +++ b/test/results/flow-analyse/default/quic-28.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.9.0.2,104.26.11.240,udp,60106,443,finished,13,19,1591267474847575,1591267474935131,1591267474949617,43,0,1200,1197,4297,5362,0,2,6116.1,20960,7174.9,51478880.0,3.9,"13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076",71,329.8,1228,425.6,181138.2,4.0,"1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72","0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1","7.825420856,5.391368389,7.839229107,6.043497086,6.731246471,7.843968391,7.815639019,7.852266788,7.065521240,6.543905735,6.067143917,5.873550892,5.873550892,6.748120308,6.120771885,7.600786686,5.845381737,5.732706547,6.072868347,5.683273315,5.722074032,5.818619251,5.778411865,5.760875225,7.744878292,5.750242710,6.580695629,5.778411865,7.773950577,5.873550892,6.249063969,5.721802711",QUIC,188,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,13835,5428,230739,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,13794,5428,230739,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-29.pcap.out b/test/results/flow-analyse/default/quic-29.pcap.out index 39c2827b0..3245b66bb 100644 --- a/test/results/flow-analyse/default/quic-29.pcap.out +++ b/test/results/flow-analyse/default/quic-29.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,13387,4303,4453,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,13346,4303,4453,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-33.pcapng.out b/test/results/flow-analyse/default/quic-33.pcapng.out index f0fcf44a5..29c3ab6bb 100644 --- a/test/results/flow-analyse/default/quic-33.pcapng.out +++ b/test/results/flow-analyse/default/quic-33.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15233,1432,3470,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 +0,11,15192,1432,3470,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-34.pcap.out b/test/results/flow-analyse/default/quic-34.pcap.out index bacf0c9d1..e8b7ab1da 100644 --- a/test/results/flow-analyse/default/quic-34.pcap.out +++ b/test/results/flow-analyse/default/quic-34.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,14611,1252,3416,1,0,1,0,0,0,1,0,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 +0,10,14570,1252,3416,1,0,1,0,0,0,1,0,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-forcing-vn-with-data.pcapng.out b/test/results/flow-analyse/default/quic-forcing-vn-with-data.pcapng.out index a866f9ed8..af958e8e9 100644 --- a/test/results/flow-analyse/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/flow-analyse/default/quic-forcing-vn-with-data.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,15127,5466,2691,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 +0,12,15086,5466,2691,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-fuzz-overflow.pcapng.out b/test/results/flow-analyse/default/quic-fuzz-overflow.pcapng.out index 47f42f5f6..8d034bfb9 100644 --- a/test/results/flow-analyse/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/flow-analyse/default/quic-fuzz-overflow.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,8726,1252,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,8726,1252,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-mvfst-22.pcap.out b/test/results/flow-analyse/default/quic-mvfst-22.pcap.out index 7ce8b68d8..1af07a105 100644 --- a/test/results/flow-analyse/default/quic-mvfst-22.pcap.out +++ b/test/results/flow-analyse/default/quic-mvfst-22.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.0.2.15,31.13.86.8,udp,35601,443,finished,12,20,24710880,27201767,27283563,31,0,1232,1252,6836,11997,0,0,163341.0,2090987,507077.5,257127612416.0,2.1,"6626,174,24,23,15783,192,68,25740,0,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11",52,616.5,1280,577.0,332915.8,4.3,"1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280","1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0","6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0","0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1","7.865873814,7.840335846,7.856841087,6.935217857,5.841008663,7.844548225,5.975329399,6.068257332,5.408033371,7.120600224,5.413970470,5.168682098,7.824946880,5.206433296,5.433454037,7.633729935,7.839689255,7.820494652,5.385004520,5.200210571,5.379368782,5.130220413,7.847099781,7.835284233,7.857980728,7.824029922,5.854679585,5.473884106,5.168681622,7.866020203,7.849047184,7.840563774",QUIC.Facebook,188.119,1,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,15679,72648,195075,1,0,1,1,1,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,15638,72648,195075,1,0,1,1,1,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/flow-analyse/default/quic-mvfst-22_decryption_error.pcap.out index 4a82957b3..1614e843e 100644 --- a/test/results/flow-analyse/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/flow-analyse/default/quic-mvfst-22_decryption_error.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,10726,3572,38,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,10726,3572,38,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-mvfst-27.pcapng.out b/test/results/flow-analyse/default/quic-mvfst-27.pcapng.out index b1fde024f..1108823da 100644 --- a/test/results/flow-analyse/default/quic-mvfst-27.pcapng.out +++ b/test/results/flow-analyse/default/quic-mvfst-27.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,15910,2538,6981,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,15869,2538,6981,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-mvfst-exp.pcap.out b/test/results/flow-analyse/default/quic-mvfst-exp.pcap.out index 86461d454..57299e458 100644 --- a/test/results/flow-analyse/default/quic-mvfst-exp.pcap.out +++ b/test/results/flow-analyse/default/quic-mvfst-exp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15909,3496,20953,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,15868,3496,20953,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic-v2.pcapng.out b/test/results/flow-analyse/default/quic-v2.pcapng.out index 13322e85c..2761b34c4 100644 --- a/test/results/flow-analyse/default/quic-v2.pcapng.out +++ b/test/results/flow-analyse/default/quic-v2.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15046,2222,9532,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,15005,2222,9532,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic.pcap.out b/test/results/flow-analyse/default/quic.pcap.out index 7f8e80587..c2d267e30 100644 --- a/test/results/flow-analyse/default/quic.pcap.out +++ b/test/results/flow-analyse/default/quic.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.109,216.58.212.101,udp,57833,443,finished,16,16,1431155536815947,1431155545866860,1431155545859249,37,0,1350,1350,4333,4661,0,7,583684.4,3197585,963931.8,929164558336.0,3.4,"46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004",47,309.1,1378,382.9,146578.8,4.1,"1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455","0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0","4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0","4.785362720,7.506221294,7.842458248,5.653138161,5.515064240,7.661302567,5.705106735,7.653655529,5.683907509,6.901843548,7.549375057,5.423249722,5.793341637,6.893099785,6.626470089,5.353907585,6.017427444,5.664593697,5.555222511,7.050589561,6.613369942,5.496887207,5.372109413,7.016873360,5.139485359,5.793843269,6.920541286,5.579985619,7.860387802,5.401647568,7.762588978,7.570559025",QUIC.GMail,188.122,1,Acceptable,Email,6,DPI,"" 1,ip4,192.168.1.109,216.58.210.206,udp,35236,443,finished,12,20,1463075953299562,1463075954259331,1463075954259852,37,0,1350,1350,3706,22849,0,11,61937.4,828641,198595.2,39440068608.0,2.0,"565,35358,43,40485,132,24017,25957,16828,62,532,35459,51659,446,11,26638,25576,828641,25,803246,620,371,204,811,210,360,238,291,204,540,286,244",61,857.8,1378,620.8,385421.5,4.5,"1378,373,1378,1378,1378,369,65,68,1378,61,61,71,1378,1378,1174,68,65,1378,1378,68,1378,1378,1378,68,1378,68,1378,1378,1378,68,1378,1378","0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0","0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1","5.050794601,7.427186489,7.589700222,2.645882607,5.424244404,7.418235779,5.309068680,5.493865013,7.858019829,5.512544155,5.545331001,5.716576576,7.892964363,7.881204605,7.816042900,5.554157257,5.641524315,7.888419628,7.861907005,5.675695419,7.860325336,7.873119831,7.856549263,5.635182381,7.861664295,5.694005013,7.863921165,7.839401245,7.861547947,5.558049202,7.862613201,7.852869511",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,80,117305,41486,285324,10,0,10,0,2,1,9,0,0,1,0,42,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,4,5,0,0,0,0,0,0,0,5,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,2,0,0,0,0,0,10,0,0,0,10,0,0,10,9,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,80,116920,41486,285324,10,0,10,0,2,1,9,0,0,1,0,42,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,4,5,0,0,0,0,0,0,0,5,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,2,0,0,0,0,0,10,0,0,0,10,0,0,10,9,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic046.pcap.out b/test/results/flow-analyse/default/quic046.pcap.out index 346fa7c98..dc7dddf3a 100644 --- a/test/results/flow-analyse/default/quic046.pcap.out +++ b/test/results/flow-analyse/default/quic046.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.236,216.58.206.86,udp,50587,443,finished,13,19,1584456191933380,1584456191967570,1584456191967633,28,0,1350,1350,4485,23197,0,176,2207.8,29469,6263.4,39229868.0,2.6,"987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228",48,893.1,1378,591.6,350034.9,4.6,"1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378","2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1","4.104627609,7.586378098,6.310873032,6.874300003,6.880319118,6.833760738,6.876335144,6.910101891,6.969146729,6.870172024,4.098705292,7.858126640,7.073942184,7.867921352,7.889789104,7.868343830,7.839922428,7.858704567,7.859090805,7.875567436,7.864448547,7.848357201,7.879473686,7.877913952,7.860894203,7.857960701,7.861531734,5.436729908,5.095174789,7.816503525,5.401014805,7.861771584",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,13111,5170,81927,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,13047,5170,81927,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_0RTT.pcap.out b/test/results/flow-analyse/default/quic_0RTT.pcap.out index 434ddd75c..0015ee5b7 100644 --- a/test/results/flow-analyse/default/quic_0RTT.pcap.out +++ b/test/results/flow-analyse/default/quic_0RTT.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,20923,3106,3906,2,0,2,0,0,0,2,0,0,2,0,7,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,1,0,0,0,0,0,1,1,0,0,2,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,17,20841,3106,3906,2,0,2,0,0,0,2,0,0,2,0,7,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,1,0,0,0,0,0,1,1,0,0,2,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_cc_ack.pcapng.out b/test/results/flow-analyse/default/quic_cc_ack.pcapng.out index b025ee80a..ebe1e6a58 100644 --- a/test/results/flow-analyse/default/quic_cc_ack.pcapng.out +++ b/test/results/flow-analyse/default/quic_cc_ack.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,12570,2700,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,12570,2700,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_crypto_aes_auth_size.pcap.out b/test/results/flow-analyse/default/quic_crypto_aes_auth_size.pcap.out index 90f22343a..480a1767b 100644 --- a/test/results/flow-analyse/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/flow-analyse/default/quic_crypto_aes_auth_size.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,13478,2700,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,13396,2700,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-analyse/default/quic_frags_ch_in_multiple_packets.pcapng.out index fd30299e3..84f914062 100644 --- a/test/results/flow-analyse/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/flow-analyse/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15062,2464,1286,1,0,1,0,0,0,1,1,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0 +0,11,15021,2464,1286,1,0,1,0,0,0,1,1,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index d981ead48..852363abf 100644 --- a/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-analyse/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,667,961340,241650,0,113,0,113,123,0,0,113,0,0,0,0,179,1,0,1,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,3,88,22,0,0,0,0,0,0,0,21,0,0,0,59,0,1,0,0,0,0,0,5,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,3,0,0,110,0,0,0,0,0,0,0,0,0,0,0,0,113,0,0,0,113,0,0,113,113,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,667,949234,241650,0,113,0,113,123,0,0,113,0,0,0,0,179,1,0,1,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,3,88,22,0,0,0,0,0,0,0,21,0,0,0,59,0,1,0,0,0,0,0,5,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,3,0,0,110,0,0,0,0,0,0,0,0,0,0,0,0,113,0,0,0,113,0,0,113,113,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_frags_different_dcid.pcapng.out b/test/results/flow-analyse/default/quic_frags_different_dcid.pcapng.out index 4b16e3aa2..534c53928 100644 --- a/test/results/flow-analyse/default/quic_frags_different_dcid.pcapng.out +++ b/test/results/flow-analyse/default/quic_frags_different_dcid.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,14158,2500,1200,1,0,1,0,0,0,1,2,0,0,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,14117,2500,1200,1,0,1,0,0,0,1,2,0,0,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_interop_V.pcapng.out b/test/results/flow-analyse/default/quic_interop_V.pcapng.out index 683e06029..b102cec7f 100644 --- a/test/results/flow-analyse/default/quic_interop_V.pcapng.out +++ b/test/results/flow-analyse/default/quic_interop_V.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,471,631807,229418,1702,77,0,77,0,0,0,77,30,0,58,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,44,0,77,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,36,62,0,0,0,0,0,42,35,0,0,63,9,5,77,77,0,0,0,0,0,0,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0 +0,471,631863,229418,1702,77,0,77,0,0,0,77,30,0,58,0,207,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,44,0,77,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,36,62,0,0,0,0,0,42,35,0,0,63,9,5,77,77,0,0,0,0,0,0,0,62,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_q39.pcap.out b/test/results/flow-analyse/default/quic_q39.pcap.out index 9998668aa..e0184ed3b 100644 --- a/test/results/flow-analyse/default/quic_q39.pcap.out +++ b/test/results/flow-analyse/default/quic_q39.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,170.216.16.209,21.157.183.227,udp,38620,443,finished,16,16,1509098995610775,1509099004752497,1509099004382425,41,0,1350,1350,14377,2074,0,7,577850.7,6514643,1531988.4,2346988339200.0,2.7,"8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948",46,542.2,1378,603.7,364512.4,4.1,"1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84","0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0","4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0","4.179285526,7.832315445,4.966748714,7.846248627,5.380072594,5.640916824,5.720768929,5.299251080,7.336034775,4.816403389,5.818665504,7.074090958,7.867320538,5.431150436,7.827050686,7.874505997,5.477433681,7.859999657,5.412702084,7.863677979,5.373553276,7.855113029,5.379174232,7.856376648,5.502585888,7.846080780,7.718618870,5.508206844,5.470327377,6.029057026,4.816403389,5.969577789",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,15368,18965,2686,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,15306,18965,2686,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_q43.pcap.out b/test/results/flow-analyse/default/quic_q43.pcap.out index c108e12bd..30c879baa 100644 --- a/test/results/flow-analyse/default/quic_q43.pcap.out +++ b/test/results/flow-analyse/default/quic_q43.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,8,8064,1350,30,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,8,8064,1350,30,1,0,1,0,0,0,1,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_q46.pcap.out b/test/results/flow-analyse/default/quic_q46.pcap.out index fde68879e..b1318b5fe 100644 --- a/test/results/flow-analyse/default/quic_q46.pcap.out +++ b/test/results/flow-analyse/default/quic_q46.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15192,1465,18936,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,15132,1465,18936,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_q46_b.pcap.out b/test/results/flow-analyse/default/quic_q46_b.pcap.out index 47551a0f7..f88a27d67 100644 --- a/test/results/flow-analyse/default/quic_q46_b.pcap.out +++ b/test/results/flow-analyse/default/quic_q46_b.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,12006,2376,2844,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,11944,2376,2844,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_q50.pcap.out b/test/results/flow-analyse/default/quic_q50.pcap.out index e59d94484..0bbf681a7 100644 --- a/test/results/flow-analyse/default/quic_q50.pcap.out +++ b/test/results/flow-analyse/default/quic_q50.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,13498,3327,16267,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,13438,3327,16267,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_sh.pcap.out b/test/results/flow-analyse/default/quic_sh.pcap.out index d59460903..812e4a144 100644 --- a/test/results/flow-analyse/default/quic_sh.pcap.out +++ b/test/results/flow-analyse/default/quic_sh.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,27273,4124,16771,3,0,3,0,0,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,1,2,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,27,27273,4124,16771,3,0,3,0,0,0,3,0,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,1,2,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_t50.pcap.out b/test/results/flow-analyse/default/quic_t50.pcap.out index 66fff6daa..07550ad0b 100644 --- a/test/results/flow-analyse/default/quic_t50.pcap.out +++ b/test/results/flow-analyse/default/quic_t50.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15917,2894,5022,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,15813,2894,5022,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quic_t51.pcap.out b/test/results/flow-analyse/default/quic_t51.pcap.out index 7732bbc9b..2d4f1f035 100644 --- a/test/results/flow-analyse/default/quic_t51.pcap.out +++ b/test/results/flow-analyse/default/quic_t51.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,17256,2888,5904,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,17149,2888,5904,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/quickplay.pcap.out b/test/results/flow-analyse/default/quickplay.pcap.out index c37b8b943..e2b523d91 100644 --- a/test/results/flow-analyse/default/quickplay.pcap.out +++ b/test/results/flow-analyse/default/quickplay.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,10.54.169.250,120.28.35.40,tcp,52009,80,finished,18,14,1429000052217627,1429000090450568,1429000090229285,444,0,531,1400,8360,10852,1,182557,2459503.2,5871155,1331263.2,1772261736448.0,4.7,"2337891,2470825,5776550,5871155,324615,2084534,1689148,182557,2170257,2013275,645600,519622,2223724,2353455,480927,4401947,3911834,3909668,3936554,2356476,2338349,2619995,2626526,2264068,2270477,2391541,2349518,2604523,2641967,2224884,2252137",60,640.4,1440,347.9,121006.6,4.8,"484,1440,484,224,569,486,1232,569,486,838,571,60,488,1252,569,486,142,486,642,486,1108,486,1192,486,332,486,1440,486,946,486,564,486","0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0","0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","5.927153111,7.868373871,5.963050365,7.051006317,5.916583061,5.928764343,7.836061001,5.947601795,5.927013874,7.735056400,5.960254192,4.985874176,5.956949711,7.848547459,5.950881958,5.944071770,6.557918549,5.946902752,7.695936680,5.966873169,7.840433598,5.939571857,7.838245869,5.963761330,7.329223633,5.943363190,7.857814789,5.947385788,7.759774208,5.933074474,7.621943474,5.938513279",HTTP,7,0,Acceptable,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,145,173217,37682,58185,21,2,19,0,1,0,21,10,0,8,0,68,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,0,13,8,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,5,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,4,15,0,0,0,0,0,21,0,0,21,0,0,0,21,21,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,4,0,0 +0,145,172987,37682,58185,21,2,19,0,1,0,21,10,0,7,0,68,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,13,0,13,8,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,5,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,3,15,0,0,0,0,0,21,0,0,21,0,0,0,21,21,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,4,0,0 diff --git a/test/results/flow-analyse/default/radius_false_positive.pcapng.out b/test/results/flow-analyse/default/radius_false_positive.pcapng.out index fe8d7d4cc..73ad7b6f5 100644 --- a/test/results/flow-analyse/default/radius_false_positive.pcapng.out +++ b/test/results/flow-analyse/default/radius_false_positive.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,12053,6859,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,12053,6859,0,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/radmin3.pcapng.out b/test/results/flow-analyse/default/radmin3.pcapng.out index b5010137d..3bacf0a71 100644 --- a/test/results/flow-analyse/default/radmin3.pcapng.out +++ b/test/results/flow-analyse/default/radmin3.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,13765,24,60,2,1,1,0,0,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,13765,24,60,2,1,1,0,0,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/raft.pcap.out b/test/results/flow-analyse/default/raft.pcap.out index 71410c2da..269e71901 100644 --- a/test/results/flow-analyse/default/raft.pcap.out +++ b/test/results/flow-analyse/default/raft.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,127.0.0.1,127.0.0.1,tcp,46286,9002,finished,17,15,1705997809280892,1705997810407653,1705997810388430,0,0,160,0,1304,0,0,12,72074.2,125705,57170.8,3268503808.0,4.3,"12,23,47,63,13,12,4635,4639,1858,1872,119045,119045,125046,125063,125027,124998,125686,125705,105330,105312,19180,19178,125128,125129,125084,125084,125435,125433,105993,105993,19231",40,81.5,200,47.5,2252.8,4.8,"52,52,40,80,40,96,40,96,40,128,40,152,40,176,40,200,40,128,40,104,40,128,40,128,40,128,40,128,40,104,40,128","2,3,9,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.229858398,4.514606476,4.341446877,3.822243214,4.341446400,2.815890789,4.391446590,2.781125307,4.341446877,3.096895695,4.391446590,2.531138420,4.391446590,2.393717527,4.439823151,2.237340689,4.272574902,2.543246746,4.389823437,2.624115229,4.389823437,2.604390144,4.339823723,2.604390144,4.389823437,2.588765144,4.339823723,2.557515144,4.389823437,2.571043015,4.389823437,2.604390144",Raft,392,0,Acceptable,Network,6,DPI,"" 1,ip4,127.0.0.1,127.0.0.1,tcp,38488,9001,finished,17,15,1705997809281323,1705997810410479,1705997810388511,0,0,48,0,696,0,0,13,72140.1,137171,57048.4,3254516224.0,4.3,"20,29,20,35,15,13,6003,6005,206,208,119086,119085,125076,125088,137171,137161,116381,116396,102323,102307,21955,21953,125134,125135,125120,125120,125280,125280,103357,103382,22000",40,62.5,88,22.7,516.8,4.9,"52,52,40,80,40,80,40,80,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88","2,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.268320084,4.514606476,4.391446590,3.897243023,4.391446590,3.032760382,4.391446590,2.986443520,4.341446877,2.850570679,4.341446400,2.873297930,4.391446590,2.850570679,4.391446590,2.791660070,4.341446400,2.768932819,4.391446590,2.791660070,4.322574615,2.791660070,4.391446590,2.791660070,4.391446590,2.768932819,4.391446590,2.791660070,4.341446877,2.791660070,4.341446877,2.760354519",Raft,392,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,17497,2000,0,2,0,2,0,2,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,17497,2000,0,2,0,2,0,2,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/raknet.pcap.out b/test/results/flow-analyse/default/raknet.pcap.out index dd1f1066c..2267f1c2a 100644 --- a/test/results/flow-analyse/default/raknet.pcap.out +++ b/test/results/flow-analyse/default/raknet.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,95,81244,5863,753,12,0,12,19,0,0,10,0,2,4,0,36,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,4,0,0,0,0,0,0,12,0,0,0,12,0,0,12,10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0 +0,95,81244,5863,753,12,0,12,19,0,0,10,0,2,4,0,36,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,4,0,0,0,0,0,0,12,0,0,0,12,0,0,12,10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rdp.pcap.out b/test/results/flow-analyse/default/rdp.pcap.out index 3958fbeaa..6e2f5e551 100644 --- a/test/results/flow-analyse/default/rdp.pcap.out +++ b/test/results/flow-analyse/default/rdp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7938,1081,1661,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7938,1081,1661,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rdp2.pcap.out b/test/results/flow-analyse/default/rdp2.pcap.out index 8193d047e..9e731639d 100644 --- a/test/results/flow-analyse/default/rdp2.pcap.out +++ b/test/results/flow-analyse/default/rdp2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,30660,5097,4480,3,0,3,0,0,0,3,0,0,3,0,15,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,30660,5097,4480,3,0,3,0,0,0,3,0,0,3,0,15,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rdp3.pcap.out b/test/results/flow-analyse/default/rdp3.pcap.out index 8cbe6ba69..f19c932cb 100644 --- a/test/results/flow-analyse/default/rdp3.pcap.out +++ b/test/results/flow-analyse/default/rdp3.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8018,1629,862,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8018,1629,862,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rdp_over_tls.pcap.out b/test/results/flow-analyse/default/rdp_over_tls.pcap.out index 649e59793..4fb5072aa 100644 --- a/test/results/flow-analyse/default/rdp_over_tls.pcap.out +++ b/test/results/flow-analyse/default/rdp_over_tls.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12000,1194,1518,1,1,0,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11918,1194,1518,1,1,0,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/reasm_crash_anon.pcapng.out b/test/results/flow-analyse/default/reasm_crash_anon.pcapng.out index 9bed2d01e..4b6508480 100644 --- a/test/results/flow-analyse/default/reasm_crash_anon.pcapng.out +++ b/test/results/flow-analyse/default/reasm_crash_anon.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,192.168.145.147,10.209.8.148,tcp,51218,21999,info,23,9,1410865705717955,1410865856222147,1410865856222116,0,0,13,725,129,3158,1,3,9709947.0,30165638,14064983.0,197823744180224.0,3.3,"9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670",52,155.0,777,234.8,55144.5,4.0,"65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52","23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0","5.512839317,5.512839317,3.005599976,5.193430901,5.193430901,5.327538013,5.193430901,5.156889915,5.391298771,5.590394974,5.079966545,5.101990700,0.545940340,5.140451908,5.395370483,5.389761925,5.628829002,5.193430901,5.193430901,5.482069969,5.118428230,5.193430901,5.310135365,5.116507530,5.433681488,5.596330643,5.286610126,5.010550022,5.397304058,5.397304058,5.612702370,5.193430901",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,11940,979,5441,1,1,0,0,1,0,0,0,1,0,0,5,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,11940,979,5441,1,1,0,0,1,0,0,0,1,0,0,5,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/reasm_segv_anon.pcapng.out b/test/results/flow-analyse/default/reasm_segv_anon.pcapng.out index a0eb1087d..a9d7d5569 100644 --- a/test/results/flow-analyse/default/reasm_segv_anon.pcapng.out +++ b/test/results/flow-analyse/default/reasm_segv_anon.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,145.76.2.236,187.96.52.85,udp,2152,2152,finished,9,23,1550422828553466,1550422833287234,1550422833289770,64,0,80,1448,640,27912,0,1,305486.2,1859119,563984.9,318078976000.0,3.1,"396021,83822,1376171,124,2,2,1,3,2,2,113,124,1859119,964928,439709,439658,123,2,1,1,1,121,163901,20078,1615354,1799040,121,3,155764,155637,124",76,920.2,1476,651.3,424215.9,4.5,"92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388","0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0","0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1","5.396138191,5.404344082,5.439617157,7.876337528,7.839885235,7.778254986,7.872960091,7.839048862,7.805950642,7.829119205,7.848347187,7.849987984,7.779471874,5.402985096,7.775711060,5.441986561,7.838281155,7.873279095,7.848281860,7.860656261,7.849815845,7.850412846,7.844122410,5.518630505,5.537148952,5.382984638,5.187358379,7.340617657,7.811021328,5.454438686,5.151109695,7.382753849",GTP.GTP_U,152.271,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,44,27473,2008,72488,1,0,1,0,1,0,1,0,0,0,16,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,44,27473,2008,72488,1,0,1,0,1,0,1,0,0,0,16,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/reddit.pcap.out b/test/results/flow-analyse/default/reddit.pcap.out index 102027201..fffe15403 100644 --- a/test/results/flow-analyse/default/reddit.pcap.out +++ b/test/results/flow-analyse/default/reddit.pcap.out @@ -17,4 +17,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80f::2001,tcp,36964,443,info,16,16,1605291690926912,1605291691067608,1605291691069122,0,0,517,1208,1326,6622,0,0,9126.0,45897,14144.4,200064000.0,3.4,"29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1",72,320.9,1280,398.4,158685.9,4.1,"80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280","11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1","4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:811::200a,tcp,38166,443,info,16,16,1605291690926867,1605291691075065,1605291691075150,0,0,517,1208,987,5335,0,0,9563.9,43801,13475.5,181588928.0,3.6,"28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3",72,270.1,1280,336.6,113301.5,4.2,"80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1","4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,582,572048,64920,481968,60,23,37,0,17,1,59,84,0,0,0,298,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,17,6,26,26,0,0,1,0,0,0,0,3,0,0,0,22,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,60,0,0,0,60,59,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,582,566292,64920,481968,60,23,37,0,17,1,59,84,0,0,0,298,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,17,6,26,26,0,0,1,0,0,0,0,3,0,0,0,22,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,60,0,0,0,60,59,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/resp.pcap.out b/test/results/flow-analyse/default/resp.pcap.out index fdfc5cff2..96ab9075d 100644 --- a/test/results/flow-analyse/default/resp.pcap.out +++ b/test/results/flow-analyse/default/resp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.88.221,192.168.88.231,tcp,51882,6379,finished,17,15,1702898943330035,1702898964665655,1702898964668744,0,0,42,20272,73,90193,0,26,1376591.2,15069914,3743897.5,14016768376832.0,2.2,"3100,3194,530,2007,1366,2825,76,62,1842,1818,38,30,46,26,1566,1613,57,43,730,714,27,27,56,44,3178194,3181407,3266,15066911,15069914,3076323,3076477",52,2873.3,20324,5036.0,25361708.0,3.2,"60,60,52,69,52,7292,52,7292,52,10188,52,14532,52,4396,52,2948,52,20324,52,5844,52,5844,52,12041,52,66,59,52,52,52,94,57","16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1","4.792549133,5.312701702,5.078045845,5.327735424,5.053296566,4.681052208,5.026988029,4.653189182,4.962661266,4.634037495,5.154969215,4.594288826,5.154969215,4.638483524,5.169486046,4.692945957,5.207947731,4.656515121,5.116507530,4.706604004,5.169486046,4.658525944,5.078045845,4.651947498,5.169486046,5.347818375,5.210581779,5.207947731,5.246409416,5.053297043,5.398960114,5.159096241",RESP,182,0,Acceptable,Database,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9993,96,90212,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9993,96,90212,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/riot.pcapng.out b/test/results/flow-analyse/default/riot.pcapng.out index 8937800ea..6ab5c0ab1 100644 --- a/test/results/flow-analyse/default/riot.pcapng.out +++ b/test/results/flow-analyse/default/riot.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,18,25788,8202,0,2,0,2,0,0,1,1,2,0,1,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,18,25728,8202,0,2,0,2,0,0,1,1,2,0,1,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/riotgames.pcap.out b/test/results/flow-analyse/default/riotgames.pcap.out index fb5beaa8d..27fafdb8b 100644 --- a/test/results/flow-analyse/default/riotgames.pcap.out +++ b/test/results/flow-analyse/default/riotgames.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,62,47248,1342,743,9,0,9,0,0,0,9,0,0,0,0,24,1,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,62,47248,1342,743,9,0,9,0,0,0,9,0,0,0,0,24,1,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ripe_atlas.pcap.out b/test/results/flow-analyse/default/ripe_atlas.pcap.out index 0f427654a..189bedeb0 100644 --- a/test/results/flow-analyse/default/ripe_atlas.pcap.out +++ b/test/results/flow-analyse/default/ripe_atlas.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,35,28664,175,0,7,0,7,0,0,0,7,0,0,0,0,7,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,35,28664,175,0,7,0,7,0,0,0,7,0,0,0,0,7,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rmcp.pcap.out b/test/results/flow-analyse/default/rmcp.pcap.out index 49f81e8a7..89d6f002f 100644 --- a/test/results/flow-analyse/default/rmcp.pcap.out +++ b/test/results/flow-analyse/default/rmcp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,23317,116,0,6,0,6,0,0,0,6,0,0,0,0,6,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,23317,116,0,6,0,6,0,0,0,6,0,0,0,0,6,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/roblox.pcapng.out b/test/results/flow-analyse/default/roblox.pcapng.out index 4991973af..ce74b7c0c 100644 --- a/test/results/flow-analyse/default/roblox.pcapng.out +++ b/test/results/flow-analyse/default/roblox.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.156,128.116.122.4,tcp,39034,443,info,17,15,1686316283901532,1686316295462569,1686316295484971,0,0,1024,1448,2279,7499,0,7,746596.0,10785585,2538101.5,6441959161856.0,1.7,"28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593",40,357.7,1500,487.7,237869.3,3.9,"60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40","13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1","4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156",TLS.Roblox,91.346,1,Fun,Game,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,39,44163,17844,11993,4,1,3,0,1,0,4,1,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,39,44081,17844,11993,4,1,3,0,1,0,4,1,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/roughtime.pcap.out b/test/results/flow-analyse/default/roughtime.pcap.out index d446e5284..897448e1c 100644 --- a/test/results/flow-analyse/default/roughtime.pcap.out +++ b/test/results/flow-analyse/default/roughtime.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,19926,2768,0,4,0,4,0,0,0,4,0,0,0,0,4,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,19926,2768,0,4,0,4,0,0,0,4,0,0,0,0,4,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rsh-syslog-false-positive.pcap.out b/test/results/flow-analyse/default/rsh-syslog-false-positive.pcap.out index 00dcb5fc4..50e98b220 100644 --- a/test/results/flow-analyse/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/flow-analyse/default/rsh-syslog-false-positive.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,15204,4939,0,1,0,1,0,0,0,1,0,0,0,2,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,15204,4939,0,1,0,1,0,0,0,1,0,0,0,2,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rsh.pcap.out b/test/results/flow-analyse/default/rsh.pcap.out index e1f2cd12c..a963173bf 100644 --- a/test/results/flow-analyse/default/rsh.pcap.out +++ b/test/results/flow-analyse/default/rsh.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,14292,66,39,2,2,0,0,0,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,14292,66,39,2,2,0,0,0,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rsync.pcap.out b/test/results/flow-analyse/default/rsync.pcap.out index 82ce89e9d..1bfd40104 100644 --- a/test/results/flow-analyse/default/rsync.pcap.out +++ b/test/results/flow-analyse/default/rsync.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7782,86,411,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7782,86,411,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index 7989b9034..3a849f01f 100644 --- a/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8704,336,184,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8704,336,184,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rtmp.pcap.out b/test/results/flow-analyse/default/rtmp.pcap.out index a673d9499..91cb3c839 100644 --- a/test/results/flow-analyse/default/rtmp.pcap.out +++ b/test/results/flow-analyse/default/rtmp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,76,52554,3452,3496,1,0,1,0,0,0,1,0,0,0,32,5,1,0,1,2,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,76,52554,3452,3496,1,0,1,0,0,0,1,0,0,0,32,5,1,0,1,2,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rtp.pcapng.out b/test/results/flow-analyse/default/rtp.pcapng.out index eaf15ed50..763f33b44 100644 --- a/test/results/flow-analyse/default/rtp.pcapng.out +++ b/test/results/flow-analyse/default/rtp.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,172.16.168.24,172.16.168.64,tcp,40252,5000,finished,17,15,1452082723926279,1452082808893215,1452082808744238,0,0,1214,0,18210,0,0,110,5476932.0,82923850,20338496.0,413654440738816.0,1.2,"110,767,82923111,82923850,93229,93179,148856,148867,149150,149232,150979,151006,151543,151418,148416,148540,149040,148926,151726,151812,150927,150869,149665,149628,148360,148373,151331,151326,150797,150823,149039",52,621.6,1266,605.3,366444.4,4.2,"60,60,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266,52,1266","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.659215927,5.154205799,5.101990700,2.844452143,4.935547352,4.443674088,5.026988029,5.479323864,4.988526344,5.514104366,5.026988029,5.763203144,5.026988029,5.730160236,4.950064659,7.345358372,4.986605644,6.633060932,5.010550499,6.320373535,4.972088337,7.249912262,5.049011707,7.189931393,5.010550022,7.249042511,5.049011707,6.371730804,5.010550499,6.932887077,4.986605644,7.123292446",RTP,87,0,Acceptable,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,38805,40240,13839,4,0,4,0,1,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,3,1,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,38,38855,40240,13839,4,0,4,0,1,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,3,1,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rtps.pcap.out b/test/results/flow-analyse/default/rtps.pcap.out index 2d9d5bad0..25b6184a9 100644 --- a/test/results/flow-analyse/default/rtps.pcap.out +++ b/test/results/flow-analyse/default/rtps.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,20821,21164,0,1,0,1,8,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,20821,21164,0,1,0,1,8,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rtsp.pcap.out b/test/results/flow-analyse/default/rtsp.pcap.out index 5a3bb5329..0a37c814f 100644 --- a/test/results/flow-analyse/default/rtsp.pcap.out +++ b/test/results/flow-analyse/default/rtsp.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 113,ip4,10.1.1.10,10.2.2.2,tcp,52480,8554,finished,16,16,1627567466882987,1627567466918846,1627567466919056,0,0,142,125,1032,500,0,1,2320.3,23771,5847.6,34194776.0,2.4,"13,10,107,377,5,25,77,583,10,4,135,10337,14,11,11449,2,754,44,76,20263,13,28,87,23771,10,4,96,3496,1,20,106",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,46,40,156,46,46,165,165,165,165,182,182,182,182,46,40,46,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.333256245,4.333256245,4.371717930,4.371717930,4.585553169,4.624014854,4.585553169,4.624014854,4.338141441,4.338141441,4.646440029,4.338141441,5.716025352,5.716025352,5.703204632,4.234774113,4.577568054,5.703204632,4.234774113,4.278252602,5.685709476,5.709951878,5.685709476,5.709951878,5.773123264,5.773123264,5.773123264,5.773123264,4.234774113,4.577568054,4.234774113,4.278252602",RTSP,50,0,Fun,Media,6,DPI,"5" 113,ip4,10.1.1.10,10.2.2.2,tcp,52482,8554,finished,16,16,1627567528106056,1627567528134816,1627567528135319,0,0,142,125,1032,500,0,4,1871.7,21029,5194.1,26978296.0,2.2,"13,12,126,440,5,40,92,581,9,4,94,6644,14,9,113,7455,6,53,93,20043,15,52,57,21029,9,6,97,810,5,21,76",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,40,46,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.268796921,4.268796921,4.307258606,4.307258606,4.437603951,4.476065636,4.437603951,4.476065636,4.253599167,4.253599167,4.522574425,4.253599167,5.663463116,5.663463116,5.663463116,5.663463116,4.228702545,4.543943405,4.228702545,4.272181034,5.650695801,5.662817001,5.650695801,5.662817001,5.715077877,5.715077877,5.715077877,5.715077877,4.272181034,4.593943119,4.272181034,4.315659046",RTSP,50,0,Fun,Media,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,65,56276,22024,45372,7,6,1,0,6,0,7,0,0,7,0,35,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,65,56276,22024,45372,7,6,1,0,6,0,7,0,0,7,0,35,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rtsp_setup_http.pcapng.out b/test/results/flow-analyse/default/rtsp_setup_http.pcapng.out index fa5836a31..b1c6f7a13 100644 --- a/test/results/flow-analyse/default/rtsp_setup_http.pcapng.out +++ b/test/results/flow-analyse/default/rtsp_setup_http.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,6106,179,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,6106,179,0,1,0,1,0,0,0,1,0,0,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/rx.pcap.out b/test/results/flow-analyse/default/rx.pcap.out index a1bb2d687..e14e2cecb 100644 --- a/test/results/flow-analyse/default/rx.pcap.out +++ b/test/results/flow-analyse/default/rx.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,131.114.219.168,192.167.206.241,udp,7001,7000,finished,17,15,1460647299704750,1460647300147650,1460647300150407,28,0,468,740,2528,1781,0,52,28663.1,105287,33586.2,1128029952.0,4.0,"77545,77601,57048,57152,38155,1292,39484,65722,277,65926,103176,105287,2087,8975,9068,2966,1842,4798,61436,65225,3784,52,6802,6683,61,3692,3703,4895,8042,2994,2787",56,162.7,768,165.9,27529.2,4.5,"60,94,93,60,496,93,104,56,93,64,93,80,72,421,60,496,93,184,93,160,768,93,80,184,93,96,200,93,80,72,421,60","1,4,7,0,1,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,6,5,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1","4.077751637,3.436867237,3.527563810,4.011084557,4.341524601,3.511269569,3.900409222,4.138328075,3.532774925,3.942092896,3.562457323,5.267373562,3.808812857,7.113327503,4.069581032,4.336879253,3.522217751,6.534686565,3.586733341,6.423340321,7.662765026,3.559956789,5.237494469,6.512056828,3.573345423,5.590069771,6.656118393,3.594850540,5.217373848,3.930941820,7.131436825,4.136247635",RX,223,0,Acceptable,RPC,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,40,33724,8248,12683,5,0,5,0,1,0,5,0,0,0,0,21,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,40,33724,8248,12683,5,0,5,0,1,0,5,0,0,0,0,21,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/s7comm-plus.pcap.out b/test/results/flow-analyse/default/s7comm-plus.pcap.out index 187574de7..5863f1fa2 100644 --- a/test/results/flow-analyse/default/s7comm-plus.pcap.out +++ b/test/results/flow-analyse/default/s7comm-plus.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.25.177,192.168.25.131,tcp,53162,102,finished,24,8,1412165336989258,1412165338064240,1412165337104285,0,0,217,297,1344,545,0,4,38387.4,995818,175089.4,30656290816.0,1.2,"7,650,924,9,417,4,1746,2469,6,13767,4267,17657,4,12269,6,17776,4831,6,1514,9,7246,5693,10,28619,8,33319,4688,5,36256,995818,9",40,100.3,337,73.0,5323.4,4.7,"52,52,46,40,40,76,76,76,257,257,46,177,47,47,162,162,71,47,47,123,123,84,47,47,133,133,337,47,47,46,133,133","12,2,6,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,2,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0","4.554988384,4.554988384,4.522394180,4.680641174,4.680641174,5.319911003,5.319911003,5.158287048,5.535624981,5.535624981,4.075662136,5.208230019,4.635028362,4.635028362,4.666445732,4.666445732,4.204725266,4.592475414,4.592475414,4.629901409,4.629901409,4.268610001,4.549922466,4.549922466,4.866230011,4.866230011,1.580462456,4.549922466,4.549922466,4.075662613,4.866230011,4.866230011",S7CommPlus,361,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9955,3254,2655,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9955,3254,2655,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/s7comm.pcap.out b/test/results/flow-analyse/default/s7comm.pcap.out index 3256c9179..f770ba2bc 100644 --- a/test/results/flow-analyse/default/s7comm.pcap.out +++ b/test/results/flow-analyse/default/s7comm.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.10,192.168.1.40,tcp,4185,102,finished,21,11,1408528803880679,1408528803957564,1408528803957480,7,0,33,221,396,794,1,66,4957.6,9013,3321.6,11033309.0,4.5,"3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713",47,77.2,261,40.3,1625.5,4.9,"62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47","17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0","4.432188988,4.290980816,4.257703304,3.892863989,4.469065666,4.562385082,3.916244507,4.469065666,4.445193291,3.499234200,4.469065666,4.517119408,2.438902855,4.367897987,4.497249603,3.901077271,4.469065666,4.394919872,4.398461342,4.469065666,4.423905373,4.398461342,4.426512718,4.412964821,4.410789013,4.469065666,4.412964821,4.372174263,4.410450935,4.692483425,4.443362713,4.469065666",S7Comm,249,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9980,1202,1088,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9980,1202,1088,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/safari.pcap.out b/test/results/flow-analyse/default/safari.pcap.out index 65b069bad..e6b02631b 100644 --- a/test/results/flow-analyse/default/safari.pcap.out +++ b/test/results/flow-analyse/default/safari.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.178,146.48.58.18,tcp,55267,443,info,14,18,1620898025216866,1620898025482937,1620898025510399,0,0,442,1440,1135,16958,0,2,18051.7,118862,28694.5,823374080.0,3.5,"29610,29665,2362,30524,2,28159,51917,8877,77853,8496,625,1248,27408,129,120,247,131,125,259,123,123,248,503,122,637,24023,24010,84464,7818,118862,914",52,618.0,1492,660.5,436248.1,4.1,"64,60,52,263,52,193,52,103,494,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1029,52,52,483,52,1492","10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1","4.365527153,5.154205322,4.884933472,5.833237171,5.047091484,6.387271881,4.923395157,5.485030651,7.478204250,4.994112968,4.772770882,7.875178814,7.866140842,4.961856842,7.872851372,7.874671459,4.961856842,7.876760006,7.864192009,4.884933472,7.871975422,7.883419514,4.961856842,7.874213696,7.878833771,4.923395157,7.820206165,4.961856842,4.839769840,7.462142944,5.085553646,7.865268230",TLS,91,1,Safe,Web,6,DPI,"15" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,69,60887,7006,65156,7,0,7,0,1,0,7,9,0,5,0,35,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,1,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,10,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,69,60231,7006,65156,7,0,7,0,1,0,7,9,0,5,0,35,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,1,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,10,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/salesforce.pcap.out b/test/results/flow-analyse/default/salesforce.pcap.out index 060c6db85..121226606 100644 --- a/test/results/flow-analyse/default/salesforce.pcap.out +++ b/test/results/flow-analyse/default/salesforce.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11884,610,3585,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11761,610,3585,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sccp_hw_conf_register.pcapng.out b/test/results/flow-analyse/default/sccp_hw_conf_register.pcapng.out index fe2a5cd4b..7669ce850 100644 --- a/test/results/flow-analyse/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/flow-analyse/default/sccp_hw_conf_register.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8081,496,100,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8081,496,100,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sctp.cap.out b/test/results/flow-analyse/default/sctp.cap.out index 77db420c0..72dd7319b 100644 --- a/test/results/flow-analyse/default/sctp.cap.out +++ b/test/results/flow-analyse/default/sctp.cap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,9732,140,64,2,0,2,0,0,0,2,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,9732,140,64,2,0,2,0,0,0,2,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/selfsigned.pcap.out b/test/results/flow-analyse/default/selfsigned.pcap.out index 360056928..2d62b504c 100644 --- a/test/results/flow-analyse/default/selfsigned.pcap.out +++ b/test/results/flow-analyse/default/selfsigned.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10966,849,1785,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10884,849,1785,1,1,0,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sflow.pcap.out b/test/results/flow-analyse/default/sflow.pcap.out index 904bd5eea..8c3f560b3 100644 --- a/test/results/flow-analyse/default/sflow.pcap.out +++ b/test/results/flow-analyse/default/sflow.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9576,1324,0,1,0,1,1,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9576,1324,0,1,0,1,1,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/shadowsocks.pcap.out b/test/results/flow-analyse/default/shadowsocks.pcap.out index 7d9b3f810..e7f9fc22a 100644 --- a/test/results/flow-analyse/default/shadowsocks.pcap.out +++ b/test/results/flow-analyse/default/shadowsocks.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,13368,201,134662,2,2,0,0,0,0,1,0,1,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,13368,201,134662,2,2,0,0,0,0,1,0,1,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/shell.pcap.out b/test/results/flow-analyse/default/shell.pcap.out index 99d40e08b..25cf28e51 100644 --- a/test/results/flow-analyse/default/shell.pcap.out +++ b/test/results/flow-analyse/default/shell.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,35944,12250,0,4,2,2,0,0,0,0,0,4,0,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,2,2,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,27,35944,12250,0,4,2,2,0,0,0,0,0,4,0,0,12,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,2,2,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/signal.pcap.out b/test/results/flow-analyse/default/signal.pcap.out index 40b1bb122..d377a21d5 100644 --- a/test/results/flow-analyse/default/signal.pcap.out +++ b/test/results/flow-analyse/default/signal.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.17,35.169.3.40,tcp,57026,443,info,20,12,1569051264666082,1569051265118031,1569051265227415,0,0,1440,1440,12293,2636,0,11,32686.5,114919,49905.0,2490513152.0,3.3,"108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485",52,519.2,1492,606.2,367455.8,4.1,"64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52","4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1","4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104",TLS.Signal,91.39,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.2.17,13.35.253.42,tcp,57027,443,info,20,12,1569051267121677,1569051267296344,1569051267317465,0,0,1440,1440,11716,2541,0,13,11950.2,43365,16041.8,257340416.0,3.7,"32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119",52,498.2,1492,608.0,369644.2,4.0,"64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52","5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1","4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106",TLS.Signal,91.39,1,Fun,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,175,163765,219449,54393,19,9,10,0,4,0,19,27,0,4,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,10,3,3,13,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,10,0,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,8,0,0,0,0,0,0,19,0,0,15,3,1,0,19,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,175,162371,219449,54393,19,9,10,0,4,0,19,27,0,4,0,84,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,10,3,3,13,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,10,0,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,8,0,0,0,0,0,0,19,0,0,15,3,1,0,19,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/signal_audiocall.pcapng.out b/test/results/flow-analyse/default/signal_audiocall.pcapng.out new file mode 100644 index 000000000..07dcf897a --- /dev/null +++ b/test/results/flow-analyse/default/signal_audiocall.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,35.219.252.146,udp,45419,3478,finished,16,16,1732024252560499,1732024255506282,1732024255591142,20,0,140,140,1348,1440,0,34,192787.9,1009305,328853.4,108144574464.0,3.4,"1679,3660,1244,10270,10180,26749,26618,250237,250253,501155,501113,1004003,1009305,956070,950707,3808,8981,1122,5251,38927,115928,34,84920,11595,28824,12973,35886,1216,42468,17725,63525",48,115.1,168,39.1,1531.7,4.9,"48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136","6,0,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,4,6,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,0,0,1,1,1","5.092222691,4.896289825,5.489066124,5.744682789,5.768844128,5.706256866,4.913536072,5.656898022,4.877822399,5.693010330,4.913536072,5.644444466,4.877821922,5.674491882,5.815627575,5.871930599,6.136301041,5.839058876,5.921264172,5.746930122,5.986515999,6.205406189,5.953484058,5.819549084,5.906489849,6.141389370,5.824335575,5.926788807,5.885375023,5.921932697,5.977344990,5.910892010",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.67,35.219.226.11,udp,45419,54116,finished,17,15,1732024255554100,1732024262728582,1732024262809079,28,0,104,96,1240,1108,0,7975,465466.5,2229214,655102.9,429159809024.0,3.8,"49177,63824,48661,39317,8988,7975,43088,49998,8002,41078,51322,943432,1038291,262155,354976,260389,75745,606181,10918,31204,394466,279938,364276,2145789,28790,2221167,290330,345130,931089,1204551,2229214",56,101.4,132,22.2,491.6,5.0,"124,124,92,132,124,92,92,124,92,92,124,92,132,92,124,92,56,84,84,56,124,92,124,92,124,56,92,124,92,84,124,92","2,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,7,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1","5.954615116,5.890099049,5.936881542,5.799671173,5.975784302,5.832649708,5.819981575,5.872922421,5.789170742,5.862594128,5.872116566,5.802706242,5.723914146,5.759228230,5.937438488,5.737487316,5.186729908,5.916122437,5.723992348,5.190757751,5.819494724,5.923347950,5.943526745,5.780966759,5.877923489,5.155044079,5.841721058,5.969696999,5.737488747,5.781786919,5.896186829,5.789172649",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,44,39743,19864,19438,4,0,4,0,2,0,4,7,0,3,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,2,4,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/signal_multiparty.pcapng.out b/test/results/flow-analyse/default/signal_multiparty.pcapng.out new file mode 100644 index 000000000..36e498d42 --- /dev/null +++ b/test/results/flow-analyse/default/signal_multiparty.pcapng.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,13,11121,8051,442,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/signal_videocall.pcapng.out b/test/results/flow-analyse/default/signal_videocall.pcapng.out new file mode 100644 index 000000000..d538a7c2d --- /dev/null +++ b/test/results/flow-analyse/default/signal_videocall.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,35.219.252.146,udp,47926,56377,finished,15,17,1732024434112285,1732024441333397,1732024441541595,28,0,104,96,1156,1232,0,7924,472594.2,2449226,710703.9,505100075008.0,3.7,"65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869",56,102.6,132,22.3,496.6,5.0,"124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124","1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1","5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,34,29729,81563,27668,3,0,3,0,1,0,3,6,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,2,1,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/signal_videocall_multiparty.pcapng.out b/test/results/flow-analyse/default/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..b76582664 --- /dev/null +++ b/test/results/flow-analyse/default/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.117,35.207.67.68,udp,59446,10000,finished,21,11,1733247515941563,1733247521000514,1733247521314176,28,0,100,100,1239,830,0,300,336502.1,1071142,395522.0,156437676032.0,3.9,"32884,48827,300,44457,50533,44084,223767,385,25289,800734,1030880,20622,201493,673,800784,981685,21273,210614,756,118515,13444,1043663,879515,925,1071142,1007160,651,274470,390884,400116,691039",56,92.7,128,28.2,793.4,4.9,"128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74","1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1","5.630286694,5.730687141,5.077819824,5.651809216,5.741195202,5.841376781,5.766547680,5.757154465,5.171569824,5.046569824,5.753524780,5.387711525,5.789052010,5.652456284,5.077819824,5.626456738,5.428714275,5.731467724,5.790346146,5.060848236,5.754378796,5.151015759,5.367309570,5.684864521,5.159774780,5.404538155,5.853539467,5.171569824,5.637804031,5.766547680,5.049053192,5.377511024",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,14,13612,67701,18298,1,0,1,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/simple-dnscrypt.pcap.out b/test/results/flow-analyse/default/simple-dnscrypt.pcap.out index 1a476642e..b5e6e266f 100644 --- a/test/results/flow-analyse/default/simple-dnscrypt.pcap.out +++ b/test/results/flow-analyse/default/simple-dnscrypt.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.43.167,134.119.26.24,tcp,50233,443,info,15,17,1491813284555591,1491813285148253,1491813285258007,0,0,218,1310,804,10162,0,0,41776.7,221977,52354.6,2741003520.0,3.9,"110617,111151,27928,119560,18487,5167,114877,3012,7467,5,1,10608,4894,14894,118,54,378,91813,2,71462,3132,28841,0,26832,76361,36004,32630,95192,61613,221977,1",40,383.4,1350,516.9,267229.7,3.9,"52,52,40,246,40,1350,1350,40,1350,1350,1350,346,40,166,93,96,82,258,298,109,40,78,40,78,40,40,40,401,40,105,1350,1310","7,4,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1","4.700937748,5.053297043,4.884183884,5.597340584,4.884183884,7.257542610,7.247560978,4.734184265,7.594522476,7.479546547,7.614046097,7.344598770,4.780641079,6.391661167,5.721328735,5.834361076,5.503191471,7.138485432,7.091854095,6.122251511,4.934183598,5.396905422,4.884183884,5.818656921,4.884183884,4.884183884,4.884183884,7.331987381,4.934183598,5.989890099,7.848228931,7.847333908",TLS.DNScrypt,91.208,1,Acceptable,Network,6,DPI,"" 1,ip4,192.168.43.167,134.119.26.24,tcp,50259,443,info,16,16,1491813286393273,1491813286786121,1491813286786057,0,0,280,1310,962,7944,0,0,25343.0,105611,35915.9,1289953152.0,3.6,"76904,76992,229,75549,27738,2534,105611,594,1,590,1297,3,1553,3254,3682,128,52,3057,79,49,84732,1,74133,4254,0,9610,25085,23405,82024,4138,98354",40,319.1,1350,456.8,208637.0,3.9,"52,52,40,250,40,1350,1350,40,1350,1350,40,1350,346,40,166,93,96,82,320,119,118,298,109,40,40,78,40,78,40,402,401,40","7,4,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,0,1,1,1,0","4.662476063,5.014835358,4.784183979,5.463803768,4.784183979,7.264608860,7.254951954,4.784183979,7.596163750,7.476695061,4.665311813,7.616894245,7.412656784,4.784183979,6.267624378,5.635307789,5.800558090,5.503190994,7.286572456,6.049404621,6.063973427,7.156964302,6.273537159,4.934183598,4.884183884,5.802693844,4.834183693,5.438509464,4.884183884,7.476879120,7.394095898,4.934183598",TLS.DNScrypt,91.208,1,Acceptable,Network,5,DPI (cache),"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,45,43161,2480,36106,4,0,4,0,2,0,4,8,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,1,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,45,42669,2480,36106,4,0,4,0,2,0,4,8,0,0,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,1,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sip.pcap.out b/test/results/flow-analyse/default/sip.pcap.out index a192b59be..b684e5a2a 100644 --- a/test/results/flow-analyse/default/sip.pcap.out +++ b/test/results/flow-analyse/default/sip.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.2,212.242.33.35,udp,5060,5060,finished,21,11,1120469572844249,1120470235521078,1120470235448732,5,0,825,593,7448,4947,0,25935,42751008.0,279041814,57873684.0,3349363405357056.0,4.0,"136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102",33,415.3,853,273.0,74531.7,4.6,"495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368","9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0","5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526",SIP,100,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,58535,28304,16151,4,0,4,25,1,0,3,0,1,0,0,16,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,58773,28304,16151,4,0,4,25,1,0,3,0,1,0,0,16,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sip_hello.pcapng.out b/test/results/flow-analyse/default/sip_hello.pcapng.out index 58bae96af..46b43eebd 100644 --- a/test/results/flow-analyse/default/sip_hello.pcapng.out +++ b/test/results/flow-analyse/default/sip_hello.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,16578,1962,2172,1,0,1,9,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,16588,1962,2172,1,0,1,9,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sites.pcapng.out b/test/results/flow-analyse/default/sites.pcapng.out index 9b8818ccc..b0a2584b5 100644 --- a/test/results/flow-analyse/default/sites.pcapng.out +++ b/test/results/flow-analyse/default/sites.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.128,91.198.174.208,tcp,50620,443,info,14,18,1623223595952198,1623223596109406,1623223596108936,0,0,517,1448,1036,16479,0,0,10127.3,52937,19772.5,390950848.0,2.8,"46836,50076,2241,52937,230,0,0,0,52220,0,0,0,1478,638,2420,52443,0,779,3077,0,237,0,0,0,0,0,199,47900,0,0,235",52,599.8,1500,646.4,417856.7,4.1,"60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83","10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0","4.713301182,5.220872402,5.008629799,5.408417225,5.079967022,7.845353127,7.893048763,7.841969490,6.480354786,5.047091007,5.047091484,5.085552692,5.085553169,6.254513264,6.947219372,7.136369228,7.362440109,5.997154236,5.666953564,7.893563271,7.867501259,7.878776073,7.865104198,7.874600887,7.869311810,7.861063480,7.860395432,7.425109863,5.085552692,5.047091007,5.085552692,5.564384460",TLS.Wikipedia,91.176,1,Safe,Web,6,DPI,"" 1,ip4,192.168.1.250,45.82.241.51,tcp,39890,80,finished,17,15,1623226283573712,1623226284678348,1623226284677149,0,0,190,1460,380,18862,0,0,71228.2,1031142,245139.1,60093177856.0,1.6,"27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0",46,645.1,1500,701.2,491744.0,4.0,"60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46","15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0","0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0","4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585",HTTP.Likee,7.261,0,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,558,601356,53315,276011,64,9,55,1,2,4,60,62,0,3,0,277,1,0,1,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,58,6,8,21,30,0,1,0,0,0,0,0,0,2,1,0,8,9,1,6,4,2,0,0,8,0,3,0,7,0,0,3,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,59,0,0,0,0,0,6,0,1,0,0,0,0,58,6,0,60,4,0,0,64,60,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,558,596310,53315,276011,64,9,55,1,2,4,60,62,0,3,0,277,1,0,1,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,58,6,9,20,30,0,1,0,0,0,0,0,0,2,1,0,8,9,1,6,4,1,0,0,8,0,4,0,7,0,0,3,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,59,0,0,0,0,0,6,0,1,0,0,0,0,58,6,0,60,4,0,0,64,60,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sites2.pcapng.out b/test/results/flow-analyse/default/sites2.pcapng.out index 3d38be1f6..4d968f809 100644 --- a/test/results/flow-analyse/default/sites2.pcapng.out +++ b/test/results/flow-analyse/default/sites2.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,32,29388,4286,12374,3,0,3,0,0,0,3,4,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,49,42699,4931,12452,5,1,4,0,0,0,5,4,0,0,0,24,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/skinny.pcap.out b/test/results/flow-analyse/default/skinny.pcap.out index a511debd1..8568a74dc 100644 --- a/test/results/flow-analyse/default/skinny.pcap.out +++ b/test/results/flow-analyse/default/skinny.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.195.58,192.168.193.12,tcp,49399,2000,finished,13,19,1317801130501299,1317801134312976,1317801134286303,0,0,52,324,248,1620,1,14,245054.2,3609828,877176.1,769437794304.0,1.5,"2211,18,14,5962,3780,258,15,49,20014,19685,10391,48806,3559643,16,82,3609828,11683,20052,16478,36490,7020,23440,32822,19981,11660,17,20000,11522,27273,50735,26736",46,100.2,364,74.3,5521.7,4.7,"64,68,56,64,46,364,68,76,68,46,200,60,46,64,180,76,46,252,46,88,46,184,46,184,46,184,172,46,92,92,46,92","9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,0,0,5,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,0,1,1,1,1,0,1,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,0,1,0","3.922401428,4.000817776,4.543873787,4.299025536,4.398030758,3.738415241,4.369860649,4.173765659,4.555430412,4.446094513,4.498068333,4.266249657,4.654558659,4.450102329,2.632452726,4.180215836,4.398030758,4.264904022,4.549461365,3.957430601,4.654558659,2.670037031,4.549461365,2.689654589,4.478915215,2.567897081,4.683412552,4.398031235,4.043387413,3.999909163,4.567602158,4.021648407",CiscoSkinny,164,0,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.195.58,192.168.195.50,udp,32144,17718,finished,18,14,1317801134322976,1317801134482957,1317801134468575,172,0,172,172,3096,2408,0,4,9857.4,25564,10215.5,104355640.0,3.9,"25,19949,10,25564,11,20009,15,19949,15,19947,7,19983,8,20009,7,20042,7,20010,7,19977,4,19971,13,19997,11,20024,12,20020,11,19956,10",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","4.233760357,4.233760357,4.755019665,4.755019665,4.365148544,4.365148544,5.067544460,5.067544460,4.363914013,4.363914013,4.870802402,4.870802402,5.547243595,5.547243595,5.061565876,5.061565876,5.180966377,5.180966377,5.064822674,5.064822674,5.333183289,5.333183289,5.182554245,5.182554245,5.614361763,5.614361763,5.808181763,5.808181763,5.246697903,5.246697903,5.232192516,5.232192516",RTP,87,0,Acceptable,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,61,51266,19224,7540,7,0,7,0,2,0,7,0,0,0,0,35,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,2,5,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,61,51391,19224,7540,7,0,7,0,2,0,7,0,0,0,0,35,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,2,5,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/skype-conference-call.pcap.out b/test/results/flow-analyse/default/skype-conference-call.pcap.out index 98ffad2e3..a4f106d12 100644 --- a/test/results/flow-analyse/default/skype-conference-call.pcap.out +++ b/test/results/flow-analyse/default/skype-conference-call.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.2.20,104.46.40.49,udp,49282,60642,finished,16,16,1501061916646303,1501061916821040,1501061916812989,43,0,915,167,6417,1824,0,59,11013.6,100094,22446.4,503839616.0,3.0,"7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718",63,285.5,943,317.0,100457.8,4.3,"132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121","0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0","5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.2.20,104.46.40.49,udp,49282,60642,finished,16,16,1501061916646303,1501061916821040,1501061916812989,43,0,915,167,6417,1824,0,59,11013.6,100094,22446.4,503839616.0,3.0,"7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718",63,285.5,943,317.0,100457.8,4.3,"132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121","0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0","5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,11081,19259,12028,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,11096,19259,12028,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smb_deletefile.pcap.out b/test/results/flow-analyse/default/smb_deletefile.pcap.out index 40e4443e5..977c67a56 100644 --- a/test/results/flow-analyse/default/smb_deletefile.pcap.out +++ b/test/results/flow-analyse/default/smb_deletefile.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.118,192.168.1.187,tcp,56848,445,finished,20,12,1584368315417275,1584368317627960,1584368317628867,0,0,412,500,2972,3826,1,20,142654.1,2158424,529256.2,280112168960.0,1.2,"1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895",40,252.6,540,190.9,36432.9,4.5,"420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452","10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1","3.069277287,3.365245581,4.461769104,2.731584549,2.957580328,4.511769295,2.886561632,3.152696133,4.511769295,2.994292021,3.490118504,4.511769295,2.920198441,4.511769295,3.495491743,3.175110340,4.402616024,3.673908472,4.461769104,3.397419930,4.511769295,2.886561632,3.164842129,4.511769295,3.078800917,2.788191795,4.461769104,2.814971924,2.968542337,4.511769295,2.599048853,2.976962328",NetBIOS.SMBv23,10.41,0,Acceptable,System,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,12389,11034,14218,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,12389,11034,14218,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smb_frags.pcap.out b/test/results/flow-analyse/default/smb_frags.pcap.out index ee83dbb4a..8c90d9b1c 100644 --- a/test/results/flow-analyse/default/smb_frags.pcap.out +++ b/test/results/flow-analyse/default/smb_frags.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,10913,1651,536,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,10913,1651,536,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smbv1.pcap.out b/test/results/flow-analyse/default/smbv1.pcap.out index 4cda5bc42..616eab592 100644 --- a/test/results/flow-analyse/default/smbv1.pcap.out +++ b/test/results/flow-analyse/default/smbv1.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9347,453,366,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9347,453,366,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smpp_in_general.pcap.out b/test/results/flow-analyse/default/smpp_in_general.pcap.out index 0c2ab08a7..618e3e044 100644 --- a/test/results/flow-analyse/default/smpp_in_general.pcap.out +++ b/test/results/flow-analyse/default/smpp_in_general.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7884,122,78,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7884,122,78,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smtp-starttls.pcap.out b/test/results/flow-analyse/default/smtp-starttls.pcap.out index 86e27dafd..bf20ff8bc 100644 --- a/test/results/flow-analyse/default/smtp-starttls.pcap.out +++ b/test/results/flow-analyse/default/smtp-starttls.pcap.out @@ -1,5 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,10.0.0.1,173.194.68.26,tcp,57406,25,info,15,17,1388017124762850,1388017125217215,1388017125228642,0,0,686,1418,1384,4627,0,26,29682.5,156957,34710.8,1204840832.0,4.2,"11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080",52,240.3,1470,368.1,135468.5,4.0,"60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133","9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1","4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285",SMTPS.Google,29.126,1,Acceptable,Email,6,DPI,"7" +1,ip4,10.0.0.1,173.194.68.26,tcp,57406,25,info,15,17,1388017124762850,1388017125217215,1388017125228642,0,0,686,1418,1384,4627,0,26,29682.5,156957,34710.8,1204840832.0,4.2,"11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080",52,240.3,1470,368.1,135468.5,4.0,"60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133","9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1","4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285",SMTPS.Google,29.126,1,Acceptable,Email,6,DPI,"7,8" 1,ip6,2003:de:2016:125:fc36:8317:4e86:cb72,2003:de:2016:120::a08:53,tcp,7562,25,info,16,16,1524746968365832,1524746968662121,1524746968661622,0,0,1034,1140,1734,2097,0,2,19099.3,202908,48707.1,2372380928.0,2.8,"744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736",60,180.5,1200,257.1,66086.8,4.2,"72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60","7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0","4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044",SMTPS,29,1,Safe,Email,6,DPI,"6,15,33" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,27235,3118,6724,2,2,0,0,2,0,2,6,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,5,0,0,0,0,1,1,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,28,27647,3118,6724,2,2,0,0,2,0,2,6,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,6,0,0,0,0,1,1,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,1,3,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smtp.pcap.out b/test/results/flow-analyse/default/smtp.pcap.out index 9466d1952..bee2dcf0a 100644 --- a/test/results/flow-analyse/default/smtp.pcap.out +++ b/test/results/flow-analyse/default/smtp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,194.7.248.153,172.16.114.207,tcp,2127,25,finished,16,16,934028408568957,934028408659170,934028408659389,0,0,40,84,469,576,0,316,5827.3,55118,11962.2,143094448.0,3.2,"316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054",46,73.6,124,15.2,230.1,5.0,"46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77","5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.217956066,4.965921402,4.414441109,5.606353760,4.414441109,5.401541233,4.398030758,5.373719692,5.366997719,5.482748032,5.540370464,5.525596142,5.518477440,5.566954136,5.471196175,5.560668945,5.565314293,5.578667164,5.537589550,5.586310863,5.547144890,5.611951351,5.485757828,5.482342720,5.493423939,5.506668091,5.516471386,5.546820641,5.505877972,5.562905312,5.524069786,5.501934052",SMTP,3,0,Acceptable,Email,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10098,16527,1428,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10098,16527,1428,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/smtps.pcapng.out b/test/results/flow-analyse/default/smtps.pcapng.out index 57c124a8e..dfd6202dc 100644 --- a/test/results/flow-analyse/default/smtps.pcapng.out +++ b/test/results/flow-analyse/default/smtps.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,8596,517,179,1,0,1,0,0,0,1,0,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,8596,517,179,1,0,1,0,0,0,1,0,0,1,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snapchat.pcap.out b/test/results/flow-analyse/default/snapchat.pcap.out index e13056468..9680f313f 100644 --- a/test/results/flow-analyse/default/snapchat.pcap.out +++ b/test/results/flow-analyse/default/snapchat.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,25728,4919,2196,3,1,2,0,0,0,3,3,0,1,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,2,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,25482,4919,2196,3,1,2,0,0,0,3,3,0,1,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,2,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snapchat_call.pcapng.out b/test/results/flow-analyse/default/snapchat_call.pcapng.out index f63736434..b7f9429b7 100644 --- a/test/results/flow-analyse/default/snapchat_call.pcapng.out +++ b/test/results/flow-analyse/default/snapchat_call.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.169,18.184.138.142,udp,42083,443,finished,16,16,1595865799020160,1595865802042641,1595865802853531,28,0,1350,1350,3902,5824,0,7,221156.5,1447282,397282.2,157833134080.0,3.2,"16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800",48,331.9,1378,468.5,219532.9,3.9,"1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72","4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0","0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1","2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680",QUIC.SnapchatCall,188.255,1,Acceptable,VoIP,6,DPI,"24" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,19583,4245,6427,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,19583,4245,6427,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out b/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out index b43050cd9..3793ddbfd 100644 --- a/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out +++ b/test/results/flow-analyse/default/snapchat_call_v1.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.169,34.246.231.140,udp,47520,443,finished,21,11,1642584090467068,1642584091097462,1642584091088958,33,0,1200,1200,10528,3826,0,18,40396.3,284273,69954.6,4893651456.0,3.5,"43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138",53,476.6,1228,428.3,183471.5,4.4,"1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525","0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0","3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0","7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783",QUIC.SnapchatCall,188.255,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,18958,337357,7923,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,18876,337357,7923,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/snmp.pcap.out b/test/results/flow-analyse/default/snmp.pcap.out index 5f14f626c..9755c2c54 100644 --- a/test/results/flow-analyse/default/snmp.pcap.out +++ b/test/results/flow-analyse/default/snmp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,139,116860,7241,4130,17,0,17,10,0,0,17,7,0,4,0,65,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,15,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0,0,17,0,0,17,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,139,116860,7241,4130,17,0,17,10,0,0,17,7,0,4,0,65,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,15,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0,0,17,0,0,17,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/soap.pcap.out b/test/results/flow-analyse/default/soap.pcap.out index 66a1244cf..b6c4e1dfb 100644 --- a/test/results/flow-analyse/default/soap.pcap.out +++ b/test/results/flow-analyse/default/soap.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,28528,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,28528,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/socks.pcap.out b/test/results/flow-analyse/default/socks.pcap.out index daa375b2f..e237811f5 100644 --- a/test/results/flow-analyse/default/socks.pcap.out +++ b/test/results/flow-analyse/default/socks.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,36,25295,905,5743,4,4,0,0,0,0,4,0,0,1,0,20,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,36,25295,905,5743,4,4,0,0,0,0,4,0,0,1,0,20,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/softether.pcap.out b/test/results/flow-analyse/default/softether.pcap.out index 4b30b315a..be042783c 100644 --- a/test/results/flow-analyse/default/softether.pcap.out +++ b/test/results/flow-analyse/default/softether.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.100,130.158.6.113,udp,51381,5004,finished,17,15,1657762868392000,1657907318692000,1657907318946000,1,0,480,328,975,1020,0,257000,9319382016.0,143300001000,0.0,0.0,1.1,"257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000",29,90.3,508,132.5,17556.2,4.1,"29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1","4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,4.988168716,4.582120895,5.059597492,5.016859055,4.526149750,4.582120895,5.059597492,4.513154984,5.010403156,4.582120895,4.582120895,5.001649380,5.023393631,4.521674156,4.582120895,5.001649380,4.582120895,5.059597492,4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,5.059597492,4.582120895,4.582120895,4.988168716",Softether,290,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,107,94625,7165,6576,6,0,6,40,1,0,6,5,0,0,0,29,1,0,1,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,5,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1,5,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,107,94625,7165,6576,6,0,6,40,1,0,6,5,0,0,0,29,1,0,1,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,5,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1,5,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/someip-tp.pcap.out b/test/results/flow-analyse/default/someip-tp.pcap.out index b2addaebe..3c04e472d 100644 --- a/test/results/flow-analyse/default/someip-tp.pcap.out +++ b/test/results/flow-analyse/default/someip-tp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,17474,12472,0,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,17474,12472,0,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/someip-udp-method-call.pcapng.out b/test/results/flow-analyse/default/someip-udp-method-call.pcapng.out index 5ce792faf..66a32f963 100644 --- a/test/results/flow-analyse/default/someip-udp-method-call.pcapng.out +++ b/test/results/flow-analyse/default/someip-udp-method-call.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10498,353,25,2,0,2,0,0,0,2,0,0,2,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10498,353,25,2,0,2,0,0,0,2,0,0,2,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/someip_sd_sample.pcap.out b/test/results/flow-analyse/default/someip_sd_sample.pcap.out index f52dca690..3320d64b1 100644 --- a/test/results/flow-analyse/default/someip_sd_sample.pcap.out +++ b/test/results/flow-analyse/default/someip_sd_sample.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,7018,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,1,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,7018,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,1,1,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sonos.pcapng.out b/test/results/flow-analyse/default/sonos.pcapng.out index 0a5ab0012..ee6bc9eaf 100644 --- a/test/results/flow-analyse/default/sonos.pcapng.out +++ b/test/results/flow-analyse/default/sonos.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.29,192.168.1.70,tcp,52425,1443,info,16,16,1727166164053038,1727166164138595,1727166164138684,0,0,267,1448,697,10055,0,1,5522.7,76697,16070.0,258244336.0,2.1,"272,338,124,356,590,799,645,639,42,126,572,127,1,41072,36346,87,76697,101,123,120,417,5214,5537,110,53,129,4,219,221,72,50",52,388.6,1500,553.2,306044.5,3.8,"64,60,52,199,52,114,52,1500,52,422,52,319,58,97,52,214,58,52,97,52,284,52,1500,52,1500,1500,52,52,1500,52,1500,774","12,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,1","4.115860939,5.002481937,4.600069523,5.375968933,5.017560482,5.533653736,4.676992416,6.990198135,4.676992416,7.453630447,4.585552692,7.180738926,4.594459534,5.301477909,4.940637112,6.869658470,4.928392887,4.676992893,5.552255630,4.676992416,7.104205132,5.017560482,7.839426041,4.638530731,7.870905399,7.893046856,4.638530731,4.569114685,7.863118172,4.600069046,7.854409218,7.733862877",TLS.Sonos,91.430,1,Fun,Music,6,DPI,"5,8,10,15" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,25750,13287,12413,2,1,1,0,1,0,2,2,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,2,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,3,0,0,1,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,25627,13287,12413,2,1,1,0,1,0,2,2,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,2,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,3,0,0,1,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/source_engine.pcap.out b/test/results/flow-analyse/default/source_engine.pcap.out index daa244731..42e412d9c 100644 --- a/test/results/flow-analyse/default/source_engine.pcap.out +++ b/test/results/flow-analyse/default/source_engine.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,85,70985,425,0,17,0,17,5,0,0,17,0,0,0,0,17,1,0,1,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,17,0,0,17,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,85,70985,425,0,17,0,17,5,0,0,17,0,0,0,0,17,1,0,1,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,17,0,0,17,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/spotify_tcp.pcap.out b/test/results/flow-analyse/default/spotify_tcp.pcap.out index eaf8b6d76..2a118969c 100644 --- a/test/results/flow-analyse/default/spotify_tcp.pcap.out +++ b/test/results/flow-analyse/default/spotify_tcp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,7148,792,2002,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,7148,792,2002,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/sql_injection.pcap.out b/test/results/flow-analyse/default/sql_injection.pcap.out index 6b31d70e4..6d7aced28 100644 --- a/test/results/flow-analyse/default/sql_injection.pcap.out +++ b/test/results/flow-analyse/default/sql_injection.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,11897,691,1727,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,11897,691,1727,1,0,1,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/srvloc-v1.pcapng.out b/test/results/flow-analyse/default/srvloc-v1.pcapng.out index 3c650df7c..1172b8db7 100644 --- a/test/results/flow-analyse/default/srvloc-v1.pcapng.out +++ b/test/results/flow-analyse/default/srvloc-v1.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9418,406,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,9418,406,0,2,0,2,0,0,0,2,0,0,0,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/srvloc.pcap.out b/test/results/flow-analyse/default/srvloc.pcap.out index b1e3277fd..fc6e8a22b 100644 --- a/test/results/flow-analyse/default/srvloc.pcap.out +++ b/test/results/flow-analyse/default/srvloc.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,3001,2523705,30707,0,621,0,621,103,0,0,621,0,0,0,0,629,1,0,1,404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,621,0,0,621,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,3001,2523705,30707,0,621,0,621,103,0,0,621,0,0,0,0,629,1,0,1,404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,0,0,0,0,0,0,0,0,0,621,0,0,0,621,0,0,621,621,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ssdp-m-search-ua.pcap.out b/test/results/flow-analyse/default/ssdp-m-search-ua.pcap.out index 87725b8a0..93244faad 100644 --- a/test/results/flow-analyse/default/ssdp-m-search-ua.pcap.out +++ b/test/results/flow-analyse/default/ssdp-m-search-ua.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,8249,696,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,8249,696,0,1,0,1,0,0,0,1,0,0,0,0,4,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ssdp-m-search.pcap.out b/test/results/flow-analyse/default/ssdp-m-search.pcap.out index ded525985..53f9eb1a7 100644 --- a/test/results/flow-analyse/default/ssdp-m-search.pcap.out +++ b/test/results/flow-analyse/default/ssdp-m-search.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,8877,399,0,1,0,1,1,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,8877,399,0,1,0,1,1,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ssh.pcap.out b/test/results/flow-analyse/default/ssh.pcap.out index b14ce0098..162deb6c2 100644 --- a/test/results/flow-analyse/default/ssh.pcap.out +++ b/test/results/flow-analyse/default/ssh.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,172.16.238.1,172.16.238.168,tcp,58395,22,finished,18,14,1320435464760244,1320435472330349,1320435469423179,0,0,904,784,1509,1885,0,26,394614.2,2907110,888738.9,789856780288.0,2.5,"26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110",52,158.7,956,230.1,52961.8,4.1,"64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196","12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0","4.495864868,5.031404495,4.947339535,5.395304680,4.870416641,5.379396915,4.940637589,5.147055149,4.940637589,5.183596134,4.923395157,4.404554367,6.511710644,4.985801220,6.696379662,7.508841991,4.884933472,4.511087418,4.815073490,5.981212139,4.902175903,6.028761387,4.894361019,6.251031399,4.940637589,6.350845814,4.932822704,6.810175419,4.853535175,6.303876877,4.902175426,6.814750671",SSH,92,1,Acceptable,RemoteAccess,6,DPI,"18,19" 1,ip4,127.0.0.1,127.0.0.1,tcp,58496,8000,finished,17,15,1720684522536128,1720684524652827,1720684524669099,0,0,1536,1032,2942,2499,0,15,137086.1,1760401,429110.5,184135827456.0,2.0,"15,26,399,418,18239,18259,766,7333,7507,42057,159691,241121,40366,47,1760376,1760401,5242,5241,16452,16479,57,377,41818,41531,35,107,6908,16477,17486,7983,16456",52,222.5,1588,339.5,115254.5,4.0,"60,60,52,94,52,79,52,1588,1084,132,52,700,52,68,52,68,52,120,52,136,52,136,136,52,152,52,440,408,712,120,120,136","9,1,4,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","7,0,4,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1","4.252536774,4.689003468,4.585552216,5.369926929,4.547090530,5.079363823,4.585552216,4.903249741,5.052254200,5.907934189,4.582383156,7.480095863,4.624013901,4.798997879,4.532573700,4.193390369,4.547090530,6.043831348,4.494111538,6.221045017,4.532573700,6.281461239,6.243819237,4.547090530,6.325264454,4.494112015,7.404932976,7.381281376,7.703675270,6.010097980,5.907892227,6.108596802",SSH,92,1,Acceptable,RemoteAccess,6,DPI,"5,19" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,30656,9379,16092,2,1,1,0,2,0,2,8,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,5,3,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,30656,9379,16092,2,1,1,0,2,0,2,8,0,2,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,5,3,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ssh_unidirectional.pcap.out b/test/results/flow-analyse/default/ssh_unidirectional.pcap.out index 39aadfdf5..759d98d23 100644 --- a/test/results/flow-analyse/default/ssh_unidirectional.pcap.out +++ b/test/results/flow-analyse/default/ssh_unidirectional.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9168,2,58,1,1,0,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9168,2,58,1,1,0,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ssl-cert-name-mismatch.pcap.out b/test/results/flow-analyse/default/ssl-cert-name-mismatch.pcap.out index b6a41c824..bbf6296c7 100644 --- a/test/results/flow-analyse/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/flow-analyse/default/ssl-cert-name-mismatch.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11509,402,3608,1,1,0,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11386,402,3608,1,1,0,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/starcraft_battle.pcap.out b/test/results/flow-analyse/default/starcraft_battle.pcap.out index 905517647..5db06bb09 100644 --- a/test/results/flow-analyse/default/starcraft_battle.pcap.out +++ b/test/results/flow-analyse/default/starcraft_battle.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.100,213.248.127.130,tcp,3517,1119,finished,26,6,1437389982130449,1437389982733601,1437389982710820,0,0,195,743,893,1074,0,22,38178.2,166321,53269.1,2837592064.0,3.6,"52549,52614,94628,145687,24327,95105,95914,166321,70940,49609,160290,31197,128649,15235,41,28,25,24,29,35,25,23,24,30,27,23,28,23,22,29,22",40,102.4,783,136.0,18494.5,4.3,"52,46,40,142,46,783,40,220,303,40,235,46,108,42,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63","23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.463548183,4.642490387,4.665311337,5.407479763,4.522393227,7.766187668,4.981687546,7.105029583,7.198122978,4.931687355,6.211636543,4.652828693,5.019042969,4.830181599,5.558794022,5.515064716,5.602522373,5.570774555,5.634266376,5.666012287,5.451573372,5.475538254,5.539031029,5.666014194,5.729505062,5.697759151,5.515064716,5.602520943,5.590539455,5.666013718,5.602520943,5.570777416",Starcraft,213,0,Fun,Game,6,DPI,"" 1,ip4,192.168.1.100,2.228.46.112,tcp,3527,80,finished,12,20,1437389985891466,1437389985995179,1437389985995168,0,0,149,1460,149,26280,0,65,6690.8,34324,13000.1,169003376.0,2.9,"32476,32510,1623,34324,1138,65,33880,153,130,283,141,278,419,213,122,339,108,139,244,139,597,734,100,131,232,130,134,265,32899,285,33184",40,866.8,1500,718.4,516058.3,4.3,"52,52,40,189,46,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40","11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.545560837,4.801308632,4.730640888,5.763886929,4.501398087,5.907708645,7.721281052,4.730640888,7.812506199,7.777710438,4.730640888,7.794231415,7.742146015,4.680641174,7.749040604,7.800151825,4.680641174,7.781608105,7.754264832,4.730640888,7.783253193,7.795304775,4.730640888,7.746140480,7.751955986,4.680641174,7.805341244,7.749295712,4.730640888,7.808876514,7.796334743,4.680641174",HTTP,7,0,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,383,299948,11037,305631,52,26,26,0,3,13,39,16,0,8,1,203,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,16,36,9,28,2,0,0,0,0,0,0,0,0,0,0,0,27,0,0,2,0,0,0,0,0,8,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,9,2,7,0,0,0,0,52,0,0,38,13,0,1,52,39,13,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6,1,0,1,0,0,0,0,1,0,0 +0,383,300162,11037,305631,52,26,26,0,3,13,39,16,0,8,1,203,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,16,36,9,28,2,0,0,0,0,0,0,0,0,0,0,0,27,0,0,2,0,0,0,0,0,8,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,9,2,7,0,0,0,0,52,0,0,38,13,0,1,52,39,13,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6,1,0,1,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/steam.pcapng.out b/test/results/flow-analyse/default/steam.pcapng.out index 9a572efaa..5c09cb874 100644 --- a/test/results/flow-analyse/default/steam.pcapng.out +++ b/test/results/flow-analyse/default/steam.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,51596,5134,4588,7,1,6,0,0,0,7,4,0,1,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,3,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,2,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,51268,5134,4588,7,1,6,0,0,0,7,4,0,1,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,3,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,2,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stomp.pcapng.out b/test/results/flow-analyse/default/stomp.pcapng.out index caafba414..bfb495ea0 100644 --- a/test/results/flow-analyse/default/stomp.pcapng.out +++ b/test/results/flow-analyse/default/stomp.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7838,195,291,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7838,195,291,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun.pcap.out b/test/results/flow-analyse/default/stun.pcap.out index d237f8fa0..c16b387ca 100644 --- a/test/results/flow-analyse/default/stun.pcap.out +++ b/test/results/flow-analyse/default/stun.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,31.13.86.54,udp,38123,40003,finished,17,15,1629291451242856,1629291458067482,1629291458262623,28,0,140,132,2076,1496,0,34,446593.3,6004359,1462539.6,2139022032896.0,1.9,"11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153",56,139.6,168,32.1,1033.4,5.0,"56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160","1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1","4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147",STUN.FacebookVoip,78.268,0,Acceptable,VoIP,6,DPI,"5" 1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",DTLS.GoogleCall,30.404,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,92,82317,9664,9072,9,1,8,3,3,0,9,11,0,5,0,38,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,3,0,0,0,0,0,7,2,0,2,6,1,0,9,9,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,92,82717,9664,9072,9,1,8,3,3,0,9,11,0,5,0,38,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,3,0,0,0,0,0,7,2,0,2,6,1,0,9,9,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_classic.pcap.out b/test/results/flow-analyse/default/stun_classic.pcap.out index 6171895bc..d78455efb 100644 --- a/test/results/flow-analyse/default/stun_classic.pcap.out +++ b/test/results/flow-analyse/default/stun_classic.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9356,284,416,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9446,284,416,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_dtls_rtp.pcapng.out b/test/results/flow-analyse/default/stun_dtls_rtp.pcapng.out index 1c7352a83..e879db43a 100644 --- a/test/results/flow-analyse/default/stun_dtls_rtp.pcapng.out +++ b/test/results/flow-analyse/default/stun_dtls_rtp.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,142.250.82.76,udp,37967,19305,finished,18,14,1669989925164266,1669989925844909,1669989925832608,65,0,545,1203,2558,3623,0,29,43515.6,258068,58201.4,3387401984.0,4.0,"23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379",68,221.2,1231,244.4,59721.8,4.4,"144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112","0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0","5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715",DTLS.GoogleCall,30.404,1,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.12.182,142.250.82.249,tcp,50221,3478,finished,17,15,1710679657055887,1710679657765266,1710679657791909,0,0,196,656,1320,1924,0,0,46625.8,509459,117745.2,13863926784.0,2.8,"2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125",40,142.1,696,150.7,22704.0,4.4,"52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160","8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1","4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992",STUN.GoogleCall,78.404,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,24720,5120,16163,2,0,2,0,2,0,2,3,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,25,24737,5120,16163,2,0,2,0,2,0,2,3,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/flow-analyse/default/stun_dtls_rtp_unidir.pcapng.out index 54e0d7e05..d8e70e351 100644 --- a/test/results/flow-analyse/default/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/flow-analyse/default/stun_dtls_rtp_unidir.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,18063,8552,0,2,0,2,0,0,0,2,2,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,21,18197,8552,0,2,0,2,0,0,0,2,2,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out index 8d876e54b..8b6e01074 100644 --- a/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out +++ b/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12585,1456,0,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,13,12610,1456,0,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out index 4fcd85d70..c76a1fc98 100644 --- a/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out +++ b/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12814,1311,0,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,2,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,13,12840,1311,0,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,2,1,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_google_meet.pcapng.out b/test/results/flow-analyse/default/stun_google_meet.pcapng.out index 191f6f4cb..e0ecb4aff 100644 --- a/test/results/flow-analyse/default/stun_google_meet.pcapng.out +++ b/test/results/flow-analyse/default/stun_google_meet.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,142.250.82.76,udp,45400,3478,finished,16,16,1687685005044008,1687685041837696,1687685041855156,116,0,124,64,1864,1024,0,30238,2374349.5,8437597,2513707.0,6318722646016.0,4.3,"30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856",92,118.2,152,26.3,690.9,5.0,"152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92","0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676",STUN.GoogleCall,78.404,0,Acceptable,VoIP,6,DPI,"" 1,ip6,2001:b07:a3d:c112:48a1:1094:1227:281e,2001:4860:4864:6::81,udp,45572,19305,finished,6,26,1697468935898948,1697468936037339,1697468936047117,81,0,546,1203,1148,6916,0,0,9243.9,81640,19965.3,398613152.0,2.8,"26858,81640,683,74446,3025,28042,16509,24776,333,0,0,0,0,0,0,0,0,0,0,0,0,0,11517,15951,2780,0,0,0,0,0,0",85,300.0,1251,206.9,42788.4,4.7,"172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308","0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1","5.951032162,5.736715317,5.834187984,5.024463177,5.864942074,7.322808743,6.692216396,5.868327141,7.354635239,4.724500656,7.025775909,7.078637600,7.104609966,7.082355022,7.017282486,7.010787487,7.078490257,7.062924862,7.034311771,7.109773636,7.020790577,7.051887035,5.674198151,5.651331425,5.745950699,7.084123135,7.055697918,7.005239010,7.013784885,6.117315292,7.010463715,6.985410213",DTLS.GoogleCall,30.404,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,76,69730,13243,43190,7,0,7,6,4,0,7,7,0,5,0,34,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,6,1,0,0,7,0,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,76,69865,13243,43190,7,0,7,6,4,0,7,7,0,5,0,34,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,6,1,0,0,7,0,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out b/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out index a5bee4873..166599e52 100644 --- a/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out +++ b/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,13123,5440,0,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,12,13219,5440,0,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,2,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_signal.pcapng.out b/test/results/flow-analyse/default/stun_signal.pcapng.out index 5fec85cff..fd452a843 100644 --- a/test/results/flow-analyse/default/stun_signal.pcapng.out +++ b/test/results/flow-analyse/default/stun_signal.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,35.158.183.167,192.168.12.169,icmp,,,finished,30,2,1636901936083692,1636901980739508,1636901940925734,56,0,64,104,1760,208,0,15,1596705.0,17079364,3547473.5,12584568750080.0,2.8,"4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065",76,81.5,124,11.6,133.8,5.0,"76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84","0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384",ICMP,81,0,Acceptable,Network,6,DPI,"35" 1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,233,198723,13408,16192,23,0,23,15,3,0,23,30,0,19,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,16,35,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0 +0,233,200419,13408,16192,23,0,23,15,3,0,23,30,0,19,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,16,35,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_signal_tcp.pcapng.out b/test/results/flow-analyse/default/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..c6a04d08e --- /dev/null +++ b/test/results/flow-analyse/default/stun_signal_tcp.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.117,35.219.252.146,tcp,51296,80,finished,17,15,1733247378288841,1733247378757373,1733247378756881,0,0,132,248,1352,880,0,0,30212.0,286751,67983.4,4621743104.0,3.1,"5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409",40,111.6,288,62.1,3852.6,4.8,"52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140","6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0","4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,13,11303,58588,27476,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out index 561630001..8c03e77bd 100644 --- a/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8316,0,168,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8349,0,168,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_wa_call.pcapng.out b/test/results/flow-analyse/default/stun_wa_call.pcapng.out index 0251878d1..48bf7af0d 100644 --- a/test/results/flow-analyse/default/stun_wa_call.pcapng.out +++ b/test/results/flow-analyse/default/stun_wa_call.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,93.57.123.227,udp,46652,3478,finished,17,15,1676659968029444,1676659971853147,1676659971919436,20,0,272,245,2693,1097,0,33,248828.9,2505343,601339.2,361608839168.0,2.9,"164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001",48,146.4,300,92.2,8492.2,4.7,"240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273","2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1","7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.12.156,157.240.203.62,udp,49526,3478,finished,16,16,1676660020625604,1676660020791890,1676660020799292,20,0,272,512,1396,6812,0,24,10966.9,25268,4978.7,24787812.0,4.8,"137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527",48,284.5,540,217.5,47305.8,4.6,"300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540","1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,132,118755,44019,64856,13,0,13,5,2,0,13,22,0,13,0,61,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,9,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,12,4,0,0,0,0,0,13,0,0,0,12,1,0,13,13,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0 +0,132,119899,44019,64856,13,0,13,5,2,0,13,22,0,13,0,61,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,9,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,12,4,0,0,0,0,0,13,0,0,0,12,1,0,13,13,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/stun_zoom.pcapng.out b/test/results/flow-analyse/default/stun_zoom.pcapng.out index 5898e21d2..f1bc23c81 100644 --- a/test/results/flow-analyse/default/stun_zoom.pcapng.out +++ b/test/results/flow-analyse/default/stun_zoom.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.43.169,134.224.90.111,udp,53065,8801,finished,17,15,1661169535618755,1661169536326542,1661169536383924,50,0,189,1052,2576,5172,0,5,47514.7,193831,51140.5,2615352320.0,4.1,"20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466",42,270.1,1080,313.1,98043.5,4.3,"184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42","0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1","5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696",DTLS,30,1,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,27389,4671,10647,2,0,2,0,1,0,2,8,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,6,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,28,27425,4671,10647,2,0,2,0,1,0,2,8,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,6,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/syncthing.pcap.out b/test/results/flow-analyse/default/syncthing.pcap.out index 418a62272..46ff35413 100644 --- a/test/results/flow-analyse/default/syncthing.pcap.out +++ b/test/results/flow-analyse/default/syncthing.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,40,37849,13912,0,4,0,4,11,0,0,4,0,0,0,0,14,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,40,37849,13912,0,4,0,4,11,0,0,4,0,0,0,0,14,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,4,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/synscan.pcap.out b/test/results/flow-analyse/default/synscan.pcap.out index 7e4340cf6..af174bd96 100644 --- a/test/results/flow-analyse/default/synscan.pcap.out +++ b/test/results/flow-analyse/default/synscan.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7996,6244751,0,0,1994,5,1989,0,0,140,0,0,1854,0,0,2011,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1994,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1994,0,0,1994,0,0,0,1994,0,140,1854,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7996,6245326,0,0,1994,5,1989,0,0,140,0,0,1854,0,0,2011,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1994,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1994,0,0,1994,0,0,0,1994,0,140,1854,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/syslog.pcap.out b/test/results/flow-analyse/default/syslog.pcap.out index d67e900b3..b39e6abf8 100644 --- a/test/results/flow-analyse/default/syslog.pcap.out +++ b/test/results/flow-analyse/default/syslog.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,152,126871,13199,0,20,1,19,10,0,0,17,0,3,1,6,58,1,0,1,10,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,3,17,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,1,1,0,0,0,0,0,20,0,0,2,16,0,2,20,17,0,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,152,126871,13199,0,20,1,19,10,0,0,17,0,3,1,6,58,1,0,1,10,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,3,17,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,1,1,0,0,0,0,0,20,0,0,2,16,0,2,20,17,0,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tailscale.pcap.out b/test/results/flow-analyse/default/tailscale.pcap.out index 2133d63ab..cfe58989d 100644 --- a/test/results/flow-analyse/default/tailscale.pcap.out +++ b/test/results/flow-analyse/default/tailscale.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.88.3,18.196.71.179,udp,41641,41641,finished,13,19,1623328901893092,1623328910935194,1623328911751937,92,0,128,128,1430,2162,0,7,609708.0,1999684,605237.1,366311899136.0,4.2,"1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405",120,140.2,156,15.4,237.9,5.0,"120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120","0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1","6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845",Tailscale,24,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10658,5700,6322,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10658,5700,6322,1,0,1,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/targusdataspeed_false_positives.pcap.out b/test/results/flow-analyse/default/targusdataspeed_false_positives.pcap.out index 155eef26a..50a8192c5 100644 --- a/test/results/flow-analyse/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/flow-analyse/default/targusdataspeed_false_positives.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10555,196,575,2,0,2,0,0,0,2,0,0,2,0,4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10555,196,575,2,0,2,0,0,0,2,0,0,2,0,4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tcp_scan.pcapng.out b/test/results/flow-analyse/default/tcp_scan.pcapng.out index a88da540e..a332d2fed 100644 --- a/test/results/flow-analyse/default/tcp_scan.pcapng.out +++ b/test/results/flow-analyse/default/tcp_scan.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,42,30685,0,0,7,7,0,0,0,4,0,0,3,0,0,18,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,42,31434,0,0,7,7,0,0,0,4,0,0,3,0,0,18,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/teams.pcap.out b/test/results/flow-analyse/default/teams.pcap.out index 55a7e8d71..f2f17b597 100644 --- a/test/results/flow-analyse/default/teams.pcap.out +++ b/test/results/flow-analyse/default/teams.pcap.out @@ -9,11 +9,11 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",TLS.Microsoft365,91.219,1,Acceptable,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" 1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" -1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,3,DPI (partial),"" +1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Teams,91.250,1,Safe,Collaborative,3,DPI (partial),"" 1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" 1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" -1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,668,638472,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,42,37,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,20,0,0,11,27,19,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 +0,668,636862,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,51,28,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,12,0,0,11,27,27,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/teamspeak3.pcap.out b/test/results/flow-analyse/default/teamspeak3.pcap.out index caf082140..1b8e9a524 100644 --- a/test/results/flow-analyse/default/teamspeak3.pcap.out +++ b/test/results/flow-analyse/default/teamspeak3.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,193.31.25.70,51.68.181.92,udp,2011,2010,finished,16,16,1667856551682719,1667860752082559,1667860752087365,4,0,16,8,160,104,0,4821,270993696.0,600180997,298614912.0,89170865459036160.0,3.8,"4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963",32,40.0,44,4.7,22.0,5.0,"32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824",TeamSpeak,162,0,Fun,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,260,239220,4245,1872,2,0,2,142,1,0,2,0,0,0,0,10,1,0,1,99,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,260,239220,4245,1872,2,0,2,142,1,0,2,0,0,0,0,10,1,0,1,99,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/teamviewer.pcap.out b/test/results/flow-analyse/default/teamviewer.pcap.out index 2e8812e78..95d3e2aed 100644 --- a/test/results/flow-analyse/default/teamviewer.pcap.out +++ b/test/results/flow-analyse/default/teamviewer.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.0.2.15,162.250.2.170,tcp,35732,5938,finished,15,17,330297046,331331838,331332084,0,0,1460,1460,6059,4420,0,25,66768.7,274397,88285.8,7794386432.0,3.8,"136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29",40,369.0,1500,516.4,266637.3,3.8,"60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40","5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0","11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0","0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1","4.625016212,4.740079880,4.284006119,4.619223595,4.580641747,3.968942165,4.580641747,7.564378738,7.341676235,4.461769581,4.530641556,4.904301167,4.311073780,3.852114439,4.354552269,7.724319935,7.804080486,4.398030758,7.655926228,4.661769390,7.519716263,7.677883148,4.661769390,6.491265774,4.556527615,4.661769390,3.810093641,4.611769676,7.550663948,7.375458717,4.661769390,4.661769390",TeamViewer,148,1,Acceptable,RemoteAccess,6,DPI,"" 1,ip4,10.0.2.15,93.47.224.241,udp,34417,36037,finished,1,31,520136114,520136114,521274313,96,0,96,1024,96,13050,0,7,36716.1,442863,96766.6,9363771392.0,2.6,"12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12",44,438.8,1052,450.4,202865.5,4.2,"124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71","0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","2.665547609,2.681676626,0.777366042,0.400940508,3.903489351,2.792044401,3.098856926,2.998324156,3.315334082,4.078965187,4.029050350,3.961237431,3.922775745,3.062608480,3.152767181,0.385090381,0.379928052,0.378026903,0.379928052,0.378026903,0.379928052,0.379928052,0.379928052,0.378026903,0.390793800,4.132575512,3.859765768,5.537042618,4.036628723,3.928550959,4.210556507,4.727299213",TeamViewer,148,1,Acceptable,RemoteAccess,6,DPI,"5,30" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,22595,60849,93607,2,0,2,2,2,0,2,0,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,22595,60849,93607,2,0,2,2,2,0,2,0,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telegram.pcap.out b/test/results/flow-analyse/default/telegram.pcap.out index 94ce2a70c..ebbea75aa 100644 --- a/test/results/flow-analyse/default/telegram.pcap.out +++ b/test/results/flow-analyse/default/telegram.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.77,91.108.8.8,udp,28150,529,finished,23,9,1588779637543816,1588779639059745,1588779639085148,32,0,192,96,3024,688,0,8183,98621.3,504672,137715.2,18965475328.0,4.0,"38704,504672,472194,31371,48787,83063,90104,75511,57499,58021,58053,58125,51991,386634,9517,8470,27260,36050,21667,40197,58112,58011,58152,57862,69999,57869,58016,8183,436304,11258,25605",60,144.0,220,55.4,3064.0,4.9,"68,92,68,124,92,124,124,60,204,204,204,220,204,68,124,124,204,92,124,204,76,204,204,188,204,188,204,204,68,124,124,92","0,5,0,4,0,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1","4.808521748,5.009398460,4.808521271,6.399723530,4.941553116,6.478234291,6.493558407,4.513398170,6.960375786,6.945446968,6.939341545,6.983797073,6.888330936,4.878446102,6.548838615,6.455212116,7.004271030,5.031137943,6.436948776,6.903464317,5.093001842,6.935152531,6.904445171,6.829572678,6.978069782,6.828165054,6.847532749,7.033680439,4.937269211,6.449124336,6.467387676,4.965919971",Telegram,185,1,Acceptable,Chat,6,DPI,"" 1,ip4,192.168.1.77,91.108.8.1,udp,28150,533,finished,8,24,1588779637543824,1588779639102885,1588779639500175,32,0,96,176,480,3200,0,7087,113400.4,504936,151181.6,22855886848.0,4.1,"34096,504936,476895,26281,48588,90140,359286,474896,22927,53992,44091,48774,32735,70515,63740,63677,64572,42031,447918,51385,12513,7087,54201,56023,36226,28925,63945,41904,63934,64562,64617",60,143.0,204,54.2,2943.0,4.9,"68,92,68,124,92,124,60,68,124,92,124,76,124,204,204,188,204,204,204,68,124,204,92,124,204,124,204,204,188,204,188,204","0,5,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,5,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1","4.966681004,5.096354961,4.937269211,6.506538868,5.044672012,6.487470627,4.580064774,4.937269211,6.484322548,5.052877426,6.310050964,5.093001842,6.474280834,6.938044071,6.986575603,6.864440918,6.966351032,6.935151577,6.996869087,4.937269211,6.502585888,6.988362312,5.031137943,6.294727325,6.920350552,6.415852547,6.915544987,6.900125980,6.926725864,7.031893730,6.898294926,7.013583183",Telegram,185,1,Acceptable,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,340,294644,159435,109098,48,0,48,10,6,0,45,14,3,4,0,163,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,3,39,2,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,12,0,0,0,2,20,0,0,0,7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45,0,0,0,0,0,5,0,0,0,0,0,0,45,3,0,0,48,0,0,48,45,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0 +0,340,294278,159435,109098,48,0,48,10,6,0,45,14,3,3,0,163,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,3,39,2,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,12,0,0,0,2,20,0,0,0,7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45,0,0,0,0,0,4,0,0,0,0,0,0,45,3,0,0,48,0,0,48,45,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telegram_videocall.pcapng.out b/test/results/flow-analyse/default/telegram_videocall.pcapng.out index c4295b4ea..f0d401d10 100644 --- a/test/results/flow-analyse/default/telegram_videocall.pcapng.out +++ b/test/results/flow-analyse/default/telegram_videocall.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"5" 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,258,219782,59877,270358,34,6,28,1,4,2,32,14,0,26,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,30,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,258,220885,59877,270358,34,6,28,1,4,2,32,14,0,26,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,30,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telegram_videocall_2.pcapng.out b/test/results/flow-analyse/default/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..6d8ac8e5b --- /dev/null +++ b/test/results/flow-analyse/default/telegram_videocall_2.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,91.108.9.106,udp,39968,1400,finished,16,16,1731946740900337,1731946742240391,1731946742264226,28,0,652,262,2187,1616,0,16,87224.0,633159,149549.7,22365106176.0,3.7,"24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564",56,146.8,680,107.0,11452.5,4.8,"56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89","1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.12.67,91.108.9.10,udp,44275,597,finished,17,15,1731946740900678,1731946742884971,1731946742282512,40,0,596,572,2244,1980,0,14,108584.7,699013,167856.0,28175654912.0,3.8,"24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013",68,160.0,624,120.1,14426.0,4.7,"68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148","0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0","4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,65,56081,49274,68741,8,0,8,0,2,0,8,6,0,3,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,2,6,0,0,0,0,0,7,1,0,0,8,0,0,8,8,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telegram_voice.pcapng.out b/test/results/flow-analyse/default/telegram_voice.pcapng.out new file mode 100644 index 000000000..a804960f8 --- /dev/null +++ b/test/results/flow-analyse/default/telegram_voice.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,91.108.9.68,udp,41011,596,finished,11,21,1731945728464288,1731945728965019,1731945729659565,40,0,572,640,1556,3292,0,8,54709.9,245348,61453.4,3776523008.0,4.1,"25074,216674,245348,4517,49052,101090,2123,47856,705,203,47977,8,48680,63235,15,67883,33733,30921,5566,35563,42632,10,106554,90512,4893,3141,92065,131857,148102,20831,29188",68,179.5,668,151.2,22848.8,4.6,"68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92","0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1","4.577797413,4.704595566,5.840540886,6.068605900,5.729596138,5.724494934,6.023389339,5.735745430,5.209395409,6.047139168,5.621933937,5.952142715,5.800000668,6.109596729,6.500761509,6.081621647,6.754777431,5.751046658,6.006148338,4.577797413,4.704595566,7.371456146,5.947301865,6.372353077,5.506771564,5.806564331,6.849390507,5.727319241,5.766920567,5.701651573,6.887141705,5.708128929",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.67,91.108.9.34,udp,42567,1400,finished,23,9,1731945728460409,1731945729768352,1731945729070645,28,0,209,148,2538,948,0,263,61876.7,364488,85905.3,7379713024.0,4.0,"28317,34064,35508,364488,566,362690,49517,68716,48417,51074,2919,56026,29084,263,48698,1930,20770,10384,79381,92318,1601,769,131478,118774,44174,69454,51913,13839,47939,1880,51228",56,136.9,237,39.8,1586.6,4.9,"56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82","1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","4.971485138,5.671458721,5.746047974,5.878075600,5.706763744,5.727324486,5.785743237,5.641233921,5.929356098,5.664824486,5.968761921,5.817453384,5.830233097,5.731947422,5.954558372,5.994700909,5.790436745,5.817786694,5.885230064,5.863245964,5.738586903,5.528282642,6.865426064,5.427438736,6.728340626,6.638175011,6.711227417,6.654670715,5.510934830,6.905664921,5.741343975,5.854089737",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,82,69833,60389,66728,10,0,10,0,2,0,10,8,0,4,0,39,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,7,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,8,0,0,0,0,0,9,1,0,0,9,1,0,10,10,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/telnet.pcap.out b/test/results/flow-analyse/default/telnet.pcap.out index 45d652a64..d595a52a3 100644 --- a/test/results/flow-analyse/default/telnet.pcap.out +++ b/test/results/flow-analyse/default/telnet.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.2,192.168.0.1,tcp,1550,23,info,17,15,943755158387203,943755160950568,943755159705066,0,0,85,32,203,139,0,172,125200.9,1232764,336743.6,113396252672.0,2.2,"2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372",52,63.2,137,18.8,354.0,4.9,"60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52","15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0","4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321",Telnet,77,0,Unsafe,RemoteAccess,6,DPI,"22" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,12573,289,1371,1,1,0,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,12573,289,1371,1,1,0,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tencent_games.pcap.out b/test/results/flow-analyse/default/tencent_games.pcap.out index d15bbccbe..1bffa1c26 100644 --- a/test/results/flow-analyse/default/tencent_games.pcap.out +++ b/test/results/flow-analyse/default/tencent_games.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,37,26976,1572,2654,4,1,3,0,0,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,37,26976,1572,2654,4,1,3,0,0,0,4,0,0,0,0,20,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/teredo.pcap.out b/test/results/flow-analyse/default/teredo.pcap.out index 50d605039..00268fe61 100644 --- a/test/results/flow-analyse/default/teredo.pcap.out +++ b/test/results/flow-analyse/default/teredo.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,33,25273,815,751,5,0,5,0,0,0,5,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,33,25273,815,751,5,0,5,0,0,0,5,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/teso.pcapng.out b/test/results/flow-analyse/default/teso.pcapng.out index 2f67c329c..fe66dde70 100644 --- a/test/results/flow-analyse/default/teso.pcapng.out +++ b/test/results/flow-analyse/default/teso.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,18,15310,1693,0,2,0,2,0,0,0,2,0,0,0,0,8,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,18,15310,1693,0,2,0,2,0,0,0,2,0,0,0,0,8,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tftp.pcap.out b/test/results/flow-analyse/default/tftp.pcap.out index 624c66be3..fa392c3d5 100644 --- a/test/results/flow-analyse/default/tftp.pcap.out +++ b/test/results/flow-analyse/default/tftp.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.0.10,192.168.0.253,udp,3445,50618,finished,16,16,946730124846355,946730124846355,946730124846355,516,0,516,4,8256,64,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",46,295.0,544,249.0,62001.0,4.4,"544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.265709877,3.000972986,4.623624802,3.000972986,4.859318733,3.000972986,4.935849667,2.941084146,4.381216049,2.957494497,4.600720406,3.000972986,4.634294987,3.000972986,4.567757130,3.000972986,4.459813595,3.000972986,4.388016701,2.941084146,4.358253002,3.000972986,4.537627220,2.941084146,4.658279419,2.941084146,4.567505836,3.000972986,4.506970406,3.000972986,4.253873825,3.000972986",TFTP,96,0,Acceptable,DataTransfer,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,50,44247,24961,1228,9,0,9,0,1,2,7,0,0,3,0,16,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,3,0,0,0,0,0,9,0,0,0,9,0,0,9,7,2,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,50,44247,24961,1228,9,0,9,0,1,2,7,0,0,3,0,16,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,3,0,0,0,0,0,9,0,0,0,9,0,0,9,7,2,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/threema.pcap.out b/test/results/flow-analyse/default/threema.pcap.out index e01885e19..aa68a8056 100644 --- a/test/results/flow-analyse/default/threema.pcap.out +++ b/test/results/flow-analyse/default/threema.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,54,38779,3785,2219,6,4,2,0,0,2,4,0,0,0,0,30,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,54,38779,3785,2219,6,4,2,0,0,2,4,0,0,0,0,30,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/thrift.pcap.out b/test/results/flow-analyse/default/thrift.pcap.out index 0a44dbcee..9b037260b 100644 --- a/test/results/flow-analyse/default/thrift.pcap.out +++ b/test/results/flow-analyse/default/thrift.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,169.254.59.247,169.254.46.4,tcp,53387,11010,finished,13,19,1618939325157360,1618939325159246,1618939325159187,0,0,2920,1460,3250,7422,0,59,119.8,188,47.3,2241.9,4.8,"67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119",40,375.2,2960,637.8,406764.6,3.6,"52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960","5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0","4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443",Thrift,345,0,Acceptable,RPC,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,18,26788,23624,71295,2,1,1,0,1,0,2,0,0,0,0,7,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,18,26788,23624,71295,2,1,1,0,1,0,2,0,0,0,0,7,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tinc.pcap.out b/test/results/flow-analyse/default/tinc.pcap.out index e8f43ba81..d76a0d71f 100644 --- a/test/results/flow-analyse/default/tinc.pcap.out +++ b/test/results/flow-analyse/default/tinc.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,131.114.168.27,185.83.218.112,udp,55655,55655,finished,17,15,1495983428000367,1495983431160747,1495983430158623,148,0,1468,1460,19148,16284,0,23,171568.9,1069532,377387.1,142420983808.0,2.5,"157,27472,47,25,27522,244,68,237,181,126,15445,30,41839,33,23,1057953,304,258,1003680,53,1840,184,45315,102,25,1024085,82,1069532,137,1001358,279",176,1135.2,1496,450.4,202833.5,4.9,"672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480","0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0","0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0","0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0","7.665557861,7.732561588,7.082343578,7.846774578,7.752214432,6.906925201,7.855091572,6.755141735,7.856310368,7.846433163,7.747685909,7.710433006,7.733560562,7.868661880,6.790736675,7.858621597,7.869617462,7.873907566,7.874854565,7.877315998,7.870153904,7.874608040,7.878478050,7.845719337,7.883452892,7.855854511,7.886187077,7.874522686,7.870358467,7.871251106,7.874283314,7.868322849",TINC,209,0,Acceptable,VPN,5,DPI (cache),"5" 1,ip4,185.83.218.112,131.114.168.27,udp,55656,55656,finished,12,20,1495983428043218,1495983432571150,1495983432526055,148,0,1444,1452,10944,20512,0,24,290670.0,2412459,558680.6,312123949056.0,2.9,"50,27,594,482,207,142,1049148,39,24,1048033,86,239,119,120,91,44079,43,25,1044735,279,1021999,20586,1001463,275,241,363633,1001240,149,123,2412459,39",104,1011.0,1480,450.3,202783.0,4.8,"752,1472,944,720,1256,1472,944,1056,656,320,1048,176,1296,512,656,320,176,1296,512,1464,1360,1360,1360,1472,1336,1304,104,1480,1464,1328,1376,1360","0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0","0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0","0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0","7.690577507,7.881368160,7.775002003,7.728326797,7.851398468,7.867018700,7.774654388,7.831391335,7.688314915,7.329430103,7.812694550,6.669548035,7.843146801,7.557564259,7.679370403,7.194211483,6.957363605,7.850227833,7.572175503,7.873534679,7.858608246,7.866045952,7.839975357,7.845044613,7.866905689,7.841031551,6.193184853,7.882274628,7.896846294,7.859506130,7.852632523,7.876025200",TINC,209,0,Acceptable,VPN,5,DPI (cache),"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,37,41419,166919,171310,4,2,2,0,2,0,4,0,0,4,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,2,2,0,0,4,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,37,41419,166919,171310,4,2,2,0,2,0,4,0,0,4,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,2,2,0,0,4,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tk.pcap.out b/test/results/flow-analyse/default/tk.pcap.out index e02c75313..c504d934a 100644 --- a/test/results/flow-analyse/default/tk.pcap.out +++ b/test/results/flow-analyse/default/tk.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,17629,90,224,3,0,3,0,0,0,3,3,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,17629,90,224,3,0,3,0,0,0,3,3,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls-appdata.pcap.out b/test/results/flow-analyse/default/tls-appdata.pcap.out index 4a4a1d136..d5c5b8555 100644 --- a/test/results/flow-analyse/default/tls-appdata.pcap.out +++ b/test/results/flow-analyse/default/tls-appdata.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.100,52.223.198.7,tcp,58976,443,info,17,15,1643610288722000,1643610304703000,1643610304703000,0,0,1452,2904,4416,30419,1,0,1031032.2,15956000,3917522.5,15346982453248.0,1.0,"2000,15000,3000,0,16000,0,0,0,0,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,15941000,1000,15956000,5000,0,19000,1000,1000",40,1129.2,2944,1252.1,1567845.6,4.0,"1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9","0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0","7.874306679,5.500818253,4.652828693,7.888679028,7.939795017,4.981687069,7.939328194,4.931686878,4.931686878,7.934259415,7.938295841,4.981687069,4.931687355,4.931687355,4.981687069,7.885500431,5.513399124,4.565871716,7.865909100,7.927158833,4.881687164,7.936643124,4.881687164,7.934941769,7.882087708,5.613399506,4.522394180,7.860544682,7.936390877,4.881687641,7.928893089,4.912815094",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,27,30310,12205,101176,2,1,1,0,1,0,2,3,0,2,0,10,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,27,30310,12205,101176,2,1,1,0,1,0,2,3,0,2,0,10,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls-esni-fuzzed.pcap.out b/test/results/flow-analyse/default/tls-esni-fuzzed.pcap.out index e94e293c6..b840289b0 100644 --- a/test/results/flow-analyse/default/tls-esni-fuzzed.pcap.out +++ b/test/results/flow-analyse/default/tls-esni-fuzzed.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,16402,2148,0,3,0,3,0,0,0,3,0,0,1,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0 +0,15,17883,2148,0,3,0,3,0,0,0,3,0,0,3,0,3,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,9,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls-rdn-extract.pcap.out b/test/results/flow-analyse/default/tls-rdn-extract.pcap.out index 0a9f40bbf..c30a97931 100644 --- a/test/results/flow-analyse/default/tls-rdn-extract.pcap.out +++ b/test/results/flow-analyse/default/tls-rdn-extract.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,21621,127,6754,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,3,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,21498,127,6754,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,3,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_1.2_unidirectional_client.pcapng.out b/test/results/flow-analyse/default/tls_1.2_unidirectional_client.pcapng.out index c6d2bf03c..4c03ea9a6 100644 --- a/test/results/flow-analyse/default/tls_1.2_unidirectional_client.pcapng.out +++ b/test/results/flow-analyse/default/tls_1.2_unidirectional_client.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8885,1862,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,11,8844,1862,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_1.2_unidirectional_client_no_cert.pcapng.out b/test/results/flow-analyse/default/tls_1.2_unidirectional_client_no_cert.pcapng.out index 6ec9c4e8a..9a36d1762 100644 --- a/test/results/flow-analyse/default/tls_1.2_unidirectional_client_no_cert.pcapng.out +++ b/test/results/flow-analyse/default/tls_1.2_unidirectional_client_no_cert.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9407,989,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,11,9366,989,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_1.2_unidirectional_server.pcapng.out b/test/results/flow-analyse/default/tls_1.2_unidirectional_server.pcapng.out index bbbebb6e8..51cc2cd8d 100644 --- a/test/results/flow-analyse/default/tls_1.2_unidirectional_server.pcapng.out +++ b/test/results/flow-analyse/default/tls_1.2_unidirectional_server.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,16141,6022,0,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,12,16090,6022,0,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_1.2_unidirectional_server_no_cert.pcapng.out b/test/results/flow-analyse/default/tls_1.2_unidirectional_server_no_cert.pcapng.out index 99b586cbf..130fcd077 100644 --- a/test/results/flow-analyse/default/tls_1.2_unidirectional_server_no_cert.pcapng.out +++ b/test/results/flow-analyse/default/tls_1.2_unidirectional_server_no_cert.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8713,1426,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,11,8704,1426,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_1.3_unidirectional_client.pcapng.out b/test/results/flow-analyse/default/tls_1.3_unidirectional_client.pcapng.out index 57551703c..38319517e 100644 --- a/test/results/flow-analyse/default/tls_1.3_unidirectional_client.pcapng.out +++ b/test/results/flow-analyse/default/tls_1.3_unidirectional_client.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,9487,886,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,11,9446,886,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_1.3_unidirectional_server.pcapng.out b/test/results/flow-analyse/default/tls_1.3_unidirectional_server.pcapng.out index 771cd1d47..f27f5b7be 100644 --- a/test/results/flow-analyse/default/tls_1.3_unidirectional_server.pcapng.out +++ b/test/results/flow-analyse/default/tls_1.3_unidirectional_server.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8725,1073,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,11,8716,1073,0,1,1,0,0,0,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_2_reasms.pcapng.out b/test/results/flow-analyse/default/tls_2_reasms.pcapng.out index 35fddcdf5..d27097838 100644 --- a/test/results/flow-analyse/default/tls_2_reasms.pcapng.out +++ b/test/results/flow-analyse/default/tls_2_reasms.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,12353,3685,2290,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,12271,3685,2290,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_2_reasms_b.pcapng.out b/test/results/flow-analyse/default/tls_2_reasms_b.pcapng.out index 32113c526..ddbc5398d 100644 --- a/test/results/flow-analyse/default/tls_2_reasms_b.pcapng.out +++ b/test/results/flow-analyse/default/tls_2_reasms_b.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,12370,10270,2179,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,12288,10270,2179,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_alert.pcap.out b/test/results/flow-analyse/default/tls_alert.pcap.out index 26865385a..3f39e788b 100644 --- a/test/results/flow-analyse/default/tls_alert.pcap.out +++ b/test/results/flow-analyse/default/tls_alert.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,16706,354,7,2,2,0,0,0,0,2,1,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,16624,354,7,2,2,0,0,0,0,2,1,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out b/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out index a007b0bba..0f20d61d9 100644 --- a/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out +++ b/test/results/flow-analyse/default/tls_certificate_too_long.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.121,52.98.163.18,tcp,53429,443,finished,7,25,1626168078673569,1626168078741395,1626168078741532,0,0,1448,1318,6192,5635,1,0,4380.3,66556,14076.5,198149200.0,1.7,"0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1",40,409.6,1488,443.8,196953.1,4.3,"1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1","7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788",TLS,91,1,Safe,Web,6,DPI,"" 1,ip4,192.168.1.121,52.98.163.18,tcp,53428,443,finished,12,20,1626168078673880,1626168078802752,1626168078815501,0,0,1448,1312,8443,4308,1,1,8725.6,48024,14356.9,206121952.0,3.3,"1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955",40,439.2,1488,490.6,240677.5,4.2,"1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0","4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1","7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,252,256228,37396,58312,35,11,24,0,2,1,33,26,1,14,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,22,19,14,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,10,15,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,7,10,2,0,0,0,0,34,1,0,16,17,0,2,35,33,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,2,0,0,5,0,0,0,0,0,0,0,2,0,0 +0,252,255572,37396,58312,35,11,24,0,2,1,33,26,1,14,0,116,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,22,19,14,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,10,15,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,7,10,2,0,0,0,0,34,1,0,16,17,0,2,35,33,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,2,0,0,5,0,0,0,0,0,0,0,2,0,0 diff --git a/test/results/flow-analyse/default/tls_change_cipher.pcap.out b/test/results/flow-analyse/default/tls_change_cipher.pcap.out index 45017126d..3ac8cc14f 100644 --- a/test/results/flow-analyse/default/tls_change_cipher.pcap.out +++ b/test/results/flow-analyse/default/tls_change_cipher.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,31,29786,0,0,0,0,0,0,0,0,0,0,0,0,14,0,1,0,1,1,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,31,29786,0,0,0,0,0,0,0,0,0,0,0,0,14,0,1,0,1,1,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_cipher_lens.pcap.out b/test/results/flow-analyse/default/tls_cipher_lens.pcap.out index 510323da0..a77f7c859 100644 --- a/test/results/flow-analyse/default/tls_cipher_lens.pcap.out +++ b/test/results/flow-analyse/default/tls_cipher_lens.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,23,22068,895,0,5,0,5,0,0,0,5,0,0,5,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,23,21959,895,0,5,0,5,0,0,0,5,0,0,5,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/flow-analyse/default/tls_client_certificate_with_missing_server_one.pcapng.out index 166df9768..366b26544 100644 --- a/test/results/flow-analyse/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/flow-analyse/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,20346,2997,1383,2,0,2,0,0,0,2,1,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,5,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,20223,2997,1383,2,0,2,0,0,0,2,1,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,5,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_ech.pcapng.out b/test/results/flow-analyse/default/tls_ech.pcapng.out index 5a697c535..f97a34ed2 100644 --- a/test/results/flow-analyse/default/tls_ech.pcapng.out +++ b/test/results/flow-analyse/default/tls_ech.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10634,648,2702,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10552,648,2702,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_esni_sni_both.pcap.out b/test/results/flow-analyse/default/tls_esni_sni_both.pcap.out index d7147a7cf..58cf2643d 100644 --- a/test/results/flow-analyse/default/tls_esni_sni_both.pcap.out +++ b/test/results/flow-analyse/default/tls_esni_sni_both.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,19920,1691,12084,2,2,0,0,0,0,2,2,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,4,4,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,19756,1691,12084,2,2,0,0,0,0,2,2,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,4,4,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_false_positives.pcapng.out b/test/results/flow-analyse/default/tls_false_positives.pcapng.out index 9744aefd4..0c6588ac3 100644 --- a/test/results/flow-analyse/default/tls_false_positives.pcapng.out +++ b/test/results/flow-analyse/default/tls_false_positives.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,10165,33806,1875,1,0,1,0,0,0,0,0,1,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,10165,33806,1875,1,0,1,0,0,0,0,0,1,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/flow-analyse/default/tls_heur__shadowsocks-tcp.pcapng.out index 2d414d18e..ac77b102e 100644 --- a/test/results/flow-analyse/default/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/flow-analyse/default/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip6,2001:b07:a3d:c112:8628:88aa:8b00:913c,2a00:1450:4002:416::200e,tcp,45334,443,info,15,17,1725100298310198,1725100298432355,1725100298432652,0,0,517,4876,821,22039,0,0,7890.7,49565,13540.2,183336016.0,3.3,"3409,3461,254,3875,24459,28067,229,0,209,14,2973,7544,5275,6462,46393,49565,1,0,8985,52,29,430,0,0,0,285,43,26100,26117,380,0",72,786.9,4948,1186.2,1407143.5,3.9,"80,80,72,589,72,1280,72,4904,631,72,72,345,720,103,103,72,1280,293,1280,72,72,72,1280,1280,1280,4948,72,72,1280,72,1280,1280","13,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,1,0,0,1,0,1,1","4.755182266,5.261822701,5.153629780,4.806141853,5.165501118,7.786862373,5.164113998,7.965732574,7.625080109,5.164113998,5.164113998,7.146784306,7.713749886,5.760443687,5.767366886,5.125851631,7.825596809,7.149698257,7.853908539,5.153629303,5.153629303,5.153629303,7.834226608,7.855994701,7.841277122,7.962058067,5.125851631,5.153629780,7.850774765,5.153629303,7.848540783,7.840482712",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,33414,2832,70769,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,38,33332,2832,70769,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/flow-analyse/default/tls_heur__trojan-tcp-tls.pcapng.out index 57909d3c8..0c4d7d30b 100644 --- a/test/results/flow-analyse/default/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/flow-analyse/default/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,192.168.1.183,142.250.180.142,tcp,58730,443,info,17,15,1725367999286453,1725367999398999,1725367999398966,0,0,517,1400,821,12908,0,22,7260.0,70369,15439.7,238384560.0,3.0,"2680,2720,332,2729,17168,19575,50,34,34,27,27,25,25,22,8415,468,11244,2981,2278,5685,46101,70369,31667,78,33,33,33,33,80,80,33",52,481.5,1452,599.8,359742.8,3.9,"60,60,52,569,52,1452,52,1452,52,1452,52,1452,52,1053,52,132,245,700,83,83,52,52,1452,52,80,52,1452,52,1452,52,1452,52","14,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0","4.560013294,5.154205322,4.948144436,4.755980968,4.948144436,7.827642918,4.832759857,7.843367100,4.871221066,7.869987488,4.818243027,7.874095440,4.832759380,7.816403389,4.818242550,6.232886791,6.951427460,7.683448792,5.618761063,5.537375927,4.909682751,4.909683228,7.868943691,4.909682751,5.617374897,4.909682751,7.869823933,4.909682751,7.884392262,4.909682751,7.861354828,4.830034733",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,75,67452,3321,29989,10,0,10,0,1,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 +0,75,67288,3321,29989,10,0,10,0,1,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/flow-analyse/default/tls_heur__vmess-tcp-tls.pcapng.out index f7e37d1fe..983031a1d 100644 --- a/test/results/flow-analyse/default/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/flow-analyse/default/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,74,64827,3385,37346,10,0,10,0,0,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,8,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 +0,74,64663,3385,37346,10,0,10,0,0,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,8,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_heur__vmess-tcp.pcapng.out b/test/results/flow-analyse/default/tls_heur__vmess-tcp.pcapng.out index 3dfb4cc20..da67f2db8 100644 --- a/test/results/flow-analyse/default/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/flow-analyse/default/tls_heur__vmess-tcp.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip6,2001:b07:a3d:c112:8628:88aa:8b00:913c,2a00:1450:4006:80d::200e,tcp,48302,443,info,17,15,1725108604629032,1725108606811390,1725108606811354,0,0,517,2416,821,17178,0,0,140796.1,2053502,429032.8,184069177344.0,1.9,"1019825,1024027,2053502,9703,406,10463,14792,0,24842,18,170,0,116,29,3354,490,13422,1,9609,1757,11412,77711,1,0,87369,366,324,304,298,178,191",72,635.5,2488,846.4,716345.8,3.9,"80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72","13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,5","0,0,0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,1,1,0,1,0,1,0,1,0","4.850302696,4.800302982,4.850302696,5.367949963,5.219669819,4.818557739,5.209185123,7.915221691,7.834231853,5.219669819,5.247447491,7.848894119,7.900642872,5.219669819,5.219669819,6.392518997,6.617354393,7.706577778,5.915785313,6.435108185,5.884278774,5.236962795,7.850246906,7.152086258,7.852072716,5.247447491,7.906479836,5.247447491,7.917565346,5.247447491,7.928373814,5.247447491",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,32769,2990,59245,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,38,32687,2990,59245,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_heur__vmess-websocket.pcapng.out b/test/results/flow-analyse/default/tls_heur__vmess-websocket.pcapng.out index 69e32780c..d62b8d0e5 100644 --- a/test/results/flow-analyse/default/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/flow-analyse/default/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -113,ip4,127.0.0.1,127.0.0.1,tcp,33702,1234,finished,17,15,1725278711300968,1725278711469124,1725278711469141,0,0,699,2052,1330,18274,0,13,10849.3,81912,22504.7,506460032.0,2.8,"13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23",52,665.1,2104,842.7,710078.0,3.9,"60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531","13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701",HTTP,7,0,Acceptable,Web,6,DPI,"5,12" +113,ip4,127.0.0.1,127.0.0.1,tcp,33702,1234,finished,17,15,1725278711300968,1725278711469124,1725278711469141,0,0,699,2052,1330,18274,0,13,10849.3,81912,22504.7,506460032.0,2.8,"13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23",52,665.1,2104,842.7,710078.0,3.9,"60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531","13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701",HTTP.WebSocket,7.251,0,Acceptable,Web,6,DPI,"5,12" 113,ip4,127.0.0.1,127.0.0.1,tcp,44532,1080,finished,19,13,1725278711295335,1725278711469489,1725278711469627,0,0,517,3932,835,18380,0,13,11240.2,82049,21975.3,482912224.0,3.1,"92,113,78,106,382,425,4533,4672,44031,9418,77646,24339,284,267,4160,279,19,13,40,4612,3350,3674,624,41294,82049,41160,126,151,203,160,146",52,653.0,3984,1237.6,1531706.8,3.3,"60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901","13,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1","4.311033249,4.747500420,4.638530731,4.549884796,4.638531208,4.628801823,4.600069046,4.733144760,4.497382641,4.600069046,4.669951916,7.947538853,4.676992416,7.920604706,4.600069046,6.167953491,5.851360321,5.834712982,5.660713673,6.112284660,4.676992416,7.680773735,5.506919861,5.521921158,4.676992416,7.956730843,4.561607838,7.954389572,4.561607361,7.916389942,4.561607838,7.802294254",SOCKS,172,0,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,34444,3074,59242,4,0,4,0,2,0,4,2,0,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,2,2,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0,3,1,0,0,4,4,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,38,34404,3074,59242,4,0,4,0,2,0,4,2,0,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,2,2,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0,3,1,0,0,4,4,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_invalid_reads.pcap.out b/test/results/flow-analyse/default/tls_invalid_reads.pcap.out index f03bacc61..18083411b 100644 --- a/test/results/flow-analyse/default/tls_invalid_reads.pcap.out +++ b/test/results/flow-analyse/default/tls_invalid_reads.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,17219,112,1329,2,0,2,0,0,1,1,1,0,1,3,6,1,0,1,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,17407,112,1329,2,0,2,0,0,1,1,1,0,1,3,6,1,0,1,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_long_cert.pcap.out b/test/results/flow-analyse/default/tls_long_cert.pcap.out index 06a86250b..0a5a08559 100644 --- a/test/results/flow-analyse/default/tls_long_cert.pcap.out +++ b/test/results/flow-analyse/default/tls_long_cert.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.126,104.111.215.93,tcp,60174,443,info,16,16,1553619078033240,1553619078157096,1553619078157742,0,0,836,1448,1610,13760,0,1,8011.5,34221,11402.3,130012760.0,3.6,"25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1",52,532.9,1500,584.9,342142.3,4.1,"64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500","11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1","4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,15293,2858,102711,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,15170,2858,102711,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_malicious_sha1.pcapng.out b/test/results/flow-analyse/default/tls_malicious_sha1.pcapng.out index 29e15eed0..c0cb52172 100644 --- a/test/results/flow-analyse/default/tls_malicious_sha1.pcapng.out +++ b/test/results/flow-analyse/default/tls_malicious_sha1.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,11657,534,4762,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,11534,534,4762,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_missing_ch_frag.pcap.out b/test/results/flow-analyse/default/tls_missing_ch_frag.pcap.out index 16be0787a..0ba19bad4 100644 --- a/test/results/flow-analyse/default/tls_missing_ch_frag.pcap.out +++ b/test/results/flow-analyse/default/tls_missing_ch_frag.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,15084,6121,3029,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,15075,6121,3029,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out index 9d14f664c..68b20b305 100644 --- a/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/flow-analyse/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12768,5427,517,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,12645,5427,517,1,0,1,0,0,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_port_80.pcapng.out b/test/results/flow-analyse/default/tls_port_80.pcapng.out index 48870b86f..ca13a0ea3 100644 --- a/test/results/flow-analyse/default/tls_port_80.pcapng.out +++ b/test/results/flow-analyse/default/tls_port_80.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10328,245,1360,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10246,245,1360,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,3,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_torrent.pcapng.out b/test/results/flow-analyse/default/tls_torrent.pcapng.out index 2fdad95e3..8b4c38003 100644 --- a/test/results/flow-analyse/default/tls_torrent.pcapng.out +++ b/test/results/flow-analyse/default/tls_torrent.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,15643,5574,332,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,15520,5574,332,1,0,1,0,0,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_unidirectional.pcap.out b/test/results/flow-analyse/default/tls_unidirectional.pcap.out index 4416d5a05..26e42a51b 100644 --- a/test/results/flow-analyse/default/tls_unidirectional.pcap.out +++ b/test/results/flow-analyse/default/tls_unidirectional.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7708,2,0,1,1,0,0,0,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7708,2,0,1,1,0,0,0,1,0,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/default/tls_verylong_certificate.pcap.out index 99ddfd378..fe3caa772 100644 --- a/test/results/flow-analyse/default/tls_verylong_certificate.pcap.out +++ b/test/results/flow-analyse/default/tls_verylong_certificate.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,16602,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,16479,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tls_with_huge_ch.pcapng.out b/test/results/flow-analyse/default/tls_with_huge_ch.pcapng.out index b056ad03b..335f9f148 100644 --- a/test/results/flow-analyse/default/tls_with_huge_ch.pcapng.out +++ b/test/results/flow-analyse/default/tls_with_huge_ch.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,172.30.84.193,208.253.217.142,tcp,40640,443,info,17,15,1722705809121409,1722705812759372,1722705812898719,0,0,1024,0,11423,0,0,15,239202.4,2012351,473245.9,223961677824.0,3.0,"1026710,1168280,1014023,2012351,2192,420,20309,996657,23024,142064,364,141901,250,227258,1480,197,261,228178,1493,260,259,202424,192,1415,182,144,201161,608,1037,164,15",52,410.5,1076,482.4,232750.2,4.0,"60,60,60,60,60,52,52,1076,60,52,1076,1076,52,52,1076,1076,1076,1076,52,52,52,52,1076,1076,1076,1076,211,52,52,52,52,52","5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,1","4.825882912,4.792549610,5.346035480,5.379368782,4.792549610,5.118428230,5.118428230,2.408794641,5.379368782,5.195351601,0.482256204,0.482256204,5.079966545,5.195351124,0.481554657,0.481554657,0.485973686,0.484114915,5.195351601,5.156889915,5.156889915,5.065449238,0.481554657,0.481554627,0.478994340,0.480853081,1.871818542,5.118428230,5.079966545,5.118428230,5.118428230,5.156889915",TLS,91,1,Safe,Web,6,DPI,"24,52,56" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,11501,38922,51750,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1 +0,12,11460,38922,51750,1,0,1,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1 diff --git a/test/results/flow-analyse/default/toca-boca.pcap.out b/test/results/flow-analyse/default/toca-boca.pcap.out index 67a584906..23026c7f6 100644 --- a/test/results/flow-analyse/default/toca-boca.pcap.out +++ b/test/results/flow-analyse/default/toca-boca.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,118,100560,8377,3960,21,0,21,5,0,4,17,0,0,0,0,37,1,0,1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,17,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,21,0,0,21,17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,118,100560,8377,3960,21,0,21,5,0,4,17,0,0,0,0,37,1,0,1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,17,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,21,0,0,21,17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tor.pcap.out b/test/results/flow-analyse/default/tor.pcap.out index 8c867fcff..7ec0645fa 100644 --- a/test/results/flow-analyse/default/tor.pcap.out +++ b/test/results/flow-analyse/default/tor.pcap.out @@ -5,4 +5,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.252,91.143.93.242,tcp,51175,443,info,14,18,1383822129897135,1383822132138706,1383822132203451,0,0,586,1460,4523,5299,0,146,146706.0,990883,220400.9,48576569344.0,3.9,"64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902",40,348.2,1500,347.1,120448.8,4.3,"52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40","4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1","4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788",TLS.Tor,91.163,1,Potentially Dangerous,VPN,6,DPI,"7,16,22" 1,ip4,192.168.1.252,212.83.155.250,tcp,51174,443,info,16,16,1383822129889928,1383822265160118,1383822265159585,0,0,586,1460,2761,5864,0,319,8727092.0,72890007,22568808.0,509351076823040.0,2.1,"59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034",40,312.0,1500,345.9,119666.8,4.2,"52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46","9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0","4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610",TLS,91,1,Safe,Web,6,DPI,"7" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,166,118817,42783,74483,11,6,5,6,5,1,10,7,0,8,32,47,1,0,1,2,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,3,8,4,2,0,0,3,0,1,0,0,0,0,3,0,0,4,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,4,0,17,0,0,0,0,10,1,0,8,3,0,0,11,10,1,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,6,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,166,117886,42783,74483,11,6,5,6,5,1,10,7,0,7,32,47,1,0,1,2,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,3,8,4,2,0,0,3,0,1,0,0,0,0,3,0,0,4,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,0,17,0,0,0,0,10,1,0,8,3,0,0,11,10,1,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tplink_shp.pcap.out b/test/results/flow-analyse/default/tplink_shp.pcap.out index df71affac..ab8aa6cf9 100644 --- a/test/results/flow-analyse/default/tplink_shp.pcap.out +++ b/test/results/flow-analyse/default/tplink_shp.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.242.40,255.255.255.255,udp,9999,9999,finished,32,0,1671480252766159,1671482113211224,1671480252766159,29,0,29,0,928,0,0,58157868,60014356.0,62682126,761550.5,579959128064.0,5.0,"60006889,59992234,59988113,60055878,62042393,58480216,59528957,59979179,60022444,59995841,60040145,60020835,60008844,60011011,60032284,59945925,60060707,59962350,60043922,60010468,60018299,62682126,59182323,58157868,60047220,60012353,60002512,60045750,59979486,60038815,60049678",57,57.0,57,0.0,0.0,5.0,"57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57","32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556",TPLINK_SHP,332,0,Acceptable,IoT-Scada,6,DPI,"" 1,ip4,192.168.242.99,255.255.255.255,udp,9999,9999,finished,32,0,1671480255663786,1671482115665844,1671480255663786,29,0,29,0,928,0,0,59882007,60000068.0,60106251,33292.3,1108378624.0,5.0,"59993154,60020440,59990979,59994518,60003706,60005058,59991379,60018870,59983291,60003671,59994527,59997085,60003675,59991507,60013334,59999380,60003136,59995803,59988169,60000198,60004205,60003135,60004033,59996922,60008027,60106251,59882007,60006816,59993721,60005230,59999831",57,57.0,57,0.0,0.0,5.0,"57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57","32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.159829617,5.194917202,5.194917202,5.194917679,5.159829617,5.194917679,5.194917679,5.194917679,5.194917679,5.091405869,5.159829140,5.159829140,5.194917202,5.194917679,5.194917679,5.194917679,5.146585464,5.124742031,5.159829140,5.159829617,5.159829617,5.146585464,5.194917679,5.194917202,5.194917679,5.159829617,5.194917202,5.194917202,5.124741554,5.159829617,5.194917679,5.194917202",TPLINK_SHP,332,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,314,296386,7279,0,8,0,8,241,3,0,8,0,0,0,0,40,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,314,296386,7279,0,8,0,8,241,3,0,8,0,0,0,0,40,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/trdp.pcapng.out b/test/results/flow-analyse/default/trdp.pcapng.out index efe577871..75ad0cd76 100644 --- a/test/results/flow-analyse/default/trdp.pcapng.out +++ b/test/results/flow-analyse/default/trdp.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,16039,392,272,3,1,2,0,0,0,3,0,0,0,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,16039,392,272,3,1,2,0,0,0,3,0,0,0,0,9,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/trickbot.pcap.out b/test/results/flow-analyse/default/trickbot.pcap.out index 5175fabb8..d8981379f 100644 --- a/test/results/flow-analyse/default/trickbot.pcap.out +++ b/test/results/flow-analyse/default/trickbot.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.12.29.101,82.118.225.196,tcp,61318,7080,finished,9,23,1609266107551500,1609266109737227,1609266110219915,0,0,928,1460,1277,27187,0,6,156585.2,931328,258444.3,66793451520.0,3.3,"245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14",40,930.0,1500,662.5,438885.5,4.5,"52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194","7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0","0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1","4.776611805,4.925117970,4.762815475,5.824206829,6.033888340,4.784183979,4.834183693,7.786707878,4.931687355,7.831421852,4.931687355,7.870709896,7.856476307,4.931687355,7.869441509,7.864507675,7.865448475,7.873723507,7.871662140,7.892165661,7.878643513,7.860257149,7.887190342,7.870031357,7.873756886,7.255901337,4.931687355,7.870108604,4.931687355,7.875472546,7.873021603,7.864452362",HTTP,7,0,Acceptable,Web,6,DPI,"5,12,25" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,14660,1277,56713,1,1,0,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,13,14660,1277,56713,1,1,0,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tumblr.pcap.out b/test/results/flow-analyse/default/tumblr.pcap.out index 8e730b199..8b360bd48 100644 --- a/test/results/flow-analyse/default/tumblr.pcap.out +++ b/test/results/flow-analyse/default/tumblr.pcap.out @@ -9,4 +9,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:809::200e,tcp,49548,443,info,16,16,1605292122064463,1605292122281616,1605292122282509,0,0,517,1208,962,9011,0,0,14038.7,83018,20606.9,424642560.0,3.6,"30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942",72,384.2,1280,474.8,225406.5,4.1,"80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1","4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::6006:749,tcp,39152,443,info,17,15,1605292105418417,1605292122813676,1605292122725006,0,0,764,1279,4217,4676,0,98,1119414.5,16588707,4059258.8,16477581213696.0,1.4,"29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822",72,350.4,1351,367.9,135349.6,4.3,"80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656","9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","4.797575951,5.229953289,5.190349579,7.030211926,4.972520828,6.811050892,5.091930866,6.334684849,7.516590118,5.055853844,5.055853844,7.313119888,5.190349579,7.806543827,5.218127251,7.745193005,5.000298500,7.694315910,5.134794235,7.706961155,5.028076172,7.266840458,5.190349579,7.564545631,4.972520828,7.854704857,5.162571907,7.655811310,5.000298500,7.622268677,5.134794235,7.624323368",TLS.ADS_Analytic_Track,91.107,1,Tracker\/Ads,Advertisement,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,329,285140,19532,275102,47,1,46,0,9,28,19,25,0,8,0,151,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,10,13,2,2,0,0,2,0,0,0,0,0,0,0,0,15,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,8,0,0,0,0,0,0,0,47,0,47,0,0,0,47,19,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0 +0,329,284361,19532,275102,47,1,46,0,9,28,19,25,0,8,0,151,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,10,13,2,2,0,0,2,0,0,0,0,0,0,0,0,15,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,8,0,0,0,0,0,0,0,47,0,47,0,0,0,47,19,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tunnelbear.pcap.out b/test/results/flow-analyse/default/tunnelbear.pcap.out index 3724bfe25..253032ced 100644 --- a/test/results/flow-analyse/default/tunnelbear.pcap.out +++ b/test/results/flow-analyse/default/tunnelbear.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.8.0.1,104.17.115.40,tcp,45126,443,info,16,16,1655734525218267,1655734525773780,1655734525773395,0,0,536,749,2295,1194,0,128,35827.1,233720,54909.0,3015001088.0,3.6,"3428,3938,2003,2864,57273,107978,750,51373,305,140,145,128,138,133,50874,51892,1049,50443,50842,196795,233720,37672,51488,50853,51099,141,51026,454,234,444,1019",40,149.7,789,198.3,39337.4,4.1,"60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40","9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0","4.472595215,4.630641460,4.634183884,6.061924934,4.530641556,6.057179928,4.684184074,5.430868149,4.530642033,7.374313831,4.580641747,7.639074802,4.530642033,7.179740906,4.461769581,5.884557247,7.359737873,4.580641747,5.284663200,4.580641747,7.730541706,4.684184074,6.845517159,4.684184074,5.293632984,4.565311909,5.134845257,4.480641842,4.465312481,4.430641651,4.480641842,4.471928596",TLS.TunnelBear,91.299,1,Acceptable,VPN,6,DPI,"" 1,ip4,10.8.0.1,104.17.114.40,tcp,33830,443,info,15,17,1655734776460292,1655734776909928,1655734777250607,0,0,536,2900,3230,3163,0,25,39998.4,340372,83812.5,7024526848.0,3.0,"4054,5298,2009,3384,237730,240091,25,2380,9328,9409,226,61,1426,1484,112,59,79,69,100518,152574,52262,7046,20588,16017,10024,8002,820,1293,7036,6175,340372",40,240.4,2940,516.4,266681.9,3.5,"60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940","3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1","4.460013390,4.480641842,4.515312195,6.108502865,4.580641747,6.049703121,4.634183884,5.378616810,4.580641747,5.520286560,4.580641747,5.850438595,4.530641556,7.632115364,4.530641556,7.628461361,4.580641747,6.826807022,4.530641556,5.918608665,5.310303688,4.580641747,5.303310871,7.209881783,4.580641747,7.572566509,4.580641747,6.476149559,4.580641747,7.298981190,4.530641556,7.923994541",TLS.TunnelBear,91.299,1,Acceptable,VPN,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,201,179569,31759,62430,22,13,9,0,3,1,21,19,0,4,0,110,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,4,1,18,0,0,0,2,0,0,0,0,0,16,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,8,2,0,0,0,0,0,22,0,0,21,1,0,0,22,21,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,201,177984,31759,62430,22,13,9,0,3,1,21,19,0,4,0,110,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,4,1,18,0,0,0,2,0,0,0,0,0,16,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,8,2,0,0,0,0,0,22,0,0,21,1,0,0,22,21,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/tuya_lp.pcap.out b/test/results/flow-analyse/default/tuya_lp.pcap.out index 9c7666237..f0d1d02d3 100644 --- a/test/results/flow-analyse/default/tuya_lp.pcap.out +++ b/test/results/flow-analyse/default/tuya_lp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,107,88715,17832,0,13,0,13,0,0,0,13,0,0,0,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,13,0,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,107,88715,17832,0,13,0,13,0,0,0,13,0,0,0,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,13,0,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ubntac2.pcap.out b/test/results/flow-analyse/default/ubntac2.pcap.out index a9aa633f9..56b3485d4 100644 --- a/test/results/flow-analyse/default/ubntac2.pcap.out +++ b/test/results/flow-analyse/default/ubntac2.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,37,32513,1400,0,8,0,8,2,0,0,8,0,0,0,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,37,32513,1400,0,8,0,8,2,0,0,8,0,0,0,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/uftp_v4_v5.pcap.out b/test/results/flow-analyse/default/uftp_v4_v5.pcap.out index fd36969f3..0763f7b6d 100644 --- a/test/results/flow-analyse/default/uftp_v4_v5.pcap.out +++ b/test/results/flow-analyse/default/uftp_v4_v5.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,10.0.0.1,230.5.5.56,udp,37173,1044,finished,32,0,1470520360229659,1470520360591846,1470520360229659,24,0,1324,0,39804,0,0,2611,11683.5,34161,5575.8,31089772.0,4.8,"30115,34161,2611,10180,10550,10594,10828,10246,10558,10557,10556,10583,10563,10535,10559,10563,10563,10560,10561,10563,10560,10566,10563,10559,10562,10561,10562,10568,10569,10551,10560",52,1271.9,1352,310.4,96320.5,4.9,"52,88,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.032077789,4.387442589,6.264836311,6.324838638,6.289998055,6.323163033,6.229429245,6.406879425,6.267192841,6.205362320,6.298496723,6.241475582,6.138225555,6.329536438,6.287923336,6.323319435,6.333083630,6.235994816,6.309918404,6.324777603,6.341393471,6.331569195,6.304657459,6.334339142,6.321240425,6.300824165,6.315955162,6.324560642,6.260947227,6.319898605,6.235000610,6.290291309",UFTP,373,1,Acceptable,Download,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,29,27579,285420,0,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,29,27579,285420,0,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/ultrasurf.pcap.out b/test/results/flow-analyse/default/ultrasurf.pcap.out index 7e7071b9b..f2280ada1 100644 --- a/test/results/flow-analyse/default/ultrasurf.pcap.out +++ b/test/results/flow-analyse/default/ultrasurf.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.132.0.23,65.49.68.25,tcp,38120,50053,info,15,17,1656652778161151,1656652779042511,1656652779222772,0,0,1348,1288,5006,4491,0,2,62676.8,270784,99488.0,9897854976.0,3.4,"211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4",52,349.3,1400,449.6,202163.0,4.0,"60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113","7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0","4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1","4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336",TLS,91,1,Safe,Web,6,DPI,"5,24,52" 1,ip4,10.132.0.23,65.49.68.25,tcp,38152,50053,info,16,16,1656652831434184,1656652832235258,1656652832454997,0,0,1348,1288,4808,5851,0,2,58770.5,269120,100848.2,10170350592.0,3.1,"209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3",52,385.6,1400,479.7,230117.0,4.1,"60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340","7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195",TLS,91,1,Safe,Web,6,DPI,"5,24,52" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,32,47190,139720,62485,3,0,3,0,3,0,3,2,0,2,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,2,1,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,8,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0 +0,32,47026,139720,62485,3,0,3,0,3,0,3,2,0,2,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,2,1,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,8,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0 diff --git a/test/results/flow-analyse/default/umas.pcap.out b/test/results/flow-analyse/default/umas.pcap.out index 36b0730fe..4f794884d 100644 --- a/test/results/flow-analyse/default/umas.pcap.out +++ b/test/results/flow-analyse/default/umas.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.63.100,192.168.63.253,tcp,7718,502,finished,16,16,1427906557268207,1427906557351115,1427906557356975,0,0,261,261,681,1681,0,804,5537.9,7349,1780.8,3171216.5,4.9,"940,1019,804,1787,4681,6040,6956,6823,7337,7349,5705,5982,6152,6208,5897,5633,6112,6363,7173,6903,5759,5817,5975,5922,6032,6032,6059,6067,5931,5946,6272",40,114.8,301,89.3,7972.7,4.6,"52,50,40,50,50,96,51,63,300,300,51,97,51,159,50,116,51,63,301,301,50,116,50,116,59,153,59,209,59,153,59,299","14,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,2,3,3,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.246296406,4.708757401,4.521928310,4.311788559,4.583464622,4.516215324,4.273243427,4.058829784,1.425814629,1.414997816,4.327260494,4.809130192,4.337956429,2.794489384,4.322699070,3.938342094,4.248828888,4.110339642,7.800658226,7.811439037,4.362698555,3.921101093,4.362698555,3.944849730,4.149783134,3.941774607,4.248089790,3.106703520,4.183681011,2.442554474,4.214191437,2.672472954",Modbus.UMAS,44.364,0,Acceptable,IoT-Scada,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,9936,1788,16862,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,9936,1788,16862,1,1,0,0,1,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/upnp.pcap.out b/test/results/flow-analyse/default/upnp.pcap.out index 0e659953b..2a1b8243d 100644 --- a/test/results/flow-analyse/default/upnp.pcap.out +++ b/test/results/flow-analyse/default/upnp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,19,21843,9184,0,2,0,2,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,19,21843,9184,0,2,0,2,0,0,0,2,0,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/viber.pcap.out b/test/results/flow-analyse/default/viber.pcap.out index 55a0a6c6e..51a6b54da 100644 --- a/test/results/flow-analyse/default/viber.pcap.out +++ b/test/results/flow-analyse/default/viber.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.0.17,18.201.4.32,udp,47171,7985,finished,17,15,1527155670640484,1527155675775126,1527155675692683,20,0,257,76,2947,930,0,129,328607.8,525007,210300.8,44226416640.0,4.6,"129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810",48,149.2,285,100.4,10086.1,4.7,"285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285","6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215",Viber,144,1,Fun,VoIP,6,DPI,"" 1,ip4,192.168.0.17,18.201.4.3,udp,38190,7985,finished,19,13,1527155679411371,1527155683480847,1527155683453495,12,0,257,76,2479,778,0,49,261664.5,531417,244884.4,59968385024.0,4.1,"2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424",40,129.8,285,99.7,9932.1,4.6,"285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285","10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0","6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045",Viber,144,1,Fun,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,230,195991,26457,101364,30,6,24,4,4,4,26,18,0,2,0,107,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,22,4,9,12,0,0,1,0,0,0,0,0,0,0,0,5,0,0,0,2,7,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,1,2,0,0,0,0,0,29,1,0,13,15,1,1,30,26,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,230,195402,26457,101364,30,6,24,4,4,4,26,18,0,2,0,107,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,22,4,9,12,0,0,1,0,0,0,0,0,0,0,0,5,0,0,0,2,7,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,1,2,0,0,0,0,0,29,1,0,13,15,1,1,30,26,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/vivox.pcapng.out b/test/results/flow-analyse/default/vivox.pcapng.out new file mode 100644 index 000000000..8c73796a4 --- /dev/null +++ b/test/results/flow-analyse/default/vivox.pcapng.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,16,12594,464,0,2,0,2,0,0,0,2,0,0,1,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/vk.pcapng.out b/test/results/flow-analyse/default/vk.pcapng.out index 941badb39..28f3e9c5a 100644 --- a/test/results/flow-analyse/default/vk.pcapng.out +++ b/test/results/flow-analyse/default/vk.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.249,87.240.132.78,tcp,60436,443,info,32,0,1675334161630633,1675334162970119,1675334161630633,0,0,706,0,2285,0,1,9,43209.2,1009982,180973.6,32751437824.0,1.3,"1009982,14622,15333,1749,16345,26,12,11,29,15083,24,227705,48,13,11,2653,38,12801,28,1545,20,9,1508,1138,1634,11081,2465,1543,41,782,1207",52,125.3,758,191.1,36507.6,4.0,"638,758,52,596,501,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,64,64,64,64,64,52,52,52,52,52,52","28,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7.658514977,7.774987221,5.246409416,7.623703957,7.570796013,5.246409416,5.246409416,5.246409416,5.284871101,5.284871101,5.207947731,5.169486523,5.246409416,5.284871101,5.169486046,5.131024837,5.284871101,5.246409416,5.169486046,5.169486046,5.246409416,5.259624004,5.259624004,5.247828960,5.259624004,5.290874004,5.246409416,5.284871101,5.207947731,5.207947731,5.246409416,5.207948208",TLS,91,1,Safe,Web,6,DPI,"46" 1,ip4,192.168.1.249,87.240.129.140,tcp,40344,443,info,32,0,1675334160592919,1675334165285590,1675334160592919,0,0,965,0,6049,0,1,12,151376.5,2006629,451077.3,203470716928.0,2.1,"37,14329,22998,2006629,46,764,13490,98211,1614502,285,99,283,260,13216,1250,18419,1704,886,6878,22622,24,179811,40,14057,67447,12,24,579540,41,1048,13719",52,241.0,1017,249.5,62251.3,4.3,"247,332,52,52,240,776,565,52,52,385,563,339,564,1017,52,52,52,52,52,52,52,52,243,316,52,52,52,52,250,563,429,52","17,0,0,0,0,2,2,0,3,0,1,1,0,0,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7.151976109,7.356266499,5.207948208,5.169486523,6.965931416,7.731954098,7.617059708,5.131024837,5.207947731,7.360937595,7.613526821,7.349236012,7.610394001,7.787010193,5.092563152,5.131024837,5.061608315,5.056022644,5.131024837,5.092563152,5.131024361,5.131024361,7.143619061,7.305361271,5.116507530,5.131024361,5.169486046,5.131024361,7.176092148,7.631054878,7.485155582,5.116507530",TLS,91,1,Safe,Web,6,DPI,"46" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,84,75642,66779,0,10,0,10,0,2,0,10,6,0,10,0,43,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,2,6,0,4,0,0,0,0,0,0,0,0,0,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0 +0,84,75478,66779,0,10,0,10,0,2,0,10,6,0,10,0,43,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,2,6,0,4,0,0,0,0,0,0,0,0,0,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/vnc.pcap.out b/test/results/flow-analyse/default/vnc.pcap.out index d873cf203..54ea88875 100644 --- a/test/results/flow-analyse/default/vnc.pcap.out +++ b/test/results/flow-analyse/default/vnc.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,95.237.48.208,192.168.2.110,tcp,59791,6900,finished,17,15,1476111264364066,1476111265262808,1476111265262852,0,0,35,34,287,185,0,1,57984.8,545295,113391.3,12857594880.0,3.2,"524,38820,49897,50306,38760,37061,157832,7049,164493,745,37544,181,35,36356,3,37327,1189,1,198,747,2,747,516,199031,310273,46,50,545295,719,22308,59473",40,56.6,75,12.8,163.2,5.0,"52,52,46,52,52,48,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,40,63,40,70,68,72,46,46,67,40","12,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,1,1,1,0,0,0,1","4.631521702,4.863714218,4.609350204,4.985801697,5.140452385,4.993162155,4.757925987,4.730641365,5.272469521,4.609350204,5.640918255,5.577627659,5.864722729,5.438069820,4.565871716,5.780129910,4.730641365,5.837696075,5.730319500,4.671928406,5.671802044,5.704510212,4.621928692,5.604105949,4.671928406,5.568077564,5.579674721,5.540976048,4.522393703,4.478915215,5.614377499,4.671928406",VNC,89,0,Acceptable,RemoteAccess,6,DPI,"5,30" 1,ip4,95.237.48.208,192.168.2.110,tcp,51559,6900,finished,18,14,1476111286462067,1476111287358990,1476111287224950,0,0,35,34,287,185,0,2,53542.1,538844,125065.9,15641482240.0,3.0,"107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724",40,56.8,75,12.6,158.0,5.0,"52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67","13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0","4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998",VNC,89,0,Acceptable,RemoteAccess,6,DPI,"5,30" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,18944,81754,512,2,1,1,0,2,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,2,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,18944,81754,512,2,1,1,0,2,0,2,0,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,2,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/vrrp3.pcapng.out b/test/results/flow-analyse/default/vrrp3.pcapng.out index 43bb948dc..b851637db 100644 --- a/test/results/flow-analyse/default/vrrp3.pcapng.out +++ b/test/results/flow-analyse/default/vrrp3.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,15,11057,240,0,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,15,11057,240,0,2,0,2,0,0,0,2,0,0,0,0,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/vxlan.pcap.out b/test/results/flow-analyse/default/vxlan.pcap.out index 963ead903..4ccc0628a 100644 --- a/test/results/flow-analyse/default/vxlan.pcap.out +++ b/test/results/flow-analyse/default/vxlan.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.22.5,192.168.22.4,udp,36286,4789,finished,32,0,1639650442941597,1639650443255719,1639650442941597,74,0,1454,0,35959,0,0,10,10133.0,140558,31047.2,963930240.0,2.2,"10532,1402,105,10,11439,530,9521,113264,10571,140558,101,64,3057,190,558,175,1284,181,1316,3621,187,402,189,2282,184,313,186,833,189,694,184",102,1151.7,1482,546.6,298767.6,4.8,"110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482","0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.583852291,5.651705265,7.826985836,7.861832619,7.623077869,5.619890690,7.052967072,5.635924816,7.564305782,5.565874100,7.866837978,7.859116077,7.762131214,7.859333515,7.877618790,7.863654613,7.851696491,7.874659538,7.855105877,7.845957756,7.883800030,7.862126827,7.878228188,7.846958637,7.850887299,7.866386890,7.866912842,7.871983051,7.852091789,7.857552052,7.852843761,7.854843616",VXLAN,64,0,Acceptable,Network,6,DPI,"" 1,ip4,192.168.22.4,192.168.22.5,udp,40646,4789,finished,32,0,1639650442931548,1639650443264733,1639650442931548,74,0,392,0,3106,0,0,4,10747.9,150839,30032.6,901957440.0,2.5,"10329,305,11530,200,4,1301,10031,41817,81536,403,150839,3109,802,1504,1403,3811,602,2508,504,1003,903,802,707,803,710,2107,301,402,2307,401,201",102,125.1,420,68.2,4655.6,4.8,"110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102","0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.313875198,5.603603840,6.154091835,5.623211861,5.630611897,5.623211384,6.288531303,6.880884647,5.615810394,5.596202850,7.036987305,5.564387798,5.603603840,5.596202850,5.623211384,5.564388275,5.583995819,5.556987286,5.591396332,5.603603840,5.576594353,5.623211384,5.544780254,5.603603840,5.603603840,5.623211384,5.642818928,5.588801384,5.603603363,5.635418415,5.635418415,5.655025959",VXLAN,64,0,Acceptable,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,63,60884,79480,0,9,0,9,0,2,0,9,0,0,0,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,63,60884,79480,0,9,0,9,0,2,0,9,0,0,0,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/wa_video.pcap.out b/test/results/flow-analyse/default/wa_video.pcap.out index a68af66c5..885bc6b5d 100644 --- a/test/results/flow-analyse/default/wa_video.pcap.out +++ b/test/results/flow-analyse/default/wa_video.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.12,31.13.86.48,udp,53688,3478,finished,23,9,1561455769789452,1561455770782169,1561455770781798,6,0,472,472,8102,1614,0,95,64034.3,550126,135549.6,18373693440.0,3.1,"95,13142,1109,548212,794,550126,16210,117,20333,106,23568,573,14505,979,116,79305,29641,99,23164,167,19951,342,24390,3500,104447,150456,15882,197610,75380,2499,68245",30,331.6,500,205.8,42355.1,4.7,"154,154,72,72,154,500,72,500,500,500,500,500,500,34,500,500,30,500,500,500,500,500,500,500,154,72,48,500,48,500,500,48","3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0","6.493677139,6.519650936,5.235420704,5.263198376,6.488775253,7.446858406,5.290976048,7.477643013,7.460317135,7.514078140,7.471118450,7.444753170,7.528831959,4.569532394,7.478866100,7.484198570,4.453236580,7.470160961,7.456147671,7.450516224,7.440128803,7.495639801,7.433229923,7.431243420,6.496860504,5.263197899,3.812905788,7.345452785,3.812905550,7.413387775,7.430417538,4.208755493",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.2.12,91.252.56.51,udp,53688,32641,finished,26,6,1561455781352254,1561455783672290,1561455783683909,44,0,1118,182,15240,615,0,139,150054.5,1979427,383224.6,146861080576.0,2.7,"707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189",72,523.5,1146,432.0,186635.8,4.5,"72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210","0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1","5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,111,99764,264122,47653,14,0,14,0,3,1,13,13,0,7,0,50,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,10,0,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1,1,0,0,0,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,7,5,0,0,0,0,0,14,0,0,1,13,0,0,14,13,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0 +0,111,100429,264122,47653,14,0,14,0,3,1,13,13,0,7,0,50,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,10,0,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1,1,0,0,0,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,7,5,0,0,0,0,0,14,0,0,1,13,0,0,14,13,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/wa_voice.pcap.out b/test/results/flow-analyse/default/wa_voice.pcap.out index 439f9710b..7b23e65ef 100644 --- a/test/results/flow-analyse/default/wa_voice.pcap.out +++ b/test/results/flow-analyse/default/wa_voice.pcap.out @@ -5,4 +5,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.12,31.13.86.48,udp,56328,3478,finished,12,20,1561455706912375,1561455731523132,1561455731536124,6,0,126,278,792,1833,0,1,1588209.8,12196243,3050402.8,9304956469248.0,3.2,"61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546",30,110.0,306,87.2,7598.9,4.6,"154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72","6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1","6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" 1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",SRTP.WhatsAppCall,338.45,1,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,221,195237,34223,94669,28,2,26,4,5,0,27,22,1,7,0,103,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,25,1,25,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,2,7,0,0,2,8,0,0,0,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,25,0,0,0,0,0,7,5,0,0,0,0,0,27,1,0,6,21,1,0,28,27,0,1,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0 +0,221,195763,34223,94669,28,2,26,4,5,0,27,22,1,7,0,103,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,25,1,25,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,2,7,0,0,2,8,0,0,0,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,25,0,0,0,0,0,7,5,0,0,0,0,0,27,1,0,6,21,1,0,28,27,0,1,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/waze.pcap.out b/test/results/flow-analyse/default/waze.pcap.out index 81c70d48e..cc937507c 100644 --- a/test/results/flow-analyse/default/waze.pcap.out +++ b/test/results/flow-analyse/default/waze.pcap.out @@ -5,4 +5,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.8.0.1,176.34.186.180,tcp,36312,443,info,17,15,1435587878606407,1435587882306533,1435587880854651,0,0,536,11132,1238,41633,0,330,191882.9,1449192,279549.5,78147936256.0,3.8,"2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192",40,1380.3,11172,2994.0,8963944.0,2.9,"60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40","12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0","4.438340187,4.834184170,4.784184456,5.232826710,4.734184265,7.011441231,4.784184456,7.575597763,4.634184361,6.629845142,4.684184074,7.007690430,4.734184742,7.624808311,4.784184456,7.415266037,4.734184742,5.664109230,4.734184265,7.981531620,4.784184456,7.979642391,4.734184265,7.801960945,4.715312004,7.982071400,4.834183693,7.818040848,4.834183693,7.971698284,4.715311527,4.765311718",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7" 1,ip4,10.8.0.1,46.51.173.182,tcp,36102,443,info,16,16,1435587868635666,1435587884544120,1435587884544651,0,0,501,3606,1600,8366,0,413,1026369.1,5890947,1778823.2,3164212035584.0,3.4,"9060,9459,461199,462055,319157,370793,51463,554,58722,59273,267346,318521,5838678,5890947,1921,3057,232692,285896,1892628,1892382,50926,52168,293028,345106,632,413,1258587,1309974,5014758,5014527,51517",40,352.1,3646,731.9,535720.0,3.4,"60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40","10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1","4.325758457,4.734184265,4.684184074,5.244800568,4.615312099,7.020944595,4.734184265,7.476994514,4.634184361,7.276714802,4.665312290,7.041373253,4.734184265,6.961156845,4.734184265,7.528326035,4.684184551,6.083172798,4.734184265,7.792463779,4.734184265,7.940383911,4.734184265,6.823890686,4.734184265,7.240302563,4.734184265,7.320995331,4.734184265,5.654304981,4.615312099,4.665312290",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,282,232630,19999,306184,33,30,3,0,5,9,23,22,1,21,0,153,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,14,13,10,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,7,1,38,0,0,0,0,33,0,0,32,1,0,0,33,23,9,1,0,0,0,0,0,0,0,34,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,282,229832,19999,306184,33,30,3,0,5,9,23,22,1,14,0,153,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,14,13,10,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,1,39,0,0,0,0,33,0,0,32,1,0,0,33,23,9,1,0,0,0,0,0,0,0,34,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/webdav.pcap.out b/test/results/flow-analyse/default/webdav.pcap.out index f9d9e83f0..a529ee3a7 100644 --- a/test/results/flow-analyse/default/webdav.pcap.out +++ b/test/results/flow-analyse/default/webdav.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,75,67539,4967,11026,8,8,0,0,0,0,8,7,0,8,0,40,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,8,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,75,67539,4967,11026,8,8,0,0,0,0,8,7,0,8,0,40,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,8,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/webex.pcap.out b/test/results/flow-analyse/default/webex.pcap.out index b1278dc7a..ac27c5cb7 100644 --- a/test/results/flow-analyse/default/webex.pcap.out +++ b/test/results/flow-analyse/default/webex.pcap.out @@ -1,9 +1,9 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,10.8.0.1,64.68.105.103,tcp,41346,443,info,17,15,1444570624853841,1444570626601155,1444570626600999,0,0,536,2720,2935,8179,0,160,112724.9,557327,156273.3,24421341184.0,3.7,"6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546",40,387.9,2760,588.9,346810.6,3.8,"60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504","9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0","4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"15" -1,ip4,10.8.0.1,64.68.105.103,tcp,41348,443,info,16,16,1444570627404164,1444570629212279,1444570629155254,0,0,536,17966,2270,46819,0,156,114813.1,455330,125812.7,15828844544.0,4.1,"5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449",40,1574.7,18006,3700.1,13691057.0,2.9,"60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40","10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"15" +1,ip4,10.8.0.1,64.68.105.103,tcp,41346,443,info,17,15,1444570624853841,1444570626601155,1444570626600999,0,0,536,2720,2935,8179,0,160,112724.9,557327,156273.3,24421341184.0,3.7,"6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546",40,387.9,2760,588.9,346810.6,3.8,"60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504","9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0","4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"8,15" +1,ip4,10.8.0.1,64.68.105.103,tcp,41348,443,info,16,16,1444570627404164,1444570629212279,1444570629155254,0,0,536,17966,2270,46819,0,156,114813.1,455330,125812.7,15828844544.0,4.1,"5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449",40,1574.7,18006,3700.1,13691057.0,2.9,"60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40","10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"8,15" 1,ip4,10.8.0.1,64.68.105.103,tcp,41358,443,info,16,16,1444570633357298,1444570635772189,1444570635721813,0,0,536,8847,959,33212,0,383,154174.4,1031495,247176.8,61096366080.0,3.8,"3053,3185,1891,2192,397016,448096,52033,52145,383,52378,209850,261823,51847,1288,975,979869,1031495,52580,53500,94069,93832,53071,53864,119063,117547,148351,147839,51431,51376,96737,96627",40,1108.5,8887,2294.9,5266403.5,3.1,"60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40","12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.446510792,4.665312290,4.665311813,5.339869976,4.565312386,7.238214016,4.665312290,7.216020107,4.615311623,7.281401634,4.615312576,5.978787422,7.616997242,4.515312195,5.692360401,4.565312386,7.861890793,4.665311813,7.976788044,4.665311813,7.858300209,4.715312004,7.979997158,4.665311813,6.756694794,4.615312099,7.862811089,4.611769199,7.975809574,4.715312004,7.874713421,4.715312004",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.224.120,tcp,51155,443,info,16,16,1444570669745822,1444570675008962,1444570675008306,0,0,474,10527,863,17665,0,142,339536.2,2214636,547768.4,300050219008.0,3.7,"14198,16626,142,3176,966820,968167,50625,52096,160025,217339,56893,151808,203416,506402,456173,506119,506174,257962,307348,51007,1799,210726,261737,55501,54303,51893,51311,2214636,2165090,3222,2890",40,619.6,10567,1915.7,3669828.5,2.5,"60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40","13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.471673965,4.784184456,4.784183979,5.354527950,4.684184074,7.260420322,4.784183979,7.246551991,4.734184265,5.886437893,7.525208473,4.734184265,7.158136368,4.734184265,7.747338772,4.784183979,7.959521770,4.784183979,6.617527962,4.784183979,7.154652596,4.834184170,6.117394924,4.834184170,6.934138775,4.784184456,7.251028061,4.734184742,7.541121960,4.784183979,7.600737572,4.834183693",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.224.120,tcp,51154,443,info,16,16,1444570669736143,1444570675113022,1444570675113218,0,0,536,3907,4673,3966,0,309,346901.8,2270107,598058.5,357673959424.0,3.3,"9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021",40,310.6,3947,685.4,469733.5,3.5,"60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40","3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.229.158,tcp,51857,443,info,16,16,1444570716599098,1444570719040525,1444570720047703,0,0,378,3907,1559,4630,0,213,190001.0,1366658,352312.5,124124102656.0,3.4,"4232,4962,6442,7614,1312624,1366658,17526,71444,145665,198977,339,53733,129549,180935,213,51454,121214,172258,51492,51164,125484,176177,50764,50844,546,1023,264310,263832,849,855,1006853",40,234.0,3947,677.2,458632.1,3.1,"60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109","7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1","4.459092140,4.834184170,4.784183979,5.220240593,4.734184265,7.263404846,4.784183979,7.281803131,4.784184456,5.980217934,4.834184170,6.198987961,4.784184456,5.680279255,4.834183693,7.512312412,4.784184456,6.181793690,4.784184456,7.433725834,4.784183979,6.433676720,4.784184456,6.824645042,4.734184265,6.550875664,4.634184361,6.555935860,4.784184456,6.391854286,4.734184265,6.211565018",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,500,426101,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,8,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,101,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,25,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 +0,500,425165,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,8,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,111,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,36,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/websocket-chisel-ssh.pcap.out b/test/results/flow-analyse/default/websocket-chisel-ssh.pcap.out new file mode 100644 index 000000000..9081ef297 --- /dev/null +++ b/test/results/flow-analyse/default/websocket-chisel-ssh.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,17,14389,428,205,2,0,2,0,0,0,2,1,0,2,0,7,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,3,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1 diff --git a/test/results/flow-analyse/default/websocket.pcap.out b/test/results/flow-analyse/default/websocket.pcap.out index 63a6ff72c..d16d16182 100644 --- a/test/results/flow-analyse/default/websocket.pcap.out +++ b/test/results/flow-analyse/default/websocket.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7956,132,39,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7956,132,39,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/wechat.pcap.out b/test/results/flow-analyse/default/wechat.pcap.out index a6cfa75db..12235f7dd 100644 --- a/test/results/flow-analyse/default/wechat.pcap.out +++ b/test/results/flow-analyse/default/wechat.pcap.out @@ -17,4 +17,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.103,203.205.147.171,tcp,58038,443,info,19,13,1492167776953879,1492167781392220,1492167781372855,0,0,1240,1688,8609,6923,0,433,285719.9,2508511,565344.7,319614582784.0,3.4,"266637,266706,433,272250,1305,273110,594,572,2940,271769,269630,3217,281421,29714,327642,3217,299639,37418,350851,50937,3180,368575,30208,307140,2227616,3191,2508511,50935,328714,16106,3139",52,537.9,1740,561.4,315202.6,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1357,1225,429,52,250,52,1292,527,52,990,52,1292,527,52,1367,52,1225,429","7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0","4.726680279,5.287539005,5.053297043,5.856728077,5.094483852,6.784938335,4.976374149,7.592500210,4.986606121,6.312986374,5.936172009,7.837973118,7.533455849,5.132945538,7.845239639,7.816359520,7.375327110,5.132945538,7.120093346,4.986605644,7.828961372,7.600332737,5.079966545,7.769877911,4.933627129,7.832687378,7.593090057,5.138531685,7.868632793,4.933627605,7.822371960,7.393807888",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" 1,ip4,192.168.1.103,203.205.147.171,tcp,58040,443,info,20,12,1492167865975033,1492167868793020,1492167868783731,0,0,1428,1428,12291,3489,0,11,181506.0,1577028,351924.9,123851137024.0,3.2,"268280,268366,474,270444,798,270739,392,385,993,969,2788,273097,271415,164,26,13,12,11,1155,289376,22800,22424,9724,380702,1255603,4960,1577028,73342,350958,5989,3258",52,545.6,1480,599.0,358844.3,4.1,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527","7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0","6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0","4.680765629,5.154205322,4.884933472,5.839785576,5.017560482,6.813761711,4.831954956,7.514670849,4.842186928,7.190687180,4.895165443,6.306419849,5.873158932,7.841919422,7.869560242,7.865934372,7.865987301,7.878506184,7.864762306,7.242313385,4.964581966,4.834680080,4.895165443,6.393952847,4.986606121,7.814539909,7.515988827,5.061608315,7.244477749,4.895165443,7.844690800,7.504737377",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,888,783612,184490,376782,109,52,57,77,17,25,84,69,0,12,0,394,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,50,6,42,34,0,0,0,2,0,0,0,0,0,0,0,9,0,0,0,27,0,0,0,0,43,1,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0,0,0,0,11,0,2,0,0,0,0,100,9,0,59,40,0,10,109,84,25,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0 +0,888,779107,184490,376782,109,52,57,77,17,25,84,69,0,10,0,394,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,50,6,42,34,0,0,0,2,0,0,0,0,0,0,0,9,0,0,0,27,0,0,0,0,43,1,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0,0,0,0,9,0,2,0,0,0,0,100,9,0,59,40,0,10,109,84,25,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/weibo.pcap.out b/test/results/flow-analyse/default/weibo.pcap.out index d4b77f0de..db4993ca4 100644 --- a/test/results/flow-analyse/default/weibo.pcap.out +++ b/test/results/flow-analyse/default/weibo.pcap.out @@ -6,4 +6,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.105,93.188.134.246,tcp,35807,80,finished,16,16,1463089073321163,1463089073801051,1463089073804152,0,0,484,1436,484,18086,0,142,31060.5,183686,54622.5,2983621632.0,3.4,"62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143",52,633.2,1488,674.0,454231.7,4.1,"60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" 1,ip4,192.168.1.105,93.188.134.246,tcp,35809,80,finished,16,16,1463089073334322,1463089073888564,1463089073891278,0,0,473,1436,473,18114,0,137,35845.1,252228,55584.3,3089619200.0,3.8,"50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753",52,633.7,1488,673.8,454044.4,4.1,"60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,267,223497,9449,225426,44,1,43,0,6,21,23,9,0,2,0,117,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,17,0,5,18,0,0,0,0,0,0,0,0,0,0,0,1,10,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,1,1,2,0,0,0,0,44,0,0,30,14,0,0,44,23,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 +0,267,223456,9449,225426,44,1,43,0,6,21,23,9,0,2,0,117,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,17,0,5,18,0,0,0,0,0,0,0,0,0,0,0,1,10,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,1,1,2,0,0,0,0,44,0,0,30,14,0,0,44,23,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsapp.pcap.out b/test/results/flow-analyse/default/whatsapp.pcap.out index 799da6254..cd972711f 100644 --- a/test/results/flow-analyse/default/whatsapp.pcap.out +++ b/test/results/flow-analyse/default/whatsapp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,751,575355,50635,0,86,0,86,0,0,0,86,0,0,86,0,430,1,0,1,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,0,0,0,0,86,0,0,0,0,0,0,86,0,0,86,0,0,0,86,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0 +0,751,575355,50635,0,86,0,86,0,0,0,86,0,0,86,0,430,1,0,1,61,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,0,0,0,0,86,0,0,0,0,0,0,86,0,0,86,0,0,0,86,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out index 5096d0e71..cb14d858f 100644 --- a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out @@ -1,9 +1,9 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.2.4,17.178.104.12,tcp,49201,443,info,18,14,1432582227604482,1432582229309355,1432582229616362,0,0,1440,1440,6486,6050,0,9,119895.3,712466,179472.3,32210292736.0,3.4,"281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952",40,432.9,1480,595.1,354099.2,3.8,"64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40","9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1","4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693",TLS.Apple,91.140,1,Safe,Web,6,DPI,"15" +1,ip4,192.168.2.4,17.178.104.12,tcp,49201,443,info,18,14,1432582227604482,1432582229309355,1432582229616362,0,0,1440,1440,6486,6050,0,9,119895.3,712466,179472.3,32210292736.0,3.4,"281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952",40,432.9,1480,595.1,354099.2,3.8,"64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40","9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1","4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693",TLS.Apple,91.140,1,Safe,Web,6,DPI,"8,15" 1,ip4,192.168.2.4,184.173.179.37,tcp,49202,5222,finished,17,15,1432582227643274,1432582230649748,1432582230614203,0,0,201,78,1159,445,0,0,192819.5,709350,172077.7,29610717184.0,4.4,"153871,242175,244771,708056,709350,35643,213202,306,145666,324955,262756,250323,148242,98446,249378,163432,164508,351063,174021,177975,4,178327,331,171720,16,302683,276,301856,4,0,204047",52,102.8,253,60.8,3698.6,4.8,"64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118","9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0","4.535581589,5.323234558,5.284870625,5.118428230,6.648615837,6.247110844,5.434191704,5.231892109,5.169486046,7.074976444,5.807060719,5.762281895,5.680767059,5.207947731,7.065171242,5.820694447,5.246409416,6.336829185,5.802911282,6.766283989,5.781786919,5.740469933,6.833239079,5.270353794,5.863435745,5.886964798,7.017980099,5.284870625,5.854554653,5.807495594,5.816376686,6.257439613",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" -1,ip4,192.168.2.4,17.173.66.102,tcp,49204,443,info,17,15,1432582230648273,1432582231572130,1432582231504448,0,0,1440,948,5225,2717,0,15,57420.4,246332,88943.3,7910914560.0,3.4,"139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179",40,289.3,1480,408.5,166890.9,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15" +1,ip4,192.168.2.4,17.173.66.102,tcp,49204,443,info,17,15,1432582230648273,1432582231572130,1432582231504448,0,0,1440,948,5225,2717,0,15,57420.4,246332,88943.3,7910914560.0,3.4,"139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179",40,289.3,1480,408.5,166890.9,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"8,15" 1,ip4,192.168.2.4,91.253.176.65,udp,51518,9344,finished,17,15,1432582258730153,1432582260754649,1432582260775626,26,0,309,289,3471,2001,0,44,131289.3,352421,70223.6,4931354624.0,4.7,"85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877",50,199.0,337,98.8,9763.6,4.8,"72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291","1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281",SRTP.WhatsAppCall,338.45,1,Acceptable,VoIP,6,DPI,"5" 1,ip4,192.168.2.4,91.253.176.65,udp,52794,9665,finished,16,16,1432582303300524,1432582305119064,1432582305008654,26,0,278,200,1888,1727,0,40,113763.5,307394,86013.0,7398240768.0,4.5,"304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436",54,141.0,306,58.8,3453.3,4.9,"72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171","1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874",SRTP.WhatsAppCall,338.45,1,Acceptable,VoIP,6,DPI,"5" -1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,info,17,15,1432582355253275,1432582356195572,1432582356100109,0,0,1440,948,5224,2717,0,11,57713.9,271808,91895.6,8444797952.0,3.3,"139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275",40,289.3,1480,408.5,166876.7,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15" +1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,info,17,15,1432582355253275,1432582356195572,1432582356100109,0,0,1440,948,5224,2717,0,11,57713.9,271808,91895.6,8444797952.0,3.3,"139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275",40,289.3,1480,408.5,166876.7,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"8,15" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,497,420997,81240,51420,57,24,33,45,6,20,37,46,0,24,0,226,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,23,6,30,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,1,20,0,0,2,8,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,25,8,0,0,0,0,0,55,2,0,27,29,1,0,57,37,20,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0 +0,497,423633,81240,51420,57,24,33,45,6,20,37,46,0,24,0,226,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,23,6,30,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,1,20,0,0,2,8,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,25,8,3,0,0,0,0,55,2,0,27,29,1,0,57,37,20,0,0,0,0,0,0,8,0,0,3,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out b/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out index b6b841bd9..97da5fb04 100644 --- a/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out +++ b/test/results/flow-analyse/default/whatsapp_login_chat.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,finished,17,15,1432582381179399,1432582384764367,1432582384691063,0,0,1440,948,11339,3880,1,3,228923.6,3030585,711161.6,505750847488.0,2.0,"307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249",40,515.6,1480,518.7,269058.2,4.2,"1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113","4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0","9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0","7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469",TLS,91,1,Safe,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,61,57852,19160,5639,9,2,7,0,1,0,9,3,0,2,0,27,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,2,6,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,1,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,2,2,0,0,0,0,0,8,1,0,3,6,0,0,9,9,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,61,57852,19160,5639,9,2,7,0,1,0,9,3,0,2,0,27,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,2,6,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,1,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,2,2,0,0,0,0,0,8,1,0,3,6,0,0,9,9,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsapp_voice_and_message.pcap.out b/test/results/flow-analyse/default/whatsapp_voice_and_message.pcap.out index 7d470998c..e68a1beb0 100644 --- a/test/results/flow-analyse/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/flow-analyse/default/whatsapp_voice_and_message.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,10.8.0.1,173.192.222.189,tcp,42241,5222,finished,15,17,1432820633802533,1432820634797314,1432820634796460,0,0,245,505,707,814,0,122,64151.9,457947,103861.5,10787211264.0,3.7,"1312,2441,29816,31189,401459,457947,56427,244,122,152,50476,50415,214,112548,112763,50812,57282,6500,274,183,50385,50538,122,50415,131042,50415,131164,122,50507,50629,793",40,88.2,545,100.3,10067.6,4.4,"60,40,40,214,40,118,40,545,70,40,40,63,40,40,65,40,62,121,40,285,40,62,64,40,94,40,58,91,40,209,40,40","10,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,0","4.459092617,4.680641651,4.784183979,6.607134819,4.630641460,6.115448475,4.665311813,7.571388721,5.552047253,4.580641270,4.630640984,5.367652893,4.630641460,4.834183693,5.504653454,4.580641747,5.300499439,6.294820786,4.630641460,7.156640053,4.530641556,5.393635750,5.481855392,4.630641460,5.938459396,4.680641651,5.375223160,5.945579052,4.611769676,6.961353779,4.834183693,4.665311813",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" 1,ip4,10.8.0.1,158.85.58.109,tcp,49721,5222,finished,16,16,1432820681899121,1432820685106122,1432820683287396,0,0,245,254,672,751,0,91,148234.7,1768433,316376.5,100094115840.0,3.4,"2014,2563,34089,34790,390289,440887,50599,183,91,50446,50537,139282,139252,92,50506,50445,92,51240,51147,213,122,77789,128296,50873,179230,229706,260559,260559,50476,50476,1768433",40,85.1,294,70.4,4957.0,4.6,"60,40,40,214,40,118,40,294,70,40,63,40,65,40,62,121,40,62,285,40,40,40,209,98,40,99,40,165,40,62,40,76","11,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0","4.471673489,4.680641651,4.734183788,6.810238838,4.680641651,6.078742027,4.665311813,7.177294731,5.455548763,4.680641651,5.570110321,4.730641842,5.523809433,4.730641842,5.470327377,6.416762829,4.730641842,5.470327854,7.190139771,4.730641842,4.884183884,4.884183884,6.934513569,6.068694592,4.730641842,6.043103695,4.815311432,6.668905258,4.815311432,5.405810833,4.765311718,5.731334686",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,126,103362,8982,5407,13,4,9,16,3,0,13,0,0,0,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,6,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,5,8,0,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,126,103626,8982,5407,13,4,9,16,3,0,13,0,0,0,0,65,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,6,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,5,8,0,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whatsappfiles.pcap.out b/test/results/flow-analyse/default/whatsappfiles.pcap.out index 1ca7eeca4..e1463a7a5 100644 --- a/test/results/flow-analyse/default/whatsappfiles.pcap.out +++ b/test/results/flow-analyse/default/whatsappfiles.pcap.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.29,185.60.216.53,tcp,49674,443,info,20,12,1519924083411187,1519924108832377,1519924084217928,0,0,1398,1398,5152,3695,0,4,846062.3,24639770,4345174.0,18880535724032.0,0.5,"89960,91931,2998,95622,1439,1232,31,95929,999,78942,282792,460945,6,97926,4,3994,6995,998,5,4,115136,17,1231,43,102916,998,41079,24639770,4996,5995,2998",52,329.1,1450,491.8,241822.2,3.8,"64,60,52,295,52,1450,1450,464,52,52,52,178,310,133,52,52,105,102,94,235,90,52,90,52,162,52,52,52,275,1450,1450,1450","9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0","5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0","4.421927452,5.154205322,5.000318527,5.630068779,5.156889915,6.911639214,7.331070900,7.439278603,5.077241421,5.077241421,4.892748356,6.281505585,7.104421139,6.400995731,4.993616104,5.038779736,5.644111633,5.709043026,5.428511143,6.868546009,5.439019203,5.156889439,5.895723343,5.156889439,6.637435913,5.038779736,5.077241421,5.156889915,7.004677773,7.873590469,7.843841553,7.873690605",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" 1,ip4,192.168.2.29,185.60.216.53,tcp,49698,443,info,13,19,1519924240121220,1519924240317078,1519924240518900,0,0,517,1398,975,12875,0,4,19146.4,107518,30886.0,953946176.0,3.3,"56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201",52,485.4,1450,599.2,359069.1,4.0,"64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450","6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1","4.484427452,5.220872402,5.062724590,6.536932945,5.310736179,6.547456264,5.115703106,5.511427402,5.798887253,5.734943390,5.532109261,7.100424290,6.478804111,5.091758728,5.529591560,5.233812809,6.065113068,5.272274971,6.031597137,5.091758728,5.070539474,5.272274971,7.882384777,7.084619522,7.865714073,7.857034683,7.885036469,7.857791901,7.873408318,7.856501579,7.894844532,7.850902557",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,24158,179714,230629,2,1,1,0,2,0,2,3,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,23953,179714,230629,2,1,1,0,2,0,2,3,0,0,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/whois.pcapng.out b/test/results/flow-analyse/default/whois.pcapng.out index 9108ed007..210f2861a 100644 --- a/test/results/flow-analyse/default/whois.pcapng.out +++ b/test/results/flow-analyse/default/whois.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,27763,3467,1453,3,2,1,0,0,1,2,1,0,1,0,15,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,0,0,0,3,0,0,3,0,0,0,3,2,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 +0,30,27681,3467,1453,3,2,1,0,0,1,2,1,0,1,0,15,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,4,0,0,0,0,0,3,0,0,3,0,0,0,3,2,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 diff --git a/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out b/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out index fb12fa2ce..b2c586c34 100644 --- a/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out +++ b/test/results/flow-analyse/default/windowsupdate_over_http.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,10009,479,14400,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 +0,11,10009,479,14400,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/default/windscribe.pcapng.out b/test/results/flow-analyse/default/windscribe.pcapng.out index 6aeec28f3..4e610d2e0 100644 --- a/test/results/flow-analyse/default/windscribe.pcapng.out +++ b/test/results/flow-analyse/default/windscribe.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10991,2275,5707,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 +0,12,10909,2275,5707,1,0,1,0,0,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 diff --git a/test/results/flow-analyse/default/wireguard.pcap.out b/test/results/flow-analyse/default/wireguard.pcap.out index 0fdaf5607..f93f6ee29 100644 --- a/test/results/flow-analyse/default/wireguard.pcap.out +++ b/test/results/flow-analyse/default/wireguard.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,17579,7268,3288,2,0,2,1,0,0,2,0,0,0,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,21,17579,7268,3288,2,0,2,1,0,0,2,0,0,0,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/wow.pcap.out b/test/results/flow-analyse/default/wow.pcap.out index da285b2d7..82adccf42 100644 --- a/test/results/flow-analyse/default/wow.pcap.out +++ b/test/results/flow-analyse/default/wow.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,45,32918,2812,1774,5,2,3,0,0,0,5,1,0,2,0,25,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,1,3,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,45,32918,2812,1774,5,2,3,0,0,0,5,1,0,2,0,25,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,1,3,0,0,0,0,5,0,0,5,0,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/xdmcp.pcap.out b/test/results/flow-analyse/default/xdmcp.pcap.out index 3b0cf5b5e..5dfa31a7a 100644 --- a/test/results/flow-analyse/default/xdmcp.pcap.out +++ b/test/results/flow-analyse/default/xdmcp.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,7992,254,81,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,7992,254,81,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/xiaomi.pcap.out b/test/results/flow-analyse/default/xiaomi.pcap.out index e915577f6..59066aa34 100644 --- a/test/results/flow-analyse/default/xiaomi.pcap.out +++ b/test/results/flow-analyse/default/xiaomi.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,58,50431,3913,4078,7,0,7,0,0,0,7,0,0,6,0,30,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,58,50231,3913,4078,7,0,7,0,0,0,7,0,0,6,0,30,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,6,0,0,0,0,0,0,7,0,0,7,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/xss.pcap.out b/test/results/flow-analyse/default/xss.pcap.out index 9c2916bde..7a18c4b76 100644 --- a/test/results/flow-analyse/default/xss.pcap.out +++ b/test/results/flow-analyse/default/xss.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,17,13505,608,1843,2,0,2,0,0,1,1,0,0,1,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,17,13505,608,1843,2,0,2,0,0,1,1,0,0,1,0,8,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/yandex.pcapng.out b/test/results/flow-analyse/default/yandex.pcapng.out index d762b94ef..4592acb31 100644 --- a/test/results/flow-analyse/default/yandex.pcapng.out +++ b/test/results/flow-analyse/default/yandex.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,84,75231,19090,29801,9,0,9,0,0,0,9,7,0,4,0,45,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,7,0,1,0,0,1,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,9,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0 +0,84,74575,19090,29801,9,0,9,0,0,0,9,7,0,4,0,45,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,7,0,1,0,0,1,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,9,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/yojimbo.pcap.out b/test/results/flow-analyse/default/yojimbo.pcap.out index 1a56f3df4..0eb4907b6 100644 --- a/test/results/flow-analyse/default/yojimbo.pcap.out +++ b/test/results/flow-analyse/default/yojimbo.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,7,6975,1078,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,7,6975,1078,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/youtube_quic.pcap.out b/test/results/flow-analyse/default/youtube_quic.pcap.out index 2788eb53f..c95f3ef0b 100644 --- a/test/results/flow-analyse/default/youtube_quic.pcap.out +++ b/test/results/flow-analyse/default/youtube_quic.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.7,216.58.198.33,udp,56074,443,finished,13,19,1489363823738796,1489363823844687,1489363823852784,38,0,1350,1350,3698,22654,0,6,7092.9,47402,13323.0,177502752.0,3.3,"43682,599,47402,292,154,45,22593,22345,6,41882,73,4311,1249,5208,1009,1199,2078,995,1205,2173,1079,939,1972,1276,1007,2312,930,1274,2300,574,7716",59,851.5,1378,620.1,384534.2,4.5,"1378,1378,1378,1378,445,163,164,63,1378,59,69,69,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1016,1378","0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0","0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1","2.490298986,7.548896313,2.557327986,5.454246521,7.513552189,6.657486916,6.667313099,5.203137398,7.879892826,5.320584774,5.540966511,5.620818138,7.837260723,7.846781731,5.625435352,7.860443115,7.869290352,5.595131874,7.865964890,7.867100716,5.462482452,7.871220112,7.858954430,5.583694935,7.863245964,7.872319698,5.564828873,7.868106365,7.885589600,5.529245377,7.780364990,7.853522778",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,39379,16934,162567,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,28,39187,16934,162567,3,0,3,0,1,0,3,0,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/youtubeupload.pcap.out b/test/results/flow-analyse/default/youtubeupload.pcap.out index f917bf8af..f757d0d9b 100644 --- a/test/results/flow-analyse/default/youtubeupload.pcap.out +++ b/test/results/flow-analyse/default/youtubeupload.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.27,172.217.23.111,udp,51925,443,finished,22,10,1511102576794424,1511102580012300,1511102579994904,35,0,1350,1350,18813,4860,0,80,207043.7,1883081,509890.4,259988193280.0,2.4,"56118,973,59784,1844,356,60874,87,57514,351,30658,1096880,488,1126775,721,1825776,1883081,71241,80,128481,3345,2763,363,669,1041,1120,1220,1141,1157,1131,1161,1163",44,767.8,1378,621.3,386013.8,4.4,"1378,1378,1378,66,1378,410,1378,59,69,66,58,44,597,69,63,330,64,140,44,69,373,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378","0,6,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0","4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0","0,1,1,0,0,0,1,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0","2.572486401,7.537513733,7.402596951,5.250994682,4.556015491,7.434559345,7.870773315,5.447868824,5.731709003,5.771669865,5.450197697,4.967351913,7.653637886,5.570558548,5.691562653,7.349846363,5.524900436,6.587018490,4.967351913,5.749753952,7.464030743,7.863305569,7.871096611,7.856682777,7.872458458,7.853973389,7.869896412,7.852776527,7.860300064,7.865760326,7.833461761,7.854090214",QUIC.YouTubeUpload,188.136,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,41391,105513,15573,3,0,3,0,1,0,3,2,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,41140,105513,15573,3,0,3,0,1,0,3,2,0,0,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,2,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/z3950.pcapng.out b/test/results/flow-analyse/default/z3950.pcapng.out index d7def73b3..3646d7392 100644 --- a/test/results/flow-analyse/default/z3950.pcapng.out +++ b/test/results/flow-analyse/default/z3950.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,14351,445,4117,2,2,0,0,0,1,1,0,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,14351,445,4117,2,2,0,0,0,1,1,0,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,2,0,0,0,2,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zabbix.pcap.out b/test/results/flow-analyse/default/zabbix.pcap.out index 99bbaff44..e64d3fe1d 100644 --- a/test/results/flow-analyse/default/zabbix.pcap.out +++ b/test/results/flow-analyse/default/zabbix.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,196,142282,5346,3265,24,24,0,0,0,0,24,0,0,0,0,120,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,24,0,0,0,24,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,196,142282,5346,3265,24,24,0,0,0,0,24,0,0,0,0,120,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,24,0,0,0,24,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zattoo.pcap.out b/test/results/flow-analyse/default/zattoo.pcap.out index 658b98197..16d47f01a 100644 --- a/test/results/flow-analyse/default/zattoo.pcap.out +++ b/test/results/flow-analyse/default/zattoo.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,18695,7381,4290,2,2,0,0,0,0,2,1,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,1,1,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,20,18613,7381,4290,2,2,0,0,0,0,2,1,0,1,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,1,1,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zoom.pcap.out b/test/results/flow-analyse/default/zoom.pcap.out index e73fb0211..226d45206 100644 --- a/test/results/flow-analyse/default/zoom.pcap.out +++ b/test/results/flow-analyse/default/zoom.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.117,109.94.160.99,tcp,54871,443,info,18,14,1569520471189039,1569520471662963,1569520471590160,0,0,1440,1440,3063,8708,0,1,28227.3,156067,40349.6,1628089600.0,3.8,"31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101",52,420.5,1492,552.4,305116.1,3.9,"64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223","10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0","4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15" 1,ip4,192.168.1.117,109.94.160.99,udp,58327,8801,finished,3,29,1569520471748648,1569520471785584,1569520472033049,13,0,107,1029,183,26845,0,28,10365.7,35562,8525.9,72690992.0,4.5,"31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850",41,872.8,1057,383.7,147246.2,4.8,"135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057","1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187",Zoom,189,1,Acceptable,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,317,246273,69672,259806,33,6,27,0,3,2,31,26,0,11,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,12,21,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,21,3,2,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,317,245352,69672,259806,33,6,27,0,3,2,31,26,0,11,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,12,21,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,21,3,2,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zoom2.pcap.out b/test/results/flow-analyse/default/zoom2.pcap.out index a73362739..5ec19a473 100644 --- a/test/results/flow-analyse/default/zoom2.pcap.out +++ b/test/results/flow-analyse/default/zoom2.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.178,144.195.73.154,udp,58117,8801,finished,12,20,1642965460219455,1642965460877104,1642965460887928,88,0,161,136,1490,1734,0,12,42778.1,176446,48878.6,2389121792.0,4.1,"98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502",46,129.0,189,35.8,1279.8,4.9,"151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116","0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1","5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172",Zoom,189,1,Acceptable,Video,6,DPI,"" 1,ip4,192.168.1.178,144.195.73.154,udp,57953,8801,finished,15,17,1642965460359314,1642965461085374,1642965461081424,27,0,143,75,1257,755,0,8,46715.2,187597,42950.9,1844783744.0,4.3,"102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582",46,91.1,171,44.6,1993.4,4.8,"153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55","7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0","5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220",Zoom,189,1,Acceptable,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,46,42642,14983,82787,4,0,4,0,3,0,4,8,0,4,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,46,42519,14983,82787,4,0,4,0,3,0,4,8,0,4,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zoom_p2p.pcapng.out b/test/results/flow-analyse/default/zoom_p2p.pcapng.out index b7c3bf894..49b5d84c9 100644 --- a/test/results/flow-analyse/default/zoom_p2p.pcapng.out +++ b/test/results/flow-analyse/default/zoom_p2p.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,10.78.14.178,udp,42208,47312,finished,32,0,1666892923321165,1666892923731059,1666892923321165,84,0,84,0,2688,0,0,149,13222.4,52278,15933.9,253890336.0,4.0,"206,27265,11246,7707,6831,1534,149,13289,6864,1707,40450,203,15506,643,33328,247,50821,420,5857,5665,52278,379,7223,2326,22718,234,30994,178,40889,183,22554",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.994051456,4.951597214,4.994051933,4.994051456,4.976194382,4.976194382,4.994051456,4.958336830,4.976194382,4.994051456,4.958336830,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.951597214,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456",Zoom,189,1,Acceptable,Video,6,DPI,"46" 1,ip4,192.168.12.156,10.78.14.178,udp,49579,49586,finished,32,0,1666892923611662,1666892924448503,1666892923611662,84,0,84,0,2688,0,0,338,26994.9,54779,14468.3,209331424.0,4.7,"23783,338,29801,1565,40495,506,22699,46435,8735,38102,43592,20546,19277,34040,24361,41537,21146,25008,31087,47211,23803,22874,54779,5988,45050,14923,26821,31551,48347,23766,18675",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.927000046,4.944857121,4.909142494,4.902402878,4.927000046,4.912628174,4.927000046,4.927000046,4.909142494,4.927000046,4.909142494,4.927000046,4.927000046,4.927000046,4.927000046,4.898025990,4.927000046,4.927000046,4.927000046,4.927000046,4.927000046,4.902402401,4.909142494,4.927000046,4.927000046,4.909142494,4.927000046,4.894771099,4.902402401,4.927000046,4.909142494,4.909142494",Zoom,189,1,Acceptable,Video,6,DPI,"46" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,134,114701,137033,103149,13,0,13,27,4,0,13,3,0,5,0,58,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,0,0,0,0,0,13,0,0,0,11,2,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,134,114833,137033,103149,13,0,13,27,4,0,13,3,0,5,0,58,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,0,0,0,0,0,13,0,0,0,11,2,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/default/zug.pcap.out b/test/results/flow-analyse/default/zug.pcap.out index 841338dc1..b34bb5ed3 100644 --- a/test/results/flow-analyse/default/zug.pcap.out +++ b/test/results/flow-analyse/default/zug.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,36,30818,1142,0,7,0,7,1,0,0,6,0,1,0,0,7,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,36,30818,1142,0,7,0,7,1,0,0,6,0,1,0,0,7,1,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,7,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_aggressiveness/ookla.pcap.out b/test/results/flow-analyse/disable_aggressiveness/ookla.pcap.out index accb268bf..4dced6f7c 100644 --- a/test/results/flow-analyse/disable_aggressiveness/ookla.pcap.out +++ b/test/results/flow-analyse/disable_aggressiveness/ookla.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,55,44179,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 +0,55,44015,22732,8117,6,1,5,0,0,1,5,3,0,2,0,30,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,3,0,0,0,0,0,6,0,0,6,0,0,0,6,5,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_metadata/sip.pcap.out b/test/results/flow-analyse/disable_metadata/sip.pcap.out deleted file mode 100644 index 64af10aa7..000000000 --- a/test/results/flow-analyse/disable_metadata/sip.pcap.out +++ /dev/null @@ -1,4 +0,0 @@ -flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.2,212.242.33.35,udp,5060,5060,finished,21,11,1120469572844249,1120470235521078,1120470235448732,5,0,825,593,7448,4947,0,25935,42751008.0,279041814,57873684.0,3349363405357056.0,4.0,"136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102",33,415.3,853,273.0,74531.7,4.6,"495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368","9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0","5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526",SIP,100,0,Acceptable,VoIP,6,DPI,"" -timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,59066,28304,16151,4,0,4,25,1,0,3,0,1,0,0,16,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/disable_metadata/tls_verylong_certificate.pcap.out deleted file mode 100644 index 7356c7add..000000000 --- a/test/results/flow-analyse/disable_metadata/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,4 +0,0 @@ -flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" -timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,16417,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/flow-analyse/disable_metadata_and_flowrisks/sip.pcap.out new file mode 100644 index 000000000..0dc32f9ed --- /dev/null +++ b/test/results/flow-analyse/disable_metadata_and_flowrisks/sip.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.2,212.242.33.35,udp,5060,5060,finished,21,11,1120469572844249,1120470235521078,1120470235448732,5,0,825,593,7448,4947,0,25935,42751008.0,279041814,57873684.0,3349363405357056.0,4.0,"136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102",33,415.3,853,273.0,74531.7,4.6,"495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368","9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0","5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526",SIP,100,0,Acceptable,VoIP,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,59,60130,28304,16151,4,0,4,25,1,0,3,0,1,0,0,16,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..dc76035fc --- /dev/null +++ b/test/results/flow-analyse/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,14,16801,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_protocols/dns_long_domainname.pcap.out b/test/results/flow-analyse/disable_protocols/dns_long_domainname.pcap.out index a08efdaca..9fe2c9229 100644 --- a/test/results/flow-analyse/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/flow-analyse/disable_protocols/dns_long_domainname.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,9,8116,61,117,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,9,8116,61,117,1,0,1,0,0,0,1,1,0,1,0,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out b/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out index e68383a88..3dcf59f9d 100644 --- a/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out +++ b/test/results/flow-analyse/disable_protocols/pluralsight.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,59,75196,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,59,74540,3540,23176,6,0,6,0,0,0,6,10,0,0,0,28,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/flow-analyse/disable_protocols/quic-mvfst-27.pcapng.out index 5cc3584e2..2aa8093c7 100644 --- a/test/results/flow-analyse/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/flow-analyse/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,16010,2538,6981,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,15969,2538,6981,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_protocols/soap.pcap.out b/test/results/flow-analyse/disable_protocols/soap.pcap.out index 6b5399a52..9ead0d4c1 100644 --- a/test/results/flow-analyse/disable_protocols/soap.pcap.out +++ b/test/results/flow-analyse/disable_protocols/soap.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,24,28768,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,24,28768,8109,1637,3,1,2,0,0,0,3,0,0,1,0,11,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,3,0,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_use_client_ip/bot.pcap.out b/test/results/flow-analyse/disable_use_client_ip/bot.pcap.out index 731e6835b..071ccf2c4 100644 --- a/test/results/flow-analyse/disable_use_client_ip/bot.pcap.out +++ b/test/results/flow-analyse/disable_use_client_ip/bot.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,40.77.167.36,89.31.72.220,tcp,64768,80,finished,7,25,1645108240233170,1645108240455112,1645108240455337,0,0,316,1440,316,33120,0,4,14326.1,114244,36180.2,1309009792.0,2.2,"409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465",46,1086.5,1480,631.2,398369.0,4.6,"48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480","6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1","4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334",HTTP,7,0,Acceptable,Web,6,DPI,"44" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,11270,316,406780,1,1,0,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,11270,316,406780,1,1,0,0,1,0,1,0,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out b/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out index b794b43e0..f1f619e0c 100644 --- a/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out +++ b/test/results/flow-analyse/disable_use_client_port/iphone.pcap.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.17,92.123.77.26,tcp,50587,443,info,18,14,1582454599934729,1582454600290030,1582454600371223,0,0,1440,1440,3458,5165,0,4,25541.8,147307,44603.2,1989448704.0,3.2,"33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566",52,322.1,1492,461.1,212650.1,3.9,"64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52","10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1","4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.17,17.248.185.87,tcp,50581,443,info,20,12,1582454598721885,1582454600432880,1582454600398737,0,0,1440,1440,13211,8177,0,19,109285.4,803512,185220.7,34306707456.0,3.4,"145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245",52,721.0,1492,667.3,445284.8,4.3,"64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492","8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0","4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,356,334197,99351,91009,51,3,48,0,4,0,50,40,1,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,17,24,9,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,356,332762,99351,91009,51,3,48,0,4,0,50,40,1,0,0,156,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,38,17,24,9,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,1,31,0,0,2,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,46,5,0,15,31,1,4,51,50,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/dns_process_response_disable/dns.pcap.out b/test/results/flow-analyse/dns_process_response_disable/dns.pcap.out index 42f096da3..ff36e102d 100644 --- a/test/results/flow-analyse/dns_process_response_disable/dns.pcap.out +++ b/test/results/flow-analyse/dns_process_response_disable/dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,9616,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,9616,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/flow-analyse/dns_subclassification_and_process_response_disable/dns.pcap.out index cf2c29ebe..019f09389 100644 --- a/test/results/flow-analyse/dns_subclassification_and_process_response_disable/dns.pcap.out +++ b/test/results/flow-analyse/dns_subclassification_and_process_response_disable/dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,9902,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,9902,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out index 65c52303a..f47d04f23 100644 --- a/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,info,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24,52" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,13,12906,1881,5821,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 +0,13,12824,1881,5821,1,0,1,0,1,0,1,1,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0 diff --git a/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out b/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out index 822106dc2..199c5379d 100644 --- a/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-analyse/enable_payload_stat/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1303,1571479,156501,2270815,197,9,188,38,13,6,177,33,14,38,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,166,6,116,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,63,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,177,0,0,0,0,0,37,6,20,0,0,0,0,172,25,0,98,99,0,0,197,177,6,14,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 +0,1303,1571504,156501,2270815,197,9,188,38,13,6,182,33,9,33,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,6,121,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,68,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,32,6,20,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow-analyse/flow_risk_lists_disable/protonvpn.pcap.out index 46b293ca8..6f6041099 100644 --- a/test/results/flow-analyse/flow_risk_lists_disable/protonvpn.pcap.out +++ b/test/results/flow-analyse/flow_risk_lists_disable/protonvpn.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,20749,1624,6451,3,0,3,0,0,1,2,2,0,2,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,1,0,0,0,0,3,0,0,2,1,0,0,3,2,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,25,20626,1624,6451,3,0,3,0,0,1,2,2,0,2,0,11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,1,0,0,0,0,3,0,0,2,1,0,0,3,2,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/fpc/1kxun.pcap.out b/test/results/flow-analyse/fpc/1kxun.pcap.out new file mode 100644 index 000000000..96430963e --- /dev/null +++ b/test/results/flow-analyse/fpc/1kxun.pcap.out @@ -0,0 +1,16 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.115.8,106.187.35.246,tcp,49601,80,finished,10,22,1470104379118171,1470104379286078,1470104379304068,0,0,360,1260,720,24259,0,22,11413.0,56171,20339.8,413706496.0,3.1,"26,52106,52225,22,5484,34,48207,11555,801,69,59,49,273,37,27,28,464,56171,23,50473,3499,84,64,53877,45,17726,143,82,52,49,50",40,821.9,1300,585.3,342554.8,4.5,"52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300","8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1","4.540471077,4.540471077,4.955154419,4.784184456,4.784184456,5.816493034,5.816493034,4.216916561,5.618361473,7.450107098,7.815211296,7.836095333,7.822941780,7.836542130,7.816992283,7.822154999,7.824875832,7.819305897,4.734184265,4.734184265,7.817429543,7.824024200,7.815408707,7.842577934,4.684183598,4.684183598,7.822679520,7.834252357,7.831438541,7.831308842,7.851968765,7.839091301",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49602,80,finished,12,20,1470104379118544,1470104379309514,1470104379309350,0,0,359,1260,718,21739,0,22,12315.4,66248,24063.6,579054976.0,2.8,"30,54573,54712,41,4152,56,64506,68,36,30,74,39,719,84,86,86,61743,22,885,65392,59,66248,63,504,2917,559,54,52,83,3871,32",40,743.1,1300,600.3,360321.4,4.4,"52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40","10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0","4.502009392,4.502009392,4.993616104,4.730640888,4.730640888,5.803964615,5.803964615,4.390829086,5.642121315,7.460942745,7.814809799,7.800187588,7.823173046,7.782991886,7.796648026,7.817361355,7.794824600,4.784183979,4.784183979,7.794241905,7.811538219,7.814032555,4.784183979,4.784183979,7.809308529,7.796229362,7.803008556,7.811974525,7.809011459,7.814390182,4.834183693,4.834183693",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49599,80,finished,12,20,1470104379117273,1470104379305366,1470104379309692,0,0,361,1260,722,21739,0,23,12274.6,66840,23326.2,544113344.0,2.9,"36,53209,53269,23,4558,53,61521,40,293,57,57277,26,5093,104,312,45,266,88,5943,34,1372,65090,55,53,50,66840,34,3844,90,757,80",40,743.2,1300,600.2,360235.6,4.4,"52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300","10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1","4.540471077,4.540471077,4.955154419,4.834183693,4.834183693,5.784319878,5.784319878,4.303872585,5.637725830,7.471795559,7.791592598,4.734183788,4.734183788,7.804637909,7.807570934,7.830432415,7.825576305,7.818768978,7.845777035,4.734183788,4.734183788,7.838691235,7.833523750,7.842283726,7.806497097,7.842946529,4.784183979,4.784183979,7.828577518,7.834991455,7.820946693,7.813043594",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49604,80,finished,10,22,1470104379119336,1470104379328801,1470104379305020,0,0,369,1260,1458,23877,0,26,12746.7,96474,26329.7,693255296.0,2.7,"37,50730,50813,26,5716,35,60276,105,70,53,49,73,718,44,49,52,342,56283,26,72323,56,48,50,164,52,68,54,259,49,96474,55",40,833.0,1300,555.0,308021.3,4.6,"52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409","6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0","4.502009392,4.502009392,4.955154896,4.884183884,4.884183884,5.823695183,5.823695183,4.434307098,5.651605129,7.494920254,7.816417217,7.819696903,7.824419022,7.827455044,7.838195324,7.842068195,7.840069771,7.839951038,4.834183693,4.834183693,7.833738804,7.824559212,7.804037571,7.837569714,7.815773964,7.860733032,7.833745480,7.858436108,7.849576473,7.725791931,5.812777519,5.812777519",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49600,80,finished,10,22,1470104379117772,1470104379360886,1470104379361184,0,0,362,1260,724,24259,0,23,15694.4,142000,32346.1,1046270720.0,2.8,"54,51945,52076,32,5225,53,60454,877,31,40,63,40,400,73,48,50,170,85115,142000,23,40785,2483,129,70,65,43573,78,404,66,55,49",40,822.0,1300,585.2,342449.5,4.5,"52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300","8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1","4.540471077,4.540471077,4.993616104,4.784183979,4.784183979,5.806403637,5.806403637,4.330940247,5.620885849,6.705548286,7.731300354,7.779007435,7.737928867,7.737201214,7.704045296,7.681565285,7.569606781,4.071334362,6.314223289,4.784183979,4.784183979,7.705962181,7.781871796,7.735430241,7.740441799,7.698603153,4.834183693,4.834183693,7.712049484,7.719846249,5.648873806,3.023065329",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.185.35.110,tcp,49606,80,finished,14,18,1470104379916887,1470104380141237,1470104380142241,0,0,357,1260,714,20160,0,26,14506.6,146838,33179.1,1100853504.0,2.6,"56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113",40,693.6,1300,612.0,374554.6,4.3,"52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300","12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1","4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"11" +1,ip4,192.168.115.8,42.120.51.152,tcp,49609,8080,finished,19,13,1470104380890420,1470104382084858,1470104381881083,0,0,445,1260,3612,6271,0,25,70487.1,398999,104302.2,10878943232.0,3.6,"50,76520,76599,25,1136,41,62341,85,61755,47,298859,73,398999,66467,177,166123,34,60273,507,89,60822,34,117112,46,178142,469,61984,45,102335,44259,349653",40,350.6,1300,410.3,168364.1,4.1,"52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40","9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0","4.633441925,4.633441925,4.967222691,4.981687069,4.981687069,5.768459320,5.768459320,4.652828693,5.358993053,6.064707279,6.064707279,6.054220200,6.054220200,4.609350204,5.268521309,4.718248367,4.931687355,4.931687355,4.699154854,5.227048397,4.912804604,4.931686878,4.931686878,5.830219269,5.830219269,4.609350204,5.397304058,6.051352978,6.051352978,4.696306705,5.685911179,4.912815094",HTTP,7,0,Acceptable,Web,6,DPI,"5,12" +1,ip4,192.168.115.8,106.187.35.246,tcp,49603,80,finished,11,21,1470104379118972,1470104424311883,1470104379310452,0,0,361,1260,723,22966,0,19,1464012.6,45001141,7948794.0,63183326806016.0,0.1,"34,54477,54551,26,4891,45,65495,70,68,364,89,71,208,46,29,27,25,61484,19,69006,62,56,48,731,52,51,51,454,70696,24,45001141",40,781.6,1300,593.2,351838.7,4.4,"52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41","9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0","4.578932762,4.578932762,5.032077789,4.884183884,4.884183884,5.794129372,5.794129372,4.434307098,5.652597904,7.484868050,7.818575859,7.782110691,7.797027111,7.823266506,7.845933437,7.821538448,7.845500469,7.838393688,4.834183693,4.834183693,7.836544514,7.832671165,7.837013721,7.831301689,7.829290867,7.832065582,7.849477768,7.838781357,7.842006683,4.884183884,4.884183884,4.829466343",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,172.105.121.82,tcp,46170,80,finished,2,30,1654385136207603,1654385137102946,1654385137455380,208,0,212,21600,420,143010,1,0,69132.9,895343,184366.4,33990969344.0,2.2,"356191,54,308075,59,2442,3212,112,200163,0,56,36,29,26,27,25,1594,86,63,42,33,23,24,35,23,895343,371980,1,1344,81,1941,0",260,4534.2,21652,5608.1,31450232.0,4.2,"264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332","0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1","5.893450737,5.720896244,7.959624290,7.965476036,7.917325974,7.914794445,7.850610256,7.954618454,7.905844212,7.834187031,7.916584969,7.918063164,7.852417469,7.840590954,7.847774029,7.850798130,7.845216751,7.939498901,7.947888374,7.909615040,7.916443348,7.857475281,7.837258339,7.835073948,7.714247704,5.815073967,5.763088703,7.974996090,7.979550838,7.864511967,7.949629784,7.970819473",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,161.117.13.29,tcp,45380,80,finished,3,29,1654385140171515,1654385140959776,1654385142015753,424,0,765,8640,1625,79973,1,331,84919.3,408625,132393.4,17528006656.0,3.3,"380392,4573,408625,215737,457,986,1014,178521,331,482,379636,185383,1426,654,331743,5741,174159,6079,334,924,170502,413,6008,1070,341,710,169481,463,585,5307,422",476,2601.9,8692,2200.3,4841425.0,4.6,"817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492","0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12","0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.859029770,7.746788025,7.815745831,5.897830009,7.640064240,7.862792492,7.967751980,7.950705051,7.860798836,7.868959904,7.893837929,5.886357784,7.845828056,7.976538658,7.857397079,7.933415890,7.973951340,7.934168339,7.877964020,7.860165596,7.967057228,7.876602173,7.849090099,7.929278374,7.849063396,7.848120213,7.928964138,7.852302074,7.863938808,7.928197861,7.863379478,7.881860733",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,14.136.136.108,tcp,49380,80,finished,2,30,1654385146276743,1654385147163604,1654385147585918,514,0,526,18720,1040,97896,1,0,70839.9,886861,171207.7,29312067584.0,2.6,"223740,209594,1687,0,207155,354,1309,724,462,462,1177,203967,420,1398,676,628,3543,0,0,886861,237591,464,978,2452,823,206716,876,409,919,0,651",337,3143.8,18772,3724.0,13867894.0,4.3,"566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1","5.862786770,7.902865887,7.781876564,7.771229267,7.963672161,7.848064899,7.850860119,7.915616512,7.853264332,7.865233421,7.839958668,7.951301098,7.843721867,7.832941532,7.839491367,7.869894028,7.948531628,7.838067055,7.923059940,7.938112259,5.870801449,5.836921215,7.830684185,7.978819847,7.990375519,7.851813316,7.925859928,7.854060650,7.888266563,7.969222546,7.854313850,7.852722645",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,1303,1550656,156501,2270815,197,9,188,38,13,6,182,33,9,33,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,6,121,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,68,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,32,6,20,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/fpc/signal_videocall.pcapng.out b/test/results/flow-analyse/fpc/signal_videocall.pcapng.out new file mode 100644 index 000000000..4cd2796c5 --- /dev/null +++ b/test/results/flow-analyse/fpc/signal_videocall.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,35.219.252.146,udp,47926,56377,finished,15,17,1732024434112285,1732024441333397,1732024441541595,28,0,104,96,1156,1232,0,7924,472594.2,2449226,710703.9,505100075008.0,3.7,"65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869",56,102.6,132,22.3,496.6,5.0,"124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124","1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1","5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,34,29593,81563,27668,3,0,3,0,1,0,3,6,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,2,1,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/fpc_disabled/teams.pcap.out b/test/results/flow-analyse/fpc_disabled/teams.pcap.out index 06bdc8c0b..d101760dc 100644 --- a/test/results/flow-analyse/fpc_disabled/teams.pcap.out +++ b/test/results/flow-analyse/fpc_disabled/teams.pcap.out @@ -9,11 +9,11 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",TLS.Microsoft365,91.219,1,Acceptable,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" 1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" -1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,3,DPI (partial),"" +1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Teams,91.250,1,Safe,Collaborative,3,DPI (partial),"" 1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" 1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" -1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,668,641812,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,42,37,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,20,0,0,11,27,19,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 +0,668,640202,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,51,28,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,12,0,0,11,27,27,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out index 826f81540..4d0dcd763 100644 --- a/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/flow-analyse/guess_ip_before_port_enabled/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1303,1583206,156501,2270815,197,9,188,38,13,6,177,33,14,38,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,166,6,116,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,63,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,177,0,0,0,0,0,37,6,20,0,0,0,0,172,25,0,98,99,0,0,197,177,6,14,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 +0,1303,1583231,156501,2270815,197,9,188,38,13,6,182,33,9,33,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,6,121,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,68,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,32,6,20,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/guessing_disable/webex.pcap.out b/test/results/flow-analyse/guessing_disable/webex.pcap.out index f5c2015e2..c2c812353 100644 --- a/test/results/flow-analyse/guessing_disable/webex.pcap.out +++ b/test/results/flow-analyse/guessing_disable/webex.pcap.out @@ -1,9 +1,9 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,10.8.0.1,64.68.105.103,tcp,41346,443,info,17,15,1444570624853841,1444570626601155,1444570626600999,0,0,536,2720,2935,8179,0,160,112724.9,557327,156273.3,24421341184.0,3.7,"6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546",40,387.9,2760,588.9,346810.6,3.8,"60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504","9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0","4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"15" -1,ip4,10.8.0.1,64.68.105.103,tcp,41348,443,info,16,16,1444570627404164,1444570629212279,1444570629155254,0,0,536,17966,2270,46819,0,156,114813.1,455330,125812.7,15828844544.0,4.1,"5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449",40,1574.7,18006,3700.1,13691057.0,2.9,"60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40","10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"15" +1,ip4,10.8.0.1,64.68.105.103,tcp,41346,443,info,17,15,1444570624853841,1444570626601155,1444570626600999,0,0,536,2720,2935,8179,0,160,112724.9,557327,156273.3,24421341184.0,3.7,"6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546",40,387.9,2760,588.9,346810.6,3.8,"60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504","9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0","4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"8,15" +1,ip4,10.8.0.1,64.68.105.103,tcp,41348,443,info,16,16,1444570627404164,1444570629212279,1444570629155254,0,0,536,17966,2270,46819,0,156,114813.1,455330,125812.7,15828844544.0,4.1,"5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449",40,1574.7,18006,3700.1,13691057.0,2.9,"60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40","10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"8,15" 1,ip4,10.8.0.1,64.68.105.103,tcp,41358,443,info,16,16,1444570633357298,1444570635772189,1444570635721813,0,0,536,8847,959,33212,0,383,154174.4,1031495,247176.8,61096366080.0,3.8,"3053,3185,1891,2192,397016,448096,52033,52145,383,52378,209850,261823,51847,1288,975,979869,1031495,52580,53500,94069,93832,53071,53864,119063,117547,148351,147839,51431,51376,96737,96627",40,1108.5,8887,2294.9,5266403.5,3.1,"60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40","12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.446510792,4.665312290,4.665311813,5.339869976,4.565312386,7.238214016,4.665312290,7.216020107,4.615311623,7.281401634,4.615312576,5.978787422,7.616997242,4.515312195,5.692360401,4.565312386,7.861890793,4.665311813,7.976788044,4.665311813,7.858300209,4.715312004,7.979997158,4.665311813,6.756694794,4.615312099,7.862811089,4.611769199,7.975809574,4.715312004,7.874713421,4.715312004",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.224.120,tcp,51155,443,info,16,16,1444570669745822,1444570675008962,1444570675008306,0,0,474,10527,863,17665,0,142,339536.2,2214636,547768.4,300050219008.0,3.7,"14198,16626,142,3176,966820,968167,50625,52096,160025,217339,56893,151808,203416,506402,456173,506119,506174,257962,307348,51007,1799,210726,261737,55501,54303,51893,51311,2214636,2165090,3222,2890",40,619.6,10567,1915.7,3669828.5,2.5,"60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40","13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.471673965,4.784184456,4.784183979,5.354527950,4.684184074,7.260420322,4.784183979,7.246551991,4.734184265,5.886437893,7.525208473,4.734184265,7.158136368,4.734184265,7.747338772,4.784183979,7.959521770,4.784183979,6.617527962,4.784183979,7.154652596,4.834184170,6.117394924,4.834184170,6.934138775,4.784184456,7.251028061,4.734184742,7.541121960,4.784183979,7.600737572,4.834183693",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.224.120,tcp,51154,443,info,16,16,1444570669736143,1444570675113022,1444570675113218,0,0,536,3907,4673,3966,0,309,346901.8,2270107,598058.5,357673959424.0,3.3,"9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021",40,310.6,3947,685.4,469733.5,3.5,"60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40","3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" 1,ip4,10.8.0.1,62.109.229.158,tcp,51857,443,info,16,16,1444570716599098,1444570719040525,1444570720047703,0,0,378,3907,1559,4630,0,213,190001.0,1366658,352312.5,124124102656.0,3.4,"4232,4962,6442,7614,1312624,1366658,17526,71444,145665,198977,339,53733,129549,180935,213,51454,121214,172258,51492,51164,125484,176177,50764,50844,546,1023,264310,263832,849,855,1006853",40,234.0,3947,677.2,458632.1,3.1,"60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109","7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1","4.459092140,4.834184170,4.784183979,5.220240593,4.734184265,7.263404846,4.784183979,7.281803131,4.784184456,5.980217934,4.834184170,6.198987961,4.784184456,5.680279255,4.834183693,7.512312412,4.784184456,6.181793690,4.784184456,7.433725834,4.784183979,6.433676720,4.784184456,6.824645042,4.734184265,6.550875664,4.634184361,6.555935860,4.784184456,6.391854286,4.734184265,6.211565018",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,500,430601,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,8,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,101,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,25,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 +0,500,429665,67701,426653,57,45,12,2,6,4,53,39,0,51,0,279,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,10,45,8,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,53,0,0,0,0,0,10,2,111,0,0,0,0,57,0,0,55,2,0,0,57,53,4,0,0,0,0,0,0,0,0,76,36,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/http_process_response_disable/http.pcapng.out b/test/results/flow-analyse/http_process_response_disable/http.pcapng.out index c4feb8c2c..f1059c94d 100644 --- a/test/results/flow-analyse/http_process_response_disable/http.pcapng.out +++ b/test/results/flow-analyse/http_process_response_disable/http.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8302,74,528,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8302,74,528,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/flow-analyse/http_process_response_disable/http_asymmetric.pcapng.out index 42b3d3561..382532b27 100644 --- a/test/results/flow-analyse/http_process_response_disable/http_asymmetric.pcapng.out +++ b/test/results/flow-analyse/http_process_response_disable/http_asymmetric.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,20,22193,8665,0,2,2,0,0,0,0,2,1,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,3,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,20,22193,8665,0,2,2,0,0,0,0,2,1,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,3,0,2,0,0,0,0,2,0,0,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out b/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out index 870c36419..f8d24fe63 100644 --- a/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out +++ b/test/results/flow-analyse/ip_lists_disable/1kxun.pcap.out @@ -13,4 +13,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" 1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,1303,1567570,156501,2270815,197,9,188,38,13,6,177,33,14,38,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,166,6,116,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,63,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,177,0,0,0,0,0,37,6,20,0,0,0,0,172,25,0,98,99,0,0,197,177,6,14,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 +0,1303,1567595,156501,2270815,197,9,188,38,13,6,182,33,9,33,0,624,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,171,6,121,53,0,0,0,2,0,0,0,1,0,0,0,39,0,0,0,5,0,0,0,0,68,0,0,45,22,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,182,0,0,0,0,0,32,6,20,0,0,0,0,172,25,0,98,99,0,0,197,182,6,9,0,0,0,0,0,5,0,0,4,0,0,10,13,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,3,0,0,13,0,0,0,0,0,0,0,1,0,0 diff --git a/test/results/flow-analyse/monitoring/signal_audiocall.pcapng.out b/test/results/flow-analyse/monitoring/signal_audiocall.pcapng.out new file mode 100644 index 000000000..9ea93ce9d --- /dev/null +++ b/test/results/flow-analyse/monitoring/signal_audiocall.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,35.219.252.146,udp,45419,3478,finished,16,16,1732024252560499,1732024255506282,1732024255591142,20,0,140,140,1348,1440,0,34,192787.9,1009305,328853.4,108144574464.0,3.4,"1679,3660,1244,10270,10180,26749,26618,250237,250253,501155,501113,1004003,1009305,956070,950707,3808,8981,1122,5251,38927,115928,34,84920,11595,28824,12973,35886,1216,42468,17725,63525",48,115.1,168,39.1,1531.7,4.9,"48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136","6,0,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,4,6,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,0,0,1,1,1","5.092222691,4.896289825,5.489066124,5.744682789,5.768844128,5.706256866,4.913536072,5.656898022,4.877822399,5.693010330,4.913536072,5.644444466,4.877821922,5.674491882,5.815627575,5.871930599,6.136301041,5.839058876,5.921264172,5.746930122,5.986515999,6.205406189,5.953484058,5.819549084,5.906489849,6.141389370,5.824335575,5.926788807,5.885375023,5.921932697,5.977344990,5.910892010",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.67,35.219.226.11,udp,45419,54116,finished,17,15,1732024255554100,1732024262728582,1732024262809079,28,0,104,96,1240,1108,0,7975,465466.5,2229214,655102.9,429159809024.0,3.8,"49177,63824,48661,39317,8988,7975,43088,49998,8002,41078,51322,943432,1038291,262155,354976,260389,75745,606181,10918,31204,394466,279938,364276,2145789,28790,2221167,290330,345130,931089,1204551,2229214",56,101.4,132,22.2,491.6,5.0,"124,124,92,132,124,92,92,124,92,92,124,92,132,92,124,92,56,84,84,56,124,92,124,92,124,56,92,124,92,84,124,92","2,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,7,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1","5.954615116,5.890099049,5.936881542,5.799671173,5.975784302,5.832649708,5.819981575,5.872922421,5.789170742,5.862594128,5.872116566,5.802706242,5.723914146,5.759228230,5.937438488,5.737487316,5.186729908,5.916122437,5.723992348,5.190757751,5.819494724,5.923347950,5.943526745,5.780966759,5.877923489,5.155044079,5.841721058,5.969696999,5.737488747,5.781786919,5.896186829,5.789172649",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,44,39875,19864,19438,4,0,4,0,2,0,4,7,0,3,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,2,4,0,0,0,0,0,4,0,0,0,4,0,0,4,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/signal_videocall.pcapng.out b/test/results/flow-analyse/monitoring/signal_videocall.pcapng.out new file mode 100644 index 000000000..4ac6c9136 --- /dev/null +++ b/test/results/flow-analyse/monitoring/signal_videocall.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,35.219.252.146,udp,47926,56377,finished,15,17,1732024434112285,1732024441333397,1732024441541595,28,0,104,96,1156,1232,0,7924,472594.2,2449226,710703.9,505100075008.0,3.7,"65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869",56,102.6,132,22.3,496.6,5.0,"124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124","1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1","5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,34,29831,81563,27668,3,0,3,0,1,0,3,6,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,2,1,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/flow-analyse/monitoring/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..25fd98356 --- /dev/null +++ b/test/results/flow-analyse/monitoring/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.117,35.207.67.68,udp,59446,10000,finished,21,11,1733247515941563,1733247521000514,1733247521314176,28,0,100,100,1239,830,0,300,336502.1,1071142,395522.0,156437676032.0,3.9,"32884,48827,300,44457,50533,44084,223767,385,25289,800734,1030880,20622,201493,673,800784,981685,21273,210614,756,118515,13444,1043663,879515,925,1071142,1007160,651,274470,390884,400116,691039",56,92.7,128,28.2,793.4,4.9,"128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74","1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1","5.630286694,5.730687141,5.077819824,5.651809216,5.741195202,5.841376781,5.766547680,5.757154465,5.171569824,5.046569824,5.753524780,5.387711525,5.789052010,5.652456284,5.077819824,5.626456738,5.428714275,5.731467724,5.790346146,5.060848236,5.754378796,5.151015759,5.367309570,5.684864521,5.159774780,5.404538155,5.853539467,5.171569824,5.637804031,5.766547680,5.049053192,5.377511024",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,14,13654,67701,18298,1,0,1,0,1,0,1,2,0,1,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/stun.pcap.out b/test/results/flow-analyse/monitoring/stun.pcap.out index 582eef276..f98697455 100644 --- a/test/results/flow-analyse/monitoring/stun.pcap.out +++ b/test/results/flow-analyse/monitoring/stun.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,31.13.86.54,udp,38123,40003,finished,17,15,1629291451242856,1629291458067482,1629291458262623,28,0,140,132,2076,1496,0,34,446593.3,6004359,1462539.6,2139022032896.0,1.9,"11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153",56,139.6,168,32.1,1033.4,5.0,"56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160","1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1","4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147",STUN.FacebookVoip,78.268,0,Acceptable,VoIP,6,DPI,"5" 1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",DTLS.GoogleCall,30.404,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,92,82593,9664,9072,9,1,8,3,3,0,9,11,0,5,0,38,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,3,0,0,0,0,0,7,2,0,2,6,1,0,9,9,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,92,82993,9664,9072,9,1,8,3,3,0,9,11,0,5,0,38,1,0,1,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,7,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,3,0,0,0,0,0,7,2,0,2,6,1,0,9,9,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/stun_google_meet.pcapng.out b/test/results/flow-analyse/monitoring/stun_google_meet.pcapng.out index 5d0689f81..aed7af561 100644 --- a/test/results/flow-analyse/monitoring/stun_google_meet.pcapng.out +++ b/test/results/flow-analyse/monitoring/stun_google_meet.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,142.250.82.76,udp,45400,3478,finished,16,16,1687685005044008,1687685041837696,1687685041855156,116,0,124,64,1864,1024,0,30238,2374349.5,8437597,2513707.0,6318722646016.0,4.3,"30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856",92,118.2,152,26.3,690.9,5.0,"152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92","0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676",STUN.GoogleCall,78.404,0,Acceptable,VoIP,6,DPI,"" 1,ip6,2001:b07:a3d:c112:48a1:1094:1227:281e,2001:4860:4864:6::81,udp,45572,19305,finished,6,26,1697468935898948,1697468936037339,1697468936047117,81,0,546,1203,1148,6916,0,0,9243.9,81640,19965.3,398613152.0,2.8,"26858,81640,683,74446,3025,28042,16509,24776,333,0,0,0,0,0,0,0,0,0,0,0,0,0,11517,15951,2780,0,0,0,0,0,0",85,300.0,1251,206.9,42788.4,4.7,"172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308","0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1","5.951032162,5.736715317,5.834187984,5.024463177,5.864942074,7.322808743,6.692216396,5.868327141,7.354635239,4.724500656,7.025775909,7.078637600,7.104609966,7.082355022,7.017282486,7.010787487,7.078490257,7.062924862,7.034311771,7.109773636,7.020790577,7.051887035,5.674198151,5.651331425,5.745950699,7.084123135,7.055697918,7.005239010,7.013784885,6.117315292,7.010463715,6.985410213",DTLS.GoogleCall,30.404,1,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,76,69958,13243,43190,7,0,7,6,4,0,7,7,0,5,0,34,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,6,1,0,0,7,0,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,76,70093,13243,43190,7,0,7,6,4,0,7,7,0,5,0,34,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,6,1,0,0,7,0,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/stun_signal.pcapng.out b/test/results/flow-analyse/monitoring/stun_signal.pcapng.out index 5573e0d52..109f13741 100644 --- a/test/results/flow-analyse/monitoring/stun_signal.pcapng.out +++ b/test/results/flow-analyse/monitoring/stun_signal.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,35.158.183.167,192.168.12.169,icmp,,,finished,30,2,1636901936083692,1636901980739508,1636901940925734,56,0,64,104,1760,208,0,15,1596705.0,17079364,3547473.5,12584568750080.0,2.8,"4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065",76,81.5,124,11.6,133.8,5.0,"76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84","0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384",ICMP,81,0,Acceptable,Network,6,DPI,"35" 1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,233,199422,13408,16192,23,0,23,15,3,0,23,30,0,19,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,16,35,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0 +0,233,201118,13408,16192,23,0,23,15,3,0,23,30,0,19,0,113,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,20,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,8,0,0,0,0,0,16,35,0,0,0,0,0,23,0,0,0,21,2,0,23,23,0,0,0,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/stun_wa_call.pcapng.out b/test/results/flow-analyse/monitoring/stun_wa_call.pcapng.out index eb2663152..08d4e800b 100644 --- a/test/results/flow-analyse/monitoring/stun_wa_call.pcapng.out +++ b/test/results/flow-analyse/monitoring/stun_wa_call.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,93.57.123.227,udp,46652,3478,finished,17,15,1676659968029444,1676659971853147,1676659971919436,20,0,272,245,2693,1097,0,33,248828.9,2505343,601339.2,361608839168.0,2.9,"164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001",48,146.4,300,92.2,8492.2,4.7,"240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273","2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1","7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.12.156,157.240.203.62,udp,49526,3478,finished,16,16,1676660020625604,1676660020791890,1676660020799292,20,0,272,512,1396,6812,0,24,10966.9,25268,4978.7,24787812.0,4.8,"137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527",48,284.5,540,217.5,47305.8,4.6,"300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540","1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,132,119151,44019,64856,13,0,13,5,2,0,13,22,0,13,0,61,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,9,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,12,4,0,0,0,0,0,13,0,0,0,12,1,0,13,13,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0 +0,132,120295,44019,64856,13,0,13,5,2,0,13,22,0,13,0,61,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,9,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,12,4,0,0,0,0,0,13,0,0,0,12,1,0,13,13,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/stun_zoom.pcapng.out b/test/results/flow-analyse/monitoring/stun_zoom.pcapng.out index a7b0e707b..d4894327f 100644 --- a/test/results/flow-analyse/monitoring/stun_zoom.pcapng.out +++ b/test/results/flow-analyse/monitoring/stun_zoom.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.43.169,134.224.90.111,udp,53065,8801,finished,17,15,1661169535618755,1661169536326542,1661169536383924,50,0,189,1052,2576,5172,0,5,47514.7,193831,51140.5,2615352320.0,4.1,"20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466",42,270.1,1080,313.1,98043.5,4.3,"184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42","0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1","5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696",DTLS,30,1,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,27473,4671,10647,2,0,2,0,1,0,2,8,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,6,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,28,27509,4671,10647,2,0,2,0,1,0,2,8,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,6,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/teams.pcap.out b/test/results/flow-analyse/monitoring/teams.pcap.out index 4a99d6202..0ce0cff9b 100644 --- a/test/results/flow-analyse/monitoring/teams.pcap.out +++ b/test/results/flow-analyse/monitoring/teams.pcap.out @@ -9,11 +9,11 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",TLS.Microsoft365,91.219,1,Acceptable,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" 1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" -1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,3,DPI (partial),"" +1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Teams,91.250,1,Safe,Collaborative,3,DPI (partial),"" 1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" 1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" -1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,668,640476,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,42,37,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,20,0,0,11,27,19,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 +0,668,638866,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,51,28,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,12,0,0,11,27,27,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out b/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out index 31e672540..753a9f6c6 100644 --- a/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out +++ b/test/results/flow-analyse/monitoring/telegram_videocall.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"5" 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,258,220556,59877,270358,34,6,28,1,4,2,32,14,0,26,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,30,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,258,221659,59877,270358,34,6,28,1,4,2,32,14,0,26,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,30,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/telegram_videocall_2.pcapng.out b/test/results/flow-analyse/monitoring/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..7d9927aea --- /dev/null +++ b/test/results/flow-analyse/monitoring/telegram_videocall_2.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,91.108.9.106,udp,39968,1400,finished,16,16,1731946740900337,1731946742240391,1731946742264226,28,0,652,262,2187,1616,0,16,87224.0,633159,149549.7,22365106176.0,3.7,"24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564",56,146.8,680,107.0,11452.5,4.8,"56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89","1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.12.67,91.108.9.10,udp,44275,597,finished,17,15,1731946740900678,1731946742884971,1731946742282512,40,0,596,572,2244,1980,0,14,108584.7,699013,167856.0,28175654912.0,3.8,"24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013",68,160.0,624,120.1,14426.0,4.7,"68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148","0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0","4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,65,56276,49274,68741,8,0,8,0,2,0,8,6,0,3,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,2,6,0,0,0,0,0,7,1,0,0,8,0,0,8,8,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/monitoring/telegram_voice.pcapng.out b/test/results/flow-analyse/monitoring/telegram_voice.pcapng.out new file mode 100644 index 000000000..490c8788e --- /dev/null +++ b/test/results/flow-analyse/monitoring/telegram_voice.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,91.108.9.68,udp,41011,596,finished,11,21,1731945728464288,1731945728965019,1731945729659565,40,0,572,640,1556,3292,0,8,54709.9,245348,61453.4,3776523008.0,4.1,"25074,216674,245348,4517,49052,101090,2123,47856,705,203,47977,8,48680,63235,15,67883,33733,30921,5566,35563,42632,10,106554,90512,4893,3141,92065,131857,148102,20831,29188",68,179.5,668,151.2,22848.8,4.6,"68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92","0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1","4.577797413,4.704595566,5.840540886,6.068605900,5.729596138,5.724494934,6.023389339,5.735745430,5.209395409,6.047139168,5.621933937,5.952142715,5.800000668,6.109596729,6.500761509,6.081621647,6.754777431,5.751046658,6.006148338,4.577797413,4.704595566,7.371456146,5.947301865,6.372353077,5.506771564,5.806564331,6.849390507,5.727319241,5.766920567,5.701651573,6.887141705,5.708128929",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.67,91.108.9.34,udp,42567,1400,finished,23,9,1731945728460409,1731945729768352,1731945729070645,28,0,209,148,2538,948,0,263,61876.7,364488,85905.3,7379713024.0,4.0,"28317,34064,35508,364488,566,362690,49517,68716,48417,51074,2919,56026,29084,263,48698,1930,20770,10384,79381,92318,1601,769,131478,118774,44174,69454,51913,13839,47939,1880,51228",56,136.9,237,39.8,1586.6,4.9,"56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82","1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","4.971485138,5.671458721,5.746047974,5.878075600,5.706763744,5.727324486,5.785743237,5.641233921,5.929356098,5.664824486,5.968761921,5.817453384,5.830233097,5.731947422,5.954558372,5.994700909,5.790436745,5.817786694,5.885230064,5.863245964,5.738586903,5.528282642,6.865426064,5.427438736,6.728340626,6.638175011,6.711227417,6.654670715,5.510934830,6.905664921,5.741343975,5.854089737",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,82,70079,60389,66728,10,0,10,0,2,0,10,8,0,4,0,39,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,7,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,8,0,0,0,0,0,9,1,0,0,9,1,0,10,10,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/flow-analyse/ndpireader_conf_file/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..8036f904d --- /dev/null +++ b/test/results/flow-analyse/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.156,185.128.25.99,tcp,37976,465,info,15,17,1722427237865123,1722427239098966,1722427239119270,0,0,749,1448,2029,6170,0,4,80257.7,1019751,241804.0,58469183488.0,2.3,"20026,22066,6196,28075,47,21155,1036,26262,32,5,4,27970,122,183,23639,57497,41848,4811,15826,16412,4857,7937,24736,465,24028,23273,24679,66760,1019751,977576,716",52,308.7,1500,431.5,186180.0,4.0,"60,60,52,140,52,152,52,429,148,1500,1500,1500,52,52,152,164,52,52,376,873,52,52,801,52,310,172,395,176,52,199,52,148","7,0,1,3,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,4,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1","4.713300705,5.200119972,5.118428230,6.481626511,5.065449238,6.636507511,5.079966068,7.256804943,6.578202248,7.858069420,7.854922771,7.883089542,5.041504383,5.118428230,6.483579159,6.730767250,5.079966068,5.079966068,7.347016811,7.755306244,5.079966545,5.118428230,7.724539757,5.156889439,7.263402939,6.729237556,7.474316120,6.499718189,5.118428230,6.903886318,5.118427753,6.545400143",,,,,,,,"" +1,ip4,107.161.86.131,192.168.12.156,tcp,443,48072,info,11,21,1722705590754656,1722705591511972,1722705591387622,0,0,100,46,196,218,0,26,44847.8,303035,76201.7,5806696960.0,3.5,"102069,4840,6500,5499,5384,5348,5717,5375,5168,5616,5148,255594,100325,15640,143042,32722,143022,26,303035,27745,1278,5419,5419,5738,6677,5026,142895,27779,1244,5483,5509",52,67.3,152,23.7,562.8,4.9,"60,52,61,61,61,61,61,61,61,61,61,59,64,88,58,80,80,52,152,98,52,59,59,59,59,59,59,52,148,52,52,52","9,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","19,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0","5.300120831,5.233812809,5.399485111,5.467381954,5.434595108,5.401808262,5.500168800,5.401808262,5.455006599,5.377057552,5.233534813,5.055375576,5.207358360,5.946230888,5.336176872,5.165400982,5.130965233,5.231892586,6.316833973,5.691545963,5.156889915,5.259676456,5.280779839,5.403578281,5.333379745,5.369679928,5.299482346,5.193430901,6.433825016,5.140452385,5.193430901,5.270354271",,,,,,,,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,30,27032,14851,27360,3,0,3,0,2,3,0,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,1,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/flow-analyse/ndpireader_conf_file/signal_videocall.pcapng.out new file mode 100644 index 000000000..d5c7ab051 --- /dev/null +++ b/test/results/flow-analyse/ndpireader_conf_file/signal_videocall.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.67,35.219.252.146,udp,47926,56377,finished,15,17,1732024434112285,1732024441333397,1732024441541595,28,0,104,96,1156,1232,0,7924,472594.2,2449226,710703.9,505100075008.0,3.7,"65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869",56,102.6,132,22.3,496.6,5.0,"124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124","1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1","5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,34,30171,81563,27668,3,0,3,0,1,0,3,6,0,3,0,15,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,2,1,0,0,0,0,0,3,0,0,0,3,0,0,3,3,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/flow-analyse/ndpireader_conf_file/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..f85d32847 --- /dev/null +++ b/test/results/flow-analyse/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.117,35.219.252.146,tcp,51296,80,finished,17,15,1733247378288841,1733247378757373,1733247378756881,0,0,132,248,1352,880,0,0,30212.0,286751,67983.4,4621743104.0,3.1,"5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409",40,111.6,288,62.1,3852.6,4.8,"52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140","6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0","4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"" +timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +0,13,11472,58588,27476,1,0,1,0,1,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out b/test/results/flow-analyse/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out index f7aa1c5db..84e9967e5 100644 --- a/test/results/flow-analyse/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out +++ b/test/results/flow-analyse/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,185.128.25.99,tcp,37976,465,info,15,17,1722427237865123,1722427239098966,1722427239119270,0,0,749,1448,2029,6170,0,4,80257.7,1019751,241804.0,58469183488.0,2.3,"20026,22066,6196,28075,47,21155,1036,26262,32,5,4,27970,122,183,23639,57497,41848,4811,15826,16412,4857,7937,24736,465,24028,23273,24679,66760,1019751,977576,716",52,308.7,1500,431.5,186180.0,4.0,"60,60,52,140,52,152,52,429,148,1500,1500,1500,52,52,152,164,52,52,376,873,52,52,801,52,310,172,395,176,52,199,52,148","7,0,1,3,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,4,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1","4.713300705,5.200119972,5.118428230,6.481626511,5.065449238,6.636507511,5.079966068,7.256804943,6.578202248,7.858069420,7.854922771,7.883089542,5.041504383,5.118428230,6.483579159,6.730767250,5.079966068,5.079966068,7.347016811,7.755306244,5.079966545,5.118428230,7.724539757,5.156889439,7.263402939,6.729237556,7.474316120,6.499718189,5.118428230,6.903886318,5.118427753,6.545400143",,,,,,,,"" 1,ip4,107.161.86.131,192.168.12.156,tcp,443,48072,info,11,21,1722705590754656,1722705591511972,1722705591387622,0,0,100,46,196,218,0,26,44847.8,303035,76201.7,5806696960.0,3.5,"102069,4840,6500,5499,5384,5348,5717,5375,5168,5616,5148,255594,100325,15640,143042,32722,143022,26,303035,27745,1278,5419,5419,5738,6677,5026,142895,27779,1244,5483,5509",52,67.3,152,23.7,562.8,4.9,"60,52,61,61,61,61,61,61,61,61,61,59,64,88,58,80,80,52,152,98,52,59,59,59,59,59,59,52,148,52,52,52","9,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","19,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0","5.300120831,5.233812809,5.399485111,5.467381954,5.434595108,5.401808262,5.500168800,5.401808262,5.455006599,5.377057552,5.233534813,5.055375576,5.207358360,5.946230888,5.336176872,5.165400982,5.130965233,5.231892586,6.316833973,5.691545963,5.156889915,5.259676456,5.280779839,5.403578281,5.333379745,5.369679928,5.299482346,5.193430901,6.433825016,5.140452385,5.193430901,5.270354271",,,,,,,,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,30,27182,14851,27360,3,0,3,0,2,3,0,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,1,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,30,27182,14851,27360,3,0,3,0,2,3,0,0,0,0,0,15,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,1,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/packets_limit_per_flow/tls_verylong_certificate.pcap.out index a95caf745..a3f76bb0f 100644 --- a/test/results/flow-analyse/packets_limit_per_flow/tls_verylong_certificate.pcap.out +++ b/test/results/flow-analyse/packets_limit_per_flow/tls_verylong_certificate.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,16812,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,16689,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_all_attributes_disabled/teams.pcap.out b/test/results/flow-analyse/stun_all_attributes_disabled/teams.pcap.out index 26082c49e..7711ac425 100644 --- a/test/results/flow-analyse/stun_all_attributes_disabled/teams.pcap.out +++ b/test/results/flow-analyse/stun_all_attributes_disabled/teams.pcap.out @@ -9,11 +9,11 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",TLS.Microsoft365,91.219,1,Acceptable,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" 1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" -1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,3,DPI (partial),"" +1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,info,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Teams,91.250,1,Safe,Collaborative,3,DPI (partial),"" 1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" 1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" 1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" -1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,668,652500,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,42,37,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,20,0,0,11,27,19,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 +0,668,650890,293772,293323,83,17,66,0,16,2,80,51,1,29,16,317,1,0,1,1,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,27,56,51,28,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,12,0,0,11,27,27,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,74,0,0,0,0,0,38,12,2,0,0,0,0,83,0,0,42,40,1,0,83,80,2,1,0,0,0,0,0,12,0,0,0,0,2,0,2,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,5,0,0,1,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_extra_dissection/lru_ipv6_caches.pcapng.out b/test/results/flow-analyse/stun_extra_dissection/lru_ipv6_caches.pcapng.out index 81c3c263f..65d77b543 100644 --- a/test/results/flow-analyse/stun_extra_dissection/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-analyse/stun_extra_dissection/lru_ipv6_caches.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,89,93292,14408,846,12,0,12,0,0,0,12,9,0,11,0,41,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,5,1,11,0,0,0,0,0,0,0,0,0,0,0,0,3,0,5,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,8,0,0,0,0,0,13,8,0,0,0,0,0,0,12,0,3,9,0,0,12,12,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0 +0,89,93337,14408,846,12,0,12,0,0,0,12,9,0,11,0,41,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,5,1,11,0,0,0,0,0,0,0,0,0,0,0,0,3,0,5,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,8,0,0,0,0,0,13,8,0,0,0,0,0,0,12,0,3,9,0,0,12,12,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp.pcapng.out b/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp.pcapng.out index 3b89d384f..729503bc7 100644 --- a/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp.pcapng.out +++ b/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,142.250.82.76,udp,37967,19305,finished,18,14,1669989925164266,1669989925844909,1669989925832608,65,0,545,1203,2558,3623,0,29,43515.6,258068,58201.4,3387401984.0,4.0,"23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379",68,221.2,1231,244.4,59721.8,4.4,"144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112","0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0","5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715",DTLS.GoogleCall,30.404,1,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.12.182,142.250.82.249,tcp,50221,3478,finished,17,15,1710679657055887,1710679657765266,1710679657791909,0,0,196,656,1320,1924,0,0,46625.8,509459,117745.2,13863926784.0,2.8,"2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125",40,142.1,696,150.7,22704.0,4.4,"52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160","8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1","4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992",STUN.GoogleCall,78.404,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,25,25070,5120,16163,2,0,2,0,2,0,2,3,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,25,25087,5120,16163,2,0,2,0,2,0,2,3,0,1,0,10,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,1,1,0,0,2,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out index 04a362a92..f0e6b0764 100644 --- a/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/flow-analyse/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,21,18357,8552,0,2,0,2,0,0,0,2,2,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,21,18491,8552,0,2,0,2,0,0,0,2,2,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,4,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/flow-analyse/stun_extra_dissection/stun_zoom.pcapng.out index d1a31b73e..fdda1861a 100644 --- a/test/results/flow-analyse/stun_extra_dissection/stun_zoom.pcapng.out +++ b/test/results/flow-analyse/stun_extra_dissection/stun_zoom.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.43.169,134.224.90.111,udp,53065,8801,finished,17,15,1661169535618755,1661169536326542,1661169536383924,50,0,189,1052,2576,5172,0,5,47514.7,193831,51140.5,2615352320.0,4.1,"20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466",42,270.1,1080,313.1,98043.5,4.3,"184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42","0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1","5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696",DTLS,30,1,Safe,Network,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,28,27781,4671,10647,2,0,2,0,1,0,2,8,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,6,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,28,27817,4671,10647,2,0,2,0,1,0,2,8,0,2,0,10,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,6,0,0,0,0,0,2,0,0,0,2,0,0,2,2,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_only_peer_address_enabled/stun_wa_call.pcapng.out b/test/results/flow-analyse/stun_only_peer_address_enabled/stun_wa_call.pcapng.out index 1d3eb0130..f240ce949 100644 --- a/test/results/flow-analyse/stun_only_peer_address_enabled/stun_wa_call.pcapng.out +++ b/test/results/flow-analyse/stun_only_peer_address_enabled/stun_wa_call.pcapng.out @@ -2,4 +2,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,93.57.123.227,udp,46652,3478,finished,17,15,1676659968029444,1676659971853147,1676659971919436,20,0,272,245,2693,1097,0,33,248828.9,2505343,601339.2,361608839168.0,2.9,"164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001",48,146.4,300,92.2,8492.2,4.7,"240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273","2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1","7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" 1,ip4,192.168.12.156,157.240.203.62,udp,49526,3478,finished,16,16,1676660020625604,1676660020791890,1676660020799292,20,0,272,512,1396,6812,0,24,10966.9,25268,4978.7,24787812.0,4.8,"137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527",48,284.5,540,217.5,47305.8,4.6,"300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540","1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,132,121791,44019,64856,13,0,13,5,2,0,13,22,0,13,0,61,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,9,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,12,4,0,0,0,0,0,13,0,0,0,12,1,0,13,13,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0 +0,132,122935,44019,64856,13,0,13,5,2,0,13,22,0,13,0,61,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,9,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,0,0,0,0,12,4,0,0,0,0,0,13,0,0,0,12,1,0,13,13,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index 92cd6ee18..a93869c0f 100644 --- a/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/flow-analyse/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"5" 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,"35" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,258,225716,59877,270358,34,6,28,1,4,2,32,14,0,26,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,30,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 +0,258,226819,59877,270358,34,6,28,1,4,2,32,14,0,26,0,134,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,20,1,31,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,4,0,0,1,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,21,0,7,0,0,0,12,30,0,0,0,0,0,31,3,0,10,19,3,2,34,32,2,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out b/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out index 0d32e7437..3de9836be 100644 --- a/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out +++ b/test/results/flow-analyse/subclassification_disable/anydesk.pcapng.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.187,192.168.1.178,tcp,54164,7070,info,14,18,1613977595379986,1613977601740964,1613977601737415,0,0,3926,1460,5712,2727,0,0,410271.2,3021750,825943.1,682181918720.0,2.9,"491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006",40,306.3,3966,747.4,558552.1,3.1,"52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116","6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1","11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0","4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"5,15,24,30" 1,ip4,192.168.1.128,195.181.174.176,tcp,48260,443,info,16,16,1663090549161771,1663090558034917,1663090558365585,0,0,1448,1448,5817,3029,0,4,583127.8,8444631,2063627.1,4258557067264.0,1.5,"17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993",52,328.9,1500,495.5,245485.5,3.8,"60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145","8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0","7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1","4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"24,30,31" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,66,67936,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,66,67526,19883,15955,7,1,6,0,3,0,7,8,0,5,0,29,1,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,4,3,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,4,13,0,0,0,0,0,7,0,0,5,2,0,0,7,7,0,0,0,0,0,0,0,8,0,0,1,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,9,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/subclassification_disable/dns.pcap.out b/test/results/flow-analyse/subclassification_disable/dns.pcap.out index 5c9ba0ea1..01a2c59d5 100644 --- a/test/results/flow-analyse/subclassification_disable/dns.pcap.out +++ b/test/results/flow-analyse/subclassification_disable/dns.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,9574,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,14,9574,67,33,1,0,1,0,0,0,1,0,0,0,2,3,1,0,1,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/subclassification_disable/http.pcapng.out b/test/results/flow-analyse/subclassification_disable/http.pcapng.out index e63a02bfc..679678519 100644 --- a/test/results/flow-analyse/subclassification_disable/http.pcapng.out +++ b/test/results/flow-analyse/subclassification_disable/http.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,11,8258,74,528,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,11,8258,74,528,1,1,0,0,0,0,1,0,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/subclassification_disable/quic-mvfst-27.pcapng.out b/test/results/flow-analyse/subclassification_disable/quic-mvfst-27.pcapng.out index 378a97e4d..3042a61ed 100644 --- a/test/results/flow-analyse/subclassification_disable/quic-mvfst-27.pcapng.out +++ b/test/results/flow-analyse/subclassification_disable/quic-mvfst-27.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,10,16090,2538,6981,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,10,16049,2538,6981,1,0,1,0,0,0,1,0,0,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/subclassification_disable/tls_ech.pcapng.out b/test/results/flow-analyse/subclassification_disable/tls_ech.pcapng.out index e92cf9e64..4cb7b9994 100644 --- a/test/results/flow-analyse/subclassification_disable/tls_ech.pcapng.out +++ b/test/results/flow-analyse/subclassification_disable/tls_ech.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,12,10850,648,2702,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,12,10768,648,2702,1,0,1,0,0,0,1,1,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out index 0d14f2beb..3263ecf91 100644 --- a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip6,2001:b07:a3d:c112:8628:88aa:8b00:913c,2a00:1450:4002:416::200e,tcp,45334,443,info,15,17,1725100298310198,1725100298432355,1725100298432652,0,0,517,4876,821,22039,0,0,7890.7,49565,13540.2,183336016.0,3.3,"3409,3461,254,3875,24459,28067,229,0,209,14,2973,7544,5275,6462,46393,49565,1,0,8985,52,29,430,0,0,0,285,43,26100,26117,380,0",72,786.9,4948,1186.2,1407143.5,3.9,"80,80,72,589,72,1280,72,4904,631,72,72,345,720,103,103,72,1280,293,1280,72,72,72,1280,1280,1280,4948,72,72,1280,72,1280,1280","13,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,1,0,0,1,0,1,1","4.755182266,5.261822701,5.153629780,4.806141853,5.165501118,7.786862373,5.164113998,7.965732574,7.625080109,5.164113998,5.164113998,7.146784306,7.713749886,5.760443687,5.767366886,5.125851631,7.825596809,7.149698257,7.853908539,5.153629303,5.153629303,5.153629303,7.834226608,7.855994701,7.841277122,7.962058067,5.125851631,5.153629780,7.850774765,5.153629303,7.848540783,7.840482712",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,33984,2832,70769,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,38,33902,2832,70769,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out index 714ba7c00..63ba28b13 100644 --- a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip4,192.168.1.183,142.250.180.142,tcp,58730,443,info,17,15,1725367999286453,1725367999398999,1725367999398966,0,0,517,1400,821,12908,0,22,7260.0,70369,15439.7,238384560.0,3.0,"2680,2720,332,2729,17168,19575,50,34,34,27,27,25,25,22,8415,468,11244,2981,2278,5685,46101,70369,31667,78,33,33,33,33,80,80,33",52,481.5,1452,599.8,359742.8,3.9,"60,60,52,569,52,1452,52,1452,52,1452,52,1452,52,1053,52,132,245,700,83,83,52,52,1452,52,80,52,1452,52,1452,52,1452,52","14,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0","4.560013294,5.154205322,4.948144436,4.755980968,4.948144436,7.827642918,4.832759857,7.843367100,4.871221066,7.869987488,4.818243027,7.874095440,4.832759380,7.816403389,4.818242550,6.232886791,6.951427460,7.683448792,5.618761063,5.537375927,4.909682751,4.909683228,7.868943691,4.909682751,5.617374897,4.909682751,7.869823933,4.909682751,7.884392262,4.909682751,7.861354828,4.830034733",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,75,68577,3321,29989,10,0,10,0,1,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 +0,75,68413,3321,29989,10,0,10,0,1,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out index 195e0ec02..1252bd456 100644 --- a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,74,65937,3385,37346,10,0,10,0,0,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,8,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 +0,74,65773,3385,37346,10,0,10,0,0,0,10,10,0,4,0,31,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,8,1,5,4,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,3,2,0,0,0,0,0,10,0,0,3,7,0,0,10,10,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out index 617ae86ed..5b1520626 100644 --- a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 113,ip6,2001:b07:a3d:c112:8628:88aa:8b00:913c,2a00:1450:4006:80d::200e,tcp,48302,443,info,17,15,1725108604629032,1725108606811390,1725108606811354,0,0,517,2416,821,17178,0,0,140796.1,2053502,429032.8,184069177344.0,1.9,"1019825,1024027,2053502,9703,406,10463,14792,0,24842,18,170,0,116,29,3354,490,13422,1,9609,1757,11412,77711,1,0,87369,366,324,304,298,178,191",72,635.5,2488,846.4,716345.8,3.9,"80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72","13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,5","0,0,0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,1,1,0,1,0,1,0,1,0","4.850302696,4.800302982,4.850302696,5.367949963,5.219669819,4.818557739,5.209185123,7.915221691,7.834231853,5.219669819,5.247447491,7.848894119,7.900642872,5.219669819,5.219669819,6.392518997,6.617354393,7.706577778,5.915785313,6.435108185,5.884278774,5.236962795,7.850246906,7.152086258,7.852072716,5.247447491,7.906479836,5.247447491,7.917565346,5.247447491,7.928373814,5.247447491",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,33339,2990,59245,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 +0,38,33257,2990,59245,4,0,4,0,1,0,3,3,1,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,3,1,0,3,1,0,0,4,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out index dbc5408c4..858f42e92 100644 --- a/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/flow-analyse/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -113,ip4,127.0.0.1,127.0.0.1,tcp,33702,1234,finished,17,15,1725278711300968,1725278711469124,1725278711469141,0,0,699,2052,1330,18274,0,13,10849.3,81912,22504.7,506460032.0,2.8,"13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23",52,665.1,2104,842.7,710078.0,3.9,"60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531","13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701",HTTP,7,0,Acceptable,Web,6,DPI,"5,12" +113,ip4,127.0.0.1,127.0.0.1,tcp,33702,1234,finished,17,15,1725278711300968,1725278711469124,1725278711469141,0,0,699,2052,1330,18274,0,13,10849.3,81912,22504.7,506460032.0,2.8,"13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23",52,665.1,2104,842.7,710078.0,3.9,"60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531","13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701",HTTP.WebSocket,7.251,0,Acceptable,Web,6,DPI,"5,12" 113,ip4,127.0.0.1,127.0.0.1,tcp,44532,1080,finished,19,13,1725278711295335,1725278711469489,1725278711469627,0,0,517,3932,835,18380,0,13,11240.2,82049,21975.3,482912224.0,3.1,"92,113,78,106,382,425,4533,4672,44031,9418,77646,24339,284,267,4160,279,19,13,40,4612,3350,3674,624,41294,82049,41160,126,151,203,160,146",52,653.0,3984,1237.6,1531706.8,3.3,"60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901","13,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1","4.311033249,4.747500420,4.638530731,4.549884796,4.638531208,4.628801823,4.600069046,4.733144760,4.497382641,4.600069046,4.669951916,7.947538853,4.676992416,7.920604706,4.600069046,6.167953491,5.851360321,5.834712982,5.660713673,6.112284660,4.676992416,7.680773735,5.506919861,5.521921158,4.676992416,7.956730843,4.561607838,7.954389572,4.561607361,7.916389942,4.561607838,7.802294254",SOCKS,172,0,Acceptable,Web,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,38,35014,3074,59242,4,0,4,0,2,0,4,2,0,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,2,2,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0,3,1,0,0,4,4,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +0,38,34974,3074,59242,4,0,4,0,2,0,4,2,0,1,0,19,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,2,2,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0,3,1,0,0,4,4,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/tls_ja3c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 2741e043a..000000000 --- a/test/results/flow-analyse/tls_ja3c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,4 +0,0 @@ -flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" -timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,16742,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/tls_ja3s_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 2741e043a..000000000 --- a/test/results/flow-analyse/tls_ja3s_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,4 +0,0 @@ -flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" -timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,16742,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/tls_ja4c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 2741e043a..000000000 --- a/test/results/flow-analyse/tls_ja4c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,4 +0,0 @@ -flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",TLS.Cybersec,91.283,1,Safe,Cybersecurity,6,DPI,"" -timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,14,16742,844,18233,1,1,0,0,1,0,1,2,0,0,0,5,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out b/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out index b5d1681bd..69a899a45 100644 --- a/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/flow-analyse/zoom_extra_dissection/zoom.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.117,109.94.160.99,tcp,54871,443,info,18,14,1569520471189039,1569520471662963,1569520471590160,0,0,1440,1440,3063,8708,0,1,28227.3,156067,40349.6,1628089600.0,3.8,"31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101",52,420.5,1492,552.4,305116.1,3.9,"64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223","10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0","4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15" 1,ip4,192.168.1.117,109.94.160.99,udp,58327,8801,finished,3,29,1569520471748648,1569520471785584,1569520472033049,13,0,107,1029,183,26845,0,28,10365.7,35562,8525.9,72690992.0,4.5,"31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850",41,872.8,1057,383.7,147246.2,4.8,"135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057","1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187",Zoom,189,1,Acceptable,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,317,250711,69672,259806,33,6,27,0,3,2,31,26,0,11,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,12,21,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,21,3,2,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,317,249790,69672,259806,33,6,27,0,3,2,31,26,0,11,35,115,1,0,1,2,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,12,21,3,27,1,0,0,0,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,11,0,0,0,2,0,1,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,21,3,2,0,0,0,0,33,0,0,14,17,2,0,33,31,2,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/zoom_extra_dissection/zoom2.pcap.out b/test/results/flow-analyse/zoom_extra_dissection/zoom2.pcap.out index e820bd7de..a0ba9a1b4 100644 --- a/test/results/flow-analyse/zoom_extra_dissection/zoom2.pcap.out +++ b/test/results/flow-analyse/zoom_extra_dissection/zoom2.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.1.178,144.195.73.154,udp,58117,8801,finished,12,20,1642965460219455,1642965460877104,1642965460887928,88,0,161,136,1490,1734,0,12,42778.1,176446,48878.6,2389121792.0,4.1,"98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502",46,129.0,189,35.8,1279.8,4.9,"151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116","0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1","5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172",Zoom,189,1,Acceptable,Video,6,DPI,"" 1,ip4,192.168.1.178,144.195.73.154,udp,57953,8801,finished,15,17,1642965460359314,1642965461085374,1642965461081424,27,0,143,75,1257,755,0,8,46715.2,187597,42950.9,1844783744.0,4.3,"102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582",46,91.1,171,44.6,1993.4,4.8,"153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55","7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0","5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220",Zoom,189,1,Acceptable,Video,6,DPI,"" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,46,43286,14983,82787,4,0,4,0,3,0,4,8,0,4,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,46,43163,14983,82787,4,0,4,0,3,0,4,8,0,4,0,20,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,4,0,0,1,3,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-analyse/zoom_extra_dissection/zoom_p2p.pcapng.out b/test/results/flow-analyse/zoom_extra_dissection/zoom_p2p.pcapng.out index 77106c6f4..ffb97fdfd 100644 --- a/test/results/flow-analyse/zoom_extra_dissection/zoom_p2p.pcapng.out +++ b/test/results/flow-analyse/zoom_extra_dissection/zoom_p2p.pcapng.out @@ -4,4 +4,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.12.156,10.78.14.178,udp,42208,47312,finished,32,0,1666892923321165,1666892923731059,1666892923321165,84,0,84,0,2688,0,0,149,13222.4,52278,15933.9,253890336.0,4.0,"206,27265,11246,7707,6831,1534,149,13289,6864,1707,40450,203,15506,643,33328,247,50821,420,5857,5665,52278,379,7223,2326,22718,234,30994,178,40889,183,22554",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.994051456,4.951597214,4.994051933,4.994051456,4.976194382,4.976194382,4.994051456,4.958336830,4.976194382,4.994051456,4.958336830,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.951597214,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456",Zoom,189,1,Acceptable,Video,6,DPI,"46" 1,ip4,192.168.12.156,10.78.14.178,udp,49579,49586,finished,32,0,1666892923611662,1666892924448503,1666892923611662,84,0,84,0,2688,0,0,338,26994.9,54779,14468.3,209331424.0,4.7,"23783,338,29801,1565,40495,506,22699,46435,8735,38102,43592,20546,19277,34040,24361,41537,21146,25008,31087,47211,23803,22874,54779,5988,45050,14923,26821,31551,48347,23766,18675",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.927000046,4.944857121,4.909142494,4.902402878,4.927000046,4.912628174,4.927000046,4.927000046,4.909142494,4.927000046,4.909142494,4.927000046,4.927000046,4.927000046,4.927000046,4.898025990,4.927000046,4.927000046,4.927000046,4.927000046,4.927000046,4.902402401,4.909142494,4.927000046,4.927000046,4.909142494,4.927000046,4.894771099,4.902402401,4.927000046,4.909142494,4.909142494",Zoom,189,1,Acceptable,Video,6,DPI,"46" timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count -0,134,116577,137033,103149,13,0,13,27,4,0,13,3,0,5,0,58,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,0,0,0,0,0,13,0,0,0,11,2,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 +0,134,116709,137033,103149,13,0,13,27,4,0,13,3,0,5,0,58,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,11,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,5,0,0,0,0,0,0,13,0,0,0,11,2,0,13,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0 diff --git a/test/results/flow-captured/default/1kxun.pcap.out b/test/results/flow-captured/default/1kxun.pcap.out index fb82f703b..1011c0682 100644 --- a/test/results/flow-captured/default/1kxun.pcap.out +++ b/test/results/flow-captured/default/1kxun.pcap.out @@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 -Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 -Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678 Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976 -Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678 -Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678 Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976 Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976 Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976 Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976 Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976 -Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678 Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947 Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947 -Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 -Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678 Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 @@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 -Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 @@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 -Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 @@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 -Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 diff --git a/test/results/flow-captured/default/alexa-app.pcapng.out b/test/results/flow-captured/default/alexa-app.pcapng.out index 621110793..24f2878f7 100644 --- a/test/results/flow-captured/default/alexa-app.pcapng.out +++ b/test/results/flow-captured/default/alexa-app.pcapng.out @@ -1,7 +1,4 @@ Flow 14 risky: icmp 172.16.42.1 -> 172.16.42.216 -Flow 120 risky: tcp 172.16.42.216:51986 -> 52.84.63.56:80 -Flow 129 risky: tcp 172.16.42.216:51995 -> 52.84.63.56:80 -Flow 126 risky: tcp 172.16.42.216:51992 -> 52.84.63.56:80 Flow 28 risky: tcp 172.16.42.216:45661 -> 52.94.232.134:443 Flow 45 risky: tcp 172.16.42.216:49589 -> 52.94.232.134:80 Flow 105 risky: tcp 172.16.42.216:40854 -> 54.239.29.253:443 @@ -12,15 +9,6 @@ Flow 87 risky: tcp 172.16.42.216:45710 -> 52.94.232.134:443 Flow 88 risky: tcp 172.16.42.216:45711 -> 52.94.232.134:443 Flow 89 risky: tcp 172.16.42.216:45712 -> 52.94.232.134:443 Flow 65 risky: tcp 172.16.42.216:41691 -> 54.239.29.146:443 -Flow 119 risky: tcp 172.16.42.216:51985 -> 52.84.63.56:80 -Flow 121 risky: tcp 172.16.42.216:51987 -> 52.84.63.56:80 -Flow 122 risky: tcp 172.16.42.216:51988 -> 52.84.63.56:80 -Flow 123 risky: tcp 172.16.42.216:51989 -> 52.84.63.56:80 -Flow 124 risky: tcp 172.16.42.216:51990 -> 52.84.63.56:80 -Flow 127 risky: tcp 172.16.42.216:51993 -> 52.84.63.56:80 -Flow 128 risky: tcp 172.16.42.216:51994 -> 52.84.63.56:80 -Flow 130 risky: tcp 172.16.42.216:51996 -> 52.84.63.56:80 -Flow 131 risky: tcp 172.16.42.216:51997 -> 52.84.63.56:80 Flow 93 risky: tcp 172.16.42.216:49630 -> 52.94.232.134:80 Flow 16 risky: tcp 172.16.42.216:55242 -> 52.85.209.197:443 Flow 142 risky: tcp 172.16.42.216:50799 -> 54.239.28.178:443 diff --git a/test/results/flow-captured/default/android.pcap.out b/test/results/flow-captured/default/android.pcap.out index ea5892663..c16a35e24 100644 --- a/test/results/flow-captured/default/android.pcap.out +++ b/test/results/flow-captured/default/android.pcap.out @@ -3,5 +3,3 @@ Flow 3 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50580 Flow 2 risky: tcp 17.248.176.75:443 -> 192.168.2.17:50584 Flow 2 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50584 Flow 5 midstream: tcp 17.248.185.10:443 -> 192.168.2.17:50702 -Flow 39 risky: tcp 192.168.2.16:36834 -> 173.194.79.114:80 -Flow 52 risky: tcp 192.168.2.16:36848 -> 173.194.79.114:80 diff --git a/test/results/flow-captured/default/bt-http.pcapng.out b/test/results/flow-captured/default/bt-http.pcapng.out index 8fa10a571..e69de29bb 100644 --- a/test/results/flow-captured/default/bt-http.pcapng.out +++ b/test/results/flow-captured/default/bt-http.pcapng.out @@ -1 +0,0 @@ -Flow 1 risky: tcp 192.168.1.128:46882 -> 176.31.225.118:80 diff --git a/test/results/flow-captured/default/dicom.pcap.out b/test/results/flow-captured/default/dicom.pcap.out new file mode 100644 index 000000000..b1bf64e94 --- /dev/null +++ b/test/results/flow-captured/default/dicom.pcap.out @@ -0,0 +1,4 @@ +Flow 1 midstream: tcp 127.0.0.1:49531 -> 127.0.0.1:104 +Flow 2 midstream: tcp 127.0.0.1:49541 -> 127.0.0.1:104 +Flow 3 midstream: tcp 127.0.0.1:52180 -> 127.0.0.1:104 +Flow 4 midstream: tcp 127.0.0.1:52228 -> 127.0.0.1:104 diff --git a/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out index 773774dce..e69de29bb 100644 --- a/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out @@ -1 +0,0 @@ -Flow 4 risky: udp 192.168.239.129:138 -> 192.168.239.255:138 diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out index b9ee99ef8..8267609cc 100644 --- a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out @@ -16,7 +16,6 @@ Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690 Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763 Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53 Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765 -Flow 141 risky: udp 192.168.1.2:138 -> 192.168.1.255:138 Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690 Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53 Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35 @@ -27,7 +26,6 @@ Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196 Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1 Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690 Flow 107 not-detected: 118 192.168.1.2 -> 200.68.120.81 -Flow 180 risky: udp 192.168.1.41:138 -> 192.168.1.255:138 Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53 Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53 Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53 diff --git a/test/results/flow-captured/default/gnutella.pcap.out b/test/results/flow-captured/default/gnutella.pcap.out index 09fb39805..01a597a95 100644 --- a/test/results/flow-captured/default/gnutella.pcap.out +++ b/test/results/flow-captured/default/gnutella.pcap.out @@ -1,4 +1,3 @@ -Flow 20 risky: udp 10.0.2.15:138 -> 10.0.2.255:138 Flow 239 risky: tcp 10.0.2.15:50285 -> 75.133.101.93:52367 Flow 238 risky: tcp 10.0.2.15:50284 -> 104.156.226.72:53258 Flow 288 risky: tcp 10.0.2.15:50312 -> 104.238.172.250:23548 @@ -614,7 +613,6 @@ Flow 639 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7849 Flow 302 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:53489 Flow 734 not-detected: udp 10.0.2.15:28681 -> 113.252.91.201:4297 Flow 684 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:54436 -Flow 760 risky: udp 10.0.2.15:138 -> 10.0.2.255:138 Flow 764 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476 Flow 763 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210 Flow 761 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009 diff --git a/test/results/flow-captured/default/hl7.pcap.out b/test/results/flow-captured/default/hl7.pcap.out index a656e9571..058b0c898 100644 --- a/test/results/flow-captured/default/hl7.pcap.out +++ b/test/results/flow-captured/default/hl7.pcap.out @@ -1 +1,3 @@ Flow 1 risky: tcp 10.0.0.155:49242 -> 10.0.0.126:6661 +Flow 2 risky: tcp 10.0.0.155:49250 -> 10.0.0.126:6661 +Flow 3 risky: tcp 10.0.0.155:49252 -> 10.0.0.126:6661 diff --git a/test/results/flow-captured/default/mikrotik_mndp.pcap.out b/test/results/flow-captured/default/mikrotik_mndp.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/netbios.pcap.out b/test/results/flow-captured/default/netbios.pcap.out index 63bf50e5d..e0c816db4 100644 --- a/test/results/flow-captured/default/netbios.pcap.out +++ b/test/results/flow-captured/default/netbios.pcap.out @@ -1,3 +1 @@ -Flow 3 risky: udp 10.0.5.9:138 -> 10.0.5.255:138 -Flow 12 risky: udp 10.0.5.93:138 -> 10.0.5.255:138 Flow 16 midstream: tcp 10.19.71.184:55489 -> 10.17.113.129:139 diff --git a/test/results/flow-captured/default/no_sni.pcap.out b/test/results/flow-captured/default/no_sni.pcap.out index e69de29bb..f3c495f85 100644 --- a/test/results/flow-captured/default/no_sni.pcap.out +++ b/test/results/flow-captured/default/no_sni.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: tcp 192.168.1.119:51612 -> 104.16.124.96:443 +Flow 6 risky: tcp 192.168.1.119:51637 -> 104.22.72.170:443 diff --git a/test/results/flow-captured/default/portable_executable.pcap.out b/test/results/flow-captured/default/portable_executable.pcap.out index 53f91eaea..e69de29bb 100644 --- a/test/results/flow-captured/default/portable_executable.pcap.out +++ b/test/results/flow-captured/default/portable_executable.pcap.out @@ -1 +0,0 @@ -Flow 1 not-detected: tcp 172.16.99.201:1732 -> 64.227.107.71:4444 diff --git a/test/results/flow-captured/default/quickplay.pcap.out b/test/results/flow-captured/default/quickplay.pcap.out index ed22501d6..ed14e2db3 100644 --- a/test/results/flow-captured/default/quickplay.pcap.out +++ b/test/results/flow-captured/default/quickplay.pcap.out @@ -10,7 +10,6 @@ Flow 12 risky: tcp 10.54.169.250:42761 -> 203.205.129.101:80 Flow 12 midstream: tcp 10.54.169.250:42761 -> 203.205.129.101:80 Flow 14 risky: tcp 10.54.169.250:42762 -> 203.205.129.101:80 Flow 14 midstream: tcp 10.54.169.250:42762 -> 203.205.129.101:80 -Flow 16 risky: tcp 10.54.169.250:56381 -> 54.179.140.65:80 Flow 16 midstream: tcp 10.54.169.250:56381 -> 54.179.140.65:80 Flow 6 midstream: tcp 10.54.169.250:33277 -> 120.28.26.231:80 Flow 7 midstream: tcp 10.54.169.250:44793 -> 31.13.68.49:80 diff --git a/test/results/flow-captured/default/signal_audiocall.pcapng.out b/test/results/flow-captured/default/signal_audiocall.pcapng.out new file mode 100644 index 000000000..17543eb8e --- /dev/null +++ b/test/results/flow-captured/default/signal_audiocall.pcapng.out @@ -0,0 +1,3 @@ +Flow 2 risky: udp 192.168.12.67:45419 -> 35.219.252.146:3478 +Flow 4 risky: udp 192.168.12.67:45419 -> 35.219.226.11:54116 +Flow 3 risky: udp 192.168.12.67:45419 -> 35.219.226.11:12261 diff --git a/test/results/flow-captured/default/signal_multiparty.pcapng.out b/test/results/flow-captured/default/signal_multiparty.pcapng.out new file mode 100644 index 000000000..9ca99edeb --- /dev/null +++ b/test/results/flow-captured/default/signal_multiparty.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.12.67:38303 -> 35.207.138.135:10000 diff --git a/test/results/flow-captured/default/signal_videocall.pcapng.out b/test/results/flow-captured/default/signal_videocall.pcapng.out new file mode 100644 index 000000000..c643b0130 --- /dev/null +++ b/test/results/flow-captured/default/signal_videocall.pcapng.out @@ -0,0 +1,3 @@ +Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377 +Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478 +Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478 diff --git a/test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out b/test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..1725163c4 --- /dev/null +++ b/test/results/flow-captured/default/signal_videocall_multiparty.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.117:59446 -> 35.207.67.68:10000 diff --git a/test/results/flow-captured/default/stun_signal_tcp.pcapng.out b/test/results/flow-captured/default/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/telegram.pcap.out b/test/results/flow-captured/default/telegram.pcap.out index aa219ed8e..2f9d98bae 100644 --- a/test/results/flow-captured/default/telegram.pcap.out +++ b/test/results/flow-captured/default/telegram.pcap.out @@ -2,6 +2,5 @@ Flow 25 not-detected: udp 192.168.1.77:23174 -> 192.168.1.52:31480 Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53 Flow 44 not-detected: udp 192.168.1.77:28150 -> 87.11.205.195:59772 Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53 -Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138 Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53 Flow 26 not-detected: udp 192.168.1.77:23174 -> 87.11.205.195:60723 diff --git a/test/results/flow-captured/default/telegram_videocall_2.pcapng.out b/test/results/flow-captured/default/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..da379116e --- /dev/null +++ b/test/results/flow-captured/default/telegram_videocall_2.pcapng.out @@ -0,0 +1 @@ +Flow 3 risky: udp 192.168.12.67:39968 -> 91.108.9.106:1400 diff --git a/test/results/flow-captured/default/telegram_voice.pcapng.out b/test/results/flow-captured/default/telegram_voice.pcapng.out new file mode 100644 index 000000000..1848a9f25 --- /dev/null +++ b/test/results/flow-captured/default/telegram_voice.pcapng.out @@ -0,0 +1,4 @@ +Flow 6 risky: udp 192.168.12.67:42567 -> 91.108.9.34:1400 +Flow 10 risky: icmp 192.168.12.67 -> 91.108.9.34 +Flow 4 risky: udp 192.168.12.67:44405 -> 91.108.17.41:1400 +Flow 5 risky: udp 192.168.12.67:46013 -> 91.108.13.52:1400 diff --git a/test/results/flow-captured/default/tor.pcap.out b/test/results/flow-captured/default/tor.pcap.out index c48d3f0d5..0c40044b1 100644 --- a/test/results/flow-captured/default/tor.pcap.out +++ b/test/results/flow-captured/default/tor.pcap.out @@ -1,4 +1,3 @@ -Flow 5 risky: udp 192.168.1.252:138 -> 192.168.1.255:138 Flow 1 risky: tcp 192.168.1.252:51110 -> 91.143.93.242:443 Flow 2 risky: tcp 192.168.1.252:51111 -> 46.59.52.31:443 Flow 8 risky: tcp 192.168.1.252:51175 -> 91.143.93.242:443 diff --git a/test/results/flow-captured/default/vivox.pcapng.out b/test/results/flow-captured/default/vivox.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/default/waze.pcap.out b/test/results/flow-captured/default/waze.pcap.out index 26464d3f1..101795ded 100644 --- a/test/results/flow-captured/default/waze.pcap.out +++ b/test/results/flow-captured/default/waze.pcap.out @@ -1,11 +1,4 @@ Flow 3 risky: tcp 10.8.0.1:54915 -> 65.39.128.135:80 -Flow 4 risky: tcp 10.8.0.1:45529 -> 54.230.227.172:80 -Flow 8 risky: tcp 10.8.0.1:45536 -> 54.230.227.172:80 -Flow 9 risky: tcp 10.8.0.1:45538 -> 54.230.227.172:80 -Flow 10 risky: tcp 10.8.0.1:45540 -> 54.230.227.172:80 -Flow 15 risky: tcp 10.8.0.1:45546 -> 54.230.227.172:80 -Flow 16 risky: tcp 10.8.0.1:45552 -> 54.230.227.172:80 -Flow 17 risky: tcp 10.8.0.1:45554 -> 54.230.227.172:80 Flow 18 risky: tcp 10.8.0.1:39021 -> 52.17.114.219:443 Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443 Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443 diff --git a/test/results/flow-captured/default/websocket-chisel-ssh.pcap.out b/test/results/flow-captured/default/websocket-chisel-ssh.pcap.out new file mode 100644 index 000000000..fe419b0b1 --- /dev/null +++ b/test/results/flow-captured/default/websocket-chisel-ssh.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 172.18.82.242:41986 -> 172.18.82.243:80 diff --git a/test/results/flow-captured/default/wechat.pcap.out b/test/results/flow-captured/default/wechat.pcap.out index 5206eefbc..d271fe0bf 100644 --- a/test/results/flow-captured/default/wechat.pcap.out +++ b/test/results/flow-captured/default/wechat.pcap.out @@ -1,4 +1,2 @@ Flow 13 midstream: tcp 203.205.151.162:443 -> 192.168.1.103:54058 Flow 25 midstream: tcp 192.168.1.103:40740 -> 203.205.151.211:443 -Flow 49 risky: udp 192.168.1.100:138 -> 192.168.1.255:138 -Flow 104 risky: udp 192.168.1.100:138 -> 192.168.1.255:138 diff --git a/test/results/flow-captured/disable_metadata/sip.pcap.out b/test/results/flow-captured/disable_metadata/sip.pcap.out deleted file mode 100644 index 1090142cf..000000000 --- a/test/results/flow-captured/disable_metadata/sip.pcap.out +++ /dev/null @@ -1 +0,0 @@ -Flow 4 not-detected: udp 192.168.1.2:30001 -> 212.242.33.36:40393 diff --git a/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/flow-captured/disable_metadata/tls_verylong_certificate.pcap.out deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out new file mode 100644 index 000000000..1090142cf --- /dev/null +++ b/test/results/flow-captured/disable_metadata_and_flowrisks/sip.pcap.out @@ -0,0 +1 @@ +Flow 4 not-detected: udp 192.168.1.2:30001 -> 212.242.33.36:40393 diff --git a/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/flow-captured/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out b/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out index fb82f703b..1011c0682 100644 --- a/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-captured/enable_payload_stat/1kxun.pcap.out @@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 -Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 -Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678 Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976 -Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678 -Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678 Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976 Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976 Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976 Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976 Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976 -Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678 Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947 Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947 -Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 -Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678 Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 @@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 -Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 @@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 -Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 @@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 -Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 diff --git a/test/results/flow-captured/fpc/1kxun.pcap.out b/test/results/flow-captured/fpc/1kxun.pcap.out new file mode 100644 index 000000000..1011c0682 --- /dev/null +++ b/test/results/flow-captured/fpc/1kxun.pcap.out @@ -0,0 +1,101 @@ +Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80 +Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080 +Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355 +Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355 +Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53 +Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53 +Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 +Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 +Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 +Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 +Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 +Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 +Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 +Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976 +Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976 +Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976 +Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976 +Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976 +Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976 +Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 +Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947 +Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947 +Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 +Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 +Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 +Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 +Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947 +Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80 +Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80 +Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80 +Flow 158 midstream: tcp 192.168.2.126:49372 -> 14.136.136.108:80 +Flow 150 midstream: tcp 192.168.2.126:45416 -> 161.117.13.29:80 +Flow 130 risky: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 130 midstream: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 +Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 +Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 +Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 +Flow 195 midstream: tcp 192.168.2.126:33042 -> 3.122.190.70:80 +Flow 180 midstream: tcp 192.168.2.126:58758 -> 202.153.196.53:80 +Flow 181 midstream: tcp 192.168.2.126:58760 -> 202.153.196.53:80 +Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 +Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 +Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 +Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 +Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 +Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 +Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 +Flow 156 midstream: tcp 192.168.2.126:36732 -> 142.250.186.174:80 +Flow 155 midstream: tcp 192.168.2.126:38354 -> 142.250.186.34:80 +Flow 141 midstream: tcp 192.168.2.126:46184 -> 172.105.121.82:80 +Flow 143 midstream: tcp 192.168.2.126:46200 -> 172.105.121.82:80 +Flow 144 midstream: tcp 192.168.2.126:46212 -> 172.105.121.82:80 +Flow 173 midstream: tcp 192.168.2.126:56094 -> 3.72.69.158:80 +Flow 175 midstream: tcp 192.168.2.126:56096 -> 3.72.69.158:80 +Flow 174 midstream: tcp 192.168.2.126:56098 -> 3.72.69.158:80 +Flow 176 midstream: tcp 192.168.2.126:56104 -> 3.72.69.158:80 +Flow 145 midstream: tcp 192.168.2.126:35200 -> 103.29.71.30:80 +Flow 147 midstream: tcp 192.168.2.126:45388 -> 161.117.13.29:80 +Flow 148 midstream: tcp 192.168.2.126:45398 -> 161.117.13.29:80 +Flow 149 midstream: tcp 192.168.2.126:45414 -> 161.117.13.29:80 +Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 +Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 +Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 +Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 188 risky: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80 +Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80 +Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80 +Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80 +Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80 +Flow 166 midstream: tcp 192.168.2.126:50164 -> 161.117.13.29:80 +Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80 +Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80 +Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80 +Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80 +Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 157 midstream: tcp 192.168.2.126:49354 -> 14.136.136.108:80 +Flow 159 midstream: tcp 192.168.2.126:49370 -> 14.136.136.108:80 +Flow 162 midstream: tcp 192.168.2.126:49396 -> 14.136.136.108:80 +Flow 161 midstream: tcp 192.168.2.126:49412 -> 14.136.136.108:80 +Flow 182 midstream: tcp 192.168.2.126:35664 -> 18.66.2.90:80 +Flow 184 midstream: tcp 192.168.2.126:36636 -> 18.64.103.30:80 +Flow 185 midstream: tcp 192.168.2.126:36640 -> 18.64.103.30:80 +Flow 186 midstream: tcp 192.168.2.126:36654 -> 18.64.103.30:80 +Flow 139 midstream: tcp 192.168.2.126:60148 -> 172.105.121.82:80 diff --git a/test/results/flow-captured/fpc/signal_videocall.pcapng.out b/test/results/flow-captured/fpc/signal_videocall.pcapng.out new file mode 100644 index 000000000..c643b0130 --- /dev/null +++ b/test/results/flow-captured/fpc/signal_videocall.pcapng.out @@ -0,0 +1,3 @@ +Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377 +Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478 +Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478 diff --git a/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out index fb82f703b..1011c0682 100644 --- a/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/flow-captured/guess_ip_before_port_enabled/1kxun.pcap.out @@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 -Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 -Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678 Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976 -Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678 -Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678 Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976 Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976 Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976 Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976 Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976 -Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678 Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947 Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947 -Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 -Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678 Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 @@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 -Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 @@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 -Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 @@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 -Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 diff --git a/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out b/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out index fb82f703b..1011c0682 100644 --- a/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out +++ b/test/results/flow-captured/ip_lists_disable/1kxun.pcap.out @@ -8,26 +8,19 @@ Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 -Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 -Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678 Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976 -Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678 -Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678 Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976 Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976 Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976 Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976 Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976 -Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678 Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947 Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947 -Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 -Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678 Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 @@ -46,7 +39,6 @@ Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 -Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 @@ -57,7 +49,6 @@ Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 -Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 @@ -78,7 +69,6 @@ Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 -Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 diff --git a/test/results/flow-captured/monitoring/signal_audiocall.pcapng.out b/test/results/flow-captured/monitoring/signal_audiocall.pcapng.out new file mode 100644 index 000000000..17543eb8e --- /dev/null +++ b/test/results/flow-captured/monitoring/signal_audiocall.pcapng.out @@ -0,0 +1,3 @@ +Flow 2 risky: udp 192.168.12.67:45419 -> 35.219.252.146:3478 +Flow 4 risky: udp 192.168.12.67:45419 -> 35.219.226.11:54116 +Flow 3 risky: udp 192.168.12.67:45419 -> 35.219.226.11:12261 diff --git a/test/results/flow-captured/monitoring/signal_videocall.pcapng.out b/test/results/flow-captured/monitoring/signal_videocall.pcapng.out new file mode 100644 index 000000000..c643b0130 --- /dev/null +++ b/test/results/flow-captured/monitoring/signal_videocall.pcapng.out @@ -0,0 +1,3 @@ +Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377 +Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478 +Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478 diff --git a/test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..1725163c4 --- /dev/null +++ b/test/results/flow-captured/monitoring/signal_videocall_multiparty.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.117:59446 -> 35.207.67.68:10000 diff --git a/test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out b/test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..da379116e --- /dev/null +++ b/test/results/flow-captured/monitoring/telegram_videocall_2.pcapng.out @@ -0,0 +1 @@ +Flow 3 risky: udp 192.168.12.67:39968 -> 91.108.9.106:1400 diff --git a/test/results/flow-captured/monitoring/telegram_voice.pcapng.out b/test/results/flow-captured/monitoring/telegram_voice.pcapng.out new file mode 100644 index 000000000..1848a9f25 --- /dev/null +++ b/test/results/flow-captured/monitoring/telegram_voice.pcapng.out @@ -0,0 +1,4 @@ +Flow 6 risky: udp 192.168.12.67:42567 -> 91.108.9.34:1400 +Flow 10 risky: icmp 192.168.12.67 -> 91.108.9.34 +Flow 4 risky: udp 192.168.12.67:44405 -> 91.108.17.41:1400 +Flow 5 risky: udp 192.168.12.67:46013 -> 91.108.13.52:1400 diff --git a/test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..e8c38bf29 --- /dev/null +++ b/test/results/flow-captured/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -0,0 +1,4 @@ +Flow 3 guessed: tcp 107.161.86.131:443 -> 192.168.12.156:48072 +Flow 3 not-detected: tcp 107.161.86.131:443 -> 192.168.12.156:48072 +Flow 1 guessed: tcp 192.168.12.156:37976 -> 185.128.25.99:465 +Flow 1 not-detected: tcp 192.168.12.156:37976 -> 185.128.25.99:465 diff --git a/test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out new file mode 100644 index 000000000..c643b0130 --- /dev/null +++ b/test/results/flow-captured/ndpireader_conf_file/signal_videocall.pcapng.out @@ -0,0 +1,3 @@ +Flow 3 risky: udp 192.168.12.67:47926 -> 35.219.252.146:56377 +Flow 1 risky: udp 192.168.12.67:47926 -> 35.216.234.234:3478 +Flow 2 risky: udp 192.168.12.67:47926 -> 35.219.252.146:3478 diff --git a/test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/flow-captured/ndpireader_conf_file/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..e69de29bb diff --git a/test/results/flow-captured/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-captured/tls_ja3c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/results/flow-captured/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-captured/tls_ja3s_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/results/flow-captured/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-captured/tls_ja4c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/results/flow-info/caches_cfg/teams.pcap.out b/test/results/flow-info/caches_cfg/teams.pcap.out index e516bfad2..b55a40d97 100644 --- a/test/results/flow-info/caches_cfg/teams.pcap.out +++ b/test/results/flow-info/caches_cfg/teams.pcap.out @@ -15,11 +15,11 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] @@ -48,8 +48,8 @@ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -91,26 +91,26 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] @@ -140,9 +140,9 @@ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -180,7 +180,7 @@ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] @@ -223,12 +223,12 @@ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -241,7 +241,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] @@ -252,9 +252,9 @@ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -341,13 +341,13 @@ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] @@ -355,25 +355,25 @@ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS @@ -386,28 +386,28 @@ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -419,15 +419,15 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS][Azure][Web][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] @@ -439,12 +439,12 @@ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] - idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -453,9 +453,9 @@ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe] end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] @@ -476,9 +476,9 @@ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] @@ -489,7 +489,7 @@ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] - idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] @@ -519,9 +519,9 @@ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] - idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] @@ -534,22 +534,22 @@ RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS][Azure][Web][Safe][gate.hockeyapp.net] idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS][Azure][Web][Safe][gate.hockeyapp.net] - idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] - idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/caches_global/teams.pcap.out b/test/results/flow-info/caches_global/teams.pcap.out index 640d86de0..8ae0bdbae 100644 --- a/test/results/flow-info/caches_global/teams.pcap.out +++ b/test/results/flow-info/caches_global/teams.pcap.out @@ -15,11 +15,11 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] @@ -48,8 +48,8 @@ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -91,26 +91,26 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] @@ -140,9 +140,9 @@ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -180,7 +180,7 @@ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] @@ -223,12 +223,12 @@ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -241,7 +241,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] @@ -252,9 +252,9 @@ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,10 +281,10 @@ detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400] [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] @@ -308,12 +308,12 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] @@ -341,13 +341,13 @@ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] @@ -355,25 +355,25 @@ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS @@ -386,28 +386,28 @@ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -419,15 +419,15 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] - detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] @@ -439,12 +439,12 @@ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] - idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -453,9 +453,9 @@ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe] end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] @@ -476,9 +476,9 @@ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] @@ -489,7 +489,7 @@ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] - idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] @@ -506,8 +506,8 @@ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] - idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] - idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] + idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe] idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] RISK: Minor Issues idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] @@ -519,9 +519,9 @@ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] - idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] @@ -532,24 +532,24 @@ RISK: TLS (probably) Not Carrying HTTPS end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS - idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] - idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out index 7276e2c12..7b3376352 100644 --- a/test/results/flow-info/default/1kxun.pcap.out +++ b/test/results/flow-info/default/1kxun.pcap.out @@ -133,7 +133,6 @@ [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] @@ -213,6 +212,7 @@ new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] detection-update: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] RISK: Error Code new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] @@ -232,7 +232,6 @@ detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] detected: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -248,6 +247,7 @@ new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] detected: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] @@ -267,7 +267,9 @@ detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] detected: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] @@ -277,6 +279,7 @@ new: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] detected: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] new: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] detected: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] @@ -407,7 +410,6 @@ update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected @@ -441,9 +443,7 @@ idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] - not-detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad] @@ -459,12 +459,8 @@ idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected - not-detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] - not-detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] @@ -489,9 +485,7 @@ idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav] idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] @@ -565,9 +559,7 @@ idle: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] idle: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] idle: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol idle: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] @@ -585,9 +577,7 @@ idle: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] - not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI @@ -658,7 +648,6 @@ detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -709,7 +698,6 @@ [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] @@ -796,7 +784,6 @@ detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] @@ -815,7 +802,6 @@ idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] @@ -828,7 +814,6 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] @@ -852,7 +837,6 @@ idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] RISK: Error Code idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] diff --git a/test/results/flow-info/default/443-chrome.pcap.out b/test/results/flow-info/default/443-chrome.pcap.out index 8d6f2778e..3b4e5b0ed 100644 --- a/test/results/flow-info/default/443-chrome.pcap.out +++ b/test/results/flow-info/default/443-chrome.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [MIDSTREAM] - guessed: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [TLS][Unknown][Web][Safe] + guessed: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [TLS][DigitalOcean][Web][Safe] RISK: Susp Entropy, Unidirectional Traffic idle: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/443-curl.pcap.out b/test/results/flow-info/default/443-curl.pcap.out index d635942f3..ad3b69306 100644 --- a/test/results/flow-info/default/443-curl.pcap.out +++ b/test/results/flow-info/default/443-curl.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.784| 0.063| 0.190| 36203.258| 2.200] [PKTLEN......: 52.000| 1492.000| 397.200| 558.700| 312115.000| 3.800] @@ -15,5 +15,5 @@ [IATS(ms)....: 38.7,38.8,9.6,47.6,2.8,1.1,0.0,41.9,0.0,11.8,50.9,0.0,39.1,0.0,0.7,0.0,0.0,0.1,0.1,38.5,8.9,46.6,784.1,784.0,0.4,0.1,0.5,0.1,0.1,0.2,0.2] [PKTLENS.....: 64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492] [ENTROPIES...: 4.4,5.3,4.9,4.3,5.1,7.4,7.5,6.8,4.9,4.9,6.3,6.0,6.2,5.0,4.9,5.8,5.8,5.5,6.0,5.5,5.2,5.9,5.1,7.2,5.1,7.9,7.9,5.1,7.9,7.8,5.1,7.9] - end: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + end: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/443-firefox.pcap.out b/test/results/flow-info/default/443-firefox.pcap.out index 3efd275fc..6d25ae687 100644 --- a/test/results/flow-info/default/443-firefox.pcap.out +++ b/test/results/flow-info/default/443-firefox.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.656| 0.130| 0.404| 163175.268| 2.000] [PKTLEN......: 52.000| 1492.000| 518.700| 610.400| 372566.000| 4.000] @@ -15,5 +15,5 @@ [IATS(ms)....: 38.5,38.6,1.8,40.0,4.1,0.1,0.0,42.3,0.0,2.1,40.7,0.0,38.7,0.0,193.8,0.1,0.2,231.1,10.0,47.0,1655.7,0.1,1655.7,0.2,0.0,0.2,0.2,0.1,0.3,0.1,0.2] [PKTLENS.....: 64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016] [ENTROPIES...: 4.4,5.4,4.9,5.2,5.1,7.4,7.5,6.3,5.0,5.0,6.1,7.2,6.2,5.1,5.1,6.9,7.2,5.7,5.2,5.8,4.9,7.9,7.9,5.0,7.9,7.8,5.0,7.9,7.9,4.9,7.9,7.8] - end: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + end: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/443-safari.pcap.out b/test/results/flow-info/default/443-safari.pcap.out index ef9e5f325..aa09997ff 100644 --- a/test/results/flow-info/default/443-safari.pcap.out +++ b/test/results/flow-info/default/443-safari.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.696| 0.070| 0.175| 30530.335| 2.600] [PKTLEN......: 52.000| 1492.000| 384.700| 559.600| 313139.800| 3.800] @@ -15,5 +15,5 @@ [IATS(ms)....: 38.2,38.3,1.1,39.8,4.1,0.1,0.0,42.8,0.0,225.7,264.3,0.0,38.7,0.0,1.6,0.0,0.0,0.0,0.1,40.0,0.0,9.9,48.2,695.6,0.1,695.6,0.1,0.1,0.1,0.1,0.1] [PKTLENS.....: 64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492] [ENTROPIES...: 4.3,5.3,4.9,5.7,5.2,7.4,7.4,6.4,4.9,4.9,6.0,5.8,6.1,4.9,5.0,5.9,5.8,5.8,7.4,5.6,5.0,5.1,5.8,5.0,7.9,7.9,4.9,7.9,4.8,7.8,4.9,7.9] - idle: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + idle: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/EAQ.pcap.out b/test/results/flow-info/default/EAQ.pcap.out index 4a277ed1d..0afe1e2b8 100644 --- a/test/results/flow-info/default/EAQ.pcap.out +++ b/test/results/flow-info/default/EAQ.pcap.out @@ -6,7 +6,7 @@ RISK: HTTP Susp User-Agent new: [.....2] [ip4][..tcp] [.......10.8.0.1][40467] -> [.173.194.119.24][...80] detected: [.....2] [ip4][..tcp] [.......10.8.0.1][40467] -> [.173.194.119.24][...80] [HTTP.Google][Google][Web][Acceptable][www.google.com.br] - RISK: HTTP Susp User-Agent, Susp Entropy + RISK: HTTP Susp User-Agent new: [.....3] [ip4][..udp] [.......10.8.0.1][52257] -> [200.185.138.146][.6000] new: [.....4] [ip4][..udp] [.......10.8.0.1][48890] -> [200.185.125.226][.6000] new: [.....5] [ip4][..udp] [.......10.8.0.1][51569] -> [.200.194.148.67][.6000] @@ -155,7 +155,7 @@ idle: [....30] [ip4][..udp] [.......10.8.0.1][33356] -> [.200.194.149.66][.6000] [EAQ][Unknown][Network][Acceptable] RISK: Unidirectional Traffic end: [.....2] [ip4][..tcp] [.......10.8.0.1][40467] -> [.173.194.119.24][...80] [HTTP.Google][Google][Web][Acceptable][www.google.com.br] - RISK: HTTP Susp User-Agent, Susp Entropy + RISK: HTTP Susp User-Agent idle: [.....9] [ip4][..udp] [.......10.8.0.1][34687] -> [.200.194.141.68][.6000] [EAQ][Unknown][Network][Acceptable] RISK: Unidirectional Traffic idle: [....23] [ip4][..udp] [.......10.8.0.1][36552] -> [.200.194.136.66][.6000] [EAQ][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out index 2018ad289..2f2ebc5d1 100644 --- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out +++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out @@ -185,7 +185,7 @@ end: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] idle: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com] guessed: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [HTTP][Unknown][Web][Acceptable][] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] idle: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com] idle: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com] diff --git a/test/results/flow-info/default/KakaoTalk_talk.pcap.out b/test/results/flow-info/default/KakaoTalk_talk.pcap.out index 5efc01603..4c4862263 100644 --- a/test/results/flow-info/default/KakaoTalk_talk.pcap.out +++ b/test/results/flow-info/default/KakaoTalk_talk.pcap.out @@ -99,7 +99,7 @@ end: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkminorshort.weixin.qq.com] RISK: Known Proto on Non Std Port, Binary File/Data Transfer (Attempt) guessed: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [TLS][Google][Web][Safe] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] idle: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][mqtt.facebook.com] guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Unknown][Web][Acceptable][] @@ -108,7 +108,7 @@ RISK: Unidirectional Traffic idle: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] guessed: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [TLS][Facebook][Web][Safe] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] idle: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable] idle: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][Unknown][VoIP][Acceptable] @@ -120,7 +120,7 @@ idle: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Unknown][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher guessed: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [TLS][Google][Web][Safe] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] guessed: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] idle: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] diff --git a/test/results/flow-info/default/alexa-app.pcapng.out b/test/results/flow-info/default/alexa-app.pcapng.out index e74e98e6b..63116a883 100644 --- a/test/results/flow-info/default/alexa-app.pcapng.out +++ b/test/results/flow-info/default/alexa-app.pcapng.out @@ -569,17 +569,11 @@ new: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] new: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] detected: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.295| 0.052| 0.098| 9533.209| 3.000] @@ -611,17 +605,11 @@ new: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] new: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] detected: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.179| 0.023| 0.044| 1924.322| 3.100] @@ -740,7 +728,7 @@ end: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] end: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable] guessed: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] end: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][android-1c1335ec95a27318] @@ -955,10 +943,10 @@ guessed: [...116] [ip4][..tcp] [..172.16.42.216][37552] -> [..54.239.24.180][..443] [TLS][AmazonAWS][Web][Safe] end: [...116] [ip4][..tcp] [..172.16.42.216][37552] -> [..54.239.24.180][..443] guessed: [....31] [ip4][..tcp] [..172.16.42.216][40200] -> [.10.201.126.241][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [....31] [ip4][..tcp] [..172.16.42.216][40200] -> [.10.201.126.241][.8080] guessed: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080] guessed: [....83] [ip4][..tcp] [..172.16.42.216][40242] -> [.10.201.126.241][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic @@ -1027,29 +1015,17 @@ idle: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com] idle: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com] end: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com] - RISK: Susp Entropy end: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com] guessed: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] [HTTP][AmazonAWS][Web][Acceptable][] end: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] @@ -1096,7 +1072,7 @@ idle: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com] idle: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] guessed: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] end: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable] idle: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com] diff --git a/test/results/flow-info/default/android.pcap.out b/test/results/flow-info/default/android.pcap.out index 5ad626563..e665f2dd7 100644 --- a/test/results/flow-info/default/android.pcap.out +++ b/test/results/flow-info/default/android.pcap.out @@ -111,7 +111,6 @@ detected: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] detection-update: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] detected: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net] - RISK: Susp Entropy detection-update: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com] @@ -158,7 +157,6 @@ detection-update: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com] new: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] detected: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net] - RISK: Susp Entropy new: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] detected: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net] detection-update: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net] @@ -268,9 +266,7 @@ idle: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] idle: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net] end: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net] - RISK: Susp Entropy idle: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net] - RISK: Susp Entropy guessed: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] [HTTP][Google][Web][Acceptable][] idle: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/bt-http.pcapng.out b/test/results/flow-info/default/bt-http.pcapng.out index d92a593ab..48b70877b 100644 --- a/test/results/flow-info/default/bt-http.pcapng.out +++ b/test/results/flow-info/default/bt-http.pcapng.out @@ -3,7 +3,5 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.128][46882] -> [.176.31.225.118][...80] detected: [.....1] [ip4][..tcp] [..192.168.1.128][46882] -> [.176.31.225.118][...80] [HTTP.BitTorrent][Unknown][Download][Acceptable][tracker.trackerfix.com] - RISK: Susp Entropy end: [.....1] [ip4][..tcp] [..192.168.1.128][46882] -> [.176.31.225.118][...80] [HTTP.BitTorrent][Unknown][Download][Acceptable][tracker.trackerfix.com] - RISK: Susp Entropy DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dicom.pcap.out b/test/results/flow-info/default/dicom.pcap.out new file mode 100644 index 000000000..6ced96008 --- /dev/null +++ b/test/results/flow-info/default/dicom.pcap.out @@ -0,0 +1,18 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][49531] -> [......127.0.0.1][..104] [MIDSTREAM] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][49531] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + new: [.....2] [ip4][..tcp] [......127.0.0.1][49541] -> [......127.0.0.1][..104] [MIDSTREAM] + detected: [.....2] [ip4][..tcp] [......127.0.0.1][49541] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [......127.0.0.1][52180] -> [......127.0.0.1][..104] [MIDSTREAM] + detected: [.....3] [ip4][..tcp] [......127.0.0.1][52180] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + idle: [.....1] [ip4][..tcp] [......127.0.0.1][49531] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + idle: [.....2] [ip4][..tcp] [......127.0.0.1][49541] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + new: [.....4] [ip4][..tcp] [......127.0.0.1][52228] -> [......127.0.0.1][..104] [MIDSTREAM] + detected: [.....4] [ip4][..tcp] [......127.0.0.1][52228] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + idle: [.....3] [ip4][..tcp] [......127.0.0.1][52180] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + idle: [.....4] [ip4][..tcp] [......127.0.0.1][52228] -> [......127.0.0.1][..104] [DICOM][Unknown][Health][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out index ebe567e93..b46c54922 100644 --- a/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/flow-info/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -107,17 +107,17 @@ new: [....42] [ip4][..udp] [.......10.0.0.1][38362] -> [..51.15.122.250][..443] detected: [....42] [ip4][..udp] [.......10.0.0.1][38362] -> [..51.15.122.250][..443] [DNScrypt][Unknown][Network][Acceptable] new: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] - detected: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] - detected: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] - detected: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] - detected: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] - detected: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] - detected: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [....49] [ip4][..udp] [.......10.0.0.1][47865] -> [...195.30.94.28][.8443] detected: [....49] [ip4][..udp] [.......10.0.0.1][47865] -> [...195.30.94.28][.8443] [DNScrypt][Unknown][Network][Acceptable] new: [....50] [ip4][..udp] [.......10.0.0.1][33369] -> [...195.30.94.28][.8443] @@ -441,7 +441,7 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed [6/16] update: [...149] [ip4][..udp] [.......10.0.0.1][49040] -> [193.191.187.107][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...150] [ip4][..udp] [.......10.0.0.1][49115] -> [193.191.187.107][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + update: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] update: [....29] [ip4][..udp] [.......10.0.0.1][34324] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...117] [ip4][..udp] [.......10.0.0.1][51363] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....70] [ip4][..udp] [.......10.0.0.1][38283] -> [..172.104.93.80][.1443] [DNScrypt][Unknown][Network][Acceptable] @@ -479,9 +479,9 @@ update: [....40] [ip4][..udp] [.......10.0.0.1][36668] -> [..51.15.122.250][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...104] [ip4][..udp] [.......10.0.0.1][49186] -> [..93.95.226.165][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...141] [ip4][..udp] [.......10.0.0.1][40138] -> [...142.4.205.47][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + update: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] update: [...133] [ip4][..udp] [.......10.0.0.1][53876] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + update: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] update: [...128] [ip4][..udp] [.......10.0.0.1][55267] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] update: [.....6] [ip4][..udp] [.......10.0.0.1][60301] -> [..149.56.228.45][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....42] [ip4][..udp] [.......10.0.0.1][38362] -> [..51.15.122.250][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -527,7 +527,7 @@ update: [...146] [ip4][..udp] [.......10.0.0.1][35885] -> [193.191.187.107][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....91] [ip4][..udp] [.......10.0.0.1][41913] -> [..45.153.187.96][.4343] [DNScrypt][Unknown][Network][Acceptable] update: [....20] [ip4][..udp] [.......10.0.0.1][56997] -> [104.238.186.192][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + update: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] update: [.....1] [ip4][..udp] [.......10.0.0.1][38388] -> [..149.56.228.45][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...142] [ip4][..udp] [.......10.0.0.1][51935] -> [...142.4.205.47][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....77] [ip4][..udp] [.......10.0.0.1][38278] -> [205.185.116.116][..553] [DNScrypt][Unknown][Network][Acceptable] @@ -552,7 +552,7 @@ update: [....30] [ip4][..udp] [.......10.0.0.1][59367] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....34] [ip4][..udp] [.......10.0.0.1][38136] -> [....41.79.69.13][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....75] [ip4][..udp] [.......10.0.0.1][43528] -> [205.185.116.116][..553] [DNScrypt][Unknown][Network][Acceptable] - update: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + update: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] update: [...138] [ip4][..udp] [.......10.0.0.1][38511] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....66] [ip4][..udp] [.......10.0.0.1][55482] -> [.149.112.112.10][.8443] [DNScrypt][Unknown][Network][Acceptable] update: [....52] [ip4][..udp] [.......10.0.0.1][44093] -> [...195.30.94.28][.8443] [DNScrypt][Unknown][Network][Acceptable] @@ -565,7 +565,7 @@ update: [....65] [ip4][..udp] [.......10.0.0.1][57465] -> [.149.112.112.10][.8443] [DNScrypt][Unknown][Network][Acceptable] update: [....99] [ip4][..udp] [.......10.0.0.1][40099] -> [...66.85.30.115][..443] [DNScrypt][Unknown][Network][Acceptable] update: [....56] [ip4][..udp] [.......10.0.0.1][60962] -> [..142.4.204.111][..443] [DNScrypt][Unknown][Network][Acceptable] - update: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + update: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] update: [...127] [ip4][..udp] [.......10.0.0.1][43224] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...120] [ip4][..udp] [.......10.0.0.1][48325] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] update: [...125] [ip4][..udp] [.......10.0.0.1][38594] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] @@ -629,18 +629,18 @@ new: [...210] [ip4][..udp] [.......10.0.0.1][49177] -> [..46.227.200.55][.8443] detected: [...210] [ip4][..udp] [.......10.0.0.1][49177] -> [..46.227.200.55][.8443] [DNScrypt][Unknown][Network][Acceptable] new: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443] - detected: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443] - detected: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [10/16] new: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443] - detected: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [...214] [ip4][..udp] [.......10.0.0.1][37287] -> [..107.170.57.34][..443] - detected: [...214] [ip4][..udp] [.......10.0.0.1][37287] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [...214] [ip4][..udp] [.......10.0.0.1][37287] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [...215] [ip4][..udp] [.......10.0.0.1][33143] -> [..107.170.57.34][..443] - detected: [...215] [ip4][..udp] [.......10.0.0.1][33143] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [...215] [ip4][..udp] [.......10.0.0.1][33143] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] new: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443] - detected: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + detected: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [11/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [12/16] new: [...217] [ip4][..udp] [.......10.0.0.1][56988] -> [185.193.127.244][..443] @@ -729,14 +729,14 @@ detected: [...238] [ip4][..udp] [.......10.0.0.1][50443] -> [.144.91.106.227][..443] [DNScrypt][Unknown][Network][Acceptable] new: [...239] [ip4][..udp] [.......10.0.0.1][37711] -> [.144.91.106.227][..443] detected: [...239] [ip4][..udp] [.......10.0.0.1][37711] -> [.144.91.106.227][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [...211] [ip4][..udp] [.......10.0.0.1][54375] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...149] [ip4][..udp] [.......10.0.0.1][49040] -> [193.191.187.107][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....10] [ip4][..udp] [.......10.0.0.1][43748] -> [..62.210.180.71][.1053] [DNScrypt][Unknown][Network][Acceptable] idle: [...150] [ip4][..udp] [.......10.0.0.1][49115] -> [193.191.187.107][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [....45] [ip4][..udp] [.......10.0.0.1][50335] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [....29] [ip4][..udp] [.......10.0.0.1][34324] -> [.209.250.241.25][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...117] [ip4][..udp] [.......10.0.0.1][51363] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [...212] [ip4][..udp] [.......10.0.0.1][55185] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [....70] [ip4][..udp] [.......10.0.0.1][38283] -> [..172.104.93.80][.1443] [DNScrypt][Unknown][Network][Acceptable] idle: [...134] [ip4][..udp] [.......10.0.0.1][45497] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...157] [ip4][..udp] [.......10.0.0.1][36930] -> [167.114.220.125][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -798,10 +798,10 @@ idle: [...228] [ip4][..udp] [.......10.0.0.1][57109] -> [...77.66.84.233][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...167] [ip4][..udp] [.......10.0.0.1][58650] -> [..5.189.170.196][..465] [DNScrypt][Unknown][Network][Acceptable] idle: [.....8] [ip4][..udp] [.......10.0.0.1][52636] -> [..62.210.180.71][.1053] [DNScrypt][Unknown][Network][Acceptable] - idle: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [....48] [ip4][..udp] [.......10.0.0.1][59194] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...133] [ip4][..udp] [.......10.0.0.1][53876] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...174] [ip4][..udp] [.......10.0.0.1][38482] -> [.185.253.154.66][.4343] [DNScrypt][Unknown][Network][Acceptable] - idle: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [....43] [ip4][..udp] [.......10.0.0.1][59476] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...128] [ip4][..udp] [.......10.0.0.1][55267] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [.....6] [ip4][..udp] [.......10.0.0.1][60301] -> [..149.56.228.45][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...169] [ip4][..udp] [.......10.0.0.1][38709] -> [.185.253.154.66][.4343] [DNScrypt][Unknown][Network][Acceptable] @@ -820,7 +820,7 @@ idle: [....35] [ip4][..udp] [.......10.0.0.1][56177] -> [....41.79.69.13][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...124] [ip4][..udp] [.......10.0.0.1][52221] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] idle: [...122] [ip4][..udp] [.......10.0.0.1][52356] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] - idle: [...215] [ip4][..udp] [.......10.0.0.1][33143] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [...215] [ip4][..udp] [.......10.0.0.1][33143] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [....62] [ip4][..udp] [.......10.0.0.1][40009] -> [.149.112.112.10][.8443] [DNScrypt][Unknown][Network][Acceptable] idle: [....67] [ip4][..udp] [.......10.0.0.1][49512] -> [..172.104.93.80][.1443] [DNScrypt][Unknown][Network][Acceptable] idle: [...123] [ip4][..udp] [.......10.0.0.1][53117] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] @@ -842,14 +842,14 @@ idle: [....64] [ip4][..udp] [.......10.0.0.1][42570] -> [.149.112.112.10][.8443] [DNScrypt][Unknown][Network][Acceptable] idle: [...172] [ip4][..udp] [.......10.0.0.1][43540] -> [.185.253.154.66][.4343] [DNScrypt][Unknown][Network][Acceptable] idle: [....14] [ip4][..udp] [.......10.0.0.1][37413] -> [.185.134.196.55][.8443] [DNScrypt][Unknown][Network][Acceptable] - idle: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [...213] [ip4][..udp] [.......10.0.0.1][36335] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...178] [ip4][..udp] [.......10.0.0.1][46363] -> [..142.4.204.111][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....89] [ip4][..udp] [.......10.0.0.1][43714] -> [....51.15.62.65][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...155] [ip4][..udp] [.......10.0.0.1][39910] -> [..51.15.124.208][.4343] [DNScrypt][Unknown][Network][Acceptable] idle: [...170] [ip4][..udp] [.......10.0.0.1][44469] -> [.185.253.154.66][.4343] [DNScrypt][Unknown][Network][Acceptable] idle: [....60] [ip4][..udp] [.......10.0.0.1][46856] -> [..142.4.204.111][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [.....4] [ip4][..udp] [.......10.0.0.1][33565] -> [..149.56.228.45][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [...214] [ip4][..udp] [.......10.0.0.1][37287] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [...214] [ip4][..udp] [.......10.0.0.1][37287] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [....92] [ip4][..udp] [.......10.0.0.1][37890] -> [..45.153.187.96][.4343] [DNScrypt][Unknown][Network][Acceptable] idle: [...192] [ip4][..udp] [.......10.0.0.1][39259] -> [....85.5.93.230][.8443] [DNScrypt][Unknown][Network][Acceptable] idle: [...232] [ip4][..udp] [.......10.0.0.1][53045] -> [..23.111.74.205][..443] [DNScrypt][Unknown][Network][Acceptable] @@ -882,9 +882,9 @@ idle: [....91] [ip4][..udp] [.......10.0.0.1][41913] -> [..45.153.187.96][.4343] [DNScrypt][Unknown][Network][Acceptable] idle: [....20] [ip4][..udp] [.......10.0.0.1][56997] -> [104.238.186.192][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...175] [ip4][..udp] [.......10.0.0.1][51647] -> [..142.4.204.111][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [....47] [ip4][..udp] [.......10.0.0.1][37595] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [.....1] [ip4][..udp] [.......10.0.0.1][38388] -> [..149.56.228.45][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [...216] [ip4][..udp] [.......10.0.0.1][42141] -> [..107.170.57.34][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...184] [ip4][..udp] [.......10.0.0.1][40775] -> [.212.47.228.136][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...142] [ip4][..udp] [.......10.0.0.1][51935] -> [...142.4.205.47][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...151] [ip4][..udp] [.......10.0.0.1][45375] -> [..51.15.124.208][.4343] [DNScrypt][Unknown][Network][Acceptable] @@ -919,7 +919,7 @@ idle: [...179] [ip4][..udp] [.......10.0.0.1][57180] -> [..142.4.204.111][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....34] [ip4][..udp] [.......10.0.0.1][38136] -> [....41.79.69.13][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....75] [ip4][..udp] [.......10.0.0.1][43528] -> [205.185.116.116][..553] [DNScrypt][Unknown][Network][Acceptable] - idle: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [....46] [ip4][..udp] [.......10.0.0.1][43633] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...138] [ip4][..udp] [.......10.0.0.1][38511] -> [..151.80.222.79][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....66] [ip4][..udp] [.......10.0.0.1][55482] -> [.149.112.112.10][.8443] [DNScrypt][Unknown][Network][Acceptable] idle: [...188] [ip4][..udp] [.......10.0.0.1][50403] -> [....85.5.93.230][.8443] [DNScrypt][Unknown][Network][Acceptable] @@ -939,7 +939,7 @@ idle: [....99] [ip4][..udp] [.......10.0.0.1][40099] -> [...66.85.30.115][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [....56] [ip4][..udp] [.......10.0.0.1][60962] -> [..142.4.204.111][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...233] [ip4][..udp] [.......10.0.0.1][34024] -> [..23.111.74.205][..443] [DNScrypt][Unknown][Network][Acceptable] - idle: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] [DNScrypt][Unknown][Network][Acceptable] + idle: [....44] [ip4][..udp] [.......10.0.0.1][47341] -> [.139.59.200.116][..443] [DNScrypt][DigitalOcean][Network][Acceptable] idle: [...127] [ip4][..udp] [.......10.0.0.1][43224] -> [...45.76.113.31][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...120] [ip4][..udp] [.......10.0.0.1][48325] -> [.176.56.237.171][..443] [DNScrypt][Unknown][Network][Acceptable] idle: [...125] [ip4][..udp] [.......10.0.0.1][38594] -> [178.216.201.222][.2053] [DNScrypt][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out index 205778f6a..335cd4e7b 100644 --- a/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out @@ -21,7 +21,6 @@ ERROR-EVENT: Unknown packet type [12/16] new: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] detected: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][mdjr98] - RISK: Unsafe Protocol ERROR-EVENT: Unknown packet type [13/16] ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] @@ -46,12 +45,10 @@ ERROR-EVENT: Unknown packet type [15/16] ERROR-EVENT: Unknown packet type [16/16] update: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][mdjr98] - RISK: Unsafe Protocol update: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Unknown][Network][Acceptable] update: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][Unknown][System][Acceptable][mdjr98] update: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][Unknown][System][Acceptable][mdjr98] update: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][mdjr98] - RISK: Unsafe Protocol ERROR-EVENT: Unknown packet type [1/16] ERROR-EVENT: Unknown packet type [2/16] ERROR-EVENT: Unknown packet type [3/16] @@ -69,5 +66,4 @@ idle: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][Unknown][System][Acceptable][mdjr98] idle: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][Unknown][System][Acceptable][mdjr98] idle: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][mdjr98] - RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out index fd9a79c66..f0f2471ad 100644 --- a/test/results/flow-info/default/emotet.pcap.out +++ b/test/results/flow-info/default/emotet.pcap.out @@ -45,18 +45,18 @@ idle: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org] RISK: Binary App Transfer, Binary File/Data Transfer (Attempt) new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] - detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] + detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][DigitalOcean][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] + detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][DigitalOcean][Web][Safe][] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] - detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] + detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][DigitalOcean][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] + detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][DigitalOcean][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - idle: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] + idle: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][DigitalOcean][Web][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - end: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] + end: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][DigitalOcean][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs] RISK: Binary App Transfer, HTTP Susp User-Agent, Binary File/Data Transfer (Attempt) diff --git a/test/results/flow-info/default/encrypted_sni.pcap.out b/test/results/flow-info/default/encrypted_sni.pcap.out index 90f0942d6..fdd145143 100644 --- a/test/results/flow-info/default/encrypted_sni.pcap.out +++ b/test/results/flow-info/default/encrypted_sni.pcap.out @@ -3,11 +3,17 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ethereum.pcap.out b/test/results/flow-info/default/ethereum.pcap.out index aef78fbad..f896659c0 100644 --- a/test/results/flow-info/default/ethereum.pcap.out +++ b/test/results/flow-info/default/ethereum.pcap.out @@ -34,11 +34,11 @@ new: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] new: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] - detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] detected: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] new: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] - detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] new: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] @@ -53,7 +53,7 @@ [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.1,5.1,5.2,5.1,5.8,5.2,6.7,5.2,5.5,5.9,5.2,5.2,5.5,5.5,5.1,3.7,3.7] new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] - analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.063| 0.009| 0.019| 355.411| 2.700] [PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400] @@ -84,7 +84,7 @@ detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [ETHEREUM][Tencent][Crypto_Currency][Acceptable] detected: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] - detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy @@ -104,7 +104,7 @@ new: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] detected: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] - detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy @@ -131,7 +131,7 @@ new: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] new: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] - detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.164| 0.023| 0.053| 2778.035| 2.400] @@ -171,8 +171,8 @@ [ENTROPIES...: 4.5,5.3,5.1,7.6,5.2,7.5,5.9,5.1,5.2,5.7,5.6,5.1,5.2,5.8,5.1,6.7,5.1,5.4,5.8,5.1,5.1,5.4,5.5,5.0,3.6,3.6,3.6,3.6,3.6,3.6,3.6,3.6] new: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] - detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] + detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] new: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] @@ -187,7 +187,7 @@ [PKTLENS.....: 64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.2,5.3,5.2,5.3,5.5,5.2,5.2,5.6,5.2,5.2,5.2,5.7,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.1,5.2,3.7] detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.109| 0.018| 0.040| 1575.808| 2.400] [PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300] @@ -199,7 +199,7 @@ [ENTROPIES...: 4.5,5.4,5.1,7.7,5.2,7.7,5.2,5.9,5.2,6.9,5.2,5.6,5.9,5.1,5.2,5.1,5.3,5.1,5.6,5.7,5.1,5.1,5.8,5.2,5.2,5.1,5.1,5.3,5.6,5.1,4.0,4.0] new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] - analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.049| 0.009| 0.018| 316.609| 2.700] [PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500] @@ -337,8 +337,8 @@ new: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] + analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.339| 0.050| 0.114| 12910.542| 2.400] [PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400] @@ -399,7 +399,7 @@ new: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] - analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.184| 0.035| 0.071| 5044.452| 2.600] [PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400] @@ -465,7 +465,7 @@ detected: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] - detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.286| 0.027| 0.065| 4262.303| 2.600] @@ -483,7 +483,7 @@ end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] idle: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] idle: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] end: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] @@ -502,15 +502,15 @@ end: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] idle: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] idle: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - idle: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] + end: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] + end: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] end: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] idle: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] end: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - idle: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] end: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] end: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] @@ -532,7 +532,7 @@ guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] RISK: Unidirectional Traffic idle: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] - end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] end: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] guessed: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] RISK: Unidirectional Traffic @@ -544,7 +544,7 @@ end: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] idle: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] idle: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] - end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] idle: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] @@ -552,7 +552,7 @@ idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] idle: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] - end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][DigitalOcean][Crypto_Currency][Acceptable] guessed: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] RISK: Unidirectional Traffic idle: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] diff --git a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out index 622b06363..76b0ab8b4 100644 --- a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out @@ -905,7 +905,6 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] detected: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465] - RISK: Unsafe Protocol idle: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] update: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -985,7 +984,6 @@ idle: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465] - RISK: Unsafe Protocol update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic @@ -1067,7 +1065,6 @@ idle: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465] - RISK: Unsafe Protocol update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic @@ -1176,7 +1173,6 @@ detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet, Unidirectional Traffic update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465] - RISK: Unsafe Protocol update: [...139] [ip4][..udp] [...192.168.1.57][.2771] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1204,7 +1200,6 @@ detected: [...174] [ip4][..udp] [....192.168.1.2][.2791] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] idle: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_doma] idle: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465] - RISK: Unsafe Protocol idle: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic idle: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -1374,7 +1369,6 @@ update: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain] new: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] detected: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] - RISK: Unsafe Protocol new: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] detected: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workg] new: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] @@ -1428,7 +1422,6 @@ update: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] update: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] update: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] - RISK: Unsafe Protocol update: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workg] update: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] update: [...179] [ip4][..udp] [....192.136.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][5ci_dombin] @@ -1455,7 +1448,6 @@ update: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] update: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] update: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] - RISK: Unsafe Protocol update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workg] new: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] @@ -1518,7 +1510,6 @@ update: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] update: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] update: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] - RISK: Unsafe Protocol update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sippstar.com] RISK: Non-Printable/Invalid Chars Detected @@ -1558,7 +1549,6 @@ idle: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] idle: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] idle: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] - RISK: Unsafe Protocol idle: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workg] update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] diff --git a/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out index 25e7d327d..9797d569f 100644 --- a/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out @@ -119,7 +119,7 @@ guessed: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][] end: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] guessed: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [HTTP][Unknown][Web][Acceptable][] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] end: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out index 0934fef2b..d77625277 100644 --- a/test/results/flow-info/default/gnutella.pcap.out +++ b/test/results/flow-info/default/gnutella.pcap.out @@ -42,7 +42,6 @@ detected: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] new: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] detected: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol new: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] detected: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] new: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355] @@ -157,7 +156,6 @@ update: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Unknown][Network][Acceptable] update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable][msedgewin10] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] @@ -864,14 +862,14 @@ new: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] new: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] detected: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Download][Potentially Dangerous][69.118.162.229] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol detected: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Download][Potentially Dangerous][189.147.72.83] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol new: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058] detection-update: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][69.118.162.229] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy, Binary File/Data Transfer (Attempt) + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary File/Data Transfer (Attempt) detection-update: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][189.147.72.83] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy, Binary File/Data Transfer (Attempt) + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary File/Data Transfer (Attempt) new: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -889,7 +887,6 @@ update: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Unknown][Network][Acceptable] update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable][msedgewin10] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1017,7 +1014,7 @@ RISK: Unsafe Protocol new: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] detected: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Download][Potentially Dangerous][69.118.162.229] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol new: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] detected: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1358,7 +1355,6 @@ update: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Unknown][Network][Acceptable] update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable][msedgewin10] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1650,7 +1646,7 @@ end: [...119] [ip4][..tcp] [......10.0.2.15][50250] -> [...27.94.154.53][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....61] [ip4][..tcp] [......10.0.2.15][50220] -> [.36.233.196.226][.3820] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....61] [ip4][..tcp] [......10.0.2.15][50220] -> [.36.233.196.226][.3820] end: [...122] [ip4][..tcp] [......10.0.2.15][50253] -> [103.232.107.100][43508] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1661,12 +1657,12 @@ end: [....51] [ip4][..tcp] [......10.0.2.15][50211] -> [...14.199.10.60][23458] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....63] [ip4][..tcp] [......10.0.2.15][50222] -> [.119.14.143.237][.6523] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....63] [ip4][..tcp] [......10.0.2.15][50222] -> [.119.14.143.237][.6523] end: [....43] [ip4][..tcp] [......10.0.2.15][50203] -> [..61.222.160.99][18994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....69] [ip4][..tcp] [......10.0.2.15][50228] -> [..111.241.31.96][14384] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....69] [ip4][..tcp] [......10.0.2.15][50228] -> [..111.241.31.96][14384] end: [....35] [ip4][..tcp] [......10.0.2.15][50196] -> [...218.250.6.59][12556] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1781,7 +1777,7 @@ end: [...289] [ip4][..tcp] [......10.0.2.15][50313] -> [...96.65.68.194][35481] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [...237] [ip4][..tcp] [......10.0.2.15][50283] -> [..51.68.153.214][35004] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [...237] [ip4][..tcp] [......10.0.2.15][50283] -> [..51.68.153.214][35004] end: [...296] [ip4][..tcp] [......10.0.2.15][50320] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1791,7 +1787,7 @@ idle: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable] idle: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable] not-detected: [...153] [ip4][..tcp] [......10.0.2.15][50266] -> [.219.70.175.103][.4315] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [...153] [ip4][..tcp] [......10.0.2.15][50266] -> [.219.70.175.103][.4315] end: [...279] [ip4][..tcp] [......10.0.2.15][50303] -> [..88.120.73.215][24562] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1808,7 +1804,7 @@ end: [...223] [ip4][..tcp] [......10.0.2.15][50269] -> [..218.103.139.2][.3186] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [...143] [ip4][..tcp] [......10.0.2.15][50256] -> [.36.233.201.161][.2886] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [...143] [ip4][..tcp] [......10.0.2.15][50256] -> [.36.233.201.161][.2886] end: [...269] [ip4][..tcp] [......10.0.2.15][50293] -> [..97.83.183.148][.8890] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -1899,7 +1895,6 @@ idle: [....25] [ip4][..udp] [......10.0.2.15][50435] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][puppet] idle: [....24] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][50435] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][puppet] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2528,7 +2523,7 @@ idle: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol end: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Download][Potentially Dangerous][69.118.162.229] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol idle: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2627,7 +2622,6 @@ update: [...329] [ip4][..udp] [......10.0.2.15][28681] -> [..92.117.249.98][.6815] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -3064,7 +3058,7 @@ detected: [...745] [ip4][.icmp] [..164.132.10.25] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Susp Entropy not-detected: [....29] [ip4][..tcp] [......10.0.2.15][50191] -> [.207.38.163.228][.6778] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....29] [ip4][..tcp] [......10.0.2.15][50191] -> [.207.38.163.228][.6778] idle: [...320] [ip4][..udp] [......10.0.2.15][28681] -> [185.236.200.137][48142] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -3075,13 +3069,13 @@ idle: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....31] [ip4][..tcp] [......10.0.2.15][50193] -> [....89.75.52.19][46010] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....31] [ip4][..tcp] [......10.0.2.15][50193] -> [....89.75.52.19][46010] not-detected: [....28] [ip4][..tcp] [......10.0.2.15][50190] -> [..80.140.63.147][29545] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....28] [ip4][..tcp] [......10.0.2.15][50190] -> [..80.140.63.147][29545] not-detected: [....30] [ip4][..tcp] [......10.0.2.15][50192] -> [....45.65.87.24][16201] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....30] [ip4][..tcp] [......10.0.2.15][50192] -> [....45.65.87.24][16201] idle: [...322] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.219][.6909] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -3487,7 +3481,7 @@ idle: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....90] [ip4][..tcp] [......10.0.2.15][50245] -> [..73.62.225.181][46843] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....90] [ip4][..tcp] [......10.0.2.15][50245] -> [..73.62.225.181][46843] not-detected: [...300] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Unknown][Unknown][Unrated] RISK: Susp Entropy @@ -3502,7 +3496,6 @@ RISK: Unsafe Protocol update: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -4230,7 +4223,6 @@ idle: [...308] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][40137] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -4327,7 +4319,6 @@ detected: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol idle: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -5004,7 +4995,6 @@ RISK: Unsafe Protocol new: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] detected: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol new: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] detected: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -6387,7 +6377,6 @@ idle: [...684] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.149][54436] update: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -6724,7 +6713,6 @@ new: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] detected: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -6920,7 +6908,6 @@ idle: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -7036,7 +7023,6 @@ DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 311|guessed: 1|detection-updates: 5|updates: 2519] idle: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] idle: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] - RISK: Unsafe Protocol idle: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] idle: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -7223,7 +7209,7 @@ RISK: Unidirectional Traffic idle: [....45] [ip4][..tcp] [......10.0.2.15][50205] -> [.114.46.139.171][52120] idle: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][189.147.72.83] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy, Binary File/Data Transfer (Attempt) + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary File/Data Transfer (Attempt) idle: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [...777] [ip4][..udp] [......10.0.2.15][28681] -> [.124.244.211.43][23459] [Unknown][Unknown][Unrated] @@ -7407,7 +7393,7 @@ idle: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][69.118.162.229] - RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Susp Entropy, Binary File/Data Transfer (Attempt) + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary File/Data Transfer (Attempt) not-detected: [...281] [ip4][..tcp] [......10.0.2.15][50305] -> [....94.54.66.82][63637] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...281] [ip4][..tcp] [......10.0.2.15][50305] -> [....94.54.66.82][63637] diff --git a/test/results/flow-info/default/hl7.pcap.out b/test/results/flow-info/default/hl7.pcap.out index d71c07a79..77d02aab2 100644 --- a/test/results/flow-info/default/hl7.pcap.out +++ b/test/results/flow-info/default/hl7.pcap.out @@ -2,8 +2,18 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] - detected: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] [HL7][Unknown][RPC][Acceptable] + detected: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] [HL7][Unknown][Health][Acceptable] RISK: Known Proto on Non Std Port - end: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] [HL7][Unknown][RPC][Acceptable] + new: [.....2] [ip4][..tcp] [.....10.0.0.155][49250] -> [.....10.0.0.126][.6661] + detected: [.....2] [ip4][..tcp] [.....10.0.0.155][49250] -> [.....10.0.0.126][.6661] [HL7][Unknown][Health][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] [HL7][Unknown][Health][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....3] [ip4][..tcp] [.....10.0.0.155][49252] -> [.....10.0.0.126][.6661] + detected: [.....3] [ip4][..tcp] [.....10.0.0.155][49252] -> [.....10.0.0.126][.6661] [HL7][Unknown][Health][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....2] [ip4][..tcp] [.....10.0.0.155][49250] -> [.....10.0.0.126][.6661] [HL7][Unknown][Health][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....3] [ip4][..tcp] [.....10.0.0.155][49252] -> [.....10.0.0.126][.6661] [HL7][Unknown][Health][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_guessed_host_and_guessed.pcapng.out b/test/results/flow-info/default/http_guessed_host_and_guessed.pcapng.out index 3dd3f4fe3..5a6904b0a 100644 --- a/test/results/flow-info/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/flow-info/default/http_guessed_host_and_guessed.pcapng.out @@ -3,6 +3,6 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....170.33.13.5][..110] -> [....192.168.0.1][..179] guessed: [.....1] [ip4][..tcp] [....170.33.13.5][..110] -> [....192.168.0.1][..179] [POP3][Alibaba][Email][Unsafe] - RISK: Unsafe Protocol, Susp Entropy, Unidirectional Traffic, TCP Connection Issues + RISK: Unsafe Protocol, Susp Entropy, Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [.....1] [ip4][..tcp] [....170.33.13.5][..110] -> [....192.168.0.1][..179] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out index 3e9851065..df5225601 100644 --- a/test/results/flow-info/default/http_ipv6.pcap.out +++ b/test/results/flow-info/default/http_ipv6.pcap.out @@ -23,26 +23,26 @@ [ENTROPIES...: 4.7,7.9,5.3,7.8,5.2,7.6,5.4,6.9,5.2,5.4,7.5,5.4,4.9,6.9,5.2,7.7,5.6,5.5,5.2,7.0,4.9,7.6,5.5,6.9,5.3,7.6,5.5,6.9,5.2,7.6,5.4,7.0] new: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] new: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] - detected: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detected: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + detected: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detected: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch - detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch new: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] - detected: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + detected: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch new: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] [MIDSTREAM] new: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [MIDSTREAM] new: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [MIDSTREAM] new: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] - detected: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] - detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org] + detected: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] + detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch new: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [MIDSTREAM] new: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] @@ -66,13 +66,13 @@ idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Google][Web][Safe] idle: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] - end: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe] + end: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe] RISK: TLS Cert Mismatch - end: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe] + end: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe] RISK: TLS Cert Mismatch - end: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe] + end: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe] RISK: TLS Cert Mismatch - idle: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe] + idle: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][DigitalOcean][Network][Safe] RISK: TLS Cert Mismatch guessed: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [TLS][Google][Web][Safe] idle: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] diff --git a/test/results/flow-info/default/imaps.pcap.out b/test/results/flow-info/default/imaps.pcap.out index 9e7ccf398..0afe6117f 100644 --- a/test/results/flow-info/default/imaps.pcap.out +++ b/test/results/flow-info/default/imaps.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] - detected: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][Unknown][Email][Safe] + detected: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][DigitalOcean][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][Unknown][Email][Safe] + detection-update: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][DigitalOcean][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][Unknown][Email][Safe] + detection-update: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][DigitalOcean][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] @@ -15,7 +15,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....2] [ip4][..tcp] [....192.168.0.1][51529] -> [.....10.10.10.1][..993] [IMAPS][Unknown][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS - idle: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][Unknown][Email][Safe] + idle: [.....1] [ip4][..tcp] [....192.168.1.8][50506] -> [.167.99.215.164][..993] [IMAPS.ntop][DigitalOcean][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [.....2] [ip4][..tcp] [....192.168.0.1][51529] -> [.....10.10.10.1][..993] [IMAPS][Unknown][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/default/log4j-webapp-exploit.pcap.out b/test/results/flow-info/default/log4j-webapp-exploit.pcap.out index b1e2a24c5..3ce08820c 100644 --- a/test/results/flow-info/default/log4j-webapp-exploit.pcap.out +++ b/test/results/flow-info/default/log4j-webapp-exploit.pcap.out @@ -43,7 +43,7 @@ RISK: Known Proto on Non Std Port end: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001] [Unknown][Unknown][Unrated] not-detected: [.....7] [ip4][..tcp] [..172.16.238.10][55498] -> [....10.10.10.31][.9001] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....7] [ip4][..tcp] [..172.16.238.10][55498] -> [....10.10.10.31][.9001] idle: [.....1] [ip4][..tcp] [...172.16.238.1][.1984] -> [..172.16.238.10][.8080] [HTTP][Unknown][Web][Acceptable][192.168.13.31] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Susp Header, Possible Exploit Attempt diff --git a/test/results/flow-info/default/mikrotik_mndp.pcap.out b/test/results/flow-info/default/mikrotik_mndp.pcap.out new file mode 100644 index 000000000..fb225717d --- /dev/null +++ b/test/results/flow-info/default/mikrotik_mndp.pcap.out @@ -0,0 +1,15 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detected: [.....1] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + new: [.....2] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + detected: [.....2] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..udp] [..192.168.2.106][.5678] -> [255.255.255.255][.5678] + detected: [.....3] [ip4][..udp] [..192.168.2.106][.5678] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [.....2] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [.....1] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [.....3] [ip4][..udp] [..192.168.2.106][.5678] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mpeg.pcap.out b/test/results/flow-info/default/mpeg.pcap.out index d80d07946..fbdb99096 100644 --- a/test/results/flow-info/default/mpeg.pcap.out +++ b/test/results/flow-info/default/mpeg.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] - detected: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Unknown][Network][Safe][luca.ntop.org] - detection-update: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Unknown][Media][Safe][luca.ntop.org] - end: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Unknown][Media][Safe][luca.ntop.org] + detected: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][DigitalOcean][Network][Safe][luca.ntop.org] + detection-update: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][DigitalOcean][Media][Safe][luca.ntop.org] + end: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][DigitalOcean][Media][Safe][luca.ntop.org] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/netbios.pcap.out b/test/results/flow-info/default/netbios.pcap.out index 6894cb11a..c9b32d0d3 100644 --- a/test/results/flow-info/default/netbios.pcap.out +++ b/test/results/flow-info/default/netbios.pcap.out @@ -7,7 +7,6 @@ detected: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][ozi] new: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] detected: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][nvr9] - RISK: Unsafe Protocol new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM] analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][xstream_hy] min| max| avg| stddev| variance| entropy @@ -35,7 +34,6 @@ detected: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][guru] new: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] detected: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][bowie] - RISK: Unsafe Protocol new: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] detected: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*] new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] @@ -55,7 +53,6 @@ update: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][xstream_hy] update: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][ozi] update: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][nvr9] - RISK: Unsafe Protocol update: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][muli] update: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*] DAEMON-EVENT: [Processed: 260 pkts][ZLib][compressions: 0|diff: 0 / 0] @@ -73,9 +70,7 @@ idle: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][muli] idle: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][xstream_hy] idle: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][bowie] - RISK: Unsafe Protocol idle: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][nvr9] - RISK: Unsafe Protocol guessed: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [NetBIOS][Unknown][System][Acceptable][] idle: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] idle: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*] diff --git a/test/results/flow-info/default/no_sni.pcap.out b/test/results/flow-info/default/no_sni.pcap.out index e354838dd..27b10647a 100644 --- a/test/results/flow-info/default/no_sni.pcap.out +++ b/test/results/flow-info/default/no_sni.pcap.out @@ -21,7 +21,9 @@ [PKTLENS.....: 64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40] [ENTROPIES...: 4.4,4.9,4.5,7.1,4.6,7.0,4.4,7.7,4.6,6.1,4.5,4.6,6.3,4.4,5.6,4.5,6.8,6.4,6.2,6.4,5.5,4.4,4.4,4.4,7.3,5.7,4.6,4.6,4.5,7.3,5.6,4.6] detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.473| 0.050| 0.107| 11455.737| 3.000] @@ -40,13 +42,19 @@ detected: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS][Cloudflare][Web][Safe][951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net] detected: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS][Cloudflare][Web][Safe][951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net] detected: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch detected: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch detected: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS][Cloudflare][Web][Safe][951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net] detection-update: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS][Cloudflare][Web][Safe][951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net] detection-update: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.144| 0.032| 0.043| 1852.691| 3.800] @@ -60,9 +68,13 @@ end: [.....1] [ip4][..tcp] [..192.168.1.119][51331] -> [.104.16.249.249][..443] [TLS][Cloudflare][Web][Safe] idle: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com] idle: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS][Cloudflare][Web][Safe] idle: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS][Cloudflare][Web][Safe] idle: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openvpn.pcap.out b/test/results/flow-info/default/openvpn.pcap.out index 070784b4f..2bac74317 100644 --- a/test/results/flow-info/default/openvpn.pcap.out +++ b/test/results/flow-info/default/openvpn.pcap.out @@ -26,9 +26,9 @@ DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] - detected: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] + detected: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][DigitalOcean][VPN][Acceptable] RISK: Known Proto on Non Std Port - analyse: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][DigitalOcean][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.998| 0.088| 0.234| 54526.591| 2.700] [PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800] @@ -42,9 +42,9 @@ DAEMON-EVENT: [Processed: 311 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] - detected: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable] RISK: Known Proto on Non Std Port - analyse: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.196| 0.045| 0.060| 3547.546| 3.900] [PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900] @@ -54,14 +54,14 @@ [IATS(ms)....: 195.2,195.8,0.8,177.2,176.2,0.5,0.5,0.5,0.4,0.5,0.5,98.5,98.6,29.6,29.6,19.8,19.8,0.4,0.5,50.1,50.0,29.9,30.0,20.3,20.2,9.5,9.5,38.3,38.3,31.9,31.9] [PKTLENS.....: 70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78] [ENTROPIES...: 5.3,5.5,5.7,5.6,5.9,5.6,6.0,5.7,6.6,5.7,6.7,5.7,6.6,5.7,6.4,5.7,6.6,5.6,6.6,5.7,6.0,5.6,6.4,5.7,6.6,5.6,6.6,5.6,6.3,5.7,6.5,5.7] - idle: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] + idle: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][DigitalOcean][VPN][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 394 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] - detected: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + detected: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable] RISK: Known Proto on Non Std Port - analyse: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.242| 0.188| 0.537| 288658.031| 2.400] [PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900] @@ -71,7 +71,7 @@ [IATS(ms)....: 2195.9,2242.5,46.7,0.1,203.1,15.1,218.1,0.6,0.6,0.5,0.5,3.5,3.5,185.2,185.2,0.4,0.4,39.5,39.5,9.4,9.4,82.3,82.3,3.8,3.8,34.2,34.2,15.7,15.7,74.3,74.3] [PKTLENS.....: 70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78] [ENTROPIES...: 5.2,5.3,5.4,5.5,5.6,5.5,5.8,5.6,6.1,5.5,6.6,5.5,6.7,5.6,6.6,5.5,6.4,5.6,6.7,5.5,6.5,5.6,6.0,5.6,6.3,5.6,6.6,5.6,6.6,5.5,6.4,5.6] - idle: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + idle: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 514 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -87,7 +87,7 @@ [IATS(ms)....: 216.1,332.2,5.8,3.4,337.9,58.0,0.1,0.1,0.1,307.1,10.0,20.5,1960.2,1.5,0.6,2241.1,1.7,0.7,299.0,1.5,2.3,0.2,300.0,2.0,1.3,0.7,338.5,1.2,1.5,0.3,340.9] [PKTLENS.....: 46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50] [ENTROPIES...: 4.7,4.8,5.0,5.3,4.5,5.1,7.4,6.7,7.7,7.6,5.0,5.1,5.1,5.4,5.5,5.6,5.1,5.1,5.1,5.7,5.7,5.9,5.8,5.1,5.2,5.1,5.1,6.5,6.6,5.9,6.1,5.1] - idle: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 614 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/default/opera-vpn.pcapng.out b/test/results/flow-info/default/opera-vpn.pcapng.out index b279907a3..b2bd0e5bc 100644 --- a/test/results/flow-info/default/opera-vpn.pcapng.out +++ b/test/results/flow-info/default/opera-vpn.pcapng.out @@ -841,7 +841,7 @@ idle: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] idle: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] guessed: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] [TLS][Unknown][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] end: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] idle: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] diff --git a/test/results/flow-info/default/path_of_exile.pcapng.out b/test/results/flow-info/default/path_of_exile.pcapng.out index 11333fef6..22a6e382d 100644 --- a/test/results/flow-info/default/path_of_exile.pcapng.out +++ b/test/results/flow-info/default/path_of_exile.pcapng.out @@ -3,5 +3,20 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.88.231][36262] -> [.198.50.120.150][.6112] detected: [.....1] [ip4][..tcp] [.192.168.88.231][36262] -> [.198.50.120.150][.6112] [PathofExile][Unknown][Game][Fun] + DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [...192.168.1.13][50808] -> [209.192.244.174][21360] + detected: [.....2] [ip4][..tcp] [...192.168.1.13][50808] -> [209.192.244.174][21360] [PathofExile][Unknown][Game][Fun] idle: [.....1] [ip4][..tcp] [.192.168.88.231][36262] -> [.198.50.120.150][.6112] [PathofExile][Unknown][Game][Fun] + DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [...192.168.1.13][49554] -> [.91.206.197.210][21360] + detected: [.....3] [ip4][..tcp] [...192.168.1.13][49554] -> [.91.206.197.210][21360] [PathofExile][Unknown][Game][Fun] + DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..tcp] [...192.168.1.13][36492] -> [....203.57.83.5][21360] + detected: [.....4] [ip4][..tcp] [...192.168.1.13][36492] -> [....203.57.83.5][21360] [PathofExile][Unknown][Game][Fun] + idle: [.....2] [ip4][..tcp] [...192.168.1.13][50808] -> [209.192.244.174][21360] [PathofExile][Unknown][Game][Fun] + idle: [.....3] [ip4][..tcp] [...192.168.1.13][49554] -> [.91.206.197.210][21360] [PathofExile][Unknown][Game][Fun] + idle: [.....4] [ip4][..tcp] [...192.168.1.13][36492] -> [....203.57.83.5][21360] [PathofExile][Unknown][Game][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/pinterest.pcap.out b/test/results/flow-info/default/pinterest.pcap.out index da271aca9..1589bf333 100644 --- a/test/results/flow-info/default/pinterest.pcap.out +++ b/test/results/flow-info/default/pinterest.pcap.out @@ -54,10 +54,10 @@ [IATS(ms)....: 29.2,29.3,0.5,30.6,2.1,0.0,0.0,0.0,32.2,0.0,0.0,0.0,7.2,0.3,2.0,0.2,0.1,0.3,0.4,53.9,0.0,0.2,0.0,43.6,1.3,0.0,0.0,1.3,0.2,0.8,0.5] [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72] [ENTROPIES...: 4.6,5.1,5.1,4.4,4.9,6.4,5.2,7.3,7.6,5.1,5.0,5.1,5.1,6.0,6.2,7.2,7.1,6.9,7.4,6.9,4.9,4.9,4.9,7.1,5.1,6.1,4.9,5.0,5.1,5.6,7.9,5.1] - new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] - detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] + new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [.....................2600:1901:0:7a0b::][..443] + detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [.....................2600:1901:0:7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [.....................2600:1901:0:7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] @@ -75,7 +75,7 @@ detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] - analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] + analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [.....................2600:1901:0:7a0b::][..443] [TLS][GoogleCloud][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100] [PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100] @@ -176,7 +176,7 @@ new: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] [MIDSTREAM] new: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] [MIDSTREAM] new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] [MIDSTREAM] - new: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] [MIDSTREAM] + new: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [.....................2600:1901:0:7a0b::][..443] [MIDSTREAM] new: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38406] -> [.......................2a04:4e42:1d::84][..443] [MIDSTREAM] new: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] [MIDSTREAM] new: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] [MIDSTREAM] @@ -257,9 +257,9 @@ idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com] - guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] - idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] - idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] + guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [.....................2600:1901:0:7a0b::][..443] [TLS][GoogleCloud][Web][Safe] + idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [.....................2600:1901:0:7a0b::][..443] + idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [.....................2600:1901:0:7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] [TLS][Google][Web][Safe] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][content-autofill.googleapis.com] diff --git a/test/results/flow-info/default/pop3_stls.pcap.out b/test/results/flow-info/default/pop3_stls.pcap.out index 04d6f1af9..3e1ce1a8a 100644 --- a/test/results/flow-info/default/pop3_stls.pcap.out +++ b/test/results/flow-info/default/pop3_stls.pcap.out @@ -7,9 +7,9 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe] RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe] - RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher, Unsafe Protocol detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe] - RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher, Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.072| 0.263| 0.525| 275477.529| 3.300] @@ -21,5 +21,5 @@ [PKTLENS.....: 52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89] [ENTROPIES...: 4.5,4.8,4.7,5.2,5.0,4.5,5.4,5.0,4.5,5.5,5.0,5.4,5.5,7.1,7.1,4.7,6.9,7.2,4.8,7.4,4.5,7.0,5.8,4.5,5.8,5.7,4.5,7.0,5.9,6.0,5.7,5.9] end: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe][pop.lavabit.com] - RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher, Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/portable_executable.pcap.out b/test/results/flow-info/default/portable_executable.pcap.out index 66d6ab09d..a38fbb6fa 100644 --- a/test/results/flow-info/default/portable_executable.pcap.out +++ b/test/results/flow-info/default/portable_executable.pcap.out @@ -3,10 +3,10 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444] new: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652] - not-detected: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444] [Unknown][Unknown][Unrated] + guessed: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444] [DigitalOcean][DigitalOcean][Web][Safe] RISK: Binary App Transfer, Susp Entropy idle: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444] - guessed: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652] [DNS][Unknown][Network][Acceptable][] + guessed: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652] [DNS][DigitalOcean][Network][Acceptable][] RISK: Binary App Transfer, Susp Entropy idle: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 4d450eb15..3ab24f900 100644 --- a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -119,14 +119,14 @@ DAEMON-EVENT: [Processed: 38 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 27|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] - detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons4.gvt2.com] + detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Google][Web][Acceptable][beacons4.gvt2.com] update: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.GoogleCloud][GoogleCloud][Advertisement][Acceptable][pagead2.googlesyndication.com] update: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-vh5ouxa-hju6.googlevideo.com] update: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Unknown][Media][Fun][r11---sn-vh5ouxa-hjuk.googlevideo.com] update: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Unknown][Media][Fun][r4---sn-vh5ouxa-hjud.googlevideo.com] new: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] detected: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Unknown][Media][Fun][r1---sn-hju7enel.googlevideo.com] - idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons4.gvt2.com] + idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Google][Web][Acceptable][beacons4.gvt2.com] idle: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.GoogleCloud][GoogleCloud][Advertisement][Acceptable][pagead2.googlesyndication.com] idle: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] [QUIC.YouTube][Unknown][Media][Fun][r3---sn-vh5ouxa-hju6.googlevideo.com] idle: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Unknown][Media][Fun][r11---sn-vh5ouxa-hjuk.googlevideo.com] diff --git a/test/results/flow-info/default/quic_interop_V.pcapng.out b/test/results/flow-info/default/quic_interop_V.pcapng.out index e115d16cd..73b6be48d 100644 --- a/test/results/flow-info/default/quic_interop_V.pcapng.out +++ b/test/results/flow-info/default/quic_interop_V.pcapng.out @@ -84,7 +84,7 @@ detected: [....32] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52271] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] - detected: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][DigitalOcean][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....34] [ip4][.icmp] [.131.159.24.198] -> [..192.168.1.128] detected: [....34] [ip4][.icmp] [.131.159.24.198] -> [..192.168.1.128] [ICMP][Unknown][Network][Acceptable] @@ -146,7 +146,7 @@ detection-update: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] - detected: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][DigitalOcean][Web][Acceptable] RISK: Known Proto on Non Std Port detection-update: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -167,7 +167,7 @@ detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] - detected: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][Unknown][Web][Acceptable] + detected: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][DigitalOcean][Web][Acceptable] new: [....60] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][43645] -> [......................2001:19f0:4:34::1][..443] detected: [....60] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][43645] -> [......................2001:19f0:4:34::1][..443] [QUIC][Unknown][Web][Acceptable] detection-update: [....21] [ip4][..udp] [..192.168.1.128][59171] -> [..193.190.10.98][.4433] [QUIC][Unknown][Web][Acceptable] @@ -237,7 +237,7 @@ detection-update: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic new: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] - detected: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] + detected: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][DigitalOcean][Network][Acceptable] detection-update: [....52] [ip4][..udp] [..192.168.1.128][35263] -> [.202.238.220.92][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....74] [ip4][.icmp] [..192.168.1.128] -> [..40.112.191.60] @@ -321,7 +321,7 @@ RISK: Known Proto on Non Std Port idle: [....31] [ip4][..udp] [..192.168.1.128][38933] -> [.202.238.220.92][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic - idle: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][Unknown][Web][Acceptable] + idle: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][DigitalOcean][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port @@ -331,10 +331,10 @@ RISK: Known Proto on Non Std Port idle: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port - idle: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][Unknown][Web][Acceptable] + idle: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][DigitalOcean][Web][Acceptable] idle: [....62] [ip4][..udp] [..192.168.1.128][42468] -> [.138.91.188.147][.4433] [QUIC][Azure][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][Unknown][Web][Acceptable] + idle: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][DigitalOcean][Web][Acceptable] RISK: Known Proto on Non Std Port idle: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -363,7 +363,7 @@ idle: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] [QUIC][Unknown][Web][Acceptable] idle: [....68] [ip6][icmp6] [......................2001:19f0:4:34::1] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] idle: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] - idle: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] + idle: [....73] [ip6][icmp6] [............2604:a880:800:a1::1279:3001] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][DigitalOcean][Network][Acceptable] idle: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC][AmazonAWS][Web][Acceptable] idle: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] [QUIC][Azure][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic diff --git a/test/results/flow-info/default/quickplay.pcap.out b/test/results/flow-info/default/quickplay.pcap.out index 05e0cd3dc..13087b961 100644 --- a/test/results/flow-info/default/quickplay.pcap.out +++ b/test/results/flow-info/default/quickplay.pcap.out @@ -66,7 +66,6 @@ RISK: Known Proto on Non Std Port, Binary File/Data Transfer (Attempt) new: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [MIDSTREAM] detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Acceptable][api.account.xiaomi.com] - RISK: Susp Entropy new: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [MIDSTREAM] detected: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable][vod-singtelhawk.quickplay.com] end: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Download][Fun][hkextshort.weixin.qq.com] @@ -95,7 +94,6 @@ idle: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com] RISK: Known Proto on Non Std Port, Binary File/Data Transfer (Attempt) idle: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Acceptable][api.account.xiaomi.com] - RISK: Susp Entropy idle: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [HTTP][Unknown][Streaming][Acceptable] idle: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][ConnCheck][Acceptable][clients3.google.com] idle: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Chat][Fun] diff --git a/test/results/flow-info/default/reddit.pcap.out b/test/results/flow-info/default/reddit.pcap.out index 38ec7390a..78d312a8d 100644 --- a/test/results/flow-info/default/reddit.pcap.out +++ b/test/results/flow-info/default/reddit.pcap.out @@ -389,7 +389,7 @@ end: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] end: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] guessed: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] [TLS][Google][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads] idle: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][fonts.googleapis.com] diff --git a/test/results/flow-info/default/signal_audiocall.pcapng.out b/test/results/flow-info/default/signal_audiocall.pcapng.out new file mode 100644 index 000000000..6008c8d4b --- /dev/null +++ b/test/results/flow-info/default/signal_audiocall.pcapng.out @@ -0,0 +1,50 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] + detected: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] + detected: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + new: [.....3] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][12261] + detected: [.....3] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][12261] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] + detected: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.009| 0.193| 0.329| 108144.574| 3.400] + [PKTLEN......: 48.000| 168.000| 115.100| 39.100| 1531.700| 4.900] + [BINS(c->s)..: 6,0,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,4,6,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,0,0,1,1,1] + [IATS(ms)....: 1.7,3.7,1.2,10.3,10.2,26.7,26.6,250.2,250.3,501.2,501.1,1004.0,1009.3,956.1,950.7,3.8,9.0,1.1,5.3,38.9,115.9,0.0,84.9,11.6,28.8,13.0,35.9,1.2,42.5,17.7,63.5] + [PKTLENS.....: 48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136] + [ENTROPIES...: 5.1,4.9,5.5,5.7,5.8,5.7,4.9,5.7,4.9,5.7,4.9,5.6,4.9,5.7,5.8,5.9,6.1,5.8,5.9,5.7,6.0,6.2,6.0,5.8,5.9,6.1,5.8,5.9,5.9,5.9,6.0,5.9] + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 2.229| 0.465| 0.655| 429159.809| 3.800] + [PKTLEN......: 56.000| 132.000| 101.400| 22.200| 491.600| 5.000] + [BINS(c->s)..: 2,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,1,7,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1] + [IATS(ms)....: 49.2,63.8,48.7,39.3,9.0,8.0,43.1,50.0,8.0,41.1,51.3,943.4,1038.3,262.2,355.0,260.4,75.7,606.2,10.9,31.2,394.5,279.9,364.3,2145.8,28.8,2221.2,290.3,345.1,931.1,1204.6,2229.2] + [PKTLENS.....: 124,124,92,132,124,92,92,124,92,92,124,92,132,92,124,92,56,84,84,56,124,92,124,92,124,56,92,124,92,84,124,92] + [ENTROPIES...: 6.0,5.9,5.9,5.8,6.0,5.8,5.8,5.9,5.8,5.9,5.9,5.8,5.7,5.8,5.9,5.7,5.2,5.9,5.7,5.2,5.8,5.9,5.9,5.8,5.9,5.2,5.8,6.0,5.7,5.8,5.9,5.8] + idle: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....3] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][12261] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/signal_multiparty.pcapng.out b/test/results/flow-info/default/signal_multiparty.pcapng.out new file mode 100644 index 000000000..5645eef4a --- /dev/null +++ b/test/results/flow-info/default/signal_multiparty.pcapng.out @@ -0,0 +1,13 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][38303] -> [.35.207.138.135][10000] + detected: [.....1] [ip4][..udp] [..192.168.12.67][38303] -> [.35.207.138.135][10000] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][38303] -> [.35.207.138.135][10000] [STUN.RTP][GoogleCloud][Media][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][38303] -> [.35.207.138.135][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][38303] -> [.35.207.138.135][10000] [SRTP.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/signal_videocall.pcapng.out b/test/results/flow-info/default/signal_videocall.pcapng.out new file mode 100644 index 000000000..626c8440d --- /dev/null +++ b/test/results/flow-info/default/signal_videocall.pcapng.out @@ -0,0 +1,33 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] + detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] + detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] + detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 2.449| 0.473| 0.711| 505100.075| 3.700] + [PKTLEN......: 56.000| 132.000| 102.600| 22.300| 496.600| 5.000] + [BINS(c->s)..: 1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1] + [IATS(ms)....: 66.0,95.9,49.2,89.8,52.0,7.9,75.8,92.2,90.8,45.8,45.9,841.8,964.7,88.1,209.4,700.4,8.8,797.8,169.0,140.8,10.0,132.1,62.7,2295.1,2449.2,43.9,201.2,880.5,2304.8,1490.8,147.9] + [PKTLENS.....: 124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124] + [ENTROPIES...: 6.0,5.9,5.7,5.9,5.7,5.9,6.0,5.8,6.0,5.7,5.9,5.7,5.9,5.8,5.9,5.8,5.2,5.8,5.9,5.8,5.7,5.1,5.9,5.9,5.8,5.8,5.9,5.7,5.1,5.8,5.8,6.0] + idle: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/signal_videocall_multiparty.pcapng.out b/test/results/flow-info/default/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..28d14060e --- /dev/null +++ b/test/results/flow-info/default/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,23 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] + detected: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.RTP][GoogleCloud][Media][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.071| 0.337| 0.396| 156437.676| 3.900] + [PKTLEN......: 56.000| 128.000| 92.700| 28.200| 793.400| 4.900] + [BINS(c->s)..: 1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1] + [IATS(ms)....: 32.9,48.8,0.3,44.5,50.5,44.1,223.8,0.4,25.3,800.7,1030.9,20.6,201.5,0.7,800.8,981.7,21.3,210.6,0.8,118.5,13.4,1043.7,879.5,0.9,1071.1,1007.2,0.7,274.5,390.9,400.1,691.0] + [PKTLENS.....: 128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74] + [ENTROPIES...: 5.6,5.7,5.1,5.7,5.7,5.8,5.8,5.8,5.2,5.0,5.8,5.4,5.8,5.7,5.1,5.6,5.4,5.7,5.8,5.1,5.8,5.2,5.4,5.7,5.2,5.4,5.9,5.2,5.6,5.8,5.0,5.4] + idle: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out index 1b5f0a56b..6e610a02b 100644 --- a/test/results/flow-info/default/sites.pcapng.out +++ b/test/results/flow-info/default/sites.pcapng.out @@ -179,8 +179,8 @@ idle: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Unknown][Web][Safe] idle: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Unknown][Game][Fun] new: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] - detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.office.com] - detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.office.com] + detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.office.com] + detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.office.com] new: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] detected: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com] detection-update: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com] @@ -188,7 +188,7 @@ detected: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com] detection-update: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com] new: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] - detected: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][onedrive.com] + detected: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Teams][Azure][Collaborative][Safe][onedrive.com] detection-update: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe][onedrive.com] new: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] detected: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.live.com] @@ -219,7 +219,7 @@ idle: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable] idle: [....41] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable][hangouts.google.com] idle: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe] - idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] idle: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable] DAEMON-EVENT: [Processed: 496 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 44|skipped: 0|!detected: 0|guessed: 4|detection-updates: 43|updates: 1] diff --git a/test/results/flow-info/default/sites2.pcapng.out b/test/results/flow-info/default/sites2.pcapng.out index 2d393c4bc..99345cb9b 100644 --- a/test/results/flow-info/default/sites2.pcapng.out +++ b/test/results/flow-info/default/sites2.pcapng.out @@ -13,7 +13,17 @@ detected: [.....3] [ip4][..tcp] [..192.168.12.67][43446] -> [..59.82.122.224][..443] [TLS.Taobao][Alibaba][Shopping][Acceptable][umdc.taobao.com] detection-update: [.....3] [ip4][..tcp] [..192.168.12.67][43446] -> [..59.82.122.224][..443] [TLS.Taobao][Alibaba][Shopping][Acceptable][umdc.taobao.com] detection-update: [.....3] [ip4][..tcp] [..192.168.12.67][43446] -> [..59.82.122.224][..443] [TLS.Taobao][Alibaba][Shopping][Acceptable][umdc.taobao.com] + DAEMON-EVENT: [Processed: 48 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 3 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] + new: [.....4] [ip4][..tcp] [..192.168.12.67][39974] -> [..151.101.1.233][..443] + detected: [.....4] [ip4][..tcp] [..192.168.12.67][39974] -> [..151.101.1.233][..443] [TLS.ParamountPlus][Unknown][Streaming][Fun][vod-gcs-cedexis.cbsaavideo.com] idle: [.....3] [ip4][..tcp] [..192.168.12.67][43446] -> [..59.82.122.224][..443] [TLS.Taobao][Alibaba][Shopping][Acceptable] idle: [.....2] [ip4][..tcp] [..192.168.12.67][47694] -> [......20.15.0.9][..443] [TLS.Temu][Azure][Shopping][Acceptable] idle: [.....1] [ip4][..tcp] [..192.168.12.67][46892] -> [...2.23.155.106][..443] [TLS.Shein][Unknown][Shopping][Acceptable] + DAEMON-EVENT: [Processed: 52 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] + new: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] + detected: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] [HTTP.YandexAlice][Yandex][ConnCheck][Acceptable][scbh.yandex.net] + end: [.....5] [ip4][..tcp] [..192.168.0.100][52124] -> [..213.180.193.9][...80] [HTTP.YandexAlice][Yandex][ConnCheck][Acceptable][scbh.yandex.net] + idle: [.....4] [ip4][..tcp] [..192.168.12.67][39974] -> [..151.101.1.233][..443] [TLS.ParamountPlus][Unknown][Streaming][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/skype-conference-call.pcap.out b/test/results/flow-info/default/skype-conference-call.pcap.out index 9397f5c52..413da7f2f 100644 --- a/test/results/flow-info/default/skype-conference-call.pcap.out +++ b/test/results/flow-info/default/skype-conference-call.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] - detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - analyse: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + analyse: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.TeamsCall][Azure][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.100| 0.011| 0.022| 503.840| 3.000] [PKTLEN......: 63.000| 943.000| 285.500| 317.000| 100457.800| 4.300] @@ -14,6 +14,6 @@ [IATS(ms)....: 7.3,44.5,54.5,0.2,54.9,0.3,10.3,20.1,24.4,100.1,0.3,0.1,0.2,0.1,0.2,0.2,0.1,0.2,0.2,0.2,0.1,2.8,14.7,0.4,0.2,0.2,0.3,0.2,0.2,0.2,3.7] [PKTLENS.....: 132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121] [ENTROPIES...: 5.5,5.4,5.7,5.6,5.4,5.7,5.6,6.5,6.5,6.4,6.8,5.2,6.5,6.5,6.6,6.6,6.5,6.5,6.4,6.6,6.5,6.5,5.6,5.6,7.8,7.8,7.8,7.8,7.8,7.8,6.6,6.3] - idle: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/smtp-starttls.pcap.out b/test/results/flow-info/default/smtp-starttls.pcap.out index 53e1b35dd..0abe739fe 100644 --- a/test/results/flow-info/default/smtp-starttls.pcap.out +++ b/test/results/flow-info/default/smtp-starttls.pcap.out @@ -7,9 +7,9 @@ detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable] RISK: Obsolete TLS (v1.1 or older) detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.157| 0.030| 0.035| 1204.841| 4.200] @@ -39,7 +39,7 @@ [PKTLENS.....: 72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60] [ENTROPIES...: 4.3,5.0,4.6,5.6,5.4,4.8,5.6,4.9,5.2,5.4,7.6,6.2,5.9,7.2,6.9,4.7,6.1,5.7,5.6,5.7,5.2,6.1,4.8,7.8,4.8,6.1,5.1,5.8,5.0,4.6,5.5,4.4] end: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Google][Email][Acceptable][mx.google.com] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Unknown][Email][Safe][dovecot.weberlab.de] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, TLS Susp Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out index 9e4130eae..bfb41836b 100644 --- a/test/results/flow-info/default/starcraft_battle.pcap.out +++ b/test/results/flow-info/default/starcraft_battle.pcap.out @@ -186,10 +186,10 @@ guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Unknown][Game][Fun] idle: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] guessed: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [TLS][Unknown][Web][Safe] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] guessed: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] [TLS][Unknown][Web][Safe] - RISK: Unidirectional Traffic, TCP Connection Issues + RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt end: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] idle: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] guessed: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [Starcraft][Unknown][Game][Fun] diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out index 97ff187c5..9db02bdbf 100644 --- a/test/results/flow-info/default/stun.pcap.out +++ b/test/results/flow-info/default/stun.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] - detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] @@ -14,7 +14,7 @@ new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy - end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable] DAEMON-EVENT: [Processed: 24 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] @@ -89,11 +89,11 @@ idle: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable] DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 3] - new: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] - detected: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] - detection-update: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] + detected: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] RISK: Unidirectional Traffic idle: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe] - idle: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable] + idle: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_msteams_unidir.pcapng.out b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out index 3f25d4813..13cff3135 100644 --- a/test/results/flow-info/default/stun_msteams_unidir.pcapng.out +++ b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] - detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_signal_tcp.pcapng.out b/test/results/flow-info/default/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..1f6d126c4 --- /dev/null +++ b/test/results/flow-info/default/stun_signal_tcp.pcapng.out @@ -0,0 +1,18 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] + detected: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + analyse: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.287| 0.030| 0.068| 4621.743| 3.100] + [PKTLEN......: 40.000| 288.000| 111.600| 62.100| 3852.600| 4.800] + [BINS(c->s)..: 6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0] + [IATS(ms)....: 5.1,5.2,1.3,6.5,7.4,14.7,7.0,5.3,0.2,0.2,0.2,0.2,5.4,2.6,0.0,6.6,276.6,286.8,49.6,44.8,3.7,9.3,19.8,40.1,25.2,48.6,51.2,0.0,2.7,9.9,0.4] + [PKTLENS.....: 52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140] + [ENTROPIES...: 4.7,4.9,4.8,5.2,4.4,5.8,5.9,5.8,4.6,5.7,5.8,5.9,5.9,5.7,5.8,6.1,4.8,6.1,4.8,6.1,4.7,6.4,5.9,4.8,6.0,4.8,6.1,5.9,4.8,5.9,4.8,5.9] + idle: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/synscan.pcap.out b/test/results/flow-info/default/synscan.pcap.out index e9b780e8b..2ee77a805 100644 --- a/test/results/flow-info/default/synscan.pcap.out +++ b/test/results/flow-info/default/synscan.pcap.out @@ -2194,7 +2194,7 @@ RISK: Unidirectional Traffic idle: [..1062] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][31038] not-detected: [...109] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][31337] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [...109] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][31337] not-detected: [..1189] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][64623] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -2415,7 +2415,7 @@ RISK: Unidirectional Traffic idle: [...157] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...24] guessed: [....35] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...25] [SMTP][Unknown][Email][Acceptable][] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....35] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...25] not-detected: [...293] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...26] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -2468,7 +2468,7 @@ guessed: [.....9] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...53] [DNS][Unknown][Network][Acceptable][] idle: [.....9] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...53] not-detected: [..1184] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...70] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [..1184] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...70] not-detected: [..1196] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...79] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -2563,7 +2563,7 @@ RISK: Unidirectional Traffic idle: [....25] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..111] not-detected: [....12] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..113] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....12] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..113] not-detected: [..1593] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..119] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -2572,7 +2572,7 @@ RISK: Unidirectional Traffic idle: [..1657] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..119] not-detected: [...523] [ip4][..tcp] [.....172.16.0.8][36061] -> [...64.13.134.52][..113] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [...523] [ip4][..tcp] [.....172.16.0.8][36061] -> [...64.13.134.52][..113] not-detected: [...723] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..125] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/tcp_scan.pcapng.out b/test/results/flow-info/default/tcp_scan.pcapng.out index 112b934d3..2f9a9c69d 100644 --- a/test/results/flow-info/default/tcp_scan.pcapng.out +++ b/test/results/flow-info/default/tcp_scan.pcapng.out @@ -9,24 +9,24 @@ new: [.....6] [ip4][..tcp] [..192.168.1.178][57916] -> [....192.168.1.2][.3391] [MIDSTREAM] new: [.....7] [ip4][..tcp] [..192.168.1.178][63243] -> [....192.168.1.2][.3392] [MIDSTREAM] guessed: [.....4] [ip4][..tcp] [..192.168.1.178][43067] -> [....192.168.1.2][.3389] [RDP][Unknown][RemoteAccess][Acceptable] - RISK: Desktop/File Sharing, TCP Connection Issues + RISK: Desktop/File Sharing, TCP Connection Issues, Probing Attempt end: [.....4] [ip4][..tcp] [..192.168.1.178][43067] -> [....192.168.1.2][.3389] guessed: [.....1] [ip4][..tcp] [..192.168.1.178][56272] -> [....192.168.1.2][...80] [HTTP][Unknown][Web][Acceptable][] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....1] [ip4][..tcp] [..192.168.1.178][56272] -> [....192.168.1.2][...80] guessed: [.....2] [ip4][..tcp] [..192.168.1.178][56273] -> [....192.168.1.2][..443] [TLS][Unknown][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....2] [ip4][..tcp] [..192.168.1.178][56273] -> [....192.168.1.2][..443] guessed: [.....3] [ip4][..tcp] [..192.168.1.178][56274] -> [....192.168.1.2][..445] [SMBv23][Unknown][System][Acceptable] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....3] [ip4][..tcp] [..192.168.1.178][56274] -> [....192.168.1.2][..445] not-detected: [.....6] [ip4][..tcp] [..192.168.1.178][57916] -> [....192.168.1.2][.3391] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....6] [ip4][..tcp] [..192.168.1.178][57916] -> [....192.168.1.2][.3391] not-detected: [.....5] [ip4][..tcp] [..192.168.1.178][62971] -> [....192.168.1.2][.3390] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....5] [ip4][..tcp] [..192.168.1.178][62971] -> [....192.168.1.2][.3390] not-detected: [.....7] [ip4][..tcp] [..192.168.1.178][63243] -> [....192.168.1.2][.3392] [Unknown][Unknown][Unrated] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....7] [ip4][..tcp] [..192.168.1.178][63243] -> [....192.168.1.2][.3392] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out index 640d86de0..8ae0bdbae 100644 --- a/test/results/flow-info/default/teams.pcap.out +++ b/test/results/flow-info/default/teams.pcap.out @@ -15,11 +15,11 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] @@ -48,8 +48,8 @@ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -91,26 +91,26 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] @@ -140,9 +140,9 @@ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -180,7 +180,7 @@ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] @@ -223,12 +223,12 @@ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -241,7 +241,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] @@ -252,9 +252,9 @@ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,10 +281,10 @@ detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400] [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] @@ -308,12 +308,12 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] @@ -341,13 +341,13 @@ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] @@ -355,25 +355,25 @@ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS @@ -386,28 +386,28 @@ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -419,15 +419,15 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] - detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] @@ -439,12 +439,12 @@ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] - idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -453,9 +453,9 @@ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe] end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] @@ -476,9 +476,9 @@ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] @@ -489,7 +489,7 @@ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] - idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] @@ -506,8 +506,8 @@ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] - idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] - idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] + idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe] idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] RISK: Minor Issues idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] @@ -519,9 +519,9 @@ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] - idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] @@ -532,24 +532,24 @@ RISK: TLS (probably) Not Carrying HTTPS end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS - idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] - idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/telegram.pcap.out b/test/results/flow-info/default/telegram.pcap.out index 2bd051e4a..58d39308c 100644 --- a/test/results/flow-info/default/telegram.pcap.out +++ b/test/results/flow-info/default/telegram.pcap.out @@ -107,7 +107,6 @@ detected: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][] new: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] detected: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][desktop-rb5t12g] - RISK: Unsafe Protocol new: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] detected: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] new: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] @@ -219,7 +218,6 @@ idle: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup] idle: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][desktop-rb5t12g] - RISK: Unsafe Protocol idle: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_dacp._tcp.local] idle: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_spotify-connect._tcp.local] idle: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out index 3440b2b77..a5d33e1d4 100644 --- a/test/results/flow-info/default/telegram_videocall.pcapng.out +++ b/test/results/flow-info/default/telegram_videocall.pcapng.out @@ -198,7 +198,7 @@ idle: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] idle: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable] RISK: Susp Entropy diff --git a/test/results/flow-info/default/telegram_videocall_2.pcapng.out b/test/results/flow-info/default/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..3d5f85e4e --- /dev/null +++ b/test/results/flow-info/default/telegram_videocall_2.pcapng.out @@ -0,0 +1,63 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] + detected: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] + detected: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] + detected: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] + detected: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] + detected: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] + detected: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] + detected: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [Telegram][Telegram][Chat][Acceptable] + detection-update: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + detection-update: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + detection-update: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + analyse: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.633| 0.087| 0.150| 22365.106| 3.700] + [PKTLEN......: 56.000| 680.000| 146.800| 107.000| 11452.500| 4.800] + [BINS(c->s)..: 1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1] + [IATS(ms)....: 24.4,29.5,32.3,633.2,629.0,42.4,122.6,119.6,0.6,39.8,5.4,31.6,39.5,41.7,145.5,160.6,48.0,92.4,8.6,65.3,0.3,0.7,20.9,96.3,0.0,115.5,8.2,23.5,57.9,62.0,6.6] + [PKTLENS.....: 56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89] + [ENTROPIES...: 4.9,5.7,5.7,5.8,5.8,5.9,5.7,6.0,5.6,6.6,5.9,5.5,5.8,5.3,5.7,5.4,5.8,5.4,5.8,5.9,5.2,5.5,6.8,5.7,5.9,5.5,5.4,6.5,6.8,6.5,7.2,5.9] + analyse: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.699| 0.109| 0.168| 28175.655| 3.800] + [PKTLEN......: 68.000| 624.000| 160.000| 120.100| 14426.000| 4.700] + [BINS(c->s)..: 0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0] + [IATS(ms)....: 24.1,514.6,513.6,39.7,23.0,13.8,37.2,83.7,46.8,52.5,0.0,53.8,48.2,41.9,1.1,8.1,49.4,47.9,10.1,16.1,39.4,38.9,30.0,122.7,10.1,52.8,64.0,152.2,227.3,304.3,699.0] + [PKTLENS.....: 68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148] + [ENTROPIES...: 4.6,4.7,4.6,4.7,5.7,5.8,6.0,5.7,6.1,5.7,5.8,6.1,6.1,5.8,6.0,5.7,6.0,5.8,5.8,6.0,5.2,6.1,6.2,6.8,7.5,6.1,5.8,6.4,6.1,5.7,6.2,5.7] + idle: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/telegram_voice.pcapng.out b/test/results/flow-info/default/telegram_voice.pcapng.out new file mode 100644 index 000000000..d5d9c9051 --- /dev/null +++ b/test/results/flow-info/default/telegram_voice.pcapng.out @@ -0,0 +1,75 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] + detected: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] + detected: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com] + detection-update: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com] + new: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] + detected: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] + detected: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] + detected: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] + detected: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] + detected: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] + detected: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [Telegram][Telegram][Chat][Acceptable] + detection-update: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + analyse: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.245| 0.055| 0.061| 3776.523| 4.100] + [PKTLEN......: 68.000| 668.000| 179.500| 151.200| 22848.800| 4.600] + [BINS(c->s)..: 0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 25.1,216.7,245.3,4.5,49.1,101.1,2.1,47.9,0.7,0.2,48.0,0.0,48.7,63.2,0.0,67.9,33.7,30.9,5.6,35.6,42.6,0.0,106.6,90.5,4.9,3.1,92.1,131.9,148.1,20.8,29.2] + [PKTLENS.....: 68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92] + [ENTROPIES...: 4.6,4.7,5.8,6.1,5.7,5.7,6.0,5.7,5.2,6.0,5.6,6.0,5.8,6.1,6.5,6.1,6.8,5.8,6.0,4.6,4.7,7.4,5.9,6.4,5.5,5.8,6.8,5.7,5.8,5.7,6.9,5.7] + analyse: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.364| 0.062| 0.086| 7379.713| 4.000] + [PKTLEN......: 56.000| 237.000| 136.900| 39.800| 1586.600| 4.900] + [BINS(c->s)..: 1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 28.3,34.1,35.5,364.5,0.6,362.7,49.5,68.7,48.4,51.1,2.9,56.0,29.1,0.3,48.7,1.9,20.8,10.4,79.4,92.3,1.6,0.8,131.5,118.8,44.2,69.5,51.9,13.8,47.9,1.9,51.2] + [PKTLENS.....: 56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82] + [ENTROPIES...: 5.0,5.7,5.7,5.9,5.7,5.7,5.8,5.6,5.9,5.7,6.0,5.8,5.8,5.7,6.0,6.0,5.8,5.8,5.9,5.9,5.7,5.5,6.9,5.4,6.7,6.6,6.7,6.7,5.5,6.9,5.7,5.9] + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + new: [....10] [ip4][.icmp] [..192.168.12.67] -> [....91.108.9.34] + detected: [....10] [ip4][.icmp] [..192.168.12.67] -> [....91.108.9.34] [ICMP][Telegram][Network][Acceptable] + RISK: Susp Entropy + idle: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [....10] [ip4][.icmp] [..192.168.12.67] -> [....91.108.9.34] [ICMP][Telegram][Network][Acceptable] + RISK: Susp Entropy + idle: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] [Telegram][Telegram][Chat][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls-esni-fuzzed.pcap.out b/test/results/flow-info/default/tls-esni-fuzzed.pcap.out index 746e70f43..fdd145143 100644 --- a/test/results/flow-info/default/tls-esni-fuzzed.pcap.out +++ b/test/results/flow-info/default/tls-esni-fuzzed.pcap.out @@ -3,13 +3,17 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS][Cloudflare][Web][Safe][] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS][Cloudflare][Web][Safe] - RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS][Cloudflare][Web][Safe] + RISK: TLS Susp ESNI Usage, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out b/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out index 0d9a48192..a512ee6f2 100644 --- a/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out @@ -7,12 +7,12 @@ detected: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com] detection-update: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com] new: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] - detected: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP][Unknown][Web][Acceptable][127.0.0.1] + detected: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI new: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] detected: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] detection-update: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] - analyse: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP][Unknown][Web][Acceptable][127.0.0.1] + analyse: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.082| 0.011| 0.023| 506.460| 2.800] [PKTLEN......: 52.000| 2104.000| 665.100| 842.700| 710078.000| 3.900] @@ -32,7 +32,7 @@ [IATS(ms)....: 0.1,0.1,0.1,0.1,0.4,0.4,4.5,4.7,44.0,9.4,77.6,24.3,0.3,0.3,4.2,0.3,0.0,0.0,0.0,4.6,3.4,3.7,0.6,41.3,82.0,41.2,0.1,0.2,0.2,0.2,0.1] [PKTLENS.....: 60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901] [ENTROPIES...: 4.3,4.7,4.6,4.5,4.6,4.6,4.6,4.7,4.5,4.6,4.7,7.9,4.7,7.9,4.6,6.2,5.9,5.8,5.7,6.1,4.7,7.7,5.5,5.5,4.7,8.0,4.6,8.0,4.6,7.9,4.6,7.8] - idle: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP][Unknown][Web][Acceptable][127.0.0.1] + idle: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com] idle: [.....1] [ip4][..tcp] [......127.0.0.1][44532] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable] diff --git a/test/results/flow-info/default/tls_invalid_reads.pcap.out b/test/results/flow-info/default/tls_invalid_reads.pcap.out index 890fe2354..f0bda1ce7 100644 --- a/test/results/flow-info/default/tls_invalid_reads.pcap.out +++ b/test/results/flow-info/default/tls_invalid_reads.pcap.out @@ -5,12 +5,12 @@ detected: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..tcp] [...74.80.160.99][.3258] -> [...67.217.77.28][..443] [MIDSTREAM] idle: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher DAEMON-EVENT: [Processed: 9 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] ERROR-EVENT: Unknown packet type [1/16] diff --git a/test/results/flow-info/default/tor.pcap.out b/test/results/flow-info/default/tor.pcap.out index cba1e4f26..e9fc2ab87 100644 --- a/test/results/flow-info/default/tor.pcap.out +++ b/test/results/flow-info/default/tor.pcap.out @@ -36,7 +36,6 @@ ERROR-EVENT: Unknown packet type [16/16] new: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc] - RISK: Unsafe Protocol analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 31.166| 2.329| 7.550| 56997495.964| 1.900] @@ -60,7 +59,6 @@ update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] new: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [MIDSTREAM] update: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc] - RISK: Unsafe Protocol analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 71.328| 4.658| 14.789| 218716025.389| 1.800] @@ -109,7 +107,6 @@ end: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com] RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc] - RISK: Unsafe Protocol update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] ERROR-EVENT: Unknown packet type [6/16] ERROR-EVENT: Unknown packet type [7/16] diff --git a/test/results/flow-info/default/tunnelbear.pcap.out b/test/results/flow-info/default/tunnelbear.pcap.out index fd141cb12..6a3452613 100644 --- a/test/results/flow-info/default/tunnelbear.pcap.out +++ b/test/results/flow-info/default/tunnelbear.pcap.out @@ -1,6 +1,6 @@ DAEMON-EVENT: init new: [.....1] [ip4][..udp] [......10.0.2.15][57636] -> [...142.93.78.79][51820] - detected: [.....1] [ip4][..udp] [......10.0.2.15][57636] -> [...142.93.78.79][51820] [WireGuard.TunnelBear][Unknown][VPN][Acceptable] + detected: [.....1] [ip4][..udp] [......10.0.2.15][57636] -> [...142.93.78.79][51820] [WireGuard.TunnelBear][DigitalOcean][VPN][Acceptable] DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] @@ -47,7 +47,7 @@ [IATS(ms)....: 3.4,3.9,2.0,2.9,57.3,108.0,0.8,51.4,0.3,0.1,0.1,0.1,0.1,0.1,50.9,51.9,1.0,50.4,50.8,196.8,233.7,37.7,51.5,50.9,51.1,0.1,51.0,0.5,0.2,0.4,1.0] [PKTLENS.....: 60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40] [ENTROPIES...: 4.5,4.6,4.6,6.1,4.5,6.1,4.7,5.4,4.5,7.4,4.6,7.6,4.5,7.2,4.5,5.9,7.4,4.6,5.3,4.6,7.7,4.7,6.8,4.7,5.3,4.6,5.1,4.5,4.5,4.4,4.5,4.5] - idle: [.....1] [ip4][..udp] [......10.0.2.15][57636] -> [...142.93.78.79][51820] [WireGuard.TunnelBear][Unknown][VPN][Acceptable] + idle: [.....1] [ip4][..udp] [......10.0.2.15][57636] -> [...142.93.78.79][51820] [WireGuard.TunnelBear][DigitalOcean][VPN][Acceptable] new: [....10] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM] detected: [....10] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/vivox.pcapng.out b/test/results/flow-info/default/vivox.pcapng.out new file mode 100644 index 000000000..f160230bc --- /dev/null +++ b/test/results/flow-info/default/vivox.pcapng.out @@ -0,0 +1,12 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.1.13][40434] -> [...85.236.98.21][..443] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][40434] -> [...85.236.98.21][..443] [TLS.Vivox][Vivox][Game][Fun][mt1s.www.vivox.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [.....2] [ip4][..udp] [...192.168.1.13][55921] -> [..85.236.96.158][40354] + detected: [.....2] [ip4][..udp] [...192.168.1.13][55921] -> [..85.236.96.158][40354] [RTP][Vivox][Media][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.1.13][55921] -> [..85.236.96.158][40354] [RTP][Vivox][Media][Acceptable] + idle: [.....1] [ip4][..tcp] [...192.168.1.13][40434] -> [...85.236.98.21][..443] [TLS.Vivox][Vivox][Game][Fun] + RISK: TLS (probably) Not Carrying HTTPS + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/waze.pcap.out b/test/results/flow-info/default/waze.pcap.out index b437cedb7..7209cfdc5 100644 --- a/test/results/flow-info/default/waze.pcap.out +++ b/test/results/flow-info/default/waze.pcap.out @@ -10,7 +10,6 @@ new: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] new: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] - RISK: Susp Entropy new: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] detected: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) @@ -19,10 +18,9 @@ detected: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS][Google][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] @@ -34,9 +32,7 @@ new: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] new: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy detected: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] - RISK: Susp Entropy new: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] new: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] new: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] @@ -51,10 +47,8 @@ detected: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detected: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy new: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] detected: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] @@ -63,7 +57,6 @@ RISK: Obsolete TLS (v1.1 or older) new: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable][xtra1.gpsonextra.net] min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 3.681| 0.340| 0.885| 782653.260| 2.800] @@ -181,19 +174,12 @@ end: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] idle: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] [NTP][Unknown][System][Acceptable] end: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] - RISK: Susp Entropy end: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy end: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy end: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][roadshields.waze.com] - RISK: Susp Entropy end: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy end: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy end: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com] - RISK: Susp Entropy end: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older) end: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] @@ -219,7 +205,7 @@ guessed: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] [HTTP][Unknown][Web][Acceptable][] end: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] idle: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS][Google][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher guessed: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [HTTP][Unknown][Web][Acceptable][] end: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] guessed: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][] diff --git a/test/results/flow-info/default/webex.pcap.out b/test/results/flow-info/default/webex.pcap.out index e7f532558..71c271019 100644 --- a/test/results/flow-info/default/webex.pcap.out +++ b/test/results/flow-info/default/webex.pcap.out @@ -5,7 +5,7 @@ detected: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.557| 0.113| 0.156| 24421.341| 3.700] @@ -20,7 +20,7 @@ detected: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] new: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] detected: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] @@ -28,9 +28,9 @@ detected: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.455| 0.115| 0.126| 15828.845| 4.100] @@ -173,7 +173,7 @@ detection-update: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable][ssl.google-analytics.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] new: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] detected: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] @@ -243,14 +243,14 @@ detection-update: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] RISK: HTTP Obsolete Server detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] new: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] detected: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] @@ -258,9 +258,9 @@ detected: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] detected: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) @@ -270,7 +270,7 @@ detected: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] detected: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) @@ -322,7 +322,7 @@ end: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) end: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] @@ -344,7 +344,7 @@ end: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher guessed: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] end: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) @@ -364,15 +364,15 @@ end: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] RISK: Obsolete TLS (v1.1 or older) end: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] [TLS][Webex][Web][Safe] @@ -388,13 +388,13 @@ idle: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable] RISK: TLS (probably) Not Carrying HTTPS idle: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS end: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] diff --git a/test/results/flow-info/default/websocket-chisel-ssh.pcap.out b/test/results/flow-info/default/websocket-chisel-ssh.pcap.out new file mode 100644 index 000000000..903014f48 --- /dev/null +++ b/test/results/flow-info/default/websocket-chisel-ssh.pcap.out @@ -0,0 +1,16 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..172.18.82.242][41986] -> [..172.18.82.243][...80] + detected: [.....1] [ip4][..tcp] [..172.18.82.242][41986] -> [..172.18.82.243][...80] [HTTP.WebSocket][Unknown][Web][Acceptable][something1.tld] + RISK: Obfuscated Traffic + new: [.....2] [ip4][..tcp] [..172.18.82.243][...80] -> [..172.18.82.242][51634] [MIDSTREAM] + detected: [.....2] [ip4][..tcp] [..172.18.82.243][...80] -> [..172.18.82.242][51634] [HTTP.WebSocket][Unknown][Web][Acceptable][] + RISK: HTTP Susp User-Agent + detection-update: [.....2] [ip4][..tcp] [..172.18.82.243][...80] -> [..172.18.82.242][51634] [HTTP.WebSocket][Unknown][Web][Acceptable][] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [..172.18.82.242][41986] -> [..172.18.82.243][...80] [HTTP.WebSocket][Unknown][Web][Acceptable][something1.tld] + RISK: Obfuscated Traffic + idle: [.....2] [ip4][..tcp] [..172.18.82.243][...80] -> [..172.18.82.242][51634] [HTTP.WebSocket][Unknown][Web][Acceptable] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out index d2f4ac4bc..685b1ed36 100644 --- a/test/results/flow-info/default/wechat.pcap.out +++ b/test/results/flow-info/default/wechat.pcap.out @@ -291,7 +291,6 @@ detected: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com] new: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] detected: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] new: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] @@ -345,7 +344,6 @@ detection-update: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com] update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] update: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] analyse: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun] min| max| avg| stddev| variance| entropy @@ -398,7 +396,6 @@ update: [....30] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] update: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] new: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] detected: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] @@ -441,7 +438,6 @@ update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] update: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][lbjamwptxz] update: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol update: [....65] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][49195] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][cansaqcq] update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] update: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] @@ -488,7 +484,6 @@ update: [....71] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] update: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][lbjamwptxz] update: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol update: [....65] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][49195] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][cansaqcq] update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] update: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] @@ -524,7 +519,6 @@ idle: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] idle: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][lbjamwptxz] idle: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol idle: [....65] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][49195] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][cansaqcq] idle: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] idle: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] @@ -594,7 +588,6 @@ RISK: Unidirectional Traffic new: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] detected: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol detection-update: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com] RISK: Unidirectional Traffic new: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] @@ -660,7 +653,6 @@ idle: [....76] [ip4][..tcp] [..192.168.1.103][54183] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic idle: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc] - RISK: Unsafe Protocol idle: [....97] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun] guessed: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [HTTP][Unknown][Web][Acceptable][] diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out index 3c3d49d8c..bd6c9a413 100644 --- a/test/results/flow-info/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out @@ -27,7 +27,7 @@ detected: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe][query.ess.apple.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe][query.ess.apple.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [MIDSTREAM] detected: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Apple][Cloud][Acceptable] detected: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Unknown][Chat][Acceptable] @@ -55,7 +55,7 @@ detected: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS analyse: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.246| 0.057| 0.089| 7910.915| 3.400] @@ -253,7 +253,7 @@ detected: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.272| 0.058| 0.092| 8444.798| 3.300] @@ -282,7 +282,7 @@ end: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] end: [.....6] [ip4][..tcp] [....192.168.2.4][49172] -> [..23.50.148.228][..443] [TLS][Unknown][Web][Safe] guessed: [....15] [ip4][..tcp] [....192.168.2.4][49203] -> [..17.178.104.14][..443] [TLS][Apple][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....15] [ip4][..tcp] [....192.168.2.4][49203] -> [..17.178.104.14][..443] guessed: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] [HTTP][Unknown][Web][Acceptable][] end: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] @@ -345,15 +345,15 @@ guessed: [....21] [ip4][..tcp] [....192.168.2.4][49181] -> [..17.172.100.37][..443] [TLS][Apple][Web][Safe] end: [....21] [ip4][..tcp] [....192.168.2.4][49181] -> [..17.172.100.37][..443] end: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....1] [ip4][..tcp] [....192.168.2.4][49199] -> [..17.172.100.70][..993] [IMAPS][Apple][Email][Safe] idle: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][query.ess.apple.com] end: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe][query.ess.apple.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e13.whatsapp.net] idle: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic diff --git a/test/results/flow-info/default/xiaomi.pcap.out b/test/results/flow-info/default/xiaomi.pcap.out index 0f54ea7b5..d3addbe04 100644 --- a/test/results/flow-info/default/xiaomi.pcap.out +++ b/test/results/flow-info/default/xiaomi.pcap.out @@ -37,9 +37,9 @@ DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] detected: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Alibaba][Web][Acceptable][203.107.1.65] - RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Susp Entropy + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI idle: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][AmazonAWS][Web][Acceptable][fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com] RISK: Susp Entropy idle: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Alibaba][Web][Acceptable] - RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Susp Entropy + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out index aba617d7c..e406925af 100644 --- a/test/results/flow-info/default/zoom.pcap.out +++ b/test/results/flow-info/default/zoom.pcap.out @@ -7,9 +7,9 @@ new: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] detected: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_spotify-connect._tcp.local] new: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] - detected: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type [1/16] new: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [MIDSTREAM] @@ -219,9 +219,9 @@ idle: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Unknown][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS guessed: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [TLS][AmazonAWS][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] - end: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS end: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/disable_metadata/sip.pcap.out b/test/results/flow-info/disable_metadata/sip.pcap.out deleted file mode 100644 index 6b99bbd05..000000000 --- a/test/results/flow-info/disable_metadata/sip.pcap.out +++ /dev/null @@ -1,56 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] - detected: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - new: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] - detected: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - DAEMON-EVENT: [Processed: 43 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 9] - update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - analyse: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.026| 279.042| 42.751| 57.874| 3349363405.357| 4.000] - [PKTLEN......: 33.000| 853.000| 415.300| 273.000| 74531.700| 4.600] - [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0] - [IATS(ms)....: 136.8,17415.6,17425.0,49.8,89928.6,89874.9,17280.7,17290.4,150200.0,150188.2,17325.2,17335.8,73916.0,73902.7,17325.0,17333.2,25.9,17725.0,29031.8,29092.7,34118.2,34119.1,29272.4,29031.8,29031.6,29031.5,17105.0,497.7,1001.8,279041.8,227.1] - [PKTLENS.....: 495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368] - [ENTROPIES...: 5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.6,4.1,4.1,4.1,4.1,4.1,4.1,4.0,4.1,4.1,5.7,5.7,5.7,5.8,5.7] - update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - idle: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - DAEMON-EVENT: [Processed: 68 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 17] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - new: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] - detected: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - new: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - update: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] - update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - idle: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - not-detected: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] [Unknown][Unknown][Unrated] - RISK: Susp Entropy, Unidirectional Traffic - idle: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] - idle: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out deleted file mode 100644 index eebfcfd74..000000000 --- a/test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,19 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] - [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] - [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] - [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] - [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] - [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/flow-info/disable_metadata_and_flowrisks/sip.pcap.out new file mode 100644 index 000000000..6b99bbd05 --- /dev/null +++ b/test/results/flow-info/disable_metadata_and_flowrisks/sip.pcap.out @@ -0,0 +1,56 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] + detected: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + new: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] + detected: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + DAEMON-EVENT: [Processed: 43 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 9] + update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + analyse: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.026| 279.042| 42.751| 57.874| 3349363405.357| 4.000] + [PKTLEN......: 33.000| 853.000| 415.300| 273.000| 74531.700| 4.600] + [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0] + [IATS(ms)....: 136.8,17415.6,17425.0,49.8,89928.6,89874.9,17280.7,17290.4,150200.0,150188.2,17325.2,17335.8,73916.0,73902.7,17325.0,17333.2,25.9,17725.0,29031.8,29092.7,34118.2,34119.1,29272.4,29031.8,29031.6,29031.5,17105.0,497.7,1001.8,279041.8,227.1] + [PKTLENS.....: 495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368] + [ENTROPIES...: 5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.6,4.1,4.1,4.1,4.1,4.1,4.1,4.0,4.1,4.1,5.7,5.7,5.7,5.8,5.7] + update: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + idle: [.....2] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + DAEMON-EVENT: [Processed: 68 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 17] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + new: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] + detected: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + new: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + update: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + update: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] + update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + idle: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + not-detected: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] [Unknown][Unknown][Unrated] + RISK: Susp Entropy, Unidirectional Traffic + idle: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] + idle: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/flow-info/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..eebfcfd74 --- /dev/null +++ b/test/results/flow-info/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out @@ -0,0 +1,19 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] + [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] + [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] + [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] + [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] + [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] + end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out index 7276e2c12..7b3376352 100644 --- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out @@ -133,7 +133,6 @@ [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] @@ -213,6 +212,7 @@ new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] detection-update: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] RISK: Error Code new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] @@ -232,7 +232,6 @@ detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] detected: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -248,6 +247,7 @@ new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] detected: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] @@ -267,7 +267,9 @@ detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] detected: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] @@ -277,6 +279,7 @@ new: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] detected: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] new: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] detected: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] @@ -407,7 +410,6 @@ update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected @@ -441,9 +443,7 @@ idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] - not-detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad] @@ -459,12 +459,8 @@ idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected - not-detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] - not-detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] @@ -489,9 +485,7 @@ idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav] idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] @@ -565,9 +559,7 @@ idle: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] idle: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] idle: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol idle: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] @@ -585,9 +577,7 @@ idle: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] - not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI @@ -658,7 +648,6 @@ detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -709,7 +698,6 @@ [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] @@ -796,7 +784,6 @@ detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] @@ -815,7 +802,6 @@ idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] @@ -828,7 +814,6 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] @@ -852,7 +837,6 @@ idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] RISK: Error Code idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] diff --git a/test/results/flow-info/fpc/1kxun.pcap.out b/test/results/flow-info/fpc/1kxun.pcap.out new file mode 100644 index 000000000..7b3376352 --- /dev/null +++ b/test/results/flow-info/fpc/1kxun.pcap.out @@ -0,0 +1,870 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] + detected: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] + detected: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] + detected: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] + detected: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable][] + new: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [MIDSTREAM] + new: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] + detected: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] + detected: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] + detected: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen] + new: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] + detected: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + new: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] + detected: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] + detected: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] + detected: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] + detected: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] + detected: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + RISK: Unidirectional Traffic + detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + new: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] + detected: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + new: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] + detected: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + RISK: Unidirectional Traffic + new: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [MIDSTREAM] + new: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] + detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] + new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] + detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] + detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] + detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] + new: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] + new: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] + detected: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + RISK: Unidirectional Traffic + detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + new: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] + detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + detected: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com] + new: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] + detected: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + RISK: Unidirectional Traffic + detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + new: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] + new: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] + new: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] + new: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] + new: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] + new: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] + new: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] + detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] + detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.056| 0.011| 0.020| 413.706| 3.100] + [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500] + [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1] + [IATS(ms)....: 0.0,52.1,52.2,0.0,5.5,0.0,48.2,11.6,0.8,0.1,0.1,0.0,0.3,0.0,0.0,0.0,0.5,56.2,0.0,50.5,3.5,0.1,0.1,53.9,0.0,17.7,0.1,0.1,0.1,0.0,0.1] + [PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.2,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.9,7.8] + analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.066| 0.012| 0.024| 579.055| 2.800] + [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400] + [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0] + [IATS(ms)....: 0.0,54.6,54.7,0.0,4.2,0.1,64.5,0.1,0.0,0.0,0.1,0.0,0.7,0.1,0.1,0.1,61.7,0.0,0.9,65.4,0.1,66.2,0.1,0.5,2.9,0.6,0.1,0.1,0.1,3.9,0.0] + [PKTLENS.....: 52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40] + [ENTROPIES...: 4.5,4.5,5.0,4.7,4.7,5.8,5.8,4.4,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8] + analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.067| 0.012| 0.023| 544.113| 2.900] + [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400] + [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] + [IATS(ms)....: 0.0,53.2,53.3,0.0,4.6,0.1,61.5,0.0,0.3,0.1,57.3,0.0,5.1,0.1,0.3,0.0,0.3,0.1,5.9,0.0,1.4,65.1,0.1,0.1,0.1,66.8,0.0,3.8,0.1,0.8,0.1] + [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,7.5,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8] + analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.096| 0.013| 0.026| 693.255| 2.700] + [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600] + [BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0] + [IATS(ms)....: 0.0,50.7,50.8,0.0,5.7,0.0,60.3,0.1,0.1,0.1,0.0,0.1,0.7,0.0,0.0,0.1,0.3,56.3,0.0,72.3,0.1,0.0,0.1,0.2,0.1,0.1,0.1,0.3,0.0,96.5,0.1] + [PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409] + [ENTROPIES...: 4.5,4.5,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.7,5.8,5.8] + analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.142| 0.016| 0.032| 1046.271| 2.800] + [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500] + [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] + [IATS(ms)....: 0.1,51.9,52.1,0.0,5.2,0.1,60.5,0.9,0.0,0.0,0.1,0.0,0.4,0.1,0.0,0.1,0.2,85.1,142.0,0.0,40.8,2.5,0.1,0.1,0.1,43.6,0.1,0.4,0.1,0.1,0.0] + [PKTLENS.....: 52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] + new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] + detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] + new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] + new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] + detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + RISK: HTTP Susp User-Agent + detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + RISK: HTTP Susp User-Agent + analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.147| 0.015| 0.033| 1100.854| 2.600] + [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300] + [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1] + [IATS(ms)....: 0.1,37.8,38.0,0.1,1.8,0.1,39.0,109.8,0.2,146.8,0.0,0.3,0.1,0.1,0.1,0.5,0.0,0.2,0.1,0.1,0.4,0.0,0.2,36.3,36.5,0.0,0.4,0.1,0.5,0.1,0.1] + [PKTLENS.....: 52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,5.0,4.8,4.8,4.8,5.3,5.2,5.1,4.7,4.7,6.0,5.1,5.2,4.8,4.8,5.8,5.1,4.7,4.7,4.5,4.7,4.7,5.6,5.2] + new: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] + detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] + detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + RISK: Unidirectional Traffic + detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + new: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] + detected: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun][vv.video.qq.com] + new: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] + new: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] + detected: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable][42.120.51.152] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] + detected: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] + detected: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] + detected: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + new: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] + new: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] + detected: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] + detected: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + detected: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] + analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable][42.120.51.152] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.399| 0.070| 0.104| 10878.943| 3.600] + [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100] + [BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0] + [IATS(ms)....: 0.1,76.5,76.6,0.0,1.1,0.0,62.3,0.1,61.8,0.0,298.9,0.1,399.0,66.5,0.2,166.1,0.0,60.3,0.5,0.1,60.8,0.0,117.1,0.0,178.1,0.5,62.0,0.0,102.3,44.3,349.7] + [PKTLENS.....: 52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40] + [ENTROPIES...: 4.6,4.6,5.0,5.0,5.0,5.8,5.8,4.7,5.4,6.1,6.1,6.1,6.1,4.6,5.3,4.7,4.9,4.9,4.7,5.2,4.9,4.9,4.9,5.8,5.8,4.6,5.4,6.1,6.1,4.7,5.7,4.9] + detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.144] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable][183.131.48.144] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] + detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] + detected: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] + detected: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] + detected: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] + detected: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] + detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] + new: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] + new: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [MIDSTREAM] + new: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [MIDSTREAM] + new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] + detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] + new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + detection-update: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] + RISK: Error Code + new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] + new: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] + detected: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] + detected: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] + detected: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] + new: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] + new: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] + new: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] + detected: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sanji-lifebook-] + new: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] + detected: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][gfile] + new: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] + detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] + new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] + detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] + new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] + new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] + detected: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] + detected: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] + detected: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][joanna-pc] + new: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] + detected: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] + detected: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] + new: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] + new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] + detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + new: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] + detected: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] + detected: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] + detected: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] + detected: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] + detected: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900] + new: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] + detected: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] + new: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] + detected: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + new: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] + detected: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] + detected: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] + detected: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] + detected: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + new: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + new: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] + detected: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] + detected: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] + detected: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] + detected: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] + detected: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] + detected: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [MIDSTREAM] + new: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] + detected: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] + detected: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] + detected: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] + detected: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][kevin-pc] + new: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [MIDSTREAM] + detected: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + new: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] + detection-update: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + RISK: Unidirectional Traffic + detection-update: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + detected: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + new: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] + detected: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp] + detection-update: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp] + new: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] + new: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] + detected: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp] + detected: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp] + new: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] + detected: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] + detected: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [MIDSTREAM] + detected: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [TLS][Facebook][Web][Safe] + new: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] + detected: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] + detected: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] + detected: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + new: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] + detected: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + update: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen] + update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad] + update: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + update: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] + update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] + update: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + update: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][jason-pc] + update: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable] + update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c] + update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] + update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + update: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c] + analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 45.001| 1.464| 7.949| 63183326.806| 0.100] + [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400] + [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0] + [IATS(ms)....: 0.0,54.5,54.6,0.0,4.9,0.0,65.5,0.1,0.1,0.4,0.1,0.1,0.2,0.0,0.0,0.0,0.0,61.5,0.0,69.0,0.1,0.1,0.0,0.7,0.1,0.1,0.1,0.5,70.7,0.0,45001.1] + [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41] + [ENTROPIES...: 4.6,4.6,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.9,4.9,4.8] + new: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] + detected: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sc.arrancar.org] + new: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] + detected: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] [NTP][Apple][System][Acceptable] + new: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] + detected: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] + detected: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] + detected: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] + detected: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] + detected: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] + detected: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] + detected: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...127] [ip4][..udp] [...192.168.5.44][59062] -> [....224.0.0.252][.5355] + detected: [...127] [ip4][..udp] [...192.168.5.44][59062] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] + detected: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] + detected: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + update: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] + update: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + update: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] + update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + update: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] + update: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] + update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] + update: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] + update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] + update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] + update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] + update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 19|updates: 38] + new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] + detected: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + new: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [MIDSTREAM] + detected: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + new: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [MIDSTREAM] + detected: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + new: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.mobi] + new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM] + detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] + detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] + RISK: Binary File/Data Transfer (Attempt) + new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] + new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] + idle: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp] + idle: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen] + idle: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + idle: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable][42.120.51.152] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad] + idle: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][isatap] + idle: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [TLS][Facebook][Web][Safe] + idle: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + idle: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + not-detected: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] + idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] + idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + not-detected: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] [Unknown][Unknown][Unrated] + idle: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] + not-detected: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] [Unknown][Unknown][Unrated] + idle: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] + idle: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c] + idle: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc] + idle: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] + not-detected: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] + not-detected: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] + not-detected: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] + idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + idle: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc] + idle: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][isatap] + idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav] + idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] + idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] + idle: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] + idle: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][jason-pc] + idle: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][isatap] + idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + RISK: HTTP Susp User-Agent + idle: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + RISK: HTTP Susp User-Agent + guessed: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + end: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] + end: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + end: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + end: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + end: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + idle: [...127] [ip4][..udp] [...192.168.5.44][59062] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][jason-pc] + idle: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] [NTP][Apple][System][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][jason-pc] + idle: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav] + idle: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][kasper-mac] + idle: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][kevin-pc] + idle: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][joanna-pc] + idle: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable] + idle: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + guessed: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [TLS][Unknown][Web][Safe] + idle: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] + idle: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] + idle: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c] + not-detected: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] [Unknown][Unknown][Unrated] + idle: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] + idle: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] + idle: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + idle: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] + idle: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] + idle: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com] + idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun][vv.video.qq.com] + idle: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][usher-pc] + idle: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][gfile] + idle: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] + idle: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sanji-lifebook-] + idle: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][usher-pc] + idle: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] + idle: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp] + idle: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp] + idle: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] + not-detected: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] [Unknown][Unknown][Unrated] + idle: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] + idle: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc] + idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] + idle: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900] + idle: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] + idle: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] + idle: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sc.arrancar.org] + idle: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] + idle: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] + idle: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] + idle: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] + idle: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] + idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] + idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] + idle: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + idle: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc] + idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c] + guessed: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + end: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] + guessed: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + end: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] + end: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] + RISK: Error Code + idle: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] + idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] + idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] + end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable][183.131.48.144] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + idle: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + idle: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + idle: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + idle: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][isatap] + idle: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] + RISK: Non-Printable/Invalid Chars Detected + idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c] + not-detected: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] [Unknown][Unknown][Unrated] + idle: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] + new: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] + new: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [MIDSTREAM] + detected: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent + detection-update: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + detection-update: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent, Error Code + new: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [MIDSTREAM] + detected: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] + detection-update: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] + RISK: Error Code + new: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200] + [PKTLEN......: 260.000| 21652.000| 4534.200| 5608.100| 31450232.000| 4.200] + [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1] + [IATS(ms)....: 356.2,0.1,308.1,0.1,2.4,3.2,0.1,200.2,0.0,0.1,0.0,0.0,0.0,0.0,0.0,1.6,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,895.3,372.0,0.0,1.3,0.1,1.9,0.0] + [PKTLENS.....: 264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332] + [ENTROPIES...: 5.9,5.7,8.0,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.9,7.9,7.8,7.8,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.8,7.8,7.7,5.8,5.8,8.0,8.0,7.9,7.9,8.0] + new: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [MIDSTREAM] + detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] + new: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] + new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] + [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12] + [DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 380.4,4.6,408.6,215.7,0.5,1.0,1.0,178.5,0.3,0.5,379.6,185.4,1.4,0.7,331.7,5.7,174.2,6.1,0.3,0.9,170.5,0.4,6.0,1.1,0.3,0.7,169.5,0.5,0.6,5.3,0.4] + [PKTLENS.....: 817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492] + [ENTROPIES...: 5.9,7.7,7.8,5.9,7.6,7.9,8.0,8.0,7.9,7.9,7.9,5.9,7.8,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.8,7.8,7.9,7.9,7.9,7.9,7.9,7.9] + new: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [MIDSTREAM] + detected: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable][qzonestyle.gtimg.cn] + new: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [MIDSTREAM] + detected: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Acceptable][pagead2.googlesyndication.com] + new: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [MIDSTREAM] + detected: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] + new: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600] + [PKTLEN......: 337.000| 18772.000| 3143.800| 3724.000| 13867894.000| 4.300] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 223.7,209.6,1.7,0.0,207.2,0.4,1.3,0.7,0.5,0.5,1.2,204.0,0.4,1.4,0.7,0.6,3.5,0.0,0.0,886.9,237.6,0.5,1.0,2.5,0.8,206.7,0.9,0.4,0.9,0.0,0.7] + [PKTLENS.....: 566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316] + [ENTROPIES...: 5.9,7.9,7.8,7.8,8.0,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.9,7.9,7.8,7.9,7.9,5.9,5.8,7.8,8.0,8.0,7.9,7.9,7.9,7.9,8.0,7.9,7.9] + analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000] + [PKTLEN......: 337.000| 18772.000| 3651.900| 4182.900| 17496908.000| 4.300] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1] + [IATS(ms)....: 205.6,2.1,0.0,0.0,0.0,224.8,0.4,0.3,1.4,0.0,193.7,0.4,0.4,1.7,1.3,1.9,226.0,899.7,238.0,0.0,2.4,199.2,0.5,1.0,1.3,0.0,0.0,407.3,371.5,0.0,1.5] + [PKTLENS.....: 566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772] + [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] + new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] + detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] + new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000] + [PKTLEN......: 486.000| 14452.000| 2813.500| 2993.900| 8963654.000| 4.400] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1] + [IATS(ms)....: 188.5,0.0,1.4,179.4,1.4,0.7,0.4,2.4,0.7,270.1,0.1,0.0,0.6,0.0,3892.8,3428.9,186.1,186.3,192.6,209.0,367.2,352.3,5253.8,5339.0,3.6,6045.0,5959.1,0.4,0.5,194.9,189.4] + [PKTLENS.....: 486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083] + [ENTROPIES...: 5.9,7.8,7.9,8.0,7.9,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,8.0,8.0,5.9,6.4,5.9,7.5,5.9,6.2,5.9,6.5,5.8,6.5,6.8,5.8,6.4,7.8,7.9,5.8,6.9] + new: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] + detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + detection-update: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + RISK: Unidirectional Traffic + detection-update: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] + detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] + new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] + detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] + new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + RISK: HTTP Susp User-Agent + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + RISK: Unidirectional Traffic + new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + RISK: Unidirectional Traffic + new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + RISK: Unidirectional Traffic + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] + detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] + new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] + detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + detection-update: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + RISK: Unidirectional Traffic + detection-update: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] + idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] + idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] + idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] + idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Acceptable][pagead2.googlesyndication.com] + idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] + idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] + idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] + RISK: Error Code + idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] + idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] + RISK: Binary File/Data Transfer (Attempt) + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] + idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] + idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] + idle: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + idle: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent, Error Code + idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + idle: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + idle: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/fpc/signal_videocall.pcapng.out b/test/results/flow-info/fpc/signal_videocall.pcapng.out new file mode 100644 index 000000000..626c8440d --- /dev/null +++ b/test/results/flow-info/fpc/signal_videocall.pcapng.out @@ -0,0 +1,33 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] + detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] + detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] + detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 2.449| 0.473| 0.711| 505100.075| 3.700] + [PKTLEN......: 56.000| 132.000| 102.600| 22.300| 496.600| 5.000] + [BINS(c->s)..: 1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1] + [IATS(ms)....: 66.0,95.9,49.2,89.8,52.0,7.9,75.8,92.2,90.8,45.8,45.9,841.8,964.7,88.1,209.4,700.4,8.8,797.8,169.0,140.8,10.0,132.1,62.7,2295.1,2449.2,43.9,201.2,880.5,2304.8,1490.8,147.9] + [PKTLENS.....: 124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124] + [ENTROPIES...: 6.0,5.9,5.7,5.9,5.7,5.9,6.0,5.8,6.0,5.7,5.9,5.7,5.9,5.8,5.9,5.8,5.2,5.8,5.9,5.8,5.7,5.1,5.9,5.9,5.8,5.8,5.9,5.7,5.1,5.8,5.8,6.0] + idle: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/fpc_disabled/teams.pcap.out b/test/results/flow-info/fpc_disabled/teams.pcap.out index 640d86de0..8ae0bdbae 100644 --- a/test/results/flow-info/fpc_disabled/teams.pcap.out +++ b/test/results/flow-info/fpc_disabled/teams.pcap.out @@ -15,11 +15,11 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] @@ -48,8 +48,8 @@ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -91,26 +91,26 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] @@ -140,9 +140,9 @@ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -180,7 +180,7 @@ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] @@ -223,12 +223,12 @@ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -241,7 +241,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] @@ -252,9 +252,9 @@ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,10 +281,10 @@ detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400] [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] @@ -308,12 +308,12 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] @@ -341,13 +341,13 @@ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] @@ -355,25 +355,25 @@ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS @@ -386,28 +386,28 @@ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -419,15 +419,15 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] - detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] @@ -439,12 +439,12 @@ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] - idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -453,9 +453,9 @@ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe] end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] @@ -476,9 +476,9 @@ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] @@ -489,7 +489,7 @@ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] - idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] @@ -506,8 +506,8 @@ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] - idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] - idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] + idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe] idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] RISK: Minor Issues idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] @@ -519,9 +519,9 @@ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] - idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] @@ -532,24 +532,24 @@ RISK: TLS (probably) Not Carrying HTTPS end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS - idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] - idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out index 7276e2c12..7b3376352 100644 --- a/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/flow-info/guess_ip_before_port_enabled/1kxun.pcap.out @@ -133,7 +133,6 @@ [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] @@ -213,6 +212,7 @@ new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] detection-update: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] RISK: Error Code new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] @@ -232,7 +232,6 @@ detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] detected: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -248,6 +247,7 @@ new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] detected: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] @@ -267,7 +267,9 @@ detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] detected: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] @@ -277,6 +279,7 @@ new: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] detected: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] new: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] detected: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] @@ -407,7 +410,6 @@ update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected @@ -441,9 +443,7 @@ idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] - not-detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad] @@ -459,12 +459,8 @@ idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected - not-detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] - not-detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] @@ -489,9 +485,7 @@ idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav] idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] @@ -565,9 +559,7 @@ idle: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] idle: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] idle: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol idle: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] @@ -585,9 +577,7 @@ idle: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] - not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI @@ -658,7 +648,6 @@ detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -709,7 +698,6 @@ [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] @@ -796,7 +784,6 @@ detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] @@ -815,7 +802,6 @@ idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] @@ -828,7 +814,6 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] @@ -852,7 +837,6 @@ idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] RISK: Error Code idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] diff --git a/test/results/flow-info/guessing_disable/webex.pcap.out b/test/results/flow-info/guessing_disable/webex.pcap.out index e7f532558..71c271019 100644 --- a/test/results/flow-info/guessing_disable/webex.pcap.out +++ b/test/results/flow-info/guessing_disable/webex.pcap.out @@ -5,7 +5,7 @@ detected: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.557| 0.113| 0.156| 24421.341| 3.700] @@ -20,7 +20,7 @@ detected: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] new: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] detected: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] @@ -28,9 +28,9 @@ detected: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.455| 0.115| 0.126| 15828.845| 4.100] @@ -173,7 +173,7 @@ detection-update: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable][ssl.google-analytics.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] new: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] detected: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] @@ -243,14 +243,14 @@ detection-update: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] RISK: HTTP Obsolete Server detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] new: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] detected: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] @@ -258,9 +258,9 @@ detected: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] detected: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) @@ -270,7 +270,7 @@ detected: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] detected: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) @@ -322,7 +322,7 @@ end: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) end: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] @@ -344,7 +344,7 @@ end: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher guessed: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] end: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS][Webex][Web][Safe] RISK: Obsolete TLS (v1.1 or older) @@ -364,15 +364,15 @@ end: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] RISK: Obsolete TLS (v1.1 or older) end: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older) + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] [TLS][Webex][Web][Safe] @@ -388,13 +388,13 @@ idle: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable] RISK: TLS (probably) Not Carrying HTTPS idle: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS idle: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] - RISK: TLS (probably) Not Carrying HTTPS + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS end: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] diff --git a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out index 7276e2c12..7b3376352 100644 --- a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out +++ b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out @@ -133,7 +133,6 @@ [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] @@ -213,6 +212,7 @@ new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] detection-update: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] RISK: Error Code new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] @@ -232,7 +232,6 @@ detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] detected: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -248,6 +247,7 @@ new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] detected: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] @@ -267,7 +267,9 @@ detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] detected: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] @@ -277,6 +279,7 @@ new: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] detected: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] new: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] new: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] detected: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] @@ -407,7 +410,6 @@ update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad] update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected @@ -441,9 +443,7 @@ idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] - not-detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad] @@ -459,12 +459,8 @@ idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????] RISK: Non-Printable/Invalid Chars Detected - not-detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] - not-detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] + idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] @@ -489,9 +485,7 @@ idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav] idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook] idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc] idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc] @@ -565,9 +559,7 @@ idle: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] idle: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] idle: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] - RISK: Unsafe Protocol idle: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] - RISK: Unsafe Protocol idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] @@ -585,9 +577,7 @@ idle: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] - not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] - RISK: Susp Entropy - idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable] idle: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI @@ -658,7 +648,6 @@ detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -709,7 +698,6 @@ [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] @@ -796,7 +784,6 @@ detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] @@ -815,7 +802,6 @@ idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] - RISK: Susp Entropy idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] @@ -828,7 +814,6 @@ idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] - RISK: Susp Entropy idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] @@ -852,7 +837,6 @@ idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] RISK: Error Code idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] - RISK: Susp Entropy idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] RISK: Binary File/Data Transfer (Attempt) idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] diff --git a/test/results/flow-info/monitoring/signal_audiocall.pcapng.out b/test/results/flow-info/monitoring/signal_audiocall.pcapng.out new file mode 100644 index 000000000..6008c8d4b --- /dev/null +++ b/test/results/flow-info/monitoring/signal_audiocall.pcapng.out @@ -0,0 +1,50 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] + detected: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] + detected: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + new: [.....3] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][12261] + detected: [.....3] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][12261] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] + detected: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.009| 0.193| 0.329| 108144.574| 3.400] + [PKTLEN......: 48.000| 168.000| 115.100| 39.100| 1531.700| 4.900] + [BINS(c->s)..: 6,0,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,4,6,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,0,0,1,1,1] + [IATS(ms)....: 1.7,3.7,1.2,10.3,10.2,26.7,26.6,250.2,250.3,501.2,501.1,1004.0,1009.3,956.1,950.7,3.8,9.0,1.1,5.3,38.9,115.9,0.0,84.9,11.6,28.8,13.0,35.9,1.2,42.5,17.7,63.5] + [PKTLENS.....: 48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136] + [ENTROPIES...: 5.1,4.9,5.5,5.7,5.8,5.7,4.9,5.7,4.9,5.7,4.9,5.6,4.9,5.7,5.8,5.9,6.1,5.8,5.9,5.7,6.0,6.2,6.0,5.8,5.9,6.1,5.8,5.9,5.9,5.9,6.0,5.9] + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 2.229| 0.465| 0.655| 429159.809| 3.800] + [PKTLEN......: 56.000| 132.000| 101.400| 22.200| 491.600| 5.000] + [BINS(c->s)..: 2,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,1,7,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1] + [IATS(ms)....: 49.2,63.8,48.7,39.3,9.0,8.0,43.1,50.0,8.0,41.1,51.3,943.4,1038.3,262.2,355.0,260.4,75.7,606.2,10.9,31.2,394.5,279.9,364.3,2145.8,28.8,2221.2,290.3,345.1,931.1,1204.6,2229.2] + [PKTLENS.....: 124,124,92,132,124,92,92,124,92,92,124,92,132,92,124,92,56,84,84,56,124,92,124,92,124,56,92,124,92,84,124,92] + [ENTROPIES...: 6.0,5.9,5.9,5.8,6.0,5.8,5.8,5.9,5.8,5.9,5.9,5.8,5.7,5.8,5.9,5.7,5.2,5.9,5.7,5.2,5.8,5.9,5.9,5.8,5.9,5.2,5.8,6.0,5.7,5.8,5.9,5.8] + idle: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....3] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][12261] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/signal_videocall.pcapng.out b/test/results/flow-info/monitoring/signal_videocall.pcapng.out new file mode 100644 index 000000000..626c8440d --- /dev/null +++ b/test/results/flow-info/monitoring/signal_videocall.pcapng.out @@ -0,0 +1,33 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] + detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] + detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] + detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 2.449| 0.473| 0.711| 505100.075| 3.700] + [PKTLEN......: 56.000| 132.000| 102.600| 22.300| 496.600| 5.000] + [BINS(c->s)..: 1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1] + [IATS(ms)....: 66.0,95.9,49.2,89.8,52.0,7.9,75.8,92.2,90.8,45.8,45.9,841.8,964.7,88.1,209.4,700.4,8.8,797.8,169.0,140.8,10.0,132.1,62.7,2295.1,2449.2,43.9,201.2,880.5,2304.8,1490.8,147.9] + [PKTLENS.....: 124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124] + [ENTROPIES...: 6.0,5.9,5.7,5.9,5.7,5.9,6.0,5.8,6.0,5.7,5.9,5.7,5.9,5.8,5.9,5.8,5.2,5.8,5.9,5.8,5.7,5.1,5.9,5.9,5.8,5.8,5.9,5.7,5.1,5.8,5.8,6.0] + idle: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/flow-info/monitoring/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..28d14060e --- /dev/null +++ b/test/results/flow-info/monitoring/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,23 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] + detected: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.RTP][GoogleCloud][Media][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.071| 0.337| 0.396| 156437.676| 3.900] + [PKTLEN......: 56.000| 128.000| 92.700| 28.200| 793.400| 4.900] + [BINS(c->s)..: 1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1] + [IATS(ms)....: 32.9,48.8,0.3,44.5,50.5,44.1,223.8,0.4,25.3,800.7,1030.9,20.6,201.5,0.7,800.8,981.7,21.3,210.6,0.8,118.5,13.4,1043.7,879.5,0.9,1071.1,1007.2,0.7,274.5,390.9,400.1,691.0] + [PKTLENS.....: 128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74] + [ENTROPIES...: 5.6,5.7,5.1,5.7,5.7,5.8,5.8,5.8,5.2,5.0,5.8,5.4,5.8,5.7,5.1,5.6,5.4,5.7,5.8,5.1,5.8,5.2,5.4,5.7,5.2,5.4,5.9,5.2,5.6,5.8,5.0,5.4] + idle: [.....1] [ip4][..udp] [..192.168.1.117][59446] -> [...35.207.67.68][10000] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/stun.pcap.out b/test/results/flow-info/monitoring/stun.pcap.out index 97ff187c5..9db02bdbf 100644 --- a/test/results/flow-info/monitoring/stun.pcap.out +++ b/test/results/flow-info/monitoring/stun.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] - detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] @@ -14,7 +14,7 @@ new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy - end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable] DAEMON-EVENT: [Processed: 24 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] @@ -89,11 +89,11 @@ idle: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable] DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 3] - new: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] - detected: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] - detection-update: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] + detected: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][] RISK: Unidirectional Traffic idle: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe] - idle: [.....9] [ip6][..udp] [..............2600:1900:4160:5999::19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable] + idle: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/teams.pcap.out b/test/results/flow-info/monitoring/teams.pcap.out index 640d86de0..8ae0bdbae 100644 --- a/test/results/flow-info/monitoring/teams.pcap.out +++ b/test/results/flow-info/monitoring/teams.pcap.out @@ -15,11 +15,11 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] @@ -48,8 +48,8 @@ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -91,26 +91,26 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] @@ -140,9 +140,9 @@ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -180,7 +180,7 @@ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] @@ -223,12 +223,12 @@ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -241,7 +241,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] @@ -252,9 +252,9 @@ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,10 +281,10 @@ detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400] [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] @@ -308,12 +308,12 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] @@ -341,13 +341,13 @@ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] @@ -355,25 +355,25 @@ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS @@ -386,28 +386,28 @@ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -419,15 +419,15 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] - detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] @@ -439,12 +439,12 @@ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] - idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -453,9 +453,9 @@ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe] end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] @@ -476,9 +476,9 @@ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] @@ -489,7 +489,7 @@ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] - idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] @@ -506,8 +506,8 @@ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] - idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] - idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] + idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe] idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] RISK: Minor Issues idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] @@ -519,9 +519,9 @@ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] - idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] @@ -532,24 +532,24 @@ RISK: TLS (probably) Not Carrying HTTPS end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS - idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] - idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out index 3440b2b77..a5d33e1d4 100644 --- a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out +++ b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out @@ -198,7 +198,7 @@ idle: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] idle: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable] RISK: Susp Entropy diff --git a/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..3d5f85e4e --- /dev/null +++ b/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out @@ -0,0 +1,63 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] + detected: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] + detected: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] + detected: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] + detected: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] + detected: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] + detected: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] + detected: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [Telegram][Telegram][Chat][Acceptable] + detection-update: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + detection-update: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + detection-update: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + analyse: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.633| 0.087| 0.150| 22365.106| 3.700] + [PKTLEN......: 56.000| 680.000| 146.800| 107.000| 11452.500| 4.800] + [BINS(c->s)..: 1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1] + [IATS(ms)....: 24.4,29.5,32.3,633.2,629.0,42.4,122.6,119.6,0.6,39.8,5.4,31.6,39.5,41.7,145.5,160.6,48.0,92.4,8.6,65.3,0.3,0.7,20.9,96.3,0.0,115.5,8.2,23.5,57.9,62.0,6.6] + [PKTLENS.....: 56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89] + [ENTROPIES...: 4.9,5.7,5.7,5.8,5.8,5.9,5.7,6.0,5.6,6.6,5.9,5.5,5.8,5.3,5.7,5.4,5.8,5.4,5.8,5.9,5.2,5.5,6.8,5.7,5.9,5.5,5.4,6.5,6.8,6.5,7.2,5.9] + analyse: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.699| 0.109| 0.168| 28175.655| 3.800] + [PKTLEN......: 68.000| 624.000| 160.000| 120.100| 14426.000| 4.700] + [BINS(c->s)..: 0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0] + [IATS(ms)....: 24.1,514.6,513.6,39.7,23.0,13.8,37.2,83.7,46.8,52.5,0.0,53.8,48.2,41.9,1.1,8.1,49.4,47.9,10.1,16.1,39.4,38.9,30.0,122.7,10.1,52.8,64.0,152.2,227.3,304.3,699.0] + [PKTLENS.....: 68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148] + [ENTROPIES...: 4.6,4.7,4.6,4.7,5.7,5.8,6.0,5.7,6.1,5.7,5.8,6.1,6.1,5.8,6.0,5.7,6.0,5.8,5.8,6.0,5.2,6.1,6.2,6.8,7.5,6.1,5.8,6.4,6.1,5.7,6.2,5.7] + idle: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/monitoring/telegram_voice.pcapng.out b/test/results/flow-info/monitoring/telegram_voice.pcapng.out new file mode 100644 index 000000000..d5d9c9051 --- /dev/null +++ b/test/results/flow-info/monitoring/telegram_voice.pcapng.out @@ -0,0 +1,75 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] + detected: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] + detected: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com] + detection-update: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com] + new: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] + detected: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] + detected: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] + detected: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] + detected: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] + detected: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] [Telegram][Telegram][Chat][Acceptable] + new: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] + detected: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [Telegram][Telegram][Chat][Acceptable] + detection-update: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][] + analyse: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.245| 0.055| 0.061| 3776.523| 4.100] + [PKTLEN......: 68.000| 668.000| 179.500| 151.200| 22848.800| 4.600] + [BINS(c->s)..: 0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 25.1,216.7,245.3,4.5,49.1,101.1,2.1,47.9,0.7,0.2,48.0,0.0,48.7,63.2,0.0,67.9,33.7,30.9,5.6,35.6,42.6,0.0,106.6,90.5,4.9,3.1,92.1,131.9,148.1,20.8,29.2] + [PKTLENS.....: 68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92] + [ENTROPIES...: 4.6,4.7,5.8,6.1,5.7,5.7,6.0,5.7,5.2,6.0,5.6,6.0,5.8,6.1,6.5,6.1,6.8,5.8,6.0,4.6,4.7,7.4,5.9,6.4,5.5,5.8,6.8,5.7,5.8,5.7,6.9,5.7] + analyse: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.364| 0.062| 0.086| 7379.713| 4.000] + [PKTLEN......: 56.000| 237.000| 136.900| 39.800| 1586.600| 4.900] + [BINS(c->s)..: 1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 28.3,34.1,35.5,364.5,0.6,362.7,49.5,68.7,48.4,51.1,2.9,56.0,29.1,0.3,48.7,1.9,20.8,10.4,79.4,92.3,1.6,0.8,131.5,118.8,44.2,69.5,51.9,13.8,47.9,1.9,51.2] + [PKTLENS.....: 56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82] + [ENTROPIES...: 5.0,5.7,5.7,5.9,5.7,5.7,5.8,5.6,5.9,5.7,6.0,5.8,5.8,5.7,6.0,6.0,5.8,5.8,5.9,5.9,5.7,5.5,6.9,5.4,6.7,6.6,6.7,6.7,5.5,6.9,5.7,5.9] + detection-update: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + new: [....10] [ip4][.icmp] [..192.168.12.67] -> [....91.108.9.34] + detected: [....10] [ip4][.icmp] [..192.168.12.67] -> [....91.108.9.34] [ICMP][Telegram][Network][Acceptable] + RISK: Susp Entropy + idle: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [....10] [ip4][.icmp] [..192.168.12.67] -> [....91.108.9.34] [ICMP][Telegram][Network][Acceptable] + RISK: Susp Entropy + idle: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + idle: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] [Telegram][Telegram][Chat][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..d7b5b1307 --- /dev/null +++ b/test/results/flow-info/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -0,0 +1,38 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.12.156][37976] -> [..185.128.25.99][..465] + analyse: [.....1] [ip4][..tcp] [.192.168.12.156][37976] -> [..185.128.25.99][..465] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.020| 0.080| 0.242| 58469.183| 2.300] + [PKTLEN......: 52.000| 1500.000| 308.700| 431.500| 186180.000| 4.000] + [BINS(c->s)..: 7,0,1,3,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,4,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1] + [IATS(ms)....: 20.0,22.1,6.2,28.1,0.0,21.2,1.0,26.3,0.0,0.0,0.0,28.0,0.1,0.2,23.6,57.5,41.8,4.8,15.8,16.4,4.9,7.9,24.7,0.5,24.0,23.3,24.7,66.8,1019.8,977.6,0.7] + [PKTLENS.....: 60,60,52,140,52,152,52,429,148,1500,1500,1500,52,52,152,164,52,52,376,873,52,52,801,52,310,172,395,176,52,199,52,148] + [ENTROPIES...: 4.7,5.2,5.1,6.5,5.1,6.6,5.1,7.3,6.6,7.9,7.9,7.9,5.0,5.1,6.5,6.7,5.1,5.1,7.3,7.8,5.1,5.1,7.7,5.2,7.3,6.7,7.5,6.5,5.1,6.9,5.1,6.5] + guessed: [.....1] [ip4][..tcp] [.192.168.12.156][37976] -> [..185.128.25.99][..465] [SMTPS][NordVPN][Email][Safe] + RISK: Fully Encrypted Flow + new: [.....2] [ip4][..udp] [.192.168.12.156][47128] -> [149.102.238.108][.1214] + DAEMON-EVENT: [Processed: 90 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [.107.161.86.131][..443] -> [.192.168.12.156][48072] + analyse: [.....3] [ip4][..tcp] [.107.161.86.131][..443] -> [.192.168.12.156][48072] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.303| 0.045| 0.076| 5806.697| 3.500] + [PKTLEN......: 52.000| 152.000| 67.300| 23.700| 562.800| 4.900] + [BINS(c->s)..: 9,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 19,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0] + [IATS(ms)....: 102.1,4.8,6.5,5.5,5.4,5.3,5.7,5.4,5.2,5.6,5.1,255.6,100.3,15.6,143.0,32.7,143.0,0.0,303.0,27.7,1.3,5.4,5.4,5.7,6.7,5.0,142.9,27.8,1.2,5.5,5.5] + [PKTLENS.....: 60,52,61,61,61,61,61,61,61,61,61,59,64,88,58,80,80,52,152,98,52,59,59,59,59,59,59,52,148,52,52,52] + [ENTROPIES...: 5.3,5.2,5.4,5.5,5.4,5.4,5.5,5.4,5.5,5.4,5.2,5.1,5.2,5.9,5.3,5.2,5.1,5.2,6.3,5.7,5.2,5.3,5.3,5.4,5.3,5.4,5.3,5.2,6.4,5.1,5.2,5.3] + guessed: [.....3] [ip4][..tcp] [.107.161.86.131][..443] -> [.192.168.12.156][48072] [TLS][Unknown][Web][Safe] + idle: [.....3] [ip4][..tcp] [.107.161.86.131][..443] -> [.192.168.12.156][48072] [TLS][Unknown][Web][Safe] + idle: [.....1] [ip4][..tcp] [.192.168.12.156][37976] -> [..185.128.25.99][..465] [SMTPS][NordVPN][Email][Safe] + RISK: Fully Encrypted Flow + guessed: [.....2] [ip4][..udp] [.192.168.12.156][47128] -> [149.102.238.108][.1214] [NordVPN][NordVPN][VPN][Acceptable] + RISK: Susp Entropy + idle: [.....2] [ip4][..udp] [.192.168.12.156][47128] -> [149.102.238.108][.1214] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out new file mode 100644 index 000000000..626c8440d --- /dev/null +++ b/test/results/flow-info/ndpireader_conf_file/signal_videocall.pcapng.out @@ -0,0 +1,33 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] + detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][] + new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] + detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] + detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.008| 2.449| 0.473| 0.711| 505100.075| 3.700] + [PKTLEN......: 56.000| 132.000| 102.600| 22.300| 496.600| 5.000] + [BINS(c->s)..: 1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1] + [IATS(ms)....: 66.0,95.9,49.2,89.8,52.0,7.9,75.8,92.2,90.8,45.8,45.9,841.8,964.7,88.1,209.4,700.4,8.8,797.8,169.0,140.8,10.0,132.1,62.7,2295.1,2449.2,43.9,201.2,880.5,2304.8,1490.8,147.9] + [PKTLENS.....: 124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124] + [ENTROPIES...: 6.0,5.9,5.7,5.9,5.7,5.9,6.0,5.8,6.0,5.7,5.9,5.7,5.9,5.8,5.9,5.8,5.2,5.8,5.9,5.8,5.7,5.1,5.9,5.9,5.8,5.8,5.9,5.7,5.1,5.8,5.8,6.0] + idle: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + idle: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..1f6d126c4 --- /dev/null +++ b/test/results/flow-info/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -0,0 +1,18 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] + detected: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN][GoogleCloud][Network][Acceptable][] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + analyse: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.287| 0.030| 0.068| 4621.743| 3.100] + [PKTLEN......: 40.000| 288.000| 111.600| 62.100| 3852.600| 4.800] + [BINS(c->s)..: 6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0] + [IATS(ms)....: 5.1,5.2,1.3,6.5,7.4,14.7,7.0,5.3,0.2,0.2,0.2,0.2,5.4,2.6,0.0,6.6,276.6,286.8,49.6,44.8,3.7,9.3,19.8,40.1,25.2,48.6,51.2,0.0,2.7,9.9,0.4] + [PKTLENS.....: 52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140] + [ENTROPIES...: 4.7,4.9,4.8,5.2,4.4,5.8,5.9,5.8,4.6,5.7,5.8,5.9,5.9,5.7,5.8,6.1,4.8,6.1,4.8,6.1,4.7,6.4,5.9,4.8,6.0,4.8,6.1,5.9,4.8,5.9,4.8,5.9] + idle: [.....1] [ip4][..tcp] [..192.168.1.117][51296] -> [.35.219.252.146][...80] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/stun_all_attributes_disabled/teams.pcap.out b/test/results/flow-info/stun_all_attributes_disabled/teams.pcap.out index 640d86de0..8ae0bdbae 100644 --- a/test/results/flow-info/stun_all_attributes_disabled/teams.pcap.out +++ b/test/results/flow-info/stun_all_attributes_disabled/teams.pcap.out @@ -15,11 +15,11 @@ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] @@ -48,8 +48,8 @@ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -91,26 +91,26 @@ ERROR-EVENT: Unknown packet type [14/16] ERROR-EVENT: Unknown packet type [15/16] new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] @@ -140,9 +140,9 @@ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -180,7 +180,7 @@ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] @@ -223,12 +223,12 @@ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -241,7 +241,7 @@ RISK: TLS (probably) Not Carrying HTTPS detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] @@ -252,9 +252,9 @@ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,10 +281,10 @@ detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400] [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] @@ -308,12 +308,12 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] @@ -341,13 +341,13 @@ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] @@ -355,25 +355,25 @@ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS @@ -386,28 +386,28 @@ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] min| max| avg| stddev| variance| entropy @@ -419,15 +419,15 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] - detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] @@ -439,12 +439,12 @@ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] - idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] - idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] - idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe] RISK: TLS (probably) Not Carrying HTTPS end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -453,9 +453,9 @@ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] RISK: TLS (probably) Not Carrying HTTPS idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com] idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] - idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe] end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] @@ -476,9 +476,9 @@ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] @@ -489,7 +489,7 @@ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] - idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com] idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] @@ -506,8 +506,8 @@ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] - idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] - idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com] + idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe] idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] RISK: Minor Issues idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] @@ -519,9 +519,9 @@ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] - idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] @@ -532,24 +532,24 @@ RISK: TLS (probably) Not Carrying HTTPS end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS - idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] - idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] - idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_TeamsCall][Azure][VoIP][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [TeamsCall][Azure][VoIP][Acceptable] RISK: Susp Entropy idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] - idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index 3440b2b77..a5d33e1d4 100644 --- a/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -198,7 +198,7 @@ idle: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] guessed: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] idle: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable] RISK: Susp Entropy diff --git a/test/results/flow-info/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/flow-info/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out index 0d9a48192..a512ee6f2 100644 --- a/test/results/flow-info/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/flow-info/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out @@ -7,12 +7,12 @@ detected: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com] detection-update: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com] new: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] - detected: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP][Unknown][Web][Acceptable][127.0.0.1] + detected: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI new: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] detected: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] detection-update: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] - analyse: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP][Unknown][Web][Acceptable][127.0.0.1] + analyse: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.082| 0.011| 0.023| 506.460| 2.800] [PKTLEN......: 52.000| 2104.000| 665.100| 842.700| 710078.000| 3.900] @@ -32,7 +32,7 @@ [IATS(ms)....: 0.1,0.1,0.1,0.1,0.4,0.4,4.5,4.7,44.0,9.4,77.6,24.3,0.3,0.3,4.2,0.3,0.0,0.0,0.0,4.6,3.4,3.7,0.6,41.3,82.0,41.2,0.1,0.2,0.2,0.2,0.1] [PKTLENS.....: 60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901] [ENTROPIES...: 4.3,4.7,4.6,4.5,4.6,4.6,4.6,4.7,4.5,4.6,4.7,7.9,4.7,7.9,4.6,6.2,5.9,5.8,5.7,6.1,4.7,7.7,5.5,5.5,4.7,8.0,4.6,8.0,4.6,7.9,4.6,7.8] - idle: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP][Unknown][Web][Acceptable][127.0.0.1] + idle: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com] idle: [.....1] [ip4][..tcp] [......127.0.0.1][44532] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable] diff --git a/test/results/flow-info/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-info/tls_ja3c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index eebfcfd74..000000000 --- a/test/results/flow-info/tls_ja3c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,19 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] - [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] - [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] - [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] - [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] - [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-info/tls_ja3s_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index eebfcfd74..000000000 --- a/test/results/flow-info/tls_ja3s_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,19 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] - [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] - [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] - [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] - [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] - [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/flow-info/tls_ja4c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index eebfcfd74..000000000 --- a/test/results/flow-info/tls_ja4c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,19 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] - [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] - [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] - [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] - [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] - [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out b/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out index aba617d7c..e406925af 100644 --- a/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/flow-info/zoom_extra_dissection/zoom.pcap.out @@ -7,9 +7,9 @@ new: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] detected: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_spotify-connect._tcp.local] new: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] - detected: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detected: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type [1/16] new: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [MIDSTREAM] @@ -219,9 +219,9 @@ idle: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Unknown][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS guessed: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [TLS][AmazonAWS][Web][Safe] - RISK: TCP Connection Issues + RISK: TCP Connection Issues, Probing Attempt end: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] - end: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + end: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS end: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow_risk_lists_disable/protonvpn.pcap.out index ad0f502ca..28a8e948a 100644 --- a/test/results/flow_risk_lists_disable/protonvpn.pcap.out +++ b/test/results/flow_risk_lists_disable/protonvpn.pcap.out @@ -1,13 +1,13 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":34930679,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34930679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":34930679,"pkt":"UlQAEjUCCAAns+YuCABFAAA8D8BAAEAGxbkKAAIPuZ+flJOyAbvBn1OFAAAAAKAC+vAjGgAAAgQFtAQCCAq0w2VcAAAAAAEDAwc="} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":34952976,"pkt":"CAAns+YuUlQAEjUCCABFAAAsACQAAEAGFWa5n5+UCgACDwG7k7IAC7gBwZ9ThmAS\/\/\/QMwAAAgQFtA=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":34953293,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":34953293,"pkt":"UlQAEjUCCAAns+YuCABFAAAoD8FAAEAGxcwKAAIPuZ+flJOyAbvBn1OGAAu4AlAQ+vDs\/wAAAAAAAAAA"} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":34954359,"pkt":"UlQAEjUCCAAns+YuCABFAADeD8JAAEAGxRUKAAIPuZ+flJOyAbvBn1OGAAu4AlAY+vCpEwAAFgMBALEBAACtAwN9l3wt5B01QIFRM8RNwrPTEHye7EdIkYl0bFSfzfNN6QAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGz\/AQABAAAAABYAFAAAEXZwbi1hcGkucHJvdG9uLm1lABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34954359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34954359,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34954468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":34954468,"pkt":"CAAns+YuUlQAEjUCCABFAAAoACUAAEAGFWm5n5+UCgACDwG7k7IAC7gCwZ9UPFAQ\/\/\/nOgAA"} -01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34976282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":34976282,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} -01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":34930679,"flow_src_last_pkt_time":34976622,"flow_dst_last_pkt_time":34980000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":5495,"midstream":0,"thread_ts_usec":34980000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","server_names":"*.pr.tn,*.proton.me,*.storage.proton.me,pr.tn,proton.me","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=R3","subjectDN":"CN=proton.me","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AC:31:4E:05:15:6C:29:0B:D7:4F:31:3D:DE:CA:0F:C8:FF:E9:C6:4D","blocks":0}}} +01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":34930679,"flow_src_last_pkt_time":34954359,"flow_dst_last_pkt_time":34976282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":34976282,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}} +01585{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":34930679,"flow_src_last_pkt_time":34976622,"flow_dst_last_pkt_time":34980000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":5495,"midstream":0,"thread_ts_usec":34980000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"vpn-api.proton.me","domainame":"vpn-api.proton.me","tls": {"version":"TLSv1.2","server_names":"*.pr.tn,*.proton.me,*.storage.proton.me,pr.tn,proton.me","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=R3","subjectDN":"CN=proton.me","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AC:31:4E:05:15:6C:29:0B:D7:4F:31:3D:DE:CA:0F:C8:FF:E9:C6:4D","blocks":0}}} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":50897445,"flow_src_last_pkt_time":50897445,"flow_dst_last_pkt_time":50897445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":50897445,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":50897445,"flow_dst_last_pkt_time":50897445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":50897445,"pkt":"UlQAEjUCCAAns+YuCABFAACwggJAAEARz8gKAAIP2RcDTOFlAbsAnDPzAQAAAJBDFkxxQ+W6EOeDrsFmV59cj6HNKPBVRgi4GprZiC5m8UZ6Iq+WTWs4Uki2GBpJ1FQLblGrXMpQlYNmPC8j4UNvqi+zo8bJVELCOKbzsH+GppmpvbrCk16DfPPSG+c6vFFgF1DQRaCzOZteKYZkLN6M7DJbWzTn8pp6q3r7y0s4AAAAAAAAAAAAAAAAAAAAAA=="} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":50897445,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":50921032,"pkt":"CAAns+YuUlQAEjUCCABFAAB4Aj4AAEARj8XZFwNMCgACDwG74WUAZOBaAgAAAFqA0k6QQxZMJ9RXnE+Y5cqOJ7ViEm8fIe3zOE9hMTUEIE3pvJRNCgngw86WWgQPM+GHW682pdEs\/jXe5jKkpRp6aY27MOujigAAAAAAAAAAAAAAAAAAAAA="} @@ -15,14 +15,14 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":50921855,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":50921855,"pkt":"UlQAEjUCCAAns+YuCABFAAA8ggNAAEAR0DsKAAIP2RcDTOFlAbsAKDHlBAAAAFqA0k4AAAAAAAAAALO1qui1E3gr64yba6DzHY0="} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":50923026,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50923026,"pkt":"UlQAEjUCCAAns+YuCABFAACMggRAAEARz+oKAAIP2RcDTOFlAbsAeC0gBAAAAFqA0k4BAAAAAAAAAF4\/Rs\/bZ5rJgjR49A7fwbBmyr\/63WBJDwuVnzl4A4pXfnPOZYLKRVrAFPmUTxZtFFUY\/ygw5snpyOqRAP6xav5VAHNARAiOiRt60FdTFozGozRICRBukHLcFDs4iULCdA=="} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":50926430,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50926430,"pkt":"UlQAEjUCCAAns+YuCABFAACMggdAAEARz+cKAAIP2RcDTOFlAbsAeBOmBAAAAFqA0k4CAAAAAAAAAD+yacW+Jee9sR0ypoOh8MaQ9gxbsztxJ2kZqazGAeL5NW1pKQLnHbPaHw3gPyLDD2rfIVvAXcZtIMwiZTZxrxOlD0VgEqedFRP3HFFojGTkub8sZpeXm7iOxsEEbnhzOQ=="} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":40,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690392292895682,"pkt":"ILAB6wYYNObX3kTiCABFAAA8lQ9AAEAGoh8COvFDCAgICJNOAbuMC89NAAAAAKAC+vAL\/QAAAgQFtAQCCApqQ+LfAAAAAAEDAwc="} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":34930679,"flow_src_last_pkt_time":35025668,"flow_dst_last_pkt_time":35025741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":5847,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":50897445,"flow_src_last_pkt_time":50986726,"flow_dst_last_pkt_time":50986365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":604,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":41,"packets-processed":41,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -31,10 +31,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4694850 bytes -~~ total memory freed........: 4694850 bytes -~~ total allocations/frees...: 68759/68759 +~~ total memory allocated....: 5065534 bytes +~~ total memory freed........: 5065534 bytes +~~ total allocations/frees...: 76329/76329 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 526 chars -~~ json message max len.......: 1631 chars -~~ json message avg len.......: 1077 chars +~~ json message max len.......: 1590 chars +~~ json message avg len.......: 1057 chars diff --git a/test/results/fpc/1kxun.pcap.out b/test/results/fpc/1kxun.pcap.out new file mode 100644 index 000000000..a8a471428 --- /dev/null +++ b/test/results/fpc/1kxun.pcap.out @@ -0,0 +1,1318 @@ +00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00827{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} +00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1470104373127416,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373127416,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OosAAAER2FvAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232309,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104373232309,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMBcAAAER01nAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104373232309,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232309,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232452,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104373232452,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOowAAAERyPHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104373232452,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373232452,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373741279,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104373741279,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"} +00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104373741279,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373741279,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","dhcp": {"fingerprint":"","class_ident":""}}} +00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104375419022,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104375419022,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1470104375419022,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104375419022,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017777,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104376017777,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104376017777,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017777,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017883,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104376017883,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfhwAAAERhWTAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104376017883,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376017883,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1470104376203389,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104376203389,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMIoAAAER0ubAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1470104376301439,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104376301439,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOpEAAAERyOzAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376301823,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104376301823,"pkt":"\/\/\/\/\/\/\/\/cD6s8PAHCABFAAFIDscAAP8Rq94AAAAA\/\/\/\/\/wBEAEMBNJGnAQEGAAYPv1sAAAAAAAAAAAAAAAAAAAAAAAAAAHA+rPDwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAXA+rPDwBzIEwKgD7TMEAHanAAwEU2hlbv8AAAAAAAAAAAAAAAAAAAAA"} +01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104376301823,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376301823,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen","domainame":"shen","dhcp": {"fingerprint":"1,121,3,6,15,119,252","class_ident":""}}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104376816620,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376816620,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1470104376816620,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104376816620,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiWgLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAAA="} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104376816620,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104376816620,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377223309,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104377223309,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNGjoAgEGAOGY7R0AAIAAwKgDVsCoA1bAqHcBAAAAAMjTo5OjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634231,"flow_src_last_pkt_time":1470104377634231,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634231,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377634231,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104377634231,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634231,"flow_src_last_pkt_time":1470104377634231,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634231,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104377634537,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634537,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377634537,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377634537,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRcAAAER5c7AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104377634537,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634537,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634699,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104377634699,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLQAAAQRv8LAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104377634699,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377634699,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377720702,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377720702,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377720702,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377720702,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377720702,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377720702,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377720761,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377720761,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} +00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734137,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1470104377734137,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} +01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734137,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734137,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1470104377734181,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} +01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377734137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377734181,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1470104377753112,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="} +01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1470104377753112,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["106.185.35.110,ttl=299","106.185.35.112,ttl=299"]}}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104377754759,"flow_dst_last_pkt_time":1470104377754759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377754759,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377754759,"flow_dst_last_pkt_time":1470104377754759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377754759,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377754800,"flow_dst_last_pkt_time":1470104377754759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377754800,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377754800,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104377810946,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1470104377811088,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104377811088,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcVAAIAG5zLAqHMIarkjbsG9AFA9WFFhc+savVAQAQQNiQAA"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1470104377811114,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104377811114,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcVAAIAG5zLAqHMIarkjbsG9AFA9WFFhc+savVAQAQQNiQAA"} +01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104377818917,"flow_dst_last_pkt_time":1470104377810946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377818917,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377820966,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377820966,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1470104377820998,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377839257,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104377839257,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377839581,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104377839581,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} +00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104377901018,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} +01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901018,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901018,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104377901065,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} +01209{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":36,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104377901018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104377901065,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378005826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104378005826,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378005826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104378005826,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104378007003,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378021294,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378021294,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104378021294,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378021294,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad","domainame":"wpad"}} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378021336,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378021336,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378045036,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104378045036,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378045058,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104378045747,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxQAAAER6ZvAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} +01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104378045830,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378454680,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104378454823,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxYAAAER6ZnAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104378557102,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378557102,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378557102,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104378557102,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUjM\/\/+SXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="} +00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378657181,"flow_src_last_pkt_time":1470104378657181,"flow_dst_last_pkt_time":1470104378657181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378657181,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378657181,"flow_dst_last_pkt_time":1470104378657181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_usec":1470104378657181,"pkt":"MzMAAAABwKC7c+tHht1gAAAAAVERgCABsDACFAEAwqC7\/\/5z60f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRTur\/D5JdoADAoLtz60cgAbAwAhQBAMKgu\/\/+c+tHAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz60dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjUAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCofR7\/\/wAAUG9ydCAxMAAgAbAwAhQBAMKgu\/\/+c+tHQA=="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1470104378770974,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378770974,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1470104378771017,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104378771017,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104378901305,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901305,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1470104378901349,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} +01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378901305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378901349,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1470104378905035,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"} +01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104378905035,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["222.73.254.167,ttl=563","222.73.254.113,ttl=563"]}}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104378906497,"flow_dst_last_pkt_time":1470104378906497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378906497,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378906497,"flow_dst_last_pkt_time":1470104378906497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378906497,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378906535,"flow_dst_last_pkt_time":1470104378906497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378906535,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1470104378954523,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"} +01135{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104378954523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["222.73.254.113,ttl=599","222.73.254.167,ttl=599"]}}} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378967066,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104378967066,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378967195,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104378967195,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1470104378906535,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378970623,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1470104378970825,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104378970825,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdBAAIAGmF3AqHMI3kn+p8G+AFDrM0BwhweMfFAQAQSc9wAA"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1470104378970860,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104378970860,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdBAAIAGmF3AqHMI3kn+p8G+AFDrM0BwhweMfFAQAQSc9wAA"} +01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104378975363,"flow_dst_last_pkt_time":1470104378970623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378975363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066410,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1470104379066410,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066410,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066410,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1470104379066467,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} +01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379066410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379066467,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1470104379115963,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="} +01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1470104379115963,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["106.187.35.246,ttl=599","128.199.186.232,ttl=599","128.199.111.169,ttl=599","106.186.19.58,ttl=599"]}}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104379117273,"flow_dst_last_pkt_time":1470104379117273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379117273,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379117273,"flow_dst_last_pkt_time":1470104379117273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379117273,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379117309,"flow_dst_last_pkt_time":1470104379117273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379117309,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379117772,"flow_src_last_pkt_time":1470104379117772,"flow_dst_last_pkt_time":1470104379117772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379117772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379117772,"flow_dst_last_pkt_time":1470104379117772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379117772,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379117826,"flow_dst_last_pkt_time":1470104379117772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379117826,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379118171,"flow_src_last_pkt_time":1470104379118171,"flow_dst_last_pkt_time":1470104379118171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379118171,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379118171,"flow_dst_last_pkt_time":1470104379118171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379118171,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379118197,"flow_dst_last_pkt_time":1470104379118171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379118197,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379118544,"flow_src_last_pkt_time":1470104379118544,"flow_dst_last_pkt_time":1470104379118544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379118544,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379118544,"flow_dst_last_pkt_time":1470104379118544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379118544,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379118574,"flow_dst_last_pkt_time":1470104379118544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379118574,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104379118972,"flow_dst_last_pkt_time":1470104379118972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379118972,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379118972,"flow_dst_last_pkt_time":1470104379118972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379118972,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379119006,"flow_dst_last_pkt_time":1470104379118972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379119006,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379119336,"flow_src_last_pkt_time":1470104379119336,"flow_dst_last_pkt_time":1470104379119336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379119336,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379119336,"flow_dst_last_pkt_time":1470104379119336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379119336,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379119373,"flow_dst_last_pkt_time":1470104379119336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379119373,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104379169121,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104379169283,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} +01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379117826,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379169717,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379169902,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379169902,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379169934,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379169934,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379119373,"flow_dst_last_pkt_time":1470104379170066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379170066,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379170186,"flow_dst_last_pkt_time":1470104379170066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379170186,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdtAAIAG5pLAqHMIarsj9sHEAFAS7Ia2h7Gb6lAQAQRtGwAA"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379170212,"flow_dst_last_pkt_time":1470104379170066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379170212,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdtAAIAG5pLAqHMIarsj9sHEAFAS7Ia2h7Gb6lAQAQRtGwAA"} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379118197,"flow_dst_last_pkt_time":1470104379170277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379170277,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379170422,"flow_dst_last_pkt_time":1470104379170277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379170422,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdxAAIAG5pHAqHMIarsj9sHBAFDavRsR2nqdoVAQAQS8cQAA"} +00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379170444,"flow_dst_last_pkt_time":1470104379170277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379170444,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdxAAIAG5pHAqHMIarsj9sHBAFDavRsR2nqdoVAQAQS8cQAA"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379117309,"flow_dst_last_pkt_time":1470104379170482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379170482,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379170578,"flow_dst_last_pkt_time":1470104379170482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379170578,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd1AAIAG5pDAqHMIarsj9sG\/AFBFF77g09klblAQAQQtHwAA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379170601,"flow_dst_last_pkt_time":1470104379170482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379170601,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd1AAIAG5pDAqHMIarsj9sG\/AFBFF77g09klblAQAQQtHwAA"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379118574,"flow_dst_last_pkt_time":1470104379173117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379173117,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379173286,"flow_dst_last_pkt_time":1470104379173117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379173286,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd5AAIAG5o\/AqHMIarsj9sHCAFAX8\/CLwVYxhlAQAQQvAAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379173327,"flow_dst_last_pkt_time":1470104379173117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379173327,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd5AAIAG5o\/AqHMIarsj9sHCAFAX8\/CLwVYxhlAQAQQvAAAA"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379119006,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379173449,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379173557,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379173557,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd9AAIAG5o7AqHMIarsj9sHDAFDIiN5dFUl7LVAQAQTy\/QAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379173583,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379173583,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd9AAIAG5o7AqHMIarsj9sHDAFDIiN5dFUl7LVAQAQTy\/QAA"} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379117772,"flow_src_last_pkt_time":1470104379175159,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175159,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104379175159,"flow_dst_last_pkt_time":1470104379170482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175159,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379119336,"flow_src_last_pkt_time":1470104379175928,"flow_dst_last_pkt_time":1470104379170066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175928,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118171,"flow_src_last_pkt_time":1470104379175928,"flow_dst_last_pkt_time":1470104379170277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379175928,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118544,"flow_src_last_pkt_time":1470104379177479,"flow_dst_last_pkt_time":1470104379173117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379177479,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104379178474,"flow_dst_last_pkt_time":1470104379173449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":361,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379178474,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22","detected_os":"Windows 7"}}} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379271247,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104379271247,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379271401,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104379271401,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104379271484,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104379271492,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxsAAAER6ZTAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} +02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":211,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1470104379118171,"flow_src_last_pkt_time":1470104379286078,"flow_dst_last_pkt_time":1470104379304068,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":24259,"midstream":0,"thread_ts_usec":1470104379304068,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":11413.0,"max":56171,"stddev":20339.8,"var":413706496.0,"ent":3.1,"data": [26,52106,52225,22,5484,34,48207,11555,801,69,59,49,273,37,27,28,464,56171,23,50473,3499,84,64,53877,45,17726,143,82,52,49,50]},"pktlen": {"min":40,"avg":821.9,"max":1300,"stddev":585.3,"var":342554.8,"ent":4.5,"data": [52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300]},"bins": {"c_to_s": [8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1],"entropies": [4.540471077,4.540471077,4.955154419,4.784184456,4.784184456,5.816493034,5.816493034,4.216916561,5.618361473,7.450107098,7.815211296,7.836095333,7.822941780,7.836542130,7.816992283,7.822154999,7.824875832,7.819305897,4.734184265,4.734184265,7.817429543,7.824024200,7.815408707,7.842577934,4.684183598,4.684183598,7.822679520,7.834252357,7.831438541,7.831308842,7.851968765,7.839091301]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":250,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1470104379118544,"flow_src_last_pkt_time":1470104379309514,"flow_dst_last_pkt_time":1470104379309350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":718,"flow_dst_tot_l4_payload_len":21739,"midstream":0,"thread_ts_usec":1470104379309514,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":12315.4,"max":66248,"stddev":24063.6,"var":579054976.0,"ent":2.8,"data": [30,54573,54712,41,4152,56,64506,68,36,30,74,39,719,84,86,86,61743,22,885,65392,59,66248,63,504,2917,559,54,52,83,3871,32]},"pktlen": {"min":40,"avg":743.1,"max":1300,"stddev":600.3,"var":360321.4,"ent":4.4,"data": [52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0],"entropies": [4.502009392,4.502009392,4.993616104,4.730640888,4.730640888,5.803964615,5.803964615,4.390829086,5.642121315,7.460942745,7.814809799,7.800187588,7.823173046,7.782991886,7.796648026,7.817361355,7.794824600,4.784183979,4.784183979,7.794241905,7.811538219,7.814032555,4.784183979,4.784183979,7.809308529,7.796229362,7.803008556,7.811974525,7.809011459,7.814390182,4.834183693,4.834183693]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":252,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104379305366,"flow_dst_last_pkt_time":1470104379309692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":21739,"midstream":0,"thread_ts_usec":1470104379309692,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":12274.6,"max":66840,"stddev":23326.2,"var":544113344.0,"ent":2.9,"data": [36,53209,53269,23,4558,53,61521,40,293,57,57277,26,5093,104,312,45,266,88,5943,34,1372,65090,55,53,50,66840,34,3844,90,757,80]},"pktlen": {"min":40,"avg":743.2,"max":1300,"stddev":600.2,"var":360235.6,"ent":4.4,"data": [52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1],"entropies": [4.540471077,4.540471077,4.955154419,4.834183693,4.834183693,5.784319878,5.784319878,4.303872585,5.637725830,7.471795559,7.791592598,4.734183788,4.734183788,7.804637909,7.807570934,7.830432415,7.825576305,7.818768978,7.845777035,4.734183788,4.734183788,7.838691235,7.833523750,7.842283726,7.806497097,7.842946529,4.784183979,4.784183979,7.828577518,7.834991455,7.820946693,7.813043594]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":280,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1470104379119336,"flow_src_last_pkt_time":1470104379328801,"flow_dst_last_pkt_time":1470104379305020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1458,"flow_dst_tot_l4_payload_len":23877,"midstream":0,"thread_ts_usec":1470104379328801,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":12746.7,"max":96474,"stddev":26329.7,"var":693255296.0,"ent":2.7,"data": [37,50730,50813,26,5716,35,60276,105,70,53,49,73,718,44,49,52,342,56283,26,72323,56,48,50,164,52,68,54,259,49,96474,55]},"pktlen": {"min":40,"avg":833.0,"max":1300,"stddev":555.0,"var":308021.3,"ent":4.6,"data": [52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0],"entropies": [4.502009392,4.502009392,4.955154896,4.884183884,4.884183884,5.823695183,5.823695183,4.434307098,5.651605129,7.494920254,7.816417217,7.819696903,7.824419022,7.827455044,7.838195324,7.842068195,7.840069771,7.839951038,4.834183693,4.834183693,7.833738804,7.824559212,7.804037571,7.837569714,7.815773964,7.860733032,7.833745480,7.858436108,7.849576473,7.725791931,5.812777519,5.812777519]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +02187{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":291,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1470104379117772,"flow_src_last_pkt_time":1470104379360886,"flow_dst_last_pkt_time":1470104379361184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":724,"flow_dst_tot_l4_payload_len":24259,"midstream":0,"thread_ts_usec":1470104379361184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":15694.4,"max":142000,"stddev":32346.1,"var":1046270720.0,"ent":2.8,"data": [54,51945,52076,32,5225,53,60454,877,31,40,63,40,400,73,48,50,170,85115,142000,23,40785,2483,129,70,65,43573,78,404,66,55,49]},"pktlen": {"min":40,"avg":822.0,"max":1300,"stddev":585.2,"var":342449.5,"ent":4.5,"data": [52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300]},"bins": {"c_to_s": [8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1],"entropies": [4.540471077,4.540471077,4.993616104,4.784183979,4.784183979,5.806403637,5.806403637,4.330940247,5.620885849,6.705548286,7.731300354,7.779007435,7.737928867,7.737201214,7.704045296,7.681565285,7.569606781,4.071334362,6.314223289,4.784183979,4.784183979,7.705962181,7.781871796,7.735430241,7.740441799,7.698603153,4.834183693,4.834183693,7.712049484,7.719846249,5.648873806,3.023065329]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379520893,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104379520893,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1470104379579523,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} +00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} +00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1470104379579704,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379887477,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104379887477,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379903616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379903616,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379903698,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379903698,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104379916887,"flow_dst_last_pkt_time":1470104379916887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379916887,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379916887,"flow_dst_last_pkt_time":1470104379916887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379916887,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379916943,"flow_dst_last_pkt_time":1470104379916887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379916943,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379903698,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379940364,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379940552,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379940552,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUghAAIAG5u\/AqHMIarkjbsHFAFDej0WcKkQEKVAQAQTYSQAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379940588,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379940588,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUghAAIAG5u\/AqHMIarkjbsHFAFDej0WcKkQEKVAQAQTYSQAA"} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379941700,"flow_dst_last_pkt_time":1470104379940364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379941700,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379916943,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379954670,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379954937,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379954937,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379955007,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379955007,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104379956802,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379956802,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","domainame":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}} +02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380141237,"flow_dst_last_pkt_time":1470104380142241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":20160,"midstream":0,"thread_ts_usec":1470104380142241,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":14506.6,"max":146838,"stddev":33179.1,"var":1100853504.0,"ent":2.6,"data": [56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113]},"pktlen": {"min":40,"avg":693.6,"max":1300,"stddev":612.0,"var":374554.6,"ent":4.3,"data": [52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1],"entropies": [4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013]},"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi"}} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380188079,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380188079,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380188079,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380188079,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380188122,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380188122,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380188122,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380300643,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1470104380300823,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380300823,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhVAAIAGEmvAqHMI2vSHqsHHI4t8ty1\/KILEY1AQAQScEQAA"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1470104380300850,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380300850,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhVAAIAGEmvAqHMI2vSHqsHHI4t8ty1\/KILEY1AQAQScEQAA"} +01387{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380302072,"flow_dst_last_pkt_time":1470104380300643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380302072,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170","domainame":"218.244.135.170","http": {"url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380603356,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104380603356,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737950,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104380737950,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737950,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737950,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104380737994,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} +01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380737950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380737994,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1470104380772526,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="} +01106{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1470104380772526,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["203.205.151.234,ttl=299"]}}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380773662,"flow_src_last_pkt_time":1470104380773662,"flow_dst_last_pkt_time":1470104380773662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380773662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380773662,"flow_dst_last_pkt_time":1470104380773662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380773662,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380773739,"flow_dst_last_pkt_time":1470104380773662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380773739,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380773739,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380801749,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1470104380801884,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380801884,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhxAAIAGEUvAqHMIy82X6sHIAFAfZnbYJWMDbFAQAQSWQQAA"} +00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1470104380801910,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380801910,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhxAAIAGEUvAqHMIy82X6sHIAFAfZnbYJWMDbFAQAQSWQQAA"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380773662,"flow_src_last_pkt_time":1470104380807804,"flow_dst_last_pkt_time":1470104380801749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380807804,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"vv.video.qq.com","domainame":"vv.video.qq.com","http": {"url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0","request_content_type":"application\/x-www-form-urlencoded"}}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104380890420,"flow_dst_last_pkt_time":1470104380890420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380890420,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380890420,"flow_dst_last_pkt_time":1470104380890420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380890420,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380890470,"flow_dst_last_pkt_time":1470104380890420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380890470,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104380909602,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380909602,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380909602,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104380909602,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1470104380890470,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1470104380966940,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1470104380967069,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380967069,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiFAAIAGFu7AqHMIKngzmMHJH5CKzmkIwyC\/m1AQ\/\/DGNQAA"} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1470104380967094,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104380967094,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiFAAIAGFu7AqHMIKngzmMHJH5CKzmkIwyC\/m1AQ\/\/DGNQAA"} +01441{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104380968230,"flow_dst_last_pkt_time":1470104380966940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380968230,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152","domainame":"42.120.51.152","http": {"url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0","request_content_type":"application\/x-www-form-urlencoded"}}} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381115496,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104381115496,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381217455,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217455,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381217455,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381217455,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381217455,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217455,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217586,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104381217586,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104381217586,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381217586,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381237806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381237806,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381237806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104381237806,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381238763,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381238800,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381238800,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} +00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104381239406,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381240437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381240437,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"} +01530{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381626995,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} +00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381831288,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104381831288,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381895304,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381895304,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381895349,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381895349,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935187,"flow_src_last_pkt_time":1470104381935187,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381935187,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381935187,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104381935187,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0MAAAERi63AqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935187,"flow_src_last_pkt_time":1470104381935187,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381935187,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104381935396,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381935396,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1470104381935396,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104381935396,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUIAAAERlcbAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104381935396,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381935396,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381935810,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104381935810,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRQAAAQRv1\/AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381935961,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104381935961,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiEAAAERhV\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381895349,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1470104381968167,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381968358,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104381968358,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUi9AAIAGjNvAqHMIt4MwkcHMAFBbXvERj2zYOlAQ\/\/Ad6gAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381968391,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104381968391,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUi9AAIAGjNvAqHMIt4MwkcHMAFBbXvERj2zYOlAQ\/\/Ad6gAA"} +01642{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381978984,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381978984,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145","domainame":"183.131.48.145","http": {"url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382036037,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104382036037,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104382038651,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382053678,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382053678,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382053678,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104382053678,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382053709,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104382053709,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} +02446{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104382084858,"flow_dst_last_pkt_time":1470104381881083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":3612,"flow_dst_tot_l4_payload_len":6271,"midstream":0,"thread_ts_usec":1470104382084858,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":70487.1,"max":398999,"stddev":104302.2,"var":10878943232.0,"ent":3.6,"data": [50,76520,76599,25,1136,41,62341,85,61755,47,298859,73,398999,66467,177,166123,34,60273,507,89,60822,34,117112,46,178142,469,61984,45,102335,44259,349653]},"pktlen": {"min":40,"avg":350.6,"max":1300,"stddev":410.3,"var":168364.1,"ent":4.1,"data": [52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40]},"bins": {"c_to_s": [9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0],"entropies": [4.633441925,4.633441925,4.967222691,4.981687069,4.981687069,5.768459320,5.768459320,4.652828693,5.358993053,6.064707279,6.064707279,6.054220200,6.054220200,4.609350204,5.268521309,4.718248367,4.931687355,4.931687355,4.699154854,5.227048397,4.912804604,4.931686878,4.931686878,5.830219269,5.830219269,4.609350204,5.397304058,6.051352978,6.051352978,4.696306705,5.685911179,4.912815094]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152"}} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1470104382053709,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1470104382122949,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382123077,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104382123077,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1470104382123103,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104382123103,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"} +01713{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125031,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382125031,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.144","domainame":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}} +01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125065,"flow_dst_last_pkt_time":1470104382192288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":281,"midstream":0,"thread_ts_usec":1470104382192288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144","domainame":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382241911,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382242882,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382242882,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfYYAAAERhhrAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104382242882,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382242882,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382243140,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382243140,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMNEAAAER0p\/AqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1470104382243529,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104382243529,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNN4pAgEGAP54u0wAAAAAwKgFMcCoBTHAqHcBAAAAAOix\/Kv7sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382345385,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382345385,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOq0AAAERyNDAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382448550,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448550,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382448550,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_usec":1470104382448550,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382448550,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448550,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382448739,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448739,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382448739,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104382448739,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed0AAAERmP3AqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382448739,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448739,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448863,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104382448863,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCesAAAQR9onAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104382448863,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382448863,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_usec":1470104382857884,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104382858294,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed8AAAERmPvAqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1470104383675559,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104383675559,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLYAAAQRv8DAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104383810371,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104383810371,"pkt":"TF4M6gNlYMVHBbyMCABFAAFI+0MAAEARgP\/AqAUQwKh3AQBEAEMBNFvxAQEGABeXwMwAAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} +01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383810371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104383810371,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air","domainame":"macbook-air","dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}} +00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1470104383810371,"flow_dst_last_pkt_time":1470104383815221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104383815221,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbOAgEGABeXwMwAAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1470104384085549,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104384085549,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEMAAAER2QfAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1470104384085672,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104384085672,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAshosLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAt0="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1470104384289461,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104384289461,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFAAAAER7zTAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1470104385005874,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104385005874,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRUAAAQRv17AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1470104385211573,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104385211573,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0oAAAERfD7AqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1470104385211727,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104385211727,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfwAAAAERhKDAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1470104385212104,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104385212104,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMOQAAAER0ozAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1470104385313558,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104385313558,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOr0AAAERyMDAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1470104385418800,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104385418800,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCewAAAQR9ojAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104385827777,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104385827777,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1470104385827777,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104385827777,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1470104386645103,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104386645103,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLcAAAQRv7\/AqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1470104387054000,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104387054000,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEQAAAER2QbAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1470104387260032,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104387260032,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFEAAAER7zPAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104388033892,"flow_src_last_pkt_time":1470104388033892,"flow_dst_last_pkt_time":1470104388033892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104388033892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1470104388033892,"flow_dst_last_pkt_time":1470104388033892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104388033892,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1470104388033946,"flow_dst_last_pkt_time":1470104388033892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104388033946,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1470104388033946,"flow_dst_last_pkt_time":1470104388037933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104388037933,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0ZvMAAD0GYYbLQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1470104388182619,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104388182619,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0wAAAERfDzAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1470104388182845,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104388182845,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfzUAAAERhGvAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104389597943,"flow_src_last_pkt_time":1470104389597943,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104389597943,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1470104389597943,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104389597943,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ErtAAEAGH+LAqAUQROn9hdFtAFBAFGHVDj7nf4AREAH2GQAAAQEIChoPOPTPHNz0"} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1470104389616162,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104389616162,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLgAAAQRv77AqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390023643,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104390023643,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEUAAAER2QXAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1470104390229888,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104390229888,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFIAAAER7zLAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390443500,"flow_dst_last_pkt_time":1470104390443500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390443500,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390443500,"flow_dst_last_pkt_time":1470104390443500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104390443500,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390443500,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1470104390640525,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1470104390640578,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390640578,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1470104390642049,"pkt":"TF4M6gNlYMVHBbyMCABFAAE9+GJAAEAGOTHAqAUQROn9hdF4AFAesUW5djjve4AYEBVNJgAAAQEIChoPPQXPHh84R0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} +01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390838554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390838554,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"} +01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} +00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390945416,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104390945416,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199899,"flow_dst_last_pkt_time":1470104391199899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104391199899,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1470104391199899,"flow_dst_last_pkt_time":1470104391199899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104391199899,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391199899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104391199954,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104391208758,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1470104391253292,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104391253292,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChARUAAAERAozAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1470104391254355,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104391254355,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ1IAAAERfDbAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254477,"flow_src_last_pkt_time":1470104391254477,"flow_dst_last_pkt_time":1470104391254477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391254477,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1470104391254477,"flow_dst_last_pkt_time":1470104391254477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104391254477,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254477,"flow_src_last_pkt_time":1470104391254477,"flow_dst_last_pkt_time":1470104391254477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391254477,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254588,"flow_src_last_pkt_time":1470104391254588,"flow_dst_last_pkt_time":1470104391254588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391254588,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1470104391254588,"flow_dst_last_pkt_time":1470104391254588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104391254588,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuAAAAER9UjAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"} +00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254588,"flow_src_last_pkt_time":1470104391254588,"flow_dst_last_pkt_time":1470104391254588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391254588,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1470104391361874,"flow_dst_last_pkt_time":1470104391254477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104391361874,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1470104391362039,"flow_dst_last_pkt_time":1470104391254588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104391362039,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuEAAAER9UfAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1470104391458729,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104391458729,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCe4AAAQR9obAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391564386,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104391564386,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHugAAIARlnrAqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00965{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104391564386,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104391564386,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap","domainame":"isatap"}} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072031,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392072031,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104392072031,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tXCABFAAFZOwBAAEARsV\/AqIyM\/\/\/\/\/\/YA9gABRQTx\/\/\/Z1aAAwKC7c+tXwKiMjAAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tXQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI2AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqIyM\/\/8AAFBvcnQgOAAAIAGwIAAGAADCoLv\/\/nPrV0A="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072989,"flow_src_last_pkt_time":1470104392072989,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392072989,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1470104392072989,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_usec":1470104392072989,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRMAf\/D9nVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392380243,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104392380243,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOckUAAEARgdzAqAUtwKj\/\/+mNAIkAOs9OABUBEAABAAAAAAAAIEZERUJFT0VLRUpDTkVNRUpFR0VGRUNFUEVQRUxDTkNBAAAgAAE="} +00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104392380243,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104392380425,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsg0sLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACBh0="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393097082,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393097082,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxQAAIARlk7AqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1470104393302618,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104393302618,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFMAAAER7zHAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610238,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610238,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393610238,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOGrEAAEAR2XDAqAUtwKj\/\/+hFAIkAOjOmABcBEAABAAAAAAAAIEVIRUdFSkVNRUZDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAE="} +00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610238,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610238,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gfile","domainame":"gfile"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393610386,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOnJgAAEARV4nAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} +00966{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile","domainame":"nasfile"}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610555,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} +00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} +00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393610744,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610744,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} +00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393611090,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393813792,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393813792,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1470104394223876,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104394223876,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChAc0AAAERAdTAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1470104394531875,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104394531875,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxoAAIARlkjAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1470104394635803,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104394635803,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOipYAAEARaYvAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1470104395351449,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104395351449,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHysAAIARljfAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104395656981,"flow_src_last_pkt_time":1470104395656981,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104395656981,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1470104395656981,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104395656981,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUQe\/\/+eLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1470104395657061,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104395657061,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARqaYAAAAA\/\/\/\/\/wBEAEMBNLOUAQEGALkL8pMAEIAAAAAAAAAAAAAAAAAAAAAAAExeDOoDZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPQcBTF4M6gNlNwYBAwYPLCH\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104396888586,"flow_src_last_pkt_time":1470104396888586,"flow_dst_last_pkt_time":1470104396888586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104396888586,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1470104396888586,"flow_dst_last_pkt_time":1470104396888586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1470104396888586,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104396888586,"flow_src_last_pkt_time":1470104396888586,"flow_dst_last_pkt_time":1470104396888586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104396888586,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104396889494,"flow_src_last_pkt_time":1470104396889494,"flow_dst_last_pkt_time":1470104396889494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104396889494,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1470104396889494,"flow_dst_last_pkt_time":1470104396889494,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104396889494,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi0AAAERlLzAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104396889494,"flow_src_last_pkt_time":1470104396889494,"flow_dst_last_pkt_time":1470104396889494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104396889494,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1470104396987090,"flow_dst_last_pkt_time":1470104396888586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1470104396987090,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1470104396987104,"flow_dst_last_pkt_time":1470104396889494,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104396987104,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi4AAAERlLvAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1470104397090815,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104397090815,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfi8AAAERhVHAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397091815,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397091815,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104397091815,"pkt":"\/\/\/\/\/\/\/\/cPGh+Cr9CABFAAFIAzMAAIARcMHAqAUJ\/\/\/\/\/wBEAEMBND1aAQEGAPwPedgAAIAAwKgFCQAAAAAAAAAAAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBcPGh+Cr9DAlKb2FubmEtUEM8CE1TRlQgNS4wNw0BDwMGLC4vHyF5+Sv8\/wAAAAAAAAAAAAAA"} +01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397091815,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397091815,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc","domainame":"joanna-pc","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1470104397192245,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104397192245,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ1QAAAERfDTAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1470104397396994,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104397396994,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCfAAAAQR9oTAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397807877,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397807877,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104397807877,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397807877,"flow_src_last_pkt_time":1470104397807877,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104397807877,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104398314933,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398832807,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104398832807,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} +01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398832807,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlecast._tcp.local","domainame":"_googlecast._tcp.local","mdns": {}}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398932814,"flow_src_last_pkt_time":1470104398932814,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104398932814,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1470104398932814,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104398932814,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1470104399652689,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4QZsAAAER0UXAqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1470104399854544,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="} +01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:88","identity":"4MNAT","version":"6.35.1 (stable)","software_id":"N538-G04U","board":"RB450G","uptime":2207654912}}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104399958731,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959547,"flow_src_last_pkt_time":1470104399959547,"flow_dst_last_pkt_time":1470104399959547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399959547,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399959547,"flow_dst_last_pkt_time":1470104399959547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_usec":1470104399959547,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD9SQU6wAlorgrvQAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959547,"flow_src_last_pkt_time":1470104399959547,"flow_dst_last_pkt_time":1470104399959547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399959547,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959775,"flow_src_last_pkt_time":1470104399959775,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399959775,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399959775,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104399959775,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7YAAAERxyfAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959775,"flow_src_last_pkt_time":1470104399959775,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399959775,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1470104399959814,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104399959814,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRYAAAQRv13AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400059244,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104400059244,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRIAAAER4cfAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400059395,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1470104400059395,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4rMMAAAERZh3AqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1470104400059456,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104400059456,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfjEAAAERhU\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162264,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01209{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"thread_ts_usec":1470104400162264,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIkCfEAAAQR9QTAqAUx7\/\/\/+gdsB2wCELIPTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovLzE5Mi4xNjguNS40OToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="} +00994{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104400162264,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162264,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162411,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":528,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162411,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"thread_ts_usec":1470104400162411,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAhgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIYYQNOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vW2ZlODA6OjliZDo4MWRkOjJmZGM6NTc1MF06Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} +00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162411,"flow_src_last_pkt_time":1470104400162411,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":528,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104400162411,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"[ff02::c]:1900","domainame":"[ff02::c]:1900"}} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400366719,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104400366719,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7cAAAERxybAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} +01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400366790,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1470104400366790,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIWCfIAAAQR9RHAqAUx7\/\/\/+gdsB2wCAmnTTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb25uZWN0aW9uTWFuYWdlcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vMTkyLjE2OC41LjQ5OjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} +01223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400366956,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":576,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":576,"pkt_l4_len":522,"thread_ts_usec":1470104400366956,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAgoRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIKzRJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly9bZmU4MDo6OWJkOjgxZGQ6MmZkYzo1NzUwXToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} +01186{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_src_last_pkt_time":1470104400571720,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":546,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":546,"pkt_l4_len":512,"thread_ts_usec":1470104400571720,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIUCfMAAAQR9RLAqAUx7\/\/\/+gdsB2wCAPPDTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} +01223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_src_last_pkt_time":1470104400571911,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":574,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":574,"pkt_l4_len":520,"thread_ts_usec":1470104400571911,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAggRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIIordOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbnRlbnREaXJlY3Rvcnk6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1470104400878902,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104400878902,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl66AAAAERF9XAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1470104400983874,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104400983874,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401187549,"flow_src_last_pkt_time":1470104401187549,"flow_dst_last_pkt_time":1470104401187549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104401187549,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1470104401187549,"flow_dst_last_pkt_time":1470104401187549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104401187549,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S70AAAERxyDAqAUy4AAA\/MNuFOsAJYAi+T0AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401187549,"flow_src_last_pkt_time":1470104401187549,"flow_dst_last_pkt_time":1470104401187549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104401187549,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_src_last_pkt_time":1470104401288363,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":534,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":534,"pkt_l4_len":500,"thread_ts_usec":1470104401288363,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIICfQAAAQR9R3AqAUx7\/\/\/+gdsB2wB9PpOTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} +01207{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":4,"flow_src_last_pkt_time":1470104401288517,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":562,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":562,"pkt_l4_len":508,"thread_ts_usec":1470104401288517,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAfwRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAH8qUJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6TWVkaWFTZXJ2ZXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="} +00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1470104401902520,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104401902520,"pkt":"\/\/\/\/\/\/\/\/vO57DLPeCABFAAFIg+0AAEAR9bgAAAAA\/\/\/\/\/wBEAEMBNDMlAQEGANPiBnoAAAAAAAAAAAAAAAAAAAAAAAAAALzuewyz3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLWY3Y2EwZjU3MTI3MGM1MmQ3CQEhAwYPHDM6O\/8A"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401904977,"flow_src_last_pkt_time":1470104401904977,"flow_dst_last_pkt_time":1470104401904977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104401904977,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1470104401904977,"flow_dst_last_pkt_time":1470104401904977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104401904977,"pkt":"\/\/\/\/\/\/\/\/ABNyFooyCABFAABEAABAAEARLl07eNDU\/\/\/\/\/4AAB5sAMADiZERZY1RjNFBBQUJQY0dWdVluUnpBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402238628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402238628,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402238628,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104402238628,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104402239704,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402239746,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402239746,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} +00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104402240297,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402241217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402241217,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"} +01530{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1470104402518151,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} +01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} +01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} +01114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518736,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"thread_ts_usec":1470104402518736,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfUAAAQR9UfAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} +01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518845,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"thread_ts_usec":1470104402518845,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624102,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1470104402624102,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624102,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624153,"flow_src_last_pkt_time":1470104402624153,"flow_dst_last_pkt_time":1470104402624153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624153,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402624153,"flow_dst_last_pkt_time":1470104402624153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104402624153,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1kAAAER9MzAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} +00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624153,"flow_src_last_pkt_time":1470104402624153,"flow_dst_last_pkt_time":1470104402624153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624153,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402624418,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104402624418,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl1ocAAAERLO7AqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402724346,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1470104402724346,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402724804,"flow_dst_last_pkt_time":1470104402624153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104402724804,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1wAAAER9MnAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104403134617,"flow_src_last_pkt_time":1470104403134617,"flow_dst_last_pkt_time":1470104403134617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104403134617,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1470104403134617,"flow_dst_last_pkt_time":1470104403134617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104403134617,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow0AAAER19nAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104403134617,"flow_src_last_pkt_time":1470104403134617,"flow_dst_last_pkt_time":1470104403134617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104403134617,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_src_last_pkt_time":1470104403234152,"flow_dst_last_pkt_time":1470104403134617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104403234152,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow8AAAER19fAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_src_last_pkt_time":1470104403852168,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104403852168,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClDVwAAAER9hnAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104404055376,"flow_src_last_pkt_time":1470104404055376,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104404055376,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1470104404055376,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104404055376,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfbcLBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgAAAAYABAAXABg="} +00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104404055376,"flow_src_last_pkt_time":1470104404055376,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104404055376,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1470104405589893,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104405589893,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClUIAAAAERsvXAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1470104405794164,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="} +01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:56:47:4F","identity":"IPv6Route","version":"6.35.4 (stable)","software_id":"VS1L-Q18R","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":101135872}}} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104406717230,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717280,"flow_src_last_pkt_time":1470104406717280,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717280,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1470104406717280,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104406717280,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LR4AAAER5cfAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717280,"flow_src_last_pkt_time":1470104406717280,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717280,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1470104406818318,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104406818318,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfJ0LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgEaAAYABAAXABg="} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_src_last_pkt_time":1470104407128408,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104407128408,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1470104407128422,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104407128422,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LSAAAAER5cXAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1470104407686919,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104407686919,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104408049680,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104408049734,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyAAAAER6Y\/AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} +01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104408457883,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104408458018,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyIAAAER6Y3AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} +00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104408662594,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUfM\/\/+TXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="} +00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408662780,"flow_dst_last_pkt_time":1470104378657181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_usec":1470104408662780,"pkt":"MzMAAAABwKC7c+tHht1gAAAAAVERgCABsDACFAEAwqC7\/\/5z60f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRTer\/D5NdoADAoLtz60cgAbAwAhQBAMKgu\/\/+c+tHAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz60dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjUAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCofR7\/\/wAAUG9ydCAxMAAgAbAwAhQBAMKgu\/\/+c+tHQA=="} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":798,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586167,"flow_src_last_pkt_time":1470104409586167,"flow_dst_last_pkt_time":1470104409586167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104409586167,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1470104409586167,"flow_dst_last_pkt_time":1470104409586167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104409586167,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":798,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586167,"flow_src_last_pkt_time":1470104409586167,"flow_dst_last_pkt_time":1470104409586167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104409586167,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":799,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586427,"flow_src_last_pkt_time":1470104409586427,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104409586427,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1470104409586427,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104409586427,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6gAAAER9IDAqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586427,"flow_src_last_pkt_time":1470104409586427,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104409586427,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":1470104409685484,"flow_dst_last_pkt_time":1470104409586167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104409685484,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_src_last_pkt_time":1470104409685499,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104409685499,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6kAAAER9H\/AqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104410885006,"flow_dst_last_pkt_time":1470104410885006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104410885006,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1470104410885006,"flow_dst_last_pkt_time":1470104410885006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1470104410885006,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDK5AADMGDHZ36+tUwKgFEAG70J5BKvaX5fLLP1AQABsvzwAAgAIAAgAAAFMAAAANAABiYMcwiMXQzMiMgQcmWlJZkMqglFhQAPR2YgnQQP0K3ZKMosy0EuvkjMSi4tQS29AQN10LsmxnBTJKihm4DE3MDQwNTEwMjQAAAAD\/\/wAAAA0BAAZkbQ8Sj7Oe9PiiwBDc+0M3qnjgDK8RRxC4wMkMm6VV91C1Te+ybrzRLmHpyrK4bZavXIwADOQ6snm8v2H2p2SpH6m06PqK2eSoERX3TNfq7vb1Pveo7PONT9TnUXjkgVt2M1UumsUWGrLgq2GUvlzXvOPLaIXh2WGGxaNQtz1jFVdY+0zrpxEqy\/jQWU3QaN8euscIrVLF\/pkwWAOQct9fJHfuNC\/MfpPEwL\/1AnsUcAaC8\/sfjjx5DIP3T5+kLB\/ky5nWDGzJudLxL39BV679cN3TMGGwCiDjz8BUbsetnqmdz5nZf4AwUpqUBbDH0YbukYFxFpgWx1VK0Ft6NyauHZR77Fn6jjWPJxfrizISaNJJAw2Tqy9duTjvZ6O6coJr6d9MtTXf5qsYx+0KeK8uO221KMufGGsvUAI4YCgvPXVdW0lbCdk\/UWdvQk27qxkaA0bMmmtaoIM\/NdoPPcwHfYUfdLkSeX9aftPdhgNudr\/W5u4Rq9JCuxr+xSmkqaDqd6gSKkqRzGlbbbrcGyF7WGk\/8cG1vc2UHan62LkAAzJEJRwjhuFaCDyVcgr9Hf+VOCu\/WbKVvxixWZOd0y0FbTEIYK9xEk19sHm0uVaBKIvOw8BvnHM4ZoE15rgdy9cOuctKEI63utAOFOf2mQnsx+xGkU5azbbGL0YjiKG9XwO74XxdztUwcLqPr0\/JJmPPgPFoGSWqsm9ugxiAf+6FK5eJomztrl11jHLqcqmSu0amZJ2vzsr+HQ1yaBS8xhtHAlRjYL9oIKpApKM94hPIcq8aaGJEtzamTcDbtBQ1sMPcUE+yUtiBPrlnO9Nwt\/CiYfwjXLhAc57Nmo6vBWzUjss7w\/7Wb9k3zYdX1OxZgy1kvrBuG2WVHzF+IQ9Fq\/pk0IvbsQWQO2qMcnqAwwXAN5zFvFMTcfpV\/GRa6Cvc8ELP86S69D9ZpljWsaAmgFvinMLKj5eAujG5SXpnROjWsWKDhRiTv5p7M\/QvQ5PgsvnxYxwzTtmPmwT4v+9UIamloL6aH4y9ceyGZvFPH\/jOWhlPoGpWSmL8FxzRX8I0ZOH5h7GitpswaZPQenRLegoX\/pJNP3pcJ4kvc\/7oBU9eKhNCbKNIMLr0J2sgbcuo5DzP6xW+1KJlTpJay9bl5Pl0VPdVfr53CYdTOnDLEPtQAs8TDIA8+qWO4m2hTbvXTydzx3h6dgKZjr70r80ubfEhXRuxkxseun6pvNvpxyma0gxSfUYbMbRpJsPfd1POQDYxd1WsmLeynpzweBtMB4CyWpE7em97ncQfT+1jYPiU4C8h442mV+2iNebysC3+tj1kSc3iredU54VVSYsYiDJCTKDt1B72wPesWWs8H1oh07d+p8n6q\/HM+0on3oN8mliBSXdA4qo8xl+PnHCuSiNIcO9F46tn+Si8KqAsE1CoyxalnbQ2XoJdnf\/XNWrUBFQvGpTm8cA2xt6y\/B14Mse3ha6wLlYiZQnR\/q6to9f77axqkMdPEZxW8P1dQkKPv6RSZjX5So+geIVQBTjCtJ438tTlN+BBHx3i57FI5d8+OwESi4EeyLHH\/WufGNcvXF2wAiF6MIh3TqZipTbK\/sfxI05ZUV2K0zFjDFs3q+4O\/gCdO\/GR8NpL14qmcLw4hj2DUzElDJ7z58du\/sTLY9PL12tg2\/g4c+maPg6xMQhEEJZZ2fr0StLQ4dC8yRSCQ5AlLS4oj7J42WuPepbvvAkbIdKlT+5AXzJDvxJIA\/K5zy\/vGwU1kziWNYRVpFmlobTG1I2P3poiceReoPCxgxmEbNKxlIyxGeOkbT03xrhCy3M="} +00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_src_last_pkt_time":1470104410885806,"flow_dst_last_pkt_time":1470104410885006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_usec":1470104410885806,"pkt":"ABxCjnAxTF4M6gNlCABFAAE7DK9AADMGERZ36+tUwKgFEAG70J5BKvxL5fLLP1AYABuy+gAAjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0HTuFW4zAQpKNlDl6pGtEpiOY1HdxQ1Bv0HkLtvfY7Kkq4QCv1lSYlKLAPMR+Oc9r2t96JVS9ceghm\/Wm9DKfghBx740ADnGdTcU2OF\/8x6UPEOuW6wwYjs3Pb+yZn6sRfXdwloMkU3kuWbA\/HnEcEyg9N63JYWRugH0gCb7wJDNCrha78dJpq+nOGbkegYKzSRi8MebnxJxxwLRQs3jpRKSRVmH0ihWT6Ua9H97Rj8GCDKcrs8+ASvsIB+r3MFWznlQzQS834owopgMgpZRwgoXAU="} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_src_last_pkt_time":1470104410885806,"flow_dst_last_pkt_time":1470104410885838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104410885838,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoSVVAAEAGyILAqAUQd+vrVNCeAbvl8ss\/QSr9XlAQHmimXgAAAAAAAAAA"} +02509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":4,"flow_src_last_pkt_time":1470104410886170,"flow_dst_last_pkt_time":1470104410885838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1470104410886170,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDLBAADMGDHR36+tUwKgFEAG70J5BKv1e5fLLP1AQABtZEAAAgAIAAgAAABIAAAAZAADC7iCDgXMQAAAA\/\/8AAAAZAQAGVG0PEo+znvT4osAQ3PtDN6p44AyvEUcQuMDJDJulVfdQtU3vsm680S5h6cqyuG2Wr1yMAAzkOrJ5vL9h9qdkqR+ptOj6itnkqBEV90zX6u729T73qOzzjU\/U51F45IFbdjNVLprFFhqy4KthlL5c17zjy2iF4dlhhsWjULc9YxVXWPtM66cRKsv40FlN0GjfHrrHCK1Sxf6ZMFgDkHLfXyR37jQvzH6TxMC\/9QJ7FHAGgvP7H448eQyD90+fpCwf5MuZ1gxsybnS8S9\/QVeu\/XDd0zBhsAog48\/AVG7HrZ6pnc+Z2X+AMFKalAWwx9GG7pGBcRaYFsdVStBbejcmrh2Ue+xZ+o41jycX64syEmjSSQMNk6svXbk472ejunKCa+nfTLU13+arGMftCnivLjtttSjLnxhrL1ACOGAoLz11XVtJWwnZP1Fnb0JNu6sZGgNGzJprWqCDPzXaDz3MB32FH3S5Enl\/Wn7T3YYDbna\/1ubuEavSQrsa\/sUppKmg6neoEipKkcxpW2263Bshe1hpP\/HBtb3NlB2p+ti5AAMyRCUcI4bhWgg8lXIK\/R3\/lTgrv1mylb8YsVmTndMtBW0xCGCvcRJNfbB5tLlWgSiLzsPAb5xzOGaBNea4HcvXDrnLShCOt7rQDhTn9pkJ7MfsRpFOWs22xi9GI4ihvV8Du+F8Xc7VMHC6j69PySZjz4DxaBklqrJvboMYgH\/uhSuXiaJs7a5ddYxy6nKpkrtGpmSdr87K\/h0NcmgUvMYbRwJUY2C\/aCCqQKSjPeITyHKvGmhiRLc2pk3A27QUNbDD3FBPslLYgT65ZzvTcLfwomH8I1y4QHOezZqOrwVs1I7LO8P+1m\/ZN82HV9TsWYMtZL6wbhtllR8xfiEPRav6ZNCL27EFkDtqjHJ6gMMFwDecxbxTE3H6VfxkWugr3PBCz\/OkuvQ\/WaZY1rGgJoBb4pzCyo+XgLoxuUl6Z0To1rFig4UYk7+aezP0L0OT4LL58WMcM07Zj5sE+L\/vVCGppaC+mh+MvXHshmbxTx\/4zloZT6BqVkpi\/Bcc0V\/CNGTh+YexorabMGmT0Hp0S3oKF\/6STT96XCeJL3P+6AVPXioTQmyjSDC69CdrIG3LqOQ8z+sVvtSiZU6SWsvW5eT5dFT3VX6+dwmHUzpwyxD7UALPEwyAPPqljuJtoU27108nc8d4enYCmY6+9K\/NLm3xIV0bsZMbHrp+qbzb6ccpmtIMUn1GGzG0aSbD33dTzkA2MXdVrJi3sp6c8HgbTAeAslqRO3pve53EH0\/tY2D4lOAvIeONplftojXm8rAt\/rY9ZEnN4q3nVOeFVUmLGIgyQkyg7dQe9sD3rFlrPB9aIdO3fqfJ+qvxzPtKJ96DfJpYgUl3QOKqPMZfj5xwrkojSHDvReOrZ\/kovCqgLBNQqMsWpZ20Nl6CXZ3\/1zVq1ARULxqU5vHANsbesvwdeDLHt4WusC5WImUJ0f6uraPX++2sapDHTxGcVvD9XUJCj7+kUmY1+UqPoHiFUAU4wrSeN\/LU5TfgQR8d4uexSOXfPjsBEouBHsixx\/1rnxjXL1xdsAIhejCId06mYqU2yv7H8SNOWVFditMxYwxbN6vuDv4AnTvxkfDaS9eKpnC8OIY9g1MxJQye8+fHbv7Ey2PTy9drYNv4OHPpmj4OsTEIRBCWWdn69ErS0OHQvMkUgkOQJS0uKI+yeNlrj3qW77wJGyHSpU\/uQF8yQ78SSAPyuc8v7xsFNZM4ljWEVaRZpaG0xtSNj96aInHkXqDwsYMZhGzSsZSMsRnjpG09N8a4QstzjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0E="} +00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":5,"flow_src_last_pkt_time":1470104410886207,"flow_dst_last_pkt_time":1470104410885838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1470104410886207,"pkt":"ABxCjnAxTF4M6gNlCABFAADqDLFAADMGEWV36+tUwKgFEAG70J5BKwMS5fLLP1AYABuHLgAA07hVuMwEKSjZQ5eqRrRKYjmNR3cUNQb9B5C7b32OypKuEAr9ZUmJSiwDzEfjnPa9rfeiVUvXHoIZv1pvQyn4IQce+NAA5xnU3FNjhf\/MelDxDrlusMGI7Nz2\/smZ+rEX13cJaDJFN5LlmwPx5xHBMoPTetyWFkboB9IAm+8CQzQq4Wu\/HSaavpzhm5HoGCs0kYvDHm58ScccC0ULN46USkkVZh9IoVk+lGvR\/e0YuitBUMasD0pyfvgp\/ePSgdJ+YGc="} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_src_last_pkt_time":1470104410914072,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104410914072,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsew8LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgKoAAYABAAXABg="} +00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1470104411018970,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104411018970,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104411327542,"flow_src_last_pkt_time":1470104411327542,"flow_dst_last_pkt_time":1470104411327542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104411327542,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1470104411327542,"flow_dst_last_pkt_time":1470104411327542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104411327542,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7YAAAERvzfAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} +00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104411327542,"flow_src_last_pkt_time":1470104411327542,"flow_dst_last_pkt_time":1470104411327542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104411327542,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_src_last_pkt_time":1470104411735820,"flow_dst_last_pkt_time":1470104411327542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104411735820,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7cAAAERvzbAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1470104412552564,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104412552564,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCgMAAAQR9nHAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104412556037,"flow_src_last_pkt_time":1470104412556037,"flow_dst_last_pkt_time":1470104412556037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104412556037,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1470104412556037,"flow_dst_last_pkt_time":1470104412556037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_usec":1470104412556037,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} +00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104412556037,"flow_src_last_pkt_time":1470104412556037,"flow_dst_last_pkt_time":1470104412556037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104412556037,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":828,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104412556263,"flow_src_last_pkt_time":1470104412556263,"flow_dst_last_pkt_time":1470104412556263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104412556263,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1470104412556263,"flow_dst_last_pkt_time":1470104412556263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104412556263,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeQAAAERmPbAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} +00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":828,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104412556263,"flow_src_last_pkt_time":1470104412556263,"flow_dst_last_pkt_time":1470104412556263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104412556263,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_src_last_pkt_time":1470104412962283,"flow_dst_last_pkt_time":1470104412556037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_usec":1470104412962283,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_src_last_pkt_time":1470104412962345,"flow_dst_last_pkt_time":1470104412556263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1470104412962345,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeYAAAERmPTAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":833,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104413679149,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104413679149,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104413679149,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"} +01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":833,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104413679149,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104413679149,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc","domainame":"kevin-pc","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}} +00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104383815221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104413815837,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} +00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104413817995,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbNAgEGABeXwM0AAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414296205,"flow_src_last_pkt_time":1470104414296205,"flow_dst_last_pkt_time":1470104414296205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1093,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1093,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104414296205,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414296205,"flow_dst_last_pkt_time":1470104414296205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"thread_ts_usec":1470104414296205,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="} +00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414296205,"flow_src_last_pkt_time":1470104414296205,"flow_dst_last_pkt_time":1470104414296205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1093,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1093,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104414296205,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414296334,"flow_dst_last_pkt_time":1470104414296334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414296334,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414296334,"flow_dst_last_pkt_time":1470104414296334,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104414296334,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"} +01475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414296891,"flow_dst_last_pkt_time":1470104414296205,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"thread_ts_usec":1470104414296891,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"} +01050{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":840,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104414296205,"flow_src_last_pkt_time":1470104414296891,"flow_dst_last_pkt_time":1470104414296205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":693,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1093,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1786,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104414296891,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414296334,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301526,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414296891,"flow_dst_last_pkt_time":1470104414301558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301558,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"} +00925{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":842,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296205,"flow_src_last_pkt_time":1470104414296891,"flow_dst_last_pkt_time":1470104414301558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":693,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1093,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1786,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104414301558,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414296891,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1470104414301578,"pkt":"ABxCjnAxTF4M6gNlCABFAAB5wvdAAFgGI54fDVckwKgFEAG70UwEnaIw\/FJxM4AYAQNa5QAAAQEICl\/vEucaD5lCFwMDAEDUAFWdFI6vKI3lWfiJsnqtDPHN1dSTIJS61LiuouCW4a1RtVfjlIDetpOkFbYtb3PaKj\/ddLgQEpMmdmbPawF9"} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414301595,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414301595,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414301849,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301849,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"} +00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104414302554,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} +01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414303590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414303590,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"} +01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1470104414395988,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} +01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1470104414402314,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="} +01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":859,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1470104414402314,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["203.69.81.73,ttl=5","203.69.81.66,ttl=5","61.220.62.218,ttl=5"]}}} +00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414404078,"flow_src_last_pkt_time":1470104414404078,"flow_dst_last_pkt_time":1470104414404078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414404078,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414404078,"flow_dst_last_pkt_time":1470104414404078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104414404078,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"} +00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414404981,"flow_src_last_pkt_time":1470104414404981,"flow_dst_last_pkt_time":1470104414404981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414404981,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414404981,"flow_dst_last_pkt_time":1470104414404981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104414404981,"pkt":"TF4M6gNlYMVHBbyMCABFAABAQJ1AAEAGF9TAqAUQy0VRSdF8AFD2CJDQAAAAALAC\/\/9IVAAAAgQFtAEDAwUBAQgKGg+ZrAAAAAAEAgAA"} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414404078,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1470104414407420,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xu\/8FK8qDEKz6AScSAwjAAAAgQFtAQCCAobhF1GGg+ZqwEDAwU="} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414407471,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414407471,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_src_last_pkt_time":1470104414404981,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1470104414407965,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414407997,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414407997,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"} +00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1470104414408704,"pkt":"TF4M6gNlYMVHBbyMCABFAAFAl1xAAEAGwBTAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AYEBWl1AAAAQEIChoPma8bhF1HR0VUIC9yL3RhbGsvbS80Njk3NzE2OTcxNTAwL3ByZXZpZXcgSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IGRsLW9icy5vZmZpY2lhbC5saW5lLm5hdmVyLmpwDQpVc2VyLUFnZW50OiBERVNLVE9QOk1BQzoxMC4xMC41LVlPU0VNSVRFKDQuNy4yKQ0KWC1MaW5lLUFwcGxpY2F0aW9uOiBERVNLVE9QTUFDCTQuNy4yCU1BQwkxMC4xMC41LVlPU0VNSVRFDQoNCg=="} +01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414404981,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414407965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414408704,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","http": {"url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}} +00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1470104414408737,"pkt":"TF4M6gNlYMVHBbyMCABFAAFATvVAAEAGCHzAqAUQy0VRSdF7AFCoMQrPv\/BSvYAYEBUpZwAAAQEIChoPma8bhF1GR0VUIC9yL3RhbGsvbS80Njk3NzE2OTU0Njg4L3ByZXZpZXcgSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IGRsLW9icy5vZmZpY2lhbC5saW5lLm5hdmVyLmpwDQpVc2VyLUFnZW50OiBERVNLVE9QOk1BQzoxMC4xMC41LVlPU0VNSVRFKDQuNy4yKQ0KWC1MaW5lLUFwcGxpY2F0aW9uOiBERVNLVE9QTUFDCTQuNy4yCU1BQwkxMC4xMC41LVlPU0VNSVRFDQoNCg=="} +01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":869,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414404078,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414407420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414408737,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","http": {"url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414408704,"flow_dst_last_pkt_time":1470104414414084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414414084,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0itRAADsG0qjLRVFJwKgFEABQ0Xzxz9ef9giR3YAQA6tBGgAAAQEIChuEXUsaD5mv"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414408737,"flow_dst_last_pkt_time":1470104414415614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414415614,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0D\/ZAADsGTYfLRVFJwKgFEABQ0Xu\/8FK9qDEL24AQA6vLtgAAAQEIChuEXUsaD5mv"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416855491,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104416855491,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1470104416855491,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104416855491,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2UAAAERi4vAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":901,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416855491,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104416855491,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855715,"flow_src_last_pkt_time":1470104416855715,"flow_dst_last_pkt_time":1470104416855715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104416855715,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1470104416855715,"flow_dst_last_pkt_time":1470104416855715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104416855715,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxAAAAERB\/nAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855715,"flow_src_last_pkt_time":1470104416855715,"flow_dst_last_pkt_time":1470104416855715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104416855715,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_src_last_pkt_time":1470104416958909,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104416958909,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2cAAAERi4nAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_src_last_pkt_time":1470104416959044,"flow_dst_last_pkt_time":1470104416855715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104416959044,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxIAAAERB\/fAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":911,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1470104418595853,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104418595853,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAseAoLBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgWtAAYABAAXABg="} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":912,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104419061215,"flow_src_last_pkt_time":1470104419061215,"flow_dst_last_pkt_time":1470104419061215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104419061215,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1470104419061215,"flow_dst_last_pkt_time":1470104419061215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1470104419061215,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="} +00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104419061215,"flow_src_last_pkt_time":1470104419061215,"flow_dst_last_pkt_time":1470104419061215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1470104419061215,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_src_last_pkt_time":1470104419061215,"flow_dst_last_pkt_time":1470104419061264,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104419061264,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"} +02106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_src_last_pkt_time":1470104419061215,"flow_dst_last_pkt_time":1470104419103565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"thread_ts_usec":1470104419103565,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_src_last_pkt_time":1470104419110763,"flow_dst_last_pkt_time":1470104419103565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104419110763,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0I1dAAFgGw6YfDVcBwKgFEAG70UpuASNDX6yqSoAQAKfgKwAAAQEICp0wiKcaD6v7"} +01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_src_last_pkt_time":1470104419316065,"flow_dst_last_pkt_time":1470104419103565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":471,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":471,"pkt_l4_len":437,"thread_ts_usec":1470104419316065,"pkt":"ABxCjnAxTF4M6gNlCABFAAHJI1hAAFgGwhAfDVcBwKgFEAG70UpuASNDX6yqSoAYAKdyTQAAAQEICp0wiWwaD6v7FwMDAZCSJDMY8n+9\/y5NSFpWG382ZISyvu5Pw\/VyzGkgoIpnDjDJ0Tp7b9z1Lf1wd0dk9QejIiYRuLG1jgK1FJky6eK8RXWrLd+VlP4CMTcrm1hbevqIGbKQQJG8o8tkchBga8hoK7qtI6W8UU+qLhcOcM4we2mLCn6n9VfNQkXmYOPpD1UWekba9oF24fxN94WLe7Cv0WJO0JzbpeyS5EdH6gflZX+I1Npk3nBGTDwufz33yBsCZiStULYvMhlEk029WEIhbPNi+2sek+DdQ3TMIj36OSsKYxwLqBTToGdU402nPXRhLgJchh2XynCL765nxsrDHuqOmodHGPkdj\/kKn8qdQceanIekicUXrja2nc+TkUe8\/oC+qUMzYuR3Um5yhzciL8RISTmA3crs\/fuVynqOp6fFZvM1tVJbmCDAMHmMr9KZaaZy\/xtYHvvZAiRLf+eqWuLil\/hOZFm3pZD9n0r1rqX5Ht+D0yJqeaDLr1x5QtX\/vnmMKAlt7aWyJqeN2aFoH4\/w65p6PdZAQoLFUXZM"} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":930,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420438972,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104420438972,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1470104420438972,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"thread_ts_usec":1470104420438972,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"} +00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":930,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420438972,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104420438972,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_src_last_pkt_time":1470104420540216,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"thread_ts_usec":1470104420540216,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104420541021,"flow_src_last_pkt_time":1470104420541021,"flow_dst_last_pkt_time":1470104420541021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104420541021,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_src_last_pkt_time":1470104420541021,"flow_dst_last_pkt_time":1470104420541021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1470104420541021,"pkt":"AQBeAAD8PKn0WgOECABFAAA1H\/gAAAER9C\/AqAPs4AAA\/OlSFOsAIfhUE7wAAAABAAAAAAAAB3NvbnVzYXYAAAEAAQ=="} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104420541021,"flow_src_last_pkt_time":1470104420541021,"flow_dst_last_pkt_time":1470104420541021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104420541021,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104420541205,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="} +00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104420950055,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1470104422079572,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_usec":1470104422079572,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRLwf\/D9rVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="} +00921{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104422690570,"pkt":"\/\/\/\/\/\/\/\/4MqUa5ZECABFEAFIAAAAAIAROZYAAAAA\/\/\/\/\/wBEAEMBNJruAQEGAD3Z62IAAAAAAAAAAAAAAAAAAAAAAAAAAODKlGuWRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBMgTAqAVDDBRzYW5qaS1MSUZFQk9PSy1MSDUzMTcRARwCAw8GdwwsLxp5Knn5\/Cr\/AAAAAAAAAAAA"} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":949,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423202821,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104423202821,"pkt":"MzMAAQAC9FyJieYHht1gD8\/5ACwRAf6AAAAAAAAA9lyJ\/\/6J5gf\/AgAAAAAAAAAAAAAAAQACAiICIwAsGIELuXYqAAEADgABAAEeo3uS9FyJieYHAAYABAAXABgACAAC\/\/8="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":949,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423202821,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423246688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423246688,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423246688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1470104423246688,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104423247634,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1470104423247712,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423247712,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} +00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104423248266,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} +01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423249191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423249191,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"} +01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen"}} +00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} +01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104403029956,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104412246763,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1729,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01141{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378657181,"flow_src_last_pkt_time":1470104408662780,"flow_dst_last_pkt_time":1470104378657181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00784{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104423102951,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01130{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373127416,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jason-pc"}} +00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104416751443,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104405998978,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ro_x1c"}} +00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} +00992{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com"}} +00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi"}} +01002{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104418393074,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com"}} +00994{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634231,"flow_src_last_pkt_time":1470104378045036,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ro_x1c"}} +02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":968,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104424311883,"flow_dst_last_pkt_time":1470104379310452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":723,"flow_dst_tot_l4_payload_len":22966,"midstream":0,"thread_ts_usec":1470104424311883,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19,"avg":1464012.6,"max":45001141,"stddev":7948794.0,"var":63183326806016.0,"ent":0.1,"data": [34,54477,54551,26,4891,45,65495,70,68,364,89,71,208,46,29,27,25,61484,19,69006,62,56,48,731,52,51,51,454,70696,24,45001141]},"pktlen": {"min":40,"avg":781.6,"max":1300,"stddev":593.2,"var":351838.7,"ent":4.4,"data": [52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0],"entropies": [4.578932762,4.578932762,5.032077789,4.884183884,4.884183884,5.794129372,5.794129372,4.434307098,5.652597904,7.484868050,7.818575859,7.782110691,7.797027111,7.823266506,7.845933437,7.821538448,7.845500469,7.838393688,4.834183693,4.834183693,7.836544514,7.832671165,7.837013721,7.831301689,7.829290867,7.832065582,7.849477768,7.838781357,7.842006683,4.884183884,4.884183884,4.829466343]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":985,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104424738880,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424738880,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104424738880,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} +00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":985,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104424738880,"flow_src_last_pkt_time":1470104424738880,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424738880,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sc.arrancar.org","domainame":"sc.arrancar.org"}} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_src_last_pkt_time":1470104425455832,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104425455832,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} +00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1470104425762971,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104425762971,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104425786054,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_src_last_pkt_time":1470104426276929,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104426276929,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6UAAIARUUHAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104426973073,"flow_src_last_pkt_time":1470104426973073,"flow_dst_last_pkt_time":1470104426973073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104426973073,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1470104426973073,"flow_dst_last_pkt_time":1470104426973073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1470104426973073,"pkt":"TF4M6gNlYMVHBbyMCABFwABMyLEAAEARvv3AqAUQEf0afQB7AHsAOHvnIwIG7AAAJiAAAPbJEf0afdtKfo89Puc520qBhKZDx2jbSoGEtCSHfttKgew\/d58s"} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104426973073,"flow_src_last_pkt_time":1470104426973073,"flow_dst_last_pkt_time":1470104426973073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104426973073,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104426992100,"flow_src_last_pkt_time":1470104426992100,"flow_dst_last_pkt_time":1470104426992100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104426992100,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1470104426992100,"flow_dst_last_pkt_time":1470104426992100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1470104426992100,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} +00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104426992100,"flow_src_last_pkt_time":1470104426992100,"flow_dst_last_pkt_time":1470104426992100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104426992100,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_src_last_pkt_time":1470104427094109,"flow_dst_last_pkt_time":1470104426992100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1470104427094109,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":996,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104427094934,"flow_src_last_pkt_time":1470104427094934,"flow_dst_last_pkt_time":1470104427094934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104427094934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1470104427094934,"flow_dst_last_pkt_time":1470104427094934,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104427094934,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fkcAAAERlKLAqAUp4AAA\/NkpFOsAIt1BROQAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="} +00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":996,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104427094934,"flow_src_last_pkt_time":1470104427094934,"flow_dst_last_pkt_time":1470104427094934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104427094934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1008,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104429964666,"flow_src_last_pkt_time":1470104429964666,"flow_dst_last_pkt_time":1470104429964666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104429964666,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_src_last_pkt_time":1470104429964666,"flow_dst_last_pkt_time":1470104429964666,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104429964666,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWEAAAER4XjAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1008,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104429964666,"flow_src_last_pkt_time":1470104429964666,"flow_dst_last_pkt_time":1470104429964666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104429964666,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430064732,"flow_src_last_pkt_time":1470104430064732,"flow_dst_last_pkt_time":1470104430064732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430064732,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_src_last_pkt_time":1470104430064732,"flow_dst_last_pkt_time":1470104430064732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_usec":1470104430064732,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD3zcU6wAl4fcCawAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} +00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430064732,"flow_src_last_pkt_time":1470104430064732,"flow_dst_last_pkt_time":1470104430064732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430064732,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430065680,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430065680,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_src_last_pkt_time":1470104430065680,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104430065680,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8AAAAERxx3AqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430065680,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430065680,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_src_last_pkt_time":1470104430065682,"flow_dst_last_pkt_time":1470104429964666,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104430065682,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWMAAAER4XbAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_src_last_pkt_time":1470104430476697,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104430476697,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8EAAAERxxzAqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104430884669,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430884669,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1470104430884669,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_usec":1470104430884669,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} +00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104430884669,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430884669,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884671,"flow_src_last_pkt_time":1470104430884671,"flow_dst_last_pkt_time":1470104430884671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430884671,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1470104430884671,"flow_dst_last_pkt_time":1470104430884671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1470104430884671,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8UAAAERxxjAqAUy4AAA\/MJmFOsAJdEfqUgAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884671,"flow_src_last_pkt_time":1470104430884671,"flow_dst_last_pkt_time":1470104430884671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104430884671,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_src_last_pkt_time":1470104431294729,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_usec":1470104431294729,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1021,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432318351,"flow_src_last_pkt_time":1470104432318351,"flow_dst_last_pkt_time":1470104432318351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104432318351,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":1470104432318351,"flow_dst_last_pkt_time":1470104432318351,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104432318351,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OyoAAAER17zAqAUs4AAA\/Oa2FOsAIkMsz20AAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1021,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432318351,"flow_src_last_pkt_time":1470104432318351,"flow_dst_last_pkt_time":1470104432318351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104432318351,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1023,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432630916,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104432630916,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":1470104432630916,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1470104432630916,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} +00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1023,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432630916,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104432630916,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432630917,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104432630917,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":1470104432630917,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104432630917,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDQAAAER8\/HAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432630917,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104432630917,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1470104432728657,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104432728660,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDUAAAER8\/DAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1470104433029958,"flow_dst_last_pkt_time":1470104388037933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104433029958,"pkt":"TF4M6gNlABxCjnAxCABFAAApUr5AAIAG8sXAqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1470104433030090,"flow_dst_last_pkt_time":1470104388037933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1470104433030090,"pkt":"TF4M6gNlABxCjnAxCABFAAApUr5AAIAG8sXAqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1470104433649184,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104433649184,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} +00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com"}} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104432114662,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104432114660,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01131{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} +00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com"}} +00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935187,"flow_src_last_pkt_time":1470104382036037,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} +00781{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} +00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air"}} +01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01003{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01142{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1654385119050609} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01493{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1654385119358297,"pkt":"nLbQ0+MztKXvZygQCABFAADxLm1AADYGSK+saF1cwKgCfgTS7iKfF2Naesk4goAYAfnUtgAAAQEICryhqPBm1jWvSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IFMxR1lPY3ZzV3BRa0lpb3FkaEFpMENndkJhdz0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1035,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119973654,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119973654,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOd7pAAEAG9ATAqAJ+rGhdXO4sBNI37f0u8ShzhYAYAfbPKwAAAQEICmbWOUq8oasmR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE4IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBhVXMza2VlelV1aUhuMFlucmFuaTl3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01493{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1035,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385119973654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119973654,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385118","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1654385120216027,"pkt":"nLbQ0+MztKXvZygQCABFAADxBX1AADYGcZ+saF1cwKgCfgTS7izxKHOFN+3\/SIAYAflO7QAAAQEICryhrIhm1jlKSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IEtVa3drYTlicGVRVFVqNFdjZnNKekJpSXRUST0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1037,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385120896744,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385120896744,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOiDpAAEAG44TAqAJ+rGhdXO44BNLYsfEUYaCrMIAYAfbPKwAAAQEICmbWPOa8oa7yR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE5IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBYdjJmVTdzaEsrRDdBNVAvMW5FQ3p3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01493{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1037,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385120896744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385120896744,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385119","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_usec":1654385121164319,"pkt":"nLbQ0+MztKXvZygQCABFAADxUyNAADUGJPmsaF1cwKgCfgTS7jhhoKsw2LHzLoAYAfl7JgAAAQEICryhsD9m1jzmSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IC9xNHA4dFI0THBxMFc5OUR5YXRzaEViNXM0UT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127244156,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_usec":1654385127244156,"pkt":"tKXvZygQnLbQ0+MzCABFAADRE9lAAEAGtJXAqAJ+oXUNHbh+AFDtitlbh1f3JIAYAfZyfAAAAQEICrrF4XWXEOLhR0VUIC9hcGkuZG9tYWluLmNvbmYgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBrYW5rYW4uMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127244156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127244156,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.mobi","domainame":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1040,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1654385127293052,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1040,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com","domainame":"cgi.connect.qq.com","http": {"url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}}} +00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_usec":1654385127425884,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","domainame":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}} +01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_usec":1654385127488169,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1654385128878259,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01477{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/homePageVideoCollections\/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1044,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":937,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":937,"pkt_l4_len":903,"thread_ts_usec":1654385128878298,"pkt":"tKXvZygQnLbQ0+MzCABFAAObJTNAAEAGoHHAqAJ+oXUNHbieAFDTi3nFmPV9m4AYAfZ1RgAAAQEICrrF59eXEOkZR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvbWVzc2FnZXM\/bWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01467{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1044,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385128878298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com","domainame":"kankan.1kxun.com","http": {"url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414402314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884671,"flow_src_last_pkt_time":1470104430884671,"flow_dst_last_pkt_time":1470104430884671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401187549,"flow_src_last_pkt_time":1470104401187549,"flow_dst_last_pkt_time":1470104401187549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +01254{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104382084909,"flow_dst_last_pkt_time":1470104381881083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":3612,"flow_dst_tot_l4_payload_len":6271,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152"}} +01254{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":3,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380928909,"flow_dst_last_pkt_time":1470104380732533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104433238541,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254588,"flow_src_last_pkt_time":1470104391362039,"flow_dst_last_pkt_time":1470104391254588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"isatap"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1470104382242882,"flow_src_last_pkt_time":1470104432114662,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104432114660,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1470104419061215,"flow_src_last_pkt_time":1470104419317161,"flow_dst_last_pkt_time":1470104419317184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":1157,"flow_src_tot_l4_payload_len":676,"flow_dst_tot_l4_payload_len":1157,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1470104414296205,"flow_src_last_pkt_time":1470104414478143,"flow_dst_last_pkt_time":1470104414478069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1093,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":1786,"flow_dst_tot_l4_payload_len":1967,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104430168012,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1862,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00871{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104431294729,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +00880{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072989,"flow_src_last_pkt_time":1470104422079572,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072989,"flow_src_last_pkt_time":1470104422079572,"flow_dst_last_pkt_time":1470104392072989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00885{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378657181,"flow_src_last_pkt_time":1470104408662780,"flow_dst_last_pkt_time":1470104378657181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378657181,"flow_src_last_pkt_time":1470104408662780,"flow_dst_last_pkt_time":1470104378657181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":658,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717280,"flow_src_last_pkt_time":1470104407128422,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ro_x1c"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104396889494,"flow_src_last_pkt_time":1470104396987104,"flow_dst_last_pkt_time":1470104396889494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104411327542,"flow_src_last_pkt_time":1470104411735820,"flow_dst_last_pkt_time":1470104411327542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} +00871{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072031,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392072031,"flow_src_last_pkt_time":1470104392072031,"flow_dst_last_pkt_time":1470104392072031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00868{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104395656981,"flow_src_last_pkt_time":1470104425762971,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104395656981,"flow_src_last_pkt_time":1470104425762971,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00870{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104427094934,"flow_src_last_pkt_time":1470104427094934,"flow_dst_last_pkt_time":1470104427094934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc"}} +01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104423102951,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586427,"flow_src_last_pkt_time":1470104409685499,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"isatap"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420540216,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sonusav"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430476697,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935187,"flow_src_last_pkt_time":1470104382036037,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104403134617,"flow_src_last_pkt_time":1470104403234152,"flow_dst_last_pkt_time":1470104403134617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jason-pc"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104391254477,"flow_src_last_pkt_time":1470104391361874,"flow_dst_last_pkt_time":1470104391254477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"isatap"}} +01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104422868933,"flow_dst_last_pkt_time":1470104422913733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1218,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":1218,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi"}} +01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379989707,"flow_dst_last_pkt_time":1470104379989529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":1993,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi"}} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380338807,"flow_dst_last_pkt_time":1470104380144205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":32291,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi"}} +00918{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00772{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01320{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104402190332,"flow_dst_last_pkt_time":1470104402191910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1305,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01320{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104408998487,"flow_dst_last_pkt_time":1470104408999421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1301,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104423189606,"flow_dst_last_pkt_time":1470104423193401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":997,"flow_dst_max_l4_payload_len":585,"flow_src_tot_l4_payload_len":1289,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01321{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104429322474,"flow_dst_last_pkt_time":1470104429322445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1013,"flow_dst_max_l4_payload_len":1001,"flow_src_tot_l4_payload_len":1301,"flow_dst_tot_l4_payload_len":1215,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104432318351,"flow_src_last_pkt_time":1470104432318351,"flow_dst_last_pkt_time":1470104432318351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jason-pc"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":27,"flow_first_seen":1470104379117273,"flow_src_last_pkt_time":1470104424308938,"flow_dst_last_pkt_time":1470104424357329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":724,"flow_dst_tot_l4_payload_len":28091,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":51,"flow_first_seen":1470104379117772,"flow_src_last_pkt_time":1470104424428916,"flow_dst_last_pkt_time":1470104424488346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":726,"flow_dst_tot_l4_payload_len":58923,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":43,"flow_first_seen":1470104379118171,"flow_src_last_pkt_time":1470104424368937,"flow_dst_last_pkt_time":1470104424418250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":46885,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":41,"flow_first_seen":1470104379118544,"flow_src_last_pkt_time":1470104424391934,"flow_dst_last_pkt_time":1470104424446338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1442,"flow_dst_tot_l4_payload_len":43959,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":22,"flow_first_seen":1470104379118972,"flow_src_last_pkt_time":1470104424311917,"flow_dst_last_pkt_time":1470104424360835,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":361,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":724,"flow_dst_tot_l4_payload_len":22966,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":38,"flow_first_seen":1470104379119336,"flow_src_last_pkt_time":1470104424378962,"flow_dst_last_pkt_time":1470104424435528,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":40931,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104426973073,"flow_src_last_pkt_time":1470104426973073,"flow_dst_last_pkt_time":1470104426973073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373127416,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"jason-pc"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104420541021,"flow_src_last_pkt_time":1470104420541021,"flow_dst_last_pkt_time":1470104420541021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sonusav"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104400059395,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kasper-mac"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104413679149,"flow_src_last_pkt_time":1470104413679149,"flow_dst_last_pkt_time":1470104413679149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104397091815,"flow_src_last_pkt_time":1470104397091815,"flow_dst_last_pkt_time":1470104397091815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1470104373741279,"flow_src_last_pkt_time":1470104416751443,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104433033498,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430064732,"flow_src_last_pkt_time":1470104430064732,"flow_dst_last_pkt_time":1470104430064732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +00918{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1470104388033892,"flow_src_last_pkt_time":1470104433030090,"flow_dst_last_pkt_time":1470104433040844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1470104388033892,"flow_src_last_pkt_time":1470104433030090,"flow_dst_last_pkt_time":1470104433040844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ro_x1c"}} +00865{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104398932814,"flow_src_last_pkt_time":1470104433649184,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104398932814,"flow_src_last_pkt_time":1470104433649184,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624153,"flow_src_last_pkt_time":1470104402724804,"flow_dst_last_pkt_time":1470104402624153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959775,"flow_src_last_pkt_time":1470104400366719,"flow_dst_last_pkt_time":1470104399959775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855715,"flow_src_last_pkt_time":1470104416959044,"flow_dst_last_pkt_time":1470104416855715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416958909,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104424049934,"flow_dst_last_pkt_time":1470104424115083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":734,"flow_src_tot_l4_payload_len":842,"flow_dst_tot_l4_payload_len":734,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104408559145,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":7,"flow_first_seen":1470104380773662,"flow_src_last_pkt_time":1470104381859836,"flow_dst_last_pkt_time":1470104381666981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":2530,"flow_dst_tot_l4_payload_len":1004,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"vv.video.qq.com"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104429964666,"flow_src_last_pkt_time":1470104430065682,"flow_dst_last_pkt_time":1470104429964666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"usher-pc"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610238,"flow_src_last_pkt_time":1470104393610238,"flow_dst_last_pkt_time":1470104393610238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"gfile"}} +00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104412556263,"flow_src_last_pkt_time":1470104412962345,"flow_dst_last_pkt_time":1470104412556263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104392380243,"flow_src_last_pkt_time":1470104392380243,"flow_dst_last_pkt_time":1470104392380243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104400059244,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"usher-pc"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1470104414404078,"flow_src_last_pkt_time":1470104414420005,"flow_dst_last_pkt_time":1470104414419989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":8286,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1470104414404981,"flow_src_last_pkt_time":1470104414419954,"flow_dst_last_pkt_time":1470104414419934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":7946,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Line","proto_id":"7.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"dl-obs.official.line.naver.jp"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399959547,"flow_src_last_pkt_time":1470104399959547,"flow_dst_last_pkt_time":1470104399959547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} +00866{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104396888586,"flow_src_last_pkt_time":1470104396987090,"flow_dst_last_pkt_time":1470104396888586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162411,"flow_src_last_pkt_time":1470104408559306,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7929,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"[ff02::c]:1900"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air"}} +01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104412556037,"flow_src_last_pkt_time":1470104412962283,"flow_dst_last_pkt_time":1470104412556037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104424738880,"flow_src_last_pkt_time":1470104426276929,"flow_dst_last_pkt_time":1470104424738880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"sc.arrancar.org"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104394635803,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104422179603,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":650,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00965{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104426992100,"flow_src_last_pkt_time":1470104427094109,"flow_dst_last_pkt_time":1470104426992100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"kevin-pc"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104407128408,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ro_x1c"}} +01087{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00770{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104375419022,"flow_src_last_pkt_time":1470104398314933,"flow_dst_last_pkt_time":1470104375419022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104389597943,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104389597943,"flow_src_last_pkt_time":1470104425786054,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104422398955,"flow_dst_last_pkt_time":1470104422398902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":648,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00930{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402724346,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} +01239{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145"}} +01244{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144"}} +01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1470104397807877,"flow_src_last_pkt_time":1470104414604155,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104404055376,"flow_src_last_pkt_time":1470104418595853,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377734137,"flow_src_last_pkt_time":1470104377734181,"flow_dst_last_pkt_time":1470104377753112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"jp.kankan.1kxun.mobi"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232452,"flow_src_last_pkt_time":1470104432419532,"flow_dst_last_pkt_time":1470104373232452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1729,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586167,"flow_src_last_pkt_time":1470104409685484,"flow_dst_last_pkt_time":1470104409586167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"isatap"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"kankan.1kxun.com"}} +01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634231,"flow_src_last_pkt_time":1470104378045036,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ro_x1c"}} +00866{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401904977,"flow_src_last_pkt_time":1470104401904977,"flow_dst_last_pkt_time":1470104401904977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401904977,"flow_src_last_pkt_time":1470104401904977,"flow_dst_last_pkt_time":1470104401904977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":883,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":883,"pkt_l4_len":849,"thread_ts_usec":1654385129190022,"pkt":"nLbQ0+MztKXvZygQCABFAANllGFAADQGPXmhdQ0dwKgCfgBQuJ6Y9X2b04t9LIAYAPA7ygAAAQEICpcQ6fy6xefXSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpDb250ZW50LUxlbmd0aDogMTkxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMb2NhdGlvbjogaHR0cDovL21lc3NhZ2VzLjFreHVuLm1vYmkvYXBpL21lc3NhZ2VzL2xpc3RGb3JZaW5nc2hpP2NsaWVudC11aWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5Jm1pbl9pZD0wJmFjY2Vzc190b2tlbj0mX2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT4zMDEgTW92ZWQgUGVybWFuZW50bHk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjMwMSBNb3ZlZCBQZXJtYW5lbnRseTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5vcGVucmVzdHkvMS4xMy42LjE8L2NlbnRlcj4NCjwvYm9keT4NCjwvaHRtbD4NCg=="} +04257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385129190409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2812,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2812,"pkt_l4_len":2778,"thread_ts_usec":1654385129190409,"pkt":"nLbQ0+MztKXvZygQCABFAAruNTxAADQGlRWhdQ0dwKgCfgBQuI4gYNzH2G8CK4AYAPB8mQAAAQEICpcQ6mm6xefXSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PXV0Zi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjljNg0KH4sIAAAAAAAAA+WcXWskWRnHv0sucjWVnOc57wNBBFH2bu7N0JzXTDtJOqQ74y7LgDciKAgquyBeeCfCgrh3guvHmXX9Fv4rdnUCybBT6ToIUzCEdDKdf5+qXz3neT2fH6w3YXOzPnh+sL5JqazXB88ONsuLgh9fXB08J6OVdJrYPzvIYRMOnv\/084Nlxi+eHVyGi4L3ffvbv3735V\/wtqvVelOu8aeG\/yKeHSzXi4D\/XcP5uuDVRTgri6uweYX3vdpsrp6fHp8eXy3TEb3+9ObyKK0uTo\/fLHNZLV6HS\/w7Pb59y\/r0+Lqcl7Au+I49nR5rL2QXWHAIKpoiZWDJKmpvDRGzcMpaOvrZ1Rk+13XZLC\/D4v8jvrwKeWppMiEI8ilFp4TTOrKw1gjnrDdkndmuO50v0+vFzfU5Lvb1zeXuem8v5VFcnvW39P61T\/cu7w8OF8vLRbi6OvnfvThc3ORlPikmxyxF7CTUO6Wi6rzV1BlJpFyQJRd\/uHhzwkfuiI\/oELc7vcZtP8HNPVqncll+Hj47Gv7kxSqX85N1fr04u3q1uiyLT505XKzenBDeGa\/DZT75yWp1dl4OF\/j+erXExcwn0Rd2WLLUKrP2+OVZwI91SCaIWjuXyXXKxtQFL7hjR5yqSKypHG5Odky7nvVrfLzF5rMroExvn23h1qYRuuL0GB+bOwFgiwvs8HwZxaIkQ7m4qCzWYKpugu5I8SnR3UkrbVKsjq3VNjuncRWSsdlQLeyz3BPdrcyM0VW6DbnOw+iSVR3l7IurMgBfp4XwFCmbYAVTAc2pBbljxSckdyftTNYSa\/TeWoEnNVjy0ojINeT+1X7kDjIzJpcEfIwG\/gIRrEJnqIfTKqtM4lh9imQrvlDBS1jkBtiOEn6ILDan+zv4B27ft6IknRBzROnlsINj\/966p\/\/54z\/e\/fpXj7inLFr5p+b0WFlBXSGVhXKUXI2wloqt1yFGuGkpB84tmGM\/UvwhdzvQRvvlg7QMVHUMmfDM+aQUQoj+6dOqKCOUUvuZymGFHz\/f\/n3+qbNNLCV7bPIgV3VaELznnEJKglOSoSonZcpUsuXgagNrOVp8SnKHdVchVBBS2KCrd5KTyMJh3SWT0DIPbvl9uzwmstrKzJncVoGVuyVXdrhfNXOMOinY2upzciVKn4VU3qnUxuaOFJ+S3EHaah10ccXaKr0UQiL\/YaV12HZ0SWF4Yp9K7lZmzuS6RjZX35IrOhaZTZIccyUVkddxqoSQk0JYVZIKTWzuSPEpyR2kvRMxJa6pwj2w2iM9g4xjikkJhFe0r7ewlZkzudyIXHtLLnfZKgqOmWqNiK8QXLlAJgebKnIC3CYPO1J8SnIHaR9sjBmuEhlKwnukQLXOpFKfDxA07DVPtblbmTmSu4vjSN4Fcn\/+w+OBHNk2ToUUt7seyU5lVbSKpXBkDZNUkedGnjaTtARPcXALpyw0jBafDvA76QRbLIRR2URVWcsiatEmC+0KB2H9XoHcTmaOgG8LDb4VubehOInOcVLMRlXZx3MmpeSMo1itTSpF04bckeJTkjtIB5uly4hdLb5jV+BQ2KicqLGyCn7Ykp5mmqXYysyZ3DYpCITevVNBSJ5FFBJJWVM0\/EASyhZlHWIaYcGzKw3c4dHiU5I7rNvYSCIwV8lGiByV1CZEKkpaVZBB3NPmbmXmSO7OqYA\/PCSH\/\/TPd\/\/6+pHkMBk4Hg2KEVIy+HZedZH6xEQmhHs+CoEami5VoJ0hoapWaKgnTepTjBWfkO+dNMskVF81833ngsqOnUBumFDHj8WGuB\/fg8wc+d76FA6tOU3IRdsNyEWKzUvFQYpiQkLMpxKKaUJTRZMFRfDbwjLLkeJTkjtIhwCzHBDb1pJ1qOi1KeQsHCqKtlIadqQn+hTDCmdMrm3TuyAlCsAgl7qAKhQ49UEoklGQYrxGkgIFfckiDI1T09rckeJTkjtIV1ctkmpJo9PIuEQiG4tHFYFd8VkZt6fN3crMkdw7nwLF5KEh8puv\/v3FV486FY0qzgp3oJPwKjxSb2xICYocjGarUYqNpRqnWoR6PEb4Idi4RPeN5a7w\/D0Nir0owSvmOQK361BsVI4wqFF2kbNURGBHBOvJes8AyGr0mMJoWNFgh+cxwpOh1IuiWYbsnFEybRxGtr1Vcja6gIyhYC7BRYFSgTAeyVMuse8rb4HSGOGHKO3M0Af1v7xaXZQXaG\/+ZFMu1j9eXb\/ou5gBlaHukxc\/\/FHnInxFL7LUVqCnQEcn0E1gScmCH5XHtt7dB\/geO9gvk6SRas7w6jZNg2zh9XdwEgO2T8HIQVlGhBqwqwZjbCi+km5Skh0j\/BDeJ26pvShmPFjPEaWdD0dgaUgMffn1d3\/7xWM+nG6UGDIKwAUk+BKaBqOrTFKwR9NRyDZZGAt0Yw1p60kDlDHCUwEne1Ficn6OwA0+nGuFEnoeULeTyDEilRxLVD57YauXmuHs1KwULBkK9Q02X2lGik+H1FZ4zkRp1Sb3Z1DwwuOKFAqaQRNcmegBGJrpk65SYv5MUULLjrQttkQ5Wn06poZ1zxGq3b6IUt92W3z3my++\/ebR1IZok7tT3D\/V1mCIz5OUqmCEQ7IUMjMabZDKwxevK5mhbjDl1jha\/CF3O1\/+g4KJuyHXO+kQTES8hCfNx5or2jAQQChMWVqHSpEfAqj7iZQPb0neyXz8fL9\/2FO0acLAuMcturIrSnj0CsWig0PaOWDSMaGbCH3mcO3QRdRgGx4tPiW6w7o1C0zdpoxuIU7FGFcVWczAlISqNschI\/lUdLcyc0aX2ySUURe5Rdd2psaIYi1hnqxmJGzQoqtDCV5plBHyzvpMa3VHik+J7iCNwY8UseMYjCcn5NMxZh5SyTWghYoxtrx9ZJ+K7lZmzuiqNllHxWjahMOgu4SjAHAoBOIeRVribAj0z9RK8Fd1tlHkJlZ3pPiU6A7S2XqXhNUYBUTBr2YhHDwkHTX5mLDn7InuVmaO6O4cYr7rIHr399+9++XvH0kUsWpToZG6nyLzznTwHVDmY19Q1U0BhW30JODe4wCUhG4aNXiGU9rm0eLTAX4njYFadN33z3HJ8P6VZrQkw1y7EByFPd2KnczHD\/h7x0vJN2rulLfoYjIaOU6HOVNM5MGxwN6KUxUURtdQGUJ7stMtbLMcKz4hunfSyWj0Csn+zAFPWLFChtdK+Fg4VQOnaOxlm3crnDG6rNsMO0kpb3uIcKxQKDjrBFW3IkvyyHiZWjN2W0xfBoUzmRq4FaPFp0R3WLfxxohqskQ1QpBkbyUOm6o4CgbRHKZO90R3KzNHdF++ffn2v6mfUJ+ITQAADQowDQoNCg=="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129449830,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":982,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":982,"pkt_l4_len":948,"thread_ts_usec":1654385129449830,"pkt":"tKXvZygQnLbQ0+MzCABFAAPIWPdAAEAGbIDAqAJ+oXUNHbioAFBarhYgKPds64AYAfZ1cwAAAQEICrrF6hOXEOt4R0VUIC9hcGkvbWVzc2FnZXMvbGlzdEZvcllpbmdzaGk\/Y2xpZW50LXVpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmbWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDogbWVzc2FnZXMuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01517{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129449830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129449830,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi","domainame":"messages.1kxun.mobi","http": {"url":"messages.1kxun.mobi\/api\/messages\/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":151,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":151,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508270,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1654385129508270,"pkt":"tKXvZygQnLbQ0+MzCABFAADLA6ZAAEAGrXvAqAJ+dy1OuJeyAFCIwHUyTW4UsYAYAfaJyQAAAQEIChuIhYJcXfQQUE9TVCAvbXN0YXQvcmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtRW5jb2Rpbmc6IHJjNCxnemlwDQpDb250ZW50LUxlbmd0aDogMzcyDQpIb3N0OiBwaW5nbWEucXEuY29tOjgwDQoNCg=="} +01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508270,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":151,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":151,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508270,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","domainame":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}}} +01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":438,"pkt_l4_len":404,"thread_ts_usec":1654385129508322,"pkt":"tKXvZygQnLbQ0+MzCABFAAGoA6dAAEAGrJ3AqAJ+dy1OuJeyAFCIwHXJTW4UsYAYAfaKpgAAAQEIChuIhYJcXfQQvRp0nw2ppXcC6yOw46wWgZzMy5FDJc4R5x6BDvjQ0wxoIXOGGYQ9NS8mc0GI8mV5B6RUdKOLLdyHMcd5TKKRXV6aUAhvfafdmP9+u1yyjoRBy\/Z4bsFO7z02iRFLaH+SssfPgku6BHrhNyeN5ALqOtKCwJWbgUqSjfxmV66Ayi6ArLH8ZRPEtkaOldzuHxhCZGsPLMj5lrpyCpBI\/hUytCRoVcL0dV\/QMO9SGuGNRi\/Ajkx3OZ7jw+iay1fvfajHKHxaFFiqQlP4ANAhjlwtkM1OWi\/Lk793\/2aCcJrjC4nFMTygSlSKmAIRkl+GU\/C069CZkcxT7jNFgtHFhmyXeOpqOHfhmo5N6mRINDfZIpwZkvTBUx608nxLnt\/BZ2XZomwSj9Suk4o\/lo2Z3vv3fPwkT6XztXus\/ExbD+p\/KI22uH8Uy5Ts4RpU6bqEMdXSPj2ssPfM+MX2Gy9aMgXGqKVNStu3vu3sFQ4t38e4RiEZp59c"} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1049,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129508270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385129508322,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","domainame":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}}} +00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1654385129804228,"pkt":"nLbQ0+MztKXvZygQCABFAAE9gOBAADQGUyKhdQ0dwKgCfgBQuKgo92zrWq4ZtIAYAPE2OQAAAQEICpcQ7Dm6xeoTSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC83LjEuMTcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KMWQNCh+LCAAAAAAAAAOzKcrPL7Gz0QdTANPi2TQNAAAADQowDQoNCg=="} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1654385129813867,"pkt":"nLbQ0+MztKXvZygQCABFAACc4O9AACsG5WB3LU64wKgCfgBQl7JNbhSxiMB3PYAYACHQkAAAAQEIClxd9FwbiIWCSFRUUC8xLjAgNDA0IE5vdCBGb3VuZA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDM0DQoNCnsicmV0IjotMSwgIm1zZyI6ImludmFsaWQgYXBwa2V5In0="} +01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1051,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385129813867,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com","domainame":"pingma.qq.com","http": {"url":"pingma.qq.com:80\/mstat\/report","code":404,"content_type":"","user_agent":""}}} +01691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385129190409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_usec":1654385129990203,"pkt":"tKXvZygQnLbQ0+MzCABFAAOQVoNAAEAGbyzAqAJ+oXUNHbiOAFDYbwIrIGDngYAYAfV1OwAAAQEICrrF7C+XEOppR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvdmlkZW9zL2NoYW5uZWxzLmpzb24\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNCkhvc3Q6IGthbmthbi4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +01207{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":4,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"thread_ts_usec":1654385130178547,"pkt":"nLbQ0+MztKXvZygQCABFAAIkNT9AADQGndyhdQ0dwKgCfgBQuI4gYOeB2G8Fh4AYAP4m8AAAAQEICpcQ7lu6xewvSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PXV0Zi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCmZkDQofiwgAAAAAAAADq1YqLkksKS1WslIqLk1OTi0uVtJRKsnMTQUK5xYoWRmamZoYW5gaGhvoKKUkliQqWUVXK5VUFqQCNeTml2WmApXnJeaCuC9n7366d6NSrQ5cQUkZiuyLZdOedrUjKyhLLMpMLalEqHq+bc6L6XORlSQnFpXk5+chlDztnvpsz2pkJWWZBQjpMM+Apxs6nvY2IKsoSk1MQSh5OW3ji3Uo8rmJeSlAp+RhWPaifz2aZcUF+UUlSGatnvKiaROyXemg0EAESmPXsw4U+dzS4sxkJAXzNz9b0YRsQElqcgZC\/vnyic+mzlSqja0FACg+AbarAQAADQowDQoNCg=="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1054,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385131029337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1654385131029337,"pkt":"tKXvZygQnLbQ0+MzCABFAAD+y9xAAEAGhTvAqAJ+rGl5Uur0AFBJWQVPCSiD6YAYAfbp0gAAAQEICvK1BpnJoboZR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL2ljb25zLzUtMzI4ZTNjZGYyNDRjMDAzZGYwODc1NGNjYTA1ZmJjMmYucG5nIEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1054,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131029337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385131029337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/icons\/5-328e3cdf244c003df08754cca05fbc2f.png","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131335392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_usec":1654385131335392,"pkt":"nLbQ0+MztKXvZygQCABFAAFyOPxAADYGIaisaXlSwKgCfgBQ6vQJKIPpSVkGGYAYAOt1NwAAAQEICsmhuxLytQaZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMSBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNjIzMg0KTGFzdC1Nb2RpZmllZDogRnJpLCAyMiBKdW4gMjAxOCAwMjoxNzo1NSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1YjJjNWM1My0xODU4Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozMSBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +08973{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_src_last_pkt_time":1654385131029337,"flow_dst_last_pkt_time":1654385131340240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":6298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":6298,"pkt_l4_len":6264,"thread_ts_usec":1654385131340240,"pkt":"nLbQ0+MztKXvZygQCABFABiMOP1AADYGCo2saXlSwKgCfgBQ6vQJKIUnSVkGGYAYAOsBYQAAAQEICsmhuxLytQaZiVBORw0KGgoAAAANSUhEUgAAADAAAAAsCAYAAAAjFjtnAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5\/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP\/wBr28AAgBw1S4kEsfh\/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi\/mvwbyI+IfHf\/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3\/ldM9sJoFoK0Hr5i3k4\/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W\/gi372\/EAe\/tt68ABxmkCZrcCjg\/1xYW52rlKO58sEQjFu9+cj\/seFf\/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W\/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv\/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT\/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC\/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl\/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y\/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j\/i\/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM\/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c\/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m\/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl\/VfPV5bdra3kq3yu3rSOuk626s91m\/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r\/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q\/5n7duEd3T8Wej3ulewf2Re\/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq\/dawto22gPaG97+iMo50dXh1Hvrf\/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1\/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w\/eFIr1tv62X3y+1XPK509E3rO9Hv03\/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r\/y+2v3qB\/oP6n+0\/rFlwG3g+GDAYM\/DWQ\/vDgmHnv6U\/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59\/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm\/K3O233vuO+638e9H5ko\/ED+UPPR+mPHp9BP9z7nfP78L\/eE8\/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAA2FSURBVHja7FprzGXlVX7Wet99O7fvfps7M8wwlwBTBpRSW6AFLGJqULS1P7SNaPnR2B81aVAiNTZKlEZJq1RiUjWVtKAI0Yy2dUBKKQMMQxkGyqXDzMcw3\/1+Lvvsvd93LX+c7\/vmwoCgaEPkTc7Jzs7Ze6\/nXWs961lrH1JVvJsX412+3vUAbOuxzwEACIK0qKBZdIHUG2ZHxCyptKWY\/ic0sQaZ6UZZxxFRHWlpI8arH8OWcg6a\/jGKNqG31oNRHkRN59GQABvcLMQthyh1vomgPkyAQJEHMUZpHWL3LPpP3AcjGZo8iAIVRFhCLb4UQVhBV7UgBXYCGAXQONMDZvkDVVp+GFkVFjUq81EXZOX821zKDCYCswIgEJRV3k54CKBC4hVQKAA9WwjFAGJVQmRTGPJQNZlqKsopWlyDwERCgfUIWchaJRMIBabhLdSWAI5ApCAwoAQoQKpYSroxlU9gznZBySGF8fMeIBgoJ1BO0JIQjmJSNpESxwIbCKwVcDBVG+FWMKwLWZcCeN6wNA08Tv1YgjYBgBjwzgNoQ9UB1IZL3XBfe++tFZncWfJL3nPsQtQjqHeJ1qVqilZlws+m9faBuvnAw62iecTHfW0SAhGQw6LhmkgYaNafwtzADQiaU9Bs6uogfe4KA+46L6gOUzZWLuev9bI6G6HezqnSJOScNb632KT3\/x2S2gNNcVAFmq4EMuZkDuQSgqDIKcZS2yKOFQttYH5iDlUa\/9Rm+u5NCmCuqM4x2SJX4Z5gcWCukS9h8eFWk\/KgO8w+XZEDraxZ\/qHt+dW782TTX4MkIyiYGASCIIRtjV\/Z1fznm5P24avC2NFiCxAXT2amxy3xsFchJaMyIMfPqcYZpDGOpvvRRa3q578\/i+FZuBwzWRcoSlajyTZ8FaSKOveAtA7RAn2D3egOl2COPf0zBRGy+NKvz\/RecuuxsR\/na6tDQVfcvuiR+YHD7EfrXWGpx9vej27XB39tAMcu2TzzZ5cthruvr\/de98caDe1TslCVrWX\/0hd6pvfdUCoVXUex6Znniqvv7qmELy7MH3nskcnN3oXrBWEMT+xvKt+xo6lDu8vuhTsMWoPTsran2nhktmwBYy4GkQeW65clqCVSYYiAGaKWLWk\/9W6rhseLixaapdaJ5Prb1pVnjx+nDBWjoGTHa8HSPLhIwdQ1vcDbXjo2vPvug9Nj5+1auvf3t4Q\/vKY2+dzu6fwXv2yInhycuesvExnd2kYsx3HVV5vrdnzl+Rf6X7pobYiQXkRPaDHfXgB8BM3qmOq79vHJ+LITFy7+9u3eeEr8aPeaxbuw0Ptpqxw50uJkCJHAkwcQWECaW9qTj9\/cf2L\/DaJkWVtlUGnBD3+QK1vOx87BCWD0b6HSXHYhAVAkNoPlYKYWxzOLa2\/6rSfr37vxp4N7bhmY\/dYf9VFUhDYLnI\/T0ZHP\/2Yt6P17YBJJWIAV8KcwSi4e29cMwXZvAaEoUdMUkc51r5n40r0qbqJYOHQ46N3+jSJa8zCkA8LCacCGJXXkbP3ZW0bcvk810sq8M0m7xzbKZBhNAjWcB8dDKA9cDEw8uErsp67CC0bi+qjv3vPlp9td6XnZ178YmSyYtud\/hweuvW3I9jwkurjMiGdcK4Jzhsu4dOsIhFKoqmIWQlAKqb5JGZtGaP+lczOzW2TTb1xjiBxIYYmC3EuKMH2ASu75tWmb60+4T1zLA+8b24J77uxfOHDV0aMP6rGj+1CIx7a+AJfYBJZTnE7phEJCxMiRxLLgei\/504X80Suq6ZErlzbe8Ht96DrQ1Z7GkjWgM\/RXVhTYvHYQl+9aAyeyWneYnc3yUjYfXHt7QlMSp098roaXr8h1ao1y9VVAYEU9Gtk85lolDXwlK6hWzAfB0WqRTZ2g8x7r1yc\/2k4ZIAXD4OlRgR\/sQ+FnECwHgKiBZaCbjqLRylEEAiuvFm3HL9RM8uHR6f7GoskwEpXQ8gRnZJVFXJFj+4Yh7Dx3I0Rcx\/CO\/QqFNYampXbBLceDAV47NfaJyB2pKRmn1FFBdmLpeRQ+AyiEgkBEWiibg1OMS2suJKwkPEEARJbx3HQB5h6sj9dBoYhNiu75x9Ga+xHmiAAmiDB6uRESAYa8WXAWs3kVACEJy1hXVTDq6B3ZgfVrz4GqXzX+VP+QKozOYqYYqq5jsxK3SrRSB1wKIgbRqcEAGPWnnTtNQBmCKjCZb8NQ8CiS5otIXQqy0cnMsKZTlZeXYcBQRw04B1QDAnEVyfBlEDmrSjgtPC2d\/TeW6L8rSBWGCJGfBuAADt7ylSsbU3iGigcR\/eTktMKclZHeDpD3Gpr3ALwH4P8BgDfqCt8igJXSiFP6OlqWc\/K\/bz0RZNnUM1n\/f+QBp4BHCDpNU76NXYWB1\/AnE0IERssBz9C18FTGirx968YzQj+BcvsQMkn+bwGQhqiFLXheQBquBQZ+HsbEnV76LcWzwpgSLGXoG\/0ahtKHkPrqOwtATQhRBkQRGaLYMBLDIDDWV8YxHDwLUUDyFDYaQH\/f5bBUAv6LnBAAPVbRE0bwCEBMGBm\/C8PpPqS+8oY5wNTJvDPHMm8IgH3emcswgUGwIGSecW5pFEP5o1CiVWklvkAc9qO7a+eqJD7rphAQkGJNsNzTEqBkoaIYPnFnB4SUV6iCTrKHwvLKwOYtAFBVFAooOpfkzms9t9iSHMHG7NsAEfSMS71kqESbEJjaG4ZS5gj97GFVTxWqq7s6fOJrGG49hNTXAHTkp2rnwOvZrWWoLgv+k+CsNah296EzEANqScnvqr6I89wDADNUz+44NgFqg3ugeQGXLpzmbxVFOSJYG6xOFE7ftGUQ43+F4XQfGq4snfakg9ULkQpeJ56tkl3meAuA4b1H\/+AQNm64AAsHvwMnim2Di9XhpUeQqyFPgXqycAiRFxGici88p1CNAclRTobR85HfRcoxsie+BG3NdUaWBKyrFJAiAXkHT2U4xFCQBVBaAUEiGBm7E26Eu4VCMpSB2cIub8aZOWCXogs6IWAS1HS6TcUr2LTzeoRFG1wsNroqqdk6d9s9mQ9ejuHCEppFovV2t5\/LegYaTcZrWV8jq0faHptJPnRXoGlroLoW3L8H7tBXVJcyDhqv2lpkUInWYL4xgXbW\/NiAPXxlNZ+ohEi3A7iQGeHK7hIUGye\/yuIRkDEmT2eQZlvY556Jl4sZd4LGVmh0mR0iRLQQeAa5dJLft+tDqB\/78L3j8xNXd5dntpPoT4mwBCSUiJLRcUrcoR5mgFznfqOF31Dp2fWvY4f3f7c6+DKQzjnYWIrahqLWXaDddsNd7b1\/2NV89pNJ0i4RAE+ANxYNHhlTDqBgXekVotjX8+49ty\/yuZiZdWwiQygA2CBEGAHiYUPML3NzACNN47jq9h\/4QbHgS0i0ODbd9Ss\/9wSVq2mWJ5kjjRjIC0Ev1+n99M11g13nrnulXd15aA7BMA5ft37p33\/9B\/1\/8MnL0r2H+9xLH2hzJV+U3kUrh6+onvjGHVbGL4hCWWhj6OFm7cr748n7W3UamH6m8plDM1kZuUQKJbBh7BqUelhMN4\/NAWyTtndWAEAz7yAOUA+bobsDgCIoR9KiWuvhxeHpvf9wD0gCJBq4VrIwH7hwnqgznVAhSJrjWP8vjG1zpSfGfN99B\/MevLb0kW\/9ef+t+66pf2GvL1zBjMgKNS+k+75YOfH9PUPJ5AX3N3\/5trG5nps34Cjm6zvw6qhBphZT7gXkMFAmECtKRnHgGY9mJrh452aze1P7g6V0tluVPRyRCgHEsCezWqHEEnBe6lt45LN7+nKTtUGBiORRwCb3AjBAgAgQRA4uzfngi1AbWtlgDNks5GggC8g7BhCJACGl5XOa\/3ijKFBkQJcf33JkyX581McBFQ+ZkZC9jazbHNkQQcBkCEwAu0IKr9RGnO2mvdedP33kl8gtJaI2F2ECM9h70GPfvrGTxBShr\/nUN0ea+z9uaJkR+CRPv1nvr3Kyv82KN58vWAMYOp3TV1lVzxDAnVoHr4CXZZuIWtnm39kGxCeivA7bql4OAGj5EL1YaGlrP3J\/St3H649PBfa6qm8A9W8sypUAh7Mrjjd7e0MEGAvM6jmPzjfDqbXcgmGF7S11ntZLOZZwyZ\/E8cvrWRY3wLVJwapklKVtiAkKo6KsqqxEQoAn1oKhCiIhhfVGWtWE5ofPrFVEQG4qM6lZM0Va2NNGErK8\/Sy0gpSYlSDEyBkmUKexJxN7Ku\/5i8EIRegKFiFDTz39N6tv31r1Fsqx5clGqzsujrNSqBkqWnGjhoxBQWUppAyvgZIviPMGYj9tAAX7NnlEPq5Uq5uyf7vPpq\/sXlHYNgSW\/MjEVM\/PXj1pdxwP\/KIFc8dTq12SwiAjUEdFUBhqYAqExZRBqVtn8vXe03q\/pzraHMRr0s6NuKxTfk9xsYB8KrFJ50yRQaEIyYI1B6mBgYVoJ0ZIC7BmYMkBKFiLjnAx\/TNZaetn5tzwZ+Pi+U1GM9O0u8ZLA7v+JSlffDhYmoVBBiifVDC6PGHSbDUZSBUsRef+kiEybQhlYMkg1PEoMU4H8I50fxCAzNFWsPE\/GEe3BhDb5LXHk3j44Iokfkef927\/q8F\/DgCIXuq2\/murMQAAAABJRU5ErkJggg=="} +00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":4,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131340240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1654385131355130,"pkt":"tKXvZygQnLbQ0+MzCABFAAD+y99AAEAGhTjAqAJ+rGl5Uur0AFBJWQYZCSidf4AYAfXp0gAAAQEICvK1B9\/JobsSR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL2ljb25zLzUtODAyZDc3MWNjZjVhNTU3ZWY3NTMwNWVjYmQ2MzRhNWMucG5nIEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} +00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":5,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_usec":1654385131589006,"pkt":"nLbQ0+MztKXvZygQCABFAAFyOQJAADYGIaKsaXlSwKgCfgBQ6vQJKJ1\/SVkG44AYAPNbGwAAAQEICsmhvFLytQffSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMSBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNTYxNg0KTGFzdC1Nb2RpZmllZDogRnJpLCAyMiBKdW4gMjAxOCAwMjoxNzo1NSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1YjJjNWM1My0xNWYwIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozMSBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385134408251,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":565,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":565,"pkt_l4_len":531,"thread_ts_usec":1654385134408251,"pkt":"tKXvZygQnLbQ0+MzCABFAAInA91AAEAGThXAqAJ+rGh3UMBaAFDHE+5UhHHU2IAYAfbo+AAAAQEICpOtHJliB5VhUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NQ0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkN1uhCAQhV+lmWtjBPxB7rav0PSqaQzC7C5RwSC6JhvfveC2SRMumO8wZw7zhGAmXIKcZhCkrkrGK8JI9gYaN6MQxBNWbTQI0JRhRZG3Ta\/LK+Ot1oVqSkYVr0nsggzUXVqLY3xMhn21kUxOn\/Wih+42353Fbud1FHovbXK9OXcbMQK3dBv6xTib2pObnOd\/iOY8p\/k5RXpv0Ed2sdq7GC4Dj4sb1\/DbXfBiJ01bRmF0SkZ\/AWi7z48ILIaH80MkD3M1aczLpDs\/2bdIedPUrCo1rdoUbJIqCgUVpBLvVBTF68CRliSDTCuSKpjNBIMLiK\/vDHBXOKc0f\/WGNpz34\/gBCIhwTg=="} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385134408251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385134408251,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com","domainame":"android.yingshi.tcclick.1kxun.com","http": {"url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":0,"content_type":"","user_agent":"okhttp\/3.10.0","request_content_type":"application\/octet-stream"}}} +00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1654385135021838,"pkt":"nLbQ0+MztKXvZygQCABFAAEVhPRAADUG2Q+saHdQwKgCfgBQwFqEcdTYxxPwR4AYAfrU9wAAAQEICmIHlwGTrRyZSFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcg0KU2VydmVyOiBvcGVucmVzdHkvMS4xMS4yLjUNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MzQgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClgtUG93ZXJlZC1CeTogUEhQLzcuMS45DQoNCjANCg0K"} +01341{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1060,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385134408251,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":499,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":499,"flow_dst_tot_l4_payload_len":225,"midstream":1,"thread_ts_usec":1654385135021838,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com","domainame":"android.yingshi.tcclick.1kxun.com","http": {"url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":500,"content_type":"text\/html","user_agent":"okhttp\/3.10.0","request_content_type":"application\/octet-stream"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136206220,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136206220,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIhQ1AAEAGzADAqAJ+rGl5UrRoAFD5HfAjxRS50IAYAfbp3AAAAQEICvK1GtLJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5OS80NzA0LTUwMTdiY2RjYWNjMDJjYzNhZjQ4MzNjZDFlZDcyYThmLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136206220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136206220,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/299\/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1062,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136207603,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136207603,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIuBVAAEAGmPjAqAJ+rGl5UrRaAFA4F3kV79XZwoAYAfbp3AAAAQEICvK1GtPJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5Ni80NzAxLWUxNGQwNDgxYzhmYmU4YTQyNzk1YWJiODc5Y2RhMmQyLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1062,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136207603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136207603,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/296\/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1063,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136215384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136215384,"pkt":"tKXvZygQnLbQ0+MzCABFAAEI535AAEAGaY\/AqAJ+rGl5UrR4AFBRsl56JroizIAYAfbp3AAAAQEICvK1GtvJoc6eR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMS81MDI3LWQ3MDcxOTJiZmEyZGFiZjIyNzcxYTRkNTY0NTRhYjg4LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136215384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136215384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/301\/5027-d707192bfa2dabf22771a4d56454ab88.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1064,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136216297,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1654385136216297,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIGp5AAEAGNnDAqAJ+rGl5UrSEAFDq37\/yn5TBcIAYAfbp3AAAAQEICvK1GtzJoc6cR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMC81MTgzLTUxZmI5OWEyMzkxZTc3NDAzN2JhMjFjYmNhMzA3YmU0LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} +01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1064,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136216297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385136216297,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/releases\/300\/5183-51fb99a2391e774037ba21cbca307be4.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +01212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385135021838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"thread_ts_usec":1654385136274668,"pkt":"tKXvZygQnLbQ0+MzCABFAAImA99AAEAGThTAqAJ+rGh3UMBaAFDHE\/BHhHHVuYAYAfXo9wAAAQEICpOtI+NiB5cBUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NA0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkNFuhCAQRX+lmWdjFESRt+0vNH1qGoMwu0tUMIiuycZ\/L7ht0oQH5lzmzmWeEMyES5DTDKKsWUU5KynL3kDjZhSCeMKqjQYBmlBkBHnb9Lq6Ut5qXaimokTxuoxdkIG6S2txjI\/LYV9tJJPTZ73oobvNd2ex23kdhd5Lm1xvzt1GjMAt3YZ+Mc6m9uQm5\/kfIjnPSX5Okd4b9JFdrPYuhsvA4+LGNfx2F7zYy6atojA6JaO\/ALTd50cEFsPD+SGSh7maNOZl0p2f7FskvGlqyipNWJuCTVJFoSCiZOKdiKJ4HTjSkmSQaUVSBbOZYHAB8fWdAe4K55Tmr97QhvN+HD8N\/HBS"} +00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136559919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1654385136559919,"pkt":"nLbQ0+MztKXvZygQCABFAAF0doZAADcG4xusaXlSwKgCfgBQtGjFFLnQ+R3w94AYAOsxxAAAAQEICsmhz1XytRrSSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDQ1NzQ2DQpMYXN0LU1vZGlmaWVkOiBUdWUsIDEwIE1heSAyMDIyIDAzOjE1OjEzIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNzlkOGMxLWIyYjIiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} +02576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136559919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385136559919,"pkt":"nLbQ0+MztKXvZygQCABFAAXUdodAADcG3rqsaXlSwKgCfgBQtGjFFLsQ+R3w94AQAOuqegAAAQEICsmhz1XytRrS\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIAQQCgAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APk7XL28GtXY+2XHE7\/8tD\/eNc59AkrIq\/br3\/n8uP8Av4aB2Qfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIBfXvP+mT\/APfw0BZB9uvf+fy4\/wC\/hoCyD7de\/wDP5cf9\/DQFkH269\/5\/Lj\/v4aAsg+3Xv\/P5cf8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIPt17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyEa+viOLyf\/v4aAshft17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8\/lx\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fy4\/7+GgLIPt17\/wA\/lx\/38NAWQfbr3\/n8uP8Av4aAsgN9e5x9sn\/7+GgLIPt17\/z+T\/8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/J\/+\/hoK5A+3Xv8Az+T\/APfw0XDlFF5en\/l8n\/7+GlzAoXHJdXxPF5Of+2hpc5pGm9ixFLfMB\/pdwP8AtqahyR0wpX6FqA3\/APz9z++JDWTmdEMNd7F2EX2Aftc\/p\/rDUOpY6IYdLoW4Ptn\/AD8zHPGfMNQ6l2ddPDxavYsKbsOCLifA6fvDzUc7Nlho9iwj3Q+U3M3Xp5hpObsUqC7DxLdg\/wDHzPwefnNS5GkaK7E6S3hAH2if\/v4aXMX7NdhwkvMAfapsZ5\/eGjmLVFdiRJ7kEAXMpAGfvn86LmnsY9hPtN5ux9plHtvPSjmE6UV0Q1bm727hcS493PFHML2cexE15dZyLmbp"} +02520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1068,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":4,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136563690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385136563690,"pkt":"nLbQ0+MztKXvZygQCABFAAXUdohAADcG3rmsaXlSwKgCfgBQtGjFFMCw+R3w94AQAOs8mgAAAQEICsmhz1XytRrS03mjmB00NN1dZ\/4+Zu\/8ZxRzGPIn0EFzdgY+1TH6ueTRzD9muwNdXRAxcykjr85p3HyLsJ9qut2ftM3\/AH8NGpLpoYLu7ViPtc3Q4+c007MnkQLdXvObqUEf7Zq+cORC\/aLzvdTAYzw5o9oHIuw03d2GyLmbP++aOcydNXGvfXg5+0TYI67zV6h7NA91dglvtMzDGD85\/OkRKCXQZJd3gOftM2D0+c8UXYuRdhv2y7J\/4+Zsf9dDVXJ5Y9hv2u73f8fU2B6yGi4OMWthHvLvGPtc3P8AtnIpmbgkN+23mcfapvf5zxSFyrsDXt53upv++zQHKuwz7beY\/wCPqb\/v4aLkOCA3t4f+Xqb\/AL+GgVl2Gfbbzcc3Uxx\/00NWpWCy7CfbbzORdTY\/66GruS4IQ317\/wA\/U3\/fZoJsuwv228J\/4+p\/pvNAWXYfb3t356D7XN94f8tDQFl2OV13\/kN3n\/Xw\/f8A2jXQeCtkVP8APWgYf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etABQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQXyoXFAcqDaxzgdKTZSp3Q5YzkZqecrkJUt2Y4A\/DFT7Q0VGXQs29mWHKjgdhWc5o3hh5F2104hgAvXrWbmrnbSwztsaFtp4DABeOlZOqzshhn2L1pYEDOz9KhzOuGHa3RaitB0K4P0qG7m0aKZOtqoT5R9DSL9kOWFVbCj9OlO5XIO8nC7Tgg0XDkY9IxjkEgdM0i4QWtx2wdACKZfs0AjBY9+eh6VnzMrlQhUDPbtRzMXKhrL04I7gd6OZkyihoC88Y560czIcUM8s8gvx9KOZhZAUHTqeBn0rQXIgdBu4XrQS4JEUsaYG0ZGRmi4uVDGVtvTjPb+dFyGBXBPy4xxk00yeVAqMUGSfQA\/zphyiBRxzng5xQHKNCHB9SKCGtRrJgHHbtVc7E0MIO3GMDOaqLb3IauIw4JIGfWqM5KzI5enHWgmwm1s4yD7UAxrgkjjkdzVIhpMRlyw9O9AuVDXGAf05oIYxgAKAYnaghqw1sAYoEN74\/StVsAd80zMD9aAHW6\/v4z\/tDvQBzuu\/8hu86\/wDHw\/8A6Ea6DwFsip+dAw\/OgA\/OgA\/OgA\/OgA\/OgAoAPzoAPzoAPzoAPzoAWgBKAD86AD86AD86AD86AD86ACgA\/OgA\/OgAoAPzoAPzoAPzoAPzoAPzoAKACgA\/OgA\/OgA\/OgBR1wOpoHHcmjtLuRQy277SdocjCk\/U8VMpWRWhpN4Y1g2LXcUcM8ajLCCYOyj3ArNVope8HKmZXlPggg\/4VadzZUx8cBY9DwKLjVMljti3HIqZTsaRocxNDaNtwM8mo9odEMM1EnEKR\/f\/AAFZNlqkrluzt8gfJgZqJysrnXTocxr2enZByv3hWDqHdSwpegsArHI6d6XOd0cOkiylqFxjqP1rJt3OhUrEsUTb\/T+tF2VyPYcqDONxyPyFF2PkSFABIKk0XY7CsvzY5567aLsLAqDOcnk9CKLsVkKYxyWZVCjJLcY+tF2J6a3SRCtxayTGCK6iZgNxUPyRWsaVWSuos8+rm2BjKzqDhJG7N5cgcr1API\/CspwnF+8rHbh8TQxEealJS9BWXJ6cZpGomOwPtmgLDFQlst9T6UEtIAvzZcED0HNArITGWGDgZ4HYU7sOVCE5PXPPPtRdkySI2HPIBq4t2IsN2Y45HcjsKZFlcVBtkA5x1H0pit5DDuB+6B\/SjUmSGsAuDt4PamiRhOATjIyOKYmkNkDdBjnPUdqCBjglAc5AFF2S0R4+"} +00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136563794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1654385136563794,"pkt":"nLbQ0+MztKXvZygQCABFAAF0DidAADYGTHusaXlSwKgCfgBQtISflMFw6t\/AxoAYAOudpAAAAQEICsmhz1fytRrcSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDQwNTcwDQpMYXN0LU1vZGlmaWVkOiBUdWUsIDE5IEFwciAyMDIyIDAzOjM3OjMxIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNWUyZTdiLTllN2EiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} +00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136563794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_usec":1654385136563794,"pkt":"nLbQ0+MztKXvZygQCABFAAF1FpZAADcGQwusaXlSwKgCfgBQtFrv1dnCOBd56YAYAOv6YgAAAQEICsmhz1jytRrTSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDgwNDQ4DQpMYXN0LU1vZGlmaWVkOiBGcmksIDIwIE1heSAyMDIyIDAxOjI2OjI0IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyODZlZTQwLTEzYTQwIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozNiBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136563794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1654385136563794,"pkt":"nLbQ0+MztKXvZygQCABFAAF07ZdAADYGbQqsaXlSwKgCfgBQtHgmuiLMUbJfToAYAOtoFgAAAQEICsmhz1rytRrbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDU5MjU5DQpMYXN0LU1vZGlmaWVkOiBUdWUsIDAzIE1heSAyMDIyIDA0OjAwOjQ1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNzBhOGVkLWU3N2IiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} +11567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":5,"flow_src_last_pkt_time":1654385136206220,"flow_dst_last_pkt_time":1654385136563794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":10146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":10146,"pkt_l4_len":10112,"thread_ts_usec":1654385136563794,"pkt":"nLbQ0+MztKXvZygQCABFACeUdolAADcGvPisaXlSwKgCfgBQtGjFFMZQ+R3w94AQAOsQaQAAAQEICsmhz1bytRrSUg5+hrSL01IshGGcnHU5FUZvcRhxkdaBDSpz17ZoJY2ncNRHGe\/SmS0RHPOQcUGYh6g\/rQTIY44J96CRvoaabAK1MxFPegB9v\/x9R46huaAOd13\/AJDd5\/18P3\/2jXQeAtkVP89aBh\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AH+etAB\/nrQAf560AHegA\/wA9aAD\/AD1oAP8APWgA\/wA9aAsw\/wA9aB2Yf560BZh\/nrQKwf560BZigcf\/AF6Vwswwf\/rU7lKLuIeKVy7DlUnnHFFw5WKEO7FDegcrHMiJbyTMuQg79zWXNd2JqWgrnu37O3hi5+KvhiPQNWswNKsmO28wUMXHbH3mzXNVqqm7dSY0\/aq72On8Sfsl3Wlo1\/4H8WzRTqpPkX0eY5D6EryuaxWL09+I\/qdvgkfO+sQ3tj4sv9C1qwax1KzYi4gccgjrg9x3B9DXWmuXmjsdGEl7\/s5bgDCvOc\/Sou2eilEerJ1Cc+tBpFx7Eu+TaAq7c\/nUNq5ok3sizZ2Nw5B2YJ\/iYVLkjop4WUjb0vTEjUM53Pnk44rmnPmPUw+EUFqasMGF29OfzqDuVNdCUQggcfUUropU30Q4RjOOQPWi6NFF2FEYAAI6DkjtRdBysPLxJj0Hai6DlYgj465z+lF0HKxVTDZA69\/ei6DlYLEQ\/wApzz0ouhOL6nOeHBrfjr4myeFvDWmPfiFWVR0jWTvLIem0HoDXoUlGlBSl1Pz\/ADjH1sVXlSpaQR13xo+GXjjwHNDqF\/ozXFlDZR20V1bJ5qIAMuzkDIJYsfyq4YpS2PGeFnE8s8U+I3tVtmtGK3EZDLIcHjuPdT6VpKUais0Rh61TC1eeDaf5ncaLdxanpUF7GMecgYgfwnuPzrx6seWdj9RweJjicOqsepZILKc8EZwak3aGsMHOPvDmqT0FYT7uDngdKd0FhrqNoBwRnketMTGS43Absjj2oJGgAqc9c80ESTb0Gkfe5yO1aKS7kMTA35GQSKoHsDgMuMfT2pE2YxwA4HTjJpiI3GMMDjJ6CnczaYwr8\/IIPvTJYjDHQ49qCCNwSwIHFBLWohGTnPahbkidhgdTWxMthvqKDMYy4Pt60CaGOQOT1HNUS0Rtz170GQ0ntQAnqPSgiW5G3UmhCEHHbr71sJ7Ae1BA+2I+1R\/7woA53Xv+Q5ej0uH\/APQjXQeAtip+dAw\/OgA\/OgA\/OgA\/OgA\/OgA\/OgA\/OgA\/OgBaBCfnQMPxoEH50DD86AD86AD86ACgQfnQMXPFA1G4n50D5Q\/OgOUPzoDlD8aBpWF\/OgZHNJsHrn1oM5SutCJJHZgMn8KTdhK7Lccb7RkZJoubxg7D1hwDwT+NToWoajkh7bTn1Jobsa8o9YOcYNTzIOS5IlufQ4oui1S0JVtSOQM\/zqPaIv2JBfQfbLqz0OFsXF\/dxxE4+4D3\/X9KINO8jy8bH94oH2D8I9R0\/wCG3h\/T\/DkN5oVobgBLYapcSRvct3bKghQTnrXmScpzbtc64whTilc9l1vxTFo\/hO31O+j02ITP5UputTW3hQg4+WRhhvYd6hNS0S1KacdW9D5B\/bas4rv4yeFNahghT+3LCRWeCZZlkEbYBDrwwwRXXhpP2Er9CacebH04vqcGdCjVTtQ\/1rL2x9UsDG+g6DQz5mZD8uOAKfti1l6vqadrpsUMQxGCT1JrOU23c7KeGpxWxM0AVuR0GetLmZrJJaItWmCoxgjpkVDZpCOhY5\/vc5\/OlzGsYh0GO3p70m7miVh6Lgc\/\/qpDF2jBAX6+9A9BCh3kigEhWXI5Ug9M9qAsATB+bk+oFA7ChRuAAGT90jvRexM17j9D0\/8AYXXwx4V8Fwy3WoWX9va5O9zJEXHmhd5VVI\/D9a7cSryj6H5rTj8d97s9g8Q\/FyGw8Sjw54hsbDT7e6\/dJaTwyXdzOTwAVQbUB689qzTla1iXSUdbng\/7cP7OdjDoB8e+B9Ne1vGkT7ZpcI\/dy7zjfGv8LZxxXRh8Ryvlmc9ejzx5obnHx\/C7xD8P\/hfouo65c28jamTvgi5NpIRnymIJywxz6GuXEuLneOx9Vwy5xoOjPdama4wM5yOlYH0sokcgPDDH0P1oIegkZ+XBAye3agQwg5BPIzxx1q07kjZdxbOMbe5pgR456FTyQOxoJEHHqeO3SghxAD7w+laKSbIEfjjPJGRTE1cawbbkDJ9aNCbWIwoONwzijQBXUZwec00ZuNiJsAkenT3qiWrjW+9x9eelBDViOQDoRyTnigh7jenAJrRSu7EtXQ2qM2mhkh56mgQ0gEcjNUQyMjnH60GQwdfQ0AI2RzjFBD3GMP1oQhBWwnsI3TAoIHWxzcx4B4YUAc9rv\/IbvP8Ar4fv\/tGug8BbIqf560DD\/PWgA\/z1oAP89aAD\/PWgA\/z1oAP89aAD\/PWgA\/z1oAP89aAD\/PWgA\/KgA\/z1oAP89aAD\/PWgA\/z1oBB\/nrQU1YP89aBJXD\/PWgsKAFwf8mgAAJ6fjSbDUXYx6UrlKLaJUhbbnPPei4+Qgu1XaAcE0XIcEhLdFUDA7UXHFal+2XeBgfjUN2Z2QjcsCAgcAYHr3pczNFT1JDCgAJIANJu5pyoVBCi4OM+lIfLEXzI+gTODUuTTHzRWlg82WT7iBc+nWpuuoJzfwo6\/4Rpp97rFnY6pbLM+k6kt0W6SRI4GHA6kFuD2HFTKLXvR2Z5leKdSUZ7n2R8PZtOk0WV7mztZp7NXwZIFdhtz04rg1i9DZKM4q5b8Dar4a8V6BbaPrWhtdCKWZ\/LvtOYRKwbgguMZ549qFJxdxSg3p0PCv22NM0a28beCYtPhjt5oI7oQ2sSgRww5yzbR0yxA\/OtaMn7OfY6sBTjLHUu9meZJDyAw5zWJ9ooq5IYQCCMcdcUGiSHMNq4HbmgbirXKF2zZ+Xn19KvlVjlnJ3LNkQqgEkgY4ArN7G9MvRoNowq5BzzUHRAdtOeMDB4FBYuBnnrj86B2DaPbjmgLCHljnt2FACkjZk5AoGIeoDduvH5UAIDgqcY44FHQTtbU0vBGhyJp099b6xJa21vfRSmzjVVyfMViXbGSo5IwRiuqNXnij4PNsCqOJlyPR6n2NqM3hTUfFra7pL2d7OqxrcXNuu4qNuVy2MH8DUyinqzzKXPyWbG+PJW1a0aGTHkFR8meuOlZy1N4RsrHy58bfGeka\/eW+heHk\/4l+mSNJNKy7WmuGXBO30A7nknNZpSitT6fI402pTT1ODdSSuO1B77SZG4zwwxg5GKDKUVcYQcHbxjkA9uaDMY+RllOcdjTW4rA\/deMdgKsQjD+8NwP6UANVdpIAxQSNAGG6lgenahOxPKhHHz4PJxWkZXJkrCcEg54BycVRFrjSBtHGec5HekSRls4z2FNClsRHlvTPvVGY18MB1460EPcicJnHX69aEZsaxxjnP1rRRSdyW7IRgQDk9feqM27kXv60EtjXOB9apEjP89aDIa3JJ79KBN2GkiggYepoAQketbENjSTk8ke+etAiS1\/4+Y8H+Id6AOe13\/kN3n\/AF8P\/wChGug8BbFT8\/yoGH40AH50AH50AH50AH50AH50ALQAlAah+dAB+dAC0GlkGaAsg\/z0oCyD\/PSgLIOTyBQFhQD1xxQFhVRj2oCw7yWJzg1LepooXQqQvnHP50rspUyVbbJ5Boux+zJBBgcZNTJsuFMkWEg9CRj1qbs05BZITgYye1NN3H7PQozw4fruqznlDUIYuhKkj0NTJsSjZl2OVgdsYA44qLnRGUktESKk8nRWJ9AKG7I1SqssR6dcSdV\/OsvaGscPUbsyzDo7H7z8j070nUOmGDvuy7a6VArFipY9DzWUpts6YYOGxfgs4o8BIwv4daht2OuNFLZHAfFS4uNP8RJqenTyW8yYjDxsVJxyQcdun5V34T3lys+Iz9\/7VKUd0fX\/AMH\/ABnYeLfCcd5Y30ul6hqVorFQQHikIwWTPB5BxXm1oOMmuzOihPmpxfc73whoXivw0G1PX\/iHcX2liBjJFdvGYwevmFiB5eB2FYOTl7sVuehVqUHD4dUfMnxH8St46+OGoa9HO0mnWtqLbSjjAMAP3\/8AgTbm\/KuxxVOhydR5A1Vx7l0SDHpzXKfbWQAckkUFJEN5IUTsMjr6UGc520M9V82TcAcmtehx6uRciBQ5GEHv1rI6dti1C425OOTwe5qWb03oWME4x9ak2QjMducdSM0DAnAJPA6fWgBF6H0I496ADJ2+o7+p9qABjnJyD+FADN+c7TwB3oAfZXL227DHZIuyVeu5TTi+XY83M8H9apWXxLY9l\/Zau\/GN466bPri6f4fsmIitLQRqsqdQHyCxz3NauTPkZexjRdOUbzXU9H1nxHDq+vf2J4dkWdIJQt9fLzFDjqinoz9vasnJ7mPI0j438TxzaT8evE2myxtCp1KdNjcDGdykfUH9a9CqlLDqROS432GPUejNNskZB4z2715vU\/RV1EkxjJ6\/WmFiN85IbIwM4oOd7kT8AdOeue9AmNHLc9e9VEkEABbjHXiqAbnaoHt+VBIm4Fyw6HrTjuKT0GtyST36nNaJWM7tjeQc8ZpiG\/vHcpEudvUHj9aqEJzex5eOzOhhPjZiXWqX4meOHR5W8rBYSOMuhbaCgHXv+VdMMI77niYjiVJpUoXNELN5CyyqhXgGSM5XnpnuM1FTDuJ14POqWItGS5WMkbDEZII5BrBHr69SN85ORzTRDEY881sZXZGxYFh0560CEPOPagljHOfwqhDGPYUGQxjjB65oJkMYgscnGeaCRD25rRJWIuJkEntjiqEMducZIoAdA\/75AOPmFBLZha7\/AMhu8\/6+H7\/7RroPCWyKn+etA7B\/nrQOzD\/PWgLMP89aAsw\/z1oCzD\/PWgLMP89aAsw\/z1oLD\/PWgA\/z1oAKLhYcq5HSlcdmGw0XDlY\/ZlhgGi4crHeSRnmkzWMNCRLcDqAM0iuQeIFzz39KV0VyEiQKW7nH6UXRcID\/ACeDjODz7VD3L9mSRwE44HtxU8yK5CT7OcjgH60cyLjT1JFt40XLEAHnmnc05UtyOWW3UlVG898UEOUUyvJNI6\/INqnsOTRdGXM3oiNYCOW6n1pJpk8r6j0iy4AI+lDaQ1BXNKxt0QEmHc3r6VnJq520oK2xpWybv+WeBUHZTi7lqOLdx3HpUSaaOlQVyaKLPQAYqDSECSOIYzzQXy20JlXjHT3NQzRHn3jrRr3WdTZbeFlRGZWlcYA+ma7cPVUFqz4rF4CricRJJadz1\/4Q+FdS1jwjpNvpkipNbx+SzEkbGU4PIrmrVFzOXcmNF0UoPodZ+0J4Rfwh+z9rFzqWq3+p6hqE1tYQLJO3lRF5Mvsj7nap5NZ4afNWuuiJxX8K3dnl\/gm0aLTIp5EIfyUhQHghV\/8Ar08RU52ktj6bhvBOEJV2rNm0x4HUc1ztqx9UDkqGI5CjOaImVToZ9\/I7N8oyD3PSto7HFUab0F06PB+9yRnPas5bmlKKLzw7gG4PQ0ro6JQdiNCyyEjnnnHQUnrsZrR6lqOTcAQRnv8AWpOiLTWgrcnk8+9BdwGcj27GgYhO0HJoAazHsPxqWncBjH5CMnA55qQEdgDgjqOPf2o2eom9CpqGoWOn2pkvLyCAKcgyOAfyraMZS2RyVsdhaCvUml8zA07x1He+LLXRdM1GeKwuf3M1zG7IDI33ffbng\/WuxYSUaTlLfsfDZtm2HxOIisMrJbvufWHhDxHpPg\/4OSa3qsMdrBo9sZHgUAb3HAUepZsDPvXNGlzzsjmlV5Y3Z8i3WvX3iLxrf+J9XYyXuo3JuWUcKp\/hUewGB+Fe7DDxVPkZ4qxE6ddVobpnX2b+fCJFxxyVHY15NXA1Kb93VH3uB4pw1dKNb3ZdbjjgKQe44zXI007M+mjUhKPNF3RGX3EZOSODSMXuRspJHYA45prcQzBA3YAx3qrkjSxByucZzzTExmT1yR\/SgltADzjNXFNMyGH5YyO4NWK5T1m9Fjpk924GIkLL7nsPzpwg5zUTmxmJWHoyqPtp5M4631m8lRInvGSQkttHQt2yfrXqqLSR+ZVcRKs+apqyO\/i8QOsGovciOZmxER1PPXjtVLUizVmyHTr3xBaSRAyoHmLRGCY\/K656Ht16UpXSsacy0tudL4bvJrmwK3KFZYjt56lD0P8ASvPrRtK59jlGLliMPKFTdGg\/Jz+lNbHqOSGswAxQZEbMM5NAmNZsrgHk0WJbsRk4Ucfr1qjFtXGFsdDzTSE2rDGIHX60+VkXQwuMHJ69quKsiG1cjaYelMV0NMgLHk+h9KCBhYhcAg\/1oFdDrcgXEf8AvD+dAXRk67\/yG7z\/AK+H\/wDQjXQeOo6FWgaVhPzoKD86AD8aAF\/OgAI560AGD+HrSuNJsNp96Lj5WPVCVzxijmQcrHLExAOOKOZD5GPEIK9+O1SaxhoSLAFcAMeTzQVyEgiDcdqTshqI5IugwST0pcyHyEiwsCCB+FHMjWMNB4hIOOcenrQ5aDUNSdbb3\/D0qC\/Zjkg+TvkmguMLEvlIBgKFA5A9KVzRQVtRkk0ESgs\/PoO1TykOUF1IJb4kYiQD3JzTjGz1Mp1NNCERz3DkbS1U7IlQnMu2ukux3TNt9AKnmRtDCdZFs20Vug2oAegPrWep0+yjFGdeDEm3HHvVR3OWaTC0X94OO\/505ChH3jcso12ZYc+1ZHrU6Wly6sYwCDj0AqHLobRikPRTwDnn1qDWMdSaMZwOBmlc0StoU9S1e00y9iguYZZsjcyowBUUWuc9fERpz5bXNi01XSZYVNpEqbhwxGSPbmpsCrX2MnXMi98\/IbzPlkX+8vqPcfyq09LGEk4z54nQfBbx8fh\/43t7i6ZrjQ7qZV1CFBuZF6eag\/vL6dxxSceZNHFi6KleXU9o\/bM0TU\/E\/wADtP8AEnhSZdTstLvk1ZmtDuElttK+bx\/dznH1rLB+7UcZHlOclUjNrZnguia1balbI5YI7AZz0Y+x9KJQcdD7XDZhRq2k9H+Bp9W64I6Vi9GekpxauiK4bamSOT3xVRM6klYzJSpn25+YGto7HFJXkXrIDAzk4HU1mzrpx2Latsj45\/pWZ0NEMq9SWwPQDrVRMZQEgcKCmcZ6e9DVwhoTq2ccHkkdak2EJwNpySPvHPSgYjNuIGO1A7jGOHyBx0yKAuNfCnG3nsfWp5RKzZi6vrEfmyQLIVCgYweT1H8xXv4bB0owvJXZ+Z5tn+MrV5U4S5Yp203fqcF46slN06yMzF8Mpznj1PpXU0lokfONuU+aepr\/ALO2hWuu\/GzQdEu4ybO7udkm3+EBSd34EA1z4nSk2dGH1qpHtv7curWunrovgnTJMxf6+5cHHm7BxkfU\/pXHgqd53Z342dqaS6nh2lkrGs0ibUY4Uvxk+1etc8hmxYapPbsxZHVN5CsQRup2Jt3NhNcgMG6dhUyhTl8UUzqoY3E4d3pzaCy1KG91K4soh80CK7EdOT0PvXlYrDU6S5on2eQZziMZVlSrJOyvcvjghW69c4rzErn1RGwwSOSf5e1WlYTIjnOBgfypksY3AIPQnrR1M3HqRuccflWxm9hFY7D6E4GaWhOhleMN58OXQEbtsCswUZwAcmtsO7VUzyM7lbBySRmeFvhh4l1bw6niW6nstM024y0Et5Ns8xc43D0Xkcn1rvdaMZcq1PhI4Wco8z0Oqsvgt4617SLZLG3MkemBo5rlH\/dEluPm+h\/Ss1iqcH7x0PCTnFRRy\/xQ8D\/EDwVAketeH2uLaZSqXsGJ4jjqdy5wcc81vGtSqLRnLUw1aD2KngR3kZrktnfboGyc85PH5Vy4rex9Dw9e05dNDfLYJYn7w4FZH0D3I5ZBnJFOxLkrEbuOufzFFjNzSI2kGMnoKZDncjLgA4OKpRuZuRH5nrkVSjZkuWhGZPmNURzEe8BSQc4oIlJXE38kce+aBcyEBxkZ6Gq5ROSaGhs\/h70cpOg+3dftCZP8Q7UcoaGbr3\/IcvP+vh+\/+0a2PNWxV\/hzQMO\/NAC7cjIqWxpDkQd+PqKLl8jHiIkcGjmBQHrbsQP1FFx+zH+TnqOvalctaKw4QjvgUGnIPWLAGACPpSbsNQZIsRAwAOPap5mPkHxxZGcDNHMaRhoSLB+6fKj7wAAo5mVyEkcGADgD2pN3LULDhDzg4Pp60h8iH+Wi43EYB70FKI1riFQctnHpS1E5wSIG1AH7iZP6UzF1lbRDDeTN\/s+woJ9rJ7CYuJ+hY9qd0hJTk76ksGn3Dn5gFHv1rPnNoYVt3ZetdNhVwXBYgcelJyZ1ww0Vqy8kSqAFUDHpUNm6glsSKpPbp70XKI7oEx8Hp2ouTNaGNdk7hxxVx3OGasSadzIMjrTm7IqgrzOhtkHlgbcA9T6VzczPZUVYnRemc8dM1JSirj+hz2PU0mbRirksSBn+bG2k3oaJW1OHvBJc69NcTPukkkOB2RB0\/GtlFJHgT96rJstaddNEsg7A8r\/dNDirFQnY10mS9txGzFXU5RweUPr\/APWrJaHQ\/fW5SmTzg8UqBLiMZYAcMOzL7fyqlo7ohSvdSWp7b+xl8TbfRZZfhr4plQaLrLMllPKfltZZBtaNv+mcmfwb61lOOqktzz8XhXKLnHoeN67oNx4S8Z6v4ZuHDS6JqE1oWHQhW+U\/98kV0ySauGEqS9lGVzW8O38k0zWsgLDyy6HPI5wRXNOKtc+gy6q5TcHsXLyUFiOSBURijvqyaKaDLEY6Hg4p3tojmi7y1NOEbYx+tZtnbF2H98Dt39s1J0CHLKQOfWmnYTSZWlLJ0AUdBVIwk+V2RJbS7huIxxxn0qDSMmyb1OO3A9KDQbyeTz3AoAGIPzE44oAju5RBbSzkjESM\/PsM1UVeSRhiKjp0ZTXRM8g0bUbrUNWt9Ougyz+cCzHuu4uT9MV9LB2Vj8am+eUqnds1fFTGXU5H3EboQBj0DGncg6r9km0Evxt0qb\/ViATS5XjG2NjXNin+5Z14OKdZCfFzxD\/wlPxJ1PUi++3ib7PD7hep\/E5p4WnyU\/MMTU56luiMjSbSO5AcvtSPIRc8c9TXQchnXeqCfV2d5j9lth5cXP3znlsU7gZ99qpkug4dvLi5A9TSuKx0Pwq1GCbVLm2PFzOm4hjy5B4x+Ga4MdFuGh9NwtNQxcozVk1Y7ZidmRnHTBrx1ufoDImOMZPbk1ZJE23uSCRnj+dAmJKckGNiTxz2oW5lKTRC4BY46+laksjdxsBHPP50GcnYt+GZXGsRrD5fmyB1hEoym8ggbvaqTtqcOPjz4dpn2P8ADDw1of8AwiGm6fNp9s8MOnQ7RKgYbdgJGOhGRUVLuV0z5iFlG1jS8A6joGsxz6Yk0bSXd7L5tokLRqEQADjAHGQayas07jK\/i7wVoPh3wnf6H4W0q3il1G2lhjtif3bySBvmOe+5iSac5N1U2xU0vZtWPjj4v+DNE+HHie38HaLcS3Etjp0LalNNjc1yw3MOOMAEY9sV2Sqyqas9LLsPGhRsupyUkmeD8vHSqR2ObuMZyCPSqM3NshaUEY5GOuaDOUmRyuQMBup4FWopoXMRGQ7cEHn9aszcncaSehOe4oJcnYbnK+maCOZjWbCll\/GgTdxrdSPx96tREKTk5qgbEB29APemTdiQuftKHJB3DikZyk7kOuxMdbvOP+Xh\/wD0I07s50rpFVIWDA4bH1o1K9mSrDg+mfWi7KVMkWD2z7ildj5WSiPj7pz9aDbkHJGTxt4oGoDjExAPOPepk2PkuPjgJbBzn0qbsPZkiW\/TqM0XZsoEggPZqG2NQHxwqABk8Hn3pFcthwiXOepoGSlQsaIP94\/U1mm7jW4yZkj++wFaFNpblK4v1BxCu49NxoOeVS3wkVrBe6jcLFEpkeQ7UVR94+lHMlozON5O7NrWvCc2kfZ1urmKR503FEPKHuD6j3rN1GzWGGu9SvFp8AOCpzSuzoWHSJlto1X5FGe1F2awpxXQnjjII+UKMUamiVtkSJHyTtyTU2GmySNRggHoaVyh23BByKC4q45V5OB+PpQVyoiugBHk8Z5570IxqGHeDE+O1aR3OGoSaZjzgMdDTqbFYf4zpo1HkrjHQE1yPc9tbEuDnIPbHSkaJIkUd++KV2Utx1w8cFu87H5YlLN+FS73Q5S5YtnnXh+Zp7+6lPXJYn3J\/wAK7JqyPnKEnKcmyVziWVl+VkUhh\/eHrU7lN2uSaTqGHVgeGUEVEoWRpTqXN5gt5bpLHJslTlXHVT\/UeoqDpaU15ldgsp2SKEmTl1B4I\/vKfT+VBKvLR7jtTuri81S41G9u5Lm4unUyyyHLMQoUEnvwBzTuzmlTjDRF\/wAMOBenrv8AKIH6VnPY9PL\/AOJc0ZmDEkkA8YzzUwPRmxbUM8hGOAeaUyaaW5ox58sHuOc+lYnYlqAPOVxz1zQbCEfMRtB4HA7+1ADJ1LKNuC2aLmVREAyrMeWYjk9sVeljJNotW7KU+YkcflUG0G2OQYcZ9CM0Gg3lQBxnByaAMb4gzSw+Dr942VHcCMO\/QbiBW2CXNXimeJn9apQy+pKPp955b4VuS3jXfMhV4rZ1Kn+E4xx7V9EflWpua9IrahboGG6SB2wPTIoHqaXw01o+Gby\/1dXKzR2FxFDj++6bB\/Osa0OaJtRm4T5vIwDdS2+ngKczTMFU9cknGf1ra1jG7epq69dNZWQtYcCaUCNSDkhe7UBqYV0IYYQoZiVHc8UBqZ1vKHnkAICjGaA1LSlkkS6tnMc8Lbo5F6g1MoKSs0VCcqclOOjR6to95JfaPb3ksZjknhA="} +11511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136563824,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":11586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11586,"pkt_l4_len":11552,"thread_ts_usec":1654385136563824,"pkt":"nLbQ0+MztKXvZygQCABFAC00DihAADYGILqsaXlSwKgCfgBQtISflMKw6t\/AxoAQAOsWCQAAAQEICsmhz1fytRrc\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIASICJgMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APBdf1K+GvXii9uOLh+PNP8AePvX3sYx5VofGybuyCPU74H\/AI\/bj\/v6aJRT2Rm7k8epX4YOt9cAjuJWH9aSST2IblqrnQL4t8Q3MQik1KVRjBKHBP1NevVznGVKfJdLzSSb+f8AkeVSyfB0586Tfk22l8hyahfbc\/bJ8\/8AXQ815Liup6V3awj6le4P+mTc\/wDTQ1m4rsRKT7kYvbvJJuJTk5OXPJosuxnd9xJ9QvGGGupW9MuaaS7FXfcjS9u1O5bmUHvhyKvRju+4Nf3e7f8Aapd3rvOaq3kNXvuRPql6uVW7mAPo5qko9hq\/cZFqF3nAuZQD1Ac1XLHcevcuW+pXqji7mHsHNZuK7EO66k0Wo3I5+0SfUMaOVPoLXuSnUb0qV+1zFfTeanlXYSchh1G9Xpdygf8AXQ1SiuxevcaL++yMXU2Ov+sNXyrsUnLuPF\/fA\/8AH5Pg\/wC2apKPYbb7kqX98W\/4\/J\/+\/hoaVtiHJ9yaLUb3OPtc3\/fZqLLsCnJolTUb4HP2yb8XNJ27Cu72uNOo3p\/5epvpvNPlXYTb7jW1G+xj7XN\/32atJLoOM5EcmoXuP+Pub\/vs0JK+w3KSBb+9zzdzZP8A00NU0mtENSa6iS6nqCQMFu7gqSMgSdTnA6njk1nJxirsuHNOVkN8XeLPDuh303hfxGPGllIeZruy8lXkXpmLfkhDg4IwTXlSxlaS9yMV+Z6dHD04WlJ3OW0e88CpLqdx4X8Zawt5bwNNax+Jm8oz7efLSRCU3nnAbGegIzURrTi1KUfuO2ac9E9Dnpfid4iuNdW5XUWkd8Zi85xHNx93B5Vu1diqNO8UZyw6kmpM9K0vWLm+0u3voby4CTpu2MWDRnOCpz3ByK9SDjKKdjyatOdOTi2Wlvr3Oftc2R\/tmqtHsYtvuSJqF6SP9Lm\/7+GqUV2FzPuWX1S8ZNhuZCQoVW8wjaB6fWlyrqhcz7jF1G9Ax9qm\/wC+zTcI9ik33GtqF5zi7m\/77NHLHsHM+4qajegY+1Tf99mk4R7Am+5Il9et0upv++zScYroHNLuSw3F40yAXcpP++ayqpW2Nad77m7bpeKgMtzMB3+c1zx0exvJe7uUby7uopmQXUuB\/tmupJW2OZN9WZV5qd4krbbuY\/8AAzVWj2C8n1KjanqLHm7mx\/vms7JvYpXsXLS+vcZN1N\/32atRXYlt3LDX92RxdSn\/AIGazcoroaxi2tyE6heE8Xcv\/fZq4qL6EyUlpcVb+9Jx9qm\/77NaKMexnd9y1BdXxAP2qX\/vs0\/d7A3LuWYby9B5upv++zQ1HsS2+5bgvrr\/AJ+Zc\/7xqHGPYTbvuLLf3fa5l\/76oUIvoVGbRE2oXn\/P1L\/32aiyT2NubmW46O9vSf8Aj6l6\/wB41olHsYyuupYS8vNvNzJ\/31T5Y9iby7kiXd2f+XmXH+9TUV2DmfckS5u8D\/SJP++jVcsewc0u5PDcXhPNxL\/31Ryx7BzPuWkurkDP2iTp\/epcsewnJ9yveXt8WBW4kH\/AqiUE+hpTnpuWIr68EY3XEmR1+aqUI22M5N9Gb3hnVJwwJmY\/U1y1oLsQ3LudXLqQNod9wc46ZrjUHfYjn8zldWuZWnJjuH68YNd1NK1mieZ9yGDULmMAGd\/zq+VdgfM+pDf6vcqhCzuSfeqSj2KipPqZc13eFC32mT\/vqlzRvaxvytLcggv7sT7jdSf99U3FPoHM7bl\/7XczJn7RJx0+as3FdjJzlfcW1kuo0bNxJljnO40KMewnNt6sFurtWYedJj13Gm4prYG5PqfNuvpjXr0+tw\/\/AKEa44u8Ujvk9WVNvH+eavUVx8WemaZLNWwOFH0pEW1NNXwnT86TehLRGWB5qGjGSFJOKRKIXOckk4prcaWokRNPVajtYVgSuAafMUiIxZNXcq45IyDS5kQ2TKM8dKTY3qPjOOlVcT7Eqn5eTQGwx2yTVRBMVCevansO5MpGKBvYeHHGKaE2SKwGDmkJIfuwKhsHcN+WweM1SDW5Vu7+zt5khnuYo5ZPuIzgM3uBQ5JPUtU21dLQ3DowXw1Lqs+pW0biLzYbcHc7Jnl2AOQo9a0tFL3nYcYtuzMC51O0MkdrY3VtcySMTtilJQL\/AAyFyOh7DqB1rGVdWOhYW4XtzptnB9o8ToP7PjDF7AzBDezAZi+Yc7ATu468CuTESlOK5XZo3o0eVu5w3xEuNb8beKLnX4rK4uonjiggEbB3VEQIq8ck8E8CuGLUI2k9TtUErJLQ4fVbW5sLSeK8gmt5iMGOeMo4\/A1vBmsE3USMfTbhwwiLkfMCh9D600dlWOnMj6W+Hl9p2s\/BaCW3y2oWl2WuSVO5HIAYE994AOOxT3NexSanBOGi6+p4eJg3NtjkJK7ugPT3rVM89olVgEDZyW4HH507iHPxEsgOc8H2qr6BYYXzUbBYcppsbRPbxNKcKKd7bisXBazouTE231AqbooI3MUgfoVPek1cFKxpHWFMJyTnHTFZ+zVy\/a6GTcTvLKTuxmtUjN6laVC569e9Fhp20FhgUHLYNSopGi13JZchcLUOZap9RIQcHOeahq+ppdINnPrWkLoyqSuKg5B71sZbl22kAHUUrag2Th8nINVcgfHJgioYEpJPQU0FhyR7jjtTaHcmSLbzntQhEqDJxTsIngTPamrgW4oh1NMm5KF29KBX10FbpzSBtkTDL5zmnYEx2C3WkDZZs2khbKMVqZJMT1LyXEz43SEis+VIVrCGQ\/xdalpENdSKeT5TjmhCMy6c7utaI1inYIC0i7Sc1Lir3LcmkRXMRV8jNaRJTvuW9JPIyelROJLRrKqY9sVlYy6kFwi5+U1cSkz5u17H9u3mT\/y8P\/6Ea4Y7I9CW7KbYJxWiELGBuFNgzTscDHNIRb3\/ACYpWJaBWz3qGYzRIThaRCRDKw\/\/AFU0XEYrjNOw2iYfMakVkO209RXdxwxjNDuJthjvimtQQADPWtRu1hx9u9IQgGadwHLwQKECV3qSL97rVF7MUA5xQ2Jqw9GxnIPtSbGkZOq+JbSyuBD99jxw3+fzrmqV1Dpc6qWFlUVyVdWknsILm1NrGkj7Ge8kaMIecE4HQ46jis\/rXNokbrA23Zi3WlD+1I\/Ed3rNhcSQoS0MaiZGA\/gYfeUNkjNRz8zu9TqhTio8kUzm9f8AEus61rNubSya0W2QpAkf7sqhPILd1z3NTVrSeq0sa0qMYLletx6eFNSlu2t9Lmd4j5cpjWQfuiyhgDzyPTsenWsowbdzWUlFXZ02iWF6biWK\/kVLmxXHlXdqWIzxxz8vHPIx6Gt4t7MwlGO8Sfxdf2VzpkcWnx6ei25CLugH+tz2IwV9fWnNxasyYxaeoal4s1PUvh7b+ENWsodc0yG8MrXF0m6dG2AMkcxOQF7GsJUF8VPc0hPkle5454n0p9O117WC3uVAG9FmQhwvXkew7\/jRDmXx7noUqinC7Ou+D3iS903U3tre4dFuwGVf4RIPun29Poa78PWcW4rqcVakkz1P7XHewJcwRmNX5K5zt55H4V1Xb1PHcFGTRNA4CYZWI7c9BWsGYztc0dKs5ruK5WNSRHbtN\/3yR\/jWnMRsVzDIDhlII7EVDaLsKoK0lJXHytGvoBQsA2KmUmC0OnKqLQgAAGsepfKtzm9YVVlOMc10x2MpKxQFVYgXGKClsAHGc0CuOQHNDGpWHhdwArJw1N1VVrF7SdOlvpxHHx6mnpFakNuWxY1jQp7GPzd29e59KcJKWgmnbUyse9XcaBTg\/wD1qdxNXJoye1K6J5W9ixH0yapK4rWLCN05p2E7liI7TihoSJhycc4pWsG5NCBuweaVykrlyCLIBAo5hOBOCEGCKOdE8gyeULGWU0N6CSaZDHLvYc1KZq46EyLurRGNifARQSM5ouA25kAgLDqO1TcpIZp15vk2HipYpx0LrnJz2rNswGOvynJ61N7AZ9yOTWq1Nosn00ChhPckvkXYT3oiyYmYL4xSbQKJs6IQvozVsb3zY8luahPsZ1KVth8s4A65q1oZKPY+bddkLa7fdcfaX\/8AQjXEvhR6Ul7zKu89xTWpNiWJuR6UyWaNiDtBNBHUtE4HWpbJkwjOOlQ2QPMnGMc0lZgV5HJOaYDEJLdTzTSuxliIsOM07CJ1cYwDRa7Cwu7Ham0iGhAwNJ6B0F7YzVJ3DQdnkE07jsLmmTYkUZx3xS2LumO5HWncYm7Bqb3AzPFurJpOlNOdpkf5I1J4JxyT7AVjUnyxub0KXtJ26Hj+qazdXN8WikJ+bexPO8\/4egrlULq7PoYU0oJMbJ4l1Nh5c0iTpnI8wcj6UnTRaoxsWtButT1PW7O1hdA8zkooGGAAJLZHsD+VZqKvaL1H7NRVzudQ+K95L4YudCax01FsxshuBaoJpFZhlC2MkZJatvaPlVkczw95ud9zndM8WLZ6hHJDEscEyBfLQldgHVfoTnj3qYtJsHCTXoP1vxbqWoX0cTXs7xQ8W8jv+8QHjBI646flUzvvcmKS1sWGuo5dIUER3lzGAxHn8n\/ZZSM8Um31Nbdth\/hzW7+DUojfQEgKRDbltgbdx8yjsMnGOvrWlGeur0RjiI6aLU9sk8JeCvHJae\/1KSye6jgs\/tBIIZjJsCgcZyGHTso7V6U4wm+bueSsRXw60W12eIeOPCF74A8X2cGpIIo7iMz2bK2d0QkKgn\/axjjtXG6TpTsezCtGvT54nceB7gXGjN+8z5crDbjAUHkY9Qa76ElKJ5OLTVQ3oQXQDd0O0D1raUuVHPCPM7Hb+DLe3MAwwGVw3r9K4J4lt2PQWF03F8VwWucqFDAckVtGblE55RSZyjqO1CuOSVgjYo+VJBHQg11Rjc5GtTUi1O48oL5mR2zUuCHzFS7mMkhLHNXFEPVjbSMzzrGONxApykkilFvQ6eXQ1W0wEGAvWudVrs0dK25zMqeXMU9DXQZND1XjkUCLtjEpjLHmpbKUbl\/T7wabOJQuQfvYpSjzIpPlLev69bXViYYQctwSazhTlF6lXTOZB9K1QrACD9ampPlVzWnDmkkS22TzXlurUlM9T2MIRLSgivWo8zjqeRWtzWRLCCTgDNa7GJct4z+PvTuSW4oiRSC5Yiix2rJmsWW4dqjmlZsJNDbpd68ZNFmgUkQrCzAgg4qkiL6iRWu2XJ49KaC5chQYqrmexBq0wjj4PI96iTsrlRiVtPkMwIbpUqV9Qk7E0UBjlL56UyeYsxzc7TWckyZMsoheM8Vm2YXsUryIqT79a1g9DSIWbrHy3Aq5I1ab0KmrXyq3yuCaSHCDuZkjmY7s4NaWTRuvdLdlJ5KgZye+alQtsZVJuZIbgsTzTtYxSaPCvEKga7e\/9fD\/APoRrzou0Ud8nqyntzVXFcliXmhEtmjZjCjOKGyWSyHnHFQyADDHXpUvUQN0zkVSVkJEbAE0g0uNUYPHGa0TViiYMQeo4piF3c9aOgChj0pCdh6k+tK4bD19M0bCuhwJzVJhcdGxxTGT25Xcc0O4JaiynJ5PSgl3ItwHHSlZlI8x+L2pPceKFsmkIgsogpUHqzcn+n5Vy1XeVme3gadqN+rONlG0FiOoyai7R6C1djZ+GXhC88X649rAwjhhQyTSMOAOyj3NcmLxMaEFJ6tnZTpOo7I9i8OfCa20fTmvZ5ZHu4o3MBQ4MIx0z34z+deLPMakpXjodccHFK8tWeaa7oFq3iS4ijXahBk2kcjCkgfj\/SvSo15OmmzhqU\/eaRzV5EV+6oOXyT\/P+VdUXdnCprYJc+Z58YK4A4A\/A\/0q7aBF6WCa6EzGC4RVKjCODjbTt1GotLmiylDeXtlcbllbcp\/jOavlTOhxjNXPRPhr8RbqyjjtLvTbO+Fm7T2ayBgBcNhRITnkKM8euK2hVlHQ4MRg4yu72ub3jCQ+MvhjqHn3EN34g0S4\/tMyf8tJYWZllRfVQNjkdtppuSqxd90KjT9lUVtnp93UX4RNHceHzOhXex2mMHOQDx+I5+oIrowrTVzlx8bWOrEu1hxtGcke9dU43Vjzoy5ZXNG01OWH5onKnHauJ4aVz0Vi4co261C5uPvuTXZCCijhqTcmRox6+n6U+VXuLmbQ9WI60+ZXsKUWP3HGKtEMGz1qriJrCXypw\/8Ad6VjUTaNqbSZ0ba239nGEvjIx71yxjaVzqnZxMOVw7lietdaZxz0FH3cCmQSwz+Scdc0rXNE7Ed3dlzjsDzVJENpkSHPemxpj1XJz3pJBccFOfrSlFNWZpCViaLC89h2qI4eKdzWdebViyrbhkV0JWOR6lywizg1Mi0jSjiym4AZFCZMkTwL04+tVozIs7F29MGpaHcQA9DVJWQpMlt+T0qZCWxOI1IzipuJtkUygjOOKZSYiqQhODikEtzn\/EczK2OeeKyqvSxvTimix4d\/1AOeaKSsiKyNQEHr1rTU5+oiqBJmpewMuwvhKycTPl1Kt+wwSeOK0gaRVjLupf3TbTyK1ZrHc43VtQnXUPLIIGeua5ZNqR1wScbmpYzt9nLE5rqj3RjLcguNTkibnGKyq1eU1hRU9iCLVmlY4Oce9c7xdzZ4PlWp5j4glX\/hIL0Z6XMn\/oRrJL3UZyWrIEbPOaZDRLFgnNUiWXYW+QdqkkJHI79aSEEbj1oaJH+ZxikIb5nJpglYA5IzRsMdnjPrVJjHp0ptoTHihMVhy+tQwJUPy\/8A1qZLihcc4oHYFyGo1GSLkVoK44HOc0EtjQNzc0ylueV\/FOwVPEGoXyvlXlRCCP49oLfhjFefUuptI+gwUn7OKZylwfvMTkZA\/DFCO2C6H0z+y54UWw8DwXsifvtRP2l8jnB+6Py\/nXzeOqe0rPy0PbwkOWnfuevNpEc1rJGQFEiFSfTIxXGkkzaT0PmH4jWLaVqj6gqtstLlrW7Q9VU8Bj+ORXq4WTl7p5leNvePN523KY8g7X7elepBdTzJJXuMtZFTcrcqRkVrYzmm1oMu4on3PjbkcUloVTk1oVchYwsgR1zgHIJWnc6bdVudX4DuNCsxdR6u7QwXUB8t1j5LAjgSAHGcdgepohe7dznmpyLi+IoINaZrIpHEI3WJY4gkZh27cMMZOckZJycgmq9o4vmQ+VW0Nz9nl7V31LTpXlUAMFABJQg8OB34BB\/CurB25rnLjotw5juLqNkYEkE5KHHqP8RzXopaHiiQnjGfpSYXsToRnjrTS0Al52cEVLLgNBOalI0bVhySqp5onUsZxg5MvW08LpggVmqrZo6dkNnRUOV6E9K3WqM1poNyT0NZs2THxjoTVRM52ZKWIOauxlYZvJPNOyC4igk5xQIkQc5NFimSpnOaYrkg9vxpWKXkPSMsen5VaVhtdy5bQnPTjNUQX7ZfLHPFRJXGnqW45l2beMmoW45xdixAc4q0rGDvsTg8UwSHIvPNFwZMqhASKi+oWJASVyTSFYgeQBgD0HWm1oNeZ2XhJLC7sfLlWLAGDkDNeZXlUjLQ0VmzlPiJo1pDcGS26dxW1GUpq0h6x2Ocs828eBXZaxLRo2soZMueTSvqS4CySBW60ENCi7CjlqXLcXKVL68DDg1UYlqJSEgYEbsD+dW9DRIyNVsopJd4x1qHG5afKhsa+VBiqitbEGbq1v5wzuIFY16KkrnRQrODKmm6aSWwzdPWvNWHaPQeMTR59r+Rr97n\/n5f\/wBCNbQacUckt2Rp90UGbLEHYCqtpczkXYfuCpZOrQ2c470kJkYLYzQ2LyHCTI9KQrMRTknnpVDsSJwvvQSx4JzmncvoKH7elTZkpXHq+fWhJ3CxIjH0p2FYlQ4xSAkB5oJHA5OapDQvOQe1WvMloXOD6UAkLu75oY0cb8S9KebQpgg3SPOboZ74AGP5Vy1IHqYKu+dX22PN9E0+61fWLfS7OJ5Li7mEUar1568eg5rnqVI04OT2PehBykkj7o8E6ZFpuhWlsoUJDCsYOcDgY\/pXyjd3c9uPuqw\/xP4p8MaPEYr3xBZRT9oUfzJM\/wC6uauNKb2REpxWjZ4B8UtX0q91ye8jSWWz1CMwagmwjcvaVc9wcGuyjTmtOvQ5qjizya\/sTaXbBGWSOQYV16HHcfUV60Kl1qeVUg0Z7IyuQOua6E+qMr9yS1eF5jHc\/KOxxytD0V0HLbUq3UJhcERg4zyf4h9O1Lc2hUUtLmlollLe6otnC0tyGIeIQJu5PHI\/h9x7VMXdXaHJNaoj1xWGuzRJwEwqlGHzAt1wOmcdO1PYmyjG50PwevDb+OHhWWSJzMxRhjPHbmtaLcJxkY143pfI9hmkWWV4fI2yEYVd2OR2+oOce3FevdHg1Iq5XUgDPT60Ix1Hq2eQKu40SK5Ax\/OpC7HoN2B61Wlik7lkWi7c4JPrXJVi29DqpWRHHG6Pt6ClCmwqSLMoxHxzjrXSrI5+pHuyPSm0hczQ5ZD0NFkJybJkO7oDSuJ6oVwMjiqQAAD9KBjxmncRJEpJxjrTQizFFj61VhpluNBxgdqLFXLVv8vFNiZITxQ2rCW5Wd3ST8eK5al09DsppOJqWEm5BnrW0XdHJUiosuqe5qzMmhAYgZwahysJnQWfhxryy3wykPjPPQ1zTxKi7NAjB1OG4sLgxTLyD1reM1JXQ73M+SbOfWrvcOUZDdzQSCSKVkPsetS0nowsPv8AUbi6AEsmRUxhGOxS8ynJkjireohsUjRn5uRStYegPcljnPeqWwmQyTnoec0nZMSRWnkJ6n8qoZCk2G60mNaCTuCuMjNSht3K7gkZ7DtTW5Jk6pd+TOEzgHis6skkaxWh0Hh+GOS3yO4ySaqLVtjOUmmeN6+h\/t+9GMAXEn\/oRrzYv3Udcnqyuoxgcir5iSzbc+1V0Ia1L8ZHl4xUBaxFOeMCi5m3roMXlakl7jcEdRTWpV0KnXOKbESIDnOKOgiTb8vFK4gK8DnmmmNOwq8H3q0Nk0Z4osSSqc8dxSYhQe1P1GKrY6dKVgHqxzxRFiHAgirAUcfSh6gZXixGnhjj5OQVOOdq9f6VnJdjpw7szg\/hrpE9x44W3g1L7DK5lWC6PGHUbsZ7ZGa8fFz5KV2rn0mH\/eyUU7H0loLaxq\/gKbw\/qExe7gi2vNEfvrnhga+f5lzXR7sYtxtLc4mbQ9C8Ob9Q8RXDx28LZkfksT7d63VWpJ2iS6UYq8jePiT4eXcMSxRq0DNsjlntiFdu4VumRScK8XzMVN0p6IbrPw18NeKrAnTYktJHGVeJMAN9BWtPEziZ1MPB6NHlPjb4c634eui91ZtIqcbkHDjsR71308XG1m7HFUwll7p51r9r5N8Qm5SOSD2rvhO8Tli+VuLHaUl7NdxW6w\/aXlcKkYGSxPam5KK5noQqcZytDc9o8E+EILbT5dsl6wAIvZNKaON7cjA4LDLlcngYzz9a855lKL20\/E9allUajSlL3vwPMPFnh+fQPHNzps0kc4t2EkVwows8RUMknPTKkcdjkdq9CEozipRejPMxlOeHnKjPdaGd4Tna28XwTxyhiZgcj1J+7z+VaKWlrA17qR73qXmtcebJIHYhfmz8x+UYP9Pwr1IpHztZe+0QAsSS5JJ7+tbHOlcliyTihsryJxE+OhwOtGhLTJY4ZdoZUbH0qJztoawimrk8M0u4Rgcms1I2Whfj0m6mj8wct1xWikupE02UpzJG5jkUqy9Qab0M46kXbNJMUktx0Skt64rQSsXbfaBUsbGy7d2RVIliIDx6U7AaNnZF1yR1oRSQ9rbyX5HXpVomRKigU7giRTigqw4HAzzTEvMehLf\/AF6TC6RMsQdeahq5SnYabpLaUKTih+6VyOZp206ywqy9\/SmtTBpp2H+cFPHFJoRtaF4rkslEMgDJ6jqK5a2HUtUCRX8Vakt8C8RHzVzKUoaHTSpJkOhQI0eXUHimqkmaThGOhj+N2EMRkQY2jPFaupKMbodGjGcrHP6PrAmYJJ1pUcUpO0jbEYE="} +11557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136563848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":13026,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":13026,"pkt_l4_len":12992,"thread_ts_usec":1654385136563848,"pkt":"nLbQ0+MztKXvZygQCABFADLUFpdAADcGEausaXlSwKgCfgBQtFrv1dsDOBd56YAQAOsbqQAAAQEICsmhz1jytRrT\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIAQQCgAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APFrvW9ct9Tm86+1OLEjbROnmL19eDXiyaex9drt+hZg8S6jtDPf28vH3WZkP68VFimkxLvVLa+iKalocl4uPvQuJP0zWsedbSsROnTkrSjcqQweF\/JBtr\/U9KKnIQtIgXPXg8AVXtK32tRQoUEvd0KMngKLU3FzpHi4ylzvBaXdvP5itFjJR0lExngYz1jIz9T+Hnju2uVuYJPtaoxOVuGUj8Dnj8atY6m1Z6GTwVaOqszj9Y8OePdOumZ9Pv2DHL+XLuDj8DXXTxNCS+I86thcSpX5DM1W71m1n8sJfwoAMPIHBzjn\/CuiPLNbnPKM4vWLG6Zqd1bzhpbm4dSPvCXO39aJR0sioO25evfEeoaXew3Vpq13BdLEhiltrh1ZCOQ\/B4PNZqHMgqSSMpvE\/iO8vjPqfiLUrlywbfc3TyZYDAJ3E54JH4mtXtaxhFtO7LMmp6g0Dpc30oSaPDMzHKt7c8dqytrdG91az6lPwxcXU+qIJrq6kij+Z1E5XcPr26VtVd4mVKClLU9A1LWrm28JW0T6hfeZcRmWCVZcqmXyNzZznH16153I3JtdD1oVFCCv1Oa\/4SjV18QTQR65PFatO0rAsWQgjGSB6jrWypXpptamNWtaq1G1i34k8ZapPZW13LqH2qS1l3GKTI4IAzjPsvPtjtTpYe0mkZzrppMd4Y8YeINS1KPIe4dd0kkvmNlcHKnGcYB\/SipSUIvUdKu5taGjrHxD1nSdSW\/aW6Pnb2RkOFDldpU57Y\/KsYUFLqa1MT7K2hFo3xJubrybd5r0pC\/mlBJwjFQrYJPOcd+30pyw2tyY45SVrC2vjSadpLA3UkD790aNK2D\/ALQGcE7amVBpcxvQxb+DY67QdSn\/ALGEaXbyJy3EpYsc54PrXNKmuZu52KbcU2ibXfFDabLFLFqUkUs8g8qIOd5wnO0Z68d+5qFRlO9jSeJjTSUkRy+P7u90uQ3eoyJ9jmX52kxI27hcAdcetVHDyXU5pV6c9Weg\/Az4hXPiLwV4g8LQzxtDo8P2kygMJC8jqmOeMfKcY7k1jiKE4Wcup00K1Kd4w6GJ4+8W\/YvE1rpU0qCSGNLj5pD5jIU2kBemO\/vU04Sav0Km4J8repL8SPiTf6sv2LTbiXQrjekh2Op+XacgAjGW6\/hWsU9mrowcoXunZmAfE2mQyaZJbeL\/ABRfSzKTetOiKQxU7FRFB6HBycZFaKP92xlKeukrm1c6\/wCFb\/wdFPFrGtL4oO1ZIZAgtmwRnkck9Tx0NRVTOihOz6GG0tx9lvYzcToPNQSIZjk4Xj6A8U4zdkKpCLkzqtJ8a2yeDptJ1H7e04uDMkEYO7HlIm4v7kHiudRkqnMapR5OVkkXjCyW80eWC8ns2tdUFy\/kMzsIwVyQcc9CfrWrTsyIQhdXsXfjJ440fxK+grYa1NOLGEpctKWUl\/MJO7jGSMfSpw6nTurbmuKUKrTViLxR4i0zUdas7ufUZpIrfTTGDH86ofLKhSW75x+dQnKO3UUYwsJo+qaDY\/s6+HtLvbqxOp28sjXllMrLc7NzfPI\/oQRgeh9q3lVlKd0cvsoQVmro4D4beJXi8cfY7tp7eCPTrj7O9wfvuZg\/K+oGAD7VrUi+TmXdG2FrwT9k1Zcr+9s9P8G+IdPk0fWrO91q3hW4aN4yyuxnZCc7MDC8ECuedSV0RGCZY0DxHp8Hjm+1OW6+zqxh8qaRSyygMm9SoBOAAaicm5GsYw9na2pz\/wAe9UbXn8bQaJPO41Fl\/sv5iiuAyliM42YAPWuqnNKUW3scdahzU2o7nk3hu11SLVo764vCv2XmNxOW35GCCOmBnr\/hW0qvuNLqKOG\/eKb6Hd2msXcfhOWL7S6tuk3FnOPvdc\/iK86pBudz0oTjGFjS+G\/jF9Au7w6i109lepsmEMmDlQcDJOCpBOa0lJySOe0U2dus82ofs\/Lf2F5II3huFiZTzgMwxkflUSk+a7CEUo2R5XpnijT7nT5SNTnD3cKK2L8KYyqDIIHB6dOK3\/eJ7EOdK17leTxhoy6MlpLqizRyzh4zJcsQzbAu3APXjqaXJVcthPEUVCzaJbv4iaTBZNF\/acBt0iChIwzqRyfToMnn2NaQw9R77kyxdJaK1ipp3jiXxBcM0WtRzSwNhkUmPCHByo4GM56VnUoulurF0sTGsrRa0MbXNbESMbm8mdMjBBPJzyMdvargrtEydlqUIfGpsvJsLaW+kRCJfs6vld2MKWYdWHrjpXSqLmrnLVrRi+Vlf\/hafiHRdYuporzVbS7u4mguyuE86JuSuD0BIH5VawblHe6MXjYRlqncrW\/jC9i01IrSea1XBcBnALM2c5Oc++CaJU5N2bBVqaWi0K0HxC1ZrqKEXs8O2VmZjHuILAK2eSSCB0\/Kh0JW3BYyne1hL3xNqEMRnt9QvVmUBgzEkNHgjGS2cYJ4pqk3uR7aMXdGpZ+IDeeBNGiXUipt5p4JfnKurFtysT1KlTj2xUzTU3c3hUjOCscj4xvr0ywSpcTJuB+VZmwffmuijLdHDi9ky74G1K5fUrSNp7qdFJDpFPtfn3HOffmnU0iycOk5pG3qp1dtChhsIzdyvdMQ9uzyXGPRlHAX371zxq3lq9LHdUg1TSiru\/zJo\/CHxEv7fy7LStQgW4bpcTCED0zk8+3FNYmindy\/UyeDxEvhjuXLL4UeM7SYDVfEun6ecbjG9yZWP4cc\/Q5onmVL7KbKjldb7TSOx8KfDPTG8RQapP4z1ad7WQGKHTrctHgfwqcniuOpj5Si4cu52UsujGanzXt5F3xbd3elX81jI91GkJwsTtslnzyABn5V7kmuON2eg0krWKSG9Nkb3UJ5DJNjZGrkAD\/ZGeg9TTur2TFyWV2YuoXAV87X5PGbnv6VspO25lKMex6x8LPghqmsaXH4g8ZSyeG9Gdd0SSuTdXi+qp\/Cv+01R7SSV7iUI3tY2vHHxf8AC3gDRE8PeAdMhMlsCvmt84V+mefvt7t+ArJKU5amjkoKx4xrU3jH4iT6deSa7MqXVu0927SkgSeYyZx\/E3yjr+ldt4YdXa1OKPPiJOMdkT3Os6f4L059G0O6uL+\/cg3F08pYeZjqx6ZHZRwKySqVpc8tEdUfZYaPLHVvczdHlv5L2TUL+4uZ5yCfLSVSzZHOEJ5PsMY610Q9w460udFe8ju28ySz1E+UG2xjzHIc88BiBg8dPXvS5bvcFUsrSRz95q1\/bz29wlzPuSTIBc4PHIP8q2p6E1NVZo7CwMOo2MEdvdXUaSwt8rSl\/MXbyGz\/ABJ\/Lmom+pCje6ZyPjTUZxqdtpgu2t\/O2FrlpGLPGPulznBLEbicdMVrTqe62YSjaaRvaLo+kbluLnxA86qCxRX2h+OmOTj2rD21S+iOp0KVm7q5qrqGmafC00Wqy+dPhmZZ5CCu0rnIA6AdB6GtVOfNqjGahy2TLf8AwmvhLStuLW8uP35Z4RFs8zj7\/mFj1PIG38awlTrT0bNY1aMLWiSv8YN4EFlokkcYBOZbtjtAHHCgCpWDaesjV43T3Ymbd\/ETXN729obOExRqZJJsZD7gX+Yn36gHOK09kjn+szfYgfxH451dorfQtS1SWI9UjBjMg5JK4A98g9OPWlyUY6yQ4yrz0i2XLHwV8S762ka4YW7zsGDT3WGbgjBxTliaUdjSOEqt3ZTTRrWOdrXUPFMaXttvE8Mc+AAW+8rNxweNvUdaXtpPVLQXsY3tJ6nU+G5\/BFlHFJJYalq08TZTktGh93fAznnj9ahuvLZ2RpBYePS7+84Ua3rxv5mUNKm9hlJFfAz3BORWlSlRNaeJqWWhZt\/EU8swhutMhduhEkWM\/j0rneHW6karExbs0XVnsmYO2kTwlhgPDnj8qTpy7lqtHsT2clu2AupXUQ3BWDxbwPbnAJwelQ1JOyRakmrmvbadpkjBDqZx2b+y15\/FZM1MpPqiloXzo6wQGew8RCJ0xx9olgBPuCGFJVE3ZoG30FWPxd5eYbqG9UDJAnimJ\/kf0o\/d7A5PsQifVVIXVtGICn5mFoVOPqTijlT2YnO+6LFz4b8Gak++5htGUjlns+Sf+Akn8aSxFSGzf3kOlSe6X3FC5+FHw\/vo\/lazRjx8l40Tqf8AgWPyrZY\/ELqZSwOGlvEwdW+BugyZTT9VnUt90tKGH6A5\/Oto5nVXxIwllVGS91syNX+C13eCKNdeghmgjWOOOT5lkA\/jLDuee3atY5jFO\/KZzyjm0UzGuvgv4vsJBJY3thdOmCPLlK\/hz1rZ5lRkrSVjCWU4iLvGSYnjPwL48ntbO3ttFZ4obfbKkDry5OSeTSoYrDptthiMHinGMYx9bHKp4Q8Xaddqbnw5qMSE7Xb7MZAq9\/u57V1zxNGS0kjiWExEZe9B\/cdRfeBri8eJvtsEFnLs8xZldJwo44BXHTp+tcX12ENLO\/4HestnNJ3VvxMi5j0zw94nudDhuPNgM4WG6fG8DAxnp69q2jOdeCmZVIQw9T2d9CtruseVdy2kcdnM8cxZt1uHVTnkc961pUkveZjOtryrUv8AhXWZ7lPskCWqTO5MkcVsiF0A4PA7VFWCTuVCrzadRsOt66upS2ianG65YXBS3iPbjkrnr6UnGChexdF1JVOW+nU6nwpLFb6QsYaKaVgZeDje57Njp9B6VyVEm20ehSlZWucb8ToJbvxBFJDFjK4wpyA2fWujCSUYu5xY+M6kotIv6XpkMFhBDLFMEQCNx5o3ZYN8y8cL\/ifalN8zdhQpcqSZ6b+x7pT22l+NkJwD9jh35z8u9j\/IVy4+fNyHZl9J0+e5yn7RCsfjQ6LO0aQWUSsUXdkbTxirwtvYvTqZY6\/tlr0OR8T3GoWtn9si1GVbksYbqMx5+UgYO45yfpyM11U1Tfu2OStKajzJkPhTVtYklDf2iVaBQsSpGNxXBycgc8dc06tOC2RNGpUluyprup3dhqKizvo5kwJI5Y0IOMcoScHHPT3rSEIyWxFWrKMvdZ02j6lrUOimT+0bVHkTdIzH5I2wdoPHykAdM44965p04OWx00qtRRu3qdr4o+E3jzQfD2l67D4ksdSGqwW0yQQxP+4MqGQty2OBwT054rF4iim48pusPiHFSU73Oa1Kx1gAw2up2sssKAMkkpAeLknGMFuf4vY+tNOK1a0H7Oq3aL1IGtPFOnBBqH2RBGiuJPPYs2fmQYPB78Y5pqdKWiuU6deHxW+8dpcviPV\/F+naLpGp2wudauRBBNJKSsUpbkMADgcdxx2pqMFFyktjFzqOSjB7nS+LfDHi\/wAGXMsGu6to8i3Fx9ldra6dosY3YYsuQMjkis1OnPSKN3CrBXnY5LSbDxVqmo6r\/ZUtkJNOhMlwzj5JR1Dr1yfTt61rKdKnFKSeplGjXqSbg1dG7pfhzxXqGi217beJLCKCMb98kjPFGGIViwUHgk4xyelRKrRTs4lwpVpR92WpH4H8MeNdd8SSWEPiBZII7grJcRo5UMS20L0I5XI\/WplVoWuogsPiE9Z6G38S\/g98YtLkmlTRfEeo29xbCS\/uEsX2xluuWfGCOhxW9NKW8LM5qslFaVNOtjnPBfhjxXpzSy3k5Fpa2qXM9u8gbbAx2qQBwfmxlQc1lWq03stTpw1OrG15XX6GhJPJ\/ZkyQTljG0qq2zac9RxXI1eWp6MV7rOY8WLIbOOC41C5MDhyHSP7suM8jI9OvpXfQXVI8nFNvRvQ+vv2A\/h\/aeP\/ANluHSNavdQ082l5PABbbMskh3hvmB9eKU6EKtWTv2MVi6uHpQilvff1Pmr4rfDPTPDHxH8Q2\/hmw1mfQNJvHtP7W1C5jZLuRXKs+1VGBuyAOemSa2nVtaCZFGlKSdRrf7jnfDHww1TxxrM8miCG1gijUzNLvl\/eEdBgAnI59qUsSqStLcuODlWk3C1jutE+Cepra29m8tvHJtZVjNhIxnI65BPBJOOP61yyxfVI6Y4OytdHmnhTT3sPipd2Fuz+VpzywTSsoAQjgjp3IwM104icZYdOW7McLFrEtR6XNDxxMqWVxE0uAxJWPdk5BzkVzUl7yOyu1aRj+DrJL\/XnsVuBB9rUsBIpMUixgs2cfxAZxXXNtQ9DznT5qllpf9DtLr4PaxdwxXCagVAQcrp80hZSBtP0\/Gsliox3X4mywU3bX8GZfinwP4ksH+yadpmrajKyBvLTTHiXceM5PWnGrB6tpfMVWhUWkU38jTl+Dl\/Z3OnTy6zPG9xbs84\/sokwPhcR4LDdnJGeMbah46DTVjX+z5XTv+BFZ\/CrUNTa4tJ\/EOlae0CnGWDmU5PBAPy8c4BPJIpPGwTuk2JZfUenMkdF4a+E+iWNgbSfXp7qVirs9pbFk3AfwgjnOfWs6mOlJ3SsdNLL4wjZsuN8KfB4kEk+natqBXLM15eR2qZ9MZBrH67U6WRo8BRl8V2anh\/RfBuhxiWz0bw1Y3Ck7JGlkvZsD02cfrUyrVZL3mzSnhqEH7sUjUPiOyjjNrbX94fl3MdP0qO3x7AuTn61nyye\/wCZspRWiKtxr0iHMWl316xxh73UTwPcKAPwzS5VfV2Bt+pDb6jqY3PBp+iWLEHJhshNID\/vPuNNOK3DUaZNfeVpLrW9SEOB8nmCFP8Ax3GBS5obJB7\/AFYrR6Q9pI9xc2zSlflllYyuGHK9skfj0oi5PQdorVkPhvSdY8R3qWGk6fLqmoXZAjihAwo\/vMTwqis7RT3E5aXPXdH8O+BvgzarqniK5tdd8UrGZFDANa2GO6ofvMP7x\/AVam27JXMntduy\/H\/gHifxe+NXiLx5dXMmnTXMtmW2iUMVJHb02\/zx6V0QwzjK89\/MwlXvG1JaHLaDo9jqFraatfXNxa2UKl7lZvl8189iOijH1JqpycG4pajpwU0pN2Ru+LXuF8MWs2iZsLKWN4p4MCKTaGyu0dTuySQOfWnytxXPqyVNRnJQ0TONiCxEEIcKwzx+f41cbmbVjobNJrVYCYC8Udwv7wlnRifuvs6YIP3vqOtaGTad9SvqSCG3a7i8lELjEYURup+YDK5Py5yRjjios7XC93Y5nWCrQxcEBp1B4B6nGa0pprRhUdo3Ow0KF7eONEgeWGP5QnzDaeck7gpyQT7YGKmSvoS27XsYPjWO2ne5aaJA1vIQhcDMTHoqtnOD124OPUVpTlZWM5q9rlO3tDOEMcMk5dAPLAY4PocevYilzFKm3sjqdI8K61dA\/wBnWMh+yI1xtjQlYh\/HIQx6Dhe\/enOpFLRijTbex0L\/AAm1S58RPaa7dxaQltsWa5ZQVtlkHyjrgjJxn+HPOKzdf3bouOHk5cstDWvvhx8MNBs2afxV\/al1HgrHC5KPg\/MpKDAzjAOeKyVas3dRN\/YUYqzZltrXhC2WBtO0eO6mhu0dmutqgIud0bsjMSzZHTA46VVqr3ZHPTVrIzP+E81mTUn\/ALD0ZYp1lDsLaz2hMBgCzElSSrYOAOgpOjC3vMca03L3EVNQv\/GmrZivtQeEMclPP3BfXcQQq\/rSUqMdkW\/bzXvOxT1KztNNtrW4Fwl+zlgXBIHb0xnp\/wDrrT2sW7JGfsbatlO61qPeGt7Y+YBtBnO9FHsgIFTCH8zKlNR+FGjqbawb+5DWDyZkbDK8Zxz+BquWm+pfv22L1tFYklLyxeZMH5fMK4Prkf55rlk2l7rN4qN7MakMMEz\/AGaOaNG+6N2WXjHU44yDVc2lnuWopPyLljYfarsZ1a4hDrndKmccdCM\/hWN2jWy6Gt\/ZF7ZRhoZxeqOS1uh3LnOCRjA4\/GpclJBZplF5mldkknbg7ShOD\/8ArqlFJaEc2pb09MOQVjYqBls\/55qJGiJo72dr5Yo9bvbSLZh3t5SQDzjA5Hpnp3oiklqrhurF6Sx1KcAQ+J7efByBd2Shj7EgDinGUOxPJLuTRRPbRONb0AyknMdzYqwR1OBngnHTjOOvSpbjf3WNLTVHIeKfF3g\/TkjIl1GzlkbI88F1xg9NmTmumnha0+lzGriaFL4n+ZseDJrnxDLdCwltJJbXZvWQHcA2cHBwQDtPPcg+lc9VeyS5up00KiqX5ehuPp+rxrt+wQttJzskx\/jWHNF9Tosyu66tbsnmWF8rAnmOQMPxyKuLj3Jt5Ekeo3hf53vYzjlWhBz7cUpWGh1zrzrsWeZEHCqXt2yT78URSewNrqV7y50e7XzLqz0q7GM\/vrdcn8xxVJ1I6RbRnKnTnukzE1LR\/BFzN++8K6WXPO+KMKc\/gRW8cRX6TZlLB4V7wRnx+BvBsU6XNtos9rIrfI8U7Ag\/nVvGV9nK5j\/ZuF3UfxG\/8K+0F41WNbyLLdFlByfXkGnHF1C3g47RHr8O7CK1uIYb65i+1hR5wVC8WPQ479801jL6cqM5YBN3UmvuKkfwtOGWPXpJBncGu7Ndx9sqwpLF315fxGsHOKtz39UWz4H1lbEW\/wDaOmzLn5S8bqwHcbgT6Cn9Zg\/hTCWGqaPR\/edF8ONOvPCmga1Zm3tTLqMsLK0Vw2Pk3Z3bh15rGrVU2tTWlTcE7pHCfE\/wj4q174jT+INPFkLeZY1aN7kZIVcEEEfWurDYmjClyPc87FYStUrc0djltd8AeOr+ZwltZeTuyI0vVJ+pJ611wxOGitW7+hy1cDi5XstPUl8MfC7x6tx5Z8NmaMAsHgvIw6nHY579MUp4vDvRS\/AmngcUvsaeqKWp\/C\/4lt+8vPDkm1eFzPHx7da2WKw6+GRM8BjJbw\/I2PDXhbxX\/Y8\/9peHdQRkdQiwsCJM55A3fwnOfqKwqVqV\/ckjoo4er\/y9g0eoeP8A4g+I9e+H1joOl+BtdtbjTxAJJFh3LIIo2RuMcbt2fauGFOLndyVvU7pTcYe5F\/ccNban4t03wpDotv4F1Sa3mlaabzLDLqSNoQSY3Fe4GeM11SjGT1mkcsKlSFv3b+4h1uHxPrU6KfBPiK3UiJNxtidgXgnI9\/0qKcYQ150zWrWlUVvZyXyK\/hXTPFGh\/EnSdWk8H63LbaTfrc7Y7X95KATyDnHOa1lOLptKSu\/M5YxqRqJuLsvI7T4s6hqnjK8uGsfAfibT4k8+7cXFuu6Z22gJlT7cYrCgowd3JfedFecqkVGMX9xh\/CxPFujL4jgvPBetzXmu23kW6m0OBkcE9+v86eK5W4cklZeZphXOCmpRevke7fsWfDTXdcN7J4gtdV8MxaPDHFDIIkDTTs5chVkDAqq9cjqRWkKEKzcr6HJiMRPDJRS1fcZ8e\/h9p\/w\/+I9tB4P0n4geJvEWozxXt5dxWqmwslebJDCOMBmIJO0EAAjNFTDwhZLciljatS7lZI9+\/bhsdQv\/ANmXXrDT9JvtYkuJ7WNrGzVmlkRpQGKgc8dc9sV2V\/g3PNw9vaJPY+T\/AAJ8DPi\/4s8H3mp2HgvULRfD2lR2aWmoS\/Z5NXIOSsQPUhQCQcA4AySa4VRlO7W17nryxVKlyx628jX\/AGLfhJ\/wlfxln0v4k+HYbrRm0q5l+yPeqGSdWQDIjYMCMsOadGNOU7PVjxdetTo3hpf0On\/a++Fnwk8J+PdL8O6Z8NtR8u60r7U9xYeIXtYwfMZcEPFKS2B1yODjFaznGjLY4aPtsQmnJHbfsx+LfCXw4\/Z48Y+INN0C+0q20W6iRLWbUTdPezmILEqN5S4YkgH5T61VGpFxlNXDFU5upCDaenQ8jsF0GL4cXGsT+BfGMmgxztFeXb64ZUWaQlyrE2\/OSx5xjkDvXK+WTc1F\/edkPaRiqXOvuPYPiroGk+B\/2TdMtfAC3GhGW7sp7aeMCa8JmIeUliMuxB57ADoBXRX5fY3aOPCzqPE2v3PF9X0vWtXlhu77xb4qvrmAZVrmOOLyh32knjNeU6i2R9A6d7Psc7N4M0YtcB47iOW4kLzyTarBC0rHkk7eapzfqHs4620uZ8\/hvwQm9Li10iKVfkMtxfSXGQO528E="} +02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136563855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385136563855,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7ZhAADYGaKmsaXlSwKgCfgBQtHgmuiQMUbJfToAQAOskjAAAAQEICsmhz1rytRrb\/9j\/4AAQSkZJRgABAQEAeAB4AAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIASICJgMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APvKRyGwMdB1UelMQm9v9n\/vkU7CuSBjjt+QoAXcfb8hQAbj7fkKAFDHHb8qADcfb8qADcfb8qADcfb8qAFBOO35UWC4uT7flRYLhk+35UWC4ZPt+VFguKM+35UWC4Z+n5UALn6flQAZ+n5UAVtWhW50y4gYAiSJlxjrxWNeHPSlHujWlU5KkZdmcx8J72WSwuLGbGYH3KCBkA9RXm5ZUvCVPsevnNJOUKy6o69T9Pyr1E9EeHfUXP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XAfh+VAXF\/AUBcPwFAXD8BQFw\/AUBcPwFAXD8BQFw\/AUBcPwFAXD8BQFw\/AUBcD07UBcQHnt+VFwuKenagLiZ+n5UXC4A89vyouFxfyoC4mcelAXGPMiDJKigGzH8ReKtJ0iBpLu6RcD7vVj+FUTzjvCGrLrGmLfou1ZeVDIAQM96Aua4PI6dfSgdx\/4CpHcPwFAXD8BQFzP8R3IttNlkOMbT2FY4iX7oZ4f4nk\/te7NpHLIhDE5XFfKSb7jLBkk0HSQQfMfgYIzWEm+5Ri+KPFcml6Wbt5cueQoArSg33JlI4mz+MAt70C68z96TtJTgVvyzkY+0Ox8H3V3r9294t0fKZflHpWclLuXF8wx9Lmg1G4+2TF4C2Qx9Kz53Hqanmnxtu49KvLe+tLx1ROCobHWuvD3mtzCruP8ACnxEvrqW1WB5JPNIXBXIFazpytqRTlqdh8OtY1q1+NWmW97bFY7xiI328fdNVg7e2SudB9H6PLINTuVJXqD9wcV9KSbIdsfw\/wDfIoC4ySRicfL\/AN8igCGSWUcqF\/74H+FSy48vUjiunMhBC5Xr8g\/woKlHsTPc4jJZkA91FBBxfjr4maLoKzW8UqXV7FHv+zxKpO3OM+lRKVioxueXL8U9bvrj7Vq2qWumWjriKGBVzuyeST\/s1nds2SsfRUv3\/wAB\/KutHKwoAkHSgAoAKAHDpQAUAFABQA4dKACgAoAUdaAFoAKACgAo"} +00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":4,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_usec":1654385136566441,"pkt":"nLbQ0+MztKXvZygQCABFAAEVhPZAADUG2Q2saHdQwKgCfgBQwFqEcdW5xxPyOYAYAffBkwAAAQEICmIHnkuTrSPjSFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcg0KU2VydmVyOiBvcGVucmVzdHkvMS4xMS4yLjUNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MzYgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClgtUG93ZXJlZC1CeTogUEhQLzcuMS45DQoNCjANCg0K"} +11530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":4,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":11586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11586,"pkt_l4_len":11552,"thread_ts_usec":1654385136566441,"pkt":"nLbQ0+MztKXvZygQCABFAC007ZlAADYGQUisaXlSwKgCfgBQtHgmuimsUbJfToAQAOsWCQAAAQEICsmhz1rytRrbAzNe1I2ckcce0lslyedo\/wDr1zYmq6aXmdeHoe0T8jlvC8iWXjqVA6mK8UsmOnXkfga8vCWp4l26nsYyMamCV90d4K9m1mfOJgTimgGmmAUAFABQAUAOj60AOoAKACgAoAKACgAoAKACgAoAKAGzMEiZz0UZP4UnogSbaSKmhalBqdn9ogyAGKkHqDWdKpzpm+Ioyozs+pdq0YCFgDyQPrVAVL7UbW1QvPMkar1LHgUAcf4o+JejWG6O0c3cw7R9PzpOQHE6r4x8T64SljGbaNv7g5I+ppMC14K0GRr4XWsr5jZyN57\/AI1IuU9IsWtoVEdptAHZelUM2rckqC3WqAmoAKACgDD8eJI+gziNNzbDxXJinL2MgPIrYrbOd0WHA6kV8tIDD8a+I4IFCSZZV\/uihx5iec8Y8ceLJtd8Q2+mWXCF9uD35ralS5Y8xnKXMei3fgTQrzw7Ct7bp50aghhwRU+2kXyRNbRdR07w5pEcNo4fA2nHXPvUTZexzvjf4hxadbtvgeQSdMUQpxqaE855p48uX11rWVrKTymGSe1dlBRpMyqKUnoeofBjwtptvocV3sCyAblDDvSxOJTXKa0qTSbZ6Fo95YP4m05LqFftEU4EMm3pmuXAz\/2hGh6vo\/8AyFp\/dQa+yJW5sjpQUIxFAEUjxopZmA+tKT0A4jxr8QNF0KUxiRbi4Y7RFGcnPv6Vk5aFrY8U+J3xV15pVLXwtIV+f7PActKAM4J\/HpUc5ahfU8vvfEM8lyzadHJEMtlmOWKsOQfxJNQ5alxpnNol7cwn7VI77G2ruPYVDkbKC6n6PS\/f\/Afyr0Tzhw6UAFABQAUAOHSgAoAAM9KAFwfQ0AKOlABQAUAKOmaAAn2NJuwCihMApgB6UCezPJvibeeKNM8eSalps2nvp8sQQ288pEszgdEwMD8eDXzuPqVYVLxeh9VllLD1KChOOvc8y1b4qeJ9GvPIu4UaOW4ECsyrGYGboroeQPcZBryvrtaLbmfSPLMHUppwR778JdbOueD7eaWTdcxDZNnqT619Rl+IVaiu58JmuF+rYhqK0OnNdup5oUAFABQAUAFADo+tADqACgAoAKAEYZoATI6HtQBBezi3jMrfdXrzRewFJfEOlsv\/AB+wZ\/3xRdPcCSPW9PY8XcR+jii0QZINWsCeLhD\/AMCFFkJEiajaMcCUE+xzQMWa7t9jIXGSOh71M1eLHF2aOS0\/X9L8Nwn+0Z1tkuZ9kRboW9K4cHKzkj0sxV1Bk+t\/EHQLCAs92krkfLHF8zH8BXdzHmHJav498Q6qpTRtLkhjP\/LeUfyFDdwMqz8M65rUxuNa1S4lz\/yzDYWpKjHQ6DTfCuj2OAYkZhxuxk0FGg8VpYRlkiSNRzuIpPYDmdU8VWf9opbGULk\/xHGahSHyylqdVF4g0Xw7pgv9RmSOHjdJgnr06VrGcSJQmPtPip4MmP7vV4vxBFPniTy1Oxei+I\/hOQ4XWLb8XxS54hy1Oxah8a+G5vuavaH6Sj\/Gq54j5JFyHxFpExxHqEDZ6YkH+NRzxC0jK8ea\/ZWmjOfPUswwADkmuLHYiMaXLEXwnjOu+JYVjfduyTxxXzkjOUzzHxF4iNzdy2skZO\/IWriRKRwf9ntp3iq31FlKrHJu92rpjLmhykHs+nawda00CFzho8E4x2rjnF8xrzI5a702TSfNuLi+OQSQC\/GPQ11qEZQFzGbObXX13QlZyGAwO1ZKMqY4npGkWemv4fjjubWNGjTnKCsare5uUdX1m2t7EW1mpV84XZWUYtgM8C6vqU3jvTbfULOeMfaVw7Dhua7MNGCrRtuS3I+lNMAXVWI6FBX1i2A05ZUjXLsAPc0uYo4rxn8TPDmg3Ys5rxWuXyFRPmOR6+lRKQ7HkfxM+LV3LHtivkijJ4hgOXIx1J7VlKehrCB43quvaxquqv8AYQ0MUpy2DliQMEk1HMa8hXn0+YzCfU5xtU8ktk0rji7aGR4n8X6PpMDQwAFiCOOSaVl1NLvocdceI9e1PnTomjjU+nJpqPYnm7n6NfGnxtN4Ks9MmgsI7ttRuTAd7lRGBGWzx16AUsyx0sHRU4q505LlkMxxDpSdjnU+Kmu2\/iqx0XVvDMVq16kcqEXGd0TkgMPTkdDXn\/2riIypqpSS5vM9dcPYSpSqyo1m3Dy7GP4N+JXxA8U3E0Ok22jrKsMk4SaNgoRSeM5znpWFDNMdWryoxtodOK4fy3BYOnXrSb5rbG58EviLrfjDUJ4L63tAFs\/PjESlTuzjaefWtsszPE4jEypVLaHHneR4TA4WniKTb5i7Jq3xfhtXmm8O+HgI0Z323jdACeMj0Fd9WWOhdxcbfM8ynDKXy83Nd+hzPhH4teMfEt7b2Wl6RpZuLmPfEkjMoPGcE5rxqWc4ytXdFJXPo8Xwzl2FwaxM5St8j1TwVN4jm0gy+KLSztbwyELHayF12diSe\/WvpaHtbe\/ufFYr6sp2w6dvM8z+Pfj+6Gpf8Ix4dupImt3B1C5gfDFxyIFI\/Asfw9a+ez3NJUkqFB+83qfX8M5FCrfG4le4lpfqc\/4v0v4h+HvB9r4mudbv3tn5vIVmfzLRD91zzyP7w7Dnsa5qmBzCnQjVjN3ttc7cPmWU1Md9XlRjybX03N74Z3\/izxlbyJb\/ABAubG6twN1u1pHJuXsyseorfLMRUxkHCpVan2OXP8Hh8uqxlGgnB9dSjc+LdRgv57Q\/EzWpJLad4H8nQlcF0bDYx15FbyxEnKUVOTa7I5Y4ROjGq6EFGW12YWifETxjdXkcd14pvVhZ2VpobVXfaCQD5eOvAyvrmvIWaYp4r2bqNLtbU+jqZHl8cG6ipx5\/V2+89F+EPje1utafRL7xPqWsX10d0C3Wm\/ZfKVRzx3zX0WDxa5\/Zzk3fa6PjMyy+UqP1inBRjHezucMvjLxbB8T9c1qWGeQaTNNJc6WLz91DHGgXg9DxhunUmvHqYvErM5WWkVtfQ+ipZfgXkcf5pvRtanp\/hHV7z4jeB5bhbq50FhcgCaylxJtXB6kcZzzxXs4HFPHYdzejufL5pgI5Zio0l72h598LNe8Ta58T10638S6ldaVDeSujTSAtLAhIBbAx82PyNePQxOIqZk6UJe6mfSYzB4PD5NGtUppVZLse9LnblvWvrj4LW2p80\/tK+G9VufGE3lX93GiYmjKseRnIC88V8nmtKandH3WQ4il7FJo8rDat4k1CPSPEmmi6n0\/ybi2v87ZIskkA4HIwOlebCnztKR7M6saN3Fn07+z5CttBMVuGkE0YOGbOCD2r6XKafs7o+Lzuq6qUmenjkV7K2PAYUxBQAUAFACrQAtABQAUAFACHpQAlAAOtAFLxAoOnurDgjFTLYDxrWvCdzPqLm1nHl5O0Y6Vj1K6EUPgnVUbP2vg9eKoTRNJ4M1Itk3jL9M0CtYLLQdb0zU4buO9QGCQMGkY7foR3+lRUqckHI1w8ZzqqNtBNY8bqurtZ+LNNuYJbWUvbzW7OA0YwRnb29jXzyzarSk41EfXf2DSrU1Upsu+Iba08f+HrO902Z0S3uSzKQPmVhjI9K9DAYiNbVHkZph6lG0ZFvQvBulafGrMgkkHOW5NekeM0dNa2n7oJFb8diRVCL0OlSbSZn2j0FVZDK2oXWn6cfLDBpCOFXkmolKMRpX0OR8U6hO8TSTyJbQDnLHnFc8ql9DeNM8vS\/wBJ1Hxv5Ft++kQbjMfTpxWVzdbFv4qaxe22jC1En7tcD1yuaaA4Nb+42jy3j56krxTIluSXGuXVqoURxHJ\/u0DLmm3s1x8zxxHjP3aAsNl1iW1ukaO3TcjcYPNZ6l2R31vdXF7YQPOCoK\/dzXkYiNpas82t8Rzvjq4toYSojBZRzg1jFHPP4TzvVtRtYsXFxHgr04rQgjlnudctvOgsiY0HDkUrxjLcLSlsSabrWs6Wqpb2T4X7wPanFRZVpE+u3keo6WZdUBXd\/AT901tFESOI03WrjwpfyXdrC80OPujt+NW4qejKjNnZReM9a1zw6k0Nq4E7hSBwQDWE6MIvc05pPY9V8KWGl2Gj239oxhpWQHL84rkqv3rI2je2ppT63p6a3ZBIkKi5jAdR93mqw\/u1IvzKlKx7ZpcivqO5WBHlivs07og8y\/ai8bzeFoLGJGlWO5Zg3lcMfYHtWNXc0iuY+bfEkuqeJNQaa3laGN2DlQeSehJPrWXMdMKaXxFm20i0tYd97IGYA5yfeoZq1FfCY\/iDxdpemKYrJQ8g4xGM80ugnFysed634i1nW9Za03NFE3ock1FOpzt2NJ0+VGp4g+H19penWF9PGzC9kUBm5NKrLYrDrnTR6h8DtF0e21PUbPUIVLCNHXIB4P1raFWKdmc86M2ro+jf2uv+Qb4bH\/UQk\/8ARDVwcQ\/7qj3uDtcw17HH+I9Y07XPiroF3plyJ47XT7a0m+XBWQMSVx9D1rx8XiIVa+G5I7W3PpMuwFbC0MXKqrXv1uZfwci1yaec6Bdi3uI7CVnym5pEycqo9fSs8DSq1MxqexdnqbZvUw0Mqoe2V1odj+zbFpdlrT3VvqUcqSWQVYEjYvGCR1+nSu\/JaEaeNqe9dnh8S4p18BTSg4xWx3XiTx5Z2lhere6NqtpaqjRNdz2+Ik3fKGJGeMt29K+grYmVOEnNaHyeGwUa1SPK7yueMfDm8t\/B3jSxnEo1aO0j8tWtcgSllxgbvc4r4bD4tYfHe1eqfY\/UsTgauOyl0JLkduvl6Hsmm\/EHUrnVILR\/APiG3EsgRp5I12RjuxOeg619lHG15WXsnZ9bn5pWy2lTjf6wm+yOL1rRdLsfHT6x4Us\/BtzCH+0RT3mqt5jTElnYqCV+90rirww3tuePKpeZ6WEqYl4P2VRVOXy2OkuvFupX+kvC2o+GGkuLZt0FxLtTdjGxjnp15\/SuieJk18cX8zk\/s+ip83sJ\/wBfIp\/BrwsNN8VQ6hb6Fo1rAsJXzbSaVyNy5Owk7SuePpVYPDzU\/aWjZ9jXMcfGph3Qbne+0tjh\/CurjTfEOvwnx0fDbHWLktE1l5xceYcNk9K8q6p4irJzcU32vc9vkWIwVFRoqo0v5rW+Rz3hOf7F4jhuZtV+wFLmRzfiLcVyzESbOeTnOPevBp1E8w5oyt57n1mIhOOVunOmr2+HZHoHw1urfW\/ivaahL4wbXbizRxEzWvlME7jaOgzznjOK+kowVTFRbk5Pv0+4+IxU3Qy+dH2KjzPdM58ppktr461H+2USbURcxSRNGS1uzz7MEDk4Ax+NYTjTjiq85Ss2jrVTEVMLhqUYXimtTofC9\/4q0n4ITNoOiw3VpPb3b3d09z5UlsAMbkGPmONx+oFbZV7eGXc0d3c586jha2cxU3ZKxj\/AC41+we7l8L6Bb6rILeNGM9z5JjTGRjg5zXm5E6\/t6kopM9fiuGG9hRjOo4rtbQ9r8Eaj4pvluP8AhJdBt9KKFfIEN153meueOK+voTqv+IrH59i6dCP8CTl6nO\/HzR5Z9Jh1q1VS1q3l3AbvGf4vw\/rXDmdBzhzLod+TYjkq+zfU8f1KG0u7o6hY7ZJmjELovGVHT8s18\/BXlzH1dVJR5bno37NAJtpkmgeGeEMHjbPGSMda+gy53Z8rmytFHri\/dFeueLLcWgQUAFACrQAtABQAUANkfYM4oAak8TdGFACl0I+8KAAMp6EUAKCM9aAGTxpNGyOAQfWgDlZ9CT+0naIkK3OM1k0rjRci0VAvLHP1pjB9FTGfMf8ABqAMbx3Da6R4Wur27dmhUBTltu3JwGz2wea5cY0qEmzty+MpYmMYng\/jDxdcQa9HpWpaxb3EUcHnW99CvMuOiuB39ccGvicTWcmlufo+DpOnF6Hd\/CWWaLTbRINnlXMYd0zjhuT\/AD616WW3h1PFzdU6t77nbwp5V0yO2Srda+rirpM+HnLlk4mwl8IrcsIwdoyOavYhNM5vW\/EOq3W+KPbaxKcbwcnFckpu7R0woJ63OJ1vx3pWjzmFC15eE4BHr9ag1UIxOB8ea7f6+4ea6ZEB\/wBSh+U0W1HcxPDlxHp\/iW2dgCSdrY9+1PlFzHYfEu1nvdIWVFG3Zk5pDOA0wBrMFhkjgigB93bGWPcecdPWgDNF\/dWc4VWO3oKGB3nw\/wDDM99qEV\/e\/NCeVDDnPvXLWrqnEUqh13im8t9PlS3jChccba8mo5VnzI4KsuaRyCWUWseITBNLwRuVTUqLiZR1Luv+DdOmt2SYA\/LgcYxUVKkubQ09nEy7eWz0bRGskiVdpwDjrUPUT90r6UJr3zGt7fzVxyQO9ar3Yhc818cSataeKltb2IJBI3y4PGa6qUuaJlKJPc6Dqbxgy2vmWr8lwMACiVSysJROr8J3mnQTW2kWigsmGZQOBWFTXUuMrHa+OrS7vfDy\/YpRGyjtzXN9o3j8Jj\/D557a1Y6k29oju9+K2TtUTEe1fBHxPZ65by3UN4sjL8pXP3MdjX1eGqc8ES9yT46+DIPGGhqkigyQN5kR9CKucHI1hPlPln4r2WueBp422fJIdowOK5ai5XY6oy9ocDqmqa7rNtJM7PHEvBA5NTN2VzanG7sbXwk8Hx6pqhhu1JLRlgW71EZxkaSjKLG6l4SW08Yzqg5iBxj2rjw9TlU7HfiKafI2epeM7e8u\/BHh2K5g2jevNb1ZNxi2c+HjFSlynV+APDen22v3l3dSKBLboq59q3jTgpOUupxVKlRx5Uei\/td\/8gzw2R\/0EJP\/AEQ1cnEH+6o9vg3\/AJGD\/wAJieN9Fu\/+Fo+Gbyx09Dbf2RbLK0bxptYMSSQSD0PXmuTE0JTqUORrSx25djlRo4znb1bWxifAnw3reurdPoeuf2TJDAY5JRHvLq5IxiuXLcLLEYyrJStvsennePw+Fy6hCcOa9tzf\/Zjgey8farYP5fmWMUtq5j+6THJtJGeRnFa5LR9jmVSN7nJxRivrOT0aqVk2W\/2nvEpu9StfCNm5ZLfbdagF53Of9VH\/ADcj\/drbiLGSjCOHpv3mc3COXR55Y2qvdjscb438Ga34V0DS9evCPst7hZwqkNZyE\/JuPoenscV49bJalHDRrL4tz6DC8R4fFY2WFnpHZPue1\/BrxMPFXg9Yrpg15ajyLpSeWGMBvxFfUZPjI4mh7z1R8NxBlby\/GtxWj1R4L4ubQP8AhZuqRWNvBpumxX4tliihICLHhWfbjqSGP5V87mlOVTGrlj7t9T7bIq7pZUnOacne1z06fUvgULVlSHSmmEZCvJZOctjgnjnmvoY1cBThypdOx8XLD5rUn7Sc3Zv+ZGR8HfifdRSfYddlsrfSrKzYs9va+XHa4OFbCjgHI4964svx9f2soyj7nRnq5rkeF+qxqUHeq3rdnH+JPEd5E114bs\/Fia9pl0qj7Q9sFlcs2fL3dT2GRjPSvOx2Jr83s8Nd36HrZVl2FnTVbGU1Bx7Pf5HR\/DyVPAupS3fizwTqzs4Aiu1t\/NjhQ9flGcH3Nb5fhZYGXtK9LV9d7HLnmYUs1So4fEKKXTa\/zPTvDXxF+H2oXUEOmajaxXN4wiji8go7sTwp49a+ip43Dzs4nyGIyrGU4NtJxXZnifxhudBPxV1mTR22WyOiXoX7rXA4kYeg+6pPcivls7pwqYlKEH5n3vC1R0cu\/e1EtdE3semX3jjwFD8G7rSNO1a2gd9IlihtSSXDtGRg8dSxr3qeKw9PC8sHy6bWPka+X42pmTqTV\/e3uZP7Iakxam6\/MqQwxlhyAwHIz6153DtOUalST2Z7PGlanKlQjB3kvme2kD0FfUJux8GtHdGd4tgW58NXkBUOHiI2kcGs6yTptHRhpuFaLXc8GtbD+yNRubeKBFiLndx1B6V8v7O0mj632rnqz0T4KRynU7+WTOEiVTgcEk\/\/AFq9jLVqzxc2mrRR6Ov3RXrR2PEe4tMAoAKAFWgBaACgAoAjucCFifSgDyXxjqWsWXiCZbSe5iic5QLyD71nd3AzT4s8URcRzTOR\/fgobYE8HjnxLGP3uM57wkVPM1sBJF8SNZ6mOLHf5GFHNILdgtvijqjXIjaCHYeN3I\/pTU2KzO18B6x\/bNs1w5UvnBA7U+a47WOjA+WgaDAxyKBlLxBY2mp6NcabeKDBcxlHB9KyrU1Ug4s1o1Z0qinB6o8Tf4aeEhqcpWxWKSMlGijc7AOmQvQfhXylfL4Rnqz7nC5nVqUkMj+06Cba1jVttqwiyH6qDhSPXj+tXBqnoYVqaqu8j0aJjd6dDdMm2R055r6bDPmppnx+NioV5RRa+zEWJJk5xmtnsciPDfiRqGrDU57Vb5kgRsELxu9q4n8R6MNInP24hYDfgtjlvSmgbTKepW6M5aGQ7vQHoKaEZFtmPVI5JCNqyAqcdeetUSj1TxbMf+EPR4tp3LjPrkVm9zZNWPIobv7Erqy8Kx+X0qjKTaJLrUFa0EtswO7sKBRkZdzI07jedrhgTmgo9o8HXN+3hKKOCJg20AE14eYNnLJnJ6zdXg1Yw3bEsWzjtjNLDSUaWpjJoZfyRWt1DdQyf6QWCgbulEmviJO+03SbvUNKBu5P3jrwBXn1Z+8XGJ5t44s7vR9XMF6d0JGUYD3q6bTjqTVT5jpfAep6ZZ6EXVkJ9c9K0qcyhoKMjzn49wNqzJe2cw3xtkKOK1wrf2kE5JyshI\/GL6d4Bhiu9sk+1UNaToOc7ozlUaPOr\/xjPpOvx6lAoZX4bHbJrqhh1KHKTzHYxfEu8fTpJUZ\/LkTOAf5VzzwiU0io1ZFz4PeIrvW5rmKQnDZCq3X86WKpKlZo3jIh8BeLrn4XfFy6fVPMTT72TdJySh\/2gPWvSwNW8FYipJ30PtPwpqNtr\/hy21S0kEkFzGHRxyGBHWvXi7q4XPL\/ANpXwtDqXh6ORkGYps5x1rmxCPQwslax4TFo8VvaalbfZ8qj9SK4a0n7N2PRoQjzo7T4ZeExNrtrc58pBbkcdzSpUb2fkKtW5brzMnVdEa0+Jc1vLlsseSOCKww\/LTqyUtjrxPNUpQcT0PWPsepeHrawZQstqwZD6Y9KrEV6dtGY4ehVUnoU7YfYdyTOv+yWNcdTH6noUsA3uj3z4i+DdK8Z21pb6s1wq2UnnQtBKUYMU2nkdsE19JiMNTxFPkmj5rA43EYOr7Sg9TG0X4S+GNP1qHVPO1K6ntx+7F1dtIoPY474rmhlmGg0+p21c\/x1SnKnzJX8hngP4ZP4V0zVrPT\/ABJe7tSi8uKdY1V7XkncpA5Iz3ooZbSoSnKDa5icZnVfGwp0qsVaHXuM8JfC0+H7bVng8TX76lqkTRi\/WNEkgLHLOMDBcnnJqMPldKhUlV5nzNblY3Pa2KpU6HIlCL26EHhr4RW1j4tj17U9fvNXlSTzXS5iQebJ2ZiOTjA\/IVlHJaXtliJyba7nTPiPGfVXhYwUYPsd74j0uz1vRLnStQgWa3uojHIrDqCMV60qaqQcXszwKdR05qS6HnGifBi50didK8c6rabl2sY4kDMo6AnHNeRHI6UJNwk16H0VTiWvWSjWpKVur1LX\/CqtXJ3H4g6qWPUmCP8AwrT+yv8Ap4\/vMlnsltRjp5Dh8LNY7fELVf8AwHj\/AMKFldlZVH94f27L\/nzH7hT8LdaMbRn4h6rsf7y+RHhvqMc01lrW1Vk\/22739hEbH8KNVRw6ePdRVlOVYWsQIP5Uv7N\/6eMbz1vejEsn4ceJmGG+JmtkH1RD\/StFgZLarIz\/ALXj\/wA+IfcV1+FetJOJU+IGpLIDkOLWIEH1ztqXlt3zc7uaf227WdGNvQD8K9aJYn4gakS\/3ybWL5vrxzT\/ALOv\/wAvGRLOm9PYx+4Z\/wAKn1b\/AKHy\/wD\/AADh\/wDian+zV\/Oy3ns3vSib\/gPwXqfh2\/ea48WX2owspH2aSJEj3f3jtHWujD4T2Lb5mcWLzFYiKXs0n5HX4xXUlY821iprxCaLcuf7mKmr8DNaN+dHkdyqTXzhxnLZFfOtXkz6dO0Ud38LIBHbXb922ZPr1r1cvVlI8XNHflOtX7or0Y7HnPcWmIKACgBVoAWgAoAKAI7lN8RX1FAHFeJbN4L9WeESI3f0NZPcaGWls7t\/x4YHrmkOxJLp6fxWfNArIh\/sq3A\/48gM+gp3YWsMbSLIA5sev+zSBGn4Ms47SWQRQmNSc8jFNDOgkdUGWYAetDdgSMq+1y2jcwpIrSDtmhO42jLvb6a5jZC5UHrihiexzfifRmlsDNYyNFcLyGzncPSvOx+FjKPOtz08qxrp1VCS0MWwsiZljud8rqcEtzivGhStufRYispJcp2OlTqumQIUzgYFfQ4L+Gz5PMNMQy\/KJjAw5ClfyrqOOO559o3h6y1HWr+a8QSbZflyOnFYcqbZuqjRup4K0KS3Kizjyw64qvZpon2zvY8b+J+jW3h\/xBKqFtsi7yD29qzasbqV0cZc30OPmIUsP++RSGd\/4VmOt+BvJRwSilR36UrIFI8q+JrtpVu4T5nftTJmzK8L3M8mkrMRwT07H60EQ01LktyJr6NyGXymG8d8eh9RSa0NeY9v0nW0i8LRfYwuRGMenSvCxcZOWpz1GjjtZmm3SX10N757dq5ot2sc7F8O6bJeahFqU8TSxg5VVHbtTqT05S4xPS9K1IW+Jpy0UaDADDFedNM1KPi3+yfEEZEyA8HaTxTg3HcmZ83eK7+98P8AjCawhkf7H5h5zwM17dCEZUzkkmiaWZr66QGctGBnJORVchF2cR45hvTrDiOV2tl+6M8A11UUlHUvmRQ1Dw74g\/sNdQhhaSIcge1WqtO9kP2a7kHhfUblLpbW+Qwxnghq1nSvG63K9lbZnT6X4ll8PagZdOAMee0="} +11504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":4,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136871813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":11586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11586,"pkt_l4_len":11552,"thread_ts_usec":1654385136871813,"pkt":"nLbQ0+MztKXvZygQCABFAC00DjBAADYGILKsaXlSwKgCfgBQtISflO+w6t\/AxoAQAOsWCQAAAQEICsmh0KnytRw4iTsWIVy+RjNYSujePvD7mJVjz3I\/OoVRvQ0lTSVzFVPLuHIbrS5dSNGrM8y8R5OvXoA\/5eH\/APQjXJHZCfxMz2bBxzx6VaiNInif1p3sSyRmyM8+1JEkYNModmixNhd3SmtGBIhzV7olomibBGOKbWhDLAbjHIqUtQsOHFO9gJYHAIJ5obETGQDtU2FYjd88GmhkUpPT1q0NIYTjrRcqyEyfShahYFPP+NMb2HA4PSjlbEk7l7T5VDDdiuarCXQ6qUktDQuShtz06VFJO9jSrytE\/gaH7ffTaUZGQuPOhZequvB\/MGuHN6dqUai3Wh6fD2JlTrSpp7q56z4c0mS3tQHYEgDPpXy8pNs+qlNy3E8QzxW8RBkA\/GnF3ZNzjdY1u3hUsXHsM1ookykcN4m8TwBiN4yegHJ\/KtFEzbuL4WlmuZlkdCgPQHqfelJ6hFXNLxLlZkiIPTJoiOWhyfxPjjbwVfRS4A8klT6HqP1rqwjfto2OeslyXPCmzuIPBr6I41sSwMencdKDOSO7+Ct0T4laN2VFa2cqnZiMdux4ralH94jz8arQPUghHc8967EkePJk0bsF5q9DPUaxJ5PNVHYLiKexzii2tw6FqxkKnkZU0MFoy2zh12gcUW7mykMWNQ2QKfKRzu5chwmKdiJX6jixJzRcaRJB87AU7glqaUdqpi6daxdSzL5L7FdoSshBrX2iSD2cmyaMDcAaIzT1CVJpakrbSvTFaJmditIxzTEhjSHGOtZ8tjVSFjIbnNZzm4uxcIJ6kpRlG7d+FOM7ocoWZGzkd+a0uQ7DC4J4FVczbN3wpapdBi+ABXLWm0a00nuaWprFYxCQHgdhXC05SO7m5UUjqoK7QpKnv6V1UqZwVJpsytSvPOmwvAHWulaGdrlff3HNO43CyJ44wy571yVXqb0ldDJcRAjP0q6b01MqkddDPu5DKCuO1aSd9iErMpWdsY59\/OayUdbmjldGkxLDHatZ7aEQjZ6lvRQRKP4RmuZwdzrUkbN3JEYQocFu49KuMWzKTRjyAeYfeulKyOVu7HkbACRgGmxNDWm2c9\/Ss5o1pOzJUivLiL93HkdzmudLW50SndWM6SylEzB8Zrpja2hz3dzy3xD\/AMh29\/6+H\/8AQjXmReiNX8TM+RTnI9Ku4XHxZxzSEyXt1prQgQjFFx3AHimMAfemKxLG1VElolTp1qiWTITSYkxzMMUh3HLJ2pWJQNKc4zmnZsLArbiMdaGhtDi1LYENPPpTHuCj3q0MdjnmmAqKM1SuFyRPlwfeperFzPoTfaH27SaFFIfM7FnQtQk03W7fUIhloXyVz94Hgj8qxxVBV6Mqb6m+ExDw9eNXsdvffFC0trfakFy59FiJP6V8nPLMTGVnA+ypZlhZx5lNHEeIfGes6vOzx2M8EI6GX5a1p5ZiLaxsjOeZ4ZStz39DkrbUNS1zUzbyzG2iXrt5dv8ACudxSR1p3Op0nQrBIf3dvuc8l2OWP1JrCUrGihqdX4F0UBZ7tgdkS\/LkcVlKb6GsY6HP+IdQjOpS3M0ixxQgl2Y4Cgd66Iq+iMJNbs8m+IfiS58Tamml2KtHaRtkKRgyH++\/oPQf1r28DhFT957nlYjFKSdtjmNR09GiiW1DPITtjAGTKO5\/PNejJaXOenVfM1LYyxuRuRgjsaS1Ol6nX\/COQR+NLUkAiTchOfUVcJe\/FHnY1N02j2IHBxXpKzR4TY5euBTS1JjuTJHlM+tNuxroKIWJ6UcyE1cljjPpRzpCjGTLEYxjvmiMlLYHFx3JY4z19afMkCiTxoSDkU+ZBYSQHbgGguyQ6EkEU7XM2aEF5+7CnqBWUqfUcZ62JYT578d\/WuVtndCyRcaxHlht3PtUOUrluKehXki2owJzj1rpp1JWsclSmr3RRlbrXRFmMo2Ii+au5IiOV6etZyipFwny7FhJwV5NSo2L5uYavzknNWJoVkHTpTuZyWppeHrw20m0AnPas6sLo2puxNrd600qxPG2D3Irgas9DsXvRNXTbKCSzw4AyPTrWsajOadNXOb8QWwtrs7TlT0rpTujDZlISfKAKtCmzU0rLx7iKwqo0puxHfbQ3zDDHsayUuhUtTPni5z0zWsVcwk9SORxEMAc1UpKOiKjFvUfBucVUG2tSZOzLBkMa5PB9qckkrji5SdkOt59\/FFOaZU4SjuPkkCgc\/nWrMbEkF3bv8kgBHfNYylYtR5hsYiExMb7h6N1FZufMh8ri9TotCQTIPLA564rJl3SItUtVFyVKZI64FbRvbQ55S10PA\/EB\/4n17nkfaH\/APQjXBH4UdUt2U8c00hD0UelPcT2HtgdqRI2qdmUFNAJTAcpxQKxLGeKu+hLJFcg0aMmw\/fxQKwhbjntTAM+9O4EkRJIzUsTJM8VNgsAAzxVFDlGBgnmrGKfpQAA4OM\/SmhMkB9adiRwGaBjkWjYRMilR1xVXuO5l+MJza+H7qYcEISKzqy9xo2oa1Io09K8NNe6ZY+INPQiK8t0lz6EjkH9a+EqT5ZOL6H6BTheEZI7HQ9MYW2HjGcVzSnc3jE6HxG0Og+BXdpBGXQkk8ADHXNFNOc0kVN8sG2fM\/jfxDJqTNIGxalv3Cf89SP+WjD09BX0mFwyp2k9z5vE4mVWfJHYyPC2mtcSPPOzLFMCuRkFhxub6Dp7kgV69GCepw16llZdDf8ABulWMniREvNU0vTI03RfatTjke3ZlHCHYCRuHGexp1ow5eV317GfPKXn1scl450WTS9Ydo0Y2szkxSEHax7gE8\/TPOKmVGVK19ujO3DYiNWHmh\/w7dofF2nnkf6QAT6ZpRVpJixavTke5iNi7e1eij51ocgq0girFiM7F+ahxuNbkqNk5yMVJXQsWygtlugrhxtRwhodmDpqcrsknK9hWOX1ZTu2aY6nGOw+JgRg16bvuecrXJg56DpUWZpe41gzN8qnH0raMlbciUZDlGODwa0TW5m0x6Ak4FTOWhUY63LlokseGZcAVzxSbN5TajoXUv40G1z+Fa+zT2Mud9Sre36OCsYPNL2Vhe0M+RyatKxMncaDVEpCfjQKwqnH9KRSJkcLQa6A0gzkdKZLLejSotwNxGfesqrdi6Mbss61dokeT17c15s61menDD3Vw0vxEDaiOUYccD3rSn72phVio6FHWrw3L5HOK74R01POqLUzzJxmrsZs1NNusWwKnHFZzWhpB6lLUrx3ulHX1NYW1NnsS2zlvmJ+lbLRHNLca1uZJS7ZxWfI2zaNS0SRECLjHSuhaKxzvUZeKTHkdaieq0NqLSldlW0Zkc5asKXMpnZXcXHQsyyDHXNdsnocCRi69NIYi0LlXXoQa4pO6Z0RiQeGL+9Z9s7knPUilSj3Jndo9D8DzO0pdjziujkVtDnbfU6m6WMorsAC3UUK1rMwnufMHiNwNevuCcXD\/wDoRrzL2SPRa1ZTR\/Wq3FYmjcYzxTsS0KxyKSeokMZsnimO1hQ3qcUnfoFhrPg8c1oloMfGd3TmgTLS206oHMMgUjrtOKbTIbQUaiQ3d6VWw0gDE07A0PBzQSyReB1qdySQfdpopCqeadhigkDPGad+hLAMccmqQ07ocpJ54poGTKOKdhPckQCmmhMenJ+lG4yWP5jtGST0ptdhM5T4qXRh0uLTcgS30yxkZ5VM8n+lcuKfLFLuduAhepzPoejfslatFqfgC70edt0mk3boqk9YnJZT+eR+FfF5pS5a911R93l0+aly9j059OtwuYwq7hk9sV5x2ngnx38dweKNRk0vS5i2gaZ8txcqeL2Rf4U\/2Ae\/evoMvwbpR9pPd7eR8\/mWN5n7KB5RYsdV1TzphthDAeWMY9lz2GBkn0r2oR95I8ya9nHTc7bw9pF1earDo+n+XcarqE6xQQecAZXP3ULMQF5PA4HPrXfLlhHmk7JbnHaVRpJHYaZ4Dt49buvD\/iOC4WfTbkR3ccThf3gxmMMpOfnYfOvBB\/GuinTpVoKcXdPZnFXr1KL2s\/P+ux0b6P4ZvNEk0fVdLmvNP1FWeCWS4bzIipKebHuztbcDx6DnrivRjRjVg6cnockJ4iM1Upys15b+Rx6fAO+h1OC\/8LeJrW\/WFlkFtdoYZSM8gsuR+eK4KmVVI\/BJP10f+R6Ms4hKLjUptX6rVHWX2h6tprBtSsJYV7vjcmf94cVMqU4L3kccZxl1KyRr98EEHpir6FuLYSRswAGKly0CzFW3kT5hnFTFg9ET2zFpAg+lcWMpuaO7By5dzpbHRpJrbd5QIA5JrLCWg7GmK94w7xBbaiYNuK9RzTR5\/JrYvwQqUBOK5ak30OqlCK3LC7I48ZFZQu2bVHFRM+5cGT5cHFehCNkedKSbJbJ\/3gJomroFY2YvL8necE4\/KuWTs7G6imjK1HG\/cAB6471005OxzzSRU3Y61b1ISEjJY89qCRzADketJlXRp6dbQyQbnUNWd2mapJop3SLFKUU5HY1onczcbEBYk4FA0SLbylN2CfwqedGjjoQTO0fHIwaU1dBTfLIrSSNIdpY\/ia8yWHvO56yxKULDkUoc1306XLE82tU5mXrLbI4DEEVrsc97sXUYY8ZUYpxbG0kihFI6ZVSfpTZnpckjQs25+Sank1uNyexZiyGGOgpmZbjcsMU7WG3oSMAASwrOzHHTcrzOCO2MVpbQd7Mz522S5z0rK1mbKV1qKz748r1q220YXs9DOkiaSQqwPJrP2bub+0LNjCiPjGDTbtsNWZv6FczWsmYuvpVw10ZlUVnobiX1zcktMx46AVfKkjB2e58\/eIz\/AMT69P8A08P\/AOhGvI+yjve7KYYikibD0Y54rQViQuOwoQrDQxzmgYpb5eBzTsFhAKq4HRfDizgutcRbgBgvIB6UyZM96s9I0ttCPmWcRAXj5aV3fQTSaPHviPp1pbXjvbRKgz0UcU07kyST0OPJ5xRdlD4RzyOtUtg6kuDnimDVx68daLCaVhVPqf8A69DXYzaQ7d6jrTQ0x3PQ0LVjFC88VQEyD5hVCHjkhV5JPAHehJvRCbM7WPEWj6WzR3V1ulXrDCAzA+hPQfjVuMYfG7G9PDVKnTQgu\/GVnp9kLq809bZXGYUnkMk8w9RGMBR7tWjqUqau4\/fv9xtDBObstf0F07WdY1KI6rqtuNM0qPmKzhG2S5JB2h2AyoPp39hUurKS5tIx6eY506cP3cPefV9EcN4ivLvW\/G8HmbA5KkiPhUUHOAO2AteRiKjnO8j0KFONKi2dt+xxqbwfEXULPdiK9s2JB7sjbh+OC1eLmtNypRk+h72Xy5ajXdHTfHvx\/c6nqM\/gfw\/cGGBDt1a8jPJHeFT+h9enrWGX4G9qs\/l\/mGY47kvTh\/XkeOeLLgtNHpdku2CEBQi8Dd0x+H9a9262PEpfzzLOl28NgCvMpgIVCOkkrDOMfl9APeuilHXYynNydz2LwN4Y06x8DwaifEmlJqAuh\/aWmy2++5lXOXyzfLsA7Dk5BraGM5MSqHJvv\/XY56mGVSm6qfTTov8AhyfwfHC0d1fW0aW0N9N5enW33AE+ZVZh\/Cp+c+yo\/tXsJr4UtjzKt3o3drd\/1\/WpT1LVptR1ye9s7qUxkqsTngsqgKGx23YLkerGt6V7a6DUOWKiZ3i7xG2mQxX7XMyXEJG1kYqX555FVWq+zhoa06XtJWsd3p3jy\/Gh2tzHNundf3pddyv6cfStVJOK0M5UoXdy0ur6PqVsZtY0KKGV+ftNo\/kt9Sv3T+VZzw9KXSxnyzjL3JFWCz0i5uR\/ZesRyDPMN0vluPxHyn9K5J4SX2Hc3Tkl7yL+oaJPbQ5dl5GQB0I+tcqi4u0lZjtfW5jaRAqX5MnABxSqQ5iqc+V6nU3WofYtO2Ryhlx36ivPlDlkdampI4+6uDc6h5nXnrXRTTaMJWTNGGYBcDJqmkUpDLhmJzzW8EktDlm5N6kOeMn1rQg1LOEeWpOBSKWokqyLJiLv+VZTSe5rFu9itdrICTIf\/rURaWg5x7lFnPmEdq1TMGSRhiflBoMxxDDG7incqxLFPJGhCOQD1ANToUm0RyS5HzNzQw5rsLJle7VSeM1hOTRvSSOpjtgLfcq8YzXK6mup1OGmhzetbPtJVR3rrpO6OGpG0igR82Mc1L0ZpGWhOLaV49w49M1pGaM5Rb2IYHaKQg5BHWrlqjNaFh5zIvJz7UJA5Eapx\/WqI6kinBFRzamyimieEZ700zKasy5bR45zzVEjb+dYI8vwBWVSrGG5tToyqbGeLgSqWU9KqE1JaCnBxdmRTYY+tEkmTz2CPPQZppE3Jooh1xVWHckt7QG5Lgdfep9mr3NYz0NnTrcKc5xVWFJ3LLnyjj1ptXRhY8E8Qk\/29env9pf\/ANCNePFe6d7SuymDiqsKw4P2JphYeG45pE2GsTkYqkikhc8Yqm7CY4HH1qbsRe0i+msbpZoG2svPXrTTIlG53Vl8UdUSw+yyW6NHjGQeaq2pHLJHM+Itbl1SQuybcnpnNK4JGUOtAx6HBzV3QEpIHTFCCTtsBYnk5qrEptj15oBRHrgjj8aVu5mO6c00aIcpzz70wejJF3E4RST6VpCMp6IVjifiD4wkt5G0jRHzK4CzTqMtk\/wpRWqKlHkp6y7nqYLBJr2lTYz\/AA\/4d1C2CzJCtzqshzGsnzJbf7RH8T\/yop4WolzPWX5HRVxUG+VaR\/M6PQvDtno7XN\/rfnanrpKi3DLvjDk8nHU4H\/1ulbqjGmnOrqzlrYidT93T0j+JieONavbnU2gmmwlrmNdq7QDnkn1IJ6+wryq0ueTle9zShTUYpWKHhQmbV729bJ2RkIzHJ54Az9B+tcivq7nRW+GMUUfh14h1Dw5rjX2nBTceWyoT0DFSoPvjOfwrGtQVaNpHo+3dH3kdBZg6dpEtxNlrh8ySuxyWc+p+tdCXLFLseROTqTMPRnEupbpBh9rOCx43ep9qVNe+bVFaOhe05J5Ps0bSiGW1uMSq44VmYfvPfsPwFdq0VzPSUrdGd1ADBPf2+lPpsdpdYS71x8\/v\/VUJ6qDkYQHdiu7DScoc9rHHWp8skpu9tl\/XU7O4u47PwOGslljbVg9lpiSJg\/2eoAllkPUtI+SPTJxXZCPNJL5nAov2mvTV\/wCL\/gGKqfZY1Xpu612xSNDl\/i3EJdA3qMGNlI\/OuLMEvZtrodeEdqhqaNr1lZ+C49Wu2\/dwRj5B95n6AAVpTxEI0FUb6GbpSlV5EZ8\/jRb61F380QztaNmztP4daw+vRnHmWhf1dp2JdM1pJnUpKytngZrWnWvqTOm0el+B\/Evn6XJZ6ozPFGMgg8gdM\/ga7FGNWPLM45Np6MJ5DFOXUiSB2Plyr0OOoPoR3FebVoypysyubUr30xlXaGOD71zShdmkZ23GWULM+FxR8KHrN6GrBYuqb+uOaw5otm6g0gu\/LEXUZ9K1g7MzmkzNLkv+NdCaOeSZoQ3DhAM9qQ7uxPFcZTAOWzzWc0mXTkRX0q+Qc46VlZmzkmZcZLycjiq57EezvsW45I4165qvap7AqTW5Dd3QA4IBrOVVrYv2StqQpdBh15rSFRSMJ02hzuDVkJWY+xR\/PDAgAd6iSuXGTub8mqG3swC24AYxXLKjd3R1qo0tTm7u4aS5aQ5+btXRT0OepK7HW8y5BYdKqSujOMtbM1Y5ofs4IYA+npWSTuaOSM26KtOWU9eprZS6Gbjd3HQL7dapO5DRMI2OQFJA74qhJIVYjnJFS1dmnMrEyMIlyaexm3cd9vWNdwA9Kjn0KjDUp6jKL2IjJ\/CuKt+8Z6FF+yVyOGMQRBOc9SK66UeWKOCrU55NkR37+M4rVtLczt2LthbySjKxsffFZe0SHyt9C8kDIdrL1rRSvsJposwR8jC1aFexowDYuadg5rEN8TkHtSY0eDeI+Nfvf+vl\/wD0I140W7I7nuylkdRRdsQqiqTC5IPT2qmhNDGpjFUk0bhYXPIo8hWJY24B7UIllhDTuQyQYpkg2Se1AxykjrzTSuxDwRjIrQQoJoAkFCRTQ5Ov4flVNGaRJyfwpGluxJbwu8igcb+MnpXRRoSqa7InkbMH4l+JRpWlNp9lnz5flyD8xz3P+FbYuvChT9nDc7sJhvaT12RieB\/DqWEQ1C\/BN\/JyqsOIAf5t\/Ks8HhHFe0qbv8DfGYnn9yn8P5nZ2uo6fp2mSSROn2hcAL1Zyf5V3OUIJs4VFt2MPUNQmF493BNJGhTzPkb543BxkN79PxNeRiqnOmn1N6cNV3OH8QoYI\/LYkyTP+8YnOT1I\/CvNk0tD0aWrv2NTwpF5Wg3ly5VVUn8lWpjqnYyrPmnFFbwRpvHnyoPlO4ZH8R6fkKlJSHiavNJpE3jHUAki2YIIA3Sf0pSbbsiaFNtXDwraeVA88qYeU8K3GEHIz6Bmx+CmtqcblVZ62TOv8J21rbapLd3fM7RLsj2bmcjk59CTgc9xXfRhZ+8cNSbaSjsdPZ29jpijUL21hupow088j4OwKQzLGv3VBLRxjv8AMfSu6OqsjGTlLRaX\/r\/gmTH4iu9Sun1DUZmeZxtQdFiQdEVRwq+wrspNIPZRh7sUQ3utmWUDgYI6d6p1FewKm7XM34gStL4efg\/MBxjvXNjW\/Ys3w6amjibyeSTw28AZiInDhc9PWvHUm6LiztpxXtb9ynb3DiAMp4YVEHZWLlC0rFyxurhblZEYgjmtIylCSaMpRVrM71teJ0cyxsEEirGx6ckjP8q9d13yXR5vsPfsbXhnxP8AYLxo75XlsbggyxqeVPTevv8AzrVVYzjyzJdN20O4uYIfKjmt5o5oZVDwzRnKSr6j+o6g1yzhKDszK72F0+RI5Bkcetc9RNmsJJMvXN8iQYjOa5Y0pcx1Tqx5TImuC5rqUbHJzXYtgFkmAPftUuTN1BNGsIYzGRitYtsxlFbGVKrxzkRseD+daWMUraIhuJHIw7Empa6GkdxLBskg\/jXNUg7HRCViZ7ae4nVIl2gnr6VnC\/UdSSLtz4auRa+YhZjjuOKpuLdjLmktTD2NHIVI5B5rSEGmZupcljYkfyrbZENmnYKRDkrg+9R6FxEnkXJQ8mpl3NolK6hUjcOPWoUhVKaeqIAPTtVptmDiSxSEDHPNaWugVjV02xDx+Y43E1jJ3ZukrajriARuMDFaUzCo+x6n8GPCNrq+hvczqjFsg7u1cOMxDpzsgpU3O9jkfiDoiaN4jntUAKZyuO1dtCpzwUjFvU5q5QEFT0rZ6gijdRMRhB0rCaSOmEupHbxuoJP5VnCC5iqk\/d0NC3t2kQHGc10ysc1mxpg8uTawxis5ptaGkHZ6m94eeCNPmYA9siuOVGTZ1SqwSH3aRvcZQg+uK76UGo6nDOSbHxxqq9K0uZjYnbzMY4ovcdx11GXAwM0McWjwHxISNfvR\/wBPMnI\/3jXiq3Kjve7M\/JA61ata4xyP2zzSS1FYkBx0q2xMQnJpLzAUdKoBetFgHoTnGOKaE0WITke4pWsZsl71VyQzxQFhymmmIcPrWikmA9Tn8KT0AlUZHXFNMbV0KgIP9abZKTTM\/wAU6kdM09ZVyWaVV69ATyad7anRRp88rGiL6K2t2vWlEm5flZu5x0HtXoyrRUb3EovY8yvb97jxK+pFldon2wbhkBu7f4V5DqN1ud7rY9WMeSjyrrudt9qMmnLcNgMV6Cvf5k4XPN5fesZjlYo1vJVwkhJVm4HHVvwrzsRPlNkm9ER6jPu1y1tprlNjRNLB5Dg4jI+VW7ZIBOD7CvIlWdVvsjo9lyQuYHiV1e8jWOTekLM7xj7vmHCkp7ELn26VjV0lZG8LqL8zT8MRm78LS2+3Hnu+G\/ujNOntYwre7V+40HEemaY2P+WakjPVjVNWRlrNnKWMQu9Taa4Dvlg7qBy5yAE\/E8fTNQrs7W3GKSOhuLu3srkBwJ5Zm8zZHnjPQnufbvjpjNdMdrHLyykrdDVjlsdP1mCw06\/nv7WFWk82WMx+dOwyx2nsASAfauihOTj7ysRVindr+kXNZvWn8N3U892oleSK1ht48DPzNL5hHdcH8z7V1wbRjCNppW8\/0MeGVioUEiujma2NGipe3rRS8sRzwR1rnqYrllYtQujZ1y5jvvh3JdKw8yF03jHTmt60lPDuSIgrVEjhJtwgcjoylTXkJnXB+8ipp\/NovPOSKzSbaNq3xmpaR\/uAw71rfU5ZPUTVbiWPTjbBiMupx9DWvN7vL0LpRTlc37K\/R9Eh\/eBp2Tbito1Pc31OWULVH2Nb4M+M20rQb\/T9TWWaxidJlI5NuS21iv1yCR7VthavPBwqfJ9v+AXi8OpSTjueqkELFLGwkhnUNHIvKsD0INK26e55kk4uzLKbW4x\/9eoHcr3kSK3y45q0+4KyZHZW15NNi1gkdlPVRmolFb3KdWWxfmkvbdds1s6NjnIxVpxtoyG2yGMMy5xyetWQiG9j3R54yKTNEVrY+XMCRj3qHFsOezN7QLmFb9DKw2Z6VjOOhrGV2d5LLapp+4MpUL0rj1bN2lY8u8SiIalI6YAY5Irvp3scc4a6EWnqC4z3q5ak27mhKriM54GKzb1LRlzSFHyp596HroWnYiluS5weKlQLdTTUdGc9K1iujMZSJoxtYEjAq7Ep6mzYXKIvJ4qHAv2mg24uBNLwMKOlXFWRjJ3O0+HXjCbQLV4SMxt0wcYrlxOHVVlQm47GP4u1htW1Jrp+M9Oa2pQUI2M5bmOdj53n8KVSbiXTg2ytdpsXcvOKwVRNnW6LUbopO7swA456V1RtY5Z3NPTZsJtHWlKJKJZ4+Nx5Jqog9B9oucDoK0W5DL0AKnmqtoQ9y2n3eahjS1EjhAfduHPakhvQeZAM8UM="} +11522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":5,"flow_src_last_pkt_time":1654385136216297,"flow_dst_last_pkt_time":1654385136871916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":14466,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":14466,"pkt_l4_len":14432,"thread_ts_usec":1654385136871916,"pkt":"nLbQ0+MztKXvZygQCABFADh0DjhAADYGFWqsaXlSwKgCfgBQtISflRyw6t\/AxoAQAOshSQAAAQEICsmh0KrytRw43ETIWx90g1MkmtQ5mij4m1u71u+8+djhfurngCqS5VoS3d3KUQyRmqTuhHL\/ABBmH9vaZHniIF2Gf7xwP5VLaUkmd+FX7qXmYHxBjH\/CcqwwAYVIOeDSxUEsQpeR24aX+zNeZ3\/wg+Cvjn4mSY0fTTaaYrYm1a+Ux28frtOMu3sua4quLhS82Z04u\/Mz6x+D37NXwu8I2MX2zSj4j1GFt0l1qRJjZsfwwj5QM+ua8qpias93obTqOTuj1m7tLXTtFFrp9nbWVvEQFhtoViQD0woFc4r3IPC3+tnHQZU\/zoFI0NfUDTm92H86QluUfDQYzzfQCgbL2rOkVnI7sqqoyzMcBQOSST0AA60xGV4OvtN1u2i1XS72C9sp0LQXNu++OUZxlT3GQfyoeg2rbm6+Ad3ZBkUiTlvG3hfw\/wCNrcaT4m0e01S2c4xOnzx+6uPmU\/Q1cZOGsXYpScT58+Of7Idw6vqnw31CW6VAWOl3sg84d8RucB\/ocH61208fLaoNcj8j5a8QaVqGhavNpWrWc1neW77ZoZkKMh9CDyK9KD5oqSehjKEovUzpFyT79aYJjV4BFMbGg\/vCM4pWG1pccv3hjPvTE9indEC9QjucYNUjopq9NmkcbMjB+lW3fU5epnysPtZXpUO7eh0xXuXL0DCO2bs0v6DtWyVkYy1diBZAj5381alpcq10WLcK2WHUGp1uS9D0\/wCCmq7tPudEkbmAm5t8n+E4DgfofzrqglOlbqvyOHEKz5u52rhWBojKxzuNxkUbsxCKTVuSIimnoNlVkf5gVINRJp7GivbUsJcAJgnIrBwNoz7jRMuMYGKm2ti21YqXHLda6ItI46m5C6ux+XJPtVXTIQxGKyfMTnpWdh8xv6U8eFwRWM0zog0TXbR\/MRg\/SpitRyaM2UEtjPFdUI3Ryt66DSmTwK16E3FEfFc09GdlHUjGQxHFaxtYUtye3kHA96c0kZ8w51PUGsJFQmkU7g7JQSalM2k00atpcILcZI6cU0m2ZcyRXYl5S2COehraMTOUy1CPlHSt4xsYsswMynK9e1Va4IfC104YtJx71yVqPM9Dsw9VR3IZEkjfdnnNcDpOmz1IzjOJ0vgfxhrPh+QraTb4W6xP0\/CuuMuaGp5NfB05zvsy14u8VXuuEebGIh6A5q6Ld9CHh4U1oZFuTnJOc13bowlEv2cm0ZPFc1RXNKdkiaOVd45B5zxVRVkY1OxsWMgMRwR+NO1zBs+S\/ERI8QX2Ov2mT\/0I148fhR7j3KRJzx3q4gSwAls4pibLqDgUkzFslTpTvYVx\/QUNkiqelNDJ4\/uAGrZDJD93ilcNxM8UEiE8Z6CmVYQHNNqwMfGOeamxLLMcYxSuCJVXBwPwrRCaOf0vwtr\/AI++K7eHvDdkby+LLGgHCQqo+aSRuioueSf51y160Ye9I9ShB+yivvPsf4Vfs5eBPD01vrGvwr4n1tIlBmuo8WsLDskX8XPds564FeViMbVru706G8WoR5YnrwGLVYVULHGMIiKFVB6ADgVxiuJp5EdwwPRhn8qAuS6ym\/TpuM\/JmlfQaMzwycTTD1UH9aBmhrbbtNJHdxS2JRnW9zcWOhX97ZWD39zEheG0jYK1wwGQgJ4BNOxelzwH44\/FK78Raf4g8LWEV7Lo17PGpvvI8v7KixjzrVu7Zk7\/AId6UXd2NPZ8qTe53v7KHjLQ9d8Nf8IvoujanZDw5ZxRyT3MaiGXP91lJwxOTtPOKuSImnuz1XUHC2+M\/eNStyCLRIi8zzkcD5V\/rQwZpXky21q8zDlR8o9T2pEnlHxn+E2gfFfRzb6nFHBrESn7HqgTLp32SY5ePPbqOoroo1pUneOxUZW0ex8OfGn4b+KPhn4qk0fxDYtGPvwTp80UqdmVv4h79fXBr1qNeNWN1uEqa3jsccrD0raxnYa4CyA9jU3dxp3Q5ODkEfSqEylqJAmBHVSCaaOqinymjBzCtaJaHJLcpxRGbUWwMqnLGkrbnQ2o00TzHknjp2qpN2MkUyKlN3sblyw3ZHNa3sYzsb3hHVX0bxFaagc7YZMuB\/Eh4YfkTW9CqozXNszCpDng0e921jDIA6SeZG4DRsOjKRkH8jXLWqypVnTfQmFFTpqSNqx0eIwABtpI4pObe5Ps0jF1zTLsTMoi4X+LPBraErbmU4u5hTwyxkhgR6it3OK0MlBjVcjgnGKlWeqKldbis+TnrmnYxbPR\/BXhy2l01JpYw24ZyRXJUqNOxvCCsc78TvD8WlXKTwY2SdR6GtaNTmWpjWjys5u3dhwCa1aMr2NG2DFRzx6UrCuPdeeRWi0QXHRRhugxUuRooX2Gzrjj+lS9TaHu6DVjUQ54z6VSdimr6lRZALgqDgU731MJvU0IVGzOazMSnqKDqR9KpRuWpWQmkIZJgp5xWiVgu2zeltiYRuUAjpVxsErsltoAseGAz9Kq4JKxFKoWT5eKtMViSNiBnFRPayKjqxkjBjziuOceZ2Z6NN8sdBITtbJrohRXLaxyzqy5i4mSQAuSTwBWsIKOxjOcpG5baQ\/2YSygjIzj0o503ZGUpWK5iKts9PSqaRKkIyYYc4GaLaDd+h0ulWcD2SsJJFb8xWDqNMzlHU+RvEJB8QX2P+fmT\/0I15C+FHsvcqDqKqwE0H3sDvTVyWWo+nWgzY9TimSPXJbmq5UJoeBg0xEkX3uafQTJl+71oJ6i9qAG4zTWgxQKa1AkjHrRYlliM5Ax1oQ0dj8Ifh14m+IWqmPRYRb2EMm271a5Q\/Z7fHVV\/wCekn+wPxIrjxOMjS91ayOmjh3PWWx9W\/CP4c+GPhx4ak0zw9bs1xdOZNQ1GcA3F8+c5cjoo7IOB7nmvEnUlUlzSO\/pZbHV2fBK9O4qWJDnXa596QyujhblefamBbcmWGSM\/wBwgflSsBj+HTi6mHTMRpIpou6gwOlHP\/PSmxLcj0wN\/Z+EIDNISCR6UloDaPPvF3wm8Pah4tTWmeaKWWTzLi2hwtvJ3GV6nkZPOTmklqa+1bVmd34b0mDRdHg06zWKKIY\/dxQLGuepOB1PuSapWM5Nst6m\/wC98sfw8CkFjS02NIIFj\/ix+vekxGd4guPMnWBekfLe5poRf0W08m28xhh5Bx7ChiuYnxZ8IeG\/Gng640LxPYJc28wPkyYHm20hHDxnsR6dD3qoTlGV4sqM3E\/On4\/\/AAy1n4ZeN5dKvUMtnKfMsbxFIjuIz0I9D2I7Hivcw1dVY+ZUlHdbHEE7wD6dq0aszLYj37c+tXG7L5blC\/ctKzdqG7aHXSjZWNq2J8hEXlsc5q0jz5ayZOLcRqDHj5zliO9UorqJy5tyrex4Rhxn2qWtC4PUpIjFulRBO5u5I0bOICPJHJ6Vrrc55NkwC5Knk96GmI9h+E2uS3nguJGO6XT38hiTzsPKn8OR+VddeksRSjWW60f6HM6jpzcOj1PRdB1SO4RftC7COD71xuSgrdTSN5GnqclqIiyONpHO6s4uUndiqNROG8QyxGb5CMZrWUWFKpG+plEgnocVtTTS1MsRNN6CMoPXIxWyZxuNzvfAvi5bPShZ3ABKdCa5KtK8rnVTlyxszK8fa4NTG0HIz+Va0ocpjVlczPDWmS38vyoSB3FXOVjKMbmnqmmy2DDcCFPrSg09RShylF2yeucVV9B2JIWw2MdaznFs1jJbFlLYS8HjPepvY2STK2oWot1wrHmmpplOFzAclJiATnOaHNsl0l1NnSiWjGTyapanJONmJqMfBxyK1ijO+pBpoCydcEGtLGiNsSkoo3Z\/pTS0Bkn2rBwACapIQqYdsnHvSsxrcsMiiM5HX9adrlc1iTT9NFycs2weuKaikPnbRBf2j2lyEYhhjIYdCK1WxkW9IdftCkgYrKSdhxOkvtVtrewK7gzkcAdqxpxdxTRzVtqTS3xTbkE1rd9Q5bFu5O5cDIzWiWgi1p11dxw7DMxUdAT0qVTiS1c+ZPEfGv3vH\/LzJ\/6Ea8COyPWe5TAODzmrWoEtv2p+hMi0hyOKDMcDimncViRCOtXdCZIvrQmSTQjuRTvYT7EqgU7kjiPlyKB7DTimIEHNFhpXHjP1pqxPU6P4X+Fbzxr4807w1ZF1W7fzL2dOtrapzLLntxhR\/tMK5cXW9lTbW72OjD0ued3stz7j8NWun6ZpNtpOl2kVnZWMYitreJdqxoOn4+p6k8mvAad9T0m7l3gNgnrSZIzO2UH0NCAJZD5gB6djQxlW6ISX15zSGkXIJB9pXHRxTtoLqZOj\/JqssforjFSty2i3evnSyP8Apr\/SmxRXcNN4toRjqSf1oE0NvAJNSI+gOKSHbQuKf32SeI1zT6CKsB82\/EjEAA55OMmloFy8Z\/LjkuGzwNqfWgVjI8Mv9s168tZyu+3YTYPV436H88g\/SjUcrKx1kjKq7jgAUiTC1Kfz5tx+6OFHoKpBY5b40\/DDS\/ih8OJ9A1B0tbr\/AFmn3bJlraT3\/wBlhwR+Parp1XTnzIcZWeux+cHxG8La14I8X3nhrXLdre9sZSjhujDsR6gjBB75r26dWNWPMjblVzCYk8nmtlJpWGincvumAx3FTJM6YRtE07SckFskbuAParu+hxVIW0L1vcMAPTNPfc55RIrtzkqevXNWkmXFdR+lQea6hulaQggm7Gpc2RiGADjFauCSuZKVyjIrKcHr3xWUrWLTOs+CmqpZ+L\/7NuXC2+pqbckngOfuH88V2YKSbdJ7S\/MxxMLx5l0PUbW9eCZoZEIZWKt6gjrXHWouLd+hhTrdGacs++DaSeRXPFtM3klJHP6pvEuCc56V0RdzlnCz0IYCR1FapGbdyWTHlgEe9A4iWyySzrFECWPSny3G5Ivz6ROsO\/zAxHUVpytIzlFnTfD+6t7SzMcmNxPOK5aibZrSaS1F8cajBMVjjPI9DVU421FLU5gyYPWtrGMieGQfhUtiRajv1j49BWU11NYT1KeoTzXedgHtmuZzsz0KcHJXJNO0aSQKzxlmb0FNT1HOFkblp4YukUOsRC4zit4TR51SJS1KzaNijLgjqDXVFpnOzJmh2S\/WtUUi5bxsQP8AGhMqzL8emXptzOlu7IvJIFUiXoOsChPODgVlKqlKxpGF1cmncK2D0960g0yWrM0dIvbZICsrbGHQ9jVNO4rlTVpxcS5TkL3q+gt2UbmZ4Idykg+tZ1HyoqEbszrW6up7oDB2nvXNGcpSsbOCSub+n2iRgPn5jXXGKSOaTNALkZziqFYfEwwQTik2LS580eJP+Rhvjn\/l5k\/9CNfOxfuo9bqUx2piJbf731qkJllOlO1zMfSAdH1qraEsnjGTxVRuSWYgAADRMI2bJCOM\/lWcJ62ZpKNloAAIzk+1bX7GDGke9UguCjBp+YFvT7We8u4bW1gluJ55FihghXdJM5OAqjuSazq1OSDkzWjSdWaij7E\/Z8+G9t8P\/C8q3ixS69qqq2pXKciIDlbdD\/cXPJ\/ibJ9K+cqVpVJ80j1XCEY8sFZHasHgk3A\/Mvb1FLczLYmWSESDoelSUhHbKZ6YpAxhbfHweV96dxEV388SuOo60mWia3cbI29OKaJtYqRKY\/EkowQGZsZ46jNT1LbY3Vr21t9Id57mGNFl6tIOOKpxuzPmSV2yjb+KvD8KQh9RACpk4jbHenySMniKX8xX8P8AjPwrqermO216zMrM2yOR\/LZiOw3YzS5JdUaQrU2tGbms+e+jTC3uDbyzDMcwGQuOc+4OMfQ0mWjhfBWsHxhOklzE8STSZihKkfIjdf8AZ3MMjvgVzq8qnodE4qnotzvtRcvIlsh3bDz7mtzG1jO8a21xZ29pqulgi701i1yR\/wAtIG+8p+nWri76Mwquy5l0Ny51GG8s4WtGzDIgcH1yOlTZ31NFqri6VZmQiaQfKD8o9aGxPY03xj+dIVj56\/bx+Gtn458AzeJNLtgdc0CEyb41+a6txyynuSo5HtmurC1XTnZ7M2py05fu\/rzPgOdTEN4Pyn0Fe4lc1i+bTqUpGDzDbUX1sdMVaJbiPyjk8VUdGc8lqXbaYjGciqvqc84EsjDdknOabM0mXdJuo4W2ycc5Bx3rSNREzjcv3F8HTIcEAdK09o2ZqJReeNmweM85pPU05WJAWhmS6ib95E4dGXsQcj+VRGbhNNdAbvoe33N4t9Z2GuwHMeowLIxHaQcOPzr1MZFOSqLaSPKacJW7GjBdJLACWwcdK8ucVc6FUuiq0DXUuFzgHrTi7akO8mJc2RhGa0jMUoWIQu7gVdyLaF7RFSG7BYgE9KqEl1GlqdTDYNLaF1I6cc9abkrl8rZycxnguZEO6N92CvpUNoiNMcVZ03O+TUOfQ1VLsVn3b9oyT2xVKWhlUg2Pk82JQWFLmRnyyREJxnOaiSvsVFcrLVneWwKhmxmud0ZHfTxEUrHaeFNQthLGpVSPU1m4M1lUTWh1xuIwScgKRVxVkcdRHFeJ5o5L5zHyCa76adjinuc7cnLknoK36BFXZZ0uVPtMYbhSRkmpjds2loj0\/RIFW3UgAKF644NU3oYSd2cn4g0uGDV5JrfiNm3bR0Briqp890dlO3LY53VZ\/wDS9oY\/St4VNEjOpT6li03eUC3euxbGBOq5HvTAkNoJsBhxUSinuEZOLuiaCxhhA2Lz3ohTjHVDdVy0uWUUDk1b0JuRm6VpPLFZuRXK7EU0rJIQCaL6DUbnzv4kJ\/4SC+z\/AM\/Mn\/oRr5+K0R6L3ZTQj3+tWBNCcHOKexLLSHI5qkyBwHUZpXEPjHpVLQlssw44od2QybPY8U5bEkgbpzURhqa8+lmKDx6ZreKM2Lg49qbJQoxxxSG0bnw\/8Taj4P8AFtl4j0lLd7uxYlEuE3IwYbWU9xlSRkcjNRVoxrQcJFU6kqcro+xPhZ470Xx54d\/tXRiY5YiEvLKQjzbR8dD6qezDg189XoToz5Zf8OetTqRqRujppVE0O0ffH3f8Ky1G0UYLhYZvKc4SQ4\/3Wo6kotQvh2if8KbGNV9k+0ng8VIIfjcrx59xTYLcZCA8LoRkdwfyoRTMfVPDukXXiiKe4gnYyopKi6kCk4I+7uxRdpicVJajdR8MaG2nFXsi4WToZmx0+tNzl3I9hT6o0IND0SNATpFkfLh4LQBu2O9Jt9xqEL7IZb6Po8mnNDLpFhJETtRDbJgeuOOKE3cckmrNFG+0i40SEDwxC86RAE6VLMTHKBywiZv9W\/XH8J6GjmvuCjbYPh3qXhq\/0641Xw\/lNshE8EwxPbzEnKSKeQQc+1S48r1L9o5vU3bBSrG4f7xPy57n1pibLshCWjwsAz3KlWzzwRikSc\/8IEN54RhWQnFnLLbSE8ZZHIxV1FaRnT0jbsdfBcrLIyQJ+6j4MmePoKzZZQ1S+8wmKEkJ3I\/i\/wDrU0gSK9jF5sp3RiRSCHU9CDwQfwp3A\/PX9sD4byfDf4t31jFEV0jUVN7pz4wpRicp9VORj6V7WErKcPNGy1tJdTxm2UPISeMdq6Irqzsm7InLBUwAT+PSqV07mVru5NZyZODzjpVvUzqRLIYN0pJ9GY2sOj3E45NHLYTsSp\/d5App2RAjMQcZJ+lXGSY0PSdo0AHrSYcqZ6n8HdSGpeDbzSHI87TpftMQPeNh8wH0r1aL9thHDrHU87FQ5ZqXc6GOQY\/wrz2rmSubmguiw4ccmsJpo6qSsg8QTRpHtU8mrpXFUS6GTaSDmuho52i5BtPz56VnK5rCKZ1vhe7hk0\/ZIdsidM9GqVO2jNjnvFM8ct4z4w4PXHJrWxi5JaGY10pUA8H0qHB7jVRFrShG7eYevasZykaRUXqxuvyqkfb8DUXaDlTMe2LO3A61rSnd2Mq1Oy0HTQyKCxU\/lXTdHPqiex1O7jKhGxj0qXCO5pGTaNuHXb94AkkzHj1pR5Wy5QfUkhuPMXeWyT3rfmS0MI0nIr3PzScdK1T0IcbMNPj867SPP3jg0ttSnLoe2eDrK1i8OqlwrMFXg5rhqVZuW5nKKT0ON8bOsErm2R3QZxxnFTUcjqoONtTiI5BPdGWRSAD3q4SUFeRpy88tDQt5gzYHSuyjV59jGtS5NS3ERuHat7aHOa2lRJLMqkAj61lNtCOk\/sKwlt97b4mx1U8GuZYiSdiXHW6Oa1aFbaVo0YlexrtT5kUjMtYJJLgnpzWVtTS9lYpeKjeQTIsStjHXHBrKtKS2N6XKzwfxL\/yMN9j\/AJ+ZP\/QjXjxvyo6XuU6oCWL7vvTEy0h+UZpxRnYlT35oe4mSR9f51ViGTxjJ9hRdktkwxj2rQXUULzQK66EqA7cVQCnpTYkIAelNPqBLHyRT6aAa3hbxjq3w\/wBSfxZo06xz2cR8yKTJiuo\/+eUg7gnv1B5FYV6MatNqRvh5S9rFR6n1t8Efif4f+J\/hFNb0J\/Jniwl\/p8jgzWUno3qp\/hboR78V85UpypytI9aUbHT65D5kRuYhkgfvFHf3qE7ESRDpl2Lq3KMcTRd\/7w7H+hp9Sb3LLv5sIlHDLww9KTVi0SCThXx06009Aa0BMpcsnqDihDZHeN\/xMLCTPcqfz\/8Ar0mtQWwXv\/HqR6yj+VNiTJ5W228pPfApdAtqOtQFSNT2+Y0bIejIomO55sc5wvvQgPO\/iKlv4U+KejeKraIxWepM1hrsi8IzHBSVh6j174ql7ysTLRpnpsBUgycGNOF9D6VI2M0+b7c5k3FSjlXHdCD0oEZvg2W1TXvEPhqyJihtL0XjnP8ABOoY7f8AgQbP1q53spGa3Zt312nlC3thshXjA71BVmQ2Vq9w+SSE7nHX6UD2NaKOOGMJGuAKm5Njw79vvwVB4s+B9zqEMYbUvDzfa4CBljEeJF+mMH8K6MLUUKqb6m1GVnbufnjAu1OmM817qumdM3djZSoGffFN6Dimx1s22UY70JkzV0XEI3Z7d6uxztaE8LBTx0PemjKSbJZCpA45ou7Eq5E5AOTxUbbFIBymAMCk5u4M6D4X6w2i+L7ackeVMTHKpPBB6Zr0MvrONaz66GWIhz035Hs1rZRN8\/VTyhz27VjXTpzcTnhBT1LtgVgkKk59M1yubN1SsR64FljDdxWsXoYvezMy0T5iMVtG9znqJdCzlkGAMVbRMJNGhpuorHZCNuCPWodNXujSNTSzKkubudnJJDGrbsQ9WStoUs6q6ZGetZ+0Ww\/Zvcf9iFtHtBbcKNJDUmjKvkaR8E7jmm4polT94uaDpvmSis4xsbOXMdM1hHHbASRqwI9K0W5Liupy+p2SW9wzxqACc4q5O6ErRehXaYbelEYNFSki3pRMsm05ArGbfNY2haxqx2i5+bJAq+aXQjljuVL3NvMGjOCpyMV1xba1OSdk7HR+H\/F2smJLRpkMR4OVrOVKF7mbVzs9MszPbee\/zEjJNYVLIuErOyOE8cWwhvWaEYyeQBXm4hzb5Vse1hvZxjeRX0uLdBuAORXr4Ok4Q1PLxdZTnoW0Uhs4P0ruORlvTZZY7xSvTNZSV1qJG1e61qEcXlJINhHdRmsY0Y3uF9TImkeR9znJPeum1hsm0sA3OPxINVaxPQ2JZYdgSWJGA6bhnFDhGW4JNbM+UPEv\/IwX2f8An5k4\/wCBGvm4vRHrPcpA898VVwJY6YmWh90VaaIJE+7U31Je5NF78Z71fQTLERA6jrQotuxDRMo4xV2sLyJEXqeaLiaJFGT1HNWgtoKQNvam1cLoRBn1oJuSKvFPQTOd+Kt60Hh6GzVsG6nG7\/dUZ\/nisq0+VW7nfgIc03LsZHwp8c6\/4C8XW\/iPw5d+TdwfLLE\/MVzF\/FFIvdT+YPI5rgq0o1dGeg\/deux9\/fAn4o+Hvif4UGq6OTb3kGF1HTZWBls3Pr\/eQ\/wt37815FSm4S5WDjbVbGtrkUumXq6jaJmLd8yjoM9R9DUq5DRpWlzFIiXUbZhnGG9v\/rim9Sb2ZPFlHaJv\/wBdKJTY7OAkhOSp2tTe4R2Ir48Wz9Nk4yfY8f0okNJD7ogr9ZR\/Kk0wsOuGLRhP7z\/yFDAkmcLCwXkthRSYCE+TFuPPlDj\/AHjRsBkeJrCx1Pw5caZqbiOG+xGZDn5HJ+Qg9iGwacG09BSSa1Oa+Furane6Jf8AhzUb5xqvh6R7N5IMMJFz8sgz1OBgZ9aOZOVkLkmoXfodRqFzLAsGrwxSW0T7V1FHPOw8AntuB\/Sn5Et2Vylpjxz\/ABZ16ezJEFpp9rZSkHh5fmkOfcKV\/Oi75UhpLc6KcLA9vLcTpEjyYZHX749M9ucUrBu9DZtbhZEZo4ykS8B243fSlYRTvdSABWDn1f8AwoCzM6eyi1ayu7G9UyRXlvJA4P8AFvUrz+dNWBtx1R+XHjLSZtB8WalotwhSWwu5IWVhgjDEV9FSnzQTOtmPOm\/vjuKJN3LhKwWy7WAojsE3dFnBUkmtHJGOjHo3yY3YJ9aht3Ja1J7efbgVakzKUAlYOT1yTTSTBKwRsw45xQ46A0g5RxIuQVOQfcVUbxsC10PdfAGrDUfC9tNuBIBRvUEev5134rlmlU7nDrGbibBj8xt65J9Qa81wRs5uxFKSMhs5966YR01OSc22Vo7iISFQ3NaXSIszRsozcAADpUSlY0grsvyaXCIcuMZ9KyjUbZo6aKMQW0uhG3KE9a1k7xMUrM6a1vrcQheAMd+9cvK7m\/MjF1i5ieZvL59AK6oqy1OSTMuK3d33E5z+lVclRZo2Ye2+dCRQitUasN+08fluvTvSlGzNo3eljB8QMVk46d6EEkY\/LEY6VcZajcDY0Vl3AFafKnqZuTWjN6OEuoIbB9KrkVydX1M3VrfluTmtEZuJV05zFJt568Gm0Szs\/Deq3sMXliZih6qaxnTT1Js9x+qWMl7J5hA="} +11541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":4,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136871923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":14466,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":14466,"pkt_l4_len":14432,"thread_ts_usec":1654385136871923,"pkt":"nLbQ0+MztKXvZygQCABFADh0FqBAADcGDAKsaXlSwKgCfgBQtFrv1g2jOBd56YAQAOshSQAAAQEICsmh0KvytRw4Sa81rxVrV1LpNzLDshtC4HlmWQ\/LmJPujOXOMDGaic\/ZRbR0U4yxM0r7Hypp3hKwEAkvNXuZZXcySyJKrNK7HLEkRsSSSTXmSxEm9j3oYblilcml8N6DDCoJ1O5VWwoRpQWJ7YEXJqlVqP8Ar\/glOjFdf6+49F8c\/CJvCXwKt\/Geu6RLHqFzqVvZ2WlvcyPLbxOrEtcAsNrkBcJxtByeTiuhU5RjzN2ZwfWqcq3s4apdTjrLTdPt0UtodnuBOFKqxGeo5ZqylOXRnZFR7Gtp0K8PaaVYwccBIY1I\/KOsJSb0cjaMIfymhbwatLHiOVVzwUaeQfkAVqXKK6mipN7IbJoWqSbnaVn9QEL4\/wC+iazdSHUt0p9DNv8ASXhlKvcbmHJRcZA\/DGK0jUh0RnKhJbspJPeo7rLolj5UbgCWa7Zjg\/7IFXKcbaMzUZXtb8TWtrnT1JNzY6REeMMlvuI\/FjzWHNUXws2\/d9dyWXVIbe5jeEGZGByY02hPcDH8ql88tyk4p3RLb6pdec4n0ySWIruSVnVWB9ME9KFBJbjdTXYlivLv5SsECeXyuFBI+uBzSsx8\/kWLVdSnmb\/RQY3AZ2RCg\/HJ\/kKVkCc3sjY0XRNTv547eEqjN\/tngepx2ptx6lOM2O+KfjHSfA3h59A0DyzqMke65nA+Y54yR+JwPxpKHPsZOfKjg9M8JXdha3Osaygj1XUbTzLSOZs\/ZwwOHf8A2yO3auiLSaRzSV4tsvfDpWWK1hlKsYY1RnU\/KxCgcflXPir6nRh5e7EpalHvlvGiEPnRytkSABmbnAUn1H6r9K1pu8InPUilN3Oe16ZHgZ1uZWmDnMbHejKcgNknhgN3HPauqys2znau0jG0qFbnUAjq8m1SQgUksQe4HP5URSNZtxWhu74IfDIQyvcFp1LiNhlo1+6wP3t4bjoAO+cVclpqc8b860Oa+Isgu47krIJWVFLsqjlgeeQBu+uKKaXOmOqv3bMnwvZxJYl2SY3Mg3xjbmJjyEDEfMOQWyPauibRyRUr2R0OlWzwwvanSkmjEWEK5wqlQXjODzk5K9cEZ71k5GtmlcxtT0eWBZ0RGeNVJViB8y4yCfwqOdXszVXcbnfeC5TL8L5ZJ9TmnSORM2zSEA9Bk564HFTf32Pl92yOT1\/XZNO8VS22kyBIooSIz91ZOAQNjEqgBz0+tayXMtTKE5R1KKW2ta\/qZM8899MQMxkklAep54HHr2oioR8iZ8831Z03g+CHTLNdNkmDPcEvOVI3EKcqc+xH8\/WsakvaSv0R1UYKKUXuyTXryJpWWEskioWGMc4GauMdCptxRgXM2tSact3HcQxiQfu0lwWb8B7VVo81mjB1J2umZV7qHiCKMrNfWCnPQKCf5VqoU90jndaouqMz+0tZuJxAl3C7tnARRub6Cr5IWvYj2tR9SL7VrW5k80sVyGAUErjrkdqEodBe0q9xhl1RpPLac7sdNuev0otHcXPUelxl99ss8JdXaiRcD7OWO\/DdzjoPqauMU9kTKUlo2eg6teTwatPHciVGWVs+ZAVB5\/CuHkhvE9XVJXIkvhIBtaF9x7krSsyucvWzzOBtsS5GMmJgw\/SpcYpDuWo50jP721njPoYm4rJq+iNFM0NMvLFmxHdAMf4c4I\/CpcW9zSM0za04QeakhnH3gT83TmseVLYu50Xi\/WoLrxjd3dvL5sBcBJB0YBQP6Vn6gYfgrUZrHw1BGJZYtzu+0OQeWJrWaXNoXB6WZsp4luSrLJc+YmPuSIG\/mKxd76FNalefUdJuSfN0+yYj\/pgFP5jFWuZE8qKlzB4dnBDWcsRJ6xTnj8DQue9xckSEaTpTHdb6neQHryQapz8h+z7MkXTZ1bdb+I95zkebHWdk+guWXRkyReJEyY9SsJ+O+B+XFWlFKwPnIZbrxWsif6NZyBD\/AAKpB9v\/AK9D5H1BOZFe6rqhBWfw2q89UiJ\/xp3jayYnJ9iuut6Qu77d4Sx64jI\/Pijlk3pIXPHZxKtzfeELlWP9jSQY5zGvStVKa3Yc1N9CrcjwrKrCOS7hUd0cqaOaQXpsfbRaA2UTWb6BfUznJP0zRea3SKTj3CTTNPuFIPiu8wf4XZSD7c5qefl2gU4x\/mYWGn20UjA3jkK2VkbY2fyHFEpya0RUeVPRl+a1Vk51SJ0xyCRkfhiskmnojZtPqRHQba4iWZXtJOMqJE2sx\/MVXO1uS4JlcaGylWMNnFGTg+WzYx7nd1pub6CUEif+zYjEyxSW64HKhXH67qzdVmnKrEJ0i4iAaGa38zrnz5R\/Wj2ie\/6EcjWzLVpPqpRxPeiJh8qr9skGR65FVKEXshXbW5XujeEF\/wC0nBJ4CXk7AfmK0jFLp+BD9SnqEGsyptXV22nHD3EpB\/8AHau8L7GclLuMtrPV4yGW9z\/tC5l6+\/y1Vk90L3luy5btrTyBGuGDZ5zcyAkev3KmUYLoUpN9Q1G61GzQASTPIBk7buQ49ONlKO9mU5NddTLnv7+eE3E8kqgHaA0z7s+uGQUqrUFoelkuBjmGIlCpe0VfR76r+tC9puo3NxYPGmpvaSKpwz3sufrgJj9aKdnG7\/I58zwksFi5UemjXoz7Emkb\/hk24Mk+9z4NOZdx5P2frnr\/AFr2Ul7HbofCz\/3l\/wCL9T5k8MK66Lp8z6sXEXlOUa6uTkKVYj7wHOMeleFdc+34I+tV3C1z3PW\/2vJrSZjZfDnzVDYVpdSJz9QE4r1frkH9k+feVzjvL8D2P9l\/4m3\/AMVPAlx4ju9Ht9KaDVHtFgglMiuqqpDFiBz8xFdFCoqibSOPE0HRlyt3Pl2DxpfeHfjH4rt\/h54Mn1Lxfe+I71E1O7H2yVCZmGLa3yEjA\/vHJ9SBXHKfLVdo3Z6dOnz4de0naNtv8z0c\/DbRtIjt\/iL+1Z48i1a7iPm2WialcK1pbnqB5CcTSD+6i7fXNdEKc171V\/I4p1oX5MPH59T2n4b+L9B+IPwzt\/Fnh22uIdIvo54rRLiAQvsjLR\/cB+UHbwOwx0rpVpK6OOcXF2e58tfs9\/GXSLnwZD8OvinNBe2H+ostS1DEsTIGISG4PYr0ST6Akda5KdeLbhM76uFlBKpSOn8e\/BXwxpNhNrem+KU0PTYk82U6vOZrONcZBWXdkA9vve2amrg4SfNB2NaOaVI2jON\/zPFtK8Y6LpN\/Jd6BbWtxf28hWy1cRNthA\/5aQpIOHPZmGR2Gea5FGVJvqek5wrxSlou3f18jpteuo4\/2H7O7Pmz+d4\/Ms7zyNLJIzFizFiSWY+5rrSlKhq9TzbQhjfdWljhb3W4pTssLS5jix\/HGAW\/Ba4nTaWrPYVVdEOsb\/XDEPIsZyrNwRF\/jWTpwWsmUqk+xrWt34q2oiWsMWOS0jKCf1rNxpX3LVSr0RZubbxDNEPMurNe53T5wfoooUad9S+apYwpNDmtZ5JhewM8jZcJvwfzNbc8WrJGLg073Gpp7PICbhTnuF5B\/Gi9tiXF3LFppce7Mk8pHTG0Ck5JbIpQVtWZviWNY9Q+zrI5RdhUMc4JzmlfQuXKtEaHw+nxpNykmJJEvpUUsMkKMELnt1pvoVTcbanU2W+U5SPAHPTk\/Ss5SWxqmjVsbO+ncJFbSnd90bcZPpWZSki\/4\/wBVHgbwybO2khfWbxTvOeIVxzk9AB+ppP33ZGNSaseQfCrSLLxL8VZdX8UTXNzPpdhFPZJJEz7maRwHx6DgjPse1ej8FBKPU8+C56zculjvvE11YXfjH7HJBPcj7KNyyuse7lux9AOlZcunMaTleXKY9haXkfilNMt9024faZWf5Qqlcgsc4HXt6gc0qzTosVFv2qOV1UAavc332+0MZkZZIyWDfXp1U4P1xUUoto0rTiUNY0tt0qXElvHOQJggYK4YqONp7EAHHbFdUktmc0ZW94yW0a6lmUw3lluY8YmI59elZxqLZI2dkrmrHp98bx5ZpbaCRdpMnUo207Q2OMMud3+8fStr3epx3utDI13w5dvbTRW5t\/LlT93\/AKQBg9x+B4zSVoTuzaznBpGd4fn02FY9NbUIUuwyxOFmdlZlyAVZeG4PQ45rok79DmSUXqzo5ksoG83Ubu2heZQsLy3m0lV4DcgsG9SBisWpLYqDT0TGSw6BJaSGXWtPbdEQDHenAwOABj6dazvNu9joUYqNrmR4OdP+ESvY0ucOYsBM5JbOcY6+nAraas9DGD0DxRY29x4v\/tO+hmjie2iXypF2K5MeG5649hVSm1GyJpxT+Jl6LWDb6E7WsNx5Z\/dQxwwsNw6dhk\/U+lcrpSlJXN3WjGDcTE0BdWfX3vZNNvVkmUpn7OwVVHTqPeu6cY+z5Tipzl7bnkjoL20lkjgkltpoCVdZGkXaoODjk1zx0OuTTOaa7kF9ZRR7UmEccck\/BIQAgx89BnB49K3irxk2cU378SFdMutQRZY5GtrK3BLwxsE3Pn5pCw5I9c9O1UpRXTUycG3oZ13rcVrqM32KMyNESkFzFKVVlAwGweck85yKtRk+oc6RnJqk0drNDb2lvE0\/+tm5Z2\/Enir5Ypq5Cm+iKUNxdxM\/lTyxmVdkm1sbx6GqdmTdohSMhuB3pxdhH0neLM19MY70zJ5hBG9ZB19Dmvn+ZXtax9WoJpamXqdpauD59vYO2eslqEP0yuKpSa2ZM6SM37Foob95pMsZ7tbXRXH4GtVNsx5F2LulWelxSA2usa5aFuxkDqKiUr9ECp+bNSTTLu5UCHxHaXAU5Au7BQx9iQOlTGSWjTK9m+jJW0HVXiytlokp\/vwO8f6dKTlDuNU5b2KN1o2sxMd9jKg7GNy4FSrFWkuhSlF\/HIqmXJ7B\/lrRKLFqRrJqW7CRRyepEmDScY3DmYx571VPm2kijoSCDinGCHzMR7ucRg+XcLjplMg0KOoudjBqskYKtKw+qkYqnT0uNVRTrUp+46Y9jWapA59QOt3JbCbSPZsVSpPqL2g9NZvwRtQgAdmpSpIcajLtvrN5s5kkU9sNUulErnvuXbbVbpmXbcS7iepapcUtEUp9BPHM8U2uTtE6qscSA7RgEhBmrppWRnPcxtFuIDolk97a288rwKWd4gdx96qpF875WFOUXFNouR3GjBdzaFYP7hCP5GlHm7le4+hNby+GJWZZPDlqTjqk0i\/1pS5+41Gm+hINM8JuPn0OVT28u+cVnz1e5Xs6dthzaD4VlIVbPVIvQpeggfmtXKpUWqsN04WHP4U0s2Ml1a3mpKYmUBJZFIwfcAelSq8+qQezstGUrbTNPn1WawutSvYAtulwPJAccsVwQSPTNOU5RXMkRa75bluPw5pR3CPxDqke18AG2XB7\/wB6m6l1dxH7NvaRag0KFGMcHim6Geu62P8A8VWfOv5SvZy\/mFTwwgcudeDM3Um2b\/GtHU7ITpy7liPQ5kAT+341XOFH2RhWUqq6oOSXcVtBMhIOuLnGP9Qw\/pxTVVPoHs5vqRt4eeMbE1tG74EbD+lL2rb2F7OXcqX3haOeYTTaludRgN81bKrZbCdKT3Y2PwqcqF1JSvrgipVVX1Qeylfcff8Agt5rXjVISewY8VEqkZaLQ78vxH1Ks5yjzRas11+T6MtaB4BSG0lefWYFd0I6E4GOgFCqpLlSOfFVq2MrutUeuiS7JbL+uup6n8RfiJeW\/wAP7D4d+GntCh0aKz1fUp4y+1WiAMUS5xuweWPTOBXqTxijBRitbHzVLL5VK0pz0V2eU3OmRada20EUnnIUwMk8Y4x1rzHKT1PdVPlR6V8GvgzYfE3whfa9pXiW1tTpV3LZ39tc2Em6KVEDnBDkMpUjB4+ldtLDSqQ5kzzcRj40KnJKJ73+ybpNp8M\/2eE1bxJdQ6NZ3lxJqs5vXESWcTgBA27oSqg7evzAda7sLBwp+8eVjqsa1f3PQ+a2+Jeoad4i8T3HwxhsvD8Otarczya7Hb+fqN\/G8rMGEk3+qUgghFUY471yVMTyTfKj0aGB9pBe0b9DA8LWXgW58Yf2p8WrfxB4iju3An1g6pI11aer453J6gYx29KiniOaX7w2rYJ04XovU9++KXxR8K\/Av4f6P8OPhlYJrV7cWbXNkLi6MsFpbTEsJ5XHLlyxKoMcckgde+daFKNkePToVMRUblofJLaZBb2i220HALPnkMSea8uUm3c9+NJRikW\/DEY1DQ5tN1W4ubyx03UXFrZzTu8EHyKcqhO0daqc5WSTFToUruTWp3Xgjw7fa9FqK6FZaag0uyN3ceftj+Qdlz1PB9qiFGpNvUdbEUsOlzLfyNjX79bj9iyxuUAxJ4zGPlwMYNddNP6tZ9zzZzvj7rscTDeFlUHAGOeBXI4nsKSIjcsZ8B2AJ7Gko33QnM1LSJmbK5Ax1PFQ4oqMupcRP3BVpYkHq0gyKFoNyZnX0lvuCNdRsw5Hl5Yt+QrSyIlLoNEhMBBhuNrHjFm+PrkjipaE5DA64G9JlH8JldIxj86pxHzEGpWun3MySvIqyjAYpI0hYDoDgcfhUdbA1dXLljcJC\/lWtokK5yWS1xk+pLEZPuaaWmrHfsX11poFIlvYoUUY\/eXEcf8AIGk6cQ5mdx4Wurfw94ch8R3Ti4ur0Y0yI3DSAqeDKc8Y9K461T3+SJvCnLl5jyfWdbTV\/GFx\/b1pc3VmtxIqz28o8y6dHKhWU4ES5HvwK7lQUNE9Ti9o56vYWbWBNrkupSae8iyoIlaSUqwjXnaSB8wGQQOmPTvuk+XluYuSUnI2fBdpeapp7a3d6dYafp8wCxygkuwzzgE9M4+b68Gs\/aa8qNHBtcwttLd3moyTWwaWIR+TFcSEFYkU8gAdTwOD0qK1lFFUYrmbRxHiOSS01C6tVvJwsT7o5TJlo+h6fdIPTn14opSv8wrw6ld7XUptOS8Wb5pow00kagBwA5Kgf7LIMnuDXRJrqYpJGfLcX7RJsuZJfMC7l2A8GJJDgAe5\/CphCPNognN2NS1lumHkLblnEg2+bMCrjfh8HAztBBwDjnFa2SMW9Uyp41vbuO2aCOSKN3t94VEBwNvJ9iSM4zUJXkjSMpWbR578P9KtNc8WWtjezeVBIS8pXGZAOSg9Ca7KkuWDZx0Y+0nZns3iTwt4QuVtNMu7KURWwCwOsojZEH8O484rg9vUe1kd6wlOPVjv+EO+HFpDujsNPDDgG81Muc+pG6l9Yrf0jVYbDrf8ynHqvhDQ98cC6SrZ\/wCXdN+MehweKf72RD9hDsRJ8QfDatshZ\/pDZf8A1qbpTtuT7WktEA8cwOxENpqcqucf6tUz\/wCPVSTXUXtYt6JiSeIrq6J8jR76bB2uBMvX04zirbRLn3RyvxH8ReVpv2Ga3WC6ZwXgkmZpFHUMcDAx9c81rTg5M5qtRRRw2oazNPdRTRiKMQvuCgE7uc4JNdMYcq1OSVTmdxL\/AFCbU5jJc3McalyyxRrtVAR90d8exNHLFR0QX5tWytmzX5N4PvU3mHudxH+yj7sgJPvWmvUaUBu2DPzSDFSxNR7iKtsXB38Z6VUXLqK0T03VFRLufaSp8xuRXnKd2elEoanczRXEWy9uUyBkCQ8n09MVpGEWndDcprZsp65rmtadpv2i3vmYq2CJQGBH5U6dCnOVmRUxNWEbpkel+NdaEay3FvZzBl3DKFcj8DTnhIX91jp4yo1dpHS6V46wmZ9JbeoyTFNhf1rD6t5nVHF21aO28OamNVwsP+jEorYmbg7hkDI71x1KXKdcK8ZI2pJJ7JsyXSoFIG9ZcAfXPSs1Zo15l3NGKe\/k08XC3JeL+\/JErofxwabgu4aMp3t0m1Vu9J0y454IiCk\/lip5GtmL3exUmtfDc65ufDUqn+9bXTqfyzitFzrqLkiVH0vwqwwkuvWZz0EiSAfmKaqvZohwQw6HoXHk+KrqIn\/n5sAQPyNU5N9A5F3K9x4UV3xaeJdImB6GSEp\/SlGtbeLB09Nwj8A+IJUEkbaPcIc4aK4Uk\/h2qvrEPMn2Uiu\/gXxKGK\/2OkgHOYpx0\/Oh1odxeyl2I38IaypDHRr7A6lJAaHOLV7i9nLsIfDOphSRp2sAj0g3AVm5xTGoMry6FchT5i3yZB3iWyb+lac0UJxZE9sYY1iDhQg2qrW7Lj2o5k3dCWxE0UhO0SQA\/iAf0qlbqN3CK3kWQtHJZMx6j7QB\/OhoLtDxJdA7TbxN6mO6UkfrUpIOdotW91dqu4WZZfXzV\/xpuKRSqNdDUsLu6ks3gSykKyEFsEE5HTH51lJJFe1bIV028XWJdR+yzZmgSHZgYCqSc\/U5p3TikSr8zkTlLhVybWYZOD8uaFHQpTaFgMseSVkHIz8mMVNh89i\/b6hF0KOSo7qaOQr2t9CeO\/jYjar4x1xUOkHtURvdgEktJj2FOMA9qRrdI55M3HAypqrIj2rbGzSRseZpB9Uo5ewOoxsMsQc\/vpSTzxH3pclwVQmDBiMSPx6IeaThZg5ssoXduHlAxj\/VmqSQudjTbAhsecS3UCKmmri5tSDU4LsiAxwykQ5DBkwSCetOwnJnq37KWtWXwkvNQvPGOsNZWfjG5V7bT2gLyo+Ti6lC\/wCphx8u5uWzkDAzXfh6qh8btf8Aq542Pg6ztTV2uv6Hm\/xF8W+O\/itrx1Hxo0jWVrMxsdKtPlsrXB4YLn52x\/G2T6YrOtiefRM6MLhI00nbU0bXwUz\/AAav\/Hq6jFbw6dq0OlmyMG5neV40D792AP3mcY7VEaXNBzubVMX7KqqfL0ua\/wAVfhVe+D9RTQ08Y+H9X16e4t4ItDhDwXMvnEBWUv8AKeoJAPTJ7Vc8G4631MaeYqf2bIyfi\/8ADRPh7ZXU2oePPC19rGnpCLvRre6P2yCNsAYVuSq5HAHTkDFFTDyhG7ZNHFwnO0Y2v1K3xA+FmteGfh5B4yvNU0+aCZbUyWsSyedAJ8FN4xgdR+dEsNKEOcccwjOr7NL5jdT+G2s+GtPim1HUvDOnz3jRyyWL3kjXKh2CeYyAcgEjcR059K0+rPlXM7ErHwcmoxbK3iHwTr+mWviGbWHtLWHw\/LFbPIscuNQeVQyrB03jkZzgD8KUqLgm77AsZCq4xSu3+Br66Jk\/Y0solhIl\/wCEyUhAoU457E4q4u+Hv5mU4v68l5HCyQ6pJ96e3jXH8dwgP6VyXgetyyGtDCgzcalpQPp9qkkP5LxQm+zI5R8V1p69dStcLwPLtGfP\/fVK99xpFldU06OBxNfahnGQIraOMVm\/JGqvYqrrum24OLLVLoHr5l55ef8Avmq5ZWuHKjN1PxS4Df2d4btIiRjdNO8pNWlruRLTYw5fEXiMZKm1gBOSqW68fnW\/s4Mm7WpDc+INZKkSa7FGRwB5yrj8BUeyXYj2yXVFVtYtI4t17r3msTyUlY5PpgVUacntEX1imteYu\/CrT9D8cfEnTvDdutxMbqbM8u0hI41G5ySfYH86MQqlKk5l4apSq1OVan0b4yXTFF3qmovHbWej2PmJbA48qBVxHhevzY4Pc14VOnPmXmenOqrWPmrxd4i1DQvF08SWkJt5p\/t0ecljHL85BHZhuIwe4r6F0ObW54iqOzSRua5qjRaTcbrtZEFuZ4PspChmYLgFemMg5J55FRypO5DbtZC\/Ay+1fVNJu9EurhJ0tc3O\/byuQScnPIG3jiplCF+ZFxnUceVs9G8LW9xJDGVRUhTc6BAeQQRlvcnP5Vz10kmbUE7ps4bxpK0OrXLrBBKSqsyznCYG3n65I\/Knhl7tysRL3rCadCyR+S1zMIwsZ4YnflmwpI45Bx7\/AJVvexhNaHPzwtHa5Q8qq7XHb\/Rjg\/8AjtF\/edhrVJl+K\/kj0bUT5cTGO4iJMibuGkT19A3HTt6VUXZamVWKUkyj4ohUC3RckNaFffhnWs4Sd9jotpY8y0mQQ6naSn\/llcxt9MOK9KUbpnkRlZn0lqOnomqwQypGySeYU+UEtkE49+tePFNnvSSOOurXS9E0qK9uoNwmMpnusBRb7WIJI754UKK6Iw5nZnn1H7O1jAm1Cx1LTTqFm7WkbOIrdprEHznzj5MuScDk+2fpXRClFaWOd1XLVMiur20t9MtBHruj\/btoeYzKY9oJ\/uhTuPB6GqdFLpoJTltcoeMPF9qPLg0K5eZoV2+f5exCe5x1Y54HtRCn3RM5roUNR8c6tc6TFbW8cdkTD5V3LExL3J9QD\/q\/+A+vWteRRZEp6XOXYzSymSV2Zm\/iY5NaJq1jPWTuwMOFJNDlZg4jVUkHJwOlDVg5RfKBi3Eip5rMfLoIsP8AdHWr3FyksdpI6j5eBUNpFqm2S29mqygyyBFXkk0udvYagluejay3\/EwnBzxK\/wCPNcK5b6HetjO1nYLjeqFyoXcD0B9a0jewpMzvEdsZfD9xHHnePnCY6CrptKauZVFeDMvTEsWhhaWFIy0fXLnn6A1vNtbMiCjZHSeE9Di13WIdLsvLaWfO7dK0aqAMnk8Zx+ZrlqzcFdnRCKloj1jRYdD+2S2mmTI00MKxTW7N8xKDGR2J9cV5k\/aNXa0O6KinZM0Joi9sV2maHGMnl0HoR3FZrcuxWsDf6NI02lsskD53W8g3REHrx\/Sqfvbi1WxoW80E8Bm02Iyrt3T2DJueI9zGD95fbqKyaknqNMy\/EemyX0H2jSLmS1nA5jVyEf8ADsa3pTtvqNuXRnK6bq+rQam1veSPNNAcGKX5T+PHzfWuhxptXREarvY6MarJIB5lrEgxg4kIP8jWfLbqa87fQY9\/GMN9mR8\/9Nd3\/stA+fyEu71fJMiadHIByf3mCP0FNJPdk867FC41SZbaSSPSZWkQZWOK4bLewo5FfVi9p5E+l+I7kQ75NK1SBx1Au92KmVPzHGr5Mls="} +04435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":5,"flow_src_last_pkt_time":1654385136207603,"flow_dst_last_pkt_time":1654385136871982,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385136871982,"pkt":"nLbQ0+MztKXvZygQCABFAAt0FqpAADcGOPisaXlSwKgCfgBQtFrv1kXjOBd56YAQAOv0SAAAAQEICsmh0KvytRw4dtcW9pfaFbxACZUaSQglhmNMY7DpVKDclPsTZ2aRyx0yQ\/K6j92rb9y42Y6nj3ronVUFdsUaUpuyMG11bTFvTaOhSNSd0jdSfYVLnOSukbqhCLs3cvWsNleyTvavHJIASY2GMr\/eX14\/Gk6lvi0JeFbjzRdy\/b6S8qvvc+Uu3kKAGI6D8qfPYxjC49tKTyzcW+4RkgMuAeB3\/OqbvoynDsRnSRKzAxb\/AJhubGB+Pao5rPcORsl0DwvaeJPino2iasrf2aoa4uIhwJcdifTiufEV5U6UpR3OrD0FUqxjLY+7fhn4d8CQ+F4bfSrLQYktYt0kdukZ8sAck4Br5mSdSTcpO57kp+ztGEdPQ80\/aa8D+Dvib4JvLXQIrO61O0jMtncwW5Q7l6qHKjKnp6Vrha1TDVVKLvHr6Dq0ViKXLUVpdD5O8DWd4PDKw3pZHtXkgw6jICN0\/A8V9PKak7x1ufPcrjpLdGtb6cRcqxiOx8BhnB2kjOKlvTUEi14i0\/TnuIn0kSSQFASJSfMD5OeD26Yx9ailKbT5glGLKUFqWbag2tvxtCjIx359q1eiDlQradBvEQLCRTuD5\/pU81hcqKktoQ4B5YEjbjnNW3YXKRRWbKNpjYjrxg0vQVkkRvZsrPIyDBXkelPm7gPis96tuYlAOwAz6Cq52Ci2StYxspli3KDjcMZyKlyHyIjktWJI278kZPQUvUdixHaO\/AhOW4z\/AAiolpqVYVLRo2VWG0jkEjP86SknqOzJ\/sS+WJJslsYAzgrRoh27kVzatEdpfCFcKSo\/KpUtRWIRbv8AeCZG3GB3z6VUpK1mPlMvVrxoZZIYEA8n77EYwT2pcrlsxqyL3g+18T6\/p72Xh7R9RvHuw2+78oiNVHBIOP5VFWdGk\/3kreRrShWqL3Fockmp6ja3U8d7byG4t\/3bwPHhlcHuDz05rr5U0mtu5z3nFtSRajmkuYiJF+eJ9pXbjOec1cJK+pE4pG4vg+5h0azvZLuMrdyIPLELZjL8Lk9D61ksRGU3C236C9lpcqax4fuLPQoNZaeGSO6wGhCkNGSMjOevA604Vouq6fVESptLmMj7O8pZd5aNVA4UDJ7CutPQhRvoVJoFIZ484B5B5yO9XzSW5nKC1cTo7GPwi3wyvo71rUawQ5jzFumc7TtKt0UD+vsK4qksR9ajy35fwEo0\/ZO+47TxpotdW04+H2+0xysYr9IgI4xvHy7vpnioq+1vCfNp2NcLFKUo21H2K2sUg\/eKS7hFZjgEk46np9axq1G\/dR6VGmvieyI\/H2qS2V\/fWEUUqkApcSMCsjEfwj+6BwKijSTSZvOrLYqfEfwl4w8LaLo763YlY9bsYZdIvom3JcRyMH+92dQMEdq2oVqVSbUem69DCq6sYq\/XQ61\/EN740+FGuafqt017eabPF5Mjx5kJkOd7EdcEHk+tWlytyfUznyyaSL3xa0y2m8BvBahpF0mWJ45OSNuBEy+i8\/w+2e9ODuYuN9Dn\/C82tXHw81k\/ZJ7uXMNvaSMp3NuypWMjBYqo5wTxgHgVMrJ6FJOx0n7LXhfxLYfFG21a50K9t7CK3kWS5uITGinggfNyScdqyxEoyp8tzbDRlGpzNHpmu\/DDQ\/iR+0BeT6\/LcvpVlbxSCCGTYJ5W\/vH0A49a8\/EYz2FO1PdnXQwka071Nj1uz\/Zx+EzwxGTQpWCKBs+0vg\/WvMhj8TvzHZOhRTsoHDfHz9mj4eT+EL4+G9Dj0rUooDJa3ELtwVGdpBOCDinRznE0a6U5XiXLLsPXotxjaXc+d\/EniW++2O9lG097cRxLf3VzGCJ3WJUOB1BDAnOeTzX1MJKSPm5U2nbqc9oPhLWNfu7qc3Yjk3DzGlHmGXdknB9eBwfUc1GIxcKFlYzjh5y1I9F8KXWpWTj7TCrwweaqTRtkD5\/lDg4\/gPFOpi1TauhKjJo5XdwCePrXW2jAa7YBJyf6UlG+g7kLks3Peq5bEtkiQeZFIRNEjID8jvhmAGTihDtdD1vJ7iS1WdzOUIWJZAXyOwwOT6AUnHlvbQ1g5TtfU9Ts\/gV8XPFGmpf2PhaPSreRN8b3X7uWX0452D2GK86WY4Wm7Sk36HorA15rZL1OC8b+G\/EfgjUoLHxPZyQXLlgWD70cZ4IPqK7MPWp103Tehx4nDVKLtUWpmklxwR15FbNWOM1LHw5q17pEmr20Sm2jB3sZACccEgdSP61i8RShU9nJ6stUpSjzLYQ6Nqx0+41B7MNBa4851cfJwDkjOehHNU61O6jfVi5JWvYy5t0qli6japxx1Fap2djMbuPDbsBRgc5q2rbARb2dPTmk3bcabEGRJvyMhs\/jSeoWd7nsMupQajqc0cEqSZl5XPzAbu4rypUpR3PXUk1oc3qpI1y4TIIDnBK963gvdMnuV9Q2fYGJkw2Nu09+ataMTeh18Tsnh0uM5QsSQenT9a5tHPQ2+wO8MyFtLkjaWVkCXJjEhJ2Zj5wPes61kxI6\/Vf7GGkX50uz+zSW2kxwTbkxvJGQep7GudKpvI3prTU+6PCNraz\/AAj0XQr2OIS2tlaqM8v5McaFiD2IXPHtXTBxlSUJb\/oeVPmjWclt+p4p+0l8JbGwSW5sC6xXllO6SxnI6E5+vOMGoq0nTatsd+GxHtYtPdHjvha3SXwLpaFCZWtgWUj5QFRMGueTfM7navhszpvBENnaPdXV1dRWdu67nkmIEXC55z354FDVxxVtUeKePNSufEepXlywiihjkJghiXCYJxu+vGfxrspKMEu5EpczscpodlDcajNG5Hysd2OO9dybUbo8+rBObO30mwmWPlUk3DCO7fkBXPe4WPRbjw1o9tHHdW1xJJPG6lUaXO0FOePTIJ9ea4I1qsm4SWhfIkZF3pUdvpVreK+fta7lQAKY8etdcKylJxXQTWhTi012HluHMkY5AOScc\/n0q25WBQLVj4et7nTHvliljlcSNERKE4TqMduv+HWsXWcZKIezViaW11f+z7+G2sIXgcqZrgP88RCJyR3+lNpOUW5Wa6BynlPj3xEuhavJp1vD9odVBuCzdTjr+orR0nVlvojVTjRjruzmb7V9CkhFxcaNzMckrICc1pCnUvaL2KlOCjztbkui6tokM\/2i0V7dowfkkPUGpqUqtrSCFSC1idv4JWTVPDkF7FyGyHQtgMQev5ULTRmVRK911Nb+z5pmYn5InPSNsBh\/SnJuxlyhFp4imkhRW2oN5bHRT7\/nUNvcvlZv\/DHTrI+OIL7UCyW8sT2bMEDNGrYO4e4rz8fU91RPRwFN6z7aH0Ro+maX4cuNIW68Q3H2LUUntzNqEkcCNmM48pVAwo9D1z3ryvacyskejZ+893oXbnwjommaQPEVnJcZniaRnGoSSxT7gMbEJwi8ZwMVNST5Y20LpTbqyTPkj9obwrpGkeM9F03QFSO+1Oz+036CcsvmyOdpJP3SRzivYy2rUqUpOey0R52YUqcai5Fq9WYtp8OvFUNwkzmyZY5FJX7XgPz0z79K7JV42ORU5djW8V+B\/Fesagt3a6XZ2kUa+WY1u0ALEkjGPas6NSMY2k7lcr7GcPhz4wFx5Pl2TMwG4C7UEZOBzVurHe4+XyJrP4XeIrlphv07dE\/lsDdglSDgj2x70vbxEoeRMfhN4rVBIHsNhLBSLsduvb3FN4mC3DkKGqfC3xZbSFy2nmM4xtvQM9P8auOJptEuDLFt8IvG7ShZIrKM4z810Dxj2qJYqkmNU2XE+Dnjgxx749PaOUkrtuhxt6571Lrwtcfs2IfhP4ngiZ7lbGEKMnddj5V9an61Da4+TyJrT4X+JzHlRYlGwP8Aj5H5USqp"} +02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":5,"flow_src_last_pkt_time":1654385136215384,"flow_dst_last_pkt_time":1654385136877748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385136877748,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7aFAADYGaKCsaXlSwKgCfgBQtHgmulasUbJfToAQAOsAuAAAAQEICsmh0K3ytRw4rr+dPll2J9rDuH2qHPEi\/nTUWL2sRDdwjrIv50cjD2sRRcxEZ3jFJxZSqxAXER6OvPvQ0xqrDY5D4tykw26r\/dY15WYX5dT2cqSlJs8806YrOBj+KvJhKyR7TTses\/D450WRh3m\/oK97CfAfNY9vn1N812HH0CgAoAKAKmoKGdfrSYCYASkxoj+YNkdKhPUpEucDJqkrk7sq6jqNrZRM88yIAM5Y0nJIcYts808Z\/E8NJJaaJCJWHymZvuD6etYOcjojBWOW8CaLeaxrF5qGqXQd5jg5XPGKjVkydixdeCRpOrfb2YywKSSMdPcCmolKqnoU4U0R\/Ej3DrGrMmwlvlDVSsiWuYv3nhzw5f6f5KXiKztksJASKd0yHTZNB8OdAvNQSQ3LYRAAqsM5oaXQFFrU6Hwr4bsvD8MlvGBIHOQSKtRIZrbYEbcAiA\/hTQt9zD8YeNPDmh2cj3+owIVB43DNUhO0Vc8Fuf2kNOsddlSyhe6gE4VWUZGN2KU0uVkRre8kfSFy2J9wOdw4PrxXiX99n0yV6aaNO3SK50wpJztYMK78K1c8zGQ6jLmGC3gMiLjAruex5j3OS+H\/AIz\/ALc8S6npAt2DafJtL44b6VI0do0roM7OKZVzwr9pv4n\/APCGapbxR2\/mSzA43NgKPWsZs0grs8Q8Q\/HbUr1WHneVG42lEH9ajmZtyJanKXPxNWVSBkntk0g5Udr8Lfiy2l6LKYrsRvKc8tgigmppsYWjeNJfGfxltLa9na4RG3DnPNTiJOFO5zn1fpNx9n0tUXaEQDt2xXyeIm5THzHJeN9Ttr2B7YSKpPccVnT5r3M5TRwAtI7eZv3yyEnjviuzmt0MZQMW8Mtn4kt52jO1nANaXXKQtHc7iynvJ7xYNOhG6ZM7tvA9q5mkt2dKk3uc149g8RaVC39p2itbytgsPfvWlNrmtcJcyd7aDZNA87wlt025kjeRdzDqAarnSqXRLjc4KNLDTdWSLVroswbaVJ5rq5ueOiJ5Dpr\/AEnSfEdmbbTLkI6jIUGsVJwlzSDl5jnPEfw98T2HhV5rec7y2Ex3B7VvTxlO\/vIv2bOp8FfA2b\/hDxqd\/e7tQkj3FWOQPapqYqLl7uwOkeYapoOpz+KTo1rCXuYpNu4dMV1wrRjG7IUdTb1X4Z+N9A0q41b5XQICVUnOKUcXTm+Vlukz6m\/4J0ytN8BpDJu8xdRnD7uudwr2qKXsSILV3PZfEyF9Gul9Y2z+VVW+FnTQ+I8i0TQIXup7tskmIAZ9K85UtOY7XVakokt2lvHZ23mELhgFzV07cu4sRGUpe6ct8SVRdV06RCCBJ2+lcc2o4hM7KabwnKzR0TxJFeac1mVIaNtvNbVa3PTauZUcM6dROxzfilr6cj7MzqVcj5PSuWtUSS1OyjSu22j64cDd+Ar6I+eEoAKAFAFAC0AFABQAjsFGScCgG0kVJ9St4wctnHpTS1J5tDLvtfs9pHmDP1rSMGc8p3Wpmv4jsIHyrfN7GtuTuc+l7kc3i+2248w801BLUbbZRPiOxCnMz8nPWruZuMRv\/CS2AOfNOfrRcXLAR\/E2n4AMh6+tF2HLAkXxNY+WcStz70h2ih0HiexSRXM549TRYFa5nePddtL+3jKTKdsZHB96+ezmcYtRPrMghKUZNHKaTE8kwA45+teJGSbPdl7sdT1PwXqMNnpPkzttJfI\/KvocCrxPmMx0mdFBqFvLjaw59TXbaxwKSsWVZW+6QaBp3FoGFAFLUCBKue5xSYgLKE+tS3YtIoX2rWNp\/wAfE6r+NZORpy2OQ8UePim6DSIPOf7pdjhRUub6C5ex57rF1fareGTWtTJU8iGNsIKnl6tlxfZGNqt9Z2zCGzRdw4z1pOyGoTmx+jarqVtMrQTNCM5fPO6hSRTpcqNrWvHISwMV"} +02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1136,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137455380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":143010,"midstream":1,"thread_ts_usec":1654385137455380,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":69132.9,"max":895343,"stddev":184366.4,"var":33990969344.0,"ent":2.2,"data": [356191,54,308075,59,2442,3212,112,200163,0,56,36,29,26,27,25,1594,86,63,42,33,23,24,35,23,895343,371980,1,1344,81,1941,0]},"pktlen": {"min":260,"avg":4534.2,"max":21652,"stddev":5608.1,"var":31450232.0,"ent":4.2,"data": [264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332]},"bins": {"c_to_s": [0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1],"entropies": [5.893450737,5.720896244,7.959624290,7.965476036,7.917325974,7.914794445,7.850610256,7.954618454,7.905844212,7.834187031,7.916584969,7.918063164,7.852417469,7.840590954,7.847774029,7.850798130,7.845216751,7.939498901,7.947888374,7.909615040,7.916443348,7.857475281,7.837258339,7.835073948,7.714247704,5.815073967,5.763088703,7.974996090,7.979550838,7.864511967,7.949629784,7.970819473]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385139579809,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":953,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":953,"pkt_l4_len":919,"thread_ts_usec":1654385139579809,"pkt":"tKXvZygQnLbQ0+MzCABFAAOrd4dAAEAGTmTAqAJ+Zx1HHomAAFCgxdnYmdL2h4AYAfZ0\/wAAAQEICoGE\/JiYFaLeR0VUIC9jLzM1LzEzMjc3PyZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzYmXz0xNjU0Mzg1MTM3OTY4Jl9jaGFubmVsPTFreHVuJl9sb2NhbGU9VVNfZW4mX2NhcnJpZXI9MzEwMjYwJl9yZXNvbHV0aW9uPTEwODAlMkMxNzk0Jl9haWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlIEhUVFAvMS4xDQpIb3N0OiByZWxlYXNlLmJpZ2RhdGEuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +01663{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139579809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385139579809,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com","domainame":"release.bigdata.1kxun.com","http": {"url":"release.bigdata.1kxun.com\/c\/35\/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385136&_=1654385137968&_channel=1kxun&_locale=US_en&_carrier=310260&_resolution=1080%2C1794&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385139941321,"pkt":"nLbQ0+MztKXvZygQCABFAAIlZ39AADYGafJnHUcewKgCfgBQiYCZ0vaHoMXdT4AYAffzugAAAQEICpgVo9OBhPyYSFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpMb2NhdGlvbjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvZGV0YWlsP2lkPTI3MTU5JnN5dGpkdCZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzkNCg0KMA0KDQo="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":765,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140171515,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":831,"pkt_l4_len":797,"thread_ts_usec":1654385140171515,"pkt":"tKXvZygQnLbQ0+MzCABFAAMxxydAAEAG\/ubAqAJ+oXUNHbFEAFArm5Oyz2Zv74AYAfZ03AAAAQEICrrGE\/SXERVjR0VUIC9kZXRhaWw\/aWQ9MjcxNTkmc3l0amR0Jl9pbl9hcHA9a2Fua2FuJl91ZGlkPWU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOSZfdj0yLjguMi4xJl9wYWNrYWdlPWNvbS5zY2VuZXdheS5rYW5rYW4mX21vZGVsPXNka19ncGhvbmVfeDg2Jl9vdj0xMSZfYnJhbmQ9R29vZ2xlJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX2dhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJnQ9MTY1NDM4NTEzOSBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +01530{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140171515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":765,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140171515,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385139","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140551907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140551907,"pkt":"nLbQ0+MztKXvZygQCABFAAXUeftAADQGVXChdQ0dwKgCfgBQsUTPZm\/vK5uWr4AQAO+9VgAAAQEICpcRFhe6xhP0SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogVHVlLCAxMCBNYXkgMjAyMiAwNzoxNzo1NyBHTVQNCkVUYWc6IFcvIjYyN2ExMWE1LTFhZmQiDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjk0NQ0KH4sIAAAAAAAAA+1ZzXPjthW\/+6\/A8hBKYxIk9S3LtGfX3kkz2a\/uutN2NB4NREIyZArgkpBlxfa5nZ46PeTQe0+9Z9Imf85urv0X+gCQEuWP7qbNTJJJPR6TAB8e3jceft5\/dPzy6OT3r56iMzlP0KvfPHn22RGyXM\/7bfPI845PjtHvfnXy\/BkKsI9OMsJzJpngJPG8py+sHYSsMynTPc9bLpd42cQim3onr71LxS1Qy4tXV1bW4ljG1sHOviJSD0riA2C1P6eSgBwydenbBbsIrSPBJeXSPVml1EKRGYWWpJfSU4sHKDojWU5luJATtzdAkiY0PROchlxY3oYpJ3MaWheMLlORSSW3+VmzXLJYnoUxvWARdfXAQYyDriRx84gkNAQDOGhOLtl8Md+aArJbU4ucZpqEjGHhfZJkdEKzjGYVpUTGpoyDWcAQCePn6AyIQsuL8twjaYrheRi0+n7bQhLMUVgBZi2U0SS0crlKaH5GqSwUrzKZ5V6+ZCnNigeeM644fhSv\/UeuC0LlUcZSiUi+4hHKswhk81IyBec18FSIKey+4jGLiAoQHIl58dWDzUmcj1eGCM9y62DfM9wOXFcrXPDWXFUA5BBR6QXOxdlCc4qYXM1ywQ8ZNa6usFAGK9ZXDDMjF8TMWgdoyXgsljhKxAKeSY7CO1PX11cQR5Lxab53dePkksiFersZrFdhcAOLQ6vhN3y\/HfSbrb5V+ZouxgmLRud0FVo+bY07vd44GkfNqN0nzaAx7nf9dp9OYHHUa1Hapj06Dvx2L+4EjV43isbjSTQJSK9NSMMaoNpkwSNlytrSiZ3cSRxWv1oOk9NQ\/bm+Hp4O1AtOF\/lZ7cqeyjkGoTNp73G6RMdE0lodT6k8YXN4c+gFJNKeJpvl9k19cEEyNAljRfI0oXP4mj9ZnZDpC0iVWl4f+qfODD5HGQVWBQXMO3ESJo9COyaSPCMrmtmH9idJaO8me7Y9mGEdHqHMFhQGyp926U+Sso0HMGEqLpTUs\/wQrGrvst04GUxwSjKQ5YWIKWYcEkk+oROR0drMmdQHN\/Wa8aUTi2ihhHZs42XbqYjk2J+ePHfbjfbz1vOmXR+gdbztfDBa1rUBmSAvxX\/7BZQVnWR4Ktl8iiPu6TlPpJSDct7baJQIEtNMhThSBnKLiAn8oN3tNpt+MZ3RmGU0kouMhbqAqnhX9iHndE74lOigX9KxlwgoCr9++5oCLYdqUZQ7S9c7C20SaWfnnjQNbe0OW2uydoQq1SYXJZmChVXNy\/WOMNZeSSWoYG+Yb2ep0Sx2o4SBA0IrIi7Evtvq9IJu0Gp3m61mM+j0rGqpKK34PxeMe\/Xc9lROo0VGQSSoOniKYwGJSUHY6BxzKr0tJSt1RClZiQ4TyJZ+WNsbfKQBK7zvMN5m+F9KvJFWFVFU1rS1bzdlbjN1fY2uonm8h4anNwO9av0Nw7wpJ+vSU0dXmgahDVVMJ4zTN4mQNdtrBJ1Otxv0G93AK4N3lEuw9WrUbPuXbX8UBEHXdtBwCGMHtaGuIHuSLFisJjstmGt21OSw2TDfFUHMLtxpKl0S"} +02185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_src_last_pkt_time":1654385140171515,"flow_dst_last_pkt_time":1654385140556480,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"thread_ts_usec":1654385140556480,"pkt":"nLbQ0+MztKXvZygQCABFAATlefxAADQGVl6hdQ0dwKgCfgBQsUTPZnWPK5uWr4AYAO+qDAAAAQEICpcRFhe6xhP0u0Gn2Wk3A7\/T7fd6rm\/XMYnjNyZsaxuxjL9r9brRqipx+QlDnkIovIEin9DX0GNAPtf+E30kkoSkOX06T+XqmF3k91EXTIs8Kimgwir3lOecejeF6qflqjHhnGZ3XLXllrXbPuChwO81Gv7\/PZRAGwvHww+UTBz6qQs6gsoPnkrW2bRJoTJtIINa\/b6Dgk5fZdPahfenU9Dst3o\/X2dtHXa6izQzCLFJTbWBYoJYfnQOJy8KQ2SVFc2CiqYKfUmt6R8VlFA8bn1EqFZpXTf1tDoJFXV4Wi\/6sG3eqiibCjUi8cicl3vowQPTubvaFJeROjZHCfRwCTDK95Dqr24TQ8XZnrqpDiuDdVFS37fbhi1Lqg5xXV9B9827OkRutnZbf1NxX6XVY22ih+nvHjpVyUsTqqT6yZ89Dwn+gSPog8vuO4keWnTnQKoSFlGyToAtx\/2QjvhxTpaqqtXA+eXZ\/0c\/N34urjBHwa2i6BlQykBS5a1LX7oAVdqXTCb04Ltv\/\/7+L1\/ue2a0sw89K1L4AFz6VOsPQyAtJyu3EKLAr3U\/WEVzKqCFuSB4nslPrO6Y7szc0iqsvIj4NIppYxtV2Sl23ynK+04JkGiABas73gy632zlBjiAXw0HbeEyD66AjQRP3QZuYf\/7LEvIFyt1O\/7AGlsLdxerguuoMZStwb+NoSq31C2ZtxgZZTE04NDQ51KkhRQfwfPdN3979\/WfvvvyD++++er9n\/\/4\/h9fvfv6n\/\/69q8xBY\/ElEcrlyQJWGVHx7vp8QvngZnvkBWI28eqYSlfTcZuHp8rF38\/G+jFgPvEIsPjBY8TCjwOg04LOr9ur9v6CHZbNtX8ILrhKm1APoUirjn2ABWrXnm3Ym59\/xcMgCYcnF8uOJ6LsUaBQDlPz4wMwwe5eFUt2uru2W8GD1N7MoKAW9JYJEKca4QDrAmwSmHNDcABebK5nT0qm0UE0BuKHSTLa\/ASn7BzKc4fAwC+gktu\/nI8AxgnlBpNk\/ItYHNSAXTSAHQwgwHUPhNxHg4t1cRZjgVIeHQOTwbRI9lkpV45QHccUBh4j+l4MYWn4OrPZKJfI7UQkLhYUZOEEUU5zcQihac5749ARabIYparW24xPnWUEABtPubxsUKdw1K7mnRo\/UoO6elmCsamB4BZsBcHP9ceZxlZ4TQTUqjGGufgfooBE09qJJtqEC53\/Hq9DlgpIHU11Tay0B+w\/Yr6OKF8Ks8GbHe3fkugGoy1kIWlhuy0PlA0pVU24sn6VbkDDRXJiBWmdjjsyO\/bkd+zI93aj8N+mQbYEL3RX1Sh2uxKHV6\/MlptwLoyArDUEaGDiwU97qXskiaehltzlbJalRErxAWY2WwBkoPhh8Y9eoBHi5Dp7UcQUUo5uaHWbtotkV1DJQyV2FAJxZOrsQ5IEZYo6S0Y1zLBbtUHAt+PmTuiQHIf+fCqjg22ax1C3qgDbpfuWp8kbAxvJvLJZqN74eT1foAqD8iDEK9wSB1AKY04KQMoN9Tsox6k+ecnR\/7Lz5uPX79qfxY8\/xQw3TWVSiuDutyU4DAq9QYkCRgp6vX5rs5E\/c+jg51\/A9YbBkX9GgAADQowDQoNCg=="} +01126{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":4,"flow_src_last_pkt_time":1654385140580140,"flow_dst_last_pkt_time":1654385140556480,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"thread_ts_usec":1654385140580140,"pkt":"tKXvZygQnLbQ0+MzCABFAAHoxypAAEAGAC3AqAJ+oXUNHbFEAFArm5avz2Z6QIAYAfVzkwAAAQEICrrGFY2XERYXR0VUIC9jc3MvYXBwLmNzcz8xNDkwNSBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2NzcywqLyo7cT0wLjENClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":5,"flow_src_last_pkt_time":1654385140580140,"flow_dst_last_pkt_time":1654385140772217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140772217,"pkt":"nLbQ0+MztKXvZygQCABFAAXUef5AADQGVW2hdQ0dwKgCfgBQsUTPZnpAK5uYY4AQAPsjnwAAAQEICpcRF726xhWNSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9jc3MNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDA1IEZlYiAyMDIxIDAzOjQyOjE3IEdNVA0KRVRhZzogVy8iNjAxY2JlOTktMTdiY2MiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjRiYmYNCh+LCAAAAAAAAAPVfWtvZMl12Pf5FRdLCNodTPewm48hm0AgaeWNDFiGsFYQIF8aze5Lsj3NbrofO0M1FpATr2EZsWXLhhLYSqAojmHYseVECmDDsfJnPLO7\/yLnWXWqbt1Xk5wdLaXdZvPeqlPnfU6dOvWV97\/x1Q9\/41e+nb3zb779QefknbNH54vJ7fZ6tLyczgf72WizXpzdjCaT6fxysH92sZivOxej6+nsdvDOq1\/83Wf\/\/NPP\/\/yTz\/\/pj9958uVv5LOP8vV0PMp+Pd\/kX37ifn\/y1eV0NHuyGs1XnVW+nF6cnY\/Gzy+Xi8180hkvZovlYO\/i4KJ30T97lGU0xWr6nXzQ69+8PPv40ePtYrOeTef5YL6Y52fr\/OW6M8nHi+VoPV3MBxl++\/Gj7niWj5Zb+vfgfLG++vjR3m+uFvNtNpmubmajW34bvp0tRria7c1iNeURLqYv88nZi+lkfTXo7e9\/iecYzaaXMPw4n6\/zpQF5sLw8H717evKkd3D0pHf87En38L2zWX6xHuwDvOvFDf33Kp9eXq15OIWAQD37Tmc6n+Qv8U89D042vb7cCghHOJAOQL+4EaZzxETnfLYYPwfc7I1uboBYLzv85vEhvinEI9LBI9ej+eVosngx1+FxhW7xvHaCWhZhlvq+EOfiwkCNQLsxAbsfFQBwgy\/zGRDpozwC6enj63y+efwUxoH\/dl4sRzfbAktkexf0jwc1Y1iBuOvFNSHZYd3Q7nyxnOTLDq6od\/MyWy1m0wmMxfyluM96+31cBkxfgD5GHzyTzabb2XS17qzWt7OcWe7sAhhpPUAQhHX6R0nOcdjIFB0yM4xqqP4MqGL+sLoZzbeO7ExvhoyW1jkGQntRyXpH8LvI0hH9Y8bqLvPJzWI6X7sBAzYS5B0YpsPPHu7ROWBxswbZA6Sewp+WxNsHALFgewkitVkNsh6+aJB8YJhJRB2wMJHX4HlDIaY2iXcoemaZODmv0rEHyYMIC82vC++Oxsh7GWFSX9rfHx8+O48f8QjS55j3Pn70aA8lB1VGQV94jmWNsP+EflAbeAz09q1eUZlGCXS8a\/gZ4NLpMvdpeD1aPS\/jUtHQhv\/tHI6EynnIYSUzZHvj2WKV+2U6qit\/fEno3keykwwe7qO+qR3TcDmq16rnFbghsJoHxYFvF9d0mGh2z9dugUqBypU4yPhpD1wWj3OMSGGkoVAToXtHzZbNg8cgIx+irkKN0b1aXOdoLAz\/ZZvl7N13ut2n0+vRZb56io8M8YXuzfzynffA7nSW+U0+WltxdMyR9VAMO0fPAGw\/aIdscHbQh9WwGyDIP0BVI0qS\/8BrzU7gSSCKA3Q8WueXi+Xt\/QLbeXbyINCuwH0YX90zrL1jQNYDoPb6vpHaPwLNfc+AqgJ+KI5FMbsvfnWwPiTTPgjAD8i3DwLvA7Hu\/cD66Onj2QIiH\/RNfw0\/vA8Bzwg87iUYYAyJ"} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1158,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":443,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140779083,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1654385140779083,"pkt":"tKXvZygQnLbQ0+MzCABFAAHvAsFAAEAGxI\/AqAJ+oXUNHbFMAFBD8y8ewu06rIAYAfZzmgAAAQEICrrGFlSXERfAR0VUIC9qcy9zd2lwZXIvc3dpcGVyLm1pbi5jc3MgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140779083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":443,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":443,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140779083,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/swiper\/swiper.min.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140794335,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385140794335,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEGNAAEAGtwDAqAJ+oXUNHbFWAFBjG+nbqUorjYAYAfZzhwAAAQEICrrGFmOXERfRR0VUIC9qcy9kZXBlbmRlbmN5LWFsbC5qcyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140794335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140794335,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/dependency-all.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140824396,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":416,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140824396,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01098{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_usec":1654385140824396,"pkt":"tKXvZygQnLbQ0+MzCABFAAHUlAtAAEAGM2DAqAJ+oXUNHbFmAFDqwyBTbdxR+IAYAfZzfwAAAQEICrrGFoGXERfuR0VUIC9qcy9mYi1zZGsuanMgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1160,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140824396,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385140824396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":416,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140824396,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/fb-sdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1161,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":434,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140835391,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385140835391,"pkt":"tKXvZygQnLbQ0+MzCABFAAHm88RAAEAG05TAqAJ+oXUNHbFoAFBS0EalvQnYUYAYAfZzkQAAAQEICrrGFoyXERf6R0VUIC9qcy92ZW5kb3IuYnVuZGxlLmpzPzE2NDQ4MDc4NzQgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} +01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1161,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385140835391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":434,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140835391,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/vendor.bundle.js?1644807874","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1162,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":436,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140836422,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"thread_ts_usec":1654385140836422,"pkt":"tKXvZygQnLbQ0+MzCABFAAHoPA1AAEAGi0rAqAJ+oXUNHbFuAFD4VTA0r32OCIAYAfZzkwAAAQEICrrGFo2XERf6R0VUIC9qcy9hcHBsaWNhdGlvbi5taW4uanM\/MTY0NDgwODIwMCBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1162,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385140836422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":436,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140836422,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1163,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140850557,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01094{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1654385140850557,"pkt":"tKXvZygQnLbQ0+MzCABFAAHSWjRAAEAGbTnAqAJ+oXUNHbFwAFDyLD7Q6DFyGoAYAfZzfQAAAQEICrrGFpuXERgHR0VUIC9qcy93ZWJzZGsuanMgSFRUUC8xLjENCkhvc3Q6IHRjYWQud2Vkb2xvb2suY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1163,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385140850557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385140850557,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com","domainame":"tcad.wedolook.com","http": {"url":"tcad.wedolook.com\/js\/websdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140779083,"flow_dst_last_pkt_time":1654385140963152,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1363,"pkt_l4_len":1329,"thread_ts_usec":1654385140963152,"pkt":"nLbQ0+MztKXvZygQCABFAAVFItxAADQGrR6hdQ0dwKgCfgBQsUzC7TqsQ\/Mw2YAYAOvLegAAAQEICpcRGHq6xhZUSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9jc3MNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogVy8iNWY4OTQ3OGUtYzJlIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo0MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KDQozYmYNCh+LCAAAAAAAAAO1Vm1v2zYQ\/mz9ivvSpTMkS0kLrFCQAe1eiqApECzFin1kJMoiIpMCSUW2i\/z33VEvlj1JGZbOH+KYvHv48Lnj3YVLD5ZwV4uSa7hY\/bSK6PdndS8KDlZVSQ6mECluMplCptmG10o\/QC1sDjnTac00B5YkvOCaWZ6C1UwaYYWSBqEILbe2jMOwruuVSJlcc61WlQkbXPx2h4et8S+q3Gmxzi1cROdRgH\/e+vBnwVKxERo+4ZEF25QiFYT8Jecgfu0hZw5r0W9EwqVBlpWkO328vYEf4PP1l3b7D7wFo20lY3hfrStj4U3kE5W33jL0wiVcvezjfWBGJJ3gd3ZXcAPeyzCvrpDaqpExSJS0TEi83DdvsWF6LWQcAausuvQWpWoiE2teMCseOa6pR66zQtVxLtKUS1wJan7\/IGxwz5KHjCU8eBRGYEIIuxsYbdT+OQvzjIGa3589H0Pxu9iCyuCrYwtZIZIHroVcA8qx2AcCQ7yNzy+9p16cWrOSEh2lGZOiFqnN4\/MoejVQ4ZDPQakVeqMKnUJuL1N640PBM+vjiynHXdMKXwe+iTgypwbkHzskjAl\/k76Oyq0f+dGPp4buUQUWH4JcB1klEwdICYuWGDaKyCjbfmOEar\/XoJ\/w7HdnSfZWzzFU4\/za5RF2Rw4n3AZek\/Id+U8oF4wCNVEotxQF0taMU+\/WR7h3W+PCtnjzuh4dOkHfW4zFfCIzB6bHavb2U1IOPMeJDOqG2gZG7DFLY6ByxCXWErWldKZMwX8ntid3Di8405wjSsrhZ+hK3uBVHz3M8WwEejCBqmzHZ+Zmx7az0TgynU27oeW\/PLut49AV8oMerolSPcMSzmzsyhBdrCvhk1r\/91BQF7z+7TyCr1hhVW3gNleSwzuqx9jMBr2oLt8FudJiTz2pIJbuHdFUEbCmekHJZLA7qtHohC3JimTOBbPpyfse\/fgvVWlIsNGrDRjXjn3IOc40O1WB5DTQKDAlT0S2c9nsmuuZcfOQU\/\/MeJjt3Ph4F+y2rsz7wG2y+t\/6OkbgrqXUjG7I5w45xKS+twiXTSe7iLCVYDbknAaqGLCz4W80GcmfISQNfGYIiRWwwyQQao8DzFcjkC6+j5xi3iPj3ENRx9Uma0luVySoX59yaoYOHEJPENwsgsv\/gFh4CIFnvXCW8m77IEIznn3PKB4yJMB5zeJ03V6PpNjzQQbBfWUtjaHL0N2sK3aNgifeLhcO8jauTTo3AEN5WwUnIDp9RzH+Bl7SBF8uDAAADQowDQoNCg=="} +02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140978405,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140978405,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwZAADQGnGWhdQ0dwKgCfgBQsVapSiuNYxvrg4AQAOsJXgAAAQEICpcRGIq6xhZjSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0yM2UzNyINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA9y9aXcjx7Gu+33\/ChLWpoBGkU22JJ9tsItYUqtlydZkdduSNwh5YSgMJAiQANiDCPq3n+eNHCoLBCV7n3PXvetqIGrIyjEy5oj8j6dP9vcu\/nJbLN\/vvTk5OuG\/vc1efdDYe3Z8\/EnG35OPw\/svFrfzYW89Xcyzva\/mgyMKXtzoy6PFcvx0Nh0U81Wx9+Tpf+yPbucDlav3sn7jrrboXxSDdS3P1++vi8Vo72oxvJ0VBwePvDgq3l0vlutV25ULt3nvaLgY3F4V83W7T837x41W2VDjbjqq75dFGuvJcvF2b1683Xu5XC6W9Zof5bK4uZ0ui9Veb+\/tdD6kzNvpesJdqLzWOF0W69vlfI9WGvct+1uvMfZiNJ0Xw9p+GIf7vu1+WuvJdJWVHdLI3\/SWe4O8082G+eBopRnKCq4Gi\/mgt85GXF7fribZmAu6Urz7bpRN8rv7bJpPjtaLV+vldD7OLriZ9FbfvZ1\/v1xcF8v1++xShWZ5zS1YLbvKq+36\/mvwV0ejOZVP17YW99k8f\/pz53x1fvvFyy++OH\/36XG3udm6\/+DpOFtQ7PBqdfg0u86fHtY758Pe4S\/dxtPxNLvZ3VifHv\/1mv696K2KeuP+VC3nV0fXy8V6oYXP7xy0tGYZE7BaL28H68WydZWtihngwWWtls2K+Xg9aR1n68Wny2XvfbnCjTs\/quHRoDeb1TXdjftsXKzLMr1YaH47m+3nvfbxWa+tkp1eUz9Hrv6uLVan121VK9NqvFr3BpeVKrWKfUZyVSzHhbWrFQwDqDeyXgkxDLd4853Be24A0VfZdfFubbfhJuvfZ0VvMEnaEbz4EV4d6Z21lGkH3WdXveukaCxoQ4qdrtPF3rX7LMJDPxvE4j03czxSpQ3qNZgsa44ltyoeHvWur2fvfY+WY9uEK1Uwmi5XyQJUKyhu6seUmfV+tcjhCWWKm7IXrKKb8mTFskHe7DXrWs5+6zjO91Y\/B2f58cFB\/2zQ7uhNZ9DttjpdVT8flvVXO1ku2GZj1aVrKzDic01xa5StwEotNjI\/2epa21l3dsESgafWtAOgsOP8dVwGNyQWk7kfZkU2YtP3wkR2jrubDTt6kp+w9eNjD6wggP2T05FQWH+xmBW9eYlJxwcH9Yt8XKls4itrNhvZAww73myujqarLwKCHjc2m\/oYdNKg9TyfUt\/YAe7k8LBxOj2bnE6oCNzqdlS9KPvXmXQbDfVruDed7xWNXj7uDLusVKGf8X6eD9S9gwP9qNXvZ73p3G0OKAwNa1dNV7bRedBotOt9\/mO44MbewUH5stdo97SSrfg8rcveMn9qnhrd3NcvmGQqbb1ZTId7x743VoSnAcWPy4Wr30F3elCElicVtWZ91vymt54cLfX4qt5oHC2L61lvUNSfnn8OlqzVGtl09UPRG75v7R9nhQhNCWfA8TYRgp5k"} +02509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140978819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140978819,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwdAADQGnGShdQ0dwKgCfgBQsVapSjEtYxvrg4AQAOu7rQAAAQEICpcRGIq6xhZj88Ui2cwNofu4HpWPHTaoBRhi1RmcMKnIEh85BGl\/wyxuNqE0ZTw6qfWESB98\/aMRvx0N7nnceXDQy6G5jrqpvW\/Z9svpYMcn++lK8d3hdW+5Kr6YLXqQnQabUp+\/vLpev3erX6nC9rrBd19w1Gu4cQPz\/sK+TtZ7x9dG+zebAO4sdpypzaZ3NF8Mi9dMnAN+N3I6Vra0Xr4X\/wCCLBH7wcH+hUOYvayWPK81kjfpByWpy2oAe6B7341qZUv3EH5Qe8TJ+yf3tHt5tHg7\/xo0adupMg17sQ\/9RjpJAYAddAMa\/c0mKXqfCVAqM+WJi1aXdW33mrVaK0xYZM16TGIAoRLN9NqTztTPRQP0Ej5rqREYuh57b7bo92Yv3\/RmZaNQtL52MXzMVb3PtDHBxbti8GqwnF6vE1ilIG\/4Nsy3yBNf3GeD3lUxE0dR1hoBe68Xt+Miq8Gs1Mr9eZ3d2FYbFt9SQ\/JxQmYdXOg9IGswomvYmK8XbwMbo4mtPtlBuEViBcUg9vxYqCtg7nG+BMxOWWFK8HfcuBO+PB2dFaeFQ6tD6nfEtdcpQJ4NeMUcDNjoL4ve5X0xg6XWN4XbG1Tyr3zxeFvGO1lTRaaff629X\/8qwCJgoKVOZjvgIMMpgjpgri7IK1dqLiwqDueycAgtgJ8THjSvAwF3pxuaifipvqx7asJebgcGbZDV4M3gnFP4Fa\/Xg3w4ABvAsjWyAVhp\/rDNuJpaNyDT5tJvnrH7vg9bNnDbUavhmEoI3wB+c9A2knHVe1c\/zobNQaM1aB2fDs8GpwO34gOtJPuiD3vCUgd8tze4d40cnjAbYjWTeRTUuploxuaGwBrU2Ld++nYynRX1wdmwwbI2m9283xnyY8An4tdwBSI15HV3q6gfZKgyB0LY2JC8Sk80P4LIAPGINyO6Aj8TJmKS7w9Ox2ej0xEjHub7SFCdEaWANXoyOTgoTO6xp5ESF4KBhy25Vh40oH0FrwRQsDwTQ5tJi6FBbScHLcODg6lrdNg4jZtq5DYVa+h7+MgHfmIKv1MZ8RSQHd9Oh62TDAHnXSKnmMhrayU2z8PsA4hk\/esgik6\/m\/XzXtbLmRwR0S8CYwZPUx\/kXjyJLGH2rMGaxx0St1fP94x9Ih42CzJmfbsCmCwQ2JG6znolPyKNum02syLwTOJV3pZrH1prSq78vLdmxVa31xLVW5fwj15qqX3mmNQ92IV+sdxzUuxeGNiebTj7fO+HYvzy3fWe28NOTK8ZP72u1\/ZgreI4bU4nnVpnYZLVXq3Zb9a6NWB8CzezJ\/0E7glCvBwRAXNQsgVhYUJ58UeDLf6gvX\/SOtEWjQwEu7a9f9wqWSo+OaYE816b23hLpKMtfiZx5PDEwOxeQLEqFy90r5QIskk2zS6yy2yWXWXzbJFBxbJltsrW2W1eW01\/+WVW1JqHYfqzN\/QsaC2yt+zBd\/z\/Ph\/3kUl\/cT+fup\/PkmZTCqiuA4mzHGVKBp\/1Ik\/0HNnn+cnz5x+dZC+RD7ZVEF9IrfHH\/Iuj68V19qV+pcn4Klz8iQun8PgzV165kVB8Bh9wSJ9OD5x07BDp6eCsf9p3yNLEuH5Xi+C5tb2+Xzrhya\/z2mBSDC6L4cZpEbjord7PB5ve7XoxQl20siuY9vcbCeLLxWy1QZFTLDfD6arXn\/HBZDocFvPNdAX+2czgzjdXt7P19HpWbNC3zDcQ4uFiPnvPhamOaGvAi2Et+yavdc7P3z07Pj9fn58vz8\/n5+ejbi37Nq\/V261z\/jlCuXL+9rC76fxMwePjQ\/72jruNZi37Lv828i+1t7Ws9vZ3wPz3ee38vFNrftOsPanXmt82aw2q8vedJz9\/sNn\/Z7edN\/yTduvDetkUbZyff9htPGl8uDmvbb84r+nNeW1Dvd9Rb2Pjazk\/p89\/ySHNscHz"} +06408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":4,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140979472,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4386,"pkt_l4_len":4352,"thread_ts_usec":1654385140979472,"pkt":"nLbQ0+MztKXvZygQCABFABEUMwhAADQGkSOhdQ0dwKgCfgBQsVapSjbNYxvrg4AQAOuCvwAAAQEICpcRGIq6xhZj83q9\/u9X3dhsN1pvMAHd7qbW\/J4mnzQ2R3ThXE1nP+SCZIcE6rWfbURNq+Bnmy6+09htGvnSvf+AiRozT692fPwkc7PC69e7Xtc7Z81\/qitMrh86Rf9aKZq7Kupar+6HTNmTdjpL1vbf0i\/+0sh+TO81EGb3A2r+Kb\/76vNWZZC\/81PM2xdff\/rqVfUt8FK+f\/3pH6tv9WoLYp7UgKQGlX36+vUP1dJMOND06uVfP\/9u+wVdfvHlV19vda1VNyA3jc5GOpvNfD3R\/4e6aRzWB3AYw81idCiu360MXTJALd6wTxbDIavXaQLtjfr5+fBJYx4gjGX0L\/wHvG4CBHFqDSBqU0YiHUe1wwb\/XzNOrb2KzItiuHrBbkbSrxZ1tbtlbtVjr4qbzXi9mbkRlQOsjoFm2J3DRtu67moySK23887PDOoDYFbt32d\/RztK8en8+nbtEc9GnemBKjb92\/V6MW988HSa\/TflJudDXX4gvevPd93m+d356sl5Z44i\/U2xd\/72afYPV9vv0LKCKZiW+vlb\/gIL\/gF1Zb1+\/rQD9D7N+lyxvc\/RPwz6FcjTTuEb6WpH3buT7Pf3Noq2NrxAfnNkI9D2GfYrFEE8nXFaee34HdT18PeffPLR7wPDLa5tuNkMpHo7G7YdRT8aLRdXLya95QuE6\/qwaV80Wjtfnp2dHG8++eTZH36fnRw\/++hguPnk9x89Qzd4KsH7K8+8fJH\/ybHXb44M1L6l4lUjq9590UnvPcfZjQTay9cF\/PJX+Z0JVq0vfKl2oPVOsvgyyF2Zb7YPb1RyOyUfVzK2sNyez+514OYDj904DRxGPoAq3d+HhvZGMJbo\/BAM3fyi3\/cEfmGE\/W32Tgwsaq++VADF8nNv4dhs+q03DeZ9jgCNFAKXCI8xRzhkIaC8+xLUvZgT7RGRRA5V6Qlf1y9hkYL2AwH8Dzy79ITU8c7XKDPoHOVH+T9MOpdihNuLfNQ56dqbP0B+L+1qQnVo3F\/OCplhPnv\/1bB+0cj2J5vN\/uQIpQ8PtWqBVFs\/Jkfwmnl+ER86PnwCEDrxlsa2Rg9LopYqM\/KwXcazrvezCb+\/1YaNr\/OsG\/oQQG6YpeNZffb+dW8sJYDmILPe2zx81KWNQdIDSr4AK66c8mCrjvjmN1uLJZlFTQczMTi6WaH6rO\/fMKc3R+tiJRVaw2Z\/lS\/zWxi9PoyerQl6i0wM6mVpS2OB3Yo\/1GU07hb5mMqy+tIt46dr5GTQVVGvTYfwA20aiASm38\/gRD44qDVa\/aNVsa4WztiYK7gflvbDWnPVrH3Y3cN6ky+q4ugMJfKiM+vmq+ZNv66rxunbvAfb7sZ1cLDos\/gJ5AD4jG5xdLGYzuvg24Ym5V1DeMJLYeXavT0y8+Mrbz\/6FKvQO5tHp2R7j24Vix3GIr6lXoZ2tXhTVAfSYLv6iqeop4J+94es9sGJqJHt3XJDi7c2TNmT7Bn3eb8+0BaPArSY4fqgKSnmTCIYTOrXZtk6OBjS23Wx1+\/0jlaT6WhdbyACgk0o282L0Jd+2eQEHFJW3bntwqwjmMe2p\/Ze2BtqcDSABK0Lv0HrteH0DfbMcvb293vSqz3UQoaJShcD2SVZGj99L8QFOIwk0TpBdheG7Nz0DECasowgyW2Yxgd6igLAwKoEAH6Jbn1WdAboosCn5bAuK7UhpfRkRT042BbIdF\/iOHbOPwHXxe1yUHwlk+pm8zmsyz\/pTfWZMOQwbFDb6UFDghrnaA4xfzXtz9AiCRcO1IYvfBj00nu99kkLdB8XYpYuVHjKTHnNzWPb0lPZmnETJoZq3sVj0Wovmd+r\/6P62eNiV7ycW3Ncit2B23a2N0\/bAwrTIXlI7+dNEHDyCuuWGy+6j7xXh1INglYIIjbOR1X8MAYMWHlIzbjbZe0EBfl+fagfXUOR9W9oeQ9skewF8L\/XP1dRs0fioMIXgM39IB8BEk5TIcP5SPfT1U\/ffJ2HilWr20HCvb0q5cGC0Ihytt9ZgTXqt2tfvv7ma3wCErTbQqsvm7zhzUDRH7alXdF+2FbrDfNUHCGk9hBD\/zYt3obGClqBHxDqLyJVlzYtKAF859r1Obq7hSrx7IR\/gTF\/f1QvWIiDA9nnxqhPYADq46PecPgSHn799XSFEbNYth8+kgsEFh3E3jhrjTuMYvcZ2uoW5ddYzidWC7Wnt\/XaYv7It1LDGhowOrTKQWax9mSljwaB2uZw4HA\/WvAEkcfX0AvVWPIoJU1\/tG64ROy2Dq8VHoG+WFyJw6mjm4a\/seb8HJYV1mtP0GM7ncXDViNtzz9w1A6tW+ScUv6B7ffYqKdzlkLwldeeg8n3bJj5h70Pz54\/5f6s8nBvGh7Xst6RSTk2pq25eyas8khXwBEPRiQm75GpW4iDjlPHJoEbuM32twYqRgReZsfT+u329KmxNkpLqNHw6KvPkz0jrRWY2G\/4lOPSN26rX5eotpxqY1JLDw0oCF43kVNto4THsHx\/n6nR2bpYVpuNaCFyBgNYAkxxHgHuBNYqbIq1Ev24v2+06p76xxH+X2hWeAv9WYIJ48YQL+6mprph9NzxfGEcNi0Y4G5FdNRV6xiLgBYCelhOZwn+W+KUn5AdC1R+or4g6eyqDQzsLfU7ZTBoP7TEmdcerUA0nT0pAG\/ceXsIpEXWkIbYBOg6A3\/NTMGGOSkEK47v+DCwXiMHC4zdNDTbo4\/7+uCgXPxEp7p7AuJXHlK3ZyG+T+YhW2rMN\/rjxIISk2zzvQ2QSH0Li\/RQu5bow6lH965WsMOLt4PZ9Dr\/EHyxuJaf3l5Qntqzp+4hOMY9PhM+2W6xXuskdf3Mh92IOg4Obtzs1qSw7AaVGrpKqSXPTWG1s8bQjbKqzSZUVWpF2y0DVPR4UgrBXe6qq+X1wrFTZU3lK8B8a9IcExCogEf5gXVqnG5LQlpshBSnQbaepBix39gSnOagQop\/\/kifUQpdFfmwHH05kfal6dpKHfAjtbSKuem1d408vMpqraD+fqSWJ1nrHa\/C7GdHT1qirQiPA7zM8GEoVq8K57cXwHKF2OZfbTaLo7dF\/3K6xhialtWLq8UvO54udjy7Wm09FJxvrdjgiJGg2p\/jQ1gMrXy+cnok\/DZM\/snK+85qX6BqY1t6IN3P0X6Lb7jJbzw5PzhItLY3XhhFkGmwJ5e7yizTMv0wIwvcQ65EbAIT+P1iNdWGa2Rr6XM8Z6Bi8zW+UavGFlJ1uF0MX2mDgmXcYutaEo1kbkoIW0BrPb5FZbRf3+evVELDiAT11AyF1nS7vEQwaskVZmfXkcB+j7vEI2\/59KEWDbTc9+Zn1FhJJyVb9Q1dOyS8f+y7LQb6s7y\/NRuU1nCCJLYns1V2fKpJwsr8aJ8O9+WEuXMwYZaG7SG0Od\/F+dPgtnoKXQL+aI\/VyVixCp+g5NzsO2fBzwtxxgU26Ec7AtrXQrU1PrilLamAh2+k7HqD30L78KSlOaPUloasLEX3TlqX7T+7bXDJV4fxmt4dtz4+GKoePC+3FJ6\/MsWIdljq5N1Ssk9IKul64kOIo4Xs8n0zzO+PmINxkLJtbLH79HCkm\/Gvd1U0fcTIYi1eL3CKhiH4PECiyy41Jke3c6dZgbjjOrK71DQt5XiFidwH8YGUYwR28BI2aFLvMnvT8sXeqPN6widvGAPWUwznc8TLfsCCW+xrYBmRYc0rwf1BG5N8EnFqlbdgEnbBJtvZ9MPo9LSxgvLqr1kt\/\/CDE1HkjI3\/AGGzKNebzfLgYOkkkz6+mDeiNaaVQw1u6ja3rSLqhOelFwD1DoQrgA04CfwgNFM+iPgmwMEwKOnRz5Vz0sfiLYVSBgQFseCMSWU6A3bcOZ+\/MS\/B751qpG3aquLXPzbMAkG2L72easvjoMuGgJt86XZaWhLNcsWTrNFGq4w+cf86MLoBwKJLzqg9wqFY3XTSsNYJPFMRJ9i+chypPDR2nmWDI0XpVgymo2kxbI+OjE1qmZZO02juqckEPHRPrb16Dx16t2cls73b+bIYLMbz6S\/FcA\/nWKImVhCvFv4X8kClytv5FMbwFS4glXqNi0pZ9mPBDuga2EH5OVh\/fiuvaRSVK2IZPJbE8R5zvFzxzHEA13EYO\/la1z9rZLPA0OMt08GtqNswuoFbEYyvlsg0riMce91eln7RaSBx1pU6KQPXeWC7zA3O8G1C8WTCxGvUfTsGMMiJSAhIL4gOhpBMFpVIAYITdebnxG7tRTDMlF6V7Kx3a7NYztdhG\/TSh+ba2WNdS7n9tHeqB6kqctDMzfnXHJiY0Y9c0x\/rp6xWPf2bRDlnXnETonmTP1jD6igFWJzghk5T5Zi5VX6XqKtbn+CbYRrl71fFLa7Rkz5eWnB0rZ8ywanbFC0p1ZDY9bssZmbZbN3Vzmqtu+GUsI4SOaM7soCBfTY2Cu+H73ncjI8JpZgubldeEVv59p+PFUKSB06\/MFG+dWdm8RKVJmr0ky4TctKNONOJ9bhEftSFDeAvOK3zsf39RB6vcNMBvfqitX\/mJmpiVpLOUB8ypKYuTPEv6FWMAG6AH7NbnMX9V\/tSwRdZDdO7a4Buhpo+wi3M9S5saG7xJ6HjH3fzJjcfd9u9ziddXf6ejqOae4YjiUzhrjKNrIapPtzB06q8ffu\/unT\/vx4UaKlFkItHIaHF++BekA7Kbf0B7BjNs5mZnYDnfjqyOXBUxnrd1kbEIZTq6fQzLUk65S20En9zxQcScPuYrwaK+3I3MWiqjhQY9cyH\/cZh0DmrnBqi3uNyDvsaMY35kCzWB9yZrNZHcLACaGmDWndyw3gwQPZlFRqquN6P2OsiSi42wB\/gX6nTI6bSCVlYUNtYurNq1Wx11DPeeeRhv94T6CRLUphzhAymLRFmavWfowMMRZ1ngFwbNKnvoVBpnb5fUDKZ63agNVNIqpPqcLzBCXGXNgquQPr4Cumq1+wrfBO0xVD1O0+WshOKmAnTthcfByODMJfwUH2YBGEJqOCP2yjlBeT9FkElRVO4vOYetKXkGrTC+7Z0ZNz+7N8CdfLpK4LbGs7brdqT8mX64gwmsPZB+s7t1BIEXVMOV9ARoYjC8ENSvdWySTu32RRxzwdobp5IRsBSeFjDwtAg4kSAYI48cWLEYViEkVNcjnLDIsaPlSgErr0mnx5ZLQKSOvxYEUA1791j8xZgSIQN2cXmpITlqJ3HpJiw3wlgqydT14+KU2M+ot1xu5ZQNiIRFIdVwfY3VdFiKcfhx2xo2KL3p3gyTESdb4wIjwLHgFZ4lgcpYJbPOtddyZ2T9uzxLbY0v09XQPpCT1yJSVnk18wS3oCGP2lyge09HYnnMlgcGlnknXH7JiHqLTQMzLwp5rsyw6wad5f5DVZdNqp+LBTrIr+ECzZHj3l+IQSW528PDi4gWNiV0gfPuhjdkQFuEpeZzrzruaBZ3mzycsZ\/jJoWrvJ5fsxeW8htk3gmuqjVLQd6cNBsXlGchyjc1Yu88xbO\/Kp76gISosvGCtx6gWjsuq4fdb0h7l09dX1uqLcnXedx7RiRf6VP\/+bi+E7X1aX6zHVIP6FDGsIVNNKNykVWBOC+OsRUdsVwkWyu\/lOOKrjsXj0dKmiJ7eUd6NL95Y0MMI9wncYVEV3K5A6l7HOMBw+qWJvXkXpiRvPGSLhqV4HjqEOXCrqOsACnX3hV09mJnME7PcIOwGL4jKdtbXnmItJU+IhGO7XPKm7BLJ1DCS4SSB6xyg5zrzGAImCcFclE1EVhpB97gjmjnJaIolUnPCOovFUwf36C"} +02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":5,"flow_src_last_pkt_time":1654385140794335,"flow_dst_last_pkt_time":1654385140980331,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385140980331,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwtAADQGnGChdQ0dwKgCfgBQsVapSketYxvrg4AQAOvZtgAAAQEICpcRGIq6xhZjWnfzxRrmsWLcM1ZB2m0fIj2h64Gqev+LUjuvOal8b4guulWN8yENG19fZAQKgsuCT5bfC4pnRHIaK2rR2IKJhtPnFt5Z3S0HI8f9OKC+8Q8ZLg+uegUVZogstoFkKCE2e3tkQaoNzvxspfBIwj96YWc1RL6lgiDe\/su1oI9K5AnpgUzTLykGugHgYIlz4eSolaAtamTWm48faeBHz5EZCX4MUO17E\/wIVijXyfHCVYgrWYjg+3A6XOyBagb5NXYPq8nErk+DpFuvvbuatfRCjMD2O\/c8yDdyz6gAOOADGXN++CVLCG9DPJhfe1igVE3F+gvrlV4jAcxQOzJVuHEicpfwEEYhiFogtCICi40J19p\/k7B3zY7mKK1Ra5ZmiFC0APpL+IrQ0KMXC1hN+ak\/9n5+1COXwpvg0gPo7s\/V5Bfm3L4pr0HnkKN97X8ollQyk2WBYIrvC5K1OcPAXnkLwM7WpEk30wHdkgY23P52YcQ5b2+plHU7\/DFW1s9Z6ZeCClvMhK9JYopZp4wZca+CgYjIEzM+FElYd2RIiAssJU6tVHkHipaYWwxtOsTz+3uNmEEUilGtDEFRCr8plwPbbpDiFZ7\/vuQW3K5Xza4Plar9y0hFjqx1tiyR4IQcIHzsAJn\/9ps18i6UNseeXYX\/vqOwc\/yplP73lylxHwrgljwiuYHw08M2Hqz4Y6ABT6UajMcycAbsHVvPVt6WIATuiC\/AS\/hmW\/UmaU55CvBoilMaNiHo3dDj1mthaY+0O0TwqAw5CtIKjNWOZRT4N2j2WwMribS9XbYMeBngRUyOAuIB82coqZyvYEBBxNI2MsTzX\/v85Dc+n1VH6jsa4m1QaIW+nh4eitE5Db0gNs7TKfVi\/C9X02wOn\/d31wIPUAI4Go2SaToqbkzr1Sc66m7ZG04XiqG3zd9fvNM1Inih32s8bd8ulkNdT696REayo3AfDNxXv5vje4dOS0O06la3\/avpWuXRWYLLH5THl07lQ7DYtdw6768hEiFqm346DcCq7HGF7TKh+rovnzaB22UhNWmiRBT8aGPhGKpsDyG2K\/8lSOggjeCKvddvH7cug8DXOIV5seBGUj8wyqDOCoxM4w6dPsx8kb86Ujg18Y+mEUEIx2164qspAGzPZrA18Lb28Y8jOC7UHWhoTjKqeB2r4GtSNwSn1GzkAJMxoElsDVw8uVWa8Gj4twIoZaNBVEUPq7UYK\/AtTGRjn+Z+gpeMLRKxzi2YnRe6wjONrv52L8ZOB1msYDEfaZ3J3R\/4GGoP0v32xM9Ha9KO3DhuJ7\/Akk0x1TtlHUEJESzwWYaqhI3jAtUCW4natFaLoWrDJjqmftep3MMmGt7HmpbG90XmG94DzSgiBPxCqh6FDIkxf1dan\/pOeCzlbknVUbaFr4EfD2JcydDABgZ+CX9f+2JLMCcUXdBpEYeSj0ZmsONpUBeHik1ArNYMTbVKxzGvwXFV1Ry+rXJZ6tQdCzOl0ybvBqExA2zNtoYjvxccdYWKNtFrX0hlN5E6UVVICrnI7NnDviQ+sytbwYDUAtt9Up3OqE0Ka+t3mowIAiTFyduAMW57oh2cgEEsaEchIXGl13GlA9zIglCw4o7nPy3Ohqdo4hsuNoSBABUBYgZlPbe+Hhc8EupS3hgkpglVkinGVwmaEHHcR8sRErbIRuQlHeGKQX1k9UjyGQdbSUZqFjCeXNXBIKEL47ILb5IuJBIRuqD9IStIXcOcMsxKBu7Zl9zKs0LPJEGxNRN663GgAzuvD9JQ5vpDYEIYy7WMKUyiQmqf1LJJNB+2GU9rYsLdDepljGMj+t++bjFT1wTM9oRi5aAxaMP91kdkjFkglTfanW5r3LoR2Ig7ryuk1kqy7Bc5Hy8z\/DEIZKFq9+IyvwiL5XbDpWTHGTjq0mTHZWfOlcTH"} +01475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140824396,"flow_dst_last_pkt_time":1654385141007456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":758,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":758,"pkt_l4_len":724,"thread_ts_usec":1654385141007456,"pkt":"nLbQ0+MztKXvZygQCABFAALoSV1AADQGiPqhdQ0dwKgCfgBQsWZt3FH46sMh84AYAOt5XAAAAQEICpcRGKa6xhaBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0xZDkiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjE1NA0KH4sIAAAAAAAAA02Qy2rDMBBF9\/kKkY1lcOW8W2K6iCGFbEKhTTelFEUau3ISyUiy0xDy7x2l7mMj5nnuXB2VlubIiu3CnbRYaeXJPSkaLbwymsbk3CPkIWcKGzTEhPC6XskQEDIn0Ww4uRveDqbT2WQ2GI+i5DojjNkp6Ga8beC7\/FlsD\/trFVf\/yi1Yh2qhgcR2zEYRUi5xhi9qL+p62YL2ju1N+chLeFFwpNi9ZL0e\/b1VJsQlRMn4jGstt6TCtKgc+pGsBL\/cwyFQ8tMzL9f8ANTFr4O3IKIKQv\/P5KeVpEhC+xZ8Y3V2wakOJSxwDx0NGRk2mJIoo2SAYeaswLT\/4X3t5mkqjNYgPCu4gC3+DNPgU9Dvm6fUyR2rXD\/s4ams5hZPXBsJ+OMOrM+hMBZoZyV4ptKIJhhJSOSEVbWPMPpB31QOkVEcZ1+K5mSs2QEAAA0KMA0KDQo="} +02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385141021496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385141021496,"pkt":"nLbQ0+MztKXvZygQCABFAAXUlr5AADQGOK2hdQ0dwKgCfgBQsW6vfZ7o+FUx6IAQAOt7dgAAAQEICpcRGLO6xhaNHCwI16MrW77BnSuFmzoykUoRY8lU4Y9BxcNRoFb0Nbq9knEDoYSbOgMHRrfnqOX3O+WBrjxffQX3ReCDHd0huHxstQ1Cl\/qCI3JJYcSFoSljElAiEYABMWaZUpwIs4TWVvNRU0E04f1s4mMZAPH8ZJv5kyEw4gxQnp7DyGbCSAzEhQ5WUtEp01gvCvJqkcZxoD1kB06PnkkrzDYXJQ1MGeJC6VFSWBTzBI5Z\/t3F+8naQaVSej\/ZftVcv7yv6uvTr8ukGGw01mXvTeuoCfsSOEbkIIlD7bAu9Acq\/qe\/\/9tf\/vWf\/uMv\/\/DzX\/zjf\/7d73\/563\/\/+ff\/hj0vun\/547\/86W\/+Yb77GfUjZ9IbTlBLryo\/\/9U\/\/\/KHPyo4YDi9BWaPWNxINPA8fGxGZ7Ly\/JDCsRwhxAvaM\/YA7tqsMUg+6kiqQORpMzNKot+7rlaqj0ywsK5nZSWXoBx4yLtHs0A1l1MExo6hxy1Y+6cwLT5PmWU5lzTJcMbDYoWUtJEK6o\/8CNXxauRGQ0cX327o3cirwlH6GNFTjT\/FQUFu+D02rEOW1fzNC6TxCmRspFbl5W+KvIPl9kxlJpEnpfhE0oul+9LkWYknx7owSteNNIW2KSX+thqUDaQMFsv9FVgu6+WLMsh50uyUzosn30zQrKOV8NJfnjorMfQlpB3jBuovbdAQKf0mZf4E8bdX8MnmJCHlCzeBIc75UTYvkwSkhvkc4Gx6j9Cz1SsqnHNlRu6WbaMag6X\/qkQxl+sgsO4aEiWUuZyfTPDf9aPIHyEhCyCaT+jJ7IwzKtAh5VEKYv37uP9EdZIkYgSU3iX5Ct6pHjTN9AbOECnmGwjuRTi2vATBTJqVpULrVSR8UYLi2oWvnC36N4eLRPWsLkAnKG1hCyovNCdpm+gQNK3Ss7werCGrELRCooVpRJUaSEDJtiERERNCK+O1yZFU9f+tpLipmZNUos7xA31tQvlpFJ7hJogMtSrZG\/7BjdRA2gc7bLCquzRTwmvpJTiAcI8TcaZcJLU8JLE1pEHp8d6mkiSV0txWpNM3dogujMbcYlr6h5BVLCXtO1Rvtk8jkiaWc63H7cyFxW0g9Vk9vcfOCtUzvSJcXVET+wKt4ryhsc0Am1stFnslTwBoBq8eRFlr0eP37hgejifz5D9GKMJ1rm3rjoqoT+Ft4tMGXWn74uFs4oB+anrn2Chr489nV6hJ44+vApc\/nOLjzoAeedFxBMzYq65n3lfrCr670Wt1BV836qt1JcCfWtwqmmuifZW3p+QhhBBdEXGg4VvLm1j4YlBXXjndQDy2qUYbTc1xgFJ10M7I\/RZFeDRiMiTw5mQwIRqUUwcxACoLw\/NxL\/L50xFy4KJxH1+PsUfORt+8t+VqKiE\/uqz1jQ+qpte0qb6fA9E3hqoW+50VHY6n\/iEHjGsHFRkzlQDUMAeKhBkv00XfuFW1y6l+lAPI+orVqX6a05ksCVCA9Mud2Ya6El0pU\/02Z6xMJ6o3p\/qneSCUo5Gql2JFFu\/E3CukH39EHhffpinlahk7VCtvbaw56y9fVqb6OxkXqSWSH8YnCLdrrm6sFfvGoaqVLKawnl3TUViuPmkOLlaQ+\/CwqZWq5B93X5g1hLtn2OH96Cp1ky1V5RsGYyw2xrNfmmuIcr40N0oegoSgJClDlPClnJaqxGutvApuxcWHFS+qyjtFb6Mk02DlQioQEaG8xLJM+XGRexW6Vi0C5IW5uqNaRUxc3qyrVkndJCLwopEEp1P9lSxDMZLWl28frDhK\/KA0oxwwrszoZ8rczoHoG69mlRmlWWnYQ8yXShX2I7rCYkMTIxmQFtejdYApy4HGTQw1qQJbbYuvfLIO3kp1ZcV7sfXw8EzFM64z3svNBHxVLJgYvcqkcjg7OSIBxo8IE3CoZ+rdyiqlP+6e"} +02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_src_last_pkt_time":1654385140836422,"flow_dst_last_pkt_time":1654385141022202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1421,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1421,"pkt_l4_len":1387,"thread_ts_usec":1654385141022202,"pkt":"nLbQ0+MztKXvZygQCABFAAV\/lr9AADQGOQGhdQ0dwKgCfgBQsW6vfaSI+FUx6IAYAOsf5wAAAQEICpcRGLO6xhaNww8lvHfP1yoVTdup1qGXP8qj53hMV3qq381D5uoEs94his4dlQyHNT+skIrlDVX+IlpUre4o45FSV6wRdmczZ0zfQN7NiPxzHJAiez3Vd2VAErzf75sSVaRwn3zPOe73EdfAYm1UtG82+Ne90ZVzily1Z4fSMgl6WCVtMSWz7XpwrkAoBkvNYjzwYl62d7soAjSZ4sMrxBcn6SSwBcYaCxsRzEvaA\/RQMvHEdi1eXlRYWzFuE+XGBBcfiKZZZTCofqooReqhwbmAtRhQwInVpTFTfSBLbm7dhRieV2sPD9XaVH\/9FOipfpUDxnceaqbZznuzACIVtZiaQbtLoZOFYfDhUvhkxRj8sQzPfAWTyGXrB4\/6EUUqb6DQGrsIASeSf0r+rMbh2weUfZaUYsQ\/bsBLkV6EyLESJ7NEHGP\/Hif7t3Asn7BFbJFi0rLKuOjJCAReZgGKNG\/fGNGJxJ5wHy8qZ9RGhotQ9Q03eYJ64\/2ETr7zHJSSOc+yq2rMosPdiidnbmIad7t4\/\/5yR72wSp+apT+\/1BCES+xqpPO6\/+iZiQeMN0NmC+lr8f5FiE+vqI2eQFYcdQGMmAl\/ZC+V51WanjW8w90f\/Nyn7rGrh7qvD\/RAt\/QRXM0L5TXLwiTQx90P+PUF5dIMGu5FcGnS\/x4eEkqBi1qMn1iH8RM+B7nU+Kdg+JSVfS0RQnIMZmhWv4lP74ZlhkYvUxzsa\/oIjTgQRblwuHt3Zg2OEAFTfe2ictmwDCu883r4NQDLCIOeSXW7KGpCrcER0q8IT6HuKNp14I\/jAwywg7AwD6rrcemjrtCvKYzJHyyXb29vRc6pZMXCYRmf9O0DfSg4oCqLgYXPghi9aDlvljZWK9XN7fXVUnUDDVRnK4DoKwC0jPE5EkvKSNcF3Mx3+W9sqOK3NvhVAUW74t1cFt0Rv9nBLSbHFX+LlhkaF+xIgSExVBdTFVk5GMrr1HR6+B\/p5QYJ7f8F1OZRWYqll6X2iP0gifg8\/EhFyTo7+4a2t1Ss2Z84YdL1nirX7FgUm6DKTojV00qeLFLodixSTpxgZCl9jyy72PPJtIlsYrtAH9bCJYq3LGr5bJa5FL9WoN5SHSDf5jplRLR7+rgEiYOlVGV+4kVYfD5SFI2S\/HExsMx7VtJB2Omkvqc2Q6QLTH57xbdDUiO3IBJl3MyR\/eNI4Cwy+BsqRM6iYE1LEawKBCLPmkUhGpciWRNIQqr+z8Uk9+Sg48Y7EZNUpinWgEk1kZtgH7W+srAQhE5yRQhEZ7o+Q7gz3wLLaGa\/Bpb78CVwvJTI8ZumtGhSe5YsIxwzT9jVq\/EnwFMZpzHxwiu3H8m6iX1EGp1RgRl5cGXIkcZnakmeJLhWzXwVzWhmPZ8lBY5rkQx471MkAB2ekUCsgzkyiLsyGvG4oufJIR6RJwnR91myiPEtkkbc\/xR5YDvOyEPefnnbJNOfkYzck7NxmXHNfjzPlCEzLE9GMsBnCUoeuHD\/ZIDyRTZd5idkrDqvHMdhgJSC27+jjz4teAnJYdLvtvDVAVxKUb3Q7zbJRaPGNIqp3b\/ahXcGuHsEclt2Xalt1VYra9Xa1tZ2pbIBD+pjvzsa1imLqIvavrpyUzO2FcRoMbg5HrMfnArpy1P6panvkYiC79tIPVkbniyVcJEx\/RDq\/Q+haec7kyFzJqEpcv\/uHfJyGB9HFaZsfNZDDbXGh9CAkXNteiAXFG4kLsseXGSjj2w6K93xnKiMX5I7Py2H9jW+AFUaIGaho8ppJV81x0mNcZY+hMCFUoc\/+y\/qLnGNmk8AAA0KMA0KDQo="} +04451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385141023894,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385141023894,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wP9AADQGCMyhdQ0dwKgCfgBQsWi9CdhRUtBIV4AQAOt9HwAAAQEICpcRGLS6xhaMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMzEgRGVjIDIwMjEgMDU6NDY6MDEgR01UDQpFVGFnOiBXLyI2MWNlOTkxOS0yZWRhMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA+y9a3cbR5L3+f75FBB6Vg2MIIikLrZBo3lkihprW7cVKXt6aQ0bBIokWmAVGihQ4pD87vv7R14qCwAluZ+Z2d5z1sdHRGVl5TUyMu5x52SRD8txkbey9lX43ShbeftqfNKaHeYf2rOsXMzyhn53s8\/TYlbOty8Gs0bRV1H\/ypf1rm4641Ev70yKwSgb9e5s3mz7TzN9OhxMJq0itNApOtXvss2D+6x\/Z6N6caNu8v6ncT4qPnU\/ZcfTwfDj\/zkv8un2mrJ+GH5r3BkwmWLW0veLzrwz7G90Jv3DD9vDH8fdSZaflmfbw3v32vP++HD4oVMczj\/cvTvpThfzs+5gOp1ctiZWyLh41d\/YVmOLxjhv0LAanfYHh4sP2\/NP43J41iovp1lx0pi2r4aDedYsjv+WDctmL6NKNajSfZn3y+58Mh5mrc12Z9YvDzc+hGWK4y9ZnXH7KjucffDDKc\/G886hlbOSRT4caIvaNzetaXv7eJYNPm5b16EJ3\/nUvxtlJ4PFpHQjyg6nH25uNKP87t3cFmt7ElalPenOz8YnZavtNixfTCadsr0NMAwYagUMGyxLp2xttG8MGGZ9tr\/oX230NuK2l92smn7WcSC10e\/3i8MstpSv9HNRjEeNjTu+muraxjDf7Wwyz65U0geifL+jYrg4z\/Kye5qVe5NMP+c\/XR4MTl8PzrNW8ywbjJptht4Z92PVIStWZr52qzkfzsbTssksu9rKfrPMPpcP\/ja4GPg3nXF3eDaYzbOy31yUJ\/e\/b1IymF\/mQ8HruDufDdnW6b1m8152r9k9XuSjSdb927zZmWkDs3y0ezaejFpjdqxTds\/7Gf8O+zP+nfabTbeOrbB5dhQ99JYCuqzN8r8xqOpOZ0VZaJTds8H8zaf87ayYZrPy0i0j7bbbdajMDssPHjBDB81eAjIVtJZfhVbaYiVXAZZuO0X7yibL4XHQaoVL0GqDWQFKOs4O9erDTcAYN63DMNqWGgJ48tZWu5O3Njd+0J+H+uc7SrKAUvp56\/HDrfZNp7P8ZXMxzxrzcjbmVG6n9b97SPUv1g4vGzPtShjd3btZ9+gom78qRotJtpP1rpr+iHHwbm7K5KUApOyCJ87eFYsy48R3zwcgjbeD8ozf+4ZB9KMclONhrFP\/wft32Wg8A63wky0\/n+rHq+y8mF36qu7YeMyct548fNQG5Getot0ZsDRPHj5udxY8D9qduT0\/aYMXZ615G9TI2j4GH015nrQ7Jzxvam1HPJ+0O2dW\/7t254Lns3bn3J6\/b3cueT5vd06tPjtyzPNpu3Nk79mmXZ6P2ttLIx13\/WKxMH4ui6QoznSYFmrx+tPlkll\/lBTV1vAifeFW+TIpqjbhOClN9mk3FH8NoFIQEaR2Zh0uoA73jt2hRYvr7Q7Ao3tjKETqdgo8WLaH\/Tz71NibzTjuzVfjfHwyzkaN7PMwm+pSbhTD4WI2y0bbDYFweZY18iK\/fx4qjrKLRpZfjGdFLrzXAKlbpROwdiNTq43zbD4fnGaNQT5qDEajsZodTBpn2WRKrcanwSwf56fzLtjPsKtGyVWZzOIDYLGxnY607M6y6WTAHfbg\/5g\/OK1OUDwhk8PpvXsfbtqAWDcHD\/ebL3JaHg8Y5C\/jYgKsF3nzpjybFZ8aw+7JjDrzg+JtMe1vdoY3dvEXyeXRvrpJDu6MLfnKKdc0ZoDhow3u8P4s+bion\/j2VQ07xM10BFHAwv3B7NRumbm\/KO9vdvJ+tWPvssGw9Cv+B7sEthsX4\/m4bJyV5bT34MEJq3VcFB+7p2CCxXF3XDzgDhqWD7iT5g9sq+6PsmExymbds\/J8sjMO69WnOQiFje3Zj+X2DKIlv9dv3mU888MPepfro\/fvXuyCFIocKGjFsR7O7m1+aG\/rgzpoBKAAPr4ZriqYmn8dmAIaisDN5e02u\/gCPED51SGhuEmwtTY9bI\/uhC\/uHMdMpAuHLLu+jgcua7tB6NAdcIf6g+ev1sF8Pj7NG8NBnhdl4zjj12TCcRRSaKi1htYrB3mN8wyiItBt7nPuh5swPG6L9lU5uxQNfafWuieg7mzaCmV2\/Pe5mfLTVnNwPBQNctLKDh+ztaOs2Wk+bjIF3wIETnLhi7yZ02lFldFoIHpLkWM5QJP\/uMk\/QE152Dxq3nNdscrF+S4EzS6gA131oZ\/bcGZf6qlsc3FNa0SKvw5LCLIbG3hzY3Pr4aPHT777\/ocmBNys+7dinLeazXZ92tCJgUjUpFnQ07Px3z5OzvNi+vfZvGx259PJuNSHXWa0N4DGDkura9gowOym3Vn\/dbViH7PLeSCc3O62RKa223FgN1DStA617SYD1+KRz9pF3788Py4mcy5W\/\/o2cow7d6UGdY1UezHfy0Ems8HxJEsQEzCz479xY+1Vcxa0h72d6WoBtWW6vzdhaeJ5D0S8WJursJkJOhiCDEIrExGWszaErfiyWWfSvnu3NT+cfICrm1APMISiW\/SL1qz6SBfB9MdF6Acc3x6EBhawFa4N\/VIz9heK14PJHNp36QiLrFuPfiG3NGf\/6abOcTcHWnVqRX1xFp6WnJtjyAJIEt77U1S2r6+\/X6muT38ZTBYZb5oNw7z3ReT3Gs175b1mo\/mtH2VQXpfxq+rAF4LLsLbldslwj2bQ\/RmXd8TM2+2sDw53\/HRWfTx2k9WdlbPgGSi7e3RWzMvXDLtfdsrDc45oVX+gzlTbugkVt0t2cJRNshJKgS+gjKtGhL4S\/LRwPQo9tah2Mhmczu9eiKXY5bAxZLEr6n3eDmxrOiG9ZXYAedk9GXNirf521gsrYLxyLrYlX+JTWgvfIiAMfwwIF5Cg3aNRcf7imaBOnN\/QreW2Rs3jYHvQH3Rz9mt\/fDwBV6phKNnOkLbGrTns\/jZMcTnOF1kju5m2mg+3mry84fpwc7vur50cbLAXfzSESoWuM1bOY6uGfscDU0p+cMeKrCKsG+ICvoK4604HLIdtV\/hWQ9\/OAIPqlfHctskdCBI2awbbQ29Uo7Fi2mq3c+MJnYTi7t0F5xJg8ACTAMCwAgCNO9aw5QIMYEACVOgo7JQ9Daea7MRPtroYqw92tHwPm+2ee5lCUZhbAljLy1O1s92uVsh\/8NZWacc13FM\/j5owcDorGq57bS3CMngxTbU2gtmk5zjrpMxQ91TcCGSfuJjv+Dvi7xaMIWxMCxaRF90Xz46eHhy8e\/HT+4O9o9dPX+2JtRnB1zSPOLWQZS9yWDXo5Bf5vBzkw+xfmvdewbB1Z5DRxTnCkbLw+Obhk7aX59DDZf8KxLQ7KebZnDbct8+5bHWUevMOL1dKhyrVe9ULb3uTzhRuT2exOoq9RSy09sYdgFdV7GmQUsiXS0zL"} +04442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385141023895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385141023895,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wQFAADQGCMqhdQ0dwKgCfgBQsWi9CeORUtBIV4AQAOt9HwAAAQEICpcRGLW6xhaMEpp1mOZOq1lRM3AjoFakWE6ydn19x4vYgtBktaRbE6NImoX8K38\/z569eYUc0P3+tZh9zGbzXtLVndCVe+cr7l1wgl6O52WWqz6yqTutMAYYl9pr3vnRDcqSFbCXXIfW+y\/j7JOklNZEqIcgJwNhjecvctdr706eLphjKXQ\/hf8CZhCmXLmntICwF3bGo\/zhapQdL04PimLSm7m77tvpVX\/GY6fx6kOc4DpLXkE8dcuzQfnObhIQKWKm5Pn5ADEZQH9HEsb0xcGMC5ByDkWt\/DXzoFzTWXpzgNyxn\/TshykBz029jaeeQapqg0999ewmkdKw0rHBdUsbXhoN\/Qa5B8fxHZxRPhxPsgMO4JwCuMe7d\/cCJpm0mtCdzeR+K0R\/M0gYVXjlcjyYjP8z\/bjV7thrZCrlZbyf5y9NNGz76t6LODpG6Px\/LTKW7kRkx1v2NxuFBjikKyPrf2HUSQtsQ4WRjQRAdoDgV8Jrv3CQhJ297rFI1Gz0fjpCaAm+NyGDq1g1MHA3eljx7tF5scjLNzMokPtcB9VT9QkItSIj1q7Edsnte+pR8Y4t8yOklZ1QFC+J0+6cEyfZ0vG9e\/FOcAxIafyH0Suz\/imCWzHk3SNJRbnKd\/0Kz4HplTJ3wgT\/Y5EGZygJOF\/Tl9lFNnln1BUyFr1GsKXvTViSBzGwCXO747mBUPjs15kEsjNuX75ZQ6NJaNa0LxoLW3ARewttm8mTQTJFPgcCuuUY8TICXcZ10aVFSJ9zt0UvTl5nQ4ldZpe6wIHBVRjpHNPR3btpY3u5BMRwJ4GImkNtz39EM+IUFnOo7cyo7QiR3Sz\/uyCzJTUF51HguYBCGoZ7BJJimcapgdZ4\/pOAi33w0LXTOo10je5pz0Vzx7rVsOqvF+fHtoTrivvH9zbbbQ8ZK8A7h6CpIBA6RlT+ZWuPbVoaScftgh8X0vbBtNfYHeR\/RM7iZo0YoqFi49O1JqagabCmIu0bn84gvt2okVjMJDoTV89cG\/5EIfTqHMU11FCQWN7ZMIQrhCgqwqgJRJuiJrYeenLiCX8lFN2SUPWCH9+BaiUV3dw0KsDIjFMIRiSiG4hD64iDPjY7ew7LfOpfVQiqYvg89lp7KOOBvOkMRWl821fpQWaPxWAjv0M2LSy5tp925wDw6YWz3t\/gTvv8xeHWsCVgj76khYB9\/Sjrldmb8cnlU1hRqUje9g8\/dT5\/2J6iMIwcdue8I+oquQL8WZ6nK+DB++1NB+alnC2GZTFL398+X7chJ4x7kqHGMy1G\/bj5S6M2cvfVlzB+rb11uMA3u+6VtX7T8eilmoe\/OP1kzwP+cby4puj2dV2Toe7tNTqu9RsELKMupJduPE7NQYFEYFvY9qAfLmmuWWGr7QAk19e728YdhQKHnrN+kVx8MDxhEK1FR1QHSAHZX1goMARIdbd9pYNiHZb9o+3lU1QiD4gwA00fvi4BoJvORwGq1LDv1iDfZB3RstaoiCeghC9sZh9SxrUbsBVsALfy6eUX2vyONpthxZCLeUI7W7rY3f36fcV5NREYA4p5+skKmnRf\/VB9tccYbzpv+le3Uk7GDHY8DvT4tTfueKzqCmBWTibwtzbNSHv0Dvzsob96HzuGk4cpGf1mWUi7QjmHdZBCzWlLIq6bT3UX7Rb5yfhUGlJhpqMS6ZbjmiQIUVGO8uAiM5Lfyy2Lvr3QZepPfNcYOAndIzEy1u1QSHJQLIskxl4kgbTrcPxhe7Gj5vjVXyAc7TXdECSIHdubrivoz3qhXk5luzWgxQHnO\/08KI\/ezqBVuI9GO6tFvRyglW1FkEwB7f5Ez11H4\/kzp7mPzSAHSSh9EfQ2CK7PL9c0nsCt33iO0m06ODUdzH5ZQA6N6s1WlW1ShS42rsAxf3XzSZ0ovcpC\/DRavgq2IxNJD58vO4fN0TjdVOTZyX7ylGwlT6tzsMLV0aqd0HLkGNPCQP7Mmx+k7bzSiXNQ77bO\/fbU4oFBWK+2sOKIOrZzb5GJ+W+PF8dIbGFN9RJec5hNJML1DUMOon88n9YQgd9ORy3a6+vrZ+ALcNcnXY2IvmWYEbfXtTWes7EwwljT0NXNNjLY5Bq8QjIgmPIbXvUXDtJSm1A0hkSRpCwdHxNCgYtr7e0sF7Q4Aov8IyOuYaIEdCGmReVWoCzO0zpb3dI6pAmAWYY5UJhsczol3Te3jnzpO4a+VHLL2N3m\/WT7aYNPC1ivOPpkUGtPih8\/9\/McyUU6bj\/9t+4N27U6ca6SefW+DoDuCK4nYZIl+TLK88YjhqWwsRAwRXToeLMoyjcVkbDeAgbNVdX9P6sQaX\/O02BxKkXz7gQNRUUEgKuDlFh9IQgKWB76QMKKaTBaATHG3waU4BJ0cTNAfACnFN\/JrCM+9GuvZP4U0Dy3RJaMsJB2J68KRNBn9THntUdZ8aT0TUbBSbGYBWGG8fozAHSpHhr+dfXozBvD9ZekHGvlb1ceAflTXn2cm6IkCKL4e\/jk8fedTWyY4ro6Eq2uPBFcLC191WYQcKUtLI1qyWwFGSyL8xL7KYi\/fXb8rNrWKNtpPtC9CFuKNvGpzMEwhqHsHnQSdm4oaGDWf28D3fnimE8xkMOYJjQDijwZf05GIJjz6FU2ZVkXK8Hs85sTzC2EB1wTQYyctgQDMRY9+41Tyjz\/fX\/T2vVsE09ucIj355kZ81QrG6Uq19eshQwFMATTPxAqcZjNP6DsLWDL7m+aKoDlcmPGYEfGPf4Jc8i2o7rH6cc7lfp5HNow00LXBnKEWhtQOBQ4AwNsBWSScgW1dSbbjF7ZmWeD2fCs19zRZuY7zSbiW+49Sv6gkplKJNLEaG0my7nb5ouyw7XJnNkDa5WZm63aGbOPxgqt0pYmyvCR5tE5E+FHq8BewY0kAatco7uXg5Ko+gfTLvuqbohJ1ZmGfW8GS8GQq125VYxbr4L5jsnWOgtjZILlzlwCqKgvKTEd\/We03Bk6yx0\/gQ9YdiFCSkb6dcud4eHEW+6I0v6K5c58yV4DFW+q0P7K6od1d7Z1LO95PDim6zUgQjhlukYtf+6PYpSQObOYUGzWMVgfdnIMZ42vdDZNZrtxR1Aow5opFdzPtiFevZC86O7dkb3R71Rohj5WqIb7KOr4oHXM\/MlUMy0xoiMuIkCTc3UTZ+W1uudgozAJJ1orQR32Tc021DWTfO8luvpeA++XaMzcd4yn6sarclVNQ6faaF21OVexR5dGmmjMNgiJNavWTLPo6l2pSi\/rhMH3EGdpII5GVV\/+V7EPns9Pe+y+riCTnD1GMGais81H3p7wCRyEqeIeYTh4hpnXRX9zUyq3SgcVWeOgc+KoYymBrBEs5Lnm8KobfmCDiYnPulbywcUYLqcQxtBVlJ9WzcR3XQygZk9PIWru3n3w2\/He6DT77cFvowcs5hwb69BEVU1avpPEHMWhFbd7tqAHMBsgzYvr69XCM4ZSOPNwqiTvtQsoFV8Wn7LZrqRPMqUQwVbVogbM1FC2XlXTSSENTgxS2jsox430GedMrvwpQ0aDPMvBKWbjPQBk\/SsD4TbGPENf4QC1mfu+f4ktXwr4v2IWpdf9ghcmhrbz0B+Hx58PXr2EdvMvDwSci4REGv4O9FBd9q3sbilzj7JiTSHXx161e\/Xq\/f7B0fv9vaO379683Xt38JfeZufnp\/tHP71583Lv6eujX56+fL\/Xe2Rlr9+\/2sNuzpd9b2Vv3+y\/OHjxC1rh2sst98WbX\/bevXzz9Nnes6UGH255wQiqz7fezMcJMiqeICpbxobYfLVxNr++hmwdgIb4OBq1CCBsu93r+brX9uHQvQm92nf2YuJevFrIsrjIX2XlWTGy1sDR"} +11570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":4,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385141025299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":8706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":8706,"pkt_l4_len":8672,"thread_ts_usec":1654385141025299,"pkt":"nLbQ0+MztKXvZygQCABFACH0wQNAADQG8kehdQ0dwKgCfgBQsWi9Ce7RUtBIV4AQAOuTnwAAAQEICpcRGLW6xhaM4\/kuHGZxHvvD2qB7tFL63JtHzL1SYPW7xDhIAhYMehai3OGISqa2LGmZtneKVvMR9vPToDsyNuAE094a9AtVYEYEorhCxevsfDS13kmn9mxL5PCQ7\/XSqk0757V5uyrnzBn9dFir3qw1gqZZgRnw02D+kxO+mWzGV1wBJKuINiTDtHy5Yg2ArOLbAoNQRFe3fLAe9OzLNxfZzPnH3DKq2wAT7wzuzTNtQ\/rlPStJx+FK1vfzY38zyEjZvMcb2rzOmq11t\/dFf87GbeNIk+5b\/+JmsAoM4LilerafONdgSwbiYNiJxSO+LvZButH9oVUF8a2tWgeCPmbJtJsCKAX9MwTGkmo1e0\/v\/99Hg\/v\/+dtvi42N3Y379vfZE\/fne\/f43D0+d49bz5\/r7cPvXOWH3z1zj89VefO5vd2iLT3yV2+3Nlzlrc3v9e3W7oZ9u\/V8T48PNzY2VfnZd\/bt8x\/c2+fPdvX2+bPnVpmGnzWRv12tGLL0miiJB\/eh0lGSj5qdd2\/eHCzZuqRVZkVRNjt1W5ij\/YOn7w6Odn9++q43WH7nSu81f\/vtfnfj\/g+MaWPjp+\/0h5HbCj18YtPaeGhrsLXxSPASEYK8xKSlLLC1RXaGSCwfDWYjO7MmV\/sCDhIBsoKhavg1aE5LyN4SO8UvNOZJye1StpIiW\/L+F+vjnWIkKDpzbwaFotARStiMJmLxcUoCL779jsOsVUcGa5Z32cnc+dAYpbak1W7Hi+\/x9whf7eaTGtJEsVem548GDcnimKzdWxdougtuh3plEc7e\/iCIodHv1lXqOIxBk4hkXnoBZXAiuzP21vQOr2R9wK\/RJcZSQUsta7YOS0Kln711YzLCSJ+adWeoICnpIq+PNPlIhEGBsD2um9mI1QctIdByE6LUO6jHMvDxrcs1dpChq3lpugIF2UYMrq\/Ffuu90zq7L1Ak4EZXLCbeaMN2dMBYtxd37y4NF5sJMxGojcT2Aiae6it9f2UP8q\/vAWwx9zOHZdVgoba0Ut7QvdOhmyaIKwNqHPILPh2O6JZGtLjQkJXwafztxyBKlhpm5\/tP4GX1enDxcpx\/hFqv+VuVXV\/6M4KS6K71Ew4t0Ny3+GRtYR2Q+mRtwRMlPllbjyFlE5+sJ1swT4lP1pMtznnqk7WFD1fqk7WFj1bik\/VkC1Yr9cnaij5Zsj\/AJ4z+PuGjhf3jZ3tGbv+W58\/o\/u2Z8X7k+QClqD0z3n2e38inqz7V1KkrWZHUscvWaxg0YyK8Uv+11LcrLHnq3AXRJq+31K0reoqljl229P3Uqctvxm7SM\/dO5W33KX3hPMXeJkWVp9jHpDTxFNsPxV+Bciefdbo06dS2Hhs4sA+P+GFOeo8MILAnYeOR2\/CGH7he8YOtF2f95BF7Ls76iYDlhEvLieS8MyvgEUqeQwLgHggJTckE16BQBYiB7w5yChmBecEA0lYsWI2Lw5y5d4W\/R28sr48OuEJeGDz5X5hBgeB5tr+dsng6mw0uefa\/OkU+uexNbzoVci268Xfn7WKWoN2iW3vu1GYExZ+OvncGDQCtPR756fQWMCVpQUfkvZjwOUps15TpK7CpdU9+YXoj\/\/xq\/Hmc9847MlsddCC151JvDztHR3NUY4NR7yK90jGtrZZujUwxvHRSLb+yTnBoNwUXZSVuMbeB1Tr4rdgtL42rNK+mcQUAgsZVsMPjiodJnQh2ILT1mAaG\/Sva7OGLSvf6w9yySfiFxmOYUXoDhIXhB+18sEh0NMPVv\/yLk8OwtPqBeEjtltZsbnTenDU8QleYzXqQQn5uixtczGvbutSRuzfHUtZyOTmjGkyuIDbECeoP9lb8MRrMSBCJ\/7lo4AhOQM1MC3mve5ZL9b2yy8CELSuZLV65mvSO2ulJ2aEn2q3XsMVI6tizqc3MgqBsc5rkMlPioo8d8gqTolIcabAeKPnHUWsXq\/6DW5qJ\/Fou2vMoH8SeQU6YDV5d\/Gmzcig579vxal0IvW9sX\/54sX0J3Xp+ePmhavnw8t4WIQmqxs5lRmO3aFQzF1NvMImBRcBaOi7zaoKn7bgemkWYzKlNxm8n\/gMdkEJn1Dnr4AAkF9UcLQIkVdhlf8aSXXY7XCKjqsFB9xi9jUm6IA4DuJTODx\/Bq7Uo5PU0H71zUtc\/ZwjgYtQKEYCOfGdQ9hlnUgTVCf+6HdZf20WVGGTyQyzJPHaIxo1xJUiy1oPoIPUxBzLH0jGGz8G\/meAMMHNdnokUNLC6sF+uW\/z9fcfrwHfkwBeUHJcygvJJBcomJ7mEqNK5E\/Wlv7U9ZKsu6Wml3Ilo5hLPJNA7Xwu9Kk3UHBYYIyKvy52pwmFc8k\/PfpX8chB+WsFh0JdFCD9tTyugrCD8NIXwYw\/h5j2+sX304+n2ERB+fHiUQviRIDxp7Dj4lsW9dzB5ga3g1KCxfjUkuxouvUocq3XD\/4G1FYIQrtYqB4THScXkvSJpJ5WONgXGL9o7xT7xWivxf6ZNia7H+XRRhgeAR8FD\/CtJ2VE7DOz5JnTUMJ2EuvKhHrjCXeSRfBf95MdmL33aHUyxzMhi4bMCE+GsXjEpW64OJ4dHh4w\/QquxZG3VV8VF1ZdVVcnaqu+n9TbfT2M1h2jwAMFsajyXmc0IBxQh\/Pa2x2Y9X8d7bNpdCUmku3LzMUTSwn5AEYuQ2nwCaStCausRP0RIbYnomga5MQKgeN2EZfaKHw7EAr1+NsTV8Jm3Z8rwIzHbeqsDWKSWHC1cENH5VGYKYCNnUors4IYLp+ogQEQDnU1HDgGQ87e93eTtOrKt2UXdjiU7ohw5Ar14ZlScs1IUIeMNIc1g7u1kcTp2I8fexNVZfuFlGUkx8VRMQLPmC\/+KO3sRnXdWeMjKQCxqePKdcav5gzkT+HOHpZ1DNIboZv1zCFNUxlMEL9fXLf2BNEBjjm7Pm\/0tQJiz7BTDG0wwmanG6CJyzCWtgXeG+xiP3lYjWy3R\/nGQTCYRTMlq4w+3iwYg7A2NwXYviQPcvbNa7C6Z4DZn9ItjAjS5cNnBSkthKWMw+W5+cRRfnLAaItLIZPKs1tD6UgNcv9RhbjM32cLWnmNmrqSzw4JwQX5wGGiH8SVW11GzYdMKQrhcF85UBpfTZelszi0zxdCINXVdzr6wlUT6QYM3WzuzdaXMDDMBP3rfCxMAk87giAys07GbYIyZh2EjI2MwUzsoc5DIxvaiChq1CNJCRY4iABST8wTVpD8HSSRdOMjq4D09AYMU\/WGrwMkawYinoYhD4eViK0NC6sInJ3wCESOUARzJocQqmitSAqJuAcv+ybZHYBkmwWXnrN3THyjGEztqjysLYXlFWRyEXcy5zkoXBIFejo6mC4xtq7bbV1POnF4gsQv7\/tMg\/5hW8dOZ1lT\/v4dJcjyUOxelsD1GJMEMuDuFpcmg\/OqnfK7wT77jSxYaE62ANau7US3iaSRwkOStYElxqw7th+nM+xdrizG7wZQsVo8WpfXqsdj2KY4B1b\/tIfTZN03n7t2zLqAj1jM7+FSYzSnUbGIsCxuWOs5gG+C8lUWifFsfAU7qzWIztHNmtvlm3RDmwz1rGjPUOCvjkpCYsVQrbhYIokY4DYaDlga0jKPDkberPd3s5Yqgf7e7\/xObV83HXMGN+PvKROShvbScUI61jTJ7CtAizGLVgblfq3CQFGLcEVBRteh7mI7PsKC7IEwHhkmozwHlqiHYu\/aVGoL1ErjLvuJ72H35Jm0+toBNnuKRc5JRPJfeaHukTQ+HQCGcrgbEGjpfEJonguCzSO0gDfnS6\/2P46k3o54kFZ+NkbCXSSsob2Mn1dSSCtNU0nJal7QsWStqvnn\/aoYM8SLBWTp4cusD1S87cXtG3+76CoPxgcckt30HyTZIb4z4QWSMbv8SF6ikKzGrt9XFoiGdPBxpQCcOMJamH16mfhR+HkXiBhRgKiqNJFA0UvkJJPKgf3WBt3QyQodVuioNZEtmT0YqlLC\/EC6cc4U0U1RG+JQyVCytjqwQjcl+5gPzBUSdVy4QctG+vsYW2JDOr9ZSzzUoSqPEQLM2prhB7t31Nb5o26jLEmtkPC1Nk5IY4G5uJCa08WdYuK+uatxmQwW\/SxExKQgrA0U6fzrL9v6+GGC85aUeL\/0bD4u2YkUIFePCvlxfV0OsyJKSUC\/laqiXRH2JG4MLUSVKNVAzeM7KKOMrkkIHMGAYcf8KO4nxxQzOPqw7+k3wx5PHwM6AG1WKKXs25orImF5G\/Z3UAk66E+dZzSVgNx3ccZi\/62HFPCvbaaHY3MAEINrXtoE8zK7nSO7xB8CGaUzkEMliUIFYxEhAcRwNUJlH9YAQxT41e9QdZ2hKS\/aIZMJbLtsnrlD2p\/dCjTZS7VCsuI8gg7MdZ4LqHpaa0Pu+LFDdW33uipp+oIgWMDZLBm1zct372Wm4yJXk2V+byQ72xHxeTW2p72B\/q7UbBOFQO1kKbPhDHezAqnbwhY7lnbEsfVdhON3K6nDE74QK4oPoEr9oKnY\/VWhLoSL9UIGmqWf+MtUNDEs8f8+Gu91mMLZC0Bz1CGCiOWrhgyrxDB64TxQLMh3zSvXwsiaq\/6ajkkFYw5Vmhxcf+qN79zpTwlde4DcBhxp+O4zrcK0X4UexxOPvUMxJLLElPyrT70jMb5aTTzhUIruRR+AmPMJ\/GBso\/GOeHiumBRGv+IMPPgX5GNUUWAbH8d6Q8GHhGcf4JqOrF9S+eAFVYZ\/WvhuH0vrXVXGtDVRojCftl01iaLWeXZG++2mywC77mH9t8Dhyv52gMGrieYMt7WVaeEBUQBiT+E68Cs+uytkgh0Vpcmr564ok8qLEJF\/qytRMMrVyS9McKjKee9bSLFVx80grVYNOWvJukWk9pxf37UGofS5fZfmCkThTABxlFv7lVBMtpn6WC7YRYZK9SwRv2OUcT6pZPJsNTiniX1eRH9poKwnTUB2jo0IxO1jV\/jymIzWQ8SsWGzXpyhFKIavTeqghGX+5cgiqqhm\/PmqnWphnSM9Vt5i6zxcOnIgpZ7sz8s\/JLu2hvCW2Za+pCFr8sO\/28uHscipHtyauAe6nf6EQ0hTyxxUomCUF+mMFz6EuiCpzoj9W8EJS1J4XpmpOf84uJbbsNcEsUCq51aIQT5I5X1KKdm\/uPqb4PROibOFm9NKCWOOqN+g1neWd7KqsCfcKc8qBisLrc\/8cq\/h108fVukXRaa95LrlqHFcUlPoXImqtKXvxRjOzDwiDmhTbjrnysGVWX3OxYj+btwO8CXvNqf7Y528HdK4C\/rgCO4zxJOpsyqS7qRIZTmtBURSdurVDHmG\/rPgdF3LYeMAgSzZ9fzgr0LUpwDJ\/rfZ+ln3U1s7tbyyyzlQWOttH+mRxXkLTTjDOmU7bL9HEWWvuh2tuMVdsEbpwP6xQ1sceQnRQ7ad7gd9mONsK6ZEc6oNigRzC\/DxxAtaDcxN03+nZDqS9CSfSvpHA238R99FeeJiwLyqgOFBQm4iuwKiw3L5AzQqh1ku0Gb8UE6i9sDgX9pSszK8DGtQGfnI\/bMy\/nmUZu\/FJf5oSNTcdoxTYwPmLZyFEZKsW7qpdhbg6dxqwRcf5l5tIKnzvjGxXJM+YgXm5W6wYbl7xryIUyp+xAyS8j4\/t0jqHPEgLiK7hIgHV+jNPdz7ey01BUGMZ1tW\/e3ddqbr3LTAcSN35SnuB2kEfsa4FNBPrilEKhHYlxJtYbKuDIhmm+MFAqcM3Ie8gKLv4s1U577NMQA2WxKqaeJtfE0yu+LhLsacoMVAtwPLUQEFapbkCCDiIaO+snQWwN3Wusi4IV\/J9x38JZYW00aGcf7wtw1juczX4+weDAYehP4d2cLyT834x9Y9hsgEZoW65fcJeEZXMODQakdnvGuLK12tn9+uL18\/e\/Hr089PXz17uucHbPWcbJTTg6Ci3by1W3F9\/mgpnZvWgSXoXlGrJXFyjOO672xOQ+x0fi5LD2d6RcvImCeMY503xj7c2tQJEtWHwNRt2+0BWvvbjsDnYtchYiCLi10hx1+3BOpFPd8+M3t9UIfMR3d+CEVZAft454+xofJYQQpo6eKSlg1E72NQNcqVvW5CgiFrZsd\/dbB12Q7vzxdRydxgGfQtR+O9\/qVp2ro7Bpcrz8FbTC3diwOJ1dQhdLmLG6ld+qU6LjvAEMoPeoMyIzYnOY44y2h0Hc5l4VRCgrTAHsngr2HAigyzJPTopPGJXZkCAos4d3t85cULlDC0Mph9QKWdJF\/PttVtw7npOKkrEANuFdKlmvnr+O\/jIIOX4Flnc94jgJFgxLtD01k\/MyOtqjhAly\/\/d3afu4S\/uAf4AUxv\/xj2EN+VsAhnrv1EOj\/g0mFS\/RafGF4iAUZgq6PwM0gQScdBxpgkVZHBBS2CjSLPulRfngfnHwzPbVMKLbomF39nqPbK\/myQB8Q35aBkowGl+5GXEcZ9T2Wutinhri1K95zJ60CxkwmzoH+XrWPjf+FIqnLV\/4p41aKtNwAuZKjDke1cLNb1bUIQ13ozJgcPL7ATbI1VKTkkcrkH0X9zkXVN\/YRh+O5abOiikG1uRViI0q8QVS+EChDxqgg1tgcLZKyJZkdgsjCUArwKIHVThEasF8GFBwCshdGKIm+UCggAEyXfhXQhw+MnFy3vBIRU35OLSLBV6i5\/+hotFs\/RWYdCcI4OibyZdId9At7hUSN4g+Qck1cKIPHVZbyOdptvmO3fWdsZmOmv16gsnG\/e+0srWYB8ujYeg3KRm2CKGU2qeMOxMthXffW1XunosMYxrL8afRHlOgASkPIAKfAvaWe9vYbki9MnmDaHleUXDLnj8sB17sShqrgkftJx8QzdmLmj9pO9jKwr4srzC6iZIdrFiqqCHxpPFqShTfIrVzhoAkiMjIeZDlIU00GMpFW0c\/BJI8A6vUWt1zZsZhilwLxazcyd9qPQaTjsZV0sKCQ1xTWOkEarWsGpXC5kTqLCK\/w7O96HqltfBml4FC3c\/4RrY3CJoV5S4\/wOrNUaqrvWCqL9lGraSYwHWAvEvFx6mgor9F39US0PcAi6VBJRYnHG1BBFMktkD+kx+XdfxZNd0U+P6fbiEqwJ2b1gKDXd5KDESwKKUX9kQ5bJUSHfyuuKIoCqKkTFA4imrC\/FF3InAAmE9tgcVkA1kgxFyHJn8W2kMCD4yIIyXDN8aDx\/1CLdx9++LotxuJumxGg+\/txdEaVoq\/8HK\/\/B567v6iycb9mKy1M6TLSs+rYqDTZpkfwpDfqN9Gkh2f0\/ib4vKAT9OvDtGyfwG9zY7vJqFg2jVd8aYLdfrYkMd1zNJQRRDw3HterNF2IN8yVc+I27HPeJTia3VPhT9B4fNP9798U8fHmBHmmjKQhdrdWJ293DrcPuYv5lUy5Apg\/6D\/zhs\/Db7Lf+t\/O3kwwMm9eDH1p37968neMtc5wV0C1m1rkVwXPvf8\/JyQsaK+NVvDxiKt88zK\/V5zbHeKyPz4AqN57spP+YXp8x2nGNjLh9zu4cJjRoLCLJvuWxm\/dn19TLB6giKFqHJLtAKCb34ZvrNH2n4T5YQ4McH9jMeauKyp4Hu8\/SBntMcX+k7uASXSYHj6QNjO3JqcmsuMhsWxvLJsBpwW2L5kkIAa9hPd80vVRWjQqqV6gmiGEne0AUTZ5ehc4l3pggHypfQ\/FHNK7WXDOR8sQQz1SBciId64pAnj7e++6F9L6h9ocOqVACybMe+A4rBoxBILqeqN\/cSxdVTQDxZmImsQO8DLrbLLO21RJ2CUgSjipsKXokb8JX\/0oW5hZRazieUfvIFfCaBjafsFeOh3FG2Amx49YeQNpsPVLr5gEx7KschUuW1E6wWQH6cSX4F5mpD+DBYIkcbSdrV1GlRVsI+bER8S3f+bVDAex4tJP6QRk2mLKBVr9OyAod8Z35bGF\/IiBgGU2WRARWDeEPVbSFe4e1gX9CZHQ4+AD53mMyhfkPnub9xYiGgoQ+qGzXdCJDXZrGro6WvaPvCntXUd79TWe8V8Ci3MQuOrnmhZWKmCPsRNF12PdjYBbeDCAYAbvR8a4dgyZ3m0wbkiLyvGoFpbcghin+yBnNHBdIY8H9DEmewEArtSlPJwRNoccRdvxI15EnXUI2EKHJQxLBwxnWjxIE9jI\/jHK6FHQJ\/cAZ62faKkn2ws+aDGeTugOZ7rfrUIMuTWeVZNiKocgNK\/T3ujruK2Tlz2shGGIQsDwrFH2+UhaWZGoSp+\/RTTLxQMPp2j+hvACJRAx0KsFLcc8U51LOAOWoCMihZEOh2ITuXt9MRZZ1oC0EABH9eUXArXwcinDBAdrekU\/oRcp+gO0tun+qcM7L8RpswqDahIo6zFccH4MR563D0XJQ9aGSOjii8qrLIY7p1fnVr+63PCLOvOJcrJNYoY4AiPK+gOLT2xjCZEgEJM5lZLOtklLcXHRcsNxTgpAVFh7WlixXZHxhOjQvjZEZ1FjS8dAZHcXlsqki63ZTNHwsK+JC8Y51yh5AzKFt80hYx6vGCqHBi9GXQ9aZwNVXIGU+OVHWxPnLWosu97iz0Rlk+1bXg\/WLlYx9PCQy2\/LU7Pwjg+ZbUPdaOj7PvnLOlxQn3FjdRepGl5ng2CB3PCjyI+LZNRGTBLfYq6XII5WuQBdWBcoCs7bJyFv1xYlwZxmF6gtCUskgmK6umzCnbt1AfIcax1QpaxHXdiUbVwYlWNAKDICJUtV\/bGlS5g0XnBcZVS2SU9GnyNtB5AlnkO60z7Jt5mFMX1o5DrV+65Iz0NNdVyEd5rj6WHdGJpBib2DqQyhNqkt8EiHIRojYVM8rCqytUFA4RyfFw2y8aIY1sRMdQCufKDykFNOYC88mldxfTKBWq6NVg9nExlYPr1+rgCurJJQzpx+fYP4w0XWwgQd2yw3b6wtQkULd6pchR2rVVnhjmTofecy7QWRDu3m\/nxet9YhUdvXr67s\/v3zZBhxlBSsyMALc6WTAvuoMT8JPmggNMkr31FZFfjvb+\/cX+wYvX\/9bs6YAsjEpT1S9\/ur9X9Sj3k9hjrYODvX8nFsib1wd7rw+aPfId3VLv3Z4N5fWbZ3vNno5aNQzgr8Y+LhmHL5FbAkzsOi3SWNNnT\/z0ifTPD7vF7PTB5g8\/\/PDgs942O1w4Z8QjW1\/r+wdSYdo\/sAgd6Pl1FQnKsiFav\/kP2l7aNbyIAelw3cwb3iOgJBAOijrFFTEeltCUznYy\/9P9GFBngBfMk6bocTxJvdMBUMLNBH+GxCU4LIQAPKr\/ndVPq4Nk3HnmK4UGPgC0nEunIR4NatYmijA+nBygcTttTbmM6Z8tihg+ouSha06ONcFI16568oVivpWqUvL2job2gynd\/CV8+9e6CTM\/ZFAQba2x8TesVh2rws1CqG65cyJkGj4jlALOKttjuGxz6vECwRinhURdyybm4tARNS8X2\/ed\/yU9T1yVePkoDFrdHyF4HWUftAqbG4S8yYK8EBvG26tD962+XlL1guurTWXluLQrVbAhV1MdIFk093AhU8hC2ZdhRIbjt4cqRc+xdtbspqLy3DLIda\/SAeo91lUWzefd0rJ44f96N7OaqHHh1m0zSlmZi7ulK07BsqY7ORfHhdQ4IeqO6Z3eOocd76kWNo0TZ5AhOq9i5gVJllPbzBHrYOzqcxUarl6GNDkuyfmEm7FAR6GfbuRbKeBbDS5BaR1vIE5trJDKbowOWJ5D+emo1pZBp1WallHNa0QHQR7udZgLwrNV+AnQuPoN2n\/BhpEeIcs6Npvrz59bCZlz31IhLqg3MmaY+fKCzfzRxP9pZQZhnLI1dr51YU4EbvVUu4aLkgCFHkYaWi+\/z9WyKUmlTSrcvx4Hr6CojL3zXmFCzIQ49CcjCjkNI5WM9LZzEmdsvm0lGe5W0GDswy57h5VvnXpszyO3NZgttuf88BIG+ffETwzkuiwITFeL6y0wLLkCJWabhC3TcpGzfbLSCg1yOay0JoOn5Y9jWfUpGHTlU5noLX9qZlJL3Rr17mhrLapoVRFQTMDHpr9vm6b87l6R55SN\/csuJ0\/UUJpfj6SmsCcXXMwXxcfs3xaEICPp5cAl+xK1uCsfNFG0hsjX1\/OvUePVezSYDRioYUxBOEs4f4SzHVkxC5Aci4MHlsUbrjMq2DcEGC+QzBQ\/5h5y0X9DEa9J69DC7Q3O068ddyMim+JDiIqL8gA6TVoonBTXjcyJPZI3cXBOJhfnaB5TAXnFqVQzVDToWBwbERqqzxC24SpM0ae8\/oYpKim2UCRohPmY50JAJOZYG0JqgIlLVQjSqUYeZAP1HTOfLTcbTSxUWjeFlRWKc3ZvEtmfOX39\/jVaXqCdMxEYtfycdegrd9ZDvCSuwv0aAvzjDkvhS4JAcw0Yy9V5BWBXJh131L2ZVScep7Zw4u8Ao6ttGf1iQRu8dlvZtMxZ\/9yruV1cO0dDmD22cpxLRlBdAfRBII5ADugd0hAMYueDukKTKB2K9AgLOMYyj3md9VA6zYWp9BtN8NxQjx6giYPLf+rERhChWO4cVWMoANJz3vZKuSOeMmiytQzlTPascqybStsdFjCmCg0nq1q+huUQW67Ie3NnW8ZvtbXx+2sNLFe0BpDekMxE8srkO7G0\/suR5Du+hjCG61Oxisn8W5xjRxPe3vY9c1xXvWrsbc39NGkmGYQoqFo1GzxMkrY6Oi0m3xoVX01iuaZ6l+RAhlzWxF70tlxqxAlc42qs1ndNWbUAhlgq985TrvLLbG\/Y8VRr+uCw3\/vw4BQW8qpJdNJmH76CP\/zYwnx31idB+r2sDV1luh3kvKGRBGxySB2UUG7sTfLYJqfTFIoOJT1o9Teu+1vt0NuGeqE3elKH6o04EyIZTEtEQ\/Z78wM="} +02868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01112{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} +02450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} +04447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":5,"flow_src_last_pkt_time":1654385140835391,"flow_dst_last_pkt_time":1654385141204735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385141204735,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wQlAADQGCMKhdQ0dwKgCfgBQsWi9ChCRUtBIV4AQAOt9HwAAAQEICpcRGWy6xhdJ1P4ZNPHZYSz6gFBhe4DYHYGdSAeDl2SE4Zg0UsxG1BqwV1LiMJiwtUG+teSXcn1bfs8NT0piptaSsqo9X4ihryOf3njcmDSbUBbJkHZWBznLSCsAiWFeZYhA8C9kxr4vDT4ZAQ7Dq6O6pQH\/GTqK6jRwjwVwcDImL8TE09j9qomwL75y\/zgiG0o2sddUUjSz17TbWoRYpZZwto2Ah9QLIQBnUDMYvKx41ezlF+NZkSsdV7K2REOWveLmxqNKlDYOFEK9Ty4uTznUy1Forx8IH6x\/gebIbKYT4cT4KwuUXtDu\/jZbQcE1rvOw3ujQNG8J2pDR4hgDwLsD5ZZD+T3X8O4i6NeVR56eCtBCeJR+SqLfVAtohxnlurois8W21eQUW6dwDykR8nvmiMVaCIPtthVgre52ozDUJcpHb84l7FDZfKwGWQD4qwBj0n8nj5a4hxwhEG2p5UfFygaTjj9tKLCSyy\/949bGTn6v2WjJSkRJr2fdvxXjvNXsNJrte802OaGqAXPWdIo1ZOk3OJXMR0PGqC8Q3FqyKMazvavJqRXQlmglj1H6zcXqOS0g0dlEffAcyQoxaMSaxc0vAA19WdfkEwldO\/oW21\/w5x1iezrKB5mOfH\/FMcrzwCUp8VKepDUHgEMhljEmSwSrc4Igs5zYdlAn7OKp6EYBrlpNVr6zpszZHIBD1rzrQ8e4iAAzEus6XnxllCGGSW20FkRkOX86CGwlf3rsfs07614cQOzzeUEYWAedSXdhqbXlOAzFKpi8sthg5dBr8rkMVS1WX2zbK2Odl0G1j27l4wp3mh4jWT16sLMfe7BSi39lg6\/WNG1dfTuMLcONQOdbYrE1O5wvd4nTUJhQAIP57TuLUGVNfZJwYf5guxoXYD8rVycfTpCtLWRemDYHyavowTxxPNX0UT2sK8ZehiULm84ARCUEuPcOEmsBCi74qgIRXxPdFGWmhSZzD0JCg5XlM5JAijCC3H3C9iZ5i01JsoWSBB9Hmqnu1DRK\/JJAe61eOLRNIx7PrMv89Gr\/6XR69679QY+aDd\/j+nCSKSjJ5Lm34dqJTZkEVBZVX6xfGSGEnhtmWuWY\/vYN6QCT+28pfM\/SXELXCbMPk2+xMGTLHLh1\/HkxrRplztGkJc1QKOoo5yHnb\/Mhf4FyXhJBot3TRpV\/6j\/cwhhRr5Dz4YxTGU\/+7nGZRTqDw+CEiBE+77IwveUZQIVTeQ9FoauQcu0Nu2VodEaCZTQvAVkT2+TOHRPRxgUxkYR738iDMODpBPd358TUJKB4XuJNTggF5\/DU7LzCwhh\/d+fY1Ozsy\/cJ72\/vAlXT7C\/52Xx9W1hyR3WKnawckK6vXbSicCMQ9qYgCPKcu0bZMrGJ84fIdubWt+2O7VFMG4bBVGWP0ytv3zcd2FsFHjqHuopxaQpWxxADYiyaJPQ0LVoQUwuygmVPEIt7M1KyVhKiFrN9\/I6MzwnhnNS0jxQ5+IoZ80C+1U9DHiBCmIHflSV4W5bX68wVB2BOTzPcATpA\/97DGFAGtWDlFEbbHZ9PnSm3BTIR+\/Wc1JT4FraaNkW8QczPvdN82N1oQlXMHDhBg0OX\/wC1Ui0PLcOo+QkutYwCbv2LpMtvqYMMDDPutuwcYQqqE\/ntIFlRXJ4yRvslU1EzYfRFWAWXVmRH9Pp6Fg8lpTNPywQak6XwP8uAcmKePOm3K4eCfrFTmY\/2x7VX416gU+liLFJUjfLbRfFWASSlPfP3d8C0yAKEnOwWAihLOe6d3xA2mcYqeDAgDfzvMBWOSIkrK5yplrTL88Cxo69yDIJESwfM2sXSbKI4xd6ywW0zQZY0VLbkxkD2sqFJxDXhZ8PT0jpWWdLcu+wkg4odhjblnoPUaZ7\/sUR2lOlMOicpbGca92VnjP1qu1ZD\/RM\/JdCtd5R0dcWMfO2FXZLGN9FdDeICrLncwSwCPgAbhbgYq8bSauxraA02S8FDEIsj95pHiRZiMH2NpXCyPJ2Glg9ZpWOGMFk31tOZjAeexgUaa9E9WDPYk3euEj6oB5cgQSL+DrjGEPIIYZv8Cz\/NxiZ4k+SR6ifjU+LV2Ds8f1EMgw483wT6ehuafnOys7bU1gZJAuFTVfXoiHW4Wc6lLFhehJH\/E8d5s6QjFip7hnu8iX+fYISZJKEhanZMQRNgWNRY+N0ovdW8zNQHJPYW4HJ8oq0Dzk8hUp1nPWEATc3pAsltbA9\/XGwPUerOD4epxfQwUA7wnDPCkFjDkERAubeVzjqHKvwgZhgxAjMQ3nfRw\/qkM0Gw0Jvx8pxQQRnmgZIzuEwAXT6TvX4Me8ZF7FIZwx\/Bt3bGFmAw8LMDWENkYAngieYxwY3oE0z3+mE9Yt7VK8xSseHsLRS1TsPUKFW16150rvwYnBctwDTFhsUNq2NVelchKNuaKnHkMotkntYDmKokz5cKgGyYgXTE6TpUw42EtSWIVjLvzmIGucVfaJPB+VwWX+hPP2ObqFIQO3KRlYaN6f4Vsbgx71XzjuXB4YGZYSFlo7SpGo059Nl+oQ6wrXFz38YRISYHCj4WOfQtPccEQd0gNGNRERbA+XRwV\/jxnS35nxrng0sw40VWeWFYTw0ckCRAgxyxgSzyCX1m8vZyP1KiH\/rPc2gtD0oSutRAKWxPAjwy2799cd65DGTgmOm8WiO2gDkPg3V+2zm31gBCqx4WqNOUOgNaz+4cE5aGmQc3lD9JP7C893GL3rv8atUAvCt0WA6Z2qUfO+FKWl3oze2pP05hIwOBnO2s2SqpSEAdJvykh5tWUifIbdqEINbMdbti0RiOyElXa2aFXXeloZx6h7x4PMvI6+PBqJdWy+GkEPGHU+cb9Icyrejas6pqxx\/or9VP+tdqBc+Ks98hCK0YSxFN3x5x1JN1yMyU3CB6MXFOF\/3N7BHoVQ7pESElojv0sliX5iP5nZJldSiRoWhwBAz6o3iGIiRncG2BkNRv3yEWpYjqah5Q8mcodW9czWTrYLLEIvrgzH8kKL+11kcDAobvYNyX5hwKwqblG+JPmyFgJmRGfIm7xk76AGZa9XLSbV5iBQs6h6RxfKhiLcHW2DFFeO3ERRwpEt0\/INO9WATEBiA4UH+UJUHajlnQPKwUkcODDaVSDTAPhXi\/YjUJo+FWk5TYujsnCNpxeJiYRx6359RkEmKKRfSNwsqKDrKVPUNphCvLBejNjF5b7Co5ZBjgWThPuBbfOXdqTTe1ImBpaoltEl4mTCnTUcIsh61JiuIw+AkDGi2GWYXenCkEmyb2rIGK1WTIH\/oXQEGHYwMg1ByG2LcUnr7Ij4ZNfe4lLxW1RhQP51gK8ve0FWd9rWcg+4V58d7naav5HwJa3fpg+aDCaD04\/O23\/\/iX7r\/e22m1D3\/7cHVzLcsJ8pT+y91mUqtur3kdF6Dd\/ded1k7\/t99+I3uHtL+NLi1ZwQcZRTT\/ZZMaEoT\/iwSfRGdwQks\/kEo2POua\/2wR9BjjcKgVdSEsmYLUh1WRtZngIIrTaVJo58Wz+bZsxohCz3CUfQ0pcdKEsQ1ad7dnzd\/yBv\/BzzfvtWQW+T7\/mMu2sn2vVe4g1sffUOuGo1smo4Fq4f6j+6+s3W8P8MSGP72HtQfVJuNceYpJ9uhE\/2rBEdyjxvElLaEqQCXAB9Wk4BLCaIym54oiTq7iPV5SM3KWpSPqNcY1Dut\/EEW0rrpxlQi59TnUtv6YnTQBCjUfyWesLLeHOP1qeBhi+jUH2t6KXpMZlv9cCz1zpV5yo5LClWAhns1ePKMkHD\/JpcvVRhDjQyhC+EqtEpJOeQ8octF1JjFrlszcZGihuOzShFhY9qDyqJgseCq3Ws4MUIFuUn4t"} +02264{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1226,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385140959776,"flow_dst_last_pkt_time":1654385142015753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1625,"flow_dst_tot_l4_payload_len":79973,"midstream":1,"thread_ts_usec":1654385142015753,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":331,"avg":84919.3,"max":408625,"stddev":132393.4,"var":17528006656.0,"ent":3.3,"data": [380392,4573,408625,215737,457,986,1014,178521,331,482,379636,185383,1426,654,331743,5741,174159,6079,334,924,170502,413,6008,1070,341,710,169481,463,585,5307,422]},"pktlen": {"min":476,"avg":2601.9,"max":8692,"stddev":2200.3,"var":4841425.0,"ent":4.6,"data": [817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12]},"directions": [0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.859029770,7.746788025,7.815745831,5.897830009,7.640064240,7.862792492,7.967751980,7.950705051,7.860798836,7.868959904,7.893837929,5.886357784,7.845828056,7.976538658,7.857397079,7.933415890,7.973951340,7.934168339,7.877964020,7.860165596,7.967057228,7.876602173,7.849090099,7.929278374,7.849063396,7.848120213,7.928964138,7.852302074,7.863938808,7.928197861,7.863379478,7.881860733]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142293700,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1654385142293700,"pkt":"tKXvZygQnLbQ0+MzCABFAAItm2FAAEAGvpfAqAJ+dxykj8qwAFA1Ocr3U6+amlAYAfbg8QAAR0VUIC9xem9uZS9vcGVuYXBpL3FjLTEuMC4xLmpzIEhUVFAvMS4xDQpIb3N0OiBxem9uZXN0eWxlLmd0aW1nLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142293700,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"qzonestyle.gtimg.cn","domainame":"qzonestyle.gtimg.cn","http": {"url":"qzonestyle.gtimg.cn\/qzone\/openapi\/qc-1.0.1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142780674,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_usec":1654385142780674,"pkt":"tKXvZygQnLbQ0+MzCABFAAI8ibZAAEAGosLAqAJ+jvq6IpXSAFAyVi4yuWM9GIAYAfYOcgAAAQEICmpGcc7084qxR0VUIC9wYWdlYWQvc2hvd19hZHMuanMgSFRUUC8xLjENCkhvc3Q6IHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142780674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385142780674,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","domainame":"pagead2.googlesyndication.com","http": {"url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142822486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385142822486,"pkt":"nLbQ0+MztKXvZygQCABFAAW++zYAADsGcsCO+roiwKgCfgBQldK5Y27yMlYwOoAYAQVIgQAAAQEICvTzitlqRnHO54B5x8bkMcj5rKNoQVor\/BQm3SPhmDDpDadH0sdUWEzHsJJG991J7GNcFmCfxsiCjLv8IWZo8ULPdOfCMeRMHHcaL4h1aKboaPInsYMSW5QQo\/JCypuKRdiaRrzY2sbGM\/MaXYMUvlY4IMPTWRAEu7PZrqdtp71d2OBq619OgHIbAeKGBf4Bk3Id+7\/Im81abelC9otiLtO5YiawFAcj5R83pbWUcSiA76rl5Zm5g+uGECfDCS0WsSYMIje33Kz7B\/CQHCjw+nh4lksNr3TtgeW4\/7JajIFAnfl17iI5bMpgNpVCgF9JYXCeHhfCCyiGI\/A3u+npcQq4MpT1eNV1\/saxKMf5Qld4T4rFFSIEwfgCG6P2ha33lVMWBaSFxO\/Mz+reiumYzQALP+eugpm6Q068chVxjvG91RjkLubAMoQDS\/mM4KwKspbzcHmHS8I3JKFhcges1eYj\/zbOWRn\/zLtgiQYZGgjfr8jKeNbuiqxLnvV9AR7EGSgXQt6gokwf+DutNqkLpb2FuyF5RXWlXYorjBev0MFJGfrmGtJd0nmEt8TAsc6HgqosNCWIgBZ\/EIx94x7v5p1LZ37xY5yDfD7teu0ZnLVzreCO3cRT6kfODUmHBwAbkYP39RCb6OD9O8RxxhjjnTrNrfxSTwe\/9Ap\/jCq3bGHW9OQ8Gm5fmTRUVwTYDyvfTZbEUP\/xOjLeI963wruwl+uBpHGIGjekHuK8l0SLl0g6pAb4F+iQWhtJFEsIVUiT+yWC6SNbe7EQQW4hgL7iTEmA0hdpq08vOQHZVq3u6M\/V+efq\/HNQ1sIp5t5lAUlbZrMHcijjYEukGH\/U1y1\/R9E10r2UGy1kBD6G7ldf3OBf3EDOMPJ3eWBdLh3BKN08SgKpcwBGu466yzavc4caXSXxKBb1cwUyYZLjMYcjDi09P3XFJ0SsXpzC75HdI3sX+AqtSARtclGx0X+hBBJhsyP41pofAbHoV40IDXhlkAqu2Xvp971SqecErV5bCH\/65Z7X9UlSrUeC\/VajwtN\/Mh2OP5AWY\/KrPPEpbXBTrhGP0\/drXl9b1ZRKfRkpIsBIEQOUVOEJSRKrx5tv9cs8CLA7IDFWlQPElS8mbTe\/FO4uBUzpai\/4e6NjNEkD\/x4ZgoFXLg94l\/agS4O2twbkzdeIG7LuYbfwHO76ewTIlFAsrsEvBrnz9wTTNN\/TnzpUn8JQ1\/dtrIKxXa74vBeLh9AgfuxeiMxuaBTfIvvK5V+5AaCmLu378MinCP1sJLxucnjd5DsEaHLL3ecT8g2W\/QHKN26grKg3503SO2\/2OxCu\/F1Q5f3Ice+Y\/x0VdO51gA8bbfeGHjbb3hWyAHeoW70q+XcMrdEd7zrg79b6uuXC73UAFURSwyrdBEIN+jX2rzjIfyW+4pvf+uZSH7\/Gc2MTbvFBbbX9b16PX1pRGaInNqfGLtHsUG8B3BtmqQeBlhpWHPYRpVnuOJzeNZgLCARxEVRyaWKKRTH2+XLDXc12oMveqHL3C+SNepipqTSMcGdGzahhXQ+6QOkPgJRGSQjkWV4Ihw5zcw7g5EwAxblTAQnq5qbS8j42+Sd9fHqM7rDAaAi435TSllIRWgNcggISMZTiMSn2Xq4iffhytWQiEe38ThBxbwfdFoJzj+0YwbO5hgM40IsBqTiUXYLH1oBFcUKfLbjQ2EIyfrFeqTy9WHdaf1+sN9pPGxdRyW42KrOLgfPUuaivc68Az\/QdWL8YFJ6SM8LAMjT6K72yfsZLGjwMPCc9x8WNKfLmVin651eeKG0Byt5g4BaGw1+4KUXMDq\/IbxY5Z52DnCKBtwYfZtEkuOdMA4d5p8DNe3HW0cb5kRtcmr+82eVnLKJN8C7lbnah\/f\/T\/hnL61q0OUO8Mqo="} +04381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142845976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385142845976,"pkt":"nLbQ0+MztKXvZygQCABFAAtI+z0AADsGbS+O+roiwKgCfgBQldK5Y3R8MlYwOoAYAQUXfgAAAQEICvTzivJqRnH4pI5HyS0AYhnjQ\/uM5bjVvdjTZUjnqR0eArR6Be4a1wlGx7sAYKbldp5x+4IB7EuNMmGKaDrhBGhnYSaYzZrRF42BrogKrXtwaM6IhhfzBp54pTv5mxi1Vq9j6Sj+JkZH8edt9wgeNtxNd6vtvoXHbfcZD7n0Lvbexf7DJ9aouvusseG+Yo1N94A1tjgH\/j7238WVfeYe08Mr5p7QwwEzNKvL68eaaywX0ixejNW1VvuVX0granODrtiMbh8LsjjmjjFVIprX1CWWhg7qrxxkUBgrmJQ6j6MULhjinsYyyhrGtKm5PH41RvFS4mIYIjSJl1pQEMXQD4LVF1Us08JQLyJlo6NiK6uQyqLIR1SJIJVAyRv55Gr+3qrT3MgoOM8R4tWGjOoZitbfxw3h8YUG3RtUSljx8O8cxw2RubmceaIyt8zMuZLPiDA6gU83k1EwKG6JrCxDEWtxNoD0rV1mH\/NYtEoxq65nBCrYnPpNY9HX1mJPWi7FmLllQgRRwrU6JTEf4xo9g2ealbex03yGkYNE+LWlCYLxM59i7W2bdbapzuJkPNq4nBhmTIwZ7HM7B8AIU9jlF\/7CDW5rCNS4yU\/VtT8x3t7NI0tF8sKQQPT9mYSR+KXo43OVsiNSagq+CO8UiwcxhfQh6l5ohfHWIeEnJSpVG4u9onh2uW7JILC12lLhFWXnc8N44Sw27UTxst41QNTwV+xYU892vhrHfSIcd65w3CfAZ5tGKIzPy9Wwwuc4p8r\/srrxb9T4F9X4N2gccOZ3+Km5ddhGhDm1mpqf6ZUTySUzhPOVbgDchl65OalowWeIcCWnGmDka3MOWGLg1gXmPHiEOTcMIXI34AWOKdKmQzVIfGbcoKyOvVbbJR0l8+9sZoaQYfKS4LWI39QMxb41wsq3uaszHXj3xcXNrtl+\/NhQEvyYvCjGTlpx5VvljLV9\/BVzo0K+uomDOj70hNX+XJhV4UdqltzbraCdMzEMEyU2zJnkkiLZWU5C3bJUE3\/8cHZuucEwum8ErlY4k4XujuSv8srnYT9bUi0vK6LnxjV43BXl6\/H7N0CLnnLtPhDqw1E8sEUPKHoeWqyjeCpvvRIlK5X+YdIIpPDOoDprBxtaWhdISZ8UYQtTjCgxRJ4nuZhaXFq4EvaEQMxjuWu5AyF6FBXgFXcJc2RYo3xpIY5DUU2Glo2X9r+zWBihZiX2a2QEH\/CRBXJYjlerovJNyUabAltDEgYkRVE13ns4vMaLiVMYENSc8LsQMS3EO0sbQkNFVeylEgATyEDl3O7iZCW6SRIKY5bkUFMnydnSU3TEWi6wdJovQbEI67kSl\/kSFBV2M1eiu6KNrVyJXr4ExYjdzpXoL48Kx9On8fRNCHq\/wk3xDa9SywcRHKz4an70wxUl8qMfre7XKJFoPUmQLiZy+Coh1G4g9fHqtZrQWo3zazVdXfaayk7V9yYJD9gEGXSe3CTyPDFPrtvV3b6lZm7N6cTbOVnnDDAj1NsfjsdxD20IH5\/ken6S7wyEgYjnNpGI9CuGiduUQbS+wVEAs5Q78+6TR4PCYlMRckeNSKIVJnUKocQ4kbaOUQYzQl8BTF9kOy9r68JLVvPOST4gHhffAiAAtOBH+3gZMN4FH\/gAtbA9YA8BgF\/y3BhNtlwgRlIKeIsnCBS8w456wH4Ui3iMVy7dXQ5YivxPZrMN\/oMUaUI2m2h40Y81vuqome5U3tsYJjPF32Lxjd2hWUf7QDjUmRQupWj+XzWMMCisX2WSZsnUVO3uqSFzv47KUHJHOKRxAiOAPRsT5MMpTJH+NnAKgCw\/Re6khvgvkssb+V8xcOgzLLE0ZhT45BwMEmk\/fYrN1lyte5Y4+3VkCz8nT5SquzrCNCVsu2hnYUDdeyNARsgsLtMJyWIx75RiB\/qaUijgcSBVboGY5puilf1EHUvSCiv1bdZ6H2PkdfQBkg8n4kHYR75K\/PW\/MeyeDK9hJXCAx6bF44GYiwUKXJG+xCTVgEIURHE9l1HXGRu5jA2dsZ3L2KYM4VBm0tcGFX2oyRllBMwVoI\/18oO4BCXPPSBPs7HY74\/8TpKFTptFVYeJodt8pLc4v6+TBQ089vhVIrqMa6VMO4Sia8Jx2hlgM5ISrkxWvjTW69evDs\/O3nErIzUVRA2S6w1qOxcdCB7meY+MN8ZO4zssh9SqjchN3NR7bx8lTuUSrzbiJIOd+koZpzOVe1+C7qYIyc20QWhoXDmLp45I9WL\/dWIbcYNjpFklD4c3SAX+W+T88NGMdlEIxXb4gloteH7H8Zh\/iDcHslxsea7pN0yH3xl4\/729D10m4zIlT4gDm4QlwCxtOavkG8C\/fUI88joGaMIzN3\/fyCdEPOcoaZnrFIYpmwZqO0q05YS2mtQ2FHoP82k7ZiPj8gR1\/EgBAaxfbdlicyE2wLGqliORq0AhMxGR14aG6i4vpaaR4lRiSKbAlGedLHQCYWgj3wfLauRj7H9Y3YNWWxudQSvb7mJs\/rcmC8jhLGvRBe36JX+\/xMfElBG9JfhYYbMr4QkhOprnZusv47xF9axxOQTMLbdWEMaasGx\/MoA880Tkakr4cMfx6PpJlSnUPn0Uo\/QQ07kDHzBsz+UhU4X+68q9d\/eEBkvstT25167EXksRCWAMdbnfRP69f0U5A51zL4KhAune3GtgTIbGA9fXTROJMfsKY54F9hUg9JvEHTjmrap1nlNfztngORvLOds8ZzOXI7FlX8qVpQzpLyy75R4C7exfoSDp0Bc6yhvv0F8ThnH2jcI2nbYzm63d4OmJ450fKvNfPp03sv6+d6Pr7y\/O4GxW+GNtX7VyUyxqsz+8n0BUcPfRpAIKdaAGPk+wuqv2KC\/A2xSN8XIiCYsP3FbbcYFEMdL5aklTdsfrtgZtv6f4ffRPczw7UcYsknACIguIpBCRs7j8BDVe0sxCS0xX7IY8UEYmZQVoNcKwH+dIXOFRbMcIoUh28lCheGe2zTcN6cm0bCsxLCACeypCfrlWN76fyFC3Ik1sXQPH6j0u\/dtyjZ8TFkgCsel7Ll7gBRsdxrNJUjZNsRwrYxkuwkBHNKFE+cRNKo5tQN6f1fO2435RL4D3v8qXuuN+k88bjvtdPsMX\/5TPUJ51xDM0FMjnZ0CPy+fnsOTy+QVQ4vIZL\/VO1Av0qaNe4NOpeoFvZ+pl0yDOTiRKDRcpSGYMHmZqta9i6EpNjVla+iwG5vx\/WED4QcusAyARzmYGnWMQa5eoCHo4sf9M3Pd4A6wHne64x+Ix6Lgn4jHsuB\/EY9pxT8Xjl8Q9TxY8sruiye+JETjJeRAnOpDGvGrUycVVkgwbFUPnUKSPgbwAcNYveO85rx3\/U+1js\/bxQu3kn2qfmLVPFmpnndzAtNqI6ruRf2dDf93j2D3BWMsYtFzKJWMul9RJDt59wmWReksyICc7g4VNCUCEN9PiZaDUEUMU0uFy3gUgs\/CCtHIk3IEf9YfVpSRorVXn5o7td2xlFGcCkSSIltOyFWnpMvvfahuAiHAufap6\/gf7E0bLNptBztBoGNDiB\/vrQiHVrgNEBKwX+iKsEDt8sL89XpFXu1z40uel7vAvcE6tG7vDjnvHcfS1cfXeiJZGXeFlP24L6wNoPZ5L10\/cxSggQOUkzAQ6T14+bneL6ncywsTDpJK5N6jtUHJFH138c5L1boyertj9LPaW3atN\/wBzGPCat5x2PHQt8IYcId7G8FTZZTYKh61w2B\/14mls+f6uafTFovszDO\/WhNlyGncxCi4v0TRfeJ4Z044l5iS+NA=="} +04408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":4,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142847084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385142847084,"pkt":"nLbQ0+MztKXvZygQCABFAAtI+z8AADsGbS2O+roiwKgCfgBQldK5Y3+QMlYwOoAYAQUXfgAAAQEICvTzivNqRnH4zMI7OYkbfPC7nb\/qbrxU4lZcW2xG8+gsMFrcaq8Zc0O82QwN9YRVYyP2yWxPxYIA2lObZSvDBqdph37uxr\/PUVO0gfR3ZRSM8bjGX4xPCB3bo05UakDbWqPrgNscOg4qYBsqG\/tobNBpJxfzRsS46S2xo2LN2PV0+CMJf4T90Q+gehBmLGG6qY1EuHeLiBymWICweb7IMIsAyWhAIS+W4mKdT5G8zsNgeEOu5F4M6ylJHAFtUc5ewTq4G8V0fe10WIjiSYxBArKfdI0mNVAIrqcYEbJglZRTFbCszbgRLV070rT4nUINVH5A1y2nRMY8kePNwxBv1hadxxAF4noYbajqoEMw9+81TO0VfjwDToem7KbDPfBvOyjPuev49m2n9bztyyUYjeObHyz6Qa4D08mP4B72bwftn6BK68VyQXQ\/QKuZhaJmnIrOSvHsfScnEf7ZyYtW71VAQrzOYitPqu2qgQ25JfGQo\/Jd\/rY73+0YUt8hICYvl5I7LqQZ6i6ZO4qGpHWFI16FnDGnnNjjXdb3v7IomvYwOD+Zj0pTFTMURL6EnU+QF954RpOdaDTeHY16GcZXs4LhsBezQT66hFnCzr2rBnMmMdTuNOQk3OpuytzZzKjSE1G7MILBqjAXOr9Zx9hE\/RHizmvsN0cW1IpKblYbGxoR7ndWcvlbVZQ0LF\/oCqu5aPOlZOapYX1\/o4Qib6Rfzb7U3b3WsnXaSz\/t\/Y6720EZ1\/6jwLLQ6iValkbCjNm1hM7VEnaJQHHFeKwUxKtnvt7k3rLcW7oArsZg54vdWwzOlrP9V\/MbcMfXnKIOKMq0aUd+6kZwRPArvgmx0ZnnA3gDR6ez9gB3dz8MqMTEDyuv3Q63vVhVmwhUCUa+NQ2vB+yGZT26YNntUPaKb244eCHOL2o+Ustj6M2tTTuB1H1Y2W9uZ\/d6DrRvtirUDrXjkMcnxtTh+GQfVjkxlZVGvcf76q3sa80DKkQYru4LE\/FXHY4XrcW1tLTxQZr7VOGP35sYF6NtLiw6Dg5of5QQeDlIWhGhLwdMpHEwsYDq94qaFskWXLOCiTtfGTRNSGEO8xQ1eiHLlJxfUFb58WMaJmyUOWiOql9dxpUpqL6RjswHZEz4cKgCWMd+qcQqb4CMvkFJBF1aR1ZxqNxAVdNwMhU3TNlA\/ci292H7+Q\/ynpEAaNYxitUb8DnIOYoaMb9AJMbAK9Ec0JhrPUWHLOpIaEPr6Mpp0HTUM66gSrXOJvVEgCkklTIjNljV26ruhF6pFGpyKvLRBqiS4Hcns5l6VL1+jwb1QBMaEIReRmQYJQ21gkbO8Iw7KpAFYbEYr\/ny2i8VyiqY69bmCUecdMli4CeOY\/ofz8k\/V+ueUkMPI9jCS4pGYTA0gR5d6K+4zSKoYKjUpkG28RSnIX7V2E\/ps7TOYYUvUhsWlPeGIsgBkTu5DkNY7JwFsovBMHO4HHqYsy16LWh2WKqcVTJXufCwNieoyNviPsbCWCNH+i7EccQv5yg6mM7QaZ5FdPW2EX1F0J248\/PRRD+uii8iwyuSm+mCnN8w+vw3VatmzTedFfGiSDD\/i8YCzpgecT7so12rPt903LfGa51ukn3HUzQC+v1Oog5hjhIv9z1v5C+7Vqttourl2EiAj5wYr5D7wXitO+5H43XDcf\/Sr1Vo+9R4fe64Z8brtuOeG6\/PHPeT8brluJ+NlrewX1\/U+Gt1eP2qXzfhy9\/07NSh7e\/69QUM4k9d+Bl8iqXqdRsGEejXOl7Qm8ovVzehqUjm1mswhli\/QUOJrvnsheN2VGYdMlP1hoPP1Ntz+OQlfwPwqL3Y2HRb1u7PIbtNz09fxTfvT7e3v20fn364rm0\/O3g1CA8\/7t2E7z6wv7LJ6Hz4Ynh9MN16fxPuXQ5OD6+y3b370\/NSPXz15nXt2+Vm9PV29D4+SsMXz9c7R7u7u\/uH8f3bm7DfG7Avm9mH7O0wenN6G\/4c3ryvn95EX95Ovn85mbAvJ+P3\/a1e9GpYPXl1nL3ff9v\/\/uWwGn192zu6HGaf3rwdRf3Dy\/jzSRr0T7NgI937\/uZk79NB7+dRdpt9\/5resq9vt6Ds3cnlt7vjy+7W8Xl3C9oZhbWT2rf+6U3w5XAUZEfb0Zu3te9ntxn7evKJve7dfz\/cS8PBKdQdVcPB517yl+9bLhzgu9ulQbhd7wZvO\/ub2\/ejD7enk5Mv26fdV4P63bNp5zSt3o6eXQYbr6aHh8+GB+l1LU37m+Po+5vv2z+\/3gzefX\/f+xbu9f76dNTf34w2uu+ydDfESXn\/+KREN0E9mnz\/erIFAx19qx9W2ZcX1+\/7JzfB+f8pk2Ptrr94z+rPn8fPjl8dfKpnyfXkcHDcqe3Xjy63r4ds\/fv6fe\/27dHXs8mX5N0GTM7Z0cfgLphuHn16vv3h9dWrg4+Dk8\/j60\/Z8WXybri99WZ9\/6\/b35ya0\/T7xkkvHHyH6fn88\/+oqWmjcXNXbz3ADT35trmxubldr9W3CH32ZTJi14HayS\/qsFuH+nUTkM1Ivm48q77Y3N7YhM1+pdJe1J9tbG8+A1wxlqhjs7pd23zxfAMQ2cTc6nW8ulWilxcbW6bXf5rzvvq1QJksTcgwNovoyu8JBrilYG14ygM\/aAtuKcQS6pmK6Vcs63K5zi+VSqEjNWM54c4Rv86nwFSU4ImDApl\/aAuNhx6yqBG51J1GjNe8vA3xSo2GDNKgAs7G\/h30jbkWUF3jLFatYZB+5sdKOs+4dF4nOSGaGKvwcMCO8XQhsQ8XE17hJRA4IWW7uXbX7zktvGykTX8rFJ7+6Z\/6uhOXbq5Fi4lvoW3n5YRh8wtdW0N\/zRj8PLwcN7oQ3pcWVLQWbt6hC26QvD86OUN\/rChayo91qHKKXUIUq7pGM\/rta4EiukXT7FBnuTOcvo3QnVgZlSTAlPgdfE8WrsdJ8HqcRHMYFi0yChgXgl8KWztBuKJrsY6qlMqY38lsZnI5ZFSyli51McnfxwRUc+K\/x25Alv8WH4jRwJGu\/z0crGer7zzi1j4LHcUL32hGk3w4SBjp7cKtDmrQycJlRIm\/vzgpC4R7AmXwSpGElObyUhHD6V53cZ5UjonfTrAM2uiFpSe+9aT0VvlHwMBLT6wnHiv5Fl7SNBe+5dZLhLcSk\/5OTbxJorF4JR1MH6THbdhWSC6OQwzU3exAWztWAy+di9ABg7+XCMqNOShZL9eh+A5w5sAu0Y0bGJmrWIwqUTZGTff633ZvOp6Np70ZyrOdP+VyRE4z8IF+5ndfeB3cWx03d7sFAfjCVuvQVuus2GqckL5J\/Vu7ZQXDcYRRPxFN9Nm4kw0aVW\/Eoggq4NNwkiGUNcjkNbuJvZtskvGb7Rv0CAg2YGG3Mx5eD6JyOOwNxw26z0bwhHj23PJvRUCq9dh9Ixvg5Tlluu2X8u\/y+QFKXjDDEAanWsz7TqlahHGkdFRUbhNVby0UwdxFjNi9+6PIDkvWD5ijFBUQ6JkKp8htlkx\/4A1bJcHnq8h\/LPpxm0XT1E1yaWmcddKpi9G7Ov0eBe\/q9MduF39\/ZoDDW4QPUhkqICJDCx6BSfMafeQ1+h5g12xyiPpKjF2Bdigc58MmfbD4apR7cTK1GmnJGt1ZpT76q3g9iab65JLXcR765ncG+jsD\/M4g9x2ACG+w4jtjHJfV6PAPDehDffmhAX2o6zwMzA9d6Q9d4Yeu8EPmncNHg2nciccL9w5jhIMrswc\/y6RpQlfRUrd0RZ8u\/DGQH7\/CO7jMNUDdAbTwZ+h1fWNNYVj4Ft+NGIZt6Q=="} +02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":5,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142848049,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385142848049,"pkt":"nLbQ0+MztKXvZygQCABFAAW++0EAADsGcrWO+roiwKgCfgBQldK5Y4qkMlYwOoAQAQWk\/wAAAQEICvTzivVqRnH64CduUrrzAwUTfEXudZ\/vsc\/3ucnBEHf3RtcIAhoxn5N76ljH70R2q+Pet2lOAOXfA8rnYQRU03vY9F6uacS6e0bTHJAaCW97z2j73t2DtvfoGcrf0hDcThujkgDfb3dR2Ej0gihxJ0sgXlf2QR5D8yS0ArLoAGdRGSeOwnfs+UBYIbUxENTGHr9MJpm7IqMrMqI5zD86dtyOcRSAUvYc40YRGvjP1H+wgEu8e1G1MDKkVds2np\/r53pVP29uP7+rbfHnZ3X5bCprUmV1W9tC\/z18gpIvtZ8ovJED47aZCG8qIuGLqqxYRz8UVQbeyOr8uZkIb5S4nUvc5on1XGK9mgu1zJcfZgEdjtgAwLRRcwEks5\/DwZT1GnWU\/E0xbnNj07SjTg3pxKUZ3XU\/NWP\/ZoMvCIePXT11Ofdy5Tlk\/eIyrHzpVXGFN9BkvljEH16pyb\/Eg+JBh3BCqi5XlCPip1iMRlRjLaXNGfeu1RoRft703wiEIuar1Ku8Y340\/2mfuvup450aXY3YY4P6aoqI01U+fNoJcs0OKl+L+bBMB6nU0dyyycceO2cdIAlRyBej7NOTWacx3rN0E+9G+xQ4\/TQOY3iNlGKHQcb1YKrec3U+8\/NSZU5Q2H44HOO1RypxLIpj4sEAj8joaLA7SeJVbUI\/hffaGSoCZU\/NNl5lE2pk7\/7jddDLJmk8Vi1NWedsFIdZkoVc8C8zhBDzMzIy5PEleqK+kPSGDPXsu9GEohKgcgExz2EqhpZF8SnLemoWD7O7OJIB231ln50vvSv1EmcjFsaGObIZ0F8tVZ\/dfT\/Cg+M0RsKRsidqCMjGGBlHkVTkqWpS5YAhjE05bSojl+fIjIAcNMkH29o\/O6thNFKGVDlGg8fHY7zJRVcSY22wCvoyKpQZYAgjQxRqAit9uRL28MZA2vHm1a\/pks+FKQA3TOWEbU4raDfxTyNUJt\/\/qnj674pn\/674MKe3MYw688bXqVO5RFUHRpQ2hLamoeZShd7KCrSGbzmdKf0bb29vBVUBG2ESj28ygFXybRTxv9bT4WRKfyqXEyRU3\/3bBoAUiXvrRN5U6FZ2aOT9v21kCKcH0MX5Zrw4st+m9POO\/7xPDYL5WJwtIopV6Isrgzx+u4WV4H4k\/lOS+PrmTh5diqnbCwQoSxjOndIn8gxTGotAW0It7AWkx\/fwtABssU9QDvhzanORzSN54psPdw28uiGZlkP6ce\/hfToclZEtHUnlUpyDOwOsPhjsQ9UMTbuXOqiv1QFtQgqIM\/P3UoyyoHatiYE+pgsBYxk3jRiOJH1AN2Y1Nxq1beLM7c3nz3dopys\/q02egd8FDPSGTuwdX7zS3ldFt4SogRqgagly8uXQWU92Iof5257k4oGlQe8qtBWS5HICE8EZmR\/jeDICiIJzAe+jCUWDOBWBUuGJlfJQkLKQ5lBoXIQj9HvBaYr9V5EdVW55d4vFNTve8XECLcEZQkeiCkIvHBe3KBsxbyJDnSJej\/gMyT4V\/FGrl1JlPqkkeRZwxxZqajCoLHItp0TphA35\/h5Aww9zATw0FbmBLsQDwNJ4LIrZXb84E+IroQkUzohGQS4esfnNIjPqiGbOeTmyY85fSKE2HU6Woa4ThdC8DHlumKGwIvhenECLBbDlr6dxbmvCXFtpFkXxgJI1Cw6tAMfdY6NJvJDjSJegNeOiljNjTmHjGv5LYmbDZplV7mA678zAEKoW565foU2ZQdQpTJ5osmve4BerxFqRSzOHpgD0ALurWIxs\/cblKwJLAQzJEiIvf6XJp1\/TeIVAEc22A3S7gQk+pwtGkWjF+iWlIPnA6n\/FWYl0nHPZdKrIR9Rwp4LGtp0dPzFvBvv2j\/2SFfO9+iKglJaFaeGOzQDU7xtV5+U="} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385143337063,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"thread_ts_usec":1654385143337063,"pkt":"tKXvZygQnLbQ0+MzCABFAAHZOzFAAEAG8R7AqAJ+jvq6ro98AFDBsgXgq0aUtoAYAfYOmwAAAQEICoBTPnRMQU2TR0VUIC9hbmFseXRpY3MuanMgSFRUUC8xLjENCkhvc3Q6IHd3dy5nb29nbGUtYW5hbHl0aWNzLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1263,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143337063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385143337063,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","domainame":"www.google-analytics.com","http": {"url":"www.google-analytics.com\/analytics.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +04380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143361109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385143361109,"pkt":"nLbQ0+MztKXvZygQCABFAAtIvVUAADsGqouO+rquwKgCfgBQj3yrRpS2wbIHhYAYAQUYCgAAAQEICkxBTaqAUz50SFRUUC8xLjEgMjAwIE9LDQpTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5OiBtYXgtYWdlPTEwODg2NDAwOyBpbmNsdWRlU3ViRG9tYWluczsgcHJlbG9hZA0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NClNlcnZlcjogR29sZmUyDQpDb250ZW50LUxlbmd0aDogMjAwMDYNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjI6MDc6MzMgR01UDQpFeHBpcmVzOiBTdW4sIDA1IEp1biAyMDIyIDAwOjA3OjMzIEdNVA0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTcyMDANCkFnZTogNDY5MA0KTGFzdC1Nb2RpZmllZDogV2VkLCAxMyBBcHIgMjAyMiAyMTowMjozOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQoNCh+LCAAAAAAAAv+9vXlX27oWN\/w\/n6L49nLtRoQEKG0T3CxKKaVlaAt0CpQl20pICUmaoUBJns\/+7t+WZMtJOMM7nXVKZE2Wpa2tPctvjDrxsNXt+MH9ypOFhUfb3d5dv9W8HD46uVSPttvdwaivHu23or7s3z3aGg0vu\/1BceHR8YfXX5f3W7HqDNTyXqI6w1ajpfqVR1s9GV+q5dViaeHJysJv2X8kZTi8bA3G44FqN0Q7TF8pRRTcy1AWB712a+h7RS+ookEcSlmV9dJ5q\/MoHo+9USdRjVZHJV4YDu96qtt4FBfVrYqP436rNxyP3SffQxdeAe2DaqPb9\/GcVGWxrTrN4eXSkp\/glZetxtAPgmpgC8bj391W8qgUhmFUi8O4npwvLeHvYhgeRT9VPCz2+t1hFyOg3BqKKvgT3k\/0bzTh4V9PfaEdQ\/yIvicKouKlHBzddD70uz3VH975cUBjkvWYOqA\/wUT8cjrImkdoLoNWw5fTPURB0FfDUb+zWKqaRFmPpR+u\/PBrFfr\/cjjsDWrja9lqD7vjxrAXVMb1H5WV2n\/On1BxHYnx4yBYaVUZEP7FAg\/Dm1Yn6d6IkUkUabmH3f6d+B0m3Xh0TY3FTdiRv1tNSfnidmqGfhdlkuz8pmr71FB1VL82m4WqYrEcVKhoOKQxcOnSUu7R97odWnvqVH\/\/HS2O+BM6UH5XPNna3d073A3T1HhcP6+mT\/XyebhY0s23wpVKvbT84rzweEW8yo1axDnYXfIcYAtL1WTTwlU1KRToEylfhZLAxLYIqQUtZqLibqJOP+1td6973Q6+QQF0i33Va8tY+StnhZWm8B55ASDTLPSjKFTFQZuWxy8HxZ\/dVoc7FHEtqszpMZrX3WQidqYWIiJIjMLjYb\/VaaLRsLvfvVH9bTlQ2Cs0XI\/3QNxtexgNbc5etz\/kNG0kWxZu+9lDMB5v+8NiuxtLvCjLr2Zta1Sd0vbNh6PrCAtevOwOhh15rUx5xe2Gnqlr3wNgUyfZC2vPSxXOHeSz19fXKp4XBFRI3fJ7sfHSl4ROejxecN5lc7NZ3BLU0\/T0mKV5zeChkUn+h\/b26ykgEolQGjoa+Vmr\/s1aDG5aw\/iSCu5jynnkjfrti073otGXTew3r5KEnleVS0v0UX3VMGgPySLtUXV7RGv5H4IYAtaXSU2XVEyFwSgaDPt+SST0Ihkm1aiv5FVVvygFgIoMG7kSntYKNoWdsL+ar2rMY1r5cXNzc5Y8OSuuMBYnlEf4MKEtgMXBBtODQY7ZUTSo3IAARfTaaeCZhpBGDjAaKTzkO5PDS+qsiF8DCC5U\/PExId6KhixTJ5uvclDLsitUrZA9Vh1ssUJ7v7QZ+glQT5AuiKxbpLFcPtengpNB6xlwJ3q7ow935L9Gqn+np3+gZD++TCffq3mY\/qriGX1FgKcsQOa7ULeEaQcEm7qb7Puy81mG5RSz1XLDqwDccp9IK5brPoNNhhE5cIb4Hz1EXZ2OezlqD1HNwu\/EbC45Edu549Hm08SnnVW8WXCj4U3Em1xTPlXD38WYXjpUO211zSeIxGcuLS34Eb85lJYqibK1pM8jsiA2UMpwIWLARSHGHEUP7ACDIu55s+nuhd1P9GyTAq0ruhNhe6pIkUJWLPQSUx2dEJjNCpMWl4JRZcTwP5lU7Rc\/2vUzYkKGb0WEszGmsyrOzqoCjT+qgxg5D2OL0KJJ2seer6eN9sDWq+3XO2923+69e79\/cHj04eOn45PTz1++fvtOcFCgBc5Nf8ErlVfX1p9uPHv+YvnCs13LAkHVBD2+Fe+yob7H8rwN347H9MLqu\/DdeEyjTw\/YKKyfT488LoRremxJGBcyIBWKHlezR1rPYnwp+9t0Rm4NifgSzRD4z80rEJVREpehms5fRf5V2Hj5crXaCP3G0lqwubk+br58uV5thn5zqfyUMlbHly9fblQvl8KNtSohDf8y3FgXtNf9JiWw54q90eDSf1u\/Ohdv6w38aeLPJVF\/ds7NLqdjeiGdlkgyQZg++ld6RV1qQ89Bx3wljRrkh+iF7+qdcxzgnVG7vRj2LB3RQ97iyo\/62eDsVpbOnzxeKQ7VYOh3gmB42e\/ePNrp9+kV3mnnqtO9wRgGamP9keoQkUHo9pEcPsKLKkRyd4KqHf7V5OHVo33i4dipVi1ZFPnL5YBWJvJLWI7Ip1mi6edfjG9jnQ5rotyXy\/Sr7NBjrLlG+sVGv3u9bVbKV1gCWiNqvLG+GDZpiz5Qs0Grt7S6XsIKrgYCtS8frt3c3NxYKr+g5Q0Cop4YK+zz34PQnPNHLqmpN0pM53yYSILXQx\/HbVqhSQSk3ywOZb+piIlpFgf92CCh8fh+QsSCylWO\/rIyr2NMR0lrGNzf+t51dzRQRIt3aK6DKmVcqbtRzz7QiXXdGnpEe1Q17fH25GD\/Tbd\/bfrMWJ2irlr9uwruh0c+GD5a8WIs2239MKnqwYG2nogPc8kgGd6jQSTjK8J2SZeYlc6gEgl7cFRWaf1jwQiVn2NBQHU9qCRiQGjxLbCmmlRpnosggvtgNgZ6r0mazo8zBHxGsefb0MwTbmwQjDY2kww3NvSaEsLApl24xJxfhosx1oMHEsjK\/WXYLJqh89xehVJ0wsVFWjIzRm5GYNYZj6\/oFPk9h9AM7Mh6NIbe5qUdQ482M1rXe8QcD4ayE4Mb\/qSaO7e94N6U6A18FQQ0FuII+Uylg3Oi2nQKUx2iPK5SmgMNiErqLC1RNre2JTMd0EN5goHjE9NFEJZttiV2tWqrlTK2MdPZ174SzaJdXR8byGxj5RxRh+muudfbKwqHxWa322yri6FsXiRyKKszOaHDuMtKROfvbKOIEGKzDaI6ctaZUDKdgtlzpX4+EahI7Ex2+vFIlAxX\/OKTWnD2JPsJVkQD+fUfxD0XAv+sVv9B\/HRQ8\/9DhbWV7Ms+ObRKR92YJfM97sv\/MV4KiFYseCF1tUQdLNXQOyF\/vPpkml1mJEpHYMI4NXlYMED0u8N5VvU8EcgRJahC\/tHHAVJevctSjkda2HEOAkfRIW7IapCjsd5LCdE6OvXeN6UEsbSihOzMsfUEohz7NnAyhPRvexdeISJkeCnr0TnNhyD6rkBVC\/VYpD1FQXCedWJXoe6VPXHMbZzSSTU7G4+tOKk+LKaShiLhwP5WEw=="} +02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143362819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385143362819,"pkt":"nLbQ0+MztKXvZygQCABFAAW+vVcAADsGsBOO+rquwKgCfgBQj3yrRp\/KwbIHhYAQAQWF\/QAAAQEICkxBTaqAUz50UOpj1l8TnRcUCYOetK7VH+KNjxqNgRoSXr7hqvuy0xzJJp3ZN8W2SYsDorqKjXaXpjrtxMefIh2IgGTboR+sbJRWyjtrwbLvgGSpEuWHzaiaAG+fVicKt\/p9eeevPt1wT8hSlTJe4oQruFgqJsRUqj5\/qaqKCpIwWSrXkpcvX5Z\/rL14\/nz1xera8\/UKZ1QhSwqTyWQ\/jAj411dfrL\/YeLb64im\/ZIZ2KgRRGFG75z\/26370Y4pECpZWnz49N0vhUzkd11S5FGTgsbahYfUUiPNShv4p5CgtKU7rq+fhT\/yunYdX9Btkm6IlfbspvO23O9vvj08PLna+frh4vXe89Wp\/57XnED8\/\/75yWreNujfZ6tNqEUU\/lYFle9tqXu50hrRf7j7L9kgN\/LoHero1pC0w6itiJK5pFtr0G7WGHTUYUIpQ3xDo\/rPqM7MkvJF8Q\/vIPhNHN7xUHd85EemATgd39S8+5Fo6eCPtL8UBb1zBCrgJEBjxQ\/yfxgSv\/ER4F036pMUSSFHmG8PPPgE9VQIxUVXhjh+LjF+zRIIqXksIHT753AFTsrYS9dBYWmrQKmf90Jx3pK8P94mzlF\/0XgXGCoEYNeMfBfazJMEMfYisr58DcRMkVROWhkSFuJBkNHI2T\/Qae6TbrMRvCKKaGuEXPVrRAEGSCoEbYZPOc4vkGxMazGhpaWQn7XgIVGGQp\/1ebFylT9eIvtAkaX9ImjAptPAgALnnR4JmHTxhgpmEoCXftU\/bxNCMHjA\/fRmmCO\/7PI9JzdDJGp1ww\/4dzx7hu8q9izXWCGeAhzOMkJJWpsKiRvs9SXqky3COtJBoJWXeiGnB2VCGuEzRQlhZlcISNeln7bxqxgDUpDYjer\/CYdSgFsd+k5Zet5klJUCuAAOas\/4qbNaaVnxAaJIOY0ZWTeq3uXllkVWzEK4Sj3pFLNN5SBwRJQo0ruy4pv9iBtMO7Tv3iPhqaU0HShR4qKsQEHmlwbxDxJFhna5S6UZQvaJZWMKZSJSSf1UIWeJruZ3C5STJ1iipLZYridkzDbMEsUb7DcO9eF41DhuAbE1RNmg+sXGIrbR7qKpnDVQBnZvVpNYICZAKxLUYgRPwbjkIKs2QYI3ym\/n8qn0TbRqC9WyzfHPJCO\/N0acDrC5RD0QtHbKYS0tPTns9y77TbvxIMF2mHUZHEJKrlKTNieQakvprD6q\/CMxYsHdCeKYBiXRXmg2YCBlUvmcPkOYH1cV4aekXERBMJJxQQtgqMapARmUhvPmABqVJjXvES4kIfLR0WeaezBad5j+238hPnsSHp3lTIlazuN\/TDlj+DcT\/D1p1LUIClHt6URz1la2WgWS2PNkL72Mru5WhqallRlOgFoi+RkVSU2lGbOXOQzoenoWlpbgoucBiCmp1rYaX3cQuviupxSfQYYnPpkHhhKETsp0cEuIYsPLELpCibT3NNjWs+kOzTeisWWR5e0hjvCegVcOtIU1QNCK06P3GMewRfNIpZBEGsS5EqSezorpWpzcaQog91Qmmmc68y1aSqM6ccrzeI0CZKUjfTjMtCfw7yTa+FIQ0s09ez6gOktyimLmcWgadywvhrETMRzowuIO7o7BcKuG8LBEC1SejWXpJVGaiGND04bvyQ\/q1Cs1DUHu80srOTAenQ3TbpwnCAlWj5eVJHILOByimR0OcShurLBOvALfRV2kBuX4aj7\/R6RVnbKnFrAqYNTtp0y\/icbuAFdHB+CbLE1pHEFQ1CrLdxYyo2wRkea6NGLFX\/VbSVEU5GnbpBJ8jMzjygxxf4x+EKqiuae4GdGD1A1fPqBlsXvCmYnExAQqaBH\/56p4cDCAJGzUvZ0cw9f6E35\/od9ZfO9SZ+XLgs3PoMRdjJP\/m1YYxVdPvBZs="} +04393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143362819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385143362819,"pkt":"nLbQ0+MztKXvZygQCABFAAtIvV0AADsGqoOO+rquwKgCfgBQj3yrRsEGwbIHhYAYAQUYCgAAAQEICkxBTaqAUz50FGOy9nWl1qDXlndvlEQoxoEp6\/IKxyMa87Xtk9FgozfY7ncHg9fsDGPnygDrkAk9pJn4CMTHjH40hyjAp+PmMqlEhxdimXmYIpVk5qNiy1JsGneNuP0hAvOAVIuv6Gu4YMgFp9wxy9M0xrTB\/9ikXCx8ycr1+IHdoyzzA0ILpo1gVfbdKd3RTkVphY210rPVnTU6rZKs0mkv4Zg\/dssSNnqlsuI3bdnMegBh95jf0FZNCSI2N7QvcVb01gWfXPcytjPHOMF2baz4iUPgcsL\/3Zt9xj05fBJnpVud+LLbz\/X9nmdaA+gn\/i5v0PBYoysS\/d7WUB33lEqOnUqmB+peme5v5N2A+IHkU0rAOmPYY+hp8rHEP4TmpM4DeSXe8\/wSEGxd9xzYiJWp0+YmDfOIfXNp0tlYFp49ewbjWdFKWw36OK1\/qhTwdmWc+\/ouQ\/zF7UX5BUBRPzV6bfAA+pdoGQ35IFre6Z5pnKe93Pftc0vmEkY4DD\/qnobu66jasRlZ1Jf8QSf2GV8UNcxD9kn2i5pJjnM57YOkONBIm3X5OJGP9PNAD37AY\/+lx5FgTNIg+Qy2PEz9KWdr8EgsjshN0q1yanwgqqTbIcz4hzHjMRGxUJ069edHimQ1\/JT40SJ9CAATEyqufWfkJf3mSOt8MkFrZummbmPYZrH0g70QhapOjHZ\/J5n2v7E7xapBZZxaw0t2qXjzYX8bLiXulRyl84phfMSbOX5sWlFl1JhW7\/ldwW3FePEYvS69S0ThovbyZZhiQd3iTsKhIozeWLGFlBEPzY2pYmWREGgmccA71J55rsq+VHoZRtoBcyKacyQgxpNsJ+bgq2\/cgLFRfSey4a3ZB2Sv00Cw+Tt+aA0O5aHPlqmlzbjmf\/MjousJv9LvO\/O7Z37fmN+35ve9+d03v5+V\/v1ifr+a329q1h0EIg0YL1T2\/SPhscTAJXWaMdsyIwgmrmKa98VHxZ7qI+Kk5DAhR8UbFV21hh+yzGoU8gLp49NIqnI2hri3xOjmAPdD2WdTxFLmdgK5PiYQFls0SA76wvWWYyrY5QLtYbpP8Djq7XSS5XyO7nVB1t9xZeK1Oyoe6nrmQVeR9T2uYW379GvwzBYLttKbXCXdT64J1XnLdRqK9lg22Pd2sKlI5rfign1bYDjXffpQNf2pn9V5eFjc5\/QXTt9Jejhyo8kbtc3S0rzc4kW7xcK4hwqJwvyqeIoGQ0p\/0+lo6Joovomn8cBRcdjtLYZH+YXFW6z3PNGsDAbaYPWEN2pUbA0+gxTEt4KWYdG6pTpTDcjzzThXUMIz7pUZfqBRf4JRp1ZKVB2fBAd0FjTsxM4XfJsf96MesXI32465XVp6GesocCn2mmfVnQuCzfeR0SCNDjrSNhzATouyuAe7tz0YvNo7BakJPCY2dwjpROKKnjxzQmd3xeRKb8x5ZyW98DVKxmPgTdq87t0csUaIncQSsp5oBlXfVLZFMskKWRWnJZwxoqZexw9jfzYjiQMTFxQf+RYGGci+TYLF0OBQG\/FwZ43tnr4Tw4b44eKjOIWY2RGv3ybCtJm4HY6AkXR3e9BDcOs9onjE8431nafaFZOr\/1R6NPokiVWKiXPo\/pKQojMaqONLHH2zVMlUVGmNhgoK8fJ8yw9n7JfKhhuGb7HQNiHUVjQ51aJULMOrmE+Wb\/RW0Q7b+ukLPVxZiw1xw6lXKoBvvidvisnAWwybtYSdgUba\/Ze+kO8eUGIbB44TQ0wgdiSqcvUhVxdwl4HX94VXoPpXsNaJpWiLKyImbmCQ0FY+on5Yvwaa04V0RhlzYEzHKgjyijzMT9TIz6b4y9k8eXg2hatoaSCkM8+kno+Tfzx\/0s6fMHN08y\/nqBnNmyZJL1ENDnsxEdfyQfv6DjsWWPWK1r\/G1v\/NHT59jTP+djrqK9d2x+MIs4shced\/4BOp+XYaUCLaWAtsUuM7DkHEauazf6Ndsbbhwr6tNm8sstg2sX\/o9Tf1bXXuzvoXsUAvEulHiNl3Bvf8SuuJlWusB8uWuqN5ZMO2JqvaMruU8GtivEg7f49nCH1eYtWuYzYSvIynzVjEt5lONBB\/iQPXuO4LYBSJx6DY4G5NkPYVy2\/EbfA9ZYOkd375hVVTn8Rirk58MVVkfyIwKH4KBG2XtLc\/ujfcHci3oOE4wK+lVI8RTvYTA1Unmb72MtzWABKl\/uAZxDhhB+zSyvBnBl\/V8qaJtuEhzk0mz6nVvd2tMg\/L2RKVBcTc+prMD9LToUNKmKmzL6ABz3VaWJTjcfllaqNBU7hqADQzeKqfm1BUck5oBYSKshENmtOX8LZpK9hbcqs+f0kYtsdjdl3AlihvxinX4Ted2ranZdr\/5SwIA80RYiKEHiysETfhSVgWyMEvYiq8rTTFoBJLJ0xjUAEqSgPY1ahOvSRK51SvOTFsDgc7SbJ4CdqTPpnxLS+vEfSxUM+Qv8mcmaMkB\/bdjX3ahMBms8svtA\/HnJeY7k3znwj6L8oAkCSdg4V3\/no5hRF9zaVuht28G\/\/FFVW8lvQHSAIqaOmE7ZJ2VdsI3CXPq+3iW0RVJY7KTE07qFjirTke6+LNJgIJ1tu4yUHnBBXbsAkW1bS0qulS+iG1pKImNEHzKLR8dDg3NJxf5mAtrWQ24BxHFgaGmIryse74kaTMXpTdOok67Oe8hxABYLcy4rSu4+ScT7Q7adpqNQv7bCz9IxODIw4y4IP56rwYeDamEFCajRyEtHUa4He6ITqv4nBhClsu2tAA3opXLTsB3BAVZDDcs5O3gkt\/s3DV+RtRSyIrCdhi0Zl2bc7HV5U6OIlG8zOeCp97FWfGUTrKXq1cca\/xNC+h5Z7yui3iUh0iYp6BPuvo9DrSPZ1eQ3rE6Y0XuM6uMbf986dZ++cbWfvnz1yz\/6\/WefBez7C+VioKM0dc3h86chF9tzli8DkbldXsCgm+TERll4lYhwYZwvZcIbqeC4IpjnsZZmjmnm\/bjFll8KmCNuKIHieMfBAFfAovOKiihs1e+Q6\/Z1Dc32M\/tgmOioo0qjjXQcSpR7gxzgsMQxOWtalOHHJAXCLI6Be3D3vT8Rhp38FoWAZ\/ZQsLch5RhvTpSayO8ySzUIjJuWZb3sVu3KOce7Rf\/3G2UjkvBCuBeK3yzHAuvrx4H4fOTWiBX68t\/ec88GsVIhBDE7kSMTBrgb4PTXSThxvE81pkEPQqztEq393QEmtPMdI0ML7\/GOa5ron3R0vK7HEUVsINoGHD1SKcFnoSsSpFSZtmxwUQAkTYYLPCNitAqIX1dSyQt8TjLHOzOi4nKf6SggmbNIqQQJ5DMQSENOHtbVegIB074r3YZbEt2SQS1yAbBknFXnvUbHW0hTVNrSQKKrscLZ57JxrnflOyb9McrMyk33ZH\/YF9OGh1RoQI\/aAQnTsR3lV2dWJkUa0iFr+YZJpdVxboHP2O6bm+wuVvP9EdVcG9s216hLilzX3r1Fwk6c1vWOh\/NzXue9XKKi25v7peUMF\/V9eFv1EqzAzlvxsld6X1BVCv8yiaYOd5oO3W9PWf1sDtBB7x1ddu8P54TtRTDfRO+2nwf53dNAHAd2oGwrJYcvbiHPnADTj36Y3jOhH+SoxoXF9eE6VcycS5UEf+9X06fdvH\/At1UvyUvouvF9EK1V\/JA67g72N78xiYkLXNMMnFXyLatOAjUkMN8RsKHLOBLwz3k7CbpJeW\/ZuWkr8zXYScyp0vlMhO8Fp6Y1uUu7GdUE9ciwq+j9twVY2yKvBzIuRe0Tm2LExq1ElamA9YqIKCqQ=="} +02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":5,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143362819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385143362819,"pkt":"nLbQ0+MztKXvZygQCABFAAW+vVgAADsGsBKO+rquwKgCfgBQj3yrRqVUwbIHhYAYAQXF4gAAAQEICkxBTaqAUz50c4JD3QrxLIaVuuu\/67cJfSr3exJUF\/665jD\/cgtuRJguLkY4AYhnJzIQzcBNcyK8Z6KyAhmKFd3QCovYlBNKj3HqE7gQTaezrgnSDDFK3BIEBni2zdNPjenTJoGv9cw0eJfITgFyX2aUEx1ZVSaVsNWisEQkWaa0gBKGmKzlZbsrphgf+jw\/gtRvdeP5+trT9adPg0JS8JPNzfJ6UE2Is13d2Fhbe75WWqeqBAFJLfpB\/NdquRJlVGr1\/yvLisdxjlSEnK24HUqg5En1cezK6NRwTtW61KruXFWW7CpXnJcpDeoEu4Tdo03d3qL4iFC86TFihUjd4ZmjlY3g\/EdY3tyM\/mt4XN2HdJtDJPBXOgUZxYlqNC9bP6\/a151u71d\/MBz9vrm9+5PTK1jKDd2Nx6UUbGQqTi94\/8fT9CZxqcZcYZfBf6sj23fDVjzQAhBxIwE4N1a8tBheyoCelsub\/iXBSbdDp\/ooHnb7BZyYqVJVM8SGZ7rjPu7oTQYgG\/FfvrRKVRtxrRFn+vpUNF8Yp6nHUOF7rNPikzUK72jVvab0xM9Em3yMhtfyrBjUzpLCWZH+PF4RVyiS173l+tlNcfn8fnVVbKxPYNkg6dzm8f5OQog4HscZk\/6O9xIflOAMWCCV5IBJhq8TYCNp2iKdHWzUdNuYKgSp0mY7J3qwti\/jMZXQr5U0mO6IMTRQ6UODPv1yZuT9XcK6V9j3hIUAqNnSp\/K7WbWhZ7My0kxOxNXcqlY8xvKac2\/WKCgVhmipty6GOnsifs3r8ZGFKwnNxqb\/D2Bq2n4g7aoEfbStTgerGMi\/05L+HWCJvpyPBI7mydcK\/gENv3vVUjWbgHId2UTGqH5f9WtZEkUiShExgcWRtRmygFHajKuBLISEnH8QgrBywMvED34wfl9aLa8\/W3++trH+TIvo6IjuJP6snM8PVhYglLMSuCLmcSjncNkHM\/TlNTZyVLxpJcPLsEypSwUUzslBH1RXiuXFKDdfE\/E+9wYw0p1pVvuRI8R\/Yypb1mC2NvbVO3\/1uQPaYj+cJUmYtpw1qZrN8tGAqKCgIvM2VXLWpop5mZT6o2E8gwFRIwQY3ZwtV1aKtXDpv4tn9bNztpY6THRRYeVi+bxQD8\/vS2IVyKbRYGJU7CVzdUDMJDcI3hrhvV4Nbdd3+mm\/ktaPM5COaRJ0PWioHqoyqS5gVqhTg31pm9EcJCe0bwdm1T90CUndWWJoWVrMTARQw346ep1MtOhF8zQHmmY5Vm2Ffbu0NJVBzB+Pv97p0jqfQzKGz682WdrBmVAfNR02ZGkp\/0z8CqqhqefBzCKu+SqEfY+IlpYaViDFXPf\/HrWo4H+FqPA\/73+BaC4tHSa6Aphkava\/R9wZ6jR1nUbGtBwUb\/otemGjUczm1Pc29Sd4RPuowv8eAfCpuaTmL89u1+IVXfzyf0EQVIiJn9lGpjmYKiDK0Buq2+HKT\/lbmhKwUIO7TkzUCCXRfzqCdPUh\/E+Yr+p22l2ZEJktlHlW0FET3S9Y1VCkKYj42+Npvo\/nUSw0oXs4wCSbMQ5e3Z1odj4bbb10LlxOivArYbvhK0WoUBF1ynydiNR8jLxDmM8S\/\/Wo5oGbo8XTolmPpRQz5nfm2MORpnk9jw7ypfF\/xmdntcArvM\/Z8fn14pNC7Ue4WHl8P\/GDMXbe2crZ2XkAHH529rgMYocVSlBJeTCrWg1Dx3iHbXYm4lbOKq09r3Awq5aszjttvJubG0KpNelIn9YJo0xEouYqrtyDCtTRU+LHxuMN+ss6rMxyIS5E1uJLaJMr2gA182t+KvidY\/0q\/sipl1Pf5TBciFIRsFZ9RWzD4+nDHbyhoQOQnxpbwpIpE7MSbk9CPnKu6TyxE1ooi2y4WhaasJoG0pM="} +01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":4,"flow_src_last_pkt_time":1654385144739111,"flow_dst_last_pkt_time":1654385141022202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":1654385144739111,"pkt":"tKXvZygQnLbQ0+MzCABFAAMkPBVAAEAGigbAqAJ+oXUNHbFuAFD4VTHor32p04AYAfV0zwAAAQEICrrGJcyXERizR0VUIC9pbWFnZXMvZGV0YWlsX3JldmlzaW9uL2dvX2hvbWVwYWdlLnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MQ0KDQo="} +01547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_src_last_pkt_time":1654385144741947,"flow_dst_last_pkt_time":1654385141007456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":817,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":817,"pkt_l4_len":783,"thread_ts_usec":1654385144741947,"pkt":"tKXvZygQnLbQ0+MzCABFAAMjlA1AAEAGMg\/AqAJ+oXUNHbFmAFDqwyHzbdxUrIAYAfV0zgAAAQEICrrGJc+XERimR0VUIC9pbWFnZXMvZGV0YWlsX3JldmlzaW9uL2dvX3BheW1lbnQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xDQoNCg=="} +01531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385140963152,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":806,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":806,"pkt_l4_len":772,"thread_ts_usec":1654385144744780,"pkt":"tKXvZygQnLbQ0+MzCABFAAMYAsNAAEAGw2TAqAJ+oXUNHbFMAFBD8zDZwu0\/vYAYAfV0wwAAAQEICrrGJdKXERh6R0VUIC9pbWFnZXMvYm90dG9tZG93bmxvYWQ1LmpwZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MQ0KDQo="} +02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":5,"flow_src_last_pkt_time":1654385144739111,"flow_dst_last_pkt_time":1654385144920275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1413,"pkt_l4_len":1379,"thread_ts_usec":1654385144920275,"pkt":"nLbQ0+MztKXvZygQCABFAAV3lsJAADQGOQahdQ0dwKgCfgBQsW6vfanT+FU02IAYAPc2BAAAAQEICpcRJ+66xiXMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0NCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTAzMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNiBPY3QgMjAyMCAwNzoxMToxMCBHTVQNCkVUYWc6ICI1Zjg5NDc4ZS00MDYiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQ0IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQqJUE5HDQoaCgAAAA1JSERSAAAAQgAAAEIIAwAAANSK8NoAAADnUExURQAAAAAAAAAAAAAAACkpKZ2dnQAAAAAAAAAAAAAAAPPz8zw8PAcHBwAAAAAAAAAAAAAAAAAAAPv7+\/n5+Q0NDQAAAAAAAAAAAPHx8erq6hgYGAAAAAAAAAAAAAAAAAAAAAAAADg4OC4uLhISEujo6L6+vkFBQTMzMwAAAAAAAP39\/e\/v79LS0ri4uN3d3c7OzsvLy8fHx4eHh3d3d2VlZVxcXAAAAAAAAKSkpJWVlZCQkIuLi4KCgm9vb2pqalZWVkVFRfX19ezs7OPj48PDw7Ozs7GxsX19fV9fX1BQUAAAAK+vr\/\/\/\/\/f7PAIAAABMdFJOU4CzAIa825uKsIj6wLV9dRIFrP79tqaRjfn3uHppZE5FLMC+t\/bmwr+gTf747uTy7Ovq1dHLyYEZ3tnY1tPOzcfD+\/f06OLi0srGTOEZ0PxvAAACgklEQVRYw+XYSVPqQBSG4f5ECGgmpjiAgOAADtcZlUFwHm7\/\/99zTzchUkmlIbRVd+G74ix4KqukT7OVILfxtWNbbG6WvfPVcFeCAsKpVViCKjUnRLh1iyXMqruzhFNlS1R1volbmy2VfTslHBKWNJwJ4VbZ0lVdSdSZRnVBOJYOYTlE1JiqjUxmg6mqrTC3ohRAKY2KyxpzhPt7tUFAh0VLeRljKnDeA4x4gYAdFqkNqs2YAfQ41VcZBNjRZwCG\/RY8EvpcdqkwCLBYOA9Dzk\/RBi4loDYIiJZBmvM\/EELQAMjFGQpiwEV\/37jonYzExDsXvQGv8scVsrmExBUXvQIwTxWGgihy0amJ8dg3joSRhJgKB2trBzD3pTEkIyGxLwTOv42HBY1cFneBsMmpzfVkBgkPR76wTsLUeOFU4TowlMJ1gVMvJnZJ8I1dmBe+kc8tKFz4QsT4mGPk8vgIhGM+0\/EuSufSuCFDKdxI4bwUEsg49I2iyuiSUPSFQynM9kTGmTRGyHdjiDY+pXBGwhOPtBUYn2jHEHk8T4WtqEBGE60TTj0jH0MA4iFOWmiSoDIekY0hykirBGqviW0yeijHEB4wHpkKgYxVmKMDxWfBywNo7nGuNIAyCbEZaJGgNFowmKoUVvmcVpFaiCiuTZLDoz8UExFpTJLDOialExJZKiCyosREhqaAMGjI\/BcilUppEiIt4m57kgYx7XcRliZBgK1L2KFDYxelopoolNANHRo74ffnYEtFFO5C700CGuHXVrTJnzz4eeEDtFsJGe1sRDCYNMpyCAkVVywTWtV+YqXRX6z01zv9JVN\/1dVfuPXX\/h++fJC5jc6iVyCd2SuQfzZqGVTZwTpsAAAAAElFTkSuQmCC"} +02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":4,"flow_src_last_pkt_time":1654385144741947,"flow_dst_last_pkt_time":1654385144924301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1456,"pkt_l4_len":1422,"thread_ts_usec":1654385144924301,"pkt":"nLbQ0+MztKXvZygQCABFAAWiSV5AADQGhj+hdQ0dwKgCfgBQsWZt3FSs6sMk4oAYAPflTwAAAQEICpcRJ\/O6xiXPSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0NCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTA3Mw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNiBPY3QgMjAyMCAwNzoxMToxMCBHTVQNCkVUYWc6ICI1Zjg5NDc4ZS00MzEiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQ0IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQqJUE5HDQoaCgAAAA1JSERSAAAAQgAAAEIIAwAAANSK8NoAAADhUExURQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz8\/J+fnw8PDwAAAPf39\/b29rGxsUJCQi8vL\/r6+uvr693d3cPDw6mpqaKioo6Ojnt7e29vbwAAAPT09Obm5uLi4s7OzpKSkoWFhYCAgGBgYCYmJhsbGwAAAPj4+PLy8tLS0r29vaamppiYmGhoaFhYWDk5OSoqKgAAAAAAAAAAANjY2NXV1cjIyLS0tFBQUEtLSyIiItnZ2YqKiv\/\/\/5SN\/dEAAABKdFJOU4CzAKV8dU0FnxKSi4S1ramcl4hkRSz+3LeP+\/viwr799\/Lo393W0c5p+\/Xz7NjU08q8uRn8+u3m39rMyMC9omgT8O\/q48bFu\/DWEpm3YwAAArVJREFUWMPNmNlC4jAUhvOb0gXohmyyCcqiIqK477vO5P0faGortGN7SIdyMd8VF81HzjlJmlO2sUCrqJs5hUlRcptqRQvHLRSGGh0t96jGD4VWjgmkkrIWVRiPbAUejVBxmmMrkTudKwzKIHcYgUJ7ZCuzp\/mKMstA+UthKFkUiuEpVJYJdYNpSjaForEKS0fB4QAvsBgVli6OLY6AmMMTbDKS0pbrOI7rFoo68Dm4aDYGsNkPPAGxrIouRwTz+kx80Y5NwxMo9Lw7N79r\/dpk+D6rH4qAG+Rj+UzMHAfqo8t9sWBbBDRmKLIU6MCs1hBJXIEzOUUODJr+gO7rW791FlXcIp\/CYOPED7x3dI8vrqOKNvJp5tA+954dHwOw4LETVfSBLZmC484zVCcm\/JJM3w7EX1wDJVkmT7pC7L\/Dwxy9iDhT2MuXMeo977EhLGB0IJLY\/oC+PIx+kHfcvwqCsYkCbcijU\/WLOblqxP59cHLX8n8d4YEuC0dLUEwW1emagF0iCop6g1R0UHAx8n8+tz5gFYk4bgRJG7qOqQioHsMhKrpLKy4Bv1wBz0RpbbwImsPhYBwmF0hUWNgXaSEUgPgPFGsIhOMwraFJKBzU0ip2wIl9epzSML6HSy3wZhpB\/9YEX7LN5BwA0CWbXcLQE9Bw7EoNPXPp6ZnH7Fxi2G77k6B5kBZlBFvyGrEkoRzBCsOgQjEvlhr8s1f6JqFPv13fIIXTy7xZRz7VrQp3kp0hBzgjFFfEoavEj43wVVit1S6jqdATBbl4MsL7wC\/gM1zz08T9mYtfGl10Lr6H9drgGHa\/k9lKXNqeQE2oSYhdQkjy0laTLtAOnwu8MaUHCwE8uaKVNVzjszcT2Vuap\/U0VhvaXpb2LnuTubZW18PYWykKY51tv8\/Tv358eJqPXMMnkD8uUl9Uotpa\/wAAAABJRU5ErkJggg=="} +02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":4,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385144929292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385144929292,"pkt":"nLbQ0+MztKXvZygQCABFAAXUIt1AADQGrI6hdQ0dwKgCfgBQsUzC7T+9Q\/MzvYAQAPeoOAAAAQEICpcRJ\/m6xiXSSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0NCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDE2ODM5DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBUdWUsIDI4IFNlcCAyMDIxIDA3OjEwOjA4IEdNVA0KRVRhZzogIjYxNTJiZmQwLTQxYzciDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQ0IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQr\/2P\/gABBKRklGAAEBAAABAAEAAP\/bAIQABgYGBgcGBwgIBwoLCgsKDw4MDA4PFhAREBEQFiIVGRUVGRUiHiQeHB4kHjYqJiYqNj40MjQ+TERETF9aX3x8pwEGBgYGBwYHCAgHCgsKCwoPDgwMDg8WEBEQERAWIhUZFRUZFSIeJB4cHiQeNiomJio2PjQyND5MRERMX1pffHyn\/8IAEQgAZAKAAwEiAAIRAQMRAf\/EABwAAAICAwEBAAAAAAAAAAAAAAAGBQcDBAgCAf\/aAAgBAQAAAAChz4SezBgAH20bEVpnfmHYTub176AAAAAAfA3dTyB9AAPnqSuCcl\/nPS9vYMIAeQOp2tKTtirV099IZ0exdDNpMjf4rai1s9+ffkyYwAPfk+Hz4Hv7jAADY6Ka+ZlvawWRaO6tUBj+\/M2APvwMvazhIasTzRTYPnRc3VjDOpbHOwFCx6fYXSVaWRS0VeKWku8\/FaC5fCXLc92k\/lC2\/NICwguMXZqY+wPPzX19sc+0hkxm5i3orJjAAAuXo6rb\/j8XJ9SASzFE3Y560Xu1mrqcdKdRam9yf0VosyhQt7sXNXRFyqmpW3u4MdYvEA81JvzSnF27DSfKXi9JygoD768B994wADJ9fuxclcu6DYtAc9AAE8y4VzS0\/hO9qrbRwt0jXFx8jfb3XZdzt5Gl+ROj3Mqpug3ao7SzIq7XfQnO6gAB99+t+M8ht6ge\/AdA9K+1XCy7Slwt43vWDXAAAJjr9Vb+ZbzXkBw57viqlu6rlVnFQr64pCiLm3NREqOGbkj3OqAfAAAAAALm1ZHp6XquAvPwvcFY+kJClUQHyYU4WyZLBWDLhbNDDuxftDvgw1K7G9Xq+zQk6usqvJ+tPM3wcczLbrXtjQFuVDoWGtr68AAAXJFo965bBfJKPiknkBzgIvAWdd0bq0F0rl80pacK2ImdoTN9MvFjkuR7jcvPOEg86OOG2M059oS35DRrjo9Bi89yq9k1C6Z4OG5\/Z2xjmJLby\/MGnXHz3RFi9HQts6sXzJVGTGAzXBM6lPdHrs3RLgxuievtVWt03icNqknu0dLnZ9xRSRZtG2\/iwrVpvdRJ3QNQLuHp5CZa5wz84obDnDxO7LyXr55+bufNjiZ7MwpXKqTbHlal648bl\/slJbNxeZvkG94mylrZkVLZra42qc4w6WZYqnlKw4Nzpu66rdvae1SuZac0F8oi7huUNBXsR55qftPaY8Txu\/PnnbCrOdC8OlvWFIj\/AGjrFdxTvEZ2+B3El9gFWyI34lsmTWw2BXe\/p2TgFdBAA9zWCJd03ZnmCTW91x346OY\/upKsyy97+HIHkyfVnjbFLSXYznrRFYx1TKsh5hwAPsln6TsWl+dQD15AD34ACQzxAe\/ADR0bYfn558+POhpZcuz5PnzSyZ66jqjQPrLsdb++Imp+lqmz5VcAAD12K1IFCo4AAAAA1wGmAAWJ1lm84MX3KefPnx88fPnlfrVh"} +02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":5,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385144929644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385144929644,"pkt":"nLbQ0+MztKXvZygQCABFAAXUIt5AADQGrI2hdQ0dwKgCfgBQsUzC7UVdQ\/MzvYAQAPcnSwAAAQEICpcRJ\/m6xiXSbf\/EABwBAAEFAQEBAAAAAAAAAAAAAAABAgMEBgUHCP\/aAAgBAhAAAAC+cm6tiCSpytC9iqACKCKAMR9LL7CVQIs1cj0SUr0Y8hZIyRjoZGqjlGyNbZGqoCcV0DdFBMogsEUySsSF6CK9VkUAACpBVbD2MPtk8w1+F0UVJ970FksdbLWm1O\/nZ49NfcicXi0Y5fQkYyoRdCXxjZee6uDO3e16hHLFn8nfl5dnNX+rvLSrmfL15HPd9RQU3O4uQ3t6OlehVlyG84RyiIyBeLwKlKbh5znI4+m4WKscdq+AQQW3gADHgebY\/NS3q1Somorf\/8QAGwEBAAMBAQEBAAAAAAAAAAAAAAECAwQFBgf\/2gAIAQMQAAAAu6MLU08P4CaR+q6gAARn7Xj3Ce7k25YfBeA+q+yhMTEwCYTIRIbTtlzbZPP36VUhAEpClwrPbfDL7f5Hm9Tj7+ebxTzImNeuq+HRWeTEv09Ot4+flbW986+1xejyW6c8fHHZ2ZxrTqzy83OY7Pab72+DtdPV3+Wm9JhE5wSEy22to6um91vj6i16SAAAd3Vsm9r3w0\/\/xAA7EAABBQACAgECAwUFBwQDAAADAQIEBQYABxESExQVECAhFhcwMTUiI0FVYRgyMzY3QFE0QlNWUldm\/9oACAEBAAEMAPK88r\/rzyvPK8qa6wsprI8KESSW7zd5QkGyzgkAv68\/XnlefrzyvPK88r\/rzyvPK86zP5PZCV3L13tAA314wjxu9muVFizEMqMenh\/KMSPnoqp+N3CCB7SCXxzUqX71Lc7z6ef+0XnleIvPP+nK6wPAktOJg3q9SI9yE9vbzzzzz\/pzzzz+Hnnnnnnn8fPGfq5ETz5qLY9XYR5bU9+fPUakbSx5x456ijSLBURytkEEWzir4BL922NmeZEdGlxlYupRB3ktjCOczz\/pyJaWMRshoJT2I4pHDRHEcv4efw88T83XEQdfj6s0JqfPd5L9oKQtdOL6cF0PTPb\/AFmWi3\/SN3BR76yYKalP1DFWCx95YljytRmp2ctSQZKo5PwG5GEY5WI5MZlMpYVf3SVUjPG1OAycqqKSG+dCLWY3SZK9CWcBn0xhDOJzHfq2LlCSf1ZNGiWOTdDhvkAkPI8JUKNj0XmdY5ZJX\/4ce9rGuc5URNXcJHgzZSr4V3mbSq936k\/D4yfH8no7056v9Ef6O9PwQJ3BcZBPUf4eU55TnlOeU554jCqNxEG5WNRz3Na1qq5Uc1ytciovnnni\/kRpEb8iI5EKUpivKUj3k\/gxIz5MgYWfzyfXtcyMw8oSOWy6+ytgBw3wGidqM3Jz9kSKR3uxF8Ki8Gd8YhVYwaoIpBPaQb3MdmtqZC\/T2REfwdmJyNRJKLxp3eET4FXk\/OU1ipVkgkfIdjRnKNqqqNTyqJ5Tj3ezvKefHnkUoQyRENHacf4+fyAAaQcQAjV5MNmn5ugjwSnUpuAZ4Gn\/AJk+PlXk+AyUxVREQncU+KSfU1w3tef8cRuJOZOURWKevzsym0dq2TXm8xNZaliVEkE6Gx7s1ILKgIN6tccbyhIjmqrXAtQvTwZPVZ8QcGe74nIsbOkb6yWKqeSy4wkX2InmZPdI\/RP7A9pfjsDthRHK8aiSBSFY\/wDR3MJh4mr+4fPfAr1qspRx8W\/MT7eHLA\/oaMMTCv142sucjRTcZGzMK5iRAMxWaze2z0OytQWcTtfGhzd6wsISMg5DI\/U9VAqXFQBP9nz\/APp+bTrBceOtmyLNJcJP9njxyhzPSmjOYFTC+csyH0BClyYclisOf\/Z8UJPRXI7A5CpkVhZN7mLiVyHR50WMlwA0VgyvqspQRNHn5NNmbeI+ZSxbeVp6W3zpWR8ZZwcnrFdfVTntuMhhz6\/KTayRFLFtq\/E1818d8THA5UV+JnzWx2RMbJU2bqC9"} +01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":5,"flow_src_last_pkt_time":1654385144957630,"flow_dst_last_pkt_time":1654385144924301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":819,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":819,"pkt_l4_len":785,"thread_ts_usec":1654385144957630,"pkt":"tKXvZygQnLbQ0+MzCABFAAMllA9AAEAGMgvAqAJ+oXUNHbFmAFDqwyTibdxaGoAYAfV00AAAAQEICrrGJqaXESfzR0VUIC9pbWFnZXMvZGV0YWlsX3JldmlzaW9uL2FjdGlvbl9iYXJfNy5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTENCg0K"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1322,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385145219802,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1654385145219802,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCODJAAEAGpmnAqAJ+DoiIbMDKAFAaK2fhcSXy2YAYAfZcTwAAAQEICh66UtmaCR0vR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzdlMDdkNDQxN2UwZWRjOThkMzI3ZDBkZGZkM2UyMjdhLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385145219802,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145426832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1654385145426832,"pkt":"nLbQ0+MztKXvZygQCABFAAFR7yVAADYG+mYOiIhswKgCfgBQwMpxJfLZGitp74AYAHpi3wAAAQEICpoJHgAeulLZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogNTE0MTANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhhODdiMGI5MmUyNTEwNmMzMjliMDZhZjIwNWQwM2ZlMGMxMzQ0MTYNCg0K"} +02542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145427199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385145427199,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7yZAADYG9eIOiIhswKgCfgBQwMpxJfP2Gitp74AQAHr0DwAAAQEICpoJHgAeulLZUklGRsrIAABXRUJQVlA4IL7IAACwgwKdASqyAToCPm0ukkckIiGoKnYMwQANiWNs4jJjEcRbUIq4meIOWNjdqsESz8mAKOq361AtvR7TyuOV\/FV+nu87n88t7L\/y+wvnw+sX\/mdCD\/3\/RT9Gzq4ehu9bb9w8kHll+e9cv5x9n\/s\/8T+6\/+L+Zr9RyV9nP\/f\/sPUr+gfkP+N\/i\/yV+gP+H\/5PDX9i\/rv\/N6hf51\/YP91\/gf3j+PH9Ltt+h\/4\/\/f\/1PsKe\/H3v\/q\/5X8ofjU+\/\/9X+09ZP3T\/W\/+j3BP6f\/c\/+d\/gPc\/\/veKD+d\/4v7f\/AX\/VP8R\/7v9b7wX+P\/9v95\/v\/XH+v\/6P\/4f6v4Hf6J\/e\/+5\/i\/9R78n\/\/94\/7k\/\/P3kf2u\/+aAeCI79ZBcTyL6FXzyW9028ZWAO9Y8tIvqAIrZhjGagOgbNZzx4a6g3twV75qnqJ5twB\/xSo9lyhWqAukiBEUGyCjsjBRJTgwuYIYsVFniixVPbFltIkOLqUYdE93iFQWbjfQ7rIyOY3O5mgQ2g1BiHiZ9bXVyF0IzVT9VXeN907YTxHk6r5NzA3ch1aLti4lm405dFkbfhla6HiLq7w41FEOShUP3PJLBCrZnBsm0qQk35PgdMzn956e1LpfIDX0FJREMP+uxg3d994VFpfGq86cjUxtVSP\/VQnXBg+DocX7W4D0RyIXgbm8uQ4IzIF2H1sjFucXdojor47tUm9O7eXpNRair3WOKxEZWb\/iXb2Gdx8LFruVjwxae5wQ8X64uRyQlGCU\/MsLFg09o9l7MyDVDZdrr7hCHFleRA42vaN+i4ay+M2WgHNNilmF4lQlpD\/1Da8lz9y5OpfD5ZCskMypGVzwVXUzSXXPcH1xSjpIRnUOSRLgsSqw+WqdbS7avhXOERtYG+yagD03SLlu\/BR\/ZfU\/3gPUWeJZe7VCByIU4208cLe6TVBR15KafU9Q\/xj5lUs9JNPZyUkF56E+AJuZNQBJnlS1a9fO6Diuf3dw3IKITFUh0AdSeLQqpBmoaOhbagSyTYLzhnNCjxfodnJuIkBQlanUOuHTOD+gs05PVNpU3DHxUIfcFt1gasaZ3w1i7zAZSZ63LdYyL9U2tEDVq9IaI2kL0JUh4JlWYuaXYZlW4pCma\/Fdw\/FL\/jAwnb\/BebCkumQFYP1viY59L1oZu5uBXUXUFkbOOnSUg7MPEnnqZjZfMpX0LF0EK4VWYlPgy+y44jS0OUPRSTYo+1AE\/OT+KFCu4C7y\/0unbMhKRion5VmX+5nuPa3a6IcVtwHpZhpAMBfyTfobyM\/iO\/I77R0vOLjKqAf\/fU6WFG4HV+7sPQY02hCYWp+K0qNzoA68F73HIvfAF03DsfxXnu2yp6t2N0K1eVD7O6DfnUmItqYh3PyLZPd5Q\/FLPxQ2pHJVZC4+JG3pg3Dku0is9oPVCW0EgFqU1QhLG95w0MhoSdR370ILv+yujpCB6gPCExiI4GyrfuzXCHzq6CvQmxoFDHDNmRcmg549qdQpED\/RtK9yoBkpxaQ9X\/7hWB5LDO7ZW5tTeh+5UctrqABpjMUqSP997gQPvkdf8NCjy1lYMvVGbDisirszrLGlJOgO3iwZJ0o2P8WQGmUI7PzSPM5Vu4xYpdQj7L372UKH7ioIJNWGWBaj7O3PoZW0hC6TyDtX5M9DRfs8Y61gVLbj287hc1o5LglFp9sXTiZ5OCimSuIzhhbFCbW9ZN2CPHmUCgr\/jteFqfBjH8xDTm01ggd7scl60snvryXBjlpgXsATeRhvUkemJliJ28laLpSLWqqBShAH527w2WjK\/rZ45PZOBjOOIh39ANRjmTK2EMsRJJtZOA8PZ5a\/rb2q1VS8gz50Lm8EcvkppQ6mj6ubw+11r8Mf\/N+U41JXiGxtOmSVZ3lt8bBEKNl8"} +11577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145428273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":8706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":8706,"pkt_l4_len":8672,"thread_ts_usec":1654385145428273,"pkt":"nLbQ0+MztKXvZygQCABFACH07ydAADYG2cEOiIhswKgCfgBQwMpxJfmWGitp74AQAHp8AQAAAQEICpoJHgAeulLZ9DdqhXzrgeb2bcU2Np82iyUZvst76pxGH9KSewtmcufT\/zsCxPmMnaCAXSu+ILZE3nm2HsTrhdV2tfnfb5b2dGk9M6S+9M0mN5fQjglo4dyoRX9uGv\/0ui7fXJmDrW6KyWevaFw1UPZlZxagGZsq\/d3pXloJTSd+e3LbTOhiSRWc7cojWObvEyjug0HW+weeRTaLTXojZ99pRSpGvoJaPyGQKLixbqb3cOlLd7XQcG4bYL4QIkhOW3yFVJap87x948ClwxoW0Ais8wUP2DmjCo4x8k7PkzkRmyTxY+X29yl2q49XkcjSODUFvanaQmYqS\/\/TOxmlW93llVrovSsRgYBoieNh6UXH5Ab8yEdYQg+S9bCtxdsq5h7ZqpYzKXtI75zQLw4nUEwjNoXAkqF3\/hNiLnvHnGg8mogC2aDV51NyUZcFd\/HxawRIs3lMdq3NEZoPPiIGnQMGM+\/Fc45tHC+ANLGY8xDiUFAbrXhRGdfS5Tuf4cLNRTMoVQ8Wx+jPj9d1LElJVQJYIG2CIyTrunSkOvPCfmLZVnJxqUOmNKTjO7HxE80ZqlDaaG7kYKXmK3OZ7dc8+Dfi2qKMV7htubh+bt+dv7TFE5rwe70WBfrky4iP23dMJ51GMayqBsaKj4a5vE3DvP5+U5AbU2HZIL7VQcEfVzkGV33PzVY\/NrA2NTkIoe39tzQYEkvgjgCl0ROmZ1Xn0+SZa\/\/+zBTyejFDNhHX9Kpooba3ulptcCwuQfNeCpeAtdF\/MZnRzeWAHSkIAJNIPzRpCCJXNFeIimW3XyfyE2d7ma5Tp6kuW58Nca2AH9YsL\/\/\/NhTcP\/\/5CEZ\/p8MmLGn3\/wxQaKBMhttegMOUYdFDrTWS2nFe6mCaxtIYqv5nVrrVnpzowN7O8UkkSRHIsdhCUxE4dO5pK7\/iQZnHuwRi\/izVAmnyyQJ6kicrPR4tW+5Tz1rlSNriCR2E4MKxsExB3G6ABDHkrCKN+jvaJeSk9s8P+J7FLclN9RW61fzoNo408h\/9lu9dgMyTOn3y5sZ2g2yXnNavR5KfLrT1K8XaMQwSHpVSRbjG2fOXYtDclmwRsIpZqWjNpIp3EYJ7\/ZSvh6LZuKDZorRAA4Noi4El0Opnt3UFDw7MXY7G+k\/irKzZCisW6yOJ+hey2zrgv7E67OJB\/teGNxknClJ0En2zxd5qq71QXsDcIgUWkx+inT7ekCVi8D+WN88uYBf\/+xvJLYwN1b3RI7jVC0YC16dY34zDKRksGg8wSULv60kStFu6NMAfCYqCr83qJX6ik5ZgC3nU9GApx12Fer1hLqkN4zkWnA6m6hry3wlQxUhUo6IWmqCe+NrFvqOlYj7JmTgyatqATosVBeiyKehxjos+LY6oTmAZxwMY0KB6o1xPhAq5tyD02nZIhS79FDp076sSJju+kKw364fN9srqFhGTZ5n8fp9N1dWZI4KfF33\/r3Lp\/ysI2ecy\/ZUBEwlGvEQKxKgebE\/RU9JmCyiET8256GRcjssl7pCpuKwLiRbLxgzYmxHjf4R1atZtLG1aV0\/+BFudUbpB02NHCbUGD4VU8e+bgkbPKENDDV3XVNlRr7Km4sjuksCCXlgy58kmT6F6STtsSZUB1IC9mwWRRR5xta1n2Cg4ILeycGo9Lmw1HlzEUi\/TpaHrNYF3tZ60Kb2Nn+Y1ZDmc7s8toxbvWQ4o5Z8GNRHQWso6oql5Os\/u6N6H8waPcqBGNdy8nKLQ8ENoAKXSE7MjOEsXg335YEIOsxD0avalKqVxqy5yGLWEari9c9n\/37uF9C62rZ6HdSkPEKt8hTAjKHnA7boLiCfEuw\/0YIAYhUVbegalegcOW+RgEoX16zE6SmJE5dQx9yRfA31iPJc3HBdmcC60oowUz6Qq\/HaiWexYH8LjJ4F90H2byID1BfHkTNLW5Gj4MMxHR3wPawrGS002kqHjunV+mwFiFG6D505\/3TZ2rr7D94uIhk4mzC1lhmaVJN5N8BpWqvfq8gj8boVByh1tz\/bjXPidLm9ekLvZPedUOF7AzEr6KhRP\/6lqfmquPbJeXeCvN6Ka59i8RgZpEKoto6dcxe5gudz+IdOaF2ehEG5eMvU1FqiDRejZo70tRG5OYy+4vUxe22Rs9hn8a\/4ZcCG5QJjSaTg19oE3bMUFoXBXkdox3bq2RGzqysZxmI0TKJnyE1c8JVMINsZW5q2sb0VGh+W3AI3t\/S0yn6kJUGk7XHeaA\/TELye57U8gLkDaxwiGaAZe+dCkBiWK9moz9r5pPDj5yXWrnnv6xDSgT8RzKIn8Oa6y2W2KrBM6QXdm36nOlTQakJwOT4Bxrj2xdaUaGz\/oL7VQvBsOAr0X+PYs1KjeZGQz0vWMB3jyqnjweemESegCtUrEc6Nc\/R\/gwTTnWRAiHGv92Ipr\/TecdGzxQAOXM9PMMjM41JoktQk47uu\/xb0q\/vuL+VEWT6CTF0155CBLtSbcuIn4ABIjeSHyXJKsS98TE4FHJLmNr0sGnD3PLVSp89ho4QBjVZT3MgL5+P2AN+DR45jLNWmYMISENNnPmbcckEUUk12YRXl7XzqwmXWPeNblYQcBvlwtcZqaYwCCcHdk9uWm2tTb\/+Phm+Z6DPupaC8I925vkLqcGdgGfvWRJWgD4FFLA\/np4Ls\/f6+e+3\/TqPFQtTqJlVb6S\/cvLgxFb4dpwuEf6ubGVLyY83FIGtu87idnxU1cDyhL\/AqoOfdnHwbnMF3ODmXvmorO6uncKzqV1x3DDKMez23\/kgT1avSCEvZJcWINZhznQcc12zGoDauTrWn9grMhtnsFSxUIAdopwSYgd360mGZ66Nla80SqY0UxLwJQFAf9XyPw1XtAm4uhgLs+hJBHzGq\/1WZTUDcXzxryyjj0oJVCVIA8Iq6jtK0xJ3+VjRkq2uXaFS9nzseW4udb6tXQGjMBa5IafDUWWPW5ILSLwSXfR+3LsLal5D7b+HzBwBiUoVo2LE8uiTAgCSwFrmS5S6skLU1FBj5Lrt74+CV+vYRdE3vkbE\/+5B64HHBNETeXFy9uuAQAbRyZQFjd0NrJs\/IcOpnnFSdB9p2RfdZ5bWuiEwEx8WbXlcmjOtgpVQftZZyCEEapTorD5iXcqAmR68c7h4cuDPLraMwCuNu2ImWlSC3v52Lj3YipkucoXMmzHG6pY9A1fbGM+17YUabPEreadnxgRF9pJWyxe2ndQCnZKAIYmlC1rBJWA1uCMBaulg+VynIya8agJ70YU+eL5HB3qlUB2muiLKJrHV4TZ94a+MObqpS3ZhQ7Z2x3Zv45Ei6NJULdH29e30R0TGV1sNSZ6QXFw2YJCxb39q0QHedkY8NM2eDN16EHl6MZ1JKryQEO+K4KftmrRJCz3hXeI0KzdFaVhkIUDzT2KGWAjNWbbQLkx3s9AkInIS2NH1+BTneaITU+3iRbCKGoHHLbBlM5C4R5qo50ryxJMfxs7HxFMOIpZugdYCOFOph\/5Kg6sx5UTS+vesXqP2K3xgWCKp+Fcw2vJxtInNKqYZMdiW+hYLiKdBEP8Iq0JrWmLUb8HyRVE68TVQXO2WJ91ZhCbNHL0xUxZ6fWtEVOJl6bDEOwhNOGhi0AXmIfVYYmyrboWffbgcq2lKLq9y+9NXOWeWsXq8EUhEiYbQKmfX\/9dRigHnun4zLndDJu5zSsmeUVaEbvndeVBa6x6ViYQ+\/j7Jv+ay10+UThYxTVk6bMzS4\/e9cIDuGNl\/tlXw\/VByVAehnwexjLIDbqLe0o\/ulBoBezacS+bVJVl\/qcPnLzTmv\/t1pYavc1wJcUbGEACUWFEVd66gcvbSIdXdJZOzujiIL5qwGlpC2\/Oos+lm4QZ4NlZJXjpu2eOvYSeLy7nYdhkW6OxMWH7gg1QsBShJstuq7\/Cv8rGarQQzR5wkYwkDSAgi7jmw6xmRmIh9nSSBvkN7IOpLRNm6CG5dtwPK5wsVdFChzMQ1Xe5qnCDjgH23V\/6dkEWKRStOmkDV+W6OurIWWrx2k11YGrfacRwguGKLeaAoqqsz5ZhI3gMuvFdR8WTQTeUFZxsszJYQJNd2T+YFD+YW9jI9AwRcJNQd93GvwNE\/JfT2pK\/SfxNW6tiPAeMgtrUgGD6D\/YVblcqw1K9WfOg5jwRedzlZsnPFG6r6Qi4YoS\/lEReRppLzgGvRuH\/4ZXDP2vhwLSxRkxCiYjEUFExWFfUZ1sdPNuIib1ZQNCm3Y3sMauzt+\/SrZ7y0XfnKQeU+awL6Iri+LoC7xLq\/9KRzIJRAC\/vtua3wR1O8vVQQv3uWcYYo\/1Ao5CSjiN5ykZV2fUBr2j5jotYtC3X8zNX2w6fzQ+aVEVFUutbiJxyMIGC2M9ANZlIpBo4j2yF1W\/dCjo+AJqC33VmRHNMNkhhqbM8jT9j8cGZ4x2LCjbrVdB68RxIUG\/q6NjKpgwNTIsg4+Etuml2iGNYFlrQziEpTUpBsp35CrIo8saFaDPSTdh0bz8TQ9ixgDVRy1rVx+BsfNJHg8r\/5OEURg3s2pCcmpHzANy5\/Rxyl\/FUSgXMUURZfX6mKKJGU41ga+luJEQP6dyHLc5SD2hd7XCkSwcAbvOeVHsjvbtoDiul62usu7eFulvXcMJXXnru97Ylb99dA6gmPA2M0Eb7nRyFnQ2OMzvOXtEixYFG\/Vmc0gT5ptQQCuXj7\/\/2sBc+4Nu1pNIx9lCv\/CnCqPlaVzfM299fwfZPsBbbCWAvsr+bNYIqX0Z+TfZYc+7ywmxuqmkL7yWq77e8LVdE9x6tNI\/b4gIfyUh6Aqoj+yA4YY8r+aCv6j1vA86n53X1AB+ANDsTfsWgdZf6Q7uXQrjpVMzg5Ge7eX7nDQ\/OoMWWpm8ZEERwErEYbmQP2PBIOJbnjjNYH\/5dX9467ZFofW+09t8V2PzqqZalKFKifLsRxYT\/kx7PsGR1\/1GS6vhdYMGR5lJqOR+al20MyJVE94VibiQiNKAblcEH72nM6yRC6jLt+AAAP7+nIHQ4TvBQO5QsM2AYtm+xFdEtR8IHjtpDaudXn6qIv2GBEbDQzXvbM+w72XEU0cjieT2RBwht5qI3Kj4CQIBYzwtoyRaWkT+AhIKz5g5UK7mfOuFHaMQB5417L8ANTcfxwTRzOf\/kOROzFgf0o72IDtTTGEoyyRFE8vt8R5fTrVHX6G+Dc+ntpSpJE\/Mv9aFI8H4ATG7dyYWOfleMi3jdnXPA8tmM4j\/1PgrDiWJpr+0jbM5Ror1xpDPJ4zU9BPhHTJtuQZXon4kFCewvspH74AyPScJkqdXIZnutmw5HQbYlNv9lbrCRueSwGJcomQO\/K96pabDBP6EAJVmK0fzO5njAufMkVRhmGoLSLnwwTG2okKXL+UQKYSKxiJWXMyJJCRTzTaPKsWjQid6bsUIrWSeFqBIy6L6WvivabOZyEeE+fdTSN+pKTKhfJfFEPOanZsJliwU5pUKtCIsP3C7L4+8YN7rERn\/l8yNSm+jVmWC3C9kHw7WWLY\/AdqyQGkwk6lEjuUmFDwTQS\/hBGRf5A5ko0QreI1kXR7VLG\/HsDuOoNVJMjYyBwpzCx1GCTBGTuDCUD1R6RlEoi+yTIYDan4SBSXrMufimN5ceAFvifftn8WTGJ8TOILB8B2\/PwAGZPvTCLOAtIOFOKaypgoQ9Y8mZ6VJ7OaPQI6jW4ANKGl9QwhqNXZNAwX6z5b\/eUl3sQ6Y37z9LA8UgCAL8DRVF0WJyMSqKo5y7tfj7BXzWKaS7kLzzlLCXF3tpsedOzFQjvGFoD0CMB8s6BjY\/sGox4yhw+A6dZtlsmT5CaR4VfmhEAyLtbb5kxwM\/IZW6FMmo\/DxpSd\/FKucAf+CQg9RWPZiL6YFODCNgMCtkdUym5ywC5aFBzDH1CUtx1MIzvfCeb3n9GDanC32aGGnh3ulLEheKuesv2H8\/vPogn39HthzLT0RIc2sPDczyjhxLZlv3qodpTy1hw0DmMKSvrTb77l0tmH24mtYHSsG6\/KMVUMlJXcZeVFQ6tYzEZZLnazq8\/hIaRQv9tGDw27SZDyFkuN83OsYEcUSioSd5K235YXbELuhAHFC1EWAh80JkgkTJ4yngWucqcFSx3TQivnsC5HEFqDsgK+NR2o0rjT36E3S8QnctiZQXB63HHuI7AV+Yh1F0asEwt9UhGF2QmKFYlCveT\/6aZJRKUodaybeXv+i+z5BqK4H3feywIQFW7qDsUsBJV4tugXIrowNqN81hZq3sLfFl3e2SS8gfGYtP7nPp7723Qey\/p3JQ0CJWFgngYhJol\/642C0jtHowfLJoe\/kHOYdngOQcnXLsvsxUPH\/RIrqzJxIf9exyj+q+C2XA2gKL5secOyW+f3JDK8wv++nacvtygi5iKjRdzEYQVEqJ9Xsgu7KAjboK54lS2WyHzvKh6fc3tFNvbnqUWKQaVBsG4qeSA9S0oHw9DtmGk50e4NZzAF1PlsawVUKqxuGeZzqeNfe7Na6LCPki6UMMJZZcW2TFHn+Ezx0SBWPxVMMmvG0A\/C12hINJn6c4Q\/81clOJcTbPVXj2Hw1MU0NiSt54VcEEtArthNBv5\/yThuZsICblftuYiIWa3G6UX3SHDc41HQXHXnQ8mBo7VkZ76XZ9jtoZdNn+94eLZyfFbgedbBaKaWa7mmCe8iMB0qEMIuE7fmx8aT2DYMW2EG1IFRH47aSxIAXIYT0\/nXzQmr0A09KBnmusmRV171NyeRPLR7jYhbQ0K3OAKNTZEpgQKQb\/d0PgxPq03gHpX8ehCNQ87WzffHvfxY+JkCfMxNp9KMuoOdCeq57x1PngVoJcar+B4OKlbtSQBdU28f5VIZKeD1Nf2y3QB05h+aQnrIXqiIt00sLD5lBrDRrpHenFyM6+Xq7Qboibx62gfBsMCflXqCBvt65W+wZrI4VvmkJiedFUCJwh4STZH1RUrJs8OsNNddojXi8F1eMl2QOJCAcq8Q\/DK4bACwHuY8ze2mxfObKbhksPu2dYeyihmCAGCpxRT3aDku5pXAsRWn\/dkwY4\/oTIno5pJBjkQFfZzT32+0EEmi\/w1HUiRqoPADoLHgXUdJKylGMhovyATxwpCLE7f50fPnRwWEeSfTT9TpD\/9ODK4aUOxv4xIvksWsnA7oCtCZ3sjeEXpMYTcMY8ZzQWLU45CrilMMzhPTfmZcsEstYGXHK1gL3ILIS6Gcuh9CF1J4CWzPa2qORnwC\/8RPXQ6kBpKS1UnDFgy7T9HQtaQl2VlhTgGyVjb42TLPE3+fLqbK846j6hsIkLSngyUrPCmu7c9me0HaQrqgHfmQF4UUApaMwv\/GgJJl+cx7evcl8\/rhyqcXij\/QdCEAXLZlHixw5r9wA57K3t\/Yo+eKOs0r9AS\/H7Fh7\/s9C4m+qFYoSi7kDZY0zsl0X2QgvcwD2UKRGLyQOeiGSa4ZKid6N8XaYo5kB7EMG8xqbpSgkQcECPZp7k2Zy567DyktrRUpmJEh6JT34D3OxSZQM6SaN+0z7DDioguybNJ40pEZ3jiBMF+gJ8URBJ\/ftVAQlbgbCjaO0T7LRs8F1mpvun4QaMBvg49UuxN7gveG2a7wWEaZ+Fj5pzcz1sPD0fONU6knhWAjvdEgRkW8vAvDIAB35s2SJNOHHQ67roic4IITKETTypxwD+IS3dcJrkb7atKxqveIbuU7270B35Ck31KLvgOqGoLIHLhflQSOfy5XqvOaP\/2Xkb8BpAJnGai5F2\/A8PiGnPQebyqTms4xMNSazjWyqBCXTV4pND\/+FrIfwEjs9\/KKYJLkrqhznLQPIEC8Qi\/j9nITVtHlZ197ZtLCu0Sp38d+HgT\/otqmudSVFjR6eSkrcj9DD+am54fzh\/L0km6eVJdgG58nLSrVwtDFEPiuG2HIhU112qeDSfZ9pdGc5TzsOhHkw9I+KvUzF22N+cBQdaL2bBj8TTyVTGx7p+0XVAe0PmFWpOdWSI6nNBZn6ov2GwU0Cp1u+wjkjVWWmtUJ3ZDoBrZsX0soHKnsR6FmoG1k12pf08gLi+P2yZzyjnY2Sh4mGCbqftWUN3jy4D\/fldGHVsHxbbjMO3f2AcMAnKMEMajJY69TFi\/aoANZ2rzyvmxQ7vwkn1NZCBgelEw0Aqs80jI\/Td748QJhEiBZjJrR\/ia+uMExEP4Sn3\/6WJk77NEm+E9E+NJWu9kJN5uIOeR6rnkxB9gcUQ1Wit89oYqlq5P\/i1vhq++SgcQoQysIRSzVnuHDOhYzvGl2SELWowCwiUcUid3jAf\/QktjEElj9gdYrlOy\/60Mkq49au2GwJn0aX2ls9B5SJtI1yFsHQwl8ojPGnMjnqbWEFlqhjKeR8JHXk2CfjlLyUw7OdbggGGmqvJ+cBoUOq1Yqaz925JPQnd3BJd8D0wFQVYpA4nANOcwbX4\/5lLCMnSXbYh1131K1UIUWZ5csMgOaPUE2R3XgkyF\/i\/sFRRKFr2wsXW2ktx5h103+qNvPB3aYJ3JNbWpfE7KVm38Dn4DuXsRycfALFM1KdNh+CBt+sgwow5wm3d8ZvbjdkbpuX7IgjPTxea0NZUnoZ4vku3VQ57C+O4ykGOuZWpu7koeu2EUtECHc1nN6rAvRY7q05hvXAHDubrpmgVt36NaHwe\/b7cC1kd1TIKGmy5qCC2JPN\/n9yICoSAw5WILuy926qKr+8tWzPxUGwrWvLz8G+T8cLwaQu\/JNzpAd\/YpuCvedUB3AU3MDsi81QJyMLyFchRV5BA0\/IJNV3tzKviPlUGsxSsn9s7LCazpA+5zU9uVH\/RUsDT6o92NfA+5E5njVIwhy+1TLqo7W5pNXJlgJ34UqsvihEbjSfQXUDPEHNZx0xjbthoMlgu6LLtrC1JvPCRTWoqspNArUDmywElGa6wA6U7yAQKSI+1+n6EIdkOrrn4TcG1yOkGN2CPsLvThz+qa+YLsHA9BlYs9ryT7A8jsKt\/shl0yCvLHe0qpV2E+jT0+Dc8xe4pDCrj6dnS0VaELO0gG5RPYC7WuiaNk9wJnV\/FgbkbucJyleUdaEGuv7+A7Q2c0CgaoRytHFXokhn2LEyHEXEM\/gudHUbBQhkQckW8xVn0P9RmrR3AGibbLz5g3Rx2S43FJotVtYTxqCbZbHnb6ENymJVHebdEynA1jQTGefZHIaAoTtxUv3Jtbo0cCgEqlo012Ovr\/VZqOwlqjJO56Iz6KhqRcsjNZlfNFo7H2DCMRaiW6H1YssRggF3YoXxzIqAAmsFPm0Tz9DfIlzQWp6LU31+sDbUUdJAl4UILnzN6mSMQ+1BByzNdfCPMZ18bqDv\/geXLDG8XIBpLcxF4d12EVboIA\/KsmyH1ThpQ4KWjKusc83uwUmk+MBRHV78mQd3QmyNcakjHJgaBGB\/P7SLuMVvhbWweXPvvAWdU8oVbbkamh5URqTSoxDDAu0sl\/43gDoXHPdEoLQb9NM7RbStJNkVIb9Ue7puG\/+buhrX\/cKz0OEYSU38\/SZihqwdenQvnXvJjLhdBat9WU\/AuYGmDm3zL762yKkK7b7wZ6C2useRGls0VbuizoKECiaFT+0QLoWS5TQEpHH5ZbWoZG8nwEYxKwLFymczzAl9yPaILkrQ3MFUxq9fF5yQnAHFDF6BWvOznLHlVjlBIqBL7k5VyeXCI8U+abzQ8\/I3QqEvfPGzbqYyY3Ra4UiTdeJ1E6poOvhe7rnTCGYJZEm1QsCF1fGcqhjt8CW1M88EI\/Nd8bXqUfeAEWsgDr9T3RlkVa6S+2cfXvMxazx3NgCCippvkBntLeyWN4Rsbfa2dGWH6p\/sIRyETdfFPghNPUJmS+WLYqEvsKhf4zeAZdqHp\/O42WhF3Mwfw2xv9F792Jqx7EbJaWZ+rHDjn2RvOUHEM3Sf0P6sI4R8mY\/c+s+l5vJPArja9m+S0Kdyf2iVG1AcOgJp12QyNE92NcsCzLUZcGF0pwslb6eVJq\/v2PTJC20heGuZy+xjI+J\/ovtZFw08StZx5CsCaEt\/LS4IBNXHTNTtGlhIwm7ZpRZd3Szy11BsOpygejjgJB9BKhAOGlvr7crq2wU5n\/MYmkn\/vhe+nOvYyNJhSHpNk3u+YqNBrFLA3WNuXZEoyZEJDnWe+ziiEE31ORKWJBXje+d8OPXj078xfPDLtoOPOQQrblpn2hUwm6CMGdkbGdMQp+DMP\/sFyi1jmSckihewhcC7Nv79YBsEc2Iv60Cu2MRICWJbJ6MXo7T2pLcDsA\/x46g9w+C+xF6dOZoL1QI3UnS05c6dJR\/mccvDP2lJVZ66QU\/ctV3FCFdxg3WcLpfSgTvUnENyw0q9i73\/01kbo8JWDzgL4\/X8U+Dd3ZRgdS29t5Q14z6lRQH0wAoI+57UXSqcIbgmUS0UGnN+zSmLOYP6CEq5fmULxvzU7GoaenmjQiHwBGes8Vg8TZ5A+IuiXNNUfpF+1yXh+B6jN4\/NQExo7KrMOiGdQTkCtXa1yUL60uEM3yACkJaV8GohN7qKR\/f8yOP\/6xWFKKWN86EGYm0S\/Mw7BexrZN82HD08LjRdze2QAa2OLCzPpkhuOvEIiYxhltucp5qxmH+\/yLZfc2tvcmRlXbi85KJcR\/umGPwsYesV\/WwY\/KSwJMm5ogF6ielDgCcOEawwPUXuuphcq4bxQpsq7pTQ3Lqo1g\/7nKS2+V\/0bOeSq9OYq73tHtNqPEVRoOXrbg8MwJUiA3cjizABC5kBvu0QjZxP8XZ3kP0fCZTnh++sO7Mjzxk\/VE0mqmBNJllb+mJx8yyxlXUs2Cdh65wxgZC5NDg8Xk1DxjMpil0VNYT5n5WNUPhEMjNZDdSiaOyQlV6ha7sk8DdnGBvC2qu0+kAunwlNI7UwuyQYN44="} +04453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":1654385145219802,"flow_dst_last_pkt_time":1654385145429022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385145429022,"pkt":"nLbQ0+MztKXvZygQCABFAAt07y1AADYG8DsOiIhswKgCfgBQwMpxJhtWGitp74AQAHplgQAAAQEICpoJHgAeulLZben9v\/bq6yon6JTLP5FkmDkorQFkjd2G0AuPjcRgr18sMUsmEUUMIgYcYLjYwMkQ9eWWg0MzvVB+uD3GSG\/T9WV5s5rCeMUZvIs9DsPsQgLAJ2jjU8LlBanK9b56JomwJCvHOV9K4luR2JRZd4yRaLCosJj2FkhJNvELyC9ROgvCpXfrh56UQNjFJbqK20FOWYq\/v58hegfztcN6fmbiLEWHg4n1oVnZVijUvGMmKEMFcEQKsaoFWXLYziP0FGVYAAFn4a4eueJartDnEe4jv8Ft6mRjp\/EE4CKvj8p9AXFhFmTUX\/TD0HQTaUtz+OpZCHyhZgKzI1+NJWBeJX4v8d0IHUKQvftUwzEnhRUVpZKn7iCY4P0ighqsHd3kxLvYepV+Zkl0v4jMrpisZsoDfbGJfsDKn3cuCJBaecJdYetaFdvPDlaZcJTN9UNfBjAKfRJtstusILV5codiV418oVD9umjahWBEcjFkSvyTtcnyA0gEXdUiKugIJlepqROsKmBXpEf0OjSlcgkspRAELS+GXt6xg2WhU7nIvc\/rs8LgSu+OJJNBQ300ltgVaqu1Famu\/G4yepbPdpTiAaeZoe7zg5n\/z\/mtCgFwlyCa74ETFz+qOp43nSEXH8FX1LStuQqH6Q3F\/ZtB602dukn5i+S4RwR3TDdny9LDDEOCNcLOZbIe8J3VCSrfogMdOL5UVQapfiemOZsonpUIGLTHoWCmbWR+W5nwRPRavFkm+DP4OzdEHkjmC5jMBDLkZ\/byUAwkwBoUyF0SGp\/KaH4Yh+U8DEiALA1xJfflCFoLurZMqgEsC+cuZSOaD0H7f\/xLq34BGCR4GpSwU3KWFL6yqQoie2oDPz9nVDJ\/rk\/M3sKGV+qR\/n+zoBhc8taRM9Sc+aaQuh7M8RijdSoQCWZ2wA2JbGWgxOdIpYHpBzTKMr\/R4jJRMrzj7m79F8n9hlieBUTsvbZjfpgtixTK09PT7\/SHxOgKmohndJMdlbFyoG6aQd1Y0+T1GlzEENo0dtsGrfznr0b2R+0V5zmuFmELVrBrmEDegUa3K2+agtIm7yGvY3S2WbCCX1JI+2jSuumZY32b+m1\/PA\/CIbTd5ly7aup7PIfst6KNnBdAop8pJGtF7hzO30YVJqgRdcl5heWfSWRZOfegxS54gn4erhlNcKhLazq54Yy\/Dq+vPi4Sy0xTwbSqEmyvji8kc\/Saqb+NtY\/IDNGmj6w26PYH2UKxeDgbx7FOf9w0hRaxiOGUnnd+3Fptv5W3z4Bcjqy9AgR3xo+ed0mkNK1ANErSEzXoahdq94QJFeaFD9HcpkcZM1RVM6H1zqRSkd6K5HVFy7Ii\/kGd7FTdurUsF1Sc06BLzGEXRomTjbak6n2hBjPF2h7MPY8qp6kmAouN3bkwWeLuce\/AvpRayjHKpAuIApk71+PdV0aTa13enshGCt2rUwJ1SyDQQixHiMSZ2EyEzJxfw3GC2a8v2uP5oG3dFxWXy1FFn0wr+JRQrifVzPWWbD5lWUp3mrgXrdVsrMqHpRT2P\/U3xfP3UCMOcw2Zd3kFWvk2KqXTqLj2vqSfy3AV\/to\/jykBfr6fe0kIH8s0wkZcBLpBUf0FGztqiAiTmB3XwjefEPzVvYkfQL0XhcXHGWW2MyHJYSWutSknUPRFGxNC4KKSwUw6YCYSfM1Q7WvWO7WzQVywSR1oWGsEw\/26bMPftkLzGGUdEjxRIcru2b\/9e6wECzukgIcwHDhq8UozQg1WaVh6Bubm0jdeQlqhdVoANjwHAg6nG\/y462N3c8JJqIspgJDAdJjaQsy3CNDpLQaTyGknU6NO5oTux5kDFVkgWyfaWZBua+8icNGc+9OWBN2m4nfW12Mgbc0Diyn6a4OR3QI6uJF9O28AVihuWCBuMmoXyuywbFhuSs2kxt4y9eEbyK3MEkQmQYeFl7MbEO4kCsHdfEt2xXaXAY\/rFU6PSWIaNK1agNzSoQiF7+jeFFtp\/v76058Pg6Y1YuedLaaTmyBQVDkQ1wmcoXcTD9VBgkovLv1Nw8AJHr1yz6XjkfBePidmQNzRXawhxL+jYoxjpJHHEAmQ8hzkeL6LZ+LUPXcD1nMbRb6WUxlYnL4AQeQFVkAPUfBoNCkcRcE9veQXIcjLwkBtoAeSy\/wK3OZS73vESSlakWqK0P7bsQwjOVUkdDQtyPIOzLr83nWK+kG9lLpJJVaZmuGSlicsuKSW3UVgOwYHTgGL0LqC9v8+N3ky54qsRfDAfSrjN\/sKDjHMYwmZ+4gh7KwvCSIqfvQKwwLBsWTQN0QuHRr3FUwODQB1h08Lmkan5qM37FF5YCGjKSkUn5r0TJ4jCJgfP1m\/8851fKWS7T0ahPOv1jTngYgeN8N4sisDKu7Ks4awnfeECOYSUer5JGvuwEgfevfGesBlmfdQQevPe96bmkqL1u4AcLE+Amvz\/PEsNssZft8ai2WkGX5J7ZIKS8eUC9fgLKdm8yH9U9eWVFVw2p+U0rW7XTWs7M\/4HOrC90XYC\/Dkudt+RvjyemxYv5aXiFIjajgghwAUMMccAoaZkKz2ubxV1mLV65I5GK8RDbs9CgnUsKwfGV3khv74W8yF2Lqo5LQlDBbZkN6VmtG0KRckGB5LE4dBCfcdxlnaa1NpO7vxJ6KY8fhCB\/9pDhDjNQIE49r9x39vD+AlrIbhr8nVtCGCWGL0eV6r197mIMgs7UkQJcCbjo80OhvChZFRnFB+Mc0Kmscfw4YH\/yZdU0lAH8m0AmD3ShxfGNi7PZNP1tjByk2zXhrUmO75wl9tkMPf0X0TqGs0sVl4WB3B2eY7EtyAf2f+Yd+JQjNl3X8VQaEOEPTiGSIFhfkOH\/XG0oK107G9lDfMtUT5N\/oDQRBL43bO6VgTiKPL+CBE7QN29y+GeYW\/iMG\/S6KqyH0Hd16h4uqF6s1yDKEtm0OqeeA2VXB4jCFb0l306FamJb6\/JvO5rN0wKQkua7H2t06dkBBgDJo6H00MHrmCitAudnEYpYPnT9brC\/ynQy3aRgf6UtFP9ddv3SaSBRlEQ8\/4DooLlBUsYHSgcs6m9OMxiXvwy\/it+M7ZVPttviF1NfL7ZuXt6fpf53JzLU8QYVXsNI69OoaL1ZWKugOKVjkKoIBRJ8Wt4QFQfaoU2CVuCOxtLThhcPpR\/aWg5gR7iT1L5+mDVze\/8c0QlMSEkYUk9S2GniAbi6HZHPKW4qFVRHyOq6N1u\/E46Lv+fN1pRFgmfzgYm\/v\/O+WjatzmbJh9Yh3t9UINl0GOHUzF5fEnUvMW1yBKkgnr856IjSgiFZyFbWE\/c5q9XlEomQoRI0aTdkv2ur3DyrxmW6BJzFIUtMUamSMiutYlUeNTzzqiTL4mw7THEaMvPQKfL775O6JvHlJtNeM9tBhAgYBcDBHZmEsZL\/YypKd6elbwG5MlIF\/fPHB\/UVZMKuOybAZnk3QPQlu8CE3kFgLSoFjF5nd9eP5eZP9hNGuIHo16MROg5DHbhUxv9w\/+cllKN1M3RgSQGgcOhRU+I6uyDYPd4oAB8zc\/Mj0zFflvoKHbOTdVnI2Q0YW6u0MthRQEX\/QpCLD4ISFWFAPKW98b813\/nszgL1oIztPSrIN0gpUz9ejqv\/WR6mXgz6m0ka\/PrP33BgyFlUj4E46YAf8eouVc2D6C6Rtbk93pXQOhsFJKwgGy+slYnPfLGWkwtOaeyBRVBUoEOJyV2VnbHtvhx\/4GpofXalV5NYp5d1aGqTOSYC5zQ5zILPnosq6SNXGCLDfP+1FoqWDdb\/+Z6QhOSQQaP9Phpjq\/H88wKeYdcAtDNJMDQHdon5cK6sY\/Qe7qkpZ5N+NGVi1k"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146253018,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_usec":1654385146253018,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2XepAAEAGgL3AqAJ+DoiIbMDcAFBGVaTIJYHQDIAYAfZcQwAAAQEICh66VuKaCSE3R0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2FlYzAwYjFkYmRmNjc4ZWU4ZDJiODlkZjNmZGJkMDU5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146253018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146253018,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/aec00b1dbdf678ee8d2b89df3fdbd059.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1350,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146263001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_usec":1654385146263001,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2wylAAEAGG37AqAJ+DoiIbMDaAFBc\/ojalzQeJIAYAfZcQwAAAQEICh66VuyaCSFBR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2IwNTdmNWNkOGZlMDEzZDIyOTliNTdmMTRmYWE1ZmE5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1350,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146263001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146263001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/b057f5cd8fe013d2299b57f14faa5fa9.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1351,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276743,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1351,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_usec":1654385146276743,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2qplAAEAGNA7AqAJ+DoiIbMDkAFAiak7sb7SjVIAYAfZcQwAAAQEICh66VvqaCSFMR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2YwNTA3NDI1NmIzOTU3MmFkODUyYzFjOTVlYjVmOGE3LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1351,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146276743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276743,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276790,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1654385146276790,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCh4dAAEAGVxTAqAJ+DoiIbMEEAFCZqr96liGslYAYAfZcTwAAAQEICh66VvqaCSFOR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzEzYWViODFhNDdlNzYzMmNjZGYxYWVmZWUxOWVhNjVlLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146276790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146276790,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1353,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146284849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_usec":1654385146284849,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCVPtAAEAGiaDAqAJ+DoiIbMD0AFBFStvgIItD4oAYAfZcTwAAAQEICh66VwKaCSFYR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzAwZGQ2YmZlNzUwYzAyYzhkMTBkNzExMmQxNDNmMzIyLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1353,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146284849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":526,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385146284849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com","domainame":"hkbn.content.1kxun.com","http": {"url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146458654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1654385146458654,"pkt":"nLbQ0+MztKXvZygQCABFAAFR8fdAADYG95QOiIhswKgCfgBQwNwlgdAMRlWmyoAYAHrh2AAAAQEICpoJIgUeulbiSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNDU0MjYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhjZTAyMDA1YjJiYjVmYzc5Nzk1NTc1NmIwM2EzMTk2OTI2ZTc5OTYNCg0K"} +02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146460775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146460775,"pkt":"nLbQ0+MztKXvZygQCABFAAXU8fhAADYG8xAOiIhswKgCfgBQwNwlgdEpRlWmyoAQAHoGUwAAAQEICpoJIgUeulbi\/9j\/4AAQSkZJRgABAQAAAQABAAD\/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL\/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL\/wgARCAI6AbIDASIAAhEBAxEB\/8QAGwAAAgMBAQEAAAAAAAAAAAAAAAMBAgQFBgf\/xAAaAQADAQEBAQAAAAAAAAAAAAAAAQIDBAUG\/9oADAMBAAIQAxAAAAH20E27BKcXAViJSJBAEhBIEEgQTAAAAASAAAAAAAAAEBIQABEwAAAAyCYGXpdICAoRFNwtkoAAADMSVVpqBeaXSmYkJglIAAAAAAAAiQIAAACQAAAAAAAImAAAgAABsACAAi1YGypYShsBVi2AAJAAJku6gAIJgVglBICAAAAAAAAAAgAAAcgCAAAAAAAAgAZEwAAwCBkTAAAXiRKCQIiasYAkAAq1B1ciQkiUiQCQBAAAAAABHBH348TWtPcnj9iXpIw7lmTAEkASEBIAEEBMEDkiQAGETA4JhhEwNkrvMyAKKMAraoOxAJQSXF5kmJICQBSRIAAAQArL5Z36Hy8UrVkpqnoEMlN24W0\/TdLxXUM\/QCrTncBkkCArYAAK2i4AAilwFgOiJhsYu6VgFIAAAFSQdLxISRIiJAgAYRIAAhDvOu+bnfmvalJnNLC0l73E50VemP06LGdLmaDHTMFRNYhVM0AZFAGXWwkAEABQtI6xcEsut0yVXSsQCkqAANzMSkAAABAAQEDkgDJx9ua+jJze9zsq519KVKk70Bo0q68vDsTtTZsyJvLSitdH1LZdyzXVoJJaiqSJCzU3aYRJESQEgABATS9BzathAAUtIAABS8BJEgAARMBWsVm2Cl5vi51ZuvXsZs6OeujmqhJl8+0EdHLzxdsy0Vb6VRS06eXq3XR3cdyXUbyHzPQSWUMtFiIrcCs1sOYkEEASRQL0IKm6wGi2EgAAAAABEgABEAmjO859smtLOd8Tgex8t2Oin66M1LXQ7fRjVuNtYGKurTNb+DdjWXdk6+tS1kiH00KJvS7yU9Kh7SkTM2rcABorMIraYHUuAuGwOrKWFIDQAERMBYACllywqK0VJ59Zipkq+V9Hy9aw9Hg9zdc\/cnWFc3cuLjdXXLha9EVOLVtTFchtdlbVcqHLWKq52JSM0rpWk1y2ZpjEtM5iQUQKG6c8g8iWgAAAKlqp2AaAEAAVVaYqqyiay9I3lWnm4Y35dF6Y85kG\/V1nZ7D7LaNvJ1IkmIlI9QzKHP6GbU7vlalCmMzFWOe51pbldoty\/PRz8nrZRY1dKm1Nc2rM3MQsvS9LjMCGpAAiRFCwnIQKaTWXF8T875PN9BzFzu6eZuWxOc59mY9nzek7Z5Pf62Xsehg6OO+jdzdTjUp81mi12p05QmtHQvzFHouj571riMHUiJ8L6LozpfMs6ueuO\/RRyZ6KL14WuSvTjpztX0XOhLRXuBkRMBJEgRMIAAirKjOb0M0JDVO4OpiNGYiZglr5mPwnXHtfEev5\/ZHFZW+uXa9X8899ydeyVsmk78yrO3l4TKizC12uvRaRl6VHrOVO5SOrWrSedn043vszp6EMqhvltiTjdHL3bZt\/bqW52up1zUUWiLAABEgAAAhvmonZbkXjLqP4PoODsrMmzeWjuyfhnx7fI9f4\/ezkJ9r5O4zd\/hQV73fxup5fdptTJtz8HteD9h1PoRJVM3YcBHpb5daxVj6VVVGHFaTqwdA6cet2ZnUwQ2Y5ufqomNbsuvTNkRZKbiE9FkXBgAokoFgAXz+qJebyeiwxlye4\/NehpQ96Oz05uW3ksvs\/"} +06378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":4,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146460775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4386,"pkt_l4_len":4352,"thread_ts_usec":1654385146460775,"pkt":"nLbQ0+MztKXvZygQCABFABEU8ftAADYG580OiIhswKgCfgBQwNwlgeIJRlWmyoAQAHprIQAAAQEICpoJIgUeulbizvWh8Wahdkv8Z7aPNX45iLkQMYD9w59o+4fE6tPJWMm\/Sk9LjM\/Tr8eLtEnW9Mqg30PSVZfDL3Ac\/Sbt2n\/pR+MdJiAQCCYmdsBz9ke4fc\/Rn9dvbMYOoTbdt5pZBzKfDL1ppTY1AErZ6oz7ouCXrARrtqoLP4xU4RNqgTaRFYNMcA2Y0+MByCYPt49\/n2Hh+jM7TmZjTUNuuoP1H\/NV0OOj3ctDpL7G0+hO\/wDiitts2YI0yZdfple4bxwQ7o6QWQ9ZmZyFOG+DQe3OPu4x7DwPiHugMJlhKpfSF0+Sp3C2lht1H6A6Ku0csmY4HpMAxwWNfWATGIZvzD0IaMYDhmjjKeQPaevDcfsfv2ni\/HM5q5a6sPbdmOJRbynuHbX1A4BofPCv4WHbWo2TExkeC3bPnUO5IDlCcxetYtXf7CMhZuIO9YO37GfcBLblpnMVoRMTaJbS2bO2tai1Fnjl\/R0uHqr+lcPZictmYDAtIY343J8WtVINzvjciATmU1tU6PFOD+7rLN2\/lyt96M2wK2RD4XAh7oF3H+32zMTImrsBtXpNLa5cnaNwEzCJZ3T1HVf5tOpFVpr\/AI1jpzFpbcvDmIDumbIzBErbfLTOZtpF67qX3QDrqa25TaVxf\/H21suwzUJ2008tKu6tvx8zFVF\/PWw4XzwHQKMfcPaC2Xz1sCcy3SsG09XKrtnaeG6epaz+VfjM\/wCPROx0yrsn7W3HE7uF9nMsp\/HaOmoZ7BoEyFwVmevK2wLiX\/NBmEZBbKoCpA69vN0ibKH6tFEB3N9k8b7ipYZg8sMpWY5IffMjOr19Oklr\/wAmkrsYjoPGi1QSBtvEb6ompVuF1mxcYSj4XrZYoQFa0ARRgRgS8xNQIp2tCJX1UNsir3DVpFbcsCReh+5qa+ZVnBPj+qeX8BWA19PqbgqyNoKmC+qabY6fECAZdTti4mJ3QpvmoZqaqVnXmV9IPkRFHE63uRw6y7raRlK7JjcNpQq6iPYRWhBlXRPgrO9krO5AcjxPP2LHCKdbiPrgi1WLamGE3YCRANx6tNStL1aTn23V6eu1NRpW0eohM9PtcwdYmceI\/j1S0V0UHdpH+ak5c4WthYuODpvQ1sAihEPQGzdd\/wAjLtatsTtsFle2almerTtEfMCmwtYqH6bkTzPHvPQWWcx1yScYps5TjrCqrPMHRVlt61136yrVpdqXtHp2s5DX1fzJdQ+nslbPp7NPfXqlQOI3RbbVrGrsbUP6W2\/08\/HzavVK3ap6rkt4kA8NXfmH42fJ13L4gac3EKK8NREp27stZMIsArgxNxE3wEe505inRCW0chRGRrXQcmuDpH6K7hR6hZqb9XZXyWmm0ovGh9Qre7V0pfXbQ9XDwa\/UtQkp17ak6mg6isrkekoaqTGY7f8AktTuqPeHcT+Ss59Uu1I2f1XrXYO2txhlOTNxEGJucSvrYbCZyGaClBFRVi7TNghSB8Tz7tRWbE\/iYgrTT1GfGL0lluwtky6kamkqRKaUezU6jncNJrHvQVrydX6cqx6bKuHpzf5JOaFoW3VUDbe3Sx\/CHsxvR1IlWpSww1iOFC\/pPiFLQKF4MgcWI1RBWybXSb8lb+0c541dk5\/ZsBC3ETzCuZ1Q+7V\/Eagla3xAnW23lwdsxhutbeoV8ongcy7Gmo0uvt0sXVV6xtgCXaSl739MpRuXujV\/Q07i26z58l2dqrFao9SsOjK2DmLGd4h5rchCK6kWbpjiyhlevay3FZ2WBV2tX4hA5vLIhO6I2wzzB2t7CcBjmLiyohlI1J5Wju5PqGMS3LaUOttIVSllZpulDim4ksxOBjkem067U0ynXF6v\/a0MNFamop9T1d270MHn0pkwjpYsRtyuIKzm2uLSFZcgjbYF457pZXzAy4mGQ127mTxLEBYZSFQ4xKm4MMgHI43nM1j8vT6H\/wCvfpYOlvqymrX1W\/yNLScPom\/j6w5x6tXlOO3edZaLdR+j9P0wT0v\/AEfqLf5PplPJ0gGONglR2tZ+NVyu36mPqFeYp8qRMtNwj9IDkSysWBkKFBiJ4j\/ETGyMN65weFfx4\/I+pfi9OO70+3w\/5fWknot22z4P6uDXatgsD1b0r8ewjIstNonp\/wDobaP5XrWn+pdxtOInVrT2oMIMqzAll8w1AzBQB4sKYgsEDAllDh02CvxCMhG3BWyH+mWg8ReNzba1GJrO7T+kNG66eyeqru0lVnI1tvy1tfO9N9Jt5miaa2vleo+\/0450LVrXNIu1eN1m5kXYK13NwIyFgPErMdZaAVDAcLBlKuNqlbQ3X5IpgOVg4291v9HTmVenvyvUMQ9U1vX06346d+f6cnz0JNGu0er5uh1N3Ps9x6D0q3KajolA2pCwUWWNZFXEA6r7PM5azqIWMDZHBycNAcA+K+Nw6xTkv230fj9jHvcbaq\/l6kh03qW8OVHbqj\/8a\/w9FfdpC61LrU5fqZbA9xIALlz6VVL1zBZgFm4BMwjEEHAuBBaGm9iu5uT3YUsyCBs8N55rflxkK2R4YeI0sXYVPdb+XT\/D2NNR8avn\/wCQU5r9Mu5ukB+rrzy9Mfj6G31vUx\/mW3NfY3xU5X2ZxNpc7Qi+kIw0uzE3RUJgQDgbf8mbwITzChVVLhXRzgBsZeEsF7HL5gtyh2GqpTwBw5Pch6Q+bhmtT32dXVdq+w\/K78aD6mqoGp0unubSaro09YVmqByNLf8AxrHsax4eorPtxw0ejFgAgbfFQLxsfl1\/IUvvrxullg2tYSVgEwJtE2xq+vUHkgD5uOgjH6mcxTiZidbIPyV\/k47xwP5GG5UA5s9c0vJ1fputFcsRbV2PU\/s+Nvt09XOvQTUW5lS49msbMHip9jM+wZzBFEHAcSMxlinqI7ba\/wCtYDV7Cqc0CUcB+er48Hm0cCuTOWMz1DS\/y9IRgi1zHdrG9lo6Kdy+z05ctY21KxuvTxw8TfvtI68VMXiPY5gXbA3bYeYT5p+I\/Db86R0lY3PxQ5htwfd63o+TqK\/c3hTsb2elt32fGhe8eOGobFY6N59mcRGgPATMzGbaMssWoGcquOoS29drV+AMD5WqNqypdt\/BupLbLd1ZiEke3VaddVp3rai73EStsjj6Y+NZ+tMO3je+69hB4Iz7B5DlYpBhYrOaMkF4EUSzbtFnbHGZZ3UUdSegor4LfnUEZgOeDfO35RPf61ot6L4eK2fY\/R\/iQcjgxauyr1Cu8ULtXgzbFx08gcCPYpyABBAIODCKSIp6E93\/AA04VC0DAxnVA79\/8oKgIcRx0cbjtaZwfcRka7S\/wtXGXEV+No7fIRsHgy5GkTfq08cNfqEpSfuZ4GfuIYIJgNNrCEnbacuDhhujDAz9Pdy6a9zlTuOrUhiMhTldG5LwtiYDQ6ioEn6kz147+Gv0o1emHBkikrA4MYZUTErbj6fWDrBwJInqlnM1dGoNcVhYs88D4dxWmekWyB1nNWCzMPUAABh0rOUfy3hl3pWdkTovN7tQNjBXIpqNS4gbBbO04BrqWrg+pPOFymrmAQscAdV8T1jT8nV8CmYVIgYjh+op3Celj6446jR06karR2aQ1W8p85Wq1bUhltYsqq0fKnSdOCBYDPAHRYrEOXXe+coSsJBgIdn+ZAtRVCCAlp2vP3leGruKwSuuZCzqYqwDHD1Srm6BT7CojADhiKdpnpQgPsIyNZ6VKnNehrZqm02s5zM3t8T9raRN4KeapjtKh\/buiupjNteeJ4gyGmnfmafVEmwdGDdFXgvjj6noRprB4mJy5y5tAnQzERpptT\/FejU13AH26nR1apT6Uam6IvDMHEdYCZmVefC5zWMiNgvtm2Y6YmDObFw0LdOaZvMyZVitNZXkDLSuu5iNUsr+pB7NdTz9GPHFmxAu4gYjLngjZnWt6PVWWU6mu4b\/AG26RXllT1TdK\/kOHmcmzdyLDNpE8TIzjAn79wGD0M2wDrvEAxMqTfQ9UVrXFeoKx7bLJRaLa9wm4RnMBfOrr5Or4eIE9jpwzkQZU6PWalouoQwPN8yOJ0tLvZSxsGnsMGnUQDAIfLPcsW1LYRtYriDcsBU8fM8e\/cZmdI65l\/8AowcjBiKXbT1rW24ykLN6bjnd6smWz9h046fTcyBOhEztiaiyLqliXKZv6czC1LtTgQDCuZlxHRbRloOBGYM44kTwcEz4zM8TM6cM4mo6aQEEIpsKYrVchj3TZtC1hdd\/bX1c3Sj7LJKNHt4eA3SGfFQO1h1TeFHbKtQrjImeF1btBqLEO5bI3X2Do\/xbgDMQdsxNsYZ4Z4fu\/uRNLWAFUCwdEHXxZZ3M+0OLFj+L05WomfsU34i9IDiGKMn52QrkgYhqV4qKBy5tmXd1a9JzFsmzYNxYfrgPNg+pM8A3AeYRmFTw3dFm4MwUYU9XxMbD8oMAX5OoHnq59Vp2uJiBiJ599Gp2zOYZjAqXrsm3riDgTiYg6aiYmJj2Lhnf8hEzMwDdMzzPB481hKKeYrUBXGRMkxuvF1AiqCp09gfnIBq7HuoxwxOqwP76dQa4m1h+qxhcQ4UG2K2YSFhyTkswGLt+9h044hXtlfSxj3RuAbh4nzHUTOeDSjUCuq3UFw9zhP1iMYOofq7vD1RtM0s07OhXDzEAj0tWckTePdRqGpNTpcmPYsI7eYEgJBfxQvTExwUQzHXGTMTbmMs\/e7KcB3Dk5mybTEqckUtLNPvWs2rY3aMZgDJG8WnL1fizHcJXMQeaadkKBxdpykKTuWCwe30+q0vTcLOJxgPhRLl3V+WdcRD14M+074DmGY6sOnDGYyzcYDFG6Wds7t20QIKz5igROpHdHlY7YzKIMZNm6FJrP9Jw01ExCMQCajS7eBUGbWXjpdOdTqHrATX3DTrpPUFu4WdTWIOG3Ed+wgRSTM9G7wDMxTkeOBHEwr1z1p6InW0jE5Ygit3FSIPDdtli9EfbLHzxqWM3drjt0koq3kNgfvGeBmo0W6MSjZzx9KVatJW22i+433TSeovTOfTyauoHC8dFAzZVB0DKLHUMgIzEG5R0EPA9OJGYyRe2OuGz1xG8RbCsBAi91hjV8NpM2TwNs9UbCVVm18YiwDtA6ERR1PnUaVNSuo0tmmYWSsc17k21eo37NLx9P0Zuor01la7bpusB5oijoDkQrmE7oQBE+PsI4NPEHysgZoPOY3he9ugGMkDEr6u9i1Eaupi2rXPiDzNc\/M1ddXKTEUZMEMxxZFddb6e2nnple\/WK2\/U+oXrZq+OhXl08HBK1Wbw1UrfuhaE5a0CxdNa8Fk3iZzxbgeB7lUMp5gm6YDT8ZZgYOkdulU1DG28hgKEa2AYmRM4FCZboJ+gMFfZjMxjhjomlXTlyatOepDlYHBmnTmaio4s428yrUaewOLqy0Fm5SOmYW62nl2rrK7OCDi122yZ4eITsgtDTsldzUMCHXlrCqCNYFFmpDAU7oK1nxXBYDCxhuGoTltnedrFa9OWTlqJtOBiYxFhOfZZUlyar0ZljKVM9KG5pW+9eDoHUhtPbXctgsrO5MWjlyyoAModSuDpdQXbdOsus5de7mLW5wH3QbsKygWIWXmbZvlhG3S6nlTuZH1RjNuNFXVfx\/t9xm7co6LX8HUOK9O4sZtkrbKpjGcWWec59mZmbxnV3mmvUMtyWaYiaCz+PVFbaQdw4OgdeXynV7EVnrJrbfXHXa16ZOjXlzf3WqFh769Tp9grOXSnAa0gjOd3dbVunJMHpzSrRV1l7FrFm13xBYyselZOUDsJvVoF3TxA2"} +04434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1357,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":5,"flow_src_last_pkt_time":1654385146253018,"flow_dst_last_pkt_time":1654385146460775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385146460775,"pkt":"nLbQ0+MztKXvZygQCABFAAt08flAADYG7W8OiIhswKgCfgBQwNwlgdbJRlWmyoAQAHplgQAAAQEICpoJIgUeulbiGbYo3xap9L0fnfplXDzfUfKOfNdfnoqfWs4XruTp+e+rwd3ozvNlHTpzm0nm9fmWF1HZSYrw+rzXto63K7JK1bpM+MdbkmkvRI3bOTsfO29YRrqhIb1p3Bm01QLURJMEgAAHM6PFWitnMUr7dM\/loPRtXTj6J5\/VZefz6jlenw062RE30vSeF6kv6L53zfXmtWzF0mHP5Wd16mde5XwdPU56q\/H7kXHMzehzKeN1E6431tS58t5kcxSbD89PZ4z6NkczYn13Jcc3LnRRaovpyVXTMutYIeuwWAEABh43S4h0328zocbT5T1XHa7r\/M+hiud1OF6Fz5\/z3u\/n3Vi0Dpwr0MAnHS5utUj2XjvZB5fvcb2C27FrRnkY9mQvn7ebse+mr1Tjl1K0lZ3uS4aIkLOrQlyS7OLHb5j06Ls+ic1Ufz3TrWzOqdPldMLJcuc2ANGfRiVV896DjHRy+v5T1uCz5nxjfjfovzL6D0YKx9rxud+38L6Lz9xjgjt5pIGWkkD1vkuzOne6OHr5dOoKHNbiOWt5fTcm2YDGqdNQi+eRvWpwTeo5UpqStiZs5Tr5+9VPJ62JlGYtL1xdri9NrVS8RhIDDBvwTduX1eY9\/Gev52KM+qrTyuXfyvrvJdzu4vReX1c3PRUUjqwsENExIXIzsV6Lj+nnbv7l1w2YpmknIbeSjZqzNkapNqmTLV1qZheFxDUNbzmDbE2qNKn8xzfdz9KvSuaLPFTdy9N2bc3RUsAjEAYYd2Saty+1z3o\/5J9n+ZXj6PiYvT8XV4TfzmehxaF1loQ\/M3pAEBISymwfS9anJj19DZn2zmEDzT5fscd9PbtzHyb8CL787NVNBndlGw7J1WmucvpZDSm3FrcO4Ha4daaW0tOmyMGyY2cLvcXRb9efRnmAlKxUinKaaSJcAcnrAfCuj2vO7TqpEubWrYDPpoOL49rQSAd3hd+dPTczTOPX2XVl8sxONHFpXRXZnkis7PzzvxdPRz9ubc7O2Hpsm0NmLRz3TZHMRz96L2no83rxPF6XL7SbOJ2+aT0ZCc4zzj5ddIkxvU9D+7AApAAYvkf2nx9niytdobZTkpCQ5+iqXXQIspjq8vOV7\/Z571OHXstErnOF2uA9VMgewnRQEyRrhfXj33z6CrsyjpfNQrVgz0ndydzdkaEJZ+rz3po6NKkZtXnenOXRsll6Kw9DH52+Uuc3Ru183penxBE7yAAVU6X8sxfS\/mnTGRmjNRrnDqFTPuwt328\/UJynwJP1Xwfv8N2SUzXKzcJWt+ggFvJNULi6KGuzs24+i\/n6YjYJdFXz6cMaUZTa6FPzYIXJhs\/ndJSz48bufvwdTr8rYup9M5neQ5A8PVPnkdFZOx5bqYT165py6adDPp2m\/wA++g8bqz+dlGdMJTssnjXuzsXW0j22xbie57TyvqOXd01tMYPG\/QYtfOPR5s2mu53iPSF763pphg6la3hdgI26+TozrpZbLy1SNDRqpRnN7JrodDNmdlWlgcYzNpypzKqq3Fwlvne7zurm5vX4HQxOu\/maOfo6LKz6OF4kp\/OuP9L+adKtEzcqHLHFDSPC5uVnd9b8+rnX1Rvg\/U4adQSyZvz90ufEbPWc\/oz4LJz9WTX5tklgmGp0OVV0omLjamMtZgm5VV9bldW2YiW1Va6Z78WlorPHq4WKVuvRvjK7HF14ujmo6s+0\/m7F1aF54Vt+c\/SfI2vOBb08a0bIRYsKE6AfOa3O3JPVDf6DDVHeb5fRnfpL8Pbi9\/P14Xnmd0Hjwam1kQjXQrMrTltWoO0itlwqvJDmKso3UpaqsRUd5WCYUINqmL8HZPK62PowT09aMrzbEPz3pj1s2zfy90Zr5i5qPocrTVjksSEEgQjQI29jldjSW0FCVNrUSraiS06r43q24Zwrac7nN9fHTSxqk2mi8TriBKqlhLbZXLVrSJwu7B5EdBFmUaWaG8Pp+BV2lDXRK4xCa3dX4\/QtvnyOvz9r5\/N+f9R5n1KgvXpHzlcpYTARBVI6PNrJ61fD9DpMsnVJW7pxpTculU6aoz0fzGrt67ZtLzrDBJcPlpLk3HGd66SZorU2wq8Nopyc1pIQSM872+Nq83HpYnxD6ise3j7V6Mb3pWurLqb+V1K6c3J8b9F+d9swWPRUHc0qfJs3c6Rtc1pTYIlRryQj3fT8Z6zK9PP6VWuVuaidVa3LisqXlyvUt1QErk0TnYSqumjMVtStJVn2Szm7F59DQxGiLZatOHdhtDPlvXPmdLFvu5UofNRpwypvkkeullL6Y4fFe08b62R2MvoO7JcMlZ143frL8Sn1PmJvO24lXbj9rD6PC9J84xv13b+W9y16xbYz6NrUsMedZtHaH2Y1RMLm4YnRrhrtS8zROmjWdiy1TLspawdTB1OfTLqW3zuqSwZ40uOLojQzLrnXXVYpy68dK98vTTKxo0nz3n9+z38Rwy8dDIdgJo8CmHo2T+c5\/pviXeH2\/kPb5aczxvT5tREk3HpPQU6+OuOda4FZ9K2abY9cuimZys2zHkvTuyhhz3rYaTDa1KqXilS1p4N02jRxb3EBnK+R34nPqVM2LOZtOZHZZ0Y8\/uUMtL2pbR+U6Ar0OZraayTREPQmGVJabzS7Fk+Zn7i5v4\/b1nlOidO3ienF7Dp8XqZJwEVxNurhUdWL1i4TOp1zub28W0U6Xke9ouu2k8hXn6PPmfevxuhotE1nPWkxxuR988+Zi3advRz6uJ3+BG3M2WYZ9i6jj7qxV9UNXovJXJ601CH4tprXLdl1es07OVpSdYZUom0Xwyun5ddumeJ2bMa9Bfj9XFdi2DdjUpbRV5\/qPytm5OuSvK62bSOBsl0al16PP6m8voXvm873La3njvnnLr2ZY3LLjHVHnMZtlXwM\/TxdHnJ0Y1zp6UTbzfSoOq9H3UaYtq7IlZ2TRVWzWmijMy\/Q5d08XfpGy9L1Z4b2XmOhJuy280va8iX1rD9A7zvc5zcVw51GqrxznmgXnL5+J7rOB2Mq0aM1eHrYI2hbFrwo25XKC+rNoUqMwtNUpFGvldN3by+Le9OnJPb4+jHXcNTw+iwwo6ceqnEzpx6Rjfh0upfmTGTQmO3z6W0ZrvqaeDbs2hLzqCrJUrtZktRcRmrpqFduSsV3lcTVI1fXmF51XXw88L1pZhn1qVRy+jrrja6fHneusNs3Xz73Wu7NBwjbn7+eb828Py39Dm4LCdeEB6b9ehuvV5uPRcWcszKN65u6jddLZtNs65U9aMJ5WTpc\/tuWE7smbSqTEima2RUAJqXTpExRBNgd0eLryNuXdbnXJf0gOPk35uox9HBbTQZNvG48\/X5va5ezLy6M2wcBpz\/\/xAAyEAACAgECBQMEAgEEAgMAAAABAgADEQQSEBMhIjEFIDIjMDNBFEIkNEBDUAYVJTVg\/9oACAEBAAEFAv8AsDM+8f8A6PPDPEf97j\/sT\/2Q9p\/77P39RrTk2M0zFutWLr3WJrKX\/wB9j\/ZO61i3WVcuZmZu41aiymVayt\/+gxMfc1GpFAssaxjxz7BMTTuVgZv9qPsD7ttgqrdi7H3Y4ATaYFzK3K\/aH2MTHHPvHifv7WpfmO0\/Z6meSfmBMYIHULsipNkxmVt9kfdxxz9\/UNivHV16H4hY0rHSJ4NeVrG9a1zFXllDHIBY4OciY\/2Jg\/2d5zfntuA2cvc4TMtUiMNtYHbX861ypXl2E5TfzaxZkMd4PWrTHdVxI9o+0YPsZ6+4+yyz66t2XN0D4VGw1h3XXHLgYJ7TXdk2tK26K+13bZYzbZp+r6VwtXNWCxT7AP8AfE4GZ3GWZB3dLn67voKZn\/IT6l9w2vqF7FfB"} +02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1359,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146470951,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146470951,"pkt":"nLbQ0+MztKXvZygQCABFAAXUjohAADYGVoEOiIhswKgCfgBQwQSWIbNSmarBiIAQAHrnQQAAAQEICpoJIhIeulb6KGbrQ9NgAoPeIQXK8aNsRvWmWOG2+mJUfVc1tOfBUFm08iHXJpNv2Owf5\/8LnH1ete7iHIgeIQ+NvC5\/VL\/aRL84vFpH3hpuKGie89N\/ltwx+Jf3dMlyw07W7lY\/ANl1EAJvmqFKZxvNP\/7dp2qkMzGNaCj8Doc1sJJRQQ+ao9WYQoMiZ2FUxVUX6mhkQjNYtI4Xmy+wKkhyEHukERva96HY\/dXbvojGVj3HwIwCL7Uu4KCXJCOxCdfzRsyBCPbX85Xo3\/0i+EMzczsTrgKFypwzGJAzBLllK8mrlen1AbXKws\/iFuX9EFW9oTIIiG0ZW4bG5oE4h95E6fNS8I4kaDxPobJq1QBkoPqrtXoiEHjpKULTrft3zYnFpDwQu2eTvwy15CQ2tec5f5m1CtyPkJ8oKSdO\/aLi94jceiOZXraTb6+VbZVTT5v7KqPOtYsl8CgtLKBY9Ot78tCrSByNPAMDNF2pyABksBqbgNk+1a0f6z45tFT7oVWfhgbXl\/on\/kQ2tjjIKII+MrdKpU\/7Pps04g33RP6S4I8ga81Yz5R07ZIyJT6iuback6Gsu\/EUAaiVehLWhou34+zaMkfX4oW8nsmfVHl1TpepxDvzCEYnOi4OxvRscjYz8+bDhvRI9oB6DKa80JOZpGqnO4SIevnAUQte4KcbZKPz6qauxFKMjOPb+Fi92JZNBzuBuVci4AUSISUJZ9pDO344tYqlcxAnz5Lub9aL3azUFNTDSxweDEjd8pW4pwan1wijpkqLHf0vi8uNupO8FH0kib57l4ZodhscgY1lQi\/YP8qhWC\/Ub1YGeDcgEMSVmhxKOxrRmEMxZJH0\/SPVC1Q45KguC3L2a2vUkm\/rWbFirVKvRVj2Z6smUDwqdOzzvBk383pjRzwKiZn+50Qqi6vXyDKsGTAy7P8x6VRpnIzzPW60jAuNOX3Z8JKsQSoQbU7WWYxRsEMq2vDpEdVZDnVZhQNpQTkqwDBMcvnxKwGz371ROj3c1NoOOfCqOGX6dcQUiRIk77k05t4r7lBDoi3JaCOltfNkcyuik3r+d2D8rJRDa0aEaUWI7HzkzGE5xCg05dBJQ+GbxLjA+7YlokrbWDOVI5+7T2BJvj5Z2gSS4bQyr5V6clNZrOF9yEP7TY6KekfQFoBuQkiruOmgQDE3GJilpZpNsJut4YIT7F0OaRSKrHaXWfoS4Pjff1AtIHgB\/bHOLbEtnRDxHNLviswASL0Q8jLLlz3TRCqT8v4o7cRzUn+2eKJxSTko0F7LWInRcpNe9+Y+33MXMVaDAOeHkemly1HrRGPpJskPnYelD9BE\/N2ZrEmqz0vzx+lyA9i46mr4QvLytJqjP9O\/HSqlA1Kx9fxOAXNcAxSgUCEYxWhNuKuqJnLtxuQZR208YZRatEdYzf9DdIBrZeDV9KCfxPH6XHmKZM6Tw3RIrVgIvV1ORu9gNP4ZxWngguwIFKkqm\/QJwvcuq8ge\/\/zWwxnlXlHBvEJwP5OtKAK0XftE6rJHP2e+bJbxwmb93eYXIbhGdyhKZmqch04CLGO8ZQspqifdGuUIlfUuJjFC7hqacsNLSVicuPJzBOyU2NXprEYWc\/OZbxibYqlUXx1QnIHQ5VZlumABcc0\/1T3FfnECTGn8GRjjkVVUZpIueMMQIx3l8RzJtDm1\/VpZNOhOyDZV1UCnbO7S2SykG2XtX4RCuY7OXA8IZ2JnjkHuxMay4A3uSWOFpP5WNNUcHjze\/bYJSsUoGQ\/ieU17tPeq+kN+I0skTj9BNmaip64x8FfSWbU+sFOV0QwBozGD+Lr+4Fx7eGgUibMhfEp33ZyZZa3ve8AZrylaG4wCMpTMxS0GbDni7A5CuyPiGXxt+Ero\/x3NbA0EZstWz0F5lDlbQrK1AfXK7WKby1kb1HGIl\/BAQCaQBP6s"} +11563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146472685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":10146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":10146,"pkt_l4_len":10112,"thread_ts_usec":1654385146472685,"pkt":"nLbQ0+MztKXvZygQCABFACeUjolAADYGNMAOiIhswKgCfgBQwQSWIbjymarBiIAQAHqBoQAAAQEICpoJIhIeulb6tgJjnFx8hVIwXR4iVS\/qWz5n+Fxjae7ZlUqBpnRyPdUMUd+QilKzXl7OrNKxG+xfS7TEH288LHzxu8ZitSenHMt52H\/QkEpV69+4AxmflPbcyhYuNqtaP02igUNEXeHnE\/ugkiQLtQdebb8RWtY9VsgDPz9GUtPkZLj16g263T23juO9fsws38GXyF\/QUkl47exxYxCkNwjcpk2rfKmm3nQg7N6W0jqeFp1mCVWfSdnf1Y7Ic0aAspDn0dYX7ERrxAbYuaTLxEKrjn9xjqvkkkgS5vTMQo\/QuHb23Cix7tuT4Z1trzTW8hydtgFvdta227DotNH3yGBi4f+L\/4sXuucsl\/ZYz2EwWxq5jcSLqELfJHxFWvLyS92f\/OP922wdIMEUfGBrUGM\/B3JtuZ3WiM5qe4JQxMfqsdaQSk4KNPI7lDEQlXw1h0iteFlx\/\/sbXUFb7a6zxAGqKLOfVJ8nwgmuJ2JJ7a50wGQcZ5nLknIFyLr5KlKTMbvqLWFs2LMvOv6V3ngFYSqCpTCGvq3EMOwjXIRIIPG0xirKad\/WrPQ8qnK75ee\/4IVUZVYuQzRd7olXfWjNWoMU2XKEWOHVqY0lXpUYEDS21smZjZOKOEbaDcPJR3IR2tSF8v7lmhDnC7A1Q\/ZMUecW1YHLZoxctM+TtOWZT+8NOrxJea3YCm9Yx1kAaAeNlJkXZxTsZx9fiGRUsKJUp87laAJvDIbOMmd8r1aoYTkTFmU\/sSJ8mQf2rPRf1eOXfHgrWYTr5hLNs7M38fDRwMZyvGfVF9JaZJr7oby8iyXNXc7zTY2L\/7mbvHkCPWlgDez3Db3GmjmR1B4zzKCnOT+ig1lwwIJo1WP+cxiw7N2K9r3vspvR5Vcuvuh7tgHpWqmAWhI6fetLr\/c2Vl0iiMIIre8vZpLEHW\/nohVeVVUderzf2dVhF2EtWAMquqz+sXVK0WGqetxa0ic3Oqtaq26N2z5MTbOtJmKxpBzaXCwnIzJfbkvT7NrL2Wy0YeTpBNp\/qObq5eeNpmjp1rcehffZdHdR\/PROFB3yNO91UKg3br6J36EchQjn+HHAfILGeZwZXM7g1tOqRvHe74tZLlvy11rPmfX1clEcNLCqdrXEZs6S1hXdICGrhpqkYawHpcEPmYXJpM3IoQIL6\/UfuOmin8lEdLYY6JkRJggUKNF3GopOMtqlw7cN6WYvnHBpqPv+d126Z4G+wSDqysaWGFBAN5NvcQbJbC6Ll61fYucNIkqNOL0YpI0ckzNHkzp7ppuY8oO9Fo0pVc\/ohgagsAS706RZzqtBM771ss7i6ivGHfRBZEjjDIPKsv2Sde9W91iB5ZG1lvOyoiXq+e07SLSxfFtviLdcctt4TbAeowmTgePDz0y3L9AurZZjU4HIorixz5KJ77M2+G+AlWnTOSYKMX0u9tKolMpL1eyCxnoAOfARlh5LFdSrBlImUb8\/QcBlj5qeZRDZQU0B+EzmE+arAHNjN51kGTW6D7VQMJR7u4gZ3CgkHpJn92AK61mPx3iPbbQMIpDgyBDREkqY+81rw9F+VEBGuxGn2OHvqi\/vOzeKm9iM0LloHBhmNL2zynkkneVPICTPD5SM+wMcfYdktvf7olC7djwltDQ1vQJ\/I6RAWfvx2ILm38PTiTvZIBEmYnoBQhOQ0E9Tb4QLfGTKne4btkpduZDgVkqDxDm78xzn71taOI7rLMzMH0SBU\/TziyBk+2oShCxYgmdU0iKDT8r46zjZTZS6v8mEtsdjmBbH7cPpyTT7gKEtnM8zptXWSIhlVykpGlFGFVQescLnpMRvIoRiJxd6HY25i8Q8badO8aZYOw0ti21cGDZu\/crSHqlLbfNys9iM3fwPZY8F2upWh4BROkh4t+NK7aItRWXKGLcjiH8o43WjkrzjhZ62eQB5Wlcc+8CD6CzKirazoV4LzmmyoNOd79K6CEyxZs7LfkoWUz13vIVl5saV+gwv\/uDP2Ytl2FPCGdgA\/v6tuERAYkXOh8gIh1RlzkPREpEf18veddCRJ8z6MI1K9LoTela\/e9o2mTY2e78QaKnXoqh+gJEKGbQQuqA2rJhJstN3uX\/EaXiA2PLbbBotmQW0YcCmKQgJE\/mvmHOw1Qun\/4swBH6823HVEWmKBvS0oVgAqI74vcVeVMBLwWco9z3HlrXT3tEaneofEZozkE7cn9vQB9DnL+4knS9sv3ucRAaCXIaxI7xyr3FbUUZ5Rzhe0H\/cYTVgieCFjpL\/MHbGwM8eU85\/OtgxMEUVvx+FYdQ\/Xus4ZI3uf5Sccum7RwRDv8sIndEhRGPvW6LqHIsTfNccr79CHKeIR7FkuijEUaO\/OqYmPbzQ9YkqFMB0+Tu2de\/pxeyvudZ\/WVSNhP43OsfPzA72r+zg5t61EFhlrL5bWOOEBWzBkPF1I8X818Sf5\/376K5qlegKQkwXbKRdlJ+dBlPBuUql1J0vaDbHbdtkri1pYwK7wgzini332ipIKeGOeTt5wWKs\/UJc8BSkGmhIG8Xe4f\/NsV5rrZCacV9nG2hTZxgeB0tylrutu\/sCHQNDsVGkcvI3gBB3q\/0vTOgej\/JcQ4b1+hotEGJylJ+eyNmc8vorXCiSHXRHzvzK6jk4pp+0UjXNTxLiHVg4qUFAuiZDIaFzX4O6D8VhmHlbVkYqgJqOX\/uGR2w48wcRx9Vc808nXu61mwFTYRoiQq6\/ejhNCo1BFujUS+hAxzQetpO\/K5aXDdT5Q4tardwiCey5R\/S0MvN5lfkF6zaPhPSYKgg\/PVYZCAciZA3MsJgF49NaKBsik5yEhsb0fgHIH4GeJ4dVGypxdg+2R4daILk6+rl5UnRJPB7824ueIIesQbwA0lA8APOM9i8n2eIOONbuW4Fch\/s9RoyFD0e4YfBpbfMeHceRyVw\/U8NAA5miKE7gJ9GuxC\/pLi8D+krZcFlG5qjZxha\/2jvFLl0bUDdodexooW3iKcNN3NfGh0KXY0d1erClHiGv\/E2Ibb5QUKKhz1HCVfievXCuKd+iXQXwtn5XRQBAaoXdqYslwAQowDTy2gnBMtD6ROBrw\/dyxwRv6sH1TAiCU27nx40639\/Kn+\/kwQflJnb5sjgxAjt821QivnJMxkYJXQSes9hrIx1+nbdW5JwYP22DoX\/Iaf70c5QuYAq3SeuASr+5zuspK2w5qYnsSROZDDRK1QTlHH6uPedRlv9zXiHIQFrgkR2ksd74RBk+t2ovUESSY2bLpgp8wt6Rc7avWpejX4lK\/vTU+HrSv009gZNULrkFU9\/s6bchhE7dkLoaS9\/GzcGhWo3CsP2t0nCGb\/Td2B4xrEPMjPUmL4ec+Izyi00UCIQHdfHsIo6Yd9+hdY7bTkFVVpPGwAIAMYFlXoP+4dIvcw0SwDKskFVWrE53M6bGPKkMA9fESSRf2TnVsJt15VCvXBWWkgs1da5ZsxB8Hxz\/dYLjutOpGakDlN+mjMre8L7PKV4IjOXfFHcklueZlHFfMiKOoAxAnQsxhugdCoiNxI4bCX\/geE0qtc5uywOU\/zahO8RvxDDLxVByl6CpsYll7DpRqay8ia0LpurHZOx2CQoD15zpPDCwpCtrdWUoyRdrGsxmrJ2BOXmiQvThstJVPjn7OD60GBa9VTfhetSOE5A33Rrn5fog05TTsAblGiM3m9yb24drHjEj4HLA0FzYwHEpoPH2DAxRl\/HcA1RuOiYRnNIrcG7werbjY1M3Sa327qYs+3pKFYs\/a35vcUkW6dvfmHWdKRgkl\/lQ8+agNAxx7ytNkTHTtIqy7B8vZAL8KUlPxSj0gt6f0aahHlR4x8+DpVQ03HO6DciE1DtOwpSAVp71Kx1IN67DvbZE5puszzpjMOBMXrHN6EAiyiDkBLRIljHommON+R\/R7kjaffp+gcXAJOOcCJgwyYulXqPEcVjm1lVMWAs1unY+V\/F+uNEJlU+n7ycALtMx8JoapYqpZ\/YERl98enXpnS4JSwG+uXe5eti6wMKtUHR0CpD0ZTaMF8UeGRH7e42Bzv0p2Tu8+lmtnPsKgFOqy4qM8flcxd6FbT51bQmVGBKOz9hsmN+xzNeSS+G06P+gRajneelM9Ml6rshA5Ze9XZNevJ5URGA3+\/4zmL4ZChYcdSj\/dpBrk7KKsyykmGEDSTp0wnUcOoEbwOwdwy0yJSEcPdp5r4I630fJq1ThajSOsveqsNFTGmChRopw616UtUsJ34ZHIEkewDajBG9ciLWIlp9JmiNQA5sdS6h9RnDTz4gD0aZFiDLoQvN9kPOuOrWZL1brHSxQcSnrfMBFNQDS\/T2UGyKc\/3NhjlcLneltmMwChouJwrB1wWnIC01Oz5ybtO8pgf3mNoiFgyjsWkdAUm\/Ilybd1rbLiMUzw1mCAstjt4EOmL7ov3wAjxxXQps5EmW554KBvP1pDfN2rrVJj8KZ39yz2IbgzFEgyGCjwvymAdcelaUJTipIuCs9RDJdcgmqgxPTZvY0sCT6yaegqEtX8mPz0dFB1wQRMIMB3iywLf+BD8w2hn9fbF88bQRFOTjbN9RJAZwgsHlzOUW0OITmS8gMTFjKFJXyDwGQs4V5LS7fkoeavVxpcEnLxnIotXgNPlS6kU3L2b+eqbGq3yEqaqKVaaCBZKDHd4RSvx6acZ5pMN5tixoPl4VRZTUbncjR7CqssSBkstKemgBJcL5ptv5lHRt8KC8r\/D8drxpQU6SzlMe8Tdv4CsPsMIr9ShohN+dGdO\/Q+YZ4MlJdXIWpPVis9KcBa3BMSAQLL+wlyCrC1DxOauyiJX0pZwmBAP3uFWYpTYr755AsZF7IZSWbLH99OcdO6P4QCsINoDJupHWX0kT9\/ILwvpJZdiJQ78usj3ggE6ufPm5r97uptNSwYWvSBqmpmh7Os4JXPxuC\/oYA9qP+88oU+8sIO935wIdjeKeCSU612zzY7tJRMPJqwyaKqX3F2Ml4mDMtJUpcDHDxd5wHlvcRljGERWhx34qQJ0JL1LapC2Yuq4xWUrbCUWIVjCtmYEfa\/GCOhoSh\/4je8dI1vcbamF7eNP7KRXq8\/j7\/0nPmbGsfJ87rF4KGJE3MFdoClkAlUUrRLaHhiG4eZ9J4RLozN7GBOCkVWWHN5ZAcZUx66oyu0r3mEpWpEYuxlZEtQ0a+RcselQYXz6IuCnJGCHSF5B1YQT8dtCh9Y2xHMplEk9aMjzAZ5TsQ0q0NkXMybToCx5ubpzAZVkBaOnBDwCW5JzH3qkO4m1Y8AzssNxnQddR29gzWPYQyg0Dcxm1OWwVAXNJ6\/SX+S4aDPDV8ymCuPPXQzFDKaJwJOJBrmrARsHZLfI8bbIQ48Fh4G63fa81NkkjBQxfp9npgdy\/bdQCu13ZEFuauYxibrh62hDGVsCl\/5SGVGkTy9NgczZgb\/uar58fVvbN7SIf7HV8afG1gmewssOzVfLq0EfY3Ny8+KiXGGbDHWzNN+mc76\/nymmxBGf58LS4248blw+sucBQGQVLLDUzJUq6oCJofVMo41GsNYXtH6fOPynAzsThq0D8e+jjNCAqLVtm8ZFeahT2ZPmol+LspHBXCkp\/yVPnNsRXEIy1hHfAlZS0eNlJe3RBx3FXhymlEy7K44Tcf5Ni76LhiEOGvYVTVMa27PUfsI40MkT70x7ieJ6FYRIKzUIbAeMHnpEkcHFPy4DbfR3wCD0UChKwSlx6Kady5x470xmBx8VRGz7irKrOxiLKUIWgrzkoggeZwA+lAGQDrqHT4AOKTC4DlKf9XMt2yEfQN1DUxCliAnWe1v3AxbxHAnyrrdBz6rSSe\/EJcFEJPHQDm+UYHvApVKxi\/gRer4sQcA9Qcm4hgZstp4uGyIRjL3SbYY5uAltDI2U+EomQE+SZc99KHDAr0k8k8hb9Gg70cpj29qmGLTPb5l\/3DHw3hH2ywNNERWgs\/V2+UZND4pdNNwRg\/WA+n9o67rtYl6LGQao0ud4GmQNsHYt2eZIgivRYvM3TBPzIaE0iufnYlLjU5EqGxmZxYs40fwTKrnZoQgbAPIbIFFZg6BoCWJhCmgJD78iD4XdzxPvjyshu5A2Z2bNVwSD1OLUxDVRqMgDlcZKJfm2T44YKUT52rhectH4b2OTCH8c1O1WuFpSgRsi9xHBFQHaShA1XiZk+5tiBMMFCLFcC4MqRhIryL1Xt9kVjVw+bLo7UNTs4gMlwM8op3FwFU9JdV1TUw4911Ic+da4z2g0M4eomEnD16ypzV9YvE7PbfX4mG6DIOC7sus4qkeLeUGh+og8npF10LZ6uMQ7NO1jiICa74N4qYd3biZ2PKKCUPsRwiQ8GC4+aFT2\/CElHV9Tus86MeNo1mbxN0MelU9Tv3Re3vPhxieigjbNNg7c8NH1lbKWgphzZEQvqW\/1D\/3eHKWu+1spZcYRk1Cz9Xq47QMTDt1ObhcMRa5MC4OOHU9i+rgy4fH6BSRbTrht3nvfqMzfW\/xgs33D0hwh1eVnBf0PGbhUThT1lBj1exyTJfY0HWfjSfQMcp7I77rxN3+YWgUHV7XikoArasQLBJv4w7LEHyPYY\/+Vj6MwrFWHNchEMNzwTrvd5gF2snhY5eOtRIPg+818Q42DU6OcV4f8vlnYUQXHJ8SkRn+4youn3U7Flx6hzGqd2Kq6kiCNHucaRMmTmTslKYPmix\/DLodndpVGjrAX1amNgwhKlXOsAMB0\/QNROKmcB4zyic9xrBg56IIaTIyKlzKqtQmPzvNxhGKlRMnOEmeJz484gugsUkGQRSGZsTn752c5fp\/IEqJ8uO06Q2Vk9ObzNlHD2qPgNr3K3prb\/xFlwsiNhd3rnU5zIz258tFai7AkGw02iNoM0TXj+mXQMzdOfh3mJ0aCjK6QIj06WOb49ENoiSpchtn\/rXre0PqCm0oC0LPzaEBWDuGyE4WXyH4B7RRFmEYW5slZ9NTVAoOblrF12bwGWUWZDXYeyloF6n2uG\/o9NeOXOAgOMUn6Qv7n9BuhyeC2CiXSHy9y1DZpR8fSv4tPvT6pSWBaQzn5OybvIa4qPoDDAr\/aevKfSF2fAXnhgGWBUOOTRt+hLhFaJNdtqvRBdx51pBwyIqerZQgU5FRr8SgKQNR2Y2UhyDv23ipzi5YxCcOTZ2jTSqzkEdi3KYA\/wG2cHQGq45NoCTDSnVcPFIudxM\/3a5ry93rXYJZAqX2xeRag6MeTog5DxqXTWxNXleuzrGrp18MJKeuCGoRELstSBk\/OXSRnOOFYAISrRtIKiI1BDl2DG1FmmhToIftE+V7CVluP2754NMSG9uzEeQs3I3J20AiKP212JKOjSwfMFHbTzB6c\/OS\/Dm0j1XZljzAYlUs\/kR1qNINEaMAzMk2pimuLm1hyN5pCk7gZCbYyWGF19\/AwcjkwRD7ghvW+nZXFjdan8PU2wH+591yQMbZ4MbTPbDRHzTL7S+MBYJ2\/sXwg2MY2ZLdztxWVvTvwKnb4PuBIochmxGSp1IXlXQtqTgOX5IOA87fk9yU8i9gc\/SBU9pLrPV3l7cVmIltaUP1TvVwUXppaij\/K5aaC2mJHbFTV4B7kJBIBm8TkDKSz4XSAvvMjAepqD1w\/bbYOlro\/h5d5JOSsR9PyLluINE\/74JuqI68WT6pjkeMox1U3aIghcOOrBvzNoBWC2zU3s0wAhOhXJ5utKtCv\/KPcWNPLlyQqVLFYwGgRuUQqNX0zUfdr0E2gdcPE6qpwGANOs9GCCLDTiiLS7bWx0EfgcReMav5+JEGXSdNByKxrvNDELfM2q+bwY61CR38rzDlmu+d7kCAJE0MfDfOLlvE8jPIcfNslyerg2Niox3zzOOsva9xFQ+7GfKZNfnjZtuNFyHUvIFbrlEpcW2H3B5GCMp18jQh8pWrdZczJcc4Aac0gIh\/f+5s4pgV0LPnYCY8HlcVR4B4j4rf4MStSEHzAfZpX\/kYYtsvurzT9EVgYdMvT8FS4jH1W2j\/U2PegzKYNnP3wpYj9CFYKs2jYvLJ6jvD1XhhfR3HRnE4jc6VMq+DDRHlKhG+mti4SyS7RbgLoH\/gHbyMTarFmt2bNHYKgQjqXC0LQQBv31rntuVVHOOazc1DgG+ROX4T5TvwQs6eGOsWbdrcKWpAUmYroutV5glxQd3vGWZ4LdHNLGKqFDSFYJ1I0CTO38x\/0iw1\/MjeLEzEax+jzi2\/wKhjbPMsNk8t68JhGz+VuwI+Z5Ej3HZjM1rMIfExPRP63c49wg47vGSDiML3Kmr\/StRE1KB\/dkvjdDFkp81ryiM0pXrciOaFy7FbL0Dp3fZxLadEpfIvFfiC+mJ2Ig0nQBpqbcfxtk+uFym\/A3yclkZJ8EsWa66dmsk7IUIuXnp3apKNGJQGgbKfLFoWVWK9YsgIPRVOO75R7xDUz9q+\/wdhL6Bvp4iVjP\/YAR07vo9gAmjCQqesZTMhTVAMuXwlERPWl4wtpF0b5ylA4weK63l5VHHeTekepPlmM2ZPgEhPena+eVgrgDpDeBxLVpfjhJdh2pAkFl\/Itj9E+vplhUX79GInBhWr\/Rf6Tjy0aYfZr0bWyYSBA4lA\/R3m1Twy1xWEASJIZt7RakdMzwqSqsG9lO3ibhG4+RjlC4e4GdCGiyDQQToec08qlMrsb6jxurIYsIGEk0i7kTLCjGpt\/7opsmGBM18NONK6EMJiKHTtJSfE6GUrWpQuY5SLFCm6gA8oYUuWrxKHfQRd\/xxiqUOBihtPkSKSDaltV17NwQz36J\/hq7FSp7FqFWILEjYV11Cz4Q8VPxjhoJHSi13GdXpUqGm0GBbQeg63FDVhJQnw1kGtMib2Yf9xU\/2NEYFFK7LIAJAM2C\/v7UelbF21DXicOd67I3RYOxT1R0rQngFVKN0WCK5NYlT7XyG7Vg7YSWOnN7\/AUvIifx6LyicWi1MO\/4j\/tgTPePrYWavU05+b\/X0YGJw0tiFpwX9M80SUeMxuOtQytXsEqklHKltggwksPL2krZgWHjICBOqob2ykobwQ0UULykY9YgOW56Wme\/aLiUQFq0Q7CcJZ89xJ\/42FYJa5lXYH0P\/TM4DppbEtyPFNh\/67NoELB1LkZzEi9PSKyDlIw46NiRT+b8O5ewhbmvpaPcyjC4QGwhHZzbE41F12Gy\/a+cthlvd2qqfwaADTIaDQaJdI025YNkamWe4oPvNi3l6\/btVtWfpldldFiHyFKr1pGyZMk9EyWmCwq3P2mU8qw0zx4eaidYcuaF11F2nyih\/1jIDMAv6DecOtXXxaC9t22nVGRSN2I8zQDT9Yv+g6EKkg5IoICNkMCVyz92eHyfhPo7u23FiB\/HYWhItSJu930LbuZ16E7PJVHYerZwOmqZ\/vHjb4AV0+CE1EBQsVH\/i2r5kHBpovfS7O+8V08ldfPT9A3jWuRmId2jZeFrX0Y1jW9PPFq3kN\/8Ayx7DJya0qzksVuotjIrX0kEdictLzsbhV5\/0DRM7eZLpfc2JKjGndPrkLjiwchhqshbFfpzbxelwMx6zZvb7VmHdVgFsZB2ze7oFfvO81oB5QZJiUVbpxPx2JNOIx\/pUhvvI87IOIge9wOl382BYu3R4q7BkQ7nVP831IaIBxMgFCR7ue0QA5EdpeatlCYAih6CSKLm\/EIRwc3WEUYMdgE7QnPHHL087HqX\/nntbgbSfLUOAnAXQkrDsSI\/TSAxhBaBv4lWfhqaBNKqEQBg5aP\/h0Ai59KLBeMmkDbSqMKamByL5gQBIpRS9y4DrX\/1ERo9Ya59pxvDSpoLKXesALpxgN9RW16xMT7IlPWcBlscjLpFdFLypa5KLH+JTwfsacKE+sa45b49P3tnkUng6KPAvvPrEfY5j4Ds9+GkLoSbIbH5pITuii2U++Fgyh5URgBWDAKBXhsyZpFCAu8Ej+EFhSgesLmUb51pN1UQjHpHOpNKENl9i0RNhG6FXM1qXkmMu2OfRbi2cGhS3Uag2V3K3TnWZOyuwPzDfHVNY2hiKBItohKS2Toqg3LdwIX4ALpN6jwmMY1vJ5pN8xpvy8BhSbpE+drY\/Um26d\/568MLTQYvxke7bs6JitpSjGt4aTSaLzEFOAlJHpgrPvyGdkbKOopCOalf5VBHqUYEqNlCcQJZGcKuibaA+CKhOcASVH\/dVK\/LKcHrVhSKTaRPzOYsOR8cAZDnbAUwFggdNoyi5AiVdH7pYEQi563d4YRRkaDPChr2MwLzQE5Z2eygLLEUTjZauDGSZY2STnngf\/IFlcIvrZPeVh\/jylOHbUswONx8QlhfQYnnpy\/R85Na3DWMvwXLNBAqERWkZZKomQMIbQIRE0qyaS8pD\/S1iK2i0+KCh9nzrezGe2syhY9R0fJ\/XdWKevEaiI7kaqf1UefkR+nEV5Ton0W3N+LiNBqHq9gt0TY4ck8lB4MOrVIWh06NYI4dqR2XxG3d8UkPSyGsXZLY2DwVVGbGGG3rwPTBOXnxm94DBLqQATM9q5DPAAAx2DozZw5dByVWvjGoJA8EL9VQXQu1lEGLqJYNQyIVCkF6QW+5MjxYTioE4qtS8rNVnHqY4P21Cf03AxWuudr20+kG92517E9SQKKnas+QXUuGUrnpUjVl4By\/KUFnJ2+xdKCPpA+KrtUxlUnhmAvK7qpU\/U5QYVZWIgUVItSRUkOwG5PSUEUhbpCYjr6yl6lY88iNEysyPHFRS9YSqySI0eVc4rm8ImRTMH+ksOCPGH2De5Qn59KEuuVAecGPg2\/Mcddhn3Py+S8ulYnzyXMfE3XFNwHBvEiriFlv0XIjjwyA0r9hXwjK+aNKve2FnBMWar\/l13ISuiDDW9Wbg2B0b\/vKVaotaIqupOH3j6LXyhskiKT3XLI7kub+w00Q="} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146479813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1654385146479813,"pkt":"nLbQ0+MztKXvZygQCABFAAFRPDZAADYGrVYOiIhswKgCfgBQwNqXNB4kXP6K3IAYAHppHQAAAQEICpoJIhseulbsSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNTQ0MTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDNmOWUxOTYyZTc1MjM2YmQwNDQwOGVlMDFjMWM3NGI4ZjRiYTJkM2MNCg0K"} +02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146479813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146479813,"pkt":"nLbQ0+MztKXvZygQCABFAAXUPDhAADYGqNEOiIhswKgCfgBQwNqXNCThXP6K3IAQAHoH\/gAAAQEICpoJIhseulbs2EQnm3dW5NpHc5sR6zYFLkK0FMFEDWcY52F66EPzn3fkt+HTn9roK+1oYu+87d3Fe6e2hB4Cv0dyvGXqZhzGtjaFIs1sqpNyDme\/d2VPz2vgTvzWfwec81SNc+Xq93Fp2AYKjQ\/ONTs7l2xm6I4Pj13c9pp5szRNcue+WfKu5GqQ3MZhEWBRdWFdKLrXGxOuP5rY8yyeq1vEsI+\/6PJc2c7uZO7u25ZgAbqjvOgcMfmLD2RvIehRt9zwnpsrh7QVlOnnAwWV1o9PWHVgIvCIIypR5+xplafVx851crHU7Ea+l0Kcs1DTz0toDnI1EZdW9zy2zN2PNbCLAGtcc6OLhflSFbHBw\/EfUPBUQLNIU+pdqaFjsZhKyfASWUPGCDSkqpTxGb7HxvVJ\/ZQHz2Mg0mH9On5j6AZ5bvoZxwML3kjfOp9j5QMpzGudiU2oIzt7zHpLy0CqktzO9XlzYh5XP165QEpygV60+0i+ovXlzhktabSr+BLben4fcleuk9A0TPDR85+i\/OWzjvoIZZv1ee8iZXVqNDFto1RI6QvTRdY+afTvL1TPRbW5+npW9yV7XVZadevGNbdbbs+emxG8+NnhLD2wmPVBqiS7o+iDHU4KUHLSpaadedoIGHcdhNCnHr5Mq7QmaDlKnWx9235r0vPWIt23fO\/ongWHoNfxHt6JNqXUqlcTk9OqwlEwP5k6H1swNo0xYsXz9Xb0mkBY1nn3CLOzFaZuOz09ppC0hK4L0bIAxwipq5uliADq7KlzXOqXFC6Xq6mc7l1WXNDVZOHFxlq0keNc3QXJa9n8\/wDfc1C93Ze8R7fxx3lPp3y31dB67u7KQ6l1xVXeQ56hfFZvXUr6INkuNCeRFBu7ULwxgpEI+ZUis7aPCVCmWraNjWRvtxWiUnBFQsmgredu6OR16iN0w7P08TUt1hNCq51iWhAuW4XUzdSaEg9x43Wg\/qpGSY7y3qc4j5hr2+hPlzAKBbp51NamSm8O3kbrnU9RhEhXUWq7fnKNcWzAamIoQ6gMJOL5+ntXl6Mke0PBGryysK0yCyzmivLYSTHWLvIdtpXBnBNDIGVk4cDduEV7NgNCXZmaTQt0dXaR2qN67X8L67jq6tDBnUdclXcvc+1+TerLsVtWq+N9QbVnTJEypzXtpIudPOXptSUuWtJwpko62V0M8kj6TMa3kRVMUrcHlm0WZGk9dSXDq04+57oUwqWsvULP0s2nHAurQiaFQvGc8EklVzkxFVxmY6Nh+r8x7WJ0AMxHUuCmJRSRW8\/6EXnWD+mA95DL3c\/QLIfVVmmyMV58crVlchFCtNQ6OtRaZ2mgCcTqcqFJwlabxIPCLiMKROn181NYOVF9jvnXE+ptWkvSdwN3Cr54+GWsqgtRm6swWSaXMNybi+xupbFn3nn\/AEfNomOTd0hxlW7Cstn6+ODpj896OqCuC0uuzS+g\/PAyqmZDKMsFoNlJR97AHn308fRpLZTqrLOVHdKkmJK9869Z4OoH6zyJaJ7HAHLgvU471Uwzy+gJDbWfkxw6eZfnmmhtTv4+NTJskLNJ4OqnS2Kem6p9Mbu5tFeuD3RG0pjKjjs3Zl8B6lzzrnYtxloY9KNAy3VxtW1WA6N9OqlijV1ysABVaCWZLeklCLl+f0kooetds5fqlCmTOvl01ONx3tGKF5rG836bApDUyPQ52GR6jyHrS4cttOfTgJes8z081EikwP7jzHtJHu7p7u7tozWvCLT3FkHkZmwi0lyzPHK3JQi4mBqQ8bgyhamx7u4hNyIxEIwVrSgoV3xrLBFvHnBeXp1YCF0vU+N+gsnhNI2li71elosslRdE\/jfSNtEZuXfPfWeTTsfWAzGZdm75bUWfnyM3a1Wnq6kWie7uG4cro+R5loHRh+9+f6yb1xg3jlW1iubTHPO9Z6bS"} +06382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":4,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4386,"pkt_l4_len":4352,"thread_ts_usec":1654385146481114,"pkt":"nLbQ0+MztKXvZygQCABFABEUPDlAADYGnZAOiIhswKgCfgBQwNqXNCqBXP6K3IAQAHprIQAAAQEICpoJIhseulbsrHZyTWxN6zxS9DCACG6a3NlmKWWztTxbzVZqB+e0D7bT+nfI\/qUw7ThTY3L8rI2CHthnPYnoQz2f55bY6\/GoKEFbNcQHsdT1OFuwBp6Ebhygrm8yunXdYJ7pyrnA+l1vAe65WLxJAgfc6kVvnTswUbReslI0V79TYlbUwAuxRL57edRyp5ozFefOq9GRQLau2h9S+WfUJ7qEohN1ewwljL9MssFOZjJlFtS1excDXbQoNbeUS1v+V9fPdAbSenh\/W4bUyFvT4PRGrIzuK362wngARvez570HMQiv5Zzsk4keqWVrtN+oOaF+HDElbSuDm6SeoZONdk8BobaDRF2oGsfJ5+zlzvT6r8k2030SyxZG3W7ZTy3qfF9EQQwGhrFiYqwem0+jzzq2zjU7YHufFemAmeHz2tn6nnbJtM+claJ0aW6omFacYi8jZ2skOR9h5T1Xk1b1lakleL0465BjKG6LkTEcMFZ+2yefr5PTzehxdakdj9ROs0MnQy52BBNwnF9jke6QV5zpFHzvsQuvgie2A+8VHpquPOPwy4GI48Q1MsTff80bL6kUOS1cfX86dim49GuQzWycMjJHasg8noBRvR+X9diy2zU0JReDjzDMNshW5cinPplGSdcZ21bxeqkIR1LwhNgZ2pmVn5tbY9ZLqYbiscuWly2ZxeZXoJwPRUu3ZWqqV85xqdK1i0YBSfAcroBMTX0Xl6Aa2EYoNHSaOIPPlH0U1I18yCLWkxNDGUQ218Reqv49\/XUnj7BqcVxzbGaehej5libnl9G3PtYbIZvy+ihXn10mUpVsVZvBo47cnoVmJxpMyRXrdjEzwC5gGg82iehc3L9P5u0wALFE59TTVh527kAoUY6q0apYO55kTPRU2xlZw3rFqMc8025WB1vLWX6R6TJ1aogM\/wBIIz7U8lvTL1pQ57ZWwix1cSpTlXVDpVj0hzNhV+cqmrnAh0c7ZwkVTc\/YOphK5KWnLbo4inRQP3HEmLSJsM\/JYi0gc2QhYrV0dPSi4OOp6UTbDe0bArec3vIdDehb8b9FG8p6jC01D9s0Ugx5j1viuqfpdfPZ5zn6Pkdzogw\/kHkwM\/0y5XEZGzfkgjDnN1Y5n7DKnGrLt0VQWRi0PVZZ9ORMvV08eGjeg0vFsrvacDo2tPRQTPUIgtKnFgdi0xW5EdJF1OmCKVNOIDV7FDwv0tLoyTXiNum9V4tzcRZ88ho2T0Pl\/SGhs5xxEDJ0gatJee2ldJTw6D5e6x1tDCJWMY2rnEoh6iYDovgZnUK2t0pYQtwKDAq3n9Mez9ULJ6jrcnXnFItkNIrja8BhmrW8EyXpXWiJw6L02mt6Yj6Blz+c9B4foHVr7To3i\/feH9tNF6OdyvNLwFiYviAqtH2gJdbFqjCmBTJslSq6AV2U3oWaea+ixK\/Tem16X4AU3Cu7H2lgmXVqZw1e7uqmUlcQmx6LK1Re9IurR0gYM9WVMTMMJ6ajTQg8UhsAZGcbWZL+HN63N6tj+tHWDSs+mMFsatBzyxkbOpoNscs7qE2LAG5Oxetm5+WKHM51ZypQwpqOxYRnGcXRFM5rnFVKHVknnE46zY4HdJxPVeP9cprMGSg56u1hFhh1+jC01ttEdw3RQOJa5DDpoyPhW1TUGmS1CjCzTasMhJWQ2cMdBH8144mc9nB7to0Vty2QWnM3wKkOBroKFqtyFSE7bG0wNVrMEzRPXKrnpINu7nyx70QTFxLhVuPlqzcZO6dSVrhUoSjRW1MR420q6VI1AZY7K+LA5hdfqGw4V6bXpS2YyTgyMZ1Y7XnOcSSoNnI3NiZ7yTcte5VU2ikXxJQnbV6CbSEtALjtLERFr8zmraehJ6nHUL3DQTuImndh3d2Mj7jrr92Iz92EqdxzJu4NdbuAhnu2pPcwoHuDsU7lE27sMk\/c9gpdwt2z3ac27k5s3L7lj64Xc9717jhH7laadxSLdxIQ93l1YL3epMPdxP8A\/8QALRAAAgICAQMDBAICAwEBAAAAAQIAAwQREhATIQUiMRQgIzIzQSRCMDRDFUT\/2gAIAQEAAQUC6cuL\/PT4hh+CdQ3QXjTZTTvtPqzKsjmeX\/BvX2CEddzl9jCcZqBYPA+09dTUerc+nXTYnn6TqVDQeJ8DU10KbhqhSACWa5QbBrseKYD9rsUb5jbU\/cw+0mb6D56Hpvp8zjOM1NddTXTXXfTfiDpxENaxsX3fTgEUicdT4ht0VtEU7hjGHyB4nzPibnKb6sepj3ahsJnMzkZWOX3j\/k11Hma+wjprpqajLudk7qGhD12PtDQtN9bW6ampqU\/H2qP+LU11Jm4nx9uvvHiFupYQsD911vCd0mVW9DOImpqLXuKNRr6kK3VPNgw9B\/x7m4WltuoHiuGH38uTTY+2x1qS7MsvYWKs+svg9RyFi+rvxHq8HqdLxHZxajluBEqXR\/oiGM6oO6xhYgXZlYZcotCC0TIRWrs3FyLFldy2Tf37m5qHxDvTTj+QcYAs3131Lm2Oe0hsJnMxLIzKi5OerR7OR73tLw2GF2m5yInKbMoyrcdsTPqyoUBj16nchtluYBBcWsfLWoPY1p4gzysV4xFo7dlZozyIGS2JklPs3N\/a50XfY6KOu9Brp3TEuEscdut\/OS\/Jult4oF+S9rHcLTnNk9BNTU4weOgExfVGqiutqWVHd9x2ZzJGvGumoBxcDoUBibSC8mY+WaSrBx1H2WKSQNQDoPjYmxLH6bgnkrvc10ttFKOzWHwI0I8RR011PjpvRXzAoaen0oXzMh6wfEb3MF1NTjNTUK7H2gTGt7TfeYW1O5BZGczzPPTU1NRRNTXTIt5vw8WHUAJh8sfkSsKT\/fTjNTYYbNZSzlFsZXs8FjpUTiNTU1NTUUbg6H4+QIsKcWxLdH7TYJzmtziJwnGcZqa+xZvplNwoA3D4je5idARRtoJqEQfPGOui6Q6g2hxl2p8so526mpqamuifuw42dKzpm9rCNWtYAlT9yv7DBNwR7QkFyseh+wdBPUPLRzs61NQ+Cg9sUTjCviJ5S1PwERxqKvJmTtYw\/WlPx6jfGpaOFNiHeouhZfrmY3iW+2x\/dWjbCtxIlLcLOvF+mpqBPGQpV6f3B6E9P66CAKJbb3bSeKJ5jRV2X\/ZhoGVDY1NTWrKvB8MgHtsXUw6+5l5liMo1rF1wYILLtBagGGaB9OLNY\/cPKz4DcqW+LB7LfMp81odGtOcxX51fNdb8km5yigTc3PkNQLJX4s8zc1ua6rNTLbhjgeL21KvFA8ypfcf5rD7v7oPkn3nw144v8MvhwNrYvJMP8Sb8iIdJ\/dg9lR8WjdWt1Q+VU6nyfmtv1o\/Y+HxKx2qqqVf2iUj8fmaniKpigx3g\/X6rQr5dwCaiHwdQhYdQTcyvL74zIbbE6pX4pYb\/AP0t\/M8q\/X5h91Vn5Mf5rcewfxgeD7cNB7v748SV\/Kye1RoPxCVcnotRt8WBatgUJi\/B+MddvYurKsj32ey8xbO4B1TbhVmRx5dzUr\/lJ5tqfMEM2eldvIjUzCBU5lh2Sfcp8KY\/jJI\/Jx5MBxtr8hPDpF\/Swfj\/ANFHhxvHqEQqb24tXZozXjjF0aEHHJvo3O3ynGa9tS\/kf9sdtWbLnf5Vv92HZ4x1\/EeqbSNeJ\/YXZTHCHjxnzNdSJa3Gb0a3JbIrF6ZFDohg\/krnxLf5AOUVfdYmwh92\/wApHG5RqMIR7sVeY1pKpQnK9wO3cvGVfrqJoQt+KzOx4+TRYV4ZAZdLvjLIPFaD2r5u8aTISsV5XO2Aa6MdRa0csBEYCd5rIq8VGuuow0hHhEijR15tdwbAmSACGq\/Y\/qfMq+FHv4+ez+N\/EK7hX3a8MPfiLp7dDJrHFsZkpj55BqyaciJtZ4MaJjtfMjEVF7NXdXFsx6B3Goqx1smRi0Xo36b0KyBAS9lp8YGzd02YPcGGw24F9tXsX+vs\/rWrEbmemUd31qRP9krPddUSsCJ4Ovy0186KTq3Io4Cv4cT+rCA6K1r2NTSLGJnba6dgPiVVsbGxxtg1Z+YihbLl5t9CpK09w2fop2vkTKGsrc3xA9ij3th8al6eYWiMK1RCWtgB+5joMSWr8II541rhA4mQm7SdPzYlIoh\/XuMTX9UKnrzC3+ZoU5C2Ns1\/641W2vTMdq8O2qzgOSDt5HHQ05nL3MoaHGG0BUOnKFNgaA1tE0z9wIljFm1N7ZvJRNTi3HlOc2ZZX4FZ38Qe6zn1M5TuQnctXRUu03qJVtm3rKezmPcqxfDLB8tpK2yLmH1uVuu3KsYYzaeoWKP4VXgpUNAoHRvNqnkogX3dT1q+O1X2LuVkt9O7VDCKoQV+80jd2m0qcpojorcwANERdgRQT0M4ExK10aZamlllZY13lYtvKfT\/AFFqjTa814V1mOkPiGreLXWoUUsD2VgGo\/haqfxqeS9T\/Pj+a9fdqP7ax4rx7BO1StvqX8LuAfNr49BsZKESu+xu5VduHepVwdNdNQ6MB8bIfcQbDDUB8XD8YGoyxk3aF1KaRWvqWLwfUJl1fC0+Uw\/diVDiPtHtfrZ4OO2h9+SdY9jbiHiz3tbHdnli9yV4ldIX90sDDStD+C0kh1\/VUWmtbxp7NhXIJfwLkKL5MrlvRwDK288uZ7Z56nFZZWttb1GqzFu51W1FoRqYTcG+5hB8dLvONj+\/Erc9LLeB+pAisGHTMca\/csds7eLG4p8V1XFYnzT\/ACF+Zu08CzU\/psbzwebnyA3EraulflK5YNrXXprDA+xW3Fp3Eir3INq2fTyQNKcxHC0JYrVnGsB2Pts3rpbZ2qlzampwLl7N9h7uPki4MNztnYGul93bW20mcBRjDzOEP5LXPj\/au7tqn8dflXVkFeq05TkAgdXXlLqg0seAV8IntFbDlAOK3Wbe2alaMzsiuvJlYjuJm+omsUvyimK\/BtDVHHj9rOqznvp6rfoB9T5jDgruVGFmjJXpdkpVMi0vZSu3vt7tlfk22lio4L8zft3xNFnFaCOWvGtmXCw146nlHJhxg0sxeMXwfmUFRbLXCgEEnYmMoWpkDgOVZlDqpNb+p4ffrp\/cfHjvYxKzRBS0P1Is329z2J0ZuK5wcZcxDq66zSv\/ANauxq3r9cXjb6rdbMOi9oPTW0+HaKjjWVx7YBwDNPhB\/E8oPILsgXe0OGPifsOPHpqGMY68oqsVTaN9SvG5twALWuNVwI7a4+QrM6BwpZGZRYtfKZiin1ACLs5LIGIjDZFxWb68QOhPKz1OjuUzFT\/HDFy59jDURGssxPTUo+270+l5kYt9JxMSzKZ\/SbJ\/8\/IjemZBi7RqjuKnOVg8IssIg+Y7aCgseI1vhCdkAz9q2sCivJE\/YZWGyzEuN1BAI6eqefUaaWveynXqQIYRhsA8gOVcS0N1tbgtY9nEccmn6fIqB7LnjYPM7L3PgYVeLX9zHuFAFA+C85mZuHZ3sdDNaQMauhYqj9zafoT7bovR0WceZUqIbKqksJsZmAmHl8\/tE9R8epUqi1Cv\/IavcVt9D7HIhAMDOsN6gWsWWtOKT1PH711tqqg9o\/Y4VIpo1xKsGH2Me60NgBIssGrBK+6zAAS5eSKGijZ1CPaxEc7YnlCNz4i3AQWI0Paplh5sSqAsWnxNkHHt7tMMHxPVRr1D023uYU+I1a2Ak1wjkqfBXo\/l390EyMvizEGGxOVXpVtxpxqqFfSurBh5BBDAuq9WqbfZYwIla8mM7e+pGwagyNZwHcnLYYqSzgxPdLBxXfINXWo03KFtzjOMYahM"} +02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":5,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146481114,"pkt":"nLbQ0+MztKXvZygQCABFAAXUPDdAADYGqNIOiIhswKgCfgBQwNqXNB9BXP6K3IAQAHoNpQAAAQEICpoJIhseulbs\/9j\/4AAQSkZJRgABAQAAAQABAAD\/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL\/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL\/wgARCAJCAbIDASIAAhEBAxEB\/8QAGwAAAgMBAQEAAAAAAAAAAAAAAwQBAgUABgf\/xAAZAQADAQEBAAAAAAAAAAAAAAABAgMABAX\/2gAMAwEAAhADEAAAAfY9aGmo8KRW1ogym3diJY6lEKnSKTCVUF02tHy+lGm3KrHPYl4srVmYGpQNyxOCYrN6yNNp4GAnXIgcS07RHFAgZE8hcSSrnd0+mI6hBpFYaa2JiK97BhKv9sgrtVZcbtnmC4yRNqX62ET1MxYGfN1ulcMZxnZg9bqyUMfkcC7gsJcxtTEwjqo1ItBUsgnE1gSMzZUgJl5CRPdxWErZ1+UlYi3MRxLSSrUX7n7R1LUil6m2tfpnWJ6QYi3bR3dt3d2ylq2eUzWmbgLcb6dxXWJJpO3Uv21ZJwasUJgOt4Za36dpEYAPD8gvt7uPEzt7evliEemnCfItm3B18ug5ma8iALQlCvStg89gYXP3e3nwhEt72vhNorvs4ug83Opba3VnGZrw09EHW6vbK9ZcqVc6jMq5JFYlx1KM8BQrpFxmiughbp9PIGS6PPO5niZN\/wAvhZ\/L3tTnDB0l1Z2JS87Dv1NjN5xCPoOv8r9KV9PVpCnP2WhjpXTtjU5fQIOSNgH4eDajR8SbvmiDev1\/EOvH1URakYiIIvMXBr1uxUWZCQC4xvNoig1m9GZNcVW9bcwptLwLeSw7F4PRoreYZV5+1dVpWdw1JTa5oPsC967dUttlq3ps2zj6W2\/oeZaDAznOn0ClmcVrMTsCTF2BMW2jonCxl2dtL1fkdZ4a\/TzT6ejae7scsIe6Oa0wURF3UzX40OgKmE0qRaGkYyxEUue7kT6sW91YekhJR7BGxXaxKsbVhq2Kba74yCuyhtnDPXbbtooT6aHNwIbXuDSrBNkbXpsLmAkDWYRIaYBG3o+xNwD0B8jWrzz3QVnl+xy5mLcsFqcHEpq47Q1irWrKKFqRWt6iMkqQZjyW15+HowlaJ9dY5vbMMJnYLyrgJydOKDVLDOZbwNswrRA2qioynRo0FUarSVwz9qSVzFenMUmbolRo6WbgYBFyNlxkmDGtmtNF7l7UkTh9hjGK40MwoV6NCldk844Zq62LQS0uvcLc9iKPjZWJ6Dy0e5A2exPod0Ms+ypKsAiMMwLpKGxCE6oLom09ihcVDrs0ulm4cEMMOmBHOEzry8uD1WQGxjOLElzd3FIIEq7LvNYGwZ7LePqtNruFSN+jtkp4JnmFqW5fbQekOGeuAuLJRRHW8\/lDqpt1WPL+w81Lo8kbRzY3bMs1jzijwNuZMpTKdcNZfTDizn7CIzGbtoBlTD0lrvYecy8mrBd5+hN1HPrPYzA5fRz+jSQ0+fprgevAV8xNCNu08w7pr7fiN0z9LWerzW4XYhFwBgkOe4Iat4mOmMOml9uwN3y5noNKPWhfyHrFI18QF9OXWTQzmAbN0MGb1cPZR5BLCspdd1sRDSoCFhRB0sffy50ge8O8LZ+5EmwNHipSM\/Qi8El9jLjcRuKN41S9XaDKFZZ9b5z1FufV4Evzl4fYDWcKl6BOvSbRVJXMRYe1KVYpJPK9AkZKaFQFH2cdmfT4NL0GDG921txHo0syHrqRthvIl9Qak1Z0BocLUGdaV4kYdk62SDqmXdaYr3oyxW3YhqblYGdp5KuxhekMy+U897zw4pWy+2dPo5X6eJvhPugePy4JLpzq"} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146496784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_usec":1654385146496784,"pkt":"nLbQ0+MztKXvZygQCABFAAFRYcVAADYGh8cOiIhswKgCfgBQwPQgi0PiRUrd7oAYAHrBxAAAAQEICpoJIiweulcCSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogMzE4NjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDgwOGFlMjgyYzI3NjI2ZDJlYjYxMDFjZWZhZmFlNzZhMGEzODM4ZGMNCg0K"} +02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":3,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146496785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146496785,"pkt":"nLbQ0+MztKXvZygQCABFAAXUYcZAADYGg0MOiIhswKgCfgBQwPQgi0T\/RUrd7oAQAHpAqQAAAQEICpoJIiweulcCUklGRmx8AABXRUJQVlA4IGB8AAAw8AGdASqyAToCPm0wlEckIqIlKHKcYKANiWNuVSIOIssgku+u81XoBT3\/LeIyrp+8Q\/bpO+8rjk\/xq4H88\/fn2953j3vqG59Hq7\/5fPx9LX1a\/pD+bV55ntZ5hh5IvnfX7+c\/c\/8P1rP3XLv2o6l\/0H9EaBP87wb\/X\/6\/0EfeXqUQuPOlBXdRfkeff259gb82PYj\/xePv+Z\/53sHf1H\/M\/tn7xP+r5tP2b\/d+xp+yW\/UiY3RZLtT4MDGKDY81TAVspXTXDGXJa4s3dqytWghww8+TNyimg4UhGjtsAotyww4+R1YOB4C3dEUzv+s4TEyPqA7x2vP9UTSksd8ePwx1tvpkwm614cdoaVp1QQDkBCDyIaWExv18Hup+j74D\/qcAJQqC3jkpSy4Z7CSIqzQIoGRKCjGFp22u5gDkFqhyWEs5LntkSFZUEYYl7xDYtcp7nnqWGUQ9HCZdQmHhhrz5YRzncbST\/+yT+eno9CC+VrV57objw7X\/SrCJu\/BerO1FzWUkmLuqSNvnfuWGFmopHdwfOY84vg0qB9m+JxMcHe3JxGc5t06QmWwfn09phXcGI5NAcK\/btASrGvy8IpSsAvqM9\/9UfMuXqsKUIjb77lqUcje3tSNNbWSZISltxD7ruU4YF8hb9Yt+vuLwaDRQQ4e7A+3CwRNGn4UXvE6+KFf\/NcHY1PyUkUBxVLg20R7WsBr8g6rE7PO+Kei8XAxBW\/YUwEPaw5lBxgrppGH+lMXLhNVOllXzji+Z6vK6hsy3mBGxXB3XA4pJFyyu3s\/jjl3tfE2xMp5VWOyeqECqPGil5RN+bBEV5mjoXObZTRrZWSDClKh71TpKVlzsQ6WG6OPmeXbXYu8STlKtzrFTTU97zYa+UVTXXGuoNoRILHttFFQuA88IJn3aHlRUuva8bpaaf49mg\/pcfHs1cS6eQpYuDfSM11V0iYSx\/8J+7gaf2eLfitKqY0uCur+v3Q98noUFVzpZ17vnl+eBYzbIBj9CAuLeI9ilkbjN2W4axFNIVbypMrTV+W4XeWy74QfKbfVfCT4a6uHCjjp8hStUbSdfeOpfF\/uiFI84ec0Lftonn80FSgzvOOHCA1x35rp+b3CZd7+oPkgkPPxCSpMgBW2\/KJIR305i6hCMUURb7dJyRBqKBUUSG7yT1a1fwYZLQL80RIud6Mv8xjp+v\/4+o\/ONJTv3zBlmqx8SK66adRQtwZM99p5WBLwOsel68J6NmAEP+J1WKzpmZGycpaCvnUTAck\/jb+H5EgNpZFNgVaLNdbIPdDbOG1GdKyhsxyKKu3zcaNOqkcCNQrkPcARlDwFI2ETeB8aNim7pYnvFBIqQlFKNUvTB3RVCljRTwmhmiAfQr7QaRy4m74V+0BH1yTzwEVs\/B3+ReNLhBCIhBkVuDZ3h6hKHuc4RJ+pdzkFHYGG\/sUcHHGYSaXewsKtOKCSImqlkrjCYkMM0mRTUYqMwE4FZvxRR7Uw55Rf6J\/LncYrxeVIzO5qqcWdOCvcY\/6lm9f4jfTcqx4uvW\/mbQa\/thy1EZlJzgCptXr3VMlLGPEhyncvOuHbKKuXh\/1638vWC4LD3vqLLbaqQR9aoqr2BxhZqsOCU6gEF5Wdb5K8v42QXu6pttbAhAlmLv\/S4aTCnvcPXNsXpU8dhmUkG1oXmXN+msw0mWxcBUseZIah0EwQnaeNuPtc2KI9L9Nb9o4wgxomHRbgDLmqdw6wHVtAfsbwarEfN\/l6Ziq4eSzOtTp81C0wsrJqH6Th4RljhYKfwHbOtC0y5nuH8WZQ2moUdoTIYJJm62\/zSeC3f3w2kqXdhwUbG+qjZbmQMNfzYgv5eXnSXpck4Hrlz2yZuj9VIG+WV8wirBwSp\/mb+7nb4su6das4eYvNOUaSf"} +11559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":4,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146498602,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":11586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11586,"pkt_l4_len":11552,"thread_ts_usec":1654385146498602,"pkt":"nLbQ0+MztKXvZygQCABFAC00YcdAADYGW+IOiIhswKgCfgBQwPQgi0qfRUrd7oAQAHqHQQAAAQEICpoJIiweulcCM6DwLxRpvWYcQHJnhgTvYWGgAL39MdHQb0aQDqE89MpZxVQfs\/VLccITIZEW2NeNdMup\/NoKtlQfrW551vIbc7sHZ4PaAkB53z3osrT\/rZdjQNyCZ8tiO3XATbWZ19UKsDB\/ZQrA7wbRc2q29Fil4URMUwafl+GJuNF9sgfSYOl+wKXHBVIhD5Pzj7gc03VVMMiJxqNIfCwmFPuCj0qSmnn7O6KL4XxBEiTpNI8oRJ+J26ZljZi8lkMz7GafPoaXvAvO14KjTFvOHM+8ZGn9B0tz974z+\/RL\/NcOnBopsXnCN4EUB8EBMJAnZOnrWsRsIfnqkeDmKG6+ehck\/zOn2hGzrhnHGu7wVb8vk3tMMoy6KY8cD3EpOpNt8czOVNfKDynOPPsJeYHKPjFHVaH2Mk63P4OgwgjjPRqtXO9SO+un3I+mYM3o05XYDjDcwlP+rxKjZmX7Jb\/ffHmr9r3bvRHxNT\/dKlaPHXr4cwU1Pfa7Tv6caXTLM2RYT5LIb7cam6ZOcgwGWAfQqCYNrvG\/7LOOz4ld4b3QZvGGdWsZ2HYi603PJMTt5zYjp4t2FPXwrKqEM\/ZDEPTBt1Ym2gF8a+QWMnpbOV3VtH8j6vlkYqaGReEP6bXNYmwEn\/8tJgL\/9Om\/7aPOvTR8Y\/i+3Do9TDaB9WnOKaKbSDsGXeb1jbFhIJ460hIMhnHtwIhi4QXZIR8McCygPy4fD4B5Rpe6+eWk9umfMyY0mQ7nV1Bj0AwpvjIbDA+o1H8AaAvoA59hv7RbGQlNHBdSOtNPxTVKyf8tYd4WdgejMCLoANhH3f81d5R7\/DjjPaSevqItxMxE445M5Gtk82zE7LsDqF1UZsuUVEAkTTiMvEo8QVnjJccYi8z1NsCKlAU61mPUqWZ4+RS3VeX1hsW8v9cm4qNHwK8MildzyWfWLCHY+OJXSZMN9MSO2+QaiLQVDYFDSkVpGRh6Wg323sb5XmETj7aqQy4G2NPqCbsuUx+1f6CKsw0ndL6ZmE+HsYue3cgafY5yvU5Le2A7aeP+AEqhFSc7\/UgsNm45Qo\/TyIpYqCUXYVohPlggXg25chD\/gpT8MKMV7\/4hugP1zhcrV5ugfmzyh2A0+wqZprVj5bvrLK1Wko2Xjth\/B8wnuBQGX7xow6t2fdMpqpvKsPl\/d7AZjguZth3+86nUZGBBkrEuOyVJpzqOjYWmXsXWqBOU1sWdkIWUTd26yrFO8zQ2y1jcjl\/qXBt7zLS5RHlw3fWR9fm0uClKirC7N6T4HdziC460GVYDYUauHlGjgIeq2ZTDHPU+KfnVsZ6L7ZQb3GTCreJId8rSFO0s1a5U6Lo7YqsB8BPkf+hr0WjPeJpZ1Bm\/cIVFrZMRnuVC9xMxsAsX0LCVTPo1UHfMfsLrhB6n\/uzm2QaJCnUvp5j6HmtidEvAlJ7BCZuJPSuAt0fZmCIzQo4UxykNOtxcRclB5HxcLzHAXaLgw7W88ZCo6lX+ukZPZbvqjYUbxFWGHdfn3D0YElEx9mMytFTQFZZO5jNH4JsfW+6cy3kKBCH5qhBVcza7S7lbiKM\/EPOV6qrmT0cSJzD7jWQ\/5hYHsZzzUID88e1gTJsqtB31C8ACfePm2pilvdx5Suf1v1s4dw63uiOoPA8bfzrbxP4YhsnEBXVLHW\/3Y86FWyM6t1noxvOXeZnDr+emtnSCSYHU\/Gh7prGmFXO9+iofKhx9hmFK3p6as6d7qZbFhuif+jQxd09+fvt0d9o+GXCo1fh5Ey57kA5YLy1QuycJ1Qnh6n5ALLY7nReDMU3U8COOvNlwl53gktI\/FPxthLGbB\/22Uq+NuExA6BmihZMDSefI7h4OeKAKP7ALzHuZISHr+PzMi49TVKFNhLhiTEkeVScJGNChD0ulsloRRHsslKdR7FYUfnH8VrZ\/Dy+TormZdFtHRnCttiYL2KDjilBsi4fQu5PqO3vPGrY+KDnrz1i7dzMpUlGlUk7CX7AHOBNB+oaAp7jUK1K9eka0T3cc\/hHAIufKCYYnZbTbpcmrrMnjD+SJnzKUBAO4WXjDMoDn1Mzsa\/Bg2UxNSFVVHqPqIm21aY+MDYPEP6pZBIyfY565mGufb2OFMCcNiKdZYn4tE0s0YrcH8plrhfsSqvfb2kvNBp8gQIBWT2cBDHymRhn1Ok0lJ5NWsdYnwJnDs4lWyRMXo9Gd6C10nyvWQYtf2cXACJLkVlkR88hU4xPAb+44XeNeYREbGlP7tNTDLAZPp5GroZIPOOt+2isw5dAdrOqkJdCIibfVqYi9G\/R2qX27ZcJGRVy1NQA9xrYJ4srgEelPHcVN1ukXTxBxQhGk\/A1mLCA9ZVPgF6VnImZQJmlXvbFhVMwoBNglJ\/br5jnMyNq8LRw1aGuttNZTUzkiq6T+Uddl+YrJvCFRPrFxapG6JKun4sIfwbEYWtHIcd3hA\/gDC4kKLYyso71osMAPjDbP+lj1f0lsJTOiUvcoBTtZDIZYhG1jV3RoQgNoz8BfwNRB0yJ3WYTA1A\/B8oAnynNfVHeVlr2T7JM8mYpDHTQvHv5ZnYyQYeC\/TBM5Eo5o45G71HVSPoXXbdYvnde1N+tG5Vb6uhRRcylD6GADnp1AtlA\/IZfn0hIdmMf9Zeqs5FOXsip3kSdVbEvLq4GoDO4i7KAQ7eEc0vtbPewtkntFbIhf\/3Fzuw1f5Dci1j40EnFH1ru6\/I\/jdP4jSjLyN1eOGeFjAXDUAdH7ppIIvqbxhSKMSKuJe2ub6e3oFWm94LvwXJDLqpnL+Xm\/5r1dX+8jGqxlGemM4OgFMC8ravnz7GMI+bUgYxwsiu4y5ePBFJL1AJYuNmr9QX4j2nTlEyoIHGc+MMtWil19ctW\/xC7foANz\/o\/gbztGTWhDrfq5gwIGWHf4CKptItcwd60eeZEQpb7IjaMXvNBnPc5Mq52mU01NonVB0Q6QK9IGeWCjFxBImgtjlHDmTxJvmIOxDQ0IeTwAFczj5gTvePCDJWbMAATo9JLwf91GWWZTTDZ0cFPaK9FRYgwJLfFAic3e6Cl\/OoXldESwS0kPwTxJp1wpwACdHhprNf\/PeK4h0fci+nWKw9parT\/K4V5hFPxqJpm8gAs2lGxJZKnGAlZBqutkw5G4qKKBZgO47vcgCMi9QqV3N7mlHbe7T4cBUYVAsWPP29qq5f4NpeWgjKi46qOKRvaecCK8\/JQam9x5MsONKGG2rg60Io8RpjIStuaj36pWrrRde8NjJVRNZq23nac1CrzvQlPcgEkyZQidYsWnjhFrWP2\/UBL0W0U9mJI\/yTK3RQzm7C45mJDfQtVi5cL\/gvp12hzH6q3HHvn5IGhfXhKhUASozeeVDFf8dEslcsSZeAsGhIWrZgiQwk7VHUwwAkYIRWuOVSbqE37L3CRm6ABKHXn4R7a53AAA\/snI\/3z64PlJjlttKn4aZ7tdH7bheQRZmCbAXDV0jWtxFErmFdRAEq\/4\/+8\/TElnJ+stfj1waXePHAlfBA4oGAaP\/8DA9Luv2lq+y5fI23pbTps7d1WQUoLohMROfVaYBD6fdLMz3obDFVA7hu+ie+dGKJhzmJf9xCB30MraSxyfkvtLUFCeQ5OVYt8YMzF5PTKotx2cIvWzmUpT3fPnWxGTULry6zQDZz3F1ojgtavBPqOf7v3r\/CDXBXc3QR8cpcJLSLOQW1ZzsEUwqiHPjExlVSqKtytPCHZ+Vx3wojIdoVNb2SLBOmxgC08yknQQBi01TEL8SW4cBAvDWPHLINttCgsCk850YjW9KCUYcXBlHpLBzXY+Am2r3XtkgvMbka6CX2Nyh\/dXZ1N\/LeAHzg5CysKiLLQHByxcZYBxTL2NmN1S10+0X868pPLUcjL7LhjbgAbM2x+XR1ZMd4Gaq5dpQfIaTceJqPxvXYygY7meYx68LI33Kikl6AjNENt0zN7AXdlHnqWt025u3qBKXXD+GEG0K8UxAiLzpWWvfdpnHQwaegMVocenSQh3B7SWuy55uDjHct0Ng7StrPtvJyp1PGjIZjx1p6ZNXVVmd+1QW3gZ1UCzHrawDtkbDeKj2\/CqLrwqKVmJY\/d1zFk3JXfVKQ+Ym5BkGfYDZDXaIQaL5RtFaAoIarTyEoQlYLj8zXtBmnbef89nGCk9GfES4A64E2zEgMurkBBdrENUW1ki8hc0jWhakdtf59EV0yeRNbE1eutwf7pD2UVcxav6QDw0Ra6ekuSmq\/nDgLdA\/giRZcQaONcGBJdMpGYimg6xD9bjZc+7gRyUOPJv0cGVldFP4y3iTTpfDkLqIsqi+\/BicB7nAFtOfjM6+V\/aKfDlxP+JmpQQswGPUnpbdI7\/X5P8p5Fpt5QgxYINyIat+DTopPSLvZTdNy8CHReHEvAGf8W0xde9p4\/aWxcoBWbCjD3xnGO2n6ilulMoM6meXSHxzfE9uxhllmDg1kVAzNG3Dp3HU5IT9TW6r\/am+QfMmQRLcLbsnqdoc4XkMeQMsstwQShSHSFFGJ5NypxTn019tNyZaEOFhjrGduQHvzNZvLj0fEskfXsYnG\/D\/HwEOasvCMiKdJEOqFBOQUry6Qn8Rwi7l1NVwAYfeGSpN0IueP3a\/hP0yaR\/nOVVQqFI4X9N3ggSnaVBw5QrDAix2nE7vS73tT14ox1QklbWakp+Zruh0HBFnJ+UXOp\/LZGCrJsZ3GP1ZwFPugy11nvSvkveZVUs6FuALePreUXy28Ort580gRpigbzYgmenH+60Eqtri8Bzhxt2SatsJTJPZg3uOLV02d\/0ts0P8BFxkcWXIxpHRAbQH4sBOSmTk4RDILxkLP1vNbnWU0sgepqt2wEL4zDO5WcQTAkQhEjQVauFH+R2U3ZU0HRy9WMzBuhsPnWWQRqP0YOkjILTEA6oWgkszvbr2A5w28JxtYppJGWpPFjm+KlOK3ot+4lv4x1YkVBdQrsm6n18\/L3aGczyAHoWmujyHY307EU19mWbq18gLbRk850zSEEUdC1KTx0zM0De8D3tEzxqJDBal1JgIxiCqhVENiKifxcNeVoaMvhOUJnKyO8bgwI4IQ9eylASiuF0dy19Q7cn2bYoJF4asl8k4u4IkyUHR8yTJbOGdqgMm9H6cJs\/zAGtsLFtu5k1t23VcAMpE6zeaK+4UC8ftWhvPbacdK815tJ\/WM10hDCed69dlIb09wEu1h6fbuAeTqvzkaqECiXVf3dbexvFls4o28FhFQrybmlubLeR1yGKPZQV09bGcH5oCmHm20FWAl2xnFBovVENUXQZQaHYWt0F\/sJTp13WDtQDkod0JiAxdIHBCIkuX2wBUC0Cx3Kyh8UUJQMyFQTWxrWV8NnJi5x1vEcr25qBCm2yXzlDcdINzOoZi0XAQMEloaP6r7Wkc4WKNDMIiJQuwQMUWCw9RurnhCMoC5VOd2Xppm7oUOrgPfSERnoOBbSAJMdTItSNx6UjdERNi\/\/Dmjm9dUdT6UejWAZx4ydbwyDLjwwrgI8On4cPHjAArpWxxu6W7xyEdetQn1f65XRo85mKSxq+oATvoJhp4guLfpaaSm5rTEd+LLpUPNbksm25TA811Dto5akZLe9n8oMI4Ef5k73etMq0GNEMbRV+0Uo9gNvbUbqOBr+zv9\/MUFyHi16IYIqpGZn9I6IMuGBs46qVawCvaRwlCmJ8CORnORPzOvrcAScDobqD\/QQUS5pGh\/IdA64d0xIdHc0sp3mRtEUvxOUAMlAjGoTOQr8ieSniD8Y1pzGIpSU7EeKDJy4Sm76v1gF14Q8nXj6lQcbBgX3c0thDvRvGbEYLm3XEq5HpQy2tMlAopqIpgM\/dvvOLyB\/G3oFG8MRhYFU6IQGw+6B1dMPvBT+T4+Xu3CcBXjyGoqekUItdVqvK74T1+ADicX5BC4T2bkB\/MkXboyI7\/XIjDI1n50TTAtPNL1syzuSaYlACaBM0mM8sW3C2rIJlzxOf3yVSzqtcpm4y3nHUP4VXKFvb5lpQeU77UYCAFiC5hR7TtmNxP6dAUqLX6eLlSYZmZzds\/o4EzoN1vkxNEnd0QpAk6Mo++\/lSgVz0c7T3vEJqkDPHVpRXbDmp3JbnuRJvVx11F6kn3Ezniw48nY6fpO5QA9fQOKZDEBeXTkZuZqvdWC+V\/0svLJl6Klch53G\/Ak+PM0udCutd2BT+9X0zhQdV3l43o1q1gyFx9x\/jKVm4EIIQjnOVASukXESPEgLwPoJJNprkd1ftyQJ\/8NVweHIyeXrhD\/EFaf8HneuExrKZt52R0NkVM7lXk\/sV97Mb\/QfUxntWHuJWtMGpOSrmN4va5a6QNMBUlziQZ04lay4DBo00yzYBAapdigAj4tbvjxQfGT9fPuWiUkjMPMAShFhrn9Hh0Bq22So1IhFfa2y5eBkXy3mWSyGwRCd6KD4FEbVszspdYY4RGlOd5HscbnKUD\/tJUgbQEeIjSvf91LwiPasy6BNtF0FI5k6Z9H5zqP4I9QYnT00aJn4G1r0L7uoWU78Gv+cEyavPFhwqZLFIhBMPWMonCOjsvwaeeDPV5DxwbVxruxgfWB+v1K2NL7Nn6B\/Zol0xfLKa806\/VrC7DlnSEi34Qkesj6aGZW3AwtdXfQMEpLns88Pb2IRrT4fA4YvITg\/8jch10roFb2TILKAqW\/fgYdi8AIwr71Nsbc8+UdF4OjQQm3hzkqBeAaQfr5Ci3gnIKX4eDP+xdO0GHDWnaxsYZ+FujgikxfkN32\/WdykV4bef\/GpFRiT9miMnJeS4SxXO1hTUo49Jvm7wfluBxv0+4eGSYIdlfOfMbJLcQox405KFBhsJqhusHObJc278h4NRq5KMribUi2yLz7ekQc+upBYiQj1\/wauhi4fH8t5c5dBQdTMEi0\/oY+GUkRtHXi+l47ddEI7NpgZnc+4VP5LHUMXeODmXXiuyGt5KJT1sEpiWYwA1M6ZFmziFKeUif0ys5HnFJ0DWc633Cv\/lfk\/p0wX+QWQ+nC42Z7xXgGJa6SOCGoO0SNWNT8NNVJ5kuTeMthjAD1T0vMtjK+eKMAx1Ke0XnWAqlkc5LYXH4B98RZ7doIWxQkQNU3CBa2oztM0AUBZA\/nTSxlbWuFEF1PkgZcWzxlviptLgd8b7cMxQXeD0LhFM\/Fpp\/IEbiDkbYYb8s+qUlg381W+4BjcvwQJjYj3zWXv9xDS8NlV0w2qTOeXhe3arEARqh3+yFmsygdyBcN4egXaWKpIwzhgAbqTqeoPzzL7XSV\/wV2kuoJu+eeOVUgbe\/apMHLsENrF7mDKvPfF5o0FJqIldFJO1HJexLGyxDMbImzP021PWEZ0ZV0HegXOugZdBfoLfpNbkdJz5J8mGM4s3\/5M1dJdAIPzj722W0NgQkr\/pi7761RTIrY5RTXuUjpM6+ef3AA8P0UPW0VkjNezQ2DzXyNkg5odOMtj8ekV8apDmXPOkNwITUpp8wgbJ\/x529aORlqK49FLqrSkmMVvtD7MlS6bNM3\/dfiTWj9YfFIjqrwgxdLuvG5D\/fIAkqB+M0ltXlYc6l08OxAOc4jonXHf1X1ZFWgqAVDSsV2Xy4aH2mwo8JYSNeSUommDrWM0jNg1whdkA6ox3DAuO7\/kHdsF\/LWASSNVXYzlOzYt9GvKWQKEYzVTd8eDpsc\/wsynFqTNL6oEN6tu8KQ3B7zAmwFm3zM30AoUCJeioohxyu0TypqStQnMW\/gHwucV5DSIdes0lXU20QeOscTm0cMC\/Q7lFUWhv+UGFtxVix5zOmrYukpdl11M7mgPVDiB1pSTLmM\/I6PeIIxKon4zskvAf5s\/x0+716ExCgLfdnaLlshvaYF9sVhjpQGiZhX3vpVemLehTklX6UEcLcBDES4SpR2qP+mHIqLxq8M6JdYCBT2IREK8pBKEPhG42JCS\/33LMgJjFyNh2XnDwH2ESIiwe3Uf8wocpEfJMUUNJWybG1eCob4AA9NJydF7Q4\/EdL57j94rgh7Zg7Cvw+elGy0SXhvxG9TrTeJTCn8qwW3DULB2Xc4Kds+TE9uZW\/QfhQIEqyYtSym+b\/z5aFF0HF95f9pXeAYlmo5x0at9Eut3tbowSXdQtIwzr7HBt2iq0C7gP39wH\/yPgIr\/1FGCI+WR9kiVjW6nSGVltZMmDs6FouzP9nZIafhUf+PdmyIG3I\/aGV7PO99Eeuo+f2an\/rrsam++Mb11sdEqoba+CZIOY8jx+Cp6CtxCGxcXnPlYLYfyqHxKPtaDfX6U7379raEsUBJjcK+9Erj6wO1tDSftWuu\/IyR8y1+4wk91vVKSBagGRf6Z\/XJyx4iBajVVEhYhw05A3anGMXTJhxPPVF40hKyChyj7vn47nyt63Qp8PTMsV4JmHayFp10lCz6v4CkEDqesiOSpzU4hmcgrKJpPka3yZJeiHdXMSUO6gMeZYF\/Jefh+Shu1rfV5rsWmd+e+emm3zLb6v9e2ik3CfvZc2Qvym4JK1qXYGEfZtIroRd92xJdtyZFwbP9ChNw5ZlXjt059m1wnNFxgVKGAxZvLNd2vziNd3sZPPfk1hcgKtGepnmP67y88y9VrFQKMQtYrWDKeMKz6OriwwXAwMKQBNTlT9K2h9HBJyxpsPrMjFuvV4DiAGnCIyZhkgPPMYNG\/nhwJHLcMWdjeXzUSQAALEzQ\/8GsbqrJaDUDtBhIVkEjsNJFWZvdHPq+Z5anENNcW4ottZHa7szVHAdzeOq5G1DDpsmanpJq1\/U55eXr5mdnxEhR4eMvUJBS0j50Z84DMZnp486vcP8963BHnRQn1zDwjlBnJ9IVlyH0KuBeKaQcYkt3KDN5et0E2p2FZPKqW57omwxRNpOuHSlcL6h9WxVdWwttU4IHDKInJuWNjuKPCQLT1YBjj6zr2VqZR5ABmT4OkPGcpQ4GWC0LCho7dvNdIOsKDhnRH5TcrTWG7\/ZtIc1c+DjDk4ZdExc9jE\/fVKhc0xU2ItRaaLWXrnzTlUa2GemYjKgTP9e\/efPrU8TZyFfirrwA2xRnnwF3e5UzUljpRY2cwUCJb7qFG2o9tJRDnemGOo6RBRJAQz3aaZDHBcKH7imx6CjaophYETVNFFdi\/ylvp4JflH5e4+a9K9Y2yuRjx3XpDx\/sGHELZba1ZcguSA9xnXv4XhttinQ4BK0njuxAZ6Fd0PYpc2OhT8JMs\/Ke55TdsN8zqHmQPULqdEqxEU6h5Re+dgnuEYSbGMxjtykdJv6yP8eiL9zib2H+lBagQMoX4H4Yz6yD31uds7N+1I9Z0dSA18mggQT41ghING4UF\/4PwBZuQLKqHYc6xbfN7+fGTv+hLTysoDjWpsP8uGNq1AWB8LuGORUm+ZzvPlfxWR4tvXI7ifqCHl\/tqeLbtfO+UFdBORW38OX4GgNHkj5\/x7usaqh\/9fQse13QtG\/Yylml4+Rm1rdBt1NplscmiKLXifar+MKv63oOnO4OrnlubP8xFq9sS4ZKLr89FYngk4jfqvOxKW4yQcAeGq5dduobxrqHVo9xNde+4nieCBv9gtpnfjwS92eCPO8FCKbEpgzshE2eo5fTEQ1ed9+\/KX7n8K+8AuOqXX6+GJSdhxEqqrurELoypNcKqgMqjsdaa5hNgCVVyhKTuj53MdXlQnecQvYqQwrUQfvZRly34gdjs\/U1qwyOmNeZM2b1TM1ZXhigp5oRLOFJ9u1ZVn6MhljMazTyczHYThbj1JSaPz9cxviRzP3q1fazlFdHfU9cpTW6WYs3rn5thrQKqsj3SLWrdavoWiWOI8c0XHUiTCNBLfzfp8\/JO+tzWb8haW0th7J1j2H1bRfcGo8hNTH0FVcc9hF86Tghs7HkOD4XaM3\/6RUyUjgrhW1xAesVmsHEn612W7aB\/t3uaLrHQt4IK3btIlNSzBLtj+kMOMcqbCckMTT2NrJLbzujQ3QHSHjwu3lJ0oYRguWHnmB8u2u0\/7cKMBLIdwHRSI4IbuGf1DdSs30XkOMuLMOmkAUQLtTyb6exebOcAryn6yeloN69bxJC3FgnEVdXa50W3LLDxo4csMlEOiJrFuyUZvUO7TesM8VOVh+AcPC50i0gR+1Gz+KSnfTP2SoKdolszfSG63hLGw1SSNyteNg+HHOr7rjtwbhsIIAX4GbQz4UzUvpXwPMahuZjRtI7vkVdjiGfFJ\/9CgVeiKfWKm5iTiqtUieo5nS\/FK2Gc4JH9MSyvWmqGUZLzJY+IC1x1NltWyEYO0+N0aoICvti3okAhj1C7opRm\/Ri46ue\/SBk0oaA6KCC1v8t8s4BTa586xx8L+Uaunwm\/IRb3mg7Vx8USLpISZF2Hsv\/bQ3pwrYH58HK2HCvAU9yESLH2f93LOn0\/+kn2Xnq4nQcO+pENu6V3x4MslmqvBcrf6vx08kcA26i6Z\/7Op+xprVc5fyVdnNniPNmJHWj3t5xyQDaQu9V5vYX9TnAnPTbXCN2GCQvehZO38g9wJh+j35nl8PQUZJESkLCn2ueMhvdP3CQ4Ha0DLGBaQ0Zi5qyqsfAdlAKDoE3qKu8akbdZK05Wral5sqnFmW6M4Gs6OvN8Nx8Y5\/GkTWSVmzeEzRF6ODKApfZFUlIrrHxvqmcn\/NnUu9v2mwarucJ79SDMLfy0ACOo1vDY25PVI\/c1UA6D\/yxFiipD73tuiPaV85nCMGDq0QtrO2tj0+QIuNFl4MwKoyRGdYlP7N8QrsPXtaE3mUHPlBOqO2d4\/OxCuPAI2QdS7Ea7B0FLXRHkyFwoeZMxF4IZ+rebHgB4egBQtQAGtPK8I5DIExmabpqEZayjeyF526tOyyBfAgPQH4ASUpVDsXlLtbV6O8ETX7y1F3wVWWpEf\/zdM4ZG5+h7HyiGx\/4BWZYD8pVFiwBARqW8="} +04451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146500483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385146500483,"pkt":"nLbQ0+MztKXvZygQCABFAAt0gVJAADYGXhcOiIhswKgCfgBQwORvtMvRImpQ7oAQAHplgQAAAQEICpoJIiweulb6+ZKcD+KnwfgPmxIli1SDP0WB+TC+gZ2zUZ1MJYnOEnfgrEfocekJHaOM+Eztu22jDjbrklrlhsLXwktGW5jFzoZr3Ytu7HRoxyemV6NLVS1v4GRaLHUchrowoMimCyOxZHfNMnA0GNdZ10WtBsw4gEq8H4X8y8f3\/RYH5Mn6eEzqjI8sPaA+ORFtFcdQ+TmjpdZPUsTpyl+nLhU\/9GpHgFqC51W1e7CLdEBDq\/FQ2WwcSw4ZRTbi\/WGpayOUjE4QZtyN0YXULC8rCWHS4N1MsqhVl2K8H4X8y8f3wgnA\/Jk\/Twlux8TrGuEW5nLXTDPqGMQAlYiMJpFjD2haZrB7TzXXPMjVOcqB6d6igpIOmaJ7Y0Mrz2\/yEfvD5pWGi27w9bKORzLvk9ue8s4aiSRSmdLv8x2K8H4X8y8R8w82CiFh+T6YwGSptZ8TjC0FXdnJzdcE9uEyZwnCOep1wtTzpxjxgEqVLJABXHJLpS3bD6ip0PC8K7M\/yCNVfrglIVQ4OuF2gykfOcPmMbjrz6bh1RnUy5\/MdivB+F\/MvEfOMae6F\/kz9fTSf9smb1on3k+Iw7BNmS0w7MRktM8Ff0Xj9teNF8yzhLN9Jw6SBbhxxSs+M6O4bTT17SVdMQjaF+od5bknXbynCwEsZiOD2GyrhdKmNjvU4f8AG3\/MdivB+KdZllzOEugJUa2YWL\/J9aj6bQ3CMt2YfYZsFk7yyBnI7ZuzfktnJM8b72B45z44I7RsxuiJlZCW6LUdmRB1qCOgwTgI1k8kxEblTVuyjGQPDs14YOevoKw+ODo3i1ks4XE2bddW9CQgJt\/y3Yrwfjg64GjfvwiDex7cLF\/kwZyfP0quvVEcRYOMIYp5ETODXaWekEYIkDknM53nDjYsO5h8fopHtsi3VbhwS0xs7wlfY7RrfW4ggHRM4TVKy\/xlLF9ZudYs668Jlec31c3Uc4T6djHl6evUbLRtfynYrLT6x1eC2dIZO6R+eFivyZGSOkc21mpHBAjzTIn\/AMSAFqMsjPuzkhyEJLBGBy8WixGRGPj9CZ0fSPWNduT2zXAXBq4nWNVvTCfY2zMzKo93KeUCRF6QE5wqyJvtTuTQGRGx\/JdivB+EzowvA\/kwsD5ctdc9OWzlwbY\/hrOD0Tni7E1kzleJbw9c6TkztjQ2kFPTJ85GkJslvP6P0PmszQmBvhmsCpmV\/h5i\/wAKrtF9NiRwGbcho55wUuZm1QZNpkDtIp4QJBZux9ivGin\/AJ3YrwfhExDC8D+TCwO8xwl0xEbplWQ+OiXecqXG0mM\/yC0Q1JW27xCupVnhwyNdqtGTB6hU1mIgYa3XkU6RaOBRM7p+gp7ZXnVVY96yCCx1XTFmQz6loZ6wCyJiCZwo+r6JMZNRGntVDWuYW4s1nNM4YzptecOUlfSFv5XYrwfiqxYSXgfnnDK29jq6xf15wB2wMYa4OCHbMRrmnJUYKd0pn3uDcKWa8mN5mWssYXS+kp75S0NFRuwhKCjGq0wy2w+2tc6xMcQnczdpgsyJ1yC7ORsHTkidr6jFgpD+vB\/kdivG2SwV7JLwHzQgnsSsQF+zT0zOQjjEMVjw1haSkSCIifKvKC3mj5Y0dhyZTzYXaZ7OnSY+nXWc6hLZVtLsn02hItxp6DxJvpBmdcW05ScHryidMCdwrPYVhHQPlWZqvh\/wL5OxXhXaTPVs5T4eTzWpdZai96\/dJXUiQ+eG1NuMULl2+GOXFVBmq1wm1t\/e7SKgbUIjtjB3B5nYWMiVDAyzGQARrrMR25zOkcj8wWkqvOVKuOPHP92npNYb2SGVWylvqJyWCWEusWTUQWLpMWbUEJpj1Nflwp2yKgEK58uzhHT6ziEWLnUyjSKtpinmyDXPhX5PSLmemNZ4TvLZtjYws1JcAW4uOUNJUomsWOsxoMaFkbJg5iIk8I9Qh4CFtmqo7zGeZ07Yc9uR8tMiJ+iY7hvIdWRnXLIsDkMHOvOm4d1lQ6yBacLn\/orawufLsV4Pwr5HPbhlxHpzGGCPYCVM5Dw0dMy7hb4EQKWREd\/lAFhbTj\/UlXsoXgqgc4iw4YZo6D7\/AH9QZYAKLGGAZan3j45a8jnvynzGRGn1V3dPItxhFUZnpBLJE0yLhzcOf\/QMCqI2VfjnHYvwfhXkvC\/moyXHqNcWyJH25Z4YBlXpwghd3It+SbIacSD9e5DuGB1I\/DDh1lrQkmTqSUkyJMYzTc0y6jfonJ7ly\/Y\/VPhfyyMGJmatA2IvCpBymdETpKz96fyI\/FjcV4OOyvkfhfyEdy5jIORz1i8EoITTMYZ++bEgYTuztmvYygA7dR4nKdPs\/wDw0zq\/aH2p3aQOLIQwz3nymfojI7R9AnHTPwgdx6HpPmI1WJQYXYkr1QJ6s93qGc3elCtP\/NjcX4Key\/kfiJ2zWsxhaGBeJ8o1WRRM5K9W+m7jArmsyWkPuY37mAexVQ5kXU0Ol\/C2LyFCUzUZEJPolcISMZ2\/RM6RPx5TkZHn6TnvSASnpryIVGEDnZWtFSC8xDZDqFgVsUvbDHCziMaQj9Nxfg\/CvJ+P1lewWpC+M\/6sCZkNcauJgI3w0ZNgAKljG0gDaLZnelnTaUaZvIcuELkDXrEtlHTJncf0T3k\/lzjyHnlrymdCnzSWEJ3AMzYkcVaIbDRK45dYBywMMGsuRy5a9HTpTo1ha148OjF+D8K8lm2cIcjAcwV+pXyCd2XLPUJYmwhjbBnuKA05Wo0dldu4Sx0blik+naLpoHxzmdIpJ61iOCVdZ4HTyeBVMZwOsIWKAKWPj6DwI1OnG2rOwsuJEcMIlkyzWETOFTgxYxYBbtHcsVZ++f8AFjw7F+D8K8zyPyCuqyFFt9OvAg2TduQkFnrFRwADHEUV5jbjLYDJbmFI8hZ1YLvFVu5HHJ2iPjmU6zSWYwsrW2WWBiD\/AOcmnOWY0r\/r6D8VQ3sSDZj08TLkwL+ipeK+PjCfGziF0rbMrfyi\/h\/puL8Hge2dYnJnTBEjKtW6C9YmNcmRAGx1Y4ZIQ+Ggc9HrT7Vi5kwvhzpZYCcnTQp751N8rOVzxV\/WfHjkU4sd7K49tceW9lgtFriIXfLRX0lnDo7qn2MdshEdzZ1D64xjC2q4wwt3IZ2n4p\/pneRHtsyhUh728KWWTws4KukVDqGu\/dGxWWHQfL08wKvuCRAldq02w2xcfI8OLS1BZJ8ojWW+zHDGOLc2PGT2jKi9Wp7Ruxc7n2D1jdnEJ1bz1KM38qJQK\/Ue0AyXaxr2V5ayN9p02bX65ILqcI\/UD35cOTKU5BwZ69QfZt6mdSJwrBzgsMyozo9GisNg6WrPunvNSdLUc4nbDmdosbUeZzxhFukYyqW3BONN2JL3sLVu7Lk\/d+jTNBjE7SlOgw2S0ie8BM5vFS5sEXKPHLgvv4XaSVZ27AGTJFFiyFUbGq3Z04CqqN4luHFjERq\/HDsxXmr\/ACFj1JSXVziFY6tzFTtbHMtcIZx\/bI8zGmFODGuTi+2AzbkPjIPaxs+6Hxlufd9Jea8iA6smBV3iBGN+6bVnrEU8gnJzTP8AHi1pcQr9cDHTKc6Wx75u7mP2gPtBGhktMo27Z3nlqPuBMRnDq0mdpm4xP71yuq+PEKK44Vg+IjWYXkhGPyz2xLNkkWRGvIO5QO6NkjkRnfNxRkmUYepQE9uU+I8TGuI7ZGDIjBM1yy37X0jn+P8AaG5Zfpa4XT3ZOT853LwyA57ZBhnnNCy3\/KR+WrlL89j4Zp\/y4v8AGvIwsPLXkfOD4LwHwH48ixnn+5+I+fIsHxi8H4fu15sfn\/Q5+585HngHyblr+Wv8c5\/acmI3bRzwx\/YYmdP\/xAAqEQACAgEE"} +02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":4,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146689950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146689950,"pkt":"nLbQ0+MztKXvZygQCABFAAXUjpBAADYGVnkOiIhswKgCfgBQwQSWIeBSmarBiIAQAHq8PgAAAQEICpoJIuoeule8XQIgGrN7SfztWBr3baTIxSzHwXdnvC\/iYkffxG1gLce8z1HXk7pyeFNZdQuDdq1ckvuMj+U2QrfyxJzpnT\/4rltazp6aFkDpV6YXCqbcHdGEPsUKZBhmijuQYuCBrpAVb8wGMBkvh1wRgWSEJplA\/DP5ltUEVRDK4pe5ZSN3HqKdnlsfJ0AdXtiXk2s3ZpcvHRNxwKBy9DENG97su7JaAP2mOt+YtXyIs\/13AqvFL+XU18x2DhTuyUO7bBXbB+yzs9gobeyudB08N7PGp7i50HOSRvljABaYvjBQuQWVmXeJNvzVVDugPwZ9qHmXR7DRMYmq3btjAHDw7CHm850D\/axX4J\/G9qC3NowH0SAARNnxHQ7IkSBhoZmgxROu876CBInq79U82ISoT\/REYuE4LsgFDGHVGSF6ABf2KPskwFZgymio5X3E2UZGhSC4xztoiOf5uhQa3SM60526PiyoMGY26L7GJum5oKfJX+\/XGZ9jcLBuFkeVgg7vrd+7wevLdbKUtHf1eT3d+L3thziofHuPd4CI+ByuymtuJpXTjzEY3et3n8\/Ruml82ixJzgzA8yM1japc9dZq82nsPjZLQrcw7jNtzNMcQ57Nvh0vXZ2wMzrY3nlxEKhBgyohwjzN7XLVzbtRPLfE9OwARiBPy2hnWojfLUqiYxlicFElrxdM3eXPswG8qxPvT+jLH48q9iN0hkl3PVurlymoK2kwJeF8x0WGj\/rfOumm7UPgriiX9Y1Vv\/eTxOQ0sJmWImTJR4QUeQmCse\/RYNtnEhJbQFCswA9ei2GxgCkct4yaT9t+JoCniTFB\/wAYi2niFZ\/IX+eapnoK532maQ32Oou5TQ15DBLmLn\/IMkVGpEAm1vlTIe6wxKQfjUf4LW\/uF7G25ZWL1ITLjyKnNfxFH2Jfq\/7GAM0XdaOIUepit5Tf706UXPP3FAo6py1KLGxIUcz1rqiIH6sfCC1l63Z6ZyfZ5Nm4LqazEagbmXV+AUg0owWNv8pcEPMkm7APihC1ZpxYiFH3rk8vfLkkYnnibupCM6Kxf4pkhZN0c7MHNExYojVGXYJo83ACDv7n\/slQCvrr15OdZBjuT00a5kUThB98aRcXs24hAJ+lhJOpyBMGhr0E4aMxxaANjTJzed35C7wfRktddjR\/EKHgZfaquT4gb2w3nEM99EZx\/BwBmdhlxRAZhoxL5\/b4b6jxaO6RF9tpys\/OreG\/irC3LpK+IanxT3pQF257nCjJVS0WCISXZ2lrMd\/xtiAs+CnwTrOfeAD5A7xDFrM1Gw3L4eWLCuEtMQLswwo3nBLNeQxtBr26r4aTZxEbPEXQ3UWXWzs3qy9jnJgSqOZnaOsBp0FW3RmX5FW9qbgqX5TkzmPWixV9YVO2CI7gl4Smm2W8Uuj\/cEoGhseo+jdSAzwiWqQwiXss2SgWTzySSgFqz2Gz2p514X0DIxt7f5PwST6QAIYky\/biUyF70e2tSDqN4UgfjMaI7bqYgnjeeU3O7kZuMTCGIybn5pbdy4ekE73vONGeZEbWp1VEL3Z1pW9Bqlzo9\/A0YKY9KHvbaSS4jnYuYflavjQijjzlsbFAH5g9K1SkieiRqlY38TzTM+kVwX6hlfeeSRDXh11NrxadpgbHRONpAwAItC7+71egVnjpJgBSqbEclWOEMNxcZayGS+ZFT34qWl+C24zLGEqo6GpeWACwT\/Be+e+08SLawxv\/IBoSvHT3W0cPck+tz\/V\/rbbUfxJZehfaYudpkudY6yDqyKVs3179GtGVc7jLAljyZX4ZcI36MkGSYBAorM5tSy\/ayAAP0B9veqE0RlYacMLPb4T+IUm35l9a0l\/jxo7j6eWq+7kUL+MnQYGonMN+4P0PPAqqDsb4j0S7c+wQHtC0TeVnhAWdemhc9uGRurJ4099F70+e"} +02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":5,"flow_src_last_pkt_time":1654385146276790,"flow_dst_last_pkt_time":1654385146689950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146689950,"pkt":"nLbQ0+MztKXvZygQCABFAAXUjpFAADYGVngOiIhswKgCfgBQwQSWIeXymarBiIAYAHqx0AAAAQEICpoJIuoeule+r5\/sWfI29jQ03eCEH8iRqkASmwWS7i4EA2RYmObdLRre5dNIwaqxo\/EFv5oSzTRXTX74scLoOlYhShmSwW+WMZPBLSpSwR7C0xoMsk\/PeBME96lmToCKQBoPZ8N4HfPWHpl3+7X4u5FiEoRoiypuBiBv32fyRKkGR2Vfibb75Quhg+qvRwO8ZdvZ7xmHdXX3m5TFCWYgSCJZ0R8Pb9N59O7Z\/mEbeWe8h4x7YE6rsZNFGnsC0S4Skh\/yTp8ALjLt5w7fIuuCkjY36euiLCzV1xca0v2obGdeqf6so1Rtde5s\/Tk\/ZMKzZY5cMM27sgFdN1SFIRgjkxKSe6L2Mxa62xjpMrZhBGelVMTW3MoRJtAPMonOiF7cpyJcH2W3Nf2Vzhi2wmkoRYFaSTO178BCDwPnLpSpNIJHtnn5lAv6sVMtYvyv24Ucxp6SKK0ZpibYh26HwJapM1+Ow4nxBQcxjdhA39Mmt9zGtTVhf39fs6D4vzNr6UddnwmWhOXceUDt+U3Elnbh+YMQNKkWQeyYPkIirzQCgLoxN1nJQQD+maFVZzSuvyzsGIaOBFJunh\/Ige0F+08nPhBit8q9\/RSg+WRcvnyRSaEiAv5ybla9ZNcIV9w3Goo4ZyMAFD0XiT\/QurDRYCiXgQARIkAcM2szXfA4Iq+mUbgolDyuPH0KGu2mEOofrHLpxNU5TAUiPdc4+O0AWfla8twg\/fHNy40H9mUavMud8NL4UBi8XsOQT\/Vc8EObQwuXt61jXHRtl0mfjvhPEjP1mWU5U1wef9gZw1yroIkGAXXdYhIE4t39IUn\/UFB7Ym\/JG3jQrd51IkNGHK92jAi6IJwrzX0w\/kW9RqnSbC9YUDI2eWO7MQiu\/aqQASQQA2TuMvuRMBVTUjOed1eoGdr39mKkcOEfJQ37Lu5lJQzxfnBF1NaBfYEato7AkqwKFujLvjTMsI4za3v3NOpdSD+c6pTuoWDUGS\/i7sB+US\/qrsQ3hnNT\/vwBWPINyL471X3czj2bhKeagw\/pgSoHhZ\/tAqdY9pQnZhg9nYsVP4YVFZAmG8QrubZuqzr34XWS5GmN7V70PdQNdOzCu8jTty4eCDRghschm3K3RlBSOf4EDivPmrTOMroU2szcasxujhfBHgHdaUE7ztbguDiMnODm7sDiitN78cCtO9kquSkvfEsGQPPlBvY\/GYjOBrXHpL3LMpU3ul90v66dLcvTxBdnLe9NeesTWfIrHGquP\/if\/LhGKE8VFvwGVRO7454QzfMMG51+nmrHBjA+Oo6iuETIYbNmDLOyjybLIf95tCGVLIMQaaXY3E8ddqFjBSSKlQLN+Ri9J+QZ+mxMwK6ZaKb4FjrZkHq5ZRakoSC8oZv9oXpdDXgsCiCj3vJBurwCPKcG20jCSzCWCmfxCRfYN3Mc3q6etr4ZDfp4vWdLrAADEbbbCMKhONgwd4IO3Ke\/h5wx4WVsNA4yZFytRfOgi7Kv5NM7FFUBAItexWrCNU5s9mkqM+2Zrzcd5db7SUfePpyThsHBQQeNhbXoVcfIITmBDOZ1Yg3MBL5iMrH2UcVVv7SkkIGNU4nesk6Ye3+iL+hNUnfHDdDbeG6dBvlVo7BhkMpE7wMNwwzop3obvyZ3z9aeTJlQmzgG0CrSt9ZCaOXf8\/9mvH1jMjEvtr\/+OhnZ7LixnUPa4\/nr4rLVvSCHu+VLUGEW+kassNEqvTJ797kgQr1hT9SNiaNpRXsHMTwbqXrPouRYUxg\/cPWCaLld3ekqeT4\/ye4pL11kOdUsa10VLV7jwyLuBnEaI88EmhxnBfFmHcsEF66Q1d5zuunWj2zkySYw4z073\/693yQB7kiZhjsQzy+aXzbT6ljhMgcOupFK8ngCX9oBwARDtg1jKVPjUZS61ahVBiMzld4Cai4h752c0gXIDxu5"} +02494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":5,"flow_src_last_pkt_time":1654385146284849,"flow_dst_last_pkt_time":1654385146703756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146703756,"pkt":"nLbQ0+MztKXvZygQCABFAAXUYc9AADYGgzoOiIhswKgCfgBQwPQgi3efRUrd7oAQAHrW3wAAAQEICpoJIvweulfW80tGLYsG0Wxwy3XMpxXXYLtpfEn6lEk4g+sfruUhpChuq8vYrXjcMlOoFMYbnQivXOICNoDxZjAonXkdMAcomuzU2OIivGGNmYyO5b27suEfXg\/gpW+cnw6Nx51w2fKtlzbErX458ftM225KjiY+\/yWPD8UV0Dfx192+MLWuB9aLR68wrNUMXJnokXQOeVf2t5PMs7ta3wXyPYBBu\/XIvxLjd69rMHD32SM4ZdrQriIoWBrn4qaSBzvlDOxe+R\/eOArojaeyR\/bNOTPEkL5L6DYv+6hSwz6cwSMh5mHhK8B07SWm5vsaiflMNrbTgD2Z+nTYSDGaCcTPJ4IDQUUBkfDP3\/skb9tflgNWDqO3lKHD6LGSoMZiipCSwXnu86ziadwa6O8TNmii232fJ3YRq+VMw1MG3vPzy9Xb4RfdJQDl47KrmmknZ\/DGcHH+rRthp2SorecXVK72wEp0lhTWzFssKARy0kK8U6j8AJZT6UABSB+yyP2jrYYkGvNeQGgLPeRLkW7eqtO\/TOT+itu9pKmWH68q7M\/AVFVEtE2KGW1lHFTYJzCXU61IgDYQwKvixnFPYQ1hzJoZITAhrH+pMZzot7fe\/vekryJ4Nx3YzDft\/sboF2AbnnO3syDpa\/E+P+nNYnMaEd4JwDM4eH8gWWeFfHNRphWTl0in8j5e0hESWx1W782UNvNI02K7mmrSqWes0ZPuGcYObOI9q21mj46mMz7Wtpy0ev0lLuErb4MnRSoVMcxLuLk4mD8BNgcGYh0oGMh5RuPMZpyhoKQyYgudCf29\/GKzWc2rXpXQSKUmkNlPtTZHotoHkXd0\/t2eYoD4kW43DN2zJtdfhgBKBxB0taQDR3amQ27O7OGuvXjwTEyAbFDjYB4WMGoXytojoTwE2+u9tExt8bgNIAccr0TU7Ewmk1LyD4iL3hjsKK2oFToqMKovKT997PsIv4GXSLr\/IEicRke\/y3Vxiktxg324FgYtpY7AEziPj9oi4f+GN\/V8yL7RLmUbDwIaHl5mv74qbr30MedlyXjAY0uRdbgArpf762bGks0Js2qfOm0P6U0s28pVd436EG31JYMXMBgqHPdcoWulNmkBEG2nkzkcXf7sppKmuvW5Q7Qfi8x9M3s+gRm5gycEOeUsEIvtqC1aTJu2lAwkxjxyyu1gD+OB2Y93wF\/zk\/AQkSQemHwK9SKy5U2dP\/KedyYgwUD3ctsYIpN4mPIMMgd3OhgxQYTGdOr0l1um622l4YJp6HYeepSI2Ivb32fK6EKaBVjJabu+t5km227+d8PKF4C\/mqkuasTR5TONN7GG\/oG1UzdW9rK9y+ulULFYnfirnFSLYqUQVyEm8G0bzpkrMTeWVPVyjx5M7kltX2OpzMY7B53PF5AIqcv9gtv0d2urzl4f2tkp86K0gkevLeUuzrTq0p7Gx8vCN6uR0g54EX\/VkLI7cFUGTmIhT2EV1Xl+13F6pTyYrGtWqFkOIuXdW9gcfSXNmqxHfWKfFF+4hG9MkLYqUuR3r1WsDJMOKrZkgt59bYjJRVQokUCmI+wYTZuS2ya\/69gNHOJUTB5DURGSgeVz74v0EmGyhM2kedFvIgCXNgU+oVC0CZs9B+GG9hzPBB9bNEP+MxzzHqm6SYmmmDS19u4+G6oiIiIaD29S6RSh6N8nmZTFicLTPWoe+uALmeGuceQW\/nKfGoYYxoJ+8LK+bVghbERmqnhpU1dnufy7f4L4jNj1t1rzBL81IfbWrxUZsB+GaKvxhpm9kcC8SUlOnkJgvmfybswcS7gzyb0BWOgp6bdVYllOdySMoxP5WS00fZ\/4uNY+12d2eGE850CV\/\/A\/f9nzwbQI0JfrxjpwXhCX98Ky+PDPv7IVBm8GnICfAKQbRjIOVTUI1YLRklQpUwnPJBLomkXIvBHRS0gY"} +02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146710077,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146710077,"pkt":"nLbQ0+MztKXvZygQCABFAAXUgVlAADYGY7AOiIhswKgCfgBQwORvtNcRImpQ7oAQAHoCWgAAAQEICpoJIwAeulfZAgICAQUBAQAAAAAAAQIREAMSITEgQRMiBDJRIzBCYXFigf\/aAAgBAwEBPwHwT4w8bm3USMYxX27PjlLlkYJD1Ir2KafTHpqx2v26HH3EU7EPHsmL+zZdjdCUtT\/h\/wCYGlBdk9ZRG5T\/AGdDWmlwPa+iMpR7N6l0ONfqTpkZl4smLFZlwJ4RYo0N2fI62kNaCW0nq+oEYe2LTjRLbfBpxi0ShGOLeEqLojK8TEIcrzqO3Ylm6Q5WXh4it\/Bzp8mhX\/0nJRnwSL\/jx6LJiwvBZk8vKtPgk3XJPreicVGA2JWdFi5KxEmIXeGX5NCid8FFcDQp0uUKM5Kie6L+w\/5EuCUaFGzZQuTo2ut6JOxZZXik3yNC4VjUeyjckLklSIytWa7W2vYkmuySo9YuyL5H2afdeiqIrF5Xgl\/TY2N4TEvtRONS2lx0o17Kjsv2OLi7JKL5RJJxtF5SpFlXEu+xf2dSdQoVpk408I0dNzdnxJ6m01dNQR+5OcktjPjTIxsktuIw9smx\/wAkJR28k6vgXkot9ZVOZqcITTJaf8FGjqqCpm9p77F95W2JqH1kS1N8ro+0SLUGSlZGKXI3Q3YkuhRvhdmpGmIWJK8qbXWfx+Z0a8eLGqE+CUZVbO4kokG0+DfIUmjfLKkX6KwnTs1J7neL8oxbIxSVGjppcjjaJx2umM+W4bTTltZrxqmiiiisR021Z1i\/DabfGOjYoqIuRKsfkwtWIsuiWpujtEhtIaKKN\/1rzssrPRZKddn4rc3eWrRqR2yaFiKoRLUjdCeGhupULKyi8PvD1odHy30PcnyaGvt\/4KSasnrbejT1dySNWMlLk6xFNsrkdCdEluO0NclYRtLihixY2Wh8TGjsiq4NLX+N89EoqfJopxZrxuGLNL9icK5HhD46yxriy8PwfeNRdPwmaWq48Gm7ZPofYjS\/ZH5MtsaFTjQtMdLosReKoQ1fg8Ujbu4I\/iR9s\/J0VCKccT7I9o3VTJMl2McmhycuxG\/Ho3F4trsv+CzvwWdOfHJrx3QeJ94+T60zQ1r+jNT9i\/Kv5wmJknYv9DZ6OUX4ItpkJzlKia2yaJYYnTsb9mnpSkT09vh0PoeIsbTRvOH7JZXglFnEI2Tm27Y3Ymd8iVmlpQ9iiakOGihtCd8Ej14XheC8FI1NVylRZSNpVY0Hx\/zE198r9jVRNkY8DWGsIZWI5eGuSvBmh7QpfU1JrsfIhGq7Q+RSGhrCXhVi\/t6LakamrtG5SEuBCJdeHY8VwesLEJblfihFihJkdJezo1OZFliOmSXAvBlG2O2\/FKvFo\/0RnXSPkmW\/bHqpdF+8oqz0dYjKuzchsZtf7ZoXlFWa0Psj5GNtlCVj4wxcFikNZoaw39PBE+jaxyFO1WNPs1K8ExliOxPCbXI5buiKHed7khl0hdY9nAo2bafB8basTou8cnwzZKO10N4WGy0WaenvQ9GSKaHxhP61iSuNEVUaFbXJRSE+ax2Vj4qSbNLRdHxcck5W2xiy2Xj8OdTocV\/A9GLNT8Z+iUUl1ybvullFexssQo2KVMkLs+NY\/I1NumxK3QxZeIqzQ\/dFn5WrKKVGnxBH5CjdlXK8rovLEx9FkjT1px6I\/k8Wz8rWUo8Dd4jl5\/GX9RFmq0+JLgjq7VtRrS5P8h5cjdZbGUV7OyhH+JrO8IhC1ZsPj+o8RNOPs03T7Jz3G+sN\/dDxaaxGBTLsXAvsS44Gzo0tRPgm7wl6NpRN1F4oSIcxxLhFtyw\/2RJ0OTZFcclIRSJOiLuPJdZkuCH16GhcGirdlY1l9co0lwdGoyixolyQXsTxeGf6EiRBWa6pcEHyW3wM0VwRijUjRNWhixodGoy7wj\/Ej+7Xl\/\/EACoRAAICAQQBBAICAwEBAAAAAAABAhEDEBIhMSIEEzJBUWEgQhQzQwWB"} +02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":4,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146711764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385146711764,"pkt":"nLbQ0+MztKXvZygQCABFAAXUgVpAADYGY68OiIhswKgCfgBQwORvtNyxImpQ7oAYAHp44gAAAQEICpoJIwAeulfZ\/9oACAECAQE\/AZfLWb8WSSbsyK\/JGPlnPSMeKo+RLdu8D3FDiJKWTJwuhRb7RLI4SrbwL1NPa1wbF\/TgUpPiZPF5bjLG3uRj5O+EbUobT0KqzGL5H9iWku9cnxZtS4PHGY47pCUcK\/ZupbpGXJLfR7bydcIVY40iMsjl1wKc4\/JE8cMr\/Zm3UkYpSl4yIQcePoeFdxFjp1IjLYz24\/JHol2zGL5F+RLTdbEMyfBmTGvybd0qRjxKKHhjdmX085O7PaVLcSyc7Y9ks2Rzoip0+T1LyRlaMGSc50yv4OKZmxOHXRHmFHoopRdGM+yMl2S0hBR4FwTntZklUSOJynRDHGPX8csvb5orfx9nqoSk0hY7x7JGOvpfycdypk4bHR\/58KiyBJtdGCLXZLR9jntG3JkuImKFK\/5TSa5FtUaiYZ23BmOblmZAuh86LX1EOdx6F+Loxm3cyN7iWi0UUiXWrdF070b502py8SbhCW+hxTXj9kKiyQmmNl2Losj5J7j0cHFSsxkOz7Nyl0WR1l8WKVKhOyQpWxsu2N0Q3buUZ917UL6\/Rai\/2N2LStEq5ISU+UYfixbmY1yJeRLTHK9Z9EE3GxcD0Z9DlxZC35MU7ltIZd\/gxScJbByiuCtY8syfExK4WYn4mPoh2R+RLSMaHpLoXR3ET0Zmy7F0e9WPeYsrnJolWLntkMMVPeiOSSdE58q0QmpdaNkDtuLMXjGjEqiQ6IdkfkS0RKVcaS6ErP0hpoUhGXHvVMjC1VEpbeIqjJB5fKBsqFXRUf8A6XKa6IQok\/oSsSoal7m76F+jF8WQ6IEeXwS0RON86S6NtR3D\/QnZVuhL8E4uXK7MLf2ZIxkvI2RXQ8cZPcz24fgoa\/AsfiZI15Ic+OBaYn40yD4HNxmQ7JaIkTyxh2ZMzmKTcUno19ox\/lijTGRkNt\/wQyGPcSgnGjYk705NzIZmiEoSlbIdktJZYxMnqZS+JKW4hG3qtK0ootsirRRQiPEdMsfv+UMrixu9JM5Ziwyn0SxLEv4LnXtlEcSqzESGVwLrTLxEZf8AHE7itP8AEyfgj6RLlkNtVEnG3Q+Oyebb0QyXwKtbob8bRbISpjyUyFvktfZuSNyoyT3Dnbs5ZHVGPLtVH+V+h\/AjMf5RPyVm33F+zNDmzDaFqyEvoarTsVJEneiL5K0Wq0qGsZ\/kZiR6iCabMXZ0cnI3Zhjbsyu5FkJUPkdorTsZF\/wRihufJ\/iR\/Ix5OSLsTMXxM3xkR4a0VEMfBBdouuCTt+JtvkStcHTo2WiUGnpV9FFF6IR6dcXpJ8EiPemJ+J3wz2JNujLj43IxxvkolxKy70fBFsq3aEThZKNcEeOyVPRdiaY1WkFSS0yXXGnWmJ\/Q1TMa+x8qiK+jLkUURnvWiv6MnYoqrIt7iLLTMkLR5RdHttlNESr0gt0kh96TOTsUYvojCmSjZ0Sme7LdtLMEn7jibRY1ROEUtwpc0yK8mXXGlqhY0+RkuyjrT0sbmPvTINCgtm42vsjNoWQlk\/B+zPxUtOsyZJ\/RN1wN3BmN2YVcjJK5EJ\/nSEqsY+WRVseFSiSjR6OPbH3pMQncaN9KkJocrErJGaN42QfiSjbVH2S7P0YPlRDwTY8bKZGTQmmTlpig+yPxFCMlyYY7VQ+9GIjo1WlUhY2ycVGBijaFwT7J8oTMfGQa4IStFE4lI2lJR\/Yv9ZH4kOjGf20Yi6RtvkmuSOP8k8uOHZP1bfxHJy7MEeBRJRs\/Wi\/2In0QltYhjpDyr6ItuPIv9aF8RZIx4bID+Wl8i0jk2jyqyeNS7Y8OBG2L+EBemk\/lwKNOtci+x8k\/pnZJHtzl8Wezk+2z2l9iSXSOaP8Ami2kQw7ptsh0PsvSMkyxsh5Oj\/Gh9kccI9I3fgy5NishzokNWiJmjwRyrpj\/AEY5"} +11530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":5,"flow_src_last_pkt_time":1654385146276743,"flow_dst_last_pkt_time":1654385146711764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":11586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":11586,"pkt_l4_len":11552,"thread_ts_usec":1654385146711764,"pkt":"nLbQ0+MztKXvZygQCABFAC00gVtAADYGPE4OiIhswKgCfgBQwORvtOJRImpQ7oAQAHqHQQAAAQEICpoJIwAeulfZxSJTSHK3wOLpkH48n9BfEj0QMhuQokcaj0WjJwj0z3WyzliVGWG7siUSN23smqdoU74ZPHBuj2vb7GxJDERVKh\/AXxIdCaStkpuU7PAZusg5Sk7MkbRjx+3joXA3FD9RBHub0R0mSFH8MeOafRsaJ3pQudJdj+BGf0Q4Rm3bq+hLtm2JLrRckP2ZMiRPLJ9Hk+xVdEY9REhDdskQhYo1pniVopUd6S+IviR6JYOdyHFxRRGf0x4\/wKVE0T5LpUhmHGtxHhXpN0hDIaN0ZdEh9l0yyXxP6kfiWdntol2b2Mb5slC42WOUTB5dCVaZGI+zGhjdE3wNHQ8isStj\/qT+IviL4l2yJSNlukSjsjwba5ZzJkOFTM2L7Q0elWknRnlXA2\/pkJSvlkVS0ydGaXiRJOza30RQ1cok1wf1L8CC+z3K6Pd\/RCPBk45J5V9mKQ8fJRnw8WjCq4G6JS+zJK3phVzWjlRKVmXRRsSpFULsyNJDm2e5KxyZts2nJLoljt8keHoydOFEOyTt0jO6W3X03E9ZpGZ29IiG\/Esjk3dk3QnyJMV0U\/xp93+CKvksZubkf8xdEVSszvkciLIOmY3wSErXJnXmfYyx9H2Q+ZJ2xCWv\/8QAQBAAAQMCBAMFBQcDAwQCAwAAAQACEQMhEjFBURAiYRMgMnGBBDBCUpEjM2JyobHRFILBQJLwQ1Nj4TSig+Lx\/9oACAEBAAY\/AvcSjhfieUC5ObIGIRKjGGiMOapsGTclNNwGK7mpzqp5n2hBgjNFoAPmuYlzlLeZ2rVPZ4amGBC7Ts+03Tvaifi+7GiDabIF3QgQcV\/3VyMp8lTq03NE2mdFjaO0a8xhTarGBjyd0+qfaAHNHKd12deGH5t02u9kwfhXbtpcg5oXa4IGyL3vvECVFN+J5zK5tU5jSAXZLmeGtNimBo8OS+ycMOeGck7tTzPvCawR6Ls6phuiYMYcQf8ARDzQwDlWFolyxFpCwPu7Rdm6ztCmNey7P1X9TVFzk1Y6n9qlyL3uwsGa\/qKhw0\/hnVdnSB26lH+otAnCFTY1oE7J1XCTRdnGhQZSpl7hqCg17A6CfC5FrKYaDZQ8ODsUysbHNcMOionVPYcohGnWmnWaJDhk5YmT2c32RbUZhc7WbJ59ipnDrNgoILXDQrC1vOViLSEGuE1FhyqN1TS5nM23mu3qCXuyGyJd4tEXQSUBVZHom\/r7091vmsPZ\/wBpWEjsz8wV3NfCmk3CE1pqYrZJjXDGW5lY8cl3hhYnGSg+uLRMfyuV4l1yz5UJd9my0nIL7Jvm5+qLOXIXnNS\/1cmspuxAZrM3QkYAd0aZMxqmupvkkThKBc11M6FBtTmAETqvs9NEWEwcUeSdRzjfW6e\/2XIZt\/hDGT2Zs5DDzH4XhYHDyI1WGvQe7Z2FSxvZj9lh7QuMJkjFhzcg4VLHULE52MLwhkKMQqzorsjy196e7KGFvNsvtGkBYWrCGyTmsNGMWRMpjc3xfg2o\/mdr0UeznpiXaV5A21KqUsI5bgrD9U6eY4AMKhzuXRqDa7uxETzIhsO\/FEo8tQ3Q+zcKs+LdAGm7FqQj2kwbQ5qBo12ip8pKuC126ca\/idk\/ZY2n1BQpDXPyRdT+zYd0Wte90rwieBY8SuyZF\/i3VNkbYk5pg0T1RbEtcM1rhOShgJcmue2B7094Od4SiMWJuYPCpoQE1lEl1YjTRY3VGYjuU3la4zJcjSZSd2W41Q7SC7DPkhTbaf0CD8Ah7IKwUD5v34fYtdO40XampE73XieT+yqVnUmksmB6o1Xuwgm0J\/s9Sm0xqsIaW7wUHsq21xaLmvT6GQiDLabfEVhpsIGvMrdwoI2QqyeohTUcWkHw9FVbmGkQmEhdo3xGybTa7G6bn\/RFYRdRhcpqAwdUfZ2DncP9o3X7k6qeGscCWuz3UtNMtGQyUPpYR802T24oazMrA2rjp1BqqceCMwi9twc4TqTBLnF0zoJRFDtMOuFY4n5gU1zbmpdBj7zPqh7O34DnumNccVQ3eTqeFu4QpdmrcCHKuI1EINaDiWGCuYEd5vtFMc2GXdU\/+o8WiOEQ3Qe4FRvgcB6cMO9kGgS5RLY2xLm+ith+iA1WHqr5bLwrYq\/CDksdFzmucsb5LRadAu1ZOH5mGQhTqNAf0yKg2DnaLBAbh0CLmuEuzGyc2s44QOVYGnCzQBNr+0crWmQN+F+MxZYgvw8IXVdVLfEFLcAPmhDmT5qHAd38A8RUfCB3c4WivwazcwnUullBzTHYZtOKVVZRdJaM1jLMteGy\/wDaGZhbKRnxtw5BztuE0AXJg+cqp7K\/wzInZHsjHxW0TamcFf1NLbD5FPbmX5nhSq4R4ZcTuoGS34QM0Av+WRa7JdENium+3CeHhkuNpyTsLWu9VUnwzYdwYhI2QBo4AMsKdTpNInNx9xhaJJ0C7Spep+3CtHzlCHOwgzEoNp0ziI5iVG3AAK6hdOB4QV5KdE72ig3Ec3U9+vmmt7PDUnM6IYz4yLp8U2hzScMeacxwuNCu2qiZ8IVI8rDMOc0WhUmUuQR4UFiKCnRSdVkoWXqmcJbcbccTmyAVbtAIyCNPsuXTvT3\/ALav2Y2Q7Flj8Wc8HVD6Ik5lMaciV8PKcII6INXQK+fclHhi4OHqg5psh2TQx7zJQxZsyK7X4cRIHqm1fnbkqfyYRATaDfguUKr83CybwM5BendEfCsXwn9OF\/qFv+ieNXmAoNQAhuuqfUbTbiyPej3H2brbaL7umpqunptwJCpjZqn1UaDgUAvy8CV6IqCvRQdk51SpFRkDBuFHSydRqzglNIbhDRC7PAe0Atsv6ipzEnl6ndNFZwaI8W6tpZDcwFeyHcDZmeG7Tos5GhQV7BM9oJvPhQdprKccy+9sh33drlhP1XNOWnuioPiaIKd5JyCKx7lYtzwaN04qNymyimhCuKhbUOW0J3sr6lo\/RdtXmD4WbqOyZOphVGVHYWnwuGiOF0SM9xumv9orW+HdYaDIw\/eHqqeHdYyWFpuvC5vNmOGbvqvCXKRTN7IB1IiUVGi5Mxl1QwZE3OyAPjYRj4dgR+U9\/YLtmVDlMO93a5i4WKeVCLsdwcFm3yTbNPqsOD9U4kQv8Karwz8LVGBwG8IvVXcUymUx7NZogEsMoOrRic4AqJa9pmP4VzKfj+LJUgWw6nad0yKQNNtpLc1Jx5z2Y0G6j5XBQj1ue4cJzMlX4cupQ6XVMgcgecSsVdN8\/d1KQyabd+dkHVfDmUHG8uKw8JG2amq8z55olrrzkChD3zrKLvhlY3W2CaY85KuBb9U2fMqo3EZeLkaItqPDarbRqUatOmWtAhNpvdFWddU97vBElOre1vwsb4RonupMMG8JtH2is6m1o5dl\/UezyT8UGxCxs2lA8B3oiyj6qn7M0mKm2qY+n4mnP5pWFD3c1qZE\/Fn3ymDUp9A+LxNRTHtzATlHCBlqpiVO11Kc46BGkS0V2wQQbELsj7U5x1DXZL+q9pIJ\/wC2nim5tL2dokiE97G8rc1gLzh2lF\/LYThTqcRU33VPEMLsy8bKJIY\/I7hYG+0S0j4XKm7UWPuA028kzC0XVN7iHODM0aTvhcMPlwHuy1wlp0VSmMmu7zD1TBEBmiquOjJQJsTqsKJGveLNslB1sqr9hytnVFz3DEBiGLUpgqvht+VNpUmYW5fmKFEc3zHdQLNNwE0DQC6bWpmC6\/kVgrPc2ppJsqmNwcBdp1lMpv8ACSosKZt5d\/l0QbF91dwBbzAlVWXLpkDopc74hYcG+7pVahl2GI3Kc92bjPeZ5pxy1Kn5gQU4u+I8qOLvZrrum0qF8Avabo1K7ogfEoptlBvtHh1LSgAA2mxzU7F1uU9zASGNt+UIMJ56Y+qpA+NzpVMg4KkZhOMB7WbFFrCMcSAdUaVTFH4motfaoyxhcz8S1Ulx8uGFmXzKyJMXvmnPkgi+Hom1NNfJFzfAHCOvAe7a0nlbkO+zzTtzdEqm2pAdFihU0Nip4wtV4Ci92eiDZuVTpjKJXncrE8c7inRnHMm0g5zthKn4nZp2GRhdposVRxcdyVRezMN0TeyPO\/l8wndnbA+QsXlBTS0awAp04SVGTf34FNvNTZA6ZnqnM+HNvkhSPjY+PRcqb\/om+anRMBym6xxzO8I2WZueMPt17jvZz8Np0RaTzCwCphr5qRzBGl8JQZTGG0Su09okHMNLZlDtLDIoiM91UCqMtOKx2WXKdHZFCsBl4QdFjqk8zuZyb2JxsccoWKoSX6NhVG1GECZGHRcpLvIK\/wBOOFl6n7IucZJ1TmhUS67736LDOagppn309xvmnM0aYTZ3Rf8ADkE1Xtwgq8up\/spYZRwXqmzB1RDwQ7qg5uYuqtapTxOfrsqdRrJBzvcrtKTb9c0wYpceY9UfaGCQXHEPVYcQI\/Epe7zKDadF4B1jNdlge5hvByQPZFq7Nu3ghFjW4qhOZyCL6jsTjqu0cCA0Er9J4llLPfjT63KZSwkvfl0RY4Q5pgrrqg3uhjBJKDXEEkTb3EdwO2ROpKOOxPK3yUIAHl04RpsVqP1Xjb62WFlhqf4QbAy8W6Da4+0bkfmCx0RDv0RZUaWuGhQHAOM2T6c8xmCjSwjtDmd0akWmcKxBrBCHhsizs2gobotxTCe8WOQKwzLnG5Kw0Tyt\/VO+zxbQpybsu3pZajgGonTIJx0AyKxl2GofoVdtjroUO46hVbz5tcEKjHW0ci95lx95hpiSu29ou74Wfyr8MH0WE8LLCTE6otOmqI0AuE12Y0KwvI2vqsQYHFo5cJUZOHG3e2dur2Ka0RZOaIxO16LT6rsWmGzitqnLdpzCDm\/du8JWP\/qVbDoODRvzcCGmw5Viw4XdEY5gNW8Kb5nGFT6XVRp+XuD3GJ7SfwoPLcLWiyO7tNuF+AI9CpHqF5qXl30QdT8OScAJOFYfENQsObTkV4rIu3XL7vXgHPjBmi75ipXZVvuj+iJHhFmoNGtkYyFgsXyjFwn5bqZgqHt1nE3NEMdjA2\/hGpVqAVH5DYIso5HNx7g70tbDPndkuTnf87tPIK4xu6lfxp5L1U8Sw+iGh0KA1Nk35Wp872QOSxM+ixN8TeDXRNvdXWysL78AEOOLqi\/5Wk8D+N0fTh+Y8MWjbqUG1WY+uqPYunoc1zNI8+I7nI23zHJYqn2z\/wBFzy2NFyShKaAsIyFu5iC5hLf2VyTt0Q6qOiwPFwrFY2jm\/dEhpDXfoUNhPGZws3X33\/1Q5sUzp3ebWye05qFKnuMHqnH5nAcKbdm\/vww\/KI4Aavv6cC75RK6rC44jsbrE0ADUDgOFm4Ru5Th7V\/VfaGOizhSv7AVGwRf8ot597A7IpzT\/AGlNU8ML\/rvwOQGZPRZQNBw80xuw4eXEhcueyKpVR8XKfMLE5Yde7OSpN6YvqsNP1ccgueObwkcQ0ZlGMshwcfmMKfi06Lqr5ZFFuyHDkdhw2814v9oXXfNT1VboxVPKmE4tzhMp\/wBx72IKl1Kpjh1UHJXu3dYMWBg8R3Kw\/hChMUOM+S0B\/EE7CAvTg18evDDWptqbE2P1VSgztGzzibwQmUZzgj1WJv3zfE3fu9m4kNiTCPs7jyNH6QgxjcLdAEC3C1jBF08QGxaTqix2YMFOfsONNmwn69ydwCh3B+VMH417Sfypw+Ex+iEiAsW\/fv4WGUzgVPA3tumVW56LEMjwptYwQ\/49lLZLgbApzZnZQPD4VCcx9I4Vipm4UZPbcdVTd1Xs7+g\/dVA23NIhc4Bd82R7hruzqZeS9oePhYApxWFlly6BBsp1ajzzm05rA4Q6bjg1u5TnbnuNO1kOLj5rrCY5rfC6UZOah2RRa7VGlU4hsrsyOZYenCdX8ya7bg0oo3sEGxnohT2ueishvmhCm66IhPN\/MboufeeUKlH3oF1IEdP4TXdZITD+FU6u7L+fG6ZSb8RunYfhbZNrue5uIXb8yDd81hbqnx5Kn2pkkKq\/8XCo\/wCVv791w9UF4XfThAcrhYXiyligrCcwp+Iars32IUWTXgC3VNcQJGRQcTAhdnTHmUGVqdvmagaVZsjR1kA0kfhNwsNRuA76IhrgXHbRWRhxQbPPUeST0WLrCE+Strx\/EAsQOeY4HAJc6yw6pya78Pcn0VSt8ggKCoKvfgO0GLzTmM53gZN04j8bp+nd7R9qf7qKVNrfIK7r+ad5rz4Wsod4ViageGx0KwmzhosDvCN1hbdEYrqD9VCwqX2CgBaenFoOWGyoUm+FvM7qSi4aQ5AjhfgYXVdm36oO63KdeMUgLAc8kIhsCFugBumD+5PZrinhJVuBoezuimPE4ar83HB8lu7RjLDwff4ii3cJvdxNUbKFezhkV2bWuLh8Rshp5J2HREG7evCmpAWSl1ysroE+ELyQc7woSIcdOiZ8rv04WcuaOGFt6h\/ROJ2JVR3Tm6LDMgFDFJ4taiPlsqdYuEOaG4e4fZaJ5j4yNOnAdBw7R3hZfz6Ik693sSean+3B3I7NNfsUBt3YWLR3AlAj7xuRWRGCAUQ2wnJOZ8rok6Lm3zWIPFiLFNAR4QMk2k18Hdcg5vmP8LG68ol0k5JtLEJ+Vdk\/PQ8Je4AIlowtyk5lDqq1B3iNM4fOFI1zG6tksIuVc8Bs2\/0QnU3VKdWqzsKynyRhGaJB\/wC4LJ1HFigxKJ4f\/k\/x3g+m6HBBtduF3zDJeMcKbv7T6dy3CFOosg3hWAzsUZu7ZTuJUG4X2Z5j8KAMS3dO5FlcjdS53OdNkKuImqXXCjN\/TJElD5ih7SXfasusFn2BxCxUD6lNdZ73NkudooeZaLwpptt82QVN78GJwzbuEcDC7VSGrFqp34V3\/hj6px2CosLjYaKInzXKXN9Vd3\/1Vxy9E+qx3aDPrxa317rWuEsF3JuFrW1pth2TeNSmfzBDEVa6sAg7ccOiOzkOFbyVN24VF\/pxFNzoGidkRdGTicRZu3VB1eXiVUa1uXXNWAUf4Qr+0mPlbCw\/NYI3y\/hWwnzErs6bAbDIRCBq\/av\/AEWED0Gi7WqASN095s2cuF\/qsDljxc0xC\/O\/9v8A+o9TCoFziDhXikeSuAViCsrtEo1PZ4E5sKI72Jji07hS4yTqUOIafj5VhOY4jpbj6ocKipecI\/MwzxDtii2nBeddlh+LXgxzhMtVSn8riF2r2zU66IgQGjVB9QF7vxOWFlIYd4X2kHyEKAA0InmEarEbDQbql2hti8KqOOxPHqoOYVFmzJ+qpUhYu\/5\/hYKdbGBo8ZLmqMHk1S+pUPrCwt7j7WPP7gcZCbWblUGLi5nrxK9EE+Mt0N8RVRm4WL68CsR0y4x8rk6By2cVyiSnGwB\/dYnw89VAuobbcqddyi1nOv6hzgWC0fKmzENBKrBjXFxG3ckZokZZKjgEkQjykrC\/2eoD1X3T\/wDcg9psb9zA+kKjS26n2Srf\/tvzWGo0tPXukocWMJgE5rswS7AZai5zYbwa7i4dEeBWAHmn6L\/G6xDIqNDkoUDi9n4ZQcRzOEnjsFssLGlx2Cx17M20X2bC7yWGtFKjM4QopNa3cqabMUmJKJOZ7k\/VdozNpVoFRtnBXC+7b9FHcqu6wmOpFzawzCw+0s7Vm+oWOjUD2\/isQuZhjcXHEBDiKlbmdoNlnHki1vIDqbkrx\/RqBxOJnUQmO6cXfm7nlwP4brrr3GODTzco9U4YDa0G3GAJKl59E14nFOaNF2RyXM4CLXUMxE9AsBeDhzYNPNUuru83abrFSkGoLvBusLazmt+bGuatUe7dxV3BWeODnfKJ4mhbAeEtcR5L7VuB3zsH7hD4mHJzcu6yk2pykwp13Uxh81fEfWEOzyFk9nyHj5rr3fL9Tx5G23OQQyrP3+EJvtMG2a5uYO1R+o4wwSmT811bxDJYviLQSjQoH7T43bdFVJ6Kg3zPfDXfdOz6KzsZ2avs4pN6ZrF2zyeplc2F42iFai7\/AHI08Ba49e4eJgmNe6GjMlAk4nRmVysxaSoe8x8osOEkeMzxnZSFPG2a5fA2w6rkYSBmdAub7Z2w8KwDL5RkFNY4nfKFAAAIXVpj+E2oNLqRkt1smBpycCSsLCRPxFO7PDiHRSc1X\/MEz8vfhuiv3G9Z7scSe61tLxb7IXncp1Nt+vXhjqD7MfquXhZXRZq3uFlJs1HW\/KFjrnF+EZI04sfC0LFXOGb4QsNNuBvAjYqowarA3LO+ybRDhiiICB3UuurXR8l+Nv6oVmfdvz6FVty8BUju3\/KLtvdNQGwXTYrPCeuSuI4SrcB3XtqDxahADERKnqQobkbprRpwuFyq9kw72UFcjCVLzPQZLJBmguU2qPExNfxI3Ca5Rrht0U7AprdgvThPQoP+qfR0eOUpzdcaazRjAmN35vdBvkE49UUAiPhOixNuBmNvd8r2kuvCyiVCiFe3DK3VS+zNt1y0f9y5vpwlTqU4bhOZqLcWnqgt3UzdVS4Q3F\/7Rd8zv0RUr\/m3Cr7K889M28lMcznXVbzhPvAYMK5hbf3ELF68PVVDrlwlSwebeA9y2m95c3SdEOEmw4dNBusVT6dz8I4FVW+qcOvDl+qJVZpydZHcCPXJQDBAsiDZ23ADrHA1Ro643CFWeWMSNU740PxXUPbZPDcp756rB8R8X8KAoGS\/u7k6+6BGYTHbqSoVzZWHcwjM9wHdGLq\/DB8cZKqfIpoGvMUFib4lDvFw6aJyrMPiptw+id1srOIVqh9UXHMrLvdodMhueHmp8LdysDfOT79nQnuDjKk8YF1ZBS4wFFMR+I58Hj8K5s4hByCxDNCcwgCv7VUY3J4go9ti5dl2bDLYkT3+V0K9x0ULCAsdVw+kpzBJDd+4feFm9xxjvW4EpsLmkADTVX4XsscyIhAi4QHwvuERwxapwVB27SOHY0c6hiUf+6xs4t\/c5\/VOcGiSQE9pEYSqvn3DxCHuGvbm0ysM2N2+XAcYGSnXhdy5G+pXOZ4OPRbDdco9eIOmypxqAQVfiR0VB2ziOH9RU+8Ph6J1KSARchDEcTHZO9wG7phw5mU84Yuq35u4fe4dWZeSap4YW2brw5brP6K\/caz1Q7rB8riP+fVYxxDhuu0b8LgUxmmqwt5iVzZ6poY4Nwmb6o06niHd5KbneQXOW0x1uu0qHtH6Y\/4TcOVk\/wA1W\/N3C2mMsypD2noudjm+fuw5AOEcMVYxs1QxhA3IV5KurDhktF4j5d+pTOWijiU9rsoTXG1RczhJ\/VAXDdequne01WhzDFhm1a\/Vf\/ssmlclNvo1clL6rlIYOgRdVcXQJkqHZSnxuqv5u4HavJJWBkOqfspqPLveYQ+W\/K665WMB3zUgS57Riec+FgT5LIDzK+0qgeS5W4vPiTEKUO81+mqxcYPhcFgqHlBgkZlNazGcVriFeAsVZzG\/mKdQoS4utj2X3h9VdtJ3mxc3stL0JC\/+MR5VF9zU\/wB6vSr+jwi2gyoyQZLnAoYPJOm0Kr+bj2dOjhdun0Hby1F2\/cPfa57eR2ThkeBLWk4bnpwpE\/IFOGVYLxKXHuAJ0iEO6D1TqZRY7JTwATyWHDvFuABrVC38yuZU93C0EnYKfa6mD\/xsu4\/wmspUm0qV7am2pRbldPndVfzHuSPc4uLWmDhlrgp7GPymEPYqDGtm7o4UegWA8bCVL1bgHR4inHvscsQR3WEryPDGxvZv\/CiHXbmHDuWErlpmNzZc7jUOzP5WGkBSb+DP6qwJKp2+I\/svVCDY3VT8x7lxI7vqhzMChcqwnjjpHzByKhjKbOqDva3EtJ5iUexcDTIkQck0O24QGqah9FAEBYRlxpU2\/ILo908GocJREkO\/dXAf+i5wWqLOaqhD6bKYdYuKv7bT9BKt7WD\/AGFfZU6bnfM4yvtXO8ivEfqvEeHkZQa10mcgsKf59xwfRa+dde4arhIbYea\/qMInIleHuQe6BvxwnPhDe4RNhYf57x4YQeYaIhW4Ymrquz+LOf8ACxZdUxxicMdzC4Ym7FdowzTP6efFvWya\/N2SdaITvPjZGeIa31Oy7NlmtWGJ9V94frwAFyh2jC2Vi2Ux3Ds3jZXPGFKDPlz8\/cNc0wYTQTgqKQPoVDwWnquW5Oywh01nD\/bw5QTh0bmpc0j07k\/8C5hiYbOG6zljrtduOLvQp\/mnefcPAmYaM1hYE8eqZ+qLS644do8c37IseJBTuzHaN6ZrD2ZnqFibhd0BvxG5up42v5L\/ANrEQ4joEHRAO5leHK+Sn3A8kFyV3j1X2jGv\/RHDTcKmgOSc55knM8JXhauai0r7mFyuI9UH0ajT0IzRwsOH6x0T\/Zj4xz0\/44m08uGE5zo5r2R8+DsYB5bSn9n4ZsigpYC4ahAt84WMf8C6jIrnovLtVS7SHtzMLA13UqziF95I6WVxbh\/V0xn4x\/lBoB6qBw281mSo\/Tg6IQBcJCkGcRge5Hlx27kqx4ZNKuxWsua46oObYhYm65o2yWHdFp0R7h4Nolwa8b6q2ehQYfEFLLFXMFPn5kQc269FMW2XKcJ2RBXULA4SCE6pSktjJADxH9FiP11KZD+Q5MGihzpxDJqhjPquarh8gpIe7zK5aDPW6az5W\/r\/AKK9MFXDmeS+yqBy2XM3D1Z\/CzBHzBDWFiTa9MR8zR+6KPcPHlNoyV+GQWO48lMh42UEKGiesxCph\/Kfm0KxRyuzQUZLmHN04YvgbaUG0GH+VL343dEXWawZlcspgOpTnbnvH33Lmp9qMg5N1CbRpsEDxbysTOZqLUGhN6p+wmO6eLcPy8bygQpZ\/tTAFGAAaQr5jNEIIuK81UjWY6KPlddHDn8XAM0XaRJmB0VR5ziPrwk3KLjrxPT3WBw43e2Oplfwu0I8JF90HDIqsfw="} +02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1462,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385147585918,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":70839.9,"max":886861,"stddev":171207.7,"var":29312067584.0,"ent":2.6,"data": [223740,209594,1687,0,207155,354,1309,724,462,462,1177,203967,420,1398,676,628,3543,0,0,886861,237591,464,978,2452,823,206716,876,409,919,0,651]},"pktlen": {"min":337,"avg":3143.8,"max":18772,"stddev":3724.0,"var":13867894.0,"ent":4.3,"data": [566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.862786770,7.902865887,7.781876564,7.771229267,7.963672161,7.848064899,7.850860119,7.915616512,7.853264332,7.865233421,7.839958668,7.951301098,7.843721867,7.832941532,7.839491367,7.869894028,7.948531628,7.838067055,7.923059940,7.938112259,5.870801449,5.836921215,7.830684185,7.978819847,7.990375519,7.851813316,7.925859928,7.854060650,7.888266563,7.969222546,7.854313850,7.852722645]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +02247{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1469,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385147928387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":113644,"midstream":1,"thread_ts_usec":1654385147928387,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":96206.9,"max":899707,"stddev":188732.5,"var":35619966976.0,"ent":3.0,"data": [205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478]},"pktlen": {"min":337,"avg":3651.9,"max":18772,"stddev":4182.9,"var":17496908.0,"ent":4.3,"data": [566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1],"entropies": [5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01107{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1654385156800184,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832164,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} +02457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832624,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} +02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":4,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaMAAHsGmjWs2RJiwKgCfgBQrVDIz2yiXVm79oAYAQUqYQAAAQEICjsKomxlPCxhRGOWlBMPc8NAU6L0AwXb0xP1hbpNb5QnvHhi14QH7hpA5J0epCNAI3FD6VpnsrglBBzqahPzg4fcrfNXbgrfEbonfkeun55U+msWCvcE1LU7Yio2c8X7OQ+d5X4k+j0B5ep3RiVLjpfR4ocOAYEuhKUB4nGsBURKil10712buRM+PclvqoI1KAUsL0tsAmoUL6HFIPRQdutoJDJyRc5EVtem3kT4dzXrVQepXcBf9GZiP6CftumvxXxrNunGKz5t5cF84x9XP6Y\/7knp+i8Vn86u\/+pqUdKbDToayA7i7UI\/SNaAYv02Kc7c6Qw3+yNRFjGRREinrCl0ixySgNb2ie2qO0RX1shg3FFg0KncbzO5dzF3f5aX+V0m8x5m9vMy\/135ezrze8z8az7Krfvvmbo\/YPa\/VVp5uX\/cl0qZAvu0QInmj91Gdoi5sbbh67vw+xZ+9+D3Hfy+h18Ffj\/A79\/hdx9+sVp43IbHK3xee\/tO+fv1hn6YxlxuL+gQc4uonNQR5FsxNlvSJyv5KZYIIsInUFEXMhTdWeuUqK+b+9aJvfE8E90f0FNKD2D5s8eOM3r0zA31h\/OXpv7YgT\/FvzSOTR4ogVeQW\/z\/uhMsyRlkcqIEZJoe6l5iDcF7EL8zR0Cg6R8Jy2mIL6DHjMlk6u4PZyom6wbQAVo4N0vAs0AXRFVlkY8Vi15ZFvyuY6pGnRArOKwAfhZ3Qdh3sQY7cg+xF\/rHJZ4x5K3VXTfa5J3VNdq4iSZ2iY8It0ER86E4JLehjxJ+hFgc9+ZTd7Lpg0aiAZ9QlHiT+ZjEqx6RF6uL8BeIJ6URJ+lOZTbnmQIQ+efojFAB7f20ZDzZ7f0+KCc5FXx+ZQUDMs6WjsF0Sjgtb0u+PhE2g8zL5DjJygQcVSwGRWsTnTme2hTD0TuGevusrXFvANaijt4+uqsT6hXgRl4BlrluiEkGUb2LfK+d36QdkMnmDJYic6iNBnCWN4CXe+1Eg1w3OqW3ptNx1tep9oL9t9P9Rx6hO7z\/zr+z\/+ckMX3QlaxwR7EuZxZxsF+oy\/JXwrZpvue4xHdi7ghYb5klrfMNsBko3BfquxyDjbasUqLm9UfoBMRhtFHR0E5lXdWrjHQxtwGc+AiMZcAAsyKcQpDI6T7+FIAw9OgDLPg+aoXv3pVxtVtXarBW0d6+rT75795Vrzs+JvlrRg3Syk+9d+\/q150epPXW6kAe7CsP1EmzXwgKfqG36EPrPZiK6V1IPaBEN1zt0SZTd6Xc7setQ719Xi\/03+nQHEA1WDehZvTpIdivAmQlvFd97FWhB6pLpLTfjEARBgxa6G\/yDh9cXXcucT5li4nFNguBmmmSSHeZXr6Sewvfoek4scAoLP8RHjmw2vSx+ZXwLQzm7DIWYgU1f61K4grIJlTy6Ke8Hb4Me8PRHXQJIFKvrrhDe+QA8q6Q2Qq2hM4Pfa0jANBbUMyJGWCp0xGGD1tdN9CqaKvAKAL4qVfRS4b+Ym\/qVeaWs46+7S5nPJbq4lx7AGmtU6+umijlWaoH4F8rV0tPiCuajh+gpKUGb9\/W14xW+clH91X9G5HNRTjirzAVX6kMF\/tfKZtb2zu7e+8\/7B98PDw6Pvn0+fTs\/MvXi2\/fL4llg4DqB+FNrz8Yjsa\/JtPZ\/Pbu\/uF3yShXqrV6o9lSYrqB3ltKYcME5lrYgD\/rP036t0j\/KtdUzK+9sxN+kejgZhNY+SDox1VpnS\/UlcyRnKxkB35ZYKDu+9Ei\/orbEwAl+guAXOD+Ax1pymFWUJ\/YD1q3LCHe2pbuWGn51KIKp5XEkLDfd33Sp16AkyE8IB1y0feaWrm+MKc9hn+EyhcRaU1WtPUwc5lAtTINRvO+g6b7yPvPdVZgJQcrw9Fw3R2MZw8rkek="} +04386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":5,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAtIHaQAAHsGlKqs2RJiwKgCfgBQrVDIz3IsXVm79oAYAQWNnAAAAQEICjsKomxlPCxhbdFxZOtbON3F7zmWQqZFsW6xYbpW7pGQ2Ik4cygk4XCudROvnPDyfZ+YiXoWW8OR9r83Gf12EaqgcrlWF6iMdf1kWu3I1EKK28ATtjFtiesi1Pi43Ra7Uvpzzt7ucD5w+RfQlWFpRD3zrZgNQEcsk3aljX7M250E1CyQ5qy4YEAL0oEZkjgeff8tKaKMYYVTxj6I1l1dVWnDa2XqKBAVCi2hCKWLJDHFZkd+BmTSo\/hAqN89ma6Eg8GcDhulcOxbWRrrDZ+Ff6H+uHarS+tvau1nJ3XNXG8lZhXlSvgLyZosZvUsCV7cMRHdiGOHRSEqrK1lOg\/qe8JLVui11Pm2b+kDSyi63sR1f7sqTN7VNXDsYWaFw7QVb1LQ4AescOwzd4UMYyivHLnTKfFdetJq9JI\/\/nNf0Taxzw1NMVTGElQ4ppMUphsSphtpTI9r+mXJil1EK23cWLKRPmUQInF4hWhsuyjh7h3XPqH95JKGmCguZ4ht2DYvC3gSDsOZi+uAtCPdkokcYr7b6ISdM9Ps\/IslfFchS2LbO6bkoqffCe97Ip9jCYGEFL+AnMdXOPqdpUVToAltbNDKb6cLDYDIKtujBLlQlDbUblqLheTFH4FsGhMec2Z1LFMy0cytthUdlWMTF6\/iu3gVcyDQ5wykiMmLMidxdMmwKAQZCoBMzFgrleeJ9kpjGfpDqtQghP1AoR90\/w4xbe79bVJcicYbd5t3JqFETalrFgrOJZDlhHm8g6KbaMJmTXSyS54RUGNtLaAH7iJNOGpxJohpgo7EZIQUZ6ODs5PjyNLE31Ucz0QeR4Z+08lrS9R+LpOv1+BnF5dQ\/Mqqoxz53sqzZZJigNbJIigOxZsrUgwLpLiJ1jmQtLcyzgtCLafYRHUu6x2al4ClBvgPtBpOlNuqRAtKbZvS0oAarVk+nY3E1vCkJjRt0YYX+naqUR3Prjw6MRo7SFqcTly\/C\/W7wBuGFLR48jWEFe5041pNu32PH+mBXsnE9WBlGsMNX5mK4aYyExK3aBYnjTIu5UrmwKLUgJN5tM4Dz3U1PckfXC1eNS40MADS8BtTXROwzRWIq+nbtDEXm4tcVvSdzHwQ1istSSIIgnSh\/7YyZmOem5giI2mvrpJ0aYAvFN98VfFCpnQJC2+lIas98tO7XRtG3U6srW2eRaJie\/F8sGnFrRinK3K2tyV9XF+VBSWcrJ28eWX1AP5tI8WwNY3t70RryqESBGg79LgLfcJ31BW4+ElnxdZS\/XZgpWynYRVToxKnQpZMhbjmZgER4id6EbT0jFaJHdOlTcUDRNdPUHJc2TL3PgNipvikVwrgGl2xtsZapTyFUdWiTxc\/eouh3ZQNV3ch0TKBs2\/xEzgwIl3IWlYMFktn6L62BrhuwQNUYTE\/GjbZ0WF6twNYTnOuiiKA\/27xTN0kHKw6fMemeN2ujPgfXjlSNj7WArrZdLw4i4dr2eskhswOXfICHeY3x9rvsDMMDxRVAPjYsz6eaPmt9pijEPUUvqLG06enfqRMjmGyx297YrLHsQNj72rMc\/9WJzA6BPAEl1MkxU4AKj4zWkygOQrWCZKTBQeK3wFRu6evBtrCQodMDwb4G72\/YVJWPSidFpl9LZ4tPAwS0Reo2U8TJ1DtO6tQk5dfBpY9B4fDIKAiPjKKrv2B8G8Hrt1jAn8IOvnDypSKvyizCo0AxF7bFKpMkx4ZsdmaYtt5vrydpzom9hV68lt1GI65CEjaf1T9GZKR6B2mmmossKTEavJhNeVQLEoxshjDPLNXkZYVb4A\/ILBkzhLThQ\/LCVG2WpdX63RhGG1HVOuIancsXgdQAX1\/WXcj8S1aJUwpkcwdQE7YabJIMsJDZXiazESLHKxDWJuIppiU7mk0WICho6+64nheRC+tmF46QOqzQDlIE0sxPpqD2vg+ZkdnCbpNZQ+rvR75tbBywix7lC1KsPvmISy1QyaSd+J9eFm\/Kw6Y1rUPsKdFnC5uWCLwaNZNU3WAva0b2rqaKevjlrVwued2Cvp2Y9Jzpry5GwFyqB2GgHZvur3KPl6Rax2kaUfTuKNYaJJ11naH+\/XHNvCIblho23trdVVeJNocs3RSMHh5fmAiEJPT5pm5E+zR5refXzcPv+yyxYbIwuKIRDhisW0GEMlReiNvWXmNFFjfN3V5FFo3SQtQvA9wYO0oC+IGPYvrmCCcUW\/2KOAGue643bScRWtwtbbDCoMWepQM4oBCdtoRmvA+CWTpWyC0UDFbkjaOrQQigowOihGWPrTYdlPiqDK0Ssbj\/gNzYYgOjEKFd0CA9SPAsxO5Y2dLz+gDOEdcY\/xEDYTLTFJQrfrJuspT6q9NUOYT\/oVZCwNUAxM6kDUGSoWn1Ln4iNkcJJODpn+yElaUz4L0gDCue9oj3cLzUaSnpLebUWSAu3vFoy4asyIG0iZAtVRGwLT2e\/YI+gnVu50l6kzs\/0I1G8dSUwoOrJW2DWK0arPjVJgDljikqlkUVN1uSLEw+8nHdFT7oN90RTpRx6m3HoopvO+M0OzL03ryDE7sA5\/VOvv5GME1SVjFmyTJLifur3k4cacrZIW5yMXWoc1P+yuzUc8dKlzpYDiu0ZARR3j6jPvpRl+oKzhwRlI8SjHl0fjhlPqWuc5e6PadKXPwttwVoGzM+9yjwsQKp47TyOMEwZ2mg4xM9XCb14Yfk7\/GUkS8hcG6pr9gfueaUhwkZ20NKKTHj4uwqDqP8UH05+0Mnu5rYqOs4Hd+qYz6oT8UngHgLlE8MdC696imXPnXpgd\/2p8ZmdLpQWtIgBWBwSso\/4u\/uZzgoksVfmdiJbdjsNNY0cmMBAk4fZYE7Ovq6TMUgBXL\/67pp5bA2i9p5su5AgEYn6E5inpFcN5wbi06X2RStocnMhIpS2PmBKy9r\/lWh8Rqt7J2VpYWwtO5hYaFtoKt\/XQRadvbmFUBQSKvakoeLPWMwl4\/R5jqZxSyNB7aK+OcRZTvQjKn0QACpaR5y6I+tyZarKRwAZj\/GzRKgFXjRgFu8tHfCf61R332MxiQoUM3EgDh6ENAM4QDn\/4Mx\/MZPvTcB98d4lM\/HPbwd+DOaMVjMiEDfJiO5hObtjGbEJvmuaOtsc58zJv10ER\/x+8W88DofPyDiEhhIV2CosbH12BGKJ1mT9ZxnK4jyKnD4PtodsY8cWkxd5w3OGdSI4JekasKc\/oRWGir5Mq4Lli2qnQV0BDKbI\/d0mjS3xRU9hf6m5dR+GMWgz8C2oYJtD2fAGF1nVOXzdWXSR9w+NIyN\/6hXv2j+7dr9CvqXv0DH7rq37iXm9bd0B070QEp8pKS599oFcyvaEMFxiyNFEPUfKergdjL1s1HgOR3zGjZGSE6G3\/NYue604bt6LvdJQW6re1+Od3fHg3GoyEsN+rjrMRsgHp9aK8l4HYUYMClboQd10yLiV23jXxDNMDjZsiaDmcALobPYLoS3fymVg\/QFAF+qrDWvIsCFyprCnWnzhmRoxUUU8n7wjEwoCHPkuThcPmKdG2+Ig\/\/ZEUmVtVhemUe\/vnKPEyvzMPXrUzPBpR2CBAodJHrMAcH\/Yqs\/y6ttwo\/Nq4L5l9vNkLdx3xqtw3\/D2az8bT7NCBhfzZ68mZjrf109Y\/2Bq4K+HyFD09vNA1KuXSLIWDSx6GqEGsERDJkxwj+9ptHuPytQEa27kNa4CaL0RziNkA8ZBBnfK9vWuxhj4koOPZF58Z+YfSsbCrjK0GdKPNnM00NVbkrOkGhbuwsibqxMzTqjHjuh9kAKdPAzkipyQrTh8Kyew=="} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156962711,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156962711,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1654385156962711,"pkt":"tKXvZygQnLbQ0+MzCABFAASM3BpAAEAG6JjAqAJ+oXUNHcPcAFCL3GIckxS0LIAYAfZ2NwAAAQEICrrGVYyXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGVmdC5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1503,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156962711,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385156962711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156962711,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/left.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1505,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156971856,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1114,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156971856,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02033{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_usec":1654385156971856,"pkt":"tKXvZygQnLbQ0+MzCABFAASO+8pAAEAGyObAqAJ+oXUNHcPkAFB6Mp7uO+mvZYAYAfZ2OQAAAQEICrrGVZWXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGlrZV8xLnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MTsgX3R0X2VuYWJsZV9jb29raWU9MTsgX3R0cD1lODQ2MzliNy05NDAwLTQwNmMtOTdlMS0wM2Y4ZGE0ODE1Zjg7IGlzX3NhdmVfY29va2llPXVzSU12SGt4UDRKRFhoYzsgX2NyZWF0ZV9kYXRlPTIwMjIvNi80OyBub25fbmF0aXZlX2RvbWFpbj1odHRwczovL2FrZW1hbmdhLm9yLWZybmQuY29tOyBfdmVyc2lvbj12MjAyMDA1MDU7IF9nZW5lcmFsX3N1YnNjcmliZT0yOyBjbG91ZG93bHNfdXVpZD0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGNsb3Vkb3dsc19pc19zdWJzY3JpYmU9MTsgc3Vic2NyaWJlX2dlbmVyYWxfdG9rZW49MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBsYXN0X3VybD1udWxsDQoNCg=="} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1505,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156971856,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385156971856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1114,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156971856,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/like_1.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1506,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156978849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02038{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1184,"pkt_l4_len":1150,"thread_ts_usec":1654385156978849,"pkt":"tKXvZygQnLbQ0+MzCABFAASS0r1AAEAG8e\/AqAJ+oXUNHcP0AFAuouTn4gYGxIAYAfZ2PQAAAQEICrrGVZyXEVcFR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbW9yZV93aGl0ZS5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} +01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1506,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385156978849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156978849,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/more_white.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1507,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156997634,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1507,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1179,"pkt_l4_len":1145,"thread_ts_usec":1654385156997634,"pkt":"tKXvZygQnLbQ0+MzCABFAASNFH5AAEAGsDTAqAJ+oXUNHcP2AFChqIPWvwX7zYAYAfZ2OAAAAQEICrrGVa6XEVcPR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vcmlnaHQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} +01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1507,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385156997634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156997634,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/right.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1508,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385157001678,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02037{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1185,"pkt_l4_len":1151,"thread_ts_usec":1654385157001678,"pkt":"tKXvZygQnLbQ0+MzCABFAASTjHtAAEAGODHAqAJ+oXUNHcQAAFCrgt7ji0XD5YAYAfZ2PgAAAQEICrrGVbOXEVcWR0VUIC9pbWFnZXMvbGlzdF9kZWZhdWx0LnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpL2Nzcy9hcHAuY3NzPzE0OTA1DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1508,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157001678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385157001678,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi","domainame":"mangaweb.1kxun.mobi","http": {"url":"mangaweb.1kxun.mobi\/images\/list_default.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385157145999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":748,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":748,"pkt_l4_len":714,"thread_ts_usec":1654385157145999,"pkt":"nLbQ0+MztKXvZygQCABFAALe44NAADQG7t2hdQ0dwKgCfgBQw9yTFLQsi9xmdIAYAPSXNAAAAQEICpcRV7G6xlWMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMzY2DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTE2ZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAFFQTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/CDfnXgAAABp0Uk5TAOEQHt3X0s4WI+fFBvPkMNPJq0tAC7VRUC7\/IHCDAAAAsklEQVRYw+3W6wqDMAwF4Fi13nX3y3n\/Bx1dmT\/mYBZSsHK+BziEkiYRIiIiIiLaC3M6Sxx9B1wkBlMBGO6iz3Rwil60XSs441O01T65aESbOcJpIySXvuZctOUHOKV+cm3hZBGSCziVEW2Nf2cboeYSb63N\/rASZhqxmoS5YbVhO1WHvPWGOuS7r1P5jYsZksjkW87rNLbMvBvbSbw0NvrnDnnILInryd98REREREQ\/vAAzzxwTVWsbZwAAAABJRU5ErkJggg=="} +02284{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1510,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":24,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385156967826,"flow_dst_last_pkt_time":1654385157149701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":14400,"flow_src_tot_l4_payload_len":6674,"flow_dst_tot_l4_payload_len":81693,"midstream":1,"thread_ts_usec":1654385157149701,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1046669.2,"max":6045020,"stddev":1981650.1,"var":3926937042944.0,"ent":3.0,"data": [188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377]},"pktlen": {"min":486,"avg":2813.5,"max":14452,"stddev":2993.9,"var":8963654.0,"ent":4.4,"data": [486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1],"entropies": [5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385157153682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":832,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":832,"pkt_l4_len":798,"thread_ts_usec":1654385157153682,"pkt":"nLbQ0+MztKXvZygQCABFAAMy+MlAADQG2UOhdQ0dwKgCfgBQw+Q76a9lejKjSIAYAPQgmwAAAQEICpcRV7e6xlWVSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNDUwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTFjMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAG9QTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/L9MC0QAAACR0Uk5TAJSpvW0XB\/bWdRD8t6aZi3E3AvPs3s20r6B8d2dTI0U7LisEPmah4wAAAN5JREFUWMPt1MkOglAMheGi3AsOgDhP4NT3f0YhYiQGMcg9iYvzr7rpt2lSYYwxxhhj7C172I4F0nykCrFLuSiei\/sOWhYa9\/JIKxol69S5PNMqDyYHR8eyr89WKUrWtQXIiCv6kxqduJSPdXl5diinC60VDAevon2\/h5JoS+u8szd85BdjrG3tOtO1Ra+VDn6lva+0ksbT+DNucHQGo0MDo\/0bil7kgqITi6InqaDo6RhGZ4KiVwZGzwRFL68w2rN96f0n+iR9aRM2y5HtRUflfNk0ybERxhhjjLG\/7A7dOIR9fLd0dQAAAABJRU5ErkJggg=="} +01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_usec":1654385157162185,"pkt":"nLbQ0+MztKXvZygQCABFAAIwUYBAADQGgY+hdQ0dwKgCfgBQw\/TiBgbELqLpRYAYAPSjggAAAQEICpcRV8K6xlWcSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTkzDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLWMxIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo1NyBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KiVBORw0KGgoAAAANSUhEUgAAAFoAAABaBAMAAADKhlwxAAAAD1BMVEUAAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+PQt5oAAAABHRSTlMA8a0mzjE4JAAAAF1JREFUWMPt0LsNgDAMRVEgC\/DJACAYANgg6O0\/E0qKpLIipYt0T2PryYXtAQAA9OpdzlTdsd45sDivkKYeaSuBYZK0x+aSvhIYRklzbLwUctA+Xd+k\/cr6BwEAwA+l3hHvzEdfEgAAAABJRU5ErkJggg=="} +01560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1654385157178524,"pkt":"nLbQ0+MztKXvZygQCABFAALcrA1AADQGJlahdQ0dwKgCfgBQw\/a\/BfvNoaiIL4AYAPQ5GAAAAQEICpcRV9K6xlWuSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMzY0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTE2YyINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAFFQTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/CDfnXgAAABp0Uk5TAOEQHt3X0s4WI+fFBvPkMNPJq0tAC7VRUC7\/IHCDAAAAsElEQVRYw+3WWQ7DIAwEUCckUMjWfZn7H7RC\/DTqR4OE1SDNO8DIssC2EBERERHRv13Orei4AsMoGh4TAKdR99ghGjSyXzMid5PyfJeyD1KeD4hOGj0xqe5eJbtHdDRSnmkQWY1+tw5Rp5FtbOq3l1y2+cEGpOzsurHZvEieCZvd91N1Vq9380Jy3nUtv\/FzhtQy+dbzuo4ts4TVbqxkoz+\/75AKrqd08xERERERKXoDf5McEz6WWVMAAAAASUVORK5CYII="} +02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186188,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385157186188,"pkt":"nLbQ0+MztKXvZygQCABFAAXUlC9AADQGOzyhdQ0dwKgCfgBQxACLRcPlq4LjQoAQAPRppAAAAQEICpcRV9e6xlWzSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTYzMw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNiBPY3QgMjAyMCAwNzoxMToxMCBHTVQNCkVUYWc6ICI1Zjg5NDc4ZS02NjEiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjU3IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQqJUE5HDQoaCgAAAA1JSERSAAAAoAAAANIEAwAAAD8L1tQAAAAwUExURdra2tra2sTExMHBwdfX19zc3NPT08nJycbGxtnZ2dHR0cvLy8\/Pz83Nzb6+vt7e3u\/hbHsAAAABdFJOU+juN7IsAAAF30lEQVR42u3Y2WsTQRgAcP0PHNiNpirCTIjxwIcZMcGkhdS0aaMggaSiIhJr4400GzX16ENWvFAhovV+qIm3Pmi8FUUr3gcab1AheVBE\/Q8Ev93NJtlUTAJ5UJh9SKez01++b2a+6SZDhqK6XsM4yEEOcpCDHOQgBznIQQ5ykIMc5CAHOchBDnKQgxzk4H8O+usMmlMKWkdQcCEUOB2qY8oTzMKKpu56gEE10UQsEp54enJFUPQHKy3GigvKuDYsrZ4acFUEZ1x\/UyG+E\/EffiT6VkR8k2NiJFEBNH9i2S7jLdGwlMLdZSexGy3feTEZciXDO0OVwF7Mjhq9viWlv3Y4D65K9iPprWXa7Vgz3e6uAAoSpl0Gr0GyGraftC716TXKzJy4633n0mvg1QiaImyq4Q2evTm\/YWFixDXHvuiIbhFVBGUjGMgwPN4Ado5dH5b65+Quzdr4awqqFRRPMGwEkenRadudaOBRYuTG89bKoIkA6PHr3nSGS8HAmgQSXjbGGr7BiNHb1rdXB7ZiPcYOmQLYWBg1J5sQk+stzVuU0BqmulFVoH1xTt\/\/dyg2gLu++8d0Po\/ELimhCZtQdaCNYPZCTdgLCbNSsM3ivzLdfj21XI2tvUoQU0y+7FFmbCe0bBg7i2Xi9uY8O87GiD4nlcEGiu1pilkUyvUIhQBPaaCQ0Kqw14pMtruRlqrBQxjbR2YxzragUZAtGd8AHQnY3uqEzeg\/3oKE1kfx2MNqwcMU\/v4mSNbZEiRsd2tgJ4N3EL1kymwYMwrbtvTXAu7ZC7F9XQQv7BVSQdjubP3HpzJu9Psu3xa81t2JWkCE0hRiVBKGVVLAQxRwxuCeMOlnD5oHm6A2cLRSICC5VdDh3gug1rP7Chww5kT14EGqLmpGEdgFlAcP5z24t1\/FagYb1IQTOijkPWKFGq4NnK6B4gKKHSGkgwdpOWhG+tX+d9CrgUiQIGEdbM8Aps\/qsjUh1Pc4tkH7x+B7u2WDWyOEFWvWLUG+u4PARm11JiZ00NbKdJB0o96mHpPEGFMTOCBDa4Iqmk8one3y19Ag0F+aigDgDFoAXf4MuaouGRkPSFpdvE0CDFaPTrIDs34D2EaxSwNREfQWQPx1T4Z8YJgwimkIjYYbSis21m3uVZsEk\/cVwDi2LSqCtCVDrhHiWCdh0oOSMMFrImwsoV2js5huuExrBh0ARnsnpOAUIVOgIvFd1Je2SnTlAko2IfMdZ5xcrQhiX7YAks8DZOsiZd4HcCOcdVZo9S2UaddN5QxBHSmJRMtAMnUQ6IkXwVVJYvFrI+0HKXmhjpHJEhm61WY1oHugCI5L5nf3cGr3Ups7D6YIeZ1v"} +01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":576,"pkt_l4_len":542,"thread_ts_usec":1654385157186882,"pkt":"nLbQ0+MztKXvZygQCABFAAIylDBAADQGPt2hdQ0dwKgCfgBQxACLRcmFq4LjQoAYAPR6KwAAAQEICpcRV9e6xlWzbvw7aAawPVMELTo4l9oXUyfSQao9EpmlQWB5vUp\/AXEBPEbzzwdVge4S8GIhZQN4TwfTVYAOj1wA6cyB\/AAvtbeVgFhLWUwTS0XQFsGFyy7qYBt1tlGbWvABmbwipFtrVgTTGLMi2BgcyK9aM3XCtrmtBLhbJq97te4FdDBoKQdLL9f8ZB7spC4TvHsCCYuiaXLrGdS2iGYQ\/AcQlYFjM0VQqTHtATSJp5plTD+E7ze50uTcvixxhpfLtBrQPqoIEssCqj1KvSRWiJIwxiiEda6DYUahSQeDG8tASlFJiN+bNVCUiEV9uICY4EQ4h5I5DJ7jZRnYnGsqizDD7IlprHB925X7rpbEziY4Vo4oXbQ\/DaBJVtrR5p+TjREy1mMEfU\/uoVFxxuxPPj7eEsc9e5lVBY\/jEOySd5jZXgVkAMVDMWxbK3px1AD2nXrkNoKi8tGu9cyTVDDo97SGkRDWBswOa6+nFvoFCUAkCuGFIhI8bgOIgkFdMqigaT9hhN6njYcbGgjten1FYM6DqC4gRN0h1xVsDT+gpLt+IEwgw5Mu1hFsYpjkuuoITmKMbfLXDzQ\/wJtvtKD6gbDTPQjVE0Swtf\/N7744yEEOcpCDHOQgBznIQQ5ykIMc5CAHOchBDnKQgxzkYBH8DdDO1wSycMqNAAAAAElFTkSuQmCC"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1516,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794071,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1654385176794071,"pkt":"tKXvZygQnLbQ0+MzCABFAAED5\/JAAEAGaSDAqAJ+rGl5UpW2AFDAhIjRiFQ344AYAfbp1wAAAQEICvK1uV7Jom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDczMC00OGZkNjU3YWJkNWExZDNlNDVkMDM0MDNkZGNiMDY2My5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1516,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385176794071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794071,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794172,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1654385176794172,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDhyVAAEAGye3AqAJ+rGl5UpWqAFDm5trb+jit4YAYAfbp1wAAAQEICvK1uV7Jom0dR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDc1MC01ODU2NDUzNTNhN2E0NzYxNTc1NWI3NzE0YzYxMTgzNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385176794172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176794172,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40750-585645353a7a47615755b7714c611835.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1518,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176795709,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1654385176795709,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDkpJAAEAGvoDAqAJ+rGl5UpWsAFD4\/KHAFVJVKoAYAfbp1wAAAQEICvK1uWDJom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDcwMS04ZmE3ZDkxNmM1NWUzMWY5MGZhNTVmNDUwYjcxNjUwNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1518,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385176795709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385176795709,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com","domainame":"pic.1kxun.com","http": {"url":"pic.1kxun.com\/video_kankan\/images\/videos\/40701-8fa7d916c55e31f90fa55f450b716505.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} +00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFAAF1WjBAADYGAHGsaXlSwKgCfgBQlbaIVDfjwISJoIAYAOs4SwAAAQEICsmibd\/ytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDg3MzAzDQpMYXN0LU1vZGlmaWVkOiBTdW4sIDI5IE1heSAyMDIyIDAzOjI3OjU1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyOTJlODNiLTE1NTA3Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNjoxNiBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} +02547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1520,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":3,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFAAXUWjFAADYG\/BCsaXlSwKgCfgBQlbaIVDkkwISJoIAQAOsFsgAAAQEICsmibd\/ytble\/9j\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APgjVdV+IGpeNdTTTtd1OT\/iYShQt3If4z715latCnfmZ4ajObaSOi0zwV+0DrcSLpOm67cMW4EbSsen1ryK+aYKk\/enY7KeExc0rRubK\/Ab9smSMS2nw88XzK33THaTNn8jXGs\/ytys6y+86P7OzBL4GMPwE\/bXkJVfhP44LDsbGcVX9u5Zf+NH7w\/s\/MP+fbIJvgF+24fkf4R+NPqbWerWd5V\/z+X3g8uzD\/n2xY\/2Z\/24rhd0fwk8X\/iJB\/M0\/wC38q\/5+on+zcw\/kf3kkX7K\/wC3VOdsfwk8Xk9vmcfzapef5Sl\/GX4gssx\/8j+9Fgfsj\/t9Bdw+DnjFuP4Nzfyas3n2Uv8A5er8S1luYL7D\/D\/MY\/7Kv7e8QP8AxZTx6cf3LKdv5U\/7cyt\/8vl94\/7OzDrTZm3v7PH7cFqStz8GfiCCOv8AxK7v+grSOcZY9qy+8h4HHL\/l2\/uMq8+C\/wC2LaqWuvhV49QDqW0y7\/wrVZrlvSsvvM3gsb1hL7iinw2\/aqlk8qP4feOGbOCF066OP0qv7UwCX8aP3oSwmLf\/AC7l9zNTT\/gP+2Hf\/wCp+H3i9Af+e6yR\/wDoRFc887yuG9ZfI1jgMa1pTZrWv7Nf7Ygw8nhfX4x3Mt2ygfiWrlnn+WW0maLLsd1gXrb4P\/tRaU+24stVJHUJflz\/AOOk1xTznLpbTf3MpZfjVo4\/idL4f+HH7SdyQh0LWyfe7Kj\/AMeIry6+cZf0q\/mb08vxr3j+KOx0n4QfH3CreaPrKE9N2oqB+r1xf2vQl8E2\/lL\/ACOlYKUfjVvmv8zft\/gv8cXj\/d22ok44X+2IM\/8Ao2iOOnLbm\/8AAZf5DdKnHeUV\/wBvR\/zKOq\/Aj9qa4UjR\/C\/iCcnp5N3E3\/tWuunjacfjbXyl\/kYTo8\/wST\/7ej\/mcN4r\/Z4\/bdTcYfhb44kHP\/HvbNJ\/6Cxr06GZ5fH4qn33OWeDxTeiv81\/med+IPhH+2JprN9t+FfxCjx1zpNx\/SvUpZplb\/5fx\/8AAjllgsd\/I\/uOR1fSf2hdLYrq3h\/x"} +02548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":4,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFAAXUWjhAADYG\/AmsaXlSwKgCfgBQlbaIVGCEwISJoIAQAOsaVQAAAQEICsmibd\/ytbles+3OATjOM8U3czW+p9s+A\/8Agph+z3eeC9a+Hfj74F+PvBkNzP4atvDviH4Y61p95PpulaBHPFplu1pq0LweeFuZWlniKeZId2xTktzOlNap6+Z0xrRtZo+Rfihd\/DzUviJrWpfC2w16LQLjUZZdNPiZ7c6hKrMWMtwLZEhSR2JYpGNq5wCetbR5rambtfQ5x1GRhaexa2PcvG6keNNV+Uf8hCbp\/vmu57HgLVMryti2jOB9709q46iZio+8enfs6\/tPfHT9m\/VJ9Y+EPiO4gilgukks5o5ZbWGWe3MMl0qKwCXAg3qs33lXdjpkedVqSg9GdmFlKErIv\/Ff9pX4wftBaXoWm\/F3XbTV38OLcR6TqDaXDFeR28zh\/sjTIoZ7eIg+VEfliDMF6151apKeknsenCTe5gaTb\/aJguQK86tK0TtoLmlY7jR\/h1eaja+bFdKBjptr5jFZj7Kpax71DLXUje46b4SanLEzfa48Af3a5ZZ04tK34nrYTI21e5438YPCd7oZcSTBsHqBivqcozD27TsYYzBeyTTPDPFEjRRMxHOT3r62nJykkfP11yLQ5V5mLbi2PxrvWhw2Yea3ds++aY0gLE9eKCrDJHKjjqaAHWuk6zqjiOwtS5J4ycVjUr0aSvJmkKNSo\/dR7H8K\/wDgm9+2B8aLCPVvCHgiwgtJv9Xcatq6Wyt7gEEn8q+WzHjvhjK5ONetquiTZ72E4Uz3Gx5qVLTzdj1TTP8Agg7+3vqUQmN\/8PrcEdLjxewP6Qmvnp+MHBcHbmqP\/tz\/AIJ6kPD3iWSvyxX\/AG9\/wC5\/w4I\/bpPEni74ZjPb\/hLJj\/K3rB+MvBy2VR\/9ur\/5I2j4ccRv+T73\/kPX\/ggH+28xxJ48+GK\/XxLcH+VvWb8aOEFtGr\/4Cv8A5I0XhtxE+sPvf+RPF\/wb8ftqyEBviZ8MVz\/1Hbs\/ytqj\/iNXCfSlV+6P\/wAkH\/ENs\/8A5ofe\/wDItwf8G9H7Zshy\/wAYfhgn\/cVvT\/7b0v8AiNXCz2o1fuj\/AJifhvnq+3D8f8i\/Z\/8ABut+1\/MQJvjx8L4+On2u\/b\/23pPxp4a6UKn\/AJL\/AJk\/8Q7zlb1If+Tf5Gta\/wDBuV+1RAonuP2jfhmB3Ea37f8AtEVy1vG\/IacbrC1H84gvD3N7\/wAWH3SNHV\/+CKnx2+DejL4n1f45+Dr1IDkxWFrd7jj\/AHlFeJR8dMix2NWEWDqRb6uUbHV\/qDmuGh7V1oO3ZSMf4qfCzW\/Bnh6zfU9TtrmSMAF4Y2AOPrX1uS5\/h8zqP2cGvVo+ezvLKuFs5yTPMNZUqwkyB3r6eD5mfIVocrIbSciUDeMfWnKF0c6bPcf2cfiN4L8I+W3ibXI7QBuS6Mf5A14uLo1HLRXOuhUilqz7g+BH7an7H3haOI+Ivi1ptswx5hk0+4P8ozXzuIwDqTblSu\/Q9vD4900l7S3zPpHQf+Cln\/BNKHRY7PUf2gvDwP8AFHJo12f\/AGjXL\/ZGAnBxqYVP\/t09iGe1oNOOJaf+Ie3\/AAUf\/wCCXaKfsvx18MIT97ZoV2M\/+Qawhw9ktJ+7gor\/ALcRrLiTHT3xcv8AwJk1h\/wUt\/4JmWyFW\/aE8OqOy\/2Ndgf+ia6oZTl0FaOFSX+ExlnteTvLEt\/9vMuJ\/wAFPf8Agl2sflv+0h4bB7r\/AGRd\/wDxmtVlOEt\/u3\/kpDz6pf8A3h\/ezC13\/gof\/wAEo9UjdH+P3hZmbqTol2Sf\/IFYS4eyyT5ng1f\/AAo0XEeLSssXL\/wJnyh+058e\/wBgXxrHcN4I+LGiTl87Rb6ZcJn84hXXhsrp4eVqdDlXpY46ub160ryrOT82fn98frb4f6jcTN4U1iCeNiSpiiZR+oFfV4BumkmrGH1h1Zb3Pm3xDpJtrtiqHk5GO4r63D1OaNmY1Fcy"} +11843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1522,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385177118137,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":8706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":8706,"pkt_l4_len":8672,"thread_ts_usec":1654385177118137,"pkt":"nLbQ0+MztKXvZygQCABFACH0WjJAADYG3++saXlSwKgCfgBQlbaIVD7EwISJoIAQAOsKyQAAAQEICsmibd\/ytblelbEdRPZXKY\/MV3U8bl8tqsX\/ANvIxeGxUXrB\/czMXVfi3G+0zeIgfQrOP6Vo8RhGvjX3r\/MXs6yez+5mlpbfHW\/YLp1j4nuCe0VvcN\/IVyVcZl9P4qsV\/wBvL\/M0hQxM\/hg38mdPpXw2\/a11gA6X4C8ZyZ6bbScfzxXmVM8yKk\/exMP\/AAI6o5dmM9qUvuOk0H9nb9ui5ukMPw78VJk8efMI\/wD0J6463EnDzjZYhP0u\/wAkbQyrM7602vVr\/M7Kz+CH7XelIP7d8PatCB1MmpRcf+RK8irneVVX+7m38pf5HdDAYuHxJL5r\/M0rXw98Z9MQrqkt6hA5\/wCJgD\/Jq4pYqlUleMn+J0xpNb2+9EB1rxbHK0Uuu3isDhgblutdEarSvd\/eHLG57J8Gtb8TfZLPfrdycyL96djmuGtUlfdm9OFz7b\/Z\/wBa1UxQeZqDNkjO7n+dVSqS7v7xcurPqHS73Vb\/AEa3gtpULkjqqj+ldOKpV8TheSm9fU68LUpUK\/NU29DUl0nxWq5VYeP9pP8ACvCeS5t3\/wDJj1lmGB6\/keY\/GqLxdZoZFkjULHk7XX\/Cl\/ZGaRmm3\/5MEsxwHI1+h+VH\/BSL4l+KbKS6hh1y5j27s+XMV\/lX6Jk1OaSTf4nyddKcm0fmR40+IfjW41SVh4v1IfMcYvpP8a+9oe7FHnVY6mAfG3jUE58X6oR6\/b5P8a7IyTRi0yRPG\/jQ5z4u1Pj1v5P8aTMKkWtBH8c+Nc\/8jdqf\/gdJ\/jQkrERSaBfHnjZf+Zu1P\/wOk\/xp2G1ccPiB44HH\/CYanj\/r+k\/+KpcouVgfH\/jboPF2p\/8AgdJ\/jTsh2fcQeP8AxuDn\/hLtT\/8AA6T\/ABpWQWY8fEDxseP+Ev1P8b6T\/GlyoXvIX\/hP\/Gy\/8zdqY9c38n+NLlLjJgfHnjY\/8zbqf\/gfJ\/jS5UjWNQafHPjQn\/kb9U\/8D5P8aLGymH\/Cc+NB\/wAzfqf\/AIHyf40WG5NjX8ceNT\/zN2p5\/wCv6T\/GrSsSyI+N\/Gu\/B8X6nx\/0\/wAn+NMl3PZdW1tbTxhqgL3BxqM2Ak20ffPpWFSg5dvuPBm3e5saZ8XbrRYl8rRlnw\/\/AC3uZT29mFeVXy6U\/t\/gv8i6eIUJW5fxZ0Nn+1fq+nQqkHw10K4I73c14f0WcVwPKJX1qteij\/kdscav5F97\/wAyyn7ZWuMcT\/BbwdJ+N+P5XNL+yeXatL7o\/wCRp9dT3gvvl\/mWE\/bLnIw\/wA8Ft7mXUD\/7c1Ly6tH\/AJfv\/wABj\/kL6xSf\/LpffL\/Md\/w2PCVOP2dfAef7zQ3xP63NL6liV\/y\/l90f8hOrQf8Ay5X3v\/MqXP7XVxPlYfgp4JhHpHbXf\/yRR9Tr9a0vuj\/kQ50elKP4\/wCZTH7VfiVGLWPgjQrU\/wDTq10hH5TVLwDfxVG\/lH\/IfOltBL7\/APMtWn7X\/wAQLc4+xsB\/dh12\/j\/9BmrGWW039pf+Ax\/yGq7XT8Zf5mnB+2j4y2bbnS75\/p4w1Mf+16y\/syUX7s1\/4BH\/ACKeIpvSUX\/4FL\/Mnj\/bE1Jhvm8J3jn38Y6n\/wDHq0WGxkdFUX\/gEf8AIwlDAz3p\/wDk0g\/4bC1yM7rTw3dxntt8V35\/nJVexxXWa\/8AAI\/5Gbw2B3UGv+35f5kUn7YfipuW0W6P+\/4mvT\/7PT9hiGvij\/4BH\/IaoYS3wv8A8Cl\/mRyftc+J5l2t4at3\/wCu2q3j\/wDtUU\/Y4lbT\/wDJY\/5AqGE\/kv8A9vS\/zGQ\/tWa6j\/vPA+kOPe5vR+onqJ4bEyX8V\/8AgMf8i408HH\/lyvvl\/mXU\/awncZm+Gent7Ra3qEefynrmeExield\/+Aw\/yNP9h\/58L73\/AJjpP2pNMuVxP8IlOO8fjLU1\/wDa1Co5lDbE\/wDkkROnlst8OvvZXH7SOlq2Y\/hbeRgngR+ONQ\/qxrdPM0tMR\/5Iv8zCWCyub1w6+\/8A4BbtP2ndBiwZvhfrD\/Tx3dj+amhyzpqyxMf\/AAD\/AO2EssyR6vD\/AI\/8A0I\/2sfCkQyvwh1zPb\/i5F8P\/QVFYOGeSf8AvS\/8Fr\/M3jgsjj\/zC\/8Akz\/yJV\/bE0qHBtfhPqqY\/iPxH1E\/0qHQzeStPFJ\/9woGkaGTRfu4a3\/b8gf9tdk4Hw01lhjGB8R9Q\/qDSWBzB7YmK\/7gwBrK\/wDoH\/8AKkiu37aNmDub4W6+p9viVfr\/ACWk8rzCp8VeD\/7gw\/zLjWy+ntRa\/wC4khI\/22I1bj4Ya2PQt8TdUP8AIiplkuKl\/wAv4f8AgimX9cwi\/wCXT\/8ABki9Y\/traYxxefCW9nBPSb4jasR+P70Vy1MjzHeGJivSjT\/yNY47A7SoX\/7iT\/zLUn7Wvgu\/BeX9nvT5SR\/y8+LNTl\/UzVz\/ANlZ7B6Zg16U6a\/Q0+sZXL\/mEj\/4FJ\/qJD8cfDuuRZtfgpo9qCOCNRvJP\/QpTWNTBZpTfv4yUv8At2K\/Q3hWwMl7uHivmya18R21629dBsrbPQRNJx+JY1i6dX7U3L1t\/kdcPZ9IpGppmq6bZSR3N84mVT8yHnNcs4TbaSOpKK1Z9B\/BDx38Or6C2ikls4CrAjzo0X+bV5tSnXvq0vkdCnBbJn2j8CfFvgNlhEesaJ0GPMvIVx+bVVOFRP8AiR+ZpCVN705H0Xo2po1tDdabrvh2RQAQo16Ff0zxXs0U+X+LT\/8AAkiJxTesJfca19451SCEu0egkDuPEsP+Fb880\/jh\/wCBozapLdS+48V\/aB+MthZ2E0uo3uiQhYyCB4ghb+VS\/aVH8Ufk7mcnSWyf3H5E\/wDBQz40eA\/EV9dW1reWUku5gTDOrZP4V9BlWHrRad0Yy5GtEz88PFU1rc38skBGGckYr7ai2kkzinFNuxlhU24J5FbXdzknFp6EbyBTwe1arUxkribt3NO1jO1gpAFABQAUAFPS4ChiOO3pS6iaQoIJyDiiwXfUUE9OvvSt2KUrbBuGOtKxopCNgjrQmVdDCOc4NUDZ9bftMeDfD\/hvxpqTaPo1tbZvpDiGPb\/Ea\/JuCc5zTMJ2xFaU9Xu79TxMySpy91WPKD88QZVXl+ufav1KqjlvaQJbkrkrXFNu5rCepXuXtosmSUqB1IjY\/wAhUXZ104uRnTeJNDico19Jweos5T\/7LUcs5dPyOqNF22Ij4r0Q\/duLlv8AdsJv\/iaaoVZdPxQ3RkH\/AAlekZ+7fH3Gny\/4UfVa3ZfeiPYyuOXxfoSH5lvv\/BdL\/hUPDVetvvQ\/YzJY\/GOhN0+2j2\/s6X\/Cs3hqvl96H7GSLMPivSH+7FqB+mmSUvqtd9F96IdGTZZj8RWD8jTtVP001v6moeFxC7fegVBk6a1A\/Eei6wfb+z\/\/ALKl9WrdWvvJdFkiakpP\/Ivax\/4BAf8As9P6rXfWP3gqLXUsRX0BGH8P6yPXFip\/9qVDwmJXWP3mipJf8MTLcQMBs8P60T72KD\/2pU\/VMQ\/tR+8HTiv+GFEs3BTwnrDc9TBEP\/Z6f1Sq\/tx+8lwV9vwJke6K5\/4RDV\/++YR\/7PU\/U5\/8\/I\/eNR8iVWvB93wfqv8AwJ4h\/wCzVH1Vr\/l5H8S+VJ7E6G+GCvg2\/H+9NF\/jUvDv\/n5H8SkrPYUyagenhO7GPWeOl7Br7a\/EdlbYazak3A8MzD6zr\/hSdNdZoLX6EU0d+2d2iOv+9Mv+FVGMF9szlS02IWjvOh08AehlH+FaJRX2jN02hkaSBzm1VOecPmm7dyeWzLEcWesaj3BqOYq1jS06ElgpJ56VzVZK2hUVZH0B+y14J8P+IZohrei294pf7txHuHWvy\/jbMsThIS9lUcbLo7HuZdThJK6P0L\/Z4\/Zk+AGswwtq\/wAFfDd0SOfP0xWz+dfyFxhx3xZheb2OOqx32m0foOW4LCTs5QT+R9HaN+x7+yebJfM\/Zr8EMemW0CI\/0r5XJ+NeLsTgVOtj60m+rqS\/zOivh8PGdowX3Itt+xv+yRIPm\/Zo8D\/8B8PQj+lehLijieX\/ADHVv\/Bkv8zJU6cXpFfciCX9in9kaRSv\/DOPhFf+uekKv8sVzT4h4pltmNdf9xGbxqWeiX3GfffsP\/slohK\/Afw+n\/XOGRP\/AEFxXlY3ivjLCU3OOaVv\/Ar\/AJo3jVb6Hmvxe\/Zn\/ZI8I6TI0PwK0YyBTybm5GD+EtXw\/wAX+ImZVU\/7Tqpeq\/8AkSq06VKF5Rufn3+13ofwj0xbiHwz8LtLtcZwY5Jjj85DX9ScC\/6yVuWWKx9SXq1\/kfMYzFptqMUj89vi3OiarJ9m02KJQSQqqf6mv6iyOi\/ZLmm2\/Nnh16knE4KQlmLN39BX08UkcDIixUcfyra1zmqK5FKMnNaRsczWg1GwetaPVENXH1JAUgCgApgFID0j4W\/st\/E34neGr7xw8C6HoMPgjxF4m0vW9TgZrfVo9FEX221g8vLecrTRr8wChmGeDmplUjF29PxKUW1c4nxL4T8V+CNbk8NeN\/C2paJqcMUbz6Zq9k9tcRrIgkjZo5AGAZGVlOMFWBHBpOSaMG3ezRWtop7mdLW3haSWRwkcaDLOxOAAPUk4rFji2j6M8Mf8EtP2pde+GU3xG1+fwj4cuJ7GzuvDvhfXPFdoup6wlzqcemREIkhS0RrqQRiS4ZFLqU4bGc+eKasdCpyaufO2raXqOjandaJrFhLaXljdSW17a3CbZIJo3KOjA9CrAg\/SuiLuK7W5UIGetadStz6j\/aF+L6\/EHxnqajwolhi+lGVuzJ0cj+6K+F4a4EqcOT5nivaat\/Bbf5s+exmLeLV7WPNZG2RKQ\/8AHX2897GHOmyWKR8YD4\/GvPq6G8LN3LVtZzTtjbmuKc7I9PDtcyLdt4daRzhCT6cVlzNo9lTVi3F4SlYZ8s\/gwrRTSW5MpsJPCkycFGI\/3hUuonsyVNdSvJ4VGTkP+YrGdSQe0ikRN4ZIOQsh+hFZ87JdWNrE1t4dnzgQydf7woc2iHVp3NK18O3O0BbSQ\/VhU+1S3YvaRLsHh+76Gyl\/Bl\/xpOrDuvxD2iZci8PkD5rGf3+ZeP1qParug5iePw8q8\/Ybj67k\/wAapVn3Qc2mpag0aJDu\/s24J9d6f40c9+qJ5\/Isx6eccaXcf99p\/jS93ugdXyJ002RuV0m4\/wC+k\/8AiqjmguqJ9q+w4aZMef7IuM9stH\/jUOcP5kP2nkKul3RGBos59t8f\/wAVUOpSX2l+JSm+w2TSNSAwvhy4P\/bSP\/4qp9pRb+NfiV7z6EEmiawxynhK6P0lj\/8AiqiVWiv+Xi\/Eap1HtEq3PhzxK3+r8EXhA9J4v\/iqFiMKt6q\/H\/Ip0az2izMvPCfjRsmH4eXx+lzD\/wDFVtHGYBb14\/c\/8hfVMU\/smbdeFviDDyfhlqG31+0w\/wDxVaRx+Vv\/AJiI\/c\/8hPAYr+QbBpHi2NsT+B7xPrLEf5NTeJwUl7tVfiZPC4iG8TT023vIWH2zSpoQf7xU4\/I1zznCXwyTMpQlB+8j6M\/ZIcrcRBc4EmD+dfknH6Xs5X7HuZbokfpN+zRcExQKAc4AxX8S8bxilO77n6Pld2j6c0WTNmM9jXy+QTj\/AGek+5tXT9oy4ZUXvmvYlXhHcx5WRS6hBGOXrkrZlhaXxSGqUmYviTxTp9jbvLPIFCgk5NfPYvFTzWXscOr92dNOly6vY+Uf2oPjJoqxTRC6GACDzX65wVw5iPdXKebj8RFtpH53\/tGfEHStVnnUTBsk96\/qzhbKq2HhHQ+aqu7Pjb4rNZ3N1JLGOA1fuWUKpCKTOWrH3TzS4AikIBwAeB7V9PBya1PPcSJhnmuiLuYTjYY33M9xWi3OWS1Ih15P6VqncyJB6ipehmFABSAKGAjhipCEBscEjjNAH6T\/ALM\/iL7F+w34GvfhH8Pda0TTLr4XfFnSB4wj0qbW9TstXkuNPCRQyQxqsUkxcyLboquyqAHPWuOcW6rvrqjqi17NHzb\/AMFT9I8Ual+1fqHx41LR\/Elv4f8AiPbJd+C73xbotzYXuo6fp6R6V9pkhuQJU8yS0aQBudsqE8mtKcXy2e6OSvF890fPvhm5gtPFGmXV1rMumwpqUDTajb2wnktE8xd0yRkgSMgywQkBiuMjNNxM0z9f\/BV9oHhTw\/8ADb4L+J7fxVdeG\/FnwU1aHQY\/iAbHw9r\/AI61qHxPPqGmaXbWaq0dul61qyiTJKw3EZ8wSFN3I4pttdzv0Ssflx+1lafG2x\/aP8XWn7SUt+3j0ahG\/imPVPM+0W1y8EcgtpDL87GFHSLLEsfL5JPNb09FY55N82p5u2M9BXSrjTZ7V45dpPGmq5PTUZun++a3bPl572M2RH+zqcn7\/wDSuWo7syjKDnZHtf7PH7Nnh74h\/s5fE79oLx5F4hWx8K6hoeieHG8PWi3Mj6pfXDGSSS3yGniitonJVSvzyR5YDNcdWKcG2ehSipU5TfSyOl\/bd\/Zd8J\/sqfGa4+FvgjSfG1xp2iXc2kX3izxdZwQW+vajAsbzS2KQj93CqzRqY3Z2B53HPHm4qHs5WVz1KNOMKlu3c8lgjjDHO3jpzWCb5T0YpMnWdEUndke5FXa5hUbT0RWub9UyFOKb5UYuUupl3etqhKgM2fShRuZylJ7FCbxBeZ\/d27Y74FaqjF7mbjJ9SEeJdWX5o4WA9TV\/V4goT7liHxhrq\/wfgXNQ8NArlfctR+MtdYfcX8XNT9Wgh2aJ4vFutHjbH+Lmp+rUxrmSLkHinXGAKmEfVmrKWGp32C8kTL4k8QMcCe3Uf7rVP1amugWkyVPEXiEf8xC3HpiI\/wCNJ0KYctQlXxH4gPTWIB\/2xP8AjU\/Vqb6CtJFiLW9ff72swH\/tkf8AGs5Yamug7y6FiLVNbP3dUgyf+mR\/xrKWGp9mUvaMnXVNfA\/5C8I\/7ZH\/ABrJ4Wn2Lj7QlXxFrkK7m1aBv+2Z\/wAaylgabezNVOrEa3ju\/tyBNcwtj+6D\/jWcsspM0WIrJFmz+JthI4jnn2k+9cVTLLbGqxtVGzbeI7S9hytyGB6YauKWC5ZbG8cdOxUvr63TLB8Z68V1UqDbRnPEuSMLU9VjOVQdPQV6VGjqcNWfMe5fsnavJDcwkQ5OQT2718bxNw683i4qry9Nr\/qj0cDiFTS0ufpD+zLq0zW8J8gYYjv0r8Cz\/wACJ5vUa\/tBR\/7h3\/8Abj7HAZ7Gil+7\/H\/gH1f4d02a60tJluFXcfuBScV5GB+jhXwtDkjmia\/69P8A+TO6ec05vm5H95Je6bPACPPB\/wCAkVpU+jhiqkX\/AMKiX\/cJ\/wDyZms5p\/yP7zB1ea4s1Ztobjg5NeVU+i\/XnL3s2X\/gp\/8AyZp\/btKKv7N\/eeS\/FXX9RktJIY1UAA\/xnn9K9nLPo7rLWn\/aClb\/AKdf\/bGNfiCM1ZU39\/8AwD4w\/aLm1G4S4Vol7nO5q\/UMk8OXldn9Z5v+3bfqeTPMI1ZfD+J8OfGWeaO6mV4v4jn5jX6nluV\/V4Jc17eRCqRmzwDxqfPEuY8ck9a+ywceSSYqiTief3yE3DHH4V9BTVo2PKnoyIBgMY4q1dMylqMdSD\/Otltc5qkSKQFeTWsZHM0CN2qmrmbQ6oJCmAUtLgFO+oHQeC\/jZ8X\/AIW20+l\/DT42+LPC8FxIJrm08PeKruwjlfGA7JDIoZsDG4jOB7Umk+g02tij4r8eeOPiRqg8S\/EDx9rfiS+MQjXUde1me+m8sdFEkzs23rwDihJIV2zOzxgjI9Pai1xNJk2o+Jr\/AFZrVtb8R3N22m2sdnYNeX7yGygjOY4YizExIhJKouApOQBUOnElq2pb8R+KvEvjHW7jxL4w8RX+sandlTdalqt7JcXE5VQql5JCWchVABJPAA7UlSSe5SbZRIB4q9hrQ9p8crnxpqoDAn+0Zs4\/3zXS0fPujzrm2KssTC0QYx8\/QfSuSpZM5IQXO7O56d8Ivi\/4W8IfAX4gfBTxLb64JfGuseH7yyv9HkiBtU06W5klUiRhkyecgGPQ57V59ayi0dlKcYxcH1t+B0v7Xvx2+Hn7Tnxx1749eCfDniTSb3xVrVxf6zp+t6pBc29vuEaRR2\/lKCNqowctncSCMYxXnV3GpUcktz3KU1KXMjzeGNiNwGMj1rB2O2EglRlBBB\/AVqmkjCo7srSoSCzDv3Fc852YuRtjrTQdR1IhbWxJDdGkBUfyohGrJm0Kd\/M2tN+DHibVsFb\/AEy3BPBuJn\/olddOlUf9f8E6oYWpL4UbUf7MmrPEHvvip4Ts8jpPLcE\/kIq0acd0\/wAP8zphlWIqPS34\/wCQw\/s2WMZ\/e\/H\/AMIA+i2143\/tKsZVmn8D+9f5nQsgxXdfj\/kNb9nnSo\/vfHjwy3rssLz+qUvbSf2H96\/zG8hxC+0vx\/yGj4EaRGMt8a9BP0sLn+q01OX8v4ol5FiEviX4\/wCRND8EdCXl\/jPogHtYT\/1pSk+34oSyPEPqvuZYi+C\/hMcz\/G7SlH+zpsh\/9mrKU5X0j+JpHIMQ\/tfgyxD8Fvh8R+++PVgg\/wBnSXP\/ALPWUqrv8P4mq4erv7X4MnX4J\/C8EF\/2g7XHcroj\/wDxdT9YlH7P4l\/6tYlr4vwJYvg\/8JIT+8\/aBOP+megH+slP6w39lfeJ8L417P8AAtQ\/Cn4LqAH\/AGgbs\/7vh5f6zVMq77L7xx4Vxz6lkfC34GkfN8f9Rx7aBF\/8erJ4hrovvf8AkarhTHdyG4+EvwKlGyL4735JH8eixj+Uho+tyXT8RPhLH30MvU\/gL4Iu026J8XDIT9wz6eAD+KscVH1+CesTKpwrmMN7HDeMvgl4t8Kt9oF+k8LcpMi\/K34iumji8PW0PGxWV4zDP30c7b6l4g0ObyLvzAueoPFazw9Korrc8iXPB2ZqjWL24QEysQR\/ernVOEWHMTWiy3EnzuxGOuaUrQ2HdtH0L+y7DJF5TWy7n42K3c5rwMwnJJuK1PTwUYSklPY+6PgJq3xEto\/L0qdCVIABbha\/K84xfEFOrJUt\/U\/TcmwnD9SnF1k7eh9AWvjf49WvhqBbTVhFuJBkEvSvznHZ1x3TptKq4pvdM\/R8JlHBs5q9O+m1ipovjn4vymaLVPiBcSlWAJMqnFeVl+ecYynKNTGydvNHdjcl4YSTp4SKv5M2X8Q69NYb7rxfcMc4LFwa\/QcDmeYvDp1MTJv1PhsdluCVVqGHSXozgPHdzqdzZTyp4lPyg8ySAc16tLH4xpv2+3meHWwOGUkvY7+R8o\/HXTteZ5c+Jt4cHpIDXVhsxxvtF+\/09S3gMDKDf1fX0Z8ZfGbR7+3vZHnvDKNxySc1+kZTiJ1KVnK7PAxVCnCXuxseAeOUEDyK3rX12DbdjiqaRTPPL9gJTivoobank1NWQB88AVaabMmrDZGySfatkrJI5pvUik6AAc1S3OaTWpGo5GRWvQhkmOc1LMwpAFACMyopZjgAZJoA+3f2fvhFdj9ivwbpt78K7O68QQfEvxBqutSNo9tdTw6EttpjLNNN9kuttumJmILIEBZiADmueck5bm8Y+7seMf8ABSDwfaaR+2N478c+FrHw5B4Q8YeKdR1PwN\/witzZm0bS1uDDGRBasRa52bhG6oxVg+3DZrSDTjZGNVtTPEtP0m+1m\/g0jSrVp7q6lWK2hV1UyOxwFyxAGT3JAqm7Lcz5pH6X\/BzwV8PfB\/jL4HeL\/G\/wv8Nx+G\/Dvwh0q18e6jqnhuzmsYtYew1ARx3cj2TpLNJIsaqWuP3hXAPynHM5JtnUlZK5+cXjf4deMfhT4puvh\/4\/t7KLWNPWP7amnanb3lvueNZAY5rd3icYYfcYgHK8EEV0KSa0Od3i7GURzilcEj27x1bK\/jTVPmIH9oTZH\/AzXazw1KSi00V3tT9mjVH6sP5VxVG3c5op87bPub\/glJ+yf8LP2i\/gx41tPiLoOmzvdeP9HshfX1mbl0tILO6upYY1TbLApfymkkRvnXajbRyeVwU07npYKlGrFtrqjj\/+CjPgr4J+Hda8A+Jfhd4StdK1Xxh4ZfWr610u+RrGLR1dbPSGjhSNfLknhtZLqR2JdnnO7pXn4lU0011\/pHpaJqyPnq3iYH\/j2Bz6VwSa7nTC5N\/Zl1KuRbHn1YVn7amupEoSuNh0qW0kEzWYZgflDNkU1UpNbmlKnKpKxT1zx9rOjoRDP5e0cAE8frXZQhTqdT2I0\/Y2scZr\/wC0H47s1ZLPxHcKR3Vzx+tegsHhLaxRvHH4in8M7HC6t8c\/iNfTFpvGN8xJ\/wCeuf51pHAYPf2a+4mee5ktI1n95nSfFbxw53P4qvjn\/bFarB4VbQX3GDzvNJf8vpfeMk+KXjM8HxTff9\/BT+q0P5US81zF71X95C\/xJ8Wsfm8SXp9f3tV9Xo\/yoj+0ca96jI2+IXiQ\/e1y8P8A22o+r0uyD6\/i\/wCdjH8f6+eRq94frcGl7Cl2D6\/iv5394z\/hPvEI5GrXn4XJprD0uwvr+L\/nf3in4heI8YGr331+1H\/Cl9Wo\/wAo\/wC0MZ\/O\/vGt8QvFJ4XXbwfW5NL6tR\/lQ\/7Rxv8Az8f3gvj3xSxydduj\/wBvRo+q0P5V9wf2ljetR\/eSp4514D95ql4T\/wBfZpPC0ekV9wf2jiv5395NH4+1ePBTVL4H\/r7JqXg6X8q+4f8AaWKW03950Hhb40eKtPnWOLXrte2JJwwNclbLcPJfCjpo5zjY7zZ7b8K\/j5faqo8Pa9dmWCcbTHIQw+o9K+cxmWex9+n0PWp4+OMjyVC54y0VINQMAjDRS8xH09q1wtZyp3e6PmcwwsYTaMEWq2rGFivtkVpJ3PH5LMt2QwwCsg596wmNqx9C\/sqyStPC20H5uCK8PFxVzuw7aR97fs57mZgyDls9favz7Nk="} +00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1524,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_usec":1654385177120274,"pkt":"nLbQ0+MztKXvZygQCABFAAF2wDBAADYGmm+saXlSwKgCfgBQlar6OK3h5ubbqoAYAOuKlwAAAQEICsmibeLytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDEwMzg1NA0KTGFzdC1Nb2RpZmllZDogU2F0LCAwNCBKdW4gMjAyMiAwMzo1OTo1MiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI2MjlhZDhiOC0xOTVhZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjY6MTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCg=="} +02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1525,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120274,"pkt":"nLbQ0+MztKXvZygQCABFAAXUwDFAADYGlhCsaXlSwKgCfgBQlar6OK8j5ubbqoAQAOs8UgAAAQEICsmibeLytble\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APxm8Z+KPFA8aauF8RX5zqlxgfa34HmMPWva0SR823uUD4p8UeWNviO+GOn+mPz+tLqTd3BfFXipSR\/wkl\/06fa3\/wAabsK7uTR+K\/FH3P8AhI73noftb\/41DsldibZctvF3iaPKSeIb\/pwftb\/41zVUnaxzO7LcXirxJIgP\/CSX3TnN2\/H61jsYzukWIvFfiZo+PEN8M4GBdP8A41EtGZ3d9x8vizxTH848SX3A6G7fA\/Wkkrm8dI6CL4u8Sn5h4jvlzgEfanyf1pNPYtPTRmlZeK\/ErbR\/wkl\/nop+1P1HXvXLO97vQjmfNY6Xw\/4p8TPEWOu3j4bORdPn68mvPrNc9jKpJy0O68NeKPEWVjbxDeYQggi4bJPX1rzar3aMndPc7jSfGniSCBJjrV0V6BTOcrng\/XNedUTlawc0rXuXLXxnrZxI2vXPyqRlZW2j8M1nOMkXGavqdV4N8Z6+t5GravdOAAxzOcZPTvxXHXU+VibZ634Q8ZavqN8LY6jcCIJl5ROc9O\/0rxsQpKO4Jytub8PxJu7nWrdI9SuOCY2UznBHY+3SuKanGDuxqUl1Pdfhb4r12LS4rl9SeQXUiR4LdBnkGvn8ZKTd0\/xYnJoufGzxJrcdpLNbajKI44huEa\/Nwfu5\/KuGlzd2\/mEHd6s8ni8fa1bJ9pm1abMnDDfg7v6cVpNVHLe3zZ0atrUhPxD1GS3aa31W4eXac7nwWHehc\/Nq3+Jeq0uaXhH4i67Ff2oTVJZGJ3bSxyPcn29PaionOD95\/eVd9z6h8E\/Fe\/n8GRG3uTvdcbUQbgSOSSeg614FeNVS3f3stylyo5nXviX4pgmaZtUUCMHG3A2+xHauCvKd7OT+9kx5m\/I6Pwj8X4odCtr3xTdxutwTsdSDg\/3fbiuVxqybs397HCN3ZnoPg3x7jT0utNuo\/LaTa+1QBjt1715OL9onrJ\/ezohLl2PqH4J+JTrXhiNjKrlMKxVQOa5cBXqwxNuZ\/efX5LUU6Lj2Nb4k67Ho+hPdTSIc"} +02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1526,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":4,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120274,"pkt":"nLbQ0+MztKXvZygQCABFAAXUwDRAADYGlg2saXlSwKgCfgBQlar6OMAD5ubbqoAQAOsxPQAAAQEICsmibeLytbleGjMrk84KBuhHvWLpNPUys5M0NInExMbOFOcsC\/JFYVLRXctu25pSauLpgkYMaLwSOoArD2bJStsb\/hTWrtsYYvuJUKmefrXBiKaTsOTaR1HhO4vnv47PT0CM8vyJ15z0zXm4qMXG7YuZH0rols3hXQbS3k+aaWDNxI7cIc8gYr4uu\/bVGuw7o57V9avdV1Gexgi8pIjsDbcHqO\/emqcYRT3KUo20Y1tM+0xCy1C0QSEb1fuT6\/jXOnaTcXoNNMwr3wpDDqE0isUV\/vhvlIJrqhV0Vylq7If8Pb+0tvEJso7xGBlAdX65\/un+fFTjKbnS5mjopptO59d\/A6HRdTt97bPMXBEe0AADjGOx9vfNfG41tStc6OXsdd4gsLFWN7aRYuFJEm3GAB0x6GvCqaysWk0X\/DVha69atZ380MaQJvXP3yPWonJximi404uWh2fw2OiWMirqEe1XctC7rgnkAZrzsWuZ6G0aavqfSnwQugl8kdtBtVhiMBemepr57GJXPRwnNGoeofEWxv7nwrIsB2sU5x\/T0rj97mVj18ypT+rqR8d\/FDT9Rs710ihEsvnfNlicL6Z\/pXvYZxdmz5Wadzz26sJL7W1N4fnV12Rr1BNevGaVPcmpFtXudT4E8OW+mXUk0wWEI5KgrjH0+tZVJ81PQqlBPU8X\/a81DUfEM93YaJMPLgkRZY4TggD+L35r3MlcIPml8jjrN8zZ81+P9JhGiSapNclSYyGtlAboPX1r6\/C1G6yj+Jkk+p4rpSWRv2jlizNuYjzJMrj2r6STm46DexzHie287V2UD5FO0pnO705r1MK\/3VmVBoyriOQ3BUAAFMnj2\/WulWsaXZjazqK2i+QCCNpLAdW\/z\/SuyjTc9WDdzmNT1Ka5QBJAAF56CvSpwUNDJttnMazcF4WSNcseCxbkj2rupRUZJsdtboxYSscm87eMDaO3vXburRLabRFcyK8rbcKV4C\/0rWKatcyd+hXulAtWMkmeefUVcVqZ8sue5zOsrvkZwOAOMjvXo0bqFjopOysUAQSFU4HQjHeuxNpe8b20JAQVxuJwfu+hqPei79xXsQOpHzr3AyfWuhFj41XBWQHB9+DTbQnsQShyxAA9varRpHYaASQQcgnoKZRbsIh5y71JOQQCaTdmZTb3RsePXK+NtXBTH\/E0uOv\/AF0akloRa7MzKHLLgAYzmqDlIUKk5C8L1yaq1kU9iYK6ghTw3qetSQSRIzt8p+VfU5x+FS3YluxfskEQ81hjGcMK5azRy1XdBd7d2wrjA4x1rKF7lQ7lOYM42+Yee+7mutI2i7IS1RxJyGBAyMmpqWsVLY0LSWVHUBf4jjB6j61xTV4uxyzSszUikMZVokJYvznkGsEnJ2ZyWRqW06BU+bDHp9aw5XcuD5Xdlm01KaLhJixXkpngeuP8KiUU2OcFe8Tb0a\/UpxJl2HfjOe9clSK3Rm1oXZNQYRiK1UeYDtLZ6D3rBxGlZ3PQPC8cWmaYJIwAZOPM3Z7c4\/lXkV\/3ktTG92eh\/CGA3GsWlwwjVY5d0gZccA9c14eYNqEkiWz6LnSfxT4TbUFjSPykIgZOA6jrketfGtqjiOVC57aHnB8RWc00ljcbVlQEApkn6YrunTkndbG6aUdS7qEepC0g8vUCoALIrnBXI6ZrlioRm9ClNnP3s2pztKt5eSMwX5QG4LDp9etdUFTtdLQtNrUoeCfD15L4hY3V0kILhlkxyMdSMVeJnFUPdV\/I3pzbd0fWnwc8IarZ+GlvtFk+1py8kqNu7ck9xXxOPnF1LS0OqN7HpehI9\/FJbyFldhgtyQOOvuTXzmJlyy0N46o63wx4H1DR3BKxrJKgaRyPuDHTPbNc8qvN0O2nTi2nax2Gh+GtO1t4ba1MTMtyCFRwTu\/p9K4MTKUFeR0KnCTskfTv"} +04444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385177120274,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wDJAADYGkG+saXlSwKgCfgBQlar6OLTD5ubbqoAQAOv0SAAAAQEICsmibeLytbleAkKVGDxXo5riKkqiTk7+pWdVI0cKfJXxD+KFzZazIYL5t0z8NsCrg9jx1rnws6r+0\/vZ8PKTU3qZdv8AFrXtMU2OgW4nMkoJ+0QqSPXn0zXqKc3BNyd\/VjjUsy3N8X\/iDdQXl7daiYy0RWNxCo4A7DHFayeis397FOrUe2h5T8ZvjLqA8HR6a+oy2k4mDMVIBYdyK93LOdTvdv5nPOcuWx8s\/Ffx7f65PdaxpOszhogUdBNjcx4OPwH619NQ9opJN\/iQlPuea6v4p1+TTjZNrExOw5UykbB2+lenSuprVml3fQ8v8ReKvESo8UWsXJUplmErEKwPbPrXuUnNu9xXszktd8S63NaP52tXfyDB2XDcH8676bmnqUm7nD6zrviO3DyS65e8HqLp+P1r0qbempo5Ns5jU\/EniRztTXL0BjyDdtkfrXfS11uErpnNaz4u8S\/NGniG9yeVYXL9fzr0KKkrMzclcyF8R+JQV2a\/fg9Wxducn867laXU5pN81yey8VeJ5JFb+376NecEXj\/40pw5Y6MTmyjq\/i\/xGxMaeJb08kErdv8A411UU07lQ5pO9znb3xd4kjlOPEl8BjtePz+tenSi2ehTvJXCHxd4n2AyeJr1if4Rdvx+tOouwST2RFN4r8TspQ+Jr8\/Nxi7fkfnTi\/I0TsRDxZ4nzhvEV7+F4\/8AjW2pTuJP4r8ULgL4mvz65u3\/AMauO4k2R\/8ACX+KFIVvEl+cet4\/+NaWL1lqOHi7xQBhvEl+Prdvn+dFkDTRJD4q8Tl1x4k1Ajdj\/j8f1+tHUnUm8bRr\/wAJtrB541W4xg9f3jVPREXs2ZsgZ85A5GR\/hVJAnYYpYHJORjBAFNrW47Jj4W5yGBIx0FKSdrC1RcSdSAM555I64rnqQ5bPsYyikXIjhSxI46Y5wa55NyMJpy0Rb2jYNhI9SOcVHQ509QlmGRk7vUnoKXLpc3h8NwheNSJFbq3cUnfoO\/cv2kwaQR44+nT8a5ppibidJol+oKRK5I6f\/Wrz60bO5i9Zs7HwzcyLIDKSFHQMf0rgqwVr22InFJXbOjg10wstsZHYAZAK5A9q5PYq17GXM2rF7StTnmnWJmJ3D5gP5VnUg7WKT6HY6VrNvBarHECCN3mbT2A4\/WuGpCTlqVsz0L4XeI5I50knZ8CMqFJGScV4+MpW2Kfmbja4smtRGNCS7YVw2CB6++O9efKkvZu40fSHwD1O+meFLpPMWCDLKzccDIP196+ZxaVxS2Nv4jfEHRr60TSzp5EZQ+bKzZIY8YrlhSkndMUVy6ngvjvWFtN91pk\/mRwzKnyn+f4V04em5O0tTrpJxjqUtL8X2vlnCBkMZAYtjIJzz7iiVGTkpFNXNHQvE8tleRTQF3zgqw52\/wCTUVKXuhfTU+m\/hj4jtn8MEgEmU5cFueB0FfP4qDUhxs0YPiXxBZ6pc3M6T\/vASEhU524HBOK8vERatc1jo7HIy+Ir+ER6fbSARvNuEbA4Y9zirpxUleXQs+g\/hxca1q3hSygtZxtDAFNuCe+WNeDjOV1LtGdpKNj7J\/Za3W\/hQhHyuSSS2Tnv\/KvA9pKGJut0fV5Do5W7Gp8fLhv+EalnlcjCHaB19qqpKVXEJt6k585XV2fFvjbUdUvtSmQJlXfc6lM7R0yK9qgotX6nyMTL8La\/Na6oVuoybeBcbSeGJ9Pf2r0rJU0kaRspGhqPinUPE\/iOHTLaFoYRJy23AfIwcn2qmo048zCacjwn9rDVNSj1l7SS2dY7Z\/Jj5yMheCMepr6DJ3Gxz3lz2Z4H4knltbGG1DFy0i+YcfNz1P8AWvpaC97yGcTrN84vLgJdB02ldy9GPevWpL3E7BfU861W52u0bruLSEsCa9qEea0kJRSehgatF54McQ5KEnniuxOyLUWzmtdgXyW3q+6Qc8g9OK7KDvJGqijktatHgzmDr1YN0+ueterBpvQmejOV1O2UIZJAMFvmLAkj6YrvpStaxDaZRNpDG+HXK9Sc4H1rphUlfUyqK6GRRJ5j7c4HUAdK3d7GUo8quUddtgSXSMDjggcj3rejK+tyad1uclqUJSQ4PQ8nFevh5JrzPVpSvAjBKDY4GByD3NOUebYt6j5SAAUIII6Cpg1GWotiEDcQAOB0JrpV+pY5huXaDjnOBzxSW7FaxDtAIYdK1NFK+4A\/xFgPTFAyWIgSocfLxmglR0N3xzHjxprDKP8AmKXGf+\/jVmtTHqY6jfkbeP1FWth9Rq4VueM9x2pvQsfHsIGUI9QD3pO7Je5KrMwzE2DnkY6CoavuQy3avld2eveuepZOyWhhOykXHnP3R0A+6DWFrnNGF3ciabc6jd9AP8a0jC+5taysPt5GILYJPXjpWUvdFJK1i3ZzMJcquFGOM8ZxWU1daGLVmbWmXAjkXzWIUHO5Rz07VxTVyVZ3Ot0C\/kkwsrMqY+Qg8n6+lefOPQhp8uhtx3RZTskZHLY5HHTr+NYuK5TNa7mjomplLhQysAOCJD+NYVKXu36GjRvR6t5d6SCRGeBg9T\/hXGqceW7Fsdt4O8TvEgkJ2eSDls8jPavNxNJSVgTujd0HxRbS6juL70R8gxnJU9v\/AK9cFehaPZlXPo34aeLxFpElvbXLoygbpC2Mrjpn+tfIYulJVNUO+o\/U\/E4uDL9puELup6kHFc8YLluilZtHkuu6jetczSpKhUuQqE4DfWuyMFoze9jGXWUitiNPVQ6vtkCjJyPX1rf2UpO7C77mz4R8R3V\/fB44WZRwCDzt9ePesMRSjGOpo1eNz6h+Eep281ikV5cLIn2fCYbk8Z59+or5fGKS6DhtYde+H21C+lvbFPKEqF\/KIxs\/x9a8epJJpblqLTuM03wpPZSNqUkGZGbbl+cDHGPfrU3baNEewfDa\/it9FiFn+6lzgrzuOeOfXg5ryMdG87PYErM+wf2ZNRuW0cJMwj3KAEwBuIHX618xiVGNTmPfyiThI7T4u2ovfDc+9cgrgL\/eNZXcpKR151B1Fc+QfGen2lnq0ttMh5YDIJBOOcj+Ve3hm0z5ZQs9Tg9Z1VdOWWzW2zJKxk3A\/MD2FezGKlEUodWJ8N7qW+8Rfb5i8pI2QJ\/Dkn27j1ore7GysEEmzj\/2vPCUX\/CO3GqwOC63SPIQORzg16mTVmqyRlVg4u58peNJoYpLk3MgUBD5BQZJOP0r7TDc0lGxieR3moJK\/BbcPnOT17ACvoYR5UDujnNdmiguzcSsWYjJVmweOg\/WvQormjYErmQNQlvJS0kIRQ33TgHGORXRypI2SsY16rSXQmmjKxoeg5wfTNdkHyqxWxz\/AIns4pgXWIFR91QcnrzXfhpMza11OO1S0C3Bjl7cjBxj3r0ack1Ygx2dGuWi4wBwx5zXbBWXMDguXUawSKMuCB3IBq4uTbuRKGhQ1OVZYwqjqucY\/WtqTs9DJRbmcrq4CMQnXPUjNevSeiZ20L8tigjsSQ7\/AEzXV1R0O1iYxAR4BBGMsMYwKyTtN6XITIGQq+RIOB0zmulO6uaaBuxGQWB7UJARyN82N2eMCtC4rS43LZwDgnqfWgqxLbqBcIR\/fB69KT2E2kjf8eSSHxtrGBgHVLjjp\/y0apVjn6syHcohVRj1qr3GrIYNyklhz2yarSxZLEO6gBm9TxUtXM27seWIYZXBP8qmytoLS5es0UgDHHeuWq5J6mFSSTuyS4YqPMjbk8VnFakRV9ym8mDtG488gmuiCajY2ST1ZLaXDEhQM84HNYThJasipBJal60ZDNjLE45PoawqfC7o5ZKyNJf3ZZY5W5UYI\/nXK1zK5lFo6PQ75\/syidst6g5xjrxXJOmm9Nyprl2Nu11l"} +00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_usec":1654385177120274,"pkt":"nLbQ0+MztKXvZygQCABFAAF2OPRAADcGIKysaXlSwKgCfgBQlawVUlUq+Pyij4AYAOskNgAAAQEICsmibePytblgSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDExNjQ1NA0KTGFzdC1Nb2RpZmllZDogVHVlLCAyNCBNYXkgMjAyMiAwMzoyODozNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI2MjhjNTBlNS0xYzZlNiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjY6MTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCg=="} +02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1529,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":3,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120454,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPVAADcGHE2saXlSwKgCfgBQlawVUlZs+Pyij4AQAOvAhQAAAQEICsmibePytblg\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/AM3xD4j8QR63dH+1L3ck7AhpTgjPBPp9a\/VPccFof5r162IeInzSlfmfV935klt4p8UWcKZ1e5k3sD5byHgdiM9Ki0XpY3p4nF04JqUtfN\/5kWoeK\/FN8+06lKMqeFmI9\/XkU1GNtjSWKxMre9L73\/mVZ\/FfiJIVhGrTjBypM5IH5UcsexMq2Itbmd\/8T\/zHjxZrAsGh\/tq4Eh6l5zkH+tCjFO9ivb1fZNObv3u\/8xfDesa7dXksk+szZhQBczHkk9+4470q0o2VkVgJ16lV3nLTzf8AmdDFe+IrjJfVroKgIGJSFJ9Ov6elcz5bbHt0nXvrKX3v\/MxvH2reIn8O3E66xdI1tiSOQzkHk8qPY56VVGSjOyW5GL9q8O5OUtPN\/wCZ523jPxLMm0+ILsqByDM3ynOeK6ZKDd0jx1VxCfxy+9\/5lC48T+JplCrr13ye07c+3Xilyx7HRDE1oy1nL72UbvXPEka7pPEV4WzgkXDf40nCL6HbDG4iX2397\/zMy\/8AFHii1yo8S3hJ4P8ApLcdfek4xS2O+jiK1RfE\/vf+Zz2oeLfFKsVHiC8JP3Nty3Hr0NZ8sb7HqUq1a1uZ\/ezNuPF3ifcT\/wAJBfjjki6b\/GjljfY7KdWra3O\/vZTbxZ4tdhu8R3oPQK10x4\/OhxS6HWqtRbSf3sp3HizxZsGfEN7gc83b\/wCNRKMexvGtUT+J\/eyrc+LfFrMWXxHfZwMf6U3T86nlj2OilWqcvxP72VX8V+LSPKl8RXxXA4+0vyc9eDRyx7HTGtUvpJ\/eyC68YeKVk\/d+JdQjAXDbLx8n8CaOWL6GsKtXl1k382UZPF3jEyYPjLUeucNdMQP1qOWK3R1Rrzt1+9kT+KfF8YP\/ABU92TnJH2t846etLkS6Gyrzl9p\/eyGTxV4uljUQa\/enqWzev19Ov+eKlxT6IpVpqWsn97M6bxP4uZR\/xUWolif+f5+ffrWbp0+qOyFeo38T+8py+KPFyqsv\/CUamoYEjdeP\/Q0nSp9jup4yq7q\/"} +04481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1530,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":4,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_usec":1654385177120454,"pkt":"nLbQ0+MztKXvZygQCABFAAt0OPlAADcGFqmsaXlSwKgCfgBQlawVUmzs+Pyij4AQAOv0SAAAAQEICsmibePytblgfV\/myrfwQDzFl52pzkkH64qL3YSp+6+Y5LV7ONHYsxZuMNnjPp+X8q7KU29DwcVQs9NWZTOFuikgPytgsD94kc5ra9zzNYStIaTCtyzJKuGHyEgnH4+tU5OyQ1H37liETm24lTfuHzAZwhGP0rLmNo0aihq1cnlMtncrI1otzGyEGGdSQ\/GM+2PWhNSRpKlOjPa6ZiXGmSK4XypFLnjcMDI5\/Hmtk1e7Ofkk52aZk3sM0TBWJ+UDhmGR7e1U2nsLltuinL5py8AYMTgZ45\/z+dZ2KjBFSe08wF3I3AEYUHnH8\/rTsdMZaWM+eAp8+w5fpmoe50RZQnkMRwRkZwT6UHRCPMjPuh5hJwQqjuad9LHZTkomXdQl1KvEBx1HNI9GnJ7mdeRKCqxqMIMHg9OfzqG7nXSlo79SuEiUF5G5AySxABpPRXNlduyPqL9j3\/gkv+0R+1Pdab4g8W2v\/CvPCOoXK29jrviS2MdxqshXzBFZWzAPKTGGYSNiMBeprzsTmNKg+Ve8\/wAD7HJOEcwzGKq1v3cL2V935Jb7fLzPrr4\/\/tV\/sqf8ER\/CGpfsrfsg\/CW91H4tXej2raz4s17TyIZS6Fo7y4kOPtJG5isEIEQIwxG0ivOpUa+Pnz1H7vkfa4zMsr4Uw7w2Eg3Vt169bvvvtsflL8Ufi18S\/jX48vPiB8W\/HmreIddvpt1xqeq3rSvjJYKu7iOMEnaigKo6CvchShRjyxVkfnOKxmJxtT21eXNL+tEZOg+HvEHi\/Vk8PeDdA1LWL9xlLPTNNe6lfHokalvxxSnOEFeTsRRw+IxDtTi2+y3Pefgz\/wAEiP8AgoN8f9Sez8N\/s4ahpMUCqZr\/AMWzR6XFAx2EBllPmAlXDBQmSMkVyVMfhqa3ufSYThnOa7tycq7t2Pqn4X\/8GxHxs1VI734z\/tPeG9EhaySR7Tw9o0180M5PzRM8rRIVVcfOOp7YGTwzzRP4Yn0OH4Kb\/i1On2VfX10X5npx\/wCCc3\/BA79je6Fl+0j8f9N8R6vEzN9i8W+NRK0ZCjKmz0\/b3yQGBOTjNYyxWOrK1tPQ9OnlPDuBd6k7vzl+kf8AMS4\/4KH\/APBvD+z1IrfDD9nnRddubdiYpvD\/AMLPOO4rg\/vb0J2Hr71Kw+Nnq2\/vKlmnDlBNU4xbXaP6yZ8pf8FKf+CvH7N37XHwLuP2e\/gd+w3pXhq0e4t\/sfjDWbS0S\/sI45RJi2jtk\/dM2CpJkI2s2VOa6cNgqsJ88pHm5nn+ExWFdCjS+btdW9EvzPz8aJDJiKXa4ypXsO2R65r0dnc+ZUml5EEtnI74ZM5OCMd\/SpNYzS1KVzbzwStHsPyHllHTH+FYzUuY6YyjP3rmv4E+HvjX4p+N9K+G\/wAO\/DV3rHiDWr6Oy0fSNPi3TXk8h+VFBOMn1OAACSQBUNxjByk7JG1CnWxNSNOkryex0H7QP7NXx5\/ZZ8ff8Ky\/aI+FWq+EtbltvtNvZapEMTwb2TzYnUlZU3Kw3KSOPpURlTqxvF3O2tRxGBko1ouL\/qzODb5gzhM7ThQR0HtReyIUo2SuKiSTNmRs7edoI6Dk8VMeaTCo6UFaI6VVidoMZcHBKnp\/s4\/zzUv3tjKKbV9LApU4LLu4wFZs8g9x+lNP3tQd4xsmMlkC7pHQs2RheBgn1rOUuTU3pJyajey6jYdjjMjYI+Yn0H9aUHGTtLQ3qTlC3LtsTSGEN+9cgbQOmcD2+lU5wveockXK1o\/8OEEgjtwRKA7HOQCMY6DHp0OaKetNJ7hO7rN9F0HylZLcJsPHAIz8o9\/50VGpRsZRUo1dHuLJaOIWkDsdo+6Rz1\/zxVumlTTuaU66c+TuQxiHeX8tQpz8pY5J\/wABWNoNKT\/4JrVpVlHQlV1PzqmC3DZHP1NaqzV0cMqUruLJVhhdGKNlm+6QvB\/wpcrbMfaSiuVvQh8oglUznvgdAPT1ojdbnXTqRjC7egeU7AyAKTnAJHQe1Uot7G0qsJS30FUFUCMFLZO4+39KQpct7RJY4VEOFjjJGCWGST7VpGm+iOapUan7221hRHKpDO+cKWCls4p25dRucLWSHqHYD5yzMPmUVcHeSOe8Ytpo\/UbxJZqmt3akthZyVJXBHPrXZf3UfjlX+NL1f5sqTW4K7S4AfH8JyM98d6m6I5ZPUx9YtAF2zRHGCQQvGfetYyXc568FJe8jIvrHbAYGt4tgcEhzyD+HYmtoyueVOm+V2SMniMeY0UahW5G48e+Px6+9Wc0YzbvZFr900SmJcYXbnorEnj6\/Wp5jscG\/KwwpdEsiTShguH3sCOvTj+VNSimZ+yrN6SY23hktbvE2x2BOAxBK+\/sD61fNdE0qUqdTX\/hjP1i2hLPA1sXYDbguDtPP6U4tpGdWNOLujANtOrDMYbjCgNwT0q7o57NblK4CPGFKuACcAn7xxijY3jpEoXqQpHI6jcxwF2Hp65pbs6I+8kzMuY0XbuUEfdyeucVMtEzphdtmVeDLtGzkENhhg4FSmrWPQplO4g3ycdMYO3qT\/wDqpHTSeh3\/AOyt+zHrH7V\/xgh+EOj\/ABC8N+FlNnJeahrnijUBBb21vGV3sgJBlk+YYjBBPJJABI5cTiY4enzct\/I+i4fyl51jlQ9pGmrNtyaSst\/Vn2ND4r\/4JI\/8EufMv\/AjH9ob4tW5\/wBEv5zE+maXMPulXAaCHBxygml7ZWvKk8fjneXuxP0WNbhHhSF6P7+uuvRfPVfdcuf8E0\/23f25v2+P+Cguhjx1471BfAWiWGp3+q6D4dWSDS7KJomWGKWRSXkfzXQJ5rk4U4AGaMVh8NhsPprJm+QZzm2d5qpVG1Tim7JWSv0\/Lc+kf+Ct3\/BLf4l\/8FCfiD8O\/E3wy8VeGdAHh22u7HxBqerxzNcNbSvG6eWkanzdhWQhGZeZOCMmubC4r6tzaXue1n2SSzz2SU1Hlum+tr30XWxxeh\/8EP8A\/gmb+yP4MHxB\/ar+Jlzrn2ECa41Hxpr0emae7DkqttEVLhumws5PoTTljsXX92H4BS4YyTLYqpX1S6zdl92\/4nI6h\/wWS\/4JY\/sUabfRfsPfsxSajqd0FhvX8O6Muj2dwkbE\/PcygyyYyxUiM5z1FUsHiq6vUf3\/ANWOWfEuQ5c7YOGr0091ffq2fTX7bH7VPxjh\/wCCY19+2d+yTqVtpuqXHhXTPENvJqNol41tYTNGbhVU\/IZo0kPzEFR5Z4rnpU4vEKnPa9me3jcXXWUSxeH3spK+tk3Z\/d3Pwm+Mf7YX7Wvx2mZ\/jH+0v4y16O4\/eNY3euzJb9eNsMRWMY9Nte9DD0aasor7v1Py+vnmZ4xP2lRv8vuPKGtrWORpoQgdhuPy85zyeOv41rtqjiU5yVpDzG16yCSNMFgF2jJANCbZSlyK6IIvDuoX94mjWkaKXc5O\/wCU+rE9gP61Lg3Kxo8XSpU\/azeiK\/iHw3eeG75be+Ay43JJGcptP1\/\/AF1M4OErM3wmMpYynzw28ykGik\/1sDkqdqFXxu7ZNZt2VzpcXf3SpdRyiMmRMh\/l4fB688e9ZVLp3N4SUnp0PbP+CZXxC+Fvwh\/4KDfCT4kfGXWpdN8N6R4yhnvNSQ4W2dkeOGWQ84iErJvPZMnpmueupToNJHs5NVjSzGnKbsj9Qv8AguX\/AME8f27\/APgoP+0T4Iv\/ANnb4a6TqPg\/w34NmS31fUPEVraobya5LSEFmLOrRpCUxlcZPBzXHha9KlB33Z9PnGWYvGOMY7R9OuujvsfJfx9\/4N6fij+y9+zfrvx4+Pn7ZPw10C\/0nRnvLPw3LHMBfzqpc2cVxIULzNjagSNgWI6DmrWM53yJHDUyGVDD"} +02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":5,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385177120591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385177120591,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPtAADcGHEesaXlSwKgCfgBQlawVUngs+Pyij4AQAOvjqQAAAQEICsmibePytblgupUqqNl16+S0Pz2Eh252smBlVkADDp1rpWh885p2i36jktrhwQI+Nu8uV5x\/h60qcXO6Whaq0m\/wsIFVFwkjNhQQQMHPpn\/PFJJrQFfmeliOSIMA0uQzNkgA8fSpst3ub05uLstkKkSu5ijB2\/xlx396cIq9lsE21Dmmx5ZI2YNtbGAV7nPb\/Gpm4x31OdNtJrQ6jwV8Evjb8R9Pk8Q\/Df4MeMNe09WKNf6J4Zu7uJTuClN8SFc7mAIzkZHrUKrGOqdmbrDYqrTvGDavul\/Wx2erfsMftuaR4bHjTU\/2Pfidb6Zgme\/k8E3oXjuw8vcB74xUyxEU9wjl+OjBydN26adTyy8muI3Nnd28sU8LssqSRlGjYcFGVuQQeMEAit\/atpHFCmqU5J6f5lbyQ6iQqzfNz8vFJR57Pc9KOIjFcm1ydIJAwyoXnJXGDnFdUaMr3OSc4u6TJoVMauCoyx4IHA+grX2WrdtTgqwUmrO5O2mEqZmDKY8HZtxuz6d6znSdrs51XcGkupWkhIlEJjlOBkBR3rmlJxZ0wqrl03HwxtuLxxBQo\/eB+\/FbUnJy0K57e63dsUSJHFskQb1PY\/55q4zUWJt3vHYYZopJhuiU54cdAaUpKUkxxhPl91jQ0rk7ZRwvRCeT\/SplJrbYrkUI3f4n66a74A1CbVbmRrmM5nJMbSHn6nHH1962WIVj8xeWTnUlJvq\/zMPUNHl01haX9oyMR8rZyGHYj29xU8zkrozqYd0nyyVjKvLSN0AeULt+5t7+3NbQ2TZyVaUXYxL\/AEh5GK+dyysAxj6e3HetVJLY86eHvJnO3trGsmY1O2Pk9Tu9smtlM4HTipWGuI2jjcF0KEoCsWcg9uen4CpuaOMOW4huYYoltyxORwpG3Pt+NBfMoqzILy7VpZmVlJ3qFbIwwI747g8cVpFmFRtN29CtNYzFGknI3Md25c4Ue5547Vakck8M9W\/kYuosXT7MVjXyT8ofO1h6\/T3rRGDcnKzWxRntp4GZrmIhvvIhByAQPXpSbuaJKO5Qni+0r5ogUKuCzDJGOvfr6U1I0hzXuZVxGHQtsbJUnOCce+Pyo5kdNN6mZeWiRgKkm9uvFS\/I7Kc5a3NH4cfCH4pfGLxJD4V+FPw71zxLfSvtS00XTpLghsZ+ZlBVB6liAK56tanSdpOx7OAy7H5jJU8LTcm+yPrT4Ff8EBv2wfiz9g1L4vahoXgDTbmQm6tr+X7bqUUY6MsEXyBjngNIMY5xXnVc1oxbUFfzP0HLPDzNaqi8RJU79NXK3ov80fQtt\/wTm\/4I6fsKRWg\/au+K1p4j1owF5U8V6xtjDRbS2yxs+QSSAI335GRzg1xPF42u\/cWnl\/mfVw4d4UyZJ4qSct\/edv8AyWN9eyZ9GfsO\/tofsjftC6D4o8JfsjeCbzw34c8FXVtbzXyeFI7CyuXmzs8mOP5t3B++oOOcYzjnq0atKV6j1fzPoMrzLLcxpOGCTUIeSSd\/Tr66nwh\/wWM\/4KyftM+DP2rtY\/Zv\/Zp+LmoeEtD8H2kVjrN3pVtEtzfam6b5iZmVmWNFeNF2bfmDHJ4x34HCUatPnqL0Pl+J+Icbgca8JhJ8vLpJ9b9bPyPzk8Z\/EHx98TfEL+Jvij471jxJqMhy99r2pS3coJOcbpWO3r2r14U4Q+FWPgMTi8VinzVJtvzZl3sQMarxuZec+h9K0aj0OSm3fU\/cr\/gk5e2n7VH\/AARuHwa1m4ine10PXvB1zGyZ8vAlMO4e0c0RH0FfL4mPssW35o\/ashq\/2hkEYS\/llD5WuvzPwcvLW5sh9ju1IuIGMcwIPDKdp\/UGvoU+aN0flUouFWUezIGXEYcxgkHkAcmn01KUtbXHRQyYdm3RYIGO7D0HvUq4cxoiP7GjXsRKSRoDGzAnKkcj8cVWzujmbVX3"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_usec":1654385181857708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} +01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1567,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181857708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385181857708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com","domainame":"m.vpon.com","http": {"url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +01858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1654385181897114,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_usec":1654385183491860,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01762{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183491860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183491860,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_usec":1654385183495868,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01749{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183495868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183495868,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_usec":1654385183496601,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01743{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1571,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183496601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183496601,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01080{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183514792,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} +01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1654385183517888,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} +02774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_usec":1654385183520039,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_usec":1654385183618295,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01782{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1575,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183618295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385183618295,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com","domainame":"setting.rayjump.com","http": {"url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1654385183642352,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_usec":1654385184096708,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +02081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184096708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1578,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_usec":1654385184117986,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1578,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184117986,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184117986,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":850,"pkt_l4_len":816,"thread_ts_usec":1654385184118073,"pkt":"tKXvZygQnLbQ0+MzCABFAANEBJdAAEAGBbvAqAJ+CNFha936AFBSP8s5I7uXO1AYAfYwmQAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPWtleSUyNTNEMjAwMDAzMiUyNTI2Y29udGVudCUyNTNERCUyNTI1MkJTTSUyNTI1MkJGUDJZblRlR2FsckxrUEFKN2NzWWNLdUhhVCUyNTI1M0QmbV9zZGs9bXNkayZjaGFubmVsPQ=="} +01313{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1579,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184117986,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184118073,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385184139299,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01192{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1580,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385184139299,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":204,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_usec":1654385184174078,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +01523{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1581,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184174078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184174078,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385184282680,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184845262,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +02039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385184845262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184845262,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=0&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1584,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01937{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_usec":1654385184857770,"pkt":"tKXvZygQnLbQ0+MzCABFAARIYtxAAEAGgd7AqAJ+ypnENeWIAFCaSZQVPGdPqYAYAfZWMAAAAQEICr1yaPVMk1rLR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz03MzEmc19oPTQxMSZ1X3c9NjgzJnVfaD00MTEmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MiZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MSZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +02039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1584,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385184857770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184857770,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com","domainame":"tw.api.vpon.com","http": {"url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)","detected_os":"Android 11"}}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1654385184927393,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1585,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184927393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184927393,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1654385184928623,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1586,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184928623,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"cdn.liftoff.io","domainame":"cdn.liftoff.io","http": {"url":"cdn.liftoff.io\/customers\/45d4b09eba\/videos\/mobile\/fd5692dd53042b199e03.mp4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01002{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1654385184938285,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1587,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184938285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184938285,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_usec":1654385184942273,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} +02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184942885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184942885,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} +04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184943456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184943456,"pkt":"nLbQ0+MztKXvZygQCABFAAtciZ0AAPgGVjwSQgJawKgCfgBQi1Aw2KNaFQTlKYAYAIPjEAAAAQEICjG9uf4hNwYeQbsg9lrR\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCBQQQQKCUoJSgl8UFMqwlOyqPJLvJdD+U1NwRaJQ9yFWVy9j1ThsgYSZISdQTt7l0aOvfT7dnp7HxLU284nmrcovuRmbDuSYNebaPA77D5r1NHcRbmk\/k\/UTXZeKaPTqRmff1hp2aMrV+EOMsYM9L0e0be9d+nq1vx6vxXifgO42Uzav3qe7AhwINvqWvS8SEAfEquFoA\/wTCUObxKBzaJEGEWuIuiMHMehQxCPN5qyC4I1VUYZfKeZsQwKpBY8y07j343HSyzvpVtHL2PC\/GNx4ff7s5r6w3\/ADHhlHmfLLMQoh33N5mO6g+C8rX0sxNZ7w\/d7zbaPieyjX0o7\/8AzDl0kT4pXxPbZzDykFeXMY4l+AvWa2ms94QGqhRMiMpmhET2TDRFcotAsgmaPK6spMItCqr3b5w64e1GKCOvxUOhpSQWR7OkH9gVLWfRPK\/kXW30V3O8+7p+kes\/8Q7Fl7AqWgpGQU8DIImjRrRa\/vWczl9n2Ww2+z0o0tCsVrHszFPE1gs1oAUOxUsEBBMBZAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEqAgICAgICAgICClPTxSts9ov42Qx7tO4gZDw3HKVxlhbHMAeSeNtnA+amLYflfMHlLYeL6c9dcX9Jju4VnbK2J5aq+yrIi6F5+9zNHdd+grSJy+AeP+Wt74LrdOvX7s9rek\/wDVglbL88fNIEPoqRAlRCYylUpSuI8UWQ0soyJSdwpWqzWRMK+6OKB723jiNzpolYe14Nsf0jXzPaHR66rhwzDHzusA1tmjxVpnEZfvdxudPZbadSfTs5tX1UlbXyVUriS46LktOXy3ca9tzrTq39VC\/moUFECBUpwg33qqUbmymOwXTCIQv5pKS\/mmBEGzU9B7LV39gCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBBA7IIIJUEh2QS+KmBLZQPI9l0P5ShKVMJS9dUwslKhMTlVw6sqaGcTU0hY4HodCrVtNZzDfQ3Gpo26qThvmUs2Utc00tcGskdoQ4dx679HdRPFn67w7xnS1o+Hq8TP8JU81ZGpq5hq8GcI5j3jETo73L09Lc+lu3u5PFPLGnrxOrtOJ9v+HPq+lqaGpdT1kLopG9HDddsYtGYfhtbb6u3vNNWuJW7iBqkQzqXUYEL+ajCfREHQ3KnBga7QpgwA26oYA64RGEebS3ROEYdB4E4q909Rgs7+4Wl8YPQhcW6piOqH7nybvbTa+0tPE8wxHE6kZSZomDGBoeAbea8LXjF5w4PH9GNLeWiI7teYFi8RM0aIqnaEVyjbogi0IqmaPBFZdK4R5E7fs8YxaElpINPA4b\/viqXt6Q+qeSvJvxOnfb6vHetZ\/rP9nY8OomQsBcBzAaADRoWT7DWIrGIXjRdEooCCLeqCKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBAQEBAQEBAQEBAAFrEXCDA5vy\/RYvhktLUwtkie3Yi5afEKYnDzvE\/C9t4ltrbfcVzE\/yeduIWVKzLGKGKQOfSyH7zNbQ+R81rE5h\/Nvmby1uPBdzNLRnTn8Nv8A56teBurPzMJUIxKHihhLdFoS+ajslAlMLVKaJ9RUNijF3PNgkNdLTte0Vj1dRyjhbMMw1senORd7lpEcPo3heyrttGK+vq1vPuKmsrvVYnfe4z06rDUtmcQ\/J+YfEZ3Ov8Gk\/dhgSbCw6LF4UcIX1QEECowmEQdLqUiK55E6U5R+pEpR1UcCF\/NMQPZyu\/sAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQSoCCVBKghZBIQgkI6qw8klbP5RSkeCJhIrJiUqrMJhKi2Uut7jceCJiWx5SzfV4W9sVSXTU48T3m\/Fb6evan0e54d41q7eem\/Nf5t65MBzfhtpQyRxGjxo9i9HQ3OOaT+T9RfT2Hi2l9\/n5+sNBzjkXE8F5qilBqqTcPbqR7wvU0d1TU47S\/EeK+W9zs5m9PvU94aoCLkG4I6FdGH5+PaT3KMJzkB3UYEA4oDXJgwc3RRBjhMD4KTDc+BFDJVZyM7bhlPG4uPwXJvLRGm\/T+T9tOr4h1+lYld8ai05kFt+TVfn9f8Tr80TE7vhpzQsH5lOwboqi0eCKpmjwQTMGiKtx4QZXON4t63Ux3pKZwuCNJHeCracP23kjy5\/2luvj60f4dJ\/jPs73hFKyCIEsANrNsNgsX3ytYrWKx2Xg1RZM3QICANUEyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQQOyCCDW8\/ZepcZwaajmYCyRvdJGrHdCFMTh5HjfhOh4psr7fVjvHHyn3eacxYXUYPi8+H1LSHxOsDb2h0K2ieH8u+KeHa3h27vttWOaz\/GPdYnRQ4EqsJb7qI7LJSdCnPqJfykwtVtPDfCnS1JrpG9xmjbjdWrD9N4Bsptf41o4hs+bsSGG4UWg\/fJRYDwS9sQ97xnfxs9rMR+KXPy4uc57jdzjdcsy+dVzMzae8pTayhcvpa6junADcb3UpEVTMN1MRkFbCpbqmCJFEwtHKVVTlDrqiXs9Wf2AICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBAoIdEEqCUhBJZB5II6Low\/lFKglI0QSEWRaJQROUp0CJS28kMq+GV1Vh9QJ6OZ0bx1HVTEzHZ0aG51NC3VScS6Jk3P0FQ0U2KgRuOhcfYf7wuvT3GeLP2PhvmGl4+HuOP6Su81ZCwfMMLqzCXspqpwuAw9xxXpaO9tTi3MNPEPLe030Tqbeem0\/wAJcuzJgOK4DWGnxGmeyxsHgd0jxuvW0tWmrXNZfP8AfeGbrZak01q4Yy4IuFfDgiRVmEwgbphICRuoxkRLrA\/JT0jtvBDBDg2UJMSqm8ktcbi\/Rq8be6sX1OmO0PqPlTw\/9D2E69+Jv\/RzrPmIDEczVMzHczQ7lafcvHvbqtl+M8X3P6RvL2ieGIYN1m8tOiJRA1RWUzOqIV8NppaytjpYQXSSvDW\/FGu22+puNaujSObTiHo3h9gcOE4NBRxtAEbQXm27lhM5l\/THgfhmn4bsabekdo5+c+rZRsoeumaEBBFougiNEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01207{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_usec":1654385184944474,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +01467{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184944474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944474,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1654385184944791,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} +01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1592,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184944791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184944791,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +06316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184945955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184945955,"pkt":"nLbQ0+MztKXvZygQCABFABDwiZ8AAPgGUKYSQgJawKgCfgBQi1Aw2K6CFQTlKYAYAIPopAAAAQEICjG9uf4hNwYeEBAQEBAQEEqAgICAgICAgICAgIIFBBBJI1r2Fjtig5B6QuWjNRjFYIwZabSSw1c1XrPo+U\/aV4D+kbeN9pR96vf6OMA2V3wyEvmphdBQJCiYVcOgdVVscDBcucArVdG30p1dSKR6uqYPTRUGGNZYNZEzVXjh9J2ujTbaGPSIaJmvEjiOLPeCezYbNC572zL5\/wCK72d5upt6Qxt1k4UGk2Q4L2CLDSiqZl1aIRKYbaK8QrMpraKcK8oW0TCcpTuVWYWiUvxVJ7rVQULVe0FZ\/YAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggdkEEBBKghZBLZBLZB5IGxK6e7+UIS9FCUpCCVWEpCqnKUhT3XQI8lAltuhlLY9FYZvKuacTwWRojldJCDrE46K1NS1Z4etsPF9xtJxE5j2dMy\/mnAM00PqOKRxOLhYxS2uPcV1aWtic0nEv2m08W2PiWl8LXiJ+U\/2a9nLhMJGOrcszh7Tqad2\/wXraHiX+nVj83ieJ+S8xOpspzHt6ubYrhuI4ZUOgr6OWF4P0mr1KWpeM1l+H19pr7e801azErS48Vboc2S48UwROeze+EuQavHKuPE8SidDhsTg67h+F9y4N3vK6UTWv4n63y75b1d7qRr60Y04\/m3ji7mKDCcHGGURa2WRnIxrfoM2K\/O6l5iJj1l+r8xeKU2u3+Bpd5jEfKHHm3JJOpK5nzSZmeZTMCImU30UVRYiqZgsg3\/gLgorMakxOVt2Uw5WXG7iqXn0fRPs68Jjcby27vHFOI+rulFH2cAFtTqVk+4KzeqCKCLRdBFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBA7IIICAgICAgICAgICAglQEEqDF5noo63D5I5GhzXtLXaJE4c+729NzoX0rxxMPL2b8NdhOYKqgcDaOQ8n5p2W0S\/lPxrw+dhv9Xbz2iePp6MUeqnu8yEPsUpSlVWjltfDLDWyzPrZB7Gjbq9X6jy9tIvadafRnc+Yj6lhXq8brSS7+5Re2Iep5h336PtvhVn70tBGg13OpK534OkYL3uFVZC\/VFi90RCManCEzSALkq9YUm2IZHBcHr8SJMERDB9Ky0iHZsvDN1vJzp14XdZljFKaMvDS8NHRWw6dfy\/vtGs2xmGH1Di1ws4aEKuHjxM5xPdKdvNVleEh+CpK0IbhQl7RR\/YQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBA6IJUELIJbIPI9l1P5PSnQbIsgdQokSkeagSkaWSolI0QS21RMShqiUtkTlC3khmEY3PY8OY4tI1BBslUxaazmG25R4gYvhAbFM71iIflHULWurMcS\/Q+H+Y91tfu2nqhv+F5xylmOnEWLQQF5FiJmgEfFbaevNfwTh+s0fG\/C\/EK9O4rGfmg3JPDqu5nxMYOb8h+y66+I7iPVWPAfAdbMx\/IZlHh1g16idkZLdW9o7dL+Ibi0Yzg\/7F8B2kdd4\/isc3cS8Po6T1PBI2vLBys5RZjFwzqYzPq5fEfNOhpafwtrGcdvaHLMUrqnEq6Srq5TJJIbklYTOZfgNzudTcak6mpOZlQaFDnTt2uio3X4IiUzPZRCZgJ0A1RV6B4PYO3Dsr0kZaA+Udq8+N9Vjacy\/o3yb4bGx8J06zH3rcz+bdlV+pTN0CANUEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBAQEBAQEBAQEBAQEEqB0QS9EFOZvPE5niEHAvSLwxsGORV7BYSjlebdVpTs+Efad4fGnvabmv+riXNlo+YJfHVR6FSJpkeGNFy42ClrSvVOIdUynRtpMIiZygEM5nK0Q+k+GbeNHbx8oy0rOVc6uxp9\/ZiNgFjecy\/CeM7udzvLe0MTdZS8+Et1CUL+aJhFtvFWqlMzxVohSWTynhj8VxJrOU9k32itKxl2+F7C2+3MV\/0x3dBqZaTCMOJHLHDENTtdacPo9p0tno9NOKwky9i1NilOZaZ3My9nApE5Rs95TXrms5hqXEKgZR4sJom8rJdbfWqy\/DeZNjXbbvrpHFmvuKzmHhVUzZZrwgiXtJH9hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBBCyCCCFkHkZdD+TsoW1RKWyH1QABuUTEpbeSHZC2iGUtkTE+iUjdEwlsiaoKcAmCpYKAbobhERMwq09VUxfg53t9zlMNK62pTtYqKqpn\/DTPf73JlF9bUv+KcqYHiowzRaNUVTAXREo28AohCLR4KVUw1RWV7l6mNXjNNTDeWVo+1HZ4bt53G809KPWYemsuQNhpGtbs1oA8li\/qTbacaelWkdohkm9VVsigi3qgigICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIJUBAQEBAQEBAQEBAQEEqCB2QSnZBKUHL\/SNoTLlx0rYweyeHX8Fand85+0nazq+F9cR+GXBzday\/n+qUkXKlMMhlGlFZjLIydGjm+0fpUer0vDNGNbcRWfq6fiDhS4NO8G3KwgFXfQt1aNHZ3t8nK5HF8j5HG5cb3WMvlUTNrTaUg6rOWiBKiIT6DT4KThFouFMRlEqtHC+oqGU8QJc820V4hWlL61406d5dPy1hcWEYWIwB2rhd58FpWMPp3hnh9Nht4rH4p7tC4n48aupOH0z\/AL1Ge+R9IqJnL834zv8A4tvg0niGQ4KCTsKkfR5gkOzy5nFl5xYBD6e40IUuTzhmLabTyVSX5KvZKTqqS0qh5Kpw9po\/sIQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBCyCCAghZBBB5G3XQ\/k1BE8IOCEIEInKUhWKoWVVkv9iCWyIygQiapbeSBYIFvJTyIWTIWUVRlFo8ERlEDRBFoREpkQDVEZTNGiIRaBZFWycKKMVec6ZpvaMl\/1KtuIfp\/J22jX8Y0on05\/g9F4W0NpbDqsX9HVjEYhdN0CJEEzdAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIHZBBAQEBAQEBAQEBAQEDoglQQKCUoJSg1XitRtrMr1UbjvEbHzU17vB8zbWu58K1qT7S8xuHK5zfA2W7+WLRiZhIShDMZALRmAc2xZb+kFFfm9nwPEbqM+394dGzJAZcvVDRe4BOil+48T0vibDUhysNs0g9CqYfKtPthJ4qkw2ieEG3UYSAdEwI7Dz6BWhS04hvnDPAewgOJ1bO+fYafmtKw\/beWPCfh1\/StWOfRNxLx\/7nUDqeF4M8wtp9EJl3+M+I\/ApNaz96XKnuc9xe4kucbkqH4aZmeZdH4KMd9z6gkaFwsph+w8t1n4dplV4vFwfTNtpb9KlxecJnq04aYVm\/IQlvuqroKMD2oof2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCVAQEHkXYFdD+TUN+qCCCBQQROUqnKULKExKHkiMpQgW3RZCyIhDlRJyoqNHggAeSGUQPNEZlFECIyiBa6IlNpbzRVEbIN84AQtfmmSVzb8kRsq37PoX2b6VbeJ2vMdod3ohaBvuWL7oqoDd0EyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAggUEEBAQEBAQEBAQEBAQOiCVBAoJSglKDAcRP2sVLvBhUw8rxv8AZ2r9HluuaWVkrSNQ4rd\/KmvWa6ton3UVX5MoVcMndTVrJmm1nC\/1qcujbak6WpFodhwqRmIYQCCCJo7fFS+pbe1dxtsf7oc0zJhs2G4nKyRh5C7Q2TD5d4jstTZ7i1bRwx3LcabKkw5azwlA8AownIAALlIhHVhsPD3L8mK14qp2EU8Rve2hVoh73l\/wm291viXj7kN7zFiNPhOGumeQ1rG2Y3xU5fvt5udPbaWe0R2cXx3EJcTxKSqlN+Y6DwCS+b7vc219WdSyyPioc2XT+CTXHCprjTnFkftvLMT8KVDjBIfunDEQbAfpU8vJ84Xn9JrX0agToqy\/LRCUa3VMLCYHtRVf2EICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAghZBBB5FXQ\/k1A3Vkd0FVIpwIWUZRlAjyU5SgRuoMpbItHbKCnkyW0UYEN0C\/kERygiREdxEdho8EEQPNBECyKot2RVFAUxA6H6PQ\/yvVu8GD5qmp2fS\/szj\/xmrPyh3OAWhb+aFi+1pkEW9UEUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBKgICAgICAgICAgICAgdEEqCBQSlBKUFhjcLJqUNlAczmF2nY+9WZ6mlXUjF+Y9nlXNFhmSvAAAFTIAB07xWkdn8m+LRjxDXiP91v6yx520VnBCVVWhuXDPMDYZPUKqTla78G4nS\/gpy\/WeX\/E4pPwdSceze6yioMXpTDVxt5iNHBInD9fr7Xbb\/TnT1o592g5lyhiGHTudTsMsJ1BHgrRy+eeJ+XN3s9SZ046qsA6CoabGB99vZKYeFNNWJxNZ\/gy+WMr1+LVTTJE6OAHvOItooxh7Hhnge53upGa4r6ulMZR4PhPZMLY4YW953ioy+mU09DZbf4dOKw5JxBzC\/GK90cTj6vGe6PFS\/AeL+JTutSa1\/DDW\/wApRh4xqeqhPzdV4IRv+4sjneyXCyP3flis\/AmZWPGcuGNRAjQDRHiecM\/pdYlpzttEflqpVVYvdMD2ss39hCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg"} +02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184953988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184953988,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} +02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184956858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184956858,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} +02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184957465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184957465,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EkAAPgGoGESQGcewKgCfgBQjxzkQ34LjUA08oAQAIPdsQAAAQEICkYs\/7WcUadKHG0HgvgFcR3V5iQ7p5Ps5AROyWEDU6p2YcKkT+Hr+JCDwEYry3UtlC1gHcTeF96wDr0Zrc5tuhp6t+feNIPR6orwZJSzbHDhr9iofU2VvC+zwveEB8OhC+1BAht9GZhE0TVE3TaYrHXgeLbZWT7b90Jd8\/xaZ7cV1KT51TV4t6dYwT23IMyHkfTBAcbMS0bzcmsCOqwjDWNrFn2DY7ty5D1Sz4IBB\/ffjTkW8nPlhGF0940W086JHOGyxG7tJBNhyQVHR1C5dNvsKStknNel5UFe9DqBTu38DQZpj6gUnoRqqpqWJ0FzM5lJeAMHoiMGzbrERKoR7dZjFb6hJQAa7zi+5FN2iJoVRE4QorV1JS0yighMfN91s5f3jWt39TdNbrmpFukzENzb7V\/ByP877T6Tug59cjK2lao3Qrrjgqju19m7nJAuy+9h6KxNrUcTszzxJBw5Dpi1G2PBmkc4skCirYTzRmre1FyBaklBL+g5gvlAEmXGogEzVsxgXpLMpfqgJDDwK\/zgWmWIceM4WJBxLP\/7\/f5oft1IDtg5Ng5DarvZEGllqXJaEs+bNkQYNjAlHTKlMr6AC4Il1ZxgCy1b52a8zKB9g0uYhTFWd9Jc\/DwcWpEhC9FsLAHsx0yFqGgkIRrsOextt9bXU32xa5k60IHCPdGWjrMfRSZJxv2qe+rmQFdci+ZMj3aGXvx0t67Zz7ihfQzvN2zna7aayQkxbIqMkNqzR3jVuucysKOUNkIQilHFP+JK6mFMDHk6\/yJO+sFaOaKnFoKf7ffX2bqrFmeokmdM2nPugqulpkvlmzAAia5j0e4z6yG8HdphIzo1gicwGEKzAyCmAN5WqeyC1NkNDvxgMmq2DErteSWp98bI7NhBv54H0l1qUMAxXJQs79M+2XDnVii97jfgP1U9YCrPzGBJ9ZW0sGwQdsqnfkaPMvkoo0coHbjYoJLqSaVJR+wBGWDgFH8ujE+eOIdV21qFWxC1EzCgnoe1mBGtfBWBPAT118Tn4Zl\/TnRnypWLy6iIM+iq4zS8ACzGs3mYhFeMAZF35UpcypKl8tA78y\/FKavhBSYVr2AHoz0EsfhEKeazBU\/k5eyUroCYrtTVUiuWAfXUtPSKUds3jzjCxmW3uktZXS6n\/oruqJ5pxjJWGgN9BAe+nXSxv+lrqj2Lf6eJXQbhCo\/ujyZQjM9y9C\/BzxLmgLxrLzFQ1lJeKqG1fyF0zUF4SQsYq\/YTmqJNEGo6hG5biPeihS8lcFowzKJ3dIzmnKBtJh2AaPHgrUBz47wCTUAgnLHzzCZathNfOnGEdtQf+GDm\/WV+13F+dLl1NHM4HsulRANocuHNT4fEY+wCn873wMLXRhUPc3Vh2V3eWsQGzmlvlUYe3h5prUYaUAeop0Sp0VGgzARUaWkl5ZTVlB5q56dsP4PAEQXtJDnLVTQc1tPqGFuu1WClKpHCIdXVU7+Gky83z1fwI5fq\/yNRjybGyP6aT7GQlgEEx6we3ZPVxbTrQs\/bOeJtQycWoj6mTXdhqqylCRb6doFYSuqxecic1W5tbHO0vRH1zg0CkepDszT48b4rQLkP080uIhG5\/GYh2U5ChqeRd+QRKqEu0gY6xy66ih7TdqJFp7XH\/BfL8ZsH\/4CVAAy+PkY\/DiMpSLoiOGxJ97fb8US8tnuPdzMB0OMooQl7wXY+eTA9JWB6rXXW2KuzU+IATmlFGAvQFMhVhKk\/fbFoc6qyJv+Bv4D2ZfA8mK5oLZY6rMfKX+CjF6JmqxSexYW2HUBnfow+BjsEkKCWBys0dni4Ho0QUudCFw+YwRhGp4IKortr0yNqrVCtrQgbnGNiHWS2vn8kacZT4J0LGtl2e85\/ffxEt6QsZUMb5Zywy3mw0yhjI875aAGKPncyVa2HZn0n"} +02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1602,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385184957465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184957465,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EoAAPgGoGASQGcewKgCfgBQjxzkQ4OfjUA08oAYAIPEhQAAAQEICkYs\/7WcUadKOHjk4f+6rBqqRUOHGph4HF0F4sJE2irjiiiXMGE2Alj8nfgoXouH4g\/xp3gs3oiX4oF4IR6J5+KVeC++E0\/E08irs7\/+ylNvOLmjo3qLZ5GNLid+pHX5mf59HxHTIz7w31\/470\/9Cm\/GSdTDlxGQzdFO\/BVNjo+\/nIh\/EgHT1db\/Chi8Ff06Xpdr8Q\/8QvX\/L33xG11IG4HfO419JjAQ1B2ww7Jk+4GO1g9E+EPkqcgEW6lcp4ukvioW22TTlCsae81X7N0EfXRV5vV2CRPo7TKr4dm23Erb+W1WnyfrbV6W6+35Jm+ydZ5uaXTFFrHGyiK\/2qpAfNTWgl4QQ52mkTc7Ofl47+jkpDk5qU5OipOTFQwv6IUfhyf033hLJS5H8+3sLZU8OhrR3+RoHgw92EgQuz7zhmk69O743rCh34C+009md97e2g7+nsdRoB\/F4W3f1vwWv7fnwZ3g9vbE67448fDmxNvqqoOtrufkhHpZUfuh0+zJie\/7\/3n1wbb7xg9ozPP51hsWqPpOsB1TwRM0DwsQAKgU6fnoDM2EdwqVYuuN91Z2dci1v1U1zwPdFNWqCtxS3ye9398R6heGTv0l\/Nn94d\/oLe4CW3zTLh6Z4tSV+W0a\/p24NZ\/ci7z1UZUGMDfptIoJv+XBBSC6fvYobL39Qi8IvX\/4\/MHr1+3XNHKnAKH49mv1bju7M8f7B2\/e\/Bh2Gi+oS69eP\/7p0cvuG3T24dNnzzs9Cn2GfmbdtrBw2BbNGf6NcENMOUep2JarEccNkYCk5wphTrblckmrOBvSLgj8k5PlnaDYOhCt3ugHVGBIoGKnluHGy2g8MAvoDBi75QeajVuqSJGmy1qnPupbbbnYoe1Z+mF7SgOTw7Kj7AyE7mjrLoOY++\/2zY+j2VsawC3Vyx1siO6iZxwsRWGmrQ6Wsn23aZqyCG7dzcQaBc9Olrg+Y+ult9fz4cn1SX3nZFYw\/XNwcnlXnKoKv\/BnwCU0Pf7JJf0lYFAPqDpxQaVmNLi74pyuaMue3D0VV23o4+1Ju3OZjFbz64n4ZieHEm\/VSGmv8jgAy5dtWyjL8XtHHwnQRt98\/fWX3xhmbsBuOkXchNXxUSzF+WPY4j08S6qHiPNVDfmLIOx9ef\/+5Gj79df3vv1GTI7ufXlYbb\/+5st7MKt51\/IQfADrK4jB9CH8a\/SbPKCftUKSte9+nT3bD6cyN0SxFaP9K7rmasNfdTqw9on1D9VqKlSrTeDKI\/bkZlYHN4WIUCrcmBSZGm0bDrPd7jJqxkrjAtu313Sb1b9+\/7ylnDAGCt1QD2DIutEtNNM+gC8wAr+1Bc078SBiQbEh03p04TiW4\/22wmfuwr84PPw2ckObQN3X6Uzsv4gq8Sh60X0hnkeD1\/6LQBDv8MI1OeSganR6K\/\/8Yi8+dLz\/CHFvZaTQdymszcMCwslkccalUKFzi5DRtjgR85csyWSBch2VvayajEmM6Ytot4tBrxMCXiO9rrjsFdLdVLVrF6Dlvw\/Lcyn\/hb\/m4KZgX3eMV+t+o0ZpEZ0pAf2Lm\/Qf8lOoa\/q7+KgdRyyAFuepGHTqQ1Xbbd9T\/2m3m2gr9hXL8uxRhzw0oVkZbtsKpcPD5zbAVUfXZC1WipjoRyQaJDSi+NJ2MzZZpGYDr1LCfKaC3oXa18QwB78LQu2pakb0\/6DZviigpnkp3d9\/JrtlpgGQz5yw6qiwXGLUD6RxL1vQuxzORzeq50JWlNH7PVVPqo3WumhU25IYQ4MbK58aK3klspkWxvMGYtuihZgUl27FkNodYadnhSmv7rw4CsR\/D0rb3zw37m836RRhqPMeo32FP1Kz6OzZ7sSxTVJ7m+7vTxPy0ztODqRW7+nQu33\/+G5y\/1iSJvbxCDzM7YPzms618nKRrKm\/aXSb"} +02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184965477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184965477,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGm4AAPgGZj0SQGcewKgCfgBQjyD+smSW9c2PrYAQAIOKbwAAAQEICklV7wucUadQ5ogdq\/iosAYQHnuYoAkvkdnGEx7sgfMQlGGrFxZA1yFkqy5MoicrPqJw3gr9hAgjam6KaAwuXrhWKQF6GuXGbBvVErM+rqhTqw0S+mOoHLEY4s4FqWJIQ1cT5cQHITPEUA8NmsKXQx4OPNTUF1gsmkFJG+W9FLWdk8qI2aIQV\/yYMeSGTw74FvYOMM4DyYjkedi25Hlaxn6nKYMGLSn2thPUrK2WshGdhHAxCSxIaZduwRhEPOo4bZFCUfAig1xMlQhT102Z6\/h1jyy9Y2FOTqxE4We1SIl3jgw9N+ghK12R0K7udpiQwRquQJKK59ShtftqxFuHqgWu9ioVh2g7O7EbTedwRtJMXbm0ah2kTJ32xO0TZEG94g8bjMzkcl1m3NuSQw+Jl+nhpxe0XCTzjwmTR3B\/Ayh0joMwTcVU2JgiBD0+DOZ\/XeBiYQ47TG1YlpfqWRWnMCzc7Wb7RbHp9OvR2Dc\/\/dwQkuEIkywFK3CRRNMAQasTEI24+xJG+ceiAlhwwXcWRghi2LpCgYAXHIsWQg5EML3sL0y6ODzBfVQUS9EEMXT\/2DwkfHfhkvkhNgQM4\/HEWo2BJFkgiwENsFXve6AnZRxrdslQMuUEOyqAwAsg8ZYXYIM\/iSfJEwHuox95SJebwd6lXVS\/GZqiCrX5qldHVAhpCpb5CVC06kelCqTHtkKWudqMQc1RbGEIfFZhjmJQ86si71pVcWKFDatzRg5mMPpjAXegcI0htoQUKHqgjP8bD4GhWKuktB2K8eCMtWlkSJoUINAL4oOUMURQegH1KF0FB2ahoJCJ9vVZg1pKEWlCBA9EE\/oz8327GODGRhfm0Y7ZA+DkZIe4ubBhHXkA10YPFILhA+cgoMIIs2nF6k3Yg9gZFOzK5gseWgqegfNZe5U2cULZfTDMGvNjVhhkqLtrDRuG2aoghuLXZMY5euQeWmygK9GtF2hzgV6OIMtTMVTz793WI9WGVpxqcWjE0WCzJ67\/Odismm8FSxIv3cjWS2JgaDe4UAykmF1npgOZ8mc+HRFFsJsZs2nokg1Z9LbmG\/uS8WdEClrpbQGk7OzCpWqnz5pP\/hAxjot+MnBHFeI2gNKiuSjgHGzxUDpBjyR1KRIjWvfIoEeNcasmZg8vOsgdBlCID0kHWcB\/Wnhg6hUicCWIeMDYHjWMEqAMEU+sW2zvpBSItTGVMR\/tG5FDGjnwRbCFQ7H0Q1pyVsYKS\/+bgPQMt6tmN\/QQSVGaqKzfqW73JIcui9eEBVY+RQolSMRVEuLfLL3KcnHV1htUZmHMfXn68WLXop3FFrRIv4ND6JZOBmHJnH7V3piuFJLPipHp4rFbXPJLpaxBs25dRRta2P8nbMKHH8zgQUJvtjGbPG5Qoas8jKRpOG9PfPUMkNTkQdcI05Kq69VlOXml6It2UQduxJOKGs42T7AhFKJPnmjEuxpFJp7Qmp4cgdGB8nTOxTI7UkGRz6h5NUjZQdDvoJgOb5wxHz6DtpYAtRljv5SjxwtRvetqHLvPS5dqQEKiklws6rQRJRJSgWJc6INl2LpQ2LwzXIzDrxG4KyZkZEea\/BhiYr2lFa9kOoKUxYVoH6stGFraqU0hCb8OxD1kbuo2v4FqacYgYMLVetH0UaKQShTjaFivt0JdBLGUcYiCviMaxoNkPkjpNksgTJENrYzCczP\/c86QKZuvwdgwNCEJas5+M0FA7IwteDjfuG4H+vXhwzxQy+RholpcIZkEH3EYAL9KvuTKixOHHulpoYKtamwQolbV0LFtwXQhkMOgP8lG2b2ZJ+IUM0qTnh19rIOITZJ1INZMWCLVkUGyGrTiGn00YVvPbzgv0rlIYYoB86xhRlni1rNpEhZn7dSqR2Gz1MHTVgUr9qKTdXDaNCJWayo2otmdYEEv"} +02463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184965631,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184965631,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGm8AAPgGZjwSQGcewKgCfgBQjyD+smoq9c2PrYAYAIN7OgAAAQEICklV7wucUadQJspEi0CUOOmI3Cvceu7ZTiQFwaD38Js\/p\/xjAp0j4xbiQNQqOyBYr5L0IIs0msCoEYCCdXXdrZEsJEixghP9dW2haBiWE90tiwDKNL2M4KmVaiFSazRQsJxUArOXEYbM7Mk6ouyCMoHe6uCJlL0cyZtIWWKhOIsm6ZGti94qIbr5CNRdSWJmU6uEfjypNj3HPKIJZrjuhyY9Cu2ZvINqzgm4caq8NN3Ol4TW4lXCpbPWwUSjgKN85uSLF0rMSsFoUgIprHQPciOblWTBOTITmrFc2UGRtjRj1LVRrpKUpZeVdZN4RSo6tznl0hQ9q7XjysoNU7sPtQQAlDgnUfNPxezctohspJSSaW9icUrFWCtcwLVCtqHJjGTqBf27OmPKKfkfG7cIR1palknv7gysOseGXawVw8okfeiTbShNKrQNzQwd2ZYaHbnsqalY9fIprU9uopYlGr1jz4QbdlC+Xlck6sWEWatNiYA6+mqPGc3WxcuksVBq0JSEfGbpESVQtev4ss0yFbv3Ms4MrIkJO6ZKEVHnOGm7baWoO9oDVS\/VcNqDH99a7piWhDvruNwEIdqktI2GDvEDR2MN+cRA0Drq2ZYeS0jdoQPJysWM8ZCqw7r86FgOTdw\/86RtBT31VleuPjz3IVXMyFirKDF4+Ve2++jcSZHmoXsDy3mQyZ5lCoCfRHm5eAd8ygVLOOwlU84ma9sRJJhQRw9RlIV4BQwStxE\/P+KYRlMT9C1FlrETthUtJn08pmc4CQf5Y64MMSj51HOUvlF1VzoUdG8NWiAa7kb1c\/rFFRcNASFdygmZC0L5oBNNcpSJ6Y5SFUryQF2kzJmxJdUKOnuoLqK5VaUVFBbdmnQzhlj0rxhHV4LhD6zUnEEjQZxFlZ7wA02LeOGLF4IJOUw9qRdPJKkaNW6WtEkbh+a+82HiCzidkwS8ebcWJ1duWnUmydiJt3assevDFk\/X8DFpDcwKd+5ns4Xkhm+2jDq2\/WUCZkq2L1gyzrz9ogyVkhOaNAn28stqziCDjsaLoBQFnh0+pIlPsszStPAV2eh+MvAqccRlLZAYHODR6n6NY5bf+BYIuf9ITT+IIxa\/4VN0UVnUvxrRwoIlUSK0sQ76UbEaURf+evWxATWLaR8y07ulM0Caqds3CjhoCOii7C51OwgaSrstoDBZPcUezxEXmVHSiwlGLx53FAZqoDlcUPLsr9gg2Flf6M1WdfOntS2Jtlu2fbTnz9R9PoHpWfgnrlmDARFCtPhHhajELohr\/Q1PRAY9DS9EjCigt3tqC47UwaU4OoHNoTqRBJDQYjzeR6HqA+79NTpFmHOJ\/uDYfkU9w\/cYaGh2Oit6cuhN7ZwdaS02Fd1az6abPC9BnFbpndrIJxzSL4mmYDMhHhJ8SM3hs1Tpj+ZL\/gsL6Q8PBrwU8cvM3h5+HrSurDwTRw3amJUNhKXU8BUtCpWoiQqzmmxbhhYZM\/XEqRfDnhULOCEo255OrNwVCkUI7kOsZimTiobTTVaISLkpB7LFs3KqMfOIT4bdyQFmwlVZtGIdT8kpJbgMVPYXqYzaQYyWDPRG2IwaY+nqvmsyj9xZ5oXw7iJkTSkapYZPqKt4i0AcaR7dvMEaCMgCWyikf4axtIXxAc9FMUBUbO6Gbulb0dAH+ywz4t4rgH0BUbKxsq6DLVrxR+Dz3QoSsGslYOjRUxc2nspxMWTnKnbO2+WaKGg1SFoZL97KgRsxHVZt6JuwA1BWIWn7WEPJHy5EWtPF0sCx6QRRsnaDyUNKVgC0bIIsiHciEQeN5GvYNZNmOzanRtRwJ2oP+wBB3AiolTeFEWodeEKa9Vx14liiPDCIQ07+AirkzEaTcwWcI8o2WPc9DCGHQ9deUQQrUozjKmsmbQrE6aq9YqjpDlm0SJhe"} +04415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184965631,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184965631,"pkt":"nLbQ0+MztKXvZygQCABFAAtcGnAAAPgGYKcSQGcewKgCfgBQjyD+sm++9c2PrYAQAINH0wAAAQEICklV7wycUadQeDBsGDjWK+q2HesawiIsoHVmQyJV2Fmk7DUKoRgn8yNEcg6P+W0WiswmfBXOKzBNQ1AfeiWpEvkKGJrhul4bcvZZ2h0JlNWmbFuIawPh2xtqB5EMgm5O9QNnj4ZmLBf2WQOSnMOITWYcq8PhpcuY8oMFGuxUrtzDFlvr5Y3Y1s2bKV6A8s9OnE1l8pAyHFZKPYvKgrXKpUhxpudAq+3A8xDH3ZGFo9s2ocpGLqnZmEiuGoxmHhFoIhtcL+I2+3pYFMfLvP\/Gvu1j9ALrDOao5P5BYJx3t17KPqzhMGgJMsd5SMd4Ii\/Mmu4cY0D9tmIifrbinfteDRGRHxpWn4nyGBvHFqod9saOpHmCRYPKBDKrf1mk9xMyiMVFuOnxvUyLb1C7OnVuh9lwigxQwpwVruTBUr+erBpAPOesFMKgIrvrmDwRxKcZ3N+JCsetLlO3ieXhhjOm3cfSN23Hh2vRquWNJto7T2wZNK660uhN60tsJOQztTWRxLnyUVdJ\/aCEnySHa\/e+lEdADydMM58Iez8TnohNxjxcyRf7WQdJq+qpy3Ycl9v7tppi2oe2kuPrEdnOcO470CREw\/VEjVrFBclYA1Ww737jGT8Vv0N1OFyK0VMPhyNWFDgyljh2qfcLbZacwgJpGU48AEgdJDjrdKmbht6XSwUnyKmX\/OKEOXUL8ORz8JhYl\/6Q7mPJIednWICjQXfUdkzORXDphQp0Dr\/jso7EKhzY4uakB+8TW2CfBFCGqo2ZqUvXTbQ7tjvKpO2m757YATJIx0h7Rm17HFPz5773dR9t5gns5DB6gjzkZCT9XnIM5T9rkH+Q91sJpJtKXmD\/aClngQAGO\/bMMU79KwlXNa38NBbVdHpDMhD0qIO6VQ0EnhwTuG9LXnBDlbnKMN7rfW+J9fb57QjeOKmPeAM0W5Fq\/1cnRPjFtbjfMrLNKrwbXTvECY1+hNvqvJdD\/IW95nDlNz5DsYnfxtFz8LgIyWU018NVqPMG1peupRu3v1fYeV3Qet1hRyOtOZa4HtVt7JfcQ+qD2uJ+gV7mNmtzc7BAAlU3Uu3L3lQIKZYVobeafa67YCj2HODZY5uyBZl8RlMQ57y85rVqb1q2Njf+4TWimDfX4XG3AppEY7QE3padbPu8s1I5gXyTU5PxvXyPpC5D92PFhO6y0+sOyoXSDeiwPv4QNF8ygxh2iGd4mKeVZvllEZO79IxKb6E+9q4nZBXLxD5yfJ\/sSUlODhVl5zSn5he77HCElosxVasWUdQne8Z2nWvyhodwmty4RqmUNughE2Fmf3DACE5xFaDoeA1XidymkNEq3YBqO8MtuIhZKzzHJXy26mmEvOp9NE5nitcBGMNjfst8IxaD\/nd1ttb3PfNCz+f1O8Pv\/ztgL6d3YmhRqADi1iMGTD5YdvfYfvI46kY\/wMln+UUWXmvpqNOVfpQaPBkjlkV5oRt8BsF5ShCNoW10ax\/I6opx63gHiShkt21IbsFXBqxqmNzejyJo8FmOolUnxTxV8MPGgfG6wsR+NCGNz0WPyeHEd\/NbGPgVBXZLj9XeZ7H\/fxHYDov+M086f\/JOn9wLLrfKqR+5LnO5pRuHm\/6IGKJ1U8Qrz59+aob72zqC9r6g\/V+ooC9qiP+XcHiCDmTZNl+iI3noSjoUE1jRh4vJoQ5ci9aH93UKvQZxOFZC2NEjvW7QDeoxILna3Xvqaxn0tvabXxG1zqwNRUDMESl6I7bp\/hCvYaRLhSpoS97MHPk\/eU\/dTr\/w\/8Kb1XZbmDwdnu2x6JUdHs06r\/s2gQUqXtu5WedqoUm9ET6MzvniXPtKfP93eqja1UH\/U9HzkvyShtx2R4a\/b4Ge7ZlSfMdQelIy3rcdTW0M3LVV3aIp3kW+eHusyTP0T\/f1q8PuTPJF4PEW+70JyplHTyrn+JYV\/i5SdRWQ+CsW+nQS+TeYuFfJ+Ypm7Rmmb+mWd3YVfpxQHHKfnH8c+pSt5BHu+F316LIcwQat9xhBxbA3erVLdu89mxUMfBdWB5y0aNZ9nscvnT2CgdT13UY1mvd671FO1Q1pfbG6Du9IH8HqgnT6kei8FMlfuHB0ZQsZeZ9UnOj64bXR5+h\/DECfBgP469UXibTv0qE6KafqW82tp808PXfCf7AL2XN924NTb5JObNTTP0u009MeXBo9eXNvYbJmN3V3edKacwzaqUzIpqrpoZoCv77NfbYv9xc937jH+RD0vtwueLp2\/9shlgfSOZsu\/321egqBnw3uF7\/7cKG815Lxsx8Fya86RGYOAAkIHFZ4zCzUsfN1EDxhQuZ41C0DSquMvVn1KcCmK\/2S0tvrUpSHExjj7ayzaN8OujVmvvwVCsSeQRSvZN6xeNKiSKc\/K6Grq9n5DAnPwxeG97d8wWP+8VH3LmuryHzoHbSG55nRKZv7LCc\/kEVyOfLqPmqDw+U6h6CmaSzXWUdEZ3N30gePzG7nPoLwdHdwDfu73BE5WUG+79QlKbTtyt4ub9sjNtIZP3CNGY9ptfDpECTWh6IvX9PW6NardmprTV+4+LpSq9Z26bfgp2SAiA6dhb5pbxnX+IogmE0JwK7\/vl9FDqEMRN\/73F+K83f56YHP\/buSr+yfJgGnefn\/l33z+t5u0PH93xePDDmSajuKQ3tlAbTbMwwdbjAtxqwlORpIb3A47KLkZT5eNPNYs0jBUbyXjobBghfagN1C7oq3Hh95XtYF+03JOLJex+LAlzGKL2zXsSH0fypDxAzg8eDwPZSwOQePFwQ+WrgDdDhCMCRcBAWI7PcKrWvbGTHUu6Py21V6+pwVrkp\/wOIXQiUogkSF+L6EwTWvuh216yvkAPp9GZCWxQk6loekBUZEBT7+EnYy9oFVHqEp30GewVv8BdEPB8G3tAllwY9x88VvAXjK7gJDkTWMdTK9papGONxcOxjn8r+Waz44VgvaXj+w3FacSaCnCH11ylk1nbCPzWTNVZFr65o6AIFTq6voRzwcE\/sGHGS0vOF\/ICphJ3XFagRuDy0DOSHrSzEzOlVw4+NuwqTtRmVSG7ijs9kFr\/Uxzs5U6+Ay6nOzumoi2xRqy4Vyj3H46IkxJk2X+m98Clc5Jzl4j5UMOKZJxTbrQGJPt3Y3g7ydhypNhHeZ42VHCA6cVaPLmtst\/7Zehgaq11KlAg6eZAGi+c1QEMiBHwkjj9ADh\/zvVd8T4A8Y9gQPc+8aOoVn7ANcNPcynoDBG3M+hkooKLMzoadnWN8yE8KeF97NsLlEqwNZvXspHUxmnarOHhfr3W+imMKs3Ol72d9tTxbmO05+tIrFYWSuutJ5zY+3FIwy\/vWYDXCX91enwdc9R\/cOk22MNcRp0do\/8wWzqS45DZ6\/Wu128t5qRfgnvBE27krwggM5sWvon9y30\/qy47C4q9zUhC3mLBomHWNXB9wlZ6cx7ebxKmh1iDZzY8mlbwogNbO34zM2wzPkmr3iDS+NsxHEml0VFxHyFwdL3ibUPIxpHUDdbhCwW8y1dgB8hbBwQT+taBLi56By7WgWJP0Hu5qEzuYHvVzQ\/HVN2\/093FOgm11N2f1+hCloXR4kcX382rr+WdkuYaSd0FxlxIs7sJb6M\/iOgrnVI9ZszvarA2UGVklnzeZlS5UOxLdVdVkKNo5cmzqxfDixbO5HiuZHiL3nsWJNWQ9i12211LEq5d4qNLOiZ4eL6Gu8OVFn7Wi+3Gg\/nai+XKg\/\/Tia2R9u5J11z2sGL5W3GwBJGsXjGyWJDm5rWdcsXf4LM13nt9rPJ5ou6BT0S\/PXyjzRflfjvZrKrvqFWeQPzdNfz4SfDwSf9\/i5"} +02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385184965760,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184965760,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGnIAAPgGZjkSQGcewKgCfgBQjyD+snrm9c2PrYAYAIOtHwAAAQEICklV7wycUadQr3i5424voDvptp2SNxfM3TFj9waRSO6FeT2wDmHMo6e0Lk+ouc8oeBMvV6Q8HTT1X2C8qpVhvQ5v0Juob7bvNtU0s0\/guddeU1jDyKfF6vNh8vO8awfwPGni4Pr5su\/Z4XbnoM\/ZZtms69mEerv8bUFqYWFpe3cekv5m+WW2Z1MFjs5QMksFX9Mu1svgvF7AKe5VL7850czcsm3PVxs9XnrnP1APkIrPV1NPj8c7IHtVCO\/cz7sf2GDut23c3g7dPHE7EREfJUhOY8Zv\/\/PdYJcJXLMHVGk3EG+e6UwDPP+TkeI8p\/8hvQqiUK\/2wsGByMGkFrcSgLW9t+1K430zl4RbsfnAxaXoEuExpKBeMIWbiqhYuez5EE1QjisFb9DANoyA+jNho\/we9KLn00XAi04gJx4wzrQcUsl201I9Tw3kaYdl2n2JYU92yIcdlpvlpnlKkzro0w7rssuy\/K60oDcrFC\/TbZO0BhXyw05r3H1JqDcL7XGneb7A8t9cKWJvlti7HdZBl+W\/u1LEsFJRHzbawy5LxD3ZqHc7rWH3JaKv0oL6vlJKqk39pen4sSyzQJ5NFurjhtKLeKslHyr\/5bZHcV\/q\/4Hn\/G\/FPCyklxpCxb3\/DbwWEstn3aGfuWsKe09Yl956wr5z1ueGek8N+BWoDzXfinuT+C\/\/H\/BS+ON3uWshbrsvOfwXkC877NsOy\/c8S97\/9iu\/84R94a0r+PK0vW2y7NU+7TLs3Trp0vxS8xUtDgUaUzQ42LfIakAFQDOeTHgFEJVaJtV4hJCeMrujZPhC9KLvX2IIC2biu31rwrXaaFuaw8WLzCktac\/1asD55dh2b6BvBkaJW+4qNNDoe52wreIo\/rbaqBvpeFm7M4o2n81l9mXNa+Xr5hr22t64AYldAGSodi9Yk7vJWnLV76UGV8GwfVvzw1\/vxXq79oWdvWY\/TH\/L4jeJUU7VQ\/weZSBGOFFf68gdANJrsfLWdPsBKGo9sN2P5prrBkQCQzxRn6q\/TS+yz7Ojm5JoTAmQGOZb+V+MfFNzJQy07N6xbdu2bdu2MzEntm3btm1jMrFtJxPd7\/6Ac+o8rpeuWtW9anW\/dIfB8b\/\/7qO4H3bAQ7VODt67Ff6O72j\/MSGdu000uKF0cy4OG64Zv8d7kmbHx8FJ9ZvN8y91eIpj\/be48XXtx\/UzmEPd1+xzhWAewDBjx39ZrcrayIBa\/NZRpKsf+jy2BW9r+F7\/yFhIJuYIxsI8SSqWWrlEwmd5B91vt3nH6pozP8s0I0eaE6vJgRLlyoOyy8Fx4+PZPAeSr5n+4ufGlhXSVLFmJIK\/IL3UKl7dhSD1CU7PJQCCr\/gvH6JRlcR5AnlnZ\/xHriKtRLayy4IKQWHdBx374gQpvO4YhicmtyoHoSAH1R+4EiD1xinGtJMC7BStvB6jV+zPXHKaDvPlKqWll9tcz\/NRZfMqxnmPB0hv3eMQfI5Qx3a4SxvqxPPWc\/aCv6FA8uUO6tNJ3KaP4kK1e8mWT9ANv7BFwn8TbrXKLb9wfbK2syP3ViglFKXCW4AcQGOMq0eQY+K3YFehs4I1AqHSyNUXt4f99fWrE\/FQKmx9Zf0409+hiofLtiaY9Zo6n7W5Wn1eqKuekVd25zu8bvx\/Z8e9lp22KZ6Kvyv+eazhwWx32xqkdofd6UFy+7I5isT7vtPl+kDOZPOiwEPGuMUhbL5YXzFgdp8eTdj3OwbRUkTpeVEX6naL3GzDSqZu9vrsxypjEdyELvP+OWUo4mv\/uEbXyrps2r6F6L\/Fc2x5tRipDdvoHT5yI+z48QjP3oJM7ZHICz90AFk5p7jDhjRxRu95EkrwmR\/KLji+4Yf9ec0Ee80L5fQg2zAYIxDW3\/V\/ZjEEd771h9r6ILz5QjTE+AFF8KlRNZgt"} +06381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184968894,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184968894,"pkt":"nLbQ0+MztKXvZygQCABFABDwKKwAAPgGTNcSQGcewKgCfgBQjy5+eHC\/0XpgIYAYAINNZwAAAQEICvuAHVKcUadRtia3OWrUCi577oZVo7qVa1pV4DAWp5BUj1ylZg9HIVDCN9HY7AbTeijAg4XsrglqbYq5vDpykI6WdQmyzYmgrKIxhalIqTk9ryxzUznXMoouNDMlCihWCVviO0KxmTPE5KQ9+7SsAUrQi7Sg+qF5Pd0DtbjZtLz871N0tzex+ukapoFCrA7xXAT7EhUt7xIHEz3L0UmSEhywkGvPteUIxdc6E6toBq3MvO55kaYOGDx48p6ZBs0l28a6bJ4zQJDaeXlGC3OM6mMEiebMI1OGu5tfpXMjhz6Rp73wrdy57Payp01EHIjlCdRLUKOAPfFUuHBSZHV78nHM8xiG0tJng+sW\/lS+Ct4omI2wK1pbPk0VNnnDxoaUD4P9h2HGucJMMsOcLUiwYhj1kheWaGnaKjtJU86IE8hv7kMCVo\/B1CxxE3Lz+jqf+jgF8eENd4d4\/zg\/OJd9i\/VoLDYszM0GnwgrV6X6zCwUU8MUmHILsn1nKkxsK+j59rAslcf4WjgzPH\/bxH1Xf\/hRSG9h1GHU7F7dhqqMXd4GsfiUbI5KewunZSYn3sSrjPhasqzcbZWIOn\/RZGzSCzJrYTqkQVw\/T63VN\/xpgAg02on1ddwj7ZXVGqEZ14pCRJ4U1Nlz4GosQC2e4WkU56BxFokH+fTqlofOKVzfTTBLskJj5p\/BXxTGrZxWaisoBhtbb8NE8Bmwrx8kTZqCTZ4LizErphxTdyPZU8mP1LWCkBnHJ5AFAviY9cnU+ZbIwX1VuD6Djzu3WeCSXVqRfHW4ggvwWzYs\/gP9Jpl67985\/6\/54LGh3CGiAgEgcG6BGxY8R11bg8qYxj2WScXzuo0eu4ZJ1uM5xG3D3x7O7xmZSyQYoEmBJEeWqjVCrbHbJCcpoCpd1s+S3OYYriGysUdQFw3VpBOPd6d6s8rlqWwPuY+gRHRJgJSn+ZHDQFEafniozT+8SkWOQ5rQAe58UhC9CEqwUYXDjACh3vzGpLHKqglIUwlGKGW6YhUdUMwTnxVEN5X0kmoRJNoqHFhBmEY9BmP5+OU4QSH4xOI5zReHcNmGyhmg2dxP4TJYS\/MmkwxJ2PiI+KkAnqHY0xoTbdbyJKU6xxIlj31MxZNGm1P2mPnjEKvm91XbL88c0sI4gC4jtuPQowmsExa7xIVAWeJWpuywE2myad4k0pzsE5rlIj7\/quzGMwjIayYKok+aeditOgqCCIp7Kd3WWcNlzfIetdoBRmGhdKoVdXlxx6Ril9ggFuDcF856+Nzit0M9yvQyF4OmsA18wbuJCw69M9A30ml2L9fxmr1URKoZGMaExc02oNMIn4wHMUyukvZCYS9CJIMDWwrH2TSFMXvF1ikdepy0FG3vigcAcfOcvNka76wATRzD21xzyO4PK8NKUOWFMi9TYaaMjCeHjnWWJnIhuZfBFIVojlQlpoqbIHE5pMbLvRzrT+\/c+c9U3rDurSLvr05vZU3uuVvgIe07OZJ+6XCDm7ZM6e3AlXgcTZ7lB9Y2alCJr5832MZIIhz9vgnMVtPVR2xymBxqPeVZcUSF88ascPkun62PxmORsMrVddGtvmxECSlwKnz9ikb3r0H2wPbe3tafZ3F7cyBgLihy\/EZ\/5d7W1Joqcq+fgtXBF1qvp8fBtVe5A94Nn0XIHvFgn9MyRia6LxN\/jz9f\/HIPpXDHZ1GXH3N4vL3dd7OrtjcqksxUL3umHNivH\/h1fxXCr3B4fDteDwdZ8BZnR4BtwnVuvEm9fy8RDPZa+2xs6JNNIuYS8y9dWRuyjwc5HpIv1W4V7IHAPifgrbB31tyn2B4Tnow5XvNljMP43jsFONvtKdn0qlfMMIaz5GBmfmEIHi2aEF9c7kXvOf6c6i6Ho4r9L3d+4HGZDTbnuLyWbo3+d8pttm9FB\/vaZov5fj2DX192EQ9XsUgvfsKv3Ja8btDZJooZ10aOkx3Ed3hDWXaZbCq2lh9\/te54Syd34psOYJ5LmEwk3nTe4i3az2bTd4l+2aciRXCt22yvpFWFZmG4dqfUWGuh4d0d8vPGCM\/dw+n8C87fnoIDEau5tajR9lwluJLmT3qANwvwj9UA3CUuFhmuDC38WaUyB22P\/AW7pvquAYgVEcHm+38V8HiTF3TfQF8s4EEt\/nGyY22fP36vJaubKd\/Lsx5MdGyNzrJ4tliXSZuYpui5llx2rs0EepLJCRRIwShmOq8VTWoI7lFOcQdeigF7zyzJICt17FH7xsjRTNluvXNudWS8ckDt\/GCH9zCQHpYtg3FxdezTyW7TMJZYCrG30qqTTL+t4RxzpdY8Arx37bBCDZe+6M5fh8N5jmXukeeGZzYwEDR5LxLrYqeUrBd47Bcqg0Rs\/Nq\/rMSoXyvOWMXnE\/\/eA935FTy7WUl0XdagriM+8I8Uv9Zo8RSV8Ocrvf\/MuDeqHGNfdU9p999Yzx8wHts\/QjqrfiJBQUsKlURNQLYr+Pxph7vufBZ\/Fc5vbqMe6771nH+m7vl9rr0T7\/xRTBfIGGq5HXOdIsI72zo2UPXWY35vDp9ew0lf79IEc1BLyrpqu3PDc2vVEKbEvH2uDM\/5dotey+W3GoQgBt0gWlq1Ffbd0gncyJNkVhqr1BY0YCFX1p9Xt3n+lan7AYgIqRmRtW9l3rnzF0V5pCQfvHdgxXB0xAFfQ9wbnflmyWCAMX8Pit8n0B5iuplKZkVr\/KxKGyHieTJBN5FwzpT90P5djs1bFf0Rf5wxaz1asqwsHzD\/c5+F8LEBzgoPqPAUFIo1eWFKlRhO\/tbO0jPdX3mmk9v3XX+VlE7JjYbO0n4+TynxNb8a1NdLGruQGXq7oZGQBHzhz+I5lK2ng7Gn\/2+DyNJCCYfY9jv\/0f\/z6tnL6iOnCn3mqeG331Q6DtB\/rA\/SNqCtJYdWoge5Li+sAb2lVxB44by6fVRKjvN\/ed46pLkbyNsZjFTHXUOvF79Zmw7uPaf9c\/S3tr3ZetMjrlt\/xLflJbwBB1d6dGEjIG73t66uRtteXbuh5Wp2avHtn+nTVLsCXOSP8DYJa1+0xyJBIuyZygqzrU7nlfLe\/OzCF\/5Jru3JFrUqJ4lEHon\/2ra2fij+fb0Bl59y\/cnJdz0eb2+\/5fNYKtsGJz0wA+9r1f3x\/Xq96U5\/OB7fbl9vu\/sYjEpvs\/cPTr+t3+13XubW9ggXOahqx9tLS7q18deRBAtJhfvoo2y++aqeQD8R9KCF\/Dkiogsvv3klwo1s+T0ed\/+BFzb4qaX720zjbz+dx\/1wVv\/dSeZ\/O50Ptot9xN72sxeoeq0hP71AartzeTr1Uk8s8jX3pn3F5+3y9\/yb09Kjv7czFjwkR+nzjYfe7\/PdPDtShK8T6irCbJPw5MvzUVfJ5p4VsOEFuL2hJvpVhB5gptcWjO4f06+RL+xPxJoZe8c+f7z7khRCp5pn3mmgvHaZjWaZ0bfBQpSDRs3EnlfWIRIQ8pc4XuqHIMcZqiHcEOI\/xI9FPpfiOwRWf2DPy+D\/FHyp7KzBwzkQkdc5P0SwR0iT0x4nkVQetvDUn8aCBUbz09Pz67gcxcbm7b8uF39wTMBPHU+Ifi7P\/+hNKzSs3hcvw20bZ2FIuXH0avcL7oPC6lPKZSDcWr76jNpjNpYk8uYX+V28Ub+2rpglw3yHdxQxookD2isPoPuwD1jlewb2D6IctFdSIm+w\/Zf3xRxA6STk0UetBkkHLPZxVta55o7Zn73t00Cbpj\/th\/SK\/CY24Cj3M6F31c2E8hqIh\/lRaF3ld\/HVs3oQAwvz1NJVuk\/47Q\/0uMU+EwuwBopxSRIThXyjyXvoLpCZCh9cSBf3B2bo4ie0W7L\/GXVboE0OWenVZ+0PWurXvHK3+JX4wQCFwW55uXEloNP76fZCjAEr3CX4t7QaUA8GiLYxNBtH9UyqRTzuk91VlQ+YKR7WdqbUDlRusWV2IE4A3fsvTwckEmfbwuLqlwQqNCKaOfadCiMP5oP8B3JK6S8pGgBiG824Drhb2UOwvRo\/cGOIvAmSIuv4l02e1Zu7H2junWlVhR9o7oUreho5AkoQcNXeyj1zdMfhE\/qXLzN0aN1FUP4D\/RfkWJmQ4W+03nLiuqY+CDASxVNYX5eT+ctUzMJUH3tadi+YC8tIJmIlJp+OXhoGafcrEpHI7ldn9zuzZMetfuZcR07PEwoDQIptcPnDkCNMuWQ3CyHK9gM3R55O871qh1ISHtaMlHeVEvh5iCSEay9mGUM76LtJ8eB6we\/rIv0ife6hqx+ylA32SahXgsnDK64t\/kePph3Cpr2dXfjPaiJUAV13WxqT9PXQl307hp6+PciT\/RRalj7JGBJaKFxGUHOzbAKVzhmpAO2F1\/LjKkR36fJQTcFfxgNmgfiOmN+RfH7Yk76MvFabxD+2DuZLszyDjHHz1jrEG3qIbLRYwTpBT1ArOzvhebj4aKNnk1yYj3OLq2+VvDDPvaz5qCX2XE31vAtgSM4axL6C8crzfJ1GrhONX8E3aEt9LAqDfJNA5gCT\/nO6vaCMZUjttP31Fyg3rZ9badwXFpPhKFYfC\/WY1a+O\/+wBVEEz7Lk2t7x7Pq\/\/\/bW7t9\/vb3havf7t73h28HAbf\/\/n+Wl\/aJBBqfjB8vtKk0my+d\/+U1FOrn5P\/l9bq+\/X3K73G77Pk4NvMyoCFw\/\/xJB+OHwRe7\/s\/mix\/Xn93h\/tz8Pe5mfznd\/7x3O9+x356do2919ifP7876+sY+PHsvSLy\/n9a\/Tg8M\/Nuve+vJs2VrafwAqz0tudm60ws6Wl1QUXRXNCIBdjmGALJSEYb8MIIKVssOU2rYHxl1q\/Uc2MP1L9ckqLPk7nfNz\/ouOdgnQBtijNss1Ttm276pRt\/mXbtm3brlO2bdu27b63Jya6Z6I7IndkPqx82ZFrZebL1\/nESAKa8JdDiUY7SRKUv\/TEscD0eEmHfWnKsIC\/0pgDfqOehe3YocrFxcQUoNPl8ygCarTVURKtYe6Ufin5mjYNYN+U78DExOx1pt+Ut50PuSUIwem9tv6ysTrcd3Bpd+i62fotcXoS8KWKFdhCqKV\/P5T\/OiGpAvTW4r8W9HLFxlxzT0eiXngHhWOgJBrrhSEVZBSsaOd0Nc+UflCOS0RbV\/EYtp8W0zZKboYpUMc1GKXyePUpdjcllZCyFvHT\/9HqTJLUyyWDFnqWS0D8nJh5Y92IkMpZAVjhC9virUc3XS++Ddch0jMAS6rmEaxrSsvDUyy4AQsc7ZcCrKweap3zbN9S+tYy5ACkTim9ROHF2JRORwNYmIO4r3\/i0tXqapZ9J8SXZhI1NjuoUvUIiRdwJyV82CRoxKcIQkgW9s2o+Wzf4zha6sqlbdSZIUxnwP8x4zwbnSdR3rYj5s28EmcqpaXZmKd1fHYPicaQZA4wq7B\/8Bx0D\/i3RSKfjVRtWaM5OnFeo81rmnU6dTrVPVoB+3VX73mKiYh8B7i8JKvDNFfUsCKttEBpaZCxhNSE6pp6KLD70pU3pbqImpzPRHFILNbBJ\/u2PR4c7a2\/+jSfiQEc9VLWrcOTOg0o2FMfv0ZP6xAieGjq5Gvd2UINUm8bCqvZ+nW8TGy+nsya74sKOlBcAFavG1rdnqcc+EZrCIqCnT+Zu5Nrew28GwzbAN8Yk3fNZ1REgcAgnJsXnJvlYU8xcIWjidFkI+sFoS8uUPdhyCEveLesPuTOSqhVQd8nj5tPCaLePVWssKd9p\/AsV+nAJ4mMLEl8GAab"} +06365{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184969009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_usec":1654385184969009,"pkt":"nLbQ0+MztKXvZygQCABFABDwKK8AAPgGTNQSQGcewKgCfgBQjy5+eIF70XpgIYAYAINNZwAAAQEICvuAHVOcUadR+OEAbsaEV4ATs1KWNFGTmcPU4ah2dE6ss+8j7HasEYjyQ8ziHPOiHkIxj1A5a3PYkXlKr5mNKYD3r6jOwEB8EUYHESkmKncUQQjfuQcyaXe6+v3CpZhAGHSefk\/hCi3lXmAh8Zlr3l9WPQDHGS3ZzfLWAeS0\/eIMH5Q\/xCkJ2\/FKzVL5CEJFUMHrR9+nBartpqxP05ypzIuWYoty\/EKPzESUaLPvsACxjxpuq1\/EShw3xehTGP4lzW9ELxZo4ob8rmKWH5xy81PCe2ClfOroISutHqD40zQvj0hnRmWBK0W0myUEZVRV4IMAalDU53Qm4o0CJHBr8WfegeEqTB7qyZYAoNfSwv1EgIVkqmb349jAhaCVk7q7PFuOOZzkel9fx8Ix80FwYCi+Ikda2bl9y\/BPQMvOPaYpe0RMRQZoe+Gt2My+l5MoRv7hgdlLBXsuD2suT600hhgez9ouAPy6W2l3cGiugYJeL6TOvCuCaPEnNWXGkedl\/U\/+5nmRhjgGR4vHBT97b7fNYLG2+jWxOXIGyJ3T6nn7cy33on9p6RW3okfOgPcUrQ7uOs32YIxNW7s5UJ3X4LPxNrPJyBYoVPzIKK7qXFwGMIUDsETi0zXDALFxESgJ+vfd\/Qpqg8UeIWn0vCvQfDTaBiz2G5bFILF\/31VLz+f7kf3t8eOqHaL2HH\/BLl\/IlUB4UQsB0puS0Vm9N2Zj3qlvfNtr73ZJJ9GNfy6DqkemWGY66QWKyO8Q6xN13zxzNWEnm2ACzLoRMy4bM+fpP15m2LeG+DdezfkHUfDWFmQq5Bh5jJsKf5Z0zeuHh8TOfgElYumVfTCjzNsHNsZKBxRXnKaxChci4RywELTlmtnkxdieWYG6QFq+dAetgwUvzY6oazaVirbGGuEdq3txTwnbL3PS2+bi89k\/xZnllSwTG5aoSJ1ffVF5TQfV5i6PFHR4IrYu2tk+ax2FTAKrZBj\/DOU+CdLbxNKqj\/fPafmSaHDhg2H3k0OlcAkBoPd+FnYCns52k6+r2jXP4cnifWEX1biQB4+plOKZgd+oGchPX+MARL3eCzTayIP57BtnyaXEa5frcmwoeTxuy\/vdpJUO7lTEqGNEJgSangDUvgdtN+hREdf86wXhUYvrwXjaT07Pqx9dG+F\/wPN1o37+4ZP8r4lVBbspJZovHg\/4zTvf7g9f01m2bn6n0zOTqB+ve1y2Xb6L3D0dAy2tBwif9sdDGanumq+Koa\/lw34VcWK4eK\/q\/O1dvNwIavzop\/C781sdEmRuohjSCqPyalurO\/jlrNhM6pzLJdDE3QT+bsW4\/y6RyXPwuRMhYWfH3JPNsM4TQsxotY8tYPxza8tX0+1LiZntZNvB3CsNJTa5QJVUhwwS24pMRHpfSP9VqeVkbVwl52V414SI9r4U719W\/7hQA5xwPps\/4XdLR68iiNZaRj3wt02axL9TcJG296k0BxfZJe0HRGKjOcbVuQFgA13l7YrvP\/5uHbYRO3pSY4m4ZTW5M7YbF+OXzgaJhfGAOSvKbFICZhAMu6Tv9ULfJZnxyUnTlEy2Ejld8Fdve4qXCh5AacIxapgw1fzRLUvKLKI7EQ5tlJ9VTZqvnaV1yE8ORUeDjmyDE1lKia8bdRJ8teb5Xuh5fEJodTAd1kEiKZQk+qdBLxsXhVNnc21\/CldJSVD3FxKqRlhnys91y8riM0a3xkOOTNsYlHxDA8u0Rirfmd7Zqwa2om77b0FldUFXrq0\/btgCQtDK8Pv4uXd8Ui7Rsvr0h50bzhu90QmZ40ZxHIrt\/ecFfnXIcJZbQFrq7lUN9uXHkpkx0I8mcGsDRHN9S2mZ8qJIKCD4RQ29lRYx5yCVILHczNtAYQhE\/o2A09TGUmkAsWLqpyS3oaZEDBVHXmsu3iQ5cu0swcPeYxyAczTsWfOQBc2a5KlPPw93TmcxVuBqmBM2Hl2qi3XnRcr+Zvdr7h6dTASazwnchFdbU7BHqKkddBscp1K0W0wGZzrg9c8som0myjCFpPBelNTXZ0ZrdIftsO2AK+4Qhkztt8Vgq7aajy2AiP8Rtb4nrB9sp3F\/\/qhNoMivutuGtpAUf+7xAvJKtvf1F+j\/jvGB\/n8BPRY2Zv8\/jg9MuffyEtD\/wztC+d9l\/xvzSPa\/zKOQ3SVicA7Njin0LiEkvgDMu7IbMCHkVl0P+jjTSV6\/fJcCHLFdyMHWM5kF60QZoLU3hVh\/oHx\/HApnJUYt4yaPJaMrhdTPZdP2bduOUcv5pZfLDrZYjS5Fhv8Sj1YZ1ZneruygiHriTf3CnQtpWu+9\/p4isgXE\/nfNxFDk1JEPincuqm5rqzVyMsjZWC9SLyjO3d1kTPQTmkvDevqLJv\/pRzSEaPRuzI51uILUZD6zoTGazXVqtZ8UJXiCGCqy9UicczZRM+mPlLcH8n9vFdL\/3gNHEzcDR+P\/2bH\/pcZUHjKFBwUC+m\/h\/x\/U1nZmdnSG1gZGVvT2tmYRCnLi8DDY\/90OLykhqvSfWe8\/hfFfshKQdYNzIxAQyJKkqJCKxGhzoq6EssGf0bz6TKQLVgFySzlZh1AKl2MpO2rZEIX+BbJAF6IUJDJnRcyQkKk5WOVyqA8FqYIvSqX4C3Ki8qEB0wts5cUmxInpuOlSo9Muu1uu23uj5ABuP\/XfU4\/fz5zGNNCZ\/mrmU+JvmaxFm7Udv+B6qPgdUzEILH\/t6s43whh\/w\/LwsCxn9hFhE5Wp7M0nJAhCHCyT\/FSSP4Vkr21T\/lgzsmdCkk+gW+bEKk46gOIj\/tESSJTvSSs1jov2e9LyG+gkdkeV2RGRMKtH7eXL5gt4qILb8T0yK3LgEkgtZEuGRkLMjj1mLbbuKM8nFrEXMLqL0WcElHVJ2FnaiO187TT8b\/eQ1CcKA7CCU0n+Hcf2LZ6nrpwzdJkNVmY8eX33F5WE0d7xHSq4T4L4vGm9+fh0fVG7ELzGVscdsV7\/fAGxJxH+nndwXuyHk22k6pkmuWugv9NFwdispfFkMEECvMJncKKJbZvhHUuGh8TLXt4Dk+MKa4z0CdEHEOb5WbtE2F8ItYlPIBPnEwdpkZt7EHgQfI130YCGbTGjGOWG78S7lGeXu2hbjZTMMxoJT5jpsRmWq6RY7YKI3Nmw0n1o+etAf182TuX9t7oefO6zEaxG6aVWISs7RqIh1It7I\/e2u1sEw0Z1fDwZcSMjFWpVhBkoraCeYefwUwmSj9adXNL5YqRItbLbUGpPLulhNfN3bbtAlHt31TSjYN5GeBfh8+QU5jgeQY7BsvbjDwPK\/JjZzaJ2fj1ECMxvfq55zEGoHtjrQj2ssHXheJbFF9A9HMI9P+gso\/48eTLceXnriYJt3DVqNN497hURpCNMX5f5S7kpA2\/xT1i3k9dwgNw5uCMo24YhTsvZgyPi49FKAgcfRbEWxbx2nOrig3H73Bgd8eqbmBf2XYcDRFmte4tr9yDpAindBtB3X+o0CDPUxTpQN5UU1kzj9dXcRInA5obGxbZP3Mt\/z7mkmJxorbB+4P83emjHFIt2QYCA8v9jJLz\/m5HMHA08\/uujS7g7p9PjxANDff295yd7aJAFB0HakX440ss1u1GQCi9gfqJauEHsatZtYpjiLqnAr0CsPxnpmhrra1yc7W0e7u9v4GAhYkNDZKQlxSbGx0foaCnJqirLS2xNTS7Oz0\/wcDHRsjLTU3S0NdbW11d4uDnZujrbW3y83V0+3qgNpZLMjIwVXh2coe64u9xsjW+pAYLab\/yhm4ggH2DkGTIOUA+O1HvWt9fHAo33v34\/c7JUMiMdI5mn\/Gb0Nd62beRT1f03xwYjk+sIHhQDpJ1\/drt3h7xWPWY9dt+yrggyP7p\/szt3VvzcKn8WTUbBYVLlWyvu\/+14U3qOdFSwAZTZXHf0l\/R7+1tsfc7RMuqAyXAStf2kBco3nI\/UT0pxrA4xmgQMmXfpRgysHi7VTkpre3cAIMQ71V5tggJPI\/IFc0fwrvWIBJ1qFkusj7\/olDZrbFziBwemeXU400GIUmcbLbp6G707t+KJeQKzyT4zZWmOenRcBD77Y387R2GnKPASWFLfXTy7heYfatWj8nC4NB3oatJ9r3NUTDk7h0KkYasGVE9yvHx4yuQHLiVHG2lw4ux2EwdOrdxeJluyP2N7DPO4t\/m5wdfpdv08NT\/jXDCnODpKm2yyz8fwvs9yOuv\/zmgThOWj36hVvXb6frExTX2npcmftjD8GhJ8+nrltRA2V75Nf2R+PiKmfyXtfj5uhW7K76hvO8u4JVc\/RwlUunXnhvxWHzevY7Cju8JOM+ihQnNvtVUSkpEICbwM3VOfHLLDrjdTvN9Pez3reKp22\/2yTzPArufdZc4uctv90eSd3W\/c32jBWG91CWOHle9ycDglB23ZtZLG6N71CnB6db3xn+4I1Zk+b8X+\/Km1bGtp73kL+SggYBk05gHIdo\/ZtUmO289vTdod0r1K0NbsfVbwNkpW2+WJfHW7paLM38NOZcGrlJD+PH6byFhU22pOfNhwUwp5dny0VztJmYP8z7v7fznjSxOnMYYcGIhUARgI5\/\/oDANjC1szejML06tvI29yg7VW6BHXhXqbTdeF82IeydEWGxw3680Wm\/+Mrc3ZTgLXnfWM9d2bmagcnwuj5boLbbzVe4HZx8rExISjk\/kyyBLIbkjgCBzCoxNbRhF6YJAAwt+oIDCoOsp7bTEZUcnAlAQs3CcBuW6hvkB\/Qf+539Hn3zY8MFzK7Z73aV565flhH6Zl4KUiiD8ZZlkp6tq6zpvzs5yat22qu+7bQF5O18XnDkZ\/YfFGqt2dTKVzjKtYLdVodMlreT1drbaPsFhM5XD4Sq25XW21u9Gs2G31eHxMbfn9fX+AbwgDiLYI9\/cLFGmRmfrn71nrJR2gK0jH6y00g7GQv\/TBQ\/TXS9sTAsVSwMm4TagSVUPYKk16sbNStFQ3eYqdmr08xT7gqcOCmadGRgYTa0rNNCiuMTDOT7PVVinTdFtaItz4IhEWkr5e5OvZv+Rr\/9kJ39zMExTl3gtK76BkthHJKc+ER3bX58+hwFbVf+7v2eM+MCmCfAaB2stSK2UEQAwFHAZPtJYpgX8ByZxbYbgZRwr5MTzbpOiGAWnyqy16UBgtHVbL6K0+Pd4BJBrbC62z9GL\/nDyux553bUidfT\/iTpBNiNs9l5ynYNNJqF8qqF24gOmO0+amrzRwlSRPi0jJ+0hPIVA8indNwFXk4DP4k2uwBW\/v+Oe80kFedV7\/5SDOvd1B6xQpAQvYBerEXA8av2MK4wDTK8shMjlHk7vsTQiTJs3OhNNCwU0jkXGp2t7xYN+7NKFFBAqFR1aeiJ3DFPacWwkevE+W6OOz45lC4PUf2zWFnQJ35O6\/OeG+nLZULOQtED9Nusw50hebtv7bBnp87nstCikrQfkG8fbFnnUIK8Oiew8WlEQc6sOKsC0GYnaEAb2FTgn+KsQDkBQSYyuAeB7cepmExety3IYmUU9dcjuclZ2Ooxyn3o7pGuKajq3MO76Jy8ekCwci3BoEE4PRTv\/jmfQEizO8\/1ly83ecos5SlFpyIHB4TKMcjYyJphR+yGodKQnSIjQ96fJ3Om9aWiSCmwVM47wNE8KQ7DCdnLOw4GpA0zbv3cT+LUdxXQb9G34MPlmVZprER6YI4lWZjZeqb16bSgJDqZROMoKDSkB68uqFhy6gaR+fkk5Fho9KKlm+1Z5j"} +04410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184970660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385184970660,"pkt":"nLbQ0+MztKXvZygQCABFAAtcKLIAAPgGUmUSQGcewKgCfgBQjy5+eJI30XpgIYAQAINH0wAAAQEICvuAHVOcUadRkl+gjhImIn\/cOpqRIc6Ok56h7sGTvzVYsNovrhYPSaWyGjTxuBRw0pYXlyMsC2v7tOLmqcF4xPZHXI9VQOVeTYgOfOx5haAJUq3FQm9fjR0Q2gdY2Ubw0zhhIpdjZGfJ1mJ+aaq2Sm3uUdVmft7pu99U3XlTYVwVsvdhbhUUuW9U6ZnwXHY5ULnacS7y1Fp+GVC523pNaDLfgqtD096OW2y1XoohiXGmd5YzOdyMVfTwWZGB0iH8Jyc+6FM\/nfOsVf8fZ7o1zFJbeyfShh4QM9N\/FZDoa5P7PR9oLKxcGWrs12cb6iaNnRlqpu1fHmiw3dy5WnxF\/jOFCs0+O5BpRIp03H55U9jbUC09dNp8KP082ngte7TAg8HwssOLzZpj3oZ8+BZ1FIgWXfWwklbPcBUgY0NzFl7h0rSjcTn\/z9cd+ibDlaey9dvWtOJh+a1Npaf+XYPBeNPX5swX6ejBEnXhrQs4udj5RGYPel1ALtPVjk+DigU6+rn9wVXPWlbjLrUG0biz1\/ZzJb1XdeSr+J3zZRtFgON899wXUecV\/cOV7xW8NruwyLcEH2bdc1Mi6PGyxjb1aaZx6YMFD0kILNS5nxvp08hXWLC+\/bmfaw35wOdCaF85nBhmBQIZOakvBe\/5Ox4dwTR4LozD+1kkwwzC6IY0wJkSry+zFj5kk0yonhWH0AANIemIQ1AWCoc0rAExrWlCnGEgNV8sM0oBlrmP9SEEucztHb3Cy9x\/y4V7LNMX04Qc4N\/JzD217otpg6nq70fMN9DpC2mfRUvojYWH7N0bdS9CSRqaioU+3B0Hn8RAOoyNk3LUHRcVQ01aloiVtNwWJ59DW3yEjaP81CY\/dswB9kkAttOXvxc\/9+8ufIyS6V\/6WttbcPDZ2dBS09OQcS9cZDZtGWvLgPekzE8DShDMvCXz3MQD6bqW4dwHxI1GyltHS+y\/3JWWl589ocL9hPl8h6\/x8znNrv2QYc6B9+X45\/aUmvqc457voD+B00l9ItlRk\/5WV92dVY1FFadX9FtliL+HAnVKjISEL4CycqS\/rUOFevbKtGqmrRkD9nfyUilrMn3de5TqcjsjSVyMFnpKCn8v7gAQRfNNnM0Zrq8whxXVpOdyrBTJixn6m24x\/xDJAizMiabdTuJKIs8bpKdWTq\/KIncmEibmfeOIlWmp6QLLTjudK5ohSAJh2nChLmMwVCXUCFCctez\/ujeqQzBEb8pSJpGbYTKwaZVc2E08peS7dupWMlovd1alQsDdq\/TRw692HO4XUygKfmkH\/ThXCo64VlvlYam2awXtHbFcrlt2j03nMzOsztMGIqjuouN\/Lks4bZActp5KH8wb\/43q0i\/rQZVCp4UjW1v91GxQ6jxF+MW82tYViTYN5zBYff52V4VkLk\/9pdv\/GZdvrKWlymPYE8\/ALm1UIHmqTSEZ344V2DCEDvh9XYOq59AIHtcH6hjMw7OTu1rikyf7TOpWuNI+4xNtcHcJ2rP0sr5D0lLs9kbLNGjtQRqxLQk8y+VuzLFfmZwHoaBRSBzUmHtd1TE2XWCWaVXPWBQxt\/3X+MOJPqNEAhSjp6UYvvB+owhz+XmBkC38hQ3VJ9gyBbZxkf7OKZJAKkq7XdFRTxnhyTytoujn8Uo6apRzwsoBBR8CwxTNjEcTkvzdxTpNk5FOztDwuURKsAtlm09JFIzTxaqqOYhbevc5hdszBfTKSjUIHFspYZyeSi84YOhde+H24aWpWiZpw6WjKsGtawK5BF6Ox7jyd7ySNi+ZoacH2K2r10CNObHBtb4jucB2cRilqSAYs67jWcEwFd9yuXigFL61PrClkpmngdtjlOy6ISp9qbnykqWvu+ET9OKhchVnaoIeljysrZTkRPqxBaDT8GiJBMrdDIHhUVpUCzXThFIMf02RI8Jjqn+0vSY\/I\/mpuABW18Hk+SafxYTQPHMtmRs4E+rwkiY3QW\/wdpYJfYBdNSIJzXt9iOxYJlMJDnVWNeLtwGZ3Cn3xM9UhaKsdMCKDhw42gwVqj7jI9oZr9+myQnNQ6pwVSJtGF5JTKey\/LGI82YDHWOWaC\/mzYXsKvhrmFRdZ2+lC9XYSdeMvZpt5CVVeNa7RTCevpeuBRNmy7ZmNUnF4kwcP\/+ubryay1qPgbtDfqalQfcaV17G47Wrjw7tdv3zoeeyhHdST5MZ2NX7lGScqMIjIT7dE8sVZB3I0m+u2hOq+Zh997zni2HDst8NGhtHFI0P04cv1i3X5GJAg+fTuQCMO1+WhI3TzecFbce\/T9jUH\/lt8wdf5eQ6zLQkEw3ANyWR3iIiVDCsMNAj+yYd6p5ffOlNNH7wkgOqOUIs4KDQdkcmL2kRT+vu0KQs0Tc6dDhzwB\/e2qbfQbiVp2RyTqcBkz9ZiRUfQG5IL2+nuWjynLrkNfyNuRejM9jDeCBZ0rHCFn3qei2FZbgEhRenZ1zOKm1Ep24Z2ThG6C+mz\/B5SaYum0iD2N66PJknyRyC0sS0fuF8434AIectgPoHpan6\/PkLmXkjyRB8rQ3Odi8v63sKzfZispD0aPMTSBI2tKUU1ksx6OpkqpuH4S\/foGq+QD9TDGP7bO0gJNbjICHed+pGUpVEmallT2h99hC1GN\/DYpsEnBzV7kGSgsTDmPFi60GqwjAAT8U9rS16A9u1TFmyYQCP399zeiF97whlMGCcyzWYFzQmqaGFAPP4PAii+oBiAOa+oJyC+cdSLqp65VfaPUinhz\/WOTjTDDaxxo57ekJB6Ruye2Z\/uIV\/WTNhThDDUVIiCK\/qnSV75vWUBMlr1CCbohzcnIrUgpQrQ+30ZUFUbzuFKwmvh+pmingEsVyLr5cWrO6MVLQYTy07U\/ax7FbkIA0z6PchI\/b2o7RtGMPJdexC37ykNqMwt+9KLipOmFrO+JtXL9\/ktBq6KZUq9vnsZ9Lx4ICHxYQ+bIhOZMnatRlmr0+H71lfo0Rz9PgBxc8hy2mdsaDZOsVWaWhl6K63uNtg1IuZLPTVgFfxavjVX7AyuIGOGOszs+yUgXSWHB1E4\/jBBAwC175etq8sqK\/LtG7Rz3LEjhfwIiRId+B7JXHcCseCLj0xITBmGTDOIVXwSQqhsePmJupluEdzgWXE7aHAyCPZ3brnqFozl2RBngKkL9VaMJbgG4u\/j6ejJ34WgPdwBmNxLvBHFxFbksMmwtuPRSckJMFL7H3aGAwMRWESJlWgkvRfS3iF26JUdSC45kpVDLInWTHlCGRLJYaoINgAE1zhxWzKjjHIHIgPTL6yYVeqenrVrprp0LE88nsmgTvbBVLh0UqGwVb022l8tZ4zkCidXtXjcwE1AelKPb6mW2o1D8vkliJIa8EiRgcrKGpwv8ronL4LWzL23HvDy5oy3opXJlYMiHK4Ne2swzv4QakURalknCIB2tdPSsUvr1m7HONrE\/ArxPNwiA+qffjD3HVanNcFVWknAxvXuvwCfyhfjie7z2bNLcp4m4yuykH6zK2nPnraAYOglI1uhp+5uG+Fn41qrL6YCh+24Abt1gWBAgiHLBvs5NLcUP7EXi0zs6A0jU6IlOPdMNfs+4zAHzvIcsFsQEiud+945J84X7ewNyd8nE2aGLP39Jv3+yDMdr9o3l7b8C6yTLp3jveuu4sGl4y5u2qo7XsPEwbs2S4OM\/QZgnPA35v2x0b0Ok0Wk6f+kDep21zWL8F7LSdiUeytyIupxyy+ocSTOktjdpgvFjtLkNdSfAlj3rOim7heecBjSJ85xUxLbXRoqhSfOIBpSZ57qpauj7vIb5Cdeqw6hp64hAbAuHTetG0\/bZ+HX"} +02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":5,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385184973564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385184973564,"pkt":"nLbQ0+MztKXvZygQCABFAAXIKLQAAPgGV\/cSQGcewKgCfgBQjy5+eJ1f0XpgIYAYAIMAzwAAAQEICvuAHVOcUadRJQJEMyhfWzk4c69t8VudXr6pn+znDQ0VEhQPPcyGS61d5+1zHyZ4kw8InhkhW68pyvvrnzX5t\/H39maFxWc2r\/jFxwq\/hEVoXAiKHiLMU4\/KyHs5sV1wD559f9zcFztWUj0ihMMgtggEDfMxXUM9dFGV6JcgarAA5KIX8Rhx4KKjXR5FenSf6ir4Wu45nkDFW59zYej9BmKhpdMb8rY8eNPnAfGmIQzij55nkq\/uWJQgPv88G0x6gqY4XOyV9k8a+qsSfYKU5lLVQEUHepnWRDQfUc+335Q9qXuFH7f+8ng\/aQrf84kI7WaO+SnxnLQouz0Cv9v8f3lE+4owCfP1Cz8OEYnQkhXEehYZgVia7bxcHiv6v4xaanozJ5rmOorquwr9GrpFyxLzcpsLlUqzK+KacyS7QwJS\/Ky0\/PTcIlt8ZLwU7TL\/\/o1pr2hLdfT095T4mmP+2+1ddHU48Byxr3aLa3WT\/jG\/C3X6ePA0eanW9XpA7VJvL\/6JmLlix5z9hSS3OqzNKQTjBUM3s7KkvCOkhFHfw0EXJwWgoKSWmSsy5BrLZEfkM0FV7a+ikWpLo3uxdOw31fp7dfTjbB4kd6HRjhDkihmhg3Fxj9HXloHyHwvckfdTCsRiouxlgct7lNCoCgpUmfTu6Yyx7kf\/6aih8KzpyyqkP02jZkyX6OCTx82lz89o7u9CyGfsWhKD\/7BBbiMdXaKK4TysUCFlwE9GGF2seEuicF8r6CTuiOZsrl8ro7A0wal1282SC8UewlAVeiOv42DSkeq4dNBmW50TVjG35t+WUxNn4Q3p5nPJnsGwNKxtQn\/XWWm1U5Gt7+GDvLGqhGlz\/Ki8pfJccVYEawTw7SCN4wp\/3ocQ6vkT4Dpx9fSRTemmYi6pENOZS6VuARnHqwYSWl4t6yJoHK9sCfi9ST8HVXbqDXWFZ2q3BJnFLL2KjKRKEQ6cwz09MaWHVSAOYMFLPRa1P4jAx3PdtEcA6Suw\/o0nBxQpA1VcK\/L5h29Se6TnnwGGwNCLWwcEJVFxaxhV\/90VokUL7AtF\/O2q\/1vhOGyiX6EkZzZs6nexDcqCRxLporgd6yB4OIQ\/K5UvGbYe6+Sm7lH6OGAMK4UMwjkq9mCtaTHr7mvhnhxRuW7uj2lidYSV8hOTyPermC3rpaeQy2urqLgBbyapxA5Pobg8dWmnSefHpRew8i1Lo7xZJ2SpCdkX1yUKisC8EMEhExSgxRoJO6lJwnDpHM5WJ36k3Ry+3q9OcgN6NLQRO5pRs8nhTf4nqy7lt5uTY1pqNSduEscx56wTi21bJStBpnuJ8UvGJx\/R+YeP8QzcFQlKJycJlPLg6eX96ULPBZxzLMetvK3n66CoeI4YwUg4QxFhrIktxxA1moIwNkkn6SE2PJvny3Cxi6Q7lkUmD0rurnBMt9ApEb3z5XFrSDnmX6QwTGHURMLAjPSQ1rzsHHaLMjENdwshfdWaIsx0\/C+jJ4udEOtxA9Fm0BuIFf8jWdfxwPFpB7wf1zLIyaPgXgtem4PL4uFnUr\/LL8Mi6yuMoLm28awieMUxVDrx8BpEilb9smuibdWhYybgbrhRDSVz2VcvfeF7S52u5dohgrnorV7VIGu4Fbfjcdt5eZr90iPKqeLRmae8arWdU6pk0+036XKkyixVdtPL96eMfve4A6Zh9TvzUvY2yZhS+fWayDF170ogtacHtunN1Y8fbumfzzXBlbMPAxKwloCcANStnnowf0vhV+lwOAC5eJ0wwfBbE\/fZdlz+fa+lDBSbIFzwquAzceoahA\/CkYEf4Il0qBgoQR8xij74ARiwygmvlhBcVhebT1T8Wht+RIpph7wDNRWhIpJICJTvhB4xG3THeUUikIIY59QcKEF+mfeRHq7zWxIrV0MxaCgpfmHu"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1654385184982489,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385184982489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385184982489,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com","domainame":"hybird.rayjump.com","http": {"url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}}} +02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} +04514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_usec":1654385185015621,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":4,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1654385185015695,"pkt":"nLbQ0+MztKXvZygQCABFAAEvXw0AAPgGJjcSQGcewKgCfgBQjzQ\/gIf3GAA7E4AYAIPMaQAAAQEICgAnDeicUad2d33ytWgxPP549E8++kcL03\/7Z00U1zPvd5U\/\/8YR2M0q4PPBMJux8PPglf8nf+J\/WlmA7T+B3oKJaxaPsyxAjo+gp2JAZ5f+d\/QE\/X16KoYvHYEq954+vunj+e3Gw9PlfRI7wGV\/Kcwu++3HT+gdRAlPuP4TwL+\/wXgPgV3QrzI7kWKnsqsRSgE4+UMeBH71hw57f63nFza\/qSLL\/OFoiNQfOuTbteZRPb6e0QR0tTv7ifp0lPj6fqAJqv05gqzIACaWCLm2CQJ3YQLH5hDxubHvodkW5lBnhujgmuZOB8zInqMh0Ahg+Dnl\/wXDsfHrS4oAAA0KMA0KDQo="} +00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1677,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185166661,"pkt":"nLbQ0+MztKXvZygQCABFAADe9z5AACoGBubKmcQ1wKgCfgBQ5Ybmg6trug1byIAYAPOTtwAAAQEICkyTXI+9cmjoSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} +00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1654385185942149,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229374771,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1679,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374771,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374771,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229374794,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} +01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1680,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229374794,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229374794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_usec":1654385229375778,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +02258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229375778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229375778,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +01161{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1682,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229376461,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} +00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1683,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} +01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1684,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377922,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {"detected_os":"Android 11"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +02258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","domainame":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1688,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":103,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":103,"midstream":1,"thread_ts_usec":1654385229399980,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com","domainame":"adx-tk.rayjump.com","http": {"detected_os":"Android 11"}}} +00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} +01035{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385229406775,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","domainame":"de01.rayjump.com","http": {"detected_os":"Android 11"}}} +01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_usec":1654385229413001,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_usec":1654385229450708,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01441{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229450708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229450708,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io","domainame":"impression-east.liftoff.io","http": {"url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_usec":1654385229460595,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01692{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1692,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229460595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229460595,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io","domainame":"adexp.liftoff.io","http": {"url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1654385229557713,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} +02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":5,"flow_src_last_pkt_time":1654385229559611,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229559611,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkxAAEAGHePAqAJ+NB2xsZDsAFBe8KWoSC8RaYAQAfauuwAAAQEICgB7lxvzZF3uR0VUIC9pbXByZXNzaW9uP29wcmk9TmpJNVltVmhNakJqTkdNM05HTXdNUDViZFE5Xy1NY0ZjdngyeWc9PSZyaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWto"} +00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1654385229568829,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} +02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":3,"flow_src_last_pkt_time":1654385231913265,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385231913265,"pkt":"tKXvZygQnLbQ0+MzCABFAAXU7FhAAEAGNfzAqAJ+I5wsDaY6AFDzNbM3O3\/xc4AQAfUYlgAAAQEIChlnG+IPV8RmR0VUIC9jbGljaz9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJR25SJTJGaVVqUFdVTk1XVVJBZiUyQmVJaUI5ZWlVaiUyRmlVUlRXVWhBNmRlSURVUVFpVWxiZkFEQWZueDNpVVZQSCUyQk0yRGtpRkRuU3JIMFQ5SGFqOVduTmJEcml3RG4zTWkwVEJHYWpCREZETURBUjJpazVJNmFqTWlnTUJpZE1lNmFTSWluaDFHVWZJNjdLTUhrUHRoN1FJNjdjYmhGSDhMQXRBNmRzMEo3NXdoalEzUlV1T1JVM01mb1IxaSUyQjJLNmRzMERGbDBHVWpNaWF2ZVdvejNoYlN1SG9SMWZVVnNScmZ1SG9SMVJValRpQWxUZlpSc1JyYzNZWlIxa0J6dDRyY0JZN1FGSFpQVVlGVDAlMkJaTTBEck4wRzB6VVlGVCUyRkQlMkJ1dGhyZXVKclYlMkZEa1AzaHJLdUhvUnNSZ1NCTGtmUSUyQkZRJTJGUlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZZYjVUUlVFQWlVMyUyRmZVM0JpQk0wTCUyQmY2TDdSMEdVdnNSZ1NCTGtmUSUyQmJ6dEpCUjFpQVJQV1VEUGlVaXNSZ3h0NG9SMWlaTTBIcmM4SFpSMWlaTTBEJTJCNVVKN1FYWTBSMWlaTTBEa0g2SjdjOVJVRUFpVTMlMkZmVTNCaUJNMGhkenVERjU2aHJEMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhnTjBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIZ3h0UlVFQWlVMyUyRmZVM0JpQk0wSGdTQkxrZlFSVUVBV1VSUGZVM0JpQk0wRCUyQnhQaDdWMEdVanNScnRyUlVFTVdvekFIa2Y2aGR6dURGVjBHVVIyaW9NMERiNUJocjUlMkZEYjMwRzB6NVZUTjBXb3pCSjdjZ1JVdU9SZ3hyWTdLYlJVRTBIVVYwV296VEw3NXdMJTJCaTBHMHpYSjd0UWhnaTA2Wk0waEZ6VERraDBHMHpvV2t4QWhvMlZWMHpLNmFTSTZkZUk2ZGVPUnI1VUhkTjBHVWpBaWFSc1JyeEFoY0tVaHJRM1JVRWVmYVJGR25sTWlhMzlXb3pUREZ4VFJVRTA0Mk0wWSUyQkg2TGRRMEwlMkJ6MyUyQkZ4JTJGaDJNMEdVUnMlMkJvek1ZanglMkZoMk0wR1VjS1IwTTBKN3dVWTBSMWlvTTBKclEzJTJCRkhVUlVFZVdvenRIZGZNRGtmUSUyQmJ4UGg3VjBHVXZzUnIydEo3NUJMa2NzJTJCYnhQaDdWMEdVdnNSclFGJTJCYnhNWWNLVFJVRU1Xb3pUaDd4VEpvUjFpb00wREZ4JTJGJTJCYngzRGt6VFJVRTBEbmowNiUyQk1iNmFSYmluUmU2YVNJNmRzMFlyNVRIQlIxUjB6SzZhUiUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBW"} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1700,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":4,"flow_src_last_pkt_time":1654385231915943,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385231915943,"pkt":"tKXvZygQnLbQ0+MzCABFAABI7FlAAEAGO4fAqAJ+I5wsDaY6AFDzNbjXO3\/xc4AYAfUTCgAAAQEIChlnG+IPV8RmZXJzaW9uLzQuMCBDaHJvbWUvODM="} +00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":5,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1654385231918113,"pkt":"tKXvZygQnLbQ0+MzCABFAACf7FpAAEAGOy\/AqAJ+I5wsDaY6AFDzNbjrO3\/xc4AYAfUTYQAAAQEIChlnG+cPV8RmLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogZGUwMS5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1654385232006384,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} +01564{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_usec":1654385232057407,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} +01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385232085154,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1707,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1707,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_usec":1654385232158874,"pkt":"tKXvZygQnLbQ0+MzCABFAAElDRhAAEAG8E3AqAJ+CNFwdopiAFAUf4ZSerS+DlAYAfY9hQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDIxOTkNCkhvc3Q6IGFuYWx5dGljcy5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1707,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158874,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":253,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":253,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158874,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +02457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_src_last_pkt_time":1654385232158923,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_usec":1654385232158923,"pkt":"tKXvZygQnLbQ0+MzCABFAAXMDRlAAEAG66XAqAJ+CNFwdopiAFAUf4dPerS+DlAQAfZCLAAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPXJpZCUyNTNENjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4JTI1MjZuZXR3b3JrX3R5cGUlMjUzRDklMjUyNm5ldHdvcmtfc3RyJTI1M0QlMjUyNmNpZCUyNTNEMTk5NDQzNjUyOTklMjUyNmNsaWNrX3R5cGUlMjUzRDElMjUyNnR5cGUlMjUzRDElMjUyNmNsaWNrX2R1cmF0aW9uJTI1M0QxNjUlMjUyNmtleSUyNTNEMjAwMDAxMyUyNTI2dW5pdF9pZCUyNTNEODg4MSUyNTI2bGFzdF91cmwlMjUzRGh0dHBzJTI1MjUzQSUyNTI1MkYlMjUyNTJGcGxheS5nb29nbGUuY29tJTI1MjUyRnN0b3JlJTI1MjUyRmFwcHMlMjUyNTJGZGV0YWlscyUyNTI1M0ZpZCUyNTI1M0Rjb20uYXphcmxpdmUuYW5kcm9pZCUyNTI1MjZyZWZlcnJlciUyNTI1M0RhZGp1c3RfZXh0ZXJuYWxfY2xpY2tfaWQlMjUyNTI1M0R2LjJfZy4xNDM4NDVfYS5mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGFfYy4xMTdfdC51YV91LmU3ZGY4NzI0N2NiY2VhMTMlMjUyNTI1MjZ1dG1fY2FtcGFpZ24lMjUyNTI1M0RUZXN0JTI1MjUyNTJCQ2FtcGFpZ24lMjUyNTI1MjZ1dG1fY29udGVudCUyNTI1MjUzRFRlc3QlMjUyNTI1MkJTb3VyY2UlMjUyNTI1MkJBcHBfMTIzNDU2Nzg5JTI1MjUyNTI2dXRtX3NvdXJjZSUyNTI1MjUzRExpZnRvZmYlMjUyNTI1MjZ1dG1fdGVybSUyNTI1MjUzRFRlc3QlMjUyNTI1MkJDcmVhdGl2ZSUyNTI2Y29udGVudCUyNTNEbnVsbCUyNTI2Y29kZSUyNTNEMzAxJTI1MjZleGNlcHRpb24lMjUzRG51bGwlMjUyNmhlYWRlciUyNQ=="} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1708,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232158923,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":253,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1697,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232158923,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_src_last_pkt_time":1654385232158927,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1654385232158927,"pkt":"tKXvZygQnLbQ0+MzCABFAAA4DRpAAEAG8TjAqAJ+CNFwdopiAFAUf4zzerS+DlAYAfY8mAAAM0RzdGF0dXNDb2RlJTI1Mg=="} +01515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":4,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232158874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":793,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":793,"pkt_l4_len":759,"thread_ts_usec":1654385232159668,"pkt":"tKXvZygQnLbQ0+MzCABFAAMLDRtAAEAG7mTAqAJ+CNFwdopiAFAUf40DerS+DlAYAfY\/awAANTNEMzAxJTI1MjUyQyUyNTJCbG9jYXRpb24lMjUyNTNEaHR0cHMlMjUyNTNBJTI1MjUyRiUyNTI1MkZwbGF5Lmdvb2dsZS5jb20lMjUyNTJGc3RvcmUlMjUyNTJGYXBwcyUyNTI1MkZkZXRhaWxzJTI1MjUzRmlkJTI1MjUzRGNvbS5hemFybGl2ZS5hbmRyb2lkJTI1MjUyNnJlZmVycmVyJTI1MjUzRGFkanVzdF9leHRlcm5hbF9jbGlja19pZCUyNTI1MjUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNTI1MjUyNnV0bV9jYW1wYWlnbiUyNTI1MjUzRFRlc3QlMjUyNTI1MkJDYW1wYWlnbiUyNTI1MjUyNnV0bV9jb250ZW50JTI1MjUyNTNEVGVzdCUyNTI1MjUyQlNvdXJjZSUyNTI1MjUyQkFwcF8xMjM0NTY3ODklMjUyNTI1MjZ1dG1fc291cmNlJTI1MjUyNTNETGlmdG9mZiUyNTI1MjUyNnV0bV90ZXJtJTI1MjUyNTNEVGVzdCUyNTI1MjUyQkNyZWF0aXZlJTI1MjUyQyUyNTJCY29udGVudFR5cGUlMjUyNTNEYXBwbGljYXRpb24lMjUyNTJGYmluYXJ5JTI1MjUyQyUyNTJCY29udGVudExlbmd0aCUyNTI1M0QwJTI1MjUyQyUyNTJCY29udGVudEVuY29kaW5nJTI1MjUzRG51bGwlMjUyNTJDJTI1MkJyZWZlcmVyJTI1MjUzRG51bGwlMjUyNmxhbmRpbmdfdHlwZSUyNTNEMCUyNTI2bGlua190eXBlJTI1M0QyJTI1MjZjbGlja190aW1lJTI1M0QxNjU0Mzg1MjMwJTI1MEEmbV9zZGs9bXNkayZjaGFubmVsPQ=="} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1711,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":5,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1654385232180473,"pkt":"nLbQ0+MztKXvZygQCABFAACAzbBAADcGOVoI0XB2wKgCfgBQimJ6tL4OFH+P5lAYAEdekwAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} +01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1711,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385232180473,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com","domainame":"analytics.rayjump.com","http": {"url":"analytics.rayjump.com\/","code":204,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"application\/x-www-form-urlencoded"}}} +01779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1716,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385232085154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385234215020,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5hAAEAGlqbAqAJ+A3q+RoESAFCRYAMSk9FZrYAYAfWIrAAAAQEICpYlcA1PQpg8R0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0yIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} +01345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_usec":1654385234239203,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5RAAPUGSvIDer5GwKgCfgBQgRKT0VmtkWAGsYAYAHiq\/QAAAQEICk9CoLuWJXANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjE0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPVpJSGdqdXNlZGg5Yk5qVWRLZ3BSZUsySU93alRKTnloV0psZHkvdUZiNUNYdnVnektUYnNkQWtqS2QvOHVSa1dDL0JlUnVJd2k0QWtueG9LeUJQcWVvTjBid2VRZnpFeWJZR0crVFdwdDBQL3NIQUpqUmdOdXVpWXUrOSs7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxNCBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1aSUhnanVzZWRoOWJOalVkS2dwUmVLMklPd2pUSk55aFdKbGR5L3VGYjVDWHZ1Z3pLVGJzZEFraktkLzh1UmtXQy9CZVJ1SXdpNEFrbnhvS3lCUHFlb04wYndlUWZ6RXliWUdHK1RXcHQwUC9zSEFKalJnTnV1aVl1KzkrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTQgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_usec":1654385235892637,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} +02178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1718,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385235892637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385235892637,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com","domainame":"net.rayjump.com","http": {"url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}} +01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_usec":1654385236487007,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119358297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385119973654,"flow_src_last_pkt_time":1654385119973654,"flow_dst_last_pkt_time":1654385120216027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} +00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184174078,"flow_src_last_pkt_time":1654385184174078,"flow_dst_last_pkt_time":1654385184282680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":940,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":940,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385234215020,"flow_dst_last_pkt_time":1654385234239203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":598,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":1196,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184845262,"flow_src_last_pkt_time":1654385184845262,"flow_dst_last_pkt_time":1654385185166661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385184857770,"flow_src_last_pkt_time":1654385184857770,"flow_dst_last_pkt_time":1654385185942149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1044,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1044,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":170,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tw.api.vpon.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385176794172,"flow_src_last_pkt_time":1654385176794172,"flow_dst_last_pkt_time":1654385177120274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":6082,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":23,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385178226563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":24480,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":116776,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} +01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} +01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":12,"flow_first_seen":1654385142780674,"flow_src_last_pkt_time":1654385142780674,"flow_dst_last_pkt_time":1654385142861550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":520,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":27563,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":12,"flow_first_seen":1654385136216297,"flow_src_last_pkt_time":1654385137088135,"flow_dst_last_pkt_time":1654385137795021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":37440,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":124042,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183491860,"flow_src_last_pkt_time":1654385183491860,"flow_dst_last_pkt_time":1654385183514792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":810,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183496601,"flow_src_last_pkt_time":1654385183496601,"flow_dst_last_pkt_time":1654385183520039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":791,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":791,"flow_dst_max_l4_payload_len":1640,"flow_src_tot_l4_payload_len":791,"flow_dst_tot_l4_payload_len":1640,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183495868,"flow_src_last_pkt_time":1654385183495868,"flow_dst_last_pkt_time":1654385183517888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":797,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":797,"flow_dst_max_l4_payload_len":394,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":394,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385183618295,"flow_src_last_pkt_time":1654385183618295,"flow_dst_last_pkt_time":1654385183642352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":830,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":830,"flow_dst_max_l4_payload_len":655,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":655,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"setting.rayjump.com"}} +01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"release.bigdata.1kxun.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":8,"flow_first_seen":1654385140779083,"flow_src_last_pkt_time":1654385144744780,"flow_dst_last_pkt_time":1654385145113565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":443,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":8192,"flow_src_tot_l4_payload_len":1183,"flow_dst_tot_l4_payload_len":18456,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":18,"flow_first_seen":1654385140794335,"flow_src_last_pkt_time":1654385144961102,"flow_dst_last_pkt_time":1654385145146412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":755,"flow_dst_max_l4_payload_len":7200,"flow_src_tot_l4_payload_len":1929,"flow_dst_tot_l4_payload_len":57537,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1654385140824396,"flow_src_last_pkt_time":1654385144957630,"flow_dst_last_pkt_time":1654385145140317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":416,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":753,"flow_dst_max_l4_payload_len":1390,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":3320,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":24,"flow_first_seen":1654385140835391,"flow_src_last_pkt_time":1654385156967826,"flow_dst_last_pkt_time":1654385157149701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":434,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":14400,"flow_src_tot_l4_payload_len":6674,"flow_dst_tot_l4_payload_len":81693,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385144960570,"flow_dst_last_pkt_time":1654385145144651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":753,"flow_dst_max_l4_payload_len":1654,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":5796,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1721,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":1721,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com"}} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} +01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} +01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385128878298,"flow_src_last_pkt_time":1654385128878298,"flow_dst_last_pkt_time":1654385129190022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":871,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":871,"flow_dst_max_l4_payload_len":817,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":817,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"messages.1kxun.mobi"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385184117986,"flow_src_last_pkt_time":1654385184118073,"flow_dst_last_pkt_time":1654385184139299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":796,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":1048,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156962711,"flow_src_last_pkt_time":1654385156962711,"flow_dst_last_pkt_time":1654385157145999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":682,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156971856,"flow_src_last_pkt_time":1654385156971856,"flow_dst_last_pkt_time":1654385157153682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1114,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":766,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":766,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156978849,"flow_src_last_pkt_time":1654385156978849,"flow_dst_last_pkt_time":1654385157162185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1118,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":508,"flow_src_tot_l4_payload_len":1118,"flow_dst_tot_l4_payload_len":508,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385156997634,"flow_src_last_pkt_time":1654385156997634,"flow_dst_last_pkt_time":1654385157178524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1113,"flow_dst_max_l4_payload_len":680,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":680,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1654385157001678,"flow_src_last_pkt_time":1654385157001678,"flow_dst_last_pkt_time":1654385157186882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1119,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1119,"flow_dst_tot_l4_payload_len":1950,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229450708,"flow_src_last_pkt_time":1654385229450708,"flow_dst_last_pkt_time":1654385229557713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":424,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":75,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"impression-east.liftoff.io"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654385229375778,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385231942852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":2827,"flow_dst_tot_l4_payload_len":312,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":156,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com"}} +01215{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1654385129508270,"flow_src_last_pkt_time":1654385129508322,"flow_dst_last_pkt_time":1654385129813867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":523,"flow_dst_tot_l4_payload_len":104,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"pingma.qq.com"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":19,"flow_first_seen":1654385145219802,"flow_src_last_pkt_time":1654385146051643,"flow_dst_last_pkt_time":1654385146257351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":51980,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1654385146263001,"flow_src_last_pkt_time":1654385146263001,"flow_dst_last_pkt_time":1654385146481114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":4320,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":7485,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":33,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385148239526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":142608,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":30,"flow_first_seen":1654385146276743,"flow_src_last_pkt_time":1654385147163604,"flow_dst_last_pkt_time":1654385147585918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":97896,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":28,"flow_first_seen":1654385146284849,"flow_src_last_pkt_time":1654385147363303,"flow_dst_last_pkt_time":1654385147935185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":526,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1578,"flow_dst_tot_l4_payload_len":131729,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":23,"flow_first_seen":1654385146276790,"flow_src_last_pkt_time":1654385147316212,"flow_dst_last_pkt_time":1654385147926816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":126758,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} +00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1654385184927393,"flow_src_last_pkt_time":1654385184927393,"flow_dst_last_pkt_time":1654385184950570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":183,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":183,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":183,"flow_dst_tot_l4_payload_len":26435,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.liftoff.io"}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":29,"flow_first_seen":1654385184938285,"flow_src_last_pkt_time":1654385184938285,"flow_dst_last_pkt_time":1654385185019373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":345,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":345,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":97077,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":20,"flow_first_seen":1654385184944474,"flow_src_last_pkt_time":1654385184944474,"flow_dst_last_pkt_time":1654385185004563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":497,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":497,"flow_dst_max_l4_payload_len":5712,"flow_src_tot_l4_payload_len":497,"flow_dst_tot_l4_payload_len":64260,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} +00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} +00855{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/fpc\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 1723/1723 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 2427316 bytes +~~ total detected protocols..: 182 +~~ total active/idle flows...: 197/197 +~~ total timeout flows.......: 15 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 8088565 bytes +~~ total memory freed........: 8088565 bytes +~~ total allocations/frees...: 130666/130666 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 525 chars +~~ json message max len.......: 11848 chars +~~ json message avg len.......: 6186 chars diff --git a/test/results/fpc/signal_videocall.pcapng.out b/test/results/fpc/signal_videocall.pcapng.out new file mode 100644 index 000000000..030353efd --- /dev/null +++ b/test/results/fpc/signal_videocall.pcapng.out @@ -0,0 +1,49 @@ +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} +01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431955912,"pkt":"dNo47VMyYhO2esBpCABFAAAwtSNAAEARmEDAqAxDI9v8krs2DZYAHF30AAEAACESpEJKdmo2eHhiZEdrT1E="} +01013{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431956045,"pkt":"dNo47VMyYhO2esBpCABFAAA4tSRAAEARmDfAqAxDI9v8krs2DZYAJHj9AAMACCESpEJGT0RzSVBnV3VDSVgAGQAEEQAAAA=="} +01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431956045,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431959193,"pkt":"YhO2esBpdNo47VMyCABFAABQi8xAADkRyHcj2\/ySwKgMQw2WuzYAPLQBAQEAICESpEJKdmo2eHhiZEdrT1EAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAE\/+dX5g=="} +01061{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431959193,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431959746,"pkt":"YhO2esBpdNo47VMyCABFAABwi81AADkRyFYj2\/ySwKgMQw2WuzYAXM1WARMAQCESpEJGT0RzSVBnV3VDSVgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3MWRlZDFjNTBiN2Q0NGFmABQACnNpZ25hbC5vcmcAAIAoAAR7NBQ3"} +01094{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431959746,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431959841,"pkt":"dNo47VMyYhO2esBpCABFAAA4ZxdAAEAR9+\/AqAxDI9jq6rs2DZYAJF1+AAMACCESpEJoc3FkNDJvUEJsZ2kAGQAEEQAAAA=="} +01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431959841,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431962384,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431962384,"pkt":"dNo47VMyYhO2esBpCABFAACQtSVAAEARl97AqAxDI9v8krs2DZYAfNU1AAMAYCESpEJLZGY0aGpCR2VDNmwAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDcxZGVkMWM1MGI3ZDQ0YWYACAAUgVqrAzIcqrmsvPu1c7hMsgoikGk="} +00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431962820,"pkt":"YhO2esBpdNo47VMyCABFYABQmTNAADkRzFsj2OrqwKgMQw2WuzYAPPTfAQEAICESpEJQQm9QWFIrVWRPcnYAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAELCkIuA=="} +01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431962820,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431967507,"pkt":"YhO2esBpdNo47VMyCABFYABwmTdAADkRzDcj2OrqwKgMQw2WuzYAXIRlARMAQCESpEJoc3FkNDJvUEJsZ2kACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyMzlmNWI0MDIzNmE0ZmIyABQACnNpZ25hbC5vcmcAAIAoAAR3etFo"} +01103{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431967507,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431970453,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431970453,"pkt":"dNo47VMyYhO2esBpCABFAACQZxlAAEAR95XAqAxDI9jq6rs2DZYAfJ\/eAAMAYCESpEJtY0MxU2RsRTVSTFIAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDIzOWY1YjQwMjM2YTRmYjIACAAUWuhe5DwiuoVslYdnHO9VLKb1KDk="} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024434112285,"pkt":"dNo47VMyYhO2esBpCABFAAB8tZtAAEARl3zAqAxDI9v8krs23DkAaDzbAAEATCESpEJvVmpOd0IwS3IzMTcABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYsAJAAEbn8e\/wAIABQsPdFbp2Mty9aiJruZ\/Hgd1SZ9SYAoAAQ0snQG"} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434178241,"pkt":"YhO2esBpdNo47VMyCABFYABcj7BAADIRyycj2\/ySwKgMQ9w5uzYASCrcAQEALCESpEJvVmpOd0IwS3IzMTcAIAAIAAGRwHwxDFwACAAUzCtdmPFLOE2hrfqThQbG\/WfenmGAKAAE+56MVw=="} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1732024434208184,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434208184,"pkt":"dNo47VMyYhO2esBpCABFAACEtaBAAEARl2\/AqAxDI9v8krs23DkAcJ01AAEAVCESpEJ5YkVGeHg2Vm54cEwABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFBR40kD7fQkz6Qg731KFxeC3zkjNgCgABDObOGE="} +00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434257371,"pkt":"dNo47VMyYhO2esBpCABFAACEtaNAAEARl2zAqAxDI9v8krs23DkAcLCLAAEAVCESpEIvVzZEb0YxN3VBZ04ABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFB0q7oEahdIgYLDgT\/FjacmxOl1HgCgABEHzBpk="} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434268071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434268071,"pkt":"YhO2esBpdNo47VMyCABFYABcj9ZAADIRywEj2\/ySwKgMQ9w5uzYASIPeAQEALCESpEJ5YkVGeHg2Vm54cEwAIAAIAAGRwHwxDFwACAAULNk0SsQGD73EexLHOWxlLf1+DQiAKAAEShdJ1g=="} +02378{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024441333397,"flow_dst_last_pkt_time":1732024441541595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1732024441541595,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7924,"avg":472594.2,"max":2449226,"stddev":710703.9,"var":505100075008.0,"ent":3.7,"data": [65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869]},"pktlen": {"min":56,"avg":102.6,"max":132,"stddev":22.3,"var":496.6,"ent":5.0,"data": [124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124]},"bins": {"c_to_s": [1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1],"entropies": [5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00854{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/fpc\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1732024444862357} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 334/334 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 109231 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7499733 bytes +~~ total memory freed........: 7499733 bytes +~~ total allocations/frees...: 126227/126227 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 547 chars +~~ json message max len.......: 2383 chars +~~ json message avg len.......: 1446 chars diff --git a/test/results/fpc_disabled/teams.pcap.out b/test/results/fpc_disabled/teams.pcap.out index 194bf75e6..159918774 100644 --- a/test/results/fpc_disabled/teams.pcap.out +++ b/test/results/fpc_disabled/teams.pcap.out @@ -1,5 +1,5 @@ -00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00615{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00836{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -32,14 +32,14 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"} -01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01533{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00296{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249} 00370{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"} 02310{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,16 +55,16 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"} -01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01534{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 02303{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00300{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485} @@ -77,9 +77,9 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338} 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -121,7 +121,7 @@ 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -130,17 +130,17 @@ 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} +01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -150,17 +150,17 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"} -01548{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} +01504{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.113.194.132,ttl=104"]}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -168,9 +168,9 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"} -01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01592{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","domainame":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -183,15 +183,15 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"} -01881{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214} 00371{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -208,7 +208,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01369{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"} @@ -219,9 +219,9 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} 01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01401{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01367{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"} -01489{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01455{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} @@ -233,16 +233,16 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01881{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02170{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} @@ -254,10 +254,10 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"} -02092{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} -02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +02051{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} +02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -300,49 +300,49 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01353{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","domainame":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"} -01718{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01671{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01295{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01881{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"} -01881{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} -01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} -02323{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} +02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"} -01661{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01614{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 02351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -353,15 +353,15 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"} -01883{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} +01842{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -374,10 +374,10 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="} -01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"} -01882{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} -02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -389,7 +389,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -401,7 +401,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"} 02219{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 02234{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} @@ -428,16 +428,16 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"} -01490{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -448,43 +448,43 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00988{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} -01002{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -01002{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} @@ -493,15 +493,15 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01863{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01822{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 02483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01863{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01822{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -512,40 +512,40 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="} -01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} -01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01174{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} -01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"159.145.24.130:64794"}}} +01091{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"159.145.24.130:64794","multimedia_flow_types":"Audio"}}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} -01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"18.140.192.228:28678"}}} +01091{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"18.140.192.228:28678","multimedia_flow_types":"Audio"}}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -554,9 +554,9 @@ 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="} 02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} @@ -570,7 +570,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -578,21 +578,21 @@ 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} -00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01164{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01164{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com"}} +01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} @@ -605,8 +605,8 @@ 01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com"}} -01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com"}} @@ -616,7 +616,7 @@ 01045{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com"}} 01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com"}} -01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com"}} @@ -632,8 +632,8 @@ 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net"}} -01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com"}} -01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net"}} @@ -643,29 +643,29 @@ 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net"}} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01165{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01069{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/fpc_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -674,9 +674,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8345483 bytes -~~ total memory freed........: 8345483 bytes -~~ total allocations/frees...: 117024/117024 +~~ total memory allocated....: 8923253 bytes +~~ total memory freed........: 8923253 bytes +~~ total allocations/frees...: 128763/128763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 300 chars ~~ json message max len.......: 2506 chars diff --git a/test/results/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/guess_ip_before_port_enabled/1kxun.pcap.out index 675620b78..95fe3342a 100644 --- a/test/results/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/guess_ip_before_port_enabled/1kxun.pcap.out @@ -1,5 +1,5 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -177,7 +177,7 @@ 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379520893,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104379520893,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1470104379579523,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1470104379579704,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379887477,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104379887477,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379903616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -238,9 +238,9 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381238763,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381238800,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381238800,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104381239406,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01444{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381240437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381240437,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"} -01596{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381626995,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381831288,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104381831288,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381895304,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -327,6 +327,7 @@ 01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390838554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390838554,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"} 01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00973{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390945416,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104390945416,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -366,7 +367,7 @@ 00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile","domainame":"nasfile"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610555,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393610744,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610744,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393611090,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393813792,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393813792,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} @@ -405,6 +406,7 @@ 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1470104399854544,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="} +01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:88","identity":"4MNAT","version":"6.35.1 (stable)","software_id":"N538-G04U","board":"RB450G","uptime":2207654912}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104399958731,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -444,13 +446,15 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104402239704,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402239746,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402239746,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104402240297,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01444{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402241217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402241217,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"} -01596{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1470104402518151,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} +01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518736,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"thread_ts_usec":1470104402518736,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfUAAAQR9UfAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518845,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"thread_ts_usec":1470104402518845,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624102,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -473,6 +477,7 @@ 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1470104405589893,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104405589893,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClUIAAAAERsvXAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1470104405794164,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="} +01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:56:47:4F","identity":"IPv6Route","version":"6.35.4 (stable)","software_id":"VS1L-Q18R","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":101135872}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104406717230,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -541,9 +546,9 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414301595,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414301595,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414301849,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301849,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104414302554,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414303590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414303590,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"} -01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01556{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1470104414395988,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} 01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -598,9 +603,9 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104423247634,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1470104423247712,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423247712,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104423248266,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423249191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423249191,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"} -01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01556{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01025{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104403029956,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -686,10 +691,10 @@ 00806{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01028{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air"}} -01149{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01030{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01028{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01167{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00876{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":692,"global_ts_usec":1654385119050609} +00876{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1654385119050609} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01288{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01518{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -724,8 +729,7 @@ 01279{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104382084909,"flow_dst_last_pkt_time":1470104381881083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":3612,"flow_dst_tot_l4_payload_len":6271,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152"}} 01279{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":3,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380928909,"flow_dst_last_pkt_time":1470104380732533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com"}} -01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104433238541,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -739,10 +743,8 @@ 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01165{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -01009{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01010{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104431294729,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} @@ -766,8 +768,7 @@ 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420540216,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sonusav"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430476697,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} @@ -833,8 +834,8 @@ 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104394635803,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104422179603,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":650,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} -01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} -01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00990{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -849,8 +850,7 @@ 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402724346,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01264{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145"}} 01269{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144"}} @@ -967,7 +967,7 @@ 02893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01444{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1044,7 +1044,7 @@ 02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1469,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385147928387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":113644,"midstream":1,"thread_ts_usec":1654385147928387,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":96206.9,"max":899707,"stddev":188732.5,"var":35619966976.0,"ent":3.0,"data": [205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478]},"pktlen": {"min":337,"avg":3651.9,"max":18772,"stddev":4182.9,"var":17496908.0,"ent":4.3,"data": [566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1],"entropies": [5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1654385156800184,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01463{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832164,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} 02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832624,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":4,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaMAAHsGmjWs2RJiwKgCfgBQrVDIz2yiXVm79oAYAQUqYQAAAQEICjsKomxlPCxhRGOWlBMPc8NAU6L0AwXb0xP1hbpNb5QnvHhi14QH7hpA5J0epCNAI3FD6VpnsrglBBzqahPzg4fcrfNXbgrfEbonfkeun55U+msWCvcE1LU7Yio2c8X7OQ+d5X4k+j0B5ep3RiVLjpfR4ocOAYEuhKUB4nGsBURKil10712buRM+PclvqoI1KAUsL0tsAmoUL6HFIPRQdutoJDJyRc5EVtem3kT4dzXrVQepXcBf9GZiP6CftumvxXxrNunGKz5t5cF84x9XP6Y\/7knp+i8Vn86u\/+pqUdKbDToayA7i7UI\/SNaAYv02Kc7c6Qw3+yNRFjGRREinrCl0ixySgNb2ie2qO0RX1shg3FFg0KncbzO5dzF3f5aX+V0m8x5m9vMy\/135ezrze8z8az7Krfvvmbo\/YPa\/VVp5uX\/cl0qZAvu0QInmj91Gdoi5sbbh67vw+xZ+9+D3Hfy+h18Ffj\/A79\/hdx9+sVp43IbHK3xee\/tO+fv1hn6YxlxuL+gQc4uonNQR5FsxNlvSJyv5KZYIIsInUFEXMhTdWeuUqK+b+9aJvfE8E90f0FNKD2D5s8eOM3r0zA31h\/OXpv7YgT\/FvzSOTR4ogVeQW\/z\/uhMsyRlkcqIEZJoe6l5iDcF7EL8zR0Cg6R8Jy2mIL6DHjMlk6u4PZyom6wbQAVo4N0vAs0AXRFVlkY8Vi15ZFvyuY6pGnRArOKwAfhZ3Qdh3sQY7cg+xF\/rHJZ4x5K3VXTfa5J3VNdq4iSZ2iY8It0ER86E4JLehjxJ+hFgc9+ZTd7Lpg0aiAZ9QlHiT+ZjEqx6RF6uL8BeIJ6URJ+lOZTbnmQIQ+efojFAB7f20ZDzZ7f0+KCc5FXx+ZQUDMs6WjsF0Sjgtb0u+PhE2g8zL5DjJygQcVSwGRWsTnTme2hTD0TuGevusrXFvANaijt4+uqsT6hXgRl4BlrluiEkGUb2LfK+d36QdkMnmDJYic6iNBnCWN4CXe+1Eg1w3OqW3ptNx1tep9oL9t9P9Rx6hO7z\/zr+z\/+ckMX3QlaxwR7EuZxZxsF+oy\/JXwrZpvue4xHdi7ghYb5klrfMNsBko3BfquxyDjbasUqLm9UfoBMRhtFHR0E5lXdWrjHQxtwGc+AiMZcAAsyKcQpDI6T7+FIAw9OgDLPg+aoXv3pVxtVtXarBW0d6+rT75795Vrzs+JvlrRg3Syk+9d+\/q150epPXW6kAe7CsP1EmzXwgKfqG36EPrPZiK6V1IPaBEN1zt0SZTd6Xc7setQ719Xi\/03+nQHEA1WDehZvTpIdivAmQlvFd97FWhB6pLpLTfjEARBgxa6G\/yDh9cXXcucT5li4nFNguBmmmSSHeZXr6Sewvfoek4scAoLP8RHjmw2vSx+ZXwLQzm7DIWYgU1f61K4grIJlTy6Ke8Hb4Me8PRHXQJIFKvrrhDe+QA8q6Q2Qq2hM4Pfa0jANBbUMyJGWCp0xGGD1tdN9CqaKvAKAL4qVfRS4b+Ym\/qVeaWs46+7S5nPJbq4lx7AGmtU6+umijlWaoH4F8rV0tPiCuajh+gpKUGb9\/W14xW+clH91X9G5HNRTjirzAVX6kMF\/tfKZtb2zu7e+8\/7B98PDw6Pvn0+fTs\/MvXi2\/fL4llg4DqB+FNrz8Yjsa\/JtPZ\/Pbu\/uF3yShXqrV6o9lSYrqB3ltKYcME5lrYgD\/rP036t0j\/KtdUzK+9sxN+kejgZhNY+SDox1VpnS\/UlcyRnKxkB35ZYKDu+9Ei\/orbEwAl+guAXOD+Ax1pymFWUJ\/YD1q3LCHe2pbuWGn51KIKp5XEkLDfd33Sp16AkyE8IB1y0feaWrm+MKc9hn+EyhcRaU1WtPUwc5lAtTINRvO+g6b7yPvPdVZgJQcrw9Fw3R2MZw8rkek="} @@ -1211,7 +1211,7 @@ 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":5,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1654385231918113,"pkt":"tKXvZygQnLbQ0+MzCABFAACf7FpAAEAGOy\/AqAJ+I5wsDaY6AFDzNbjrO3\/xc4AYAfUTYQAAAQEIChlnG+cPV8RmLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogZGUwMS5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1654385232006384,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01704{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01589{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} 01949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} @@ -1237,7 +1237,7 @@ 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1249,7 +1249,7 @@ 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":23,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385178226563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":24480,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":116776,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} -01167{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} +01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} @@ -1271,7 +1271,7 @@ 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385144960570,"flow_dst_last_pkt_time":1654385145144651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":753,"flow_dst_max_l4_payload_len":1654,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":5796,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1721,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":1721,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com"}} 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} -01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} 01173{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} @@ -1300,18 +1300,18 @@ 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} +00880{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/guess_ip_before_port_enabled\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2427316 bytes -~~ total detected protocols..: 177 +~~ total detected protocols..: 182 ~~ total active/idle flows...: 197/197 -~~ total timeout flows.......: 20 +~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7508660 bytes -~~ total memory freed........: 7508660 bytes -~~ total allocations/frees...: 118823/118823 +~~ total memory allocated....: 8088565 bytes +~~ total memory freed........: 8088565 bytes +~~ total allocations/frees...: 130666/130666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 11873 chars diff --git a/test/results/guessing_disable/webex.pcap.out b/test/results/guessing_disable/webex.pcap.out index 28965b1ca..61f3239ec 100644 --- a/test/results/guessing_disable/webex.pcap.out +++ b/test/results/guessing_disable/webex.pcap.out @@ -1,22 +1,22 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1444570624860575,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860575,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"} 00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1444570624860735,"pkt":"ABoRAAACABoRAAABCABFAADrOXVAAEAGTOQKCAABQERpZ6GCAbtPGIcNsOd49FAYOQh62gAAFgMBAL4BAAC6AwNWGmYAecKEXHBKd9RHCMqE79SthA0OtjJysVWA+njuJAAAOMwUzBPMFcAUwAoAOQA4ADXAEsAIABYAEwAKwC\/AK8ATwAkAogCeADMAMgCcAC\/AEcAHAAUABAD\/AQAAWQAAABUAEwAAEHJhZGNvbS53ZWJleC5jb20ACwACAQAACgAIAAYAGQAYABcAIwAAAA0AIgAgBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAQEzdAAA"} -01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624860735,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624860735,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1444570624860735,"flow_dst_last_pkt_time":1444570624860939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860939,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ9AABAGtg1ARGlnCggAAQG7oYKw53j0TxiH0FAQ\/\/9YHgAA"} -01678{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570625418062,"flow_dst_last_pkt_time":1444570625424499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570625424499,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570626601155,"flow_dst_last_pkt_time":1444570626600999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":2935,"flow_dst_tot_l4_payload_len":8179,"midstream":0,"thread_ts_usec":1444570626601155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":160,"avg":112724.9,"max":557327,"stddev":156273.3,"var":24421341184.0,"ent":3.7,"data": [6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546]},"pktlen": {"min":40,"avg":387.9,"max":2760,"stddev":588.9,"var":346810.6,"ent":3.8,"data": [60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0],"entropies": [4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570625418062,"flow_dst_last_pkt_time":1444570625424499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570625424499,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","server_names":"*.webex.com","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +02434{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570626601155,"flow_dst_last_pkt_time":1444570626600999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2720,"flow_src_tot_l4_payload_len":2935,"flow_dst_tot_l4_payload_len":8179,"midstream":0,"thread_ts_usec":1444570626601155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":160,"avg":112724.9,"max":557327,"stddev":156273.3,"var":24421341184.0,"ent":3.7,"data": [6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546]},"pktlen": {"min":40,"avg":387.9,"max":2760,"stddev":588.9,"var":346810.6,"ent":3.8,"data": [60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0],"entropies": [4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627404164,"flow_dst_last_pkt_time":1444570627404164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570627404164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1444570627404164,"flow_dst_last_pkt_time":1444570627404164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570627404164,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1444570627404164,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570627409779,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1444570627410952,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570627410952,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570627411108,"pkt":"ABoRAAACABoRAAABCABFAAELhnVAAEAG\/8MKCAABQERpZ6GEAbuwMDkOT8\/G81AYOQi8XAAAFgMBAN4BAADaAwNWGmYD1bgajSKfLk8MBc\/KhqagawnHbCgQ2bA0JfR3iiCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="} -01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570627411108,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627409779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570627411108,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627411318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570627411318,"pkt":"ABoRAAACABoRAAABCABFAAAoASdAABAGtfVARGlnCggAAQG7oYRPz8bzsDA58VAQ\/\/9X\/AAA"} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627815979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570627815979,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01429{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570627411108,"flow_dst_last_pkt_time":1444570627815979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570627815979,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628113579,"flow_dst_last_pkt_time":1444570628113579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628113579,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1444570628113579,"flow_dst_last_pkt_time":1444570628113579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570628113579,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1444570628113579,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628117515,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"} @@ -25,15 +25,15 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1444570628117770,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628121468,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1444570628121847,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628121847,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570628121998,"pkt":"ABoRAAACABoRAAABCABFAAELCqdAAEAGe5IKCAABQERpZ6GGAbuTEbVlbO5KnFAYOQgw\/QAAFgMBAN4BAADaAwNWGmYE7RhsRONG\/m1MT5VVrdjnvzP1znNlFG2+WauU5SCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="} -01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628121998,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628117515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628121998,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628122193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628122193,"pkt":"ABoRAAACABoRAAABCABFAAAoATdAABAGteVARGlnCggAAQG7oYZs7kqckxG2SFAQ\/\/9X+gAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1444570628122373,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628122373,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"} 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570628122668,"pkt":"ABoRAAACABoRAAABCABFAAELSv5AAEAGOzsKCAABQERpZ6GHAbtcKPU+o9cKw1AYOQiciAAAFgMBAN4BAADaAwNWGmYEkvVIckj2nKXTHHhTgHLpDPs+ur2PFRE7SXTT+yCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="} -01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628122668,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628121468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570628122668,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628122955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570628122955,"pkt":"ABoRAAACABoRAAABCABFAAAoAThAABAGteRARGlnCggAAQG7oYej1wrDXCj2IVAQ\/\/9X+QAA"} -01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628514304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1444570628514304,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01368{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628565912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570628565912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":129,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570629212279,"flow_dst_last_pkt_time":1444570629155254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":46819,"midstream":0,"thread_ts_usec":1444570629212279,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":156,"avg":114813.1,"max":455330,"stddev":125812.7,"var":15828844544.0,"ent":4.1,"data": [5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449]},"pktlen": {"min":40,"avg":1574.7,"max":18006,"stddev":3700.1,"var":13691057.0,"ent":2.9,"data": [60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40]},"bins": {"c_to_s": [10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01428{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628121998,"flow_dst_last_pkt_time":1444570628514304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1444570628514304,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01430{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628122668,"flow_dst_last_pkt_time":1444570628565912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570628565912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com","domainame":"radcom.webex.com","tls": {"version":"TLSv1.2","ja3s":"c253ec3ad88e42f8da4032682892f9a0","ja4":"t12d280600_519b4837d290_570a46b37db9","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +02455{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":129,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570629212279,"flow_dst_last_pkt_time":1444570629155254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":46819,"midstream":0,"thread_ts_usec":1444570629212279,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":156,"avg":114813.1,"max":455330,"stddev":125812.7,"var":15828844544.0,"ent":4.1,"data": [5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449]},"pktlen": {"min":40,"avg":1574.7,"max":18006,"stddev":3700.1,"var":13691057.0,"ent":2.9,"data": [60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40]},"bins": {"c_to_s": [10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570630272557,"flow_src_last_pkt_time":1444570630272557,"flow_dst_last_pkt_time":1444570630272557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570630272557,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1444570630272557,"flow_dst_last_pkt_time":1444570630272557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1444570630272557,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1444570630272557,"flow_dst_last_pkt_time":1444570630272755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570630272755,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"} @@ -47,25 +47,25 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1444570631722722,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570631726320,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1444570631726629,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570631726629,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570631731449,"pkt":"ABoRAAACABoRAAABCABFAABn7rpAAEAGmCIKCAABQERpZ6GKAbt6Ji+XhdnQalAYOQgODwAAFgMBADoBAAA2AwHgmz2uanfCUjnykbM2Mv9FAODhfxJmAjR5YaebpjX1JgAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570631731449,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631726320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570631731449,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1444570631731449,"flow_dst_last_pkt_time":1444570631731733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570631731733,"pkt":"ABoRAAACABoRAAABCABFAAAoAWdAABAGtbVARGlnCggAAQG7oYqF2dBqeiYv1lAQ\/\/9YmgAA"} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570632251291,"flow_dst_last_pkt_time":1444570632251919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570632251919,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570632251291,"flow_dst_last_pkt_time":1444570632251919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570632251919,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632436109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632436109,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632436109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570632436109,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1444570632436109,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632439585,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1444570632470387,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470387,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570632470550,"pkt":"ABoRAAACABoRAAABCABFAABnE6NAAEAGB8YKCAABFyz987+YAbs3etLYyIUtKVAYOQiFHgAAFgMBADoBAAA2AwGEmq+NZP+kc3ErHq1IRgxSv+RZnIPy+ZyIImU+XVBptwAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632439585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570632470550,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632470778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570632470778,"pkt":"ABoRAAACABoRAAABCABFAAAoAWxAABAGSjwXLP3zCggAAQG7v5jIhS0pN3rTF1AQ\/\/\/PFwAA"} -02206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} +02165{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570632470550,"flow_dst_last_pkt_time":1444570632591660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":2903,"midstream":0,"thread_ts_usec":1444570632591660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633357298,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633357298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570633357298,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1444570633357298,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633360351,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1444570633360483,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633360483,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570633362374,"pkt":"ABoRAAACABoRAAABCABFAABn7DJAAEAGmqoKCAABQERpZ6GOAbtaKC3jpdfSHlAYOQhBGAAAFgMBADoBAAA2AwHTw\/bn8phv0cUj5hxDCEb0N0sEPfC+Zz7P154TmGT2KQAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633362374,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633360351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570633362374,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1444570633362374,"flow_dst_last_pkt_time":1444570633362543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570633362543,"pkt":"ABoRAAACABoRAAABCABFAAAoAXtAABAGtaFARGlnCggAAQG7oY6l19IeWiguIlAQ\/\/9YlgAA"} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633810470,"flow_dst_last_pkt_time":1444570633811592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570633811592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570633810470,"flow_dst_last_pkt_time":1444570633811592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570633811592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 02452{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":249,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570635772189,"flow_dst_last_pkt_time":1444570635721813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":8847,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":33212,"midstream":0,"thread_ts_usec":1444570635772189,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":383,"avg":154174.4,"max":1031495,"stddev":247176.8,"var":61096366080.0,"ent":3.8,"data": [3053,3185,1891,2192,397016,448096,52033,52145,383,52378,209850,261823,51847,1288,975,979869,1031495,52580,53500,94069,93832,53071,53864,119063,117547,148351,147839,51431,51376,96737,96627]},"pktlen": {"min":40,"avg":1108.5,"max":8887,"stddev":2294.9,"var":5266403.5,"ent":3.1,"data": [60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40]},"bins": {"c_to_s": [12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.446510792,4.665312290,4.665311813,5.339869976,4.565312386,7.238214016,4.665312290,7.216020107,4.615311623,7.281401634,4.615312576,5.978787422,7.616997242,4.515312195,5.692360401,4.565312386,7.861890793,4.665311813,7.976788044,4.665311813,7.858300209,4.715312004,7.979997158,4.665311813,6.756694794,4.615312099,7.862811089,4.611769199,7.975809574,4.715312004,7.874713421,4.715312004]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570636151328,"flow_dst_last_pkt_time":1444570636151328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636151328,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636151328,"flow_dst_last_pkt_time":1444570636151328,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636151328,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} @@ -75,32 +75,32 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636155519,"flow_dst_last_pkt_time":1444570636155519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636155519,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636155519,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636157830,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636154295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636157950,"pkt":"ABoRAAACABoRAAABCABFAABntbdAAEAGMt8KCAABch3V1KL+AbsYGndd5+WIpFAYOQhDcwAAFgMBADoBAAA2AwEixpBV3K1aYKpnKzRaOLYWz3kxtW8gINw5Lf9cpQ2h2AAABAA1AP8BAAAJACMAAAAPAAEB"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636154295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636157950,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636154295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636157950,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636157950,"flow_dst_last_pkt_time":1444570636158232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636158232,"pkt":"ABoRAAACABoRAAABCABFAAAoAY9AABAGF0dyHdXUCggAAQG7ov7n5YikGBp3nFAQ\/\/+43wAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636158443,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636158443,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636159914,"pkt":"ABoRAAACABoRAAABCABFAABnNxtAAEAGux4KCAABch3MMcm+AbvkVPXxG6sKEFAYOQjpBAAAFgMBADoBAAA2AwELSWRUw5u41GvWexySi8w7aRuG0UGhgcOkKRM8ZLYwuAAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636159914,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636157830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636159914,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636159914,"flow_dst_last_pkt_time":1444570636160142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636160142,"pkt":"ABoRAAACABoRAAABCABFAAAoAZBAABAGIOlyHcwxCggAAQG7yb4bqwoQ5FT2MFAQ\/\/+bwgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636160380,"flow_dst_last_pkt_time":1444570636160380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636160380,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636160380,"flow_dst_last_pkt_time":1444570636160380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636160380,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636160380,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636163417,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636163735,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636163735,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636164429,"pkt":"ABoRAAACABoRAAABCABFAABn0G5AAEAGr7QKCAAB0cXen7mKAbt7nBKHhGPtelAYOQh2yQAAFgMBADoBAAA2AwENSlEe7+NgWQr9TJ\/2WZpS5a6sUQSaq2ncdIKzDktEmAAABAA1AP8BAAAJACMAAAAPAAEB"} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636164429,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636163417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636164429,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636164621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636164621,"pkt":"ABoRAAACABoRAAABCABFAAAoAZJAABAGrtDRxd6fCggAAQG7uYqEY+16e5wSxlAQ\/\/854AAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636170439,"flow_dst_last_pkt_time":1444570636170439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636170439,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636170439,"flow_dst_last_pkt_time":1444570636170439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636170439,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636170439,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636175135,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636175390,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636175390,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636176823,"pkt":"ABoRAAACABoRAAABCABFAABnc+FAAEAGAsoKCAABQER5meEvAbvnI7E1GNxOzFAYOQg\/MQAAFgMBADoBAAA2AwHlQjeb\/eKZHKuppjWfos5yg+nhloBcE1OwdwWUSYyZagAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636176823,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636175135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636176823,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636177089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636177089,"pkt":"ABoRAAACABoRAAABCABFAAAoAZRAABAGpVZARHmZCggAAQG74S8Y3E7M5yOxdFAQ\/\/8IwwAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636180806,"flow_dst_last_pkt_time":1444570636180806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636180806,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636180806,"flow_dst_last_pkt_time":1444570636180806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636180806,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636180806,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636183521,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636183683,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636183683,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636185047,"pkt":"ABoRAAACABoRAAABCABFAABnnxFAAEAGbAYKCAABPm3nA7L2AbufQl3kYL2iHVAYOQiqgAAAFgMBADoBAAA2AwG1npMJl\/ayeEKp148YQXJQu08Kp5pJKEAcdvXjyY7AEAAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636185047,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636183521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636185047,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636185047,"flow_dst_last_pkt_time":1444570636185321,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636185321,"pkt":"ABoRAAACABoRAAABCABFAAAoAZZAABAGOcE+becDCggAAQG7svZgvaIdn0JeI1AQ\/\/\/LaAAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636248727,"flow_dst_last_pkt_time":1444570636248727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636248727,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636248727,"flow_dst_last_pkt_time":1444570636248727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636248727,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} @@ -119,30 +119,30 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636264505,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636268416,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636268706,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636268706,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636268852,"pkt":"ABoRAAACABoRAAABCABFAABnNIlAAEAGUy8KCAABQERojK3MAbt5hvZ3hnkJilAYOQhZ6QAAFgMBADoBAAA2AwFZAOdrf318d9DQoA0D3C8cGGy1yScsdSsQfqgP8YHJWQAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636268852,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636252206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636268852,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636268852,"flow_dst_last_pkt_time":1444570636269047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269047,"pkt":"ABoRAAACABoRAAABCABFAAAoAZxAABAGtltARGiMCggAAQG7rcyGeQmKeYb2tlAQ\/\/9NMwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636269399,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269399,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636269543,"pkt":"ABoRAAACABoRAAABCABFAABn0S5AAEAGIrEKCAABch3Ki7gMAbtSShPerbXsI1AYOQjEKQAAFgMBADoBAAA2AwEgf\/e\/jgX0597KeqXA4hkOqtuJMPxy38wcZQGqQdMmagAABAA1AP8BAAAJACMAAAAPAAEB"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636269543,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636255532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636269543,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636269543,"flow_dst_last_pkt_time":1444570636269759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269759,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ1AABAGIoJyHcqLCggAAQG7uAyttewjUkoUHVAQ\/\/+vGgAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636269901,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636269901,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636270105,"pkt":"ABoRAAACABoRAAABCABFAABn70RAAEAGjwQKCAABrfMETM36AbsKei209YXSTVAYOQhXBgAAFgMBADoBAAA2AwEbjnmamhrG0ilv8MM2B7NxSQPfoK5gN5dT14i2jCOS+AAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636270105,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636259424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636270105,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636270105,"flow_dst_last_pkt_time":1444570636270294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636270294,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ5AABAGrOqt8wRMCggAAQG7zfr1hdJNCnot81AQ\/\/8jlgAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636270430,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636270430,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636270568,"flow_dst_last_pkt_time":1444570636270568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636270568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636270568,"flow_dst_last_pkt_time":1444570636270568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636270568,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636270568,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636273711,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636273982,"pkt":"ABoRAAACABoRAAABCABFAABnu9hAAEAGuwcKCAABQER5ZMv7AbtwVXklj6qG3FAYOQirFAAAFgMBADoBAAA2AwHYELTmAdFk47j\/kG3RMIzBgWabbigjj\/WcrWQ+O8XfAwAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636273982,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636263791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636273982,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636274175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636274175,"pkt":"ABoRAAACABoRAAABCABFAAAoAaBAABAGpX9ARHlkCggAAQG7y\/uPqobccFV5ZFAQ\/\/8eLAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636274320,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636274320,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636274819,"pkt":"ABoRAAACABoRAAABCABFAABnYetAAEAGFPYKCAABQER5Y9qhAbtb96MbpAhc5lAYOQh9SQAAFgMBADoBAAA2AwFui4ALd8hCzC1Hn0XZp9IbNctVu8L5+XzvOp52wmP4PgAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636274819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636268416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636274819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636275494,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636275494,"pkt":"ABoRAAACABoRAAABCABFAAAoAaFAABAGpX9ARHljCggAAQG72qGkCFzmW\/ejWlAQ\/\/8PhwAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636275644,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636275644,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636276432,"pkt":"ABoRAAACABoRAAABCABFAABn79lAAEAGBoYKCAABch3IC7rhAbtuYS0kkZ7S3VAYOQiWfgAAFgMBADoBAAA2AwGYeAXD1rCaFxll3KHQwiDcn3jmpgdAsGqZOECdkGYcowAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636276432,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636273711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636276432,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570636276627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636276627,"pkt":"ABoRAAACABoRAAABCABFAAAoAaJAABAGJP1yHcgLCggAAQG7uuGRntLdbmEtY1AQ\/\/+uxQAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636359207,"flow_dst_last_pkt_time":1444570636359207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636359207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636359207,"flow_dst_last_pkt_time":1444570636359207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636359207,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="} @@ -152,42 +152,42 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636364135,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636368157,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636368456,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636368456,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636368630,"pkt":"ABoRAAACABoRAAABCABFAABn6INAAEAGnl8KCAABQERpYciqAbsEZyp8+5jVhVAYOQiOAwAAFgMBADoBAAA2AwG0+nLinPAGG4t2PmApyj1cBSRGozWXopqiBuxsT+LyqQAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636368630,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636363606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636368630,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636368630,"flow_dst_last_pkt_time":1444570636369036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636369036,"pkt":"ABoRAAACABoRAAABCABFAAAoAaVAABAGtX1ARGlhCggAAQG7yKr7mNWFBGcqu1AQ\/\/8xgAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636369197,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636369197,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636369622,"pkt":"ABoRAAACABoRAAABCABFAABnY+NAAEAGIv8KCAABQERpYpEJAbvtraEbElJe5lAYOQjiHgAAFgMBADoBAAA2AwF3tBEHB6guyNBNlJmUpeM5u9lxXWyFQhCvqu17Ld8y\/QAABAA1AP8BAAAJACMAAAAPAAEB"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636369622,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636368157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636369622,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636369848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636369848,"pkt":"ABoRAAACABoRAAABCABFAAAoAaZAABAGtXtARGliCggAAQG7kQkSUl7m7a2hWlAQ\/\/9pIAAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636387910,"flow_dst_last_pkt_time":1444570636387910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636387910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1444570636387910,"flow_dst_last_pkt_time":1444570636387910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570636387910,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1444570636387910,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636395572,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1444570636395961,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636395961,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570636397645,"pkt":"ABoRAAACABoRAAABCABFAABn2lpAAEAGrIIKCAABQERpZ6GqAbsG3Rla+SLmp1AYOQjTBwAAFgMBADoBAAA2AwHQxD6jP9mnXAR\/gJlsx5rnkfAjqPqPevvcaVvn\/9cADgAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636397645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636395572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570636397645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636398289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570636398289,"pkt":"ABoRAAACABoRAAABCABFAAAoAahAABAGtXRARGlnCggAAQG7oar5IuanBt0ZmVAQ\/\/9YegAA"} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636462122,"flow_dst_last_pkt_time":1444570636471138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636471138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636701917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636701917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636698579,"flow_dst_last_pkt_time":1444570636703657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636703657,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636706197,"flow_dst_last_pkt_time":1444570636706939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636706939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636773132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636773132,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636827404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636827404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636828477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636828477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636826252,"flow_dst_last_pkt_time":1444570636829761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636829761,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636894711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636894711,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636897531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636897531,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636963026,"flow_dst_last_pkt_time":1444570636963296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636963296,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636462122,"flow_dst_last_pkt_time":1444570636471138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636471138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636160380,"flow_src_last_pkt_time":1444570636164429,"flow_dst_last_pkt_time":1444570636701917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636701917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570636698579,"flow_dst_last_pkt_time":1444570636703657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636703657,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636255758,"flow_src_last_pkt_time":1444570636706197,"flow_dst_last_pkt_time":1444570636706939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636706939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570636176823,"flow_dst_last_pkt_time":1444570636773132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636773132,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570636369622,"flow_dst_last_pkt_time":1444570636827404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636827404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570636397645,"flow_dst_last_pkt_time":1444570636828477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636828477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636359207,"flow_src_last_pkt_time":1444570636826252,"flow_dst_last_pkt_time":1444570636829761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636829761,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636259848,"flow_src_last_pkt_time":1444570636273982,"flow_dst_last_pkt_time":1444570636894711,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636894711,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570636274819,"flow_dst_last_pkt_time":1444570636897531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570636897531,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636155519,"flow_src_last_pkt_time":1444570636963026,"flow_dst_last_pkt_time":1444570636963296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570636963296,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570637191973,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570637191973,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570637191973,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570638197194,"flow_dst_last_pkt_time":1444570638198277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2842,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638198277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570638199485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638199485,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570637191973,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570637191973,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","sip": {"from":";tag=d3833767","to":""}}} +01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570638197194,"flow_dst_last_pkt_time":1444570638198277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2842,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638198277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570636270568,"flow_src_last_pkt_time":1444570636276432,"flow_dst_last_pkt_time":1444570638199485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570638199485,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570638225615,"flow_dst_last_pkt_time":1444570638225615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570638225615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1444570638225615,"flow_dst_last_pkt_time":1444570638225615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570638225615,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1444570638225615,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570638234305,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1444570638237460,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570638237460,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1444570639260467,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570639260467,"pkt":"ABoRAAACABoRAAABCABFAAAoUR5AAEAGN0YKCAAB2DrQKKmpAbtoC5KAl\/RtgVAQOQgY+gAA"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1444570639266192,"pkt":"ABoRAAACABoRAAABCABFAAELUR9AAEAGNmIKCAAB2DrQKKmpAbtoC5KAl\/RtgVAYOQjE6AAAFgMBAN4BAADaAwOv\/q6xmTCIAwLzDcizR7a\/t25hvWTVcDLyx+PEedO+jAAAKMArwCzAL8AwAJ4An8AJwArAE8AUADMAOcAHwBEAnACdAC8ANQAFAP8BAACJAAAAHQAbAAAYc3NsLmdvb2dsZS1hbmFseXRpY3MuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} -01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570639266192,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570638234305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570639266192,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570639266643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570639266643,"pkt":"ABoRAAACABoRAAABCABFAAAoAfBAABAGtnTYOtAoCggAAQG7qamX9G2BaAuTY1AQ\/\/9RHwAA"} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1444570639266868,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570639266868,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570640269875,"flow_src_last_pkt_time":1444570640269875,"flow_dst_last_pkt_time":1444570640269875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640269875,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -238,30 +238,30 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1444570640399473,"flow_dst_last_pkt_time":1444570640344333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570640399473,"pkt":"ABoRAAACABoRAAABCABFAAA82ZRAAEAGODkKCAABPm3geMe\/Abvolh2LAAAAAKACOQhRpAAAAgQFtAQCCAoATMR9AAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640399473,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640403608,"pkt":"ABoRAAACABoRAAABCABFAAAoAgRAABAGP94+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640404023,"flow_dst_last_pkt_time":1444570640355809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640404023,"pkt":"ABoRAAACABoRAAABCABFAAAofMJAAEAGd1wKCAABch3Ki7gfAbudV784YqhAyVAQOQh2PgAA"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640269875,"flow_src_last_pkt_time":1444570640404146,"flow_dst_last_pkt_time":1444570640355809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640269875,"flow_src_last_pkt_time":1444570640404146,"flow_dst_last_pkt_time":1444570640355809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640404444,"flow_dst_last_pkt_time":1444570640365211,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640404444,"pkt":"ABoRAAACABoRAAABCABFAAAonBpAAEAGTLsKCAABch3V1KMdAbtvG1\/wkOSgEVAQOQh\/9wAA"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640284770,"flow_src_last_pkt_time":1444570640404564,"flow_dst_last_pkt_time":1444570640365211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404564,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640284770,"flow_src_last_pkt_time":1444570640404564,"flow_dst_last_pkt_time":1444570640365211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404564,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640404851,"flow_dst_last_pkt_time":1444570640372948,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640404851,"pkt":"ABoRAAACABoRAAABCABFAAAoYQtAAEAGkW0KCAABch3MMcncAbvjbaL\/HJJdAlAQOQhi2wAA"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570640404972,"flow_dst_last_pkt_time":1444570640372948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404972,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570640404972,"flow_dst_last_pkt_time":1444570640372948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640404972,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640405337,"flow_dst_last_pkt_time":1444570640381985,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640405337,"pkt":"ABoRAAACABoRAAABCABFAAAoS5BAAEAGO5EKCAABQERpYpETAbtLyIh6tDd3h1AQOQgwTQAA"} -01264{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640310108,"flow_src_last_pkt_time":1444570640405816,"flow_dst_last_pkt_time":1444570640381985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640405816,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640310108,"flow_src_last_pkt_time":1444570640405816,"flow_dst_last_pkt_time":1444570640381985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640405816,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640406122,"flow_dst_last_pkt_time":1444570640395199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640406122,"pkt":"ABoRAAACABoRAAABCABFAAAoc3dAAEAGE6UKCAABQERpZ6GyAbtpybCPljZPclAQOQgfqQAA"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570640406243,"flow_dst_last_pkt_time":1444570640395199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406243,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570640406243,"flow_dst_last_pkt_time":1444570640395199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406243,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640406529,"flow_dst_last_pkt_time":1444570640399302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640406529,"pkt":"ABoRAAACABoRAAABCABFAAAotGpAAEAGXXcKCAABPm3geMe+AbssX3Bx06CPkFAQOQiEYgAA"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570640406648,"flow_dst_last_pkt_time":1444570640399302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406648,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570640406648,"flow_dst_last_pkt_time":1444570640399302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640406648,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640406931,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640406931,"pkt":"ABoRAAACABoRAAABCABFAAAo2ZVAAEAGOEwKCAABPm3geMe\/Abvolh2MF2nidVAQOQiEYQAA"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570640407052,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640407052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570640407052,"flow_dst_last_pkt_time":1444570640403608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640407052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640407386,"flow_dst_last_pkt_time":1444570640348304,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640407386,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGo40Khc4vUEpuRIKzAbsvtI0dAAAAAFAEAADXXQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1444570640407983,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640407983,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1444570640408102,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640408102,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570640408223,"pkt":"ABoRAAACABoRAAABCABFAAEAO9pAAEAGNYcKCAABUEpuRILnAbv7u\/+EBEQAfVAYOQjgzQAAFgMBANMBAADPAwFWGmYQaUf4c9qAoNyA\/Wv7T0CEUJYDhQEnkMlpU0A7GyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640382255,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408223,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640382255,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640385652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408223,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640408223,"flow_dst_last_pkt_time":1444570640408448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640408448,"pkt":"ABoRAAACABoRAAABCABFAAAoAgxAABAGoC1QSm5ECggAAQG7gucERAB9+7wAXFAQ\/\/9hwQAA"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570640408569,"pkt":"ABoRAAACABoRAAABCABFAAEAsmRAAEAGvvwKCAABUEpuRILoAbtZhnZApnmJwVAYOQglNwAAFgMBANMBAADPAwFWGmYQn3y+Y635kayg0wLQlN\/9KaMadTF0LMgTLEN5tSBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640389057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570640408569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640408732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570640408732,"pkt":"ABoRAAACABoRAAABCABFAAAoAg1AABAGoCxQSm5ECggAAQG7guimeYnBWYZ3GFAQ\/\/9hwAAA"} -01852{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570640491206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":3697,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3697,"midstream":0,"thread_ts_usec":1444570640491206,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D","blocks":0}}} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640593166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570640593166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01811{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570639266192,"flow_dst_last_pkt_time":1444570640491206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":3697,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3697,"midstream":0,"thread_ts_usec":1444570640491206,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ssl.google-analytics.com","domainame":"ssl.google-analytics.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3s":"389ed42c02ebecc32e73aa31def07e14","ja4":"t12d200500_6e20beb92e8e_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570640408569,"flow_dst_last_pkt_time":1444570640593166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570640593166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1444570640698322,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570640698322,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1444570644691510,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1444570644691510,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669736143,"flow_dst_last_pkt_time":1444570669736143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669736143,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -272,69 +272,69 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1444570669745822,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669760020,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1444570669760287,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669760287,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570669760654,"pkt":"ABoRAAACABoRAAABCABFAABn0OpAAEAGQLgKCAABPm3geMfSAbvlsh8IGk3g+VAYOQh66wAAFgMBADoBAAA2AwE1744IWto6M0QCtsjP9fOG23xHxlWSJd969XnKXp6XHQAABAA1AP8BAAAJACMAAAAPAAEB"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669760654,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669745196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669760654,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570669761708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669761708,"pkt":"ABoRAAACABoRAAABCABFAAAoAiRAABAGP74+beB4CggAAQG7x9IaTeD55bIfR1AQ\/\/+9FwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1444570669762448,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669762448,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570669762590,"pkt":"ABoRAAACABoRAAABCABFAABnQwRAAEAGzp4KCAABPm3geMfTAbvSW4zuLaRzE1AYOQhN4wAAFgMBADoBAAA2AwE4pMre7\/gDNHFUYUtdH4I+oIdCvO8Q22rK5cuvc6RHAwAABAA1AP8BAAAJACMAAAAPAAEB"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669762590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669760020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570669762590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570669763196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570669763196,"pkt":"ABoRAAACABoRAAABCABFAAAoAiVAABAGP70+beB4CggAAQG7x9MtpHMT0luNLVAQ\/\/+9FgAA"} -01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570670676967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670676967,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} -01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570670730016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670730016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570669760654,"flow_dst_last_pkt_time":1444570670676967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670676967,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01707{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570669762590,"flow_dst_last_pkt_time":1444570670730016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570670730016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672215106,"flow_dst_last_pkt_time":1444570672215106,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570672215106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1444570672215106,"flow_dst_last_pkt_time":1444570672215106,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570672215106,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1444570672215106,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570672219041,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1444570672219386,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570672219386,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570672269788,"pkt":"ABoRAAACABoRAAABCABFAABnMYpAAEAGVVMKCAABQERpZ6HLAbsAQeF2\/74ei1AYOQieegAAFgMBADoBAAA2AwGjqRN4oMmUAvXJWDJ5WPEL71jxOoo9r1VB6+4PEHNUEQAABAA1AP8BAAAJACMAAAAPAAEB"} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570672269788,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570672269788,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672270226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570672270226,"pkt":"ABoRAAACABoRAAABCABFAAAoAjtAABAGtOFARGlnCggAAQG7ocv\/vh6LAEHhtVAQ\/\/9YWQAA"} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672626514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570672626514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570672269788,"flow_dst_last_pkt_time":1444570672626514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3939,"midstream":0,"thread_ts_usec":1444570672626514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674487975,"flow_dst_last_pkt_time":1444570674487975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570674487975,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1444570674487975,"flow_dst_last_pkt_time":1444570674487975,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570674487975,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1444570674487975,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570674499448,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1444570674500159,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570674500159,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570674600509,"pkt":"ABoRAAACABoRAAABCABFAADjCCBAAEAGeYsKCAABrfMAbtlxAbui3tn9XSEmBFAYOQgu1wAAFgMBALYBAACyAwF10XyjAsAxicBbHHpuW8T0LZqOxOyDfFNTQx6hPM8mVgAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570674600509,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674499448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570674600509,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570674600804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570674600804,"pkt":"ABoRAAACABoRAAABCABFAAAoAkpAABAGsByt8wBuCggAAQG72XFdISYEot7auFAQ\/\/8bgQAA"} 02462{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":670,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570669745822,"flow_src_last_pkt_time":1444570675008962,"flow_dst_last_pkt_time":1444570675008306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":10527,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":17665,"midstream":0,"thread_ts_usec":1444570675008962,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":142,"avg":339536.2,"max":2214636,"stddev":547768.4,"var":300050219008.0,"ent":3.7,"data": [14198,16626,142,3176,966820,968167,50625,52096,160025,217339,56893,151808,203416,506402,456173,506119,506174,257962,307348,51007,1799,210726,261737,55501,54303,51893,51311,2214636,2165090,3222,2890]},"pktlen": {"min":40,"avg":619.6,"max":10567,"stddev":1915.7,"var":3669828.5,"ent":2.5,"data": [60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40]},"bins": {"c_to_s": [13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.471673965,4.784184456,4.784183979,5.354527950,4.684184074,7.260420322,4.784183979,7.246551991,4.734184265,5.886437893,7.525208473,4.734184265,7.158136368,4.734184265,7.747338772,4.784183979,7.959521770,4.784183979,6.617527962,4.784183979,7.154652596,4.834184170,6.117394924,4.834184170,6.934138775,4.784184456,7.251028061,4.734184742,7.541121960,4.784183979,7.600737572,4.834183693]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570675110598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570675110598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570674487975,"flow_src_last_pkt_time":1444570674600509,"flow_dst_last_pkt_time":1444570675110598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570675110598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 02436{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":675,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570675113022,"flow_dst_last_pkt_time":1444570675113218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":4673,"flow_dst_tot_l4_payload_len":3966,"midstream":0,"thread_ts_usec":1444570675113218,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":309,"avg":346901.8,"max":2270107,"stddev":598058.5,"var":357673959424.0,"ent":3.3,"data": [9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021]},"pktlen": {"min":40,"avg":310.6,"max":3947,"stddev":685.4,"var":469733.5,"ent":3.5,"data": [60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40]},"bins": {"c_to_s": [3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570675941714,"flow_dst_last_pkt_time":1444570675941714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570675941714,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1444570675941714,"flow_dst_last_pkt_time":1444570675941714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570675941714,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1444570675941714,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570675945842,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1444570675946782,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570675946782,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570675997260,"pkt":"ABoRAAACABoRAAABCABFAADjSaZAAEAGwloKCAABPm3lnsp5AbteGJvWoedkK1AYOQjWkQAAFgMBALYBAACyAwEHq+X4OM58pZkulReYFtDW\/RDKtfBfQqv2TASThhAOCAAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570675997260,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675945842,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570675997260,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1444570675997260,"flow_dst_last_pkt_time":1444570675997731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570675997731,"pkt":"ABoRAAACABoRAAABCABFAAAoAnBAABAGOkw+beWeCggAAQG7ynmh52QrXhickVAQ\/\/+0zgAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570679512700,"flow_dst_last_pkt_time":1444570679512700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570679512700,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1444570679512700,"flow_dst_last_pkt_time":1444570679512700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570679512700,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1444570679512700,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570679516479,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1444570679516623,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570679516623,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570679526515,"pkt":"ABoRAAACABoRAAABCABFAADjdLlAAEAGDPIKCAABrfMAbtl1Abugj6dvX3BYklAYOQi67gAAFgMBALYBAACyAwE3afvT656oHHNlOl3\/S5vQra3qbarVhBS8TCkcXn\/60QAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570679526515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679516479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570679526515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1444570679526515,"flow_dst_last_pkt_time":1444570679526722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570679526722,"pkt":"ABoRAAACABoRAAABCABFAAAoAplAABAGr82t8wBuCggAAQG72XVfcFiSoI+oKlAQ\/\/8bfQAA"} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":737,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570680082130,"flow_dst_last_pkt_time":1444570680091160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570680091160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":737,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570679512700,"flow_src_last_pkt_time":1444570680082130,"flow_dst_last_pkt_time":1444570680091160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570680091160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":759,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570668729335,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570688887871,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693238349,"flow_dst_last_pkt_time":1444570693238349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570693238349,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1444570693238349,"flow_dst_last_pkt_time":1444570693238349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570693238349,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1444570693238349,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570693244944,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1444570693245402,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570693245402,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570693297839,"pkt":"ABoRAAACABoRAAABCABFAADjLORAAEAGVMcKCAABrfMAbtl3AbsPD\/XX8PAKKlAYOQjZZAAAFgMBALYBAACyAwFP3AbhLhTWOx1T12yIPxjjHHkav2YDbjvETRMnoVMoSgAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570693297839,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693244944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570693297839,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693298648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570693298648,"pkt":"ABoRAAACABoRAAABCABFAAAoAxJAABAGr1St8wBuCggAAQG72Xfw8AoqDw\/2klAQ\/\/8bewAA"} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":773,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693766903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570693766903,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":773,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570693297839,"flow_dst_last_pkt_time":1444570693766903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570693766903,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570694561618,"flow_dst_last_pkt_time":1444570694561618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570694561618,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1444570694561618,"flow_dst_last_pkt_time":1444570694561618,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570694561618,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1444570694561618,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570694564407,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1444570694564543,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570694564543,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570694614759,"pkt":"ABoRAAACABoRAAABCABFAADj02tAAEAGOJUKCAABPm3lnsp\/AbubwQrRZD71MFAYOQigvgAAFgMBALYBAACyAwGiAbZfNeJzK4ep+8FP1757rfliUbGs5JPyfYBIT\/aU1QAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570694614759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694564407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570694614759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1444570694614759,"flow_dst_last_pkt_time":1444570694615065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570694615065,"pkt":"ABoRAAACABoRAAABCABFAAAoAyxAABAGOZA+beWeCggAAQG7yn9kPvUwm8ELjFAQ\/\/+0yAAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699074033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699074033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699074033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699074033,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699074033,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077509,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1444570699077833,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699077833,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570699079240,"pkt":"ABoRAAACABoRAAABCABFAAEAOjxAAEAGnrQKCAABNvEgDrSDAbvRQeFILr4euVAYOQhpTwAAFgMBANMBAADPAwFWGmZLJysQyU55el0fA2qHtq46\/QtJIPLxFEGaenjG8gAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABgAAAAGAAWAAATYXBpLmNyaXR0ZXJjaXNtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"} -01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":818,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699077509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699079240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699079481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699079481,"pkt":"ABoRAAACABoRAAABCABFAAAoA2ZAABAGBmM28SAOCggAAQG7tIMuvh650UHiIFAQ\/\/+XtAAA"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699096723,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699096723,"flow_dst_last_pkt_time":1444570699096723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699096723,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} @@ -352,16 +352,16 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699212387,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699212387,"pkt":"ABoRAAACABoRAAABCABFAAAoA2tAABAGIdNOLu1bCggAAQBQ6W3tNUJ0Esq+21AQ\/\/9\/NAAA"} 01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":832,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570699096723,"flow_src_last_pkt_time":1444570699202178,"flow_dst_last_pkt_time":1444570699445643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699445643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} 01365{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":834,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699101872,"flow_src_last_pkt_time":1444570699212081,"flow_dst_last_pkt_time":1444570699469003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1444570699469003,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cp.pushwoosh.com","domainame":"cp.pushwoosh.com","http": {"url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":200,"content_type":"application\/json","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)","request_content_type":"application\/json"}}} -01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01694{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} +01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":836,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699079240,"flow_dst_last_pkt_time":1444570699636393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1382,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1382,"midstream":0,"thread_ts_usec":1444570699636393,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01756{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":844,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570699643521,"flow_dst_last_pkt_time":1444570699643969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":5496,"midstream":0,"thread_ts_usec":1444570699643969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.crittercism.com","domainame":"api.crittercism.com","tls": {"version":"TLSv1","server_names":"*.crittercism.com,crittercism.com","ja3s":"c800cea031c10ffe47e1d72c9264577a","ja4":"t10d350400_1f24bcc5f17d_a875e5012fde","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699916083,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699916083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570699916083,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1444570699916083,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699917636,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1444570699917753,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699917753,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570699968023,"pkt":"ABoRAAACABoRAAABCABFAAEAM+tAAEAGPXYKCAABUEpuRIMPAbsBc+gn\/owX2lAYOQhMegAAFgMBANMBAADPAwFWGmZL3uOMxVToaE\/p7S\/f3l0TPSF72MmK+MgBnG9FXiBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699968023,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699917636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570699968023,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570699968436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570699968436,"pkt":"ABoRAAACABoRAAABCABFAAAoA3pAABAGnr9QSm5ECggAAQG7gw\/+jBfaAXPo\/1AQ\/\/9hmQAA"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":867,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570700123146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700123146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":867,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570699968023,"flow_dst_last_pkt_time":1444570700123146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700123146,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700561150,"flow_dst_last_pkt_time":1444570700561150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700561150,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1444570700561150,"flow_dst_last_pkt_time":1444570700561150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570700561150,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1444570700561150,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700563231,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"} @@ -371,37 +371,37 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1444570700565371,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700565371,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1444570700565470,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700565470,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570700615658,"pkt":"ABoRAAACABoRAAABCABFAAEAd7hAAEAG+agKCAABUEpuRIMRAbsN6aun8hZUWlAYOQiQtAAAFgMBANMBAADPAwFWGmZMED4A5Nh17gO7bSCRkq5lMHNAG46Z4njZWjB\/3CBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700615658,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700563231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700615658,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700615826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700615826,"pkt":"ABoRAAACABoRAAABCABFAAAoA4tAABAGnq5QSm5ECggAAQG7gxHyFlRaDemsf1AQ\/\/9hlwAA"} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570700616161,"pkt":"ABoRAAACABoRAAABCABFAAEACydAAEAGZjoKCAABUEpuRIMSAbsmf9c42YAoyVAYOQhPIgAAFgMBANMBAADPAwFWGmZMUiXWlfiAkM3TLt+8m\/rKGRmXBLOAMg7wv4yATyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700616161,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700565210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570700616161,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700616245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570700616245,"pkt":"ABoRAAACABoRAAABCABFAAAoA4xAABAGnq1QSm5ECggAAQG7gxLZgCjJJn\/YEFAQ\/\/9hlgAA"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700767052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700767240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570700615658,"flow_dst_last_pkt_time":1444570700767052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767052,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570700616161,"flow_dst_last_pkt_time":1444570700767240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570700767240,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712008198,"flow_dst_last_pkt_time":1444570712008198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570712008198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1444570712008198,"flow_dst_last_pkt_time":1444570712008198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570712008198,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1444570712008198,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570712012584,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1444570712013209,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570712013209,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"} 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570712016521,"pkt":"ABoRAAACABoRAAABCABFAADjBP5AAEAGfK0KCAABrfMAbtmHAbtwYOR4j58biVAYOQiiYgAAFgMBALYBAACyAwGU3Odz\/vfsiokT464lK0c\/\/ta9zx7QCCoXHtBhwwrAhAAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570712016521,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712012584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570712016521,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570712016964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570712016964,"pkt":"ABoRAAACABoRAAABCABFAAAoA7tAABAGrqut8wBuCggAAQG72YePnxuJcGDlM1AQ\/\/8bawAA"} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":949,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570713707778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570713707778,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":949,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570712016521,"flow_dst_last_pkt_time":1444570713707778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570713707778,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713719932,"flow_dst_last_pkt_time":1444570713719932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570713719932,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1444570713719932,"flow_dst_last_pkt_time":1444570713719932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570713719932,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1444570713719932,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570713727956,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1444570713730352,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570713730352,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1444570713734065,"pkt":"ABoRAAACABoRAAABCABFAAEAm6BAAEAG1cAKCAABUEpuRIMXAbuTJntHbNmEulAYOQhTzAAAFgMBANMBAADPAwFWGmZZuBzwgmCJdcmTjbwZnC8oKUidI7QzbitGwcbpgSBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":962,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570713734065,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":962,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713727956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570713734065,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570713734643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570713734643,"pkt":"ABoRAAACABoRAAABCABFAAAoA8RAABAGnnVQSm5ECggAAQG7gxds2YS6kyZ8H1AQ\/\/9hkQAA"} -01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":966,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570715238965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570715238965,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":966,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570713734065,"flow_dst_last_pkt_time":1444570715238965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570715238965,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","ja4":"t10d350200_1f24bcc5f17d_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","blocks":0}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716599098,"flow_dst_last_pkt_time":1444570716599098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570716599098,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1444570716599098,"flow_dst_last_pkt_time":1444570716599098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570716599098,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1444570716599098,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570716603330,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1444570716604060,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570716604060,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1444570716610502,"pkt":"ABoRAAACABoRAAABCABFAADjldhAAEAGdigKCAABPm3lnsqRAbsgVHeD36uIflAYOQieBgAAFgMBALYBAACyAwH2mTMdHJrmw7XGFaYthT2kGUSX+T\/uNQ3U\/xVLblVUyQAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":990,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570716610502,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":990,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716603330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570716610502,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570716610944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570716610944,"pkt":"ABoRAAACABoRAAABCABFAAAoA9JAABAGOOo+beWeCggAAQG7ypHfq4h+IFR4PlAQ\/\/+0tgAA"} -01750{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570717923568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570717923568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570716610502,"flow_dst_last_pkt_time":1444570717923568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570717923568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","ja4":"t10d440400_e56d601e95ee_282f11336259","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570718801686,"flow_src_last_pkt_time":1444570718801686,"flow_dst_last_pkt_time":1444570718801686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570718801686,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1444570718801686,"flow_dst_last_pkt_time":1444570718801686,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1444570718801686,"pkt":"ABoRAAACABoRAAABCABFAAAk4zFAAEARKYMKCAABPm3lnso8IygAEONTAQAAAAAAAAE="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1444570718801686,"flow_dst_last_pkt_time":1444570718921691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1444570718921691,"pkt":"ABoRAAACABoRAAABCABFAAAkA95AABARONc+beWeCggAASMoyjwAEESbAgAAAAC4nQE="} @@ -419,7 +419,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1444570733095720,"flow_dst_last_pkt_time":1444570732090067,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570733095720,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1444570733095720,"flow_dst_last_pkt_time":1444570733103855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570733103855,"pkt":"ABoRAAACABoRAAABCABFAAAoA+xAABAGPfY+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1444570733104129,"flow_dst_last_pkt_time":1444570733103855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570733104129,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/1AAEAGidAKCAABPm3geMf2AbvHvWEvAAAAAKACOQgLHwAAAgQFtAQCCAoATOgAAAAAAAEDAwY="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1444570732086555,"flow_src_last_pkt_time":1444570733112697,"flow_dst_last_pkt_time":1444570733111880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570733112697,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1444570732086555,"flow_src_last_pkt_time":1444570733112697,"flow_dst_last_pkt_time":1444570733111880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570733112697,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1074,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738415965,"flow_dst_last_pkt_time":1444570738415965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738415965,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1444570738415965,"flow_dst_last_pkt_time":1444570738415965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570738415965,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1444570738415965,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738418908,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"} @@ -429,12 +429,12 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1444570738422731,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738422731,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1444570738422892,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738422892,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570738424345,"pkt":"ABoRAAACABoRAAABCABFAABnpaBAAEAGbAIKCAABPm3geMf6AbsEHk9D++GwvlAYOQh\/zQAAFgMBADoBAAA2AwHh7e2VL35m23t1WU\/32VTucYT8nOT5NyMFMmtQATYTFwAABAA1AP8BAAAJACMAAAAPAAEB"} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738424345,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738418908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738424345,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570738424731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738424731,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/FAABAGPfE+beB4CggAAQG7x\/r74bC+BB5PglAQ\/\/+87wAA"} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1444570738426143,"pkt":"ABoRAAACABoRAAABCABFAABneOtAAEAGmLcKCAABPm3geMf7AbvAYZI2P55ty1AYOQia+QAAFgMBADoBAAA2AwFlZ\/2gy5EJcUBexsWY6X0\/hsP+2A782vGEfEVj8EbqUwAABAA1AP8BAAAJACMAAAAPAAEB"} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1082,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738419074,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738426143,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1082,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1444570738419074,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738422538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570738426143,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1444570738426143,"flow_dst_last_pkt_time":1444570738426631,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570738426631,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/JAABAGPfA+beB4CggAAQG7x\/s\/nm3LwGGSdVAQ\/\/+87gAA"} -01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1092,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570740300724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570740300724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} +01708{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1092,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1444570738415965,"flow_src_last_pkt_time":1444570738424345,"flow_dst_last_pkt_time":1444570740300724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570740300724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"*.webex.com","ja3s":"91589ea825a2ee41810c85fab06d2ef6","ja4":"t10d020200_f2d8273d9564_18d1e47e0978","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1","blocks":0}}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1109,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1444570637191973,"flow_src_last_pkt_time":1444570733113725,"flow_dst_last_pkt_time":1444570637191973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570741466310,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1444570631058632,"flow_src_last_pkt_time":1444570631058632,"flow_dst_last_pkt_time":1444570631059010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -449,7 +449,7 @@ 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1444570636264505,"flow_src_last_pkt_time":1444570640345761,"flow_dst_last_pkt_time":1444570639251010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1444570636180806,"flow_src_last_pkt_time":1444570636961710,"flow_dst_last_pkt_time":1444570636898687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2527,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6221,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570636170439,"flow_src_last_pkt_time":1444570639257331,"flow_dst_last_pkt_time":1444570638211737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6157,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01201{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1444570699074033,"flow_src_last_pkt_time":1444570740247303,"flow_dst_last_pkt_time":1444570705689183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":6828,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640330424,"flow_src_last_pkt_time":1444570670369848,"flow_dst_last_pkt_time":1444570670371970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640338595,"flow_src_last_pkt_time":1444570670373481,"flow_dst_last_pkt_time":1444570670373944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":50,"flow_first_seen":1444570669736143,"flow_src_last_pkt_time":1444570738301094,"flow_dst_last_pkt_time":1444570704270773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":9593,"flow_dst_tot_l4_payload_len":4003,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -460,7 +460,7 @@ 01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570675941714,"flow_src_last_pkt_time":1444570690937763,"flow_dst_last_pkt_time":1444570690940588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570694561618,"flow_src_last_pkt_time":1444570709696086,"flow_dst_last_pkt_time":1444570709697460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":21,"flow_first_seen":1444570716599098,"flow_src_last_pkt_time":1444570737975878,"flow_dst_last_pkt_time":1444570724068036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":378,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":2973,"flow_dst_tot_l4_payload_len":4667,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1444570719041198,"flow_src_last_pkt_time":1444570720045734,"flow_dst_last_pkt_time":1444570719047347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01162{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1444570719041198,"flow_src_last_pkt_time":1444570720045734,"flow_dst_last_pkt_time":1444570719047347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1444570719041198,"flow_src_last_pkt_time":1444570720045734,"flow_dst_last_pkt_time":1444570719047347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570636151328,"flow_src_last_pkt_time":1444570638236318,"flow_dst_last_pkt_time":1444570638237176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640284770,"flow_src_last_pkt_time":1444570645699944,"flow_dst_last_pkt_time":1444570645701285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -471,11 +471,11 @@ 01216{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1444570693238349,"flow_src_last_pkt_time":1444570694561091,"flow_dst_last_pkt_time":1444570694561429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":1184,"flow_dst_tot_l4_payload_len":4163,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01216{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1444570712008198,"flow_src_last_pkt_time":1444570716597084,"flow_dst_last_pkt_time":1444570716597765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3907,"flow_src_tot_l4_payload_len":1184,"flow_dst_tot_l4_payload_len":4163,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1444570640382255,"flow_src_last_pkt_time":1444570699864721,"flow_dst_last_pkt_time":1444570699865096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570699915685,"flow_dst_last_pkt_time":1444570699915948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01091{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570700460758,"flow_dst_last_pkt_time":1444570700460696,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":342,"flow_src_tot_l4_payload_len":905,"flow_dst_tot_l4_payload_len":471,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01091{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570713718387,"flow_dst_last_pkt_time":1444570713719355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":418,"flow_src_tot_l4_payload_len":828,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570713708611,"flow_dst_last_pkt_time":1444570713710887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570715292587,"flow_dst_last_pkt_time":1444570715293172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":882,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01192{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570640385961,"flow_src_last_pkt_time":1444570699915685,"flow_dst_last_pkt_time":1444570699915948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01194{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1444570699916083,"flow_src_last_pkt_time":1444570700460758,"flow_dst_last_pkt_time":1444570700460696,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":342,"flow_src_tot_l4_payload_len":905,"flow_dst_tot_l4_payload_len":471,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01194{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1444570700561150,"flow_src_last_pkt_time":1444570713718387,"flow_dst_last_pkt_time":1444570713719355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":418,"flow_src_tot_l4_payload_len":828,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01192{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570700563368,"flow_src_last_pkt_time":1444570713708611,"flow_dst_last_pkt_time":1444570713710887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":851,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1444570713719932,"flow_src_last_pkt_time":1444570715292587,"flow_dst_last_pkt_time":1444570715293172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":882,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1444570636364135,"flow_src_last_pkt_time":1444570640403901,"flow_dst_last_pkt_time":1444570640268632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":5352,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640310108,"flow_src_last_pkt_time":1444570645705710,"flow_dst_last_pkt_time":1444570645707930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1444570636252483,"flow_src_last_pkt_time":1444570640344797,"flow_dst_last_pkt_time":1444570639237539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":2842,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":3907,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -484,10 +484,10 @@ 00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":2,"flow_first_seen":1444570718801686,"flow_src_last_pkt_time":1444570739041892,"flow_dst_last_pkt_time":1444570719039150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"Webex","proto_id":"141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":2,"flow_first_seen":1444570718801686,"flow_src_last_pkt_time":1444570739041892,"flow_dst_last_pkt_time":1444570719039150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570638225615,"flow_src_last_pkt_time":1444570642072869,"flow_dst_last_pkt_time":1444570642071950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3697,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":4403,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":47,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570630376197,"flow_dst_last_pkt_time":1444570630325666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17680,"flow_src_tot_l4_payload_len":8928,"flow_dst_tot_l4_payload_len":78158,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} -01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570630162612,"flow_dst_last_pkt_time":1444570630112026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":3283,"flow_dst_tot_l4_payload_len":103369,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628618984,"flow_dst_last_pkt_time":1444570628619392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628568018,"flow_dst_last_pkt_time":1444570628568372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01257{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":47,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570630376197,"flow_dst_last_pkt_time":1444570630325666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17680,"flow_src_tot_l4_payload_len":8928,"flow_dst_tot_l4_payload_len":78158,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} +01258{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1444570627404164,"flow_src_last_pkt_time":1444570630162612,"flow_dst_last_pkt_time":1444570630112026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":17966,"flow_src_tot_l4_payload_len":3283,"flow_dst_tot_l4_payload_len":103369,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"radcom.webex.com"}} +01215{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570628113579,"flow_src_last_pkt_time":1444570628618984,"flow_dst_last_pkt_time":1444570628619392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01216{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1444570628117770,"flow_src_last_pkt_time":1444570628568018,"flow_dst_last_pkt_time":1444570628568372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01216{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1444570631722722,"flow_src_last_pkt_time":1444570633204836,"flow_dst_last_pkt_time":1444570633140171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":8394,"flow_src_tot_l4_payload_len":1423,"flow_dst_tot_l4_payload_len":23537,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01219{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":19,"flow_first_seen":1444570633357298,"flow_src_last_pkt_time":1444570635974432,"flow_dst_last_pkt_time":1444570635923915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":8847,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":39451,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570640346348,"flow_dst_last_pkt_time":1444570639263789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -497,7 +497,7 @@ 01084{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640298584,"flow_src_last_pkt_time":1444570645703037,"flow_dst_last_pkt_time":1444570645704812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01212{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570632436109,"flow_src_last_pkt_time":1444570633205058,"flow_dst_last_pkt_time":1444570633137443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":2903,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":3643,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636248727,"flow_src_last_pkt_time":1444570639255598,"flow_dst_last_pkt_time":1444570638202080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":2579,"flow_src_tot_l4_payload_len":863,"flow_dst_tot_l4_payload_len":6168,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1110,"packets-processed":1110,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":500,"global_ts_usec":1444570742172121} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1110/1110 ~~ skipped flows.............: 0 @@ -506,9 +506,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973042 bytes -~~ total memory freed........: 7973042 bytes -~~ total allocations/frees...: 116284/116284 +~~ total memory allocated....: 8551012 bytes +~~ total memory freed........: 8551012 bytes +~~ total allocations/frees...: 128028/128028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 535 chars ~~ json message max len.......: 2467 chars diff --git a/test/results/http_process_response_disable/http.pcapng.out b/test/results/http_process_response_disable/http.pcapng.out index da9f383bd..cc21d182c 100644 --- a/test/results/http_process_response_disable/http.pcapng.out +++ b/test/results/http_process_response_disable/http.pcapng.out @@ -1,5 +1,5 @@ -00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} +00633{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00854{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="} @@ -8,7 +8,7 @@ 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","domainame":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"} 01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907965 bytes -~~ total memory freed........: 6907965 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7485572 bytes +~~ total memory freed........: 7485572 bytes +~~ total allocations/frees...: 125884/125884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 567 chars ~~ json message max len.......: 1092 chars diff --git a/test/results/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/http_process_response_disable/http_asymmetric.pcapng.out index 65192d497..d8786dae7 100644 --- a/test/results/http_process_response_disable/http_asymmetric.pcapng.out +++ b/test/results/http_process_response_disable/http_asymmetric.pcapng.out @@ -1,5 +1,5 @@ -00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} +00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -17,7 +17,7 @@ 01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210504093,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210504093,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 01161{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local"}} 01425{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1631378215504945} +00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911339 bytes -~~ total memory freed........: 6911339 bytes -~~ total allocations/frees...: 114192/114192 +~~ total memory allocated....: 7489015 bytes +~~ total memory freed........: 7489015 bytes +~~ total allocations/frees...: 125925/125925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 561 chars ~~ json message max len.......: 2542 chars diff --git a/test/results/influxd/caches_cfg/ookla.pcap.out b/test/results/influxd/caches_cfg/ookla.pcap.out index 636f02abd..628e84534 100644 --- a/test/results/influxd/caches_cfg/ookla.pcap.out +++ b/test/results/influxd/caches_cfg/ookla.pcap.out @@ -1,8 +1,8 @@ -general json_lines=55,json_bytes=46216,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 +general json_lines=55,json_bytes=46052,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=3 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_cfg/teams.pcap.out b/test/results/influxd/caches_cfg/teams.pcap.out index 9d8e773e2..1b179c125 100644 --- a/test/results/influxd/caches_cfg/teams.pcap.out +++ b/test/results/influxd/caches_cfg/teams.pcap.out @@ -1,8 +1,8 @@ -general json_lines=668,json_bytes=670898,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 +general json_lines=668,json_bytes=669315,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=51,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=56 -breed flow_breed_safe_count=46,flow_breed_acceptable_count=33,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=16,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=51,flow_breed_acceptable_count=28,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=23,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=2,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=78,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=38,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_global/bittorrent.pcap.out b/test/results/influxd/caches_global/bittorrent.pcap.out index 0b44a94ab..bcf29ec6b 100644 --- a/test/results/influxd/caches_global/bittorrent.pcap.out +++ b/test/results/influxd/caches_global/bittorrent.pcap.out @@ -2,7 +2,7 @@ general json_lines=164,json_bytes=150428,flow_src_total_bytes=6341,flow_dst_tota events flow_new_count=24,flow_end_count=11,flow_idle_count=13,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=24,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=22,packet_count=0,packet_flow_count=88,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=24 breed flow_breed_safe_count=0,flow_breed_acceptable_count=24,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=24,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=24,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=24,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=22,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=24,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out b/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out index 9cd0e1dcb..feb8ca9ee 100644 --- a/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=89,json_bytes=92580,flow_src_total_bytes=14408,flow_dst_total_bytes=846 +general json_lines=89,json_bytes=92625,flow_src_total_bytes=14408,flow_dst_total_bytes=846 events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=11,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=7,flow_state_finished=5 breed flow_breed_safe_count=1,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=13,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=12,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_global/mining.pcapng.out b/test/results/influxd/caches_global/mining.pcapng.out index 095de8565..2bd88ba0c 100644 --- a/test/results/influxd/caches_global/mining.pcapng.out +++ b/test/results/influxd/caches_global/mining.pcapng.out @@ -2,7 +2,7 @@ general json_lines=41,json_bytes=37434,flow_src_total_bytes=146948,flow_dst_tota events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=4,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=4,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=4,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_global/ookla.pcap.out b/test/results/influxd/caches_global/ookla.pcap.out index 0380f9aed..7a6bc08f2 100644 --- a/test/results/influxd/caches_global/ookla.pcap.out +++ b/test/results/influxd/caches_global/ookla.pcap.out @@ -1,8 +1,8 @@ -general json_lines=55,json_bytes=43684,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 +general json_lines=55,json_bytes=43520,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=3 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_global/teams.pcap.out b/test/results/influxd/caches_global/teams.pcap.out index 856b3e6b2..2d161b75d 100644 --- a/test/results/influxd/caches_global/teams.pcap.out +++ b/test/results/influxd/caches_global/teams.pcap.out @@ -1,8 +1,8 @@ -general json_lines=668,json_bytes=642480,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 +general json_lines=668,json_bytes=640870,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=51,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=56 -breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=51,flow_breed_acceptable_count=28,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=27,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=38,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/caches_global/zoom_p2p.pcapng.out b/test/results/influxd/caches_global/zoom_p2p.pcapng.out index 9c48edbe4..82cc6622e 100644 --- a/test/results/influxd/caches_global/zoom_p2p.pcapng.out +++ b/test/results/influxd/caches_global/zoom_p2p.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=134,json_bytes=115505,flow_src_total_bytes=137033,flow_dst_total_bytes=103149 +general json_lines=134,json_bytes=115637,flow_src_total_bytes=137033,flow_dst_total_bytes=103149 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=27,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=11 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=8,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=8,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/1kxun.pcap.out b/test/results/influxd/default/1kxun.pcap.out index dab4b1a01..bb32128ae 100644 --- a/test/results/influxd/default/1kxun.pcap.out +++ b/test/results/influxd/default/1kxun.pcap.out @@ -1,11 +1,11 @@ -general json_lines=1303,json_bytes=1555843,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 -events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=38,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=31,flow_state_finished=166 -breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=37,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +general json_lines=1303,json_bytes=1555868,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=33,flow_not_detected_count=9,flow_risky_count=33,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=26,flow_state_finished=171 +breed flow_breed_safe_count=6,flow_breed_acceptable_count=121,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=68,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=182,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=32,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=3,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 +detection flow_active_count=197,flow_detected_count=182,flow_guessed_count=6,flow_not_detected_count=9 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/443-chrome.pcap.out b/test/results/influxd/default/443-chrome.pcap.out index 9f218e990..d9db0f542 100644 --- a/test/results/influxd/default/443-chrome.pcap.out +++ b/test/results/influxd/default/443-chrome.pcap.out @@ -1,8 +1,8 @@ -general json_lines=7,json_bytes=7592,flow_src_total_bytes=1440,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=7599,flow_src_total_bytes=1440,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/443-curl.pcap.out b/test/results/influxd/default/443-curl.pcap.out index 261a6f4a6..fabae3dba 100644 --- a/test/results/influxd/default/443-curl.pcap.out +++ b/test/results/influxd/default/443-curl.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=13788,flow_src_total_bytes=930,flow_dst_total_bytes=65886 +general json_lines=14,json_bytes=13700,flow_src_total_bytes=930,flow_dst_total_bytes=65886 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/443-firefox.pcap.out b/test/results/influxd/default/443-firefox.pcap.out index ced382ee6..895f11d3e 100644 --- a/test/results/influxd/default/443-firefox.pcap.out +++ b/test/results/influxd/default/443-firefox.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=14036,flow_src_total_bytes=7675,flow_dst_total_bytes=406398 +general json_lines=14,json_bytes=13948,flow_src_total_bytes=7675,flow_dst_total_bytes=406398 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/443-git.pcap.out b/test/results/influxd/default/443-git.pcap.out index 887836a69..7d2811812 100644 --- a/test/results/influxd/default/443-git.pcap.out +++ b/test/results/influxd/default/443-git.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=15833,flow_src_total_bytes=881,flow_dst_total_bytes=31704 +general json_lines=14,json_bytes=15710,flow_src_total_bytes=881,flow_dst_total_bytes=31704 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/443-opvn.pcap.out b/test/results/influxd/default/443-opvn.pcap.out index 5d3812420..de4185f91 100644 --- a/test/results/influxd/default/443-opvn.pcap.out +++ b/test/results/influxd/default/443-opvn.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10084,flow_src_total_bytes=3974,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/443-safari.pcap.out b/test/results/influxd/default/443-safari.pcap.out index 48640d5f6..b7c18cdb4 100644 --- a/test/results/influxd/default/443-safari.pcap.out +++ b/test/results/influxd/default/443-safari.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=13547,flow_src_total_bytes=797,flow_dst_total_bytes=16406 +general json_lines=14,json_bytes=13459,flow_src_total_bytes=797,flow_dst_total_bytes=16406 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/4in4tunnel.pcap.out b/test/results/influxd/default/4in4tunnel.pcap.out index 9507182e9..95bdcf3da 100644 --- a/test/results/influxd/default/4in4tunnel.pcap.out +++ b/test/results/influxd/default/4in4tunnel.pcap.out @@ -2,7 +2,7 @@ general json_lines=17,json_bytes=9911,flow_src_total_bytes=0,flow_dst_total_byte events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=5,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=5,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/4in6tunnel.pcap.out b/test/results/influxd/default/4in6tunnel.pcap.out index 6158059e4..eb0189676 100644 --- a/test/results/influxd/default/4in6tunnel.pcap.out +++ b/test/results/influxd/default/4in6tunnel.pcap.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=9861,flow_src_total_bytes=316,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/6in4tunnel.pcap.out b/test/results/influxd/default/6in4tunnel.pcap.out index f71bb13a8..d5c68142c 100644 --- a/test/results/influxd/default/6in4tunnel.pcap.out +++ b/test/results/influxd/default/6in4tunnel.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10212,flow_src_total_bytes=11600,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/6in6tunnel.pcap.out b/test/results/influxd/default/6in6tunnel.pcap.out index e0935b430..3f9d76567 100644 --- a/test/results/influxd/default/6in6tunnel.pcap.out +++ b/test/results/influxd/default/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8608,flow_src_total_bytes=104,flow_dst_total_by events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out index 4b6e38132..c6cb03359 100644 --- a/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7852,flow_src_total_bytes=76,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/BGP_redist.pcap.out b/test/results/influxd/default/BGP_redist.pcap.out index 3e7272ef4..beda2b9df 100644 --- a/test/results/influxd/default/BGP_redist.pcap.out +++ b/test/results/influxd/default/BGP_redist.pcap.out @@ -2,7 +2,7 @@ general json_lines=9,json_bytes=6562,flow_src_total_bytes=115,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=1,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/EAQ.pcap.out b/test/results/influxd/default/EAQ.pcap.out index 98bd7de06..1007eb440 100644 --- a/test/results/influxd/default/EAQ.pcap.out +++ b/test/results/influxd/default/EAQ.pcap.out @@ -1,11 +1,11 @@ -general json_lines=269,json_bytes=194061,flow_src_total_bytes=2383,flow_dst_total_bytes=10862 +general json_lines=269,json_bytes=193861,flow_src_total_bytes=2383,flow_dst_total_bytes=10862 events flow_new_count=31,flow_end_count=2,flow_idle_count=29,flow_update_count=29,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=31,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=23,packet_count=0,packet_flow_count=144,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=31 breed flow_breed_safe_count=0,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=29,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=29,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=31,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=22,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=21,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=31,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=2,flow_l4_udp_count=29,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=31,flow_detected_count=31,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=1,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=21,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=21,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 4d74e4082..e80113630 100644 --- a/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,8 +1,8 @@ -general json_lines=52,json_bytes=55395,flow_src_total_bytes=56781,flow_dst_total_bytes=136335 +general json_lines=52,json_bytes=55748,flow_src_total_bytes=56781,flow_dst_total_bytes=136335 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=6,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/IEC104.pcap.out b/test/results/influxd/default/IEC104.pcap.out index 9b2768613..61c6c81c2 100644 --- a/test/results/influxd/default/IEC104.pcap.out +++ b/test/results/influxd/default/IEC104.pcap.out @@ -2,7 +2,7 @@ general json_lines=17,json_bytes=12562,flow_src_total_bytes=609,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/KakaoTalk_chat.pcap.out b/test/results/influxd/default/KakaoTalk_chat.pcap.out index 744e61e25..440709411 100644 --- a/test/results/influxd/default/KakaoTalk_chat.pcap.out +++ b/test/results/influxd/default/KakaoTalk_chat.pcap.out @@ -1,8 +1,8 @@ -general json_lines=270,json_bytes=241649,flow_src_total_bytes=15862,flow_dst_total_bytes=36150 +general json_lines=270,json_bytes=240854,flow_src_total_bytes=15862,flow_dst_total_bytes=36150 events flow_new_count=38,flow_end_count=8,flow_idle_count=30,flow_update_count=1,flow_analyse_count=3,flow_guessed_count=5,flow_detected_count=33,flow_detection_update_count=33,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=116,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=26 breed flow_breed_safe_count=9,flow_breed_acceptable_count=16,flow_breed_fun_count=8,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=9,flow_category_social_network_count=5,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=9,flow_category_social_network_count=5,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=33,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=10,flow_severity_medium=4,flow_severity_high=14,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=38,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/KakaoTalk_talk.pcap.out b/test/results/influxd/default/KakaoTalk_talk.pcap.out index a8b38db3e..3c57e660d 100644 --- a/test/results/influxd/default/KakaoTalk_talk.pcap.out +++ b/test/results/influxd/default/KakaoTalk_talk.pcap.out @@ -1,8 +1,8 @@ -general json_lines=145,json_bytes=122774,flow_src_total_bytes=146910,flow_dst_total_bytes=144494 +general json_lines=145,json_bytes=122849,flow_src_total_bytes=146910,flow_dst_total_bytes=144494 events flow_new_count=20,flow_end_count=6,flow_idle_count=14,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=9,flow_detected_count=11,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=73,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=11,flow_state_finished=9 breed flow_breed_safe_count=5,flow_breed_acceptable_count=4,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=2,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=2,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=8,flow_severity_high=6,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=20,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/NTPv2.pcap.out b/test/results/influxd/default/NTPv2.pcap.out index b891693a8..965809d46 100644 --- a/test/results/influxd/default/NTPv2.pcap.out +++ b/test/results/influxd/default/NTPv2.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=6030,flow_src_total_bytes=368,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/NTPv3.pcap.out b/test/results/influxd/default/NTPv3.pcap.out index 8bad2c5d3..db67318c8 100644 --- a/test/results/influxd/default/NTPv3.pcap.out +++ b/test/results/influxd/default/NTPv3.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5590,flow_src_total_bytes=48,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/NTPv4.pcap.out b/test/results/influxd/default/NTPv4.pcap.out index 8bad2c5d3..db67318c8 100644 --- a/test/results/influxd/default/NTPv4.pcap.out +++ b/test/results/influxd/default/NTPv4.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5590,flow_src_total_bytes=48,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/Oscar.pcap.out b/test/results/influxd/default/Oscar.pcap.out index 2d20b74c7..6017cb156 100644 --- a/test/results/influxd/default/Oscar.pcap.out +++ b/test/results/influxd/default/Oscar.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10434,flow_src_total_bytes=1504,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/TivoDVR.pcap.out b/test/results/influxd/default/TivoDVR.pcap.out index 5a794922c..247f21aa5 100644 --- a/test/results/influxd/default/TivoDVR.pcap.out +++ b/test/results/influxd/default/TivoDVR.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6703,flow_src_total_bytes=334,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/WebattackRCE.pcap.out b/test/results/influxd/default/WebattackRCE.pcap.out index 5c9ec80b3..8276ad654 100644 --- a/test/results/influxd/default/WebattackRCE.pcap.out +++ b/test/results/influxd/default/WebattackRCE.pcap.out @@ -2,7 +2,7 @@ general json_lines=3191,json_bytes=3398669,flow_src_total_bytes=138401,flow_dst_ events flow_new_count=797,flow_end_count=0,flow_idle_count=797,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=797,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=797,packet_count=0,packet_flow_count=797,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=797,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=797,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=797,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=797,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=797,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=778,flow_severity_medium=797,flow_severity_high=62,flow_severity_severe=4,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=797,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/WebattackSQLinj.pcap.out b/test/results/influxd/default/WebattackSQLinj.pcap.out index a38fcf37d..447cd6107 100644 --- a/test/results/influxd/default/WebattackSQLinj.pcap.out +++ b/test/results/influxd/default/WebattackSQLinj.pcap.out @@ -2,7 +2,7 @@ general json_lines=75,json_bytes=66837,flow_src_total_bytes=4839,flow_dst_total_ events flow_new_count=9,flow_end_count=9,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=9,packet_count=0,packet_flow_count=45,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=9,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=9,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=9,flow_severity_medium=0,flow_severity_high=9,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/WebattackXSS.pcap.out b/test/results/influxd/default/WebattackXSS.pcap.out index 7eb078805..8946a8f2d 100644 --- a/test/results/influxd/default/WebattackXSS.pcap.out +++ b/test/results/influxd/default/WebattackXSS.pcap.out @@ -2,7 +2,7 @@ general json_lines=5305,json_bytes=3644362,flow_src_total_bytes=857367,flow_dst_ events flow_new_count=661,flow_end_count=657,flow_idle_count=4,flow_update_count=0,flow_analyse_count=19,flow_guessed_count=639,flow_detected_count=22,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=22,packet_count=0,packet_flow_count=3299,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=639,flow_state_finished=22 breed flow_breed_safe_count=0,flow_breed_acceptable_count=22,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=22,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=22,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=22,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=22,flow_severity_medium=0,flow_severity_high=22,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=661,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/activision.pcap.out b/test/results/influxd/default/activision.pcap.out index 100b54685..540fc0771 100644 --- a/test/results/influxd/default/activision.pcap.out +++ b/test/results/influxd/default/activision.pcap.out @@ -2,7 +2,7 @@ general json_lines=38,json_bytes=26909,flow_src_total_bytes=620,flow_dst_total_b events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/adult_content.pcap.out b/test/results/influxd/default/adult_content.pcap.out index 75e8d4734..fefb7bed7 100644 --- a/test/results/influxd/default/adult_content.pcap.out +++ b/test/results/influxd/default/adult_content.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=9775,flow_src_total_bytes=3131,flow_dst_total_bytes=3791 +general json_lines=12,json_bytes=9842,flow_src_total_bytes=3131,flow_dst_total_bytes=3791 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/afp.pcap.out b/test/results/influxd/default/afp.pcap.out index 3a5303764..e67a3e440 100644 --- a/test/results/influxd/default/afp.pcap.out +++ b/test/results/influxd/default/afp.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7846,flow_src_total_bytes=44,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/agora-sd-rtn.pcap.out b/test/results/influxd/default/agora-sd-rtn.pcap.out index 08d49821c..526094707 100644 --- a/test/results/influxd/default/agora-sd-rtn.pcap.out +++ b/test/results/influxd/default/agora-sd-rtn.pcap.out @@ -2,7 +2,7 @@ general json_lines=238,json_bytes=230328,flow_src_total_bytes=54495,flow_dst_tot events flow_new_count=26,flow_end_count=0,flow_idle_count=26,flow_update_count=23,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=26,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=130,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=26 breed flow_breed_safe_count=0,flow_breed_acceptable_count=26,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=26,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=26,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=26,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=26,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ah.pcapng.out b/test/results/influxd/default/ah.pcapng.out index 4c2473a29..0ff4e1c07 100644 --- a/test/results/influxd/default/ah.pcapng.out +++ b/test/results/influxd/default/ah.pcapng.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=12635,flow_src_total_bytes=790,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ajp.pcap.out b/test/results/influxd/default/ajp.pcap.out index 7c1fbddbd..c2e4018a3 100644 --- a/test/results/influxd/default/ajp.pcap.out +++ b/test/results/influxd/default/ajp.pcap.out @@ -2,7 +2,7 @@ general json_lines=43,json_bytes=24475,flow_src_total_bytes=2112,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=12,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=12,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/alexa-app.pcapng.out b/test/results/influxd/default/alexa-app.pcapng.out index a7cf533a8..8fa320eb4 100644 --- a/test/results/influxd/default/alexa-app.pcapng.out +++ b/test/results/influxd/default/alexa-app.pcapng.out @@ -1,11 +1,11 @@ -general json_lines=1415,json_bytes=1290165,flow_src_total_bytes=399153,flow_dst_total_bytes=588052 -events flow_new_count=160,flow_end_count=104,flow_idle_count=56,flow_update_count=77,flow_analyse_count=23,flow_guessed_count=14,flow_detected_count=146,flow_detection_update_count=143,flow_not_detected_count=0,flow_risky_count=74,packet_count=5,packet_flow_count=679,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=5,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=1415,json_bytes=1279370,flow_src_total_bytes=399153,flow_dst_total_bytes=588052 +events flow_new_count=160,flow_end_count=104,flow_idle_count=56,flow_update_count=77,flow_analyse_count=23,flow_guessed_count=14,flow_detected_count=146,flow_detection_update_count=143,flow_not_detected_count=0,flow_risky_count=62,packet_count=5,packet_flow_count=679,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=5,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=82,flow_state_finished=78 breed flow_breed_safe_count=8,flow_breed_acceptable_count=138,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=85,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=14,flow_category_network_count=39,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=2,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=5,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=85,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=14,flow_category_network_count=39,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=2,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=5,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=146,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=38,flow_severity_medium=5,flow_severity_high=59,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=26,flow_severity_medium=5,flow_severity_high=59,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=156,flow_l3_ip6_count=4,flow_l3_other_count=0 layer4 flow_l4_tcp_count=121,flow_l4_udp_count=33,flow_l4_icmp_count=1,flow_l4_other_count=5 detection flow_active_count=160,flow_detected_count=146,flow_guessed_count=14,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=2,flow_risk_6_count=0,flow_risk_7_count=8,flow_risk_8_count=51,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=24,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=5,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=13,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=2,flow_risk_6_count=0,flow_risk_7_count=8,flow_risk_8_count=51,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=24,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=5,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=1,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/alicloud.pcap.out b/test/results/influxd/default/alicloud.pcap.out index 71f210305..ee18b1b9c 100644 --- a/test/results/influxd/default/alicloud.pcap.out +++ b/test/results/influxd/default/alicloud.pcap.out @@ -2,7 +2,7 @@ general json_lines=135,json_bytes=95393,flow_src_total_bytes=5696,flow_dst_total events flow_new_count=15,flow_end_count=0,flow_idle_count=15,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=15,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=75,init_count=1,reconnect_count=0,shutdown_count=1,status_count=13,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=15,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=15,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=15,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=15,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=15,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/among_us.pcap.out b/test/results/influxd/default/among_us.pcap.out index 69866a8f0..0297546f3 100644 --- a/test/results/influxd/default/among_us.pcap.out +++ b/test/results/influxd/default/among_us.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5514,flow_src_total_bytes=15,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/amqp.pcap.out b/test/results/influxd/default/amqp.pcap.out index 66ad981bb..7686360db 100644 --- a/test/results/influxd/default/amqp.pcap.out +++ b/test/results/influxd/default/amqp.pcap.out @@ -2,7 +2,7 @@ general json_lines=28,json_bytes=23655,flow_src_total_bytes=12849,flow_dst_total events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=3,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=3,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/android.pcap.out b/test/results/influxd/default/android.pcap.out index f191be2a0..06969d08b 100644 --- a/test/results/influxd/default/android.pcap.out +++ b/test/results/influxd/default/android.pcap.out @@ -1,11 +1,11 @@ -general json_lines=436,json_bytes=378966,flow_src_total_bytes=25482,flow_dst_total_bytes=76498 -events flow_new_count=63,flow_end_count=9,flow_idle_count=54,flow_update_count=3,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=60,flow_detection_update_count=44,flow_not_detected_count=0,flow_risky_count=9,packet_count=0,packet_flow_count=196,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=436,json_bytes=376907,flow_src_total_bytes=25482,flow_dst_total_bytes=76498 +events flow_new_count=63,flow_end_count=9,flow_idle_count=54,flow_update_count=3,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=60,flow_detection_update_count=44,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=196,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=22,flow_state_finished=41 breed flow_breed_safe_count=10,flow_breed_acceptable_count=36,flow_breed_fun_count=14,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=19,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=30,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=3,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=3,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=19,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=30,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=3,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=3,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=60,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=15,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=13,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=58,flow_l3_ip6_count=5,flow_l3_other_count=0 layer4 flow_l4_tcp_count=28,flow_l4_udp_count=31,flow_l4_icmp_count=0,flow_l4_other_count=4 detection flow_active_count=63,flow_detected_count=60,flow_guessed_count=3,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=11,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=2,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=11,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/anyconnect-vpn.pcap.out b/test/results/influxd/default/anyconnect-vpn.pcap.out index 0043f762c..b6096cef8 100644 --- a/test/results/influxd/default/anyconnect-vpn.pcap.out +++ b/test/results/influxd/default/anyconnect-vpn.pcap.out @@ -1,8 +1,8 @@ -general json_lines=457,json_bytes=389391,flow_src_total_bytes=38688,flow_dst_total_bytes=56727 +general json_lines=457,json_bytes=388858,flow_src_total_bytes=38688,flow_dst_total_bytes=56727 events flow_new_count=69,flow_end_count=10,flow_idle_count=59,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=6,flow_detected_count=61,flow_detection_update_count=34,flow_not_detected_count=2,flow_risky_count=17,packet_count=0,packet_flow_count=207,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=16,flow_state_finished=53 breed flow_breed_safe_count=13,flow_breed_acceptable_count=48,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=13,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=35,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=10,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=2,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=13,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=35,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=10,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=2,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=61,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=13,flow_severity_medium=14,flow_severity_high=5,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=66,flow_l3_ip6_count=3,flow_l3_other_count=0 diff --git a/test/results/influxd/default/anydesk.pcapng.out b/test/results/influxd/default/anydesk.pcapng.out index 500415746..6096262a6 100644 --- a/test/results/influxd/default/anydesk.pcapng.out +++ b/test/results/influxd/default/anydesk.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=66,json_bytes=66748,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 +general json_lines=66,json_bytes=66338,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=13,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/atg.pcap.out b/test/results/influxd/default/atg.pcap.out index c6c36ef0c..925f4c92d 100644 --- a/test/results/influxd/default/atg.pcap.out +++ b/test/results/influxd/default/atg.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=13242,flow_src_total_bytes=146,flow_dst_total_b events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/avast.pcap.out b/test/results/influxd/default/avast.pcap.out index eb6b59ad2..7d2031475 100644 --- a/test/results/influxd/default/avast.pcap.out +++ b/test/results/influxd/default/avast.pcap.out @@ -2,7 +2,7 @@ general json_lines=101,json_bytes=72686,flow_src_total_bytes=1031,flow_dst_total events flow_new_count=10,flow_end_count=2,flow_idle_count=8,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=19,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=10,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=10,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=10,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/avast_securedns.pcapng.out b/test/results/influxd/default/avast_securedns.pcapng.out index 0324d0a6b..5d65bc46c 100644 --- a/test/results/influxd/default/avast_securedns.pcapng.out +++ b/test/results/influxd/default/avast_securedns.pcapng.out @@ -2,7 +2,7 @@ general json_lines=218,json_bytes=180790,flow_src_total_bytes=1521,flow_dst_tota events flow_new_count=39,flow_end_count=0,flow_idle_count=39,flow_update_count=9,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=39,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=77,init_count=1,reconnect_count=0,shutdown_count=1,status_count=13,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=39 breed flow_breed_safe_count=39,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=39,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=39,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=39,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=39,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bacnet.pcap.out b/test/results/influxd/default/bacnet.pcap.out index bf6f70aaa..d89a87920 100644 --- a/test/results/influxd/default/bacnet.pcap.out +++ b/test/results/influxd/default/bacnet.pcap.out @@ -2,7 +2,7 @@ general json_lines=57,json_bytes=46078,flow_src_total_bytes=398,flow_dst_total_b events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=10,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=10,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=10,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bad-dns-traffic.pcap.out b/test/results/influxd/default/bad-dns-traffic.pcap.out index 0cabf52c1..d24951eaa 100644 --- a/test/results/influxd/default/bad-dns-traffic.pcap.out +++ b/test/results/influxd/default/bad-dns-traffic.pcap.out @@ -2,7 +2,7 @@ general json_lines=39,json_bytes=42401,flow_src_total_bytes=44399,flow_dst_total events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=3,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=6,flow_severity_high=6,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/badpackets.pcap.out b/test/results/influxd/default/badpackets.pcap.out index fa67aa5c1..1b4c21677 100644 --- a/test/results/influxd/default/badpackets.pcap.out +++ b/test/results/influxd/default/badpackets.pcap.out @@ -2,7 +2,7 @@ general json_lines=194,json_bytes=128098,flow_src_total_bytes=0,flow_dst_total_b events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=95,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=89,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=6,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/beckhoff_ads.pcapng.out b/test/results/influxd/default/beckhoff_ads.pcapng.out index d69411931..18cbdcc4b 100644 --- a/test/results/influxd/default/beckhoff_ads.pcapng.out +++ b/test/results/influxd/default/beckhoff_ads.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10136,flow_src_total_bytes=1376,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bets.pcapng.out b/test/results/influxd/default/bets.pcapng.out index 55c7dbd05..8240fa653 100644 --- a/test/results/influxd/default/bets.pcapng.out +++ b/test/results/influxd/default/bets.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=11970,flow_src_total_bytes=573,flow_dst_total_bytes=6919 +general json_lines=13,json_bytes=11888,flow_src_total_bytes=573,flow_dst_total_bytes=6919 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bfcp.pcapng.out b/test/results/influxd/default/bfcp.pcapng.out index c08bcfe0f..cef2b1558 100644 --- a/test/results/influxd/default/bfcp.pcapng.out +++ b/test/results/influxd/default/bfcp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=17,json_bytes=12364,flow_src_total_bytes=24,flow_dst_total_by events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=2,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=2,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bfd.pcap.out b/test/results/influxd/default/bfd.pcap.out index b4fba4fcf..9afd7939d 100644 --- a/test/results/influxd/default/bfd.pcap.out +++ b/test/results/influxd/default/bfd.pcap.out @@ -2,7 +2,7 @@ general json_lines=26,json_bytes=19276,flow_src_total_bytes=192,flow_dst_total_b events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bitcoin.pcap.out b/test/results/influxd/default/bitcoin.pcap.out index b84b88cef..727195997 100644 --- a/test/results/influxd/default/bitcoin.pcap.out +++ b/test/results/influxd/default/bitcoin.pcap.out @@ -2,7 +2,7 @@ general json_lines=57,json_bytes=51048,flow_src_total_bytes=112000,flow_dst_tota events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=6,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=6,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bittorrent.pcap.out b/test/results/influxd/default/bittorrent.pcap.out index c835c0599..856bb42ce 100644 --- a/test/results/influxd/default/bittorrent.pcap.out +++ b/test/results/influxd/default/bittorrent.pcap.out @@ -2,7 +2,7 @@ general json_lines=164,json_bytes=149444,flow_src_total_bytes=6341,flow_dst_tota events flow_new_count=24,flow_end_count=11,flow_idle_count=13,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=24,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=22,packet_count=0,packet_flow_count=88,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=24 breed flow_breed_safe_count=0,flow_breed_acceptable_count=24,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=24,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=24,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=24,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=22,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=24,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out b/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out index d205f76fb..82cce55c4 100644 --- a/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=11473,flow_src_total_bytes=1093,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=1,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bittorrent_utp.pcap.out b/test/results/influxd/default/bittorrent_utp.pcap.out index 80b9f3938..5db696589 100644 --- a/test/results/influxd/default/bittorrent_utp.pcap.out +++ b/test/results/influxd/default/bittorrent_utp.pcap.out @@ -2,7 +2,7 @@ general json_lines=23,json_bytes=20051,flow_src_total_bytes=34748,flow_dst_total events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bjnp.pcap.out b/test/results/influxd/default/bjnp.pcap.out index 298a655b2..20bed90e4 100644 --- a/test/results/influxd/default/bjnp.pcap.out +++ b/test/results/influxd/default/bjnp.pcap.out @@ -2,7 +2,7 @@ general json_lines=43,json_bytes=34460,flow_src_total_bytes=160,flow_dst_total_b events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=10,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=10,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bot.pcap.out b/test/results/influxd/default/bot.pcap.out index 8bee0d53a..5d3d8735a 100644 --- a/test/results/influxd/default/bot.pcap.out +++ b/test/results/influxd/default/bot.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=11102,flow_src_total_bytes=316,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bt-dns.pcap.out b/test/results/influxd/default/bt-dns.pcap.out index 7759bb997..3a49a8936 100644 --- a/test/results/influxd/default/bt-dns.pcap.out +++ b/test/results/influxd/default/bt-dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6406,flow_src_total_bytes=30,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/bt-http.pcapng.out b/test/results/influxd/default/bt-http.pcapng.out index 46747bdbe..ce1336585 100644 --- a/test/results/influxd/default/bt-http.pcapng.out +++ b/test/results/influxd/default/bt-http.pcapng.out @@ -1,11 +1,11 @@ -general json_lines=11,json_bytes=9411,flow_src_total_bytes=370,flow_dst_total_bytes=340 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=11,json_bytes=9181,flow_src_total_bytes=370,flow_dst_total_bytes=340 +events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=1,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/bt_search.pcap.out b/test/results/influxd/default/bt_search.pcap.out index 31f5f0bc8..049ff13b3 100644 --- a/test/results/influxd/default/bt_search.pcap.out +++ b/test/results/influxd/default/bt_search.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6433,flow_src_total_bytes=238,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/c1222.pcapng.out b/test/results/influxd/default/c1222.pcapng.out index e0840e812..a021a3e3a 100644 --- a/test/results/influxd/default/c1222.pcapng.out +++ b/test/results/influxd/default/c1222.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=10369,flow_src_total_bytes=244,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/cachefly.pcapng.out b/test/results/influxd/default/cachefly.pcapng.out index 34aeaba86..475586e99 100644 --- a/test/results/influxd/default/cachefly.pcapng.out +++ b/test/results/influxd/default/cachefly.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=18503,flow_src_total_bytes=5242,flow_dst_total_bytes=517 +general json_lines=13,json_bytes=18380,flow_src_total_bytes=5242,flow_dst_total_bytes=517 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/can.pcap.out b/test/results/influxd/default/can.pcap.out index 32c57f1a5..427b0c8b5 100644 --- a/test/results/influxd/default/can.pcap.out +++ b/test/results/influxd/default/can.pcap.out @@ -2,7 +2,7 @@ general json_lines=36,json_bytes=29674,flow_src_total_bytes=360,flow_dst_total_b events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=8 breed flow_breed_safe_count=8,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=8,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=8,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/capwap.pcap.out b/test/results/influxd/default/capwap.pcap.out index db4e78377..ee29923b5 100644 --- a/test/results/influxd/default/capwap.pcap.out +++ b/test/results/influxd/default/capwap.pcap.out @@ -2,7 +2,7 @@ general json_lines=70,json_bytes=56795,flow_src_total_bytes=48656,flow_dst_total events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=15,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=9,packet_flow_count=17,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=9,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/capwap_data.pcapng.out b/test/results/influxd/default/capwap_data.pcapng.out index 91393d57b..9045d2594 100644 --- a/test/results/influxd/default/capwap_data.pcapng.out +++ b/test/results/influxd/default/capwap_data.pcapng.out @@ -2,7 +2,7 @@ general json_lines=31,json_bytes=14546,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=14,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=14,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/cassandra.pcap.out b/test/results/influxd/default/cassandra.pcap.out index 9affee1bd..35947321b 100644 --- a/test/results/influxd/default/cassandra.pcap.out +++ b/test/results/influxd/default/cassandra.pcap.out @@ -2,7 +2,7 @@ general json_lines=26,json_bytes=18299,flow_src_total_bytes=160,flow_dst_total_b events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=3,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=3,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ceph.pcap.out b/test/results/influxd/default/ceph.pcap.out index ec02fed5a..579b0bd93 100644 --- a/test/results/influxd/default/ceph.pcap.out +++ b/test/results/influxd/default/ceph.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9878,flow_src_total_bytes=1151,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/check_mk_new.pcap.out b/test/results/influxd/default/check_mk_new.pcap.out index 61cfab93d..9193cc195 100644 --- a/test/results/influxd/default/check_mk_new.pcap.out +++ b/test/results/influxd/default/check_mk_new.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10032,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/chrome.pcap.out b/test/results/influxd/default/chrome.pcap.out index 8b19fb999..2258506bb 100644 --- a/test/results/influxd/default/chrome.pcap.out +++ b/test/results/influxd/default/chrome.pcap.out @@ -1,8 +1,8 @@ -general json_lines=57,json_bytes=49670,flow_src_total_bytes=8227,flow_dst_total_bytes=51402 +general json_lines=57,json_bytes=49178,flow_src_total_bytes=8227,flow_dst_total_bytes=51402 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=0 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/cip_io.pcap.out b/test/results/influxd/default/cip_io.pcap.out index 1739653b9..6d41a24de 100644 --- a/test/results/influxd/default/cip_io.pcap.out +++ b/test/results/influxd/default/cip_io.pcap.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=7282,flow_src_total_bytes=60,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/citrix.pcap.out b/test/results/influxd/default/citrix.pcap.out index a0312ee9d..2b20f5c57 100644 --- a/test/results/influxd/default/citrix.pcap.out +++ b/test/results/influxd/default/citrix.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8607,flow_src_total_bytes=3874,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/cloudflare-warp.pcap.out b/test/results/influxd/default/cloudflare-warp.pcap.out index a9b472b65..72713434c 100644 --- a/test/results/influxd/default/cloudflare-warp.pcap.out +++ b/test/results/influxd/default/cloudflare-warp.pcap.out @@ -1,8 +1,8 @@ -general json_lines=72,json_bytes=57563,flow_src_total_bytes=3074,flow_dst_total_bytes=7477 +general json_lines=72,json_bytes=57276,flow_src_total_bytes=3074,flow_dst_total_bytes=7477 events flow_new_count=9,flow_end_count=2,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=3,flow_detected_count=6,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=38,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=7,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=3,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=3,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/cnp_ip.pcapng.out b/test/results/influxd/default/cnp_ip.pcapng.out index ae613991c..3afcad222 100644 --- a/test/results/influxd/default/cnp_ip.pcapng.out +++ b/test/results/influxd/default/cnp_ip.pcapng.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6123,flow_src_total_bytes=60,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/coap_mqtt.pcap.out b/test/results/influxd/default/coap_mqtt.pcap.out index 23b042a95..365e7c313 100644 --- a/test/results/influxd/default/coap_mqtt.pcap.out +++ b/test/results/influxd/default/coap_mqtt.pcap.out @@ -2,7 +2,7 @@ general json_lines=121,json_bytes=102964,flow_src_total_bytes=41887,flow_dst_tot events flow_new_count=16,flow_end_count=0,flow_idle_count=16,flow_update_count=2,flow_analyse_count=8,flow_guessed_count=0,flow_detected_count=16,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=16 breed flow_breed_safe_count=8,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=4,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=12,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=4,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=12,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=16,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=8,flow_l3_other_count=0 diff --git a/test/results/influxd/default/codm.pcap.out b/test/results/influxd/default/codm.pcap.out index 6d9a3a0f8..4d34c19e4 100644 --- a/test/results/influxd/default/codm.pcap.out +++ b/test/results/influxd/default/codm.pcap.out @@ -1,8 +1,8 @@ -general json_lines=25,json_bytes=21226,flow_src_total_bytes=711,flow_dst_total_bytes=2403 +general json_lines=25,json_bytes=21144,flow_src_total_bytes=711,flow_dst_total_bytes=2403 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=3,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=3,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/collectd.pcap.out b/test/results/influxd/default/collectd.pcap.out index af4af575c..4f11a0fe3 100644 --- a/test/results/influxd/default/collectd.pcap.out +++ b/test/results/influxd/default/collectd.pcap.out @@ -2,7 +2,7 @@ general json_lines=74,json_bytes=105193,flow_src_total_bytes=105984,flow_dst_tot events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=15,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=6,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=6,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/conncheck.pcap.out b/test/results/influxd/default/conncheck.pcap.out index db59e5cce..a9101443f 100644 --- a/test/results/influxd/default/conncheck.pcap.out +++ b/test/results/influxd/default/conncheck.pcap.out @@ -2,7 +2,7 @@ general json_lines=81,json_bytes=63763,flow_src_total_bytes=5724,flow_dst_total_ events flow_new_count=10,flow_end_count=6,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=47,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=9,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=9,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/corba.pcap.out b/test/results/influxd/default/corba.pcap.out index 3de8c8112..8e0464370 100644 --- a/test/results/influxd/default/corba.pcap.out +++ b/test/results/influxd/default/corba.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=15098,flow_src_total_bytes=20910,flow_dst_total events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/cpha.pcap.out b/test/results/influxd/default/cpha.pcap.out index 90fb7beea..5a1ba0e3e 100644 --- a/test/results/influxd/default/cpha.pcap.out +++ b/test/results/influxd/default/cpha.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5589,flow_src_total_bytes=50,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/crawler_false_positive.pcapng.out b/test/results/influxd/default/crawler_false_positive.pcapng.out index 6ca2acc41..09ab8a87e 100644 --- a/test/results/influxd/default/crawler_false_positive.pcapng.out +++ b/test/results/influxd/default/crawler_false_positive.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9284,flow_src_total_bytes=235,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/crynet.pcap.out b/test/results/influxd/default/crynet.pcap.out index be9302abb..77eab798f 100644 --- a/test/results/influxd/default/crynet.pcap.out +++ b/test/results/influxd/default/crynet.pcap.out @@ -2,7 +2,7 @@ general json_lines=64,json_bytes=49038,flow_src_total_bytes=8204,flow_dst_total_ events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=7,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=7,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/custom_categories.pcapng.out b/test/results/influxd/default/custom_categories.pcapng.out index bd82ddd8f..1eec6061c 100644 --- a/test/results/influxd/default/custom_categories.pcapng.out +++ b/test/results/influxd/default/custom_categories.pcapng.out @@ -2,7 +2,7 @@ general json_lines=30,json_bytes=27538,flow_src_total_bytes=2156,flow_dst_total_ events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=1,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=1,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/custom_risk_mask.pcapng.out b/test/results/influxd/default/custom_risk_mask.pcapng.out index 0e9fe098e..71379abde 100644 --- a/test/results/influxd/default/custom_risk_mask.pcapng.out +++ b/test/results/influxd/default/custom_risk_mask.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=9674,flow_src_total_bytes=60,flow_dst_total_byt events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/custom_rules_ipv6.pcapng.out b/test/results/influxd/default/custom_rules_ipv6.pcapng.out index 48f66046c..324ef13e5 100644 --- a/test/results/influxd/default/custom_rules_ipv6.pcapng.out +++ b/test/results/influxd/default/custom_rules_ipv6.pcapng.out @@ -2,7 +2,7 @@ general json_lines=34,json_bytes=32272,flow_src_total_bytes=3502,flow_dst_total_ events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=5,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=5,flow_state_finished=2 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=7,flow_l3_other_count=0 diff --git a/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out index 36c57fb77..bd445a06e 100644 --- a/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=15983,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dazn.pcapng.out b/test/results/influxd/default/dazn.pcapng.out index a718be352..346ffda5a 100644 --- a/test/results/influxd/default/dazn.pcapng.out +++ b/test/results/influxd/default/dazn.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=27,json_bytes=30061,flow_src_total_bytes=1551,flow_dst_total_bytes=4284 +general json_lines=27,json_bytes=29815,flow_src_total_bytes=1551,flow_dst_total_bytes=4284 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=3,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=3,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dcerpc.pcap.out b/test/results/influxd/default/dcerpc.pcap.out index 54496f0eb..e051440c1 100644 --- a/test/results/influxd/default/dcerpc.pcap.out +++ b/test/results/influxd/default/dcerpc.pcap.out @@ -2,7 +2,7 @@ general json_lines=29,json_bytes=29680,flow_src_total_bytes=6194,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=4,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=4,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dhcp-fuzz.pcapng.out b/test/results/influxd/default/dhcp-fuzz.pcapng.out index 8e2ca8d7a..813fee2d0 100644 --- a/test/results/influxd/default/dhcp-fuzz.pcapng.out +++ b/test/results/influxd/default/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5873,flow_src_total_bytes=300,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/diameter.pcap.out b/test/results/influxd/default/diameter.pcap.out index 520a8f9a5..a4021318e 100644 --- a/test/results/influxd/default/diameter.pcap.out +++ b/test/results/influxd/default/diameter.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=9711,flow_src_total_bytes=1012,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dicom.pcap.out b/test/results/influxd/default/dicom.pcap.out new file mode 100644 index 000000000..3b2343a4f --- /dev/null +++ b/test/results/influxd/default/dicom.pcap.out @@ -0,0 +1,11 @@ +general json_lines=22,json_bytes=41153,flow_src_total_bytes=34384,flow_dst_total_bytes=0 +events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=4 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=4,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=4,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=4,flow_detected_count=4,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/dingtalk.pcap.out b/test/results/influxd/default/dingtalk.pcap.out index e1f2570b4..987bc9317 100644 --- a/test/results/influxd/default/dingtalk.pcap.out +++ b/test/results/influxd/default/dingtalk.pcap.out @@ -1,8 +1,8 @@ -general json_lines=19,json_bytes=15027,flow_src_total_bytes=701,flow_dst_total_bytes=3493 +general json_lines=19,json_bytes=14945,flow_src_total_bytes=701,flow_dst_total_bytes=3493 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/discord.pcap.out b/test/results/influxd/default/discord.pcap.out index 651b8b111..346812e12 100644 --- a/test/results/influxd/default/discord.pcap.out +++ b/test/results/influxd/default/discord.pcap.out @@ -1,8 +1,8 @@ -general json_lines=316,json_bytes=263324,flow_src_total_bytes=32475,flow_dst_total_bytes=48285 +general json_lines=316,json_bytes=263201,flow_src_total_bytes=32475,flow_dst_total_bytes=48285 events flow_new_count=34,flow_end_count=0,flow_idle_count=34,flow_update_count=57,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=34,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=149,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=33 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=34,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=34,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=34,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=34,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=34,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/discord_mid_flow.pcap.out b/test/results/influxd/default/discord_mid_flow.pcap.out index 8a211c83a..3c8c1c6ba 100644 --- a/test/results/influxd/default/discord_mid_flow.pcap.out +++ b/test/results/influxd/default/discord_mid_flow.pcap.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=14545,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=16,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dlep.pcapng.out b/test/results/influxd/default/dlep.pcapng.out index 68ca02d3a..a0a8568d2 100644 --- a/test/results/influxd/default/dlep.pcapng.out +++ b/test/results/influxd/default/dlep.pcapng.out @@ -2,7 +2,7 @@ general json_lines=16,json_bytes=12804,flow_src_total_bytes=106,flow_dst_total_b events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dlms.pcap.out b/test/results/influxd/default/dlms.pcap.out index fb28a9930..e7d473fa7 100644 --- a/test/results/influxd/default/dlms.pcap.out +++ b/test/results/influxd/default/dlms.pcap.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=14387,flow_src_total_bytes=2659,flow_dst_total_ events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dlt_ppp.pcap.out b/test/results/influxd/default/dlt_ppp.pcap.out index 22b408e55..9ac9c0efb 100644 --- a/test/results/influxd/default/dlt_ppp.pcap.out +++ b/test/results/influxd/default/dlt_ppp.pcap.out @@ -2,7 +2,7 @@ general json_lines=4,json_bytes=3700,flow_src_total_bytes=0,flow_dst_total_bytes events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=1,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dnp3.pcap.out b/test/results/influxd/default/dnp3.pcap.out index 2f3080f1a..43948b062 100644 --- a/test/results/influxd/default/dnp3.pcap.out +++ b/test/results/influxd/default/dnp3.pcap.out @@ -2,7 +2,7 @@ general json_lines=81,json_bytes=66205,flow_src_total_bytes=2559,flow_dst_total_ events flow_new_count=8,flow_end_count=2,flow_idle_count=6,flow_update_count=0,flow_analyse_count=7,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=8 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=8,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=8,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns-exf.pcap.out b/test/results/influxd/default/dns-exf.pcap.out index 873662a36..e67b185a5 100644 --- a/test/results/influxd/default/dns-exf.pcap.out +++ b/test/results/influxd/default/dns-exf.pcap.out @@ -2,7 +2,7 @@ general json_lines=9,json_bytes=9265,flow_src_total_bytes=121,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=2,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns-google-nsid.pcapng.out b/test/results/influxd/default/dns-google-nsid.pcapng.out index 78062b38c..af1d0db98 100644 --- a/test/results/influxd/default/dns-google-nsid.pcapng.out +++ b/test/results/influxd/default/dns-google-nsid.pcapng.out @@ -2,7 +2,7 @@ general json_lines=46,json_bytes=41531,flow_src_total_bytes=368,flow_dst_total_b events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=4,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns-invalid-chars.pcap.out b/test/results/influxd/default/dns-invalid-chars.pcap.out index 3f025bd7d..11fed7537 100644 --- a/test/results/influxd/default/dns-invalid-chars.pcap.out +++ b/test/results/influxd/default/dns-invalid-chars.pcap.out @@ -2,7 +2,7 @@ general json_lines=9,json_bytes=8034,flow_src_total_bytes=48,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns-tunnel-iodine.pcap.out b/test/results/influxd/default/dns-tunnel-iodine.pcap.out index 32d28ff24..ec790acb3 100644 --- a/test/results/influxd/default/dns-tunnel-iodine.pcap.out +++ b/test/results/influxd/default/dns-tunnel-iodine.pcap.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=12340,flow_src_total_bytes=16812,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns.pcap.out b/test/results/influxd/default/dns.pcap.out index 3ca727815..b58944735 100644 --- a/test/results/influxd/default/dns.pcap.out +++ b/test/results/influxd/default/dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=9322,flow_src_total_bytes=67,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns2tcp_tunnel.pcap.out b/test/results/influxd/default/dns2tcp_tunnel.pcap.out index 528218007..bbb81d928 100644 --- a/test/results/influxd/default/dns2tcp_tunnel.pcap.out +++ b/test/results/influxd/default/dns2tcp_tunnel.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12844,flow_src_total_bytes=1343,flow_dst_total_bytes=4713 +general json_lines=13,json_bytes=12762,flow_src_total_bytes=1343,flow_dst_total_bytes=4713 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_ambiguous_names.pcap.out b/test/results/influxd/default/dns_ambiguous_names.pcap.out index d9d83f50f..8924eb7e2 100644 --- a/test/results/influxd/default/dns_ambiguous_names.pcap.out +++ b/test/results/influxd/default/dns_ambiguous_names.pcap.out @@ -2,7 +2,7 @@ general json_lines=63,json_bytes=57213,flow_src_total_bytes=509,flow_dst_total_b events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=4,flow_breed_acceptable_count=4,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=10,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=10,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_doh.pcap.out b/test/results/influxd/default/dns_doh.pcap.out index b70bf45b3..ba01f2fa6 100644 --- a/test/results/influxd/default/dns_doh.pcap.out +++ b/test/results/influxd/default/dns_doh.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12407,flow_src_total_bytes=3792,flow_dst_total_bytes=8866 +general json_lines=13,json_bytes=12325,flow_src_total_bytes=3792,flow_dst_total_bytes=8866 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_dot.pcap.out b/test/results/influxd/default/dns_dot.pcap.out index 71ac91f19..986653581 100644 --- a/test/results/influxd/default/dns_dot.pcap.out +++ b/test/results/influxd/default/dns_dot.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10986,flow_src_total_bytes=548,flow_dst_total_bytes=3721 +general json_lines=12,json_bytes=10904,flow_src_total_bytes=548,flow_dst_total_bytes=3721 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_exfiltration.pcap.out b/test/results/influxd/default/dns_exfiltration.pcap.out index 6e18bbfb3..68c16fb2e 100644 --- a/test/results/influxd/default/dns_exfiltration.pcap.out +++ b/test/results/influxd/default/dns_exfiltration.pcap.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=15194,flow_src_total_bytes=26119,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_fragmented.pcap.out b/test/results/influxd/default/dns_fragmented.pcap.out index dc9a0bdf6..e31e6a340 100644 --- a/test/results/influxd/default/dns_fragmented.pcap.out +++ b/test/results/influxd/default/dns_fragmented.pcap.out @@ -2,7 +2,7 @@ general json_lines=153,json_bytes=149347,flow_src_total_bytes=1207,flow_dst_tota events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=22,flow_not_detected_count=0,flow_risky_count=10,packet_count=7,packet_flow_count=49,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=4,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=3,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=20 breed flow_breed_safe_count=0,flow_breed_acceptable_count=21,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=21,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=21,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=16,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=16,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_invert_query.pcapng.out b/test/results/influxd/default/dns_invert_query.pcapng.out index 451fc6df8..d9cdb0795 100644 --- a/test/results/influxd/default/dns_invert_query.pcapng.out +++ b/test/results/influxd/default/dns_invert_query.pcapng.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6345,flow_src_total_bytes=36,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dns_long_domainname.pcap.out b/test/results/influxd/default/dns_long_domainname.pcap.out index ba9d58cbe..cfbfdd054 100644 --- a/test/results/influxd/default/dns_long_domainname.pcap.out +++ b/test/results/influxd/default/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ general json_lines=9,json_bytes=8026,flow_src_total_bytes=61,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out index 219cfaa0a..b86474a32 100644 --- a/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,8 +1,8 @@ -general json_lines=1539,json_bytes=1581680,flow_src_total_bytes=244416,flow_dst_total_bytes=44650 +general json_lines=1539,json_bytes=1581890,flow_src_total_bytes=244416,flow_dst_total_bytes=44650 events flow_new_count=245,flow_end_count=0,flow_idle_count=245,flow_update_count=200,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=245,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=56,packet_flow_count=488,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=56,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=245 breed flow_breed_safe_count=0,flow_breed_acceptable_count=245,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=245,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=245,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=245,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=245,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dnscrypt-v2-doh.pcap.out b/test/results/influxd/default/dnscrypt-v2-doh.pcap.out index 97f4c0952..d0010a428 100644 --- a/test/results/influxd/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/influxd/default/dnscrypt-v2-doh.pcap.out @@ -1,8 +1,8 @@ -general json_lines=309,json_bytes=419683,flow_src_total_bytes=32683,flow_dst_total_bytes=152737 +general json_lines=309,json_bytes=416813,flow_src_total_bytes=32683,flow_dst_total_bytes=152737 events flow_new_count=34,flow_end_count=0,flow_idle_count=34,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=34,flow_detection_update_count=36,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=168,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=34,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=34,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=34,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=34,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=34,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=6,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=34,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dnscrypt-v2.pcap.out b/test/results/influxd/default/dnscrypt-v2.pcap.out index 314167fa3..beaa15bc4 100644 --- a/test/results/influxd/default/dnscrypt-v2.pcap.out +++ b/test/results/influxd/default/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ general json_lines=18,json_bytes=19081,flow_src_total_bytes=3264,flow_dst_total_ events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out index fa60ab71f..627de22dc 100644 --- a/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=12358,flow_src_total_bytes=1536,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/doh.pcapng.out b/test/results/influxd/default/doh.pcapng.out index 76e95f32d..903701d8a 100644 --- a/test/results/influxd/default/doh.pcapng.out +++ b/test/results/influxd/default/doh.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12737,flow_src_total_bytes=1881,flow_dst_total_bytes=5821 +general json_lines=13,json_bytes=12655,flow_src_total_bytes=1881,flow_dst_total_bytes=5821 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/doq.pcapng.out b/test/results/influxd/default/doq.pcapng.out index e5a38eb14..44f15485e 100644 --- a/test/results/influxd/default/doq.pcapng.out +++ b/test/results/influxd/default/doq.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=19,json_bytes=18903,flow_src_total_bytes=2350,flow_dst_total_bytes=2416 +general json_lines=19,json_bytes=18862,flow_src_total_bytes=2350,flow_dst_total_bytes=2416 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/doq_adguard.pcapng.out b/test/results/influxd/default/doq_adguard.pcapng.out index 597ee544c..744ea69cd 100644 --- a/test/results/influxd/default/doq_adguard.pcapng.out +++ b/test/results/influxd/default/doq_adguard.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=17296,flow_src_total_bytes=10308,flow_dst_total_bytes=21705 +general json_lines=12,json_bytes=17255,flow_src_total_bytes=10308,flow_dst_total_bytes=21705 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out b/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out index 65a86d0d0..fb54c5418 100644 --- a/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out @@ -1,11 +1,11 @@ -general json_lines=110,json_bytes=60827,flow_src_total_bytes=5953,flow_dst_total_bytes=0 -events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=8,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=35,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=110,json_bytes=60351,flow_src_total_bytes=5953,flow_dst_total_bytes=0 +events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=8,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=35,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=1,flow_l4_other_count=0 detection flow_active_count=4,flow_detected_count=4,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=1,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/dotenv.pcap.out b/test/results/influxd/default/dotenv.pcap.out index ef48782ad..82c151c2c 100644 --- a/test/results/influxd/default/dotenv.pcap.out +++ b/test/results/influxd/default/dotenv.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10030,flow_src_total_bytes=82,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=2,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/drda_db2.pcap.out b/test/results/influxd/default/drda_db2.pcap.out index 65f07332e..ad1c66e31 100644 --- a/test/results/influxd/default/drda_db2.pcap.out +++ b/test/results/influxd/default/drda_db2.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10210,flow_src_total_bytes=2081,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dropbox.pcap.out b/test/results/influxd/default/dropbox.pcap.out index 04791e591..5f4544846 100644 --- a/test/results/influxd/default/dropbox.pcap.out +++ b/test/results/influxd/default/dropbox.pcap.out @@ -2,7 +2,7 @@ general json_lines=132,json_bytes=115817,flow_src_total_bytes=43692,flow_dst_tot events flow_new_count=15,flow_end_count=0,flow_idle_count=15,flow_update_count=4,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=15,flow_detection_update_count=11,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=63,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=15,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=10,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=10,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=15,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=15,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls.pcap.out b/test/results/influxd/default/dtls.pcap.out index 4737a790b..12336aba2 100644 --- a/test/results/influxd/default/dtls.pcap.out +++ b/test/results/influxd/default/dtls.pcap.out @@ -1,8 +1,8 @@ -general json_lines=28,json_bytes=23444,flow_src_total_bytes=3203,flow_dst_total_bytes=3518 +general json_lines=28,json_bytes=23280,flow_src_total_bytes=3203,flow_dst_total_bytes=3518 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=4,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=4,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls2.pcap.out b/test/results/influxd/default/dtls2.pcap.out index ae6f6b089..8e82ea977 100644 --- a/test/results/influxd/default/dtls2.pcap.out +++ b/test/results/influxd/default/dtls2.pcap.out @@ -1,8 +1,8 @@ -general json_lines=17,json_bytes=18522,flow_src_total_bytes=1658,flow_dst_total_bytes=2073 +general json_lines=17,json_bytes=18440,flow_src_total_bytes=1658,flow_dst_total_bytes=2073 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls_certificate.pcapng.out b/test/results/influxd/default/dtls_certificate.pcapng.out index 65488ef22..1b0c1c22a 100644 --- a/test/results/influxd/default/dtls_certificate.pcapng.out +++ b/test/results/influxd/default/dtls_certificate.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=7,json_bytes=8334,flow_src_total_bytes=1444,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=8292,flow_src_total_bytes=1444,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls_certificate_fragments.pcap.out b/test/results/influxd/default/dtls_certificate_fragments.pcap.out index cd2448c05..bdebbd89c 100644 --- a/test/results/influxd/default/dtls_certificate_fragments.pcap.out +++ b/test/results/influxd/default/dtls_certificate_fragments.pcap.out @@ -1,8 +1,8 @@ -general json_lines=25,json_bytes=31618,flow_src_total_bytes=3051,flow_dst_total_bytes=6050 +general json_lines=25,json_bytes=31331,flow_src_total_bytes=3051,flow_dst_total_bytes=6050 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=3,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls_mid_sessions.pcapng.out b/test/results/influxd/default/dtls_mid_sessions.pcapng.out index 18d727a81..90612dd40 100644 --- a/test/results/influxd/default/dtls_mid_sessions.pcapng.out +++ b/test/results/influxd/default/dtls_mid_sessions.pcapng.out @@ -2,7 +2,7 @@ general json_lines=31,json_bytes=33444,flow_src_total_bytes=29417,flow_dst_total events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=4,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls_old_version.pcapng.out b/test/results/influxd/default/dtls_old_version.pcapng.out index 21ca3517e..384bca686 100644 --- a/test/results/influxd/default/dtls_old_version.pcapng.out +++ b/test/results/influxd/default/dtls_old_version.pcapng.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=12038,flow_src_total_bytes=416,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out index 903c02a7d..58f5a6eec 100644 --- a/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=10071,flow_src_total_bytes=218,flow_dst_total_bytes=218 +general json_lines=11,json_bytes=9989,flow_src_total_bytes=218,flow_dst_total_bytes=218 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/edonkey.pcap.out b/test/results/influxd/default/edonkey.pcap.out index 972ee64cb..97363238a 100644 --- a/test/results/influxd/default/edonkey.pcap.out +++ b/test/results/influxd/default/edonkey.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8334,flow_src_total_bytes=248,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/egd.pcapng.out b/test/results/influxd/default/egd.pcapng.out index 689af34e2..5729caa6d 100644 --- a/test/results/influxd/default/egd.pcapng.out +++ b/test/results/influxd/default/egd.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8020,flow_src_total_bytes=295,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/elasticsearch.pcap.out b/test/results/influxd/default/elasticsearch.pcap.out index 129d847aa..356ed97fd 100644 --- a/test/results/influxd/default/elasticsearch.pcap.out +++ b/test/results/influxd/default/elasticsearch.pcap.out @@ -2,7 +2,7 @@ general json_lines=44,json_bytes=39214,flow_src_total_bytes=8322,flow_dst_total_ events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=7,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=7,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/elf.pcap.out b/test/results/influxd/default/elf.pcap.out index 052bbca4a..19acdcafe 100644 --- a/test/results/influxd/default/elf.pcap.out +++ b/test/results/influxd/default/elf.pcap.out @@ -2,7 +2,7 @@ general json_lines=16,json_bytes=45570,flow_src_total_bytes=62064,flow_dst_total events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/emotet.pcap.out b/test/results/influxd/default/emotet.pcap.out index 756290651..3d2e1925e 100644 --- a/test/results/influxd/default/emotet.pcap.out +++ b/test/results/influxd/default/emotet.pcap.out @@ -1,8 +1,8 @@ -general json_lines=60,json_bytes=54907,flow_src_total_bytes=17972,flow_dst_total_bytes=71884 +general json_lines=60,json_bytes=54785,flow_src_total_bytes=17972,flow_dst_total_bytes=71884 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=4 breed flow_breed_safe_count=2,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=5,flow_severity_high=3,flow_severity_severe=2,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/encrypted_sni.pcap.out b/test/results/influxd/default/encrypted_sni.pcap.out index 3fd6094f6..4ed80deee 100644 --- a/test/results/influxd/default/encrypted_sni.pcap.out +++ b/test/results/influxd/default/encrypted_sni.pcap.out @@ -1,11 +1,11 @@ -general json_lines=15,json_bytes=15900,flow_src_total_bytes=2148,flow_dst_total_bytes=0 -events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=15,json_bytes=17853,flow_src_total_bytes=2148,flow_dst_total_bytes=0 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=3,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=9,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=3,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=3,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=3,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/epicgames.pcapng.out b/test/results/influxd/default/epicgames.pcapng.out index 0ec487a41..59c945492 100644 --- a/test/results/influxd/default/epicgames.pcapng.out +++ b/test/results/influxd/default/epicgames.pcapng.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=25204,flow_src_total_bytes=5959,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/esp.pcapng.out b/test/results/influxd/default/esp.pcapng.out index a3fee53f1..3b683ff2f 100644 --- a/test/results/influxd/default/esp.pcapng.out +++ b/test/results/influxd/default/esp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=12790,flow_src_total_bytes=834,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ethereum.pcap.out b/test/results/influxd/default/ethereum.pcap.out index cd9580a54..2d62acb3e 100644 --- a/test/results/influxd/default/ethereum.pcap.out +++ b/test/results/influxd/default/ethereum.pcap.out @@ -1,8 +1,8 @@ -general json_lines=573,json_bytes=509691,flow_src_total_bytes=43570,flow_dst_total_bytes=43398 +general json_lines=573,json_bytes=509852,flow_src_total_bytes=43570,flow_dst_total_bytes=43398 events flow_new_count=74,flow_end_count=47,flow_idle_count=27,flow_update_count=0,flow_analyse_count=33,flow_guessed_count=3,flow_detected_count=71,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=315,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=71 breed flow_breed_safe_count=0,flow_breed_acceptable_count=71,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=71,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=71,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=71,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=74,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ethernetIP.pcap.out b/test/results/influxd/default/ethernetIP.pcap.out index e8d44f319..f3de131a9 100644 --- a/test/results/influxd/default/ethernetIP.pcap.out +++ b/test/results/influxd/default/ethernetIP.pcap.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=29161,flow_src_total_bytes=6348,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ethersbus.pcap.out b/test/results/influxd/default/ethersbus.pcap.out index 0e6acfddd..329e81038 100644 --- a/test/results/influxd/default/ethersbus.pcap.out +++ b/test/results/influxd/default/ethersbus.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7774,flow_src_total_bytes=162,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ethersio.pcap.out b/test/results/influxd/default/ethersio.pcap.out index fa0a9ed3d..2d989c0b6 100644 --- a/test/results/influxd/default/ethersio.pcap.out +++ b/test/results/influxd/default/ethersio.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10140,flow_src_total_bytes=1714,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/exe_download.pcap.out b/test/results/influxd/default/exe_download.pcap.out index 7e0848efd..533a1844d 100644 --- a/test/results/influxd/default/exe_download.pcap.out +++ b/test/results/influxd/default/exe_download.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10759,flow_src_total_bytes=153,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/exe_download_as_png.pcap.out b/test/results/influxd/default/exe_download_as_png.pcap.out index d930144b3..ca5020289 100644 --- a/test/results/influxd/default/exe_download_as_png.pcap.out +++ b/test/results/influxd/default/exe_download_as_png.pcap.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=12801,flow_src_total_bytes=149,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/facebook.pcap.out b/test/results/influxd/default/facebook.pcap.out index 22e01704c..4f0cebc48 100644 --- a/test/results/influxd/default/facebook.pcap.out +++ b/test/results/influxd/default/facebook.pcap.out @@ -1,8 +1,8 @@ -general json_lines=23,json_bytes=21546,flow_src_total_bytes=2145,flow_dst_total_bytes=24374 +general json_lines=23,json_bytes=21341,flow_src_total_bytes=2145,flow_dst_total_bytes=24374 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/false_positives.pcapng.out b/test/results/influxd/default/false_positives.pcapng.out index caf759ed4..fec3dec0c 100644 --- a/test/results/influxd/default/false_positives.pcapng.out +++ b/test/results/influxd/default/false_positives.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=94,json_bytes=48261,flow_src_total_bytes=3200,flow_dst_total_bytes=2168 +general json_lines=94,json_bytes=48286,flow_src_total_bytes=3200,flow_dst_total_bytes=2168 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=36,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=36,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fastcgi.pcap.out b/test/results/influxd/default/fastcgi.pcap.out index 15ab50842..85ee970c1 100644 --- a/test/results/influxd/default/fastcgi.pcap.out +++ b/test/results/influxd/default/fastcgi.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=11422,flow_src_total_bytes=1095,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fins.pcap.out b/test/results/influxd/default/fins.pcap.out index d88d4b57e..2a480fae3 100644 --- a/test/results/influxd/default/fins.pcap.out +++ b/test/results/influxd/default/fins.pcap.out @@ -2,7 +2,7 @@ general json_lines=50,json_bytes=28982,flow_src_total_bytes=6659,flow_dst_total_ events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=12,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=12,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=3,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=3,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/firefox.pcap.out b/test/results/influxd/default/firefox.pcap.out index 8aae303ec..2ace86b1d 100644 --- a/test/results/influxd/default/firefox.pcap.out +++ b/test/results/influxd/default/firefox.pcap.out @@ -1,8 +1,8 @@ -general json_lines=57,json_bytes=50104,flow_src_total_bytes=7370,flow_dst_total_bytes=44229 +general json_lines=57,json_bytes=49612,flow_src_total_bytes=7370,flow_dst_total_bytes=44229 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=0 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fix.pcap.out b/test/results/influxd/default/fix.pcap.out index d090c736a..fc3a1928b 100644 --- a/test/results/influxd/default/fix.pcap.out +++ b/test/results/influxd/default/fix.pcap.out @@ -2,7 +2,7 @@ general json_lines=104,json_bytes=80958,flow_src_total_bytes=34736,flow_dst_tota events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=60,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=12 breed flow_breed_safe_count=12,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=12,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=12,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=12,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=12,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fix2.pcap.out b/test/results/influxd/default/fix2.pcap.out index 6f2717d8e..ae0eb6f5b 100644 --- a/test/results/influxd/default/fix2.pcap.out +++ b/test/results/influxd/default/fix2.pcap.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=17539,flow_src_total_bytes=24259,flow_dst_total events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/flute.pcapng.out b/test/results/influxd/default/flute.pcapng.out index cc7bb83ed..62cde553c 100644 --- a/test/results/influxd/default/flute.pcapng.out +++ b/test/results/influxd/default/flute.pcapng.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=8679,flow_src_total_bytes=1179,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/forticlient.pcap.out b/test/results/influxd/default/forticlient.pcap.out index 8ca3586f5..a86d79927 100644 --- a/test/results/influxd/default/forticlient.pcap.out +++ b/test/results/influxd/default/forticlient.pcap.out @@ -1,8 +1,8 @@ -general json_lines=54,json_bytes=54561,flow_src_total_bytes=73125,flow_dst_total_bytes=225634 +general json_lines=54,json_bytes=53946,flow_src_total_bytes=73125,flow_dst_total_bytes=225634 events flow_new_count=5,flow_end_count=4,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=1 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=4,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=4,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=10,flow_severity_medium=10,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ftp-start-tls.pcap.out b/test/results/influxd/default/ftp-start-tls.pcap.out index a7ca06e77..b43f09e95 100644 --- a/test/results/influxd/default/ftp-start-tls.pcap.out +++ b/test/results/influxd/default/ftp-start-tls.pcap.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=15182,flow_src_total_bytes=856,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ftp.pcap.out b/test/results/influxd/default/ftp.pcap.out index a2ea2bde6..bce8b5f02 100644 --- a/test/results/influxd/default/ftp.pcap.out +++ b/test/results/influxd/default/ftp.pcap.out @@ -2,7 +2,7 @@ general json_lines=29,json_bytes=27041,flow_src_total_bytes=174,flow_dst_total_b events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ftp_failed.pcap.out b/test/results/influxd/default/ftp_failed.pcap.out index 52efbbae5..ae7797363 100644 --- a/test/results/influxd/default/ftp_failed.pcap.out +++ b/test/results/influxd/default/ftp_failed.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8572,flow_src_total_bytes=24,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out b/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out index b9772e71a..584a33a61 100644 --- a/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out @@ -1,11 +1,11 @@ -general json_lines=2134,json_bytes=1916935,flow_src_total_bytes=44774,flow_dst_total_bytes=16036 -events flow_new_count=257,flow_end_count=2,flow_idle_count=255,flow_update_count=666,flow_analyse_count=2,flow_guessed_count=28,flow_detected_count=190,flow_detection_update_count=105,flow_not_detected_count=39,flow_risky_count=86,packet_count=79,packet_flow_count=427,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=6,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=37,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=1,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=2134,json_bytes=1917039,flow_src_total_bytes=44774,flow_dst_total_bytes=16036 +events flow_new_count=257,flow_end_count=2,flow_idle_count=255,flow_update_count=666,flow_analyse_count=2,flow_guessed_count=28,flow_detected_count=190,flow_detection_update_count=105,flow_not_detected_count=39,flow_risky_count=84,packet_count=79,packet_flow_count=427,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=6,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=37,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=1,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=176,flow_state_finished=81 breed flow_breed_safe_count=0,flow_breed_acceptable_count=186,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=4,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=13,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=156,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=20,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=13,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=156,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=20,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=190,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=120,flow_severity_medium=1,flow_severity_high=51,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=118,flow_severity_medium=1,flow_severity_high=51,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=257,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=23,flow_l4_udp_count=224,flow_l4_icmp_count=0,flow_l4_other_count=10 detection flow_active_count=257,flow_detected_count=190,flow_guessed_count=28,flow_not_detected_count=39 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=55,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=4,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=64,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=82,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=55,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=64,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=82,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out b/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out index 44427f1b8..4f82797c6 100644 --- a/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out @@ -1,8 +1,8 @@ -general json_lines=219,json_bytes=193065,flow_src_total_bytes=14756,flow_dst_total_bytes=10874 +general json_lines=219,json_bytes=193172,flow_src_total_bytes=14756,flow_dst_total_bytes=10874 events flow_new_count=39,flow_end_count=12,flow_idle_count=27,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=22,flow_detected_count=13,flow_detection_update_count=1,flow_not_detected_count=4,flow_risky_count=12,packet_count=8,packet_flow_count=82,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=2,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=34,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=13,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=13,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=0,flow_severity_high=10,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=39,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out b/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out index 11dec1cab..6f94d3c19 100644 --- a/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out @@ -2,7 +2,7 @@ general json_lines=615,json_bytes=550013,flow_src_total_bytes=109463,flow_dst_to events flow_new_count=79,flow_end_count=0,flow_idle_count=79,flow_update_count=133,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=57,flow_detection_update_count=0,flow_not_detected_count=19,flow_risky_count=0,packet_count=65,packet_flow_count=107,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=11,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=27,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=27,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=22,flow_state_finished=57 breed flow_breed_safe_count=0,flow_breed_acceptable_count=57,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=57,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=57,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=57,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=79,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index f454ece5d..c324dfa66 100644 --- a/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=3868,flow_src_total_bytes=0,flow_dst_total_bytes events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=1,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=1,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/fuzz-2021-10-13.pcap.out b/test/results/influxd/default/fuzz-2021-10-13.pcap.out index 21977c2a5..ca216a263 100644 --- a/test/results/influxd/default/fuzz-2021-10-13.pcap.out +++ b/test/results/influxd/default/fuzz-2021-10-13.pcap.out @@ -2,7 +2,7 @@ general json_lines=5,json_bytes=3231,flow_src_total_bytes=0,flow_dst_total_bytes events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=1,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gaijin_mobile_mixed.pcap.out b/test/results/influxd/default/gaijin_mobile_mixed.pcap.out index b3d2a191a..d6ba9b28d 100644 --- a/test/results/influxd/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/influxd/default/gaijin_mobile_mixed.pcap.out @@ -1,8 +1,8 @@ -general json_lines=30,json_bytes=25730,flow_src_total_bytes=1542,flow_dst_total_bytes=8296 +general json_lines=30,json_bytes=25566,flow_src_total_bytes=1542,flow_dst_total_bytes=8296 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=3,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=3,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gaijin_warthunder.pcap.out b/test/results/influxd/default/gaijin_warthunder.pcap.out index d3dc0735c..88383053b 100644 --- a/test/results/influxd/default/gaijin_warthunder.pcap.out +++ b/test/results/influxd/default/gaijin_warthunder.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=14703,flow_src_total_bytes=887,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gearman.pcap.out b/test/results/influxd/default/gearman.pcap.out index cd678d7a4..55483c787 100644 --- a/test/results/influxd/default/gearman.pcap.out +++ b/test/results/influxd/default/gearman.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7749,flow_src_total_bytes=26,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/geforcenow.pcapng.out b/test/results/influxd/default/geforcenow.pcapng.out index e7baa2a29..a19a4f39f 100644 --- a/test/results/influxd/default/geforcenow.pcapng.out +++ b/test/results/influxd/default/geforcenow.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=27,json_bytes=32579,flow_src_total_bytes=9542,flow_dst_total_bytes=53610 +general json_lines=27,json_bytes=32474,flow_src_total_bytes=9542,flow_dst_total_bytes=53610 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/genshin-impact.pcap.out b/test/results/influxd/default/genshin-impact.pcap.out index c04a5de14..a6019d1a2 100644 --- a/test/results/influxd/default/genshin-impact.pcap.out +++ b/test/results/influxd/default/genshin-impact.pcap.out @@ -2,7 +2,7 @@ general json_lines=56,json_bytes=41310,flow_src_total_bytes=8247,flow_dst_total_ events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=6,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=6,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/git.pcap.out b/test/results/influxd/default/git.pcap.out index 9dfea5eb4..092dbf7d3 100644 --- a/test/results/influxd/default/git.pcap.out +++ b/test/results/influxd/default/git.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10025,flow_src_total_bytes=605,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gnutella.pcap.out b/test/results/influxd/default/gnutella.pcap.out index 6f8ba10ab..3dc510bde 100644 --- a/test/results/influxd/default/gnutella.pcap.out +++ b/test/results/influxd/default/gnutella.pcap.out @@ -1,11 +1,11 @@ -general json_lines=6866,json_bytes=5760854,flow_src_total_bytes=149308,flow_dst_total_bytes=234286 -events flow_new_count=801,flow_end_count=66,flow_idle_count=735,flow_update_count=2519,flow_analyse_count=6,flow_guessed_count=1,flow_detected_count=401,flow_detection_update_count=5,flow_not_detected_count=399,flow_risky_count=363,packet_count=1,packet_flow_count=1928,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=1,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=6866,json_bytes=5759483,flow_src_total_bytes=149308,flow_dst_total_bytes=234286 +events flow_new_count=801,flow_end_count=66,flow_idle_count=735,flow_update_count=2519,flow_analyse_count=6,flow_guessed_count=1,flow_detected_count=401,flow_detection_update_count=5,flow_not_detected_count=399,flow_risky_count=361,packet_count=1,packet_flow_count=1928,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=1,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=405,flow_state_finished=396 breed flow_breed_safe_count=1,flow_breed_acceptable_count=42,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=356,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=356,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=32,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=12,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=356,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=32,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=12,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=401,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=369,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=364,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=787,flow_l3_ip6_count=14,flow_l3_other_count=0 layer4 flow_l4_tcp_count=137,flow_l4_udp_count=653,flow_l4_icmp_count=5,flow_l4_other_count=6 detection flow_active_count=801,flow_detected_count=401,flow_guessed_count=1,flow_not_detected_count=399 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=7,flow_risk_6_count=1,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=1,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=5,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=2,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=360,flow_risk_23_count=0,flow_risk_24_count=2,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=9,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=7,flow_risk_6_count=1,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=1,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=5,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=2,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=358,flow_risk_23_count=0,flow_risk_24_count=2,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=4,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=2,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/google_chat.pcapng.out b/test/results/influxd/default/google_chat.pcapng.out index 3f47afe4e..bf60a82cf 100644 --- a/test/results/influxd/default/google_chat.pcapng.out +++ b/test/results/influxd/default/google_chat.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10429,flow_src_total_bytes=663,flow_dst_total_bytes=2800 +general json_lines=12,json_bytes=10347,flow_src_total_bytes=663,flow_dst_total_bytes=2800 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/google_meet.pcapng.out b/test/results/influxd/default/google_meet.pcapng.out index d46f8b5b3..7dbbec8d8 100644 --- a/test/results/influxd/default/google_meet.pcapng.out +++ b/test/results/influxd/default/google_meet.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=20,json_bytes=22885,flow_src_total_bytes=1824,flow_dst_total_bytes=6400 +general json_lines=20,json_bytes=22762,flow_src_total_bytes=1824,flow_dst_total_bytes=6400 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/google_ssl.pcap.out b/test/results/influxd/default/google_ssl.pcap.out index 83c1c9fbb..56c6c68aa 100644 --- a/test/results/influxd/default/google_ssl.pcap.out +++ b/test/results/influxd/default/google_ssl.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7740,flow_src_total_bytes=644,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/googledns_android10.pcap.out b/test/results/influxd/default/googledns_android10.pcap.out index 593f9df5f..180f417b8 100644 --- a/test/results/influxd/default/googledns_android10.pcap.out +++ b/test/results/influxd/default/googledns_android10.pcap.out @@ -1,8 +1,8 @@ -general json_lines=77,json_bytes=72230,flow_src_total_bytes=21058,flow_dst_total_bytes=76784 +general json_lines=77,json_bytes=71656,flow_src_total_bytes=21058,flow_dst_total_bytes=76784 events flow_new_count=8,flow_end_count=6,flow_idle_count=2,flow_update_count=2,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=6,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=36,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=6,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=6,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=15,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gquic.pcap.out b/test/results/influxd/default/gquic.pcap.out index 1ff67c7df..a36d9f8f5 100644 --- a/test/results/influxd/default/gquic.pcap.out +++ b/test/results/influxd/default/gquic.pcap.out @@ -1,8 +1,8 @@ -general json_lines=7,json_bytes=7567,flow_src_total_bytes=1350,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=7497,flow_src_total_bytes=1350,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gquic_only_from_server.pcap.out b/test/results/influxd/default/gquic_only_from_server.pcap.out index 2cf75d9fa..559fd637e 100644 --- a/test/results/influxd/default/gquic_only_from_server.pcap.out +++ b/test/results/influxd/default/gquic_only_from_server.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=15325,flow_src_total_bytes=38360,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gre.pcapng.out b/test/results/influxd/default/gre.pcapng.out index d99b1c22a..ac70ffec0 100644 --- a/test/results/influxd/default/gre.pcapng.out +++ b/test/results/influxd/default/gre.pcapng.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5932,flow_src_total_bytes=346,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gtp_c.pcap.out b/test/results/influxd/default/gtp_c.pcap.out index 6f6b7eaf6..745f09c6e 100644 --- a/test/results/influxd/default/gtp_c.pcap.out +++ b/test/results/influxd/default/gtp_c.pcap.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=7778,flow_src_total_bytes=281,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gtp_false_positive.pcapng.out b/test/results/influxd/default/gtp_false_positive.pcapng.out index e51f1b6d2..f2f570f43 100644 --- a/test/results/influxd/default/gtp_false_positive.pcapng.out +++ b/test/results/influxd/default/gtp_false_positive.pcapng.out @@ -2,7 +2,7 @@ general json_lines=22,json_bytes=17422,flow_src_total_bytes=552,flow_dst_total_b events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/gtp_prime.pcapng.out b/test/results/influxd/default/gtp_prime.pcapng.out index 137b740f3..209f0d515 100644 --- a/test/results/influxd/default/gtp_prime.pcapng.out +++ b/test/results/influxd/default/gtp_prime.pcapng.out @@ -2,7 +2,7 @@ general json_lines=5,json_bytes=3340,flow_src_total_bytes=0,flow_dst_total_bytes events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=1,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/h323-overflow.pcap.out b/test/results/influxd/default/h323-overflow.pcap.out index 6d8679485..2fea04aba 100644 --- a/test/results/influxd/default/h323-overflow.pcap.out +++ b/test/results/influxd/default/h323-overflow.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5533,flow_src_total_bytes=4,flow_dst_total_bytes events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/h323.pcap.out b/test/results/influxd/default/h323.pcap.out index e80ae9aac..a38b3cb26 100644 --- a/test/results/influxd/default/h323.pcap.out +++ b/test/results/influxd/default/h323.pcap.out @@ -2,7 +2,7 @@ general json_lines=52,json_bytes=40041,flow_src_total_bytes=2279,flow_dst_total_ events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=6,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=6,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/haproxy.pcap.out b/test/results/influxd/default/haproxy.pcap.out index 1958725d6..baea9ec0b 100644 --- a/test/results/influxd/default/haproxy.pcap.out +++ b/test/results/influxd/default/haproxy.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=6171,flow_src_total_bytes=309,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hart_ip.pcap.out b/test/results/influxd/default/hart_ip.pcap.out index 8d2399589..a7b9ac046 100644 --- a/test/results/influxd/default/hart_ip.pcap.out +++ b/test/results/influxd/default/hart_ip.pcap.out @@ -2,7 +2,7 @@ general json_lines=24,json_bytes=18629,flow_src_total_bytes=581,flow_dst_total_b events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=3,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=3,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out b/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out index 6be5ee448..72a30d794 100644 --- a/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out @@ -2,7 +2,7 @@ general json_lines=57,json_bytes=47842,flow_src_total_bytes=14860,flow_dst_total events flow_new_count=6,flow_end_count=5,flow_idle_count=1,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=6,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hislip.pcap.out b/test/results/influxd/default/hislip.pcap.out index 4835ca4a7..8af8b61cc 100644 --- a/test/results/influxd/default/hislip.pcap.out +++ b/test/results/influxd/default/hislip.pcap.out @@ -2,7 +2,7 @@ general json_lines=39,json_bytes=33090,flow_src_total_bytes=830,flow_dst_total_b events flow_new_count=4,flow_end_count=4,flow_idle_count=0,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=4,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=4,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hl7.pcap.out b/test/results/influxd/default/hl7.pcap.out index 4a9852172..bb573148e 100644 --- a/test/results/influxd/default/hl7.pcap.out +++ b/test/results/influxd/default/hl7.pcap.out @@ -1,11 +1,11 @@ -general json_lines=11,json_bytes=8788,flow_src_total_bytes=477,flow_dst_total_bytes=168 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +general json_lines=27,json_bytes=22628,flow_src_total_bytes=3823,flow_dst_total_bytes=748 +events flow_new_count=3,flow_end_count=3,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=3,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=3,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/hls.pcapng.out b/test/results/influxd/default/hls.pcapng.out index 36306a88b..f24cfa0c9 100644 --- a/test/results/influxd/default/hls.pcapng.out +++ b/test/results/influxd/default/hls.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8532,flow_src_total_bytes=148,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hots.pcapng.out b/test/results/influxd/default/hots.pcapng.out index 9a924f268..f4e04245a 100644 --- a/test/results/influxd/default/hots.pcapng.out +++ b/test/results/influxd/default/hots.pcapng.out @@ -2,7 +2,7 @@ general json_lines=32,json_bytes=26480,flow_src_total_bytes=5321,flow_dst_total_ events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=1,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=3,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=3,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hpvirtgrp.pcap.out b/test/results/influxd/default/hpvirtgrp.pcap.out index 937708087..9ffa4bfe7 100644 --- a/test/results/influxd/default/hpvirtgrp.pcap.out +++ b/test/results/influxd/default/hpvirtgrp.pcap.out @@ -2,7 +2,7 @@ general json_lines=82,json_bytes=59124,flow_src_total_bytes=3797,flow_dst_total_ events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=45,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=9,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=9,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hsrp0.pcap.out b/test/results/influxd/default/hsrp0.pcap.out index 84bf301c6..eb3660bfb 100644 --- a/test/results/influxd/default/hsrp0.pcap.out +++ b/test/results/influxd/default/hsrp0.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=15424,flow_src_total_bytes=80,flow_dst_total_by events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hsrp2.pcap.out b/test/results/influxd/default/hsrp2.pcap.out index 1cbc3bc0d..9df47bd4f 100644 --- a/test/results/influxd/default/hsrp2.pcap.out +++ b/test/results/influxd/default/hsrp2.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8854,flow_src_total_bytes=104,flow_dst_total_by events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/hsrp2_ipv6.pcapng.out b/test/results/influxd/default/hsrp2_ipv6.pcapng.out index 354253124..9c17c0150 100644 --- a/test/results/influxd/default/hsrp2_ipv6.pcapng.out +++ b/test/results/influxd/default/hsrp2_ipv6.pcapng.out @@ -2,7 +2,7 @@ general json_lines=23,json_bytes=19001,flow_src_total_bytes=1998,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=4,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http-basic-auth.pcap.out b/test/results/influxd/default/http-basic-auth.pcap.out index c8175d0e6..ea102d178 100644 --- a/test/results/influxd/default/http-basic-auth.pcap.out +++ b/test/results/influxd/default/http-basic-auth.pcap.out @@ -2,7 +2,7 @@ general json_lines=216,json_bytes=189394,flow_src_total_bytes=23764,flow_dst_tot events flow_new_count=25,flow_end_count=25,flow_idle_count=0,flow_update_count=0,flow_analyse_count=9,flow_guessed_count=9,flow_detected_count=16,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=15,packet_count=0,packet_flow_count=125,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=9,flow_state_finished=16 breed flow_breed_safe_count=0,flow_breed_acceptable_count=16,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=16,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=16,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=16,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=17,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=25,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http-crash-content-disposition.pcap.out b/test/results/influxd/default/http-crash-content-disposition.pcap.out index bf1e48114..dee741cb0 100644 --- a/test/results/influxd/default/http-crash-content-disposition.pcap.out +++ b/test/results/influxd/default/http-crash-content-disposition.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8829,flow_src_total_bytes=475,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http-lines-split.pcap.out b/test/results/influxd/default/http-lines-split.pcap.out index 738a6224f..4dc8f04df 100644 --- a/test/results/influxd/default/http-lines-split.pcap.out +++ b/test/results/influxd/default/http-lines-split.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9598,flow_src_total_bytes=67,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http-manipulated.pcap.out b/test/results/influxd/default/http-manipulated.pcap.out index e35d738a4..9c552f1e2 100644 --- a/test/results/influxd/default/http-manipulated.pcap.out +++ b/test/results/influxd/default/http-manipulated.pcap.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=15674,flow_src_total_bytes=797,flow_dst_total_b events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http-proxy.pcapng.out b/test/results/influxd/default/http-proxy.pcapng.out index 36089e7bf..9bb528f8a 100644 --- a/test/results/influxd/default/http-proxy.pcapng.out +++ b/test/results/influxd/default/http-proxy.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8668,flow_src_total_bytes=294,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http-pwd.pcapng.out b/test/results/influxd/default/http-pwd.pcapng.out index ccb783ce1..51db0b0f2 100644 --- a/test/results/influxd/default/http-pwd.pcapng.out +++ b/test/results/influxd/default/http-pwd.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=12279,flow_src_total_bytes=747,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http.pcapng.out b/test/results/influxd/default/http.pcapng.out index 880e80c3f..6f462ce31 100644 --- a/test/results/influxd/default/http.pcapng.out +++ b/test/results/influxd/default/http.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8060,flow_src_total_bytes=74,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http2.pcapng.out b/test/results/influxd/default/http2.pcapng.out index 70c9882bf..92a20a676 100644 --- a/test/results/influxd/default/http2.pcapng.out +++ b/test/results/influxd/default/http2.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8277,flow_src_total_bytes=319,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_asymmetric.pcapng.out b/test/results/influxd/default/http_asymmetric.pcapng.out index 90fa6f619..dad528fd3 100644 --- a/test/results/influxd/default/http_asymmetric.pcapng.out +++ b/test/results/influxd/default/http_asymmetric.pcapng.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=21753,flow_src_total_bytes=8665,flow_dst_total_ events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_auth.pcap.out b/test/results/influxd/default/http_auth.pcap.out index c183a312d..f08d402d0 100644 --- a/test/results/influxd/default/http_auth.pcap.out +++ b/test/results/influxd/default/http_auth.pcap.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=13450,flow_src_total_bytes=739,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_connect.pcap.out b/test/results/influxd/default/http_connect.pcap.out index 536ec8aba..dde0105cb 100644 --- a/test/results/influxd/default/http_connect.pcap.out +++ b/test/results/influxd/default/http_connect.pcap.out @@ -1,8 +1,8 @@ -general json_lines=28,json_bytes=26016,flow_src_total_bytes=3644,flow_dst_total_bytes=53729 +general json_lines=28,json_bytes=25934,flow_src_total_bytes=3644,flow_dst_total_bytes=53729 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=1,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out b/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out index 7cecff3ce..b013ad3f4 100644 --- a/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=7,json_bytes=6097,flow_src_total_bytes=49,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=6204,flow_src_total_bytes=49,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_invalid_server.pcap.out b/test/results/influxd/default/http_invalid_server.pcap.out index f83179b16..23b5c1460 100644 --- a/test/results/influxd/default/http_invalid_server.pcap.out +++ b/test/results/influxd/default/http_invalid_server.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9998,flow_src_total_bytes=82,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_ipv6.pcap.out b/test/results/influxd/default/http_ipv6.pcap.out index fd79a2b7a..996bd16ac 100644 --- a/test/results/influxd/default/http_ipv6.pcap.out +++ b/test/results/influxd/default/http_ipv6.pcap.out @@ -1,8 +1,8 @@ -general json_lines=117,json_bytes=107137,flow_src_total_bytes=10659,flow_dst_total_bytes=40534 +general json_lines=117,json_bytes=106503,flow_src_total_bytes=10659,flow_dst_total_bytes=40534 events flow_new_count=15,flow_end_count=3,flow_idle_count=12,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=7,flow_detected_count=8,flow_detection_update_count=13,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=55,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=1 breed flow_breed_safe_count=5,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=4,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=15,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_on_sip_port.pcap.out b/test/results/influxd/default/http_on_sip_port.pcap.out index 999e1e04a..e63c9587d 100644 --- a/test/results/influxd/default/http_on_sip_port.pcap.out +++ b/test/results/influxd/default/http_on_sip_port.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=11856,flow_src_total_bytes=223,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_origin_different_than_host.pcap.out b/test/results/influxd/default/http_origin_different_than_host.pcap.out index eb502a568..9f83d343c 100644 --- a/test/results/influxd/default/http_origin_different_than_host.pcap.out +++ b/test/results/influxd/default/http_origin_different_than_host.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=6652,flow_src_total_bytes=0,flow_dst_total_byte events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=4,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=4,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_starting_with_reply.pcapng.out b/test/results/influxd/default/http_starting_with_reply.pcapng.out index ca7e3ba4c..61b7cb3b6 100644 --- a/test/results/influxd/default/http_starting_with_reply.pcapng.out +++ b/test/results/influxd/default/http_starting_with_reply.pcapng.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=17480,flow_src_total_bytes=7613,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out index 9c95a25cd..840268da5 100644 --- a/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=13945,flow_src_total_bytes=62424,flow_dst_total events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/i3d.pcap.out b/test/results/influxd/default/i3d.pcap.out index 9aed84b27..e98f0a931 100644 --- a/test/results/influxd/default/i3d.pcap.out +++ b/test/results/influxd/default/i3d.pcap.out @@ -2,7 +2,7 @@ general json_lines=37,json_bytes=34058,flow_src_total_bytes=33668,flow_dst_total events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/iax.pcap.out b/test/results/influxd/default/iax.pcap.out index 3a221523c..a1ad849e5 100644 --- a/test/results/influxd/default/iax.pcap.out +++ b/test/results/influxd/default/iax.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9907,flow_src_total_bytes=4046,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/icmp-tunnel.pcap.out b/test/results/influxd/default/icmp-tunnel.pcap.out index 4a6dae912..a64a009ba 100644 --- a/test/results/influxd/default/icmp-tunnel.pcap.out +++ b/test/results/influxd/default/icmp-tunnel.pcap.out @@ -2,7 +2,7 @@ general json_lines=39,json_bytes=42844,flow_src_total_bytes=83334,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=26,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/iec60780-5-104.pcap.out b/test/results/influxd/default/iec60780-5-104.pcap.out index e9dd27989..f93ebb4ca 100644 --- a/test/results/influxd/default/iec60780-5-104.pcap.out +++ b/test/results/influxd/default/iec60780-5-104.pcap.out @@ -2,7 +2,7 @@ general json_lines=53,json_bytes=38508,flow_src_total_bytes=413,flow_dst_total_b events flow_new_count=6,flow_end_count=6,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=6,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=6,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ieee_c37118.pcap.out b/test/results/influxd/default/ieee_c37118.pcap.out index 736b78b8d..d42c017de 100644 --- a/test/results/influxd/default/ieee_c37118.pcap.out +++ b/test/results/influxd/default/ieee_c37118.pcap.out @@ -2,7 +2,7 @@ general json_lines=22,json_bytes=19138,flow_src_total_bytes=126,flow_dst_total_b events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/imap-starttls.pcap.out b/test/results/influxd/default/imap-starttls.pcap.out index 595cead27..2714acd07 100644 --- a/test/results/influxd/default/imap-starttls.pcap.out +++ b/test/results/influxd/default/imap-starttls.pcap.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=15157,flow_src_total_bytes=540,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/imap.pcap.out b/test/results/influxd/default/imap.pcap.out index d6fe373f3..75b716438 100644 --- a/test/results/influxd/default/imap.pcap.out +++ b/test/results/influxd/default/imap.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10692,flow_src_total_bytes=179,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/imaps.pcap.out b/test/results/influxd/default/imaps.pcap.out index bd5622bcc..db3bdbb90 100644 --- a/test/results/influxd/default/imaps.pcap.out +++ b/test/results/influxd/default/imaps.pcap.out @@ -1,8 +1,8 @@ -general json_lines=23,json_bytes=18897,flow_src_total_bytes=1582,flow_dst_total_bytes=6084 +general json_lines=23,json_bytes=18925,flow_src_total_bytes=1582,flow_dst_total_bytes=6084 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=2,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=2,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/imo.pcap.out b/test/results/influxd/default/imo.pcap.out index ad66ea258..f99424050 100644 --- a/test/results/influxd/default/imo.pcap.out +++ b/test/results/influxd/default/imo.pcap.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=19972,flow_src_total_bytes=18943,flow_dst_total events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/instagram.pcap.out b/test/results/influxd/default/instagram.pcap.out index cdcb88cb3..7f27dcfcc 100644 --- a/test/results/influxd/default/instagram.pcap.out +++ b/test/results/influxd/default/instagram.pcap.out @@ -1,8 +1,8 @@ -general json_lines=299,json_bytes=323468,flow_src_total_bytes=116573,flow_dst_total_bytes=413697 +general json_lines=299,json_bytes=322402,flow_src_total_bytes=116573,flow_dst_total_bytes=413697 events flow_new_count=38,flow_end_count=6,flow_idle_count=32,flow_update_count=4,flow_analyse_count=9,flow_guessed_count=7,flow_detected_count=30,flow_detection_update_count=18,flow_not_detected_count=1,flow_risky_count=5,packet_count=0,packet_flow_count=150,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=22,flow_state_finished=16 breed flow_breed_safe_count=5,flow_breed_acceptable_count=3,flow_breed_fun_count=22,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=18,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=18,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=30,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=14,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=38,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ip_fragmented_garbage.pcap.out b/test/results/influxd/default/ip_fragmented_garbage.pcap.out index cdcfe9002..6165b6aec 100644 --- a/test/results/influxd/default/ip_fragmented_garbage.pcap.out +++ b/test/results/influxd/default/ip_fragmented_garbage.pcap.out @@ -2,7 +2,7 @@ general json_lines=51,json_bytes=25983,flow_src_total_bytes=8,flow_dst_total_byt events flow_new_count=4,flow_end_count=4,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=4,flow_risky_count=0,packet_count=16,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=16,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/iphone.pcap.out b/test/results/influxd/default/iphone.pcap.out index 8dc4057c3..bcbf8cf3b 100644 --- a/test/results/influxd/default/iphone.pcap.out +++ b/test/results/influxd/default/iphone.pcap.out @@ -1,8 +1,8 @@ -general json_lines=356,json_bytes=328663,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 +general json_lines=356,json_bytes=327228,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 events flow_new_count=51,flow_end_count=3,flow_idle_count=48,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=1,flow_detected_count=50,flow_detection_update_count=40,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=156,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=13,flow_state_finished=38 breed flow_breed_safe_count=17,flow_breed_acceptable_count=24,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=12,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=31,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=12,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=31,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=50,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=46,flow_l3_ip6_count=5,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ipp.pcap.out b/test/results/influxd/default/ipp.pcap.out index 62ffc1a36..9b42e2248 100644 --- a/test/results/influxd/default/ipp.pcap.out +++ b/test/results/influxd/default/ipp.pcap.out @@ -2,7 +2,7 @@ general json_lines=28,json_bytes=24769,flow_src_total_bytes=228781,flow_dst_tota events flow_new_count=3,flow_end_count=3,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ipsec_isakmp_esp.pcap.out b/test/results/influxd/default/ipsec_isakmp_esp.pcap.out index 13771965a..bd7414e1e 100644 --- a/test/results/influxd/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/influxd/default/ipsec_isakmp_esp.pcap.out @@ -2,7 +2,7 @@ general json_lines=321,json_bytes=317542,flow_src_total_bytes=271448,flow_dst_to events flow_new_count=36,flow_end_count=0,flow_idle_count=36,flow_update_count=20,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=36,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=174,init_count=1,reconnect_count=0,shutdown_count=1,status_count=11,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=36 breed flow_breed_safe_count=36,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=36,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=36,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=36,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=36,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ipv6_in_gtp.pcap.out b/test/results/influxd/default/ipv6_in_gtp.pcap.out index 3417c706b..083bf8b0d 100644 --- a/test/results/influxd/default/ipv6_in_gtp.pcap.out +++ b/test/results/influxd/default/ipv6_in_gtp.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=4830,flow_src_total_bytes=0,flow_dst_total_bytes events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/iqiyi.pcap.out b/test/results/influxd/default/iqiyi.pcap.out index 70258b79c..d869089d4 100644 --- a/test/results/influxd/default/iqiyi.pcap.out +++ b/test/results/influxd/default/iqiyi.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6381,flow_src_total_bytes=135,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=1,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=1,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/irc.pcap.out b/test/results/influxd/default/irc.pcap.out index d0595e9a8..13cf8d17f 100644 --- a/test/results/influxd/default/irc.pcap.out +++ b/test/results/influxd/default/irc.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8486,flow_src_total_bytes=114,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/iso9506-1-mms.pcap.out b/test/results/influxd/default/iso9506-1-mms.pcap.out index d48836850..4324d874c 100644 --- a/test/results/influxd/default/iso9506-1-mms.pcap.out +++ b/test/results/influxd/default/iso9506-1-mms.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7848,flow_src_total_bytes=374,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out index 92626542a..512e5fdd6 100644 --- a/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out @@ -2,7 +2,7 @@ general json_lines=25,json_bytes=16331,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=11,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=11,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index a32364d6e..bf415638d 100644 --- a/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -2,7 +2,7 @@ general json_lines=37,json_bytes=22845,flow_src_total_bytes=2974,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=13,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=13,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/jabber.pcap.out b/test/results/influxd/default/jabber.pcap.out index 05bfa50f6..92cca262a 100644 --- a/test/results/influxd/default/jabber.pcap.out +++ b/test/results/influxd/default/jabber.pcap.out @@ -2,7 +2,7 @@ general json_lines=110,json_bytes=83810,flow_src_total_bytes=11121,flow_dst_tota events flow_new_count=12,flow_end_count=3,flow_idle_count=9,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=60,init_count=1,reconnect_count=0,shutdown_count=1,status_count=9,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=12 breed flow_breed_safe_count=0,flow_breed_acceptable_count=12,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=12,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=12,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=12,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=12,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/jrmi.pcap.out b/test/results/influxd/default/jrmi.pcap.out index a4dab536e..e961e9380 100644 --- a/test/results/influxd/default/jrmi.pcap.out +++ b/test/results/influxd/default/jrmi.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7758,flow_src_total_bytes=98,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/jsonrpc.pcap.out b/test/results/influxd/default/jsonrpc.pcap.out index 619b071d3..e8b0241cf 100644 --- a/test/results/influxd/default/jsonrpc.pcap.out +++ b/test/results/influxd/default/jsonrpc.pcap.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=16849,flow_src_total_bytes=1176,flow_dst_total_ events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kafka.pcapng.out b/test/results/influxd/default/kafka.pcapng.out index 40edf14f4..ee90effb1 100644 --- a/test/results/influxd/default/kafka.pcapng.out +++ b/test/results/influxd/default/kafka.pcapng.out @@ -2,7 +2,7 @@ general json_lines=65,json_bytes=52863,flow_src_total_bytes=2459,flow_dst_total_ events flow_new_count=9,flow_end_count=1,flow_idle_count=8,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=9,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=8 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=8,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=8,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kcp.pcap.out b/test/results/influxd/default/kcp.pcap.out index c8e7ed619..93292064c 100644 --- a/test/results/influxd/default/kcp.pcap.out +++ b/test/results/influxd/default/kcp.pcap.out @@ -2,7 +2,7 @@ general json_lines=36,json_bytes=46659,flow_src_total_bytes=28368,flow_dst_total events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=7,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kerberos-error.pcap.out b/test/results/influxd/default/kerberos-error.pcap.out index f129d2042..59343971b 100644 --- a/test/results/influxd/default/kerberos-error.pcap.out +++ b/test/results/influxd/default/kerberos-error.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6817,flow_src_total_bytes=287,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kerberos-login.pcap.out b/test/results/influxd/default/kerberos-login.pcap.out index 57f23b81a..ec0d1877f 100644 --- a/test/results/influxd/default/kerberos-login.pcap.out +++ b/test/results/influxd/default/kerberos-login.pcap.out @@ -2,7 +2,7 @@ general json_lines=80,json_bytes=101921,flow_src_total_bytes=17733,flow_dst_tota events flow_new_count=13,flow_end_count=1,flow_idle_count=12,flow_update_count=7,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=13 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=13,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=13,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kerberos.pcap.out b/test/results/influxd/default/kerberos.pcap.out index 18a6a28be..db8705515 100644 --- a/test/results/influxd/default/kerberos.pcap.out +++ b/test/results/influxd/default/kerberos.pcap.out @@ -2,7 +2,7 @@ general json_lines=190,json_bytes=176332,flow_src_total_bytes=13668,flow_dst_tot events flow_new_count=36,flow_end_count=0,flow_idle_count=36,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=23,flow_detected_count=11,flow_detection_update_count=3,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=76,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=29,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=36,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kerberos_fuzz.pcapng.out b/test/results/influxd/default/kerberos_fuzz.pcapng.out index c5b32a06e..22b1cce88 100644 --- a/test/results/influxd/default/kerberos_fuzz.pcapng.out +++ b/test/results/influxd/default/kerberos_fuzz.pcapng.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=6049,flow_src_total_bytes=260,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/kismet.pcap.out b/test/results/influxd/default/kismet.pcap.out index a04ac5f78..201322b9e 100644 --- a/test/results/influxd/default/kismet.pcap.out +++ b/test/results/influxd/default/kismet.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10224,flow_src_total_bytes=1045,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/knxip.pcapng.out b/test/results/influxd/default/knxip.pcapng.out index 7359cb204..1c54fc4b1 100644 --- a/test/results/influxd/default/knxip.pcapng.out +++ b/test/results/influxd/default/knxip.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9393,flow_src_total_bytes=62,flow_dst_total_byt events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=2,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ldp.pcap.out b/test/results/influxd/default/ldp.pcap.out index 50ab7538a..748e63f94 100644 --- a/test/results/influxd/default/ldp.pcap.out +++ b/test/results/influxd/default/ldp.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=14746,flow_src_total_bytes=360,flow_dst_total_b events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/line.pcap.out b/test/results/influxd/default/line.pcap.out index 931e65218..18042109c 100644 --- a/test/results/influxd/default/line.pcap.out +++ b/test/results/influxd/default/line.pcap.out @@ -1,8 +1,8 @@ -general json_lines=51,json_bytes=52991,flow_src_total_bytes=25568,flow_dst_total_bytes=23936 +general json_lines=51,json_bytes=52868,flow_src_total_bytes=25568,flow_dst_total_bytes=23936 events flow_new_count=5,flow_end_count=1,flow_idle_count=4,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=1,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=3,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=3,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/linecall_falsepositve.pcap.out b/test/results/influxd/default/linecall_falsepositve.pcap.out index 368e7eaa8..52f218527 100644 --- a/test/results/influxd/default/linecall_falsepositve.pcap.out +++ b/test/results/influxd/default/linecall_falsepositve.pcap.out @@ -2,7 +2,7 @@ general json_lines=67,json_bytes=39575,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=32,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/lisp_registration.pcap.out b/test/results/influxd/default/lisp_registration.pcap.out index 17e0f6235..501b5854a 100644 --- a/test/results/influxd/default/lisp_registration.pcap.out +++ b/test/results/influxd/default/lisp_registration.pcap.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=26999,flow_src_total_bytes=1976,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=4,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=4,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/log4j-webapp-exploit.pcap.out b/test/results/influxd/default/log4j-webapp-exploit.pcap.out index d24586c37..60e480ec6 100644 --- a/test/results/influxd/default/log4j-webapp-exploit.pcap.out +++ b/test/results/influxd/default/log4j-webapp-exploit.pcap.out @@ -1,8 +1,8 @@ -general json_lines=67,json_bytes=52001,flow_src_total_bytes=2128,flow_dst_total_bytes=3702 +general json_lines=67,json_bytes=52108,flow_src_total_bytes=2128,flow_dst_total_bytes=3702 events flow_new_count=7,flow_end_count=6,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=2,flow_not_detected_count=2,flow_risky_count=5,packet_count=4,packet_flow_count=32,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=4,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=3,flow_severity_high=1,flow_severity_severe=5,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/lol_wild_rift_udp.pcap.out b/test/results/influxd/default/lol_wild_rift_udp.pcap.out index a431cb355..5a04f97b5 100644 --- a/test/results/influxd/default/lol_wild_rift_udp.pcap.out +++ b/test/results/influxd/default/lol_wild_rift_udp.pcap.out @@ -2,7 +2,7 @@ general json_lines=30,json_bytes=25335,flow_src_total_bytes=251,flow_dst_total_b events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=5,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=5,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/long_tls_certificate.pcap.out b/test/results/influxd/default/long_tls_certificate.pcap.out index 733ec8f38..7013a28d4 100644 --- a/test/results/influxd/default/long_tls_certificate.pcap.out +++ b/test/results/influxd/default/long_tls_certificate.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=17977,flow_src_total_bytes=1073,flow_dst_total_bytes=11027 +general json_lines=14,json_bytes=17854,flow_src_total_bytes=1073,flow_dst_total_bytes=11027 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/lru_ipv6_caches.pcapng.out b/test/results/influxd/default/lru_ipv6_caches.pcapng.out index 9102adebb..abaebeed6 100644 --- a/test/results/influxd/default/lru_ipv6_caches.pcapng.out +++ b/test/results/influxd/default/lru_ipv6_caches.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=89,json_bytes=92046,flow_src_total_bytes=14408,flow_dst_total_bytes=846 +general json_lines=89,json_bytes=92091,flow_src_total_bytes=14408,flow_dst_total_bytes=846 events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=11,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=7,flow_state_finished=5 breed flow_breed_safe_count=1,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=13,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=12,flow_l3_other_count=0 diff --git a/test/results/influxd/default/lustre.pcapng.out b/test/results/influxd/default/lustre.pcapng.out index 6131eb38e..0ab99df1c 100644 --- a/test/results/influxd/default/lustre.pcapng.out +++ b/test/results/influxd/default/lustre.pcapng.out @@ -2,7 +2,7 @@ general json_lines=18,json_bytes=14371,flow_src_total_bytes=3584,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=2,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=2,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/malformed_dns.pcap.out b/test/results/influxd/default/malformed_dns.pcap.out index 0461bb215..1c121e0de 100644 --- a/test/results/influxd/default/malformed_dns.pcap.out +++ b/test/results/influxd/default/malformed_dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=16317,flow_src_total_bytes=56,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/malformed_icmp.pcap.out b/test/results/influxd/default/malformed_icmp.pcap.out index 75d412d4f..4f6c6890c 100644 --- a/test/results/influxd/default/malformed_icmp.pcap.out +++ b/test/results/influxd/default/malformed_icmp.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5714,flow_src_total_bytes=8,flow_dst_total_bytes events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/malware.pcap.out b/test/results/influxd/default/malware.pcap.out index ed9dbc960..640bc16eb 100644 --- a/test/results/influxd/default/malware.pcap.out +++ b/test/results/influxd/default/malware.pcap.out @@ -1,8 +1,8 @@ -general json_lines=45,json_bytes=42826,flow_src_total_bytes=3925,flow_dst_total_bytes=51588 +general json_lines=45,json_bytes=42580,flow_src_total_bytes=3925,flow_dst_total_bytes=51588 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=3 breed flow_breed_safe_count=2,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/memcached.cap.out b/test/results/influxd/default/memcached.cap.out index cdbf17dc5..0bd8219d9 100644 --- a/test/results/influxd/default/memcached.cap.out +++ b/test/results/influxd/default/memcached.cap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7814,flow_src_total_bytes=7,flow_dst_total_byte events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/merakicloud.pcapng.out b/test/results/influxd/default/merakicloud.pcapng.out index 0d3895a98..38ae7d571 100644 --- a/test/results/influxd/default/merakicloud.pcapng.out +++ b/test/results/influxd/default/merakicloud.pcapng.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=17595,flow_src_total_bytes=2679,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=7,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mgcp.pcap.out b/test/results/influxd/default/mgcp.pcap.out index 83ed57632..a3a7c2e7e 100644 --- a/test/results/influxd/default/mgcp.pcap.out +++ b/test/results/influxd/default/mgcp.pcap.out @@ -2,7 +2,7 @@ general json_lines=36,json_bytes=27828,flow_src_total_bytes=1364,flow_dst_total_ events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=13,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mikrotik_mndp.pcap.out b/test/results/influxd/default/mikrotik_mndp.pcap.out new file mode 100644 index 000000000..f142eef90 --- /dev/null +++ b/test/results/influxd/default/mikrotik_mndp.pcap.out @@ -0,0 +1,11 @@ +general json_lines=16,json_bytes=14304,flow_src_total_bytes=435,flow_dst_total_bytes=0 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=2,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/mining.pcapng.out b/test/results/influxd/default/mining.pcapng.out index d9ca19476..7bb895feb 100644 --- a/test/results/influxd/default/mining.pcapng.out +++ b/test/results/influxd/default/mining.pcapng.out @@ -2,7 +2,7 @@ general json_lines=41,json_bytes=37188,flow_src_total_bytes=146948,flow_dst_tota events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=4,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=4,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=4,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/modbus.pcap.out b/test/results/influxd/default/modbus.pcap.out index 94ce2ff30..593ee4c26 100644 --- a/test/results/influxd/default/modbus.pcap.out +++ b/test/results/influxd/default/modbus.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9978,flow_src_total_bytes=612,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/monero.pcap.out b/test/results/influxd/default/monero.pcap.out index 10e5d8499..5058db4ab 100644 --- a/test/results/influxd/default/monero.pcap.out +++ b/test/results/influxd/default/monero.pcap.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=25680,flow_src_total_bytes=1180,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=4,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=4,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mongo_false_positive.pcapng.out b/test/results/influxd/default/mongo_false_positive.pcapng.out index 88ea12950..f7e870ce3 100644 --- a/test/results/influxd/default/mongo_false_positive.pcapng.out +++ b/test/results/influxd/default/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=10924,flow_src_total_bytes=9246,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mongodb.pcap.out b/test/results/influxd/default/mongodb.pcap.out index b3293da89..b06c27d06 100644 --- a/test/results/influxd/default/mongodb.pcap.out +++ b/test/results/influxd/default/mongodb.pcap.out @@ -2,7 +2,7 @@ general json_lines=58,json_bytes=44139,flow_src_total_bytes=706,flow_dst_total_b events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=5,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=5,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mpeg-dash.pcap.out b/test/results/influxd/default/mpeg-dash.pcap.out index ec4734e33..e4e4d3b8d 100644 --- a/test/results/influxd/default/mpeg-dash.pcap.out +++ b/test/results/influxd/default/mpeg-dash.pcap.out @@ -2,7 +2,7 @@ general json_lines=30,json_bytes=28677,flow_src_total_bytes=2220,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=13,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=4,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=4,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mpeg.pcap.out b/test/results/influxd/default/mpeg.pcap.out index a0bad601f..8f23a3933 100644 --- a/test/results/influxd/default/mpeg.pcap.out +++ b/test/results/influxd/default/mpeg.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=9297,flow_src_total_bytes=148,flow_dst_total_bytes=9215 +general json_lines=12,json_bytes=9318,flow_src_total_bytes=148,flow_dst_total_bytes=9215 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mpegts.pcap.out b/test/results/influxd/default/mpegts.pcap.out index 1082eb5d0..50a0bbf73 100644 --- a/test/results/influxd/default/mpegts.pcap.out +++ b/test/results/influxd/default/mpegts.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=7868,flow_src_total_bytes=1316,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mqtt.pcap.out b/test/results/influxd/default/mqtt.pcap.out index a93848dd9..5f515abdb 100644 --- a/test/results/influxd/default/mqtt.pcap.out +++ b/test/results/influxd/default/mqtt.pcap.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=11567,flow_src_total_bytes=383,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mssql_tds.pcap.out b/test/results/influxd/default/mssql_tds.pcap.out index 28e31e779..3dfe7236c 100644 --- a/test/results/influxd/default/mssql_tds.pcap.out +++ b/test/results/influxd/default/mssql_tds.pcap.out @@ -2,7 +2,7 @@ general json_lines=65,json_bytes=65407,flow_src_total_bytes=12590,flow_dst_total events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=11,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=24,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=11 breed flow_breed_safe_count=0,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=11,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=11,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=12,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mullvad_dns.pcap.out b/test/results/influxd/default/mullvad_dns.pcap.out index 617b881da..5baad5a5c 100644 --- a/test/results/influxd/default/mullvad_dns.pcap.out +++ b/test/results/influxd/default/mullvad_dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=9,json_bytes=7576,flow_src_total_bytes=56,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mullvad_wireguard.pcap.out b/test/results/influxd/default/mullvad_wireguard.pcap.out index 704034ecd..d7f46e991 100644 --- a/test/results/influxd/default/mullvad_wireguard.pcap.out +++ b/test/results/influxd/default/mullvad_wireguard.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8729,flow_src_total_bytes=576,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mumble.pcapng.out b/test/results/influxd/default/mumble.pcapng.out index 90f5ff9d6..3948b2b4a 100644 --- a/test/results/influxd/default/mumble.pcapng.out +++ b/test/results/influxd/default/mumble.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=22,json_bytes=18047,flow_src_total_bytes=541,flow_dst_total_bytes=1488 +general json_lines=22,json_bytes=17965,flow_src_total_bytes=541,flow_dst_total_bytes=1488 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=3,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=3,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/munin.pcap.out b/test/results/influxd/default/munin.pcap.out index 89093f0e2..d82e5c7e8 100644 --- a/test/results/influxd/default/munin.pcap.out +++ b/test/results/influxd/default/munin.pcap.out @@ -2,7 +2,7 @@ general json_lines=38,json_bytes=27022,flow_src_total_bytes=242,flow_dst_total_b events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/mysql.pcapng.out b/test/results/influxd/default/mysql.pcapng.out index 97af5670f..4502952c1 100644 --- a/test/results/influxd/default/mysql.pcapng.out +++ b/test/results/influxd/default/mysql.pcapng.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=14428,flow_src_total_bytes=1084,flow_dst_total_ events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=2,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=2,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nano.pcapng.out b/test/results/influxd/default/nano.pcapng.out index 08ed118c0..d50340b12 100644 --- a/test/results/influxd/default/nano.pcapng.out +++ b/test/results/influxd/default/nano.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7867,flow_src_total_bytes=40,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=1,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=1,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/natpmp.pcap.out b/test/results/influxd/default/natpmp.pcap.out index 0aa8dd066..6e14b0ab6 100644 --- a/test/results/influxd/default/natpmp.pcap.out +++ b/test/results/influxd/default/natpmp.pcap.out @@ -2,7 +2,7 @@ general json_lines=31,json_bytes=24821,flow_src_total_bytes=88,flow_dst_total_by events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nats.pcap.out b/test/results/influxd/default/nats.pcap.out index 5870f8e58..40d3d6943 100644 --- a/test/results/influxd/default/nats.pcap.out +++ b/test/results/influxd/default/nats.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=13907,flow_src_total_bytes=276,flow_dst_total_b events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/naver.pcap.out b/test/results/influxd/default/naver.pcap.out index 8a16625d5..314da8bc4 100644 --- a/test/results/influxd/default/naver.pcap.out +++ b/test/results/influxd/default/naver.pcap.out @@ -1,8 +1,8 @@ -general json_lines=30,json_bytes=26423,flow_src_total_bytes=1551,flow_dst_total_bytes=10972 +general json_lines=30,json_bytes=26177,flow_src_total_bytes=1551,flow_dst_total_bytes=10972 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=3,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out index 34d7a5687..dad4a6a4e 100644 --- a/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=13270,flow_src_total_bytes=1648,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nest_log_sink.pcap.out b/test/results/influxd/default/nest_log_sink.pcap.out index 3eac8b642..ae9a984ff 100644 --- a/test/results/influxd/default/nest_log_sink.pcap.out +++ b/test/results/influxd/default/nest_log_sink.pcap.out @@ -2,7 +2,7 @@ general json_lines=168,json_bytes=149952,flow_src_total_bytes=55213,flow_dst_tot events flow_new_count=17,flow_end_count=12,flow_idle_count=5,flow_update_count=8,flow_analyse_count=10,flow_guessed_count=1,flow_detected_count=16,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=80,init_count=1,reconnect_count=0,shutdown_count=1,status_count=12,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=16,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=12,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=12,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=16,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=17,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/netbios.pcap.out b/test/results/influxd/default/netbios.pcap.out index a5f32427c..156de3b7e 100644 --- a/test/results/influxd/default/netbios.pcap.out +++ b/test/results/influxd/default/netbios.pcap.out @@ -1,11 +1,11 @@ -general json_lines=90,json_bytes=76316,flow_src_total_bytes=13099,flow_dst_total_bytes=700 -events flow_new_count=16,flow_end_count=0,flow_idle_count=16,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=15,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=90,json_bytes=75721,flow_src_total_bytes=13099,flow_dst_total_bytes=700 +events flow_new_count=16,flow_end_count=0,flow_idle_count=16,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=15,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=15,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=15,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=15,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=16,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=2,flow_l4_udp_count=14,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=16,flow_detected_count=15,flow_guessed_count=1,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out b/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out index 9bd2f5f29..2c4b4c480 100644 --- a/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5891,flow_src_total_bytes=50,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/netease_games.pcapng.out b/test/results/influxd/default/netease_games.pcapng.out index 19789a770..2a5970a6c 100644 --- a/test/results/influxd/default/netease_games.pcapng.out +++ b/test/results/influxd/default/netease_games.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=42,json_bytes=34664,flow_src_total_bytes=874,flow_dst_total_bytes=782 +general json_lines=42,json_bytes=34582,flow_src_total_bytes=874,flow_dst_total_bytes=782 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/netflix.pcap.out b/test/results/influxd/default/netflix.pcap.out index dc57fe991..29f0fad9d 100644 --- a/test/results/influxd/default/netflix.pcap.out +++ b/test/results/influxd/default/netflix.pcap.out @@ -1,8 +1,8 @@ -general json_lines=557,json_bytes=565158,flow_src_total_bytes=117204,flow_dst_total_bytes=768140 +general json_lines=557,json_bytes=562862,flow_src_total_bytes=117204,flow_dst_total_bytes=768140 events flow_new_count=61,flow_end_count=31,flow_idle_count=30,flow_update_count=9,flow_analyse_count=27,flow_guessed_count=1,flow_detected_count=60,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=33,packet_count=0,packet_flow_count=266,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=49 breed flow_breed_safe_count=0,flow_breed_acceptable_count=22,flow_breed_fun_count=38,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=18,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=13,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=28,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=18,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=13,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=28,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=60,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=70,flow_severity_medium=18,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=61,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/netflow-fritz.pcap.out b/test/results/influxd/default/netflow-fritz.pcap.out index d729e5510..96c24eb50 100644 --- a/test/results/influxd/default/netflow-fritz.pcap.out +++ b/test/results/influxd/default/netflow-fritz.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=5825,flow_src_total_bytes=180,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/netflowv9.pcap.out b/test/results/influxd/default/netflowv9.pcap.out index 6a7b1d3f8..c9443761f 100644 --- a/test/results/influxd/default/netflowv9.pcap.out +++ b/test/results/influxd/default/netflowv9.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=17011,flow_src_total_bytes=13468,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nfsv2.pcap.out b/test/results/influxd/default/nfsv2.pcap.out index cbe9e1d30..f0a0cd4c5 100644 --- a/test/results/influxd/default/nfsv2.pcap.out +++ b/test/results/influxd/default/nfsv2.pcap.out @@ -2,7 +2,7 @@ general json_lines=42,json_bytes=34973,flow_src_total_bytes=10080,flow_dst_total events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=17,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=7,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=7,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=5,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nfsv3.pcap.out b/test/results/influxd/default/nfsv3.pcap.out index b16d868a8..61029a5d8 100644 --- a/test/results/influxd/default/nfsv3.pcap.out +++ b/test/results/influxd/default/nfsv3.pcap.out @@ -2,7 +2,7 @@ general json_lines=47,json_bytes=39244,flow_src_total_bytes=8508,flow_dst_total_ events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=8 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=8,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=8,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nintendo.pcap.out b/test/results/influxd/default/nintendo.pcap.out index a737d431a..b4bb0ae7a 100644 --- a/test/results/influxd/default/nintendo.pcap.out +++ b/test/results/influxd/default/nintendo.pcap.out @@ -1,8 +1,8 @@ -general json_lines=164,json_bytes=137253,flow_src_total_bytes=151475,flow_dst_total_bytes=137750 +general json_lines=164,json_bytes=137007,flow_src_total_bytes=151475,flow_dst_total_bytes=137750 events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=6,flow_detected_count=15,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=84,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=13 breed flow_breed_safe_count=1,flow_breed_acceptable_count=2,flow_breed_fun_count=12,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=9,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=9,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=15,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=21,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/nntp.pcap.out b/test/results/influxd/default/nntp.pcap.out index 1e4635cf8..c4e225237 100644 --- a/test/results/influxd/default/nntp.pcap.out +++ b/test/results/influxd/default/nntp.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10136,flow_src_total_bytes=113,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/no_sni.pcap.out b/test/results/influxd/default/no_sni.pcap.out index 9b721daf9..a464051f1 100644 --- a/test/results/influxd/default/no_sni.pcap.out +++ b/test/results/influxd/default/no_sni.pcap.out @@ -1,11 +1,11 @@ -general json_lines=79,json_bytes=72364,flow_src_total_bytes=14690,flow_dst_total_bytes=42821 -events flow_new_count=8,flow_end_count=3,flow_idle_count=5,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=79,json_bytes=76634,flow_src_total_bytes=14690,flow_dst_total_bytes=42821 +events flow_new_count=8,flow_end_count=3,flow_idle_count=5,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=5,flow_state_finished=3 breed flow_breed_safe_count=7,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=7,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=7,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=1,flow_severity_medium=16,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=8,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=8,flow_detected_count=8,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=8,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=8,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=8,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/nomachine.pcapng.out b/test/results/influxd/default/nomachine.pcapng.out index c18a5bcf8..b452e75dd 100644 --- a/test/results/influxd/default/nomachine.pcapng.out +++ b/test/results/influxd/default/nomachine.pcapng.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=16071,flow_src_total_bytes=655,flow_dst_total_b events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ocs.pcap.out b/test/results/influxd/default/ocs.pcap.out index 7da27727a..1c6726984 100644 --- a/test/results/influxd/default/ocs.pcap.out +++ b/test/results/influxd/default/ocs.pcap.out @@ -1,8 +1,8 @@ -general json_lines=137,json_bytes=114626,flow_src_total_bytes=12361,flow_dst_total_bytes=0 +general json_lines=137,json_bytes=114421,flow_src_total_bytes=12361,flow_dst_total_bytes=0 events flow_new_count=20,flow_end_count=5,flow_idle_count=15,flow_update_count=7,flow_analyse_count=2,flow_guessed_count=2,flow_detected_count=18,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=18,flow_state_finished=2 breed flow_breed_safe_count=3,flow_breed_acceptable_count=8,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=4,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=4,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=18,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=11,flow_severity_medium=0,flow_severity_high=7,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=20,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ocsp.pcapng.out b/test/results/influxd/default/ocsp.pcapng.out index e4904e36c..8d6b5ddcd 100644 --- a/test/results/influxd/default/ocsp.pcapng.out +++ b/test/results/influxd/default/ocsp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=93,json_bytes=86690,flow_src_total_bytes=6995,flow_dst_total_ events flow_new_count=10,flow_end_count=10,flow_idle_count=0,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=9,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=9,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=9,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/oicq.pcap.out b/test/results/influxd/default/oicq.pcap.out index 6a6c12919..78ae9c035 100644 --- a/test/results/influxd/default/oicq.pcap.out +++ b/test/results/influxd/default/oicq.pcap.out @@ -2,7 +2,7 @@ general json_lines=146,json_bytes=121439,flow_src_total_bytes=1324,flow_dst_tota events flow_new_count=29,flow_end_count=0,flow_idle_count=29,flow_update_count=14,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=29,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=14,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=29 breed flow_breed_safe_count=0,flow_breed_acceptable_count=29,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=29,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=29,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=29,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=29,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ookla.pcap.out b/test/results/influxd/default/ookla.pcap.out index bd8fb97bb..582e866c2 100644 --- a/test/results/influxd/default/ookla.pcap.out +++ b/test/results/influxd/default/ookla.pcap.out @@ -1,8 +1,8 @@ -general json_lines=55,json_bytes=43354,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 +general json_lines=55,json_bytes=43190,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=3 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/opc-ua.pcap.out b/test/results/influxd/default/opc-ua.pcap.out index c6977ec4a..f4b88b22e 100644 --- a/test/results/influxd/default/opc-ua.pcap.out +++ b/test/results/influxd/default/opc-ua.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9923,flow_src_total_bytes=12547,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openflow.pcap.out b/test/results/influxd/default/openflow.pcap.out index db846589d..8df77b9c6 100644 --- a/test/results/influxd/default/openflow.pcap.out +++ b/test/results/influxd/default/openflow.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7848,flow_src_total_bytes=332,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openvpn-tlscrypt.pcap.out b/test/results/influxd/default/openvpn-tlscrypt.pcap.out index 05a0d98ac..6cb92329c 100644 --- a/test/results/influxd/default/openvpn-tlscrypt.pcap.out +++ b/test/results/influxd/default/openvpn-tlscrypt.pcap.out @@ -2,7 +2,7 @@ general json_lines=29,json_bytes=17821,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=13,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=13,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openvpn.pcap.out b/test/results/influxd/default/openvpn.pcap.out index a7a06638d..be10bc4a5 100644 --- a/test/results/influxd/default/openvpn.pcap.out +++ b/test/results/influxd/default/openvpn.pcap.out @@ -1,8 +1,8 @@ -general json_lines=96,json_bytes=91911,flow_src_total_bytes=49021,flow_dst_total_bytes=52809 +general json_lines=96,json_bytes=91974,flow_src_total_bytes=49021,flow_dst_total_bytes=52809 events flow_new_count=10,flow_end_count=1,flow_idle_count=9,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=10 breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=10,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=10,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openvpn_nohmac.pcapng.out b/test/results/influxd/default/openvpn_nohmac.pcapng.out index 43ec7aadf..8312fc66e 100644 --- a/test/results/influxd/default/openvpn_nohmac.pcapng.out +++ b/test/results/influxd/default/openvpn_nohmac.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=11280,flow_src_total_bytes=113447,flow_dst_tota events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out b/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out index 942c4a88d..26eca4484 100644 --- a/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out +++ b/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10169,flow_src_total_bytes=6986,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openvpn_obfuscated.pcapng.out b/test/results/influxd/default/openvpn_obfuscated.pcapng.out index b01f13550..ed4184e2c 100644 --- a/test/results/influxd/default/openvpn_obfuscated.pcapng.out +++ b/test/results/influxd/default/openvpn_obfuscated.pcapng.out @@ -2,7 +2,7 @@ general json_lines=30,json_bytes=26642,flow_src_total_bytes=14851,flow_dst_total events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=3,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/openwire.pcapng.out b/test/results/influxd/default/openwire.pcapng.out index 9f4d8055e..9a1ec764a 100644 --- a/test/results/influxd/default/openwire.pcapng.out +++ b/test/results/influxd/default/openwire.pcapng.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=15038,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=16,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=16,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/opera-vpn.pcapng.out b/test/results/influxd/default/opera-vpn.pcapng.out index 75c8c960b..49a08e056 100644 --- a/test/results/influxd/default/opera-vpn.pcapng.out +++ b/test/results/influxd/default/opera-vpn.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=618,json_bytes=625039,flow_src_total_bytes=206752,flow_dst_total_bytes=980038 +general json_lines=618,json_bytes=620144,flow_src_total_bytes=206752,flow_dst_total_bytes=980038 events flow_new_count=62,flow_end_count=28,flow_idle_count=34,flow_update_count=0,flow_analyse_count=60,flow_guessed_count=1,flow_detected_count=61,flow_detection_update_count=61,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=308,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=60 breed flow_breed_safe_count=0,flow_breed_acceptable_count=61,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=61,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=61,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=61,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=62,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/oracle12.pcapng.out b/test/results/influxd/default/oracle12.pcapng.out index b565c8c71..2d07c532f 100644 --- a/test/results/influxd/default/oracle12.pcapng.out +++ b/test/results/influxd/default/oracle12.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8060,flow_src_total_bytes=941,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/os_detected.pcapng.out b/test/results/influxd/default/os_detected.pcapng.out index ee0992848..362e5e724 100644 --- a/test/results/influxd/default/os_detected.pcapng.out +++ b/test/results/influxd/default/os_detected.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=7,json_bytes=8186,flow_src_total_bytes=1252,flow_dst_total_bytes=0 +general json_lines=7,json_bytes=8021,flow_src_total_bytes=1252,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out b/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out index c98f56cd0..36c73b89d 100644 --- a/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=6197,flow_src_total_bytes=88,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out index 1dd3661de..093dfe040 100644 --- a/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -2,7 +2,7 @@ general json_lines=59,json_bytes=50157,flow_src_total_bytes=2613,flow_dst_total_ events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=3,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=7,packet_count=0,packet_flow_count=18,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=8 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=2,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=5,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=5,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out index f425f09d8..7d8e006b3 100644 --- a/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -2,7 +2,7 @@ general json_lines=65,json_bytes=50097,flow_src_total_bytes=13912,flow_dst_total events flow_new_count=8,flow_end_count=3,flow_idle_count=5,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=1,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=34,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=1,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=1,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out index 252ae15a2..a98ed0246 100644 --- a/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=7551,flow_src_total_bytes=82,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out index 861bce7df..3afb51d9a 100644 --- a/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=5907,flow_src_total_bytes=4,flow_dst_total_bytes events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/paltalk.pcapng.out b/test/results/influxd/default/paltalk.pcapng.out index 20a66b083..874be9dc3 100644 --- a/test/results/influxd/default/paltalk.pcapng.out +++ b/test/results/influxd/default/paltalk.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=33,json_bytes=26314,flow_src_total_bytes=1047,flow_dst_total_bytes=1460 +general json_lines=33,json_bytes=26232,flow_src_total_bytes=1047,flow_dst_total_bytes=1460 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=4,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=4,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/path_of_exile.pcapng.out b/test/results/influxd/default/path_of_exile.pcapng.out index 8c37489cf..7ce9e7418 100644 --- a/test/results/influxd/default/path_of_exile.pcapng.out +++ b/test/results/influxd/default/path_of_exile.pcapng.out @@ -1,11 +1,11 @@ -general json_lines=10,json_bytes=7357,flow_src_total_bytes=31,flow_dst_total_bytes=0 -events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +general json_lines=34,json_bytes=24937,flow_src_total_bytes=88,flow_dst_total_bytes=0 +events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=4 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=4,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=4,flow_detected_count=4,flow_guessed_count=0,flow_not_detected_count=0 risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/pfcp.pcapng.out b/test/results/influxd/default/pfcp.pcapng.out index 7aaecf55a..acbc69799 100644 --- a/test/results/influxd/default/pfcp.pcapng.out +++ b/test/results/influxd/default/pfcp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8837,flow_src_total_bytes=2395,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pgm.pcap.out b/test/results/influxd/default/pgm.pcap.out index 0f4ae0498..fe102f508 100644 --- a/test/results/influxd/default/pgm.pcap.out +++ b/test/results/influxd/default/pgm.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=12016,flow_src_total_bytes=162302,flow_dst_tota events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pgsql.pcap.out b/test/results/influxd/default/pgsql.pcap.out index af24e072b..6be00f9ba 100644 --- a/test/results/influxd/default/pgsql.pcap.out +++ b/test/results/influxd/default/pgsql.pcap.out @@ -2,7 +2,7 @@ general json_lines=52,json_bytes=36167,flow_src_total_bytes=1157,flow_dst_total_ events flow_new_count=6,flow_end_count=3,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=6,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=6,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pgsql2.pcapng.out b/test/results/influxd/default/pgsql2.pcapng.out index de1eb9acf..68978ab6e 100644 --- a/test/results/influxd/default/pgsql2.pcapng.out +++ b/test/results/influxd/default/pgsql2.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7964,flow_src_total_bytes=800,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pia.pcap.out b/test/results/influxd/default/pia.pcap.out index 7304f5a8e..b701a38b2 100644 --- a/test/results/influxd/default/pia.pcap.out +++ b/test/results/influxd/default/pia.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12703,flow_src_total_bytes=610,flow_dst_total_bytes=2622 +general json_lines=13,json_bytes=12580,flow_src_total_bytes=610,flow_dst_total_bytes=2622 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pim.pcap.out b/test/results/influxd/default/pim.pcap.out index 6dbeda4f8..cc898e12e 100644 --- a/test/results/influxd/default/pim.pcap.out +++ b/test/results/influxd/default/pim.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7777,flow_src_total_bytes=580,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pinterest.pcap.out b/test/results/influxd/default/pinterest.pcap.out index 340bd78b9..25db4e2de 100644 --- a/test/results/influxd/default/pinterest.pcap.out +++ b/test/results/influxd/default/pinterest.pcap.out @@ -1,8 +1,8 @@ -general json_lines=297,json_bytes=300389,flow_src_total_bytes=30054,flow_dst_total_bytes=337815 +general json_lines=297,json_bytes=298306,flow_src_total_bytes=30054,flow_dst_total_bytes=337815 events flow_new_count=37,flow_end_count=5,flow_idle_count=32,flow_update_count=0,flow_analyse_count=13,flow_guessed_count=16,flow_detected_count=21,flow_detection_update_count=33,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=137,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=24,flow_state_finished=13 breed flow_breed_safe_count=3,flow_breed_acceptable_count=6,flow_breed_fun_count=11,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=8,flow_category_social_network_count=11,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=8,flow_category_social_network_count=11,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=37,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pluralsight.pcap.out b/test/results/influxd/default/pluralsight.pcap.out index 97e92afb0..c28259785 100644 --- a/test/results/influxd/default/pluralsight.pcap.out +++ b/test/results/influxd/default/pluralsight.pcap.out @@ -1,8 +1,8 @@ -general json_lines=59,json_bytes=74606,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 +general json_lines=59,json_bytes=73950,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=28,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=6,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=6,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pop3.pcap.out b/test/results/influxd/default/pop3.pcap.out index 64cec1165..3b7960e65 100644 --- a/test/results/influxd/default/pop3.pcap.out +++ b/test/results/influxd/default/pop3.pcap.out @@ -2,7 +2,7 @@ general json_lines=53,json_bytes=40204,flow_src_total_bytes=417,flow_dst_total_b events flow_new_count=6,flow_end_count=6,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=6,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=6,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=6,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/pop3_stls.pcap.out b/test/results/influxd/default/pop3_stls.pcap.out index 53a261528..7bad44e05 100644 --- a/test/results/influxd/default/pop3_stls.pcap.out +++ b/test/results/influxd/default/pop3_stls.pcap.out @@ -1,11 +1,11 @@ -general json_lines=15,json_bytes=14157,flow_src_total_bytes=805,flow_dst_total_bytes=7462 +general json_lines=15,json_bytes=14569,flow_src_total_bytes=805,flow_dst_total_bytes=7462 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=3,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=4,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=3,flow_risk_8_count=2,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=3,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/pops.pcapng.out b/test/results/influxd/default/pops.pcapng.out index 7e4ed0870..d28194bb0 100644 --- a/test/results/influxd/default/pops.pcapng.out +++ b/test/results/influxd/default/pops.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=12664,flow_src_total_bytes=184,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/portable_executable.pcap.out b/test/results/influxd/default/portable_executable.pcap.out index d2b04e09d..7f3ca0544 100644 --- a/test/results/influxd/default/portable_executable.pcap.out +++ b/test/results/influxd/default/portable_executable.pcap.out @@ -1,11 +1,11 @@ -general json_lines=19,json_bytes=18645,flow_src_total_bytes=11308,flow_dst_total_bytes=11308 -events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=19,json_bytes=18725,flow_src_total_bytes=11308,flow_dst_total_bytes=11308 +events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=2,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=2,flow_detected_count=0,flow_guessed_count=1,flow_not_detected_count=1 +detection flow_active_count=2,flow_detected_count=0,flow_guessed_count=2,flow_not_detected_count=0 risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/pptp.pcap.out b/test/results/influxd/default/pptp.pcap.out index a4576be34..2f093d4fe 100644 --- a/test/results/influxd/default/pptp.pcap.out +++ b/test/results/influxd/default/pptp.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7973,flow_src_total_bytes=356,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/profinet-io-le.pcap.out b/test/results/influxd/default/profinet-io-le.pcap.out index 735450508..11949a54f 100644 --- a/test/results/influxd/default/profinet-io-le.pcap.out +++ b/test/results/influxd/default/profinet-io-le.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=7011,flow_src_total_bytes=164,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/protobuf.pcap.out b/test/results/influxd/default/protobuf.pcap.out index 6c7526b6f..acc52c728 100644 --- a/test/results/influxd/default/protobuf.pcap.out +++ b/test/results/influxd/default/protobuf.pcap.out @@ -2,7 +2,7 @@ general json_lines=47,json_bytes=33860,flow_src_total_bytes=1086,flow_dst_total_ events flow_new_count=5,flow_end_count=5,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/protonvpn.pcap.out b/test/results/influxd/default/protonvpn.pcap.out index 7931e272d..240266d17 100644 --- a/test/results/influxd/default/protonvpn.pcap.out +++ b/test/results/influxd/default/protonvpn.pcap.out @@ -1,8 +1,8 @@ -general json_lines=25,json_bytes=20460,flow_src_total_bytes=1624,flow_dst_total_bytes=6451 +general json_lines=25,json_bytes=20337,flow_src_total_bytes=1624,flow_dst_total_bytes=6451 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/psiphon3.pcap.out b/test/results/influxd/default/psiphon3.pcap.out index febcf07a8..fec0fd312 100644 --- a/test/results/influxd/default/psiphon3.pcap.out +++ b/test/results/influxd/default/psiphon3.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=14172,flow_src_total_bytes=3700,flow_dst_total_bytes=5574 +general json_lines=14,json_bytes=14049,flow_src_total_bytes=3700,flow_dst_total_bytes=5574 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ptpv2.pcap.out b/test/results/influxd/default/ptpv2.pcap.out index 24199239b..0cd6200c4 100644 --- a/test/results/influxd/default/ptpv2.pcap.out +++ b/test/results/influxd/default/ptpv2.pcap.out @@ -2,7 +2,7 @@ general json_lines=23,json_bytes=17454,flow_src_total_bytes=796,flow_dst_total_b events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=3,flow_l3_other_count=0 diff --git a/test/results/influxd/default/punycode-idn.pcap.out b/test/results/influxd/default/punycode-idn.pcap.out index ff26e199a..161a48379 100644 --- a/test/results/influxd/default/punycode-idn.pcap.out +++ b/test/results/influxd/default/punycode-idn.pcap.out @@ -2,7 +2,7 @@ general json_lines=24,json_bytes=20770,flow_src_total_bytes=232,flow_dst_total_b events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-23.pcap.out b/test/results/influxd/default/quic-23.pcap.out index 80c538a97..8ab6b830e 100644 --- a/test/results/influxd/default/quic-23.pcap.out +++ b/test/results/influxd/default/quic-23.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=13698,flow_src_total_bytes=1993,flow_dst_total_bytes=3958 +general json_lines=11,json_bytes=13657,flow_src_total_bytes=1993,flow_dst_total_bytes=3958 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-24.pcap.out b/test/results/influxd/default/quic-24.pcap.out index 014d57885..f3b199839 100644 --- a/test/results/influxd/default/quic-24.pcap.out +++ b/test/results/influxd/default/quic-24.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=13394,flow_src_total_bytes=4378,flow_dst_total_bytes=2992 +general json_lines=11,json_bytes=13353,flow_src_total_bytes=4378,flow_dst_total_bytes=2992 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-27.pcap.out b/test/results/influxd/default/quic-27.pcap.out index 40c1da9e3..2c332c1d8 100644 --- a/test/results/influxd/default/quic-27.pcap.out +++ b/test/results/influxd/default/quic-27.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=17372,flow_src_total_bytes=5523,flow_dst_total_bytes=6124 +general json_lines=11,json_bytes=17262,flow_src_total_bytes=5523,flow_dst_total_bytes=6124 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-28.pcap.out b/test/results/influxd/default/quic-28.pcap.out index 5a4a3d0bd..eb9982364 100644 --- a/test/results/influxd/default/quic-28.pcap.out +++ b/test/results/influxd/default/quic-28.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=13835,flow_src_total_bytes=5428,flow_dst_total_bytes=230739 +general json_lines=12,json_bytes=13794,flow_src_total_bytes=5428,flow_dst_total_bytes=230739 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-29.pcap.out b/test/results/influxd/default/quic-29.pcap.out index 590e8738a..762c32c36 100644 --- a/test/results/influxd/default/quic-29.pcap.out +++ b/test/results/influxd/default/quic-29.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=13387,flow_src_total_bytes=4303,flow_dst_total_bytes=4453 +general json_lines=11,json_bytes=13346,flow_src_total_bytes=4303,flow_dst_total_bytes=4453 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-33.pcapng.out b/test/results/influxd/default/quic-33.pcapng.out index 9d6bf7cd1..d2f15690a 100644 --- a/test/results/influxd/default/quic-33.pcapng.out +++ b/test/results/influxd/default/quic-33.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15233,flow_src_total_bytes=1432,flow_dst_total_bytes=3470 +general json_lines=11,json_bytes=15192,flow_src_total_bytes=1432,flow_dst_total_bytes=3470 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-34.pcap.out b/test/results/influxd/default/quic-34.pcap.out index 4ee28fd4e..344056a71 100644 --- a/test/results/influxd/default/quic-34.pcap.out +++ b/test/results/influxd/default/quic-34.pcap.out @@ -1,8 +1,8 @@ -general json_lines=10,json_bytes=14611,flow_src_total_bytes=1252,flow_dst_total_bytes=3416 +general json_lines=10,json_bytes=14570,flow_src_total_bytes=1252,flow_dst_total_bytes=3416 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out b/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out index 703f6502b..e6872e633 100644 --- a/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=15127,flow_src_total_bytes=5466,flow_dst_total_bytes=2691 +general json_lines=12,json_bytes=15086,flow_src_total_bytes=5466,flow_dst_total_bytes=2691 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-fuzz-overflow.pcapng.out b/test/results/influxd/default/quic-fuzz-overflow.pcapng.out index 7e739a632..7c0fe9668 100644 --- a/test/results/influxd/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/influxd/default/quic-fuzz-overflow.pcapng.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=8726,flow_src_total_bytes=1252,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-mvfst-22.pcap.out b/test/results/influxd/default/quic-mvfst-22.pcap.out index 464faecec..84ba1c104 100644 --- a/test/results/influxd/default/quic-mvfst-22.pcap.out +++ b/test/results/influxd/default/quic-mvfst-22.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=15679,flow_src_total_bytes=72648,flow_dst_total_bytes=195075 +general json_lines=12,json_bytes=15638,flow_src_total_bytes=72648,flow_dst_total_bytes=195075 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out index 0eee4a34a..3e92db8f9 100644 --- a/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=10726,flow_src_total_bytes=3572,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-mvfst-27.pcapng.out b/test/results/influxd/default/quic-mvfst-27.pcapng.out index f622f31ac..90e7be9b3 100644 --- a/test/results/influxd/default/quic-mvfst-27.pcapng.out +++ b/test/results/influxd/default/quic-mvfst-27.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=10,json_bytes=15910,flow_src_total_bytes=2538,flow_dst_total_bytes=6981 +general json_lines=10,json_bytes=15869,flow_src_total_bytes=2538,flow_dst_total_bytes=6981 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-mvfst-exp.pcap.out b/test/results/influxd/default/quic-mvfst-exp.pcap.out index 940b090d1..723d2f3ef 100644 --- a/test/results/influxd/default/quic-mvfst-exp.pcap.out +++ b/test/results/influxd/default/quic-mvfst-exp.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15909,flow_src_total_bytes=3496,flow_dst_total_bytes=20953 +general json_lines=11,json_bytes=15868,flow_src_total_bytes=3496,flow_dst_total_bytes=20953 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic-v2.pcapng.out b/test/results/influxd/default/quic-v2.pcapng.out index f5ba74e41..275e28617 100644 --- a/test/results/influxd/default/quic-v2.pcapng.out +++ b/test/results/influxd/default/quic-v2.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15046,flow_src_total_bytes=2222,flow_dst_total_bytes=9532 +general json_lines=11,json_bytes=15005,flow_src_total_bytes=2222,flow_dst_total_bytes=9532 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic.pcap.out b/test/results/influxd/default/quic.pcap.out index 8e897bedb..0791289f5 100644 --- a/test/results/influxd/default/quic.pcap.out +++ b/test/results/influxd/default/quic.pcap.out @@ -1,8 +1,8 @@ -general json_lines=80,json_bytes=117305,flow_src_total_bytes=41486,flow_dst_total_bytes=285324 +general json_lines=80,json_bytes=116920,flow_src_total_bytes=41486,flow_dst_total_bytes=285324 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=42,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=5,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=5,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic046.pcap.out b/test/results/influxd/default/quic046.pcap.out index ee2e51600..3f2a6acd8 100644 --- a/test/results/influxd/default/quic046.pcap.out +++ b/test/results/influxd/default/quic046.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=13111,flow_src_total_bytes=5170,flow_dst_total_bytes=81927 +general json_lines=12,json_bytes=13047,flow_src_total_bytes=5170,flow_dst_total_bytes=81927 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_0RTT.pcap.out b/test/results/influxd/default/quic_0RTT.pcap.out index 8f748ef61..45177dcf3 100644 --- a/test/results/influxd/default/quic_0RTT.pcap.out +++ b/test/results/influxd/default/quic_0RTT.pcap.out @@ -1,8 +1,8 @@ -general json_lines=17,json_bytes=20923,flow_src_total_bytes=3106,flow_dst_total_bytes=3906 +general json_lines=17,json_bytes=20841,flow_src_total_bytes=3106,flow_dst_total_bytes=3906 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_cc_ack.pcapng.out b/test/results/influxd/default/quic_cc_ack.pcapng.out index 8a8fe890f..70daeb67d 100644 --- a/test/results/influxd/default/quic_cc_ack.pcapng.out +++ b/test/results/influxd/default/quic_cc_ack.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=12570,flow_src_total_bytes=2700,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out b/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out index 0392dacbf..c935c427d 100644 --- a/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=13478,flow_src_total_bytes=2700,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=13396,flow_src_total_bytes=2700,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out index 1a7a7fc9b..2c5ffc2d6 100644 --- a/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15062,flow_src_total_bytes=2464,flow_dst_total_bytes=1286 +general json_lines=11,json_bytes=15021,flow_src_total_bytes=2464,flow_dst_total_bytes=1286 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index abb727c1c..42da7984c 100644 --- a/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=667,json_bytes=961340,flow_src_total_bytes=241650,flow_dst_total_bytes=0 +general json_lines=667,json_bytes=949234,flow_src_total_bytes=241650,flow_dst_total_bytes=0 events flow_new_count=113,flow_end_count=0,flow_idle_count=113,flow_update_count=123,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=113,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=179,init_count=1,reconnect_count=0,shutdown_count=1,status_count=24,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=113 breed flow_breed_safe_count=3,flow_breed_acceptable_count=88,flow_breed_fun_count=22,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=21,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=59,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=5,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=3,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=17,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=21,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=59,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=5,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=3,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=17,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=3,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=110,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=113,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_frags_different_dcid.pcapng.out b/test/results/influxd/default/quic_frags_different_dcid.pcapng.out index ae09a91da..d539ec460 100644 --- a/test/results/influxd/default/quic_frags_different_dcid.pcapng.out +++ b/test/results/influxd/default/quic_frags_different_dcid.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=14158,flow_src_total_bytes=2500,flow_dst_total_bytes=1200 +general json_lines=11,json_bytes=14117,flow_src_total_bytes=2500,flow_dst_total_bytes=1200 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_interop_V.pcapng.out b/test/results/influxd/default/quic_interop_V.pcapng.out index 5c2dbcec3..08c2d3a2b 100644 --- a/test/results/influxd/default/quic_interop_V.pcapng.out +++ b/test/results/influxd/default/quic_interop_V.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=471,json_bytes=631807,flow_src_total_bytes=229418,flow_dst_total_bytes=1702 +general json_lines=471,json_bytes=631863,flow_src_total_bytes=229418,flow_dst_total_bytes=1702 events flow_new_count=77,flow_end_count=0,flow_idle_count=77,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=77,flow_detection_update_count=30,flow_not_detected_count=0,flow_risky_count=58,packet_count=0,packet_flow_count=207,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=33,flow_state_finished=44 breed flow_breed_safe_count=0,flow_breed_acceptable_count=77,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=63,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=14,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=63,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=14,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=77,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=36,flow_severity_medium=62,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=42,flow_l3_ip6_count=35,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_q39.pcap.out b/test/results/influxd/default/quic_q39.pcap.out index c26acb545..03949b015 100644 --- a/test/results/influxd/default/quic_q39.pcap.out +++ b/test/results/influxd/default/quic_q39.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=15368,flow_src_total_bytes=18965,flow_dst_total_bytes=2686 +general json_lines=12,json_bytes=15306,flow_src_total_bytes=18965,flow_dst_total_bytes=2686 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_q43.pcap.out b/test/results/influxd/default/quic_q43.pcap.out index 59851f1ab..63384414b 100644 --- a/test/results/influxd/default/quic_q43.pcap.out +++ b/test/results/influxd/default/quic_q43.pcap.out @@ -2,7 +2,7 @@ general json_lines=8,json_bytes=8064,flow_src_total_bytes=1350,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_q46.pcap.out b/test/results/influxd/default/quic_q46.pcap.out index 650156118..fcbf39fe8 100644 --- a/test/results/influxd/default/quic_q46.pcap.out +++ b/test/results/influxd/default/quic_q46.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15192,flow_src_total_bytes=1465,flow_dst_total_bytes=18936 +general json_lines=11,json_bytes=15132,flow_src_total_bytes=1465,flow_dst_total_bytes=18936 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_q46_b.pcap.out b/test/results/influxd/default/quic_q46_b.pcap.out index b5f8702bf..a7d812612 100644 --- a/test/results/influxd/default/quic_q46_b.pcap.out +++ b/test/results/influxd/default/quic_q46_b.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=12006,flow_src_total_bytes=2376,flow_dst_total_bytes=2844 +general json_lines=11,json_bytes=11944,flow_src_total_bytes=2376,flow_dst_total_bytes=2844 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_q50.pcap.out b/test/results/influxd/default/quic_q50.pcap.out index 2fc29a89b..57a40245b 100644 --- a/test/results/influxd/default/quic_q50.pcap.out +++ b/test/results/influxd/default/quic_q50.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=13498,flow_src_total_bytes=3327,flow_dst_total_bytes=16267 +general json_lines=11,json_bytes=13438,flow_src_total_bytes=3327,flow_dst_total_bytes=16267 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_sh.pcap.out b/test/results/influxd/default/quic_sh.pcap.out index 9c828032c..be6462da4 100644 --- a/test/results/influxd/default/quic_sh.pcap.out +++ b/test/results/influxd/default/quic_sh.pcap.out @@ -2,7 +2,7 @@ general json_lines=27,json_bytes=27273,flow_src_total_bytes=4124,flow_dst_total_ events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_t50.pcap.out b/test/results/influxd/default/quic_t50.pcap.out index 36ac133de..30fa2e10c 100644 --- a/test/results/influxd/default/quic_t50.pcap.out +++ b/test/results/influxd/default/quic_t50.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15917,flow_src_total_bytes=2894,flow_dst_total_bytes=5022 +general json_lines=11,json_bytes=15813,flow_src_total_bytes=2894,flow_dst_total_bytes=5022 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quic_t51.pcap.out b/test/results/influxd/default/quic_t51.pcap.out index 44dbac7ab..7283ba855 100644 --- a/test/results/influxd/default/quic_t51.pcap.out +++ b/test/results/influxd/default/quic_t51.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=17256,flow_src_total_bytes=2888,flow_dst_total_bytes=5904 +general json_lines=11,json_bytes=17149,flow_src_total_bytes=2888,flow_dst_total_bytes=5904 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/quickplay.pcap.out b/test/results/influxd/default/quickplay.pcap.out index e0beeffb0..687926917 100644 --- a/test/results/influxd/default/quickplay.pcap.out +++ b/test/results/influxd/default/quickplay.pcap.out @@ -1,11 +1,11 @@ -general json_lines=145,json_bytes=173217,flow_src_total_bytes=37682,flow_dst_total_bytes=58185 -events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=68,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=145,json_bytes=172987,flow_src_total_bytes=37682,flow_dst_total_bytes=58185 +events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=68,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=13 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=8,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=3,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=11,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=3,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=11,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=4,flow_severity_medium=15,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=3,flow_severity_medium=15,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=21,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=21,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=21,flow_detected_count=21,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=11,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=1,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=3,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=4,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=11,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=3,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=4,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/radius_false_positive.pcapng.out b/test/results/influxd/default/radius_false_positive.pcapng.out index 138d352fd..1e0346cc8 100644 --- a/test/results/influxd/default/radius_false_positive.pcapng.out +++ b/test/results/influxd/default/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=12053,flow_src_total_bytes=6859,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/radmin3.pcapng.out b/test/results/influxd/default/radmin3.pcapng.out index 30a2a3423..df28a6acf 100644 --- a/test/results/influxd/default/radmin3.pcapng.out +++ b/test/results/influxd/default/radmin3.pcapng.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=13765,flow_src_total_bytes=24,flow_dst_total_by events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/raft.pcap.out b/test/results/influxd/default/raft.pcap.out index 3f17cc17e..2f7d6b53b 100644 --- a/test/results/influxd/default/raft.pcap.out +++ b/test/results/influxd/default/raft.pcap.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=17497,flow_src_total_bytes=2000,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/raknet.pcap.out b/test/results/influxd/default/raknet.pcap.out index 2b062283d..394c86d72 100644 --- a/test/results/influxd/default/raknet.pcap.out +++ b/test/results/influxd/default/raknet.pcap.out @@ -2,7 +2,7 @@ general json_lines=95,json_bytes=81244,flow_src_total_bytes=5863,flow_dst_total_ events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=19,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=4,packet_count=0,packet_flow_count=36,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=10 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=10,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=10,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=10,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=12,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rdp.pcap.out b/test/results/influxd/default/rdp.pcap.out index d29274863..5ad58c9b4 100644 --- a/test/results/influxd/default/rdp.pcap.out +++ b/test/results/influxd/default/rdp.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7938,flow_src_total_bytes=1081,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rdp2.pcap.out b/test/results/influxd/default/rdp2.pcap.out index a31b70f64..670d0fa83 100644 --- a/test/results/influxd/default/rdp2.pcap.out +++ b/test/results/influxd/default/rdp2.pcap.out @@ -2,7 +2,7 @@ general json_lines=29,json_bytes=30660,flow_src_total_bytes=5097,flow_dst_total_ events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=3,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=3,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rdp3.pcap.out b/test/results/influxd/default/rdp3.pcap.out index 34679dd79..b1725a5e0 100644 --- a/test/results/influxd/default/rdp3.pcap.out +++ b/test/results/influxd/default/rdp3.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8018,flow_src_total_bytes=1629,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rdp_over_tls.pcap.out b/test/results/influxd/default/rdp_over_tls.pcap.out index d56bde47c..ffce49489 100644 --- a/test/results/influxd/default/rdp_over_tls.pcap.out +++ b/test/results/influxd/default/rdp_over_tls.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12000,flow_src_total_bytes=1194,flow_dst_total_bytes=1518 +general json_lines=13,json_bytes=11918,flow_src_total_bytes=1194,flow_dst_total_bytes=1518 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/reasm_crash_anon.pcapng.out b/test/results/influxd/default/reasm_crash_anon.pcapng.out index 6b6616f52..e23b0f08d 100644 --- a/test/results/influxd/default/reasm_crash_anon.pcapng.out +++ b/test/results/influxd/default/reasm_crash_anon.pcapng.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=11940,flow_src_total_bytes=979,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/reasm_segv_anon.pcapng.out b/test/results/influxd/default/reasm_segv_anon.pcapng.out index b8bff7118..e2e3da4cd 100644 --- a/test/results/influxd/default/reasm_segv_anon.pcapng.out +++ b/test/results/influxd/default/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ general json_lines=44,json_bytes=27473,flow_src_total_bytes=2008,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=16,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=16,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/reddit.pcap.out b/test/results/influxd/default/reddit.pcap.out index 78c298378..ef444c0d1 100644 --- a/test/results/influxd/default/reddit.pcap.out +++ b/test/results/influxd/default/reddit.pcap.out @@ -1,8 +1,8 @@ -general json_lines=582,json_bytes=572048,flow_src_total_bytes=64920,flow_dst_total_bytes=481968 +general json_lines=582,json_bytes=566292,flow_src_total_bytes=64920,flow_dst_total_bytes=481968 events flow_new_count=60,flow_end_count=23,flow_idle_count=37,flow_update_count=0,flow_analyse_count=17,flow_guessed_count=1,flow_detected_count=59,flow_detection_update_count=84,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=298,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=43,flow_state_finished=17 breed flow_breed_safe_count=6,flow_breed_acceptable_count=26,flow_breed_fun_count=26,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=22,flow_category_social_network_count=23,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=11,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=22,flow_category_social_network_count=23,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=11,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=59,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=60,flow_l3_other_count=0 diff --git a/test/results/influxd/default/resp.pcap.out b/test/results/influxd/default/resp.pcap.out index dc51a4092..bdc20d6bb 100644 --- a/test/results/influxd/default/resp.pcap.out +++ b/test/results/influxd/default/resp.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9993,flow_src_total_bytes=96,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=1,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/riot.pcapng.out b/test/results/influxd/default/riot.pcapng.out index e1638cb41..345fe073f 100644 --- a/test/results/influxd/default/riot.pcapng.out +++ b/test/results/influxd/default/riot.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=18,json_bytes=25788,flow_src_total_bytes=8202,flow_dst_total_bytes=0 +general json_lines=18,json_bytes=25728,flow_src_total_bytes=8202,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/riotgames.pcap.out b/test/results/influxd/default/riotgames.pcap.out index 35bdcc84e..8de56ee66 100644 --- a/test/results/influxd/default/riotgames.pcap.out +++ b/test/results/influxd/default/riotgames.pcap.out @@ -2,7 +2,7 @@ general json_lines=62,json_bytes=47248,flow_src_total_bytes=1342,flow_dst_total_ events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=24,init_count=1,reconnect_count=0,shutdown_count=1,status_count=9,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=7,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=2,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=7,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=2,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ripe_atlas.pcap.out b/test/results/influxd/default/ripe_atlas.pcap.out index cf5e1f8e6..ae2786469 100644 --- a/test/results/influxd/default/ripe_atlas.pcap.out +++ b/test/results/influxd/default/ripe_atlas.pcap.out @@ -2,7 +2,7 @@ general json_lines=35,json_bytes=28664,flow_src_total_bytes=175,flow_dst_total_b events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rmcp.pcap.out b/test/results/influxd/default/rmcp.pcap.out index 781ad97af..22ad739f3 100644 --- a/test/results/influxd/default/rmcp.pcap.out +++ b/test/results/influxd/default/rmcp.pcap.out @@ -2,7 +2,7 @@ general json_lines=29,json_bytes=23317,flow_src_total_bytes=116,flow_dst_total_b events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=6 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=6,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=6,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/roblox.pcapng.out b/test/results/influxd/default/roblox.pcapng.out index 0623cbfa1..b3743518a 100644 --- a/test/results/influxd/default/roblox.pcapng.out +++ b/test/results/influxd/default/roblox.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=39,json_bytes=44163,flow_src_total_bytes=17844,flow_dst_total_bytes=11993 +general json_lines=39,json_bytes=44081,flow_src_total_bytes=17844,flow_dst_total_bytes=11993 events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/roughtime.pcap.out b/test/results/influxd/default/roughtime.pcap.out index e71b2cee0..c89948777 100644 --- a/test/results/influxd/default/roughtime.pcap.out +++ b/test/results/influxd/default/roughtime.pcap.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=19926,flow_src_total_bytes=2768,flow_dst_total_ events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rsh-syslog-false-positive.pcap.out b/test/results/influxd/default/rsh-syslog-false-positive.pcap.out index c1e0c26b6..4d70451a2 100644 --- a/test/results/influxd/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/influxd/default/rsh-syslog-false-positive.pcap.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=15204,flow_src_total_bytes=4939,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=2,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rsh.pcap.out b/test/results/influxd/default/rsh.pcap.out index 1f7264813..756e66322 100644 --- a/test/results/influxd/default/rsh.pcap.out +++ b/test/results/influxd/default/rsh.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=14292,flow_src_total_bytes=66,flow_dst_total_by events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=2,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rsync.pcap.out b/test/results/influxd/default/rsync.pcap.out index d6c9c39ac..871067d0f 100644 --- a/test/results/influxd/default/rsync.pcap.out +++ b/test/results/influxd/default/rsync.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7782,flow_src_total_bytes=86,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=1,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index b58202e1e..d55726377 100644 --- a/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8704,flow_src_total_bytes=336,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rtmp.pcap.out b/test/results/influxd/default/rtmp.pcap.out index 2fac0369c..83f4017c9 100644 --- a/test/results/influxd/default/rtmp.pcap.out +++ b/test/results/influxd/default/rtmp.pcap.out @@ -2,7 +2,7 @@ general json_lines=76,json_bytes=52554,flow_src_total_bytes=3452,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=32,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rtp.pcapng.out b/test/results/influxd/default/rtp.pcapng.out index 728071e24..e3ccd0c72 100644 --- a/test/results/influxd/default/rtp.pcapng.out +++ b/test/results/influxd/default/rtp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=38805,flow_src_total_bytes=40240,flow_dst_total_bytes=13839 +general json_lines=38,json_bytes=38855,flow_src_total_bytes=40240,flow_dst_total_bytes=13839 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rtps.pcap.out b/test/results/influxd/default/rtps.pcap.out index 0991b9bd1..ddf1405b4 100644 --- a/test/results/influxd/default/rtps.pcap.out +++ b/test/results/influxd/default/rtps.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=20821,flow_src_total_bytes=21164,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=8,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rtsp.pcap.out b/test/results/influxd/default/rtsp.pcap.out index adabceec7..e8da23ab2 100644 --- a/test/results/influxd/default/rtsp.pcap.out +++ b/test/results/influxd/default/rtsp.pcap.out @@ -2,7 +2,7 @@ general json_lines=65,json_bytes=56276,flow_src_total_bytes=22024,flow_dst_total events flow_new_count=7,flow_end_count=6,flow_idle_count=1,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=7,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=7,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=7,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rtsp_setup_http.pcapng.out b/test/results/influxd/default/rtsp_setup_http.pcapng.out index 069402128..d70b88a47 100644 --- a/test/results/influxd/default/rtsp_setup_http.pcapng.out +++ b/test/results/influxd/default/rtsp_setup_http.pcapng.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=6106,flow_src_total_bytes=179,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/rx.pcap.out b/test/results/influxd/default/rx.pcap.out index 5e5c4ab11..3a879765e 100644 --- a/test/results/influxd/default/rx.pcap.out +++ b/test/results/influxd/default/rx.pcap.out @@ -2,7 +2,7 @@ general json_lines=40,json_bytes=33724,flow_src_total_bytes=8248,flow_dst_total_ events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=21,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=5,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=5,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/s7comm-plus.pcap.out b/test/results/influxd/default/s7comm-plus.pcap.out index 671ee244d..8b4f7250f 100644 --- a/test/results/influxd/default/s7comm-plus.pcap.out +++ b/test/results/influxd/default/s7comm-plus.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9955,flow_src_total_bytes=3254,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/s7comm.pcap.out b/test/results/influxd/default/s7comm.pcap.out index 89a6ce8a0..35d1713ed 100644 --- a/test/results/influxd/default/s7comm.pcap.out +++ b/test/results/influxd/default/s7comm.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9980,flow_src_total_bytes=1202,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/safari.pcap.out b/test/results/influxd/default/safari.pcap.out index 2200d7fbe..6388cfb1f 100644 --- a/test/results/influxd/default/safari.pcap.out +++ b/test/results/influxd/default/safari.pcap.out @@ -1,8 +1,8 @@ -general json_lines=69,json_bytes=60887,flow_src_total_bytes=7006,flow_dst_total_bytes=65156 +general json_lines=69,json_bytes=60231,flow_src_total_bytes=7006,flow_dst_total_bytes=65156 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=1 breed flow_breed_safe_count=7,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=7,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=7,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=10,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/salesforce.pcap.out b/test/results/influxd/default/salesforce.pcap.out index bb9504312..de324b517 100644 --- a/test/results/influxd/default/salesforce.pcap.out +++ b/test/results/influxd/default/salesforce.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=11884,flow_src_total_bytes=610,flow_dst_total_bytes=3585 +general json_lines=13,json_bytes=11761,flow_src_total_bytes=610,flow_dst_total_bytes=3585 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sccp_hw_conf_register.pcapng.out b/test/results/influxd/default/sccp_hw_conf_register.pcapng.out index f511ca0a9..d274ba916 100644 --- a/test/results/influxd/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/influxd/default/sccp_hw_conf_register.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8081,flow_src_total_bytes=496,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sctp.cap.out b/test/results/influxd/default/sctp.cap.out index e0fe5c991..230d768c1 100644 --- a/test/results/influxd/default/sctp.cap.out +++ b/test/results/influxd/default/sctp.cap.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=9732,flow_src_total_bytes=140,flow_dst_total_by events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/selfsigned.pcap.out b/test/results/influxd/default/selfsigned.pcap.out index c042c213c..08891e4c1 100644 --- a/test/results/influxd/default/selfsigned.pcap.out +++ b/test/results/influxd/default/selfsigned.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10966,flow_src_total_bytes=849,flow_dst_total_bytes=1785 +general json_lines=12,json_bytes=10884,flow_src_total_bytes=849,flow_dst_total_bytes=1785 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sflow.pcap.out b/test/results/influxd/default/sflow.pcap.out index 1b00ba991..12c246ceb 100644 --- a/test/results/influxd/default/sflow.pcap.out +++ b/test/results/influxd/default/sflow.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9576,flow_src_total_bytes=1324,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/shadowsocks.pcap.out b/test/results/influxd/default/shadowsocks.pcap.out index c81e11345..8251fb6fb 100644 --- a/test/results/influxd/default/shadowsocks.pcap.out +++ b/test/results/influxd/default/shadowsocks.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=13368,flow_src_total_bytes=201,flow_dst_total_b events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/shell.pcap.out b/test/results/influxd/default/shell.pcap.out index 184ceba3a..5ff5e04c9 100644 --- a/test/results/influxd/default/shell.pcap.out +++ b/test/results/influxd/default/shell.pcap.out @@ -2,7 +2,7 @@ general json_lines=27,json_bytes=35944,flow_src_total_bytes=12250,flow_dst_total events flow_new_count=4,flow_end_count=2,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=4,flow_risky_count=0,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/signal.pcap.out b/test/results/influxd/default/signal.pcap.out index 57e74ff92..29032a0fb 100644 --- a/test/results/influxd/default/signal.pcap.out +++ b/test/results/influxd/default/signal.pcap.out @@ -1,8 +1,8 @@ -general json_lines=175,json_bytes=163765,flow_src_total_bytes=219449,flow_dst_total_bytes=54393 +general json_lines=175,json_bytes=162371,flow_src_total_bytes=219449,flow_dst_total_bytes=54393 events flow_new_count=19,flow_end_count=9,flow_idle_count=10,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=19,flow_detection_update_count=27,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=84,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=9,flow_state_finished=10 breed flow_breed_safe_count=3,flow_breed_acceptable_count=3,flow_breed_fun_count=13,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=10,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=10,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=19,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=8,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=19,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/signal_audiocall.pcapng.out b/test/results/influxd/default/signal_audiocall.pcapng.out new file mode 100644 index 000000000..5800b26ae --- /dev/null +++ b/test/results/influxd/default/signal_audiocall.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=44,json_bytes=39743,flow_src_total_bytes=19864,flow_dst_total_bytes=19438 +events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=4 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=4,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=4,flow_detected_count=4,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=4,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/signal_multiparty.pcapng.out b/test/results/influxd/default/signal_multiparty.pcapng.out new file mode 100644 index 000000000..c0d5db2be --- /dev/null +++ b/test/results/influxd/default/signal_multiparty.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=13,json_bytes=11121,flow_src_total_bytes=8051,flow_dst_total_bytes=442 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=3,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/signal_videocall.pcapng.out b/test/results/influxd/default/signal_videocall.pcapng.out new file mode 100644 index 000000000..143aa62e1 --- /dev/null +++ b/test/results/influxd/default/signal_videocall.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=34,json_bytes=29729,flow_src_total_bytes=81563,flow_dst_total_bytes=27668 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=1,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/signal_videocall_multiparty.pcapng.out b/test/results/influxd/default/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..3b1560821 --- /dev/null +++ b/test/results/influxd/default/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=14,json_bytes=13612,flow_src_total_bytes=67701,flow_dst_total_bytes=18298 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=3,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/simple-dnscrypt.pcap.out b/test/results/influxd/default/simple-dnscrypt.pcap.out index 897f56fcb..a330d9448 100644 --- a/test/results/influxd/default/simple-dnscrypt.pcap.out +++ b/test/results/influxd/default/simple-dnscrypt.pcap.out @@ -1,8 +1,8 @@ -general json_lines=45,json_bytes=43161,flow_src_total_bytes=2480,flow_dst_total_bytes=36106 +general json_lines=45,json_bytes=42669,flow_src_total_bytes=2480,flow_dst_total_bytes=36106 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=2 breed flow_breed_safe_count=1,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=3,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sip.pcap.out b/test/results/influxd/default/sip.pcap.out index e3169a8f2..13fb55fef 100644 --- a/test/results/influxd/default/sip.pcap.out +++ b/test/results/influxd/default/sip.pcap.out @@ -1,8 +1,8 @@ -general json_lines=59,json_bytes=58535,flow_src_total_bytes=28304,flow_dst_total_bytes=16151 +general json_lines=59,json_bytes=58773,flow_src_total_bytes=28304,flow_dst_total_bytes=16151 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=25,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sip_hello.pcapng.out b/test/results/influxd/default/sip_hello.pcapng.out index 09d056beb..9813b60b1 100644 --- a/test/results/influxd/default/sip_hello.pcapng.out +++ b/test/results/influxd/default/sip_hello.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=20,json_bytes=16578,flow_src_total_bytes=1962,flow_dst_total_bytes=2172 +general json_lines=20,json_bytes=16588,flow_src_total_bytes=1962,flow_dst_total_bytes=2172 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=9,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sites.pcapng.out b/test/results/influxd/default/sites.pcapng.out index 8232b921e..08a0f248d 100644 --- a/test/results/influxd/default/sites.pcapng.out +++ b/test/results/influxd/default/sites.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=558,json_bytes=601356,flow_src_total_bytes=53315,flow_dst_total_bytes=276011 +general json_lines=558,json_bytes=596310,flow_src_total_bytes=53315,flow_dst_total_bytes=276011 events flow_new_count=64,flow_end_count=9,flow_idle_count=55,flow_update_count=1,flow_analyse_count=2,flow_guessed_count=4,flow_detected_count=60,flow_detection_update_count=62,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=277,init_count=1,reconnect_count=0,shutdown_count=1,status_count=22,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=58,flow_state_finished=6 -breed flow_breed_safe_count=8,flow_breed_acceptable_count=21,flow_breed_fun_count=30,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=1,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=8,flow_category_social_network_count=9,flow_category_download_count=1,flow_category_game_count=6,flow_category_chat_count=4,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=8,flow_category_network_count=0,flow_category_collaborative_count=3,flow_category_rpc_count=0,flow_category_streaming_count=7,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=3,flow_category_video_count=4,flow_category_shopping_count=1,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=1,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=9,flow_breed_acceptable_count=20,flow_breed_fun_count=30,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=1,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=8,flow_category_social_network_count=9,flow_category_download_count=1,flow_category_game_count=6,flow_category_chat_count=4,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=8,flow_category_network_count=0,flow_category_collaborative_count=4,flow_category_rpc_count=0,flow_category_streaming_count=7,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=3,flow_category_video_count=4,flow_category_shopping_count=1,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=1,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=1,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=59,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=58,flow_l3_ip6_count=6,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sites2.pcapng.out b/test/results/influxd/default/sites2.pcapng.out index 4f590cb4d..0b2f58030 100644 --- a/test/results/influxd/default/sites2.pcapng.out +++ b/test/results/influxd/default/sites2.pcapng.out @@ -1,11 +1,11 @@ -general json_lines=32,json_bytes=29388,flow_src_total_bytes=4286,flow_dst_total_bytes=12374 -events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=3,flow_state_finished=0 -breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=3,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +general json_lines=49,json_bytes=42699,flow_src_total_bytes=4931,flow_dst_total_bytes=12452 +events flow_new_count=5,flow_end_count=1,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=24,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=4,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=1,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=3,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=5,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=5,flow_detected_count=5,flow_guessed_count=0,flow_not_detected_count=0 risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/skinny.pcap.out b/test/results/influxd/default/skinny.pcap.out index 2d1be851b..d79a75fb0 100644 --- a/test/results/influxd/default/skinny.pcap.out +++ b/test/results/influxd/default/skinny.pcap.out @@ -1,8 +1,8 @@ -general json_lines=61,json_bytes=51266,flow_src_total_bytes=19224,flow_dst_total_bytes=7540 +general json_lines=61,json_bytes=51391,flow_src_total_bytes=19224,flow_dst_total_bytes=7540 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=5,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=5,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/skype-conference-call.pcap.out b/test/results/influxd/default/skype-conference-call.pcap.out index edfff019b..0358781b3 100644 --- a/test/results/influxd/default/skype-conference-call.pcap.out +++ b/test/results/influxd/default/skype-conference-call.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=11081,flow_src_total_bytes=19259,flow_dst_total_bytes=12028 +general json_lines=12,json_bytes=11096,flow_src_total_bytes=19259,flow_dst_total_bytes=12028 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/smb_deletefile.pcap.out b/test/results/influxd/default/smb_deletefile.pcap.out index df0a99bf1..9091da537 100644 --- a/test/results/influxd/default/smb_deletefile.pcap.out +++ b/test/results/influxd/default/smb_deletefile.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=12389,flow_src_total_bytes=11034,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/smb_frags.pcap.out b/test/results/influxd/default/smb_frags.pcap.out index fbd085e89..80c1b1016 100644 --- a/test/results/influxd/default/smb_frags.pcap.out +++ b/test/results/influxd/default/smb_frags.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=10913,flow_src_total_bytes=1651,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/smbv1.pcap.out b/test/results/influxd/default/smbv1.pcap.out index 1639e4239..18eedc62c 100644 --- a/test/results/influxd/default/smbv1.pcap.out +++ b/test/results/influxd/default/smbv1.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=9347,flow_src_total_bytes=453,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/smpp_in_general.pcap.out b/test/results/influxd/default/smpp_in_general.pcap.out index 5316804e4..8e3cd28a8 100644 --- a/test/results/influxd/default/smpp_in_general.pcap.out +++ b/test/results/influxd/default/smpp_in_general.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7884,flow_src_total_bytes=122,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/smtp-starttls.pcap.out b/test/results/influxd/default/smtp-starttls.pcap.out index 253c044fe..cb93942bb 100644 --- a/test/results/influxd/default/smtp-starttls.pcap.out +++ b/test/results/influxd/default/smtp-starttls.pcap.out @@ -1,11 +1,11 @@ -general json_lines=28,json_bytes=27235,flow_src_total_bytes=3118,flow_dst_total_bytes=6724 +general json_lines=28,json_bytes=27647,flow_src_total_bytes=3118,flow_dst_total_bytes=6724 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=2,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=2,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=5,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=6,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=1,flow_l3_other_count=0 layer4 flow_l4_tcp_count=2,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=2,flow_detected_count=2,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=1,flow_risk_7_count=3,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=2,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=2,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=1,flow_risk_7_count=3,flow_risk_8_count=2,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=2,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=2,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/smtp.pcap.out b/test/results/influxd/default/smtp.pcap.out index 8cee12ea2..02868fa7f 100644 --- a/test/results/influxd/default/smtp.pcap.out +++ b/test/results/influxd/default/smtp.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10098,flow_src_total_bytes=16527,flow_dst_total events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/smtps.pcapng.out b/test/results/influxd/default/smtps.pcapng.out index 1fdaf1ec9..ab6c96779 100644 --- a/test/results/influxd/default/smtps.pcapng.out +++ b/test/results/influxd/default/smtps.pcapng.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=8596,flow_src_total_bytes=517,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/snapchat.pcap.out b/test/results/influxd/default/snapchat.pcap.out index 40b818d37..b8b372ba7 100644 --- a/test/results/influxd/default/snapchat.pcap.out +++ b/test/results/influxd/default/snapchat.pcap.out @@ -1,8 +1,8 @@ -general json_lines=30,json_bytes=25728,flow_src_total_bytes=4919,flow_dst_total_bytes=2196 +general json_lines=30,json_bytes=25482,flow_src_total_bytes=4919,flow_dst_total_bytes=2196 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/snapchat_call.pcapng.out b/test/results/influxd/default/snapchat_call.pcapng.out index 8d11428b2..bde8993ed 100644 --- a/test/results/influxd/default/snapchat_call.pcapng.out +++ b/test/results/influxd/default/snapchat_call.pcapng.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=19583,flow_src_total_bytes=4245,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/snapchat_call_v1.pcapng.out b/test/results/influxd/default/snapchat_call_v1.pcapng.out index 1e95a1ca9..ef4020d67 100644 --- a/test/results/influxd/default/snapchat_call_v1.pcapng.out +++ b/test/results/influxd/default/snapchat_call_v1.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=18958,flow_src_total_bytes=337357,flow_dst_total_bytes=7923 +general json_lines=13,json_bytes=18876,flow_src_total_bytes=337357,flow_dst_total_bytes=7923 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/snmp.pcap.out b/test/results/influxd/default/snmp.pcap.out index b9b589193..b818c941c 100644 --- a/test/results/influxd/default/snmp.pcap.out +++ b/test/results/influxd/default/snmp.pcap.out @@ -2,7 +2,7 @@ general json_lines=139,json_bytes=116860,flow_src_total_bytes=7241,flow_dst_tota events flow_new_count=17,flow_end_count=0,flow_idle_count=17,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=15 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=17,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=17,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=17,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=17,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/soap.pcap.out b/test/results/influxd/default/soap.pcap.out index efff81101..ae512759f 100644 --- a/test/results/influxd/default/soap.pcap.out +++ b/test/results/influxd/default/soap.pcap.out @@ -2,7 +2,7 @@ general json_lines=24,json_bytes=28528,flow_src_total_bytes=8109,flow_dst_total_ events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/socks.pcap.out b/test/results/influxd/default/socks.pcap.out index dc99b49b2..0db0a2956 100644 --- a/test/results/influxd/default/socks.pcap.out +++ b/test/results/influxd/default/socks.pcap.out @@ -2,7 +2,7 @@ general json_lines=36,json_bytes=25295,flow_src_total_bytes=905,flow_dst_total_b events flow_new_count=4,flow_end_count=4,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/softether.pcap.out b/test/results/influxd/default/softether.pcap.out index 845c9eb6d..393fdca61 100644 --- a/test/results/influxd/default/softether.pcap.out +++ b/test/results/influxd/default/softether.pcap.out @@ -2,7 +2,7 @@ general json_lines=107,json_bytes=94625,flow_src_total_bytes=7165,flow_dst_total events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=40,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=12,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=6,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=6,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/someip-tp.pcap.out b/test/results/influxd/default/someip-tp.pcap.out index 91792113a..6b4fddf53 100644 --- a/test/results/influxd/default/someip-tp.pcap.out +++ b/test/results/influxd/default/someip-tp.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=17474,flow_src_total_bytes=12472,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/someip-udp-method-call.pcapng.out b/test/results/influxd/default/someip-udp-method-call.pcapng.out index 837d4ba92..160a8d446 100644 --- a/test/results/influxd/default/someip-udp-method-call.pcapng.out +++ b/test/results/influxd/default/someip-udp-method-call.pcapng.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10498,flow_src_total_bytes=353,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/someip_sd_sample.pcap.out b/test/results/influxd/default/someip_sd_sample.pcap.out index d1cebe4b7..864e4ed1f 100644 --- a/test/results/influxd/default/someip_sd_sample.pcap.out +++ b/test/results/influxd/default/someip_sd_sample.pcap.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=7018,flow_src_total_bytes=0,flow_dst_total_byte events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=6,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=6,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sonos.pcapng.out b/test/results/influxd/default/sonos.pcapng.out index 46c34224e..8865b5e1c 100644 --- a/test/results/influxd/default/sonos.pcapng.out +++ b/test/results/influxd/default/sonos.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=23,json_bytes=25750,flow_src_total_bytes=13287,flow_dst_total_bytes=12413 +general json_lines=23,json_bytes=25627,flow_src_total_bytes=13287,flow_dst_total_bytes=12413 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/source_engine.pcap.out b/test/results/influxd/default/source_engine.pcap.out index 3f4a84152..d078080c0 100644 --- a/test/results/influxd/default/source_engine.pcap.out +++ b/test/results/influxd/default/source_engine.pcap.out @@ -2,7 +2,7 @@ general json_lines=85,json_bytes=70985,flow_src_total_bytes=425,flow_dst_total_b events flow_new_count=17,flow_end_count=0,flow_idle_count=17,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=17,init_count=1,reconnect_count=0,shutdown_count=1,status_count=10,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=17,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=17,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=17,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=17,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=17,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/spotify_tcp.pcap.out b/test/results/influxd/default/spotify_tcp.pcap.out index 6eb637216..ad87078a0 100644 --- a/test/results/influxd/default/spotify_tcp.pcap.out +++ b/test/results/influxd/default/spotify_tcp.pcap.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=7148,flow_src_total_bytes=792,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/sql_injection.pcap.out b/test/results/influxd/default/sql_injection.pcap.out index 6cf77be05..13f0b17bb 100644 --- a/test/results/influxd/default/sql_injection.pcap.out +++ b/test/results/influxd/default/sql_injection.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=11897,flow_src_total_bytes=691,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/srvloc-v1.pcapng.out b/test/results/influxd/default/srvloc-v1.pcapng.out index 02a8e2d4c..bd7dc6be1 100644 --- a/test/results/influxd/default/srvloc-v1.pcapng.out +++ b/test/results/influxd/default/srvloc-v1.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=9418,flow_src_total_bytes=406,flow_dst_total_by events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/srvloc.pcap.out b/test/results/influxd/default/srvloc.pcap.out index 58638f23d..4fd2274ec 100644 --- a/test/results/influxd/default/srvloc.pcap.out +++ b/test/results/influxd/default/srvloc.pcap.out @@ -2,7 +2,7 @@ general json_lines=3001,json_bytes=2523705,flow_src_total_bytes=30707,flow_dst_t events flow_new_count=621,flow_end_count=0,flow_idle_count=621,flow_update_count=103,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=621,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=629,init_count=1,reconnect_count=0,shutdown_count=1,status_count=404,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=621 breed flow_breed_safe_count=0,flow_breed_acceptable_count=621,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=621,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=621,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=621,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=621,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ssdp-m-search-ua.pcap.out b/test/results/influxd/default/ssdp-m-search-ua.pcap.out index 2495c0c99..18b571c70 100644 --- a/test/results/influxd/default/ssdp-m-search-ua.pcap.out +++ b/test/results/influxd/default/ssdp-m-search-ua.pcap.out @@ -2,7 +2,7 @@ general json_lines=10,json_bytes=8249,flow_src_total_bytes=696,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ssdp-m-search.pcap.out b/test/results/influxd/default/ssdp-m-search.pcap.out index b19a45f23..aa21eb849 100644 --- a/test/results/influxd/default/ssdp-m-search.pcap.out +++ b/test/results/influxd/default/ssdp-m-search.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=8877,flow_src_total_bytes=399,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ssh.pcap.out b/test/results/influxd/default/ssh.pcap.out index 7978b8fac..593125a25 100644 --- a/test/results/influxd/default/ssh.pcap.out +++ b/test/results/influxd/default/ssh.pcap.out @@ -2,7 +2,7 @@ general json_lines=30,json_bytes=30656,flow_src_total_bytes=9379,flow_dst_total_ events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=5,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ssh_unidirectional.pcap.out b/test/results/influxd/default/ssh_unidirectional.pcap.out index 2539b17a7..1b55c4466 100644 --- a/test/results/influxd/default/ssh_unidirectional.pcap.out +++ b/test/results/influxd/default/ssh_unidirectional.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9168,flow_src_total_bytes=2,flow_dst_total_byte events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out b/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out index da1485120..57cd473e8 100644 --- a/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=11509,flow_src_total_bytes=402,flow_dst_total_bytes=3608 +general json_lines=13,json_bytes=11386,flow_src_total_bytes=402,flow_dst_total_bytes=3608 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/starcraft_battle.pcap.out b/test/results/influxd/default/starcraft_battle.pcap.out index 5cf9e8ac7..811b8b7d6 100644 --- a/test/results/influxd/default/starcraft_battle.pcap.out +++ b/test/results/influxd/default/starcraft_battle.pcap.out @@ -1,8 +1,8 @@ -general json_lines=383,json_bytes=299948,flow_src_total_bytes=11037,flow_dst_total_bytes=305631 +general json_lines=383,json_bytes=300162,flow_src_total_bytes=11037,flow_dst_total_bytes=305631 events flow_new_count=52,flow_end_count=26,flow_idle_count=26,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=13,flow_detected_count=39,flow_detection_update_count=16,flow_not_detected_count=0,flow_risky_count=8,packet_count=1,packet_flow_count=203,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=1,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=16,flow_state_finished=36 breed flow_breed_safe_count=9,flow_breed_acceptable_count=28,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=27,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=27,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=39,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=9,flow_severity_medium=2,flow_severity_high=7,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=52,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/steam.pcapng.out b/test/results/influxd/default/steam.pcapng.out index f5340a107..fea3a11ba 100644 --- a/test/results/influxd/default/steam.pcapng.out +++ b/test/results/influxd/default/steam.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=59,json_bytes=51596,flow_src_total_bytes=5134,flow_dst_total_bytes=4588 +general json_lines=59,json_bytes=51268,flow_src_total_bytes=5134,flow_dst_total_bytes=4588 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=7,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=7,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stomp.pcapng.out b/test/results/influxd/default/stomp.pcapng.out index 01eeb1467..68c8f7929 100644 --- a/test/results/influxd/default/stomp.pcapng.out +++ b/test/results/influxd/default/stomp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7838,flow_src_total_bytes=195,flow_dst_total_by events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=1,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun.pcap.out b/test/results/influxd/default/stun.pcap.out index dd9ab387f..afdaec183 100644 --- a/test/results/influxd/default/stun.pcap.out +++ b/test/results/influxd/default/stun.pcap.out @@ -1,8 +1,8 @@ -general json_lines=92,json_bytes=82317,flow_src_total_bytes=9664,flow_dst_total_bytes=9072 +general json_lines=92,json_bytes=82717,flow_src_total_bytes=9664,flow_dst_total_bytes=9072 events flow_new_count=9,flow_end_count=1,flow_idle_count=8,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=11,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=38,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_classic.pcap.out b/test/results/influxd/default/stun_classic.pcap.out index f5b6e7590..06474072a 100644 --- a/test/results/influxd/default/stun_classic.pcap.out +++ b/test/results/influxd/default/stun_classic.pcap.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=9356,flow_src_total_bytes=284,flow_dst_total_bytes=416 +general json_lines=12,json_bytes=9446,flow_src_total_bytes=284,flow_dst_total_bytes=416 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_dtls_rtp.pcapng.out b/test/results/influxd/default/stun_dtls_rtp.pcapng.out index c71be5920..a4950a4d2 100644 --- a/test/results/influxd/default/stun_dtls_rtp.pcapng.out +++ b/test/results/influxd/default/stun_dtls_rtp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=25,json_bytes=24720,flow_src_total_bytes=5120,flow_dst_total_bytes=16163 +general json_lines=25,json_bytes=24737,flow_src_total_bytes=5120,flow_dst_total_bytes=16163 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out index 3a611c5a1..c65a29dcb 100644 --- a/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=21,json_bytes=18063,flow_src_total_bytes=8552,flow_dst_total_bytes=0 +general json_lines=21,json_bytes=18197,flow_src_total_bytes=8552,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out b/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out index cd74548a2..7da091d63 100644 --- a/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out +++ b/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12585,flow_src_total_bytes=1456,flow_dst_total_bytes=0 +general json_lines=13,json_bytes=12610,flow_src_total_bytes=1456,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out b/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out index 3da2fd49a..0a4e5071c 100644 --- a/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out +++ b/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12814,flow_src_total_bytes=1311,flow_dst_total_bytes=0 +general json_lines=13,json_bytes=12840,flow_src_total_bytes=1311,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=2,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_google_meet.pcapng.out b/test/results/influxd/default/stun_google_meet.pcapng.out index ff7657875..4d6c018c9 100644 --- a/test/results/influxd/default/stun_google_meet.pcapng.out +++ b/test/results/influxd/default/stun_google_meet.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=76,json_bytes=69730,flow_src_total_bytes=13243,flow_dst_total_bytes=43190 +general json_lines=76,json_bytes=69865,flow_src_total_bytes=13243,flow_dst_total_bytes=43190 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=6,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=34,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=7,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_msteams_unidir.pcapng.out b/test/results/influxd/default/stun_msteams_unidir.pcapng.out index b56a107f7..9ab4b17fc 100644 --- a/test/results/influxd/default/stun_msteams_unidir.pcapng.out +++ b/test/results/influxd/default/stun_msteams_unidir.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=13123,flow_src_total_bytes=5440,flow_dst_total_bytes=0 +general json_lines=12,json_bytes=13219,flow_src_total_bytes=5440,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_signal.pcapng.out b/test/results/influxd/default/stun_signal.pcapng.out index 87be69722..678df3d1f 100644 --- a/test/results/influxd/default/stun_signal.pcapng.out +++ b/test/results/influxd/default/stun_signal.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=233,json_bytes=198723,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 +general json_lines=233,json_bytes=200419,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 events flow_new_count=23,flow_end_count=0,flow_idle_count=23,flow_update_count=15,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=23,flow_detection_update_count=30,flow_not_detected_count=0,flow_risky_count=19,packet_count=0,packet_flow_count=113,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=20 breed flow_breed_safe_count=0,flow_breed_acceptable_count=23,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=15,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=15,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=15,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=16,flow_severity_medium=35,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=23,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_signal_tcp.pcapng.out b/test/results/influxd/default/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..ca610928f --- /dev/null +++ b/test/results/influxd/default/stun_signal_tcp.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=13,json_bytes=11303,flow_src_total_bytes=58588,flow_dst_total_bytes=27476 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out index 99f464445..6e85325da 100644 --- a/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=8316,flow_src_total_bytes=0,flow_dst_total_bytes=168 +general json_lines=11,json_bytes=8349,flow_src_total_bytes=0,flow_dst_total_bytes=168 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_wa_call.pcapng.out b/test/results/influxd/default/stun_wa_call.pcapng.out index f3397b21a..3f09f95ff 100644 --- a/test/results/influxd/default/stun_wa_call.pcapng.out +++ b/test/results/influxd/default/stun_wa_call.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=132,json_bytes=118755,flow_src_total_bytes=44019,flow_dst_total_bytes=64856 +general json_lines=132,json_bytes=119899,flow_src_total_bytes=44019,flow_dst_total_bytes=64856 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=22,flow_not_detected_count=0,flow_risky_count=13,packet_count=0,packet_flow_count=61,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=12,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/stun_zoom.pcapng.out b/test/results/influxd/default/stun_zoom.pcapng.out index 629f4c4d3..2a2769fcb 100644 --- a/test/results/influxd/default/stun_zoom.pcapng.out +++ b/test/results/influxd/default/stun_zoom.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=28,json_bytes=27389,flow_src_total_bytes=4671,flow_dst_total_bytes=10647 +general json_lines=28,json_bytes=27425,flow_src_total_bytes=4671,flow_dst_total_bytes=10647 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/syncthing.pcap.out b/test/results/influxd/default/syncthing.pcap.out index 074c9f433..f5ee6ac6d 100644 --- a/test/results/influxd/default/syncthing.pcap.out +++ b/test/results/influxd/default/syncthing.pcap.out @@ -2,7 +2,7 @@ general json_lines=40,json_bytes=37849,flow_src_total_bytes=13912,flow_dst_total events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=11,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=4,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=4,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/synscan.pcap.out b/test/results/influxd/default/synscan.pcap.out index 9bf926e51..0876f24db 100644 --- a/test/results/influxd/default/synscan.pcap.out +++ b/test/results/influxd/default/synscan.pcap.out @@ -1,8 +1,8 @@ -general json_lines=7996,json_bytes=6244751,flow_src_total_bytes=0,flow_dst_total_bytes=0 +general json_lines=7996,json_bytes=6245326,flow_src_total_bytes=0,flow_dst_total_bytes=0 events flow_new_count=1994,flow_end_count=5,flow_idle_count=1989,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=140,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1854,flow_risky_count=0,packet_count=0,packet_flow_count=2011,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1994,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1994,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/syslog.pcap.out b/test/results/influxd/default/syslog.pcap.out index fdd9a3c8c..4b50b8ef6 100644 --- a/test/results/influxd/default/syslog.pcap.out +++ b/test/results/influxd/default/syslog.pcap.out @@ -2,7 +2,7 @@ general json_lines=152,json_bytes=126871,flow_src_total_bytes=13199,flow_dst_tot events flow_new_count=20,flow_end_count=1,flow_idle_count=19,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=3,flow_risky_count=1,packet_count=6,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=10,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=17,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=17,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=17,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=20,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tailscale.pcap.out b/test/results/influxd/default/tailscale.pcap.out index 094df986d..79858357a 100644 --- a/test/results/influxd/default/tailscale.pcap.out +++ b/test/results/influxd/default/tailscale.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10658,flow_src_total_bytes=5700,flow_dst_total_ events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/targusdataspeed_false_positives.pcap.out b/test/results/influxd/default/targusdataspeed_false_positives.pcap.out index 919eb063c..b0ee1ca94 100644 --- a/test/results/influxd/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/influxd/default/targusdataspeed_false_positives.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=10555,flow_src_total_bytes=196,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tcp_scan.pcapng.out b/test/results/influxd/default/tcp_scan.pcapng.out index 737e36e2e..d902bb841 100644 --- a/test/results/influxd/default/tcp_scan.pcapng.out +++ b/test/results/influxd/default/tcp_scan.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=42,json_bytes=30685,flow_src_total_bytes=0,flow_dst_total_bytes=0 +general json_lines=42,json_bytes=31434,flow_src_total_bytes=0,flow_dst_total_bytes=0 events flow_new_count=7,flow_end_count=7,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=4,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=3,flow_risky_count=0,packet_count=0,packet_flow_count=18,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=7,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/teams.pcap.out b/test/results/influxd/default/teams.pcap.out index 1d7dc5582..f8ffab76a 100644 --- a/test/results/influxd/default/teams.pcap.out +++ b/test/results/influxd/default/teams.pcap.out @@ -1,8 +1,8 @@ -general json_lines=668,json_bytes=638472,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 +general json_lines=668,json_bytes=636862,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=51,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=56 -breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=51,flow_breed_acceptable_count=28,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=27,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=38,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/teamspeak3.pcap.out b/test/results/influxd/default/teamspeak3.pcap.out index cea84f744..0c5166b8f 100644 --- a/test/results/influxd/default/teamspeak3.pcap.out +++ b/test/results/influxd/default/teamspeak3.pcap.out @@ -2,7 +2,7 @@ general json_lines=260,json_bytes=239220,flow_src_total_bytes=4245,flow_dst_tota events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=142,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=99,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/teamviewer.pcap.out b/test/results/influxd/default/teamviewer.pcap.out index e8ea43dad..b29194ae2 100644 --- a/test/results/influxd/default/teamviewer.pcap.out +++ b/test/results/influxd/default/teamviewer.pcap.out @@ -2,7 +2,7 @@ general json_lines=23,json_bytes=22595,flow_src_total_bytes=60849,flow_dst_total events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=2,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/telegram.pcap.out b/test/results/influxd/default/telegram.pcap.out index 143be3dca..c1cee76f0 100644 --- a/test/results/influxd/default/telegram.pcap.out +++ b/test/results/influxd/default/telegram.pcap.out @@ -1,11 +1,11 @@ -general json_lines=340,json_bytes=294644,flow_src_total_bytes=159435,flow_dst_total_bytes=109098 -events flow_new_count=48,flow_end_count=0,flow_idle_count=48,flow_update_count=10,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=45,flow_detection_update_count=14,flow_not_detected_count=3,flow_risky_count=4,packet_count=0,packet_flow_count=163,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=340,json_bytes=294278,flow_src_total_bytes=159435,flow_dst_total_bytes=109098 +events flow_new_count=48,flow_end_count=0,flow_idle_count=48,flow_update_count=10,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=45,flow_detection_update_count=14,flow_not_detected_count=3,flow_risky_count=3,packet_count=0,packet_flow_count=163,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=5,flow_state_finished=43 breed flow_breed_safe_count=3,flow_breed_acceptable_count=39,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=12,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=20,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=7,flow_category_software_update_count=0,flow_category_music_count=2,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=12,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=20,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=7,flow_category_software_update_count=0,flow_category_music_count=2,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=45,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=5,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=45,flow_l3_ip6_count=3,flow_l3_other_count=0 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=48,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=48,flow_detected_count=45,flow_guessed_count=0,flow_not_detected_count=3 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=1,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=2,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=2,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/telegram_videocall.pcapng.out b/test/results/influxd/default/telegram_videocall.pcapng.out index f1bbb488f..f20845a09 100644 --- a/test/results/influxd/default/telegram_videocall.pcapng.out +++ b/test/results/influxd/default/telegram_videocall.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=258,json_bytes=219782,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 +general json_lines=258,json_bytes=220885,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=26,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=20 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=7,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=12,flow_severity_medium=30,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=31,flow_l3_ip6_count=3,flow_l3_other_count=0 diff --git a/test/results/influxd/default/telegram_videocall_2.pcapng.out b/test/results/influxd/default/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..918b3734f --- /dev/null +++ b/test/results/influxd/default/telegram_videocall_2.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=65,json_bytes=56081,flow_src_total_bytes=49274,flow_dst_total_bytes=68741 +events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=4,flow_state_finished=4 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=3,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=1,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=8,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=8,flow_detected_count=8,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=6,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/telegram_voice.pcapng.out b/test/results/influxd/default/telegram_voice.pcapng.out new file mode 100644 index 000000000..0acf18e18 --- /dev/null +++ b/test/results/influxd/default/telegram_voice.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=82,json_bytes=69833,flow_src_total_bytes=60389,flow_dst_total_bytes=66728 +events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=39,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=3,flow_state_finished=7 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=3,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=3,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=1,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=9,flow_l4_icmp_count=1,flow_l4_other_count=0 +detection flow_active_count=10,flow_detected_count=10,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=1,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/telnet.pcap.out b/test/results/influxd/default/telnet.pcap.out index 9a4994fb3..41587000b 100644 --- a/test/results/influxd/default/telnet.pcap.out +++ b/test/results/influxd/default/telnet.pcap.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=12573,flow_src_total_bytes=289,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tencent_games.pcap.out b/test/results/influxd/default/tencent_games.pcap.out index f968a1d17..70fff4abd 100644 --- a/test/results/influxd/default/tencent_games.pcap.out +++ b/test/results/influxd/default/tencent_games.pcap.out @@ -2,7 +2,7 @@ general json_lines=37,json_bytes=26976,flow_src_total_bytes=1572,flow_dst_total_ events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=4,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/teredo.pcap.out b/test/results/influxd/default/teredo.pcap.out index 659ef719f..bd42218bc 100644 --- a/test/results/influxd/default/teredo.pcap.out +++ b/test/results/influxd/default/teredo.pcap.out @@ -2,7 +2,7 @@ general json_lines=33,json_bytes=25273,flow_src_total_bytes=815,flow_dst_total_b events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/teso.pcapng.out b/test/results/influxd/default/teso.pcapng.out index 35132f66e..4866f692e 100644 --- a/test/results/influxd/default/teso.pcapng.out +++ b/test/results/influxd/default/teso.pcapng.out @@ -2,7 +2,7 @@ general json_lines=18,json_bytes=15310,flow_src_total_bytes=1693,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tftp.pcap.out b/test/results/influxd/default/tftp.pcap.out index f4a55aabb..068328de1 100644 --- a/test/results/influxd/default/tftp.pcap.out +++ b/test/results/influxd/default/tftp.pcap.out @@ -2,7 +2,7 @@ general json_lines=50,json_bytes=44247,flow_src_total_bytes=24961,flow_dst_total events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=2,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=7,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=7,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/threema.pcap.out b/test/results/influxd/default/threema.pcap.out index 45425c083..8095834df 100644 --- a/test/results/influxd/default/threema.pcap.out +++ b/test/results/influxd/default/threema.pcap.out @@ -2,7 +2,7 @@ general json_lines=54,json_bytes=38779,flow_src_total_bytes=3785,flow_dst_total_ events flow_new_count=6,flow_end_count=4,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=4,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=4,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/thrift.pcap.out b/test/results/influxd/default/thrift.pcap.out index 1d979f6d5..6578a6c4a 100644 --- a/test/results/influxd/default/thrift.pcap.out +++ b/test/results/influxd/default/thrift.pcap.out @@ -2,7 +2,7 @@ general json_lines=18,json_bytes=26788,flow_src_total_bytes=23624,flow_dst_total events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tinc.pcap.out b/test/results/influxd/default/tinc.pcap.out index a291b28cb..2ec34a236 100644 --- a/test/results/influxd/default/tinc.pcap.out +++ b/test/results/influxd/default/tinc.pcap.out @@ -2,7 +2,7 @@ general json_lines=37,json_bytes=41419,flow_src_total_bytes=166919,flow_dst_tota events flow_new_count=4,flow_end_count=2,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=4 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=4,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=4,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tk.pcap.out b/test/results/influxd/default/tk.pcap.out index fc64101f1..ae256edb9 100644 --- a/test/results/influxd/default/tk.pcap.out +++ b/test/results/influxd/default/tk.pcap.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=17629,flow_src_total_bytes=90,flow_dst_total_by events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls-appdata.pcap.out b/test/results/influxd/default/tls-appdata.pcap.out index 2695ed8fc..e215bd53e 100644 --- a/test/results/influxd/default/tls-appdata.pcap.out +++ b/test/results/influxd/default/tls-appdata.pcap.out @@ -2,7 +2,7 @@ general json_lines=27,json_bytes=30310,flow_src_total_bytes=12205,flow_dst_total events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls-esni-fuzzed.pcap.out b/test/results/influxd/default/tls-esni-fuzzed.pcap.out index 4774c2942..24c407f9f 100644 --- a/test/results/influxd/default/tls-esni-fuzzed.pcap.out +++ b/test/results/influxd/default/tls-esni-fuzzed.pcap.out @@ -1,11 +1,11 @@ -general json_lines=15,json_bytes=16402,flow_src_total_bytes=2148,flow_dst_total_bytes=0 -events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=15,json_bytes=17883,flow_src_total_bytes=2148,flow_dst_total_bytes=0 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=0 breed flow_breed_safe_count=3,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=9,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=1,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=1,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=3,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=3,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=3,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/tls-rdn-extract.pcap.out b/test/results/influxd/default/tls-rdn-extract.pcap.out index 0109988a9..b559faff9 100644 --- a/test/results/influxd/default/tls-rdn-extract.pcap.out +++ b/test/results/influxd/default/tls-rdn-extract.pcap.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=21621,flow_src_total_bytes=127,flow_dst_total_bytes=6754 +general json_lines=13,json_bytes=21498,flow_src_total_bytes=127,flow_dst_total_bytes=6754 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=4,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_1.2_unidirectional_client.pcapng.out b/test/results/influxd/default/tls_1.2_unidirectional_client.pcapng.out index bc9e0ba1e..f8cfef4ef 100644 --- a/test/results/influxd/default/tls_1.2_unidirectional_client.pcapng.out +++ b/test/results/influxd/default/tls_1.2_unidirectional_client.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=8885,flow_src_total_bytes=1862,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=8844,flow_src_total_bytes=1862,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_1.2_unidirectional_client_no_cert.pcapng.out b/test/results/influxd/default/tls_1.2_unidirectional_client_no_cert.pcapng.out index 926c119c0..77ec9880c 100644 --- a/test/results/influxd/default/tls_1.2_unidirectional_client_no_cert.pcapng.out +++ b/test/results/influxd/default/tls_1.2_unidirectional_client_no_cert.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=9407,flow_src_total_bytes=989,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=9366,flow_src_total_bytes=989,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_1.2_unidirectional_server.pcapng.out b/test/results/influxd/default/tls_1.2_unidirectional_server.pcapng.out index 6fbe4290d..92c7a93c8 100644 --- a/test/results/influxd/default/tls_1.2_unidirectional_server.pcapng.out +++ b/test/results/influxd/default/tls_1.2_unidirectional_server.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=16141,flow_src_total_bytes=6022,flow_dst_total_bytes=0 +general json_lines=12,json_bytes=16090,flow_src_total_bytes=6022,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_1.2_unidirectional_server_no_cert.pcapng.out b/test/results/influxd/default/tls_1.2_unidirectional_server_no_cert.pcapng.out index c3a765f44..c4ce2e7b3 100644 --- a/test/results/influxd/default/tls_1.2_unidirectional_server_no_cert.pcapng.out +++ b/test/results/influxd/default/tls_1.2_unidirectional_server_no_cert.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=8713,flow_src_total_bytes=1426,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=8704,flow_src_total_bytes=1426,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_1.3_unidirectional_client.pcapng.out b/test/results/influxd/default/tls_1.3_unidirectional_client.pcapng.out index a4405d064..53ce512e4 100644 --- a/test/results/influxd/default/tls_1.3_unidirectional_client.pcapng.out +++ b/test/results/influxd/default/tls_1.3_unidirectional_client.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=9487,flow_src_total_bytes=886,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=9446,flow_src_total_bytes=886,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_1.3_unidirectional_server.pcapng.out b/test/results/influxd/default/tls_1.3_unidirectional_server.pcapng.out index 0c8075986..20afee619 100644 --- a/test/results/influxd/default/tls_1.3_unidirectional_server.pcapng.out +++ b/test/results/influxd/default/tls_1.3_unidirectional_server.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=8725,flow_src_total_bytes=1073,flow_dst_total_bytes=0 +general json_lines=11,json_bytes=8716,flow_src_total_bytes=1073,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_2_reasms.pcapng.out b/test/results/influxd/default/tls_2_reasms.pcapng.out index 13c345a57..36164509a 100644 --- a/test/results/influxd/default/tls_2_reasms.pcapng.out +++ b/test/results/influxd/default/tls_2_reasms.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=12353,flow_src_total_bytes=3685,flow_dst_total_bytes=2290 +general json_lines=12,json_bytes=12271,flow_src_total_bytes=3685,flow_dst_total_bytes=2290 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_2_reasms_b.pcapng.out b/test/results/influxd/default/tls_2_reasms_b.pcapng.out index 3d2f5c21b..a415228b3 100644 --- a/test/results/influxd/default/tls_2_reasms_b.pcapng.out +++ b/test/results/influxd/default/tls_2_reasms_b.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=12370,flow_src_total_bytes=10270,flow_dst_total_bytes=2179 +general json_lines=12,json_bytes=12288,flow_src_total_bytes=10270,flow_dst_total_bytes=2179 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_alert.pcap.out b/test/results/influxd/default/tls_alert.pcap.out index a00e3e87a..9bee6f731 100644 --- a/test/results/influxd/default/tls_alert.pcap.out +++ b/test/results/influxd/default/tls_alert.pcap.out @@ -1,8 +1,8 @@ -general json_lines=21,json_bytes=16706,flow_src_total_bytes=354,flow_dst_total_bytes=7 +general json_lines=21,json_bytes=16624,flow_src_total_bytes=354,flow_dst_total_bytes=7 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_certificate_too_long.pcap.out b/test/results/influxd/default/tls_certificate_too_long.pcap.out index c2922a059..f40ff6204 100644 --- a/test/results/influxd/default/tls_certificate_too_long.pcap.out +++ b/test/results/influxd/default/tls_certificate_too_long.pcap.out @@ -1,8 +1,8 @@ -general json_lines=252,json_bytes=256228,flow_src_total_bytes=37396,flow_dst_total_bytes=58312 +general json_lines=252,json_bytes=255572,flow_src_total_bytes=37396,flow_dst_total_bytes=58312 events flow_new_count=35,flow_end_count=11,flow_idle_count=24,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=33,flow_detection_update_count=26,flow_not_detected_count=1,flow_risky_count=14,packet_count=0,packet_flow_count=116,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=13,flow_state_finished=22 breed flow_breed_safe_count=19,flow_breed_acceptable_count=14,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=10,flow_category_network_count=15,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=10,flow_category_network_count=15,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=33,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=7,flow_severity_medium=10,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=34,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_change_cipher.pcap.out b/test/results/influxd/default/tls_change_cipher.pcap.out index a7b76d1d6..d014dd651 100644 --- a/test/results/influxd/default/tls_change_cipher.pcap.out +++ b/test/results/influxd/default/tls_change_cipher.pcap.out @@ -2,7 +2,7 @@ general json_lines=31,json_bytes=29786,flow_src_total_bytes=0,flow_dst_total_byt events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=14,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=14,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_cipher_lens.pcap.out b/test/results/influxd/default/tls_cipher_lens.pcap.out index 582ab7698..9615f8e41 100644 --- a/test/results/influxd/default/tls_cipher_lens.pcap.out +++ b/test/results/influxd/default/tls_cipher_lens.pcap.out @@ -1,8 +1,8 @@ -general json_lines=23,json_bytes=22068,flow_src_total_bytes=895,flow_dst_total_bytes=0 +general json_lines=23,json_bytes=21959,flow_src_total_bytes=895,flow_dst_total_bytes=0 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=5,flow_state_finished=0 breed flow_breed_safe_count=4,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=5,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out index 929fc6379..0384a58f3 100644 --- a/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=20,json_bytes=20346,flow_src_total_bytes=2997,flow_dst_total_bytes=1383 +general json_lines=20,json_bytes=20223,flow_src_total_bytes=2997,flow_dst_total_bytes=1383 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=5,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_ech.pcapng.out b/test/results/influxd/default/tls_ech.pcapng.out index a8365ba33..920a1f494 100644 --- a/test/results/influxd/default/tls_ech.pcapng.out +++ b/test/results/influxd/default/tls_ech.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10634,flow_src_total_bytes=648,flow_dst_total_bytes=2702 +general json_lines=12,json_bytes=10552,flow_src_total_bytes=648,flow_dst_total_bytes=2702 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_esni_sni_both.pcap.out b/test/results/influxd/default/tls_esni_sni_both.pcap.out index 2b6053487..7dee58b22 100644 --- a/test/results/influxd/default/tls_esni_sni_both.pcap.out +++ b/test/results/influxd/default/tls_esni_sni_both.pcap.out @@ -1,8 +1,8 @@ -general json_lines=21,json_bytes=19920,flow_src_total_bytes=1691,flow_dst_total_bytes=12084 +general json_lines=21,json_bytes=19756,flow_src_total_bytes=1691,flow_dst_total_bytes=12084 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=0 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_false_positives.pcapng.out b/test/results/influxd/default/tls_false_positives.pcapng.out index c4c34ff93..aba6d561d 100644 --- a/test/results/influxd/default/tls_false_positives.pcapng.out +++ b/test/results/influxd/default/tls_false_positives.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=10165,flow_src_total_bytes=33806,flow_dst_total events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/influxd/default/tls_heur__shadowsocks-tcp.pcapng.out index 2f4680358..fc847f9f6 100644 --- a/test/results/influxd/default/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/influxd/default/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=33414,flow_src_total_bytes=2832,flow_dst_total_bytes=70769 +general json_lines=38,json_bytes=33332,flow_src_total_bytes=2832,flow_dst_total_bytes=70769 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/influxd/default/tls_heur__trojan-tcp-tls.pcapng.out index bffb55787..19c46af80 100644 --- a/test/results/influxd/default/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/influxd/default/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=75,json_bytes=67452,flow_src_total_bytes=3321,flow_dst_total_bytes=29989 +general json_lines=75,json_bytes=67288,flow_src_total_bytes=3321,flow_dst_total_bytes=29989 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=9 breed flow_breed_safe_count=1,flow_breed_acceptable_count=5,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/influxd/default/tls_heur__vmess-tcp-tls.pcapng.out index d08bf99f4..14ce5fd2e 100644 --- a/test/results/influxd/default/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/influxd/default/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=74,json_bytes=64827,flow_src_total_bytes=3385,flow_dst_total_bytes=37346 +general json_lines=74,json_bytes=64663,flow_src_total_bytes=3385,flow_dst_total_bytes=37346 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=8 breed flow_breed_safe_count=1,flow_breed_acceptable_count=5,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_heur__vmess-tcp.pcapng.out b/test/results/influxd/default/tls_heur__vmess-tcp.pcapng.out index 57b05713c..342cb7ba7 100644 --- a/test/results/influxd/default/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/influxd/default/tls_heur__vmess-tcp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=32769,flow_src_total_bytes=2990,flow_dst_total_bytes=59245 +general json_lines=38,json_bytes=32687,flow_src_total_bytes=2990,flow_dst_total_bytes=59245 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_heur__vmess-websocket.pcapng.out b/test/results/influxd/default/tls_heur__vmess-websocket.pcapng.out index 3d9f0f825..6ae6ad5cc 100644 --- a/test/results/influxd/default/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/influxd/default/tls_heur__vmess-websocket.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=34444,flow_src_total_bytes=3074,flow_dst_total_bytes=59242 +general json_lines=38,json_bytes=34404,flow_src_total_bytes=3074,flow_dst_total_bytes=59242 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_invalid_reads.pcap.out b/test/results/influxd/default/tls_invalid_reads.pcap.out index 1432226f5..53360ae02 100644 --- a/test/results/influxd/default/tls_invalid_reads.pcap.out +++ b/test/results/influxd/default/tls_invalid_reads.pcap.out @@ -1,11 +1,11 @@ -general json_lines=24,json_bytes=17219,flow_src_total_bytes=112,flow_dst_total_bytes=1329 +general json_lines=24,json_bytes=17407,flow_src_total_bytes=112,flow_dst_total_bytes=1329 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=3,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=3,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=2,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=2,flow_detected_count=1,flow_guessed_count=1,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=2,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=2,flow_risk_8_count=1,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/tls_long_cert.pcap.out b/test/results/influxd/default/tls_long_cert.pcap.out index 920396a33..5d505d97e 100644 --- a/test/results/influxd/default/tls_long_cert.pcap.out +++ b/test/results/influxd/default/tls_long_cert.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=15293,flow_src_total_bytes=2858,flow_dst_total_bytes=102711 +general json_lines=14,json_bytes=15170,flow_src_total_bytes=2858,flow_dst_total_bytes=102711 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_malicious_sha1.pcapng.out b/test/results/influxd/default/tls_malicious_sha1.pcapng.out index 3ebeaaace..d57ffa90d 100644 --- a/test/results/influxd/default/tls_malicious_sha1.pcapng.out +++ b/test/results/influxd/default/tls_malicious_sha1.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=11657,flow_src_total_bytes=534,flow_dst_total_bytes=4762 +general json_lines=13,json_bytes=11534,flow_src_total_bytes=534,flow_dst_total_bytes=4762 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_missing_ch_frag.pcap.out b/test/results/influxd/default/tls_missing_ch_frag.pcap.out index fb56408d2..b4b6df092 100644 --- a/test/results/influxd/default/tls_missing_ch_frag.pcap.out +++ b/test/results/influxd/default/tls_missing_ch_frag.pcap.out @@ -1,8 +1,8 @@ -general json_lines=11,json_bytes=15084,flow_src_total_bytes=6121,flow_dst_total_bytes=3029 +general json_lines=11,json_bytes=15075,flow_src_total_bytes=6121,flow_dst_total_bytes=3029 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out index 513fb6287..19ddf5cf4 100644 --- a/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12768,flow_src_total_bytes=5427,flow_dst_total_bytes=517 +general json_lines=13,json_bytes=12645,flow_src_total_bytes=5427,flow_dst_total_bytes=517 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_port_80.pcapng.out b/test/results/influxd/default/tls_port_80.pcapng.out index 3de2231dd..9ba7aa784 100644 --- a/test/results/influxd/default/tls_port_80.pcapng.out +++ b/test/results/influxd/default/tls_port_80.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10328,flow_src_total_bytes=245,flow_dst_total_bytes=1360 +general json_lines=12,json_bytes=10246,flow_src_total_bytes=245,flow_dst_total_bytes=1360 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_torrent.pcapng.out b/test/results/influxd/default/tls_torrent.pcapng.out index ea25435a4..1f5b99691 100644 --- a/test/results/influxd/default/tls_torrent.pcapng.out +++ b/test/results/influxd/default/tls_torrent.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=15643,flow_src_total_bytes=5574,flow_dst_total_bytes=332 +general json_lines=13,json_bytes=15520,flow_src_total_bytes=5574,flow_dst_total_bytes=332 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_unidirectional.pcap.out b/test/results/influxd/default/tls_unidirectional.pcap.out index 4e1eb16b3..c2fc1a9a4 100644 --- a/test/results/influxd/default/tls_unidirectional.pcap.out +++ b/test/results/influxd/default/tls_unidirectional.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7708,flow_src_total_bytes=2,flow_dst_total_byte events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_verylong_certificate.pcap.out b/test/results/influxd/default/tls_verylong_certificate.pcap.out index 6a37c4c91..2153f8701 100644 --- a/test/results/influxd/default/tls_verylong_certificate.pcap.out +++ b/test/results/influxd/default/tls_verylong_certificate.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=16602,flow_src_total_bytes=844,flow_dst_total_bytes=18233 +general json_lines=14,json_bytes=16479,flow_src_total_bytes=844,flow_dst_total_bytes=18233 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tls_with_huge_ch.pcapng.out b/test/results/influxd/default/tls_with_huge_ch.pcapng.out index c3fbda591..7b9695a87 100644 --- a/test/results/influxd/default/tls_with_huge_ch.pcapng.out +++ b/test/results/influxd/default/tls_with_huge_ch.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=11501,flow_src_total_bytes=38922,flow_dst_total_bytes=51750 +general json_lines=12,json_bytes=11460,flow_src_total_bytes=38922,flow_dst_total_bytes=51750 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/toca-boca.pcap.out b/test/results/influxd/default/toca-boca.pcap.out index 8afc1dded..87d34aac4 100644 --- a/test/results/influxd/default/toca-boca.pcap.out +++ b/test/results/influxd/default/toca-boca.pcap.out @@ -2,7 +2,7 @@ general json_lines=118,json_bytes=100560,flow_src_total_bytes=8377,flow_dst_tota events flow_new_count=21,flow_end_count=0,flow_idle_count=21,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=4,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=37,init_count=1,reconnect_count=0,shutdown_count=1,status_count=11,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=17,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=17,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=17,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=17,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=21,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tor.pcap.out b/test/results/influxd/default/tor.pcap.out index bd9e9e1e4..a9907d1c9 100644 --- a/test/results/influxd/default/tor.pcap.out +++ b/test/results/influxd/default/tor.pcap.out @@ -1,11 +1,11 @@ -general json_lines=166,json_bytes=118817,flow_src_total_bytes=42783,flow_dst_total_bytes=74483 -events flow_new_count=11,flow_end_count=6,flow_idle_count=5,flow_update_count=6,flow_analyse_count=5,flow_guessed_count=1,flow_detected_count=10,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=8,packet_count=32,packet_flow_count=47,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=166,json_bytes=117886,flow_src_total_bytes=42783,flow_dst_total_bytes=74483 +events flow_new_count=11,flow_end_count=6,flow_idle_count=5,flow_update_count=6,flow_analyse_count=5,flow_guessed_count=1,flow_detected_count=10,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=7,packet_count=32,packet_flow_count=47,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=8 breed flow_breed_safe_count=4,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=3,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=3,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=3,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=17,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=17,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=1,flow_l3_other_count=0 layer4 flow_l4_tcp_count=8,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=11,flow_detected_count=10,flow_guessed_count=1,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=14,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=6,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=7,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=14,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=6,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=6,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/tplink_shp.pcap.out b/test/results/influxd/default/tplink_shp.pcap.out index ca51ccc9a..dbe1b8928 100644 --- a/test/results/influxd/default/tplink_shp.pcap.out +++ b/test/results/influxd/default/tplink_shp.pcap.out @@ -2,7 +2,7 @@ general json_lines=314,json_bytes=296386,flow_src_total_bytes=7279,flow_dst_tota events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=241,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=8 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=8,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=8,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/trdp.pcapng.out b/test/results/influxd/default/trdp.pcapng.out index aa9315629..c78a8b39e 100644 --- a/test/results/influxd/default/trdp.pcapng.out +++ b/test/results/influxd/default/trdp.pcapng.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=16039,flow_src_total_bytes=392,flow_dst_total_b events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=3,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=3,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/trickbot.pcap.out b/test/results/influxd/default/trickbot.pcap.out index a1d6e6e8a..2975f34d8 100644 --- a/test/results/influxd/default/trickbot.pcap.out +++ b/test/results/influxd/default/trickbot.pcap.out @@ -2,7 +2,7 @@ general json_lines=13,json_bytes=14660,flow_src_total_bytes=1277,flow_dst_total_ events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tumblr.pcap.out b/test/results/influxd/default/tumblr.pcap.out index e9eef6df5..0f5d27df6 100644 --- a/test/results/influxd/default/tumblr.pcap.out +++ b/test/results/influxd/default/tumblr.pcap.out @@ -1,8 +1,8 @@ -general json_lines=329,json_bytes=285140,flow_src_total_bytes=19532,flow_dst_total_bytes=275102 +general json_lines=329,json_bytes=284361,flow_src_total_bytes=19532,flow_dst_total_bytes=275102 events flow_new_count=47,flow_end_count=1,flow_idle_count=46,flow_update_count=0,flow_analyse_count=9,flow_guessed_count=28,flow_detected_count=19,flow_detection_update_count=25,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=151,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=37,flow_state_finished=10 breed flow_breed_safe_count=13,flow_breed_acceptable_count=2,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=15,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=15,flow_category_social_network_count=2,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=19,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=8,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=47,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tunnelbear.pcap.out b/test/results/influxd/default/tunnelbear.pcap.out index 43c900fd8..73b41e688 100644 --- a/test/results/influxd/default/tunnelbear.pcap.out +++ b/test/results/influxd/default/tunnelbear.pcap.out @@ -1,8 +1,8 @@ -general json_lines=201,json_bytes=179569,flow_src_total_bytes=31759,flow_dst_total_bytes=62430 +general json_lines=201,json_bytes=177984,flow_src_total_bytes=31759,flow_dst_total_bytes=62430 events flow_new_count=22,flow_end_count=13,flow_idle_count=9,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=1,flow_detected_count=21,flow_detection_update_count=19,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=110,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=18,flow_state_finished=4 breed flow_breed_safe_count=1,flow_breed_acceptable_count=18,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=16,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=16,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=8,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=22,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/tuya_lp.pcap.out b/test/results/influxd/default/tuya_lp.pcap.out index b02c48b72..7208ae44c 100644 --- a/test/results/influxd/default/tuya_lp.pcap.out +++ b/test/results/influxd/default/tuya_lp.pcap.out @@ -2,7 +2,7 @@ general json_lines=107,json_bytes=88715,flow_src_total_bytes=17832,flow_dst_tota events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=13 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=13,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=13,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ubntac2.pcap.out b/test/results/influxd/default/ubntac2.pcap.out index 40ba1684e..170a3e158 100644 --- a/test/results/influxd/default/ubntac2.pcap.out +++ b/test/results/influxd/default/ubntac2.pcap.out @@ -2,7 +2,7 @@ general json_lines=37,json_bytes=32513,flow_src_total_bytes=1400,flow_dst_total_ events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=2,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=8 breed flow_breed_safe_count=8,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/uftp_v4_v5.pcap.out b/test/results/influxd/default/uftp_v4_v5.pcap.out index 4b267d461..0e7de0191 100644 --- a/test/results/influxd/default/uftp_v4_v5.pcap.out +++ b/test/results/influxd/default/uftp_v4_v5.pcap.out @@ -2,7 +2,7 @@ general json_lines=29,json_bytes=27579,flow_src_total_bytes=285420,flow_dst_tota events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=3,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=3,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/ultrasurf.pcap.out b/test/results/influxd/default/ultrasurf.pcap.out index eb984be15..f5ad3571f 100644 --- a/test/results/influxd/default/ultrasurf.pcap.out +++ b/test/results/influxd/default/ultrasurf.pcap.out @@ -1,8 +1,8 @@ -general json_lines=32,json_bytes=47190,flow_src_total_bytes=139720,flow_dst_total_bytes=62485 +general json_lines=32,json_bytes=47026,flow_src_total_bytes=139720,flow_dst_total_bytes=62485 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=2,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=1,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/umas.pcap.out b/test/results/influxd/default/umas.pcap.out index 67375de7d..af8b3a06e 100644 --- a/test/results/influxd/default/umas.pcap.out +++ b/test/results/influxd/default/umas.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=9936,flow_src_total_bytes=1788,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=1,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/upnp.pcap.out b/test/results/influxd/default/upnp.pcap.out index 6818fdf3c..d3534caaf 100644 --- a/test/results/influxd/default/upnp.pcap.out +++ b/test/results/influxd/default/upnp.pcap.out @@ -2,7 +2,7 @@ general json_lines=19,json_bytes=21843,flow_src_total_bytes=9184,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/viber.pcap.out b/test/results/influxd/default/viber.pcap.out index de0ac11c8..83f6ba060 100644 --- a/test/results/influxd/default/viber.pcap.out +++ b/test/results/influxd/default/viber.pcap.out @@ -1,8 +1,8 @@ -general json_lines=230,json_bytes=195991,flow_src_total_bytes=26457,flow_dst_total_bytes=101364 +general json_lines=230,json_bytes=195402,flow_src_total_bytes=26457,flow_dst_total_bytes=101364 events flow_new_count=30,flow_end_count=6,flow_idle_count=24,flow_update_count=4,flow_analyse_count=4,flow_guessed_count=4,flow_detected_count=26,flow_detection_update_count=18,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=107,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=22 breed flow_breed_safe_count=4,flow_breed_acceptable_count=9,flow_breed_fun_count=12,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=12,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=12,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=26,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=29,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/vivox.pcapng.out b/test/results/influxd/default/vivox.pcapng.out new file mode 100644 index 000000000..72f0c2570 --- /dev/null +++ b/test/results/influxd/default/vivox.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=16,json_bytes=12594,flow_src_total_bytes=464,flow_dst_total_bytes=0 +events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=1,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=1,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=2,flow_detected_count=2,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=1,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/vk.pcapng.out b/test/results/influxd/default/vk.pcapng.out index 332f3a98b..187f3610f 100644 --- a/test/results/influxd/default/vk.pcapng.out +++ b/test/results/influxd/default/vk.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=84,json_bytes=75642,flow_src_total_bytes=66779,flow_dst_total_bytes=0 +general json_lines=84,json_bytes=75478,flow_src_total_bytes=66779,flow_dst_total_bytes=0 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=43,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=8,flow_state_finished=2 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=4,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=6,flow_category_social_network_count=4,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=10,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/vnc.pcap.out b/test/results/influxd/default/vnc.pcap.out index 600598369..6c48b25a4 100644 --- a/test/results/influxd/default/vnc.pcap.out +++ b/test/results/influxd/default/vnc.pcap.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=18944,flow_src_total_bytes=81754,flow_dst_total events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=2,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/vrrp3.pcapng.out b/test/results/influxd/default/vrrp3.pcapng.out index b3678f8dd..6ff914e0b 100644 --- a/test/results/influxd/default/vrrp3.pcapng.out +++ b/test/results/influxd/default/vrrp3.pcapng.out @@ -2,7 +2,7 @@ general json_lines=15,json_bytes=11057,flow_src_total_bytes=240,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/default/vxlan.pcap.out b/test/results/influxd/default/vxlan.pcap.out index 117252e73..bac910e5b 100644 --- a/test/results/influxd/default/vxlan.pcap.out +++ b/test/results/influxd/default/vxlan.pcap.out @@ -2,7 +2,7 @@ general json_lines=63,json_bytes=60884,flow_src_total_bytes=79480,flow_dst_total events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=9,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=9,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/wa_video.pcap.out b/test/results/influxd/default/wa_video.pcap.out index 15cf86874..fd3c01624 100644 --- a/test/results/influxd/default/wa_video.pcap.out +++ b/test/results/influxd/default/wa_video.pcap.out @@ -1,8 +1,8 @@ -general json_lines=111,json_bytes=99764,flow_src_total_bytes=264122,flow_dst_total_bytes=47653 +general json_lines=111,json_bytes=100429,flow_src_total_bytes=264122,flow_dst_total_bytes=47653 events flow_new_count=14,flow_end_count=0,flow_idle_count=14,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=1,flow_detected_count=13,flow_detection_update_count=13,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=10 breed flow_breed_safe_count=0,flow_breed_acceptable_count=12,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=7,flow_severity_medium=5,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=14,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/wa_voice.pcap.out b/test/results/influxd/default/wa_voice.pcap.out index 455deb379..9a92f6821 100644 --- a/test/results/influxd/default/wa_voice.pcap.out +++ b/test/results/influxd/default/wa_voice.pcap.out @@ -1,8 +1,8 @@ -general json_lines=221,json_bytes=195237,flow_src_total_bytes=34223,flow_dst_total_bytes=94669 +general json_lines=221,json_bytes=195763,flow_src_total_bytes=34223,flow_dst_total_bytes=94669 events flow_new_count=28,flow_end_count=2,flow_idle_count=26,flow_update_count=4,flow_analyse_count=5,flow_guessed_count=0,flow_detected_count=27,flow_detection_update_count=22,flow_not_detected_count=1,flow_risky_count=7,packet_count=0,packet_flow_count=103,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=25 breed flow_breed_safe_count=1,flow_breed_acceptable_count=25,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=5,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=5,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=25,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=7,flow_severity_medium=5,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=27,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/waze.pcap.out b/test/results/influxd/default/waze.pcap.out index 9c77d22ee..93bf2ac90 100644 --- a/test/results/influxd/default/waze.pcap.out +++ b/test/results/influxd/default/waze.pcap.out @@ -1,11 +1,11 @@ -general json_lines=282,json_bytes=232630,flow_src_total_bytes=19999,flow_dst_total_bytes=306184 -events flow_new_count=33,flow_end_count=30,flow_idle_count=3,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=9,flow_detected_count=23,flow_detection_update_count=22,flow_not_detected_count=1,flow_risky_count=21,packet_count=0,packet_flow_count=153,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=282,json_bytes=229832,flow_src_total_bytes=19999,flow_dst_total_bytes=306184 +events flow_new_count=33,flow_end_count=30,flow_idle_count=3,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=9,flow_detected_count=23,flow_detection_update_count=22,flow_not_detected_count=1,flow_risky_count=14,packet_count=0,packet_flow_count=153,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=19,flow_state_finished=14 breed flow_breed_safe_count=13,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=21,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=21,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=23,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=7,flow_severity_medium=1,flow_severity_high=38,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=39,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=33,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=32,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=33,flow_detected_count=23,flow_guessed_count=9,flow_not_detected_count=1 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=34,flow_risk_8_count=6,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=7,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=34,flow_risk_8_count=7,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/webdav.pcap.out b/test/results/influxd/default/webdav.pcap.out index 2097ee586..0a052af72 100644 --- a/test/results/influxd/default/webdav.pcap.out +++ b/test/results/influxd/default/webdav.pcap.out @@ -2,7 +2,7 @@ general json_lines=75,json_bytes=67539,flow_src_total_bytes=4967,flow_dst_total_ events flow_new_count=8,flow_end_count=8,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=8 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=8,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=8,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=8,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/webex.pcap.out b/test/results/influxd/default/webex.pcap.out index e1d6e4bb6..785c80f7b 100644 --- a/test/results/influxd/default/webex.pcap.out +++ b/test/results/influxd/default/webex.pcap.out @@ -1,11 +1,11 @@ -general json_lines=500,json_bytes=426101,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 +general json_lines=500,json_bytes=425165,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 events flow_new_count=57,flow_end_count=45,flow_idle_count=12,flow_update_count=2,flow_analyse_count=6,flow_guessed_count=4,flow_detected_count=53,flow_detection_update_count=39,flow_not_detected_count=0,flow_risky_count=51,packet_count=0,packet_flow_count=279,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=47,flow_state_finished=10 breed flow_breed_safe_count=45,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=47,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=47,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=53,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=10,flow_severity_medium=2,flow_severity_high=101,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=10,flow_severity_medium=2,flow_severity_high=111,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=57,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=55,flow_l4_udp_count=2,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=57,flow_detected_count=53,flow_guessed_count=4,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=76,flow_risk_8_count=25,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=10,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=2,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=76,flow_risk_8_count=36,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=10,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=2,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/websocket-chisel-ssh.pcap.out b/test/results/influxd/default/websocket-chisel-ssh.pcap.out new file mode 100644 index 000000000..e1a5f082d --- /dev/null +++ b/test/results/influxd/default/websocket-chisel-ssh.pcap.out @@ -0,0 +1,11 @@ +general json_lines=17,json_bytes=14389,flow_src_total_bytes=428,flow_dst_total_bytes=205 +events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=1,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=2,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=2,flow_detected_count=2,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=1 diff --git a/test/results/influxd/default/websocket.pcap.out b/test/results/influxd/default/websocket.pcap.out index ce0a76330..73b5af19a 100644 --- a/test/results/influxd/default/websocket.pcap.out +++ b/test/results/influxd/default/websocket.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7956,flow_src_total_bytes=132,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/wechat.pcap.out b/test/results/influxd/default/wechat.pcap.out index 891c75c96..9719b6292 100644 --- a/test/results/influxd/default/wechat.pcap.out +++ b/test/results/influxd/default/wechat.pcap.out @@ -1,11 +1,11 @@ -general json_lines=888,json_bytes=783612,flow_src_total_bytes=184490,flow_dst_total_bytes=376782 -events flow_new_count=109,flow_end_count=52,flow_idle_count=57,flow_update_count=77,flow_analyse_count=17,flow_guessed_count=25,flow_detected_count=84,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=394,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +general json_lines=888,json_bytes=779107,flow_src_total_bytes=184490,flow_dst_total_bytes=376782 +events flow_new_count=109,flow_end_count=52,flow_idle_count=57,flow_update_count=77,flow_analyse_count=17,flow_guessed_count=25,flow_detected_count=84,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=394,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=59,flow_state_finished=50 breed flow_breed_safe_count=6,flow_breed_acceptable_count=42,flow_breed_fun_count=34,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=9,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=27,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=43,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=9,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=27,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=43,flow_category_collaborative_count=1,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=84,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=11,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=9,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=100,flow_l3_ip6_count=9,flow_l3_other_count=0 layer4 flow_l4_tcp_count=59,flow_l4_udp_count=40,flow_l4_icmp_count=0,flow_l4_other_count=10 detection flow_active_count=109,flow_detected_count=84,flow_guessed_count=25,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=2,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=9,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=2,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=9,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/weibo.pcap.out b/test/results/influxd/default/weibo.pcap.out index dae24dc44..80e4d9883 100644 --- a/test/results/influxd/default/weibo.pcap.out +++ b/test/results/influxd/default/weibo.pcap.out @@ -1,8 +1,8 @@ -general json_lines=267,json_bytes=223497,flow_src_total_bytes=9449,flow_dst_total_bytes=225426 +general json_lines=267,json_bytes=223456,flow_src_total_bytes=9449,flow_dst_total_bytes=225426 events flow_new_count=44,flow_end_count=1,flow_idle_count=43,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=21,flow_detected_count=23,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=117,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=17 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=18,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=10,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=12,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=10,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=12,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=23,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=44,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/whatsapp.pcap.out b/test/results/influxd/default/whatsapp.pcap.out index b6bb0501e..65c5c5497 100644 --- a/test/results/influxd/default/whatsapp.pcap.out +++ b/test/results/influxd/default/whatsapp.pcap.out @@ -2,7 +2,7 @@ general json_lines=751,json_bytes=575355,flow_src_total_bytes=50635,flow_dst_tot events flow_new_count=86,flow_end_count=0,flow_idle_count=86,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=86,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=86,packet_count=0,packet_flow_count=430,init_count=1,reconnect_count=0,shutdown_count=1,status_count=61,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=86 breed flow_breed_safe_count=0,flow_breed_acceptable_count=86,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=86,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=86,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=86,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=86,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=86,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/whatsapp_login_call.pcap.out b/test/results/influxd/default/whatsapp_login_call.pcap.out index aa81ab4a3..729fcf3ae 100644 --- a/test/results/influxd/default/whatsapp_login_call.pcap.out +++ b/test/results/influxd/default/whatsapp_login_call.pcap.out @@ -1,11 +1,11 @@ -general json_lines=497,json_bytes=420997,flow_src_total_bytes=81240,flow_dst_total_bytes=51420 +general json_lines=497,json_bytes=423633,flow_src_total_bytes=81240,flow_dst_total_bytes=51420 events flow_new_count=57,flow_end_count=24,flow_idle_count=33,flow_update_count=45,flow_analyse_count=6,flow_guessed_count=20,flow_detected_count=37,flow_detection_update_count=46,flow_not_detected_count=0,flow_risky_count=24,packet_count=0,packet_flow_count=226,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=34,flow_state_finished=23 breed flow_breed_safe_count=6,flow_breed_acceptable_count=30,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=2,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=2,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=33,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=25,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=25,flow_severity_medium=8,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=55,flow_l3_ip6_count=2,flow_l3_other_count=0 layer4 flow_l4_tcp_count=27,flow_l4_udp_count=29,flow_l4_icmp_count=1,flow_l4_other_count=0 detection flow_active_count=57,flow_detected_count=37,flow_guessed_count=20,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=6,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=19,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=3,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=6,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=19,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/whatsapp_login_chat.pcap.out b/test/results/influxd/default/whatsapp_login_chat.pcap.out index 2d3eb627d..88758eac1 100644 --- a/test/results/influxd/default/whatsapp_login_chat.pcap.out +++ b/test/results/influxd/default/whatsapp_login_chat.pcap.out @@ -2,7 +2,7 @@ general json_lines=61,json_bytes=57852,flow_src_total_bytes=19160,flow_dst_total events flow_new_count=9,flow_end_count=2,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=7 breed flow_breed_safe_count=2,flow_breed_acceptable_count=6,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=8,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/default/whatsapp_voice_and_message.pcap.out b/test/results/influxd/default/whatsapp_voice_and_message.pcap.out index 3c5ef666e..6eb34d9cb 100644 --- a/test/results/influxd/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/influxd/default/whatsapp_voice_and_message.pcap.out @@ -1,8 +1,8 @@ -general json_lines=126,json_bytes=103362,flow_src_total_bytes=8982,flow_dst_total_bytes=5407 +general json_lines=126,json_bytes=103626,flow_src_total_bytes=8982,flow_dst_total_bytes=5407 events flow_new_count=13,flow_end_count=4,flow_idle_count=9,flow_update_count=16,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=7,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=8,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=8,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/whatsappfiles.pcap.out b/test/results/influxd/default/whatsappfiles.pcap.out index 6bda7d25f..32863b50c 100644 --- a/test/results/influxd/default/whatsappfiles.pcap.out +++ b/test/results/influxd/default/whatsappfiles.pcap.out @@ -1,8 +1,8 @@ -general json_lines=24,json_bytes=24158,flow_src_total_bytes=179714,flow_dst_total_bytes=230629 +general json_lines=24,json_bytes=23953,flow_src_total_bytes=179714,flow_dst_total_bytes=230629 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/whois.pcapng.out b/test/results/influxd/default/whois.pcapng.out index dfb4476df..70c0461ec 100644 --- a/test/results/influxd/default/whois.pcapng.out +++ b/test/results/influxd/default/whois.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=30,json_bytes=27763,flow_src_total_bytes=3467,flow_dst_total_bytes=1453 +general json_lines=30,json_bytes=27681,flow_src_total_bytes=3467,flow_dst_total_bytes=1453 events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/windowsupdate_over_http.pcap.out b/test/results/influxd/default/windowsupdate_over_http.pcap.out index d3714a828..e13a4b500 100644 --- a/test/results/influxd/default/windowsupdate_over_http.pcap.out +++ b/test/results/influxd/default/windowsupdate_over_http.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=10009,flow_src_total_bytes=479,flow_dst_total_b events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/windscribe.pcapng.out b/test/results/influxd/default/windscribe.pcapng.out index 500b77981..44e6f24e3 100644 --- a/test/results/influxd/default/windscribe.pcapng.out +++ b/test/results/influxd/default/windscribe.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10991,flow_src_total_bytes=2275,flow_dst_total_bytes=5707 +general json_lines=12,json_bytes=10909,flow_src_total_bytes=2275,flow_dst_total_bytes=5707 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/wireguard.pcap.out b/test/results/influxd/default/wireguard.pcap.out index 75eecf2eb..6e97cfe12 100644 --- a/test/results/influxd/default/wireguard.pcap.out +++ b/test/results/influxd/default/wireguard.pcap.out @@ -2,7 +2,7 @@ general json_lines=21,json_bytes=17579,flow_src_total_bytes=7268,flow_dst_total_ events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/wow.pcap.out b/test/results/influxd/default/wow.pcap.out index 6e5be024d..8ab3e825f 100644 --- a/test/results/influxd/default/wow.pcap.out +++ b/test/results/influxd/default/wow.pcap.out @@ -2,7 +2,7 @@ general json_lines=45,json_bytes=32918,flow_src_total_bytes=2812,flow_dst_total_ events flow_new_count=5,flow_end_count=2,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=5 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=5,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=5,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=3,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=5,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/xdmcp.pcap.out b/test/results/influxd/default/xdmcp.pcap.out index 58da418ba..f20025f36 100644 --- a/test/results/influxd/default/xdmcp.pcap.out +++ b/test/results/influxd/default/xdmcp.pcap.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=7992,flow_src_total_bytes=254,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/xiaomi.pcap.out b/test/results/influxd/default/xiaomi.pcap.out index 565451cd6..021eb4a45 100644 --- a/test/results/influxd/default/xiaomi.pcap.out +++ b/test/results/influxd/default/xiaomi.pcap.out @@ -1,11 +1,11 @@ -general json_lines=58,json_bytes=50431,flow_src_total_bytes=3913,flow_dst_total_bytes=4078 +general json_lines=58,json_bytes=50231,flow_src_total_bytes=3913,flow_dst_total_bytes=4078 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=7,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=7,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=7,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=7,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=7,flow_detected_count=7,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=1,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=6,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=1,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=5,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/default/xss.pcap.out b/test/results/influxd/default/xss.pcap.out index 6765784ce..d39f7cced 100644 --- a/test/results/influxd/default/xss.pcap.out +++ b/test/results/influxd/default/xss.pcap.out @@ -2,7 +2,7 @@ general json_lines=17,json_bytes=13505,flow_src_total_bytes=608,flow_dst_total_b events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/yandex.pcapng.out b/test/results/influxd/default/yandex.pcapng.out index 2b26a61c4..9b2aa3e51 100644 --- a/test/results/influxd/default/yandex.pcapng.out +++ b/test/results/influxd/default/yandex.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=84,json_bytes=75231,flow_src_total_bytes=19090,flow_dst_total_bytes=29801 +general json_lines=84,json_bytes=74575,flow_src_total_bytes=19090,flow_dst_total_bytes=29801 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=45,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=9,flow_state_finished=0 breed flow_breed_safe_count=7,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=1,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=1,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/yojimbo.pcap.out b/test/results/influxd/default/yojimbo.pcap.out index bcf32a0a4..8535fe981 100644 --- a/test/results/influxd/default/yojimbo.pcap.out +++ b/test/results/influxd/default/yojimbo.pcap.out @@ -2,7 +2,7 @@ general json_lines=7,json_bytes=6975,flow_src_total_bytes=1078,flow_dst_total_by events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=1,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/youtube_quic.pcap.out b/test/results/influxd/default/youtube_quic.pcap.out index a4503f741..513314385 100644 --- a/test/results/influxd/default/youtube_quic.pcap.out +++ b/test/results/influxd/default/youtube_quic.pcap.out @@ -1,8 +1,8 @@ -general json_lines=28,json_bytes=39379,flow_src_total_bytes=16934,flow_dst_total_bytes=162567 +general json_lines=28,json_bytes=39187,flow_src_total_bytes=16934,flow_dst_total_bytes=162567 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/youtubeupload.pcap.out b/test/results/influxd/default/youtubeupload.pcap.out index a8922171a..dcc879eab 100644 --- a/test/results/influxd/default/youtubeupload.pcap.out +++ b/test/results/influxd/default/youtubeupload.pcap.out @@ -1,8 +1,8 @@ -general json_lines=30,json_bytes=41391,flow_src_total_bytes=105513,flow_dst_total_bytes=15573 +general json_lines=30,json_bytes=41140,flow_src_total_bytes=105513,flow_dst_total_bytes=15573 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=3,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/z3950.pcapng.out b/test/results/influxd/default/z3950.pcapng.out index 82007ce75..36d56045b 100644 --- a/test/results/influxd/default/z3950.pcapng.out +++ b/test/results/influxd/default/z3950.pcapng.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=14351,flow_src_total_bytes=445,flow_dst_total_b events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/zabbix.pcap.out b/test/results/influxd/default/zabbix.pcap.out index b19d806e5..eeb92a247 100644 --- a/test/results/influxd/default/zabbix.pcap.out +++ b/test/results/influxd/default/zabbix.pcap.out @@ -2,7 +2,7 @@ general json_lines=196,json_bytes=142282,flow_src_total_bytes=5346,flow_dst_tota events flow_new_count=24,flow_end_count=24,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=24,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=120,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=24 breed flow_breed_safe_count=0,flow_breed_acceptable_count=24,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=24,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=24,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=24,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=24,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/zattoo.pcap.out b/test/results/influxd/default/zattoo.pcap.out index 2cdf508c1..69e3ffff5 100644 --- a/test/results/influxd/default/zattoo.pcap.out +++ b/test/results/influxd/default/zattoo.pcap.out @@ -1,8 +1,8 @@ -general json_lines=20,json_bytes=18695,flow_src_total_bytes=7381,flow_dst_total_bytes=4290 +general json_lines=20,json_bytes=18613,flow_src_total_bytes=7381,flow_dst_total_bytes=4290 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=2,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=2,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/zoom.pcap.out b/test/results/influxd/default/zoom.pcap.out index 5585bbc93..26f0b8a7b 100644 --- a/test/results/influxd/default/zoom.pcap.out +++ b/test/results/influxd/default/zoom.pcap.out @@ -1,8 +1,8 @@ -general json_lines=317,json_bytes=246273,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 +general json_lines=317,json_bytes=245352,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 events flow_new_count=33,flow_end_count=6,flow_idle_count=27,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=31,flow_detection_update_count=26,flow_not_detected_count=0,flow_risky_count=11,packet_count=35,packet_flow_count=115,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=21 breed flow_breed_safe_count=3,flow_breed_acceptable_count=27,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=14,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=14,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=31,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=21,flow_severity_medium=3,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=33,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/zoom2.pcap.out b/test/results/influxd/default/zoom2.pcap.out index 2694c0e4c..0a7c68e2a 100644 --- a/test/results/influxd/default/zoom2.pcap.out +++ b/test/results/influxd/default/zoom2.pcap.out @@ -1,8 +1,8 @@ -general json_lines=46,json_bytes=42642,flow_src_total_bytes=14983,flow_dst_total_bytes=82787 +general json_lines=46,json_bytes=42519,flow_src_total_bytes=14983,flow_dst_total_bytes=82787 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=4,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=4,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/zoom_p2p.pcapng.out b/test/results/influxd/default/zoom_p2p.pcapng.out index 456efb44b..696829c4a 100644 --- a/test/results/influxd/default/zoom_p2p.pcapng.out +++ b/test/results/influxd/default/zoom_p2p.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=134,json_bytes=114701,flow_src_total_bytes=137033,flow_dst_total_bytes=103149 +general json_lines=134,json_bytes=114833,flow_src_total_bytes=137033,flow_dst_total_bytes=103149 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=27,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=11 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=8,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=8,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/default/zug.pcap.out b/test/results/influxd/default/zug.pcap.out index f7808112f..027029f37 100644 --- a/test/results/influxd/default/zug.pcap.out +++ b/test/results/influxd/default/zug.pcap.out @@ -2,7 +2,7 @@ general json_lines=36,json_bytes=30818,flow_src_total_bytes=1142,flow_dst_total_ events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=6,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=6,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_aggressiveness/ookla.pcap.out b/test/results/influxd/disable_aggressiveness/ookla.pcap.out index 7372b3404..e353b1677 100644 --- a/test/results/influxd/disable_aggressiveness/ookla.pcap.out +++ b/test/results/influxd/disable_aggressiveness/ookla.pcap.out @@ -1,8 +1,8 @@ -general json_lines=55,json_bytes=44179,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 +general json_lines=55,json_bytes=44015,flow_src_total_bytes=22732,flow_dst_total_bytes=8117 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=3 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=5,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_metadata/sip.pcap.out b/test/results/influxd/disable_metadata/sip.pcap.out deleted file mode 100644 index 6388d6efa..000000000 --- a/test/results/influxd/disable_metadata/sip.pcap.out +++ /dev/null @@ -1,11 +0,0 @@ -general json_lines=59,json_bytes=59066,flow_src_total_bytes=28304,flow_dst_total_bytes=16151 -events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=25,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=1,flow_state_finished=3 -breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=0,flow_l4_udp_count=4,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=4,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=1 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out deleted file mode 100644 index dbc358069..000000000 --- a/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,11 +0,0 @@ -general json_lines=14,json_bytes=16417,flow_src_total_bytes=844,flow_dst_total_bytes=18233 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/influxd/disable_metadata_and_flowrisks/sip.pcap.out new file mode 100644 index 000000000..6086577b7 --- /dev/null +++ b/test/results/influxd/disable_metadata_and_flowrisks/sip.pcap.out @@ -0,0 +1,11 @@ +general json_lines=59,json_bytes=60130,flow_src_total_bytes=28304,flow_dst_total_bytes=16151 +events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=25,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=1,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=4,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=4,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=1 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/influxd/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..f92b4ea74 --- /dev/null +++ b/test/results/influxd/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out @@ -0,0 +1,11 @@ +general json_lines=14,json_bytes=16801,flow_src_total_bytes=844,flow_dst_total_bytes=18233 +events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out b/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out index d7487f479..bdc7e145c 100644 --- a/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ general json_lines=9,json_bytes=8116,flow_src_total_bytes=61,flow_dst_total_byte events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_protocols/pluralsight.pcap.out b/test/results/influxd/disable_protocols/pluralsight.pcap.out index c02881f4a..4c606ebc5 100644 --- a/test/results/influxd/disable_protocols/pluralsight.pcap.out +++ b/test/results/influxd/disable_protocols/pluralsight.pcap.out @@ -1,8 +1,8 @@ -general json_lines=59,json_bytes=75196,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 +general json_lines=59,json_bytes=74540,flow_src_total_bytes=3540,flow_dst_total_bytes=23176 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=28,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=6,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=6,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=6,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out index c47f3b474..1c2578dac 100644 --- a/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=10,json_bytes=16010,flow_src_total_bytes=2538,flow_dst_total_bytes=6981 +general json_lines=10,json_bytes=15969,flow_src_total_bytes=2538,flow_dst_total_bytes=6981 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_protocols/soap.pcap.out b/test/results/influxd/disable_protocols/soap.pcap.out index 7b1f21d51..265c01fc9 100644 --- a/test/results/influxd/disable_protocols/soap.pcap.out +++ b/test/results/influxd/disable_protocols/soap.pcap.out @@ -2,7 +2,7 @@ general json_lines=24,json_bytes=28768,flow_src_total_bytes=8109,flow_dst_total_ events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=2,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_use_client_ip/bot.pcap.out b/test/results/influxd/disable_use_client_ip/bot.pcap.out index 3ae72c44a..14630d353 100644 --- a/test/results/influxd/disable_use_client_ip/bot.pcap.out +++ b/test/results/influxd/disable_use_client_ip/bot.pcap.out @@ -2,7 +2,7 @@ general json_lines=12,json_bytes=11270,flow_src_total_bytes=316,flow_dst_total_b events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/disable_use_client_port/iphone.pcap.out b/test/results/influxd/disable_use_client_port/iphone.pcap.out index b44a31f24..7d2c5f36b 100644 --- a/test/results/influxd/disable_use_client_port/iphone.pcap.out +++ b/test/results/influxd/disable_use_client_port/iphone.pcap.out @@ -1,8 +1,8 @@ -general json_lines=356,json_bytes=334197,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 +general json_lines=356,json_bytes=332762,flow_src_total_bytes=99351,flow_dst_total_bytes=91009 events flow_new_count=51,flow_end_count=3,flow_idle_count=48,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=50,flow_detection_update_count=40,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=156,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=13,flow_state_finished=38 breed flow_breed_safe_count=17,flow_breed_acceptable_count=24,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=12,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=31,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=12,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=31,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=2,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=1,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=50,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=46,flow_l3_ip6_count=5,flow_l3_other_count=0 diff --git a/test/results/influxd/dns_process_response_disable/dns.pcap.out b/test/results/influxd/dns_process_response_disable/dns.pcap.out index 4c0a70a83..917434134 100644 --- a/test/results/influxd/dns_process_response_disable/dns.pcap.out +++ b/test/results/influxd/dns_process_response_disable/dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=9616,flow_src_total_bytes=67,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out index c08958520..dae4551c6 100644 --- a/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out +++ b/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=9902,flow_src_total_bytes=67,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/enable_doh_heuristic/doh.pcapng.out b/test/results/influxd/enable_doh_heuristic/doh.pcapng.out index 808366f50..ba743f1ef 100644 --- a/test/results/influxd/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/influxd/enable_doh_heuristic/doh.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=13,json_bytes=12906,flow_src_total_bytes=1881,flow_dst_total_bytes=5821 +general json_lines=13,json_bytes=12824,flow_src_total_bytes=1881,flow_dst_total_bytes=5821 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/enable_payload_stat/1kxun.pcap.out b/test/results/influxd/enable_payload_stat/1kxun.pcap.out index 9773a847f..83f01889f 100644 --- a/test/results/influxd/enable_payload_stat/1kxun.pcap.out +++ b/test/results/influxd/enable_payload_stat/1kxun.pcap.out @@ -1,11 +1,11 @@ -general json_lines=1303,json_bytes=1571479,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 -events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=38,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=31,flow_state_finished=166 -breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=37,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +general json_lines=1303,json_bytes=1571504,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=33,flow_not_detected_count=9,flow_risky_count=33,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=26,flow_state_finished=171 +breed flow_breed_safe_count=6,flow_breed_acceptable_count=121,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=68,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=182,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=32,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=3,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 +detection flow_active_count=197,flow_detected_count=182,flow_guessed_count=6,flow_not_detected_count=9 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out index 6965cb48f..14032f7f1 100644 --- a/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out +++ b/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out @@ -1,8 +1,8 @@ -general json_lines=25,json_bytes=20749,flow_src_total_bytes=1624,flow_dst_total_bytes=6451 +general json_lines=25,json_bytes=20626,flow_src_total_bytes=1624,flow_dst_total_bytes=6451 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=2,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/fpc/1kxun.pcap.out b/test/results/influxd/fpc/1kxun.pcap.out new file mode 100644 index 000000000..953f888df --- /dev/null +++ b/test/results/influxd/fpc/1kxun.pcap.out @@ -0,0 +1,11 @@ +general json_lines=1303,json_bytes=1550656,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=33,flow_not_detected_count=9,flow_risky_count=33,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=26,flow_state_finished=171 +breed flow_breed_safe_count=6,flow_breed_acceptable_count=121,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=68,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=182,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=32,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=197,flow_detected_count=182,flow_guessed_count=6,flow_not_detected_count=9 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/fpc/signal_videocall.pcapng.out b/test/results/influxd/fpc/signal_videocall.pcapng.out new file mode 100644 index 000000000..bb3eddc7a --- /dev/null +++ b/test/results/influxd/fpc/signal_videocall.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=34,json_bytes=29593,flow_src_total_bytes=81563,flow_dst_total_bytes=27668 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=1,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/fpc_disabled/teams.pcap.out b/test/results/influxd/fpc_disabled/teams.pcap.out index e467ee2dc..133a58dfb 100644 --- a/test/results/influxd/fpc_disabled/teams.pcap.out +++ b/test/results/influxd/fpc_disabled/teams.pcap.out @@ -1,8 +1,8 @@ -general json_lines=668,json_bytes=641812,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 +general json_lines=668,json_bytes=640202,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=51,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=56 -breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=51,flow_breed_acceptable_count=28,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=27,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=38,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out index bf4384920..5d5cc9431 100644 --- a/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/influxd/guess_ip_before_port_enabled/1kxun.pcap.out @@ -1,11 +1,11 @@ -general json_lines=1303,json_bytes=1583206,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 -events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=38,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=31,flow_state_finished=166 -breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=37,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +general json_lines=1303,json_bytes=1583231,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=33,flow_not_detected_count=9,flow_risky_count=33,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=26,flow_state_finished=171 +breed flow_breed_safe_count=6,flow_breed_acceptable_count=121,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=68,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=182,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=32,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=3,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 +detection flow_active_count=197,flow_detected_count=182,flow_guessed_count=6,flow_not_detected_count=9 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/guessing_disable/webex.pcap.out b/test/results/influxd/guessing_disable/webex.pcap.out index 23c8ee945..a335a323b 100644 --- a/test/results/influxd/guessing_disable/webex.pcap.out +++ b/test/results/influxd/guessing_disable/webex.pcap.out @@ -1,11 +1,11 @@ -general json_lines=500,json_bytes=430601,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 +general json_lines=500,json_bytes=429665,flow_src_total_bytes=67701,flow_dst_total_bytes=426653 events flow_new_count=57,flow_end_count=45,flow_idle_count=12,flow_update_count=2,flow_analyse_count=6,flow_guessed_count=4,flow_detected_count=53,flow_detection_update_count=39,flow_not_detected_count=0,flow_risky_count=51,packet_count=0,packet_flow_count=279,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=47,flow_state_finished=10 breed flow_breed_safe_count=45,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=47,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=47,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=53,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=10,flow_severity_medium=2,flow_severity_high=101,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +severity flow_severity_low=10,flow_severity_medium=2,flow_severity_high=111,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=57,flow_l3_ip6_count=0,flow_l3_other_count=0 layer4 flow_l4_tcp_count=55,flow_l4_udp_count=2,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=57,flow_detected_count=53,flow_guessed_count=4,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=76,flow_risk_8_count=25,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=10,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=2,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=76,flow_risk_8_count=36,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=10,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=2,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/http_process_response_disable/http.pcapng.out b/test/results/influxd/http_process_response_disable/http.pcapng.out index 39a3314fb..e9c2543ce 100644 --- a/test/results/influxd/http_process_response_disable/http.pcapng.out +++ b/test/results/influxd/http_process_response_disable/http.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8302,flow_src_total_bytes=74,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out index adfa9916c..313b62cb7 100644 --- a/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out +++ b/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out @@ -2,7 +2,7 @@ general json_lines=20,json_bytes=22193,flow_src_total_bytes=8665,flow_dst_total_ events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=0,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/ip_lists_disable/1kxun.pcap.out b/test/results/influxd/ip_lists_disable/1kxun.pcap.out index 08b3a09fb..42965803f 100644 --- a/test/results/influxd/ip_lists_disable/1kxun.pcap.out +++ b/test/results/influxd/ip_lists_disable/1kxun.pcap.out @@ -1,11 +1,11 @@ -general json_lines=1303,json_bytes=1567570,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 -events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=38,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=31,flow_state_finished=166 -breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=37,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +general json_lines=1303,json_bytes=1567595,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815 +events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=182,flow_detection_update_count=33,flow_not_detected_count=9,flow_risky_count=33,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=26,flow_state_finished=171 +breed flow_breed_safe_count=6,flow_breed_acceptable_count=121,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=68,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=182,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=32,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=3,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 +detection flow_active_count=197,flow_detected_count=182,flow_guessed_count=6,flow_not_detected_count=9 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/monitoring/signal_audiocall.pcapng.out b/test/results/influxd/monitoring/signal_audiocall.pcapng.out new file mode 100644 index 000000000..e2ea614a0 --- /dev/null +++ b/test/results/influxd/monitoring/signal_audiocall.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=44,json_bytes=39875,flow_src_total_bytes=19864,flow_dst_total_bytes=19438 +events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=4 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=4,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=4,flow_detected_count=4,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=4,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/monitoring/signal_videocall.pcapng.out b/test/results/influxd/monitoring/signal_videocall.pcapng.out new file mode 100644 index 000000000..68f7614e9 --- /dev/null +++ b/test/results/influxd/monitoring/signal_videocall.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=34,json_bytes=29831,flow_src_total_bytes=81563,flow_dst_total_bytes=27668 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=1,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/influxd/monitoring/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..31dc5bc0f --- /dev/null +++ b/test/results/influxd/monitoring/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=14,json_bytes=13654,flow_src_total_bytes=67701,flow_dst_total_bytes=18298 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=3,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/monitoring/stun.pcap.out b/test/results/influxd/monitoring/stun.pcap.out index d7e7dc49b..0ac9db2d9 100644 --- a/test/results/influxd/monitoring/stun.pcap.out +++ b/test/results/influxd/monitoring/stun.pcap.out @@ -1,8 +1,8 @@ -general json_lines=92,json_bytes=82593,flow_src_total_bytes=9664,flow_dst_total_bytes=9072 +general json_lines=92,json_bytes=82993,flow_src_total_bytes=9664,flow_dst_total_bytes=9072 events flow_new_count=9,flow_end_count=1,flow_idle_count=8,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=11,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=38,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=7 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=9,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=3,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=2,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/stun_google_meet.pcapng.out b/test/results/influxd/monitoring/stun_google_meet.pcapng.out index 90fb88a7e..2d7a76e55 100644 --- a/test/results/influxd/monitoring/stun_google_meet.pcapng.out +++ b/test/results/influxd/monitoring/stun_google_meet.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=76,json_bytes=69958,flow_src_total_bytes=13243,flow_dst_total_bytes=43190 +general json_lines=76,json_bytes=70093,flow_src_total_bytes=13243,flow_dst_total_bytes=43190 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=6,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=34,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=5,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=7,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/stun_signal.pcapng.out b/test/results/influxd/monitoring/stun_signal.pcapng.out index d11df81d1..7f6fba95a 100644 --- a/test/results/influxd/monitoring/stun_signal.pcapng.out +++ b/test/results/influxd/monitoring/stun_signal.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=233,json_bytes=199422,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 +general json_lines=233,json_bytes=201118,flow_src_total_bytes=13408,flow_dst_total_bytes=16192 events flow_new_count=23,flow_end_count=0,flow_idle_count=23,flow_update_count=15,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=23,flow_detection_update_count=30,flow_not_detected_count=0,flow_risky_count=19,packet_count=0,packet_flow_count=113,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=3,flow_state_finished=20 breed flow_breed_safe_count=0,flow_breed_acceptable_count=23,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=15,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=15,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=15,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=16,flow_severity_medium=35,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=23,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/stun_wa_call.pcapng.out b/test/results/influxd/monitoring/stun_wa_call.pcapng.out index 580ef00f2..fa5c0ac3c 100644 --- a/test/results/influxd/monitoring/stun_wa_call.pcapng.out +++ b/test/results/influxd/monitoring/stun_wa_call.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=132,json_bytes=119151,flow_src_total_bytes=44019,flow_dst_total_bytes=64856 +general json_lines=132,json_bytes=120295,flow_src_total_bytes=44019,flow_dst_total_bytes=64856 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=22,flow_not_detected_count=0,flow_risky_count=13,packet_count=0,packet_flow_count=61,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=12,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/stun_zoom.pcapng.out b/test/results/influxd/monitoring/stun_zoom.pcapng.out index c12121b7d..ca52199e7 100644 --- a/test/results/influxd/monitoring/stun_zoom.pcapng.out +++ b/test/results/influxd/monitoring/stun_zoom.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=28,json_bytes=27473,flow_src_total_bytes=4671,flow_dst_total_bytes=10647 +general json_lines=28,json_bytes=27509,flow_src_total_bytes=4671,flow_dst_total_bytes=10647 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/teams.pcap.out b/test/results/influxd/monitoring/teams.pcap.out index 34f9a1642..0a775351f 100644 --- a/test/results/influxd/monitoring/teams.pcap.out +++ b/test/results/influxd/monitoring/teams.pcap.out @@ -1,8 +1,8 @@ -general json_lines=668,json_bytes=640476,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 +general json_lines=668,json_bytes=638866,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=51,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=56 -breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=51,flow_breed_acceptable_count=28,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=27,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=38,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/telegram_videocall.pcapng.out b/test/results/influxd/monitoring/telegram_videocall.pcapng.out index 17dc97fc8..47a3f352e 100644 --- a/test/results/influxd/monitoring/telegram_videocall.pcapng.out +++ b/test/results/influxd/monitoring/telegram_videocall.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=258,json_bytes=220556,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 +general json_lines=258,json_bytes=221659,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=26,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=20 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=7,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=12,flow_severity_medium=30,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=31,flow_l3_ip6_count=3,flow_l3_other_count=0 diff --git a/test/results/influxd/monitoring/telegram_videocall_2.pcapng.out b/test/results/influxd/monitoring/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..9e26c0158 --- /dev/null +++ b/test/results/influxd/monitoring/telegram_videocall_2.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=65,json_bytes=56276,flow_src_total_bytes=49274,flow_dst_total_bytes=68741 +events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=4,flow_state_finished=4 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=3,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=5,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=1,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=8,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=8,flow_detected_count=8,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=6,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/monitoring/telegram_voice.pcapng.out b/test/results/influxd/monitoring/telegram_voice.pcapng.out new file mode 100644 index 000000000..a4134878d --- /dev/null +++ b/test/results/influxd/monitoring/telegram_voice.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=82,json_bytes=70079,flow_src_total_bytes=60389,flow_dst_total_bytes=66728 +events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=39,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=3,flow_state_finished=7 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=3,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=3,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=9,flow_l3_ip6_count=1,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=9,flow_l4_icmp_count=1,flow_l4_other_count=0 +detection flow_active_count=10,flow_detected_count=10,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=1,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/influxd/ndpireader_conf_file/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..0b9100cae --- /dev/null +++ b/test/results/influxd/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=30,json_bytes=27032,flow_src_total_bytes=14851,flow_dst_total_bytes=27360 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=3,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=1,flow_state_finished=2 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=2,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=0,flow_guessed_count=3,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/influxd/ndpireader_conf_file/signal_videocall.pcapng.out new file mode 100644 index 000000000..19ac32e87 --- /dev/null +++ b/test/results/influxd/ndpireader_conf_file/signal_videocall.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=34,json_bytes=30171,flow_src_total_bytes=81563,flow_dst_total_bytes=27668 +events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=3 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=1,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/influxd/ndpireader_conf_file/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..0c6caf0cf --- /dev/null +++ b/test/results/influxd/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -0,0 +1,11 @@ +general json_lines=13,json_bytes=11472,flow_src_total_bytes=58588,flow_dst_total_bytes=27476 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 +severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 +layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 +layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 +detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 +risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out b/test/results/influxd/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out index 8c70a496b..705e67d97 100644 --- a/test/results/influxd/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out +++ b/test/results/influxd/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out @@ -2,7 +2,7 @@ general json_lines=30,json_bytes=27182,flow_src_total_bytes=14851,flow_dst_total events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=3,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out index 2942054f2..fbc1f20e8 100644 --- a/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out +++ b/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out @@ -1,8 +1,8 @@ -general json_lines=14,json_bytes=16812,flow_src_total_bytes=844,flow_dst_total_bytes=18233 +general json_lines=14,json_bytes=16689,flow_src_total_bytes=844,flow_dst_total_bytes=18233 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_all_attributes_disabled/teams.pcap.out b/test/results/influxd/stun_all_attributes_disabled/teams.pcap.out index a8fe0b22a..2c9421488 100644 --- a/test/results/influxd/stun_all_attributes_disabled/teams.pcap.out +++ b/test/results/influxd/stun_all_attributes_disabled/teams.pcap.out @@ -1,8 +1,8 @@ -general json_lines=668,json_bytes=652500,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 +general json_lines=668,json_bytes=650890,flow_src_total_bytes=293772,flow_dst_total_bytes=293323 events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=51,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=27,flow_state_finished=56 -breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +breed flow_breed_safe_count=51,flow_breed_acceptable_count=28,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=27,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=38,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_extra_dissection/lru_ipv6_caches.pcapng.out b/test/results/influxd/stun_extra_dissection/lru_ipv6_caches.pcapng.out index 05196e31a..2a6ec3321 100644 --- a/test/results/influxd/stun_extra_dissection/lru_ipv6_caches.pcapng.out +++ b/test/results/influxd/stun_extra_dissection/lru_ipv6_caches.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=89,json_bytes=93292,flow_src_total_bytes=14408,flow_dst_total_bytes=846 +general json_lines=89,json_bytes=93337,flow_src_total_bytes=14408,flow_dst_total_bytes=846 events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=11,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=7,flow_state_finished=5 breed flow_breed_safe_count=1,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=13,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=12,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_extra_dissection/stun_dtls_rtp.pcapng.out b/test/results/influxd/stun_extra_dissection/stun_dtls_rtp.pcapng.out index 21a820ee1..e83439f9f 100644 --- a/test/results/influxd/stun_extra_dissection/stun_dtls_rtp.pcapng.out +++ b/test/results/influxd/stun_extra_dissection/stun_dtls_rtp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=25,json_bytes=25070,flow_src_total_bytes=5120,flow_dst_total_bytes=16163 +general json_lines=25,json_bytes=25087,flow_src_total_bytes=5120,flow_dst_total_bytes=16163 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=2,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out index 2f8a9a735..5728c0508 100644 --- a/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=21,json_bytes=18357,flow_src_total_bytes=8552,flow_dst_total_bytes=0 +general json_lines=21,json_bytes=18491,flow_src_total_bytes=8552,flow_dst_total_bytes=0 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out index 43448767f..a83738509 100644 --- a/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out +++ b/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=28,json_bytes=27781,flow_src_total_bytes=4671,flow_dst_total_bytes=10647 +general json_lines=28,json_bytes=27817,flow_src_total_bytes=4671,flow_dst_total_bytes=10647 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=2 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=2,flow_severity_medium=6,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_only_peer_address_enabled/stun_wa_call.pcapng.out b/test/results/influxd/stun_only_peer_address_enabled/stun_wa_call.pcapng.out index 93320f04b..d96fdb1cc 100644 --- a/test/results/influxd/stun_only_peer_address_enabled/stun_wa_call.pcapng.out +++ b/test/results/influxd/stun_only_peer_address_enabled/stun_wa_call.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=132,json_bytes=121791,flow_src_total_bytes=44019,flow_dst_total_bytes=64856 +general json_lines=132,json_bytes=122935,flow_src_total_bytes=44019,flow_dst_total_bytes=64856 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=22,flow_not_detected_count=0,flow_risky_count=13,packet_count=0,packet_flow_count=61,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=4,flow_state_finished=9 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=12,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index dc72b2dee..d89bf59b2 100644 --- a/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/influxd/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=258,json_bytes=225716,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 +general json_lines=258,json_bytes=226819,flow_src_total_bytes=59877,flow_dst_total_bytes=270358 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=26,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=14,flow_state_finished=20 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=7,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=12,flow_severity_medium=30,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=31,flow_l3_ip6_count=3,flow_l3_other_count=0 diff --git a/test/results/influxd/subclassification_disable/anydesk.pcapng.out b/test/results/influxd/subclassification_disable/anydesk.pcapng.out index 9b15136e5..58a5eff89 100644 --- a/test/results/influxd/subclassification_disable/anydesk.pcapng.out +++ b/test/results/influxd/subclassification_disable/anydesk.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=66,json_bytes=67936,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 +general json_lines=66,json_bytes=67526,flow_src_total_bytes=19883,flow_dst_total_bytes=15955 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=6 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=1,flow_category_cloud_count=0,flow_category_network_count=2,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=7,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=4,flow_severity_medium=13,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=7,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/subclassification_disable/dns.pcap.out b/test/results/influxd/subclassification_disable/dns.pcap.out index dfd183379..7d8bcaa8d 100644 --- a/test/results/influxd/subclassification_disable/dns.pcap.out +++ b/test/results/influxd/subclassification_disable/dns.pcap.out @@ -2,7 +2,7 @@ general json_lines=14,json_bytes=9574,flow_src_total_bytes=67,flow_dst_total_byt events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/subclassification_disable/http.pcapng.out b/test/results/influxd/subclassification_disable/http.pcapng.out index 3cd8018cf..ea2f64931 100644 --- a/test/results/influxd/subclassification_disable/http.pcapng.out +++ b/test/results/influxd/subclassification_disable/http.pcapng.out @@ -2,7 +2,7 @@ general json_lines=11,json_bytes=8258,flow_src_total_bytes=74,flow_dst_total_byt events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/subclassification_disable/quic-mvfst-27.pcapng.out b/test/results/influxd/subclassification_disable/quic-mvfst-27.pcapng.out index 56eea096e..c21504843 100644 --- a/test/results/influxd/subclassification_disable/quic-mvfst-27.pcapng.out +++ b/test/results/influxd/subclassification_disable/quic-mvfst-27.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=10,json_bytes=16090,flow_src_total_bytes=2538,flow_dst_total_bytes=6981 +general json_lines=10,json_bytes=16049,flow_src_total_bytes=2538,flow_dst_total_bytes=6981 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=1,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/subclassification_disable/tls_ech.pcapng.out b/test/results/influxd/subclassification_disable/tls_ech.pcapng.out index 310ae4926..b146deeff 100644 --- a/test/results/influxd/subclassification_disable/tls_ech.pcapng.out +++ b/test/results/influxd/subclassification_disable/tls_ech.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=12,json_bytes=10850,flow_src_total_bytes=648,flow_dst_total_bytes=2702 +general json_lines=12,json_bytes=10768,flow_src_total_bytes=648,flow_dst_total_bytes=2702 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=0 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/influxd/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out index f41aeba76..1bb659ec8 100644 --- a/test/results/influxd/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/influxd/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=33984,flow_src_total_bytes=2832,flow_dst_total_bytes=70769 +general json_lines=38,json_bytes=33902,flow_src_total_bytes=2832,flow_dst_total_bytes=70769 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/influxd/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out index d863e06b5..0a9fc9a8a 100644 --- a/test/results/influxd/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/influxd/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=75,json_bytes=68577,flow_src_total_bytes=3321,flow_dst_total_bytes=29989 +general json_lines=75,json_bytes=68413,flow_src_total_bytes=3321,flow_dst_total_bytes=29989 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=9 breed flow_breed_safe_count=1,flow_breed_acceptable_count=5,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out index 8b93f540d..d52b76172 100644 --- a/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=74,json_bytes=65937,flow_src_total_bytes=3385,flow_dst_total_bytes=37346 +general json_lines=74,json_bytes=65773,flow_src_total_bytes=3385,flow_dst_total_bytes=37346 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=8 breed flow_breed_safe_count=1,flow_breed_acceptable_count=5,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=7,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=10,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=3,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=10,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out b/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out index a895835d6..74378ec5a 100644 --- a/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=33339,flow_src_total_bytes=2990,flow_dst_total_bytes=59245 +general json_lines=38,json_bytes=33257,flow_src_total_bytes=2990,flow_dst_total_bytes=59245 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=1,flow_l3_other_count=0 diff --git a/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out index 21ecd1e03..2035276bd 100644 --- a/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/influxd/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=38,json_bytes=35014,flow_src_total_bytes=3074,flow_dst_total_bytes=59242 +general json_lines=38,json_bytes=34974,flow_src_total_bytes=3074,flow_dst_total_bytes=59242 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 579ef16da..000000000 --- a/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,11 +0,0 @@ -general json_lines=14,json_bytes=16742,flow_src_total_bytes=844,flow_dst_total_bytes=18233 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 579ef16da..000000000 --- a/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,11 +0,0 @@ -general json_lines=14,json_bytes=16742,flow_src_total_bytes=844,flow_dst_total_bytes=18233 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 579ef16da..000000000 --- a/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,11 +0,0 @@ -general json_lines=14,json_bytes=16742,flow_src_total_bytes=844,flow_dst_total_bytes=18233 -events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 -state flow_state_info=0,flow_state_finished=1 -breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 -confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 -severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 -layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0 -detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 -risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/influxd/zoom_extra_dissection/zoom.pcap.out b/test/results/influxd/zoom_extra_dissection/zoom.pcap.out index ab435979e..9149011e4 100644 --- a/test/results/influxd/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/influxd/zoom_extra_dissection/zoom.pcap.out @@ -1,8 +1,8 @@ -general json_lines=317,json_bytes=250711,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 +general json_lines=317,json_bytes=249790,flow_src_total_bytes=69672,flow_dst_total_bytes=259806 events flow_new_count=33,flow_end_count=6,flow_idle_count=27,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=31,flow_detection_update_count=26,flow_not_detected_count=0,flow_risky_count=11,packet_count=35,packet_flow_count=115,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=12,flow_state_finished=21 breed flow_breed_safe_count=3,flow_breed_acceptable_count=27,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=14,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=11,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=2,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=14,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=31,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=21,flow_severity_medium=3,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=33,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/zoom_extra_dissection/zoom2.pcap.out b/test/results/influxd/zoom_extra_dissection/zoom2.pcap.out index 03636d1c2..fac505310 100644 --- a/test/results/influxd/zoom_extra_dissection/zoom2.pcap.out +++ b/test/results/influxd/zoom_extra_dissection/zoom2.pcap.out @@ -1,8 +1,8 @@ -general json_lines=46,json_bytes=43286,flow_src_total_bytes=14983,flow_dst_total_bytes=82787 +general json_lines=46,json_bytes=43163,flow_src_total_bytes=14983,flow_dst_total_bytes=82787 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=1,flow_state_finished=3 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=4,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=4,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=4,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=6,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/influxd/zoom_extra_dissection/zoom_p2p.pcapng.out b/test/results/influxd/zoom_extra_dissection/zoom_p2p.pcapng.out index ba85a6cce..bcdf17530 100644 --- a/test/results/influxd/zoom_extra_dissection/zoom_p2p.pcapng.out +++ b/test/results/influxd/zoom_extra_dissection/zoom_p2p.pcapng.out @@ -1,8 +1,8 @@ -general json_lines=134,json_bytes=116577,flow_src_total_bytes=137033,flow_dst_total_bytes=103149 +general json_lines=134,json_bytes=116709,flow_src_total_bytes=137033,flow_dst_total_bytes=103149 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=27,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=2,flow_state_finished=11 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 -category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=8,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=4,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=8,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=13,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=5,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0 diff --git a/test/results/ip_lists_disable/1kxun.pcap.out b/test/results/ip_lists_disable/1kxun.pcap.out index 0aadeea3c..95ab8c964 100644 --- a/test/results/ip_lists_disable/1kxun.pcap.out +++ b/test/results/ip_lists_disable/1kxun.pcap.out @@ -1,5 +1,5 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -177,7 +177,7 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379520893,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104379520893,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1470104379579523,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} -01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} +01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579523,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":244,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379579523,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-","domainame":"sanji-lifebook-"}} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1470104379579704,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379887477,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104379887477,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379903616,"flow_dst_last_pkt_time":1470104379903616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379903616,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -238,9 +238,9 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381237806,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104381238763,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1470104381238800,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381238800,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104381239406,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381238763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381239406,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381240437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104381240437,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"} -01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01543{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104381237806,"flow_src_last_pkt_time":1470104381239406,"flow_dst_last_pkt_time":1470104381243027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104381243027,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104381626995,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1470104381831288,"flow_dst_last_pkt_time":1470104373741279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1470104381831288,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381895304,"flow_dst_last_pkt_time":1470104381895304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381895304,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -327,6 +327,7 @@ 01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390640525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390642049,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_usec":1470104390741932,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} +01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104390741932,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:9A:EC:54","version":"6.35.1 (stable)","software_id":"3DXY-KHGD","board":"CRS125-24G-1S","ipv6_addr":"fe80::4e5e:cff:fe9a:ec54","uptime":2096332544}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390838554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104390838554,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"} 01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104390443500,"flow_src_last_pkt_time":1470104390642049,"flow_dst_last_pkt_time":1470104390846598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":324,"midstream":0,"thread_ts_usec":1470104390846598,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.magicansoft.com","domainame":"api.magicansoft.com","http": {"url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":502,"content_type":"text\/html","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}} 00961{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1470104390945416,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104390945416,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -366,7 +367,7 @@ 00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104393610386,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610386,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile","domainame":"nasfile"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610555,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} -01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} +01006{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393610555,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104393610555,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0","domainame":"macbookair-e1d0"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1470104393610744,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393610744,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1470104393611090,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1470104393813792,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1470104393813792,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} @@ -405,6 +406,7 @@ 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399652689,"flow_src_last_pkt_time":1470104399652689,"flow_dst_last_pkt_time":1470104399652689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399652689,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1470104399854544,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="} +01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399854544,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:88","identity":"4MNAT","version":"6.35.1 (stable)","software_id":"N538-G04U","board":"RB450G","uptime":2207654912}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104399958731,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104399958731,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104399958731,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -444,13 +446,15 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1470104402238628,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104402239704,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1470104402239746,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402239746,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104402240297,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402239704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402240297,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402241217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104402241217,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"} -01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01543{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":716,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104402238628,"flow_src_last_pkt_time":1470104402240297,"flow_dst_last_pkt_time":1470104402243893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104402243893,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1470104402518151,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518151,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1470104402518258,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402518258,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:EA:03:65","identity":"300MNAT","version":"6.35.1 (stable)","software_id":"AXRJ-X6SG","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":2140546048}}} 01127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518736,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"thread_ts_usec":1470104402518736,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfUAAAQR9UfAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} 01160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1470104402518845,"flow_dst_last_pkt_time":1470104400162411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"thread_ts_usec":1470104402518845,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402624102,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104402624102,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -473,6 +477,7 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1470104405589893,"flow_dst_last_pkt_time":1470104397807877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104405589893,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClUIAAAAERsvXAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1470104405794164,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104405794164,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","mikrotik": {"mac_address":"4C:5E:0C:56:47:4F","identity":"IPv6Route","version":"6.35.4 (stable)","software_id":"VS1L-Q18R","board":"RB450G","ipv6_addr":"2001:b030:214:100::1","uptime":101135872}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1470104406717230,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104406717230,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104406717230,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -541,9 +546,9 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1470104414301595,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414301595,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414301849,"flow_dst_last_pkt_time":1470104414301578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104414301849,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1470104414302554,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414301526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414302554,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414303590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104414303590,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"} -01585{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01544{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":848,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104414296334,"flow_src_last_pkt_time":1470104414302554,"flow_dst_last_pkt_time":1470104414305856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104414305856,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370500_07a749158664_d075105c1994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1470104414395988,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":858,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104414395988,"flow_src_last_pkt_time":1470104414395988,"flow_dst_last_pkt_time":1470104414395988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104414395988,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Line","proto_id":"5.315","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dl-obs.official.line.naver.jp","domainame":"dl-obs.official.line.naver.jp","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -598,9 +603,9 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1470104423246688,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104423247634,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_src_last_pkt_time":1470104423247712,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423247712,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":4,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1470104423248266,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":953,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423247634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104423248266,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":5,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423249191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1470104423249191,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"} -01585{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} +01544{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1470104423246688,"flow_src_last_pkt_time":1470104423248266,"flow_dst_last_pkt_time":1470104423251782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1470104423251782,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"192.168.115.75","domainame":"192.168.115.75","tls": {"version":"TLSv1.2","ja3s":"573a9f3f80037fb40d481e2054def5bb","ja4":"t12i370400_07a749158664_e64f6000bf4d","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104376301823,"flow_src_last_pkt_time":1470104422690570,"flow_dst_last_pkt_time":1470104376301823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"shen"}} 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01013{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104403029956,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -686,10 +691,10 @@ 00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"caesar-thinkpad"}} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1470104383810371,"flow_src_last_pkt_time":1470104413815837,"flow_dst_last_pkt_time":1470104413817995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"macbook-air"}} -01137{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01018{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448863,"flow_src_last_pkt_time":1470104427503777,"flow_dst_last_pkt_time":1470104382448863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01155{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":692,"global_ts_usec":1654385119050609} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1033,"packets-processed":1032,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":697,"global_ts_usec":1654385119050609} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01506{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","domainame":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -724,8 +729,7 @@ 01267{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1470104380890420,"flow_src_last_pkt_time":1470104382084909,"flow_dst_last_pkt_time":1470104381881083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":445,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":3612,"flow_dst_tot_l4_payload_len":6271,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"42.120.51.152"}} 01267{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":3,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380928909,"flow_dst_last_pkt_time":1470104380732533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"218.244.135.170"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"vv.video.qq.com"}} -00996{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104399854544,"flow_src_last_pkt_time":1470104399854544,"flow_dst_last_pkt_time":1470104399854544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wpad"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017883,"flow_src_last_pkt_time":1470104433238541,"flow_dst_last_pkt_time":1470104376017883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -739,10 +743,8 @@ 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"????????????"}} -00997{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00998{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104390741932,"flow_src_last_pkt_time":1470104390741932,"flow_dst_last_pkt_time":1470104390741932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217586,"flow_src_last_pkt_time":1470104426277904,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430884669,"flow_src_last_pkt_time":1470104431294729,"flow_dst_last_pkt_time":1470104430884669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} @@ -766,8 +768,7 @@ 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104420438972,"flow_src_last_pkt_time":1470104420540216,"flow_dst_last_pkt_time":1470104420438972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sonusav"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381217455,"flow_src_last_pkt_time":1470104381626995,"flow_dst_last_pkt_time":1470104381217455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"notebook"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -00996{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104430065680,"flow_src_last_pkt_time":1470104430476697,"flow_dst_last_pkt_time":1470104430065680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"charming-pc"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"pic.1kxun.com"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"joanna-pc"}} @@ -833,8 +834,8 @@ 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610386,"flow_src_last_pkt_time":1470104394635803,"flow_dst_last_pkt_time":1470104393610386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"nasfile"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104391564386,"flow_src_last_pkt_time":1470104422179603,"flow_dst_last_pkt_time":1470104391564386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":650,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"isatap"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"wpad"}} -01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} -01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1470104393610555,"flow_src_last_pkt_time":1470104393611090,"flow_dst_last_pkt_time":1470104393610555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"macbookair-e1d0"}} +01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379579523,"flow_src_last_pkt_time":1470104379579704,"flow_dst_last_pkt_time":1470104379579523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":244,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":465,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"sanji-lifebook-"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104398832807,"flow_src_last_pkt_time":1470104398832807,"flow_dst_last_pkt_time":1470104398832807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -849,8 +850,7 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104423202821,"flow_src_last_pkt_time":1470104423202821,"flow_dst_last_pkt_time":1470104423202821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00996{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mikrotik","proto_id":"437","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104402624102,"flow_src_last_pkt_time":1470104402724346,"flow_dst_last_pkt_time":1470104402624102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wangs-ltw"}} 01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145"}} 01257{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144"}} @@ -967,7 +967,7 @@ 02881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_usec":1654385141035727,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_usec":1654385141046673,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1181,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141046673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385141046673,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com","domainame":"google.open-js.com","http": {"url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141075345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1654385141075345,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1654385141076027,"pkt":"nLbQ0+MztKXvZygQCABFAABf8DUAAPgGrdcSQE8lwKgCfgBQoa4lNFJ8AYFa4YAYAIN\/DAAAAQEICtL8K4SmALBIMjktNTcnKTsiKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iil9Ow=="} @@ -1044,7 +1044,7 @@ 02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1469,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1654385146253018,"flow_src_last_pkt_time":1654385147560064,"flow_dst_last_pkt_time":1654385147928387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":18720,"flow_src_tot_l4_payload_len":1554,"flow_dst_tot_l4_payload_len":113644,"midstream":1,"thread_ts_usec":1654385147928387,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":96206.9,"max":899707,"stddev":188732.5,"var":35619966976.0,"ent":3.0,"data": [205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478]},"pktlen": {"min":337,"avg":3651.9,"max":18772,"stddev":4182.9,"var":17496908.0,"ent":4.3,"data": [566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1],"entropies": [5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"hkbn.content.1kxun.com"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1654385156800184,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1483,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156800184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385156800184,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","domainame":"www.googletagservices.com","http": {"url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832164,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} 02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156832624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156832624,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":4,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156833955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_usec":1654385156833955,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaMAAHsGmjWs2RJiwKgCfgBQrVDIz2yiXVm79oAYAQUqYQAAAQEICjsKomxlPCxhRGOWlBMPc8NAU6L0AwXb0xP1hbpNb5QnvHhi14QH7hpA5J0epCNAI3FD6VpnsrglBBzqahPzg4fcrfNXbgrfEbonfkeun55U+msWCvcE1LU7Yio2c8X7OQ+d5X4k+j0B5ep3RiVLjpfR4ocOAYEuhKUB4nGsBURKil10712buRM+PclvqoI1KAUsL0tsAmoUL6HFIPRQdutoJDJyRc5EVtem3kT4dzXrVQepXcBf9GZiP6CftumvxXxrNunGKz5t5cF84x9XP6Y\/7knp+i8Vn86u\/+pqUdKbDToayA7i7UI\/SNaAYv02Kc7c6Qw3+yNRFjGRREinrCl0ixySgNb2ie2qO0RX1shg3FFg0KncbzO5dzF3f5aX+V0m8x5m9vMy\/135ezrze8z8az7Krfvvmbo\/YPa\/VVp5uX\/cl0qZAvu0QInmj91Gdoi5sbbh67vw+xZ+9+D3Hfy+h18Ffj\/A79\/hdx9+sVp43IbHK3xee\/tO+fv1hn6YxlxuL+gQc4uonNQR5FsxNlvSJyv5KZYIIsInUFEXMhTdWeuUqK+b+9aJvfE8E90f0FNKD2D5s8eOM3r0zA31h\/OXpv7YgT\/FvzSOTR4ogVeQW\/z\/uhMsyRlkcqIEZJoe6l5iDcF7EL8zR0Cg6R8Jy2mIL6DHjMlk6u4PZyom6wbQAVo4N0vAs0AXRFVlkY8Vi15ZFvyuY6pGnRArOKwAfhZ3Qdh3sQY7cg+xF\/rHJZ4x5K3VXTfa5J3VNdq4iSZ2iY8It0ER86E4JLehjxJ+hFgc9+ZTd7Lpg0aiAZ9QlHiT+ZjEqx6RF6uL8BeIJ6URJ+lOZTbnmQIQ+efojFAB7f20ZDzZ7f0+KCc5FXx+ZQUDMs6WjsF0Sjgtb0u+PhE2g8zL5DjJygQcVSwGRWsTnTme2hTD0TuGevusrXFvANaijt4+uqsT6hXgRl4BlrluiEkGUb2LfK+d36QdkMnmDJYic6iNBnCWN4CXe+1Eg1w3OqW3ptNx1tep9oL9t9P9Rx6hO7z\/zr+z\/+ckMX3QlaxwR7EuZxZxsF+oy\/JXwrZpvue4xHdi7ghYb5klrfMNsBko3BfquxyDjbasUqLm9UfoBMRhtFHR0E5lXdWrjHQxtwGc+AiMZcAAsyKcQpDI6T7+FIAw9OgDLPg+aoXv3pVxtVtXarBW0d6+rT75795Vrzs+JvlrRg3Syk+9d+\/q150epPXW6kAe7CsP1EmzXwgKfqG36EPrPZiK6V1IPaBEN1zt0SZTd6Xc7setQ719Xi\/03+nQHEA1WDehZvTpIdivAmQlvFd97FWhB6pLpLTfjEARBgxa6G\/yDh9cXXcucT5li4nFNguBmmmSSHeZXr6Sewvfoek4scAoLP8RHjmw2vSx+ZXwLQzm7DIWYgU1f61K4grIJlTy6Ke8Hb4Me8PRHXQJIFKvrrhDe+QA8q6Q2Qq2hM4Pfa0jANBbUMyJGWCp0xGGD1tdN9CqaKvAKAL4qVfRS4b+Ym\/qVeaWs46+7S5nPJbq4lx7AGmtU6+umijlWaoH4F8rV0tPiCuajh+gpKUGb9\/W14xW+clH91X9G5HNRTjirzAVX6kMF\/tfKZtb2zu7e+8\/7B98PDw6Pvn0+fTs\/MvXi2\/fL4llg4DqB+FNrz8Yjsa\/JtPZ\/Pbu\/uF3yShXqrV6o9lSYrqB3ltKYcME5lrYgD\/rP036t0j\/KtdUzK+9sxN+kejgZhNY+SDox1VpnS\/UlcyRnKxkB35ZYKDu+9Ei\/orbEwAl+guAXOD+Ax1pymFWUJ\/YD1q3LCHe2pbuWGn51KIKp5XEkLDfd33Sp16AkyE8IB1y0feaWrm+MKc9hn+EyhcRaU1WtPUwc5lAtTINRvO+g6b7yPvPdVZgJQcrw9Fw3R2MZw8rkek="} @@ -1211,7 +1211,7 @@ 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":5,"flow_src_last_pkt_time":1654385231918113,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1654385231918113,"pkt":"tKXvZygQnLbQ0+MzCABFAACf7FpAAEAGOy\/AqAJ+I5wsDaY6AFDzNbjrO3\/xc4AYAfUTYQAAAQEIChlnG+cPV8RmLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogZGUwMS5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1654385232006384,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01692{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} +01577{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1703,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232006384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232006384,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","domainame":"play.google.com","http": {"url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_usec":1654385232040567,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} 01937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1704,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385232040567,"flow_src_last_pkt_time":1654385232040567,"flow_dst_last_pkt_time":1654385232040567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":927,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":927,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":927,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385232040567,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"click.liftoff.io","domainame":"click.liftoff.io","http": {"url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}} @@ -1237,7 +1237,7 @@ 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385120896744,"flow_src_last_pkt_time":1654385120896744,"flow_dst_last_pkt_time":1654385121164319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":189,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1654385232158874,"flow_src_last_pkt_time":1654385232159668,"flow_dst_last_pkt_time":1654385232180473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":2452,"flow_dst_tot_l4_payload_len":88,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"analytics.rayjump.com"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385181857708,"flow_src_last_pkt_time":1654385181857708,"flow_dst_last_pkt_time":1654385181897114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":409,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":409,"flow_dst_max_l4_payload_len":983,"flow_src_tot_l4_payload_len":409,"flow_dst_tot_l4_payload_len":983,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"m.vpon.com"}} -01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385141046673,"flow_src_last_pkt_time":1654385141046673,"flow_dst_last_pkt_time":1654385141076027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":426,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":426,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":426,"flow_dst_tot_l4_payload_len":1925,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.open-js.com"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229413001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":353,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":353,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385142293700,"flow_src_last_pkt_time":1654385142293700,"flow_dst_last_pkt_time":1654385142293700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":517,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184096708,"flow_src_last_pkt_time":1654385184096708,"flow_dst_last_pkt_time":1654385184096708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1132,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1249,7 +1249,7 @@ 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":23,"flow_first_seen":1654385176795709,"flow_src_last_pkt_time":1654385176795709,"flow_dst_last_pkt_time":1654385178226563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":24480,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":116776,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":21,"flow_first_seen":1654385176794071,"flow_src_last_pkt_time":1654385176794071,"flow_dst_last_pkt_time":1654385178039010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":12423,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":87624,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} 01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":464,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":464,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com"}} -01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} +01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":16,"flow_first_seen":1654385156800184,"flow_src_last_pkt_time":1654385156800184,"flow_dst_last_pkt_time":1654385156865117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":423,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":423,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":423,"flow_dst_tot_l4_payload_len":28785,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","proto_id":"7.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385229460595,"flow_src_last_pkt_time":1654385229460595,"flow_dst_last_pkt_time":1654385229568829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":694,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":694,"flow_dst_max_l4_payload_len":171,"flow_src_tot_l4_payload_len":694,"flow_dst_tot_l4_payload_len":171,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adexp.liftoff.io"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385235892637,"flow_src_last_pkt_time":1654385235892637,"flow_dst_last_pkt_time":1654385236487007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1229,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1229,"flow_dst_max_l4_payload_len":434,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":434,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"net.rayjump.com"}} 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":10,"flow_first_seen":1654385143337063,"flow_src_last_pkt_time":1654385143337063,"flow_dst_last_pkt_time":1654385143386689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":421,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":2836,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":20463,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com"}} @@ -1271,7 +1271,7 @@ 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1654385140836422,"flow_src_last_pkt_time":1654385144960570,"flow_dst_last_pkt_time":1654385145144651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":436,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":753,"flow_dst_max_l4_payload_len":1654,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":5796,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"mangaweb.1kxun.mobi"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385140850557,"flow_src_last_pkt_time":1654385140850557,"flow_dst_last_pkt_time":1654385141035727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":414,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1721,"flow_src_tot_l4_payload_len":414,"flow_dst_tot_l4_payload_len":1721,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"tcad.wedolook.com"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385134408251,"flow_src_last_pkt_time":1654385136274668,"flow_dst_last_pkt_time":1654385136566441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":498,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":499,"flow_dst_max_l4_payload_len":225,"flow_src_tot_l4_payload_len":997,"flow_dst_tot_l4_payload_len":450,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"android.yingshi.tcclick.1kxun.com"}} -01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385232006384,"flow_src_last_pkt_time":1654385232006384,"flow_dst_last_pkt_time":1654385232057407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":559,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":559,"flow_dst_max_l4_payload_len":668,"flow_src_tot_l4_payload_len":559,"flow_dst_tot_l4_payload_len":668,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com"}} 01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adx-tk.rayjump.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"kankan.1kxun.com"}} @@ -1300,18 +1300,18 @@ 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":25,"flow_first_seen":1654385184944791,"flow_src_last_pkt_time":1654385184944791,"flow_dst_last_pkt_time":1654385185046312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":297,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":4284,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":89150,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hybird.rayjump.com"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1654385184982489,"flow_src_last_pkt_time":1654385184982489,"flow_dst_last_pkt_time":1654385185015695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":262,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":4535,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1654385131029337,"flow_src_last_pkt_time":1654385131355130,"flow_dst_last_pkt_time":1654385131589006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":202,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":6232,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":6868,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pic.1kxun.com"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1723,"packets-processed":1723,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":9,"total-guessed-flows":6,"total-detected-flows":182,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2427316 bytes -~~ total detected protocols..: 177 +~~ total detected protocols..: 182 ~~ total active/idle flows...: 197/197 -~~ total timeout flows.......: 20 +~~ total timeout flows.......: 15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7508660 bytes -~~ total memory freed........: 7508660 bytes -~~ total allocations/frees...: 118823/118823 +~~ total memory allocated....: 8088565 bytes +~~ total memory freed........: 8088565 bytes +~~ total allocations/frees...: 130666/130666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 538 chars ~~ json message max len.......: 11861 chars diff --git a/test/results/monitoring/signal_audiocall.pcapng.out b/test/results/monitoring/signal_audiocall.pcapng.out new file mode 100644 index 000000000..9a2487317 --- /dev/null +++ b/test/results/monitoring/signal_audiocall.pcapng.out @@ -0,0 +1,59 @@ +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024252560352} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024252560352,"pkt":"dNo47VMyYhO2esBpCABFAAAwRWRAAEARGavAqAxDI9jq6rFrDZYAHHVvAAEAACESpEJXWklqc1dDeWlGaWU="} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252560352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252560499,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560499,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1732024252560499,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024252560499,"pkt":"dNo47VMyYhO2esBpCABFAAAwgmpAAEARyvnAqAxDI9v8krFrDZYAHMWVAAEAACESpEI1cThLK29Vb2Zyc2I="} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252560499,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252560499,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024252562178,"pkt":"dNo47VMyYhO2esBpCABFAAA4gmtAAEARyvDAqAxDI9v8krFrDZYAJFMAAAMACCESpEJESWJQSTJoSnlpWE4AGQAEEQAAAA=="} +01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252560499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024252562178,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252564159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024252564159,"pkt":"YhO2esBpdNo47VMyCABFAABQYexAADkR8lcj2\/ySwKgMQw2WsWsAPPYdAQEAICESpEI1cThLK29Vb2Zyc2IAIAAIAAGR0HwxDFwAAQAIAAGwwl0jqB6AKAAEaYMT0g=="} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252564159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024252564159,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252565403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024252565403,"pkt":"YhO2esBpdNo47VMyCABFAABwYe1AADkR8jYj2\/ySwKgMQw2WsWsAXAy5ARMAQCESpEJESWJQSTJoSnlpWE4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxNjM3ZDNmZDRkOWM5YjYxABQACnNpZ25hbC5vcmcAAIAoAATPjK59"} +01101{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024252562178,"flow_dst_last_pkt_time":1732024252565403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024252565403,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252568619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024252568619,"pkt":"YhO2esBpdNo47VMyCABFYABQjT9AADkR2E8j2OrqwKgMQw2WsWsAPDZGAQEAICESpEJXWklqc1dDeWlGaWUAIAAIAAGR0HwxDFwAAQAIAAGwwl0jqB6AKAAEuwkx\/Q=="} +01088{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252560352,"flow_dst_last_pkt_time":1732024252568619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024252568619,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1732024252569169,"flow_dst_last_pkt_time":1732024252568619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024252569169,"pkt":"dNo47VMyYhO2esBpCABFAAA4RWVAAEARGaLAqAxDI9jq6rFrDZYAJFh\/AAMACCESpEJGS3FkT09uNFJVbnEAGQAEEQAAAA=="} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1732024252572448,"flow_dst_last_pkt_time":1732024252565403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024252572448,"pkt":"dNo47VMyYhO2esBpCABFAACQgmxAAEARypfAqAxDI9v8krFrDZYAfJOdAAMAYCESpEJuUEl0Z1MxUnVQKzcAGQAEEQAAAAAGABcxNzMyMTEwNjUzOjE1NTA1NTA4NiMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDE2MzdkM2ZkNGQ5YzliNjEACAAU3JGQo9CczDHRimYdZNnsDs1bURk="} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1732024252569169,"flow_dst_last_pkt_time":1732024252576656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024252576656,"pkt":"YhO2esBpdNo47VMyCABFYABwjUdAADkR2Ccj2OrqwKgMQw2WsWsAXCnWARMAQCESpEJGS3FkT09uNFJVbnEACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxYTZhN2ZjMjE4MzU3YTg0ABQACnNpZ25hbC5vcmcAAIAoAATMhc\/o"} +01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024252569169,"flow_dst_last_pkt_time":1732024252576656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024252576656,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45250","multimedia_flow_types":"Unknown"}}} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1732024252581941,"flow_dst_last_pkt_time":1732024252576656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024252581941,"pkt":"dNo47VMyYhO2esBpCABFAACQRWZAAEARGUnAqAxDI9jq6rFrDZYAfNTyAAMAYCESpEJPQ2R3Q1gyR0YxNG4AGQAEEQAAAAAGABcxNzMyMTEwNjUzOjE1NTA1NTA4NiMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDFhNmE3ZmMyMTgzNTdhODQACAAUdnj5ozIQ14RJfPGflgWJ9TOV+\/s="} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255310800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255310800,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255310800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255310800,"pkt":"dNo47VMyYhO2esBpCABFAAB8Fd9AAEARUcDAqAxDI9viC7FrL+UAaMFUAAEATCESpEJOeGYzd003aEM0NlMABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBUAJAAEbn8e\/wAIABT68YL7vmQRS9HQZGiIeRD1SGtWiYAoAASjdTd6"} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255310800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255310800,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1732024255310800,"flow_dst_last_pkt_time":1732024255375430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024255375430,"pkt":"YhO2esBpdNo47VMyCABFAABceXNAADER\/Usj2+ILwKgMQy\/lsWsASMN1AQEALCESpEJOeGYzd003aEM0NlMAIAAIAAGR0XwxDFwACAAUnZDi6xiY73CNxpkvkJm\/4v\/vMgCAKAAEI0j0WQ=="} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1732024255408164,"flow_dst_last_pkt_time":1732024255375430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024255408164,"pkt":"dNo47VMyYhO2esBpCABFAACEFeVAAEARUbLAqAxDI9viC7FrL+UAcJtXAAEAVCESpEJpQUE2cDZ4ODNaWU8ABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBXAAQAEAAAAAQAkAARufx7\/AAgAFI5RI5U78Kp13DMCmA7Leck\/6NW6gCgABO24t1c="} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1732024255408164,"flow_dst_last_pkt_time":1732024255478382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024255478382,"pkt":"YhO2esBpdNo47VMyCABFAABceaxAADER\/RIj2+ILwKgMQy\/lsWsASLnsAQEALCESpEJpQUE2cDZ4ODNaWU8AIAAIAAGR0XwxDFwACAAUb93PFiaRbp51W72Lo4W8+vqpJJCAKAAEhXIENA=="} +00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1732024255408164,"flow_dst_last_pkt_time":1732024255504818,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255504818,"pkt":"YhO2esBpdNo47VMyCABFAAB8ea9AADER\/O8j2+ILwKgMQy\/lsWsAaKWbAAEATCESpEIwUGVvRDJtRTdqaXQABgAJNFQzcTprOGtBAAAAwFcABAADA4SAKQAIDLe2oNQ22wcAJAAEbn8r\/wAIABTMgM4WmvIXuVnGMvf\/8DTFYb2Fd4AoAARIK8xL"} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255554100,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255554100,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1732024255554100,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255554100,"pkt":"dNo47VMyYhO2esBpCABFAAB8Fe9AAEARUbDAqAxDI9viC7Fr02QAaCf8AAEATCESpEIrN09mWUNLWHJaaVQABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBUAJAAEbn8e\/wAIABSFh95GlbVTlHrpRlUg3UgrYXJ00oAoAASZD4hP"} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255554100,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255554100,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024255506282,"flow_dst_last_pkt_time":1732024255591142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":1348,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1732024255591142,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":192787.9,"max":1009305,"stddev":328853.4,"var":108144574464.0,"ent":3.4,"data": [1679,3660,1244,10270,10180,26749,26618,250237,250253,501155,501113,1004003,1009305,956070,950707,3808,8981,1122,5251,38927,115928,34,84920,11595,28824,12973,35886,1216,42468,17725,63525]},"pktlen": {"min":48,"avg":115.1,"max":168,"stddev":39.1,"var":1531.7,"ent":4.9,"data": [48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136]},"bins": {"c_to_s": [6,0,0,7,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,6,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,0,0,1,1,1],"entropies": [5.092222691,4.896289825,5.489066124,5.744682789,5.768844128,5.706256866,4.913536072,5.656898022,4.877822399,5.693010330,4.913536072,5.644444466,4.877821922,5.674491882,5.815627575,5.871930599,6.136301041,5.839058876,5.921264172,5.746930122,5.986515999,6.205406189,5.953484058,5.819549084,5.906489849,6.141389370,5.824335575,5.926788807,5.885375023,5.921932697,5.977344990,5.910892010]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255603277,"pkt":"dNo47VMyYhO2esBpCABFAAB8FfFAAEARUa7AqAxDI9viC7Fr02QAaGVCAAEATCESpEIvV3hJemdRQ2V4OFQABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBUAJAAEbn8e\/wAIABQYYyyDTy\/jE1\/Nd7a1vmyLdnoNJYAoAAQy+vP7"} +01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255554100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024255603277,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255617924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024255617924,"pkt":"YhO2esBpdNo47VMyCABFYABcedJAADoR84wj2+ILwKgMQ9NksWsASGZUAQEALCESpEIrN09mWUNLWHJaaVQAIAAIAAGR0XwxDFwACAAUV6fjCSR3JzdWauCIks3ZoPOQt6yAKAAE1l85zg=="} +01222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024255603277,"flow_dst_last_pkt_time":1732024255617924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1732024255617924,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45251","multimedia_flow_types":"Unknown"}}} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1732024255651938,"flow_dst_last_pkt_time":1732024255617924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024255651938,"pkt":"dNo47VMyYhO2esBpCABFAACEFfRAAEARUaPAqAxDI9viC7Fr02QAcC1KAAEAVCESpEJsNGpWVkczUWZNMFgABgAJazhrQTo0VDNxAAAAwFcABAADAAqAKgAI5xJMPuQQFBXAAQAEAAAAAwAkAARufx7\/AAgAFLx4XCVdI\/2uyx6lx8OrrNXNQyE\/gCgABDOgNrg="} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1732024255651938,"flow_dst_last_pkt_time":1732024255657241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024255657241,"pkt":"YhO2esBpdNo47VMyCABFYAB8eeVAADoR81kj2+ILwKgMQ9NksWsAaHX9AAEATCESpEJqV2p5emF6aUd3Z0kABgAJNFQzcTprOGtBAAAAwFcABAADA4SAKQAIDLe2oNQ22wcAJAAEbn8q\/wAIABSES8PnIh8Hi99anNPE0CgU3ijLmoAoAASQYvIj"} +02386{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":106,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024262728582,"flow_dst_last_pkt_time":1732024262809079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":1108,"midstream":0,"thread_ts_usec":1732024262809079,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7975,"avg":465466.5,"max":2229214,"stddev":655102.9,"var":429159809024.0,"ent":3.8,"data": [49177,63824,48661,39317,8988,7975,43088,49998,8002,41078,51322,943432,1038291,262155,354976,260389,75745,606181,10918,31204,394466,279938,364276,2145789,28790,2221167,290330,345130,931089,1204551,2229214]},"pktlen": {"min":56,"avg":101.4,"max":132,"stddev":22.2,"var":491.6,"ent":5.0,"data": [124,124,92,132,124,92,92,124,92,92,124,92,132,92,124,92,56,84,84,56,124,92,124,92,124,56,92,124,92,84,124,92]},"bins": {"c_to_s": [2,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,7,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1],"entropies": [5.954615116,5.890099049,5.936881542,5.799671173,5.975784302,5.832649708,5.819981575,5.872922421,5.789170742,5.862594128,5.872116566,5.802706242,5.723914146,5.759228230,5.937438488,5.737487316,5.186729908,5.916122437,5.723992348,5.190757751,5.819494724,5.923347950,5.943526745,5.780966759,5.877923489,5.155044079,5.841721058,5.969696999,5.737488747,5.781786919,5.896186829,5.789172649]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":91,"flow_dst_packets_processed":87,"flow_first_seen":1732024255554100,"flow_src_last_pkt_time":1732024271658206,"flow_dst_last_pkt_time":1732024271623847,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":295,"flow_src_tot_l4_payload_len":16436,"flow_dst_tot_l4_payload_len":15122,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":54116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024252560352,"flow_src_last_pkt_time":1732024262578771,"flow_dst_last_pkt_time":1732024262586393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":29,"flow_first_seen":1732024252560499,"flow_src_last_pkt_time":1732024271632164,"flow_dst_last_pkt_time":1732024271627708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":2352,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":45419,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1732024255310800,"flow_src_last_pkt_time":1732024270121601,"flow_dst_last_pkt_time":1732024270117593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1732024271658206,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.226.11","src_port":45419,"dst_port":12261,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/signal_audiocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":268,"packets-processed":268,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":39302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1732024271658206} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 268/268 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 39302 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7500221 bytes +~~ total memory freed........: 7500221 bytes +~~ total allocations/frees...: 126173/126173 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 554 chars +~~ json message max len.......: 2391 chars +~~ json message avg len.......: 1470 chars diff --git a/test/results/monitoring/signal_videocall.pcapng.out b/test/results/monitoring/signal_videocall.pcapng.out new file mode 100644 index 000000000..632e63981 --- /dev/null +++ b/test/results/monitoring/signal_videocall.pcapng.out @@ -0,0 +1,49 @@ +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431955912,"pkt":"dNo47VMyYhO2esBpCABFAAAwtSNAAEARmEDAqAxDI9v8krs2DZYAHF30AAEAACESpEJKdmo2eHhiZEdrT1E="} +01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431956045,"pkt":"dNo47VMyYhO2esBpCABFAAA4tSRAAEARmDfAqAxDI9v8krs2DZYAJHj9AAMACCESpEJGT0RzSVBnV3VDSVgAGQAEEQAAAA=="} +01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431956045,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431959193,"pkt":"YhO2esBpdNo47VMyCABFAABQi8xAADkRyHcj2\/ySwKgMQw2WuzYAPLQBAQEAICESpEJKdmo2eHhiZEdrT1EAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAE\/+dX5g=="} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431959193,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431959746,"pkt":"YhO2esBpdNo47VMyCABFAABwi81AADkRyFYj2\/ySwKgMQw2WuzYAXM1WARMAQCESpEJGT0RzSVBnV3VDSVgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3MWRlZDFjNTBiN2Q0NGFmABQACnNpZ25hbC5vcmcAAIAoAAR7NBQ3"} +01101{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431959746,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431959841,"pkt":"dNo47VMyYhO2esBpCABFAAA4ZxdAAEAR9+\/AqAxDI9jq6rs2DZYAJF1+AAMACCESpEJoc3FkNDJvUEJsZ2kAGQAEEQAAAA=="} +01173{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431959841,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431962384,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431962384,"pkt":"dNo47VMyYhO2esBpCABFAACQtSVAAEARl97AqAxDI9v8krs2DZYAfNU1AAMAYCESpEJLZGY0aGpCR2VDNmwAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDcxZGVkMWM1MGI3ZDQ0YWYACAAUgVqrAzIcqrmsvPu1c7hMsgoikGk="} +00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431962820,"pkt":"YhO2esBpdNo47VMyCABFYABQmTNAADkRzFsj2OrqwKgMQw2WuzYAPPTfAQEAICESpEJQQm9QWFIrVWRPcnYAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAELCkIuA=="} +01088{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431962820,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431967507,"pkt":"YhO2esBpdNo47VMyCABFYABwmTdAADkRzDcj2OrqwKgMQw2WuzYAXIRlARMAQCESpEJoc3FkNDJvUEJsZ2kACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyMzlmNWI0MDIzNmE0ZmIyABQACnNpZ25hbC5vcmcAAIAoAAR3etFo"} +01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431967507,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431970453,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431970453,"pkt":"dNo47VMyYhO2esBpCABFAACQZxlAAEAR95XAqAxDI9jq6rs2DZYAfJ\/eAAMAYCESpEJtY0MxU2RsRTVSTFIAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDIzOWY1YjQwMjM2YTRmYjIACAAUWuhe5DwiuoVslYdnHO9VLKb1KDk="} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024434112285,"pkt":"dNo47VMyYhO2esBpCABFAAB8tZtAAEARl3zAqAxDI9v8krs23DkAaDzbAAEATCESpEJvVmpOd0IwS3IzMTcABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYsAJAAEbn8e\/wAIABQsPdFbp2Mty9aiJruZ\/Hgd1SZ9SYAoAAQ0snQG"} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434178241,"pkt":"YhO2esBpdNo47VMyCABFYABcj7BAADIRyycj2\/ySwKgMQ9w5uzYASCrcAQEALCESpEJvVmpOd0IwS3IzMTcAIAAIAAGRwHwxDFwACAAUzCtdmPFLOE2hrfqThQbG\/WfenmGAKAAE+56MVw=="} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1732024434208184,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434208184,"pkt":"dNo47VMyYhO2esBpCABFAACEtaBAAEARl2\/AqAxDI9v8krs23DkAcJ01AAEAVCESpEJ5YkVGeHg2Vm54cEwABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFBR40kD7fQkz6Qg731KFxeC3zkjNgCgABDObOGE="} +00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434257371,"pkt":"dNo47VMyYhO2esBpCABFAACEtaNAAEARl2zAqAxDI9v8krs23DkAcLCLAAEAVCESpEIvVzZEb0YxN3VBZ04ABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFB0q7oEahdIgYLDgT\/FjacmxOl1HgCgABEHzBpk="} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434268071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434268071,"pkt":"YhO2esBpdNo47VMyCABFYABcj9ZAADIRywEj2\/ySwKgMQ9w5uzYASIPeAQEALCESpEJ5YkVGeHg2Vm54cEwAIAAIAAGRwHwxDFwACAAULNk0SsQGD73EexLHOWxlLf1+DQiAKAAEShdJ1g=="} +02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024441333397,"flow_dst_last_pkt_time":1732024441541595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1732024441541595,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7924,"avg":472594.2,"max":2449226,"stddev":710703.9,"var":505100075008.0,"ent":3.7,"data": [65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869]},"pktlen": {"min":56,"avg":102.6,"max":132,"stddev":22.3,"var":496.6,"ent":5.0,"data": [124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124]},"bins": {"c_to_s": [1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1],"entropies": [5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1732024444862357} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 334/334 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 109231 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7499733 bytes +~~ total memory freed........: 7499733 bytes +~~ total allocations/frees...: 126227/126227 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 554 chars +~~ json message max len.......: 2390 chars +~~ json message avg len.......: 1453 chars diff --git a/test/results/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/monitoring/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..f42cf3e7b --- /dev/null +++ b/test/results/monitoring/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,29 @@ +00637{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247515941563} +00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515941563,"pkt":"ILAB4IZiSKRyNpegCABFAACAiykAAIARhhPAqAF1I89DROg2JxAAbAzQAAEAUCESpEI1NEg2QU95UTMyRVAABgAJMWFMNTpRTVhDAAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUcpt5C\/\/iaNePSUPaFGAUyh6\/HmKAKAAEM0IRaA=="} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515941563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247515941563,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247515941563,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515974447,"pkt":"SKRyNpegILAB4IZiCABFAACARupAADYR1FIjz0NEwKgBdScQ6DYAbFcqAQEAUCESpEI1NEg2QU95UTMyRVAABgAJUU1YQzoxYUw1AAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUEutlNl3kd0Dorqs\/VUiSQQTSjTmAKAAEAsj3vw=="} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1733247515990390,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1733247515990390,"pkt":"ILAB4IZiSKRyNpegCABFAABAiy8AAIARhk3AqAF1I89DROg2JxAALMvlgGUAAQAAAAEAAAABdLrycx3kw9wWNnvZW6iDkwxnchqicp+h"} +01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515990390,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1733247515990390,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247515974447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247515990690,"pkt":"ILAB4IZiSKRyNpegCABFAACAizAAAIARhgzAqAF1I89DROg2JxAAbHFfAAEAUCESpEJQOWY2V2ZIcjVJMUgABgAJMWFMNTpRTVhDAAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAUbiAQ2EbSUNLBr92MPhsCUZvHJgiAKAAEYmFHKA=="} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247516018904,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1733247516018904,"pkt":"SKRyNpegILAB4IZiCABFAACARutAADYR1FEjz0NEwKgBdScQ6DYAbH1\/AQEAUCESpEJQOWY2V2ZIcjVJMUgABgAJUU1YQzoxYUw1AAAAwFcABAABAAqAKgAIF\/4CYTZoiVwAJQAAACQABG5\/Hv8ACAAURXtV3qkD7dZOCPsPy8U8foLxJ\/uAKAAEXGaXzQ=="} +01188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247515990690,"flow_dst_last_pkt_time":1733247516018904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1733247516018904,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02375{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247521000514,"flow_dst_last_pkt_time":1733247521314176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":1239,"flow_dst_tot_l4_payload_len":830,"midstream":0,"thread_ts_usec":1733247521314176,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":300,"avg":336502.1,"max":1071142,"stddev":395522.0,"var":156437676032.0,"ent":3.9,"data": [32884,48827,300,44457,50533,44084,223767,385,25289,800734,1030880,20622,201493,673,800784,981685,21273,210614,756,118515,13444,1043663,879515,925,1071142,1007160,651,274470,390884,400116,691039]},"pktlen": {"min":56,"avg":92.7,"max":128,"stddev":28.2,"var":793.4,"ent":4.9,"data": [128,128,64,128,128,128,128,83,64,64,128,74,128,83,64,128,74,128,83,64,76,56,74,83,64,74,83,64,128,128,64,74]},"bins": {"c_to_s": [1,14,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,1,0,1],"entropies": [5.630286694,5.730687141,5.077819824,5.651809216,5.741195202,5.841376781,5.766547680,5.757154465,5.171569824,5.046569824,5.753524780,5.387711525,5.789052010,5.652456284,5.077819824,5.626456738,5.428714275,5.731467724,5.790346146,5.060848236,5.754378796,5.151015759,5.367309570,5.684864521,5.159774780,5.404538155,5.853539467,5.171569824,5.637804031,5.766547680,5.049053192,5.377511024]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":68,"flow_first_seen":1733247515941563,"flow_src_last_pkt_time":1733247533917504,"flow_dst_last_pkt_time":1733247533913543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1184,"flow_src_tot_l4_payload_len":67701,"flow_dst_tot_l4_payload_len":18298,"midstream":0,"thread_ts_usec":1733247533917504,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.207.67.68","src_port":59446,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/signal_videocall_multiparty.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":260,"packets-processed":260,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":85999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1733247533917504} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 260/260 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 85999 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7492771 bytes +~~ total memory freed........: 7492771 bytes +~~ total allocations/frees...: 126129/126129 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 585 chars +~~ json message max len.......: 2380 chars +~~ json message avg len.......: 1407 chars diff --git a/test/results/monitoring/stun.pcap.out b/test/results/monitoring/stun.pcap.out index adc12b48d..f42a7b79e 100644 --- a/test/results/monitoring/stun.pcap.out +++ b/test/results/monitoring/stun.pcap.out @@ -1,31 +1,31 @@ -00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} +00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBfQAB8BgdqCk1uMwrOMu+idKQQzU6or+fFDB9QGAID5RwAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAJL3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAABMgAAAIBwAAQAAAADAAgAFP6Sh2rUbXt5fULrjXmoBfrzHXLRgCgABAIA\/Ec="} -00999{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","vlan_id":1611,"flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":16,"packets-processed":15,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1595356443140497} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1595356443140497,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwL+tAAEAR+4LAqAypSn33gKgIDZYAHBBnAAEAACESpEJTSGtoRjhvZHdneVY="} -00970{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1595356443150036,"pkt":"CL6sCxdumt9Y+uvcCABFAABEL+1AAEAR+2zAqAypSn33gKgIDZYAMLasAAMAFCESpEJTbkxmUnhTNmVRblQAGQAEEQAAAP8FAAdUWV9udWxsAA=="} -01103{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443150036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01136{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443150036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443163132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595356443163132,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8\/jcAAGYRRypKffeAwKgMqQ2WqAgAKM\/mAQEADCESpEJTSGtoRjhvZHdneVYAIAAIAAF9Unw9RaM="} -01018{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443163132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1595356443163132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.225:23616"}}} +01052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443163132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1595356443163132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.225:23616","multimedia_flow_types":"Unknown"}}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356443190759,"pkt":"mt9Y+uvcCL6sCxduCABFAABs\/jgAAGYRRvlKffeAwKgMqQ2WqAgAWOMzARMAPCESpEJTbkxmUnhTNmVRblQACQAEAAAEAQAUABF0dXJuLmwuZ29vZ2xlLmNvbQAAAAAVABhtYWg2b090bDM2TEY0bXdLMGF3VVlBPT0="} -01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1595356443190759,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {"mapped_address":"93.47.225.225:23616"}}} +01099{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443150036,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1595356443190759,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {"mapped_address":"93.47.225.225:23616","multimedia_flow_types":"Unknown"}}} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1595356443192532,"flow_dst_last_pkt_time":1595356443190759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1595356443192532,"pkt":"CL6sCxdumt9Y+uvcCABFAAC4L+9AAEAR+vbAqAypSn33gKgIDZYApH8BAAMAiCESpEJJQ0N4YUFza1pKVHQAGQAEEQAAAAAGACJDSnlONHZnRkVnYStHc2tVSzIwWW1kYUxsSlFiSUlDakJRAAAAFAARdHVybi5sLmdvb2dsZS5jb20AAAAAFQAYbWFoNm9PdGwzNkxGNG13SzBhd1VZQT09AAgAFOteziidD2JqNMtJ7coYsavatLT5\/wUAB1RZX251bGwA"} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356444494918,"pkt":"CL6sCxdumt9Y+uvcCABFwABs98MAAEABcr7AqAypSn33gAMDDJoAAAAARQAAUAEJAABmEURFSn33gMCoDKkNlqgIADx61wEEACAhEqRCamF6aTYyTmZVRDV3AA0ABAAAAAAACAAUCDrQbj\/HZPzecgDWKnOqyyksqcs="} 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.279952}} -01002{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1614938022295727} +00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"vlan_id":1611,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":25,"packets-processed":24,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1614938022295727} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} -01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938022302588,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0NvABAQAYIRKkQkJxcUN2YzZ5L2tJZQABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} 01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356444167246,"flow_dst_last_pkt_time":1595356444391402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} @@ -36,60 +36,60 @@ 01022{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02311{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01022{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1629291451242856} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":67,"packets-processed":66,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":39,"global_ts_usec":1629291451242856} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} -01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1629291451254377,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} -01158{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","domainame":"turner.facebook","stun": {}}} +01191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","domainame":"turner.facebook","stun": {"multimedia_flow_types":"Unknown"}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1629291451258494,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1629291451270324,"pkt":"mt9Y+uvcCL6sCxduCABFAABoR\/RAAFURmvwfDVY2wKgMqZxDlOsAVNHFAQMAOCESpEI1elVqTVhIdmV3K3MAIAAIAAEKiHw9RkMAFgAIAAHzDz4f8nQADQAEAAADhAAIABQOnZFMqSzdx5eUgJnLKFvGMJq2Uw=="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} 02382{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1643626018009166} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1643626018009166} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} -00965{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1643626018016908,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1643626018016908,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"} -01003{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","domainame":"apps-host.com","stun": {}}} +01036{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","domainame":"apps-host.com","stun": {"multimedia_flow_types":"Unknown"}}} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1647958145472010} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1647958145472010} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1647958145494943,"pkt":"mt9Y+uvcCL6sCxduCABFgAB4CTMAAGgRmhOO+lJjwKgMqQ2WwAEAZP2fAQEASCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAACAACAABDpd8PUUEAAgAFMkvMxJ2ZVgNos4I+G8Cki6KP0KSgCgABEOVy9w="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1647958145497647,"pkt":"CL6sCxdumt9Y+uvcCABFAAC1XMZAAEARLsPAqAypjvpSY8ABDZYAoaIVFv7\/AAAAAAAAAAAAjAEAAIAAAAAAAAAAgP791X1ylaTuNVSstdiIoIYfSIMff5WF4WIe0fPoTt2GU88AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEAAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ABQACAAEA"} -01145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145497647,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145497647,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1647958145516401,"pkt":"CL6sCxdumt9Y+uvcCABFAACMXMdAAEARLuvAqAypjvpSY8ABDZYAePkAAAEAXCESpEJBQXJDQXNDU1c3RGUABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJQAAACQABG5\/Hv8ACAAU7HdlKrvT1M4pE3\/8LaAzyLRfKuCAKAAEaPPzUQ=="} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8","blocks":0}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8","blocks":0}}} 02213{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1661169535535091} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1661169535535091} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} -01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAATv7\/\/6QAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535617418,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD39AADERbHGG4FpvwKgrqSJhvtYASKlmAQEALCESpEI4RCHR9KJD4dY6X5oAIAAIAAEAAHwzzS0ACAAUnwD9370BkZTUznvE5OGEytEUcI2AKAAEfF\/qog=="} -01019{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535617418,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} +01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":345,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535617418,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535657522,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZk0RAAEAR2S7AqCuphuBab77WImEAxZayFv7\/AAAAAAAAAAEAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":10,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1697468908358667} -00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":199,"packets-processed":198,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":10,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":83,"global_ts_usec":1697468908358667} +00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908358667,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA87sUBCQAgIRKkQktkZmJkWjJhZlo4bAAIABRFsDl4oh6bf+GLBENYf43S4VSdWIAoAASacRNB"} -01010{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908376988,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA8RUlAAQAwgcoABgAAB9MKkTrsxfvKyNCu9gS++AsbDfw2nuN5u+yO6W11+g4qLAs+zBqAAAAB"} -01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01178{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468913582927,"pkt":"eq+3+1HBILAB4IZiht1mBDreAIQROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gCET3oBAQBoIRKkQjdxNnArS0o3QlNDMAAgABQAAprMAROvRT1M92Jj6lqjUHRrLgABABQAArveIAELBwo9wRJIoRCUEicoHoArABQAAg2WJgAZAEFgWZkAAAAZAAAAAIAsABQAAgBQJgAZAEFgWZkAAAAZAAAAAIAoAATOYQFM"} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":11,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1697468913582927} +01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468913582927,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468913582927,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999:0:19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":201,"source":"cfgs\/monitoring\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":201,"packets-processed":201,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":18736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":11,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":92,"global_ts_usec":1697468913582927} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 201/201 ~~ skipped flows.............: 0 @@ -98,9 +98,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6936755 bytes -~~ total memory freed........: 6936755 bytes -~~ total allocations/frees...: 114436/114436 +~~ total memory allocated....: 7514395 bytes +~~ total memory freed........: 7514395 bytes +~~ total allocations/frees...: 126169/126169 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 541 chars ~~ json message max len.......: 2387 chars diff --git a/test/results/monitoring/stun_google_meet.pcapng.out b/test/results/monitoring/stun_google_meet.pcapng.out index e7e7254d8..f636ff357 100644 --- a/test/results/monitoring/stun_google_meet.pcapng.out +++ b/test/results/monitoring/stun_google_meet.pcapng.out @@ -1,32 +1,32 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250407,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFptAAEARi+HAqAycSn2Af7FYS2YAHPW+AAEAACESpEI5R2RXSytLQjJQSUU="} -01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268181,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKIBgAQEADCESpEJrQUdOTnp2SE5INTkAIAAIAAG5anwxD5M="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268368,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKK9BAQEADCESpEI5R2RXSytLQjJQSUUAIAAIAAG5a3wxD5M="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003685843,"pkt":"CL6sCxduJjb1W8R1CABFAACYqbBAAEAR4hnAqAycjvpSTJUIS2kAhI1dAAEAaCESpEJmUVJDSFcxSjg2d0gABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAUSRkFwEU4Xe2ByBahcg5+zSK7DUGAKAAE7yXU\/g=="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003713559,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASIF0AQEALCESpEJmUVJDSFcxSjg2d0gAIAAIAAG5anwxD5MACAAUnCbUxns7ByhLQe3gWJggj2fuRtmAKAAEzTlfeQ=="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003846345,"pkt":"CL6sCxduJjb1W8R1CABFAACYqb1AAEAR4gzAqAycjvpSTLFYS2kAhPiuAAEAaCESpEJ5eUQvQ0MySmgwQzgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAU4qPC0PvptNKr3xno5a6znzZ8MzGAKAAEv54I6w=="} -01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685003850184,"pkt":"CL6sCxduJjb1W8R1CABFAACUqb5AAEAR4g\/AqAycjvpSTJUIS2kAgFc2AAEAZCESpEJDY3Vnd0VjS3M1U3EABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABQRBPG5ZvdojwQrf8+QT0UUl+pOj4AoAAQCVNkR"} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1687685003855449,"pkt":"CL6sCxduJjb1W8R1CABFAAC5qb9AAEAR4enAqAycjvpSTJUIS2kApae7Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79U8QvlMKD8CG3V6IBJXGiID2FZCQNFMTf8XUxGUuriccAAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -01158{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003855449,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003855449,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003867991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003867991,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASHlbAQEALCESpEJDY3Vnd0VjS3M1U3EAIAAIAAG5anwxD5MACAAUwCCc9hgGT3NviGnhjeZxerIm0rSAKAAEHcTQ5Q=="} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003871067,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASNxmAQEALCESpEJ5eUQvQ0MySmgwQzgAIAAIAAG5a3wxD5MACAAUaD29YF1YYGCxoofK6W8JUGRlPi2AKAAEqdOw\/Q=="} -01336{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003874645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1331,"midstream":0,"thread_ts_usec":1687685003874645,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61","blocks":0}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003874645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1331,"midstream":0,"thread_ts_usec":1687685003874645,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"49:1A:C7:70:3E:79:F9:C5:3D:0F:46:33:B7:A4:EC:54:B0:93:C9:61","blocks":0}}} 02154{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003919073,"flow_dst_last_pkt_time":1687685003929116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":7356,"midstream":0,"thread_ts_usec":1687685003929116,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":15371.1,"max":164341,"stddev":39368.1,"var":1549851008.0,"ent":2.4,"data": [27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4]},"pktlen": {"min":65,"avg":290.0,"max":1231,"stddev":203.2,"var":41279.0,"ent":4.7,"data": [152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]},"bins": {"c_to_s": [0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685004461444,"pkt":"CL6sCxduJjb1W8R1CABFAACQqfNAAEAR4d7AqAycjvpSTLFYS2kAfJPgAAEAYCESpEJGRUJQYzFVQThCU1AABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFJQqoiZNzooLvSeLzTVTKlh5edo9gCgABHuCmMA="} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004479004,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASO9LAQEALCESpEJGRUJQYzFVQThCU1AAIAAIAAG5a3wxD5MACAAUZp5QRw5NXPsy5Qrlhatah3HbNzqAKAAE\/XolSw=="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685004552860,"pkt":"CL6sCxduJjb1W8R1CABFAACYqfxAAEAR4c3AqAycjvpSTJUIDZYAhMEOAAEAaCESpEJkZjhUNVpmTjU5SmwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAU\/8e7e1q7nO+JanZDE+IEZSthIJKAKAAEX0MtGQ=="} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004581588,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASCeyAQEALCESpEJkZjhUNVpmTjU5SmwAIAAIAAG5anwxD5MACAAUknV2wFqXEiEKuyN60myVdsDzL\/aAKAAEo4ih3Q=="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004584424,"pkt":"CL6sCxduJjb1W8R1CABFAACUqf9AAEAR4c7AqAycjvpSTJUIDZYAgLy7AAEAZCESpEJJam5UNEJmQVFiVEMABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTB+QY1ErQZS1eZfETcnOWmhQrDlIAoAAQyeiKC"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004602242,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASIipAQEALCESpEJJam5UNEJmQVFiVEMAIAAIAAG5anwxD5MACAAUNyYqXJb8YAlyLHDvuycWYeMvOtaAKAAEKV9M7g=="} @@ -34,16 +34,16 @@ 00970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004641696,"flow_dst_last_pkt_time":1687685004774208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":729,"midstream":0,"thread_ts_usec":1687685004774208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685005044008,"pkt":"CL6sCxduJjb1W8R1CABFAACYqhVAAEAR4bTAqAycjvpSTLFYDZYAhPO5AAEAaCESpEI1dDZmdW80dXd2ZFEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAUwxd71h3E7agGXCWb8vXAdS7WxdiAKAAE3AMc7g=="} -00998{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005074246,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASDkIAQEALCESpEI1dDZmdW80dXd2ZFEAIAAIAAG5a3wxD5MACAAUKJAPNrjYz21z+bHY5KMtFb5duTSAKAAE5XSGkg=="} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685005134784,"pkt":"CL6sCxduJjb1W8R1CABFAACQqhdAAEAR4brAqAycjvpSTLFYDZYAfBEPAAEAYCESpEJMdTA0T2pTbmZiWUwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFCDz+0pfbrz6PIl8RjxJCBwiBtxogCgABB6deew="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005152424,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASIG9AQEALCESpEJMdTA0T2pTbmZiWUwAIAAIAAG5a3wxD5MACAAUuQ1+j1g08fL3se212BIsEXEi+UiAKAAE2tP0Qg=="} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1687685006880453,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685006880453,"pkt":"CL6sCxduJjb1W8R1CABFAACQqo5AAEAR4UPAqAycjvpSTLFYDZYAfBw7AAEAYCESpEJkc3FYeGtnZGhzUlgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFPlpNUakcs8YpG4lPzhlKqXBYvLJgCgABLD\/\/FE="} 02228{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":120,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685007476840,"flow_dst_last_pkt_time":1687685007173710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":1668,"flow_dst_tot_l4_payload_len":977,"midstream":0,"thread_ts_usec":1687685007476840,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":286,"avg":178865.5,"max":1000041,"stddev":232359.1,"var":53990768640.0,"ent":4.0,"data": [28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252]},"pktlen": {"min":68,"avg":110.7,"max":565,"stddev":85.7,"var":7337.9,"ent":4.8,"data": [152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91]},"bins": {"c_to_s": [0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0],"entropies": [6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012276569,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwhAAEARi3TAqAycSn2Af5UIS2YAHLudAAEAACESpEJId3pvTWRNK3NxNSs="} -01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39032"}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39032","multimedia_flow_types":"Unknown"}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012277026,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwlAAEARi3PAqAycSn2Af7FYS2YAHH+BAAEAACESpEJ3NDhicURMWGJEVmc="} -01186{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39033"}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.209:39033","multimedia_flow_types":"Unknown"}}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012293995,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKHUhAQEADCESpEJId3pvTWRNK3NxNSsAIAAIAAG5anwxD5M="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012294220,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKDkEAQEADCESpEJ3NDhicURMWGJEVmcAIAAIAAG5a3wxD5M="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022297743,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022297743,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNNAAEARianAqAycSn2Af5UIS2YAHKJSAAEAACESpEJyZU55VnlHRHFRT3A="} @@ -55,16 +55,16 @@ 01143{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1697468935898948} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":215,"packets-processed":214,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":58,"global_ts_usec":1697468935898948} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468935898948,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIQRQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCETH0AAQBoIRKkQmtPaTNJMjc0OHB2QQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACQABG5\/KP\/AWQACAAEAAAAIABSaw7PkfELbyrRWbnt+uUO3nio4h4AoAAQFm42R"} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":138,"pkt_l4_len":84,"thread_ts_usec":1697468935925806,"pkt":"eq+3+1HBILAB4IZiht1oAAAAAFQRLCABSGBIZAAGAAAAAAAAAIEgAQsHCj3BEkihEJQSJygeS2myBABUH7UBAQA4IRKkQmtPaTNJMjc0OHB2QQAgABQAApMWAROvRWFyqCEBkyegKldeXwAIABRao\/B2snGHws1Zgw4ooYPYdfXECoAoAARLYFXf"} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1697468935980588,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":182,"pkt_l4_len":128,"thread_ts_usec":1697468935980588,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIARQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCAlQsAAQBkIRKkQklKWEltb0ZTakFCeQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACUAAAAkAARufyj\/AAgAFNZu6Oob5xGMQcSQb\/xSO\/LQem81gCgABOAjV\/w="} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":219,"pkt_l4_len":165,"thread_ts_usec":1697468935981271,"pkt":"ILAB4IZieq+3+1HBht1gC69IAKURQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCljD8W\/v8AAAAAAAAAAACQAQAAhAAAAAAAAACE\/v1yUTxW+i8++bcAq\/9RTCU282o\/zwxzeEvd2cieXfMxQgAAABbAK8AvzKnMqMAJwBPACsAUAJwALwA1AQAARAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAJAAYAAQAIAAcA"} -01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1697468935981271,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01149{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":218,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468935925806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1697468935981271,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936000252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":138,"pkt_l4_len":84,"thread_ts_usec":1697468936000252,"pkt":"eq+3+1HBILAB4IZiht1oAAAAAFQRLCABSGBIZAAGAAAAAAAAAIEgAQsHCj3BEkihEJQSJygeS2myBABUSZIBAQA4IRKkQklKWEltb0ZTakFCeQAgABQAApMWAROvRUN3mVslzlbHeGZqZwAIABTbqKo9M\/yTuZazw\/cuDuO8mJiCI4AoAARaF4V+"} -01367{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936003277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1355,"midstream":0,"thread_ts_usec":1697468936003277,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31","blocks":0}}} +01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":220,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935981271,"flow_dst_last_pkt_time":1697468936003277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1355,"midstream":0,"thread_ts_usec":1697468936003277,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"07:CC:FC:28:04:F2:29:8F:E9:C4:BF:AC:F6:D2:BD:F2:BA:36:AD:31","blocks":0}}} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":246,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468936037339,"flow_dst_last_pkt_time":1697468936047117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1148,"flow_dst_tot_l4_payload_len":6916,"midstream":0,"thread_ts_usec":1697468936047117,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9243.9,"max":81640,"stddev":19965.3,"var":398613152.0,"ent":2.8,"data": [26858,81640,683,74446,3025,28042,16509,24776,333,0,0,0,0,0,0,0,0,0,0,0,0,0,11517,15951,2780,0,0,0,0,0,0]},"pktlen": {"min":85,"avg":300.0,"max":1251,"stddev":206.9,"var":42788.4,"ent":4.7,"data": [172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308]},"bins": {"c_to_s": [0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.951032162,5.736715317,5.834187984,5.024463177,5.864942074,7.322808743,6.692216396,5.868327141,7.354635239,4.724500656,7.025775909,7.078637600,7.104609966,7.082355022,7.017282486,7.010787487,7.078490257,7.062924862,7.034311771,7.109773636,7.020790577,7.051887035,5.674198151,5.651331425,5.745950699,7.084123135,7.055697918,7.005239010,7.013784885,6.117315292,7.010463715,6.985410213]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -73,7 +73,7 @@ 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1697468936608486} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/monitoring\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":362,"packets-processed":362,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1697468936608486} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 362/362 ~~ skipped flows.............: 0 @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6932439 bytes -~~ total memory freed........: 6932439 bytes -~~ total allocations/frees...: 114569/114569 +~~ total memory allocated....: 7510145 bytes +~~ total memory freed........: 7510145 bytes +~~ total allocations/frees...: 126305/126305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 554 chars ~~ json message max len.......: 2280 chars diff --git a/test/results/monitoring/stun_signal.pcapng.out b/test/results/monitoring/stun_signal.pcapng.out index 1fb60622b..fb3f196c5 100644 --- a/test/results/monitoring/stun_signal.pcapng.out +++ b/test/results/monitoring/stun_signal.pcapng.out @@ -1,23 +1,23 @@ -00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} +00621{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040699,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVtAAEAR0ZPAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} -00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} -00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} @@ -26,89 +26,89 @@ 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901936087800,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936087800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936120747,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} -01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135326,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135326,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} -01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135836,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936135836,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936138159,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Lz5AAOMRv58jnrenwKgMqQ2Wml4AZJPmARMASCESpEI3Q1lCTmVMaEVzcmUACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjOGY3M2M5NzZiMDJiOWM4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABHmTjPc="} -01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01172{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11888","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01159{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936144585,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936144585,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVZAAEAR9G\/AqAypI563p5peDZYAfGxHAAMAYCESpEJTREg5Z3IrK1V4dm0AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGM4ZjczYzk3NmIwMmI5YzgACAAUVADVyCcFlHpNR6\/JlEM11GK82Wc="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936150821,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150821,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbroAAOABw1cjnrenwKgMqQMDpckAAAAARQAAOJ1UQAAdERfKwKgMqSOet6eaXgG7ACT1pAADAAghEqRCSktITllCRzRleVZKABkABBEAAAA="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936160415,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4L0JAAOARwpsjnrenwKgMqQ2WuGQAZP9bARMASCESpEIwWE1VcCtxUS9rUlMACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NTNlMjE2ZTYwMmRiMDdlABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBFo+J8="} -01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936160415,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11889","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936185855,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936185855,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVhAAEAR9G3AqAypI563p7hkDZYAfGwXAAMAYCESpEJMbjdHYmN5WG5rbm4AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDk1M2UyMTZlNjAyZGIwN2UACAAUIW2HvRLiM2\/Mn2aCV9BfzE1X65g="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936331596,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936331596,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbuUAAOABwzQjnrenwKgMqQMDpcEAAAAARQAAMJ1iQAAgERTEwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936411307,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} -01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936411307,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11888"}}} +01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936411307,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11888","multimedia_flow_types":"Unknown"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936415304,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} -01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936415304,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889"}}} +01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936415304,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11889","multimedia_flow_types":"Unknown"}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936663206,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80O8AACYRz3Os\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936821517,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936821517,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWdAAEAR9L7AqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -01002{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} -01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956903176,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956921410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} -01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956960274,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956960274,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} -01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956969064,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956969064,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956977270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7RAAOQRrikjnrenwKgMqQ2WnA4AZNRVARMASCESpEJuWjVNSmNUejZrc3YACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlM2Q3MGU4YTI4NzhlYWI4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABPdDwsE="} -01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01181{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956977270,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11911","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956982713,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956982713,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnupAAEAR8tvAqAypI563p5wODZYAfID0AAMAYCESpEJoVnBuRlhEMWd5a3MAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGUzZDcwZThhMjg3OGVhYjgACAAUhea72wHPPgTdSOnBEkAPMzKPAD4="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956988183,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7VAAOARsigjnrenwKgMqQ2WqDwAZD47ARMASCESpEJQZE0rWTlGNXNyQ3EACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyYzViYWNlMTgyOWQyNjllABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBNbgMs="} -01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80"}}} +01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901956988183,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11910","response_origin":"35.158.183.167:3478","other_address":"35.158.183.167:80","multimedia_flow_types":"Unknown"}}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956989826,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956989826,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnutAAEAR8trAqAypI563p6g8DZYAfJbSAAMAYCESpEJELzRSL1I0ZVdVN0kAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDJjNWJhY2UxODI5ZDI2OWUACAAUvJldU9tsWUvBCpl53HMUEVhvq8k="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} -01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957151010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957151010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957172132,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevRAAEARy\/rAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} -01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957172132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957172132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957180832,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957180832,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvxAAEAR8ynAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957210204,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957210204,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv5AAEAR8x\/AqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957219600,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957219600,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv9AAEAR8x7AqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957274630,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86goAACYRtlis\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} -01181{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":86,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957274630,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11910"}}} +01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":86,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957274630,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11910","multimedia_flow_types":"Unknown"}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957301798,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8efYAACURJ+2s\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} -01181{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957301798,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11911"}}} +01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957301798,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11911","multimedia_flow_types":"Unknown"}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957525218,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86ikAACYRtjms\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957551924,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8ergAACURJyus\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957650455,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957650455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxNAAEAR8xLAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957680781,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957680781,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxZAAEAR8w\/AqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} -01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1636901958386718,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958386718,"pkt":"CL6sCxdumt9Y+uvcCABFAABcaztAAEARa7LAqAypEsODj6g87uQASCG+AQEALCESpEJ2dFg5dWZIQUdCakMAIAAIAAHP9jPRJ80ACAAUJmmebdkZZFSwkh7L8yz62k564LmAKAAEReD9tw=="} @@ -126,68 +126,68 @@ 01025{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} -01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":293,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998642149,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":293,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998642149,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} -01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":296,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998645824,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":296,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998645824,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} -01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -01034{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {}}} +01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} -01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80"}}} +01161{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} -01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":305,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998663215,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":305,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998663215,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998669539,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49kxAAOQRNEUjnnrTwKgMqQ2WlFIAZMvXARMASCESpEJOTG9MWFNjWDdLU3cACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2MzExMjRhZWUxZDEzNDUwABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABOHlRAQ="} -01148{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80"}}} +01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901998669539,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.47.225.19:11929","response_origin":"35.158.122.211:3478","other_address":"35.158.122.211:80","multimedia_flow_types":"Unknown"}}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":312,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865349,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":312,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865349,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998892782,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998892782,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FlAAEAR8pjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998900771,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998900771,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVXoAAOMBFnQjnnrTwKgMqQMDaO0AAAAARQAAMNxXQAAgERKjwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998914396,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998914396,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FtAAEAR8pbAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967333,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} -01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967333,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929"}}} +01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967333,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11929","multimedia_flow_types":"Unknown"}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967382,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} -01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11928"}}} +01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.19:11928","multimedia_flow_types":"Unknown"}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242071,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uigAACUR57qs\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242113,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OWgAACYRZvus\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386450,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386450,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3HxAAEAR8n3AqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386783,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386783,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3H1AAEAR8nzAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000114802,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000114802,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/RAAEARXvnAqAypEsODj7qX0yYASLB3AQEALCESpEJBbDNpSTF1eStSR1UAIAAIAAHyNDPRJ80ACAAUTu361RDreRFUJBDgnwLv4nPGjjiAKAAENi4ivw=="} @@ -230,7 +230,7 @@ 01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":30,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1636902021384737} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/monitoring\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":460,"packets-processed":460,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":30,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":233,"global_ts_usec":1636902021384737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 @@ -239,9 +239,9 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6973895 bytes -~~ total memory freed........: 6973895 bytes -~~ total allocations/frees...: 114861/114861 +~~ total memory allocated....: 7551689 bytes +~~ total memory freed........: 7551689 bytes +~~ total allocations/frees...: 126601/126601 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2358 chars diff --git a/test/results/monitoring/stun_wa_call.pcapng.out b/test/results/monitoring/stun_wa_call.pcapng.out index 6486c8a7e..b3c74cdd6 100644 --- a/test/results/monitoring/stun_wa_call.pcapng.out +++ b/test/results/monitoring/stun_wa_call.pcapng.out @@ -1,44 +1,44 @@ -00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} -01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478"}}} +01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="} -01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029608,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478"}}} +01198{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029608,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035552,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035552,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968036993,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968036993,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="} -01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478"}}} +01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478"}}} +01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478"}}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037483,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478"}}} +01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037483,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="} -01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968037875,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"93.57.123.227:3478"}}} +01113{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968037875,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044522,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwhAAFURgBGd8Ms+wKgMnA2WtjwATEezAQMAMCESpEJwdYtExyOnTtGTSicAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUiLSqHkDyO4Nn0koco41Anoog2hY="} -01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968044522,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.203.62:3478"}}} +01118{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968044522,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044575,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwlAAFURgBCd8Ms+wKgMnA2WtjwATDevAQMAMCESpEJwdYtExyOnTtGTSigAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUPpUdGzsHO6o60A2P\/YzAPtGyD14="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968055421,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFBAAFYRrcmd8Oc+wKgMnA2WtjwATEo8AQMAMCESpEJwdYtExyOnTtGTSikAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDIACAAUfe6H1Xa456A0pvmxA+2DiUprJrM="} -01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968055421,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.231.62:3478"}}} +01118{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968055421,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968058079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968058079,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFJAAFYRrced8Oc+wKgMnA2WtjwATE4+AQMAMCESpEJwdYtExyOnTtGTSioAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUwWTirh60\/VHH+ED4aqqQivjmyd4="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060837,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpVxAAFMRAcmd8BUzwKgMnA2WtjwATKdbAQMAMCESpEJwdYtExyOnTtGTSisAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUABEIe9NGgDdArgJP1RoA97aa1Do="} -01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968060837,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.21.51:3478"}}} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968060837,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060888,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpV1AAFMRAcid8BUzwKgMnA2WtjwATFmEAQMAMCESpEJwdYtExyOnTtGTSiwAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUdeov0ALnfOy1FSGpfbM\/gVsZOSo="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064266,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NlAAFQRJ06d8MMwwKgMnA2WtjwATMmfAQMAMCESpEJwdYtExyOnTtGTSi0AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUEauiV+5OdWK08lpoY4KvoDM8wkA="} -01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968064266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.195.48:3478"}}} +01118{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968064266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064299,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NpAAFQRJ02d8MMwwKgMnA2WtjwATLBEAQMAMCESpEJwdYtExyOnTtGTSi4AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUBF3x7h5ICsoSF2To96zryfeV154="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659970501672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1676659970501672,"pkt":"Jjb1W8R1CL6sCxduCABFAABKBqBAAFcRdqJdOXvjwKgMnA2WtjwANj3TgcoAB+FyMapRK5FaypeotDESW84OgO841cZwILWkJxeAAAAB+Wopohy6zZkyGw=="} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970535244,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970535244,"pkt":"CL6sCxduJjb1W8R1CABFwAEsfaFAAEARhOzAqAycnfDLPrY8DZYBGBQxAAMA\/CESpEJwdYtExyOnTtGTSjFAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLzib3wACAAUXTCmuD43X2iZxaQUlL\/5MyGiwQU="} @@ -48,59 +48,59 @@ 02205{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="} -01171{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":415,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625741,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01205{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":415,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625741,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="} -01171{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626848,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01205{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626848,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478"}}} +01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="} -01171{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":419,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627131,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478"}}} +01205{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":419,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627131,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="} -01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478"}}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":421,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627411,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478"}}} +01203{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":421,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627411,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="} -01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478"}}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="} -01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627695,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478"}}} +01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627695,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="} -01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020633882,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.203.62:3478"}}} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020633882,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1676660020635842,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1676660020635842,"pkt":"CL6sCxduJjb1W8R1CABFwABci9RAAEARd4nAqAycnfDLPsF2DZYASEFRCAQALCESpEI9TftlKWJACU3e+UNABwACAfQAAAAWAAgAASyEvOJvfAAIABQ46era\/Z2SZjhFF95tb67cFTcxPA=="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646356,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEA9AAFYRwgqd8Oc+wKgMnA2WwXYATESqAQMAMCESpEI9TftlKWJACU3e+TsAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAU2sO6qtIQRG8Fb8Ku\/1Yc8bkNCwU="} -01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646356,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.231.62:3478"}}} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646356,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646394,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEBBAAFYRwgmd8Oc+wKgMnA2WwXYATMHdAQMAMCESpEI9TftlKWJACU3e+TwAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUtd5zvNHTNstw7o7HFkTuf+A5wEQ="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646446,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX5AAFMRn1q5PNgzwKgMnA2WwXYATEpFAQMAMCESpEI9TftlKWJACU3e+UEAIAAIAAHRX3wxD0FAAgAIAAABhmC5laEACAAUH8edTAMAuZVpRGGCYax6hVg0ya8="} -01084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":430,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646446,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"185.60.216.51:3478"}}} +01118{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":430,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646446,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646471,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX9AAFMRn1m5PNgzwKgMnA2WwXYATDurAQMAMCESpEI9TftlKWJACU3e+UIAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUqiKz9h9t1ITvWTv\/BN9zdrh6ouk="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649547,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFdAAFMRioSzPMAwwKgMnA2WwXYATFMNAQMAMCESpEI9TftlKWJACU3e+T8AIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUAUJ5rKYzB8P+FxjEnR76AoJ8\/mE="} -01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649547,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"179.60.192.48:3478"}}} +01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649547,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649585,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFhAAFMRioOzPMAwwKgMnA2WwXYATFWhAQMAMCESpEI9TftlKWJACU3e+UAAIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUgv6L2fitRmrDKBO6QOmHmVTNEwk="} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649607,"pkt":"Jjb1W8R1CL6sCxduCABFAABg00xAAFQRI82d8MQ+wKgMnA2WwXYATB51AQMAMCESpEI9TftlKWJACU3e+T0AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUDM36X1qnGrp9aVSAhimrdKC7fMo="} -01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649607,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.196.62:3478"}}} +01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649607,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649623,"pkt":"Jjb1W8R1CL6sCxduCABFAABg001AAFQRI8yd8MQ+wKgMnA2WwXYATIH0AQMAMCESpEI9TftlKWJACU3e+T4AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUxKTeHLccf0M6tOjMy8siv2yc4lE="} 02209{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="} -01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="} -01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1676660024325807,"pkt":"CL6sCxduJjb1W8R1CABFwAB1QNhAAEARWCPAqAycXSF2V8F2oJMAYc1lkHgABQAA3UBRZ9y23r4AA1ErK2EAvZEZhwAAAKbOSK90hIl36enLLzUIk6r\/w1XH6T2mtq3Gg8VNMWWeuoZcZLDNzrjMgd0lraiBKjJ3Gy5jB\/m61+BApbg="} -01097{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","stream_content":"Audio"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024620334,"pkt":"CL6sCxduJjb1W8R1CABFwABISE9AAEAR8Q7AqAycClIo8cF2nfQANEB+AAEAGCESpEIXwuNn6QQGBGvPy2QACAAUUNSepUVO3cHbT1W7D8IkB9QMLLk="} -01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1676660025173851,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025173851,"pkt":"CL6sCxduJjb1W8R1CABFwABISHxAAEAR8OHAqAycClIo8cF2nfQANJUKAAEAGCESpEJbGGZZJbjNIbGSmgoACAAUqscImv03XhISfmW0WS8IT6fPtOk="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1676660025726086,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025726086,"pkt":"CL6sCxduJjb1W8R1CABFwABISIRAAEAR8NnAqAycClIo8cF2nfQANJ6PAAEAGCESpEKk0qlxm\/ZTOSdEwkYACAAUXDPKAV6TGyzZ4WyS4fYKXK0zlIs="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1676660026276036,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660026276036,"pkt":"CL6sCxduJjb1W8R1CABFwABISLRAAEAR8KnAqAycClIo8cF2nfQANMOEAAEAGCESpEKl9A496LZkbYe+i00ACAAU\/ewrDda+DUas0DsT+++L7XeLDdc="} @@ -129,7 +129,7 @@ 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1676660035303048} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -138,9 +138,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6953649 bytes -~~ total memory freed........: 6953649 bytes -~~ total allocations/frees...: 114872/114872 +~~ total memory allocated....: 7531289 bytes +~~ total memory freed........: 7531289 bytes +~~ total allocations/frees...: 126605/126605 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 585 chars ~~ json message max len.......: 2214 chars diff --git a/test/results/monitoring/stun_zoom.pcapng.out b/test/results/monitoring/stun_zoom.pcapng.out index 4bf6c1f3d..838739002 100644 --- a/test/results/monitoring/stun_zoom.pcapng.out +++ b/test/results/monitoring/stun_zoom.pcapng.out @@ -1,31 +1,31 @@ -00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535555383,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABTFtYB0ycot0Qy1S9naomjILfmurIAoAAQ+7lku"} -01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535607032,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD3xAADERbHSG4FpvwKgrqSJhvtYASE6sAQEALCESpEIJLXMzkXIYSWor3N8AIAAIAAEAAHwzzS0ACAAUX9ajIUvkC+s+fBB\/ykxaS5wOOuqAKAAEnxO\/9Q=="} -01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} +01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535607198,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535607198,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzhAAEAR2VvAqCuphuBab77WImEApMlhAAEAiCESpELh2wHdYLBaO1o3kj4ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535618755,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kztAAEAR2VjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535638993,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0BAAEAR2VPAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} -01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535718922,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535718922,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0tAAEAR2UjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535739218,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k09AAEAR2UTAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} -01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} -01520{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}} +01185{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01479{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535812586,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD6NAADARbU2G4FpvwKgrqSJhz0kASPHKAQEALCESpEJLP6Z0mpHuyXM99DsAIAAIAAEAAHwzzS0ACAAUCL5PYVNYAABIJaSs+ThbSkIV4CuAKAAEBcrGkQ=="} -01157{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} -01169{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} +01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680} +00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/monitoring\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -34,10 +34,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923322 bytes -~~ total memory freed........: 6923322 bytes -~~ total allocations/frees...: 114229/114229 +~~ total memory allocated....: 7500962 bytes +~~ total memory freed........: 7500962 bytes +~~ total allocations/frees...: 125962/125962 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 611 chars ~~ json message max len.......: 2188 chars -~~ json message avg len.......: 1377 chars +~~ json message avg len.......: 1376 chars diff --git a/test/results/monitoring/teams.pcap.out b/test/results/monitoring/teams.pcap.out index c42e9f0cf..f08f1a712 100644 --- a/test/results/monitoring/teams.pcap.out +++ b/test/results/monitoring/teams.pcap.out @@ -1,5 +1,5 @@ -00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -32,14 +32,14 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"} -01578{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"} -01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01877{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01836{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,16 +55,16 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"} -01579{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01532{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 02301{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485} @@ -77,9 +77,9 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01878{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01837{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00296{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338} 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -121,7 +121,7 @@ 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -130,17 +130,17 @@ 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -150,17 +150,17 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"} -01546{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} +01502{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.113.194.132,ttl=104"]}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -168,9 +168,9 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="} -01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"} -01637{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01590{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","domainame":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -183,15 +183,15 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00296{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214} 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -208,7 +208,7 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"} 02478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"} @@ -219,9 +219,9 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"} -01487{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01453{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} @@ -233,16 +233,16 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="} -01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} @@ -254,10 +254,10 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"} -02090{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} -02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +02049{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} +02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -300,49 +300,49 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01304{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","domainame":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01336{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"} -01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01669{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} -01767{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} -02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01726{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} +02315{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"} -01659{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 02349{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -353,15 +353,15 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"} -01881{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} +01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -374,10 +374,10 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"} -01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} -02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -389,7 +389,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="} -01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -401,7 +401,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"} 02217{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 02232{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} @@ -428,16 +428,16 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01400{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"} -01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01454{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -448,43 +448,43 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} -01000{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01050{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -01000{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01050{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} @@ -493,15 +493,15 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01416{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01416{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01861{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01820{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01861{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01820{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -512,40 +512,40 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="} -01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} -01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} -01038{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"159.145.24.130:64794"}}} +01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"159.145.24.130:64794","multimedia_flow_types":"Audio"}}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} -01038{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"18.140.192.228:28678"}}} +01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"18.140.192.228:28678","multimedia_flow_types":"Audio"}}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -554,9 +554,9 @@ 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="} 02337{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} @@ -570,7 +570,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -578,21 +578,21 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02342{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com"}} -01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} +00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01162{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01162{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01113{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01163{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} @@ -605,8 +605,8 @@ 01163{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com"}} -01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com"}} @@ -616,7 +616,7 @@ 01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com"}} 01001{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com"}} @@ -632,8 +632,8 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net"}} -01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com"}} -00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com"}} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com"}} 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net"}} @@ -643,29 +643,29 @@ 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net"}} 00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01163{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01163{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01224{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01067{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} +01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00856{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/monitoring\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -674,9 +674,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8345483 bytes -~~ total memory freed........: 8345483 bytes -~~ total allocations/frees...: 117024/117024 +~~ total memory allocated....: 8923253 bytes +~~ total memory freed........: 8923253 bytes +~~ total allocations/frees...: 128763/128763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 298 chars ~~ json message max len.......: 2504 chars diff --git a/test/results/monitoring/telegram_videocall.pcapng.out b/test/results/monitoring/telegram_videocall.pcapng.out index 16f24fa27..e4d1d5baf 100644 --- a/test/results/monitoring/telegram_videocall.pcapng.out +++ b/test/results/monitoring/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ -00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,46 +67,46 @@ 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524693,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5hAAEARsUTAqAypW2wJI5\/KBXgAHDtQAAEAACESpEJIMnFVQ1lxbmo0T2k="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524739,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJRAAEARBFXAqAypW2wNF5\/KBXgAHHQdAAEAACESpEJIUHBYOFJCa1BTZ3I="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524758,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhapAAEARe1PAqAypW2wRAp\/KBXgAHEVfAAEAACESpEJ6MlBsUVQ4ZXFBUGU="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524853,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5lAAEARsUPAqAypW2wJI6TVBXgAHErTAAEAACESpEJkbkR6YnRjOCtUeXU="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJVAAEARBFTAqAypW2wNF6TVBXgAHA1WAAEAACESpEJySFdkRXFhMm8xbWY="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524980,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhatAAEARe1LAqAypW2wRAqTVBXgAHD1nAAEAACESpEJhWUs4ZHp0RDFIYlM="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554802,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/lAADIRxqNbbAkjwKgMqQV4n8oAXEAzAQEAQCESpEJIMnFVQ1lxbmo0T2kAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATBooRE"} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554820,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/pAADIRxqJbbAkjwKgMqQV4pNUAXBWkAQEAQCESpEJkbkR6YnRjOCtUeXUAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAR+XQGa"} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353559621,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V55AAEARsTbAqAypW2wJI57DBXgAJBZLAAMACCESpEJHRnE0WVpwcXk3QUQAGQAEEQAAAA=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353561154,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJZAAEARBEvAqAypW2wNF8IDBXgAJEywAAMACCESpEJLQjVlaHNjb05HRFcAGQAEEQAAAA=="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353562490,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbBAAEARe0XAqAypW2wRAsJ0BXgAJDsLAAMACCESpEJFS2c2dEFDQVFCNysAGQAEEQAAAA=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353563617,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V59AAEARsTXAqAypW2wJI5PZBXgAJDwFAAMACCESpEJzL2NkT3M5d09DczAAGQAEEQAAAA=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353566545,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJdAAEARBErAqAypW2wNF5KaBXgAJGk9AAMACCESpEIvdUUyY2tqRkhzZzgAGQAEEQAAAA=="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353568287,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbFAAEARe0TAqAypW2wRApJEBXgAJEOkAAMACCESpEJXdzMwem5Vb2lRUDIAGQAEEQAAAA=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592239,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAFAADIRxpNbbAkjwKgMqQV4k9kAZPzIARMASCESpEJzL2NkT3M5d09DczAACQAQAAAEAVVuYXV0aG9yaXplZAAVABBhNGI2N2JkMTFmM2NiZmYyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABO5pXhk="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592256,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAJAADIRxpJbbAkjwKgMqQV4nsMAZEcIARMASCESpEJHRnE0WVpwcXk3QUQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlYWIwNmM2ZGY2ZjJmYmQwABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABGO2Od8="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594045,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6JAAEARsNLAqAypW2wJI5PZBXgAhCZ9AAMAaCESpEJFSFhETzUvU2I4WmwAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABSa2oTP+7Bjuk0YfAJVIWF1r6CZLw=="} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594670,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6NAAEARsNHAqAypW2wJI57DBXgAhH5NAAMAaCESpEJCSnNBNVVDNDVaczQAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQZWFiMDZjNmRmNmYyZmJkMAAIABQ3n8Ssx4zZQ2K\/+FBSUazQoV0PUg=="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UApAADIRxopbbAkjwKgMqQV4k9kAZBfMAQMASCESpEJFSFhETzUvU2I4WmwAFgAIAAHWO3p+rWEAIAAIAAEMd3w9RQQADQAEAAAAPIAiAAROb25lAAgAFDGrj6855gYmVWWfBmziWEVvbHJ9gCgABAsNSy8="} @@ -116,15 +116,15 @@ 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353672049,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYb9AADARrv5bbBECwKgMqQV4n8oAXCujAQEAQCESpEJ6MlBsUVQ4ZXFBUGUAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQpALNo"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353675084,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYcBAADARrv1bbBECwKgMqQV4pNUAXHVmAQEAQCESpEJhWUs4ZHp0RDFIYlMAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAS7Js+E"} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353693931,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqVAAC4Ru\/tbbA0XwKgMqQV4wgMAZCInARMASCESpEJLQjVlaHNjb05HRFcACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2NzMyOTkyMzg2Njc4NTEyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABG2eqec="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353695557,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKBAAEARA+HAqAypW2wNF8IDBXgAhKOZAAMAaCESpEJBZEN4cW5HdEFGQU8AGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQNjczMjk5MjM4NjY3ODUxMgAIABRKYn5RRlidqeK90JE9dWYntqfWLQ=="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353698133,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqZAAC4Ru\/pbbA0XwKgMqQV4kpoAZPeaARMASCESpEIvdUUyY2tqRkhzZzgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3ZjJlMDdkMzhhN2Q1YThjABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABDZy+Rc="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353700165,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKFAAEARA+DAqAypW2wNF5KaBXgAhB4eAAMAaCESpEI2L3k5MTJBekgxNVIAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABTXGOjRtHPJu2U2mkxXIuxzgoEzTg=="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353712008,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YcdAADARru5bbBECwKgMqQV4wnQAZOVuARMASCESpEJFS2c2dEFDQVFCNysACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5MjNjZjRhOTEyZWVjNjExABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABFPoPFk="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353715592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YchAADARru1bbBECwKgMqQV4kkQAZK5TARMASCESpEJXdzMwem5Vb2lRUDIACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxMDliZmI2ZjU1NGFiNmFkABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABNveHo0="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353724990,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhbhAAEARet3AqAypW2wRAsJ0BXgAhOBeAAMAaCESpEJOYVAxRW84NkxIcTEAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTIzY2Y0YTkxMmVlYzYxMQAIABTpiYU0jQHbI6r9fZq35jAxaSIy6w=="} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353727618,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhblAAEARetzAqAypW2wRApJEBXgAhGZOAAMAaCESpEJoMWhNTlhETUJIWlUAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS50SfZ32flyf6YLkGd\/QoaStRrpQ=="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353827428,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqlAAC4Ru\/dbbA0XwKgMqQV4wgMAZNM9AQMASCESpEJBZEN4cW5HdEFGQU8AFgAIAAHSfHp+qVUAIAAIAAEMcXw9RQQADQAEAAAAPIAiAAROb25lAAgAFLgmrFOsF293H+j5NDMwvQveTpPagCgABNdIUvI="} @@ -136,16 +136,16 @@ 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353979030,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353979030,"pkt":"CL6sCxdumt9Y+uvcCABFAACcV8FAAEARsK\/AqAypW2wJI57DBXgAiFzeAAgAbCESpEJLaEd2a0srdWZmaFcAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEGVhYjA2YzZkZjZmMmZiZDAACAAUou+k3ZoALmVPw8\/5VjA1fhf0byM="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032353980549,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nBAAEARHLXAqAypCi5nyKWlpjoAbMb5AAEAUCESpEJPWEdZRU12Q2M1emIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUHa4B58DlCkqNNIW2N\/CJ9XQ+OsmAKAAEIkgRlA=="} -01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354029382,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nRAAEARHLHAqAypCi5nyJ\/KpjoAbAm8AAEAUCESpEJCRXZwZkpKcGErWXYABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUV+RY7KavrTSyyjnYz1cDc6MlH+eAKAAEpABGKg=="} -01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354077734,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq5pAAEARVurAqAypXSQNc6WlikEAbG5EAAEAUCESpEJQRW1oRjBpWkxwdVIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUeafd1aPwqIpYtKwwpuDeqKaNUbSAKAAEORW\/pw=="} -01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354126265,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq55AAEARVubAqAypXSQNc5\/KikEAbGK3AAEAUCESpEJMbE5LWHlWbCtGZlIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9Z04zkepdoWOsJ4ulp8YAe9jLUWAKAAEwATfyg=="} -01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354153456,"pkt":"mt9Y+uvcCL6sCxduCABFAABckpZAADYRehJdJA1zwKgMqYpBpaUASG0rAQEALCESpEJQRW1oRjBpWkxwdVIAIAAIAAEMenw9RQQACAAUrYd+q6RhgtRWxOyn0FCZYgykzwuAKAAEkVZ5KQ=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1648032354165754,"pkt":"CL6sCxdumt9Y+uvcCABFAAAzq6JAAEARVy\/AqAypXSQNc6WlikEAH+78q+Dhs46p+vnyB59A6gTAmoVxX5wJtWc="} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354166263,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kpdAADYRefFdJA1zwKgMqYpBpaUAaPtpAAEATCESpEJnZHVuWHZ4blRHNEYABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABSu\/Dy1RdR7tJjCJ1zcoT327GhS+4AoAASaKnbd"} @@ -154,9 +154,9 @@ 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354253306,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kp1AADYReetdJA1zwKgMqYpBn8oAaCMkAAEATCESpEJIcTZVWmxodDUwUysABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABQBRhbWlQ7rMVy3PFduS9dj7gJsXoAoAARM5ARh"} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354255084,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq61AAEARVvvAqAypXSQNc5\/KikEASJBeAQEALCESpEJIcTZVWmxodDUwUysAIAAIAAGrU3w2qTEACAAUOSToq9gxyjIfvqnLxYFg75erULqAKAAEpWnpWQ=="} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354274610,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3npAAEARHKvAqAypCi5nyKWlpjoAbOFzAAEAUCESpEJtdnE4djNMTnl3dk0ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUDInqNRBWk8dEJqTJc6HmCvGSZlqAKAAEY6GN3A=="} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354323453,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3n5AAEARHKfAqAypCi5nyJ\/KpjoAbLNZAAEAUCESpEJFbzlBWnVtb3doY3gABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUhaAVye4hAtQKKUN05sPT8bSFgCSAKAAEE\/ftBA=="} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354372109,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354372109,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oFAAEARHKTAqAypCi5nyKWlpjoAbMtbAAEAUCESpEJTRTZGa284cW1DQmIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUzYBYKBlzlZ6Eaa\/nFMVbWPeH8RSAKAAER59Heg=="} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354421706,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354421706,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oNAAEARHKLAqAypCi5nyJ\/KpjoAbNnMAAEAUCESpEJkVUE4UWRoMit2dFIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9E6Knx5J8q4IYolGkKVYGZzVeFSAKAAEDziXvg=="} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -176,19 +176,19 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359107008,"pkt":"mt9Y+uvcCL6sCxduCABFAABAp+JAAOsG1DA0OhIZwKgMqRRmnwbmakAqdp6QO4AYAHI69AAAAQEICk97b0VBLHTpwv4ABQAAAAANIwHG"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359108251,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0S0pAAEAG29XAqAypNDoSGZ8GFGZ2npA75mpANoAQAKwMngAAAQEICkEsdPpPe29F"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557266,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWxxAAEARrcDAqAypW2wJI5\/KBXgAHJMEAAEAACESpEJKWGZZVmEzZGpzK04="} -01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401","multimedia_flow_types":"Unknown"}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557512,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWx1AAEARrb\/AqAypW2wJI6TVBXgAHEc2AAEAACESpEJaT3lOZUhRVUNaSWY="} -01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401","multimedia_flow_types":"Unknown"}}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587689,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUlAADIRwVNbbAkjwKgMqQV4n8oAXLPRAQEAQCESpEJKWGZZVmEzZGpzK04AIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAQThhZ3"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587715,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUpAADIRwVJbbAkjwKgMqQV4pNUAXGDgAQEAQCESpEJaT3lOZUhRVUNaSWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATgolB7"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363660886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFlAAEARAJDAqAypW2wNF6TVBXgAHIUQAAEAACESpEJ4TDNiVmMzcVJ5TTE="} -01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401","multimedia_flow_types":"Unknown"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363670970,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFpAAEARAI\/AqAypW2wNF5\/KBXgAHDFOAAEAACESpEJ4Mld2aHpNWHgzMEw="} -01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401","multimedia_flow_types":"Unknown"}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363673567,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiUNAAEARd7rAqAypW2wRAp\/KBXgAHEXLAAEAACESpEJOZGorcy85N3hYOEQ="} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401","multimedia_flow_types":"Unknown"}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363677290,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiURAAEARd7nAqAypW2wRAqTVBXgAHGCFAAEAACESpEJZeUEvTW1CRVIxeUE="} -01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401","multimedia_flow_types":"Unknown"}}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363794064,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVNAAC4RuVVbbA0XwKgMqQV4pNUAXC8AAQEAQCESpEJ4TDNiVmMzcVJ5TTEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAASEVJgu"} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363805878,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVZAAC4RuVJbbA0XwKgMqQV4n8oAXDw7AQEAQCESpEJ4Mld2aHpNWHgzMEwAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAQ+iHz\/"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363819830,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZztAADARqYJbbBECwKgMqQV4n8oAXJquAQEAQCESpEJOZGorcy85N3hYOEQAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAASOxt8C"} @@ -239,7 +239,7 @@ 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01084{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01191{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -255,7 +255,7 @@ 01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/monitoring\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 889/887 ~~ skipped flows.............: 0 @@ -264,9 +264,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7030800 bytes -~~ total memory freed........: 7030800 bytes -~~ total allocations/frees...: 115412/115412 +~~ total memory allocated....: 7608768 bytes +~~ total memory freed........: 7608768 bytes +~~ total allocations/frees...: 127160/127160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 546 chars ~~ json message max len.......: 2356 chars diff --git a/test/results/monitoring/telegram_videocall_2.pcapng.out b/test/results/monitoring/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..27cd84137 --- /dev/null +++ b/test/results/monitoring/telegram_videocall_2.pcapng.out @@ -0,0 +1,80 @@ +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731946730424347} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731946730424347,"pkt":"AQBeAAD7dNo47VMyCABFAABJz2FAAP8R\/pzAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} +01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946730424347,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731946733955605,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="} +01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946733955605,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900337,"pkt":"dNo47VMyYhO2esBpCABFAAA4MVhAAEAR15vAqAxDW2wJapwgBXgAJPquAAMACCESpEJqbjEvdGFsZ2dHd3IAGQAEEQAAAA=="} +01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740900337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900337,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900481,"pkt":"dNo47VMyYhO2esBpCABFAAA4CeVAAEAR+3XAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946740900481,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900481,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946740900572,"pkt":"dNo47VMyYhO2esBpCABFAAA4bgpAAEARkyLAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946740900572,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900572,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740900678,"pkt":"dNo47VMyYhO2esBpCABFAABEEnFAAEAR9tbAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740900678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740900678,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901087,"pkt":"dNo47VMyYhO2esBpCABFAABE+u5AAEARBlvAqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946740901087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901087,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946740901130,"pkt":"dNo47VMyYhO2esBpCABFAABEAY5AAEARA6rAqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946740901130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946740901130,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740924754,"pkt":"YhO2esBpdNo47VMyCABFAAB446VAADMRMg5bbAlqwKgMQwV4nCAAZJQXARMASCESpEJqbjEvdGFsZ2dHd3IACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NDQ3YzBhODM4ODc3NDYzABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABE+Mpgc="} +01199{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946740900337,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731946740924754,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740900678,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946740924787,"pkt":"YhO2esBpdNo47VMyCABFAABc7RxAADQRKBNbbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740924754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731946740929880,"pkt":"dNo47VMyYhO2esBpCABFAACYMVpAAEAR1znAqAxDW2wJapwgBXgAhAJ3AAMAaCESpEJsTFp4REFIYU15dVIAGQAEEQAAAAAGAB0xNzMxOTY4MzQxOjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTQ0N2MwYTgzODg3NzQ2MwAIABR2KtKB33CStbawXfNsZh\/G\/qvnnA=="} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1731946740929880,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731946740957073,"pkt":"YhO2esBpdNo47VMyCABFAAB446ZAADMRMg1bbAlqwKgMQwV4nCAAZDpdAQMASCESpEJsTFp4REFIYU15dVIAFgAIAAGyOHp+rSgAIAAIAAG4bXwxDtIADQAEAAAAPIAiAAROb25lAAgAFJlm+aznLL1e9oLm1nndfGyxhvvEgCgABLF4z2o="} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901130,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741023286,"pkt":"YhO2esBpdNo47VMyCABFAABcXThAADERtudbbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731946740901087,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741048373,"pkt":"YhO2esBpdNo47VMyCABFAABcZP9AADMRqTJbbBEIwKgMQwJVtlMASPRsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146448,"pkt":"dNo47VMyYhO2esBpCABFAAA4CfFAAEAR+2nAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946741146448,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146448,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741146793,"pkt":"dNo47VMyYhO2esBpCABFAAA4bhJAAEARkxrAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946741146793,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946741146793,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946740924787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415294,"pkt":"dNo47VMyYhO2esBpCABFAABEEpBAAEAR9rfAqAxDW2wJCqzzAlUAMHx\/yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741048373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415371,"pkt":"dNo47VMyYhO2esBpCABFAABE+wxAAEARBj3AqAxDW2wRCLZTAlUAMI3tyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741023286,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731946741415476,"pkt":"dNo47VMyYhO2esBpCABFAABEAZpAAEARA57AqAxDW2wNGqWxAlYAMPVNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415294,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741438361,"pkt":"YhO2esBpdNo47VMyCABFAABc7YBAADQRJ69bbAkKwKgMQwJVrPMASOP+yTuYM2k\/Rq6r+4eNcVrsqP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgZkAAA=="} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741455021,"pkt":"dNo47VMyYhO2esBpCABFAACUEpNAAEAR9mTAqAxDW2wJCqzzAlUAgHyHyTuYM2k\/Rq6r+4eN3ZN1HXFa7KgAAABgAAEATCESpEJGSHIzakJmWDlZZFMABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABRP6D96wpT\/fEBrc+uxm4DhzbqVVYAoAAQMwkOe"} +01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946741455021,"flow_dst_last_pkt_time":1731946741438361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741455021,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741535530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741535530,"pkt":"YhO2esBpdNo47VMyCABFAABcXUJAADERtt1bbA0awKgMQwJWpbEASFrNyTuYM2k\/Rq6r+4eNjxlZTP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD1aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQg5kAAA=="} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731946741415371,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731946741562289,"pkt":"YhO2esBpdNo47VMyCABFAABcZT9AADMRqPJbbBEIwKgMQwJVtlMASPNsyTuYM2k\/Rq6r+4eNi8Ovc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcD2aDtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQgpkAAA=="} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741563039,"flow_dst_last_pkt_time":1731946740957073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731946741563039,"pkt":"dNo47VMyYhO2esBpCABFAACcMZVAAEAR1vrAqAxDW2wJapwgBXgAiIiMAAgAbCESpEJMS2hqRmNPSktXYS8AEgAIAAHvmHp+rSgABgAdMTczMTk2ODM0MToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDk0NDdjMGE4Mzg4Nzc0NjMACAAUfZYAz1TCSseNGKU6e+wfgKw\/POI="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741638435,"pkt":"YhO2esBpdNo47VMyCABFAACUXU5AADERtplbbA0awKgMQwJWpbEAgLnOyTuYM2k\/Rq6r+4eNjxlZTO1GBpwAAABgAAEATCESpEIwM1UvU3NIOVJGMEUABgAJMkdTaDpRU2gxAAAAwFcABAADA4SAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABTXPLZETMdJvNRvTRPxblog6S0sPoAoAAT2Mcen"} +01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946741415476,"flow_dst_last_pkt_time":1731946741638435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":248,"midstream":0,"thread_ts_usec":1731946741638435,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741647287,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741647287,"pkt":"dNo47VMyYhO2esBpCABFAAA4CgNAAEAR+1fAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731946741648442,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946741648442,"pkt":"dNo47VMyYhO2esBpCABFAAA4biRAAEARkwjAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731946741797117,"pkt":"dNo47VMyYhO2esBpCABFAACU+zBAAEARBcnAqAxDW2wRCLZTAlUAgPrbyTuYM2k\/Rq6r+4eNp\/o6mYvDr3MAAABgAAEATCESpEJOaDNhdFBKSlg5a20ABgAJUVNoMToyR1NoAAAAwFcABAADAAqAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTs6d5ccQOT\/RksJw\/DwndeFN1ti4AoAASntpvk"} +01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946741797117,"flow_dst_last_pkt_time":1731946741562289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1731946741797117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +02387{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":90,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946742240391,"flow_dst_last_pkt_time":1731946742264226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":262,"flow_src_tot_l4_payload_len":2187,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1731946742264226,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":87224.0,"max":633159,"stddev":149549.7,"var":22365106176.0,"ent":3.7,"data": [24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564]},"pktlen": {"min":56,"avg":146.8,"max":680,"stddev":107.0,"var":11452.5,"ent":4.8,"data": [56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89]},"bins": {"c_to_s": [1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742647652,"pkt":"dNo47VMyYhO2esBpCABFAAA4CkNAAEAR+xfAqAxDW2wNA5mhBXgAJBueAAMACCESpEJZaHNneGh4MkhrM0EAGQAEEQAAAA=="} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731946742649019,"pkt":"dNo47VMyYhO2esBpCABFAAA4boZAAEARkqbAqAxDW2wRMa6HBXgAJANsAAMACCESpEJoVXdKc0VOemFwNWUAGQAEEQAAAA=="} +02244{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742282512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":1980,"midstream":0,"thread_ts_usec":1731946742884971,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":108584.7,"max":699013,"stddev":167856.0,"var":28175654912.0,"ent":3.8,"data": [24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013]},"pktlen": {"min":68,"avg":160.0,"max":624,"stddev":120.1,"var":14426.0,"ent":4.7,"data": [68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148]},"bins": {"c_to_s": [0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0],"entropies": [4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946733955605,"flow_src_last_pkt_time":1731946733955605,"flow_dst_last_pkt_time":1731946733955605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900481,"flow_src_last_pkt_time":1731946742647652,"flow_dst_last_pkt_time":1731946740900481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.3","src_port":39329,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01175{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":120,"flow_first_seen":1731946740900337,"flow_src_last_pkt_time":1731946743383191,"flow_dst_last_pkt_time":1731946743371372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":1193,"flow_src_tot_l4_payload_len":45388,"flow_dst_tot_l4_payload_len":65505,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.106","src_port":39968,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1731946740901130,"flow_src_last_pkt_time":1731946742336578,"flow_dst_last_pkt_time":1731946742616857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":776,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.26","src_port":42417,"dst_port":598,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1731946740900678,"flow_src_last_pkt_time":1731946742884971,"flow_dst_last_pkt_time":1731946742970662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":596,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":2244,"flow_dst_tot_l4_payload_len":2068,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.10","src_port":44275,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1731946740900572,"flow_src_last_pkt_time":1731946742649019,"flow_dst_last_pkt_time":1731946740900572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.49","src_port":44679,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1731946740901087,"flow_src_last_pkt_time":1731946742234615,"flow_dst_last_pkt_time":1731946742577561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.8","src_port":46675,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731946730424347,"flow_src_last_pkt_time":1731946730424347,"flow_dst_last_pkt_time":1731946730424347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731946743383191,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/monitoring\/pcap\/telegram_videocall_2.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":118015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":65,"global_ts_usec":1731946743383191} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 315/315 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 118015 bytes +~~ total detected protocols..: 8 +~~ total active/idle flows...: 8/8 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7511070 bytes +~~ total memory freed........: 7511070 bytes +~~ total allocations/frees...: 126263/126263 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 570 chars +~~ json message max len.......: 2392 chars +~~ json message avg len.......: 1480 chars diff --git a/test/results/monitoring/telegram_voice.pcapng.out b/test/results/monitoring/telegram_voice.pcapng.out new file mode 100644 index 000000000..4f395334a --- /dev/null +++ b/test/results/monitoring/telegram_voice.pcapng.out @@ -0,0 +1,97 @@ +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1731945706423652} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1731945706423652,"pkt":"AQBeAAD7dNo47VMyCABFAABJO\/ZAAP8RkgjAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} +01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945706423652,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945709952490,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1731945709952490,"pkt":"MzMAAAD7dNo47VMyht1gBgAAADUR\/\/6AAAAAAAAAdto4\/\/7tUzL\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1074AAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="} +01015{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945709952490,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945715153114,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1731945715153114,"pkt":"dNo47VMyYhO2esBpCABFAABS16hAAEARyV3AqAxDwKgMAa4eADUAPsLYgNEBAAABAAAAAAAAFWNyYXNobHl0aWNzcmVwb3J0cy1wYQpnb29nbGVhcGlzA2NvbQAAAQAB"} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715153114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945715153114,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1731945715155704,"pkt":"YhO2esBpdNo47VMyCABFAABi8EtAAEARsKrAqAwBwKgMQwA1rh4AToIigNGBgAABAAEAAAAAFWNyYXNobHl0aWNzcmVwb3J0cy1wYQpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAAAAgAEAAAAAA=="} +01177{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945715155704,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com","domainame":"crashlyticsreports-pa.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["0.0.0.0,ttl=2"]}}} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728458253,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728458253,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xb1AAEARo3fAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728458253,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728458253,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728459223,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728459223,"pkt":"dNo47VMyYhO2esBpCABFAAA4EXJAAEAR87fAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728459223,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728459223,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728460409,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728460409,"pkt":"dNo47VMyYhO2esBpCABFAAA4LCpAAEAR3RHAqAxDW2wJIqZHBXgAJEsGAAMACCESpEIzTys2Y1BhOWVxeGkAGQAEEQAAAA=="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728460409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728460409,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728461584,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728461584,"pkt":"dNo47VMyYhO2esBpCABFAABEHXtAAEAR56PAqAxDW2wNM5hzAlUAMHVSXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728461584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728461584,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728463022,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728463022,"pkt":"dNo47VMyYhO2esBpCABFAABEyWdAAEARN+PAqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728463022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728463022,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728464288,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728464288,"pkt":"dNo47VMyYhO2esBpCABFAABEWSpAAEARr+PAqAxDW2wJRKAzAlQAMCRTXPOTdb7uCtvt6zwJ96Mr0f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728464288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728464288,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731945728488726,"pkt":"YhO2esBpdNo47VMyCABFAAB4xN5AADQRUB1bbAkiwKgMQwV4pkcAZDn2ARMASCESpEIzTys2Y1BhOWVxeGkACQAQAAAEAVVuYXV0aG9yaXplZAAVABA4YzhhOWJmNmE0MDc3YTE2ABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABJjQB4c="} +01193{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945728460409,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945728488726,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728489362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728489362,"pkt":"YhO2esBpdNo47VMyCABFAABcTiVAADMRx9BbbAlEwKgMQwJUoDMASJ7WXPOTdb7uCtvt6zwJ96Mr0f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYpkAAA=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728494473,"flow_dst_last_pkt_time":1731945728488726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1731945728494473,"pkt":"dNo47VMyYhO2esBpCABFAACYLCxAAEAR3K\/AqAxDW2wJIqZHBXgAhAxtAAMAaCESpEJwVUxJeGRiQVdKMFYAGQAEEQAAAAAGAB0xNzMxOTY3MzI5OjE3MTFjMzFjZjM3ZjkxZWUyMQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOGM4YTliZjZhNDA3N2ExNgAIABQm+N1\/wSiwtOXIMpNlS1zDLPeq8A=="} +00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728494473,"flow_dst_last_pkt_time":1731945728524234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1731945728524234,"pkt":"YhO2esBpdNo47VMyCABFAAB4xOhAADQRUBNbbAkiwKgMQwV4pkcAZCuQAQMASCESpEJwVUxJeGRiQVdKMFYAFgAIAAHmfnp+rWAAIAAIAAG4TXwxDtIADQAEAAAAPIAiAAROb25lAAgAFM5pB5c1eleZe\/6c\/z+F7CzLuE7OgCgABFQL6vg="} +00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728461584,"flow_dst_last_pkt_time":1731945728584147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728584147,"pkt":"YhO2esBpdNo47VMyCABFAABcWFJAADERu7RbbA0zwKgMQwJVmHMASPHVXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYJkAAA=="} +00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728463022,"flow_dst_last_pkt_time":1731945728609969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945728609969,"pkt":"YhO2esBpdNo47VMyCABFAABc6YBAADMRJLJbbBEHwKgMQwJVtxQASIZMXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcABZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYZkAAA=="} +00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728706036,"pkt":"YhO2esBpdNo47VMyCABFAACUTkpAADMRx3NbbAlEwKgMQwJUoDMAgHtqXPOTdb7uCtvt6zwJ96Mr0ZuShe4AAABgAAEATCESpEJoaGtXcGNWVXpySVIABgAJS0x0MzpPZ3pWAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABTxjAEB0\/jnWqnvYdX1S+b9+3BmXYAoAARQiC5f"} +01038{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728464288,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1731945728706036,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728709636,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1731945728709636,"pkt":"dNo47VMyYhO2esBpCABFAAB0WS9AAEARr67AqAxDW2wJRKAzAlQAYEs2XPOTdb7uCtvt6zwJm5KF7vejK9EAAABAAQEALCESpEJoaGtXcGNWVXpySVIAIAAIAAEjRnp+rQYACAAUbdtTUes+IvzXP3cb0qK2aH6\/gNqAKAAEBJsbdw=="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728710788,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728710788,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xc1AAEARo2fAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945728710788,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728710788,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1731945728711013,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945728711013,"pkt":"dNo47VMyYhO2esBpCABFAAA4EYtAAEAR857AqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945728711013,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945728711013,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728714153,"flow_dst_last_pkt_time":1731945728706036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728714153,"pkt":"dNo47VMyYhO2esBpCABFAACUWTBAAEARr43AqAxDW2wJRKAzAlQAgG30XPOTdb7uCtvt6zwJm5KF7vejK9EAAABgAAEATCESpEI0MGVWenAxdGxjbmQABgAJT2d6VjpLTHQzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJAAEbn8BAAAIABQUZZOHVHammz9bm6rlsbiZMuqFn4AoAAQtt\/ba"} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728858961,"flow_dst_last_pkt_time":1731945728524234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1731945728858961,"pkt":"dNo47VMyYhO2esBpCABFAACcLDhAAEAR3J\/AqAxDW2wJIqZHBXgAiOqQAAgAbCESpEJOK1doL01hbW9jM1YAEgAIAAGWoHp+rWAABgAdMTczMTk2NzMyOToxNzExYzMxY2YzN2Y5MWVlMjEAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDhjOGE5YmY2YTQwNzdhMTYACAAU75sz2EBb0hSU\/yLvGAjc3jfRyEc="} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728584147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728962208,"pkt":"dNo47VMyYhO2esBpCABFAABEHZRAAEAR54rAqAxDW2wNM5hzAlUAMHVSXPOTdb7uCtvt6zwJb31myP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1731945728963821,"flow_dst_last_pkt_time":1731945728609969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945728963821,"pkt":"dNo47VMyYhO2esBpCABFAABEyX1AAEARN83AqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1731945728995458,"pkt":"YhO2esBpdNo47VMyCABFAACUWHFAADERu11bbA0zwKgMQwJVmHMAgDvkXPOTdb7uCtvt6zwJb31myCmOxcsAAABgAAEATCESpEJEbE1XZHhyZEpQWFgABgAJS0x0MzpPZ3pWAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8BAAAIABS2yKV+wUzYSSt9TjMvT2twQfopgoAoAATUf0H9"} +01039{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945728962208,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1731945728995458,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1731945728999059,"flow_dst_last_pkt_time":1731945728995458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1731945728999059,"pkt":"dNo47VMyYhO2esBpCABFAAB0HZVAAEAR51nAqAxDW2wNM5hzAlUAYP9BXPOTdb7uCtvt6zwJKY7Fy299ZsgAAABAAQEALCESpEJEbE1XZHhyZEpQWFgAIAAIAAEjR3p+qXEACAAUNbxkRyuSnMtEid3t8H4BEMIHj4uAKAAExuFdQQ=="} +00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1731945728963821,"flow_dst_last_pkt_time":1731945729110362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1731945729110362,"pkt":"YhO2esBpdNo47VMyCABFAABc6cNAADMRJG9bbBEHwKgMQwJVtxQASIVMXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcACZTtnAAAAAAAAAHsAAAAAAAAAAAAA\/\/9dI6qQYZkAAA=="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1731945729210681,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945729210681,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xc9AAEARo2XAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1731945729214956,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945729214956,"pkt":"dNo47VMyYhO2esBpCABFAAA4EaJAAEAR84fAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +02217{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":80,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945728965019,"flow_dst_last_pkt_time":1731945729659565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":640,"flow_src_tot_l4_payload_len":1556,"flow_dst_tot_l4_payload_len":3292,"midstream":0,"thread_ts_usec":1731945729659565,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":54709.9,"max":245348,"stddev":61453.4,"var":3776523008.0,"ent":4.1,"data": [25074,216674,245348,4517,49052,101090,2123,47856,705,203,47977,8,48680,63235,15,67883,33733,30921,5566,35563,42632,10,106554,90512,4893,3141,92065,131857,148102,20831,29188]},"pktlen": {"min":68,"avg":179.5,"max":668,"stddev":151.2,"var":22848.8,"ent":4.6,"data": [68,92,148,116,148,148,116,148,212,116,156,116,148,116,668,116,600,148,116,68,92,624,136,176,108,124,260,120,120,92,236,92]},"bins": {"c_to_s": [0,2,4,2,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,6,1,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.577797413,4.704595566,5.840540886,6.068605900,5.729596138,5.724494934,6.023389339,5.735745430,5.209395409,6.047139168,5.621933937,5.952142715,5.800000668,6.109596729,6.500761509,6.081621647,6.754777431,5.751046658,6.006148338,4.577797413,4.704595566,7.371456146,5.947301865,6.372353077,5.506771564,5.806564331,6.849390507,5.727319241,5.766920567,5.701651573,6.887141705,5.708128929]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02379{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945729768352,"flow_dst_last_pkt_time":1731945729070645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":948,"midstream":0,"thread_ts_usec":1731945729768352,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":263,"avg":61876.7,"max":364488,"stddev":85905.3,"var":7379713024.0,"ent":4.0,"data": [28317,34064,35508,364488,566,362690,49517,68716,48417,51074,2919,56026,29084,263,48698,1930,20770,10384,79381,92318,1601,769,131478,118774,44174,69454,51913,13839,47939,1880,51228]},"pktlen": {"min":56,"avg":136.9,"max":237,"stddev":39.8,"var":1586.6,"ent":4.9,"data": [56,120,152,120,156,160,88,160,144,160,144,176,128,164,148,144,176,128,88,121,113,97,237,97,168,167,167,167,70,202,82,82]},"bins": {"c_to_s": [1,3,4,4,9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,2,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,1,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.971485138,5.671458721,5.746047974,5.878075600,5.706763744,5.727324486,5.785743237,5.641233921,5.929356098,5.664824486,5.968761921,5.817453384,5.830233097,5.731947422,5.954558372,5.994700909,5.790436745,5.817786694,5.885230064,5.863245964,5.738586903,5.528282642,6.865426064,5.427438736,6.728340626,6.638175011,6.711227417,6.654670715,5.510934830,6.905664921,5.741343975,5.854089737]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1731945730211455,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945730211455,"pkt":"dNo47VMyYhO2esBpCABFAAA4Xi9AAEARowXAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1731945730212650,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945730212650,"pkt":"dNo47VMyYhO2esBpCABFAAA4EfBAAEAR8znAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1731945732214609,"flow_dst_last_pkt_time":1731945728458253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945732214609,"pkt":"dNo47VMyYhO2esBpCABFAAA4XrRAAEARooDAqAxDW2wRKa11BXgAJPToAAMACCESpEJJV2svaStDV3hkbmQAGQAEEQAAAA=="} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1731945732214755,"flow_dst_last_pkt_time":1731945728459223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1731945732214755,"pkt":"dNo47VMyYhO2esBpCABFAAA4EqZAAEAR8oPAqAxDW2wNNLO9BXgAJP\/GAAMACCESpEI5K3YvY0FwSVNLZHAAGQAEEQAAAA=="} +01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":344,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945732214609,"flow_dst_last_pkt_time":1731945733394117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945733394117,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945729110362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1731945738970403,"pkt":"dNo47VMyYhO2esBpCABFAABEzUFAAEARNAnAqAxDW2wRB7cUAlUAMArJXPOTdb7uCtvt6zwJcMStlf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8AAAAAAAAAew=="} +01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945736216693,"flow_dst_last_pkt_time":1731945739144052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1731945739144052,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} +00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":241,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742420231,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1731945742420231,"pkt":"dNo47VMyYhO2esBpCABFwAEFw38AAEABhD\/AqAxDW2wJIgMDL10AAAAARQAA6dCeQAA0EUPsW2wJIsCoDEMFeKZHANUK1kAAAMmQb2AJzb3qHHAerQa+3gACImIAyjEA+ABKS8ce3yTB2t4dJ0Gq0MjI3DQc3a7luHIJR7sQrMRvHrxrIsP+1AgD+2TZkP6mYt4lsYZ\/LfTY1rQm16V09KwAjNVzc2DmDqff4tuttobLGtALUjjw0eT1RB8\/Tzx94UspBNvBqnLdwxrpjljx38\/VDd\/yMgt5SOu\/cbylLKZ6s9TwAFTEf7V12BeqWik\/WQDQv\/9BXRMMVVgo63X7iHa11\/Zbc7776lDaT7M+twE1+8w="} +01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742420231,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":241,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":241,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742420231,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":6.979447}} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1731945742427566,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1731945742427566,"pkt":"dNo47VMyYhO2esBpCABFwAB8w4AAAEABhMfAqAxDW2wJIgMDLtQAAAAARQAAYNCgQAA0EURzW2wJIsCoDEMFeKZHAExbNAEEADAhEqRCenpYWVJwRFFDb201AA0ABAAAAACAIgAETm9uZQAIABQ+KeI5lcomrBSJbcYHE6UGj1Uj14AoAAQNK102"} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1731945742483377,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1731945742483377,"pkt":"dNo47VMyYhO2esBpCABFwAB9w4EAAEABhMXAqAxDW2wJIgMDLtUAAAAARQAAYdCnQAA0EURrW2wJIsCoDEMFeKZHAE3xhEAAAEEX\/v0AAQAAAAAACAA0AAEAAAAAAAgL4navLTSfGO6ZdGR1XF3agUnmdNc0JqHPz11AONRepxhXuTrfKSh\/DdS\/Ug=="} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1731945742486517,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1731945742486517,"pkt":"dNo47VMyYhO2esBpCABFwACFw4IAAEABhLzAqAxDW2wJIgMDLt0AAAAARQAAadCoQAA0EURiW2wJIsCoDEMFeKZHAFWli0AAAEkX\/v0AAQAAAAAACQA8AAEAAAAAAAndkPmzy1kMGucJfQE2hnwTqBl5kurGYSy1jtwjjMEdLnj7utWJl\/Uku5oSw49NQ7SZgNrJ"} +00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1731945742490274,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1731945742490274,"pkt":"dNo47VMyYhO2esBpCABFwABjw4MAAEABhN3AqAxDW2wJIgMDLrsAAAAARQAAR9CrQAA0EUSBW2wJIsCoDEMFeKZHADNWfUAAACcV\/v0AAQAAAAAACgAaAAEAAAAAAAr81xeavmYd7qWcd6iCtVgKwnw="} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945709952490,"flow_src_last_pkt_time":1731945709952490,"flow_dst_last_pkt_time":1731945709952490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip6","src_ip":"fe80::76da:38ff:feed:5332","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1731945742420231,"flow_src_last_pkt_time":1731945742490274,"flow_dst_last_pkt_time":1731945742420231,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":79,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1731945728461584,"flow_src_last_pkt_time":1731945738968988,"flow_dst_last_pkt_time":1731945739091138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.51","src_port":39027,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":60,"flow_first_seen":1731945728464288,"flow_src_last_pkt_time":1731945738970434,"flow_dst_last_pkt_time":1731945738995534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":640,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":11896,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.68","src_port":41011,"dst_port":596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":401,"flow_dst_packets_processed":341,"flow_first_seen":1731945728460409,"flow_src_last_pkt_time":1731945742396734,"flow_dst_last_pkt_time":1731945742488310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":56131,"flow_dst_tot_l4_payload_len":53338,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.9.34","src_port":42567,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1731945728458253,"flow_src_last_pkt_time":1731945741156829,"flow_dst_last_pkt_time":1731945735000846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":884,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.41","src_port":44405,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1731945728459223,"flow_src_last_pkt_time":1731945740903911,"flow_dst_last_pkt_time":1731945739145072,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":664,"flow_dst_tot_l4_payload_len":552,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.13.52","src_port":46013,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1731945728463022,"flow_src_last_pkt_time":1731945738970403,"flow_dst_last_pkt_time":1731945739117008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"91.108.17.7","src_port":46868,"dst_port":597,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1731945706423652,"flow_src_last_pkt_time":1731945706423652,"flow_dst_last_pkt_time":1731945706423652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1731945715153114,"flow_src_last_pkt_time":1731945715153114,"flow_dst_last_pkt_time":1731945715155704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1731945742490274,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"192.168.12.1","src_port":44574,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"crashlyticsreports-pa.googleapis.com"}} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":870,"source":"cfgs\/monitoring\/pcap\/telegram_voice.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":870,"packets-processed":868,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":127117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":82,"global_ts_usec":1731945742490274} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 870/868 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 127117 bytes +~~ total detected protocols..: 10 +~~ total active/idle flows...: 10/10 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7531907 bytes +~~ total memory freed........: 7531907 bytes +~~ total allocations/frees...: 126839/126839 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 564 chars +~~ json message max len.......: 2384 chars +~~ json message avg len.......: 1473 chars diff --git a/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..f6e8c8c99 --- /dev/null +++ b/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -0,0 +1,45 @@ +00638{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1722427237887189,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722427237887189,"pkt":"CL6sCxduJjb1W8R1CABFAAA0G7xAAEAGfuDAqAycuYAZY5RYAdHRRTx6Lotc3oAQAKz0VAAAAQEIClGDm\/Zg+GPP"} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1722427237893385,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1722427237893385,"pkt":"CL6sCxduJjb1W8R1CABFAACMG71AAEAGfofAqAycuYAZY5RYAdHRRTx6Lotc3oAYAKwGbAAAAQEIClGDm\/xg+GPPAFZMPTMzOTxRGolMICktfVX5d7Govcsy0pVT8mddVpzLWlSz\/wqa4fqnJ7sd1tDiWvK+0bNfYJYw2jC910NC5QLwcabB0lN2lzIDtdibQqo8tesgVT+0oQ=="} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1722427237893385,"flow_dst_last_pkt_time":1722427237913224,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722427237913224,"pkt":"Jjb1W8R1CL6sCxduCABFAAA03KxAADEGzO+5gBljwKgMnAHRlFgui1ze0UU80oAQAID0BgAAAQEICmD4Y+tRg5v8"} +02019{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239098966,"flow_dst_last_pkt_time":1722427239119270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":749,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2029,"flow_dst_tot_l4_payload_len":6170,"midstream":0,"thread_ts_usec":1722427239119270,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":80257.7,"max":1019751,"stddev":241804.0,"var":58469183488.0,"ent":2.3,"data": [20026,22066,6196,28075,47,21155,1036,26262,32,5,4,27970,122,183,23639,57497,41848,4811,15826,16412,4857,7937,24736,465,24028,23273,24679,66760,1019751,977576,716]},"pktlen": {"min":52,"avg":308.7,"max":1500,"stddev":431.5,"var":186180.0,"ent":4.0,"data": [60,60,52,140,52,152,52,429,148,1500,1500,1500,52,52,152,164,52,52,376,873,52,52,801,52,310,172,395,176,52,199,52,148]},"bins": {"c_to_s": [7,0,1,3,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1],"entropies": [4.713300705,5.200119972,5.118428230,6.481626511,5.065449238,6.636507511,5.079966068,7.256804943,6.578202248,7.858069420,7.854922771,7.883089542,5.041504383,5.118428230,6.483579159,6.730767250,5.079966068,5.079966068,7.347016811,7.755306244,5.079966545,5.118428230,7.724539757,5.156889439,7.263402939,6.729237556,7.474316120,6.499718189,5.118428230,6.903886318,5.118427753,6.545400143]}} +01094{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239098966,"flow_dst_last_pkt_time":1722427239119270,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":749,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2029,"flow_dst_tot_l4_payload_len":6170,"midstream":0,"thread_ts_usec":1722427239119270,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427401914491,"flow_dst_last_pkt_time":1722427401914491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427401914491,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1722427401914491,"flow_dst_last_pkt_time":1722427401914491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1722427401914491,"pkt":"CL6sCxduJjb1W8R1CABFAABy2RxAAEAREEfAqAyclWbubLgYBL4AXry7TD0zMzk8PRWJTCApLX0ztsQlev3YxCWdt7GyYXdyiRGo8bhFf\/cNiCnfxJrQQpJhg10bVRf\/YPtTO9niuqCU7i89LOiqGMxV7ItTQIb1eAp4i9eFVl8="} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1722427401914491,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1722427401921409,"pkt":"Jjb1W8R1CL6sCxduCABFAAB+OLtAADURu5yVZu5swKgMnAS+uBgAah9pNAkHBzVqBXec3okFUmE\/LQUpLQmDVjIwPTgDGz\/v8c82iAOs+Gw2f07LutXYs10W54XvwsPZQ\/FJezyTZqW58dR09NoJw48Yh7VHR7mXHT13nkq85vgyd2g5LHZYXKmzocY="} +01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} +02048{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} +00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590861565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1722705590861565,"pkt":"CL6sCxduJjb1W8R1CABFAAA9Ke1AAEAGgWXAqAyca6FWg7vIAbsz4mJ8JW6rfoAYAKwRrQAAAQEICsoN5p5qqi2UAFY4ao5vp\/\/4"} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590868065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1722705590868065,"pkt":"CL6sCxduJjb1W8R1CABFAAA9Ke5AAEAGgWTAqAyca6FWg7vIAbsz4mKFJW6rfoAYAKwRUAAAAQEICsoN5qRqqi2UYBhRh3visPuJ"} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590873564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1722705590873564,"pkt":"CL6sCxduJjb1W8R1CABFAAA9Ke9AAEAGgWPAqAyca6FWg7vIAbsz4mKOJW6rfoAYAKyd\/QAAAQEICsoN5qpqqi2UOno3Y591U252"} +02000{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705591511972,"flow_dst_last_pkt_time":1722705591387622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1722705591511972,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":44847.8,"max":303035,"stddev":76201.7,"var":5806696960.0,"ent":3.5,"data": [102069,4840,6500,5499,5384,5348,5717,5375,5168,5616,5148,255594,100325,15640,143042,32722,143022,26,303035,27745,1278,5419,5419,5738,6677,5026,142895,27779,1244,5483,5509]},"pktlen": {"min":52,"avg":67.3,"max":152,"stddev":23.7,"var":562.8,"ent":4.9,"data": [60,52,61,61,61,61,61,61,61,61,61,59,64,88,58,80,80,52,152,98,52,59,59,59,59,59,59,52,148,52,52,52]},"bins": {"c_to_s": [9,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [19,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0],"entropies": [5.300120831,5.233812809,5.399485111,5.467381954,5.434595108,5.401808262,5.500168800,5.401808262,5.455006599,5.377057552,5.233534813,5.055375576,5.207358360,5.946230888,5.336176872,5.165400982,5.130965233,5.231892586,6.316833973,5.691545963,5.156889915,5.259676456,5.280779839,5.403578281,5.333379745,5.369679928,5.299482346,5.193430901,6.433825016,5.140452385,5.193430901,5.270354271]}} +00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":122,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705591511972,"flow_dst_last_pkt_time":1722705591387622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1722705591511972,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":47,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705593900158,"flow_dst_last_pkt_time":1722705593880142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":6532,"flow_dst_tot_l4_payload_len":13095,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} +01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00872{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 177/177 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 42211 bytes +~~ total detected protocols..: 0 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7499251 bytes +~~ total memory freed........: 7499251 bytes +~~ total allocations/frees...: 126071/126071 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 571 chars +~~ json message max len.......: 2053 chars +~~ json message avg len.......: 1311 chars diff --git a/test/results/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/ndpireader_conf_file/signal_videocall.pcapng.out new file mode 100644 index 000000000..dd3b938cc --- /dev/null +++ b/test/results/ndpireader_conf_file/signal_videocall.pcapng.out @@ -0,0 +1,49 @@ +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431955912,"pkt":"dNo47VMyYhO2esBpCABFAAAwtSNAAEARmEDAqAxDI9v8krs2DZYAHF30AAEAACESpEJKdmo2eHhiZEdrT1E="} +01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431955912,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431955912,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431956045,"pkt":"dNo47VMyYhO2esBpCABFAAA4tSRAAEARmDfAqAxDI9v8krs2DZYAJHj9AAMACCESpEJGT0RzSVBnV3VDSVgAGQAEEQAAAA=="} +01163{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431955912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431956045,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431959193,"pkt":"YhO2esBpdNo47VMyCABFAABQi8xAADkRyHcj2\/ySwKgMQw2WuzYAPLQBAQEAICESpEJKdmo2eHhiZEdrT1EAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAE\/+dX5g=="} +01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431959193,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431959746,"pkt":"YhO2esBpdNo47VMyCABFAABwi81AADkRyFYj2\/ySwKgMQw2WuzYAXM1WARMAQCESpEJGT0RzSVBnV3VDSVgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3MWRlZDFjNTBiN2Q0NGFmABQACnNpZ25hbC5vcmcAAIAoAAR7NBQ3"} +01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024431956045,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431959746,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1732024431959841,"pkt":"dNo47VMyYhO2esBpCABFAAA4ZxdAAEAR9+\/AqAxDI9jq6rs2DZYAJF1+AAMACCESpEJoc3FkNDJvUEJsZ2kAGQAEEQAAAA=="} +01183{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431959841,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431962384,"flow_dst_last_pkt_time":1732024431959746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431962384,"pkt":"dNo47VMyYhO2esBpCABFAACQtSVAAEARl97AqAxDI9v8krs2DZYAfNU1AAMAYCESpEJLZGY0aGpCR2VDNmwAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDcxZGVkMWM1MGI3ZDQ0YWYACAAUgVqrAzIcqrmsvPu1c7hMsgoikGk="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1732024431962820,"pkt":"YhO2esBpdNo47VMyCABFYABQmTNAADkRzFsj2OrqwKgMQw2WuzYAPPTfAQEAICESpEJQQm9QWFIrVWRPcnYAIAAIAAGRw3wxDFwAAQAIAAGw0V0jqB6AKAAELCkIuA=="} +01098{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431962820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1732024431962820,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1732024431967507,"pkt":"YhO2esBpdNo47VMyCABFYABwmTdAADkRzDcj2OrqwKgMQw2WuzYAXIRlARMAQCESpEJoc3FkNDJvUEJsZ2kACQAQAAAEAVVuYXV0aG9yaXplZAAVABAyMzlmNWI0MDIzNmE0ZmIyABQACnNpZ25hbC5vcmcAAIAoAAR3etFo"} +01120{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431959841,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1732024431967507,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"mapped_address":"93.35.168.30:45265","multimedia_flow_types":"Unknown"}}} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1732024431970453,"flow_dst_last_pkt_time":1732024431967507,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1732024431970453,"pkt":"dNo47VMyYhO2esBpCABFAACQZxlAAEAR95XAqAxDI9jq6rs2DZYAfJ\/eAAMAYCESpEJtY0MxU2RsRTVSTFIAGQAEEQAAAAAGABcxNzMyMTEwODMzOjg5NTYwMTIyMyMwMQAAFAAKc2lnbmFsLm9yZwAAABUAEDIzOWY1YjQwMjM2YTRmYjIACAAUWuhe5DwiuoVslYdnHO9VLKb1KDk="} +00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1732024434112285,"pkt":"dNo47VMyYhO2esBpCABFAAB8tZtAAEARl3zAqAxDI9v8krs23DkAaDzbAAEATCESpEJvVmpOd0IwS3IzMTcABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYsAJAAEbn8e\/wAIABQsPdFbp2Mty9aiJruZ\/Hgd1SZ9SYAoAAQ0snQG"} +01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434112285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024434112285,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1732024434112285,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434178241,"pkt":"YhO2esBpdNo47VMyCABFYABcj7BAADIRyycj2\/ySwKgMQ9w5uzYASCrcAQEALCESpEJvVmpOd0IwS3IzMTcAIAAIAAGRwHwxDFwACAAUzCtdmPFLOE2hrfqThQbG\/WfenmGAKAAE+56MVw=="} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1732024434208184,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434208184,"pkt":"dNo47VMyYhO2esBpCABFAACEtaBAAEARl2\/AqAxDI9v8krs23DkAcJ01AAEAVCESpEJ5YkVGeHg2Vm54cEwABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFBR40kD7fQkz6Qg731KFxeC3zkjNgCgABDObOGE="} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434178241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1732024434257371,"pkt":"dNo47VMyYhO2esBpCABFAACEtaNAAEARl2zAqAxDI9v8krs23DkAcLCLAAEAVCESpEIvVzZEb0YxN3VBZ04ABgAJKzRmSDpxcDhzAAAAwFcABAADAAqAKgAItCq\/i7rPSYvAAQAEAAAAAQAkAARufx7\/AAgAFB0q7oEahdIgYLDgT\/FjacmxOl1HgCgABEHzBpk="} +00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1732024434257371,"flow_dst_last_pkt_time":1732024434268071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1732024434268071,"pkt":"YhO2esBpdNo47VMyCABFYABcj9ZAADIRywEj2\/ySwKgMQ9w5uzYASIPeAQEALCESpEJ5YkVGeHg2Vm54cEwAIAAIAAGRwHwxDFwACAAULNk0SsQGD73EexLHOWxlLf1+DQiAKAAEShdJ1g=="} +02395{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024441333397,"flow_dst_last_pkt_time":1732024441541595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1732024441541595,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7924,"avg":472594.2,"max":2449226,"stddev":710703.9,"var":505100075008.0,"ent":3.7,"data": [65956,95899,49187,89830,51983,7924,75804,92201,90821,45764,45926,841819,964746,88146,209352,700416,8800,797762,169039,140771,9988,132129,62705,2295091,2449226,43943,201199,880503,2304788,1490835,147869]},"pktlen": {"min":56,"avg":102.6,"max":132,"stddev":22.3,"var":496.6,"ent":5.0,"data": [124,92,132,132,92,92,124,92,124,92,124,92,124,92,124,92,56,84,124,92,84,56,124,92,124,92,124,92,56,124,92,124]},"bins": {"c_to_s": [1,1,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,0,1,1,0,1,0,1,1],"entropies": [5.976831913,5.915143967,5.742778778,5.854558945,5.733025551,5.885198593,5.998001575,5.797378063,6.024171352,5.726989746,5.921308994,5.664066315,5.913927555,5.841720104,5.901226997,5.802705288,5.235924244,5.790773869,5.923968792,5.811777592,5.734168530,5.119329453,5.946332932,5.906072140,5.847799778,5.811777115,5.940245152,5.748729706,5.115301609,5.849411488,5.828187466,5.968549728]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1732024444862357} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 334/334 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 109231 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7499733 bytes +~~ total memory freed........: 7499733 bytes +~~ total allocations/frees...: 126227/126227 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 564 chars +~~ json message max len.......: 2400 chars +~~ json message avg len.......: 1463 chars diff --git a/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..00382fa03 --- /dev/null +++ b/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -0,0 +1,28 @@ +00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378288841,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378288841,"pkt":"ILAB4IZiSKRyNpegCABFAAA0B4lAAIAGELDAqAF1I9v8kshgAFBbKS1nAAAAAIAC+vBAUwAAAgQFtAEDAwgBAQQC"} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378293937,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADoGXjkj2\/ySwKgBdQBQyGCXmzc3WyktaIASf5Ts8QAAAgQFjAEBBAIBAwMK"} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1733247378294067,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1733247378294067,"pkt":"ILAB4IZiSKRyNpegCABFAAAoB4xAAIAGELnAqAF1I9v8kshgAFBbKS1ol5s3OFAQAgOrMAAA"} +00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1733247378295356,"pkt":"ILAB4IZiSKRyNpegCABFAABEB49AAIAGEJrAqAF1I9v8kshgAFBbKS1ol5s3OFAYAgMlbwAAAAMACCESpEJKbERKTE9Ea0ZJSWYAGQAEEQAAAA=="} +01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378295356,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378300425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1733247378300425,"pkt":"SKRyNpegILAB4IZiCABFAAAoHURAADoGQQEj2\/ySwKgBdQBQyGCXmzc4WykthFAQACCs9wAAAAAAAAAA"} +01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378307859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1733247378307859,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} +02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378757373,"flow_dst_last_pkt_time":1733247378756881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":248,"flow_src_tot_l4_payload_len":1352,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1733247378757373,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":30212.0,"max":286751,"stddev":67983.4,"var":4621743104.0,"ent":3.1,"data": [5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409]},"pktlen": {"min":40,"avg":111.6,"max":288,"stddev":62.1,"var":3852.6,"ent":4.8,"data": [52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140]},"bins": {"c_to_s": [6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0],"entropies": [4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":274,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247395709690,"flow_dst_last_pkt_time":1733247395702394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":1420,"flow_src_tot_l4_payload_len":58588,"flow_dst_tot_l4_payload_len":27476,"midstream":0,"thread_ts_usec":1733247395709690,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} +00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 500/500 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 86064 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7501782 bytes +~~ total memory freed........: 7501782 bytes +~~ total allocations/frees...: 126370/126370 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json message min len.......: 552 chars +~~ json message max len.......: 2230 chars +~~ json message avg len.......: 1316 chars diff --git a/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out b/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out index fc0930548..e372419da 100644 --- a/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out +++ b/test/results/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out @@ -1,5 +1,5 @@ -00643{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00643{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} @@ -14,7 +14,7 @@ 01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} 02053{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} -00872{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00872{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} @@ -27,7 +27,7 @@ 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01096{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00877{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +00877{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/openvpn_heuristic_enabled\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6921655 bytes -~~ total memory freed........: 6921655 bytes -~~ total allocations/frees...: 114340/114340 +~~ total memory allocated....: 7499251 bytes +~~ total memory freed........: 7499251 bytes +~~ total allocations/frees...: 126071/126071 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 576 chars ~~ json message max len.......: 2058 chars diff --git a/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out index 52fef3623..896750d76 100644 --- a/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out +++ b/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out @@ -1,17 +1,17 @@ -00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00644{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00865{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} 01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01352{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -04038{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} +01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} +03997{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} 01054{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} +00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -20,10 +20,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7109929 bytes -~~ total memory freed........: 7109929 bytes -~~ total allocations/frees...: 114329/114329 +~~ total memory allocated....: 7687525 bytes +~~ total memory freed........: 7687525 bytes +~~ total allocations/frees...: 126060/126060 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 577 chars -~~ json message max len.......: 4043 chars -~~ json message avg len.......: 2223 chars +~~ json message max len.......: 4002 chars +~~ json message avg len.......: 2203 chars diff --git a/test/results/stats/caches_cfg/ookla.pcap.out b/test/results/stats/caches_cfg/ookla.pcap.out index 48ce30101..686fd20ba 100644 --- a/test/results/stats/caches_cfg/ookla.pcap.out +++ b/test/results/stats/caches_cfg/ookla.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:55 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46216 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46052 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/caches_cfg/teams.pcap.out b/test/results/stats/caches_cfg/teams.pcap.out index 08e316ac7..24a6adc9b 100644 --- a/test/results/stats/caches_cfg/teams.pcap.out +++ b/test/results/stats/caches_cfg/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:668 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:670898 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:669315 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:46 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:33 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:51 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:16 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:2 diff --git a/test/results/stats/caches_global/bittorrent.pcap.out b/test/results/stats/caches_global/bittorrent.pcap.out index be8dd06d4..90e1f8849 100644 --- a/test/results/stats/caches_global/bittorrent.pcap.out +++ b/test/results/stats/caches_global/bittorrent.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out b/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out index e509caca0..3ebc5a3ed 100644 --- a/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:89 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:92580 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:92625 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/caches_global/mining.pcapng.out b/test/results/stats/caches_global/mining.pcapng.out index 6944e196d..4d04a9e1d 100644 --- a/test/results/stats/caches_global/mining.pcapng.out +++ b/test/results/stats/caches_global/mining.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/caches_global/ookla.pcap.out b/test/results/stats/caches_global/ookla.pcap.out index a63b0ceef..28f17e30d 100644 --- a/test/results/stats/caches_global/ookla.pcap.out +++ b/test/results/stats/caches_global/ookla.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:55 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43684 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43520 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/caches_global/teams.pcap.out b/test/results/stats/caches_global/teams.pcap.out index 9ff21056b..f9cf6099f 100644 --- a/test/results/stats/caches_global/teams.pcap.out +++ b/test/results/stats/caches_global/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:668 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:642480 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:640870 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:51 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:27 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:6 diff --git a/test/results/stats/caches_global/zoom_p2p.pcapng.out b/test/results/stats/caches_global/zoom_p2p.pcapng.out index a7f724840..ac04d0915 100644 --- a/test/results/stats/caches_global/zoom_p2p.pcapng.out +++ b/test/results/stats/caches_global/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:134 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115505 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115637 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/1kxun.pcap.out b/test/results/stats/default/1kxun.pcap.out index 7cbee8a8b..d8a51a692 100644 --- a/test/results/stats/default/1kxun.pcap.out +++ b/test/results/stats/default/1kxun.pcap.out @@ -1,17 +1,17 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1555843 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1555868 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:156501 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:2270815 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:624 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:116 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:121 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:53 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -58,7 +58,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:63 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:68 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:45 @@ -83,18 +83,19 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:32 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -110,9 +111,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:197 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/443-chrome.pcap.out b/test/results/stats/default/443-chrome.pcap.out index daabd333c..62ab9e081 100644 --- a/test/results/stats/default/443-chrome.pcap.out +++ b/test/results/stats/default/443-chrome.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7592 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7599 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/443-curl.pcap.out b/test/results/stats/default/443-curl.pcap.out index 975f17b39..7af408fb5 100644 --- a/test/results/stats/default/443-curl.pcap.out +++ b/test/results/stats/default/443-curl.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13788 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13700 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/443-firefox.pcap.out b/test/results/stats/default/443-firefox.pcap.out index f4d842609..25e4f07d7 100644 --- a/test/results/stats/default/443-firefox.pcap.out +++ b/test/results/stats/default/443-firefox.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14036 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13948 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/443-git.pcap.out b/test/results/stats/default/443-git.pcap.out index ac4ae4e3c..8bd338bf5 100644 --- a/test/results/stats/default/443-git.pcap.out +++ b/test/results/stats/default/443-git.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15833 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15710 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/443-opvn.pcap.out b/test/results/stats/default/443-opvn.pcap.out index 32208a20b..5c37ed600 100644 --- a/test/results/stats/default/443-opvn.pcap.out +++ b/test/results/stats/default/443-opvn.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/443-safari.pcap.out b/test/results/stats/default/443-safari.pcap.out index 2cd0c0c80..3da4706cd 100644 --- a/test/results/stats/default/443-safari.pcap.out +++ b/test/results/stats/default/443-safari.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13547 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13459 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/4in4tunnel.pcap.out b/test/results/stats/default/4in4tunnel.pcap.out index e57c2b887..11218914b 100644 --- a/test/results/stats/default/4in4tunnel.pcap.out +++ b/test/results/stats/default/4in4tunnel.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/4in6tunnel.pcap.out b/test/results/stats/default/4in6tunnel.pcap.out index 708de559c..607dceeb5 100644 --- a/test/results/stats/default/4in6tunnel.pcap.out +++ b/test/results/stats/default/4in6tunnel.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/6in4tunnel.pcap.out b/test/results/stats/default/6in4tunnel.pcap.out index b70219e41..6a7d0f323 100644 --- a/test/results/stats/default/6in4tunnel.pcap.out +++ b/test/results/stats/default/6in4tunnel.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/6in6tunnel.pcap.out b/test/results/stats/default/6in6tunnel.pcap.out index 8aef11fde..9d818203d 100644 --- a/test/results/stats/default/6in6tunnel.pcap.out +++ b/test/results/stats/default/6in6tunnel.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out index f660d8ab6..3dd4ee90a 100644 --- a/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/BGP_redist.pcap.out b/test/results/stats/default/BGP_redist.pcap.out index 2c644cd6c..17f4e9fd8 100644 --- a/test/results/stats/default/BGP_redist.pcap.out +++ b/test/results/stats/default/BGP_redist.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/EAQ.pcap.out b/test/results/stats/default/EAQ.pcap.out index 28afe5fa9..531d5a3e4 100644 --- a/test/results/stats/default/EAQ.pcap.out +++ b/test/results/stats/default/EAQ.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:269 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:194061 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:193861 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:31 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:29 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:22 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 88bd44211..046052deb 100644 --- a/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:52 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:55395 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:55748 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/IEC104.pcap.out b/test/results/stats/default/IEC104.pcap.out index 8bb3bda0f..080d7ebce 100644 --- a/test/results/stats/default/IEC104.pcap.out +++ b/test/results/stats/default/IEC104.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/KakaoTalk_chat.pcap.out b/test/results/stats/default/KakaoTalk_chat.pcap.out index ea7abb7b4..ce5dd92b1 100644 --- a/test/results/stats/default/KakaoTalk_chat.pcap.out +++ b/test/results/stats/default/KakaoTalk_chat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:270 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:241649 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:240854 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/KakaoTalk_talk.pcap.out b/test/results/stats/default/KakaoTalk_talk.pcap.out index 16c3aca90..3de13440a 100644 --- a/test/results/stats/default/KakaoTalk_talk.pcap.out +++ b/test/results/stats/default/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:145 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:122774 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:122849 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:14 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/NTPv2.pcap.out b/test/results/stats/default/NTPv2.pcap.out index 5900929f1..0411e0c73 100644 --- a/test/results/stats/default/NTPv2.pcap.out +++ b/test/results/stats/default/NTPv2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/NTPv3.pcap.out b/test/results/stats/default/NTPv3.pcap.out index 2e94ac49b..5502c6bea 100644 --- a/test/results/stats/default/NTPv3.pcap.out +++ b/test/results/stats/default/NTPv3.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/NTPv4.pcap.out b/test/results/stats/default/NTPv4.pcap.out index 2e94ac49b..5502c6bea 100644 --- a/test/results/stats/default/NTPv4.pcap.out +++ b/test/results/stats/default/NTPv4.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/Oscar.pcap.out b/test/results/stats/default/Oscar.pcap.out index 79b628953..9173ccc26 100644 --- a/test/results/stats/default/Oscar.pcap.out +++ b/test/results/stats/default/Oscar.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/TivoDVR.pcap.out b/test/results/stats/default/TivoDVR.pcap.out index 42ad19d23..b4960aa82 100644 --- a/test/results/stats/default/TivoDVR.pcap.out +++ b/test/results/stats/default/TivoDVR.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/WebattackRCE.pcap.out b/test/results/stats/default/WebattackRCE.pcap.out index 8e499eb91..a3266db7f 100644 --- a/test/results/stats/default/WebattackRCE.pcap.out +++ b/test/results/stats/default/WebattackRCE.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/WebattackSQLinj.pcap.out b/test/results/stats/default/WebattackSQLinj.pcap.out index 98bec5cb2..fdfc78df0 100644 --- a/test/results/stats/default/WebattackSQLinj.pcap.out +++ b/test/results/stats/default/WebattackSQLinj.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/WebattackXSS.pcap.out b/test/results/stats/default/WebattackXSS.pcap.out index b5660467b..3939bebd5 100644 --- a/test/results/stats/default/WebattackXSS.pcap.out +++ b/test/results/stats/default/WebattackXSS.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/activision.pcap.out b/test/results/stats/default/activision.pcap.out index f0941c7c7..e5181c4ac 100644 --- a/test/results/stats/default/activision.pcap.out +++ b/test/results/stats/default/activision.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/adult_content.pcap.out b/test/results/stats/default/adult_content.pcap.out index 979df9f70..cc19cb72c 100644 --- a/test/results/stats/default/adult_content.pcap.out +++ b/test/results/stats/default/adult_content.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9775 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9842 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/afp.pcap.out b/test/results/stats/default/afp.pcap.out index 9b5eff65a..5a2884b79 100644 --- a/test/results/stats/default/afp.pcap.out +++ b/test/results/stats/default/afp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/agora-sd-rtn.pcap.out b/test/results/stats/default/agora-sd-rtn.pcap.out index 27e9110ef..2055b586a 100644 --- a/test/results/stats/default/agora-sd-rtn.pcap.out +++ b/test/results/stats/default/agora-sd-rtn.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ah.pcapng.out b/test/results/stats/default/ah.pcapng.out index 4e9c7f7ba..9074fad6b 100644 --- a/test/results/stats/default/ah.pcapng.out +++ b/test/results/stats/default/ah.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ajp.pcap.out b/test/results/stats/default/ajp.pcap.out index be4497d1b..33dbc2363 100644 --- a/test/results/stats/default/ajp.pcap.out +++ b/test/results/stats/default/ajp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/alexa-app.pcapng.out b/test/results/stats/default/alexa-app.pcapng.out index 0a551882c..673605a49 100644 --- a/test/results/stats/default/alexa-app.pcapng.out +++ b/test/results/stats/default/alexa-app.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1415 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1290165 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1279370 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:160 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:104 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:56 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:399153 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:588052 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:74 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:62 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:679 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:26 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:59 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/alicloud.pcap.out b/test/results/stats/default/alicloud.pcap.out index 7254db000..7b0e40975 100644 --- a/test/results/stats/default/alicloud.pcap.out +++ b/test/results/stats/default/alicloud.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/among_us.pcap.out b/test/results/stats/default/among_us.pcap.out index 1a7c4c215..7426c9df8 100644 --- a/test/results/stats/default/among_us.pcap.out +++ b/test/results/stats/default/among_us.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/amqp.pcap.out b/test/results/stats/default/amqp.pcap.out index 59484ffff..0341a0225 100644 --- a/test/results/stats/default/amqp.pcap.out +++ b/test/results/stats/default/amqp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/android.pcap.out b/test/results/stats/default/android.pcap.out index b95fe2625..ff999893a 100644 --- a/test/results/stats/default/android.pcap.out +++ b/test/results/stats/default/android.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:436 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:378966 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:376907 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:63 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:54 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:25482 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:76498 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:196 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/anyconnect-vpn.pcap.out b/test/results/stats/default/anyconnect-vpn.pcap.out index dbd5c94ea..8f0d750aa 100644 --- a/test/results/stats/default/anyconnect-vpn.pcap.out +++ b/test/results/stats/default/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:457 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:389391 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:388858 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:69 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:59 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/anydesk.pcapng.out b/test/results/stats/default/anydesk.pcapng.out index 64f371b0c..483de12bc 100644 --- a/test/results/stats/default/anydesk.pcapng.out +++ b/test/results/stats/default/anydesk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:66 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:66748 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:66338 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/atg.pcap.out b/test/results/stats/default/atg.pcap.out index 5ea12bbcd..a307ec5cb 100644 --- a/test/results/stats/default/atg.pcap.out +++ b/test/results/stats/default/atg.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/avast.pcap.out b/test/results/stats/default/avast.pcap.out index 69e894ea9..8bae70cec 100644 --- a/test/results/stats/default/avast.pcap.out +++ b/test/results/stats/default/avast.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/avast_securedns.pcapng.out b/test/results/stats/default/avast_securedns.pcapng.out index 7a63d101e..f6e8ba334 100644 --- a/test/results/stats/default/avast_securedns.pcapng.out +++ b/test/results/stats/default/avast_securedns.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bacnet.pcap.out b/test/results/stats/default/bacnet.pcap.out index eb40f618e..3b30d6fff 100644 --- a/test/results/stats/default/bacnet.pcap.out +++ b/test/results/stats/default/bacnet.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bad-dns-traffic.pcap.out b/test/results/stats/default/bad-dns-traffic.pcap.out index 390744730..146bee71b 100644 --- a/test/results/stats/default/bad-dns-traffic.pcap.out +++ b/test/results/stats/default/bad-dns-traffic.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/badpackets.pcap.out b/test/results/stats/default/badpackets.pcap.out index 7aa3c9171..f3aa5c952 100644 --- a/test/results/stats/default/badpackets.pcap.out +++ b/test/results/stats/default/badpackets.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/beckhoff_ads.pcapng.out b/test/results/stats/default/beckhoff_ads.pcapng.out index 36b5a6a2b..ab6ed8189 100644 --- a/test/results/stats/default/beckhoff_ads.pcapng.out +++ b/test/results/stats/default/beckhoff_ads.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bets.pcapng.out b/test/results/stats/default/bets.pcapng.out index b66509c74..aabcdb723 100644 --- a/test/results/stats/default/bets.pcapng.out +++ b/test/results/stats/default/bets.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11970 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11888 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bfcp.pcapng.out b/test/results/stats/default/bfcp.pcapng.out index ab68a9663..98a413f63 100644 --- a/test/results/stats/default/bfcp.pcapng.out +++ b/test/results/stats/default/bfcp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bfd.pcap.out b/test/results/stats/default/bfd.pcap.out index 3e692d862..654240295 100644 --- a/test/results/stats/default/bfd.pcap.out +++ b/test/results/stats/default/bfd.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bitcoin.pcap.out b/test/results/stats/default/bitcoin.pcap.out index 851811a9a..7418c3bd0 100644 --- a/test/results/stats/default/bitcoin.pcap.out +++ b/test/results/stats/default/bitcoin.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bittorrent.pcap.out b/test/results/stats/default/bittorrent.pcap.out index 4e5a12507..3826b3a26 100644 --- a/test/results/stats/default/bittorrent.pcap.out +++ b/test/results/stats/default/bittorrent.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bittorrent_tcp_miss.pcapng.out b/test/results/stats/default/bittorrent_tcp_miss.pcapng.out index cd9b48ecb..ca0320712 100644 --- a/test/results/stats/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/stats/default/bittorrent_tcp_miss.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bittorrent_utp.pcap.out b/test/results/stats/default/bittorrent_utp.pcap.out index 521977408..8a27fef77 100644 --- a/test/results/stats/default/bittorrent_utp.pcap.out +++ b/test/results/stats/default/bittorrent_utp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bjnp.pcap.out b/test/results/stats/default/bjnp.pcap.out index 633e8be32..6e90db5ae 100644 --- a/test/results/stats/default/bjnp.pcap.out +++ b/test/results/stats/default/bjnp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bot.pcap.out b/test/results/stats/default/bot.pcap.out index 8f5c674ff..3707e9c65 100644 --- a/test/results/stats/default/bot.pcap.out +++ b/test/results/stats/default/bot.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bt-dns.pcap.out b/test/results/stats/default/bt-dns.pcap.out index c02cc7fbc..f4ea3da83 100644 --- a/test/results/stats/default/bt-dns.pcap.out +++ b/test/results/stats/default/bt-dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/bt-http.pcapng.out b/test/results/stats/default/bt-http.pcapng.out index cf42ec534..5f35f3bf9 100644 --- a/test/results/stats/default/bt-http.pcapng.out +++ b/test/results/stats/default/bt-http.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9411 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9181 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:370 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:340 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/bt_search.pcap.out b/test/results/stats/default/bt_search.pcap.out index ce8d9ca0b..d8fcd7465 100644 --- a/test/results/stats/default/bt_search.pcap.out +++ b/test/results/stats/default/bt_search.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/c1222.pcapng.out b/test/results/stats/default/c1222.pcapng.out index 16a8ec191..e5b9b96dd 100644 --- a/test/results/stats/default/c1222.pcapng.out +++ b/test/results/stats/default/c1222.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/cachefly.pcapng.out b/test/results/stats/default/cachefly.pcapng.out index 4600c55b1..848633248 100644 --- a/test/results/stats/default/cachefly.pcapng.out +++ b/test/results/stats/default/cachefly.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18503 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18380 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/can.pcap.out b/test/results/stats/default/can.pcap.out index ca9938900..1c3f38ed2 100644 --- a/test/results/stats/default/can.pcap.out +++ b/test/results/stats/default/can.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/capwap.pcap.out b/test/results/stats/default/capwap.pcap.out index 7bd852686..25e93bdef 100644 --- a/test/results/stats/default/capwap.pcap.out +++ b/test/results/stats/default/capwap.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/capwap_data.pcapng.out b/test/results/stats/default/capwap_data.pcapng.out index 08233b9ee..b4128cb1d 100644 --- a/test/results/stats/default/capwap_data.pcapng.out +++ b/test/results/stats/default/capwap_data.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/cassandra.pcap.out b/test/results/stats/default/cassandra.pcap.out index cb036c288..01dd4c6ee 100644 --- a/test/results/stats/default/cassandra.pcap.out +++ b/test/results/stats/default/cassandra.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ceph.pcap.out b/test/results/stats/default/ceph.pcap.out index 57a6ffeeb..c31746563 100644 --- a/test/results/stats/default/ceph.pcap.out +++ b/test/results/stats/default/ceph.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/check_mk_new.pcap.out b/test/results/stats/default/check_mk_new.pcap.out index ef0e1b388..75222b7b5 100644 --- a/test/results/stats/default/check_mk_new.pcap.out +++ b/test/results/stats/default/check_mk_new.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/chrome.pcap.out b/test/results/stats/default/chrome.pcap.out index d570ef911..dd627d8c9 100644 --- a/test/results/stats/default/chrome.pcap.out +++ b/test/results/stats/default/chrome.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49670 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49178 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/cip_io.pcap.out b/test/results/stats/default/cip_io.pcap.out index 2c7a2574c..95ea7866d 100644 --- a/test/results/stats/default/cip_io.pcap.out +++ b/test/results/stats/default/cip_io.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/citrix.pcap.out b/test/results/stats/default/citrix.pcap.out index 3bbe4e72b..8c90a5515 100644 --- a/test/results/stats/default/citrix.pcap.out +++ b/test/results/stats/default/citrix.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/cloudflare-warp.pcap.out b/test/results/stats/default/cloudflare-warp.pcap.out index 7db985d5b..8f0d87eb4 100644 --- a/test/results/stats/default/cloudflare-warp.pcap.out +++ b/test/results/stats/default/cloudflare-warp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:72 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57563 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57276 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/cnp_ip.pcapng.out b/test/results/stats/default/cnp_ip.pcapng.out index ba16af232..e04a790f5 100644 --- a/test/results/stats/default/cnp_ip.pcapng.out +++ b/test/results/stats/default/cnp_ip.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/coap_mqtt.pcap.out b/test/results/stats/default/coap_mqtt.pcap.out index 5dbd7981f..caaa05e17 100644 --- a/test/results/stats/default/coap_mqtt.pcap.out +++ b/test/results/stats/default/coap_mqtt.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/codm.pcap.out b/test/results/stats/default/codm.pcap.out index 459d30d35..7d314df13 100644 --- a/test/results/stats/default/codm.pcap.out +++ b/test/results/stats/default/codm.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21226 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21144 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/collectd.pcap.out b/test/results/stats/default/collectd.pcap.out index 732bd3dd3..fcff5613a 100644 --- a/test/results/stats/default/collectd.pcap.out +++ b/test/results/stats/default/collectd.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/conncheck.pcap.out b/test/results/stats/default/conncheck.pcap.out index edb141953..6f5bcbd21 100644 --- a/test/results/stats/default/conncheck.pcap.out +++ b/test/results/stats/default/conncheck.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/corba.pcap.out b/test/results/stats/default/corba.pcap.out index 931333e05..1c1be1405 100644 --- a/test/results/stats/default/corba.pcap.out +++ b/test/results/stats/default/corba.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/cpha.pcap.out b/test/results/stats/default/cpha.pcap.out index e6122a3bc..a6522b37b 100644 --- a/test/results/stats/default/cpha.pcap.out +++ b/test/results/stats/default/cpha.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/crawler_false_positive.pcapng.out b/test/results/stats/default/crawler_false_positive.pcapng.out index 0ee3084df..1e4ad7225 100644 --- a/test/results/stats/default/crawler_false_positive.pcapng.out +++ b/test/results/stats/default/crawler_false_positive.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/crynet.pcap.out b/test/results/stats/default/crynet.pcap.out index c9643bb01..10f9c4ca1 100644 --- a/test/results/stats/default/crynet.pcap.out +++ b/test/results/stats/default/crynet.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/custom_categories.pcapng.out b/test/results/stats/default/custom_categories.pcapng.out index 968af4236..65495446c 100644 --- a/test/results/stats/default/custom_categories.pcapng.out +++ b/test/results/stats/default/custom_categories.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/custom_risk_mask.pcapng.out b/test/results/stats/default/custom_risk_mask.pcapng.out index 9c31f3c8c..019a04e9d 100644 --- a/test/results/stats/default/custom_risk_mask.pcapng.out +++ b/test/results/stats/default/custom_risk_mask.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/custom_rules_ipv6.pcapng.out b/test/results/stats/default/custom_rules_ipv6.pcapng.out index 4c1517983..72030ec3e 100644 --- a/test/results/stats/default/custom_rules_ipv6.pcapng.out +++ b/test/results/stats/default/custom_rules_ipv6.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out index 432c55870..4225ec1b7 100644 --- a/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dazn.pcapng.out b/test/results/stats/default/dazn.pcapng.out index 1c65475d3..6ceb00594 100644 --- a/test/results/stats/default/dazn.pcapng.out +++ b/test/results/stats/default/dazn.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30061 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29815 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dcerpc.pcap.out b/test/results/stats/default/dcerpc.pcap.out index 2c974b964..8b6cb3c50 100644 --- a/test/results/stats/default/dcerpc.pcap.out +++ b/test/results/stats/default/dcerpc.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dhcp-fuzz.pcapng.out b/test/results/stats/default/dhcp-fuzz.pcapng.out index 830470dd7..2f534f89a 100644 --- a/test/results/stats/default/dhcp-fuzz.pcapng.out +++ b/test/results/stats/default/dhcp-fuzz.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/diameter.pcap.out b/test/results/stats/default/diameter.pcap.out index d303fd1d9..ff2a3fc86 100644 --- a/test/results/stats/default/diameter.pcap.out +++ b/test/results/stats/default/diameter.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dicom.pcap.out b/test/results/stats/default/dicom.pcap.out new file mode 100644 index 000000000..fcd2c3be1 --- /dev/null +++ b/test/results/stats/default/dicom.pcap.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:22 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:41153 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:34384 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/dingtalk.pcap.out b/test/results/stats/default/dingtalk.pcap.out index 570e3aff5..877fd3bd5 100644 --- a/test/results/stats/default/dingtalk.pcap.out +++ b/test/results/stats/default/dingtalk.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15027 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14945 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/discord.pcap.out b/test/results/stats/default/discord.pcap.out index fb4a4bc0b..e2c76db24 100644 --- a/test/results/stats/default/discord.pcap.out +++ b/test/results/stats/default/discord.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:316 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:263324 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:263201 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:34 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/discord_mid_flow.pcap.out b/test/results/stats/default/discord_mid_flow.pcap.out index c260d70b0..ac885cab7 100644 --- a/test/results/stats/default/discord_mid_flow.pcap.out +++ b/test/results/stats/default/discord_mid_flow.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dlep.pcapng.out b/test/results/stats/default/dlep.pcapng.out index cd6ed0ea5..481e07461 100644 --- a/test/results/stats/default/dlep.pcapng.out +++ b/test/results/stats/default/dlep.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dlms.pcap.out b/test/results/stats/default/dlms.pcap.out index 803e5d318..9cc845867 100644 --- a/test/results/stats/default/dlms.pcap.out +++ b/test/results/stats/default/dlms.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dlt_ppp.pcap.out b/test/results/stats/default/dlt_ppp.pcap.out index 5730a1656..e62e837d4 100644 --- a/test/results/stats/default/dlt_ppp.pcap.out +++ b/test/results/stats/default/dlt_ppp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dnp3.pcap.out b/test/results/stats/default/dnp3.pcap.out index 1706eecd2..4b329f162 100644 --- a/test/results/stats/default/dnp3.pcap.out +++ b/test/results/stats/default/dnp3.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns-exf.pcap.out b/test/results/stats/default/dns-exf.pcap.out index 11b59a9bb..e461d9dcd 100644 --- a/test/results/stats/default/dns-exf.pcap.out +++ b/test/results/stats/default/dns-exf.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns-google-nsid.pcapng.out b/test/results/stats/default/dns-google-nsid.pcapng.out index a6dad88aa..87252c614 100644 --- a/test/results/stats/default/dns-google-nsid.pcapng.out +++ b/test/results/stats/default/dns-google-nsid.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns-invalid-chars.pcap.out b/test/results/stats/default/dns-invalid-chars.pcap.out index 651b281bf..bf9495f70 100644 --- a/test/results/stats/default/dns-invalid-chars.pcap.out +++ b/test/results/stats/default/dns-invalid-chars.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns-tunnel-iodine.pcap.out b/test/results/stats/default/dns-tunnel-iodine.pcap.out index 94ba63e0f..91b8b7261 100644 --- a/test/results/stats/default/dns-tunnel-iodine.pcap.out +++ b/test/results/stats/default/dns-tunnel-iodine.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns.pcap.out b/test/results/stats/default/dns.pcap.out index 9cd2de6a0..e32a4bb0b 100644 --- a/test/results/stats/default/dns.pcap.out +++ b/test/results/stats/default/dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns2tcp_tunnel.pcap.out b/test/results/stats/default/dns2tcp_tunnel.pcap.out index 3169f340c..3ec6391a9 100644 --- a/test/results/stats/default/dns2tcp_tunnel.pcap.out +++ b/test/results/stats/default/dns2tcp_tunnel.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12844 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12762 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_ambiguous_names.pcap.out b/test/results/stats/default/dns_ambiguous_names.pcap.out index c7ba1a1a2..6da0ef393 100644 --- a/test/results/stats/default/dns_ambiguous_names.pcap.out +++ b/test/results/stats/default/dns_ambiguous_names.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_doh.pcap.out b/test/results/stats/default/dns_doh.pcap.out index 0fc628563..ef0d57e66 100644 --- a/test/results/stats/default/dns_doh.pcap.out +++ b/test/results/stats/default/dns_doh.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12407 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12325 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_dot.pcap.out b/test/results/stats/default/dns_dot.pcap.out index 06a3b5590..413a18877 100644 --- a/test/results/stats/default/dns_dot.pcap.out +++ b/test/results/stats/default/dns_dot.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10986 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10904 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_exfiltration.pcap.out b/test/results/stats/default/dns_exfiltration.pcap.out index 0408f963c..6c7a39dbf 100644 --- a/test/results/stats/default/dns_exfiltration.pcap.out +++ b/test/results/stats/default/dns_exfiltration.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_fragmented.pcap.out b/test/results/stats/default/dns_fragmented.pcap.out index ad41f36c2..94cc6dcf5 100644 --- a/test/results/stats/default/dns_fragmented.pcap.out +++ b/test/results/stats/default/dns_fragmented.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_invert_query.pcapng.out b/test/results/stats/default/dns_invert_query.pcapng.out index 306da402c..f258d7bca 100644 --- a/test/results/stats/default/dns_invert_query.pcapng.out +++ b/test/results/stats/default/dns_invert_query.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dns_long_domainname.pcap.out b/test/results/stats/default/dns_long_domainname.pcap.out index dfe50fab0..69248266f 100644 --- a/test/results/stats/default/dns_long_domainname.pcap.out +++ b/test/results/stats/default/dns_long_domainname.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out index 088bbe668..36eaf6f10 100644 --- a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1539 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1581680 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1581890 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:245 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:245 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt-v2-doh.pcap.out b/test/results/stats/default/dnscrypt-v2-doh.pcap.out index 7d8d8a41e..fd886fcf5 100644 --- a/test/results/stats/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/stats/default/dnscrypt-v2-doh.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:309 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:419683 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:416813 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:34 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt-v2.pcap.out b/test/results/stats/default/dnscrypt-v2.pcap.out index bc577fce2..f9945d5c2 100644 --- a/test/results/stats/default/dnscrypt-v2.pcap.out +++ b/test/results/stats/default/dnscrypt-v2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out index 614de68c1..9efe03c26 100644 --- a/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/doh.pcapng.out b/test/results/stats/default/doh.pcapng.out index 0410611f8..7f1f9f641 100644 --- a/test/results/stats/default/doh.pcapng.out +++ b/test/results/stats/default/doh.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12737 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12655 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/doq.pcapng.out b/test/results/stats/default/doq.pcapng.out index 97328b3bb..f306dbbfa 100644 --- a/test/results/stats/default/doq.pcapng.out +++ b/test/results/stats/default/doq.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18903 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18862 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/doq_adguard.pcapng.out b/test/results/stats/default/doq_adguard.pcapng.out index 3db9e0a4d..fca9c73a5 100644 --- a/test/results/stats/default/doq_adguard.pcapng.out +++ b/test/results/stats/default/doq_adguard.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17296 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17255 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dos_win98_smb_netbeui.pcap.out b/test/results/stats/default/dos_win98_smb_netbeui.pcap.out index 445bb8a2e..3c150a872 100644 --- a/test/results/stats/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/stats/default/dos_win98_smb_netbeui.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:110 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60827 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60351 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:5953 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:35 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/dotenv.pcap.out b/test/results/stats/default/dotenv.pcap.out index b8ead700f..d7ffae335 100644 --- a/test/results/stats/default/dotenv.pcap.out +++ b/test/results/stats/default/dotenv.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/drda_db2.pcap.out b/test/results/stats/default/drda_db2.pcap.out index dc862ac73..2a0b17d29 100644 --- a/test/results/stats/default/drda_db2.pcap.out +++ b/test/results/stats/default/drda_db2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dropbox.pcap.out b/test/results/stats/default/dropbox.pcap.out index 2d3a6fe97..2fcabc2d5 100644 --- a/test/results/stats/default/dropbox.pcap.out +++ b/test/results/stats/default/dropbox.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls.pcap.out b/test/results/stats/default/dtls.pcap.out index 9233adc0f..536c125ac 100644 --- a/test/results/stats/default/dtls.pcap.out +++ b/test/results/stats/default/dtls.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23444 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23280 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls2.pcap.out b/test/results/stats/default/dtls2.pcap.out index 66171d71a..4b0ff721b 100644 --- a/test/results/stats/default/dtls2.pcap.out +++ b/test/results/stats/default/dtls2.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18522 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18440 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls_certificate.pcapng.out b/test/results/stats/default/dtls_certificate.pcapng.out index c22334ca2..2f7458c74 100644 --- a/test/results/stats/default/dtls_certificate.pcapng.out +++ b/test/results/stats/default/dtls_certificate.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8334 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8292 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls_certificate_fragments.pcap.out b/test/results/stats/default/dtls_certificate_fragments.pcap.out index 9ec504d24..015d6ffb9 100644 --- a/test/results/stats/default/dtls_certificate_fragments.pcap.out +++ b/test/results/stats/default/dtls_certificate_fragments.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31618 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31331 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls_mid_sessions.pcapng.out b/test/results/stats/default/dtls_mid_sessions.pcapng.out index c7f7f7ebc..02d1296fc 100644 --- a/test/results/stats/default/dtls_mid_sessions.pcapng.out +++ b/test/results/stats/default/dtls_mid_sessions.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls_old_version.pcapng.out b/test/results/stats/default/dtls_old_version.pcapng.out index f8acf3731..e0fd030a3 100644 --- a/test/results/stats/default/dtls_old_version.pcapng.out +++ b/test/results/stats/default/dtls_old_version.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out index f81b0a7d8..9c01055a8 100644 --- a/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10071 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9989 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/edonkey.pcap.out b/test/results/stats/default/edonkey.pcap.out index 4470e10d2..2bdfe7197 100644 --- a/test/results/stats/default/edonkey.pcap.out +++ b/test/results/stats/default/edonkey.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/egd.pcapng.out b/test/results/stats/default/egd.pcapng.out index 05a95dc4e..aaf6298dd 100644 --- a/test/results/stats/default/egd.pcapng.out +++ b/test/results/stats/default/egd.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/elasticsearch.pcap.out b/test/results/stats/default/elasticsearch.pcap.out index 932b1b671..0e94fba46 100644 --- a/test/results/stats/default/elasticsearch.pcap.out +++ b/test/results/stats/default/elasticsearch.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/elf.pcap.out b/test/results/stats/default/elf.pcap.out index a3fab683c..90248b092 100644 --- a/test/results/stats/default/elf.pcap.out +++ b/test/results/stats/default/elf.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/emotet.pcap.out b/test/results/stats/default/emotet.pcap.out index 8ae466ecb..c65d09c40 100644 --- a/test/results/stats/default/emotet.pcap.out +++ b/test/results/stats/default/emotet.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:60 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:54907 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:54785 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/encrypted_sni.pcap.out b/test/results/stats/default/encrypted_sni.pcap.out index 3fd53eb1a..731e32635 100644 --- a/test/results/stats/default/encrypted_sni.pcap.out +++ b/test/results/stats/default/encrypted_sni.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15900 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17853 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:2148 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -95,7 +96,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 @@ -133,10 +134,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 @@ -164,7 +165,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 diff --git a/test/results/stats/default/epicgames.pcapng.out b/test/results/stats/default/epicgames.pcapng.out index 723148f54..61cabac4e 100644 --- a/test/results/stats/default/epicgames.pcapng.out +++ b/test/results/stats/default/epicgames.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/esp.pcapng.out b/test/results/stats/default/esp.pcapng.out index 861488400..2f918d76f 100644 --- a/test/results/stats/default/esp.pcapng.out +++ b/test/results/stats/default/esp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ethereum.pcap.out b/test/results/stats/default/ethereum.pcap.out index f04159296..cb5dc39a3 100644 --- a/test/results/stats/default/ethereum.pcap.out +++ b/test/results/stats/default/ethereum.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:573 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:509691 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:509852 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:74 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:71 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ethernetIP.pcap.out b/test/results/stats/default/ethernetIP.pcap.out index 6d835c3aa..e5cd8d743 100644 --- a/test/results/stats/default/ethernetIP.pcap.out +++ b/test/results/stats/default/ethernetIP.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ethersbus.pcap.out b/test/results/stats/default/ethersbus.pcap.out index 8d1df746a..2b261bbdc 100644 --- a/test/results/stats/default/ethersbus.pcap.out +++ b/test/results/stats/default/ethersbus.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ethersio.pcap.out b/test/results/stats/default/ethersio.pcap.out index f465c200d..7523f6385 100644 --- a/test/results/stats/default/ethersio.pcap.out +++ b/test/results/stats/default/ethersio.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/exe_download.pcap.out b/test/results/stats/default/exe_download.pcap.out index 2701803f6..5c334a683 100644 --- a/test/results/stats/default/exe_download.pcap.out +++ b/test/results/stats/default/exe_download.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/exe_download_as_png.pcap.out b/test/results/stats/default/exe_download_as_png.pcap.out index b2129be0d..dc513acad 100644 --- a/test/results/stats/default/exe_download_as_png.pcap.out +++ b/test/results/stats/default/exe_download_as_png.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/facebook.pcap.out b/test/results/stats/default/facebook.pcap.out index 7a5a5a675..b46051ed9 100644 --- a/test/results/stats/default/facebook.pcap.out +++ b/test/results/stats/default/facebook.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21546 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21341 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/false_positives.pcapng.out b/test/results/stats/default/false_positives.pcapng.out index b2f3a4d6d..8db6c86a2 100644 --- a/test/results/stats/default/false_positives.pcapng.out +++ b/test/results/stats/default/false_positives.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:94 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48261 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48286 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fastcgi.pcap.out b/test/results/stats/default/fastcgi.pcap.out index 5e202c6b9..da1cc27c7 100644 --- a/test/results/stats/default/fastcgi.pcap.out +++ b/test/results/stats/default/fastcgi.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fins.pcap.out b/test/results/stats/default/fins.pcap.out index 311bf2f5e..7155008da 100644 --- a/test/results/stats/default/fins.pcap.out +++ b/test/results/stats/default/fins.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/firefox.pcap.out b/test/results/stats/default/firefox.pcap.out index 9756471e9..a39f893eb 100644 --- a/test/results/stats/default/firefox.pcap.out +++ b/test/results/stats/default/firefox.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50104 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49612 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fix.pcap.out b/test/results/stats/default/fix.pcap.out index f4eb90655..79bec15ca 100644 --- a/test/results/stats/default/fix.pcap.out +++ b/test/results/stats/default/fix.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fix2.pcap.out b/test/results/stats/default/fix2.pcap.out index 9d4ac2bda..145cbf176 100644 --- a/test/results/stats/default/fix2.pcap.out +++ b/test/results/stats/default/fix2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/flute.pcapng.out b/test/results/stats/default/flute.pcapng.out index 33e1f3b68..031b26031 100644 --- a/test/results/stats/default/flute.pcapng.out +++ b/test/results/stats/default/flute.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/forticlient.pcap.out b/test/results/stats/default/forticlient.pcap.out index 3dac9b9c7..512ae47a1 100644 --- a/test/results/stats/default/forticlient.pcap.out +++ b/test/results/stats/default/forticlient.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:54 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:54561 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:53946 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ftp-start-tls.pcap.out b/test/results/stats/default/ftp-start-tls.pcap.out index dc36708be..c02ecda77 100644 --- a/test/results/stats/default/ftp-start-tls.pcap.out +++ b/test/results/stats/default/ftp-start-tls.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ftp.pcap.out b/test/results/stats/default/ftp.pcap.out index f9c52a263..7de7954b9 100644 --- a/test/results/stats/default/ftp.pcap.out +++ b/test/results/stats/default/ftp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ftp_failed.pcap.out b/test/results/stats/default/ftp_failed.pcap.out index 355d557a6..aac6fffcc 100644 --- a/test/results/stats/default/ftp_failed.pcap.out +++ b/test/results/stats/default/ftp_failed.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out index 80ec2596a..0a0eb0e30 100644 --- a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:2134 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1916935 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1917039 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:257 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:255 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:44774 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:16036 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:86 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:84 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:79 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:427 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:120 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:118 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:51 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out index 156b1267d..1cc0c1001 100644 --- a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:219 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:193065 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:193172 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out b/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out index afb3aceb2..c5afc3630 100644 --- a/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index d65c421b0..fd4f97935 100644 --- a/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2021-10-13.pcap.out b/test/results/stats/default/fuzz-2021-10-13.pcap.out index 2bd268a65..58be25925 100644 --- a/test/results/stats/default/fuzz-2021-10-13.pcap.out +++ b/test/results/stats/default/fuzz-2021-10-13.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gaijin_mobile_mixed.pcap.out b/test/results/stats/default/gaijin_mobile_mixed.pcap.out index 60cc892c0..61dd7c0f3 100644 --- a/test/results/stats/default/gaijin_mobile_mixed.pcap.out +++ b/test/results/stats/default/gaijin_mobile_mixed.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25730 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25566 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gaijin_warthunder.pcap.out b/test/results/stats/default/gaijin_warthunder.pcap.out index 931a5ebf6..6dfdb9cd2 100644 --- a/test/results/stats/default/gaijin_warthunder.pcap.out +++ b/test/results/stats/default/gaijin_warthunder.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gearman.pcap.out b/test/results/stats/default/gearman.pcap.out index 7c73056c3..e76c78088 100644 --- a/test/results/stats/default/gearman.pcap.out +++ b/test/results/stats/default/gearman.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/geforcenow.pcapng.out b/test/results/stats/default/geforcenow.pcapng.out index 9277155a1..fc37ef2f7 100644 --- a/test/results/stats/default/geforcenow.pcapng.out +++ b/test/results/stats/default/geforcenow.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32579 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32474 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/genshin-impact.pcap.out b/test/results/stats/default/genshin-impact.pcap.out index b21fb9262..795255fd9 100644 --- a/test/results/stats/default/genshin-impact.pcap.out +++ b/test/results/stats/default/genshin-impact.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/git.pcap.out b/test/results/stats/default/git.pcap.out index f65765758..c421b58f4 100644 --- a/test/results/stats/default/git.pcap.out +++ b/test/results/stats/default/git.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gnutella.pcap.out b/test/results/stats/default/gnutella.pcap.out index 011223158..7437b3f82 100644 --- a/test/results/stats/default/gnutella.pcap.out +++ b/test/results/stats/default/gnutella.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:6866 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5760854 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5759483 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:801 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:66 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:735 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:399 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:149308 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:234286 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:363 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:361 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:1928 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,8 +95,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:369 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:364 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:360 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:358 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 @@ -166,6 +167,6 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/google_chat.pcapng.out b/test/results/stats/default/google_chat.pcapng.out index f4b07f635..0b34094f8 100644 --- a/test/results/stats/default/google_chat.pcapng.out +++ b/test/results/stats/default/google_chat.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10429 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10347 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/google_meet.pcapng.out b/test/results/stats/default/google_meet.pcapng.out index 46e2cbf75..40300dc3a 100644 --- a/test/results/stats/default/google_meet.pcapng.out +++ b/test/results/stats/default/google_meet.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22885 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22762 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/google_ssl.pcap.out b/test/results/stats/default/google_ssl.pcap.out index 64ec58755..ead8aa8f7 100644 --- a/test/results/stats/default/google_ssl.pcap.out +++ b/test/results/stats/default/google_ssl.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/googledns_android10.pcap.out b/test/results/stats/default/googledns_android10.pcap.out index e1eeb1b96..7bcebf11a 100644 --- a/test/results/stats/default/googledns_android10.pcap.out +++ b/test/results/stats/default/googledns_android10.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:77 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:72230 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:71656 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gquic.pcap.out b/test/results/stats/default/gquic.pcap.out index 02e8e5d03..4a804827f 100644 --- a/test/results/stats/default/gquic.pcap.out +++ b/test/results/stats/default/gquic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7567 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7497 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gquic_only_from_server.pcap.out b/test/results/stats/default/gquic_only_from_server.pcap.out index a0b83c192..0c45d45da 100644 --- a/test/results/stats/default/gquic_only_from_server.pcap.out +++ b/test/results/stats/default/gquic_only_from_server.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gre.pcapng.out b/test/results/stats/default/gre.pcapng.out index e27339f95..32119923c 100644 --- a/test/results/stats/default/gre.pcapng.out +++ b/test/results/stats/default/gre.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gtp_c.pcap.out b/test/results/stats/default/gtp_c.pcap.out index fd1590c3f..73273a0fc 100644 --- a/test/results/stats/default/gtp_c.pcap.out +++ b/test/results/stats/default/gtp_c.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gtp_false_positive.pcapng.out b/test/results/stats/default/gtp_false_positive.pcapng.out index 67be5e71a..52cfca532 100644 --- a/test/results/stats/default/gtp_false_positive.pcapng.out +++ b/test/results/stats/default/gtp_false_positive.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/gtp_prime.pcapng.out b/test/results/stats/default/gtp_prime.pcapng.out index c22b1532c..52574b8f2 100644 --- a/test/results/stats/default/gtp_prime.pcapng.out +++ b/test/results/stats/default/gtp_prime.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/h323-overflow.pcap.out b/test/results/stats/default/h323-overflow.pcap.out index 730f0ac0b..1a0ecb314 100644 --- a/test/results/stats/default/h323-overflow.pcap.out +++ b/test/results/stats/default/h323-overflow.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/h323.pcap.out b/test/results/stats/default/h323.pcap.out index a3e16cf2b..f39c88e2b 100644 --- a/test/results/stats/default/h323.pcap.out +++ b/test/results/stats/default/h323.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/haproxy.pcap.out b/test/results/stats/default/haproxy.pcap.out index f5eb16827..606b79e39 100644 --- a/test/results/stats/default/haproxy.pcap.out +++ b/test/results/stats/default/haproxy.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hart_ip.pcap.out b/test/results/stats/default/hart_ip.pcap.out index f52886b27..004a5b9d2 100644 --- a/test/results/stats/default/hart_ip.pcap.out +++ b/test/results/stats/default/hart_ip.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out index 5c01c3ad0..9bec5ac2d 100644 --- a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hislip.pcap.out b/test/results/stats/default/hislip.pcap.out index dbc6e4b42..561553270 100644 --- a/test/results/stats/default/hislip.pcap.out +++ b/test/results/stats/default/hislip.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hl7.pcap.out b/test/results/stats/default/hl7.pcap.out index 56c04cea1..a28955c0a 100644 --- a/test/results/stats/default/hl7.pcap.out +++ b/test/results/stats/default/hl7.pcap.out @@ -1,19 +1,19 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8788 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22628 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:477 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:168 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:3823 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:748 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 @@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -60,7 +60,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 @@ -83,41 +83,42 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 diff --git a/test/results/stats/default/hls.pcapng.out b/test/results/stats/default/hls.pcapng.out index 76539c441..257750028 100644 --- a/test/results/stats/default/hls.pcapng.out +++ b/test/results/stats/default/hls.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hots.pcapng.out b/test/results/stats/default/hots.pcapng.out index b9f4b765e..40311a3aa 100644 --- a/test/results/stats/default/hots.pcapng.out +++ b/test/results/stats/default/hots.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hpvirtgrp.pcap.out b/test/results/stats/default/hpvirtgrp.pcap.out index df00cff58..fd67c4bde 100644 --- a/test/results/stats/default/hpvirtgrp.pcap.out +++ b/test/results/stats/default/hpvirtgrp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hsrp0.pcap.out b/test/results/stats/default/hsrp0.pcap.out index 9252a8b46..40cb42434 100644 --- a/test/results/stats/default/hsrp0.pcap.out +++ b/test/results/stats/default/hsrp0.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hsrp2.pcap.out b/test/results/stats/default/hsrp2.pcap.out index c75ee578e..a3cc3bcbc 100644 --- a/test/results/stats/default/hsrp2.pcap.out +++ b/test/results/stats/default/hsrp2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/hsrp2_ipv6.pcapng.out b/test/results/stats/default/hsrp2_ipv6.pcapng.out index ebefd0650..e00612050 100644 --- a/test/results/stats/default/hsrp2_ipv6.pcapng.out +++ b/test/results/stats/default/hsrp2_ipv6.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http-basic-auth.pcap.out b/test/results/stats/default/http-basic-auth.pcap.out index 626336c4e..10f5bb2e4 100644 --- a/test/results/stats/default/http-basic-auth.pcap.out +++ b/test/results/stats/default/http-basic-auth.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http-crash-content-disposition.pcap.out b/test/results/stats/default/http-crash-content-disposition.pcap.out index 8992973a5..c3cd88ad6 100644 --- a/test/results/stats/default/http-crash-content-disposition.pcap.out +++ b/test/results/stats/default/http-crash-content-disposition.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http-lines-split.pcap.out b/test/results/stats/default/http-lines-split.pcap.out index 98a545c77..a7893eb16 100644 --- a/test/results/stats/default/http-lines-split.pcap.out +++ b/test/results/stats/default/http-lines-split.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http-manipulated.pcap.out b/test/results/stats/default/http-manipulated.pcap.out index 9f21217f6..3faef6378 100644 --- a/test/results/stats/default/http-manipulated.pcap.out +++ b/test/results/stats/default/http-manipulated.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http-proxy.pcapng.out b/test/results/stats/default/http-proxy.pcapng.out index 3bf97700c..9ac4b0675 100644 --- a/test/results/stats/default/http-proxy.pcapng.out +++ b/test/results/stats/default/http-proxy.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http-pwd.pcapng.out b/test/results/stats/default/http-pwd.pcapng.out index fd2115969..9dd6d0539 100644 --- a/test/results/stats/default/http-pwd.pcapng.out +++ b/test/results/stats/default/http-pwd.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http.pcapng.out b/test/results/stats/default/http.pcapng.out index 35e21ba10..a44e86723 100644 --- a/test/results/stats/default/http.pcapng.out +++ b/test/results/stats/default/http.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http2.pcapng.out b/test/results/stats/default/http2.pcapng.out index 274858684..ff90ddbbb 100644 --- a/test/results/stats/default/http2.pcapng.out +++ b/test/results/stats/default/http2.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_asymmetric.pcapng.out b/test/results/stats/default/http_asymmetric.pcapng.out index 68c18a12b..c328d4d43 100644 --- a/test/results/stats/default/http_asymmetric.pcapng.out +++ b/test/results/stats/default/http_asymmetric.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_auth.pcap.out b/test/results/stats/default/http_auth.pcap.out index d5d2ebf57..2cc11ecbb 100644 --- a/test/results/stats/default/http_auth.pcap.out +++ b/test/results/stats/default/http_auth.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_connect.pcap.out b/test/results/stats/default/http_connect.pcap.out index 10ad7d952..dbcd91667 100644 --- a/test/results/stats/default/http_connect.pcap.out +++ b/test/results/stats/default/http_connect.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26016 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25934 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out b/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out index 547e9a89f..d9da23cd1 100644 --- a/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6097 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6204 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_invalid_server.pcap.out b/test/results/stats/default/http_invalid_server.pcap.out index 100a3bac1..89e11ad2f 100644 --- a/test/results/stats/default/http_invalid_server.pcap.out +++ b/test/results/stats/default/http_invalid_server.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_ipv6.pcap.out b/test/results/stats/default/http_ipv6.pcap.out index 3f2c753af..09e304204 100644 --- a/test/results/stats/default/http_ipv6.pcap.out +++ b/test/results/stats/default/http_ipv6.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:117 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:107137 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:106503 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:15 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_on_sip_port.pcap.out b/test/results/stats/default/http_on_sip_port.pcap.out index fcede5066..fe5fa499e 100644 --- a/test/results/stats/default/http_on_sip_port.pcap.out +++ b/test/results/stats/default/http_on_sip_port.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_origin_different_than_host.pcap.out b/test/results/stats/default/http_origin_different_than_host.pcap.out index b883b8231..307ebafba 100644 --- a/test/results/stats/default/http_origin_different_than_host.pcap.out +++ b/test/results/stats/default/http_origin_different_than_host.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_starting_with_reply.pcapng.out b/test/results/stats/default/http_starting_with_reply.pcapng.out index 8c893f6a9..9ef45871b 100644 --- a/test/results/stats/default/http_starting_with_reply.pcapng.out +++ b/test/results/stats/default/http_starting_with_reply.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out index 6cf4781d5..7bc6957a8 100644 --- a/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/i3d.pcap.out b/test/results/stats/default/i3d.pcap.out index 6dfee8fc6..0a6e11872 100644 --- a/test/results/stats/default/i3d.pcap.out +++ b/test/results/stats/default/i3d.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/iax.pcap.out b/test/results/stats/default/iax.pcap.out index 0f80722b6..6416ea1ac 100644 --- a/test/results/stats/default/iax.pcap.out +++ b/test/results/stats/default/iax.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/icmp-tunnel.pcap.out b/test/results/stats/default/icmp-tunnel.pcap.out index 52ed328d4..0b7e97aa3 100644 --- a/test/results/stats/default/icmp-tunnel.pcap.out +++ b/test/results/stats/default/icmp-tunnel.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/iec60780-5-104.pcap.out b/test/results/stats/default/iec60780-5-104.pcap.out index 2c0e0a684..ef121e4d2 100644 --- a/test/results/stats/default/iec60780-5-104.pcap.out +++ b/test/results/stats/default/iec60780-5-104.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ieee_c37118.pcap.out b/test/results/stats/default/ieee_c37118.pcap.out index aaf13c2e9..7cda14524 100644 --- a/test/results/stats/default/ieee_c37118.pcap.out +++ b/test/results/stats/default/ieee_c37118.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/imap-starttls.pcap.out b/test/results/stats/default/imap-starttls.pcap.out index 68e947244..042b5aff6 100644 --- a/test/results/stats/default/imap-starttls.pcap.out +++ b/test/results/stats/default/imap-starttls.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/imap.pcap.out b/test/results/stats/default/imap.pcap.out index fcc93b4ba..93aae06aa 100644 --- a/test/results/stats/default/imap.pcap.out +++ b/test/results/stats/default/imap.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/imaps.pcap.out b/test/results/stats/default/imaps.pcap.out index 44bd2771e..d1fa4487b 100644 --- a/test/results/stats/default/imaps.pcap.out +++ b/test/results/stats/default/imaps.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18897 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18925 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/imo.pcap.out b/test/results/stats/default/imo.pcap.out index f240c7a1f..2c05e708a 100644 --- a/test/results/stats/default/imo.pcap.out +++ b/test/results/stats/default/imo.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/instagram.pcap.out b/test/results/stats/default/instagram.pcap.out index fc582bd34..6dba3b454 100644 --- a/test/results/stats/default/instagram.pcap.out +++ b/test/results/stats/default/instagram.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:299 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:323468 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:322402 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:32 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ip_fragmented_garbage.pcap.out b/test/results/stats/default/ip_fragmented_garbage.pcap.out index 45708d3b6..3f00054dc 100644 --- a/test/results/stats/default/ip_fragmented_garbage.pcap.out +++ b/test/results/stats/default/ip_fragmented_garbage.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/iphone.pcap.out b/test/results/stats/default/iphone.pcap.out index bae571db6..b1fc1ec42 100644 --- a/test/results/stats/default/iphone.pcap.out +++ b/test/results/stats/default/iphone.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:356 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:328663 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:327228 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:51 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ipp.pcap.out b/test/results/stats/default/ipp.pcap.out index 46ca0b786..e66b059a1 100644 --- a/test/results/stats/default/ipp.pcap.out +++ b/test/results/stats/default/ipp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ipsec_isakmp_esp.pcap.out b/test/results/stats/default/ipsec_isakmp_esp.pcap.out index 33fe57fb9..6305b43a6 100644 --- a/test/results/stats/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/stats/default/ipsec_isakmp_esp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ipv6_in_gtp.pcap.out b/test/results/stats/default/ipv6_in_gtp.pcap.out index b1c18d4f3..a7c3c4854 100644 --- a/test/results/stats/default/ipv6_in_gtp.pcap.out +++ b/test/results/stats/default/ipv6_in_gtp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/iqiyi.pcap.out b/test/results/stats/default/iqiyi.pcap.out index 4cdcb50d8..ebed6e654 100644 --- a/test/results/stats/default/iqiyi.pcap.out +++ b/test/results/stats/default/iqiyi.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/irc.pcap.out b/test/results/stats/default/irc.pcap.out index 77add78e1..0bfc30200 100644 --- a/test/results/stats/default/irc.pcap.out +++ b/test/results/stats/default/irc.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/iso9506-1-mms.pcap.out b/test/results/stats/default/iso9506-1-mms.pcap.out index 1334981e6..c39f8c6a7 100644 --- a/test/results/stats/default/iso9506-1-mms.pcap.out +++ b/test/results/stats/default/iso9506-1-mms.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out index c0caf03f4..80f247055 100644 --- a/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index 681d54e30..6f6723305 100644 --- a/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/jabber.pcap.out b/test/results/stats/default/jabber.pcap.out index d3ff037f7..400284ba1 100644 --- a/test/results/stats/default/jabber.pcap.out +++ b/test/results/stats/default/jabber.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/jrmi.pcap.out b/test/results/stats/default/jrmi.pcap.out index a306d664b..3572e19f6 100644 --- a/test/results/stats/default/jrmi.pcap.out +++ b/test/results/stats/default/jrmi.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/jsonrpc.pcap.out b/test/results/stats/default/jsonrpc.pcap.out index f7ceaee16..613041b2a 100644 --- a/test/results/stats/default/jsonrpc.pcap.out +++ b/test/results/stats/default/jsonrpc.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kafka.pcapng.out b/test/results/stats/default/kafka.pcapng.out index 60e4cb0a3..3fa9b6a04 100644 --- a/test/results/stats/default/kafka.pcapng.out +++ b/test/results/stats/default/kafka.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kcp.pcap.out b/test/results/stats/default/kcp.pcap.out index 236953315..72d7a744b 100644 --- a/test/results/stats/default/kcp.pcap.out +++ b/test/results/stats/default/kcp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kerberos-error.pcap.out b/test/results/stats/default/kerberos-error.pcap.out index 36f005f37..c55b1a8e2 100644 --- a/test/results/stats/default/kerberos-error.pcap.out +++ b/test/results/stats/default/kerberos-error.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kerberos-login.pcap.out b/test/results/stats/default/kerberos-login.pcap.out index 411dd99f0..2c1219526 100644 --- a/test/results/stats/default/kerberos-login.pcap.out +++ b/test/results/stats/default/kerberos-login.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kerberos.pcap.out b/test/results/stats/default/kerberos.pcap.out index cde47d570..def309830 100644 --- a/test/results/stats/default/kerberos.pcap.out +++ b/test/results/stats/default/kerberos.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kerberos_fuzz.pcapng.out b/test/results/stats/default/kerberos_fuzz.pcapng.out index 036fd99a0..6890020b3 100644 --- a/test/results/stats/default/kerberos_fuzz.pcapng.out +++ b/test/results/stats/default/kerberos_fuzz.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/kismet.pcap.out b/test/results/stats/default/kismet.pcap.out index 9c3abdeb3..347aaad6c 100644 --- a/test/results/stats/default/kismet.pcap.out +++ b/test/results/stats/default/kismet.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/knxip.pcapng.out b/test/results/stats/default/knxip.pcapng.out index 488d2d344..45e027f8a 100644 --- a/test/results/stats/default/knxip.pcapng.out +++ b/test/results/stats/default/knxip.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ldp.pcap.out b/test/results/stats/default/ldp.pcap.out index fd500d757..4204c060a 100644 --- a/test/results/stats/default/ldp.pcap.out +++ b/test/results/stats/default/ldp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/line.pcap.out b/test/results/stats/default/line.pcap.out index 2a90b5cb5..ff0750223 100644 --- a/test/results/stats/default/line.pcap.out +++ b/test/results/stats/default/line.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:51 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52991 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52868 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/linecall_falsepositve.pcap.out b/test/results/stats/default/linecall_falsepositve.pcap.out index 69aac209f..3fc30b680 100644 --- a/test/results/stats/default/linecall_falsepositve.pcap.out +++ b/test/results/stats/default/linecall_falsepositve.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/lisp_registration.pcap.out b/test/results/stats/default/lisp_registration.pcap.out index 8a3f62663..a12f8720a 100644 --- a/test/results/stats/default/lisp_registration.pcap.out +++ b/test/results/stats/default/lisp_registration.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/log4j-webapp-exploit.pcap.out b/test/results/stats/default/log4j-webapp-exploit.pcap.out index b28279b50..352e64c57 100644 --- a/test/results/stats/default/log4j-webapp-exploit.pcap.out +++ b/test/results/stats/default/log4j-webapp-exploit.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:67 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52001 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52108 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/lol_wild_rift_udp.pcap.out b/test/results/stats/default/lol_wild_rift_udp.pcap.out index a23c51696..13341bcb0 100644 --- a/test/results/stats/default/lol_wild_rift_udp.pcap.out +++ b/test/results/stats/default/lol_wild_rift_udp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/long_tls_certificate.pcap.out b/test/results/stats/default/long_tls_certificate.pcap.out index 4dcaead27..f06e54ca2 100644 --- a/test/results/stats/default/long_tls_certificate.pcap.out +++ b/test/results/stats/default/long_tls_certificate.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17977 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17854 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/lru_ipv6_caches.pcapng.out b/test/results/stats/default/lru_ipv6_caches.pcapng.out index c152e0239..9044b19eb 100644 --- a/test/results/stats/default/lru_ipv6_caches.pcapng.out +++ b/test/results/stats/default/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:89 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:92046 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:92091 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/lustre.pcapng.out b/test/results/stats/default/lustre.pcapng.out index 122c2e1aa..9c045b26e 100644 --- a/test/results/stats/default/lustre.pcapng.out +++ b/test/results/stats/default/lustre.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/malformed_dns.pcap.out b/test/results/stats/default/malformed_dns.pcap.out index c3a2521a2..16386d462 100644 --- a/test/results/stats/default/malformed_dns.pcap.out +++ b/test/results/stats/default/malformed_dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/malformed_icmp.pcap.out b/test/results/stats/default/malformed_icmp.pcap.out index 6d6028249..ca33bc9d9 100644 --- a/test/results/stats/default/malformed_icmp.pcap.out +++ b/test/results/stats/default/malformed_icmp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/malware.pcap.out b/test/results/stats/default/malware.pcap.out index 635212854..1ee05e97c 100644 --- a/test/results/stats/default/malware.pcap.out +++ b/test/results/stats/default/malware.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:45 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42826 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42580 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/memcached.cap.out b/test/results/stats/default/memcached.cap.out index 4378451dd..bd5a3e460 100644 --- a/test/results/stats/default/memcached.cap.out +++ b/test/results/stats/default/memcached.cap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/merakicloud.pcapng.out b/test/results/stats/default/merakicloud.pcapng.out index b5d022095..1e89cdb77 100644 --- a/test/results/stats/default/merakicloud.pcapng.out +++ b/test/results/stats/default/merakicloud.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mgcp.pcap.out b/test/results/stats/default/mgcp.pcap.out index 36c3832f7..92c02905a 100644 --- a/test/results/stats/default/mgcp.pcap.out +++ b/test/results/stats/default/mgcp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mikrotik_mndp.pcap.out b/test/results/stats/default/mikrotik_mndp.pcap.out new file mode 100644 index 000000000..f65e96854 --- /dev/null +++ b/test/results/stats/default/mikrotik_mndp.pcap.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:16 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14304 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:435 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/mining.pcapng.out b/test/results/stats/default/mining.pcapng.out index 54b003f18..bc91ca490 100644 --- a/test/results/stats/default/mining.pcapng.out +++ b/test/results/stats/default/mining.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/modbus.pcap.out b/test/results/stats/default/modbus.pcap.out index 261927373..66452d471 100644 --- a/test/results/stats/default/modbus.pcap.out +++ b/test/results/stats/default/modbus.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/monero.pcap.out b/test/results/stats/default/monero.pcap.out index c864c2656..8c1aa92b8 100644 --- a/test/results/stats/default/monero.pcap.out +++ b/test/results/stats/default/monero.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mongo_false_positive.pcapng.out b/test/results/stats/default/mongo_false_positive.pcapng.out index eba510ec8..34ae54929 100644 --- a/test/results/stats/default/mongo_false_positive.pcapng.out +++ b/test/results/stats/default/mongo_false_positive.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mongodb.pcap.out b/test/results/stats/default/mongodb.pcap.out index a8e10b6b9..e797d8727 100644 --- a/test/results/stats/default/mongodb.pcap.out +++ b/test/results/stats/default/mongodb.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mpeg-dash.pcap.out b/test/results/stats/default/mpeg-dash.pcap.out index a3f1fa53f..4e38c1641 100644 --- a/test/results/stats/default/mpeg-dash.pcap.out +++ b/test/results/stats/default/mpeg-dash.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mpeg.pcap.out b/test/results/stats/default/mpeg.pcap.out index 8752c49b3..6c000d446 100644 --- a/test/results/stats/default/mpeg.pcap.out +++ b/test/results/stats/default/mpeg.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9297 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9318 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mpegts.pcap.out b/test/results/stats/default/mpegts.pcap.out index 45a15f727..c68d3fa00 100644 --- a/test/results/stats/default/mpegts.pcap.out +++ b/test/results/stats/default/mpegts.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mqtt.pcap.out b/test/results/stats/default/mqtt.pcap.out index 17632b4bc..b4a9c0653 100644 --- a/test/results/stats/default/mqtt.pcap.out +++ b/test/results/stats/default/mqtt.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mssql_tds.pcap.out b/test/results/stats/default/mssql_tds.pcap.out index a81b56055..8e3d8a4a8 100644 --- a/test/results/stats/default/mssql_tds.pcap.out +++ b/test/results/stats/default/mssql_tds.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mullvad_dns.pcap.out b/test/results/stats/default/mullvad_dns.pcap.out index 03be9d80b..f1f09e9a5 100644 --- a/test/results/stats/default/mullvad_dns.pcap.out +++ b/test/results/stats/default/mullvad_dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mullvad_wireguard.pcap.out b/test/results/stats/default/mullvad_wireguard.pcap.out index a444d6ffd..7bdc8026f 100644 --- a/test/results/stats/default/mullvad_wireguard.pcap.out +++ b/test/results/stats/default/mullvad_wireguard.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mumble.pcapng.out b/test/results/stats/default/mumble.pcapng.out index ee4bd8887..f579d4296 100644 --- a/test/results/stats/default/mumble.pcapng.out +++ b/test/results/stats/default/mumble.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:22 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18047 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17965 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/munin.pcap.out b/test/results/stats/default/munin.pcap.out index 8755e38c8..e7dbb6e8d 100644 --- a/test/results/stats/default/munin.pcap.out +++ b/test/results/stats/default/munin.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/mysql.pcapng.out b/test/results/stats/default/mysql.pcapng.out index f79918063..c11877a89 100644 --- a/test/results/stats/default/mysql.pcapng.out +++ b/test/results/stats/default/mysql.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nano.pcapng.out b/test/results/stats/default/nano.pcapng.out index 57052dfa6..aa01debb9 100644 --- a/test/results/stats/default/nano.pcapng.out +++ b/test/results/stats/default/nano.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/natpmp.pcap.out b/test/results/stats/default/natpmp.pcap.out index 3adc0decb..dd5d8df8b 100644 --- a/test/results/stats/default/natpmp.pcap.out +++ b/test/results/stats/default/natpmp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nats.pcap.out b/test/results/stats/default/nats.pcap.out index 8f8b959e8..38b6d7aaa 100644 --- a/test/results/stats/default/nats.pcap.out +++ b/test/results/stats/default/nats.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/naver.pcap.out b/test/results/stats/default/naver.pcap.out index 5d1efa1ff..33b5e72c7 100644 --- a/test/results/stats/default/naver.pcap.out +++ b/test/results/stats/default/naver.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26423 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26177 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out index 09a7f19b3..8a2465c52 100644 --- a/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nest_log_sink.pcap.out b/test/results/stats/default/nest_log_sink.pcap.out index a30ebe7f9..a8aa5c0a8 100644 --- a/test/results/stats/default/nest_log_sink.pcap.out +++ b/test/results/stats/default/nest_log_sink.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/netbios.pcap.out b/test/results/stats/default/netbios.pcap.out index b0670d01a..9dd5e1f84 100644 --- a/test/results/stats/default/netbios.pcap.out +++ b/test/results/stats/default/netbios.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:90 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:76316 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75721 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:16 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:13099 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:700 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:31 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/netbios_wildcard_dns_query.pcap.out b/test/results/stats/default/netbios_wildcard_dns_query.pcap.out index b6942ec07..d3658ab6b 100644 --- a/test/results/stats/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/stats/default/netbios_wildcard_dns_query.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/netease_games.pcapng.out b/test/results/stats/default/netease_games.pcapng.out index 7565b9971..580e35694 100644 --- a/test/results/stats/default/netease_games.pcapng.out +++ b/test/results/stats/default/netease_games.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34664 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34582 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/netflix.pcap.out b/test/results/stats/default/netflix.pcap.out index 31da89f02..812d8dbfb 100644 --- a/test/results/stats/default/netflix.pcap.out +++ b/test/results/stats/default/netflix.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:557 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:565158 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:562862 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:61 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:31 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/netflow-fritz.pcap.out b/test/results/stats/default/netflow-fritz.pcap.out index 7eafc7259..02f06f519 100644 --- a/test/results/stats/default/netflow-fritz.pcap.out +++ b/test/results/stats/default/netflow-fritz.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/netflowv9.pcap.out b/test/results/stats/default/netflowv9.pcap.out index ed15433d9..774a48151 100644 --- a/test/results/stats/default/netflowv9.pcap.out +++ b/test/results/stats/default/netflowv9.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nfsv2.pcap.out b/test/results/stats/default/nfsv2.pcap.out index e232183fb..bf42431be 100644 --- a/test/results/stats/default/nfsv2.pcap.out +++ b/test/results/stats/default/nfsv2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nfsv3.pcap.out b/test/results/stats/default/nfsv3.pcap.out index c5ea215db..a4a996f52 100644 --- a/test/results/stats/default/nfsv3.pcap.out +++ b/test/results/stats/default/nfsv3.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nintendo.pcap.out b/test/results/stats/default/nintendo.pcap.out index 13fb2b2eb..974d8d036 100644 --- a/test/results/stats/default/nintendo.pcap.out +++ b/test/results/stats/default/nintendo.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:164 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:137253 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:137007 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/nntp.pcap.out b/test/results/stats/default/nntp.pcap.out index f1d16c6dd..042591276 100644 --- a/test/results/stats/default/nntp.pcap.out +++ b/test/results/stats/default/nntp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/no_sni.pcap.out b/test/results/stats/default/no_sni.pcap.out index 17dcad738..17622692c 100644 --- a/test/results/stats/default/no_sni.pcap.out +++ b/test/results/stats/default/no_sni.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:79 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:72364 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:76634 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:14690 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:42821 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:40 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -95,7 +96,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 @@ -133,10 +134,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 @@ -164,7 +165,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 diff --git a/test/results/stats/default/nomachine.pcapng.out b/test/results/stats/default/nomachine.pcapng.out index 5de2a51d4..2f865ef0a 100644 --- a/test/results/stats/default/nomachine.pcapng.out +++ b/test/results/stats/default/nomachine.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ocs.pcap.out b/test/results/stats/default/ocs.pcap.out index 992d99631..b6aa1be04 100644 --- a/test/results/stats/default/ocs.pcap.out +++ b/test/results/stats/default/ocs.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:137 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114626 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114421 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:15 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ocsp.pcapng.out b/test/results/stats/default/ocsp.pcapng.out index 155b5e3bb..2b4ece53c 100644 --- a/test/results/stats/default/ocsp.pcapng.out +++ b/test/results/stats/default/ocsp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/oicq.pcap.out b/test/results/stats/default/oicq.pcap.out index a33bdb8a8..937bc603e 100644 --- a/test/results/stats/default/oicq.pcap.out +++ b/test/results/stats/default/oicq.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ookla.pcap.out b/test/results/stats/default/ookla.pcap.out index 3ef9b1413..b2e05e394 100644 --- a/test/results/stats/default/ookla.pcap.out +++ b/test/results/stats/default/ookla.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:55 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43354 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43190 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/opc-ua.pcap.out b/test/results/stats/default/opc-ua.pcap.out index 61fb5ffc3..1cfd5aea1 100644 --- a/test/results/stats/default/opc-ua.pcap.out +++ b/test/results/stats/default/opc-ua.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openflow.pcap.out b/test/results/stats/default/openflow.pcap.out index c0c9e6d9b..ff4951a4f 100644 --- a/test/results/stats/default/openflow.pcap.out +++ b/test/results/stats/default/openflow.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openvpn-tlscrypt.pcap.out b/test/results/stats/default/openvpn-tlscrypt.pcap.out index af56389d6..0b429d571 100644 --- a/test/results/stats/default/openvpn-tlscrypt.pcap.out +++ b/test/results/stats/default/openvpn-tlscrypt.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openvpn.pcap.out b/test/results/stats/default/openvpn.pcap.out index c6cffcd80..876d46762 100644 --- a/test/results/stats/default/openvpn.pcap.out +++ b/test/results/stats/default/openvpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:96 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91911 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91974 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openvpn_nohmac.pcapng.out b/test/results/stats/default/openvpn_nohmac.pcapng.out index bf25673c4..ca2e25052 100644 --- a/test/results/stats/default/openvpn_nohmac.pcapng.out +++ b/test/results/stats/default/openvpn_nohmac.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out b/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out index 8031d6fc4..bec41edac 100644 --- a/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out +++ b/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openvpn_obfuscated.pcapng.out b/test/results/stats/default/openvpn_obfuscated.pcapng.out index 90321ed7a..b9b5b4970 100644 --- a/test/results/stats/default/openvpn_obfuscated.pcapng.out +++ b/test/results/stats/default/openvpn_obfuscated.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/openwire.pcapng.out b/test/results/stats/default/openwire.pcapng.out index e4d7b37bf..3f5dfe6aa 100644 --- a/test/results/stats/default/openwire.pcapng.out +++ b/test/results/stats/default/openwire.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/opera-vpn.pcapng.out b/test/results/stats/default/opera-vpn.pcapng.out index 01d404017..44b1e39d8 100644 --- a/test/results/stats/default/opera-vpn.pcapng.out +++ b/test/results/stats/default/opera-vpn.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:618 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:625039 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:620144 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:62 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:34 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/oracle12.pcapng.out b/test/results/stats/default/oracle12.pcapng.out index 865ad6d2a..a7ee5018a 100644 --- a/test/results/stats/default/oracle12.pcapng.out +++ b/test/results/stats/default/oracle12.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/os_detected.pcapng.out b/test/results/stats/default/os_detected.pcapng.out index 9cbe18078..f2368e945 100644 --- a/test/results/stats/default/os_detected.pcapng.out +++ b/test/results/stats/default/os_detected.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8186 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8021 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ospfv2_add_new_prefix.pcap.out b/test/results/stats/default/ospfv2_add_new_prefix.pcap.out index 7e5e27fe7..a36ecc2f0 100644 --- a/test/results/stats/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/stats/default/ospfv2_add_new_prefix.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out index 44a915c52..037d4eed2 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out index 9b69ed1c2..21c2854a8 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out index 6377c3d0f..fe1fba847 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out index 9aa8e6066..88609205e 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/paltalk.pcapng.out b/test/results/stats/default/paltalk.pcapng.out index 76d9aeaad..3b68c16de 100644 --- a/test/results/stats/default/paltalk.pcapng.out +++ b/test/results/stats/default/paltalk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26314 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26232 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/path_of_exile.pcapng.out b/test/results/stats/default/path_of_exile.pcapng.out index da7f219da..5731892de 100644 --- a/test/results/stats/default/path_of_exile.pcapng.out +++ b/test/results/stats/default/path_of_exile.pcapng.out @@ -1,23 +1,23 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7357 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24937 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:31 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:88 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 @@ -37,7 +37,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N: PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -52,7 +52,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 @@ -83,12 +83,13 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 @@ -101,16 +102,16 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 diff --git a/test/results/stats/default/pfcp.pcapng.out b/test/results/stats/default/pfcp.pcapng.out index b7e793fcf..f14f2da5b 100644 --- a/test/results/stats/default/pfcp.pcapng.out +++ b/test/results/stats/default/pfcp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pgm.pcap.out b/test/results/stats/default/pgm.pcap.out index 13e4f0fa6..333cdf9c6 100644 --- a/test/results/stats/default/pgm.pcap.out +++ b/test/results/stats/default/pgm.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pgsql.pcap.out b/test/results/stats/default/pgsql.pcap.out index 5dae64cb0..ed44cb23d 100644 --- a/test/results/stats/default/pgsql.pcap.out +++ b/test/results/stats/default/pgsql.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pgsql2.pcapng.out b/test/results/stats/default/pgsql2.pcapng.out index e55e0e444..74d42b37e 100644 --- a/test/results/stats/default/pgsql2.pcapng.out +++ b/test/results/stats/default/pgsql2.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pia.pcap.out b/test/results/stats/default/pia.pcap.out index 19e8b710f..e7ae37596 100644 --- a/test/results/stats/default/pia.pcap.out +++ b/test/results/stats/default/pia.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12703 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12580 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pim.pcap.out b/test/results/stats/default/pim.pcap.out index 95657ad4a..2e4a7b316 100644 --- a/test/results/stats/default/pim.pcap.out +++ b/test/results/stats/default/pim.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pinterest.pcap.out b/test/results/stats/default/pinterest.pcap.out index 059e2c1af..0d75fd610 100644 --- a/test/results/stats/default/pinterest.pcap.out +++ b/test/results/stats/default/pinterest.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:297 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:300389 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:298306 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:37 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:32 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pluralsight.pcap.out b/test/results/stats/default/pluralsight.pcap.out index fa41dcc69..482a17dce 100644 --- a/test/results/stats/default/pluralsight.pcap.out +++ b/test/results/stats/default/pluralsight.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74606 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73950 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pop3.pcap.out b/test/results/stats/default/pop3.pcap.out index 6affbfb04..1c7e2df77 100644 --- a/test/results/stats/default/pop3.pcap.out +++ b/test/results/stats/default/pop3.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/pop3_stls.pcap.out b/test/results/stats/default/pop3_stls.pcap.out index 09dd77e0e..d6aab6eea 100644 --- a/test/results/stats/default/pop3_stls.pcap.out +++ b/test/results/stats/default/pop3_stls.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14157 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14569 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/pops.pcapng.out b/test/results/stats/default/pops.pcapng.out index 989b66e18..9abb243b4 100644 --- a/test/results/stats/default/pops.pcapng.out +++ b/test/results/stats/default/pops.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/portable_executable.pcap.out b/test/results/stats/default/portable_executable.pcap.out index 3936dfe74..406e6b129 100644 --- a/test/results/stats/default/portable_executable.pcap.out +++ b/test/results/stats/default/portable_executable.pcap.out @@ -1,14 +1,14 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18645 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18725 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:11308 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:11308 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -111,8 +112,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 diff --git a/test/results/stats/default/pptp.pcap.out b/test/results/stats/default/pptp.pcap.out index 624518eb0..bff876872 100644 --- a/test/results/stats/default/pptp.pcap.out +++ b/test/results/stats/default/pptp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/profinet-io-le.pcap.out b/test/results/stats/default/profinet-io-le.pcap.out index 51062b361..d1fee9c08 100644 --- a/test/results/stats/default/profinet-io-le.pcap.out +++ b/test/results/stats/default/profinet-io-le.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/protobuf.pcap.out b/test/results/stats/default/protobuf.pcap.out index 0809ad861..a2e3b7d17 100644 --- a/test/results/stats/default/protobuf.pcap.out +++ b/test/results/stats/default/protobuf.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/protonvpn.pcap.out b/test/results/stats/default/protonvpn.pcap.out index c2b520253..a427ce9bc 100644 --- a/test/results/stats/default/protonvpn.pcap.out +++ b/test/results/stats/default/protonvpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20460 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20337 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/psiphon3.pcap.out b/test/results/stats/default/psiphon3.pcap.out index 61328b94c..a8db7350e 100644 --- a/test/results/stats/default/psiphon3.pcap.out +++ b/test/results/stats/default/psiphon3.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14172 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14049 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ptpv2.pcap.out b/test/results/stats/default/ptpv2.pcap.out index 1552491ad..a55680ef9 100644 --- a/test/results/stats/default/ptpv2.pcap.out +++ b/test/results/stats/default/ptpv2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/punycode-idn.pcap.out b/test/results/stats/default/punycode-idn.pcap.out index eed622c64..4eebc966f 100644 --- a/test/results/stats/default/punycode-idn.pcap.out +++ b/test/results/stats/default/punycode-idn.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-23.pcap.out b/test/results/stats/default/quic-23.pcap.out index faacd6a19..947f8d785 100644 --- a/test/results/stats/default/quic-23.pcap.out +++ b/test/results/stats/default/quic-23.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13698 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13657 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-24.pcap.out b/test/results/stats/default/quic-24.pcap.out index dd510339f..e61ff8789 100644 --- a/test/results/stats/default/quic-24.pcap.out +++ b/test/results/stats/default/quic-24.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13394 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13353 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-27.pcap.out b/test/results/stats/default/quic-27.pcap.out index fc6b6eb9e..447023e3a 100644 --- a/test/results/stats/default/quic-27.pcap.out +++ b/test/results/stats/default/quic-27.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17372 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17262 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-28.pcap.out b/test/results/stats/default/quic-28.pcap.out index a818f715d..6a2dd834e 100644 --- a/test/results/stats/default/quic-28.pcap.out +++ b/test/results/stats/default/quic-28.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13835 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13794 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-29.pcap.out b/test/results/stats/default/quic-29.pcap.out index 6da77e896..6663daf18 100644 --- a/test/results/stats/default/quic-29.pcap.out +++ b/test/results/stats/default/quic-29.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13387 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13346 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-33.pcapng.out b/test/results/stats/default/quic-33.pcapng.out index 58f4814c8..b1f5d6923 100644 --- a/test/results/stats/default/quic-33.pcapng.out +++ b/test/results/stats/default/quic-33.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15233 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15192 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-34.pcap.out b/test/results/stats/default/quic-34.pcap.out index 4fac77289..37e4f2377 100644 --- a/test/results/stats/default/quic-34.pcap.out +++ b/test/results/stats/default/quic-34.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14611 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14570 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out b/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out index b241e746d..cf697a543 100644 --- a/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15127 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15086 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-fuzz-overflow.pcapng.out b/test/results/stats/default/quic-fuzz-overflow.pcapng.out index 082cc7bf3..67ef8e809 100644 --- a/test/results/stats/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/stats/default/quic-fuzz-overflow.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-22.pcap.out b/test/results/stats/default/quic-mvfst-22.pcap.out index 3ae7eb191..e8caa99cf 100644 --- a/test/results/stats/default/quic-mvfst-22.pcap.out +++ b/test/results/stats/default/quic-mvfst-22.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15679 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15638 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out index 3e95fe23d..a3561102a 100644 --- a/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-27.pcapng.out b/test/results/stats/default/quic-mvfst-27.pcapng.out index 946d37985..c2850cfc9 100644 --- a/test/results/stats/default/quic-mvfst-27.pcapng.out +++ b/test/results/stats/default/quic-mvfst-27.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15910 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15869 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-exp.pcap.out b/test/results/stats/default/quic-mvfst-exp.pcap.out index b1be04712..a96c73503 100644 --- a/test/results/stats/default/quic-mvfst-exp.pcap.out +++ b/test/results/stats/default/quic-mvfst-exp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15909 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15868 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic-v2.pcapng.out b/test/results/stats/default/quic-v2.pcapng.out index 880b33c3e..b485a9321 100644 --- a/test/results/stats/default/quic-v2.pcapng.out +++ b/test/results/stats/default/quic-v2.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15046 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15005 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic.pcap.out b/test/results/stats/default/quic.pcap.out index 001995bc8..24fd0636b 100644 --- a/test/results/stats/default/quic.pcap.out +++ b/test/results/stats/default/quic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:80 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:117305 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:116920 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic046.pcap.out b/test/results/stats/default/quic046.pcap.out index 1f69416b9..cb88d8465 100644 --- a/test/results/stats/default/quic046.pcap.out +++ b/test/results/stats/default/quic046.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13111 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13047 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_0RTT.pcap.out b/test/results/stats/default/quic_0RTT.pcap.out index 9cfa76fc0..5039ba255 100644 --- a/test/results/stats/default/quic_0RTT.pcap.out +++ b/test/results/stats/default/quic_0RTT.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20923 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20841 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_cc_ack.pcapng.out b/test/results/stats/default/quic_cc_ack.pcapng.out index 670bab173..38147b679 100644 --- a/test/results/stats/default/quic_cc_ack.pcapng.out +++ b/test/results/stats/default/quic_cc_ack.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out b/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out index a52c5130d..9c1e67d59 100644 --- a/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13478 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13396 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out index 87efa6210..ae9dd354e 100644 --- a/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15062 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15021 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index bbe5269ee..becc6a1f1 100644 --- a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:667 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:961340 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:949234 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:113 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:113 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:3 diff --git a/test/results/stats/default/quic_frags_different_dcid.pcapng.out b/test/results/stats/default/quic_frags_different_dcid.pcapng.out index e7abf19aa..42a066af0 100644 --- a/test/results/stats/default/quic_frags_different_dcid.pcapng.out +++ b/test/results/stats/default/quic_frags_different_dcid.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14158 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14117 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_interop_V.pcapng.out b/test/results/stats/default/quic_interop_V.pcapng.out index af45e955a..f55151713 100644 --- a/test/results/stats/default/quic_interop_V.pcapng.out +++ b/test/results/stats/default/quic_interop_V.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:471 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:631807 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:631863 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:77 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:77 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_q39.pcap.out b/test/results/stats/default/quic_q39.pcap.out index 7b6279a92..abfd251a3 100644 --- a/test/results/stats/default/quic_q39.pcap.out +++ b/test/results/stats/default/quic_q39.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15368 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15306 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_q43.pcap.out b/test/results/stats/default/quic_q43.pcap.out index eb5a09ee9..fb5b49db9 100644 --- a/test/results/stats/default/quic_q43.pcap.out +++ b/test/results/stats/default/quic_q43.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_q46.pcap.out b/test/results/stats/default/quic_q46.pcap.out index fa34f4b88..541aecd3e 100644 --- a/test/results/stats/default/quic_q46.pcap.out +++ b/test/results/stats/default/quic_q46.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15192 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15132 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_q46_b.pcap.out b/test/results/stats/default/quic_q46_b.pcap.out index ebcf3480c..02cc5856a 100644 --- a/test/results/stats/default/quic_q46_b.pcap.out +++ b/test/results/stats/default/quic_q46_b.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12006 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11944 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_q50.pcap.out b/test/results/stats/default/quic_q50.pcap.out index 6e5377bff..87e4966de 100644 --- a/test/results/stats/default/quic_q50.pcap.out +++ b/test/results/stats/default/quic_q50.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13498 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13438 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_sh.pcap.out b/test/results/stats/default/quic_sh.pcap.out index 30c2c14b8..72f610c0b 100644 --- a/test/results/stats/default/quic_sh.pcap.out +++ b/test/results/stats/default/quic_sh.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_t50.pcap.out b/test/results/stats/default/quic_t50.pcap.out index 6e1c5c229..7ffdd9b9b 100644 --- a/test/results/stats/default/quic_t50.pcap.out +++ b/test/results/stats/default/quic_t50.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15917 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15813 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quic_t51.pcap.out b/test/results/stats/default/quic_t51.pcap.out index cc299e03c..db22a704e 100644 --- a/test/results/stats/default/quic_t51.pcap.out +++ b/test/results/stats/default/quic_t51.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17256 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17149 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/quickplay.pcap.out b/test/results/stats/default/quickplay.pcap.out index 8f4d8f2be..399872edf 100644 --- a/test/results/stats/default/quickplay.pcap.out +++ b/test/results/stats/default/quickplay.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:145 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:173217 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:172987 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:37682 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:58185 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:68 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:15 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/radius_false_positive.pcapng.out b/test/results/stats/default/radius_false_positive.pcapng.out index 233308d4f..ea31fb850 100644 --- a/test/results/stats/default/radius_false_positive.pcapng.out +++ b/test/results/stats/default/radius_false_positive.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/radmin3.pcapng.out b/test/results/stats/default/radmin3.pcapng.out index 410ed1cd4..9b540bf49 100644 --- a/test/results/stats/default/radmin3.pcapng.out +++ b/test/results/stats/default/radmin3.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/raft.pcap.out b/test/results/stats/default/raft.pcap.out index b81e84ccb..60a1340f8 100644 --- a/test/results/stats/default/raft.pcap.out +++ b/test/results/stats/default/raft.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/raknet.pcap.out b/test/results/stats/default/raknet.pcap.out index 7dfc2b8fc..108ac9ffb 100644 --- a/test/results/stats/default/raknet.pcap.out +++ b/test/results/stats/default/raknet.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rdp.pcap.out b/test/results/stats/default/rdp.pcap.out index f618932d8..47874f9bf 100644 --- a/test/results/stats/default/rdp.pcap.out +++ b/test/results/stats/default/rdp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rdp2.pcap.out b/test/results/stats/default/rdp2.pcap.out index 7688de8c2..b6f3404a1 100644 --- a/test/results/stats/default/rdp2.pcap.out +++ b/test/results/stats/default/rdp2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rdp3.pcap.out b/test/results/stats/default/rdp3.pcap.out index 42ee7ff8d..dddcda959 100644 --- a/test/results/stats/default/rdp3.pcap.out +++ b/test/results/stats/default/rdp3.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rdp_over_tls.pcap.out b/test/results/stats/default/rdp_over_tls.pcap.out index a6742caa8..d85f6e516 100644 --- a/test/results/stats/default/rdp_over_tls.pcap.out +++ b/test/results/stats/default/rdp_over_tls.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12000 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11918 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/reasm_crash_anon.pcapng.out b/test/results/stats/default/reasm_crash_anon.pcapng.out index 9219ea014..3ff51d3bb 100644 --- a/test/results/stats/default/reasm_crash_anon.pcapng.out +++ b/test/results/stats/default/reasm_crash_anon.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/reasm_segv_anon.pcapng.out b/test/results/stats/default/reasm_segv_anon.pcapng.out index 2451ccfb2..70476cb40 100644 --- a/test/results/stats/default/reasm_segv_anon.pcapng.out +++ b/test/results/stats/default/reasm_segv_anon.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/reddit.pcap.out b/test/results/stats/default/reddit.pcap.out index 7813841dc..9009f5add 100644 --- a/test/results/stats/default/reddit.pcap.out +++ b/test/results/stats/default/reddit.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:582 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:572048 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:566292 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:37 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/resp.pcap.out b/test/results/stats/default/resp.pcap.out index babee3337..5f55d254e 100644 --- a/test/results/stats/default/resp.pcap.out +++ b/test/results/stats/default/resp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/riot.pcapng.out b/test/results/stats/default/riot.pcapng.out index fcc5b1672..1c719f9e5 100644 --- a/test/results/stats/default/riot.pcapng.out +++ b/test/results/stats/default/riot.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:18 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25788 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25728 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/riotgames.pcap.out b/test/results/stats/default/riotgames.pcap.out index 59b7f8d06..4a279eaeb 100644 --- a/test/results/stats/default/riotgames.pcap.out +++ b/test/results/stats/default/riotgames.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ripe_atlas.pcap.out b/test/results/stats/default/ripe_atlas.pcap.out index a5d9b4651..484b760f4 100644 --- a/test/results/stats/default/ripe_atlas.pcap.out +++ b/test/results/stats/default/ripe_atlas.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rmcp.pcap.out b/test/results/stats/default/rmcp.pcap.out index 6b61ea9a4..7a2bab583 100644 --- a/test/results/stats/default/rmcp.pcap.out +++ b/test/results/stats/default/rmcp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/roblox.pcapng.out b/test/results/stats/default/roblox.pcapng.out index 1f7d5c89b..f17ac7938 100644 --- a/test/results/stats/default/roblox.pcapng.out +++ b/test/results/stats/default/roblox.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:39 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44163 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44081 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/roughtime.pcap.out b/test/results/stats/default/roughtime.pcap.out index b1ae046a8..d70f7da20 100644 --- a/test/results/stats/default/roughtime.pcap.out +++ b/test/results/stats/default/roughtime.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rsh-syslog-false-positive.pcap.out b/test/results/stats/default/rsh-syslog-false-positive.pcap.out index 52c280ccb..a336e7a83 100644 --- a/test/results/stats/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/stats/default/rsh-syslog-false-positive.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rsh.pcap.out b/test/results/stats/default/rsh.pcap.out index 301981dcc..989f75ef0 100644 --- a/test/results/stats/default/rsh.pcap.out +++ b/test/results/stats/default/rsh.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rsync.pcap.out b/test/results/stats/default/rsync.pcap.out index 1b97c393c..658ba2c7b 100644 --- a/test/results/stats/default/rsync.pcap.out +++ b/test/results/stats/default/rsync.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index 05eb93554..565bdb4fd 100644 --- a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rtmp.pcap.out b/test/results/stats/default/rtmp.pcap.out index 8344395cd..a042b05bf 100644 --- a/test/results/stats/default/rtmp.pcap.out +++ b/test/results/stats/default/rtmp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rtp.pcapng.out b/test/results/stats/default/rtp.pcapng.out index 61e002fce..d5453205c 100644 --- a/test/results/stats/default/rtp.pcapng.out +++ b/test/results/stats/default/rtp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38805 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38855 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rtps.pcap.out b/test/results/stats/default/rtps.pcap.out index 94f22218d..364031cca 100644 --- a/test/results/stats/default/rtps.pcap.out +++ b/test/results/stats/default/rtps.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rtsp.pcap.out b/test/results/stats/default/rtsp.pcap.out index 17c210da0..a845c1641 100644 --- a/test/results/stats/default/rtsp.pcap.out +++ b/test/results/stats/default/rtsp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rtsp_setup_http.pcapng.out b/test/results/stats/default/rtsp_setup_http.pcapng.out index 86081d16f..f5adcd1af 100644 --- a/test/results/stats/default/rtsp_setup_http.pcapng.out +++ b/test/results/stats/default/rtsp_setup_http.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/rx.pcap.out b/test/results/stats/default/rx.pcap.out index faa4ca9dc..254f6c660 100644 --- a/test/results/stats/default/rx.pcap.out +++ b/test/results/stats/default/rx.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/s7comm-plus.pcap.out b/test/results/stats/default/s7comm-plus.pcap.out index 4ee1f424c..386eb2585 100644 --- a/test/results/stats/default/s7comm-plus.pcap.out +++ b/test/results/stats/default/s7comm-plus.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/s7comm.pcap.out b/test/results/stats/default/s7comm.pcap.out index 5b7757d3b..e8b6e19af 100644 --- a/test/results/stats/default/s7comm.pcap.out +++ b/test/results/stats/default/s7comm.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/safari.pcap.out b/test/results/stats/default/safari.pcap.out index f528fbd7d..22149a779 100644 --- a/test/results/stats/default/safari.pcap.out +++ b/test/results/stats/default/safari.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:69 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60887 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60231 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/salesforce.pcap.out b/test/results/stats/default/salesforce.pcap.out index 2c6c7720f..ac9799a29 100644 --- a/test/results/stats/default/salesforce.pcap.out +++ b/test/results/stats/default/salesforce.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11884 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11761 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sccp_hw_conf_register.pcapng.out b/test/results/stats/default/sccp_hw_conf_register.pcapng.out index 165289d33..38c63425a 100644 --- a/test/results/stats/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/stats/default/sccp_hw_conf_register.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sctp.cap.out b/test/results/stats/default/sctp.cap.out index e7c7f2060..2e5e8596f 100644 --- a/test/results/stats/default/sctp.cap.out +++ b/test/results/stats/default/sctp.cap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/selfsigned.pcap.out b/test/results/stats/default/selfsigned.pcap.out index 8ed87df69..24304d6ca 100644 --- a/test/results/stats/default/selfsigned.pcap.out +++ b/test/results/stats/default/selfsigned.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10966 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10884 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sflow.pcap.out b/test/results/stats/default/sflow.pcap.out index 12fa8f9ee..8857ffc34 100644 --- a/test/results/stats/default/sflow.pcap.out +++ b/test/results/stats/default/sflow.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/shadowsocks.pcap.out b/test/results/stats/default/shadowsocks.pcap.out index 1c9151718..2be24d79b 100644 --- a/test/results/stats/default/shadowsocks.pcap.out +++ b/test/results/stats/default/shadowsocks.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/shell.pcap.out b/test/results/stats/default/shell.pcap.out index 73892fdab..9d1e5cda6 100644 --- a/test/results/stats/default/shell.pcap.out +++ b/test/results/stats/default/shell.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/signal.pcap.out b/test/results/stats/default/signal.pcap.out index 9b68e3f36..c108ce923 100644 --- a/test/results/stats/default/signal.pcap.out +++ b/test/results/stats/default/signal.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:175 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:163765 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:162371 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:19 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/signal_audiocall.pcapng.out b/test/results/stats/default/signal_audiocall.pcapng.out new file mode 100644 index 000000000..031be0204 --- /dev/null +++ b/test/results/stats/default/signal_audiocall.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:44 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39743 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:19864 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:19438 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/signal_multiparty.pcapng.out b/test/results/stats/default/signal_multiparty.pcapng.out new file mode 100644 index 000000000..2a18ce99f --- /dev/null +++ b/test/results/stats/default/signal_multiparty.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11121 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:8051 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:442 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/signal_videocall.pcapng.out b/test/results/stats/default/signal_videocall.pcapng.out new file mode 100644 index 000000000..056257085 --- /dev/null +++ b/test/results/stats/default/signal_videocall.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29729 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:81563 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27668 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/signal_videocall_multiparty.pcapng.out b/test/results/stats/default/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..4deb1ec0b --- /dev/null +++ b/test/results/stats/default/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13612 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:67701 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18298 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/simple-dnscrypt.pcap.out b/test/results/stats/default/simple-dnscrypt.pcap.out index 46bc7d80b..bb06e2e25 100644 --- a/test/results/stats/default/simple-dnscrypt.pcap.out +++ b/test/results/stats/default/simple-dnscrypt.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:45 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43161 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42669 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sip.pcap.out b/test/results/stats/default/sip.pcap.out index 092546900..c05e68de7 100644 --- a/test/results/stats/default/sip.pcap.out +++ b/test/results/stats/default/sip.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:58535 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:58773 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sip_hello.pcapng.out b/test/results/stats/default/sip_hello.pcapng.out index 9c89f127f..b20af8a48 100644 --- a/test/results/stats/default/sip_hello.pcapng.out +++ b/test/results/stats/default/sip_hello.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16578 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16588 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sites.pcapng.out b/test/results/stats/default/sites.pcapng.out index 208b46797..b2b64579c 100644 --- a/test/results/stats/default/sites.pcapng.out +++ b/test/results/stats/default/sites.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:558 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:601356 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:596310 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:64 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:55 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:8 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:21 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:30 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:1 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:1 diff --git a/test/results/stats/default/sites2.pcapng.out b/test/results/stats/default/sites2.pcapng.out index 828368d6a..bcbe07b2b 100644 --- a/test/results/stats/default/sites2.pcapng.out +++ b/test/results/stats/default/sites2.pcapng.out @@ -1,23 +1,23 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:32 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29388 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:49 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42699 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:4286 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:12374 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:4931 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:12452 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 @@ -36,8 +36,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -61,7 +61,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 @@ -69,7 +69,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 @@ -83,12 +83,13 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 @@ -101,16 +102,16 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 diff --git a/test/results/stats/default/skinny.pcap.out b/test/results/stats/default/skinny.pcap.out index 13a0f9947..7e39a638b 100644 --- a/test/results/stats/default/skinny.pcap.out +++ b/test/results/stats/default/skinny.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:61 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51266 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51391 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/skype-conference-call.pcap.out b/test/results/stats/default/skype-conference-call.pcap.out index cb97e525d..9867f5421 100644 --- a/test/results/stats/default/skype-conference-call.pcap.out +++ b/test/results/stats/default/skype-conference-call.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11081 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11096 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/smb_deletefile.pcap.out b/test/results/stats/default/smb_deletefile.pcap.out index 8599ccf18..135653ace 100644 --- a/test/results/stats/default/smb_deletefile.pcap.out +++ b/test/results/stats/default/smb_deletefile.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/smb_frags.pcap.out b/test/results/stats/default/smb_frags.pcap.out index e77d44881..d7377f22d 100644 --- a/test/results/stats/default/smb_frags.pcap.out +++ b/test/results/stats/default/smb_frags.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/smbv1.pcap.out b/test/results/stats/default/smbv1.pcap.out index 1896181eb..ba9c3acc4 100644 --- a/test/results/stats/default/smbv1.pcap.out +++ b/test/results/stats/default/smbv1.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/smpp_in_general.pcap.out b/test/results/stats/default/smpp_in_general.pcap.out index ec71c0738..509f6be0e 100644 --- a/test/results/stats/default/smpp_in_general.pcap.out +++ b/test/results/stats/default/smpp_in_general.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/smtp-starttls.pcap.out b/test/results/stats/default/smtp-starttls.pcap.out index 545d6ab1a..85a046d49 100644 --- a/test/results/stats/default/smtp-starttls.pcap.out +++ b/test/results/stats/default/smtp-starttls.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27235 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27647 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -96,7 +97,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 diff --git a/test/results/stats/default/smtp.pcap.out b/test/results/stats/default/smtp.pcap.out index 1a3d9ce08..bcf6af26d 100644 --- a/test/results/stats/default/smtp.pcap.out +++ b/test/results/stats/default/smtp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/smtps.pcapng.out b/test/results/stats/default/smtps.pcapng.out index 152b12e0d..23591f8e4 100644 --- a/test/results/stats/default/smtps.pcapng.out +++ b/test/results/stats/default/smtps.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/snapchat.pcap.out b/test/results/stats/default/snapchat.pcap.out index 9bd5e1675..3e22a959f 100644 --- a/test/results/stats/default/snapchat.pcap.out +++ b/test/results/stats/default/snapchat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25728 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25482 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/snapchat_call.pcapng.out b/test/results/stats/default/snapchat_call.pcapng.out index 0a47b36a8..f0c663cc5 100644 --- a/test/results/stats/default/snapchat_call.pcapng.out +++ b/test/results/stats/default/snapchat_call.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/snapchat_call_v1.pcapng.out b/test/results/stats/default/snapchat_call_v1.pcapng.out index 9bf469b24..4830c173c 100644 --- a/test/results/stats/default/snapchat_call_v1.pcapng.out +++ b/test/results/stats/default/snapchat_call_v1.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18958 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18876 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/snmp.pcap.out b/test/results/stats/default/snmp.pcap.out index e51008c35..b63d3b8f4 100644 --- a/test/results/stats/default/snmp.pcap.out +++ b/test/results/stats/default/snmp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/soap.pcap.out b/test/results/stats/default/soap.pcap.out index ead2f777d..40638825a 100644 --- a/test/results/stats/default/soap.pcap.out +++ b/test/results/stats/default/soap.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/socks.pcap.out b/test/results/stats/default/socks.pcap.out index c3bdd2de5..718328b49 100644 --- a/test/results/stats/default/socks.pcap.out +++ b/test/results/stats/default/socks.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/softether.pcap.out b/test/results/stats/default/softether.pcap.out index cbb3dc9b4..b4c07ceb4 100644 --- a/test/results/stats/default/softether.pcap.out +++ b/test/results/stats/default/softether.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/someip-tp.pcap.out b/test/results/stats/default/someip-tp.pcap.out index 17b2a5f92..e05e15e3e 100644 --- a/test/results/stats/default/someip-tp.pcap.out +++ b/test/results/stats/default/someip-tp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/someip-udp-method-call.pcapng.out b/test/results/stats/default/someip-udp-method-call.pcapng.out index 409214590..01997f32c 100644 --- a/test/results/stats/default/someip-udp-method-call.pcapng.out +++ b/test/results/stats/default/someip-udp-method-call.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/someip_sd_sample.pcap.out b/test/results/stats/default/someip_sd_sample.pcap.out index c9b13e4c8..67e6e4ad3 100644 --- a/test/results/stats/default/someip_sd_sample.pcap.out +++ b/test/results/stats/default/someip_sd_sample.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sonos.pcapng.out b/test/results/stats/default/sonos.pcapng.out index 5984bb873..e0772e7e1 100644 --- a/test/results/stats/default/sonos.pcapng.out +++ b/test/results/stats/default/sonos.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25750 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25627 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/source_engine.pcap.out b/test/results/stats/default/source_engine.pcap.out index 49228af1e..e26331d75 100644 --- a/test/results/stats/default/source_engine.pcap.out +++ b/test/results/stats/default/source_engine.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/spotify_tcp.pcap.out b/test/results/stats/default/spotify_tcp.pcap.out index c8f6f5508..fbe4ed203 100644 --- a/test/results/stats/default/spotify_tcp.pcap.out +++ b/test/results/stats/default/spotify_tcp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/sql_injection.pcap.out b/test/results/stats/default/sql_injection.pcap.out index 2014c743d..a7a21a828 100644 --- a/test/results/stats/default/sql_injection.pcap.out +++ b/test/results/stats/default/sql_injection.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/srvloc-v1.pcapng.out b/test/results/stats/default/srvloc-v1.pcapng.out index 1489ceafd..c82114a6f 100644 --- a/test/results/stats/default/srvloc-v1.pcapng.out +++ b/test/results/stats/default/srvloc-v1.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/srvloc.pcap.out b/test/results/stats/default/srvloc.pcap.out index ad0a1c188..ec8b7fb17 100644 --- a/test/results/stats/default/srvloc.pcap.out +++ b/test/results/stats/default/srvloc.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ssdp-m-search-ua.pcap.out b/test/results/stats/default/ssdp-m-search-ua.pcap.out index 791579ea0..40091ef6b 100644 --- a/test/results/stats/default/ssdp-m-search-ua.pcap.out +++ b/test/results/stats/default/ssdp-m-search-ua.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ssdp-m-search.pcap.out b/test/results/stats/default/ssdp-m-search.pcap.out index b33b16531..02dc86e5e 100644 --- a/test/results/stats/default/ssdp-m-search.pcap.out +++ b/test/results/stats/default/ssdp-m-search.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ssh.pcap.out b/test/results/stats/default/ssh.pcap.out index b0b671eaa..e52324cc6 100644 --- a/test/results/stats/default/ssh.pcap.out +++ b/test/results/stats/default/ssh.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ssh_unidirectional.pcap.out b/test/results/stats/default/ssh_unidirectional.pcap.out index fc0ba20de..312466601 100644 --- a/test/results/stats/default/ssh_unidirectional.pcap.out +++ b/test/results/stats/default/ssh_unidirectional.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ssl-cert-name-mismatch.pcap.out b/test/results/stats/default/ssl-cert-name-mismatch.pcap.out index ccf9cc311..4d9ec82fc 100644 --- a/test/results/stats/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/stats/default/ssl-cert-name-mismatch.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11509 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11386 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/starcraft_battle.pcap.out b/test/results/stats/default/starcraft_battle.pcap.out index e5c9e50a8..cc4739af0 100644 --- a/test/results/stats/default/starcraft_battle.pcap.out +++ b/test/results/stats/default/starcraft_battle.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:383 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:299948 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:300162 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:52 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:26 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:26 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/steam.pcapng.out b/test/results/stats/default/steam.pcapng.out index a479c4616..fbdb05171 100644 --- a/test/results/stats/default/steam.pcapng.out +++ b/test/results/stats/default/steam.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51596 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51268 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stomp.pcapng.out b/test/results/stats/default/stomp.pcapng.out index fbef5a1c7..f2464f52b 100644 --- a/test/results/stats/default/stomp.pcapng.out +++ b/test/results/stats/default/stomp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun.pcap.out b/test/results/stats/default/stun.pcap.out index 738ca8f0c..3cdd2f88d 100644 --- a/test/results/stats/default/stun.pcap.out +++ b/test/results/stats/default/stun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:92 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:82317 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:82717 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_classic.pcap.out b/test/results/stats/default/stun_classic.pcap.out index 6dc385f4e..b4567eba3 100644 --- a/test/results/stats/default/stun_classic.pcap.out +++ b/test/results/stats/default/stun_classic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9356 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9446 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_dtls_rtp.pcapng.out b/test/results/stats/default/stun_dtls_rtp.pcapng.out index 10c2d18b9..b27a2dec3 100644 --- a/test/results/stats/default/stun_dtls_rtp.pcapng.out +++ b/test/results/stats/default/stun_dtls_rtp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24720 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24737 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out index e11a33cf8..933daada7 100644 --- a/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18063 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out b/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out index d28e854c4..81493a934 100644 --- a/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out +++ b/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12585 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12610 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out b/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out index b331e6440..b844b1c4d 100644 --- a/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out +++ b/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12814 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12840 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_google_meet.pcapng.out b/test/results/stats/default/stun_google_meet.pcapng.out index cb0a42689..8e855dafd 100644 --- a/test/results/stats/default/stun_google_meet.pcapng.out +++ b/test/results/stats/default/stun_google_meet.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:76 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:69730 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:69865 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_msteams_unidir.pcapng.out b/test/results/stats/default/stun_msteams_unidir.pcapng.out index 208909c53..9d76ccb12 100644 --- a/test/results/stats/default/stun_msteams_unidir.pcapng.out +++ b/test/results/stats/default/stun_msteams_unidir.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13123 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13219 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_signal.pcapng.out b/test/results/stats/default/stun_signal.pcapng.out index 027fc5fcc..8040aa1a9 100644 --- a/test/results/stats/default/stun_signal.pcapng.out +++ b/test/results/stats/default/stun_signal.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:233 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:198723 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:200419 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:23 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_signal_tcp.pcapng.out b/test/results/stats/default/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..3e1495dfb --- /dev/null +++ b/test/results/stats/default/stun_signal_tcp.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11303 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:58588 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27476 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out index c60cf4ed4..b8b96d72b 100644 --- a/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out +++ b/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8316 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8349 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_wa_call.pcapng.out b/test/results/stats/default/stun_wa_call.pcapng.out index 7cb91a705..0aabc1386 100644 --- a/test/results/stats/default/stun_wa_call.pcapng.out +++ b/test/results/stats/default/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:132 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:118755 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:119899 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/stun_zoom.pcapng.out b/test/results/stats/default/stun_zoom.pcapng.out index c21dceb19..cd38fa010 100644 --- a/test/results/stats/default/stun_zoom.pcapng.out +++ b/test/results/stats/default/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27389 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27425 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/syncthing.pcap.out b/test/results/stats/default/syncthing.pcap.out index 03cc4ea7f..8b08d9f27 100644 --- a/test/results/stats/default/syncthing.pcap.out +++ b/test/results/stats/default/syncthing.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/synscan.pcap.out b/test/results/stats/default/synscan.pcap.out index 6ab11322f..d7a5db393 100644 --- a/test/results/stats/default/synscan.pcap.out +++ b/test/results/stats/default/synscan.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7996 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6244751 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6245326 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1994 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1989 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/syslog.pcap.out b/test/results/stats/default/syslog.pcap.out index ba234b630..52dcf464e 100644 --- a/test/results/stats/default/syslog.pcap.out +++ b/test/results/stats/default/syslog.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tailscale.pcap.out b/test/results/stats/default/tailscale.pcap.out index 67abe9a57..67ac2cf2a 100644 --- a/test/results/stats/default/tailscale.pcap.out +++ b/test/results/stats/default/tailscale.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/targusdataspeed_false_positives.pcap.out b/test/results/stats/default/targusdataspeed_false_positives.pcap.out index 148f3f694..76a0162c1 100644 --- a/test/results/stats/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/stats/default/targusdataspeed_false_positives.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tcp_scan.pcapng.out b/test/results/stats/default/tcp_scan.pcapng.out index 5d32f5072..56bef1969 100644 --- a/test/results/stats/default/tcp_scan.pcapng.out +++ b/test/results/stats/default/tcp_scan.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30685 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31434 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/teams.pcap.out b/test/results/stats/default/teams.pcap.out index b71b46333..0c9c4291d 100644 --- a/test/results/stats/default/teams.pcap.out +++ b/test/results/stats/default/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:668 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:638472 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:636862 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:51 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:27 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:6 diff --git a/test/results/stats/default/teamspeak3.pcap.out b/test/results/stats/default/teamspeak3.pcap.out index 89ce4d89c..0a76a80ec 100644 --- a/test/results/stats/default/teamspeak3.pcap.out +++ b/test/results/stats/default/teamspeak3.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/teamviewer.pcap.out b/test/results/stats/default/teamviewer.pcap.out index 79b8fab6e..82021f01c 100644 --- a/test/results/stats/default/teamviewer.pcap.out +++ b/test/results/stats/default/teamviewer.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/telegram.pcap.out b/test/results/stats/default/telegram.pcap.out index 4306561de..a527c3384 100644 --- a/test/results/stats/default/telegram.pcap.out +++ b/test/results/stats/default/telegram.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:340 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:294644 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:294278 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:48 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:159435 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:109098 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:163 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/telegram_videocall.pcapng.out b/test/results/stats/default/telegram_videocall.pcapng.out index 7fe339d1f..31b43b34a 100644 --- a/test/results/stats/default/telegram_videocall.pcapng.out +++ b/test/results/stats/default/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:219782 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:220885 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/telegram_videocall_2.pcapng.out b/test/results/stats/default/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..f07a986e9 --- /dev/null +++ b/test/results/stats/default/telegram_videocall_2.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:65 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:56081 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:49274 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:68741 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:30 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/telegram_voice.pcapng.out b/test/results/stats/default/telegram_voice.pcapng.out new file mode 100644 index 000000000..3cc250b4a --- /dev/null +++ b/test/results/stats/default/telegram_voice.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:82 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:69833 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:60389 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:66728 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:39 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/telnet.pcap.out b/test/results/stats/default/telnet.pcap.out index 220ab5423..d432b66f5 100644 --- a/test/results/stats/default/telnet.pcap.out +++ b/test/results/stats/default/telnet.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tencent_games.pcap.out b/test/results/stats/default/tencent_games.pcap.out index 7f904bd1b..bc8b75b2b 100644 --- a/test/results/stats/default/tencent_games.pcap.out +++ b/test/results/stats/default/tencent_games.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/teredo.pcap.out b/test/results/stats/default/teredo.pcap.out index f34b575f6..b31f91afd 100644 --- a/test/results/stats/default/teredo.pcap.out +++ b/test/results/stats/default/teredo.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/teso.pcapng.out b/test/results/stats/default/teso.pcapng.out index 8d2385b1c..cb3182a24 100644 --- a/test/results/stats/default/teso.pcapng.out +++ b/test/results/stats/default/teso.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tftp.pcap.out b/test/results/stats/default/tftp.pcap.out index daed747c5..8d745e28a 100644 --- a/test/results/stats/default/tftp.pcap.out +++ b/test/results/stats/default/tftp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/threema.pcap.out b/test/results/stats/default/threema.pcap.out index 5696d4133..0b505227e 100644 --- a/test/results/stats/default/threema.pcap.out +++ b/test/results/stats/default/threema.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/thrift.pcap.out b/test/results/stats/default/thrift.pcap.out index d5b51af07..80a177867 100644 --- a/test/results/stats/default/thrift.pcap.out +++ b/test/results/stats/default/thrift.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tinc.pcap.out b/test/results/stats/default/tinc.pcap.out index bcbee8551..9b21474ce 100644 --- a/test/results/stats/default/tinc.pcap.out +++ b/test/results/stats/default/tinc.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tk.pcap.out b/test/results/stats/default/tk.pcap.out index f4f7b8960..607a9689f 100644 --- a/test/results/stats/default/tk.pcap.out +++ b/test/results/stats/default/tk.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls-appdata.pcap.out b/test/results/stats/default/tls-appdata.pcap.out index 02deb5fa8..4cfdd9d56 100644 --- a/test/results/stats/default/tls-appdata.pcap.out +++ b/test/results/stats/default/tls-appdata.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls-esni-fuzzed.pcap.out b/test/results/stats/default/tls-esni-fuzzed.pcap.out index 1dfbf173c..21940aa77 100644 --- a/test/results/stats/default/tls-esni-fuzzed.pcap.out +++ b/test/results/stats/default/tls-esni-fuzzed.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16402 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17883 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:2148 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -95,7 +96,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 @@ -133,10 +134,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 @@ -164,7 +165,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 diff --git a/test/results/stats/default/tls-rdn-extract.pcap.out b/test/results/stats/default/tls-rdn-extract.pcap.out index 1cf7052e9..dea74d15e 100644 --- a/test/results/stats/default/tls-rdn-extract.pcap.out +++ b/test/results/stats/default/tls-rdn-extract.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21621 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21498 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_1.2_unidirectional_client.pcapng.out b/test/results/stats/default/tls_1.2_unidirectional_client.pcapng.out index de94b3dfc..7489e1a39 100644 --- a/test/results/stats/default/tls_1.2_unidirectional_client.pcapng.out +++ b/test/results/stats/default/tls_1.2_unidirectional_client.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8885 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8844 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_1.2_unidirectional_client_no_cert.pcapng.out b/test/results/stats/default/tls_1.2_unidirectional_client_no_cert.pcapng.out index 67d932467..2f45b23e6 100644 --- a/test/results/stats/default/tls_1.2_unidirectional_client_no_cert.pcapng.out +++ b/test/results/stats/default/tls_1.2_unidirectional_client_no_cert.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9407 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9366 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_1.2_unidirectional_server.pcapng.out b/test/results/stats/default/tls_1.2_unidirectional_server.pcapng.out index 3527e75fa..eaeb86551 100644 --- a/test/results/stats/default/tls_1.2_unidirectional_server.pcapng.out +++ b/test/results/stats/default/tls_1.2_unidirectional_server.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16141 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16090 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_1.2_unidirectional_server_no_cert.pcapng.out b/test/results/stats/default/tls_1.2_unidirectional_server_no_cert.pcapng.out index f1fde9391..557a22a25 100644 --- a/test/results/stats/default/tls_1.2_unidirectional_server_no_cert.pcapng.out +++ b/test/results/stats/default/tls_1.2_unidirectional_server_no_cert.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8713 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8704 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_1.3_unidirectional_client.pcapng.out b/test/results/stats/default/tls_1.3_unidirectional_client.pcapng.out index 24832a577..7ccda9099 100644 --- a/test/results/stats/default/tls_1.3_unidirectional_client.pcapng.out +++ b/test/results/stats/default/tls_1.3_unidirectional_client.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9487 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9446 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_1.3_unidirectional_server.pcapng.out b/test/results/stats/default/tls_1.3_unidirectional_server.pcapng.out index 4fe026024..34bd4b8e8 100644 --- a/test/results/stats/default/tls_1.3_unidirectional_server.pcapng.out +++ b/test/results/stats/default/tls_1.3_unidirectional_server.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8725 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8716 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_2_reasms.pcapng.out b/test/results/stats/default/tls_2_reasms.pcapng.out index f92254c31..ca7cff588 100644 --- a/test/results/stats/default/tls_2_reasms.pcapng.out +++ b/test/results/stats/default/tls_2_reasms.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12353 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12271 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_2_reasms_b.pcapng.out b/test/results/stats/default/tls_2_reasms_b.pcapng.out index f567b679a..787b72dfb 100644 --- a/test/results/stats/default/tls_2_reasms_b.pcapng.out +++ b/test/results/stats/default/tls_2_reasms_b.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12370 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12288 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_alert.pcap.out b/test/results/stats/default/tls_alert.pcap.out index d215a7353..d75ff4e0d 100644 --- a/test/results/stats/default/tls_alert.pcap.out +++ b/test/results/stats/default/tls_alert.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16706 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16624 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_certificate_too_long.pcap.out b/test/results/stats/default/tls_certificate_too_long.pcap.out index 1d26d9588..7cc25bb47 100644 --- a/test/results/stats/default/tls_certificate_too_long.pcap.out +++ b/test/results/stats/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:252 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:256228 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:255572 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:35 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:24 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_change_cipher.pcap.out b/test/results/stats/default/tls_change_cipher.pcap.out index 350c4482e..a2287dabb 100644 --- a/test/results/stats/default/tls_change_cipher.pcap.out +++ b/test/results/stats/default/tls_change_cipher.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_cipher_lens.pcap.out b/test/results/stats/default/tls_cipher_lens.pcap.out index 2e405a6da..c2af4fb67 100644 --- a/test/results/stats/default/tls_cipher_lens.pcap.out +++ b/test/results/stats/default/tls_cipher_lens.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22068 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21959 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out index ef10732ed..c61cb7f50 100644 --- a/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20346 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20223 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_ech.pcapng.out b/test/results/stats/default/tls_ech.pcapng.out index 9fcf080fa..9c48f59fc 100644 --- a/test/results/stats/default/tls_ech.pcapng.out +++ b/test/results/stats/default/tls_ech.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10634 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10552 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_esni_sni_both.pcap.out b/test/results/stats/default/tls_esni_sni_both.pcap.out index af338c94c..21e1fbf50 100644 --- a/test/results/stats/default/tls_esni_sni_both.pcap.out +++ b/test/results/stats/default/tls_esni_sni_both.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19920 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19756 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_false_positives.pcapng.out b/test/results/stats/default/tls_false_positives.pcapng.out index 64fbc437f..788b0da3b 100644 --- a/test/results/stats/default/tls_false_positives.pcapng.out +++ b/test/results/stats/default/tls_false_positives.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/stats/default/tls_heur__shadowsocks-tcp.pcapng.out index 4cc24dd14..e9ca2d19f 100644 --- a/test/results/stats/default/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/stats/default/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33414 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33332 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/stats/default/tls_heur__trojan-tcp-tls.pcapng.out index b7270455e..883c5e413 100644 --- a/test/results/stats/default/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/stats/default/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:75 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:67452 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:67288 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/stats/default/tls_heur__vmess-tcp-tls.pcapng.out index d6934a0cf..552f0aba0 100644 --- a/test/results/stats/default/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/stats/default/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:74 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:64827 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:64663 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_heur__vmess-tcp.pcapng.out b/test/results/stats/default/tls_heur__vmess-tcp.pcapng.out index e44855935..f282ece6e 100644 --- a/test/results/stats/default/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/stats/default/tls_heur__vmess-tcp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32769 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32687 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_heur__vmess-websocket.pcapng.out b/test/results/stats/default/tls_heur__vmess-websocket.pcapng.out index cdea6ce52..08f4d82d3 100644 --- a/test/results/stats/default/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/stats/default/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34444 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34404 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_invalid_reads.pcap.out b/test/results/stats/default/tls_invalid_reads.pcap.out index 79dcce822..ccb35f55b 100644 --- a/test/results/stats/default/tls_invalid_reads.pcap.out +++ b/test/results/stats/default/tls_invalid_reads.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17219 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17407 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -96,7 +97,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_long_cert.pcap.out b/test/results/stats/default/tls_long_cert.pcap.out index 2b86e1a97..8efff6845 100644 --- a/test/results/stats/default/tls_long_cert.pcap.out +++ b/test/results/stats/default/tls_long_cert.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15293 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15170 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_malicious_sha1.pcapng.out b/test/results/stats/default/tls_malicious_sha1.pcapng.out index d41117257..a206cda4d 100644 --- a/test/results/stats/default/tls_malicious_sha1.pcapng.out +++ b/test/results/stats/default/tls_malicious_sha1.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11657 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11534 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_missing_ch_frag.pcap.out b/test/results/stats/default/tls_missing_ch_frag.pcap.out index 84ae8e7d9..85d286df2 100644 --- a/test/results/stats/default/tls_missing_ch_frag.pcap.out +++ b/test/results/stats/default/tls_missing_ch_frag.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15084 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15075 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out index 8fa398c1a..3f7eb1083 100644 --- a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12768 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12645 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_port_80.pcapng.out b/test/results/stats/default/tls_port_80.pcapng.out index 67a32c7c1..6bccadbc9 100644 --- a/test/results/stats/default/tls_port_80.pcapng.out +++ b/test/results/stats/default/tls_port_80.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10328 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10246 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_torrent.pcapng.out b/test/results/stats/default/tls_torrent.pcapng.out index 9c22113bf..98a4d928b 100644 --- a/test/results/stats/default/tls_torrent.pcapng.out +++ b/test/results/stats/default/tls_torrent.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15643 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15520 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_unidirectional.pcap.out b/test/results/stats/default/tls_unidirectional.pcap.out index 772c1dcb2..63e604647 100644 --- a/test/results/stats/default/tls_unidirectional.pcap.out +++ b/test/results/stats/default/tls_unidirectional.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_verylong_certificate.pcap.out b/test/results/stats/default/tls_verylong_certificate.pcap.out index cba62472d..8a3e1db80 100644 --- a/test/results/stats/default/tls_verylong_certificate.pcap.out +++ b/test/results/stats/default/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16602 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16479 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tls_with_huge_ch.pcapng.out b/test/results/stats/default/tls_with_huge_ch.pcapng.out index 642f07c57..e79741c9e 100644 --- a/test/results/stats/default/tls_with_huge_ch.pcapng.out +++ b/test/results/stats/default/tls_with_huge_ch.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11501 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11460 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/toca-boca.pcap.out b/test/results/stats/default/toca-boca.pcap.out index 5dede1793..bb2834f0e 100644 --- a/test/results/stats/default/toca-boca.pcap.out +++ b/test/results/stats/default/toca-boca.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tor.pcap.out b/test/results/stats/default/tor.pcap.out index 6d9856a3f..0bd8fedb0 100644 --- a/test/results/stats/default/tor.pcap.out +++ b/test/results/stats/default/tor.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:166 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:118817 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:117886 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:42783 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:74483 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:32 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/tplink_shp.pcap.out b/test/results/stats/default/tplink_shp.pcap.out index b5b9bf5ad..3f33aea01 100644 --- a/test/results/stats/default/tplink_shp.pcap.out +++ b/test/results/stats/default/tplink_shp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/trdp.pcapng.out b/test/results/stats/default/trdp.pcapng.out index eb2310f00..a3812b7c1 100644 --- a/test/results/stats/default/trdp.pcapng.out +++ b/test/results/stats/default/trdp.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/trickbot.pcap.out b/test/results/stats/default/trickbot.pcap.out index ddd262de2..92b53fc74 100644 --- a/test/results/stats/default/trickbot.pcap.out +++ b/test/results/stats/default/trickbot.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tumblr.pcap.out b/test/results/stats/default/tumblr.pcap.out index fe24218e7..ed32f4d3e 100644 --- a/test/results/stats/default/tumblr.pcap.out +++ b/test/results/stats/default/tumblr.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:329 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:285140 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:284361 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:46 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tunnelbear.pcap.out b/test/results/stats/default/tunnelbear.pcap.out index 3e0e73108..15ab3a2c4 100644 --- a/test/results/stats/default/tunnelbear.pcap.out +++ b/test/results/stats/default/tunnelbear.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:201 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:179569 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:177984 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:22 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/tuya_lp.pcap.out b/test/results/stats/default/tuya_lp.pcap.out index aa0abb1d9..51d41cc4d 100644 --- a/test/results/stats/default/tuya_lp.pcap.out +++ b/test/results/stats/default/tuya_lp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ubntac2.pcap.out b/test/results/stats/default/ubntac2.pcap.out index 3010c844a..ab7830855 100644 --- a/test/results/stats/default/ubntac2.pcap.out +++ b/test/results/stats/default/ubntac2.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/uftp_v4_v5.pcap.out b/test/results/stats/default/uftp_v4_v5.pcap.out index d2d84bdcc..464e13a9b 100644 --- a/test/results/stats/default/uftp_v4_v5.pcap.out +++ b/test/results/stats/default/uftp_v4_v5.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/ultrasurf.pcap.out b/test/results/stats/default/ultrasurf.pcap.out index 639abc7ea..7dbfdd2d3 100644 --- a/test/results/stats/default/ultrasurf.pcap.out +++ b/test/results/stats/default/ultrasurf.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:32 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47190 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47026 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/umas.pcap.out b/test/results/stats/default/umas.pcap.out index b1815a9eb..df2d69858 100644 --- a/test/results/stats/default/umas.pcap.out +++ b/test/results/stats/default/umas.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/upnp.pcap.out b/test/results/stats/default/upnp.pcap.out index 097dc8c7a..89219b95f 100644 --- a/test/results/stats/default/upnp.pcap.out +++ b/test/results/stats/default/upnp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/viber.pcap.out b/test/results/stats/default/viber.pcap.out index 83728c168..b6c50ea08 100644 --- a/test/results/stats/default/viber.pcap.out +++ b/test/results/stats/default/viber.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:230 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:195991 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:195402 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:30 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:24 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/vivox.pcapng.out b/test/results/stats/default/vivox.pcapng.out new file mode 100644 index 000000000..9c0e5f46d --- /dev/null +++ b/test/results/stats/default/vivox.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:16 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12594 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:464 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/default/vk.pcapng.out b/test/results/stats/default/vk.pcapng.out index 068f8e9c2..5fe1500e2 100644 --- a/test/results/stats/default/vk.pcapng.out +++ b/test/results/stats/default/vk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:84 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75642 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75478 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/vnc.pcap.out b/test/results/stats/default/vnc.pcap.out index 903fcb905..cf3f87a5a 100644 --- a/test/results/stats/default/vnc.pcap.out +++ b/test/results/stats/default/vnc.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/vrrp3.pcapng.out b/test/results/stats/default/vrrp3.pcapng.out index 58d1bacef..3347ea9b7 100644 --- a/test/results/stats/default/vrrp3.pcapng.out +++ b/test/results/stats/default/vrrp3.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/vxlan.pcap.out b/test/results/stats/default/vxlan.pcap.out index 940fe8585..9b0d2a0ca 100644 --- a/test/results/stats/default/vxlan.pcap.out +++ b/test/results/stats/default/vxlan.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/wa_video.pcap.out b/test/results/stats/default/wa_video.pcap.out index e7bcfd0f7..0ee9363a2 100644 --- a/test/results/stats/default/wa_video.pcap.out +++ b/test/results/stats/default/wa_video.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:111 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:99764 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:100429 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:14 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:14 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/wa_voice.pcap.out b/test/results/stats/default/wa_voice.pcap.out index 8f577f635..f4b27b3bb 100644 --- a/test/results/stats/default/wa_voice.pcap.out +++ b/test/results/stats/default/wa_voice.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:221 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:195237 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:195763 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:26 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/waze.pcap.out b/test/results/stats/default/waze.pcap.out index d3a15833a..321fc377d 100644 --- a/test/results/stats/default/waze.pcap.out +++ b/test/results/stats/default/waze.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:282 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:232630 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:229832 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:30 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:19999 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:306184 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:21 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:14 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:153 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:34 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/webdav.pcap.out b/test/results/stats/default/webdav.pcap.out index e32fe1f28..d0fc778b7 100644 --- a/test/results/stats/default/webdav.pcap.out +++ b/test/results/stats/default/webdav.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/webex.pcap.out b/test/results/stats/default/webex.pcap.out index 38a36d8b7..ae25a7ac2 100644 --- a/test/results/stats/default/webex.pcap.out +++ b/test/results/stats/default/webex.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:500 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:426101 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:425165 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:45 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -96,7 +97,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:101 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:111 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:76 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:25 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:36 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 diff --git a/test/results/stats/default/websocket-chisel-ssh.pcap.out b/test/results/stats/default/websocket-chisel-ssh.pcap.out new file mode 100644 index 000000000..b9ca57649 --- /dev/null +++ b/test/results/stats/default/websocket-chisel-ssh.pcap.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14389 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:428 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:205 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:1 diff --git a/test/results/stats/default/websocket.pcap.out b/test/results/stats/default/websocket.pcap.out index e45733e2d..f0e2aaceb 100644 --- a/test/results/stats/default/websocket.pcap.out +++ b/test/results/stats/default/websocket.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/wechat.pcap.out b/test/results/stats/default/wechat.pcap.out index 5a8dedd98..8af98bf14 100644 --- a/test/results/stats/default/wechat.pcap.out +++ b/test/results/stats/default/wechat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:888 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:783612 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:779107 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:109 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:52 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:57 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:184490 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:376782 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:394 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 diff --git a/test/results/stats/default/weibo.pcap.out b/test/results/stats/default/weibo.pcap.out index 4909ad401..849728b69 100644 --- a/test/results/stats/default/weibo.pcap.out +++ b/test/results/stats/default/weibo.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:267 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:223497 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:223456 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:44 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:43 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp.pcap.out b/test/results/stats/default/whatsapp.pcap.out index 729efff8b..269dbc954 100644 --- a/test/results/stats/default/whatsapp.pcap.out +++ b/test/results/stats/default/whatsapp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp_login_call.pcap.out b/test/results/stats/default/whatsapp_login_call.pcap.out index 086c75bfa..0a3259d40 100644 --- a/test/results/stats/default/whatsapp_login_call.pcap.out +++ b/test/results/stats/default/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:497 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:420997 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:423633 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:33 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -96,7 +97,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:25 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp_login_chat.pcap.out b/test/results/stats/default/whatsapp_login_chat.pcap.out index e840d758b..69250b013 100644 --- a/test/results/stats/default/whatsapp_login_chat.pcap.out +++ b/test/results/stats/default/whatsapp_login_chat.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp_voice_and_message.pcap.out b/test/results/stats/default/whatsapp_voice_and_message.pcap.out index 0267ff7b1..06a34d231 100644 --- a/test/results/stats/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/stats/default/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:126 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:103362 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:103626 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/whatsappfiles.pcap.out b/test/results/stats/default/whatsappfiles.pcap.out index 7e2dfbc66..73a70ab4a 100644 --- a/test/results/stats/default/whatsappfiles.pcap.out +++ b/test/results/stats/default/whatsappfiles.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24158 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23953 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/whois.pcapng.out b/test/results/stats/default/whois.pcapng.out index d09166f5a..aaa979e76 100644 --- a/test/results/stats/default/whois.pcapng.out +++ b/test/results/stats/default/whois.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27763 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27681 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/windowsupdate_over_http.pcap.out b/test/results/stats/default/windowsupdate_over_http.pcap.out index 21d1c93d3..85736526c 100644 --- a/test/results/stats/default/windowsupdate_over_http.pcap.out +++ b/test/results/stats/default/windowsupdate_over_http.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/windscribe.pcapng.out b/test/results/stats/default/windscribe.pcapng.out index 9008fe909..6224d0684 100644 --- a/test/results/stats/default/windscribe.pcapng.out +++ b/test/results/stats/default/windscribe.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10991 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10909 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/wireguard.pcap.out b/test/results/stats/default/wireguard.pcap.out index ca0820b21..bf2c63448 100644 --- a/test/results/stats/default/wireguard.pcap.out +++ b/test/results/stats/default/wireguard.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/wow.pcap.out b/test/results/stats/default/wow.pcap.out index b407f7eac..d6e0dcf3f 100644 --- a/test/results/stats/default/wow.pcap.out +++ b/test/results/stats/default/wow.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/xdmcp.pcap.out b/test/results/stats/default/xdmcp.pcap.out index 0dd199187..6ba387ba2 100644 --- a/test/results/stats/default/xdmcp.pcap.out +++ b/test/results/stats/default/xdmcp.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/xiaomi.pcap.out b/test/results/stats/default/xiaomi.pcap.out index 4fae83bbc..29e17c4de 100644 --- a/test/results/stats/default/xiaomi.pcap.out +++ b/test/results/stats/default/xiaomi.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:58 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50431 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50231 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -94,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/default/xss.pcap.out b/test/results/stats/default/xss.pcap.out index 8ca37b11f..967d295a0 100644 --- a/test/results/stats/default/xss.pcap.out +++ b/test/results/stats/default/xss.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/yandex.pcapng.out b/test/results/stats/default/yandex.pcapng.out index 44d50487b..f0ebcb22f 100644 --- a/test/results/stats/default/yandex.pcapng.out +++ b/test/results/stats/default/yandex.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:84 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75231 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74575 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/yojimbo.pcap.out b/test/results/stats/default/yojimbo.pcap.out index 648e797ca..295a08fd6 100644 --- a/test/results/stats/default/yojimbo.pcap.out +++ b/test/results/stats/default/yojimbo.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/youtube_quic.pcap.out b/test/results/stats/default/youtube_quic.pcap.out index 575adc3a4..709be9243 100644 --- a/test/results/stats/default/youtube_quic.pcap.out +++ b/test/results/stats/default/youtube_quic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39379 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39187 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/youtubeupload.pcap.out b/test/results/stats/default/youtubeupload.pcap.out index cca8826ce..b0188e04b 100644 --- a/test/results/stats/default/youtubeupload.pcap.out +++ b/test/results/stats/default/youtubeupload.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:41391 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:41140 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/z3950.pcapng.out b/test/results/stats/default/z3950.pcapng.out index 35b3f2a03..14d5ae91c 100644 --- a/test/results/stats/default/z3950.pcapng.out +++ b/test/results/stats/default/z3950.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/zabbix.pcap.out b/test/results/stats/default/zabbix.pcap.out index df662bb9b..af1593e8a 100644 --- a/test/results/stats/default/zabbix.pcap.out +++ b/test/results/stats/default/zabbix.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/zattoo.pcap.out b/test/results/stats/default/zattoo.pcap.out index 24671da30..0211f08f4 100644 --- a/test/results/stats/default/zattoo.pcap.out +++ b/test/results/stats/default/zattoo.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18695 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18613 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/zoom.pcap.out b/test/results/stats/default/zoom.pcap.out index 68a2e30e4..ba4099140 100644 --- a/test/results/stats/default/zoom.pcap.out +++ b/test/results/stats/default/zoom.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:317 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:246273 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:245352 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/zoom2.pcap.out b/test/results/stats/default/zoom2.pcap.out index 3ce175923..124eef789 100644 --- a/test/results/stats/default/zoom2.pcap.out +++ b/test/results/stats/default/zoom2.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:46 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42642 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42519 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/zoom_p2p.pcapng.out b/test/results/stats/default/zoom_p2p.pcapng.out index 0c2396da6..829e810b2 100644 --- a/test/results/stats/default/zoom_p2p.pcapng.out +++ b/test/results/stats/default/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:134 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114701 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114833 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/default/zug.pcap.out b/test/results/stats/default/zug.pcap.out index f1c4e7224..85a774f3a 100644 --- a/test/results/stats/default/zug.pcap.out +++ b/test/results/stats/default/zug.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_aggressiveness/ookla.pcap.out b/test/results/stats/disable_aggressiveness/ookla.pcap.out index 52d6dd07e..2f8057983 100644 --- a/test/results/stats/disable_aggressiveness/ookla.pcap.out +++ b/test/results/stats/disable_aggressiveness/ookla.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:55 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44179 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44015 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_metadata/sip.pcap.out b/test/results/stats/disable_metadata/sip.pcap.out deleted file mode 100644 index 05944be88..000000000 --- a/test/results/stats/disable_metadata/sip.pcap.out +++ /dev/null @@ -1,171 +0,0 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:59066 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:28304 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:16151 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:16 -PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out deleted file mode 100644 index 8c0773938..000000000 --- a/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,171 +0,0 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16417 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:844 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18233 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/disable_metadata_and_flowrisks/sip.pcap.out b/test/results/stats/disable_metadata_and_flowrisks/sip.pcap.out new file mode 100644 index 000000000..fad05625d --- /dev/null +++ b/test/results/stats/disable_metadata_and_flowrisks/sip.pcap.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60130 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:25 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:28304 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:16151 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:16 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out b/test/results/stats/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..0eca86829 --- /dev/null +++ b/test/results/stats/disable_metadata_and_flowrisks/tls_verylong_certificate.pcap.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16801 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:844 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18233 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/dns_long_domainname.pcap.out b/test/results/stats/disable_protocols/dns_long_domainname.pcap.out index 8e024e1c2..1a6a0c923 100644 --- a/test/results/stats/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/stats/disable_protocols/dns_long_domainname.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/pluralsight.pcap.out b/test/results/stats/disable_protocols/pluralsight.pcap.out index b3f1af51b..eaa6495a4 100644 --- a/test/results/stats/disable_protocols/pluralsight.pcap.out +++ b/test/results/stats/disable_protocols/pluralsight.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75196 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74540 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out index d0c18d6f6..4701dc8d8 100644 --- a/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16010 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15969 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/soap.pcap.out b/test/results/stats/disable_protocols/soap.pcap.out index e00000652..6c0371a1d 100644 --- a/test/results/stats/disable_protocols/soap.pcap.out +++ b/test/results/stats/disable_protocols/soap.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_use_client_ip/bot.pcap.out b/test/results/stats/disable_use_client_ip/bot.pcap.out index 5e530e18c..4f1663ba6 100644 --- a/test/results/stats/disable_use_client_ip/bot.pcap.out +++ b/test/results/stats/disable_use_client_ip/bot.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/disable_use_client_port/iphone.pcap.out b/test/results/stats/disable_use_client_port/iphone.pcap.out index 81554b6a7..195ff5928 100644 --- a/test/results/stats/disable_use_client_port/iphone.pcap.out +++ b/test/results/stats/disable_use_client_port/iphone.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:356 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:334197 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:332762 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:51 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/dns_process_response_disable/dns.pcap.out b/test/results/stats/dns_process_response_disable/dns.pcap.out index 981c475d9..cde683848 100644 --- a/test/results/stats/dns_process_response_disable/dns.pcap.out +++ b/test/results/stats/dns_process_response_disable/dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out index 997424a55..7e7571ac1 100644 --- a/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out +++ b/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/enable_doh_heuristic/doh.pcapng.out b/test/results/stats/enable_doh_heuristic/doh.pcapng.out index 3c11649e3..83fc94791 100644 --- a/test/results/stats/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/stats/enable_doh_heuristic/doh.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12906 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12824 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/enable_payload_stat/1kxun.pcap.out b/test/results/stats/enable_payload_stat/1kxun.pcap.out index d31f8f7eb..9b4817472 100644 --- a/test/results/stats/enable_payload_stat/1kxun.pcap.out +++ b/test/results/stats/enable_payload_stat/1kxun.pcap.out @@ -1,17 +1,17 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1571479 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1571504 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:156501 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:2270815 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:624 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:116 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:121 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:53 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -58,7 +58,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:63 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:68 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:45 @@ -83,18 +83,19 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:32 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -110,9 +111,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:197 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out index cea4867b8..4539ef770 100644 --- a/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out +++ b/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20749 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20626 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/fpc/1kxun.pcap.out b/test/results/stats/fpc/1kxun.pcap.out new file mode 100644 index 000000000..8ecc6da8a --- /dev/null +++ b/test/results/stats/fpc/1kxun.pcap.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1550656 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:182 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:33 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:156501 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:2270815 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:33 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:624 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:121 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:53 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:39 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:68 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:45 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:22 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:182 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:32 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:172 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:25 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:98 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:99 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:197 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:182 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/fpc/signal_videocall.pcapng.out b/test/results/stats/fpc/signal_videocall.pcapng.out new file mode 100644 index 000000000..080243b08 --- /dev/null +++ b/test/results/stats/fpc/signal_videocall.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29593 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:81563 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27668 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/fpc_disabled/teams.pcap.out b/test/results/stats/fpc_disabled/teams.pcap.out index 18362db1c..aeca62000 100644 --- a/test/results/stats/fpc_disabled/teams.pcap.out +++ b/test/results/stats/fpc_disabled/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:668 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:641812 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:640202 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:51 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:27 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:6 diff --git a/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out b/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out index 67dc96d04..204249008 100644 --- a/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out +++ b/test/results/stats/guess_ip_before_port_enabled/1kxun.pcap.out @@ -1,17 +1,17 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1583206 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1583231 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:156501 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:2270815 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:624 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:116 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:121 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:53 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -58,7 +58,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:63 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:68 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:45 @@ -83,18 +83,19 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:32 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -110,9 +111,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:197 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/guessing_disable/webex.pcap.out b/test/results/stats/guessing_disable/webex.pcap.out index 91b6c8454..a228ab28b 100644 --- a/test/results/stats/guessing_disable/webex.pcap.out +++ b/test/results/stats/guessing_disable/webex.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:500 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:430601 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:429665 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:45 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 @@ -96,7 +97,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:101 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:111 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 @@ -120,7 +121,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:76 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:25 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:36 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 diff --git a/test/results/stats/http_process_response_disable/http.pcapng.out b/test/results/stats/http_process_response_disable/http.pcapng.out index 1d6af9db5..f73d709a1 100644 --- a/test/results/stats/http_process_response_disable/http.pcapng.out +++ b/test/results/stats/http_process_response_disable/http.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out index f14e75aae..8c7d50abe 100644 --- a/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out +++ b/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/ip_lists_disable/1kxun.pcap.out b/test/results/stats/ip_lists_disable/1kxun.pcap.out index d9eb6cf06..93bdfde2b 100644 --- a/test/results/stats/ip_lists_disable/1kxun.pcap.out +++ b/test/results/stats/ip_lists_disable/1kxun.pcap.out @@ -1,17 +1,17 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1567570 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1567595 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:38 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:156501 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:2270815 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:38 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:624 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 @@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:116 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:121 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:53 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -58,7 +58,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:63 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:68 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:45 @@ -83,18 +83,19 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:32 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 @@ -110,9 +111,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:197 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:177 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:182 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 @@ -134,7 +135,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -147,7 +148,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 diff --git a/test/results/stats/monitoring/signal_audiocall.pcapng.out b/test/results/stats/monitoring/signal_audiocall.pcapng.out new file mode 100644 index 000000000..39ecbcdc1 --- /dev/null +++ b/test/results/stats/monitoring/signal_audiocall.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:44 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39875 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:19864 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:19438 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/monitoring/signal_videocall.pcapng.out b/test/results/stats/monitoring/signal_videocall.pcapng.out new file mode 100644 index 000000000..7b2e7d3cd --- /dev/null +++ b/test/results/stats/monitoring/signal_videocall.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29831 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:81563 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27668 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/monitoring/signal_videocall_multiparty.pcapng.out b/test/results/stats/monitoring/signal_videocall_multiparty.pcapng.out new file mode 100644 index 000000000..295a1fc73 --- /dev/null +++ b/test/results/stats/monitoring/signal_videocall_multiparty.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13654 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:67701 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18298 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/monitoring/stun.pcap.out b/test/results/stats/monitoring/stun.pcap.out index 566fbe191..844a28150 100644 --- a/test/results/stats/monitoring/stun.pcap.out +++ b/test/results/stats/monitoring/stun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:92 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:82593 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:82993 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/monitoring/stun_google_meet.pcapng.out b/test/results/stats/monitoring/stun_google_meet.pcapng.out index 8cd155e66..8b801cc6a 100644 --- a/test/results/stats/monitoring/stun_google_meet.pcapng.out +++ b/test/results/stats/monitoring/stun_google_meet.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:76 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:69958 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:70093 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/monitoring/stun_signal.pcapng.out b/test/results/stats/monitoring/stun_signal.pcapng.out index fe0271bad..44fb08c48 100644 --- a/test/results/stats/monitoring/stun_signal.pcapng.out +++ b/test/results/stats/monitoring/stun_signal.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:233 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:199422 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:201118 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:23 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/monitoring/stun_wa_call.pcapng.out b/test/results/stats/monitoring/stun_wa_call.pcapng.out index 2ef019da4..b77e93575 100644 --- a/test/results/stats/monitoring/stun_wa_call.pcapng.out +++ b/test/results/stats/monitoring/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:132 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:119151 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:120295 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/monitoring/stun_zoom.pcapng.out b/test/results/stats/monitoring/stun_zoom.pcapng.out index 5c9c8adfd..8f86e6f92 100644 --- a/test/results/stats/monitoring/stun_zoom.pcapng.out +++ b/test/results/stats/monitoring/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27473 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27509 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/monitoring/teams.pcap.out b/test/results/stats/monitoring/teams.pcap.out index 27568e0bd..f4b60b990 100644 --- a/test/results/stats/monitoring/teams.pcap.out +++ b/test/results/stats/monitoring/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:668 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:640476 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:638866 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:51 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:27 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:6 diff --git a/test/results/stats/monitoring/telegram_videocall.pcapng.out b/test/results/stats/monitoring/telegram_videocall.pcapng.out index cbf934d92..7f348cc37 100644 --- a/test/results/stats/monitoring/telegram_videocall.pcapng.out +++ b/test/results/stats/monitoring/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:220556 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:221659 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/monitoring/telegram_videocall_2.pcapng.out b/test/results/stats/monitoring/telegram_videocall_2.pcapng.out new file mode 100644 index 000000000..cb306c64f --- /dev/null +++ b/test/results/stats/monitoring/telegram_videocall_2.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:65 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:56276 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:49274 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:68741 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:30 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/monitoring/telegram_voice.pcapng.out b/test/results/stats/monitoring/telegram_voice.pcapng.out new file mode 100644 index 000000000..437205ae5 --- /dev/null +++ b/test/results/stats/monitoring/telegram_voice.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:82 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:70079 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:60389 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:66728 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:39 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/stats/ndpireader_conf_file/openvpn_obfuscated.pcapng.out new file mode 100644 index 000000000..1ea436118 --- /dev/null +++ b/test/results/stats/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27032 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:14851 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27360 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/stats/ndpireader_conf_file/signal_videocall.pcapng.out new file mode 100644 index 000000000..9cde9ae07 --- /dev/null +++ b/test/results/stats/ndpireader_conf_file/signal_videocall.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30171 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:81563 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27668 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/stats/ndpireader_conf_file/stun_signal_tcp.pcapng.out new file mode 100644 index 000000000..c5cb42724 --- /dev/null +++ b/test/results/stats/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -0,0 +1,172 @@ +PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11472 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:58588 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:27476 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out b/test/results/stats/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out index 53f1d52cd..065a31c99 100644 --- a/test/results/stats/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out +++ b/test/results/stats/openvpn_heuristic_enabled/openvpn_obfuscated.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out index fc00eaed2..5f212239c 100644 --- a/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out +++ b/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16812 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16689 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/stun_all_attributes_disabled/teams.pcap.out b/test/results/stats/stun_all_attributes_disabled/teams.pcap.out index cbab1cb42..e2c6f414d 100644 --- a/test/results/stats/stun_all_attributes_disabled/teams.pcap.out +++ b/test/results/stats/stun_all_attributes_disabled/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:668 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:652500 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:650890 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66 @@ -35,8 +35,8 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:42 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:51 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:27 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:6 diff --git a/test/results/stats/stun_extra_dissection/lru_ipv6_caches.pcapng.out b/test/results/stats/stun_extra_dissection/lru_ipv6_caches.pcapng.out index 09b243d5b..8e0fc1978 100644 --- a/test/results/stats/stun_extra_dissection/lru_ipv6_caches.pcapng.out +++ b/test/results/stats/stun_extra_dissection/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:89 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:93292 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:93337 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/stun_extra_dissection/stun_dtls_rtp.pcapng.out b/test/results/stats/stun_extra_dissection/stun_dtls_rtp.pcapng.out index 5dbcb500c..5be2ba0a6 100644 --- a/test/results/stats/stun_extra_dissection/stun_dtls_rtp.pcapng.out +++ b/test/results/stats/stun_extra_dissection/stun_dtls_rtp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25070 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25087 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out index 29834429a..5eb1c8f6d 100644 --- a/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18357 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18491 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out index 3f361a241..36b03fcb0 100644 --- a/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out +++ b/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27781 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27817 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/stun_only_peer_address_enabled/stun_wa_call.pcapng.out b/test/results/stats/stun_only_peer_address_enabled/stun_wa_call.pcapng.out index 339fe1311..5cddb9cf8 100644 --- a/test/results/stats/stun_only_peer_address_enabled/stun_wa_call.pcapng.out +++ b/test/results/stats/stun_only_peer_address_enabled/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:132 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:121791 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:122935 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index e9686ce05..4ecbf4607 100644 --- a/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/stats/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:225716 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:226819 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/subclassification_disable/anydesk.pcapng.out b/test/results/stats/subclassification_disable/anydesk.pcapng.out index 5e89fdd7c..93633b88d 100644 --- a/test/results/stats/subclassification_disable/anydesk.pcapng.out +++ b/test/results/stats/subclassification_disable/anydesk.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:66 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:67936 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:67526 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/subclassification_disable/dns.pcap.out b/test/results/stats/subclassification_disable/dns.pcap.out index c63a58041..6bb9cab1a 100644 --- a/test/results/stats/subclassification_disable/dns.pcap.out +++ b/test/results/stats/subclassification_disable/dns.pcap.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/subclassification_disable/http.pcapng.out b/test/results/stats/subclassification_disable/http.pcapng.out index 6e12576bd..9364f7bfb 100644 --- a/test/results/stats/subclassification_disable/http.pcapng.out +++ b/test/results/stats/subclassification_disable/http.pcapng.out @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/subclassification_disable/quic-mvfst-27.pcapng.out b/test/results/stats/subclassification_disable/quic-mvfst-27.pcapng.out index 82886d7e8..3c7d8c4ec 100644 --- a/test/results/stats/subclassification_disable/quic-mvfst-27.pcapng.out +++ b/test/results/stats/subclassification_disable/quic-mvfst-27.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16090 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16049 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/subclassification_disable/tls_ech.pcapng.out b/test/results/stats/subclassification_disable/tls_ech.pcapng.out index 19761a0ff..c07034bad 100644 --- a/test/results/stats/subclassification_disable/tls_ech.pcapng.out +++ b/test/results/stats/subclassification_disable/tls_ech.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10850 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10768 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/stats/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out index c63fc8cb8..a93257176 100644 --- a/test/results/stats/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/stats/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33984 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33902 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/stats/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out index 488d1bdeb..fa522651c 100644 --- a/test/results/stats/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/stats/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:75 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68577 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68413 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out index ad3d7fa4a..e2b4200db 100644 --- a/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:74 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:65937 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:65773 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out b/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out index 4672ba862..cf89e3b4c 100644 --- a/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33339 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33257 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out index a03f14e58..157ea5b7f 100644 --- a/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/stats/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:35014 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34974 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 236d5d11e..000000000 --- a/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,171 +0,0 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16742 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:844 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18233 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 236d5d11e..000000000 --- a/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,171 +0,0 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16742 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:844 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18233 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 236d5d11e..000000000 --- a/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,171 +0,0 @@ -PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16742 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:844 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:18233 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_55_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_56_count" interval=60 N:0 diff --git a/test/results/stats/zoom_extra_dissection/zoom.pcap.out b/test/results/stats/zoom_extra_dissection/zoom.pcap.out index 093334f86..b35759648 100644 --- a/test/results/stats/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/stats/zoom_extra_dissection/zoom.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:317 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:250711 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:249790 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/zoom_extra_dissection/zoom2.pcap.out b/test/results/stats/zoom_extra_dissection/zoom2.pcap.out index b27ef8af6..37a5b9be6 100644 --- a/test/results/stats/zoom_extra_dissection/zoom2.pcap.out +++ b/test/results/stats/zoom_extra_dissection/zoom2.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:46 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43286 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43163 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stats/zoom_extra_dissection/zoom_p2p.pcapng.out b/test/results/stats/zoom_extra_dissection/zoom_p2p.pcapng.out index 9b5ee8682..496354b6f 100644 --- a/test/results/stats/zoom_extra_dissection/zoom_p2p.pcapng.out +++ b/test/results/stats/zoom_extra_dissection/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:134 -PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:116577 +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:116709 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13 @@ -83,6 +83,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_health_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0 diff --git a/test/results/stun_all_attributes_disabled/teams.pcap.out b/test/results/stun_all_attributes_disabled/teams.pcap.out index a20a7e8cb..a8b3b46a3 100644 --- a/test/results/stun_all_attributes_disabled/teams.pcap.out +++ b/test/results/stun_all_attributes_disabled/teams.pcap.out @@ -1,5 +1,5 @@ -00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","domainame":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -32,14 +32,14 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"} -01596{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01549{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"} -01363{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} -02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01895{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01854{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00312{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249} 00386{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -47,7 +47,7 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"} 02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -55,16 +55,16 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"} -01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00316{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485} @@ -77,9 +77,9 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01896{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01855{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -121,7 +121,7 @@ 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -130,17 +130,17 @@ 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -01156{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} +01144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.114.75.69,ttl=5"]}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="} -01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -150,17 +150,17 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","domainame":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="} -01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} 01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"} -01564{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} +01520{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com","domainame":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48","blocks":0}}} 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} 01160{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["52.113.194.132,ttl=104"]}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -168,9 +168,9 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"} -01655{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","domainame":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -183,15 +183,15 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","domainame":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"} -01897{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -208,7 +208,7 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"} -01263{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","domainame":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"} @@ -219,9 +219,9 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} 01261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01383{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"} -01505{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01471{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} @@ -233,16 +233,16 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","domainame":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01897{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} @@ -254,10 +254,10 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"} -02108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} -02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +02067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","domainame":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2","blocks":0}}} +02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -300,49 +300,49 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} 00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} 01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","domainame":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"} -01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} +01687{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","domainame":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"} -01897{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"} -01897{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"} -01785{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} -02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01744{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","domainame":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4","blocks":0}}} +02333{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="} -01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"} -01677{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} +01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","domainame":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E","blocks":0}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"} 02367{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -353,15 +353,15 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"} -01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"} -01899{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} +01858{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","domainame":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63","blocks":0}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="} -01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -374,10 +374,10 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="} -01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com","domainame":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"} -01898{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} -02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01857{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","domainame":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB","blocks":0}}} +02196{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -389,7 +389,7 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euno-1.api.microsoftstream.com","domainame":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} @@ -401,7 +401,7 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} @@ -413,7 +413,7 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"} -01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","domainame":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"} 02235{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} @@ -428,16 +428,16 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 01262{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01384{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"} -01506{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01472{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_e802cdec6a7f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -448,43 +448,43 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="} -01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","domainame":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 02509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} -01018{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="} -01018{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01068{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"} @@ -493,15 +493,15 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","domainame":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"} -01879{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} +01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","domainame":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75","blocks":0}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -512,40 +512,40 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"} -01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","domainame":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="} -01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} -01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} -01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"159.145.24.130:64794"}}} +01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"159.145.24.130:64794","multimedia_flow_types":"Audio"}}} 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} -01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"peer_address":"18.140.192.228:28678"}}} +01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"peer_address":"18.140.192.228:28678","multimedia_flow_types":"Audio"}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -554,9 +554,9 @@ 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="} 02355{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Audio","stun": {"multimedia_flow_types":"Audio"}}} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stream_content":"Video","stun": {"multimedia_flow_types":"Video"}}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} @@ -570,7 +570,7 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net","domainame":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -578,21 +578,21 @@ 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -02366{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02360{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01053{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com"}} -01044{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} -01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01052{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01190{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} -01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com"}} +01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} +01046{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com"}} +01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Teams","proto_by_ip_id":250,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01180{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01180{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} 01051{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com"}} +01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-api.asm.skype.com"}} 01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01181{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com"}} @@ -605,8 +605,8 @@ 01181{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com"}} 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com"}} 01190{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com"}} -01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01133{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00890{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com"}} @@ -616,7 +616,7 @@ 01061{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com"}} 01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com"}} -01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com"}} @@ -632,8 +632,8 @@ 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net"}} 01042{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net"}} -01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com"}} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01054{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.microsoftstream.com"}} +01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com"}} 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net"}} @@ -643,29 +643,29 @@ 01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net"}} 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01236{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01236{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} 01181{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01181{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com"}} 01242{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}} -01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net"}} -01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"gate.hockeyapp.net"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01085{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TeamsCall","proto_id":"38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} +01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00874{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_all_attributes_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1540,"packets-processed":1498,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":51,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":668,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -674,9 +674,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8345483 bytes -~~ total memory freed........: 8345483 bytes -~~ total allocations/frees...: 117024/117024 +~~ total memory allocated....: 8923253 bytes +~~ total memory freed........: 8923253 bytes +~~ total allocations/frees...: 128763/128763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 316 chars ~~ json message max len.......: 2522 chars diff --git a/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out b/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out index 71c4d4cc2..29b3cf330 100644 --- a/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out +++ b/test/results/stun_extra_dissection/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00849{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} @@ -35,42 +35,42 @@ 01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052959035612,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00850{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969360318,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969360318,"pkt":"AAAAAAAAAAgAKih5ht1gChT5ACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy8wKP2CEgBL\/\/+ibAAACBAVQAQEEAgEDAwo="} 02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517969,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy80KP2KJUBAAQlzUAAAWAwMAUAIAAEwDA2Gx9qmsk0SkPB6KDAiZvXlLcIQwNUuS8UsCtY0L22BDAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517992,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESW0R0KP2KJUBAAQnUtAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHIMAABuAwAdIDwd"} -01625{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969585053,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969585053,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzACAGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1XdwhBagBL\/\/\/uQAAACBAVQAQEEAgEDAwo="} 02409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1bdwhJfUBAAQnm1AAAWAwMAUAIAAEwDA2Gx9qme4uujwv1+7XVRUWnJHpI6\/iAaaJ7rvPDDXG+vAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5VKbdwhJfUBAAQpK1AABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIDGI"} -01633{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01591{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052971296401,"pkt":"AAAAAAAAAAgAVrKUht1gDJJRAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBwt+hkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxCYpebxBOzZP3H84ohCF\/4mXRlMTpxOTpnZXRfcGVlcnMxOnQyOhlZMTp2NDpMVAECMTp5MTpxZQ=="} 01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052971296401,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974554138,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052974554138,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1YLBRqPgBL\/\/4UNAAACBAVQAQEEAgEDAwo="} 02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704392,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1cLBRtIUBAAQtsqAAAWAwMAUAIAAEwDA2Gx9q7NW\/InZk3e9l0G3VMCEwBfKMJf26DLOUsrrRkmAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} -01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} +01282{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2","blocks":0}}} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704415,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aMKcLBRtIUBAAQgdNAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIEe5"} -01634{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} +01592{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0","blocks":0}}} 00850{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00850{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"} @@ -86,7 +86,7 @@ 01291{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01287{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1639052981556623} +00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/stun_extra_dissection\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":88,"packets-processed":88,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":89,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -95,9 +95,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6951322 bytes -~~ total memory freed........: 6951322 bytes -~~ total allocations/frees...: 114378/114378 +~~ total memory allocated....: 7529058 bytes +~~ total memory freed........: 7529058 bytes +~~ total allocations/frees...: 126114/126114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars ~~ json message max len.......: 2415 chars diff --git a/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out b/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out index 2822dabac..5a3d0eb01 100644 --- a/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out +++ b/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out @@ -1,28 +1,28 @@ -00634{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} +00634{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00855{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1669989925164266,"pkt":"CL6sCxduJjb1W8R1CABFAACQVjZAAEARNZzAqAycjvpSTJRPS2kAfJZwAAEAYCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAkAARufx7\/AAgAFFXMCO6dEOYzzYk4Nclzw7fn\/+udgCgABEyaSoM="} -01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1669989925187720,"pkt":"Jjb1W8R1CL6sCxduCABFgACAAAAAACkR4mKO+lJMwKgMnEtplE8AbJ74AQEAUCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgAAIAAIAAHRcnwxD0EACAAUJIx1+vxTzWOyfafF9tFkzZIBE8qAKAAEKQoUxA=="} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1669989925221418,"pkt":"CL6sCxduJjb1W8R1CABFAAC5VjpAAEARNW\/AqAycjvpSTJRPS2kApScvFv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79S\/RrlK87INy3ylIzfu8bizsUmZbJs1gA0ekqf6irQH0AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1669989925221418,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1669989925221418,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1245,"pkt_l4_len":1211,"thread_ts_usec":1669989925246353,"pkt":"Jjb1W8R1CL6sCxduCABFgATPAAAAACkR3hOO+lJMwKgMnEtplE8Eu\/g7Fv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79Y4oGJZyFb5JepAe9szJjjByvKZ37cPqVErYZyM765YAAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAgAFv79AAAAAAAAAAECvQsAArEAAQAAAAACsQACrgACqzCCAqcwggGPoAMCAQICCQC8uqOs09h3+zANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhoYW5nb3V0czAeFw0yMjExMzAxNzM1MThaFw0yMzEyMDExNzM1MThaMBMxETAPBgNVBAMMCGhhbmdvdXRzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1yxLV4kqNHdkASeF5xg7eBecoZkE9HEL3CyKnnV5t7toYNS4OeGhbcQbMPNSDSOnmlHbqdcw6ZEJuQgiDVPLlIYRs\/6teD1Rrh95uPxCli\/eawXofQ+85GwLd8HPu\/1Tf1KkdH7bTnI5ggNxJzvUIn7OvPEXLAxPOh7I3RCas4Cd7k+Oz1YQmbnYZfKYy3jnzIQ+h556EgecvjI9tDtX+SanJAa9c9M8yzK9YkbAGCSQV5haW7yBvttXD17QF64g2wM65j0g3uTJ7UrtyneMAht0I4sc8aCq7AhuwJnWwhakL3taKN6y6c2q98Okz0ECUeQ60147X\/ysmxI0vfS3wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAtFce+YJ3fArKQ4fKZHaF7w6Kn2kogyZChKZ\/Hr8mqr4iyQ2HgF5a8PPh\/BB+aDDMa7k4IZueAjh2a\/Y+Q0YKmwP4sMWrhKZjyg7loocB2Z93+BngDSUrNEnyPyOCN9ZeSj5sPLdOKtCQveKhJ+JpqKozl98tw1LmmE96d9gwb8f6Jld\/hD\/ZPjp3oucWhOyUvDDg08IOTCFjgw\/DGttdJzZkBMJyh7kfx4YrHfF2HYOOyG44BVLSsU+mtF8zjy4+slDyAC9GrxyBkpvINa2tR2uuH0fel3keaZjEPRwf6GZDs55po6e3PVX9sXBZAq9CvabFKHqC+YA5YP3U1cKkrFv79AAAAAAAAAAIBNAwAASgAAgAAAAABKAMAHSCbQVZZ8KrFVukce1QIPdZ2T96RMNZBLJbxPJsZqAz6HggEAQCRDe7GpBuvs6Fbe\/duaPnRzi+TuxO1aOrBXscZ4djas+UCamAjEbmU07x7uRr5uMpZqZI27NlR5\/7+AkrBrh6rckT+uo7sd5UZV7HyRKFUxK2YjkrS1HzkNFKp7RfB27LVg6pCeGHysEbHV8V8dPks1hAl834D9n2PtxaDwfhvehWA9hQk338ICURUX5EX+U\/IHQMBEcJVinCclbAzJDu0zMO+EESVFt0\/FVowcSbYpZ7fqrDjqh\/OFcjlRHUxdumeVRsT9idi1zgvn9NhIKP0\/enEfBqbQOpwI22cdU8fNKIJCPoeYSiIDy\/ceLYeDc6iY09Tn2ER0Y7KuhmW5eKbFv79AAAAAAAAAAMAJQ0AABkAAwAAAAAAGQIBQAASBAMIBAQBBQMIBQUBCAYGAQIBAAAW\/v0AAAAAAAAABAAMDgAAAAAEAAAAAAAA"} -01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC","blocks":0}}} +01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC","blocks":0}}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1669989925331729,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1669989925331729,"pkt":"CL6sCxduJjb1W8R1CABFAACUVj1AAEARNZHAqAycjvpSTJRPS2kAgIetAAEAZCESpEJHeElSOVZ4WXVGUjkABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAlAAAAJAAEbn8e\/wAIABRPuZAhjSuP3zBrIerigzXVUm4nSYAoAAQ65t8C"} 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925844909,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989925844909,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":43515.6,"max":258068,"stddev":58201.4,"var":3387401984.0,"ent":4.0,"data": [23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379]},"pktlen": {"min":68,"avg":221.2,"max":1231,"stddev":244.4,"var":59721.8,"ent":4.4,"data": [144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]},"bins": {"c_to_s": [0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0],"entropies": [5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657055887,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657055887,"pkt":"CL6sCxduSKRyNpegCABFAAA08+VAAIAGV4zAqAy2jvpS+cQtDZbxQLjKAAAAAIAC+vBI\/gAAAgQFtAEDAwgBAQQC"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657058869,"pkt":"SKRyNpegCL6sCxduCABFgAA0AABAAG8GW\/KO+lL5wKgMtg2WxC3d8CUA8UC4y4AS\/\/9BHQAAAgQFhAEBBAIBAwMI"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1710679657060611,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1710679657060611,"pkt":"CL6sCxduSKRyNpegCABFAAAo8+dAAIAGV5bAqAy2jvpS+cQtDZbxQLjL3fAlAVAQAQOAvQAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1710679657060888,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1710679657060888,"pkt":"CL6sCxduSKRyNpegCABFAAAo8+hAAIAGV5XAqAy2jvpS+cQtDZbxQLjL3fAlAVAQAgB\/wAAA"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1710679657061095,"pkt":"CL6sCxduSKRyNpegCABFAABE8+lAAIAGV3jAqAy2jvpS+cQtDZbxQLjL3fAlAVAYAgCAvgAAAAMACCESpEJNeko1THZzcmRlbGMAGQAEEQAAAA=="} -01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657061095,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} -01048{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657063848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1710679657063848,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {}}} +01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657061095,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} +01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657063848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1710679657063848,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","domainame":"turn.l.google.com","stun": {"multimedia_flow_types":"Unknown"}}} 02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657765266,"flow_dst_last_pkt_time":1710679657791909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":656,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":1924,"midstream":0,"thread_ts_usec":1710679657791909,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46625.8,"max":509459,"stddev":117745.2,"var":13863926784.0,"ent":2.8,"data": [2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125]},"pktlen": {"min":40,"avg":142.1,"max":696,"stddev":150.7,"var":22704.0,"ent":4.4,"data": [52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160]},"bins": {"c_to_s": [8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989926044388,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657948817,"flow_dst_last_pkt_time":1710679657936697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1108,"flow_src_tot_l4_payload_len":1968,"flow_dst_tot_l4_payload_len":12540,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}} -00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6915048 bytes -~~ total memory freed........: 6915048 bytes -~~ total allocations/frees...: 114254/114254 +~~ total memory allocated....: 7492666 bytes +~~ total memory freed........: 7492666 bytes +~~ total allocations/frees...: 125986/125986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2243 chars diff --git a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out index 397155f0b..b037df0c7 100644 --- a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out @@ -1,15 +1,15 @@ -00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} +00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255723,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1449812497255723,"pkt":"ACZs0wdDACZsIyatCABFAAB4bmVAAEARuAEKAQADCgoAARbdCvgAZFQ9AQMASCESpELECsSOsFxxIrqIIMwAFgAIAAHMnSsTpEEAIAAIAAFGGCsYpEMADQAEAAACWIAiABpDb3R1cm4tNC41LjAuMyAnZGFuIEVpZGVyJy4wgCgABF9l9iI="} -01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255723,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815"}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497255723,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255723,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815","multimedia_flow_types":"Unknown"}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1449812497284653,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497284653,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL6AAAIAR9v4KCgABCgEAA\/7K4YIALHa+AAMAECESpELy08QBzM3M08FJbUoAGQAEEQAAAIAoAAQGWrhk"} -01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497284653,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497284653,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497284653,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497284653,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1449812497285016,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1449812497285016,"pkt":"ACZs0wdDACZsIyatCABFAACMbmpAAEARt+gKAQADCgoAARbdCvgAeNrAARMAXCESpELy08QBzM3M08FJbUoACQAwAAAEJU1pc21hdGNoZWQgYWxsb2NhdGlvbjogd3JvbmcgdHJhbnNhY3Rpb24gSUQAgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInAASAKAAEYViFJQ=="} -01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497285016,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497285016,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812497285016,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497285016,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"10.10.0.1:26378","relayed_address":"10.1.0.3:60815","multimedia_flow_types":"Unknown"}}} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1449812497336154,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1449812497336154,"pkt":"ACZsuc\/8ACZsCyRcCABFAACAL6EAAIAR9r0KCgABCgEAA\/7K4YIAbNH9AAgAUCESpEIkVCKMfhmvXBar8\/cABgAJdXNlcm5hbWUxAAAAABQAAAAVAAAAEgAIAAHMcOG6pisAEgAIAAHMcCsSpNEACAAUPkaSjGDG59HsJQn9tgdRZ5t4az2AKAAE4Guc5w=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1449812497336559,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1449812497336559,"pkt":"ACZs0wdDACZsIyatCABFAABYbnRAAEARuBIKAQADCgoAARbdCvgARIGqAQgAKCESpEIkVCKMfhmvXBar8\/eAIgAaQ290dXJuLTQuNS4wLjMgJ2RhbiBFaWRlcicgd4AoAATjDw2r"} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1449812497364710,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1449812497364710,"pkt":"ACZsuc\/8ACZsCyRcCABFAACoL6IAAIAR9pQKCgABCgEAA\/7K4YIAlCONABYAeCESpEKYrfbhUiTxAi9XC4wAEgAIAAHMcOG6pisAEwBoAAEAVCESpEKu9pClNlbUssHvnF8ABgAZMjcwZTM5M2Y6ZWEydnJwQzRKd2NqQ0YwZQAAAAAkAARu\/\/\/\/gCoACP\/\/\/\/\/\/\/\/\/\/AAgAFC4EXURAQUKzurHPv\/8ZrRnsFrR1gCgABL8MLuw="} @@ -18,7 +18,7 @@ 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1449812497496479,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1449812497496479,"pkt":"ACZs0wdDACZsIyatCABFAADMboRAAEARt44KAQADCgoAARbdCvgAuIfMABcAnCESpEKabwkxCgNoKDFqLpgAEwBsAAEAWCESpEJ+6j0VqO37x7qvJhcABgAZZWEydnJwQzRKd2NqQ0YwZToyNzBlMzkzZgAAAAAlAAAAJAAEbn4A\/4AqAAgAAAAAAAAAAQAIABSRSix2Wt+JeRYEja3Dcq7w4OuHlYAoAARIzREHABIACAABzHArEqTRgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInICc="} 01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/43 ~~ skipped flows.............: 0 @@ -27,10 +27,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6911296 bytes -~~ total memory freed........: 6911296 bytes -~~ total allocations/frees...: 114193/114193 +~~ total memory allocated....: 7488936 bytes +~~ total memory freed........: 7488936 bytes +~~ total allocations/frees...: 125926/125926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 591 chars -~~ json message max len.......: 1311 chars -~~ json message avg len.......: 950 chars +~~ json message max len.......: 1345 chars +~~ json message avg len.......: 967 chars diff --git a/test/results/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/stun_extra_dissection/stun_zoom.pcapng.out index cb16a8b84..cf1523491 100644 --- a/test/results/stun_extra_dissection/stun_zoom.pcapng.out +++ b/test/results/stun_extra_dissection/stun_zoom.pcapng.out @@ -1,31 +1,31 @@ -00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535555383,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABTFtYB0ycot0Qy1S9naomjILfmurIAoAAQ+7lku"} -01238{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535607032,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD3xAADERbHSG4FpvwKgrqSJhvtYASE6sAQEALCESpEIJLXMzkXIYSWor3N8AIAAIAAEAAHwzzS0ACAAUX9ajIUvkC+s+fBB\/ykxaS5wOOuqAKAAEnxO\/9Q=="} -01167{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} +01201{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535607198,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535607198,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzhAAEAR2VvAqCuphuBab77WImEApMlhAAEAiCESpELh2wHdYLBaO1o3kj4ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} -01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535618755,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kztAAEAR2VjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535638993,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0BAAEAR2VPAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} -01238{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535718922,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535718922,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0tAAEAR2UjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535739218,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k09AAEAR2UTAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} -01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} -01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}} +01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01490{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535812586,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD6NAADARbU2G4FpvwKgrqSJhz0kASPHKAQEALCESpEJLP6Z0mpHuyXM99DsAIAAIAAEAAHwzzS0ACAAUCL5PYVNYAABIJaSs+ThbSkIV4CuAKAAEBcrGkQ=="} -01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466"}}} -01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} +01202{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"93.33.105.111:8466","multimedia_flow_types":"Unknown"}}} +01139{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}} 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680} +00861{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -34,10 +34,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6923322 bytes -~~ total memory freed........: 6923322 bytes -~~ total allocations/frees...: 114229/114229 +~~ total memory allocated....: 7500962 bytes +~~ total memory freed........: 7500962 bytes +~~ total allocations/frees...: 125962/125962 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 622 chars ~~ json message max len.......: 2199 chars -~~ json message avg len.......: 1388 chars +~~ json message avg len.......: 1387 chars diff --git a/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out b/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out index 0a04d18d6..8f524dc60 100644 --- a/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out +++ b/test/results/stun_only_peer_address_enabled/stun_wa_call.pcapng.out @@ -1,44 +1,44 @@ -00642{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00863{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00642{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00863{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478"}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="} -01184{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029608,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478"}}} +01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029608,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="} -01189{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035552,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035552,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="} -01189{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968036993,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968036993,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="} -01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478"}}} +01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478"}}} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478"}}} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="} -01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037483,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478"}}} +01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037483,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="} -01099{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968037875,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"93.57.123.227:3478"}}} +01133{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968037875,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"93.57.123.227:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044522,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwhAAFURgBGd8Ms+wKgMnA2WtjwATEezAQMAMCESpEJwdYtExyOnTtGTSicAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUiLSqHkDyO4Nn0koco41Anoog2hY="} -01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968044522,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.203.62:3478"}}} +01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968044522,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044575,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwlAAFURgBCd8Ms+wKgMnA2WtjwATDevAQMAMCESpEJwdYtExyOnTtGTSigAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUPpUdGzsHO6o60A2P\/YzAPtGyD14="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968055421,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFBAAFYRrcmd8Oc+wKgMnA2WtjwATEo8AQMAMCESpEJwdYtExyOnTtGTSikAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDIACAAUfe6H1Xa456A0pvmxA+2DiUprJrM="} -01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968055421,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.231.62:3478"}}} +01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968055421,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968058079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968058079,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFJAAFYRrced8Oc+wKgMnA2WtjwATE4+AQMAMCESpEJwdYtExyOnTtGTSioAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUwWTirh60\/VHH+ED4aqqQivjmyd4="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060837,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpVxAAFMRAcmd8BUzwKgMnA2WtjwATKdbAQMAMCESpEJwdYtExyOnTtGTSisAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUABEIe9NGgDdArgJP1RoA97aa1Do="} -01102{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968060837,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.21.51:3478"}}} +01136{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968060837,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.21.51:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060888,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpV1AAFMRAcid8BUzwKgMnA2WtjwATFmEAQMAMCESpEJwdYtExyOnTtGTSiwAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUdeov0ALnfOy1FSGpfbM\/gVsZOSo="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064266,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NlAAFQRJ06d8MMwwKgMnA2WtjwATMmfAQMAMCESpEJwdYtExyOnTtGTSi0AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUEauiV+5OdWK08lpoY4KvoDM8wkA="} -01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968064266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.195.48:3478"}}} +01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676659968064266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61494","relayed_address":"157.240.195.48:3478","multimedia_flow_types":"Unknown"}}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064299,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NpAAFQRJ02d8MMwwKgMnA2WtjwATLBEAQMAMCESpEJwdYtExyOnTtGTSi4AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUBF3x7h5ICsoSF2To96zryfeV154="} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659970501672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1676659970501672,"pkt":"Jjb1W8R1CL6sCxduCABFAABKBqBAAFcRdqJdOXvjwKgMnA2WtjwANj3TgcoAB+FyMapRK5FaypeotDESW84OgO841cZwILWkJxeAAAAB+Wopohy6zZkyGw=="} 00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970535244,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970535244,"pkt":"CL6sCxduJjb1W8R1CABFwAEsfaFAAEARhOzAqAycnfDLPrY8DZYBGBQxAAMA\/CESpEJwdYtExyOnTtGTSjFAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLzib3wACAAUXTCmuD43X2iZxaQUlL\/5MyGiwQU="} @@ -48,59 +48,59 @@ 02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="} -01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="} -01191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":415,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625741,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478"}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":415,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625741,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="} -01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="} -01191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626848,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478"}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626848,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="} -01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478"}}} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="} -01191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":419,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627131,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478"}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":419,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627131,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478"}}} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="} -01189{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":421,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627411,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478"}}} +01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":421,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627411,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="} -01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478"}}} +01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="} -01190{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":423,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627695,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478"}}} +01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":423,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627695,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="} -01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020633882,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.203.62:3478"}}} +01139{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020633882,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.203.62:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1676660020635842,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1676660020635842,"pkt":"CL6sCxduJjb1W8R1CABFwABci9RAAEARd4nAqAycnfDLPsF2DZYASEFRCAQALCESpEI9TftlKWJACU3e+UNABwACAfQAAAAWAAgAASyEvOJvfAAIABQ46era\/Z2SZjhFF95tb67cFTcxPA=="} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646356,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEA9AAFYRwgqd8Oc+wKgMnA2WwXYATESqAQMAMCESpEI9TftlKWJACU3e+TsAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAU2sO6qtIQRG8Fb8Ku\/1Yc8bkNCwU="} -01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646356,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.231.62:3478"}}} +01139{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646356,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.231.62:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646394,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEBBAAFYRwgmd8Oc+wKgMnA2WwXYATMHdAQMAMCESpEI9TftlKWJACU3e+TwAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUtd5zvNHTNstw7o7HFkTuf+A5wEQ="} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646446,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX5AAFMRn1q5PNgzwKgMnA2WwXYATEpFAQMAMCESpEI9TftlKWJACU3e+UEAIAAIAAHRX3wxD0FAAgAIAAABhmC5laEACAAUH8edTAMAuZVpRGGCYax6hVg0ya8="} -01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":430,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646446,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"185.60.216.51:3478"}}} +01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":430,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020646446,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"185.60.216.51:3478","multimedia_flow_types":"Unknown"}}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646471,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX9AAFMRn1m5PNgzwKgMnA2WwXYATDurAQMAMCESpEI9TftlKWJACU3e+UIAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUqiKz9h9t1ITvWTv\/BN9zdrh6ouk="} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649547,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFdAAFMRioSzPMAwwKgMnA2WwXYATFMNAQMAMCESpEI9TftlKWJACU3e+T8AIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUAUJ5rKYzB8P+FxjEnR76AoJ8\/mE="} -01103{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649547,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"179.60.192.48:3478"}}} +01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649547,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"179.60.192.48:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649585,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFhAAFMRioOzPMAwwKgMnA2WwXYATFWhAQMAMCESpEI9TftlKWJACU3e+UAAIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUgv6L2fitRmrDKBO6QOmHmVTNEwk="} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649607,"pkt":"Jjb1W8R1CL6sCxduCABFAABg00xAAFQRI82d8MQ+wKgMnA2WwXYATB51AQMAMCESpEI9TftlKWJACU3e+T0AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUDM36X1qnGrp9aVSAhimrdKC7fMo="} -01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649607,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.196.62:3478"}}} +01139{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":544,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1676660020649607,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.35.171.3:61517","relayed_address":"157.240.196.62:3478","multimedia_flow_types":"Unknown"}}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649623,"pkt":"Jjb1W8R1CL6sCxduCABFAABg001AAFQRI8yd8MQ+wKgMnA2WwXYATIH0AQMAMCESpEI9TftlKWJACU3e+T4AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUxKTeHLccf0M6tOjMy8siv2yc4lE="} 02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1676660024325807,"pkt":"CL6sCxduJjb1W8R1CABFwAB1QNhAAEARWCPAqAycXSF2V8F2oJMAYc1lkHgABQAA3UBRZ9y23r4AA1ErK2EAvZEZhwAAAKbOSK90hIl36enLLzUIk6r\/w1XH6T2mtq3Gg8VNMWWeuoZcZLDNzrjMgd0lraiBKjJ3Gy5jB\/m61+BApbg="} -01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","stream_content":"Audio"}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024620334,"pkt":"CL6sCxduJjb1W8R1CABFwABISE9AAEAR8Q7AqAycClIo8cF2nfQANEB+AAEAGCESpEIXwuNn6QQGBGvPy2QACAAUUNSepUVO3cHbT1W7D8IkB9QMLLk="} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1676660025173851,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025173851,"pkt":"CL6sCxduJjb1W8R1CABFwABISHxAAEAR8OHAqAycClIo8cF2nfQANJUKAAEAGCESpEJbGGZZJbjNIbGSmgoACAAUqscImv03XhISfmW0WS8IT6fPtOk="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1676660025726086,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025726086,"pkt":"CL6sCxduJjb1W8R1CABFwABISIRAAEAR8NnAqAycClIo8cF2nfQANJ6PAAEAGCESpEKk0qlxm\/ZTOSdEwkYACAAUXDPKAV6TGyzZ4WyS4fYKXK0zlIs="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1676660026276036,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660026276036,"pkt":"CL6sCxduJjb1W8R1CABFwABISLRAAEAR8KnAqAycClIo8cF2nfQANMOEAAEAGCESpEKl9A496LZkbYe+i00ACAAU\/ewrDda+DUas0DsT+++L7XeLDdc="} @@ -129,7 +129,7 @@ 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00882{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1676660035303048} +00882{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":591,"packets-processed":591,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":132,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -138,9 +138,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6953649 bytes -~~ total memory freed........: 6953649 bytes -~~ total allocations/frees...: 114872/114872 +~~ total memory allocated....: 7531289 bytes +~~ total memory freed........: 7531289 bytes +~~ total allocations/frees...: 126605/126605 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 605 chars ~~ json message max len.......: 2234 chars diff --git a/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out index 0f27f266a..294834d2d 100644 --- a/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out +++ b/test/results/stun_only_peer_address_enabled/telegram_videocall.pcapng.out @@ -1,5 +1,5 @@ -00648{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00648{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00869{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,46 +67,46 @@ 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","domainame":"_ipps._tcp.local","mdns": {}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524693,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5hAAEARsUTAqAypW2wJI5\/KBXgAHDtQAAEAACESpEJIMnFVQ1lxbmo0T2k="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524739,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJRAAEARBFXAqAypW2wNF5\/KBXgAHHQdAAEAACESpEJIUHBYOFJCa1BTZ3I="} -01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524758,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhapAAEARe1PAqAypW2wRAp\/KBXgAHEVfAAEAACESpEJ6MlBsUVQ4ZXFBUGU="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524853,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5lAAEARsUPAqAypW2wJI6TVBXgAHErTAAEAACESpEJkbkR6YnRjOCtUeXU="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJVAAEARBFTAqAypW2wNF6TVBXgAHA1WAAEAACESpEJySFdkRXFhMm8xbWY="} -01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524980,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhatAAEARe1LAqAypW2wRAqTVBXgAHD1nAAEAACESpEJhWUs4ZHp0RDFIYlM="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554802,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/lAADIRxqNbbAkjwKgMqQV4n8oAXEAzAQEAQCESpEJIMnFVQ1lxbmo0T2kAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATBooRE"} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554820,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/pAADIRxqJbbAkjwKgMqQV4pNUAXBWkAQEAQCESpEJkbkR6YnRjOCtUeXUAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAR+XQGa"} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353559621,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V55AAEARsTbAqAypW2wJI57DBXgAJBZLAAMACCESpEJHRnE0WVpwcXk3QUQAGQAEEQAAAA=="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353561154,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJZAAEARBEvAqAypW2wNF8IDBXgAJEywAAMACCESpEJLQjVlaHNjb05HRFcAGQAEEQAAAA=="} -01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353562490,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbBAAEARe0XAqAypW2wRAsJ0BXgAJDsLAAMACCESpEJFS2c2dEFDQVFCNysAGQAEEQAAAA=="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353563617,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V59AAEARsTXAqAypW2wJI5PZBXgAJDwFAAMACCESpEJzL2NkT3M5d09DczAAGQAEEQAAAA=="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353566545,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJdAAEARBErAqAypW2wNF5KaBXgAJGk9AAMACCESpEIvdUUyY2tqRkhzZzgAGQAEEQAAAA=="} -01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353568287,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbFAAEARe0TAqAypW2wRApJEBXgAJEOkAAMACCESpEJXdzMwem5Vb2lRUDIAGQAEEQAAAA=="} -01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592239,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAFAADIRxpNbbAkjwKgMqQV4k9kAZPzIARMASCESpEJzL2NkT3M5d09DczAACQAQAAAEAVVuYXV0aG9yaXplZAAVABBhNGI2N2JkMTFmM2NiZmYyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABO5pXhk="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592256,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAJAADIRxpJbbAkjwKgMqQV4nsMAZEcIARMASCESpEJHRnE0WVpwcXk3QUQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlYWIwNmM2ZGY2ZjJmYmQwABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABGO2Od8="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594045,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6JAAEARsNLAqAypW2wJI5PZBXgAhCZ9AAMAaCESpEJFSFhETzUvU2I4WmwAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABSa2oTP+7Bjuk0YfAJVIWF1r6CZLw=="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594670,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6NAAEARsNHAqAypW2wJI57DBXgAhH5NAAMAaCESpEJCSnNBNVVDNDVaczQAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQZWFiMDZjNmRmNmYyZmJkMAAIABQ3n8Ssx4zZQ2K\/+FBSUazQoV0PUg=="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UApAADIRxopbbAkjwKgMqQV4k9kAZBfMAQMASCESpEJFSFhETzUvU2I4WmwAFgAIAAHWO3p+rWEAIAAIAAEMd3w9RQQADQAEAAAAPIAiAAROb25lAAgAFDGrj6855gYmVWWfBmziWEVvbHJ9gCgABAsNSy8="} @@ -116,15 +116,15 @@ 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353672049,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYb9AADARrv5bbBECwKgMqQV4n8oAXCujAQEAQCESpEJ6MlBsUVQ4ZXFBUGUAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQpALNo"} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353675084,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYcBAADARrv1bbBECwKgMqQV4pNUAXHVmAQEAQCESpEJhWUs4ZHp0RDFIYlMAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAS7Js+E"} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353693931,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqVAAC4Ru\/tbbA0XwKgMqQV4wgMAZCInARMASCESpEJLQjVlaHNjb05HRFcACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2NzMyOTkyMzg2Njc4NTEyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABG2eqec="} -01188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353695557,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKBAAEARA+HAqAypW2wNF8IDBXgAhKOZAAMAaCESpEJBZEN4cW5HdEFGQU8AGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQNjczMjk5MjM4NjY3ODUxMgAIABRKYn5RRlidqeK90JE9dWYntqfWLQ=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353698133,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqZAAC4Ru\/pbbA0XwKgMqQV4kpoAZPeaARMASCESpEIvdUUyY2tqRkhzZzgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3ZjJlMDdkMzhhN2Q1YThjABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABDZy+Rc="} -01188{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353700165,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKFAAEARA+DAqAypW2wNF5KaBXgAhB4eAAMAaCESpEI2L3k5MTJBekgxNVIAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABTXGOjRtHPJu2U2mkxXIuxzgoEzTg=="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353712008,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YcdAADARru5bbBECwKgMqQV4wnQAZOVuARMASCESpEJFS2c2dEFDQVFCNysACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5MjNjZjRhOTEyZWVjNjExABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABFPoPFk="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353715592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YchAADARru1bbBECwKgMqQV4kkQAZK5TARMASCESpEJXdzMwem5Vb2lRUDIACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxMDliZmI2ZjU1NGFiNmFkABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABNveHo0="} -01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {}}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org","domainame":"telegram.org","stun": {"multimedia_flow_types":"Unknown"}}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353724990,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhbhAAEARet3AqAypW2wRAsJ0BXgAhOBeAAMAaCESpEJOYVAxRW84NkxIcTEAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTIzY2Y0YTkxMmVlYzYxMQAIABTpiYU0jQHbI6r9fZq35jAxaSIy6w=="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353727618,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhblAAEARetzAqAypW2wRApJEBXgAhGZOAAMAaCESpEJoMWhNTlhETUJIWlUAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS50SfZ32flyf6YLkGd\/QoaStRrpQ=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353827428,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqlAAC4Ru\/dbbA0XwKgMqQV4wgMAZNM9AQMASCESpEJBZEN4cW5HdEFGQU8AFgAIAAHSfHp+qVUAIAAIAAEMcXw9RQQADQAEAAAAPIAiAAROb25lAAgAFLgmrFOsF293H+j5NDMwvQveTpPagCgABNdIUvI="} @@ -136,16 +136,16 @@ 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353979030,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353979030,"pkt":"CL6sCxdumt9Y+uvcCABFAACcV8FAAEARsK\/AqAypW2wJI57DBXgAiFzeAAgAbCESpEJLaEd2a0srdWZmaFcAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEGVhYjA2YzZkZjZmMmZiZDAACAAUou+k3ZoALmVPw8\/5VjA1fhf0byM="} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032353980549,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nBAAEARHLXAqAypCi5nyKWlpjoAbMb5AAEAUCESpEJPWEdZRU12Q2M1emIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUHa4B58DlCkqNNIW2N\/CJ9XQ+OsmAKAAEIkgRlA=="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354029382,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nRAAEARHLHAqAypCi5nyJ\/KpjoAbAm8AAEAUCESpEJCRXZwZkpKcGErWXYABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUV+RY7KavrTSyyjnYz1cDc6MlH+eAKAAEpABGKg=="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00820{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354077734,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq5pAAEARVurAqAypXSQNc6WlikEAbG5EAAEAUCESpEJQRW1oRjBpWkxwdVIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUeafd1aPwqIpYtKwwpuDeqKaNUbSAKAAEORW\/pw=="} -01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00820{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354126265,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq55AAEARVubAqAypXSQNc5\/KikEAbGK3AAEAUCESpEJMbE5LWHlWbCtGZlIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9Z04zkepdoWOsJ4ulp8YAe9jLUWAKAAEwATfyg=="} -01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354153456,"pkt":"mt9Y+uvcCL6sCxduCABFAABckpZAADYRehJdJA1zwKgMqYpBpaUASG0rAQEALCESpEJQRW1oRjBpWkxwdVIAIAAIAAEMenw9RQQACAAUrYd+q6RhgtRWxOyn0FCZYgykzwuAKAAEkVZ5KQ=="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1648032354165754,"pkt":"CL6sCxdumt9Y+uvcCABFAAAzq6JAAEARVy\/AqAypXSQNc6WlikEAH+78q+Dhs46p+vnyB59A6gTAmoVxX5wJtWc="} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354166263,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kpdAADYRefFdJA1zwKgMqYpBpaUAaPtpAAEATCESpEJnZHVuWHZ4blRHNEYABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABSu\/Dy1RdR7tJjCJ1zcoT327GhS+4AoAASaKnbd"} @@ -154,9 +154,9 @@ 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354253306,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kp1AADYReetdJA1zwKgMqYpBn8oAaCMkAAEATCESpEJIcTZVWmxodDUwUysABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABQBRhbWlQ7rMVy3PFduS9dj7gJsXoAoAARM5ARh"} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354255084,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq61AAEARVvvAqAypXSQNc5\/KikEASJBeAQEALCESpEJIcTZVWmxodDUwUysAIAAIAAGrU3w2qTEACAAUOSToq9gxyjIfvqnLxYFg75erULqAKAAEpWnpWQ=="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354274610,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3npAAEARHKvAqAypCi5nyKWlpjoAbOFzAAEAUCESpEJtdnE4djNMTnl3dk0ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUDInqNRBWk8dEJqTJc6HmCvGSZlqAKAAEY6GN3A=="} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354323453,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3n5AAEARHKfAqAypCi5nyJ\/KpjoAbLNZAAEAUCESpEJFbzlBWnVtb3doY3gABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUhaAVye4hAtQKKUN05sPT8bSFgCSAKAAEE\/ftBA=="} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {}}} +01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354372109,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354372109,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oFAAEARHKTAqAypCi5nyKWlpjoAbMtbAAEAUCESpEJTRTZGa284cW1DQmIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUzYBYKBlzlZ6Eaa\/nFMVbWPeH8RSAKAAER59Heg=="} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354421706,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354421706,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oNAAEARHKLAqAypCi5nyJ\/KpjoAbNnMAAEAUCESpEJkVUE4UWRoMit2dFIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9E6Knx5J8q4IYolGkKVYGZzVeFSAKAAEDziXvg=="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -176,19 +176,19 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359107008,"pkt":"mt9Y+uvcCL6sCxduCABFAABAp+JAAOsG1DA0OhIZwKgMqRRmnwbmakAqdp6QO4AYAHI69AAAAQEICk97b0VBLHTpwv4ABQAAAAANIwHG"} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359108251,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0S0pAAEAG29XAqAypNDoSGZ8GFGZ2npA75mpANoAQAKwMngAAAQEICkEsdPpPe29F"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557266,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWxxAAEARrcDAqAypW2wJI5\/KBXgAHJMEAAEAACESpEJKWGZZVmEzZGpzK04="} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}} +01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401","multimedia_flow_types":"Unknown"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557512,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWx1AAEARrb\/AqAypW2wJI6TVBXgAHEc2AAEAACESpEJaT3lOZUhRVUNaSWY="} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401"}}} +01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.9.35:1400","other_address":"10.67.66.99:1401","multimedia_flow_types":"Unknown"}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587689,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUlAADIRwVNbbAkjwKgMqQV4n8oAXLPRAQEAQCESpEJKWGZZVmEzZGpzK04AIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAQThhZ3"} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587715,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUpAADIRwVJbbAkjwKgMqQV4pNUAXGDgAQEAQCESpEJaT3lOZUhRVUNaSWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATgolB7"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363660886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFlAAEARAJDAqAypW2wNF6TVBXgAHIUQAAEAACESpEJ4TDNiVmMzcVJ5TTE="} -01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}} +01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401","multimedia_flow_types":"Unknown"}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363670970,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFpAAEARAI\/AqAypW2wNF5\/KBXgAHDFOAAEAACESpEJ4Mld2aHpNWHgzMEw="} -01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401"}}} +01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.13.23:1400","other_address":"10.160.194.103:1401","multimedia_flow_types":"Unknown"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363673567,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiUNAAEARd7rAqAypW2wRAp\/KBXgAHEXLAAEAACESpEJOZGorcy85N3hYOEQ="} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}} +01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11616","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401","multimedia_flow_types":"Unknown"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363677290,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiURAAEARd7nAqAypW2wRAqTVBXgAHGCFAAEAACESpEJZeUEvTW1CRVIxeUE="} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401"}}} +01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","domainame":"","stun": {"mapped_address":"93.47.225.70:11617","response_origin":"91.108.17.2:1400","other_address":"10.130.194.98:1401","multimedia_flow_types":"Unknown"}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363794064,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVNAAC4RuVVbbA0XwKgMqQV4pNUAXC8AAQEAQCESpEJ4TDNiVmMzcVJ5TTEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAASEVJgu"} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363805878,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVZAAC4RuVJbbA0XwKgMqQV4n8oAXDw7AQEAQCESpEJ4Mld2aHpNWHgzMEwAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAQ+iHz\/"} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363819830,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZztAADARqYJbbBECwKgMqQV4n8oAXJquAQEAQCESpEJOZGorcy85N3hYOEQAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAASOxt8C"} @@ -239,7 +239,7 @@ 01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01104{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01211{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -255,7 +255,7 @@ 01139{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01138{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01171{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00888{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} +00888{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/stun_only_peer_address_enabled\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":889,"packets-processed":887,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":258,"global_ts_usec":1648032378336597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 889/887 ~~ skipped flows.............: 0 @@ -264,9 +264,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7030800 bytes -~~ total memory freed........: 7030800 bytes -~~ total allocations/frees...: 115412/115412 +~~ total memory allocated....: 7608768 bytes +~~ total memory freed........: 7608768 bytes +~~ total allocations/frees...: 127160/127160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 566 chars ~~ json message max len.......: 2376 chars diff --git a/test/results/subclassification_disable/anydesk.pcapng.out b/test/results/subclassification_disable/anydesk.pcapng.out index f58bd1c2b..7ae476a2f 100644 --- a/test/results/subclassification_disable/anydesk.pcapng.out +++ b/test/results/subclassification_disable/anydesk.pcapng.out @@ -1,5 +1,5 @@ -00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} +00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1591342198821353,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -12,12 +12,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1591342199201196,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1591342199366001,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1591342199366113,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1591342199366113,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1591342199366725,"pkt":"AFBW5dKtAAwplUdeCABFAAEvCJJAAEAGuN7AqJWBM1Pu26oPAFApppzzaHVkfVAY+vB5egAAFgMBAQIBAAD+AwPH+2RueS0bCFAjOjiKaUYj6rfjOOjwnxNAapJEdabvkAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591342199366725,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01480{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199366001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591342199366725,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199367083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1591342199367083,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1YAAIAGRyEzU+7bwKiVgQBQqg9odWR9Kaad+lAQ+vD9lwAAAAAAAAAA"} -01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} -01924{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} +01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01883{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} 02684{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":62,"packets-processed":61,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1613977585247036} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","domainame":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -35,35 +35,35 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595380477,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595380515,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595380515,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"} 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1613977595380848,"pkt":"KDc3AG3I2MuK4S0uCABFAAEddDVAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AYBAKFzQAAFgMBAPABAADsAwNj3AGBpT3DvXWxFVWt8lyInfOzaE5lLOK0P1RS+v5ukgAAbsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwALwD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01519{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595380848,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595380848,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595380908,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh7SVAQIADEJgAAAAAAAAAA"} -01842{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595391710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613977595391710,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0","blocks":0}}} +01801{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595391710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613977595391710,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"ee644a8a34c434abca4b737ec1d9efad","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595407425,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1613977595407425,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595407489,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595407676,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595407676,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"} 00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1613977595408312,"pkt":"2MuK4S0uKDc3AG3ICABFAAEvAABAAEAGtQvAqAGywKgBu8tHG54tLA3dVf0iy1AYIAC+RgAAFgMBAQIBAAD+AwM5xa94fzbZMZS38bcet4LQXQHW847W4Z2LW\/3GqgPjFAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01519{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595408312,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595408312,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"} -01939{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E","blocks":0}}} +01898{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E","blocks":0}}} 02686{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} +00864{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":121,"packets-processed":120,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1663090549161771} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"} 00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1663090549180495,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAFVb6hAAEAGlWzAqAGAw7WusLyEAbsbAqep\/y9LZoAYAfYShgAAAQEICjj2GdeczD4KFgMBARwBAAEYAwPezn7TVz\/Q\/8BnfJIGEA0lTFPiRL5wdTC0FDXR7VNhOwAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAbwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAEAAWABQTYW55ZGVzay82LjIuMC9saW51eA=="} -01573{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} +01532{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549197307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549197307,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA08UVAADYGHvDDta6wwKgBgAG7vIT\/L0tmGwKoyoAQAftF2wAAAQEICpzMPhw49hnX"} -01635{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549200737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} -01838{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549200825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1663090549200825,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","advertised_alpns":"anydesk\/6.2.0\/linux","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} +01594{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549200737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux","blocks":0}}} +01797{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549200825,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1663090549200825,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","ja4":"t12d6406an_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","advertised_alpns":"anydesk\/6.2.0\/linux","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3","blocks":0}}} 02563{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":152,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090558034917,"flow_dst_last_pkt_time":1663090558365585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5817,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1663090558365585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":583127.8,"max":8444631,"stddev":2063627.1,"var":4258557067264.0,"ent":1.5,"data": [17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993]},"pktlen": {"min":52,"avg":328.9,"max":1500,"stddev":495.5,"var":245485.5,"ent":3.8,"data": [60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145]},"bins": {"c_to_s": [8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0],"s_to_c": [7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1],"entropies": [4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com"}} 01584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":157,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595964011,"flow_dst_last_pkt_time":1613977595963376,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com"}} 01489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977602672535,"flow_dst_last_pkt_time":1613977601741457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6286,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01361{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/subclassification_disable\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":174,"packets-processed":174,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":66,"global_ts_usec":1663090607968067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 174/174 ~~ skipped flows.............: 0 @@ -72,9 +72,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6985013 bytes -~~ total memory freed........: 6985013 bytes -~~ total allocations/frees...: 114423/114423 +~~ total memory allocated....: 7562651 bytes +~~ total memory freed........: 7562651 bytes +~~ total allocations/frees...: 126156/126156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 550 chars ~~ json message max len.......: 2691 chars diff --git a/test/results/subclassification_disable/dns.pcap.out b/test/results/subclassification_disable/dns.pcap.out index 2e66c6f63..70803769f 100644 --- a/test/results/subclassification_disable/dns.pcap.out +++ b/test/results/subclassification_disable/dns.pcap.out @@ -1,17 +1,17 @@ -00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} +00626{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1112172654366527} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="} 01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","domainame":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"} -00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} +00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":8,"global_ts_usec":1484673025972667} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667} 00427{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144} 00598{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com"}} -00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} +00852{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":5,"packets-processed":3,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1484673025976144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/3 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907700 bytes -~~ total memory freed........: 6907700 bytes -~~ total allocations/frees...: 114140/114140 +~~ total memory allocated....: 7485296 bytes +~~ total memory freed........: 7485296 bytes +~~ total allocations/frees...: 125871/125871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 314 chars ~~ json message max len.......: 1114 chars diff --git a/test/results/subclassification_disable/http.pcapng.out b/test/results/subclassification_disable/http.pcapng.out index fe790c2cb..fbcaff873 100644 --- a/test/results/subclassification_disable/http.pcapng.out +++ b/test/results/subclassification_disable/http.pcapng.out @@ -1,5 +1,5 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1643129441023341} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="} @@ -8,7 +8,7 @@ 01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","domainame":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"} 01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1643129441065505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6907965 bytes -~~ total memory freed........: 6907965 bytes -~~ total allocations/frees...: 114152/114152 +~~ total memory allocated....: 7485572 bytes +~~ total memory freed........: 7485572 bytes +~~ total allocations/frees...: 125884/125884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 563 chars ~~ json message max len.......: 1088 chars diff --git a/test/results/subclassification_disable/quic-mvfst-27.pcapng.out b/test/results/subclassification_disable/quic-mvfst-27.pcapng.out index b034028be..0e95faad7 100644 --- a/test/results/subclassification_disable/quic-mvfst-27.pcapng.out +++ b/test/results/subclassification_disable/quic-mvfst-27.pcapng.out @@ -1,13 +1,13 @@ -00638{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} -01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} +01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","domainame":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)","blocks":0}}}} 02284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464206,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464217,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} 02286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02288{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com"}} -00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} +00860{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/subclassification_disable\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":20,"packets-processed":20,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6918304 bytes -~~ total memory freed........: 6918304 bytes -~~ total allocations/frees...: 114178/114178 +~~ total memory allocated....: 7495900 bytes +~~ total memory freed........: 7495900 bytes +~~ total allocations/frees...: 125909/125909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 643 chars ~~ json message max len.......: 2293 chars diff --git a/test/results/subclassification_disable/tls_ech.pcapng.out b/test/results/subclassification_disable/tls_ech.pcapng.out index 4f0d512d7..b7511d37a 100644 --- a/test/results/subclassification_disable/tls_ech.pcapng.out +++ b/test/results/subclassification_disable/tls_ech.pcapng.out @@ -1,15 +1,15 @@ -00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00632{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00853{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1688191412684193,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412684193,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACAGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBAB\/zqHAAABAQgKd+NnFk7TX8o="} 01381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":670,"pkt_l4_len":616,"thread_ts_usec":1688191412684389,"pkt":"ILAB4IZiNObXAhsnht1gC2UeAmgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBgB\/zzPAAABAQgKd+NnFk7TX8oWAwECQwEAAj8DAx0oZiYaJMwMFcbeulsOlxoZojtyUk06HKKs6lbQH9u+IOCcoK4iEjoWXwEA+vIN+3ks9Ri5QAqLtS74CzwGBZzZACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAdZqagAAADMAKwApGhoAAQAAHQAgdElCiNf\/wfqgRpaFVvZGsCSoVf7tJ8eT6AhUE6p0ETYAIwAA\/wEAAQAALQACAQEAGwADAgACAAoACgAIGhoAHQAXABgAFwAAAAUABQEAAAAAABIAAAArAAcG2toDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAQAA4ADAJoMghodHRwLzEuMQAAACUAIwAAIHBlcmZvcm1hbmNlLnJhZGFyLmNsb3VkZmxhcmUuY29t\/g0A+gAAAQAB2AAglVfBAMcb93aSkFbQIVkfZRUAHcHfESW5JAjZhoGloWcA0A3wlw2ffLQmwFmx4P6V\/Xwi+KVETWUyFJb6hXgeTF4xRlzHA+M2ityLRqaqstnSve4wBOXVwImLA1UxfzIS0WDh6AaqRcw+CjUVBgcYyXYCWv0\/BLltvQOamfSn2Yghqa2qNygp2re8mWWVmlqPTuNlBs0bq6CL0ll\/RkQD3P7tmjxJ8rguU6XKjQnqQxWLWMeHhqcsbPq7mZn6MaquKi9UFC9Hvvz1QsgFMFhOJYPWeDInAPacsjv2zKCBDD3vPKFk09\/rYX57ZNvnbmSJxNoACwACAQBEaQAFAAMCaDL6+gABAA=="} -01358{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} -01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} +01362{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","domainame":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +00862{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/subclassification_disable\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":10,"packets-processed":10,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6916809 bytes -~~ total memory freed........: 6916809 bytes -~~ total allocations/frees...: 114154/114154 +~~ total memory allocated....: 7494405 bytes +~~ total memory freed........: 7494405 bytes +~~ total allocations/frees...: 125885/125885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 594 chars -~~ json message max len.......: 1408 chars -~~ json message avg len.......: 995 chars +~~ json message max len.......: 1386 chars +~~ json message avg len.......: 985 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out index edaa1afc9..748043c2b 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out @@ -1,5 +1,5 @@ -00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} +00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298253624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253624,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADypskAAQAaTB38AAAF\/AAABrYgEOPrjCTkAAAAAoAL\/1\/4wAAACBP\/XBAIICoJ3H6YAAAAAAQMDBw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253646,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253646,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDitiFpVj4z64wk6oBL\/y\/4wAAACBP\/XBAIICoJ3H6aCdx+mAQMDBw=="} @@ -26,16 +26,16 @@ 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298310198,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725100298313607,"pkt":"AAAAAQAGILAB4IZiAACG3WABZDcAKAZ6KgAUUEACBBYAAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7EW0+tTyNwXJRugEv\/\/C5sAAAIEBMQEAggK3tRe\/1MCDNcBAwMI"} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725100298313659,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725100298313659,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAKi4kAIAZAIAELBwo9wRKGKIiqiwCRPCoAFFBAAgQWAAAAAAAAIA6xFgG73BclG9PrU8mAEAH\/xAQAAAEBCApTAgza3tRe\/w=="} 01307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":605,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":605,"pkt_l4_len":549,"thread_ts_usec":1725100298313913,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAKi4kCJQZAIAELBwo9wRKGKIiqiwCRPCoAFFBAAgQWAAAAAAAAIA6xFgG73BclG9PrU8mAGAH\/xgkAAAEBCApTAgzb3tRe\/xYDAQIAAQAB\/AMD0QQOGD1r51FKjEPNQJN1h62HWSTHs5bRNmVY2hJonmEgbnxnUOUBRf5MJC1ai8S6VAQph1UkRLBIC2FW5HjjmfEAPhMCEwMTAcAswDAAn8ypzKjMqsArwC8AnsAkwCgAa8AjwCcAZ8AKwBQAOcAJwBMAMwCdAJwAPQA8ADUALwD\/AQABdQAAABQAEgAAD3d3dy55b3V0dWJlLmNvbQALAAQDAAECAAoAFgAUAB0AFwAeABkAGAEAAQEBAgEDAQQzdAAAABAADgAMAmgyCGh0dHAvMS4xABYAAAAXAAAAMQAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAgArAAUEAwQDAwAtAAIBAQAzACYAJAAdACAlt12GL08sPkwJuetHKa9LUAZJmFh0wmqKvWTBdy8bGwAVAK4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298313913,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298313607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298313913,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298317482,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725100298317482,"pkt":"AAAAAQAGILAB4IZiAACG3WABZDcAIAZ6KgAUUEACBBYAAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7EW0+tTydwXJyCAEAEFNmcAAAEBCAre1F8CUwIM2w=="} -01370{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298341941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1725100298341941,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298341941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1725100298341941,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432355,"flow_dst_last_pkt_time":1725100298432652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4876,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":22039,"midstream":0,"thread_ts_usec":1725100298432652,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7890.7,"max":49565,"stddev":13540.2,"var":183336016.0,"ent":3.3,"data": [3409,3461,254,3875,24459,28067,229,0,209,14,2973,7544,5275,6462,46393,49565,1,0,8985,52,29,430,0,0,0,285,43,26100,26117,380,0]},"pktlen": {"min":72,"avg":786.9,"max":4948,"stddev":1186.2,"var":1407143.5,"ent":3.9,"data": [80,80,72,589,72,1280,72,4904,631,72,72,345,720,103,103,72,1280,293,1280,72,72,72,1280,1280,1280,4948,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,1,0,0,1,0,1,1],"entropies": [4.755182266,5.261822701,5.153629780,4.806141853,5.165501118,7.786862373,5.164113998,7.965732574,7.625080109,5.164113998,5.164113998,7.146784306,7.713749886,5.760443687,5.767366886,5.125851631,7.825596809,7.149698257,7.853908539,5.153629303,5.153629303,5.153629303,7.834226608,7.855994701,7.841277122,7.962058067,5.125851631,5.153629780,7.850774765,5.153629303,7.848540783,7.840482712]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01033{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298407018,"flow_dst_last_pkt_time":1725100298407002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":9887,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18427,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432922,"flow_dst_last_pkt_time":1725100298432653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":31703,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} +00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7074469 bytes -~~ total memory freed........: 7074469 bytes -~~ total allocations/frees...: 114293/114293 +~~ total memory allocated....: 7652065 bytes +~~ total memory freed........: 7652065 bytes +~~ total allocations/frees...: 126024/126024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars ~~ json message max len.......: 2223 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out index 2d4976eeb..7cd0aebc0 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00646{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} +00646{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999181087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181087,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzyHEAAQAZKnX8AAAF\/AAAB7O4EOOE3LPkAAAAAoAL\/1\/4wAAACBP\/XBAIICrEoZggAAAAAAQMDBw=="} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181104,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181104,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDjs7jONTa3hNyz6oBL\/y\/4wAAACBP\/XBAIICrEoZgixKGYIAQMDBw=="} @@ -50,17 +50,17 @@ 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999229171,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999229192,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKjRM5Wxk\/rFM6UoBL\/y\/4wAAACBP\/XBAIICrEoZjixKGY4AQMDBw=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1725367999229206,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999229206,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADTxD0AAQAZLsn8AAAF\/AAABo0QE0usUzpTOVsZQgBACAP4oAAABAQgKsShmOLEoZjg="} 00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":346,"pkt_l4_len":310,"thread_ts_usec":1725367999254153,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAUrxEEAAQAZKm38AAAF\/AAABo0QE0usUzpTOVsZQgBgCAP8+AAABAQgKsShmUbEoZjgWAwEBEQEAAQ0DAyFGnh8Cu2Rm520uiVKrZ3Z0nhuQpd8QGiRhwieK6Fq7IGWx9syJCANsbwb1\/6RMETFXEH9DLz1n5y+wNDEptuuPACbAK8AvwCzAMMypzKjACcATwArAFACcAJ0ALwA1wBIAChMBEwITAwEAAJ4AAAANAAsAAAh0ZXN0LmxhbgAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAFwAAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAUEAwQDAwAzACYAJAAdACCdNqsfelyxagOYCAVYwvh5JHJ9cB\/kxfOyzmGD42qyLA=="} -01386{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999254153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999229192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999254153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999254186,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999254186,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADT8A0AAQAZAvn8AAAF\/AAABBNKjRM5WxlDrFM+qgBAB\/v4oAAABAQgKsShmUbEoZlE="} -01431{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999255053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1126,"midstream":0,"thread_ts_usec":1725367999255053,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01390{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999254153,"flow_dst_last_pkt_time":1725367999255053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1126,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1126,"midstream":0,"thread_ts_usec":1725367999255053,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999286453,"flow_dst_last_pkt_time":1725367999286453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999286453,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999286453,"flow_dst_last_pkt_time":1725367999286453,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999286453,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADyj8EAAQAaQ48CoAbeO+rSO5WoBuxNFvnkAAAAAoAL68AYXAAACBAW0BAIICvUADzYAAAAAAQMDBw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999286453,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999289133,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegb6U476tI7AqAG3AbvlauLwuUUTRb56oBL\/\/2yMAAACBAWEBAIICjS\/R5j1AA82AQMDCA=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1725367999289173,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999289173,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADSj8UAAQAaQ6sCoAbeO+rSO5WoBuxNFvnri8LlGgBAB9gYPAAABAQgK9QAPODS\/R5g="} 01278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725367999289505,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjmj8kAAQAaO5MCoAbeO+rSO5WoBuxNFvnri8LlGgBgB9ggUAAABAQgK9QAPOTS\/R5gWAwECAAEAAfwDA4eghpH2KHwMz8AziuY+gtGDs4emEbDYMr6OK+pG\/9UPIOlVNmZrGlj4sxUBofwqgMFT84dd6Al6OXnI6uFNzHqnAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAgD6DiLfdb+oxcXsrCDCUXGsf+oAEllX5Rv3fccTFrE34AFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999289505,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999289133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999289505,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999291862,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999291862,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADSCqgAAega3sY76tI7AqAG3AbvlauLwuUYTRcB\/gBABBZgZAAABAQgKNL9Hm\/UADzk="} -01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999309030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1725367999309030,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999309030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1725367999309030,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999398999,"flow_dst_last_pkt_time":1725367999398966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":12908,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":7260.0,"max":70369,"stddev":15439.7,"var":238384560.0,"ent":3.0,"data": [2680,2720,332,2729,17168,19575,50,34,34,27,27,25,25,22,8415,468,11244,2981,2278,5685,46101,70369,31667,78,33,33,33,33,80,80,33]},"pktlen": {"min":52,"avg":481.5,"max":1452,"stddev":599.8,"var":359742.8,"ent":3.9,"data": [60,60,52,569,52,1452,52,1452,52,1452,52,1452,52,1053,52,132,245,700,83,83,52,52,1452,52,80,52,1452,52,1452,52,1452,52]},"bins": {"c_to_s": [14,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.560013294,5.154205322,4.948144436,4.755980968,4.948144436,7.827642918,4.832759857,7.843367100,4.871221066,7.869987488,4.818243027,7.874095440,4.832759380,7.816403389,4.818242550,6.232886791,6.951427460,7.683448792,5.618761063,5.537375927,4.909682751,4.909683228,7.868943691,4.909682751,5.617374897,4.909682751,7.869823933,4.909682751,7.884392262,4.909682751,7.861354828,4.830034733]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":369,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":369,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999398999,"flow_dst_last_pkt_time":1725367999398966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":12908,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} @@ -72,7 +72,7 @@ 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999228105,"flow_src_last_pkt_time":1725367999228105,"flow_dst_last_pkt_time":1725367999228906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":38613,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227989,"flow_src_last_pkt_time":1725367999227989,"flow_dst_last_pkt_time":1725367999228682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":39434,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999367164,"flow_dst_last_pkt_time":1725367999322863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7292,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00884{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} +00884{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7068855 bytes -~~ total memory freed........: 7068855 bytes -~~ total allocations/frees...: 114369/114369 +~~ total memory allocated....: 7646472 bytes +~~ total memory freed........: 7646472 bytes +~~ total allocations/frees...: 126101/126101 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars ~~ json message max len.......: 2184 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out index 01cddadf3..abf675c3a 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out @@ -1,5 +1,5 @@ -00645{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} +00645{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050807636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807636,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwowkAAQAYT+H8AAAF\/AAABnMgEOHy9vSYAAAAAoAL68P4wAAACBAW0BAIICoRbnDUAAAAAAQMDBw=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807653,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDicyAJPxIx8vb0noBL+iP4wAAACBAW0BAIICoRbnDWEW5w1AQMDBw=="} @@ -50,17 +50,17 @@ 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050816926,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050816944,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNLiEjFAczCFrjZxoBL+iP4wAAACBAW0BAIICoRbnD6EW5w+AQMDBw=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050816958,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050816958,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQSuEAAQAYqCn8AAAF\/AAAB4hIE0oWuNnExQHMxgBAB9v4oAAABAQgKhFucPoRbnD4="} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":346,"pkt_l4_len":310,"thread_ts_usec":1725132050847484,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAUoSuUAAQAYo838AAAF\/AAAB4hIE0oWuNnExQHMxgBgB9v8+AAABAQgKhFucXIRbnD4WAwEBEQEAAQ0DA30EqsQ+BgaZ\/NZ2sl5LiKqVzr2U1xOlxN3yXjWxHQZ9IDZNzzYemQ9l55Gei+lOem3cnZHqk5apYKdjmjaVAs8mACbAK8AvwCzAMMypzKjACcATwArAFACcAJ0ALwA1wBIAChMBEwITAwEAAJ4AAAANAAsAAAh0ZXN0LmxhbgAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAFwAAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAUEAwQDAwAzACYAJAAdACALRGEIG9aswGxEJ3DWHRdQjm36OhPnUR7s3CJMIcmqPQ=="} -01385{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050847484,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01344{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050847484,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050847514,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050847514,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQmGUAAQAYWqX8AAAF\/AAABBNLiEjFAczGFrjeHgBAB+\/4oAAABAQgKhFucXIRbnFw="} -01430{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050848915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1120,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1120,"midstream":0,"thread_ts_usec":1725132050848915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3":"7a15285d4efc355608b304698cd7f9ab","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01389{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050848915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1120,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1120,"midstream":0,"thread_ts_usec":1725132050848915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050873451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050873451,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050873451,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050873451,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADxo9EAAQAZqn8CoAbfYOsyO5PQBu7ZCkCEAAAAAoAL68GdXAAACBAW0BAIICjq0ShsAAAAAAQMDBw=="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050876326,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegaZE9g6zI7AqAG3Abvk9JZ2W362QpAioBL\/\/3dxAAACBAWEBAIICjYtj346tEobAQMDCA=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050876380,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050876380,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADRo9UAAQAZqpsCoAbfYOsyO5PQBu7ZCkCKWdlt\/gBAB9mdPAAABAQgKOrRKHjYtj34="} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725132050876814,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjlo9kAAQAZooMCoAbfYOsyO5PQBu7ZCkCKWdlt\/gBgB9mlUAAABAQgKOrRKHzYtj34WAwECAAEAAfwDA55vVzXI3mQH9e+wyvy5I6cXpuQRP5nZ6hYxg\/mFdw9\/IF4ht1IC8no54a26Y6+rkaHkm29\/NMcYzHfS4NjAh1BbAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAghYsBTkOlEYIUsZIxHX6uxj6aE6rZEFOhADLyFofqEmYAFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050876814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050876814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050879524,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050879524,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADRY\/wAAegaAHNg6zI7AqAG3Abvk9JZ2W3+2QpIngBABBaL9AAABAQgKNi2PgTq0Sh8="} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050895591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725132050895591,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050895591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725132050895591,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":11,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050944716,"flow_dst_last_pkt_time":1725132050904186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2544,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7291,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050816780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} @@ -71,7 +71,7 @@ 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050978467,"flow_dst_last_pkt_time":1725132050978462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1405,"flow_dst_tot_l4_payload_len":10691,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}} -00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} +00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -80,10 +80,10 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7141001 bytes -~~ total memory freed........: 7141001 bytes -~~ total allocations/frees...: 114372/114372 +~~ total memory allocated....: 7718618 bytes +~~ total memory freed........: 7718618 bytes +~~ total allocations/frees...: 126104/126104 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 586 chars -~~ json message max len.......: 1435 chars -~~ json message avg len.......: 1009 chars +~~ json message max len.......: 1394 chars +~~ json message avg len.......: 989 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out index 7feb6a114..6cdd01df3 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out @@ -1,5 +1,5 @@ -00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} +00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604542518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542518,"pkt":"AAADBAAGAAAAAAAAClUIAEUAADwueUAAQAYOQX8AAAF\/AAABkWIEOC0ia0MAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hcAAAAAAQMDBw=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542542,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDiRYncsq\/stImtEoBL\/y\/4wAAACBP\/XBAIICoL13heC9d4XAQMDBw=="} @@ -27,15 +27,15 @@ 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725108606672884,"flow_dst_last_pkt_time":1725108604629032,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108606672884,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAO6GIAKAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2QAAAACgAv8oyAcAAAIEBYwEAggKdV2ESAAAAAABAwMH"} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725108606672884,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108606682534,"pkt":"AAAAAQAGILAB4IZiAACG3WgIzOgAKAZ6KgAUUEAGCA0AAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7yuGkObbhI3xtqgEv\/\/GcUAAAIEBMQEAggKzLRTuXVdhEgBAwMI"} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725108606682587,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725108606682587,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAO6GIAIAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2hpDm2+AEAH\/x\/8AAAEBCAp1XYRRzLRTuQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108606682993,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606707789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1725108606707789,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108606682993,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606707789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1725108606707789,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":87,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606811390,"flow_dst_last_pkt_time":1725108606811354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":17178,"midstream":0,"thread_ts_usec":1725108606811390,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":140796.1,"max":2053502,"stddev":429032.8,"var":184069177344.0,"ent":1.9,"data": [1019825,1024027,2053502,9703,406,10463,14792,0,24842,18,170,0,116,29,3354,490,13422,1,9609,1757,11412,77711,1,0,87369,366,324,304,298,178,191]},"pktlen": {"min":72,"avg":635.5,"max":2488,"stddev":846.4,"var":716345.8,"ent":3.9,"data": [80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72]},"bins": {"c_to_s": [13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,5]},"directions": [0,0,0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,1,1,0,1,0,1,0,1,0],"entropies": [4.850302696,4.800302982,4.850302696,5.367949963,5.219669819,4.818557739,5.209185123,7.915221691,7.834231853,5.219669819,5.247447491,7.848894119,7.900642872,5.219669819,5.219669819,6.392518997,6.617354393,7.706577778,5.915785313,6.435108185,5.884278774,5.236962795,7.850246906,7.152086258,7.852072716,5.247447491,7.906479836,5.247447491,7.917565346,5.247447491,7.928373814,5.247447491]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108606812524,"flow_dst_last_pkt_time":1725108606812503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":7115,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18442,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01027{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606831814,"flow_dst_last_pkt_time":1725108606831771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":20846,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}} -00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} +00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7028012 bytes -~~ total memory freed........: 7028012 bytes -~~ total allocations/frees...: 114292/114292 +~~ total memory allocated....: 7605608 bytes +~~ total memory freed........: 7605608 bytes +~~ total allocations/frees...: 126023/126023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 581 chars ~~ json message max len.......: 2236 chars diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out index ee2a7c9e7..49a75e193 100644 --- a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out +++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out @@ -1,5 +1,5 @@ -00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} +00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711295335,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295335,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSqkAAQAYqEH8AAAF\/AAABrfQEOJ96Es4AAAAAoAL\/1\/4wAAACBP\/XBAIICtChiqgAAAAAAQMDBw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295427,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDit9LL9yaKfehLPoBL\/y\/4wAAACBP\/XBAIICtChiqjQoYqoAQMDBw=="} @@ -19,23 +19,23 @@ 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711300968,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711300981,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKDprSj9ZbQuMp5oBL\/y\/4wAAACBP\/XBAIICtChiq3QoYqtAQMDBw=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711300988,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711300988,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADTadkAAQAZiS38AAAF\/AAABg6YE0tC4ynm0o\/WXgBACAP4oAAABAQgK0KGKrdChiq0="} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":253,"pkt_l4_len":217,"thread_ts_usec":1725278711301309,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAO3ad0AAQAZhkX8AAAF\/AAABg6YE0tC4ynm0o\/WXgBgCAP7hAAABAQgK0KGKrtChiq1HRVQgLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xOjEyMzQNClVzZXItQWdlbnQ6IEdvLWh0dHAtY2xpZW50LzEuMQ0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1LZXk6IGtaWkl3RHJuSG1XWXhqaDdhL3ZsOHc9PQ0KU2VjLVdlYlNvY2tldC1WZXJzaW9uOiAxMw0KVXBncmFkZTogd2Vic29ja2V0DQoNCg=="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711301309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1:1234\/","code":0,"content_type":"","user_agent":"Go-http-client\/1.1"}}} +01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711301309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1:1234\/","code":0,"content_type":"","user_agent":"Go-http-client\/1.1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711301316,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711301316,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQh2kAAQAYa6H8AAAF\/AAABBNKDprSj9ZfQuMsygBAB\/\/4oAAABAQgK0KGKrtChiq4="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711354999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711354999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711354999,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711354999,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADxpTUAAQAbLhsCoAbeO+rSOyL4Bu\/iOndoAAAAAoAL68AYXAAACBAW0BAIICn93k8EAAAAAAQMDBw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711357820,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegb6U476tI7AqAG3AbvIvhyjoLD4jp3boBL\/\/639AAACBAWEBAIICidEO4R\/d5PBAQMDCA=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711357866,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711357866,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADRpTkAAQAbLjcCoAbeO+rSOyL4Bu\/iOndsco6CxgBAB9gYPAAABAQgKf3eTxCdEO4Q="} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725278711358145,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjlpT0AAQAbJh8CoAbeO+rSOyL4Bu\/iOndsco6CxgBgB9ggUAAABAQgKf3eTxCdEO4QWAwECAAEAAfwDA46xyPKufA0h2C\/na1nFm9C+KMncQt0f3tSOiZ28qNdGIL9APvSF8v4p3TWMCqfXvgibYWFwkYj2wAKYq4tRTOVrAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAgCUnwEnwXeX81FYV10UkXFjD\/yp2qEOm4vSM6NHBI6TUAFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711358145,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711358145,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711360754,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711360754,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADSPwQAAegaqmo76tI7AqAG3AbvIvhyjoLH4jp\/ggBABBdmKAAABAQgKJ0Q7h393k8Q="} -01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711376987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725278711376987,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} -02447{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":86,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469124,"flow_dst_last_pkt_time":1725278711469141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":18274,"midstream":0,"thread_ts_usec":1725278711469141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":10849.3,"max":81912,"stddev":22504.7,"var":506460032.0,"ent":2.8,"data": [13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23]},"pktlen": {"min":52,"avg":665.1,"max":2104,"stddev":842.7,"var":710078.0,"ent":3.9,"data": [60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531]},"bins": {"c_to_s": [13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} +01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711376987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725278711376987,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}} +02461{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":86,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469124,"flow_dst_last_pkt_time":1725278711469141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":18274,"midstream":0,"thread_ts_usec":1725278711469141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":10849.3,"max":81912,"stddev":22504.7,"var":506460032.0,"ent":2.8,"data": [13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23]},"pktlen": {"min":52,"avg":665.1,"max":2104,"stddev":842.7,"var":710078.0,"ent":3.9,"data": [60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531]},"bins": {"c_to_s": [13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} 02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":96,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469489,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711469627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11240.2,"max":82049,"stddev":21975.3,"var":482912224.0,"ent":3.1,"data": [92,113,78,106,382,425,4533,4672,44031,9418,77646,24339,284,267,4160,279,19,13,40,4612,3350,3674,624,41294,82049,41160,126,151,203,160,146]},"pktlen": {"min":52,"avg":653.0,"max":3984,"stddev":1237.6,"var":1531706.8,"ent":3.3,"data": [60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901]},"bins": {"c_to_s": [13,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.747500420,4.638530731,4.549884796,4.638531208,4.628801823,4.600069046,4.733144760,4.497382641,4.600069046,4.669951916,7.947538853,4.676992416,7.920604706,4.600069046,6.167953491,5.851360321,5.834712982,5.660713673,6.112284660,4.676992416,7.680773735,5.506919861,5.521921158,4.676992416,7.956730843,4.561607838,7.954389572,4.561607361,7.916389942,4.561607838,7.802294254]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -01282{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469193,"flow_dst_last_pkt_time":1725278711469186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":19186,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} +01296{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469193,"flow_dst_last_pkt_time":1725278711469186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":19186,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}} 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469639,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":17,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711492259,"flow_dst_last_pkt_time":1725278711492259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":21168,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} +00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -44,10 +44,10 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7101754 bytes -~~ total memory freed........: 7101754 bytes -~~ total allocations/frees...: 114295/114295 +~~ total memory allocated....: 7679385 bytes +~~ total memory freed........: 7679385 bytes +~~ total allocations/frees...: 126028/126028 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 587 chars -~~ json message max len.......: 2452 chars -~~ json message avg len.......: 1514 chars +~~ json message max len.......: 2466 chars +~~ json message avg len.......: 1521 chars diff --git a/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 024ea84dc..000000000 --- a/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,29 +0,0 @@ -00639{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00860{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} -00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} -00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} -01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -04033{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} -02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} -01049{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 48/48 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 19077 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7109929 bytes -~~ total memory freed........: 7109929 bytes -~~ total allocations/frees...: 114329/114329 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 572 chars -~~ json message max len.......: 4038 chars -~~ json message avg len.......: 2218 chars diff --git a/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 4d8b9f647..000000000 --- a/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,29 +0,0 @@ -00639{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00860{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} -00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} -00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} -01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -04033{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} -02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} -01049{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 48/48 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 19077 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7109929 bytes -~~ total memory freed........: 7109929 bytes -~~ total allocations/frees...: 114329/114329 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 572 chars -~~ json message max len.......: 4038 chars -~~ json message avg len.......: 2218 chars diff --git a/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out deleted file mode 100644 index 568e117bf..000000000 --- a/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out +++ /dev/null @@ -1,29 +0,0 @@ -00639{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00860{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} -00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} -00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} -00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} -01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01347{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} -04033{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","domainame":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_c83f907a73d3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B","blocks":0}}} -02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} -01049{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch"}} -00870{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":48,"packets-processed":48,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":14,"global_ts_usec":1578254908551114} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 48/48 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 19077 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7109929 bytes -~~ total memory freed........: 7109929 bytes -~~ total allocations/frees...: 114329/114329 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json message min len.......: 572 chars -~~ json message max len.......: 4038 chars -~~ json message avg len.......: 2218 chars diff --git a/test/results/zoom_extra_dissection/zoom.pcap.out b/test/results/zoom_extra_dissection/zoom.pcap.out index 7af529aa9..f2b66d3a8 100644 --- a/test/results/zoom_extra_dissection/zoom.pcap.out +++ b/test/results/zoom_extra_dissection/zoom.pcap.out @@ -1,8 +1,8 @@ -00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} +00623{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00844{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520466080774,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01419{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466209429,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1569520466209429,"pkt":"AQBeAAD7KDc3AG3ICABFAABJ4i8AAAERNFzAqAF14AAA+xTpFOkANQtaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} 01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466209429,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_spotify-connect._tcp.local","domainame":"_spotify-connect._tcp.local","mdns": {}}} @@ -11,16 +11,16 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1569520466316930,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520466355017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1569520466355115,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520466355115,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"} 01250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520466355344,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG95nAqAF1p2PXpNZPEVI+PYNDfog2UoAYECxTkgAAAQEICiWcz4Xh63OkFgMBAgABAAH8AwMNN3rZQIy1W6cxVq6XcSeMK0WraD3DhdYuuqU1GeYt1CAlA\/kunOkhTd5wsEiS6\/3fwP4i6nJuxBCdQo4WkiQHSgCgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhACNwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEABwCMwBHAB8AMwAIABQAEAIoA\/wEAARMAAAASABAAAA1kYXRpLm50b3Aub3JnAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466355344,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466355017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520466355344,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520466392600,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05\/ZAADUGHKinY9ekwKgBdRFS1k9+iDZSPj2FSIAQAOuJ0gAAAQEICuHrc8olnM+F"} -01496{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":142,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":142,"midstream":0,"thread_ts_usec":1569520466392965,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} +01462{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520466355344,"flow_dst_last_pkt_time":1569520466392965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":142,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":142,"midstream":0,"thread_ts_usec":1569520466392965,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","domainame":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3s":"dd4b012f7a008e741554bd0a4ed12920","ja4":"t12d800700_64d9932cae36_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","blocks":0}}} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1569520467785843,"packet_id":16,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1569520467785843} 00389{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1569520466531926,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520467811636,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1569520467811636,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520467811636,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520467811636,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569520468207688,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520468207688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01538{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520468207688,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520468207688,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} +01497{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520468207688,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520468207688,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","domainame":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","blocks":0}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520468207892,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520468207892,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1569520468207892,"pkt":"AQBef\/\/6KDc3AG3ICABFAACaDxkAAAER+CLAqAF17\/\/\/+t7BB2wAhjkTTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 01011{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520468207892,"flow_src_last_pkt_time":1569520468207892,"flow_dst_last_pkt_time":1569520468207892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520468207892,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900","domainame":"239.255.255.250:1900"}} @@ -49,24 +49,24 @@ 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469081864,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469081864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520469081864,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520469090576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvbAqAF1NMo+7tZQAbuf1vAclW0+lVAYIABOFwAAFgMBAgABAAH8AwOmdJtxNFfMjcfLUUPitDEoY1B0Di2UTNnlfk3BbUb8gQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEAAOAAALbG9nLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEzdAAAABAACwAJCGh0dHAvMS4xABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469067014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469090576,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469116573,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469189810,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469198772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469198772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469200030,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469200030,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01599{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01558{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","domainame":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469210161,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469221116,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469231500,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469231500,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469242043,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469253995,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469264582,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469264582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469274880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469340783,"flow_dst_last_pkt_time":1569520469340783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":263,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469340783,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -110,17 +110,17 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469950703,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470060882,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470061040,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470061040,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} 01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470086807,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAyDAqAF1NMo+xNZRAbvXiDKJch71hFAYIACSLwAAFgMBAgABAAH8AwM713rsHGfD7mJ354PwCuGZwTjUqrrL0CuQ4TzCSd+cxAAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAADAAKAAAHem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABATN0AAAAEAALAAkIaHR0cC8xLjEAFQC7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470060882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470086807,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470022260,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470134646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470134790,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569520470134790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1569520470165906,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvjAqAF1NMo+7NZSAbv67hZuvPb3MFAYIADjOQAAFgMBAgABAAH8AwObHTBBjptn8M2MO45Zv5ljKTP+98xeE3APrXXUMhcUnQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEQAPAAAMd3d3My56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBM3QAAAAQAAsACQhodHRwLzEuMQAVALYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} +01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470134646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470165906,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470197342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470197342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoYcxAAO8G9Fc0yj7EwKgBdQG71lFyHvWE14g0jlAQAAcuWwAAAAAAAAAA"} -01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01593{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470086807,"flow_dst_last_pkt_time":1569520470199286,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470199286,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470199565,"flow_dst_last_pkt_time":1569520470199762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470199762,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoom.us","domainame":"zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470278606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520470278606,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAo8dBAAO4GZSs0yj7swKgBdQG71lK89vcw+u4Yc1AQAAfaYgAAAAAAAAAA"} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} -01603{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01238{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470165906,"flow_dst_last_pkt_time":1569520470280367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520470280367,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","blocks":0}}} +01562{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470280708,"flow_dst_last_pkt_time":1569520470280793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520470280793,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"www3.zoom.us","domainame":"www3.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","ja4":"t12d8008ht_9cedc1f1428b_046e095b7c4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470350181,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520470350181,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470618561,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520470618561,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38469.9,"max":210729,"stddev":59394.9,"var":3527759616.0,"ent":3.3,"data": [112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148]},"pktlen": {"min":40,"avg":663.0,"max":1492,"stddev":660.1,"var":435695.1,"ent":4.2,"data": [64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0],"entropies": [4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470666966,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -143,7 +143,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470742847,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470775023,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470775077,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470775077,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470775257,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGESXAqAF11ROQadZTAbug3l1O65\/ugYAYECymXAAAAQEICiWc4KR4fR7ZFgMBAgABAAH8AwPRx3t0AQC89u4npqZep9xPHWEGdKDNX7\/XvDvIBxB6XwAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAYABYAABN6b29tYW0xMDV6Yy56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470775257,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470775023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470775257,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1569520470776015,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQ61QAADcRFILAqAEBwKgBdQA14s8APF0wRhSBgAABAAEAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVA=="} 01141{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520470742102,"flow_src_last_pkt_time":1569520470742102,"flow_dst_last_pkt_time":1569520470776015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1569520470776015,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["213.244.140.84,ttl=300"]}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470776773,"flow_dst_last_pkt_time":1569520470776773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470776773,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -151,27 +151,27 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470755397,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470787298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470787406,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470787406,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"} 01252{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470787532,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGESbAqAF11ROQaNZUAbsLvIncw8JYaYAYECxC1AAAAQEICiWc4K97WhBHFgMBAgABAAH8AwMlumOwogFlEGJOALeiTken6cU+5C6E0iipQGcv9AdGngAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAYABYAABN6b29tYW0xMDR6Yy56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470787532,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470787298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470787532,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470769557,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470790501,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470790590,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470790590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"} 01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470790730,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGFFjAqAF11fSMVdZVAbvq+zZIyCpTPYAYECxm4gAAAQEICiWc4LJ4gwNrFgMBAgABAAH8AwPOsWIRZYhgC2j87iAcGDuF\/Bs6QMfxdEKwNJwvqjcyKAAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAXABUAABJ6b29tZnI4NXpjLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUApQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470790730,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470790501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470790730,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1569520470776773,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520470801162,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1569520470801244,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470801244,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"} 01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520470801435,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGFFnAqAF11fSMVNZWAbv57BLnLYr\/FYAYECz3EQAAAQEICiWc4Lx8tQexFgMBAgABAAH8AwOnhWFSZkMidqzMf2GAlFCBDInFtmdcn\/lf0Xn0vzHFbgAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAXABUAABJ6b29tZnI4NHpjLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUApQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470801435,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470801162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520470801435,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470808123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470808123,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA08HhAADAGMrHVE5BpwKgBdQG71lPrn+6BoN5fU4AQAAv+\/AAAAQEICnh9HvolnOCk"} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470810026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470810026,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470775257,"flow_dst_last_pkt_time":1569520470810026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470810026,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470812241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470812241,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UEJAADMG0xrV9IxVwKgBdQG71lXIKlM96vs4TYAQAAu5NgAAAQEICniDA4AlnOCy"} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470814322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470814322,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470790730,"flow_dst_last_pkt_time":1569520470814322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470814322,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470820356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470820356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0SA5AADAG2xzVE5BowKgBdQG71lTDwlhpC7yL4YAQAAsxMQAAAQEICntaEGglnOCv"} -01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470810307,"flow_dst_last_pkt_time":1569520470820993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470820993,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} -01399{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470822146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470822146,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01721{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470814549,"flow_dst_last_pkt_time":1569520470822639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470822639,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01682{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470742847,"flow_src_last_pkt_time":1569520470810307,"flow_dst_last_pkt_time":1569520470820993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470820993,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam105zc.zoom.us","domainame":"zoomam105zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470787532,"flow_dst_last_pkt_time":1569520470822146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470822146,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520470814549,"flow_dst_last_pkt_time":1569520470822639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470822639,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr85zc.zoom.us","domainame":"zoomfr85zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470826162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520470826162,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0+NxAADMGKoHV9IxUwKgBdQG71lYtiv8V+ewU7IAQAAuz6AAAAQEICny1B8olnOC8"} -01397{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470828021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470828021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01723{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470822425,"flow_dst_last_pkt_time":1569520470829736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470829736,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} -01721{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470828543,"flow_dst_last_pkt_time":1569520470837019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470837019,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470801435,"flow_dst_last_pkt_time":1569520470828021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520470828021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01682{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470755397,"flow_src_last_pkt_time":1569520470822425,"flow_dst_last_pkt_time":1569520470829736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470829736,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomam104zc.zoom.us","domainame":"zoomam104zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01680{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520470828543,"flow_dst_last_pkt_time":1569520470837019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520470837019,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfr84zc.zoom.us","domainame":"zoomfr84zc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520471147573,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471147573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471147573,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471147573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1569520471147573,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCtGEAAP8Rg4LAqAF1wKgBAcfxADUALsLBHCQBAAABAAAAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAE="} 01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520471147573,"flow_src_last_pkt_time":1569520471147573,"flow_dst_last_pkt_time":1569520471147573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471147573,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -182,10 +182,10 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1569520471189039,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569520471220660,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1569520471220821,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520471220821,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"} 01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569520471221044,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGaODAqAF1bV6gY9ZXAbsw+fmXh4XXdIAYECwk4gAAAQEICiWc4kt2KotLFgMBAgABAAH8AwOzVpYU92e7nLk\/fVgH9DH3k0vHgfUwYGgBmhkxDvYbiwAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAZABcAABR6b29tZnJuOTltbXIuem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01341{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471221044,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471220660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520471221044,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471253409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569520471253409,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0XB9AADMGG8ZtXqBjwKgBdQG71leHhdd0MPn7nIAQAAs5sQAAAQEICnYqi2wlnOJL"} -01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471255395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520471255395,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01725{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471255585,"flow_dst_last_pkt_time":1569520471266033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520471266033,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} +01360{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471221044,"flow_dst_last_pkt_time":1569520471255395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569520471255395,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01684{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471255585,"flow_dst_last_pkt_time":1569520471266033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5536,"midstream":0,"thread_ts_usec":1569520471266033,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us","domainame":"zoomfrn99mmr.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3s":"ada793d0f02b028a6c840504edccb652","ja4":"t12d930700_72a4e8475a2e_4446390ac224","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8","blocks":0}}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1569520471399595,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1569520471399595,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569520467811636,"flow_src_last_pkt_time":1569520471399595,"flow_dst_last_pkt_time":1569520467811636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520471399595,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02323{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":320,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520471662963,"flow_dst_last_pkt_time":1569520471590160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3063,"flow_dst_tot_l4_payload_len":8708,"midstream":0,"thread_ts_usec":1569520471662963,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":28227.3,"max":156067,"stddev":40349.6,"var":1628089600.0,"ent":3.8,"data": [31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101]},"pktlen": {"min":52,"avg":420.5,"max":1492,"stddev":552.4,"var":305116.1,"ent":3.9,"data": [64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223]},"bins": {"c_to_s": [10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0],"entropies": [4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} @@ -214,7 +214,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520473116083,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1569520473116331,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520473116331,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1569520473121070,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1569520473121070,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDmwAAEARnEPAqAF1bV6gY\/EjImEAS0M9BQ0AAAAMASGOnDkoxEsvqQJwcoIuVvYBAAQDAgAAAAAAAAABAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQ=="} -00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":217,"global_ts_usec":1673444902645655} +00861{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":701,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":217,"global_ts_usec":1673444902645655} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902645655,"packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902645655} 00531{"packet_event_id":1,"packet_event_name":"packet","packet_id":701,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":167,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":167,"pkt_l4_len":0,"thread_ts_usec":1569520473198709,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJHKGwAA\/xGzEwqGGUMKhA+wCGgIaAB9eUgw\/wBtBJhmXEUAAG316wAAQBEffgqMdSPBeiPtskIiYQBZseADAAAAEg\/+mNIAJy7JAQVA3IMlEZ3S66JjfHMo8enxO0XEN5PMhIeLRp6CXCZ6i5NbikRhcdwrc6d1VElcFx1R+ZHQglXiW8kQjpgMrPMjkQA="} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902769137,"packet_id":702,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902769137} @@ -309,12 +309,12 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01232{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01169{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomfrn99mmr.zoom.us"}} -01066{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01173{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}},"55": {"risk":"Probing Attempt","severity":"Medium","risk_score": {"total":510,"client":375,"server":135}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469081864,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01239{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} +01246{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"DigitalOcean","proto_by_ip_id":442,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01126{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1569520470769557,"flow_src_last_pkt_time":1569520471156543,"flow_dst_last_pkt_time":1569520471156659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1569520470776773,"flow_src_last_pkt_time":1569520471159604,"flow_dst_last_pkt_time":1569520471159577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":5902,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":317,"global_ts_usec":1673445056996306} +00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":781,"packets-processed":697,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":317,"global_ts_usec":1673445056996306} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/697 ~~ skipped flows.............: 0 @@ -323,9 +323,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7246727 bytes -~~ total memory freed........: 7246727 bytes -~~ total allocations/frees...: 115300/115300 +~~ total memory allocated....: 7824385 bytes +~~ total memory freed........: 7824385 bytes +~~ total allocations/frees...: 127034/127034 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 312 chars ~~ json message max len.......: 2418 chars diff --git a/test/results/zoom_extra_dissection/zoom2.pcap.out b/test/results/zoom_extra_dissection/zoom2.pcap.out index b7230a2fd..71e53c988 100644 --- a/test/results/zoom_extra_dissection/zoom2.pcap.out +++ b/test/results/zoom_extra_dissection/zoom2.pcap.out @@ -1,14 +1,14 @@ -00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} +00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642965458577754,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642965458577754,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"} 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1642965458578318,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnAfAqAGykMNJmsOcAbton\/9kKeQPU4AYECyrnwAAAQEICgTY4hFc+vuKFgMBAgABAAH8AwOO2vgf4iUeLHcmin76FetTzif4epe9\/gXN3lJSewaegyB1dTrY0NkEM948B6g5lBQPt8cxp9dWgzj78Ont7RxBygAcEwITAxMBwDAAn8yozKrALwCewCgAa8AnAGcA\/wEAAZcAAAAgAB4AABt6b29tc2pjY3YxNTRtbXIuc2pjLnpvb20udXMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAAAUABQEAAAAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACA4hYQMZ8eDjT1hA6NoNPOI0ed7ZtC8\/eHn4DwMJ5pePwAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458578318,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458578318,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458751640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642965458751640,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA082tAADEGuaCQw0mawKgBsgG7w5wp5A9TaKABaYAQAAsxRAAAAQEIClz6\/DkE2OIR"} -01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1642965458752945,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} -01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1642965458752990,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7","blocks":0}}} +01429{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1642965458752945,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1642965458752990,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","domainame":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.sjc.zoom.us","ja3s":"8aca82d60194883e764ab2743e60c380","ja4":"t13d141200_ad449869e501_b11171733d3d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7","blocks":0}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965459595620,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965459595620,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"} 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965459595620,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} @@ -43,7 +43,7 @@ 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":98,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965464235467,"flow_dst_last_pkt_time":1642965464220244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":6619,"flow_dst_tot_l4_payload_len":13719,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":66,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460403587,"flow_dst_last_pkt_time":1642965460412418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":2702,"flow_dst_tot_l4_payload_len":61420,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1642965500043016} +00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":342,"packets-processed":342,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":46,"global_ts_usec":1642965500043016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 342/342 ~~ skipped flows.............: 0 @@ -52,9 +52,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6935908 bytes -~~ total memory freed........: 6935908 bytes -~~ total allocations/frees...: 114525/114525 +~~ total memory allocated....: 7513504 bytes +~~ total memory freed........: 7513504 bytes +~~ total allocations/frees...: 126256/126256 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 549 chars ~~ json message max len.......: 2222 chars diff --git a/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out b/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out index 229f97416..a7966fee1 100644 --- a/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out +++ b/test/results/zoom_extra_dissection/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -16,10 +16,10 @@ 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892618882757,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633743872,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSEAAEARTXPAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633744357,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSIAAEARTXLAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842799,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM0AACoBQ7vO91fVwKgMnAMK8UwAAAAARQAASDkhAAAvEV5zwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.315078}} @@ -81,10 +81,10 @@ 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463041,"pkt":"CL6sCxduJjb1W8R1CABFAABInAUAAEARN2fAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463255,"pkt":"CL6sCxduJjb1W8R1CABFAABInAYAAEARN2bAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00993{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {}}} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560468,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1oAACoB1gbO9wr9wKgMnAMKpHQAAAAARQAASJwFAAAvEUhnwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.318754}} @@ -131,7 +131,7 @@ 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} +00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/zoom_extra_dissection\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":763,"packets-processed":763,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":3,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":134,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6958358 bytes -~~ total memory freed........: 6958358 bytes -~~ total allocations/frees...: 115034/115034 +~~ total memory allocated....: 7535954 bytes +~~ total memory freed........: 7535954 bytes +~~ total allocations/frees...: 126765/126765 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 589 chars ~~ json message max len.......: 2340 chars -- cgit v1.2.3